From ccea007282bb78b727f593ce6b59c0e01075fdf2 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 1 May 2020 05:02:03 +0000 Subject: [PATCH] DB: 2020-05-01 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 81 changes to exploits/shellcodes WordPress 2.9 - Denial of Service WordPress Core 2.9 - Denial of Service Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC) Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC) IBM AIX 4.3.1 - 'adb' Denial of Service Jzip - Buffer Overflow (PoC) (SEH Unicode) Jzip - Buffer Overflow (PoC) (SEH Unicode) WordPress 4.0 - Denial of Service WordPress < 4.0.1 - Denial of Service WordPress Core 4.0 - Denial of Service WordPress Core < 4.0.1 - Denial of Service Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite) Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite) Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service PHPFreeChat 1.7 - Denial of Service XenForo 2 - CSS Loader Denial of Service MikroTik 6.41.4 - FTP daemon Denial of Service (PoC) Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Virgin Media Hub 3.0 Router - Denial of Service (PoC) Intelbras IWR 3000N - Denial of Service (Remote Reboot) Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC) Windows PowerShell - Unsanitized Filename Command Execution Microsoft Windows PowerShell - Unsanitized Filename Command Execution QEMU - Denial of Service Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH) WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) FTPGetter Professional 5.97.0.223 - Denial of Service (PoC) Tautulli 2.1.9 - Denial of Service (Metasploit) Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Cisco IP Phone 11.7 - Denial of service (PoC) PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass IBM AIX 4.3.1 - 'adb' Denial of Service Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC) AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC) Wansview 1.0.2 - Denial of Service (PoC) StyleWriter 4 1.0 - Denial of Service (PoC) Any Sound Recorder 2.93 - Denial of Service (PoC) Snes9K 0.0.9z - Denial of Service (PoC) Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit) Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass Windows NTFS - Privileged File Access Enumeration Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit) Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit) Microsoft Windows NTFS - Privileged File Access Enumeration Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit) Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit) Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC) _GCafé 3.0 - 'gbClienService' Unquoted Service Path _GCafé 3.0 - 'gbClienService' Unquoted Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Wondershare Application Framework Service - _WsAppService_ Unquote Service Path Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit) Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit) Bash 5.0 Patch 11 - SUID Priv Drop Exploit Bash 5.0 Patch 11 - SUID Priv Drop Exploit Windows - Shell COM Server Registrar Local Privilege Escalation Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation Windows Kernel - Information Disclosure Microsoft Windows Kernel - Information Disclosure NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit) WordPress 5.0.0 - Crop-image Shell Upload (Metasploit) WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) Windows PowerShell ISE - Remote Code Execution Microsoft Windows PowerShell ISE - Remote Code Execution QEMU - Denial of Service Microtik SSH Daemon 6.44.3 - Denial of Service (PoC) WordPress 1.2 - HTTP Splitting WordPress Core 1.2 - HTTP Splitting WordPress 1.5.1.1 - SQL Injection WordPress Core 1.5.1.1 - SQL Injection WordPress 1.5.1.1 - 'add new admin' SQL Injection WordPress Core 1.5.1.1 - 'add new admin' SQL Injection WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection WordPress 1.5.1.3 - Remote Code Execution WordPress 1.5.1.3 - Remote Code Execution (Metasploit) WordPress Core 1.5.1.3 - Remote Code Execution WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit) WordPress 2.0.5 - Trackback UTF-7 SQL Injection WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection WordPress 2.0.6 - 'wp-trackback.php' SQL Injection WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection WordPress 2.1.2 - 'xmlrpc' SQL Injection WordPress Core 2.1.2 - 'xmlrpc' SQL Injection WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing WordPress 2.2 - 'xmlrpc.php' SQL Injection WordPress Core 2.2 - 'xmlrpc.php' SQL Injection WordPress 2.2 - 'wp-app.php' Arbitrary File Upload WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities WordPress 2.3.1 - Charset SQL Injection WordPress Core 2.3.1 - Charset SQL Injection Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection WordPress 2.6.1 - SQL Column Truncation WordPress Core 2.6.1 - SQL Column Truncation WordPress 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation) WordPress 2.8.1 - 'url' Cross-Site Scripting WordPress Core 2.8.1 - 'url' Cross-Site Scripting WordPress 2.8.3 - Remote Admin Reset Password WordPress Core 2.8.3 - Remote Admin Reset Password WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution WordPress 2.9 - Failure to Restrict URL Access WordPress Core 2.9 - Failure to Restrict URL Access Joomla! Component Joomla Flickr 1.0 - Local File Inclusion Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion WordPress 3.0.1 - 'do_trackbacks()' SQL Injection WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1) WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit) WordPress 3.1.3 - SQL Injection WordPress Core 3.1.3 - SQL Injection WordPress 3.3.1 - Multiple Vulnerabilities WordPress Core 3.3.1 - Multiple Vulnerabilities WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress 1.2 - 'edit.php?s' Cross-Site Scripting WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2 - 'wp-login.php' HTTP Response Splitting WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting WordPress 1.5 - 'post.php' Cross-Site Scripting WordPress Core 1.5 - 'post.php' Cross-Site Scripting WordPress 2.0 - Comment Post HTML Injection WordPress Core 2.0 - Comment Post HTML Injection WordPress 2.0.5 - 'functions.php' Remote File Inclusion WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion WordPress 1.x/2.0.x - 'template.php' HTML Injection WordPress Core 1.x/2.0.x - 'template.php' HTML Injection WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure WordPress 2.1.1 - 'post.php' Cross-Site Scripting WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting WordPress 2.1.1 - Arbitrary Command Execution WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress Core 2.1.1 - Arbitrary Command Execution WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting WordPress 2.2 - 'Request_URI' Cross-Site Scripting WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting WordPress 2.3.1 - Unauthorized Post Access WordPress Core 2.3.1 - Unauthorized Post Access WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting WordPress 2.3.3 - 'cat' Directory Traversal WordPress Core 2.3.3 - 'cat' Directory Traversal WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 4.2 - Persistent Cross-Site Scripting WordPress Core 4.2 - Persistent Cross-Site Scripting WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities WordPress 3.4.2 - Cross-Site Request Forgery WordPress Core 3.4.2 - Cross-Site Request Forgery Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery WordPress 4.5.3 - Directory Traversal / Denial of Service WordPress Core 4.5.3 - Directory Traversal / Denial of Service PHPFreeChat 1.7 - Denial of Service WordPress 4.7.0/4.7.1 - Content Injection (Python) WordPress 4.7.0/4.7.1 - Content Injection (Ruby) WordPress Core 4.7.0/4.7.1 - Content Injection (Python) WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby) WordPress < 4.7.1 - Username Enumeration WordPress Core < 4.7.1 - Username Enumeration WordPress Multiple Plugins - Arbitrary File Upload Multiple WordPress Plugins - Arbitrary File Upload Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection WordPress 4.6 - Remote Code Execution WordPress < 4.7.4 - Unauthorized Password Reset WordPress Core 4.6 - Remote Code Execution WordPress Core < 4.7.4 - Unauthorized Password Reset XenForo 2 - CSS Loader Denial of Service Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion WordPress Plugin Site Editor 1.1.1 - Local File Inclusion Joomla Component Fields - SQLi Remote Code Execution (Metasploit) Joomla! Component Fields - SQLi Remote Code Execution (Metasploit) Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection) MikroTik 6.41.4 - FTP daemon Denial of Service PoC Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Joomla Component Ek Rishta 2.10 - SQL Injection Joomla! Component Ek Rishta 2.10 - SQL Injection Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection WordPress Plugin Ninja Forms 3.3.13 - CSV Injection Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection Virgin Media Hub 3.0 Router - Denial of Service (PoC) Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting WordPress CherryFramework Themes 3.1.4 - Backup File Download WordPress Theme CherryFramework 3.1.4 - Backup File Download WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Jenkins 2.150.2 - Remote Command Execution (Metasploit) Jenkins 2.150.2 - Remote Command Execution (Metasploit) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Simple Online Hotel Reservation System - SQL Injection Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) phpBB 3.2.3 - Remote Code Execution phpBB 3.2.3 - Remote Code Execution 60CycleCMS - 'news.php' SQL Injection 60CycleCMS - 'news.php' SQL Injection Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion Intelbras IWR 3000N - Denial of Service (Remote Reboot) Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Centreon 19.04 - Remote Code Execution Centreon 19.04 - Remote Code Execution WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection WordPress 5.2.3 - Cross-Site Host Modification WordPress Core 5.2.3 - Cross-Site Host Modification Joomla 3.4.6 - 'configuration.php' Remote Code Execution Joomla! 3.4.6 - 'configuration.php' Remote Code Execution WordPress Arforms 3.7.1 - Directory Traversal WordPress Plugin Arforms 3.7.1 - Directory Traversal WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Restaurant Management System 1.0 - Remote Code Execution Joomla 3.9.13 - 'Host' Header Injection Joomla! 3.9.13 - 'Host' Header Injection Bematech Printer MP-4200 - Denial of Service Cisco WLC 2504 8.9 - Denial of Service (PoC) NopCommerce 4.2.0 - Privilege Escalation NopCommerce 4.2.0 - Privilege Escalation WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal ( Metasploit ) Online Book Store 1.0 - 'bookisbn' SQL Injection Huawei HG255 - Directory Traversal (Metasploit) Tautulli 2.1.9 - Denial of Service ( Metasploit ) Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting WordPress InfiniteWP - Client Authentication Bypass (Metasploit) WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit) Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting Cacti 1.2.8 - Authenticated Remote Code Execution Cacti 1.2.8 - Authenticated Remote Code Execution Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User) Wordpress Plugin Search Meter 2.13.2 - CSV injection WordPress Plugin Search Meter 2.13.2 - CSV injection Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting TP-Link Archer C50 3 - Denial of Service (PoC) Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC) Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Cisco IP Phone 11.7 - Denial of service (PoC) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) Linux/x86 - Rabbit Encoder Shellcode (200 bytes) --- exploits/aix/{local => dos}/19418.txt | 0 exploits/cgi/{webapps => dos}/38882.txt | 0 exploits/hardware/{webapps => dos}/45035.txt | 0 exploits/hardware/{webapps => dos}/45776.py | 0 exploits/hardware/{webapps => dos}/46768.sh | 0 exploits/hardware/{webapps => dos}/47648.txt | 0 exploits/hardware/{webapps => dos}/47744.txt | 0 exploits/hardware/{remote => dos}/48228.txt | 0 exploits/hardware/{webapps => dos}/48255.py | 0 exploits/hardware/{webapps => dos}/48304.py | 0 exploits/hardware/{webapps => dos}/48342.txt | 0 exploits/linux/{webapps => dos}/44450.txt | 0 exploits/linux/{remote => dos}/47320.c | 0 exploits/multiple/{webapps => dos}/47929.rb | 0 exploits/php/{webapps => dos}/43852.php | 0 exploits/php/{webapps => dos}/44336.py | 0 exploits/php/{webapps => dos}/46921.sh | 0 exploits/php/{webapps => dos}/47800.py | 0 exploits/windows/{local => dos}/44474.txt | 0 exploits/windows/{local => dos}/44475.txt | 0 exploits/windows/{local => dos}/45137.py | 0 exploits/windows/{local => dos}/47454.md | 0 .../windows/{remote => webapps}/21605.txt | 0 .../windows_x86-64/{local => dos}/45194.py | 0 exploits/windows_x86/{local => dos}/45250.py | 0 exploits/windows_x86/{local => dos}/45356.py | 0 exploits/windows_x86/{local => dos}/45504.py | 0 files_exploits.csv | 408 +++++++++--------- files_shellcodes.csv | 4 +- 29 files changed, 206 insertions(+), 206 deletions(-) rename exploits/aix/{local => dos}/19418.txt (100%) rename exploits/cgi/{webapps => dos}/38882.txt (100%) rename exploits/hardware/{webapps => dos}/45035.txt (100%) rename exploits/hardware/{webapps => dos}/45776.py (100%) rename exploits/hardware/{webapps => dos}/46768.sh (100%) rename exploits/hardware/{webapps => dos}/47648.txt (100%) rename exploits/hardware/{webapps => dos}/47744.txt (100%) rename exploits/hardware/{remote => dos}/48228.txt (100%) rename exploits/hardware/{webapps => dos}/48255.py (100%) rename exploits/hardware/{webapps => dos}/48304.py (100%) rename exploits/hardware/{webapps => dos}/48342.txt (100%) rename exploits/linux/{webapps => dos}/44450.txt (100%) rename exploits/linux/{remote => dos}/47320.c (100%) rename exploits/multiple/{webapps => dos}/47929.rb (100%) rename exploits/php/{webapps => dos}/43852.php (100%) rename exploits/php/{webapps => dos}/44336.py (100%) rename exploits/php/{webapps => dos}/46921.sh (100%) rename exploits/php/{webapps => dos}/47800.py (100%) rename exploits/windows/{local => dos}/44474.txt (100%) rename exploits/windows/{local => dos}/44475.txt (100%) rename exploits/windows/{local => dos}/45137.py (100%) rename exploits/windows/{local => dos}/47454.md (100%) rename exploits/windows/{remote => webapps}/21605.txt (100%) rename exploits/windows_x86-64/{local => dos}/45194.py (100%) rename exploits/windows_x86/{local => dos}/45250.py (100%) rename exploits/windows_x86/{local => dos}/45356.py (100%) rename exploits/windows_x86/{local => dos}/45504.py (100%) diff --git a/exploits/aix/local/19418.txt b/exploits/aix/dos/19418.txt similarity index 100% rename from exploits/aix/local/19418.txt rename to exploits/aix/dos/19418.txt diff --git a/exploits/cgi/webapps/38882.txt b/exploits/cgi/dos/38882.txt similarity index 100% rename from exploits/cgi/webapps/38882.txt rename to exploits/cgi/dos/38882.txt diff --git a/exploits/hardware/webapps/45035.txt b/exploits/hardware/dos/45035.txt similarity index 100% rename from exploits/hardware/webapps/45035.txt rename to exploits/hardware/dos/45035.txt diff --git a/exploits/hardware/webapps/45776.py b/exploits/hardware/dos/45776.py similarity index 100% rename from exploits/hardware/webapps/45776.py rename to exploits/hardware/dos/45776.py diff --git a/exploits/hardware/webapps/46768.sh b/exploits/hardware/dos/46768.sh similarity index 100% rename from exploits/hardware/webapps/46768.sh rename to exploits/hardware/dos/46768.sh diff --git a/exploits/hardware/webapps/47648.txt b/exploits/hardware/dos/47648.txt similarity index 100% rename from exploits/hardware/webapps/47648.txt rename to exploits/hardware/dos/47648.txt diff --git a/exploits/hardware/webapps/47744.txt b/exploits/hardware/dos/47744.txt similarity index 100% rename from exploits/hardware/webapps/47744.txt rename to exploits/hardware/dos/47744.txt diff --git a/exploits/hardware/remote/48228.txt b/exploits/hardware/dos/48228.txt similarity index 100% rename from exploits/hardware/remote/48228.txt rename to exploits/hardware/dos/48228.txt diff --git a/exploits/hardware/webapps/48255.py b/exploits/hardware/dos/48255.py similarity index 100% rename from exploits/hardware/webapps/48255.py rename to exploits/hardware/dos/48255.py diff --git a/exploits/hardware/webapps/48304.py b/exploits/hardware/dos/48304.py similarity index 100% rename from exploits/hardware/webapps/48304.py rename to exploits/hardware/dos/48304.py diff --git a/exploits/hardware/webapps/48342.txt b/exploits/hardware/dos/48342.txt similarity index 100% rename from exploits/hardware/webapps/48342.txt rename to exploits/hardware/dos/48342.txt diff --git a/exploits/linux/webapps/44450.txt b/exploits/linux/dos/44450.txt similarity index 100% rename from exploits/linux/webapps/44450.txt rename to exploits/linux/dos/44450.txt diff --git a/exploits/linux/remote/47320.c b/exploits/linux/dos/47320.c similarity index 100% rename from exploits/linux/remote/47320.c rename to exploits/linux/dos/47320.c diff --git a/exploits/multiple/webapps/47929.rb b/exploits/multiple/dos/47929.rb similarity index 100% rename from exploits/multiple/webapps/47929.rb rename to exploits/multiple/dos/47929.rb diff --git a/exploits/php/webapps/43852.php b/exploits/php/dos/43852.php similarity index 100% rename from exploits/php/webapps/43852.php rename to exploits/php/dos/43852.php diff --git a/exploits/php/webapps/44336.py b/exploits/php/dos/44336.py similarity index 100% rename from exploits/php/webapps/44336.py rename to exploits/php/dos/44336.py diff --git a/exploits/php/webapps/46921.sh b/exploits/php/dos/46921.sh similarity index 100% rename from exploits/php/webapps/46921.sh rename to exploits/php/dos/46921.sh diff --git a/exploits/php/webapps/47800.py b/exploits/php/dos/47800.py similarity index 100% rename from exploits/php/webapps/47800.py rename to exploits/php/dos/47800.py diff --git a/exploits/windows/local/44474.txt b/exploits/windows/dos/44474.txt similarity index 100% rename from exploits/windows/local/44474.txt rename to exploits/windows/dos/44474.txt diff --git a/exploits/windows/local/44475.txt b/exploits/windows/dos/44475.txt similarity index 100% rename from exploits/windows/local/44475.txt rename to exploits/windows/dos/44475.txt diff --git a/exploits/windows/local/45137.py b/exploits/windows/dos/45137.py similarity index 100% rename from exploits/windows/local/45137.py rename to exploits/windows/dos/45137.py diff --git a/exploits/windows/local/47454.md b/exploits/windows/dos/47454.md similarity index 100% rename from exploits/windows/local/47454.md rename to exploits/windows/dos/47454.md diff --git a/exploits/windows/remote/21605.txt b/exploits/windows/webapps/21605.txt similarity index 100% rename from exploits/windows/remote/21605.txt rename to exploits/windows/webapps/21605.txt diff --git a/exploits/windows_x86-64/local/45194.py b/exploits/windows_x86-64/dos/45194.py similarity index 100% rename from exploits/windows_x86-64/local/45194.py rename to exploits/windows_x86-64/dos/45194.py diff --git a/exploits/windows_x86/local/45250.py b/exploits/windows_x86/dos/45250.py similarity index 100% rename from exploits/windows_x86/local/45250.py rename to exploits/windows_x86/dos/45250.py diff --git a/exploits/windows_x86/local/45356.py b/exploits/windows_x86/dos/45356.py similarity index 100% rename from exploits/windows_x86/local/45356.py rename to exploits/windows_x86/dos/45356.py diff --git a/exploits/windows_x86/local/45504.py b/exploits/windows_x86/dos/45504.py similarity index 100% rename from exploits/windows_x86/local/45504.py rename to exploits/windows_x86/dos/45504.py diff --git a/files_exploits.csv b/files_exploits.csv index 2514add7b..3ec66afac 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -1307,7 +1307,7 @@ id,file,description,date,author,type,platform,port 10650,exploits/windows/dos/10650.pl,"jetAudio 8.0.0.0 - '.asx' Basic Local Crash (PoC)",2009-12-25,"D3V!L FUCKER",dos,windows, 10651,exploits/windows/dos/10651.pl,"JetAudio Basic 7.5.5.25 - '.asx' Buffer Overflow (PoC)",2009-12-25,"D3V!L FUCKER",dos,windows, 10820,exploits/php/dos/10820.sh,"Joomla! Component Core 1.5.x com_ - Denial of Service",2009-12-31,emgent,dos,php,80 -10825,exploits/php/dos/10825.sh,"WordPress 2.9 - Denial of Service",2009-12-31,emgent,dos,php,80 +10825,exploits/php/dos/10825.sh,"WordPress Core 2.9 - Denial of Service",2009-12-31,emgent,dos,php,80 10826,exploits/php/dos/10826.sh,"Drupal 5.21/6.16 - Denial of Service",2009-12-31,emgent,dos,php,80 10829,exploits/php/dos/10829.pl,"vBulletin - Denial of Service",2009-12-30,R3d-D3V!L,dos,php, 10840,exploits/windows/dos/10840.pl,"VideoLAN VLC Media Player 1.0.3 - '.asx' Denial of Service (PoC)",2009-12-31,"D3V!L FUCKER",dos,windows, @@ -2270,7 +2270,7 @@ id,file,description,date,author,type,platform,port 19308,exploits/linux/dos/19308.c,"Linux Kernel 2.0/2.0.33 - i_count Overflow (PoC)",1998-01-14,"Aleph One",dos,linux, 19410,exploits/windows/dos/19410.py,"Qbik WinGate 3.0/Pro 4.0.1/Standard 4.0.1 - Buffer Overflow (Denial of Service) (PoC)",1999-02-22,Prizm,dos,windows, 19326,exploits/solaris/dos/19326.txt,"Sun Solaris 7.0 - 'procfs' Denial of Service",1999-03-09,"Toomas Soome",dos,solaris, -19328,exploits/windows/dos/19328.txt,"Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)",2012-06-22,"Debasish Mandal",dos,windows, +19328,exploits/windows/dos/19328.txt,"Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)",2012-06-22,"Debasish Mandal",dos,windows, 19331,exploits/windows/dos/19331.txt,"ACDSee PRO 5.1 - '.RLE' Image Processing Heap Overflow",2012-06-22,"Francis Provencher",dos,windows, 19332,exploits/windows/dos/19332.txt,"ACDSee PRO 5.1 - '.PCT' Image Processing Heap Overflow",2012-06-22,"Francis Provencher",dos,windows, 19333,exploits/windows/dos/19333.txt,"ACDSee PRO 5.1 - '.gif' Image Processing Heap Overflow",2012-06-22,"Francis Provencher",dos,windows, @@ -2294,6 +2294,7 @@ id,file,description,date,author,type,platform,port 19414,exploits/windows/dos/19414.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)",1999-07-03,klepto,dos,windows, 19415,exploits/windows/dos/19415.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)",1999-04-06,"Rob Mosher",dos,windows, 19416,exploits/windows/dos/19416.c,"Netscape Enterprise Server 3.6 - SSL Buffer Overflow (Denial of Service) (PoC)",1999-07-06,"Arne Vidstrom",dos,windows, +19418,exploits/aix/dos/19418.txt,"IBM AIX 4.3.1 - 'adb' Denial of Service",1999-07-12,"GZ Apple",dos,aix, 19423,exploits/bsd/dos/19423.c,"BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service",1999-07-15,"Mike Perry",dos,bsd, 19436,exploits/hardware/dos/19436.txt,"Check Point Software Firewall-1 3.0/1 4.0 - Table Saturation Denial of Service",1999-07-29,"Lance Spitzner",dos,hardware, 19441,exploits/hardware/dos/19441.c,"Network Associates Gauntlet Firewall 5.0 - Denial of Service",1999-07-30,"Mike Frantzen",dos,hardware, @@ -4151,7 +4152,7 @@ id,file,description,date,author,type,platform,port 32860,exploits/java/dos/32860.txt,"Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service",2009-03-31,"SCS team",dos,java, 32865,exploits/multiple/dos/32865.py,"WhatsApp < 2.11.7 - Remote Crash",2014-04-14,"Jaime Sánchez",dos,multiple, 32881,exploits/windows/dos/32881.py,"QtWeb Browser 2.0 - '.HTML' File Remote Denial of Service",2009-04-01,LiquidWorm,dos,windows, -32899,exploits/windows/dos/32899.py,"Jzip - Buffer Overflow (PoC) (SEH Unicode)",2014-04-16,"motaz reda",dos,windows, +32899,exploits/windows/dos/32899.py,"Jzip - Buffer Overflow (PoC) (SEH Unicode)",2014-04-16,"motaz reda",dos,windows, 32902,exploits/windows/dos/32902.py,"Microsoft Internet Explorer 8 - File Download Denial of Service",2009-04-11,"Nam Nguyen",dos,windows, 32926,exploits/linux/dos/32926.c,"Linux Kernel - 'group_info' refcounter Overflow Memory Corruption",2014-04-18,"Thomas Pollet",dos,linux, 32939,exploits/windows/dos/32939.txt,"Trend Micro OfficeScan 8.0 Client - Denial of Service",2009-04-21,"Juan Pablo Lopez Yacubian",dos,windows, @@ -4426,8 +4427,8 @@ id,file,description,date,author,type,platform,port 35382,exploits/android/dos/35382.txt,"Android WAPPushManager - SQL Injection",2014-11-26,"Baidu X-Team",dos,android, 35403,exploits/linux/dos/35403.c,"Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service",2011-03-02,"Nelson Elhage",dos,linux, 35404,exploits/linux/dos/35404.c,"Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local Denial of Service",2011-03-02,"Nelson Elhage",dos,linux, -35413,exploits/php/dos/35413.php,"WordPress 4.0 - Denial of Service",2014-12-01,SECURELI.com,dos,php,80 -35414,exploits/php/dos/35414.txt,"WordPress < 4.0.1 - Denial of Service",2014-12-01,"Javer Nieto & Andres Rojas",dos,php,80 +35413,exploits/php/dos/35413.php,"WordPress Core 4.0 - Denial of Service",2014-12-01,SECURELI.com,dos,php,80 +35414,exploits/php/dos/35414.txt,"WordPress Core < 4.0.1 - Denial of Service",2014-12-01,"Javer Nieto & Andres Rojas",dos,php,80 35415,exploits/php/dos/35415.txt,"Drupal < 7.34 - Denial of Service",2014-12-01,"Javer Nieto & Andres Rojas",dos,php,80 35432,exploits/linux/dos/35432.txt,"Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial of Service",2011-03-01,"Buildbot Builder",dos,linux, 35437,exploits/multiple/dos/35437.pl,"Air Contacts Lite - HTTP Packet Denial of Service",2011-02-09,"Rodrigo Escobar",dos,multiple, @@ -4442,8 +4443,8 @@ id,file,description,date,author,type,platform,port 35489,exploits/multiple/dos/35489.pl,"Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service",2011-03-23,"Vladimir Perepelitsa",dos,multiple, 35502,exploits/windows/dos/35502.pl,"eXPert PDF Batch Creator 7.0.880.0 - Denial of Service",2011-03-27,KedAns-Dz,dos,windows, 35507,exploits/windows/dos/35507.pl,"DivX Player 7 - Multiple Remote Buffer Overflow Vulnerabilities",2011-03-27,KedAns-Dz,dos,windows, -35530,exploits/windows/dos/35530.py,"Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)",2014-12-15,s-dz,dos,windows, -35531,exploits/windows/dos/35531.py,"Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)",2014-12-15,s-dz,dos,windows, +35530,exploits/windows/dos/35530.py,"Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)",2014-12-15,s-dz,dos,windows, +35531,exploits/windows/dos/35531.py,"Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)",2014-12-15,s-dz,dos,windows, 35532,exploits/windows/dos/35532.py,"jaangle 0.98i.977 - Denial of Service",2014-12-15,s-dz,dos,windows, 35539,exploits/php/dos/35539.txt,"phpMyAdmin 4.0.x/4.1.x/4.2.x - Denial of Service",2014-12-15,"Javer Nieto & Andres Rojas",dos,php, 35552,exploits/windows/dos/35552.py,"MoviePlay 4.82 - '.avi' Buffer Overflow",2011-03-31,^Xecuti0N3r,dos,windows, @@ -4862,6 +4863,7 @@ id,file,description,date,author,type,platform,port 38857,exploits/linux/dos/38857.md,"Gnome Nautilus 3.16 - Denial of Service",2015-12-03,"Panagiotis Vagenas",dos,linux, 38858,exploits/windows/dos/38858.txt,"Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)",2015-12-03,"Francis Provencher",dos,windows, 38878,exploits/windows/dos/38878.txt,"WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)",2015-12-06,Un_N0n,dos,windows, +38882,exploits/cgi/dos/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",dos,cgi, 38909,exploits/linux/dos/38909.txt,"DenyHosts - 'regex.py' Remote Denial of Service",2013-12-19,"Helmut Grohne",dos,linux, 38916,exploits/windows/dos/38916.html,"Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR",2015-12-09,"Marcin Ressel",dos,windows, 38917,exploits/osx/dos/38917.txt,"Apple Mac OSX 10.11 - FTS Deep Structure of the FileSystem Buffer Overflow",2015-12-09,"Maksymilian Arciemowicz",dos,osx, @@ -5261,6 +5263,7 @@ id,file,description,date,author,type,platform,port 45335,exploits/windows_x86-64/dos/45335.txt,"Microsoft People 10.1807.2131.0 - Denial of service (PoC)",2018-09-05,L0RD,dos,windows_x86-64, 43780,exploits/macos/dos/43780.c,"macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in 'AppleIntelCapriController::getDisplayPipeCapability'",2018-01-19,"Google Security Research",dos,macos, 43826,exploits/windows/dos/43826.txt,"Peercast < 0.1211 - Format String",2015-05-28,"GulfTech Security",dos,windows, +43852,exploits/php/dos/43852.php,"PHPFreeChat 1.7 - Denial of Service",2018-01-21,"A. Pakbaz",dos,php, 43854,exploits/windows/dos/43854.py,"MixPad 5.00 - Buffer Overflow",2018-01-23,bzyo,dos,windows, 43856,exploits/hardware/dos/43856.py,"RAVPower 2.000.056 - Memory Disclosure",2018-01-23,"Daniele Linguaglossa",dos,hardware, 43891,exploits/hardware/dos/43891.txt,"Lorex LH300 Series - ActiveX Buffer Overflow (PoC)",2015-01-18,"Pedro Ribeiro",dos,hardware, @@ -5921,6 +5924,7 @@ id,file,description,date,author,type,platform,port 44327,exploits/android/dos/44327.py,"Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read",2018-03-23,QuarksLab,dos,android, 44332,exploits/linux/dos/44332.py,"Dell EMC NetWorker - Denial of Service",2018-03-23,"Marek Cybul",dos,linux, 44333,exploits/windows/dos/44333.py,"WM Recorder 16.8.1 - Denial of Service",2018-03-23,bzyo,dos,windows, +44336,exploits/php/dos/44336.py,"XenForo 2 - CSS Loader Denial of Service",2018-03-23,LockedByte,dos,php, 44338,exploits/windows/dos/44338.py,"Easy Avi Divx Xvid to DVD Burner 2.9.11 - '.avi' Denial of Service",2018-03-23,"Hashim Jawad",dos,windows, 44372,exploits/windows/dos/44372.py,"SysGauge 4.5.18 - Local Denial of Service",2018-03-30,"Hashim Jawad",dos,windows, 44375,exploits/xml/dos/44375.py,"Systematic SitAware - NVG Denial of Service",2018-03-30,2u53,dos,xml, @@ -5933,6 +5937,7 @@ id,file,description,date,author,type,platform,port 44427,exploits/multiple/dos/44427.txt,"WebKit - WebAssembly Parsing Does not Correctly Check Section Order",2018-04-09,"Google Security Research",dos,multiple, 44428,exploits/linux/dos/44428.txt,"CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure",2018-04-09,"RedTeam Pentesting",dos,linux, 44442,exploits/multiple/dos/44442.js,"Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion",2018-04-10,"Google Security Research",dos,multiple, +44450,exploits/linux/dos/44450.txt,"MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)",2018-04-13,FarazPajohan,dos,linux, 44451,exploits/hardware/dos/44451.py,"Cisco Smart Install - Crash (PoC)",2018-03-29,embedi,dos,hardware, 44456,exploits/hardware/dos/44456.py,"Barco ClickShare CSE-200 - Remote Denial of Service",2018-04-16,"Florian Hauser",dos,hardware,7100 44458,exploits/windows/dos/44458.cpp,"Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure",2018-04-16,"Google Security Research",dos,windows, @@ -5946,6 +5951,8 @@ id,file,description,date,author,type,platform,port 44466,exploits/windows/dos/44466.txt,"Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix",2018-04-16,"Google Security Research",dos,windows, 44467,exploits/windows/dos/44467.txt,"Microsoft Edge - 'OpenProcess()' ACG Bypass",2018-04-16,"Google Security Research",dos,windows, 44468,exploits/windows/dos/44468.py,"Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)",2018-04-16,"Kevin McGuigan",dos,windows, +44474,exploits/windows/dos/44474.txt,"Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service",2018-04-17,"Sahil Tikoo",dos,windows, +44475,exploits/windows/dos/44475.txt,"Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service",2018-04-17,"Sahil Tikoo",dos,windows, 44490,exploits/linux/dos/44490.txt,"PDFunite 0.41.0 - '.pdf' Local Buffer Overflow",2018-04-18,Hamm3r.py,dos,linux, 44491,exploits/multiple/dos/44491.txt,"RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow",2018-04-18,Hamm3r.py,dos,multiple, 44494,exploits/windows/dos/44494.py,"VX Search 10.6.18 - 'directory' Local Buffer Overflow",2018-04-18,"Kevin McGuigan",dos,windows, @@ -6024,6 +6031,7 @@ id,file,description,date,author,type,platform,port 45017,exploits/windows/dos/45017.html,"G DATA Total Security 25.4.0.3 - Activex Buffer Overflow",2018-07-13,"Filipe Xavier Oliveira",dos,windows, 45032,exploits/multiple/dos/45032.txt,"macOS/iOS - JavaScript Injection Bug in OfficeImporter",2018-07-16,"Google Security Research",dos,multiple, 45033,exploits/linux/dos/45033.c,"Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass",2018-07-16,"Google Security Research",dos,linux, +45035,exploits/hardware/dos/45035.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service",2018-07-17,LiquidWorm,dos,hardware, 45059,exploits/multiple/dos/45059.txt,"Google Chrome - Swiftshader Texture Allocation Integer Overflow",2018-07-19,"Google Security Research",dos,multiple, 45060,exploits/multiple/dos/45060.html,"Google Chrome - Swiftshader Blitting Floating-Point Precision Errors",2018-07-19,"Google Security Research",dos,multiple, 45061,exploits/multiple/dos/45061.html,"Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak",2018-07-19,"Google Security Research",dos,multiple, @@ -6039,6 +6047,7 @@ id,file,description,date,author,type,platform,port 45104,exploits/windows/dos/45104.c,"Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service (PoC)",2018-07-30,vportal,dos,windows, 45110,exploits/windows/dos/45110.py,"ipPulse 1.92 - 'Licence Key' Denial of Service (PoC)",2018-07-31,"Shubham Singh",dos,windows, 45112,exploits/windows/dos/45112.py,"Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service (PoC)",2018-07-31,"Luis Martínez",dos,windows, +45137,exploits/windows/dos/45137.py,"AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)",2018-08-02,"Luis Martínez",dos,windows, 45121,exploits/multiple/dos/45121.txt,"WebRTC - VP8 Block Decoding Use-After-Free",2018-08-01,"Google Security Research",dos,multiple, 45122,exploits/multiple/dos/45122.txt,"WebRTC - FEC Processing Overflow",2018-08-01,"Google Security Research",dos,multiple, 45123,exploits/multiple/dos/45123.txt,"WebRTC - H264 NAL Packet Processing Type Confusion",2018-08-01,"Google Security Research",dos,multiple, @@ -6049,6 +6058,7 @@ id,file,description,date,author,type,platform,port 45186,exploits/windows/dos/45186.py,"Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)",2018-08-13,"Javier Enrique Rodriguez Gutierrez",dos,windows, 45187,exploits/hardware/dos/45187.py,"PLC Wireless Router GPN2.4P21-C-CN - Denial of Service",2018-08-13,"Chris Rose",dos,hardware, 45191,exploits/windows_x86/dos/45191.py,"Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)",2018-08-13,"Shubham Singh",dos,windows_x86, +45194,exploits/windows_x86-64/dos/45194.py,"Wansview 1.0.2 - Denial of Service (PoC)",2018-08-14,"Gionathan Reale",dos,windows_x86-64, 45199,exploits/hardware/dos/45199.txt,"JioFi 4G M2S 1.0.2 - Denial of Service (PoC)",2018-08-15,"Vikas Chaudhary",dos,hardware, 45203,exploits/hardware/dos/45203.txt,"TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)",2018-08-16,"Aniket Dinda",dos,hardware,80 45204,exploits/windows_x86-64/dos/45204.py,"ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)",2018-08-16,"Gionathan Reale",dos,windows_x86-64, @@ -6070,6 +6080,7 @@ id,file,description,date,author,type,platform,port 45245,exploits/windows_x86/dos/45245.py,"Softdisk 3.0.3 - Denial Of Service (PoC)",2018-08-22,"Gionathan Reale",dos,windows_x86, 45246,exploits/windows_x86-64/dos/45246.py,"CuteFTP 8.3.1 - Denial of Service (PoC)",2018-08-23,"Ali Alipour",dos,windows_x86-64, 45249,exploits/linux/dos/45249.txt,"Epiphany Web Browser 3.28.1 - Denial of Service (PoC)",2018-08-23,"Dhiraj Mishra",dos,linux, +45250,exploits/windows_x86/dos/45250.py,"StyleWriter 4 1.0 - Denial of Service (PoC)",2018-08-23,"Gionathan Reale",dos,windows_x86, 45251,exploits/windows_x86-64/dos/45251.py,"SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)",2018-08-24,"Luis Martínez",dos,windows_x86-64, 45257,exploits/windows_x86-64/dos/45257.txt,"Firefox 55.0.3 - Denial of Service (PoC)",2018-08-27,L0RD,dos,windows_x86-64, 45261,exploits/ios/dos/45261.py,"Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)",2018-08-27,"Luis Martínez",dos,ios, @@ -6098,6 +6109,7 @@ id,file,description,date,author,type,platform,port 45320,exploits/windows/dos/45320.py,"Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)",2018-09-03,Ghaaf,dos,windows, 45321,exploits/ios/dos/45321.py,"Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)",2018-09-03,"Luis Martínez",dos,ios, 45324,exploits/windows/dos/45324.py,"Wikipedia 12.0 - Denial of Service (PoC)",2018-09-03,0xB9,dos,windows, +45356,exploits/windows_x86/dos/45356.py,"Any Sound Recorder 2.93 - Denial of Service (PoC)",2018-09-10,T3jv1l,dos,windows_x86, 45357,exploits/windows_x86/dos/45357.txt,"Zenmap (Nmap) 7.70 - Denial of Service (PoC)",2018-09-10,"Gionathan Reale",dos,windows_x86, 45380,exploits/windows_x86/dos/45380.py,"jiNa OCR Image to Text 1.0 - Denial of Service (PoC)",2018-09-12,"Gionathan Reale",dos,windows_x86, 45376,exploits/windows_x86/dos/45376.py,"HTML5 Video Player 1.2.5 - Denial of Service (PoC)",2018-09-11,T3jv1l,dos,windows_x86, @@ -6140,6 +6152,7 @@ id,file,description,date,author,type,platform,port 45489,exploits/multiple/dos/45489.html,"WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free",2018-09-25,"Google Security Research",dos,multiple, 45493,exploits/windows_x86/dos/45493.py,"TransMac 12.2 - Denial of Service (PoC)",2018-09-26,"Gionathan Reale",dos,windows_x86, 45494,exploits/windows_x86/dos/45494.py,"CrossFont 7.5 - Denial of Service (PoC)",2018-09-26,"Gionathan Reale",dos,windows_x86, +45504,exploits/windows_x86/dos/45504.py,"Snes9K 0.0.9z - Denial of Service (PoC)",2018-10-01,crash_manucoot,dos,windows_x86, 45527,exploits/windows_x86/dos/45527.py,"FTP Voyager 16.2.0 - Denial of Service (PoC)",2018-10-03,"Abdullah Alıç",dos,windows_x86, 45624,exploits/windows/dos/45624.txt,"Microsoft Windows - 'FSCTL_FIND_FILES_BY_SID' Information Disclosure",2018-10-16,"Google Security Research",dos,windows, 45544,exploits/linux/dos/45544.sh,"net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)",2018-10-08,"Magnus Klaaborg Stubman",dos,linux, @@ -6178,6 +6191,7 @@ id,file,description,date,author,type,platform,port 45770,exploits/windows_x86-64/dos/45770.py,"CdCatalog 2.3.1 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64, 46485,exploits/windows/dos/46485.html,"Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion",2019-03-04,"Fahad Aid Alharbi",dos,windows, 45772,exploits/windows_x86-64/dos/45772.py,"Zint Barcode Generator 2.6 - Denial of Service (PoC)",2018-11-02,"Ihsan Sencan",dos,windows_x86-64, +45776,exploits/hardware/dos/45776.py,"Virgin Media Hub 3.0 Router - Denial of Service (PoC)",2018-11-05,"Ross Inman",dos,hardware, 45781,exploits/windows_x86-64/dos/45781.py,"Softros LAN Messenger 9.2 - Denial of Service (PoC)",2018-11-05,"Victor Mondragón",dos,windows_x86-64, 45786,exploits/ios/dos/45786.txt,"FaceTime - RTP Video Processing Heap Corruption",2018-11-06,"Google Security Research",dos,ios, 45787,exploits/macos/dos/45787.txt,"FaceTime - 'readSPSandGetDecoderParams' Stack Corruption",2018-11-06,"Google Security Research",dos,macos, @@ -6405,6 +6419,7 @@ id,file,description,date,author,type,platform,port 46757,exploits/windows/dos/46757.py,"NSauditor 3.1.2.0 - 'Community' Denial of Service (PoC)",2019-04-26,"Victor Mondragón",dos,windows, 46758,exploits/windows/dos/46758.py,"NSauditor 3.1.2.0 - 'Name' Denial of Service (PoC)",2019-04-26,"Victor Mondragón",dos,windows, 46760,exploits/linux/dos/46760.txt,"systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process",2019-04-26,"Google Security Research",dos,linux, +46768,exploits/hardware/dos/46768.sh,"Intelbras IWR 3000N - Denial of Service (Remote Reboot)",2019-04-30,"Social Engineering Neo",dos,hardware, 46778,exploits/windows/dos/46778.py,"SpotAuditor 5.2.6 - 'Name' Denial of Service (PoC)",2019-04-30,"Victor Mondragón",dos,windows, 46781,exploits/linux/dos/46781.txt,"Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification",2019-04-30,"Google Security Research",dos,linux, 46793,exploits/windows/dos/46793.txt,"SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service",2019-05-03,"Dino Barlattani",dos,windows, @@ -6461,6 +6476,7 @@ id,file,description,date,author,type,platform,port 46909,exploits/windows/dos/46909.py,"NetAware 1.20 - 'Share Name' Denial of Service (PoC)",2019-05-23,"Alejandra Sánchez",dos,windows, 46911,exploits/windows/dos/46911.py,"Terminal Services Manager 3.2.1 - Denial of Service",2019-05-23,"Alejandra Sánchez",dos,windows, 46913,exploits/ios/dos/46913.txt,"Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free",2019-05-23,"Google Security Research",dos,ios, +46921,exploits/php/dos/46921.sh,"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)",2019-05-24,"Todor Donev",dos,php, 46923,exploits/windows/dos/46923.py,"Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows, 46924,exploits/windows/dos/46924.py,"Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows, 46925,exploits/windows/dos/46925.py,"Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)",2019-05-24,"Victor Mondragón",dos,windows, @@ -6526,7 +6542,7 @@ id,file,description,date,author,type,platform,port 47233,exploits/vxworks/dos/47233.py,"VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow",2019-08-12,"Zhou Yu",dos,vxworks, 47236,exploits/linux/dos/47236.c,"Linux - Use-After-Free Reads in show_numa_stats()",2019-08-12,"Google Security Research",dos,linux, 47237,exploits/multiple/dos/47237.txt,"WebKit - UXSS via XSLT and Nested Document Replacements",2019-08-12,"Google Security Research",dos,multiple, -47248,exploits/windows/dos/47248.py,"Windows PowerShell - Unsanitized Filename Command Execution",2019-08-14,hyp3rlinx,dos,windows, +47248,exploits/windows/dos/47248.py,"Microsoft Windows PowerShell - Unsanitized Filename Command Execution",2019-08-14,hyp3rlinx,dos,windows, 47254,exploits/linux/dos/47254.txt,"ABC2MTEX 1.6.1 - Command Line Stack Overflow",2019-08-14,"Carter Yagemann",dos,linux, 47257,exploits/multiple/dos/47257.txt,"NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String",2019-08-15,"Google Security Research",dos,multiple, 47259,exploits/windows/dos/47259.txt,"Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators",2019-08-15,"Google Security Research",dos,windows, @@ -6556,6 +6572,7 @@ id,file,description,date,author,type,platform,port 47316,exploits/multiple/dos/47316.txt,"Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform",2019-08-29,"Google Security Research",dos,multiple, 47318,exploits/windows/dos/47318.py,"SQL Server Password Changer 1.90 - Denial of Service",2019-08-30,"Velayutham Selvaraj_ Praveen Thiyagarayam",dos,windows, 47319,exploits/windows/dos/47319.py,"Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service",2019-08-30,"Mohan Ravichandran_ Snazzy Sanoj",dos,windows, +47320,exploits/linux/dos/47320.c,"QEMU - Denial of Service",2019-08-20,vishnudevtj,dos,linux, 47322,exploits/windows/dos/47322.py,"Asus Precision TouchPad 11.0.0.25 - Denial of Service",2019-08-30,"Athanasios Tserpelis",dos,windows, 47328,exploits/windows/dos/47328.py,"VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service",2019-08-30,"James Chamberlain",dos,windows, 47381,exploits/windows/dos/47381.txt,"Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts",2019-09-12,"Google Security Research",dos,windows, @@ -6570,14 +6587,15 @@ id,file,description,date,author,type,platform,port 47451,exploits/multiple/dos/47451.html,"WebKit - Universal XSS in WebCore::command",2019-10-01,"Google Security Research",dos,multiple, 47452,exploits/multiple/dos/47452.html,"WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment",2019-10-01,"Google Security Research",dos,multiple, 47453,exploits/multiple/dos/47453.txt,"WebKit - Universal XSS Using Cached Pages",2019-10-01,"Google Security Research",dos,multiple, +47454,exploits/windows/dos/47454.md,"Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)",2019-09-18,bi7s,dos,windows, 47478,exploits/windows/dos/47478.py,"Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service (PoC)",2019-10-09,"Alessandro Magnosi",dos,windows, 47479,exploits/macos/dos/47479.txt,"XNU - Remote Double-Free via Data Race in IPComp Input Path",2019-10-09,"Google Security Research",dos,macos, -47484,exploits/windows/dos/47484.txt,"Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter",2019-10-10,"Google Security Research",dos,windows, -47485,exploits/windows/dos/47485.txt,"Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, -47486,exploits/windows/dos/47486.txt,"Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, -47487,exploits/windows/dos/47487.txt,"Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, -47488,exploits/windows/dos/47488.txt,"Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, -47489,exploits/windows/dos/47489.txt,"Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, +47484,exploits/windows/dos/47484.txt,"Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter",2019-10-10,"Google Security Research",dos,windows, +47485,exploits/windows/dos/47485.txt,"Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, +47486,exploits/windows/dos/47486.txt,"Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, +47487,exploits/windows/dos/47487.txt,"Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, +47488,exploits/windows/dos/47488.txt,"Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, +47489,exploits/windows/dos/47489.txt,"Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File",2019-10-10,"Google Security Research",dos,windows, 47494,exploits/windows/dos/47494.py,"SpotAuditor 5.3.1.0 - Denial of Service",2019-10-14,"Sanjana shetty",dos,windows, 47495,exploits/windows/dos/47495.py,"ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service",2019-10-14,stresser,dos,windows, 47525,exploits/windows/dos/47525.txt,"winrar 5.80 64bit - Denial of Service",2019-10-21,alblalawi,dos,windows, @@ -6594,6 +6612,7 @@ id,file,description,date,author,type,platform,port 47608,exploits/multiple/dos/47608.txt,"iMessage - Decoding NSSharedKeyDictionary can read ObjC Object at Attacker Controlled Address",2019-11-11,"Google Security Research",dos,multiple, 47609,exploits/windows/dos/47609.txt,"Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream",2019-11-11,"Google Security Research",dos,windows, 47610,exploits/windows/dos/47610.txt,"Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)",2019-11-11,"Google Security Research",dos,windows, +47648,exploits/hardware/dos/47648.txt,"Bematech Printer MP-4200 - Denial of Service",2019-11-12,"Jonatas Fil",dos,hardware, 47657,exploits/hardware/dos/47657.txt,"Siemens Desigo PX 6.00 - Denial of Service (PoC)",2019-11-14,LiquidWorm,dos,hardware, 47662,exploits/windows/dos/47662.txt,"iSmartViewPro 1.3.34 - Denial of Service (PoC)",2019-11-18,"Ivan Marmolejo",dos,windows, 47665,exploits/ios/dos/47665.py,"Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)",2019-11-18,"Luis Martínez",dos,ios, @@ -6617,6 +6636,7 @@ id,file,description,date,author,type,platform,port 47727,exploits/windows/dos/47727.py,"SpotAuditor 5.3.2 - 'Name' Denial of Service",2019-11-29,ZwX,dos,windows, 47728,exploits/windows/dos/47728.py,"Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)",2019-12-02,SajjadBnd,dos,windows, 47732,exploits/windows/dos/47732.py,"Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)",2019-12-02,SajjadBnd,dos,windows, +47744,exploits/hardware/dos/47744.txt,"Cisco WLC 2504 8.9 - Denial of Service (PoC)",2019-12-04,SecuNinja,dos,hardware, 47757,exploits/hardware/dos/47757.py,"Omron PLC 1.0.0 - Denial of Service (PoC)",2019-12-09,n0b0dy,dos,hardware, 47766,exploits/windows/dos/47766.py,"Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)",2019-12-11,SajjadBnd,dos,windows, 47767,exploits/windows/dos/47767.py,"Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)",2019-12-11,SajjadBnd,dos,windows, @@ -6625,8 +6645,9 @@ id,file,description,date,author,type,platform,port 47771,exploits/windows/dos/47771.c,"Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)",2019-12-12,"Nassim Asrir",dos,windows, 47786,exploits/windows/dos/47786.py,"XnView 2.49.1 - 'Research' Denial of Service (PoC)",2019-12-18,ZwX,dos,windows, 47791,exploits/macos/dos/47791.txt,"macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()",2019-12-18,"Google Security Research",dos,macos, -47794,exploits/windows/dos/47794.py,"FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)",2019-12-19,"Chris Inzinga",dos,windows, +47794,exploits/windows/dos/47794.py,"FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)",2019-12-19,"Chris Inzinga",dos,windows, 47797,exploits/windows/dos/47797.c,"Microsoft Windows 10 BasicRender.sys - Denial of Service (PoC)",2019-12-20,vportal,dos,windows, +47800,exploits/php/dos/47800.py,"WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service",2019-12-17,roddux,dos,php, 47839,exploits/windows/dos/47839.py,"MSN Password Recovery 1.30 - Denial of Service (PoC)",2020-01-02,Gokkulraj,dos,windows, 47848,exploits/windows/dos/47848.py,"NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service",2020-01-06,"Ismail Tasdelen",dos,windows, 47853,exploits/windows/dos/47853.py,"NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)",2020-01-06,"Ismail Tasdelen",dos,windows, @@ -6645,7 +6666,7 @@ id,file,description,date,author,type,platform,port 47868,exploits/windows/dos/47868.py,"SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)",2020-01-06,"Ismail Tasdelen",dos,windows, 47869,exploits/windows/dos/47869.py,"SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)",2020-01-06,"Ismail Tasdelen",dos,windows, 47870,exploits/windows/dos/47870.py,"SpotIM 2.2 - 'Name' Denial Of Service",2020-01-06,"Ismail Tasdelen",dos,windows, -47871,exploits/windows/dos/47871.txt,"FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)",2020-01-06,FULLSHADE,dos,windows, +47871,exploits/windows/dos/47871.txt,"FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)",2020-01-06,FULLSHADE,dos,windows, 47873,exploits/windows/dos/47873.py,"Duplicate Cleaner Pro 4 - Denial of Service (PoC)",2020-01-06,stresser,dos,windows, 47878,exploits/windows/dos/47878.txt,"Microsoft Outlook VCF cards - Denial of Service (PoC)",2020-01-06,hyp3rlinx,dos,windows, 47894,exploits/windows/dos/47894.py,"ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)",2020-01-09,ZwX,dos,windows, @@ -6658,6 +6679,7 @@ id,file,description,date,author,type,platform,port 47919,exploits/linux/dos/47919.txt,"Redir 3.3 - Denial of Service (PoC)",2020-01-14,hieubl,dos,linux, 47920,exploits/android/dos/47920.txt,"WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM",2020-01-14,"Google Security Research",dos,android, 47921,exploits/android/dos/47921.txt,"Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN",2020-01-14,"Google Security Research",dos,android, +47929,exploits/multiple/dos/47929.rb,"Tautulli 2.1.9 - Denial of Service (Metasploit)",2020-01-16,"Ismail Tasdelen",dos,multiple, 47937,exploits/windows/dos/47937.py,"APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC)",2020-01-17,"Ismail Tasdelen",dos,windows, 47942,exploits/windows/dos/47942.py,"GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC)",2020-01-17,"Ismail Tasdelen",dos,windows, 47947,exploits/windows/dos/47947.py,"Sysax Multi Server 5.50 - Denial of Service (PoC)",2020-01-20,"Shailesh Kumavat",dos,windows, @@ -6687,8 +6709,10 @@ id,file,description,date,author,type,platform,port 48136,exploits/windows/dos/48136.py,"Odin Secure FTP Expert 7.6.3 - Denial of Service (PoC)",2020-02-25,"berat isler",dos,windows, 48137,exploits/windows/dos/48137.py,"Core FTP LE 2.2 - Denial of Service (PoC)",2020-02-26,"Ismael Nava",dos,windows, 48216,exploits/windows/dos/48216.md,"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Buffer Overflow (PoC)",2020-03-14,eerykitty,dos,windows, +48228,exploits/hardware/dos/48228.txt,"Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)",2020-03-18,FarazPajohan,dos,hardware, 48236,exploits/ios/dos/48236.py,"ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)",2020-03-23,"Ivan Marmolejo",dos,ios, 48237,exploits/windows/dos/48237.txt,"Google Chrome 80.0.3987.87 - Heap-Corruption Remote Denial of Service (PoC)",2020-03-23,"Cem Onat Karagun",dos,windows, +48255,exploits/hardware/dos/48255.py,"TP-Link Archer C50 3 - Denial of Service (PoC)",2020-03-26,thewhiteh4t,dos,hardware, 48259,exploits/windows/dos/48259.py,"Everest 5.50.2100 - 'Open File' Denial of Service (PoC)",2020-03-27,"Ivan Marmolejo",dos,windows, 48269,exploits/windows/dos/48269.py,"FlashFXP 4.2.0 Build 1730 - Denial of Service (PoC)",2020-03-31,"Paras Bhatia",dos,windows, 48276,exploits/windows/dos/48276.py,"DiskBoss 7.7.14 - Denial of Service (PoC)",2020-04-01,"Paras Bhatia",dos,windows, @@ -6702,7 +6726,9 @@ id,file,description,date,author,type,platform,port 48292,exploits/windows/dos/48292.txt,"ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)",2020-04-06,chuyreds,dos,windows, 48301,exploits/linux/dos/48301.py,"dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)",2020-04-07,JosueEncinar,dos,linux, 48302,exploits/windows/dos/48302.py,"ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)",2020-04-07,chuyreds,dos,windows, +48304,exploits/hardware/dos/48304.py,"Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)",2020-04-08,"Jacob Baines",dos,hardware, 48305,exploits/windows/dos/48305.py,"AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)",2020-04-10,chuyreds,dos,windows, +48342,exploits/hardware/dos/48342.txt,"Cisco IP Phone 11.7 - Denial of service (PoC)",2020-04-17,"Jacob Baines",dos,hardware, 3,exploits/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Local Privilege Escalation",2003-03-30,"Wojciech Purczynski",local,linux, 4,exploits/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Local Buffer Overflow",2003-04-01,Andi,local,solaris, 12,exploits/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,local,linux, @@ -7187,7 +7213,7 @@ id,file,description,date,author,type,platform,port 4178,exploits/windows/local/4178.txt,"Symantec AntiVirus - 'symtdi.sys' Local Privilege Escalation",2007-07-12,"Zohiartze Herce",local,windows, 4203,exploits/multiple/local/4203.sql,"Oracle 9i/10g - Evil Views Change Passwords",2007-07-19,bunker,local,multiple, 4204,exploits/windows/local/4204.php,"PHP 5.2.3 - 'snmpget()' Object id Local Buffer Overflow",2007-07-20,shinnai,local,windows, -4218,exploits/windows/local/4218.php,"PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass",2007-07-24,shinnai,local,windows, +4218,exploits/windows/local/4218.php,"PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass",2007-07-24,shinnai,local,windows, 4229,exploits/windows/local/4229.pl,"CrystalPlayer 1.98 - '.mls' Local Buffer Overflow",2007-07-26,"Arham Muhammad",local,windows, 4231,exploits/aix/local/4231.c,"IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation",2007-07-27,qaaz,local,aix, 4232,exploits/aix/local/4232.sh,"IBM AIX 5.3 SP6 - 'pioout' Arbitrary Library Loading Privilege Escalation",2007-07-27,qaaz,local,aix, @@ -8445,7 +8471,6 @@ id,file,description,date,author,type,platform,port 19374,exploits/linux/local/19374.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E 6.1 - 'Lsof' Local Buffer Overflow (2)",1999-02-17,Zhodiac,local,linux, 19376,exploits/windows/local/19376.txt,"Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()",1999-03-08,"Fabien Royer",local,windows, 19417,exploits/osx/local/19417.txt,"Apple Mac OS 8 8.6 - Weak Password Encryption",1999-07-10,"Dawid adix Adamski",local,osx, -19418,exploits/aix/local/19418.txt,"IBM AIX 4.3.1 - 'adb' Denial of Service",1999-07-12,"GZ Apple",local,aix, 19419,exploits/linux/local/19419.c,"Linux Kernel 2.0.37 - Segment Limit Privilege Escalation",1999-07-13,Solar,local,linux, 19422,exploits/linux/local/19422.txt,"BMC Software Patrol 3.2.5 - Patrol SNMP Agent File Creation/Permission",1999-07-14,"Andrew Alness",local,linux, 19425,exploits/windows/local/19425.txt,"Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)",1999-07-19,"Wanderley J. Abreu Jr",local,windows, @@ -9555,7 +9580,7 @@ id,file,description,date,author,type,platform,port 32693,exploits/php/local/32693.php,"suPHP 0.7 - 'suPHP_ConfigPath' / 'Safe_Mode()' Restriction Bypass",2008-12-31,Mr.SaFa7,local,php, 32700,exploits/linux/local/32700.rb,"ibstat $PATH - Local Privilege Escalation (Metasploit)",2014-04-04,Metasploit,local,linux, 32737,exploits/windows/local/32737.pl,"BlazeDVD Pro Player 6.1 - Stack Buffer Overflow Jump ESP",2014-04-08,"Deepak Rathore",local,windows, -32751,exploits/linux_x86-64/local/32751.c,"Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation",2009-01-23,"Chris Evans",local,linux_x86-64, +32751,exploits/linux_x86-64/local/32751.c,"Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation",2009-01-23,"Chris Evans",local,linux_x86-64, 32752,exploits/windows/local/32752.rb,"WinRAR - Filename Spoofing (Metasploit)",2014-04-08,Metasploit,local,windows, 32771,exploits/windows/local/32771.txt,"Kaspersky (Multiple Products) - 'klim5.sys' Local Privilege Escalation",2009-02-02,"Ruben Santamarta",local,windows, 32778,exploits/windows/local/32778.pl,"Password Door 8.4 - Local Buffer Overflow",2009-02-05,b3hz4d,local,windows, @@ -10212,7 +10237,7 @@ id,file,description,date,author,type,platform,port 41763,exploits/linux/local/41763.txt,"Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation",2016-11-22,halfdog,local,linux, 41764,exploits/linux/local/41764.txt,"NTP - Local Privilege Escalation",2016-01-21,halfdog,local,linux, 41765,exploits/linux/local/41765.txt,"Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation",2015-03-12,halfdog,local,linux, -41766,exploits/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation",2012-10-19,halfdog,local,linux, +41766,exploits/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation",2012-10-19,halfdog,local,linux, 41770,exploits/linux/local/41770.txt,"Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation",2011-01-17,halfdog,local,linux, 41771,exploits/windows/local/41771.py,"Disk Sorter Enterprise 9.5.12 - 'Import Command' Local Buffer Overflow",2017-03-29,"Daniel Teixeira",local,windows, 41772,exploits/windows/local/41772.py,"DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow",2017-03-29,"Daniel Teixeira",local,windows, @@ -10423,9 +10448,7 @@ id,file,description,date,author,type,platform,port 44452,exploits/linux/local/44452.py,"GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation",2018-04-06,Pirhack,local,linux, 44455,exploits/windows/local/44455.py,"SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)",2018-04-16,"Hashim Jawad",local,windows, 44470,exploits/windows/local/44470.py,"CloudMe Sync 1.11.0 - Local Buffer Overflow",2018-04-16,"Prasenjit Kanti Paul",local,windows, -44472,exploits/windows_x86/local/44472.py,"Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC",2018-04-17,jollymongrel,local,windows_x86, -44474,exploits/windows/local/44474.txt,"Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, -44475,exploits/windows/local/44475.txt,"Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service",2018-04-17,"Sahil Tikoo",local,windows, +44472,exploits/windows_x86/local/44472.py,"Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)",2018-04-17,jollymongrel,local,windows_x86, 44476,exploits/windows/local/44476.py,"AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution",2018-04-15,Securifera,local,windows, 44477,exploits/windows/local/44477.py,"Reaper 5.78 - Local Buffer Overflow",2018-04-17,bzyo,local,windows, 44478,exploits/windows_x86/local/44478.cpp,"Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation",2018-03-26,xiaodaozhi,local,windows_x86, @@ -10518,7 +10541,6 @@ id,file,description,date,author,type,platform,port 45101,exploits/windows/local/45101.py,"Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)",2018-07-30,"Shubham Singh",local,windows, 45120,exploits/windows/local/45120.py,"Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)",2018-08-01,"Shubham Singh",local,windows, 45107,exploits/macos/local/45107.txt,"Charles Proxy 4.2 - Local Privilege Escalation",2018-07-30,"Mark Wadham",local,macos, -45137,exploits/windows/local/45137.py,"AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)",2018-08-02,"Luis Martínez",local,windows, 45130,exploits/linux/local/45130.py,"Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation",2018-08-02,0x09AL,local,linux, 45132,exploits/linux/local/45132.rb,"SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)",2018-08-02,0x09AL,local,linux, 45142,exploits/windows/local/45142.py,"Wedding Slideshow Studio 1.36 - Buffer Overflow",2018-08-03,Achilles,local,windows, @@ -10534,12 +10556,10 @@ id,file,description,date,author,type,platform,port 45181,exploits/windows_x86/local/45181.py,"Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow",2018-08-13,"Shubham Singh",local,windows_x86, 45184,exploits/linux/local/45184.sh,"PostgreSQL 9.4-0.5.3 - Privilege Escalation",2018-08-13,"Johannes Segitz",local,linux, 45192,exploits/android/local/45192.txt,"Android - Directory Traversal over USB via Injection in blkid Output",2018-08-13,"Google Security Research",local,android, -45194,exploits/windows_x86-64/local/45194.py,"Wansview 1.0.2 - Denial of Service (PoC)",2018-08-14,"Gionathan Reale",local,windows_x86-64, 45205,exploits/linux/local/45205.txt,"WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)",2018-08-16,PeregrineX,local,linux, 45235,exploits/windows_x86/local/45235.py,"Project64 2.3.2 - Buffer Overflow (SEH)",2018-08-22,"Shubham Singh",local,windows_x86, 45243,exploits/linux/local/45243.txt,"Ghostscript - Multiple Vulnerabilities",2018-08-22,"Google Security Research",local,linux, 45244,exploits/windows/local/45244.txt,"Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation",2018-08-22,"Atredis Partners",local,windows, -45250,exploits/windows_x86/local/45250.py,"StyleWriter 4 1.0 - Denial of Service (PoC)",2018-08-23,"Gionathan Reale",local,windows_x86, 45259,exploits/windows_x86/local/45259.py,"CuteFTP 5.0 - Buffer Overflow",2018-08-27,"Matteo Malvica",local,windows_x86, 45269,exploits/windows/local/45269.rb,"Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)",2018-08-27,Metasploit,local,windows, 45280,exploits/windows/local/45280.txt,"Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation",2018-08-28,SandboxEscaper,local,windows, @@ -10555,7 +10575,6 @@ id,file,description,date,author,type,platform,port 45353,exploits/windows_x86/local/45353.py,"Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)",2018-09-10,"Shubham Singh",local,windows_x86, 45354,exploits/windows/local/45354.txt,"Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection",2018-09-10,hyp3rlinx,local,windows, 45355,exploits/windows_x86/local/45355.py,"Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)",2018-09-10,"Shubham Singh",local,windows_x86, -45356,exploits/windows_x86/local/45356.py,"Any Sound Recorder 2.93 - Denial of Service (PoC)",2018-09-10,T3jv1l,local,windows_x86, 45369,exploits/linux/local/45369.rb,"Ghostscript - Failed Restore Command Execution (Metasploit)",2018-09-10,Metasploit,local,linux, 45372,exploits/linux/local/45372.txt,"VirtualBox 5.2.6.r120293 - VM Escape",2018-08-28,"Reno Robert",local,linux, 45378,exploits/windows_x86-64/local/45378.py,"InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)",2018-09-11,"Luis Martínez",local,windows_x86-64, @@ -10575,7 +10594,6 @@ id,file,description,date,author,type,platform,port 45497,exploits/linux/local/45497.txt,"Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation",2018-09-26,"Google Security Research",local,linux, 45501,exploits/windows/local/45501.txt,"EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation",2018-09-27,"Osanda Malith Jayathissa",local,windows, 45503,exploits/windows_x86-64/local/45503.txt,"PCProtect 4.8.35 - Privilege Escalation",2018-09-28,"Hashim Jawad",local,windows_x86-64, -45504,exploits/windows_x86/local/45504.py,"Snes9K 0.0.9z - Denial of Service (PoC)",2018-10-01,crash_manucoot,local,windows_x86, 45505,exploits/windows_x86/local/45505.py,"Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)",2018-10-01,SPARC,local,windows_x86, 45516,exploits/linux/local/45516.c,"Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation",2018-09-26,"Qualys Corporation",local,linux, 45528,exploits/linux/local/45528.txt,"virtualenv 16.0.0 - Sandbox Escape",2018-10-04,vr_system,local,linux, @@ -10774,7 +10792,7 @@ id,file,description,date,author,type,platform,port 46973,exploits/linux/local/46973.md,"Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution",2019-06-04,Arminius,local,linux, 46976,exploits/windows/local/46976.txt,"Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)",2019-06-07,SandboxEscaper,local,windows, 46978,exploits/linux/local/46978.sh,"Ubuntu 18.04 - 'lxd' Privilege Escalation",2019-06-10,s4vitar,local,linux, -46988,exploits/windows/local/46988.txt,"Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation",2019-06-13,PovlTekstTV,local,windows, +46988,exploits/windows/local/46988.txt,"Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation",2019-06-13,PovlTekstTV,local,windows, 46989,exploits/linux/local/46989.sh,"CentOS 7.6 - 'ptrace_scope' Privilege Escalation",2019-06-14,s4vitar,local,linux, 46991,exploits/windows/local/46991.py,"Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow",2019-06-14,"Nipun Jaswal",local,windows, 46996,exploits/linux/local/46996.sh,"Exim 4.87 - 4.91 - Local Privilege Escalation",2019-06-17,"Marco Ivaldi",local,linux, @@ -10791,7 +10809,7 @@ id,file,description,date,author,type,platform,port 47126,exploits/windows/local/47126.py,"DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)",2019-07-16,"Xavi Beltran",local,windows, 47128,exploits/windows/local/47128.rb,"Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)",2019-07-16,Metasploit,local,windows, 47133,exploits/linux/local/47133.txt,"Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME",2019-07-17,"Google Security Research",local,linux, -47134,exploits/windows/local/47134.rb,"Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)",2019-07-17,Metasploit,local,windows, +47134,exploits/windows/local/47134.rb,"Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)",2019-07-17,Metasploit,local,windows, 47135,exploits/windows/local/47135.txt,"Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation",2019-07-18,"Google Security Research",local,windows, 47149,exploits/linux/local/47149.txt,"Comtrend-AR-5310 - Restricted Shell Escape",2019-07-22,"AMRI Amine",local,linux, 47163,exploits/linux/local/47163.c,"Linux Kernel 4.10 < 5.1.17 - 'PTRACE_TRACEME' pkexec Local Privilege Escalation",2019-07-24,bcoles,local,linux, @@ -10799,7 +10817,7 @@ id,file,description,date,author,type,platform,port 47165,exploits/linux/local/47165.sh,"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (dbus Method)",2019-01-04,bcoles,local,linux, 47166,exploits/linux/local/47166.sh,"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)",2018-11-21,bcoles,local,linux, 47167,exploits/linux/local/47167.sh,"Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (polkit Method)",2019-01-04,bcoles,local,linux, -47168,exploits/linux/local/47168.c,"Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation",2018-12-29,bcoles,local,linux, +47168,exploits/linux/local/47168.c,"Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation",2018-12-29,bcoles,local,linux, 47169,exploits/linux/local/47169.c,"Linux Kernel < 4.4.0/ < 4.8.0 (Ubuntu 14.04/16.04 / Linux Mint 17/18 / Zorin) - Local Privilege Escalation (KASLR / SMEP)",2018-12-29,bcoles,local,linux, 47170,exploits/linux/local/47170.c,"Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2018-12-29,bcoles,local,linux, 47171,exploits/multiple/local/47171.sh,"VMware Workstation/Player < 12.5.5 - Local Privilege Escalation",2018-12-30,bcoles,local,multiple, @@ -10813,7 +10831,7 @@ id,file,description,date,author,type,platform,port 47238,exploits/windows/local/47238.ps1,"Steam Windows Client - Local Privilege Escalation",2019-08-12,AbsoZed,local,windows, 47253,exploits/windows/local/47253.cpp,"Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion",2019-08-14,"Abdelhamid Naceri",local,windows, 47258,exploits/windows/local/47258.txt,"Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities",2019-08-15,"Google Security Research",local,windows, -47306,exploits/windows/local/47306.txt,"Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass",2019-08-26,"Google Security Research",local,windows, +47306,exploits/windows/local/47306.txt,"Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass",2019-08-26,"Google Security Research",local,windows, 47307,exploits/linux/local/47307.rb,"Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)",2019-08-26,Metasploit,local,linux, 47321,exploits/android/local/47321.txt,"Canon PRINT 2.5.5 - Information Disclosure",2019-08-30,0x48piraj,local,android, 47332,exploits/windows/local/47332.py,"ChaosPro 2.0 - SEH Buffer Overflow",2019-09-02,"Jonathan Crosby",local,windows, @@ -10822,16 +10840,15 @@ id,file,description,date,author,type,platform,port 47341,exploits/windows/local/47341.txt,"Kaseya VSA agent 9.5 - Privilege Escalation",2019-09-02,NF,local,windows, 47344,exploits/linux/local/47344.rb,"ktsuss 1.4 - suid Privilege Escalation (Metasploit)",2019-09-03,Metasploit,local,linux, 47345,exploits/linux/local/47345.rb,"ptrace - Sudo Token Privilege Escalation (Metasploit)",2019-09-03,Metasploit,local,linux, -47357,exploits/windows/local/47357.py,"Windows NTFS - Privileged File Access Enumeration",2019-09-06,hyp3rlinx,local,windows, -47377,exploits/windows/local/47377.rb,"Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)",2019-09-10,Metasploit,local,windows, -47378,exploits/windows/local/47378.rb,"Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)",2019-09-10,Metasploit,local,windows, +47357,exploits/windows/local/47357.py,"Microsoft Windows NTFS - Privileged File Access Enumeration",2019-09-06,hyp3rlinx,local,windows, +47377,exploits/windows/local/47377.rb,"Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)",2019-09-10,Metasploit,local,windows, +47378,exploits/windows/local/47378.rb,"Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)",2019-09-10,Metasploit,local,windows, 47389,exploits/windows/local/47389.txt,"AppXSvc - Privilege Escalation",2019-09-16,"Gabor Seljan",local,windows, 47394,exploits/windows/local/47394.py,"docPrint Pro 8.0 - SEH Buffer Overflow",2019-09-16,"Connor McGarr",local,windows, 47400,exploits/macos/local/47400.md,"macOS 18.7.0 Kernel - Local Privilege Escalation",2019-09-19,A2nkF,local,macos, 47421,exploits/linux/local/47421.rb,"ABRT - sosreport Privilege Escalation (Metasploit)",2019-09-25,Metasploit,local,linux, 47429,exploits/windows/local/47429.py,"Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)",2019-09-27,"Xavi Beltran",local,windows, 47444,exploits/windows/local/47444.py,"DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)",2019-10-01,"Xavi Beltran",local,windows, -47454,exploits/windows/local/47454.md,"Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)",2019-09-18,bi7s,local,windows, 47463,exploits/android/local/47463.txt,"Android - Binder Driver Use-After-Free",2019-10-04,"Google Security Research",local,android, 47466,exploits/linux/local/47466.c,"logrotten 3.15.1 - Privilege Escalation",2019-10-07,"Wolfgang Hotwagner",local,linux, 47468,exploits/windows_x86-64/local/47468.py,"ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow (DEP)",2019-10-07,max7253,local,windows_x86-64, @@ -10871,7 +10888,7 @@ id,file,description,date,author,type,platform,port 47597,exploits/windows/local/47597.txt,"Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path",2019-11-07,"Mariela L Martínez Hdez",local,windows, 47599,exploits/windows/local/47599.txt,"SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path",2019-11-08,"Carlos A Garcia R",local,windows, 47601,exploits/android/local/47601.rb,"Android Janus - APK Signature Bypass (Metasploit)",2019-11-08,Metasploit,local,android, -47604,exploits/windows/local/47604.txt,"_GCafé 3.0 - 'gbClienService' Unquoted Service Path",2019-11-11,4ll4u,local,windows, +47604,exploits/windows/local/47604.txt,"_GCafé 3.0 - 'gbClienService' Unquoted Service Path",2019-11-11,4ll4u,local,windows, 47605,exploits/windows/local/47605.txt,"Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path",2019-11-11,"Héctor Gabriel Chimecatl Hernández",local,windows, 47606,exploits/xml/local/47606.txt,"XML Notepad 2.8.0.4 - XML External Entity Injection",2019-11-11,daejinoh,local,xml, 47615,exploits/windows/local/47615.txt,"Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path",2019-11-12,"Alejandra Sánchez",local,windows, @@ -10879,7 +10896,7 @@ id,file,description,date,author,type,platform,port 47637,exploits/windows/local/47637.txt,"Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path",2019-11-12,"Mario Rodriguez",local,windows, 47642,exploits/windows/local/47642.txt,"RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path",2019-11-12,chuyreds,local,windows, 47645,exploits/windows/local/47645.py,"Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)",2019-11-12,sasaga92,local,windows, -47647,exploits/windows/local/47647.txt,"Wondershare Application Framework Service - _WsAppService_ Unquote Service Path",2019-11-12,chuyreds,local,windows, +47647,exploits/windows/local/47647.txt,"Wondershare Application Framework Service - _WsAppService_ Unquote Service Path",2019-11-12,chuyreds,local,windows, 47656,exploits/windows/local/47656.txt,"ScanGuard Antivirus 2020 - Insecure Folder Permissions",2019-11-13,hyp3rlinx,local,windows, 47658,exploits/windows/local/47658.txt,"oXygen XML Editor 21.1.1 - XML External Entity Injection",2019-11-14,"Pablo Santiago",local,windows, 47660,exploits/windows/local/47660.txt,"Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path",2019-11-15,D.Goedecke,local,windows, @@ -10892,8 +10909,8 @@ id,file,description,date,author,type,platform,port 47684,exploits/windows/local/47684.md,"Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation",2019-11-14,TomahawkAPT69,local,windows, 47685,exploits/windows_x86-64/local/47685.txt,"DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'",2019-11-03,Mumbai,local,windows_x86-64, 47687,exploits/linux/local/47687.py,"ClamAV < 0.102.0 - 'bytecode_vm' Code Execution",2019-11-02,anonymous,local,linux, -47695,exploits/windows/local/47695.rb,"Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)",2019-11-20,Metasploit,local,windows, -47696,exploits/windows/local/47696.rb,"Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)",2019-11-20,Metasploit,local,windows, +47695,exploits/windows/local/47695.rb,"Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)",2019-11-20,Metasploit,local,windows, +47696,exploits/windows/local/47696.rb,"Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)",2019-11-20,Metasploit,local,windows, 47701,exploits/unix/local/47701.rb,"Xorg X11 Server - Local Privilege Escalation (Metasploit)",2019-11-20,Metasploit,local,unix, 47703,exploits/linux/local/47703.txt,"GNU Mailutils 3.7 - Privilege Escalation",2019-11-21,"Mike Gualtieri",local,linux, 47705,exploits/windows/local/47705.txt,"ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path",2019-11-22,ZwX,local,windows, @@ -10905,7 +10922,7 @@ id,file,description,date,author,type,platform,port 47714,exploits/windows/local/47714.md,"VMware WorkStation 12.5.5 - Virtual Machine Escape",2017-08-08,unamer,local,windows, 47715,exploits/windows/local/47715.md,"VMware WorkStation 12.5.3 - Virtual Machine Escape",2019-06-06,unamer,local,windows, 47724,exploits/windows/local/47724.txt,"TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path",2019-11-29,"Cristian Ayala G",local,windows, -47726,exploits/linux/local/47726.sh,"Bash 5.0 Patch 11 - SUID Priv Drop Exploit",2019-11-29,"Mohin Paramasivam",local,linux, +47726,exploits/linux/local/47726.sh,"Bash 5.0 Patch 11 - SUID Priv Drop Exploit",2019-11-29,"Mohin Paramasivam",local,linux, 47729,exploits/xml/local/47729.txt,"Visual Studio 2008 - XML External Entity Injection",2019-12-02,hyp3rlinx,local,xml, 47733,exploits/windows/local/47733.txt,"Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions",2019-12-02,hyp3rlinx,local,windows, 47734,exploits/windows/local/47734.py,"Anviz CrossChex 4.3.12 - Local Buffer Overflow",2019-12-02,"Luis Catarino",local,windows, @@ -10939,7 +10956,7 @@ id,file,description,date,author,type,platform,port 47838,exploits/windows/local/47838.txt,"Microsoft Windows .Group File - Code Execution",2020-01-01,hyp3rlinx,local,windows, 47845,exploits/windows/local/47845.txt,"Plantronics Hub 3.13.2 - Local Privilege Escalation",2020-01-03,Markus,local,windows, 47852,exploits/windows/local/47852.txt,"Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path",2020-01-06,ZwX,local,windows, -47880,exploits/windows/local/47880.cc,"Windows - Shell COM Server Registrar Local Privilege Escalation",2020-01-02,0vercl0k,local,windows, +47880,exploits/windows/local/47880.cc,"Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation",2020-01-02,0vercl0k,local,windows, 47883,exploits/windows/local/47883.txt,"AnyDesk 5.4.0 - Unquoted Service Path",2020-01-07,SajjadBnd,local,windows, 47896,exploits/xml/local/47896.txt,"MSN Password Recovery 1.30 - XML External Entity Injection",2020-01-09,ZwX,local,xml, 47897,exploits/windows/local/47897.txt,"TotalAV 2020 4.14.31 - Privilege Escalation",2020-01-10,"Kusol Watchara-Apanukorn",local,windows, @@ -10986,7 +11003,7 @@ id,file,description,date,author,type,platform,port 48068,exploits/windows/local/48068.txt,"HomeGuard Pro 9.3.1 - Insecure Folder Permissions",2020-02-14,boku,local,windows, 48069,exploits/windows/local/48069.txt,"EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path",2020-02-14,"Roberto Piña",local,windows, 48070,exploits/windows/local/48070.txt,"SprintWork 2.3.1 - Local Privilege Escalation",2020-02-14,boku,local,windows, -48071,exploits/windows/local/48071.md,"Windows Kernel - Information Disclosure",2020-01-27,Bitdefender,local,windows, +48071,exploits/windows/local/48071.md,"Microsoft Windows Kernel - Information Disclosure",2020-01-27,Bitdefender,local,windows, 48072,exploits/php/local/48072.php,"PHP 7.0 < 7.4 (Unix) - 'debug_backtrace' disable_functions Bypass",2020-01-30,mm0r1,local,php, 48075,exploits/windows/local/48075.txt,"HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path",2020-02-17,"Roberto Piña",local,windows, 48078,exploits/windows/local/48078.txt,"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path",2020-02-17,boku,local,windows, @@ -11041,8 +11058,8 @@ id,file,description,date,author,type,platform,port 48378,exploits/windows/local/48378.txt,"Popcorn Time 6.2 - 'Update service' Unquoted Service Path",2020-04-24,"Uriel Yochpaz",local,windows, 48387,exploits/macos/local/48387.txt,"Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution",2020-04-27,0xEmma,local,macos, 48388,exploits/windows/local/48388.rb,"Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)",2020-04-28,Metasploit,local,windows, -48391,exploits/windows/local/48391.txt,"NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path",2020-04-28,"Roberto Piña",local,windows, -48396,exploits/windows/local/48396.txt,"Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path",2020-04-29,"Roberto Piña",local,windows, +48391,exploits/windows/local/48391.txt,"NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path",2020-04-28,"Roberto Piña",local,windows, +48396,exploits/windows/local/48396.txt,"Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path",2020-04-29,"Roberto Piña",local,windows, 48397,exploits/windows/local/48397.txt,"Internet Download Manager 6.37.11.1 - Stack Buffer Overflow (PoC)",2020-04-29,Vulnerability-Lab,local,windows, 48398,exploits/windows/local/48398.txt,"EmEditor 19.8 - Insecure File Permissions",2020-04-29,SajjadBnd,local,windows, 48400,exploits/windows/local/48400.txt,"Druva inSync Windows Client 6.5.2 - Local Privilege Escalation",2020-04-29,"Chris Lyne",local,windows, @@ -12068,7 +12085,7 @@ id,file,description,date,author,type,platform,port 6537,exploits/windows/remote/6537.html,"Chilkat XML - ActiveX Arbitrary File Creation/Execution",2008-09-23,shinnai,remote,windows, 6548,exploits/windows/remote/6548.html,"BurnAware - NMSDVDXU ActiveX Arbitrary File Creation/Execution",2008-09-24,shinnai,remote,windows, 6570,exploits/windows/remote/6570.rb,"ICONICS Vessel / Gauge / Switch 8.02.140 - ActiveX Buffer Overflow (Metasploit)",2008-09-25,"Kevin Finisterre",remote,windows, -6600,exploits/windows/remote/6600.html,"Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service",2008-09-27,e.wiZz!,remote,windows, +6600,exploits/windows/remote/6600.html,"Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service",2008-09-27,e.wiZz!,remote,windows, 6630,exploits/windows/remote/6630.html,"Autodesk DWF Viewer Control / LiveUpdate Module - Remote Code Execution",2008-09-30,Nine:Situations:Group,remote,windows, 6638,exploits/windows/remote/6638.html,"GdPicture Pro - ActiveX 'gdpicture4s.ocx' File Overwrite / Exec",2008-09-30,EgiX,remote,windows, 6656,exploits/windows/remote/6656.txt,"Microsoft Windows - GDI (EMR_COLORMATCHTOTARGETW) (MS08-021)",2008-10-02,Ac!dDrop,remote,windows, @@ -14532,7 +14549,6 @@ id,file,description,date,author,type,platform,port 21602,exploits/linux/remote/21602.txt,"icecast server 1.3.12 - Directory Traversal Information Disclosure",2002-07-09,glaive,remote,linux, 21603,exploits/multiple/remote/21603.txt,"iPlanet Web Server 4.1 - Search Component File Disclosure",2002-07-09,"Qualys Corporation",remote,multiple, 21604,exploits/linux/remote/21604.txt,"Apache Tomcat 4.0.3 - Servlet Mapping Cross-Site Scripting",2002-07-10,"Matt Moore",remote,linux, -21605,exploits/windows/remote/21605.txt,"Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting",2002-07-10,"Matt Moore",remote,windows, 21606,exploits/windows/remote/21606.txt,"Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation",2002-07-10,"Thor Larholm",remote,windows, 21607,exploits/windows/remote/21607.txt,"GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal",2002-07-10,"Matt Moore",remote,windows, 21608,exploits/windows/remote/21608.txt,"GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting",2002-07-10,"Matt Moore",remote,windows, @@ -17623,7 +17639,7 @@ id,file,description,date,author,type,platform,port 42030,exploits/windows_x86-64/remote/42030.py,"Microsoft Windows 8/8.1/2012 R2 (x64) - 'EternalBlue' SMB Remote Code Execution (MS17-010)",2017-05-17,sleepya,remote,windows_x86-64,445 42022,exploits/windows/remote/42022.rb,"Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)",2017-05-17,Metasploit,remote,windows, 42023,exploits/windows/remote/42023.rb,"Serviio Media Server - checkStreamUrl Command Execution (Metasploit)",2017-05-17,Metasploit,remote,windows,23423 -42024,exploits/php/remote/42024.rb,"WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)",2017-05-17,Metasploit,remote,php, +42024,exploits/php/remote/42024.rb,"WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)",2017-05-17,Metasploit,remote,php, 42025,exploits/php/remote/42025.rb,"BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)",2017-05-17,Metasploit,remote,php,80 42026,exploits/xml/remote/42026.py,"Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution",2017-05-17,"Ambionics Security",remote,xml, 42031,exploits/windows/remote/42031.py,"Microsoft Windows 7/2008 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)",2017-05-17,sleepya,remote,windows,445 @@ -17947,7 +17963,7 @@ id,file,description,date,author,type,platform,port 46645,exploits/python/remote/46645.py,"PhreeBooks ERP 5.2.3 - Remote Command Execution",2019-04-03,"Metin Yunus Kandemir",remote,python,80 46654,exploits/multiple/remote/46654.html,"Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion",2019-04-03,"Google Security Research",remote,multiple, 46655,exploits/hardware/remote/46655.rb,"Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)",2019-04-03,Metasploit,remote,hardware, -46662,exploits/php/remote/46662.rb,"WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)",2019-04-05,Metasploit,remote,php,80 +46662,exploits/php/remote/46662.rb,"WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)",2019-04-05,Metasploit,remote,php,80 46675,exploits/multiple/remote/46675.py,"QNAP Netatalk < 3.1.12 - Authentication Bypass",2019-04-08,muts,remote,multiple, 46677,exploits/php/remote/46677.php,"PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write",2019-02-27,cfreal,remote,php, 46678,exploits/hardware/remote/46678.py,"TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow",2019-04-09,"Grzegorz Wypych",remote,hardware,80 @@ -17971,7 +17987,7 @@ id,file,description,date,author,type,platform,port 46782,exploits/windows/remote/46782.rb,"AIS logistics ESEL-Server - Unauthenticated SQL Injection Remote Code Execution (Metasploit)",2019-04-30,Metasploit,remote,windows, 46783,exploits/php/remote/46783.rb,"Pimcore < 5.71 - Unserialize Remote Code Execution (Metasploit)",2019-04-30,Metasploit,remote,php, 46785,exploits/linux/remote/46785.rb,"Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)",2019-05-02,Metasploit,remote,linux,3000 -46790,exploits/windows/remote/46790.txt,"Windows PowerShell ISE - Remote Code Execution",2019-05-03,hyp3rlinx,remote,windows, +46790,exploits/windows/remote/46790.txt,"Microsoft Windows PowerShell ISE - Remote Code Execution",2019-05-03,hyp3rlinx,remote,windows, 46792,exploits/linux/remote/46792.py,"Blue Angel Software Suite - Command Execution",2019-05-03,"Paolo Serracino_ Pietro Minniti_ Damiano Proietti",remote,linux, 46795,exploits/hardware/remote/46795.rb,"LG Supersign EZ CMS - Remote Code Execution (Metasploit)",2019-05-06,"Alejandro Fanjul",remote,hardware,9080 46797,exploits/windows/remote/46797.py,"Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)",2019-05-06,ElSoufiane,remote,windows,80 @@ -18023,7 +18039,6 @@ id,file,description,date,author,type,platform,port 47256,exploits/php/remote/47256.rb,"Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)",2019-08-14,"Ege Balci",remote,php, 47298,exploits/multiple/remote/47298.rb,"LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)",2019-08-21,LoadLow,remote,multiple, 47313,exploits/multiple/remote/47313.txt,"Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities",2019-08-21,"Pedro Ribeiro",remote,multiple, -47320,exploits/linux/remote/47320.c,"QEMU - Denial of Service",2019-08-20,vishnudevtj,remote,linux, 47329,exploits/hardware/remote/47329.pl,"Cisco Email Security Appliance (IronPort) C160 - 'Host' Header Injection",2019-09-02,"Todor Donev",remote,hardware, 47337,exploits/hardware/remote/47337.pl,"IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read",2019-09-02,"Todor Donev",remote,hardware, 47346,exploits/unix/remote/47346.rb,"Cisco UCS Director - default scpuser password (Metasploit)",2019-09-03,Metasploit,remote,unix,22 @@ -18101,7 +18116,6 @@ id,file,description,date,author,type,platform,port 48214,exploits/hardware/remote/48214.py,"Drobo 5N2 4.1.1 - Remote Command Injection",2020-03-13,"Ian Sindermann",remote,hardware, 48223,exploits/linux/remote/48223.rb,"Rconfig 3.x - Chained Remote Code Execution (Metasploit)",2020-03-17,Metasploit,remote,linux, 48224,exploits/multiple/remote/48224.rb,"ManageEngine Desktop Central - Java Deserialization (Metasploit)",2020-03-17,Metasploit,remote,multiple, -48228,exploits/hardware/remote/48228.txt,"Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)",2020-03-18,FarazPajohan,remote,hardware, 48233,exploits/multiple/remote/48233.py,"Broadcom Wi-Fi Devices - 'KR00K Information Disclosure",2020-03-18,"Maurizio S",remote,multiple, 48239,exploits/multiple/remote/48239.txt,"CyberArk PSMP 10.9.1 - Policy Restriction Bypass",2020-03-23,"LAHBAL Said",remote,multiple, 48268,exploits/linux/remote/48268.go,"Multiple DrayTek Products - Pre-authentication Remote Root Code Execution",2020-03-30,0xsha,remote,linux, @@ -18143,7 +18157,7 @@ id,file,description,date,author,type,platform,port 465,exploits/php/webapps/465.pl,"PHP-Nuke - SQL Injection Edit/Save Messages",2004-09-16,iko94,webapps,php, 561,exploits/php/webapps/561.sh,"S9Y Serendipity 0.7-beta1 - SQL Injection",2004-09-28,aCiDBiTS,webapps,php, 565,exploits/php/webapps/565.txt,"Silent Storm Portal - Multiple Vulnerabilities",2004-09-30,"CHT Security Research",webapps,php, -570,exploits/php/webapps/570.txt,"WordPress 1.2 - HTTP Splitting",2004-10-10,"Tenable NS",webapps,php, +570,exploits/php/webapps/570.txt,"WordPress Core 1.2 - HTTP Splitting",2004-10-10,"Tenable NS",webapps,php, 574,exploits/php/webapps/574.txt,"ocPortal 1.0.3 - Remote File Inclusion",2004-10-13,Exoduks,webapps,php, 630,exploits/php/webapps/630.pl,"UBBCentral UBB.Threads 6.2.x < 6.3x - One Char Brute Force",2004-11-15,RusH,webapps,php, 631,exploits/php/webapps/631.txt,"vBulletin - 'LAST.php' SQL Injection",2004-11-15,anonymous,webapps,php, @@ -18228,7 +18242,7 @@ id,file,description,date,author,type,platform,port 1023,exploits/php/webapps/1023.pl,"MyBloggie 2.1.1 < 2.1.2 - SQL Injection",2005-05-31,"Alberto Trivero",webapps,php, 1030,exploits/php/webapps/1030.pl,"PostNuke 0.750 - 'readpmsg.php' SQL Injection",2005-06-05,K-C0d3r,webapps,php, 1031,exploits/php/webapps/1031.pl,"Portail PHP < 1.3 - SQL Injection",2005-06-06,"Alberto Trivero",webapps,php, -1033,exploits/php/webapps/1033.pl,"WordPress 1.5.1.1 - SQL Injection",2005-06-22,"Alberto Trivero",webapps,php, +1033,exploits/php/webapps/1033.pl,"WordPress Core 1.5.1.1 - SQL Injection",2005-06-22,"Alberto Trivero",webapps,php, 1036,exploits/php/webapps/1036.php,"Invision Power Board 1.3.1 - 'login.php' SQL Injection",2005-06-08,anonymous,webapps,php, 1039,exploits/cgi/webapps/1039.pl,"Webhints 1.03 - Remote Command Execution (Perl) (1)",2005-06-11,Alpha_Programmer,webapps,cgi, 1040,exploits/cgi/webapps/1040.c,"Webhints 1.03 - Remote Command Execution (C) (2)",2005-06-11,Alpha_Programmer,webapps,cgi, @@ -18241,7 +18255,7 @@ id,file,description,date,author,type,platform,port 1053,exploits/php/webapps/1053.pl,"Claroline E-Learning 1.6 - Remote Hash SQL Injection (2)",2005-06-19,K-C0d3r,webapps,php, 1057,exploits/php/webapps/1057.pl,"Simple Machines Forum (SMF) 1.0.4 - 'modify' SQL Injection",2005-06-21,"GulfTech Security",webapps,php, 1058,exploits/php/webapps/1058.pl,"MercuryBoard 1.1.4 - SQL Injection",2005-06-21,RusH,webapps,php, -1059,exploits/php/webapps/1059.pl,"WordPress 1.5.1.1 - 'add new admin' SQL Injection",2005-06-21,RusH,webapps,php, +1059,exploits/php/webapps/1059.pl,"WordPress Core 1.5.1.1 - 'add new admin' SQL Injection",2005-06-21,RusH,webapps,php, 1060,exploits/php/webapps/1060.pl,"Forum Russian Board 4.2 - Full Command Execution",2005-06-21,RusH,webapps,php, 1061,exploits/php/webapps/1061.pl,"Mambo 4.5.2.1 - SQL Injection",2005-06-21,RusH,webapps,php, 1062,exploits/php/webapps/1062.pl,"Cacti 0.8.6d - Remote Command Execution",2005-06-22,"Alberto Trivero",webapps,php, @@ -18250,7 +18264,7 @@ id,file,description,date,author,type,platform,port 1070,exploits/asp/webapps/1070.pl,"ASPNuke 0.80 - 'article.asp' SQL Injection",2005-06-27,mh_p0rtal,webapps,asp, 1071,exploits/asp/webapps/1071.pl,"ASPNuke 0.80 - 'comment_post.asp' SQL Injection",2005-06-27,"Alberto Trivero",webapps,asp, 1076,exploits/php/webapps/1076.py,"phpBB 2.0.15 - 'highlight' PHP Remote Code Execution",2005-06-29,rattle,webapps,php, -1077,exploits/php/webapps/1077.pl,"WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection",2005-06-30,"GulfTech Security",webapps,php, +1077,exploits/php/webapps/1077.pl,"WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection",2005-06-30,"GulfTech Security",webapps,php, 1078,exploits/php/webapps/1078.pl,"XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection",2005-07-01,ilo--,webapps,php, 1080,exploits/php/webapps/1080.pl,"phpBB 2.0.15 - 'highlight' Database Authentication Details",2005-07-03,SecureD,webapps,php, 1082,exploits/php/webapps/1082.pl,"XOOPS 2.0.11 - 'xmlrpc.php' SQL Injection",2005-07-04,RusH,webapps,php, @@ -18269,8 +18283,8 @@ id,file,description,date,author,type,platform,port 1134,exploits/php/webapps/1134.pl,"MySQL Eventum 1.5.5 - 'login.php' SQL Injection",2005-08-05,"GulfTech Security",webapps,php, 1135,exploits/php/webapps/1135.c,"PHP-Fusion 6.0.106 - BBCode IMG Tag Script Injection",2005-08-05,Easyex,webapps,php, 1140,exploits/php/webapps/1140.php,"Flatnuke 2.5.5 - Remote Code Execution",2005-08-08,rgod,webapps,php, -1142,exploits/php/webapps/1142.php,"WordPress 1.5.1.3 - Remote Code Execution",2005-08-09,Kartoffelguru,webapps,php, -1145,exploits/php/webapps/1145.pm,"WordPress 1.5.1.3 - Remote Code Execution (Metasploit)",2005-08-10,str0ke,webapps,php, +1142,exploits/php/webapps/1142.php,"WordPress Core 1.5.1.3 - Remote Code Execution",2005-08-09,Kartoffelguru,webapps,php, +1145,exploits/php/webapps/1145.pm,"WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)",2005-08-10,str0ke,webapps,php, 1172,exploits/php/webapps/1172.pl,"MyBulletinBoard (MyBB) 1.00 RC4 - 'search.php' SQL Injection",2005-08-22,Alpha_Programmer,webapps,php, 1189,exploits/php/webapps/1189.c,"vBulletin 3.0.8 - Accessible Database Backup Searcher (3)",2005-08-31,str0ke,webapps,php, 1191,exploits/php/webapps/1191.pl,"Simple PHP Blog 0.4.0 - Multiple Remote s",2005-09-01,"Kenneth Belva",webapps,php, @@ -19473,7 +19487,7 @@ id,file,description,date,author,type,platform,port 3090,exploits/php/webapps/3090.txt,"NUNE News Script 2.0pre2 - Multiple Remote File Inclusions",2007-01-06,"Mehmet Ince",webapps,php, 3091,exploits/php/webapps/3091.php,"L2J Statistik Script 0.09 - 'index.php' Local File Inclusion",2007-01-07,Codebreak,webapps,php, 3093,exploits/php/webapps/3093.txt,"AllMyGuests 0.3.0 - 'AMG_serverpath' Remote File Inclusion",2007-01-07,beks,webapps,php, -3095,exploits/php/webapps/3095.py,"WordPress 2.0.5 - Trackback UTF-7 SQL Injection",2007-01-07,"Stefan Esser",webapps,php, +3095,exploits/php/webapps/3095.py,"WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection",2007-01-07,"Stefan Esser",webapps,php, 3096,exploits/php/webapps/3096.txt,"AllMyLinks 0.5.0 - 'index.php' Remote File Inclusion",2007-01-07,GoLd_M,webapps,php, 3097,exploits/php/webapps/3097.txt,"AllMyVisitors 0.4.0 - 'index.php' Remote File Inclusion",2007-01-07,bd0rk,webapps,php, 3100,exploits/php/webapps/3100.txt,"Magic Photo Storage Website - '_config[site_path]' File Inclusion",2007-01-08,k1tk4t,webapps,php, @@ -19482,7 +19496,7 @@ id,file,description,date,author,type,platform,port 3105,exploits/asp/webapps/3105.txt,"MOTIONBORG Web Real Estate 2.1 - SQL Injection",2007-01-09,ajann,webapps,asp, 3106,exploits/php/webapps/3106.txt,"uniForum 4 - 'wbsearch.aspx' SQL Injection",2007-01-09,ajann,webapps,php, 3108,exploits/php/webapps/3108.pl,"Axiom Photo/News Gallery 0.8.6 - Remote File Inclusion",2007-01-09,DeltahackingTEAM,webapps,php, -3109,exploits/php/webapps/3109.php,"WordPress 2.0.6 - 'wp-trackback.php' SQL Injection",2007-01-10,rgod,webapps,php, +3109,exploits/php/webapps/3109.php,"WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection",2007-01-10,rgod,webapps,php, 3113,exploits/php/webapps/3113.txt,"Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion",2007-01-10,irvian,webapps,php, 3114,exploits/php/webapps/3114.txt,"Article System 0.1 - 'INCLUDE_DIR' Remote File Inclusion",2007-01-11,3l3ctric-Cracker,webapps,php, 3115,exploits/asp/webapps/3115.txt,"vp-asp shopping cart 6.09 - SQL Injection / Cross-Site Scripting",2007-01-11,ajann,webapps,asp, @@ -19802,7 +19816,7 @@ id,file,description,date,author,type,platform,port 3646,exploits/php/webapps/3646.pl,"XOOPS Module Zmagazine 1.0 - 'print.php' SQL Injection",2007-04-02,ajann,webapps,php, 3653,exploits/php/webapps/3653.php,"MyBulletinBoard (MyBB) 1.2.3 - Remote Code Execution",2007-04-03,DarkFig,webapps,php, 3655,exploits/php/webapps/3655.html,"XOOPS Module PopnupBlog 2.52 - 'postid' Blind SQL Injection",2007-04-03,ajann,webapps,php, -3656,exploits/php/webapps/3656.pl,"WordPress 2.1.2 - 'xmlrpc' SQL Injection",2007-04-03,"Sumit Siddharth",webapps,php, +3656,exploits/php/webapps/3656.pl,"WordPress Core 2.1.2 - 'xmlrpc' SQL Injection",2007-04-03,"Sumit Siddharth",webapps,php, 3657,exploits/php/webapps/3657.txt,"MySpeach 3.0.7 - Local/Remote File Inclusion",2007-04-03,Xst3nZ,webapps,php, 3658,exploits/php/webapps/3658.html,"phpMyNewsletter 0.6.10 - 'customize.php' Remote File Inclusion",2007-04-04,frog-m@n,webapps,php, 3659,exploits/php/webapps/3659.txt,"AROUNDMe 0.7.7 - Multiple Remote File Inclusions",2007-04-04,kezzap66345,webapps,php, @@ -19998,7 +20012,7 @@ id,file,description,date,author,type,platform,port 3957,exploits/php/webapps/3957.php,"Alstrasoft Live Support 1.21 - Admin Credential Retrieve",2007-05-20,BlackHawk,webapps,php, 3958,exploits/php/webapps/3958.php,"Alstrasoft Template Seller Pro 3.25 - Admin Password Change",2007-05-20,BlackHawk,webapps,php, 3959,exploits/php/webapps/3959.php,"Alstrasoft Template Seller Pro 3.25 - Remote Code Execution",2007-05-20,BlackHawk,webapps,php, -3960,exploits/php/webapps/3960.php,"WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing",2007-05-21,waraxe,webapps,php, +3960,exploits/php/webapps/3960.php,"WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing",2007-05-21,waraxe,webapps,php, 3962,exploits/php/webapps/3962.txt,"Ol BookMarks Manager 0.7.4 - 'root' Remote File Inclusion",2007-05-21,"ThE TiGeR",webapps,php, 3963,exploits/php/webapps/3963.txt,"TutorialCMS 1.01 - Authentication Bypass",2007-05-21,Silentz,webapps,php, 3964,exploits/php/webapps/3964.txt,"Ol BookMarks Manager 0.7.4 - SQL Injection",2007-05-21,"Mehmet Ince",webapps,php, @@ -20038,7 +20052,7 @@ id,file,description,date,author,type,platform,port 4035,exploits/php/webapps/4035.txt,"Comicsense 0.2 - 'index.php?epi' SQL Injection (1)",2007-06-05,s0cratex,webapps,php, 4036,exploits/php/webapps/4036.php,"PBLang 4.67.16.a - Remote Code Execution",2007-06-06,Silentz,webapps,php, 4037,exploits/php/webapps/4037.pl,"Comicsense 0.2 - 'index.php?epi' SQL Injection (2)",2007-06-06,Silentz,webapps,php, -4039,exploits/php/webapps/4039.txt,"WordPress 2.2 - 'xmlrpc.php' SQL Injection",2007-06-06,Slappter,webapps,php, +4039,exploits/php/webapps/4039.txt,"WordPress Core 2.2 - 'xmlrpc.php' SQL Injection",2007-06-06,Slappter,webapps,php, 4040,exploits/asp/webapps/4040.txt,"Kartli Alisveris Sistemi 1.0 - SQL Injection",2007-06-06,kerem125,webapps,asp, 4041,exploits/php/webapps/4041.html,"NewsSync for phpBB 1.5.0rc6 - Remote File Inclusion",2007-06-07,GoLd_M,webapps,php, 4054,exploits/php/webapps/4054.php,"e-Vision CMS 2.02 - SQL Injection / Remote Code Execution",2007-06-08,Silentz,webapps,php, @@ -20083,7 +20097,7 @@ id,file,description,date,author,type,platform,port 4108,exploits/php/webapps/4108.txt,"eDocStore - 'doc.php?doc_id' SQL Injection",2007-06-25,t0pP8uZz,webapps,php, 4111,exploits/php/webapps/4111.txt,"PHPSiteBackup 0.1 - 'pcltar.lib.php' Remote File Inclusion",2007-06-26,GoLd_M,webapps,php, 4112,exploits/php/webapps/4112.txt,"EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion",2007-06-26,g00ns,webapps,php, -4113,exploits/php/webapps/4113.pl,"WordPress 2.2 - 'wp-app.php' Arbitrary File Upload",2007-06-26,"Alexander Concha",webapps,php, +4113,exploits/php/webapps/4113.pl,"WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload",2007-06-26,"Alexander Concha",webapps,php, 4114,exploits/php/webapps/4114.txt,"Elkagroup Image Gallery 1.0 - SQL Injection",2007-06-26,t0pP8uZz,webapps,php, 4115,exploits/php/webapps/4115.txt,"QuickTalk forum 1.3 - 'lang' Local File Inclusion",2007-06-27,Katatafish,webapps,php, 4116,exploits/php/webapps/4116.txt,"QuickTicket 1.2 - 'qti_checkname.php' Local File Inclusion",2007-06-27,Katatafish,webapps,php, @@ -20233,7 +20247,7 @@ id,file,description,date,author,type,platform,port 4390,exploits/php/webapps/4390.txt,"AuraCMS 2.1 - Remote File Attachment / Local File Inclusion",2007-09-10,k1tk4t,webapps,php, 4395,exploits/php/webapps/4395.txt,"NuclearBB Alpha 2 - 'ROOT_PATH' Remote File Inclusion",2007-09-11,"Rootshell Security",webapps,php, 4396,exploits/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusions",2007-09-11,aLiiF,webapps,php, -4397,exploits/php/webapps/4397.rb,"WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",webapps,php, +4397,exploits/php/webapps/4397.rb,"WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities",2007-09-14,"Lance M. Havok",webapps,php, 4400,exploits/php/webapps/4400.txt,"KwsPHP Module jeuxflash 1.0 - 'id' SQL Injection",2007-09-13,Houssamix,webapps,php, 4401,exploits/php/webapps/4401.txt,"Joomla! Component Joomlaradio 5.0 - Remote File Inclusion",2007-09-13,Morgan,webapps,php, 4404,exploits/php/webapps/4404.txt,"GForge < 4.6b2 - 'skill_delete' SQL Injection",2007-09-13,"Sumit Siddharth",webapps,php, @@ -20459,7 +20473,7 @@ id,file,description,date,author,type,platform,port 4714,exploits/php/webapps/4714.pl,"MonAlbum 0.87 - Arbitrary File Upload / Password Grabber",2007-12-10,v0l4arrra,webapps,php, 4718,exploits/php/webapps/4718.rb,"SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection",2007-12-11,Backdoored,webapps,php, 4719,exploits/php/webapps/4719.txt,"Mcms Easy Web Make - 'index.php?template' Local File Inclusion",2007-12-11,MhZ91,webapps,php, -4721,exploits/php/webapps/4721.txt,"WordPress 2.3.1 - Charset SQL Injection",2007-12-11,"Abel Cheung",webapps,php, +4721,exploits/php/webapps/4721.txt,"WordPress Core 2.3.1 - Charset SQL Injection",2007-12-11,"Abel Cheung",webapps,php, 4722,exploits/php/webapps/4722.txt,"ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion",2007-12-11,RoMaNcYxHaCkEr,webapps,php, 4725,exploits/php/webapps/4725.txt,"Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion",2007-12-12,RoMaNcYxHaCkEr,webapps,php, 4726,exploits/php/webapps/4726.txt,"CityWriter 0.9.7 - 'head.php' Remote File Inclusion",2007-12-13,RoMaNcYxHaCkEr,webapps,php, @@ -21239,7 +21253,7 @@ id,file,description,date,author,type,platform,port 5758,exploits/php/webapps/5758.txt,"Galatolo Web Manager 1.0 - Cross-Site Scripting / Local File Inclusion",2008-06-08,StAkeR,webapps,php, 5759,exploits/php/webapps/5759.txt,"Joomla! Component Rapid Recipe 1.6.6/1.6.7 - SQL Injection",2008-06-08,His0k4,webapps,php, 5760,exploits/php/webapps/5760.pl,"Galatolo Web Manager 1.0 - SQL Injection",2008-06-09,Stack,webapps,php, -5761,exploits/php/webapps/5761.pl,"Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection",2008-06-09,"ilker Kandemir",webapps,php, +5761,exploits/php/webapps/5761.pl,"Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection",2008-06-09,"ilker Kandemir",webapps,php, 5762,exploits/php/webapps/5762.txt,"ProManager 0.73 - 'config.php' Local File Inclusion",2008-06-09,Stack,webapps,php, 5763,exploits/asp/webapps/5763.txt,"real estate Web site 1.0 - SQL Injection / Cross-Site Scripting",2008-06-09,JosS,webapps,asp, 5764,exploits/php/webapps/5764.txt,"Telephone Directory 2008 - SQL Injection / Cross-Site Scripting",2008-06-09,"CWH Underground",webapps,php, @@ -21727,7 +21741,7 @@ id,file,description,date,author,type,platform,port 6393,exploits/php/webapps/6393.pl,"MemHT Portal 3.9.0 - Remote Create Shell",2008-09-06,Ams,webapps,php, 6395,exploits/php/webapps/6395.txt,"Masir Camp E-Shop Module 3.0 - 'ordercode' SQL Injection",2008-09-07,BugReport.IR,webapps,php, 6396,exploits/php/webapps/6396.txt,"Alstrasoft Forum - 'cat' SQL Injection",2008-09-07,r45c4l,webapps,php, -6397,exploits/php/webapps/6397.txt,"WordPress 2.6.1 - SQL Column Truncation",2008-09-07,irk4z,webapps,php, +6397,exploits/php/webapps/6397.txt,"WordPress Core 2.6.1 - SQL Column Truncation",2008-09-07,irk4z,webapps,php, 6398,exploits/php/webapps/6398.txt,"E-Shop Shopping Cart Script - 'search_results.php' SQL Injection",2008-09-07,Mormoroth,webapps,php, 6401,exploits/php/webapps/6401.txt,"Alstrasoft Forum - 'catid' SQL Injection",2008-09-09,r45c4l,webapps,php, 6402,exploits/php/webapps/6402.txt,"Stash 1.0.3 - Multiple SQL Injections",2008-09-09,"Khashayar Fereidani",webapps,php, @@ -21745,7 +21759,7 @@ id,file,description,date,author,type,platform,port 6417,exploits/php/webapps/6417.txt,"AvailScript Jobs Portal Script - 'jid' SQL Injection",2008-09-10,InjEctOr5,webapps,php, 6419,exploits/php/webapps/6419.txt,"Zanfi CMS lite 2.1 / Jaw Portal free - 'FCKeditor' Arbitrary File Upload",2008-09-10,reptil,webapps,php, 6420,exploits/asp/webapps/6420.txt,"aspwebalbum 3.2 - Multiple Vulnerabilities",2008-09-10,e.wiZz!,webapps,asp, -6421,exploits/php/webapps/6421.php,"WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)",2008-09-10,iso^kpsbr,webapps,php, +6421,exploits/php/webapps/6421.php,"WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)",2008-09-10,iso^kpsbr,webapps,php, 6422,exploits/php/webapps/6422.txt,"PHPVID 1.1 - Cross-Site Scripting / SQL Injection",2008-09-10,r45c4l,webapps,php, 6423,exploits/php/webapps/6423.txt,"Zanfi CMS lite / Jaw Portal free - 'page' SQL Injection",2008-09-10,Cru3l.b0y,webapps,php, 6425,exploits/php/webapps/6425.txt,"PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion",2008-09-11,"Khashayar Fereidani",webapps,php, @@ -23668,7 +23682,7 @@ id,file,description,date,author,type,platform,port 9246,exploits/php/webapps/9246.txt,"Basilic 1.5.13 - 'index.php?idAuthor' SQL Injection",2009-07-24,NoGe,webapps,php, 9248,exploits/php/webapps/9248.txt,"SaphpLesson 4.0 - Authentication Bypass",2009-07-24,SwEET-DeViL,webapps,php, 9249,exploits/php/webapps/9249.txt,"XOOPS Celepar Module Qas - 'codigo' SQL Injection",2009-07-24,s4r4d0,webapps,php, -9250,exploits/php/webapps/9250.sh,"WordPress 2.8.1 - 'url' Cross-Site Scripting",2009-07-24,superfreakaz0rz,webapps,php, +9250,exploits/php/webapps/9250.sh,"WordPress Core 2.8.1 - 'url' Cross-Site Scripting",2009-07-24,superfreakaz0rz,webapps,php, 9251,exploits/php/webapps/9251.txt,"Deonixscripts Templates Management 1.3 - SQL Injection",2009-07-24,d3b4g,webapps,php, 9252,exploits/php/webapps/9252.txt,"Scripteen Free Image Hosting Script 2.3 - SQL Injection",2009-07-24,Coksnuss,webapps,php, 9254,exploits/php/webapps/9254.txt,"PHP Live! 3.2.2 - 'questid' SQL Injection (2)",2009-07-24,skys,webapps,php, @@ -23771,7 +23785,7 @@ id,file,description,date,author,type,platform,port 9406,exploits/php/webapps/9406.txt,"Mini-CMS 1.0.1 - 'page.php' SQL Injection",2009-08-10,Ins3t,webapps,php, 9407,exploits/php/webapps/9407.txt,"CMS Made Simple 1.6.2 - Local File Disclosure",2009-08-10,IHTeam,webapps,php, 9408,exploits/php/webapps/9408.php,"Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection",2009-08-10,"ilker Kandemir",webapps,php, -9410,exploits/php/webapps/9410.txt,"WordPress 2.8.3 - Remote Admin Reset Password",2009-08-11,"laurent gaffié",webapps,php, +9410,exploits/php/webapps/9410.txt,"WordPress Core 2.8.3 - Remote Admin Reset Password",2009-08-11,"laurent gaffié",webapps,php, 9413,exploits/php/webapps/9413.txt,"Joomla! Component idoblog 1.1b30 (com_idoblog) - SQL Injection",2009-08-11,kkr,webapps,php, 9416,exploits/php/webapps/9416.txt,"OCS Inventory NG 1.2.1 - 'systemid' SQL Injection",2009-08-11,"Guilherme Marinheiro",webapps,php, 9419,exploits/php/webapps/9419.txt,"Shorty 0.7.1b - (Authentication Bypass) Insecure Cookie Handling",2009-08-12,"Pedro Laguna",webapps,php, @@ -24026,8 +24040,8 @@ id,file,description,date,author,type,platform,port 33428,exploits/windows/webapps/33428.py,"SafeNet Sentinel Protection Server 7.0 < 7.4 / Sentinel Keys Server 1.0.3 < 1.0.4 - Directory Traversal",2014-05-19,"Matt Schmidt",webapps,windows,7002 10082,exploits/php/webapps/10082.txt,"PBBoard 2.0.2 - Full Path Disclosure",2009-10-06,rUnViRuS,webapps,php, 10085,exploits/jsp/webapps/10085.txt,"toutvirtual virtualiq pro 3.2 - Multiple Vulnerabilities",2009-11-07,"Alberto Trivero",webapps,jsp, -10088,exploits/php/webapps/10088.txt,"WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass",2009-11-10,"Fernando Arnaboldi",webapps,php, -10089,exploits/php/webapps/10089.txt,"WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution",2009-11-11,"Dawid Golunski",webapps,php, +10088,exploits/php/webapps/10088.txt,"WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass",2009-11-10,"Fernando Arnaboldi",webapps,php, +10089,exploits/php/webapps/10089.txt,"WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution",2009-11-11,"Dawid Golunski",webapps,php, 10090,exploits/php/webapps/10090.txt,"WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting",2009-11-10,"Juan Galiana Lara",webapps,php, 10094,exploits/jsp/webapps/10094.txt,"IBM Rational RequisitePro 7.10 / ReqWebHelp - Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,IBM,webapps,jsp, 10096,exploits/php/webapps/10096.txt,"OS Commerce 2.2r2 - Authentication Bypass",2009-11-13,"Stuart Udall",webapps,php, @@ -24745,7 +24759,7 @@ id,file,description,date,author,type,platform,port 11436,exploits/php/webapps/11436.txt,"WSN Guest 1.02 - 'orderlinks' SQL Injection",2010-02-13,Gamoscu,webapps,php, 11437,exploits/php/webapps/11437.txt,"ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion",2010-02-13,ViRuSMaN,webapps,php, 11440,exploits/php/webapps/11440.txt,"InterTech Co 1.0 - SQL Injection",2010-02-13,Red-D3v1L,webapps,php, -11441,exploits/php/webapps/11441.txt,"WordPress 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,webapps,php, +11441,exploits/php/webapps/11441.txt,"WordPress Core 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,webapps,php, 11442,exploits/php/webapps/11442.txt,"PHP PEAR 1.9.0 - Multiple Remote File Inclusions",2010-02-14,eidelweiss,webapps,php, 11443,exploits/php/webapps/11443.txt,"Calendarix 0.8.20071118 - SQL Injection",2010-02-14,Thibow,webapps,php, 11444,exploits/php/webapps/11444.txt,"ShortCMS 1.2.0 - SQL Injection",2010-02-14,Thibow,webapps,php, @@ -25143,7 +25157,7 @@ id,file,description,date,author,type,platform,port 12082,exploits/php/webapps/12082.txt,"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, 12083,exploits/php/webapps/12083.txt,"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, 12084,exploits/php/webapps/12084.txt,"Joomla! Component Juke Box 1.7 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, -12085,exploits/php/webapps/12085.txt,"Joomla! Component Joomla Flickr 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, +12085,exploits/php/webapps/12085.txt,"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, 12086,exploits/php/webapps/12086.txt,"Joomla! Component Highslide 1.5 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, 12087,exploits/php/webapps/12087.txt,"Joomla! Component Fabrik 2.0 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, 12088,exploits/php/webapps/12088.txt,"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion",2010-04-06,AntiSecurity,webapps,php, @@ -25363,7 +25377,7 @@ id,file,description,date,author,type,platform,port 12436,exploits/php/webapps/12436.txt,"Pligg CMS 1.0.4 - 'story.php' SQL Injection",2010-04-28,"Don Tukulesto",webapps,php, 12438,exploits/php/webapps/12438.txt,"SoftBizScripts Dating Script - SQL Injection",2010-04-28,41.w4r10r,webapps,php, 12439,exploits/php/webapps/12439.txt,"SoftBizScripts Hosting Script - SQL Injection",2010-04-28,41.w4r10r,webapps,php, -12440,exploits/php/webapps/12440.txt,"Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection",2010-04-28,Manas58,webapps,php, +12440,exploits/php/webapps/12440.txt,"Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection",2010-04-28,Manas58,webapps,php, 12441,exploits/php/webapps/12441.html,"gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin)",2010-04-28,"Giuseppe 'giudinvx' D'Inverno",webapps,php, 12442,exploits/php/webapps/12442.txt,"GeneShop 5.1.1 - SQL Injection",2010-04-28,41.w4r10r,webapps,php, 12443,exploits/php/webapps/12443.txt,"Modelbook - 'casting_view.php' SQL Injection",2010-04-28,v3n0m,webapps,php, @@ -25991,7 +26005,7 @@ id,file,description,date,author,type,platform,port 14283,exploits/asp/webapps/14283.txt,"ClickGallery Server - SQL Injection",2010-07-08,SONIC,webapps,asp, 14284,exploits/asp/webapps/14284.txt,"i-Gallery - Multiple Vulnerabilities",2010-07-08,SONIC,webapps,asp, 14289,exploits/php/webapps/14289.html,"b2evolution 3.3.3 - Cross-Site Request Forgery",2010-07-09,saudi0hacker,webapps,php, -14293,exploits/php/webapps/14293.txt,"Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,webapps,php, +14293,exploits/php/webapps/14293.txt,"Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting",2010-07-09,Sid3^effects,webapps,php, 14291,exploits/php/webapps/14291.txt,"Joomla! Component IXXO Cart - SQL Injection",2010-07-09,Sid3^effects,webapps,php, 14434,exploits/php/webapps/14434.txt,"Joomla! Component com_jomtube - 'user_id' Blind SQL Injection",2010-07-22,SixP4ck3r,webapps,php, 14312,exploits/php/webapps/14312.txt,"Joomla! Component redSHOP 1.0 - 'pid' SQL Injection",2010-07-10,v3n0m,webapps,php, @@ -26216,7 +26230,7 @@ id,file,description,date,author,type,platform,port 14891,exploits/php/webapps/14891.txt,"PHP Classifieds ADS - 'sid' Blind SQL Injection",2010-09-04,"BorN To K!LL",webapps,php, 14893,exploits/php/webapps/14893.txt,"PHP Classifieds 7.3 - Remote File Inclusion",2010-09-04,alsa7r,webapps,php, 14894,exploits/php/webapps/14894.py,"A-Blog 2.0 - '/sources/search.php' SQL Injection",2010-09-05,"Ptrace Security",webapps,php, -14896,exploits/php/webapps/14896.txt,"Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion",2010-09-05,LoSt.HaCkEr,webapps,php, +14896,exploits/php/webapps/14896.txt,"Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion",2010-09-05,LoSt.HaCkEr,webapps,php, 14897,exploits/php/webapps/14897.txt,"ChillyCMS 1.1.3 - Multiple Vulnerabilities",2010-09-05,AmnPardaz,webapps,php, 14898,exploits/asp/webapps/14898.txt,"ifnuke - Multiple Vulnerabilities",2010-09-05,Abysssec,webapps,asp, 14901,exploits/php/webapps/14901.txt,"Joomla! Component Clantools 1.5 - Blind SQL Injection",2010-09-05,Solidmedia,webapps,php, @@ -26562,7 +26576,7 @@ id,file,description,date,author,type,platform,port 15681,exploits/asp/webapps/15681.txt,"ASPSiteWare JobPost 1.0 - SQL Injection",2010-12-04,R4dc0re,webapps,asp, 15682,exploits/asp/webapps/15682.txt,"ASPSiteWare ASP Gallery 1.0 - SQL Injection",2010-12-04,R4dc0re,webapps,asp, 15683,exploits/asp/webapps/15683.txt,"ASPSiteWare Contact Directory 1.0 - SQL Injection",2010-12-04,R4dc0re,webapps,asp, -15684,exploits/php/webapps/15684.txt,"WordPress 3.0.1 - 'do_trackbacks()' SQL Injection",2010-12-05,M4g,webapps,php, +15684,exploits/php/webapps/15684.txt,"WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection",2010-12-05,M4g,webapps,php, 15685,exploits/php/webapps/15685.html,"PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery",2010-12-05,FreWaL,webapps,php, 15686,exploits/asp/webapps/15686.txt,"Gatesoft Docusafe 4.1.0 - SQL Injection",2010-12-05,R4dc0re,webapps,asp, 15687,exploits/asp/webapps/15687.txt,"Ecommercemax Solutions Digital Goods Seller - SQL Injection",2010-12-05,R4dc0re,webapps,asp, @@ -26659,7 +26673,7 @@ id,file,description,date,author,type,platform,port 15853,exploits/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection",2010-12-29,kalashnikov,webapps,php, 15856,exploits/php/webapps/15856.php,"TYPO3 - Arbitrary File Retrieval",2010-12-29,ikki,webapps,php, 15857,exploits/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,webapps,php, -15858,exploits/php/webapps/15858.txt,"WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)",2010-12-29,Saif,webapps,php, +15858,exploits/php/webapps/15858.txt,"WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)",2010-12-29,Saif,webapps,php, 15863,exploits/php/webapps/15863.txt,"LightNEasy 3.2.2 - Multiple Vulnerabilities",2010-12-29,"High-Tech Bridge SA",webapps,php, 15864,exploits/php/webapps/15864.txt,"Ignition 1.3 - 'page.php' Local File Inclusion",2010-12-30,cOndemned,webapps,php, 15865,exploits/php/webapps/15865.php,"Ignition 1.3 - Remote Code Execution",2010-12-30,cOndemned,webapps,php, @@ -26851,7 +26865,7 @@ id,file,description,date,author,type,platform,port 16892,exploits/php/webapps/16892.rb,"TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)",2010-07-03,Metasploit,webapps,php, 16893,exploits/cgi/webapps/16893.rb,"Barracuda - IMG.pl Remote Command Execution (Metasploit)",2010-04-30,Metasploit,webapps,cgi, 16894,exploits/php/webapps/16894.rb,"TWiki - Search Function Arbitrary Command Execution (Metasploit)",2010-07-03,Metasploit,webapps,php, -16895,exploits/php/webapps/16895.rb,"WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)",2010-07-03,Metasploit,webapps,php, +16895,exploits/php/webapps/16895.rb,"WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)",2010-07-03,Metasploit,webapps,php, 16896,exploits/php/webapps/16896.rb,"vBulletin - 'misc.php' Template Name Arbitrary Code Execution (Metasploit)",2010-07-25,Metasploit,webapps,php, 16897,exploits/php/webapps/16897.rb,"BASE - 'base_qry_common' Remote File Inclusion (Metasploit)",2010-11-24,Metasploit,webapps,php, 16899,exploits/php/webapps/16899.rb,"osCommerce 2.2 - Arbitrary PHP Code Execution (Metasploit)",2010-07-03,Metasploit,webapps,php, @@ -27098,7 +27112,7 @@ id,file,description,date,author,type,platform,port 17453,exploits/php/webapps/17453.txt,"WordPress Plugin Beer Recipes 1.0 - Cross-Site Scripting",2011-06-26,TheUzuki.',webapps,php, 17457,exploits/php/webapps/17457.txt,"rgboard 4.2.1 - SQL Injection",2011-06-28,hamt0ry,webapps,php, 17464,exploits/php/webapps/17464.txt,"Joomla! Component mDigg 2.2.8 - SQL Injection",2011-07-01,"Caddy Dz",webapps,php, -17465,exploits/php/webapps/17465.txt,"WordPress 3.1.3 - SQL Injection",2011-07-01,"SEC Consult",webapps,php, +17465,exploits/php/webapps/17465.txt,"WordPress Core 3.1.3 - SQL Injection",2011-07-01,"SEC Consult",webapps,php, 17466,exploits/php/webapps/17466.txt,"Ollance Member Login Script - Multiple Vulnerabilities",2011-07-01,"$#4d0\/\/[r007k17]",webapps,php, 17472,exploits/asp/webapps/17472.txt,"DmxReady Catalog Manager 1.2 - SQL Injection",2011-07-03,Bellatrix,webapps,asp, 17475,exploits/asp/webapps/17475.txt,"DmxReady News Manager 1.2 - SQL Injection",2011-07-03,Bellatrix,webapps,asp, @@ -27529,7 +27543,7 @@ id,file,description,date,author,type,platform,port 18413,exploits/php/webapps/18413.txt,"SpamTitan Application 5.08x - SQL Injection",2012-01-23,Vulnerability-Lab,webapps,php, 18701,exploits/php/webapps/18701.txt,"phpPaleo - Local File Inclusion",2012-04-04,"Mark Stanislav",webapps,php, 18416,exploits/jsp/webapps/18416.txt,"stoneware webnetwork6 - Multiple Vulnerabilities",2012-01-24,"Jacob Holcomb",webapps,jsp, -18417,exploits/php/webapps/18417.txt,"WordPress 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",webapps,php, +18417,exploits/php/webapps/18417.txt,"WordPress Core 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",webapps,php, 18418,exploits/php/webapps/18418.html,"VR GPub 4.0 - Cross-Site Request Forgery",2012-01-26,Cyber-Crystal,webapps,php, 18419,exploits/php/webapps/18419.html,"phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting",2012-01-26,Cyber-Crystal,webapps,php, 18422,exploits/php/webapps/18422.txt,"Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections",2012-01-26,Cyber-Crystal,webapps,php, @@ -27683,7 +27697,7 @@ id,file,description,date,author,type,platform,port 18787,exploits/php/webapps/18787.txt,"WordPress Plugin Zingiri Web Shop 2.4.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-26,"Mehmet Ince",webapps,php, 18797,exploits/linux/webapps/18797.rb,"WebCalendar 1.2.4 - Remote Code Injection (Metasploit)",2012-04-29,Metasploit,webapps,linux, 18798,exploits/php/webapps/18798.txt,"Soco CMS - Local File Inclusion",2012-04-29,"BHG Security Center",webapps,php, -18791,exploits/php/webapps/18791.txt,"WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-04-27,"Ivano Binetti",webapps,php, +18791,exploits/php/webapps/18791.txt,"WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities",2012-04-27,"Ivano Binetti",webapps,php, 18793,exploits/php/webapps/18793.txt,"Axous 1.1.0 - SQL Injection",2012-04-27,"H4ckCity Secuirty TeaM",webapps,php, 18800,exploits/php/webapps/18800.txt,"Alienvault Open Source SIEM (OSSIM) 3.1 - Multiple Vulnerabilities",2012-04-29,"Stefan Schurtz",webapps,php, 18801,exploits/php/webapps/18801.txt,"Car Portal CMS 3.0 - Multiple Vulnerabilities",2012-04-30,Vulnerability-Lab,webapps,php, @@ -28172,6 +28186,7 @@ id,file,description,date,author,type,platform,port 21587,exploits/cgi/webapps/21587.txt,"BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting",2002-07-01,"Mark Rowe",webapps,cgi, 21588,exploits/cgi/webapps/21588.txt,"BlackBoard 5.0 - Cross-Site Scripting",2002-07-01,"Berend-Jan Wever",webapps,cgi, 21590,exploits/php/webapps/21590.txt,"phpAuction 1/2 - Unauthorized Administrative Access",2002-07-02,ethx,webapps,php, +21605,exploits/windows/webapps/21605.txt,"Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting",2002-07-10,"Matt Moore",webapps,windows, 21609,exploits/cgi/webapps/21609.txt,"Fluid Dynamics Search Engine 2.0 - Cross-Site Scripting",2002-07-10,VALDEUX,webapps,cgi, 21610,exploits/php/webapps/21610.txt,"Sun i-Runbook 2.5.2 - Directory and File Content Disclosure",2002-07-11,JWC,webapps,php, 21617,exploits/cgi/webapps/21617.txt,"IMHO Webmail 0.9x - Account Hijacking",2002-07-15,"Security Bugware",webapps,cgi, @@ -28729,7 +28744,7 @@ id,file,description,date,author,type,platform,port 23206,exploits/php/webapps/23206.txt,"DCP-Portal 5.5 - 'lostpassword.php?email' SQL Injection",2003-10-01,"Lifo Fifo",webapps,php, 23207,exploits/php/webapps/23207.txt,"Atrise Everyfind 5.0.2 - search Cross-Site Scripting",2003-10-01,Ezhilan,webapps,php, 23208,exploits/php/webapps/23208.txt,"mpnews pro 2.1.0.18 - Directory Traversal Information Disclosure",2003-10-01,"Gama Sec",webapps,php, -23213,exploits/php/webapps/23213.txt,"WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",webapps,php, +23213,exploits/php/webapps/23213.txt,"WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection",2003-10-03,"Seth Woolley",webapps,php, 23214,exploits/cgi/webapps/23214.txt,"Sun Cobalt RaQ 1.1/2.0/3.0/4.0 - 'Message.cgi' Cross-Site Scripting",2003-10-03,"Lorenzo Hernandez Garcia-Hierro",webapps,cgi, 23217,exploits/cgi/webapps/23217.txt,"Divine Content Server 5.0 - Error Page Cross-Site Scripting",2003-10-03,valgasu,webapps,cgi, 23218,exploits/php/webapps/23218.txt,"EternalMart Mailing List Manager 1.32 - Remote File Inclusion",2003-10-04,frog,webapps,php, @@ -29382,12 +29397,12 @@ id,file,description,date,author,type,platform,port 24629,exploits/php/webapps/24629.txt,"CosCMS 1.721 - OS Command Injection",2013-03-07,"High-Tech Bridge SA",webapps,php, 24630,exploits/cgi/webapps/24630.txt,"mnoGoSearch 3.3.12 (search.cgi) - Arbitrary File Read",2013-03-07,"Sergey Bobrov",webapps,cgi, 24638,exploits/php/webapps/24638.txt,"@lexPHPTeam @lex Guestbook 3.12 - PHP Remote File Inclusion",2004-09-27,"Himeur Nourredine",webapps,php, -24641,exploits/php/webapps/24641.txt,"WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, -24642,exploits/php/webapps/24642.txt,"WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, -24643,exploits/php/webapps/24643.txt,"WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, -24644,exploits/php/webapps/24644.txt,"WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, -24645,exploits/php/webapps/24645.txt,"WordPress 1.2 - 'edit.php?s' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, -24646,exploits/php/webapps/24646.txt,"WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, +24641,exploits/php/webapps/24641.txt,"WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, +24642,exploits/php/webapps/24642.txt,"WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, +24643,exploits/php/webapps/24643.txt,"WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, +24644,exploits/php/webapps/24644.txt,"WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, +24645,exploits/php/webapps/24645.txt,"WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting",2004-09-28,"Thomas Waldegger",webapps,php, +24646,exploits/php/webapps/24646.txt,"WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities",2004-09-28,"Thomas Waldegger",webapps,php, 24647,exploits/php/webapps/24647.txt,"Parachat 5.5 - Directory Traversal",2004-09-28,"Donato Ferrante",webapps,php, 24648,exploits/php/webapps/24648.txt,"W-Agora 4.1.6 - 'a redir_url.php?key' SQL Injection",2004-09-30,"Alexander Antipov",webapps,php, 24649,exploits/php/webapps/24649.txt,"W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting",2004-09-30,"Alexander Antipov",webapps,php, @@ -29404,7 +29419,7 @@ id,file,description,date,author,type,platform,port 24664,exploits/php/webapps/24664.txt,"DCP-Portal 3.7/4.x/5.x - Multiple HTML Injection Vulnerabilities",2004-10-06,"Alexander Antipov",webapps,php, 24665,exploits/php/webapps/24665.txt,"DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting",2004-10-06,"Alexander Antipov",webapps,php, 24666,exploits/asp/webapps/24666.txt,"Microsoft ASP.NET 1.x - URI Canonicalization Unauthorized Web Access",2004-10-06,anonymous,webapps,asp, -24667,exploits/php/webapps/24667.txt,"WordPress 1.2 - 'wp-login.php' HTTP Response Splitting",2004-10-07,"Chaotic Evil",webapps,php, +24667,exploits/php/webapps/24667.txt,"WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting",2004-10-07,"Chaotic Evil",webapps,php, 24670,exploits/asp/webapps/24670.txt,"Go Smart Inc GoSmart Message Board - Multiple Input Validation Vulnerabilities",2004-10-11,"Positive Technologies",webapps,asp, 24671,exploits/asp/webapps/24671.txt,"DUclassified 4.x - 'adDetail.asp' Multiple SQL Injections",2004-10-11,"Soroosh Dalili",webapps,asp, 24672,exploits/asp/webapps/24672.txt,"DUclassmate 1.x - 'account.asp?MM-recordId' Arbitrary Password Modification",2004-10-11,"Soroosh Dalili",webapps,asp, @@ -29552,12 +29567,12 @@ id,file,description,date,author,type,platform,port 25089,exploits/php/webapps/25089.txt,"PHP-Fusion 4.0 - 'Viewthread.php' Information Disclosure",2005-02-08,TheGreatOne2176,webapps,php, 24986,exploits/cgi/webapps/24986.txt,"IkonBoard 3.x - Multiple SQL Injections",2004-12-16,anonymous,webapps,cgi, 24987,exploits/php/webapps/24987.txt,"JSBoard 2.0.x - Arbitrary Script Upload",2004-12-16,"Jeremy Bae",webapps,php, -24988,exploits/php/webapps/24988.txt,"WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, -24989,exploits/php/webapps/24989.txt,"WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, -24990,exploits/php/webapps/24990.txt,"WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",webapps,php, -24991,exploits/php/webapps/24991.txt,"WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, -24992,exploits/php/webapps/24992.txt,"WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",webapps,php, -24993,exploits/php/webapps/24993.txt,"WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, +24988,exploits/php/webapps/24988.txt,"WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, +24989,exploits/php/webapps/24989.txt,"WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, +24990,exploits/php/webapps/24990.txt,"WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",webapps,php, +24991,exploits/php/webapps/24991.txt,"WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, +24992,exploits/php/webapps/24992.txt,"WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities",2004-12-16,"Thomas Waldegger",webapps,php, +24993,exploits/php/webapps/24993.txt,"WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting",2004-12-16,"Thomas Waldegger",webapps,php, 24994,exploits/php/webapps/24994.txt,"MediaWiki 1.3.x - Arbitrary Script Upload",2004-12-16,"Jeremy Bae",webapps,php, 25184,exploits/php/webapps/25184.txt,"ProjectBB 0.4.5.1 - Multiple SQL Injections",2005-03-02,"benji lemien",webapps,php, 25185,exploits/php/webapps/25185.txt,"D-Forum 1.11 - 'Nav.php3' Cross-Site Scripting",2005-03-03,benjilenoob,webapps,php, @@ -30008,7 +30023,7 @@ id,file,description,date,author,type,platform,port 25678,exploits/php/webapps/25678.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_mitgraf.php?year' SQL Injection",2005-05-16,deluxe@security-project.org,webapps,php, 25679,exploits/php/webapps/25679.txt,"JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_sponsor.php?id' SQL Injection",2005-05-16,deluxe@security-project.org,webapps,php, 25681,exploits/php/webapps/25681.php,"Fusionphp Fusion News 3.3/3.6 - X-Forworded-For PHP Script Code Injection",2005-05-24,"Network security team",webapps,php, -25682,exploits/php/webapps/25682.txt,"WordPress 1.5 - 'post.php' Cross-Site Scripting",2005-05-17,"Thomas Waldegger",webapps,php, +25682,exploits/php/webapps/25682.txt,"WordPress Core 1.5 - 'post.php' Cross-Site Scripting",2005-05-17,"Thomas Waldegger",webapps,php, 25683,exploits/php/webapps/25683.txt,"HelpCenter Live! 1.0/1.2.x - Multiple Input Validation Vulnerabilities",2005-05-24,"GulfTech Security",webapps,php, 25685,exploits/jsp/webapps/25685.txt,"Sun JavaMail 1.3 - API MimeMessage Infromation Disclosure",2005-05-19,"Ricky Latt",webapps,jsp, 25686,exploits/php/webapps/25686.txt,"PHP Advanced Transfer Manager 1.21 - Arbitrary File Inclusion",2005-05-19,"Ingvar Gilbert",webapps,php, @@ -31219,7 +31234,7 @@ id,file,description,date,author,type,platform,port 27224,exploits/php/webapps/27224.txt,"dotProject 2.0 - '/modules/public/date_format.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,webapps,php, 27225,exploits/php/webapps/27225.txt,"dotProject 2.0 - '/modules/tasks/gantt.php?baseDir' Remote File Inclusion",2006-02-14,r.verton,webapps,php, 27226,exploits/php/webapps/27226.txt,"RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection",2006-02-14,"Hamid Ebadi",webapps,php, -27227,exploits/php/webapps/27227.txt,"WordPress 2.0 - Comment Post HTML Injection",2006-02-15,imei,webapps,php, +27227,exploits/php/webapps/27227.txt,"WordPress Core 2.0 - Comment Post HTML Injection",2006-02-15,imei,webapps,php, 27228,exploits/php/webapps/27228.txt,"Mantis Bug Tracker 0.x/1.0 - 'view_all_set.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-15,"Thomas Waldegger",webapps,php, 27229,exploits/php/webapps/27229.txt,"Mantis Bug Tracker 0.x/1.0 - 'manage_user_page.php?sort' Cross-Site Scripting",2006-02-15,"Thomas Waldegger",webapps,php, 27230,exploits/php/webapps/27230.txt,"My Blog 1.63 - BBCode HTML Injection",2006-02-15,"Aliaksandr Hartsuyeu",webapps,php, @@ -32471,7 +32486,7 @@ id,file,description,date,author,type,platform,port 28977,exploits/ios/webapps/28977.txt,"UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,webapps,ios, 28978,exploits/ios/webapps/28978.txt,"Apple iOS 7.0.2 - Sim Lock Screen Display Bypass",2013-10-15,Vulnerability-Lab,webapps,ios, 28979,exploits/linux/webapps/28979.txt,"DornCMS Application 1.4 - Multiple Web Vulnerabilities",2013-10-15,Vulnerability-Lab,webapps,linux, -28980,exploits/php/webapps/28980.txt,"WordPress 2.0.5 - 'functions.php' Remote File Inclusion",2006-11-11,_ANtrAX_,webapps,php, +28980,exploits/php/webapps/28980.txt,"WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion",2006-11-11,_ANtrAX_,webapps,php, 28982,exploits/php/webapps/28982.txt,"cPanel 10 - 'seldir.html?dir' Cross-Site Scripting",2006-11-13,"Aria-Security Team",webapps,php, 28983,exploits/php/webapps/28983.txt,"cPanel 10 - 'newuser.html' Multiple Cross-Site Scripting Vulnerabilities",2006-11-13,"Aria-Security Team",webapps,php, 28985,exploits/asp/webapps/28985.txt,"20/20 Real Estate 3.2 - 'listings.asp' SQL Injection",2006-11-14,"Aria-Security Team",webapps,asp, @@ -32749,7 +32764,7 @@ id,file,description,date,author,type,platform,port 29376,exploits/php/webapps/29376.txt,"VCard Pro - 'gbrowse.php' Cross-Site Scripting",2007-01-02,exexp,webapps,php, 29354,exploits/php/webapps/29354.txt,"pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting",2013-11-01,Vulnerability-Lab,webapps,php, 29474,exploits/php/webapps/29474.txt,"Scriptme SmE 1.21 - File Mailer Login SQL Injection",2007-01-16,CorryL,webapps,php, -29356,exploits/php/webapps/29356.txt,"WordPress 1.x/2.0.x - 'template.php' HTML Injection",2006-12-27,"David Kierznowski",webapps,php, +29356,exploits/php/webapps/29356.txt,"WordPress Core 1.x/2.0.x - 'template.php' HTML Injection",2006-12-27,"David Kierznowski",webapps,php, 29357,exploits/asp/webapps/29357.txt,"Hosting Controller 7C - 'FolderManager.aspx' Directory Traversal",2006-12-27,KAPDA,webapps,asp, 29358,exploits/asp/webapps/29358.txt,"DMXReady Secure Login Manager 1.0 - 'login.asp?sent' SQL Injection",2006-12-27,Doz,webapps,asp, 29359,exploits/asp/webapps/29359.txt,"DMXReady Secure Login Manager 1.0 - 'content.asp?sent' SQL Injection",2006-12-27,Doz,webapps,asp, @@ -32886,7 +32901,7 @@ id,file,description,date,author,type,platform,port 29518,exploits/hardware/webapps/29518.txt,"Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities",2013-11-08,"Oz Elisyan",webapps,hardware,80 29519,exploits/php/webapps/29519.txt,"Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2)",2013-11-08,"Marcela Benetrix",webapps,php,80 29521,exploits/php/webapps/29521.txt,"Virtual Host Administrator 0.1 - Modules_Dir Remote File Inclusion",2007-01-24,"Dr Max Virus",webapps,php, -29522,exploits/php/webapps/29522.py,"WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure",2007-01-24,"Blake Matheny",webapps,php, +29522,exploits/php/webapps/29522.py,"WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure",2007-01-24,"Blake Matheny",webapps,php, 29525,exploits/php/webapps/29525.txt,"WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload",2013-11-10,DevilScreaM,webapps,php, 29529,exploits/php/webapps/29529.txt,"PHP Membership Manager 1.5 - 'admin.php' Cross-Site Scripting",2007-01-26,Doz,webapps,php, 29530,exploits/php/webapps/29530.txt,"FD Script 1.3.x - 'FName' Information Disclosure",2007-01-26,ajann,webapps,php, @@ -32899,8 +32914,8 @@ id,file,description,date,author,type,platform,port 29679,exploits/php/webapps/29679.html,"PHPBB2 - 'Admin_Ug_Auth.php' Administrative Bypass",2007-02-26,"Hasadya Raed",webapps,php, 29680,exploits/php/webapps/29680.html,"SQLiteManager 1.2 - 'main.php' Multiple HTML Injection Vulnerabilities",2007-02-26,"Simon Bonnard",webapps,php, 29681,exploits/php/webapps/29681.txt,"Pagesetter 6.2/6.3.0 - 'index.php' Local File Inclusion",2007-02-26,"D. Matscheko",webapps,php, -29682,exploits/php/webapps/29682.txt,"WordPress 2.1.1 - 'post.php' Cross-Site Scripting",2007-02-26,Samenspender,webapps,php, -29684,exploits/php/webapps/29684.txt,"WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-02-27,"Stefan Friedli",webapps,php, +29682,exploits/php/webapps/29682.txt,"WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting",2007-02-26,Samenspender,webapps,php, +29684,exploits/php/webapps/29684.txt,"WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-02-27,"Stefan Friedli",webapps,php, 29544,exploits/php/webapps/29544.txt,"Juniper Junos J-Web - Privilege Escalation",2013-11-12,"Sense of Security",webapps,php, 36816,exploits/php/webapps/36816.php,"Open-Letters - Remote PHP Code Injection",2015-04-22,"TUNISIAN CYBER",webapps,php,80 29811,exploits/jsp/webapps/29811.txt,"Atlassian JIRA 3.4.2 - IssueNavigator.JSPA Cross-Site Scripting",2007-04-02,syniack,webapps,jsp, @@ -32940,7 +32955,7 @@ id,file,description,date,author,type,platform,port 29593,exploits/php/webapps/29593.txt,"Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/wordfilter.php?Admin' Remote File Inclusion",2007-02-12,K-159,webapps,php, 29596,exploits/asp/webapps/29596.txt,"EWay 4 - Default.APSX Cross-Site Scripting",2007-02-12,"BLacK ZeRo",webapps,asp, 29597,exploits/asp/webapps/29597.txt,"Community Server - 'SearchResults.aspx' Cross-Site Scripting",2007-02-12,BL4CK,webapps,asp, -29598,exploits/php/webapps/29598.txt,"WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting",2007-02-12,PsychoGun,webapps,php, +29598,exploits/php/webapps/29598.txt,"WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting",2007-02-12,PsychoGun,webapps,php, 29599,exploits/php/webapps/29599.txt,"TaskFreak! 0.5.5 - 'error.php' Cross-Site Scripting",2007-02-13,Spiked,webapps,php, 29600,exploits/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' Cross-Site Scripting",2007-02-13,ShaFuck31,webapps,asp, 29601,exploits/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - 'listmain.asp?cat' SQL Injection",2007-02-13,ShaFuck31,webapps,asp, @@ -33011,8 +33026,8 @@ id,file,description,date,author,type,platform,port 29697,exploits/php/webapps/29697.txt,"Built2go News Manager 1.0 Blog - 'news.php' Multiple Cross-Site Scripting Vulnerabilities",2007-03-01,the_Edit0r,webapps,php, 29698,exploits/php/webapps/29698.txt,"Built2go News Manager 1.0 Blog - 'rating.php?nid' Cross-Site Scripting",2007-03-01,the_Edit0r,webapps,php, 29700,exploits/php/webapps/29700.txt,"Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities",2007-03-02,Samenspender,webapps,php, -29701,exploits/php/webapps/29701.txt,"WordPress 2.1.1 - Arbitrary Command Execution",2007-03-02,"Ivan Fratric",webapps,php, -29702,exploits/php/webapps/29702.txt,"WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution",2007-03-02,"Ivan Fratric",webapps,php, +29701,exploits/php/webapps/29701.txt,"WordPress Core 2.1.1 - Arbitrary Command Execution",2007-03-02,"Ivan Fratric",webapps,php, +29702,exploits/php/webapps/29702.txt,"WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution",2007-03-02,"Ivan Fratric",webapps,php, 29703,exploits/php/webapps/29703.txt,"Tyger Bug Tracking System 1.1.3 - 'ViewBugs.php?s' SQL Injection",2007-02-26,CorryL,webapps,php, 29704,exploits/php/webapps/29704.txt,"Tyger Bug Tracking System 1.1.3 - 'login.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,webapps,php, 29705,exploits/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - 'register.php?PATH_INFO' Cross-Site Scripting",2007-02-26,CorryL,webapps,php, @@ -33039,7 +33054,7 @@ id,file,description,date,author,type,platform,port 29748,exploits/php/webapps/29748.txt,"Holtstraeter Rot 13 - 'Enkrypt.php' Directory Traversal",2007-03-16,"BorN To K!LL",webapps,php, 29750,exploits/php/webapps/29750.php,"phpStats 0.1.9 - Multiple SQL Injections",2007-03-16,rgod,webapps,php, 29751,exploits/php/webapps/29751.php,"phpStats 0.1.9 - 'PHP-Stats-options.php' Remote Code Execution",2007-03-17,rgod,webapps,php, -29754,exploits/php/webapps/29754.html,"WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting",2007-03-19,"Alexander Concha",webapps,php, +29754,exploits/php/webapps/29754.html,"WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting",2007-03-19,"Alexander Concha",webapps,php, 29755,exploits/php/webapps/29755.html,"Guesbara 1.2 - Administrator Password Change",2007-03-19,Kacper,webapps,php, 29756,exploits/php/webapps/29756.txt,"PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection",2007-03-19,"laurent gaffie",webapps,php, 29757,exploits/php/webapps/29757.txt,"PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection",2007-03-19,"laurent gaffie",webapps,php, @@ -33103,7 +33118,7 @@ id,file,description,date,author,type,platform,port 30161,exploits/php/webapps/30161.txt,"Atom Photoblog 1.0.1/1.0.9 - 'AtomPhotoblog.php' Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,webapps,php, 30162,exploits/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous",webapps,php, 30165,exploits/asp/webapps/30165.txt,"Ibrahim Ã?AKICI - 'Okul Portal Haber_Oku.asp' SQL Injection",2007-06-08,ertuqrul,webapps,asp, -30166,exploits/php/webapps/30166.txt,"WordPress 2.2 - 'Request_URI' Cross-Site Scripting",2007-06-08,zamolx3,webapps,php, +30166,exploits/php/webapps/30166.txt,"WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting",2007-06-08,zamolx3,webapps,php, 30168,exploits/php/webapps/30168.txt,"vBSupport 2.0.0 Integrated Ticket System - 'vBSupport.php' SQL Injection",2007-06-09,rUnViRuS,webapps,php, 30171,exploits/php/webapps/30171.txt,"JFFNms 0.8.3 - 'auth.php' Multiple SQL Injections",2007-06-11,"Tim Brown",webapps,php, 30172,exploits/php/webapps/30172.txt,"JFFNms 0.8.3 - 'auth.php?user' Cross-Site Scripting",2007-06-11,"Tim Brown",webapps,php, @@ -33358,7 +33373,7 @@ id,file,description,date,author,type,platform,port 30321,exploits/php/webapps/30321.txt,"GeoBlog MOD_1.0 - 'deleteblog.php?id' Arbitrary Blog Deletion",2007-07-19,joseph.giron13,webapps,php, 30323,exploits/php/webapps/30323.txt,"UseBB 1.0.7 - '/install/upgrade-0-2-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,webapps,php, 30324,exploits/php/webapps/30324.txt,"UseBB 1.0.7 - '/install/upgrade-0-3.php?PHP_SELF' Cross-Site Scripting",2007-07-20,s4mi,webapps,php, -30978,exploits/php/webapps/30978.txt,"WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, +30978,exploits/php/webapps/30978.txt,"WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, 30327,exploits/asp/webapps/30327.html,"Dora Emlak 1.0 Script - Multiple Input Validation Vulnerabilities",2007-07-23,GeFORC3,webapps,asp, 30328,exploits/asp/webapps/30328.txt,"Alisveris Sitesi Scripti - 'index.asp' SQL Injection",2007-07-23,GeFORC3,webapps,asp, 30329,exploits/php/webapps/30329.sh,"Gitlab 6.0 - Persistent Cross-Site Scripting",2013-12-16,hellok,webapps,php, @@ -33460,7 +33475,7 @@ id,file,description,date,author,type,platform,port 30515,exploits/php/webapps/30515.txt,"coWiki - 'index.php' Cross-Site Scripting",2007-08-21,MustLive,webapps,php, 30516,exploits/php/webapps/30516.txt,"m-phorum 0.3 - 'index.php' Cross-Site Scripting",2007-08-21,CodeXpLoder'tq,webapps,php, 30518,exploits/php/webapps/30518.txt,"Ripe Website Manager 0.8.x - '/pages/delete_page.php?id' SQL Injection",2007-08-22,"Nagendra Kumar G",webapps,php, -30520,exploits/php/webapps/30520.txt,"WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,webapps,php, +30520,exploits/php/webapps/30520.txt,"WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting",2007-08-13,MustLive,webapps,php, 30525,exploits/php/webapps/30525.txt,"Arcadem 2.01 - 'index.php' Remote File Inclusion",2007-08-24,sm0k3,webapps,php, 30531,exploits/php/webapps/30531.txt,"AutoIndex PHP Script 2.2.1 - 'index.php' Cross-Site Scripting",2007-08-27,d3hydr8,webapps,php, 30533,exploits/php/webapps/30533.txt,"Dale Mooney Calendar Events - 'Viewevent.php' SQL Injection",2007-08-27,s0cratex,webapps,php, @@ -33535,7 +33550,7 @@ id,file,description,date,author,type,platform,port 30598,exploits/cgi/webapps/30598.txt,"WebBatch - 'webbatch.exe' Cross-Site Scripting",2007-09-20,Doz,webapps,cgi, 30599,exploits/cgi/webapps/30599.txt,"WebBatch - 'webbatch.exe?dumpinputdata' Remote Information Disclosure",2007-09-20,Doz,webapps,cgi, 30601,exploits/php/webapps/30601.txt,"Vigile CMS 1.8 Wiki Module - Multiple Cross-Site Scripting Vulnerabilities",2007-09-20,x0kster,webapps,php, -30602,exploits/php/webapps/30602.html,"WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-22,"Adrian Pastor",webapps,php, +30602,exploits/php/webapps/30602.html,"WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities",2007-09-22,"Adrian Pastor",webapps,php, 30603,exploits/php/webapps/30603.html,"XCMS 1.1/1.7 - 'Password' Arbitrary PHP Code Execution",2007-09-22,x0kster,webapps,php, 30606,exploits/cgi/webapps/30606.txt,"Urchin 5.7.x - 'session.cgi' Cross-Site Scripting",2007-09-24,pagvac,webapps,cgi, 30607,exploits/php/webapps/30607.txt,"bcoos 1.0.10 Arcade Module - 'index.php' SQL Injection",2007-09-24,"nights shadow",webapps,php, @@ -33620,7 +33635,7 @@ id,file,description,date,author,type,platform,port 30707,exploits/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion",2007-10-24,Alucar,webapps,php, 30708,exploits/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - 'Page.asp' SQL Injection",2007-10-25,joseph.giron13,webapps,asp, 30712,exploits/php/webapps/30712.txt,"Multi-Forums - 'Directory.php' Multiple SQL Injections",2007-10-25,KiNgOfThEwOrLd,webapps,php, -30715,exploits/php/webapps/30715.txt,"WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting",2007-10-29,waraxe,webapps,php, +30715,exploits/php/webapps/30715.txt,"WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting",2007-10-29,waraxe,webapps,php, 30716,exploits/php/webapps/30716.txt,"Smart-Shop - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2007-10-29,Doz,webapps,php, 30717,exploits/php/webapps/30717.txt,"Omnistar Live - 'KB.php' Cross-Site Scripting",2007-10-29,Doz,webapps,php, 30718,exploits/php/webapps/30718.txt,"Saxon 5.4 - 'Menu.php' Cross-Site Scripting",2007-10-29,netVigilance,webapps,php, @@ -33661,7 +33676,7 @@ id,file,description,date,author,type,platform,port 30778,exploits/asp/webapps/30778.txt,"Click&BaneX - 'Details.asp' SQL Injection",2007-11-19,"Aria-Security Team",webapps,asp, 30975,exploits/cgi/webapps/30975.txt,"W3-mSQL - Error Page Cross-Site Scripting",2008-01-03,vivek_infosec,webapps,cgi, 30976,exploits/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'search.php' Multiple SQL Injections",2008-01-03,The:Paradox,webapps,php, -30977,exploits/php/webapps/30977.txt,"WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, +30977,exploits/php/webapps/30977.txt,"WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, 30786,exploits/php/webapps/30786.txt,"Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities",2014-01-07,AtT4CKxT3rR0r1ST,webapps,php,80 30790,exploits/php/webapps/30790.txt,"Cubic CMS - Multiple Vulnerabilities",2014-01-07,"Eugenio Delfa",webapps,php,80 30811,exploits/php/webapps/30811.txt,"SimpleGallery 0.1.3 - 'index.php' Cross-Site Scripting",2007-11-26,JosS,webapps,php, @@ -33707,7 +33722,7 @@ id,file,description,date,author,type,platform,port 30886,exploits/php/webapps/30886.txt,"MKPortal 1.1 Gallery Module - SQL Injection",2007-12-13,"Sw33t h4cK3r",webapps,php, 30887,exploits/php/webapps/30887.txt,"phPay 2.2.1 - Windows Installations Local File Inclusion",2007-12-15,"Michael Brooks",webapps,php, 30888,exploits/php/webapps/30888.txt,"phpRPG 0.8 - '/tmp' Directory PHPSESSID Cookie Session Hijacking",2007-12-15,"Michael Brooks",webapps,php, -30889,exploits/php/webapps/30889.txt,"WordPress 2.3.1 - Unauthorized Post Access",2007-12-15,"Michael Brooks",webapps,php, +30889,exploits/php/webapps/30889.txt,"WordPress Core 2.3.1 - Unauthorized Post Access",2007-12-15,"Michael Brooks",webapps,php, 30890,exploits/php/webapps/30890.txt,"Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusions",2007-12-14,RoMaNcYxHaCkEr,webapps,php, 30891,exploits/php/webapps/30891.txt,"Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities",2007-12-09,"KAWASHIMA Takahiro",webapps,php, 30892,exploits/php/webapps/30892.txt,"Neuron News 1.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2007-12-17,"hadihadi & black.shadowes",webapps,php, @@ -33759,7 +33774,7 @@ id,file,description,date,author,type,platform,port 30965,exploits/php/webapps/30965.txt,"LiveCart 1.0.1 - 'q' Cross-Site Scripting",2007-12-31,Doz,webapps,php, 30966,exploits/php/webapps/30966.txt,"LiveCart 1.0.1 - 'return' Cross-Site Scripting (2)",2007-12-31,Doz,webapps,php, 30967,exploits/php/webapps/30967.txt,"LiveCart 1.0.1 - 'email' Cross-Site Scripting",2007-12-31,Doz,webapps,php, -30979,exploits/php/webapps/30979.txt,"WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, +30979,exploits/php/webapps/30979.txt,"WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting",2008-01-03,3APA3A,webapps,php, 30980,exploits/php/webapps/30980.txt,"AwesomeTemplateEngine 1 - Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,webapps,php, 30981,exploits/php/webapps/30981.txt,"PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2008-01-03,MustLive,webapps,php, 30982,exploits/php/webapps/30982.html,"Nucleus CMS 3.0.1 - 'myid' SQL Injection",2008-01-03,MustLive,webapps,php, @@ -34009,8 +34024,8 @@ id,file,description,date,author,type,platform,port 31353,exploits/php/webapps/31353.txt,"ImageVue 1.7 - 'dir2.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,webapps,php, 31354,exploits/php/webapps/31354.txt,"ImageVue 1.7 - 'upload.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,webapps,php, 31355,exploits/php/webapps/31355.txt,"ImageVue 1.7 - 'dirxml.php?path' Cross-Site Scripting",2008-03-07,ZoRLu,webapps,php, -31356,exploits/php/webapps/31356.txt,"WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting",2008-03-07,Doz,webapps,php, -31357,exploits/php/webapps/31357.txt,"WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting",2008-03-07,Doz,webapps,php, +31356,exploits/php/webapps/31356.txt,"WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting",2008-03-07,Doz,webapps,php, +31357,exploits/php/webapps/31357.txt,"WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting",2008-03-07,Doz,webapps,php, 31358,exploits/php/webapps/31358.txt,"Specimen Image Database - 'taxonservice.php?dir' Remote File Inclusion",2008-03-07,ZoRLu,webapps,php, 31365,exploits/php/webapps/31365.txt,"Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath' Cross-Site Scripting",2008-03-08,nnposter,webapps,php, 31366,exploits/php/webapps/31366.txt,"Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath.0' Arbitrary File Access",2008-03-08,nnposter,webapps,php, @@ -34221,7 +34236,7 @@ id,file,description,date,author,type,platform,port 31666,exploits/asp/webapps/31666.txt,"Cobalt 2.0 - 'adminler.asp' SQL Injection",2008-04-17,U238,webapps,asp, 31668,exploits/php/webapps/31668.txt,"TLM CMS 3.1 - Multiple SQL Injections",2008-04-18,ZoRLu,webapps,php, 31669,exploits/php/webapps/31669.txt,"Wikepage Opus 13 2007.2 - 'wiki' Cross-Site Scripting",2008-04-18,"Gerendi Sandor Attila",webapps,php, -31670,exploits/php/webapps/31670.txt,"WordPress 2.3.3 - 'cat' Directory Traversal",2008-04-18,"Gerendi Sandor Attila",webapps,php, +31670,exploits/php/webapps/31670.txt,"WordPress Core 2.3.3 - 'cat' Directory Traversal",2008-04-18,"Gerendi Sandor Attila",webapps,php, 31671,exploits/php/webapps/31671.html,"TorrentFlux 2.3 - 'admin.php' Cross-Site Request Forgery (Add Admin)",2008-04-18,"Michael Brooks",webapps,php, 31672,exploits/php/webapps/31672.txt,"μTorrent (uTorrent) WebUI 0.310 Beta 2 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,php, 31673,exploits/multiple/webapps/31673.txt,"Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery",2008-04-18,th3.r00k,webapps,multiple, @@ -34467,7 +34482,7 @@ id,file,description,date,author,type,platform,port 32283,exploits/php/webapps/32283.txt,"Scripts4Profit DXShopCart 4.30 - 'pid' SQL Injection",2008-08-21,"Hussin X",webapps,php, 32284,exploits/php/webapps/32284.txt,"Simasy CMS - 'id' SQL Injection",2008-08-21,r45c4l,webapps,php, 32051,exploits/php/webapps/32051.php,"Pubs Black Cat [The Fun] - 'browse.groups.php' SQL Injection",2008-07-14,RMx,webapps,php, -32053,exploits/php/webapps/32053.txt,"WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-15,anonymous,webapps,php, +32053,exploits/php/webapps/32053.txt,"WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-15,anonymous,webapps,php, 32057,exploits/php/webapps/32057.txt,"Evaria ECMS 1.1 - 'DOCUMENT_ROOT' Multiple Remote File Inclusions",2008-07-16,ahmadbady,webapps,php, 32058,exploits/php/webapps/32058.txt,"OpenPro 1.3.1 - 'search_wA.php' Remote File Inclusion",2008-07-16,"Ghost Hacker",webapps,php, 32059,exploits/php/webapps/32059.txt,"Claroline 1.8.9 - 'announcements/announcements.php' Cross-Site Scripting",2008-07-15,"Digital Security Research Group",webapps,php, @@ -37326,7 +37341,7 @@ id,file,description,date,author,type,platform,port 36830,exploits/php/webapps/36830.txt,"Impulsio CMS - 'id' SQL Injection",2012-02-16,sonyy,webapps,php, 36834,exploits/php/webapps/36834.txt,"Joomla! Component com_x-shop - 'idd' SQL Injection",2012-02-18,KedAns-Dz,webapps,php, 36835,exploits/php/webapps/36835.txt,"Joomla! Component com_xcomp - Local File Inclusion",2012-02-18,KedAns-Dz,webapps,php, -36844,exploits/php/webapps/36844.txt,"WordPress 4.2 - Persistent Cross-Site Scripting",2015-04-27,klikki,webapps,php, +36844,exploits/php/webapps/36844.txt,"WordPress Core 4.2 - Persistent Cross-Site Scripting",2015-04-27,klikki,webapps,php, 36842,exploits/php/webapps/36842.pl,"OTRS < 3.1.x / < 3.2.x / < 3.3.x - Persistent Cross-Site Scripting",2015-04-27,"Adam Ziaja",webapps,php, 36994,exploits/cgi/webapps/36994.txt,"WebGlimpse 2.18.7 - 'DOC' Directory Traversal",2009-04-17,MustLive,webapps,cgi, 36853,exploits/php/webapps/36853.txt,"Dolphin 7.0.x - 'viewFriends.php' Multiple Cross-Site Scripting Vulnerabilities",2012-02-21,"Aung Khant",webapps,php, @@ -37571,7 +37586,7 @@ id,file,description,date,author,type,platform,port 37191,exploits/php/webapps/37191.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_layer.php?id' Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php, 37192,exploits/php/webapps/37192.txt,"WordPress Plugin Leaflet Maps Marker 0.0.1 - 'leaflet_marker.php?id' Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php, 37193,exploits/php/webapps/37193.txt,"WordPress Plugin GD Star Rating 1.9.16 - 'tpl_section' Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php, -37194,exploits/php/webapps/37194.txt,"WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",webapps,php, +37194,exploits/php/webapps/37194.txt,"WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",webapps,php, 37195,exploits/php/webapps/37195.txt,"WordPress Plugin WP Forum Server 1.7.3 - '/fs-admin/fs-admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",webapps,php, 37196,exploits/php/webapps/37196.txt,"WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",webapps,php, 37200,exploits/php/webapps/37200.txt,"WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion",2015-06-04,"Panagiotis Vagenas",webapps,php,80 @@ -37905,7 +37920,7 @@ id,file,description,date,author,type,platform,port 37697,exploits/php/webapps/37697.txt,"PHPFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-04,Crim3R,webapps,php, 37698,exploits/php/webapps/37698.txt,"Kayako Fusion - 'download.php' Cross-Site Scripting",2012-09-05,"High-Tech Bridge",webapps,php, 37700,exploits/multiple/webapps/37700.txt,"Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage",2015-07-27,hyp3rlinx,webapps,multiple, -37826,exploits/php/webapps/37826.txt,"WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities",2012-09-18,AkaStep,webapps,php, +37826,exploits/php/webapps/37826.txt,"WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities",2012-09-18,AkaStep,webapps,php, 37751,exploits/php/webapps/37751.txt,"WordPress Plugin WPTF Image Gallery 1.03 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",webapps,php,80 37752,exploits/php/webapps/37752.txt,"WordPress Plugin Recent Backups 0.7 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",webapps,php,80 37705,exploits/php/webapps/37705.txt,"WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities",2015-07-27,"Nitin Venkatesh",webapps,php,80 @@ -37978,7 +37993,7 @@ id,file,description,date,author,type,platform,port 38066,exploits/php/webapps/38066.txt,"WordPress Plugin Video Lead Form - 'errMsg' Cross-Site Scripting",2012-11-29,"Aditya Balapure",webapps,php, 38067,exploits/hardware/webapps/38067.py,"Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass",2015-09-02,Orwelllabs,webapps,hardware,80 37833,exploits/php/webapps/37833.txt,"YCommerce - Multiple SQL Injections",2012-09-21,"Ricardo Almeida",webapps,php, -37835,exploits/php/webapps/37835.html,"WordPress 3.4.2 - Cross-Site Request Forgery",2012-09-22,AkaStep,webapps,php, +37835,exploits/php/webapps/37835.html,"WordPress Core 3.4.2 - Cross-Site Request Forgery",2012-09-22,AkaStep,webapps,php, 37836,exploits/php/webapps/37836.txt,"WordPress Plugin Token Manager - 'tid' Cross-Site Scripting",2012-09-25,TheCyberNuxbie,webapps,php, 37837,exploits/php/webapps/37837.html,"WordPress Plugin Sexy Add Template - Cross-Site Request Forgery",2012-09-22,the_cyber_nuxbie,webapps,php, 37838,exploits/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'searchFor' Cross-Site Scripting",2011-12-30,farbodmahini,webapps,php, @@ -38488,7 +38503,6 @@ id,file,description,date,author,type,platform,port 38879,exploits/asp/webapps/38879.txt,"Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections",2013-12-14,R3d-D3V!L,webapps,asp, 38880,exploits/php/webapps/38880.txt,"Veno File Manager - 'q' Arbitrary File Download",2013-12-11,"Daniel Godoy",webapps,php, 38881,exploits/php/webapps/38881.html,"Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)",2013-12-17,sajith,webapps,php, -38882,exploits/cgi/webapps/38882.txt,"Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service",2013-12-16,"DTAG Group Information Security",webapps,cgi, 38883,exploits/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 - '/apps/news-events/newdetail.asp?id' SQL Injection",2013-12-13,R3d-D3V!L,webapps,asp, 38884,exploits/asp/webapps/38884.txt,"Dynamic Biz Website Builder 'QuickWeb' 1.0 - '/login.asp' Multiple Field SQL Injections / Authentication Bypass",2013-12-13,R3d-D3V!L,webapps,asp, 38885,exploits/php/webapps/38885.txt,"iScripts AutoHoster - 'checktransferstatus.php' SQL Injection",2013-12-15,i-Hmx,webapps,php, @@ -38517,7 +38531,7 @@ id,file,description,date,author,type,platform,port 38920,exploits/php/webapps/38920.txt,"AFCommerce - 'adblock.php' Remote File Inclusion",2013-12-25,NoGe,webapps,php, 38921,exploits/php/webapps/38921.txt,"AFCommerce - 'adminpassword.php' Remote File Inclusion",2013-12-25,NoGe,webapps,php, 38922,exploits/php/webapps/38922.txt,"AFCommerce - 'controlheader.php' Remote File Inclusion",2013-12-25,NoGe,webapps,php, -38924,exploits/php/webapps/38924.txt,"WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery",2013-12-17,MustLive,webapps,php, +38924,exploits/php/webapps/38924.txt,"WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery",2013-12-17,MustLive,webapps,php, 38927,exploits/php/webapps/38927.txt,"iy10 Dizin Scripti - Multiple Vulnerabilities",2015-12-10,KnocKout,webapps,php,80 38928,exploits/php/webapps/38928.txt,"Gökhan Balbal Script 2.0 - Cross-Site Request Forgery",2015-12-10,KnocKout,webapps,php,80 38929,exploits/hardware/webapps/38929.txt,"Skybox Platform < 7.0.611 - Multiple Vulnerabilities",2015-12-10,"SEC Consult",webapps,hardware,8443 @@ -39105,7 +39119,7 @@ id,file,description,date,author,type,platform,port 40284,exploits/hardware/webapps/40284.txt,"VideoIQ Camera - Local File Disclosure",2016-08-22,"Yakir Wizman",webapps,hardware, 40285,exploits/php/webapps/40285.txt,"Ocomon 2.0 - SQL Injection",2016-08-22,"Jonatas Fil",webapps,php,80 40286,exploits/java/webapps/40286.txt,"Sakai 10.7 - Multiple Vulnerabilities",2016-08-22,LiquidWorm,webapps,java, -40288,exploits/php/webapps/40288.txt,"WordPress 4.5.3 - Directory Traversal / Denial of Service",2016-08-22,"Yorick Koster",webapps,php,80 +40288,exploits/php/webapps/40288.txt,"WordPress Core 4.5.3 - Directory Traversal / Denial of Service",2016-08-22,"Yorick Koster",webapps,php,80 40290,exploits/php/webapps/40290.txt,"WordPress Plugin Mail Masta 1.0 - Local File Inclusion",2016-08-23,"Guillermo Garcia Marcos",webapps,php,80 40292,exploits/php/webapps/40292.txt,"SimplePHPQuiz - Blind SQL Injection",2016-08-23,HaHwul,webapps,php,80 40293,exploits/php/webapps/40293.txt,"chatNow - Multiple Vulnerabilities",2016-08-23,HaHwul,webapps,php,80 @@ -39224,7 +39238,6 @@ id,file,description,date,author,type,platform,port 43848,exploits/java/webapps/43848.txt,"Oracle JDeveloper 11.1.x/12.x - Directory Traversal",2018-01-21,hyp3rlinx,webapps,java, 43849,exploits/json/webapps/43849.txt,"Shopware 5.2.5/5.3 - Cross-Site Scripting",2018-01-21,Vulnerability-Lab,webapps,json, 43850,exploits/php/webapps/43850.txt,"CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities",2018-01-21,Vulnerability-Lab,webapps,php, -43852,exploits/php/webapps/43852.php,"PHPFreeChat 1.7 - Denial of Service",2018-01-21,"A. Pakbaz",webapps,php, 43853,exploits/perl/webapps/43853.txt,"OTRS 5.0.x/6.0.x - Remote Command Execution",2018-01-21,Bæln0rn,webapps,perl, 43855,exploits/php/webapps/43855.txt,"CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection",2018-01-23,Vulnerability-Lab,webapps,php, 43858,exploits/multiple/webapps/43858.txt,"NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download",2018-01-23,LiquidWorm,webapps,multiple, @@ -39531,8 +39544,8 @@ id,file,description,date,author,type,platform,port 41208,exploits/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",webapps,hardware, 41209,exploits/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",webapps,php, 41210,exploits/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",webapps,php, -41223,exploits/linux/webapps/41223.py,"WordPress 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux, -41224,exploits/linux/webapps/41224.rb,"WordPress 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux, +41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux, +41224,exploits/linux/webapps/41224.rb,"WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux, 41231,exploits/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php, 41225,exploits/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",webapps,php, 41226,exploits/php/webapps/41226.txt,"Itech Inventory Management Software 3.77 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php, @@ -39731,7 +39744,7 @@ id,file,description,date,author,type,platform,port 41494,exploits/php/webapps/41494.txt,"Joomla! Component StreetGuessr Game 1.0 - SQL Injection",2017-03-02,"Ihsan Sencan",webapps,php, 41495,exploits/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' SQL Injection",2017-03-02,"Ihsan Sencan",webapps,php, 41496,exploits/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' SQL Injection",2017-03-02,"Ihsan Sencan",webapps,php, -41497,exploits/php/webapps/41497.php,"WordPress < 4.7.1 - Username Enumeration",2017-03-03,Dctor,webapps,php, +41497,exploits/php/webapps/41497.php,"WordPress Core < 4.7.1 - Username Enumeration",2017-03-03,Dctor,webapps,php, 41499,exploits/jsp/webapps/41499.txt,"NetGain Enterprise Manager 7.2.562 - 'Ping' Command Injection",2017-02-23,MrChaZ,webapps,jsp, 41500,exploits/php/webapps/41500.txt,"Joomla! Component Coupon 3.5 - SQL Injection",2017-03-03,"Ihsan Sencan",webapps,php, 41501,exploits/php/webapps/41501.txt,"pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery",2017-03-03,"Yann CAM",webapps,php, @@ -39767,7 +39780,7 @@ id,file,description,date,author,type,platform,port 41535,exploits/php/webapps/41535.txt,"Select Your College Script 2.01 - SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, 41536,exploits/php/webapps/41536.txt,"Social Network Script 3.01 - 'id' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, 41539,exploits/php/webapps/41539.txt,"Website Broker Script 3.02 - 'view' SQL Injection",2017-03-06,"Ihsan Sencan",webapps,php, -41540,exploits/php/webapps/41540.py,"WordPress Multiple Plugins - Arbitrary File Upload",2017-03-03,"The Martian",webapps,php, +41540,exploits/php/webapps/41540.py,"Multiple WordPress Plugins - Arbitrary File Upload",2017-03-03,"The Martian",webapps,php, 41541,exploits/json/webapps/41541.html,"Deluge Web UI 1.3.13 - Cross-Site Request Forgery",2017-03-06,"Kyle Neideck",webapps,json, 41543,exploits/php/webapps/41543.txt,"Mini CMS 1.1 - 'name' SQL Injection",2017-03-07,"Ihsan Sencan",webapps,php, 41544,exploits/php/webapps/41544.txt,"Daily Deals Script 1.0 - 'id' SQL Injection",2017-03-07,"Ihsan Sencan",webapps,php, @@ -39878,7 +39891,7 @@ id,file,description,date,author,type,platform,port 43535,exploits/php/webapps/43535.txt,"Xnami 1.0 - Cross-Site Scripting",2018-01-12,"Dennis Veninga",webapps,php, 43543,exploits/php/webapps/43543.txt,"Taxi Booking Script 1.0 - Cross-site Scripting",2018-01-12,Tauco,webapps,php, 43560,exploits/php/webapps/43560.py,"pfSense < 2.1.4 - 'status_rrd_graph_img.php' Command Injection",2018-01-15,absolomb,webapps,php, -41622,exploits/php/webapps/41622.py,"Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download",2017-03-16,"The Martian",webapps,php, +41622,exploits/php/webapps/41622.py,"WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download",2017-03-16,"The Martian",webapps,php, 41625,exploits/hardware/webapps/41625.txt,"AXIS Communications - Cross-Site Scripting / Content Injection",2017-03-17,Orwelllabs,webapps,hardware, 41626,exploits/hardware/webapps/41626.txt,"AXIS (Multiple Products) - Cross-Site Request Forgery",2017-03-17,Orwelllabs,webapps,hardware, 41627,exploits/php/webapps/41627.txt,"Departmental Store Management System 1.2 - SQL Injection",2017-03-17,"Ihsan Sencan",webapps,php, @@ -39904,7 +39917,7 @@ id,file,description,date,author,type,platform,port 43919,exploits/hardware/webapps/43919.html,"Netis WF2419 Router - Cross-Site Request Forgery",2018-01-28,"Sajibe Kanti",webapps,hardware, 43922,exploits/nodejs/webapps/43922.html,"KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery",2018-01-28,"Saurabh Banawar",webapps,nodejs, 43928,exploits/windows/webapps/43928.py,"Advantech WebAccess < 8.3 - SQL Injection",2018-01-30,"Chris Lyne",webapps,windows, -43931,exploits/php/webapps/43931.txt,"Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal",2018-01-30,"Ihsan Sencan",webapps,php, +43931,exploits/php/webapps/43931.txt,"Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal",2018-01-30,"Ihsan Sencan",webapps,php, 43932,exploits/php/webapps/43932.txt,"Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection",2018-01-30,"Ihsan Sencan",webapps,php, 43933,exploits/php/webapps/43933.txt,"Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection",2018-01-30,"Ihsan Sencan",webapps,php, 43934,exploits/windows/webapps/43934.py,"BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure",2018-01-30,"Paul Taylor",webapps,windows,4750 @@ -39999,9 +40012,9 @@ id,file,description,date,author,type,platform,port 44127,exploits/php/webapps/44127.txt,"Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44128,exploits/php/webapps/44128.txt,"Joomla! Component Solidres 2.5.1 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44129,exploits/php/webapps/44129.txt,"Joomla! Component Staff Master 1.0 RC 1 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 -44130,exploits/php/webapps/44130.txt,"Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 +44130,exploits/php/webapps/44130.txt,"Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44131,exploits/php/webapps/44131.txt,"Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 -44132,exploits/php/webapps/44132.txt,"Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 +44132,exploits/php/webapps/44132.txt,"Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44133,exploits/php/webapps/44133.txt,"Joomla! Component Saxum Astro 4.0.14 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44134,exploits/php/webapps/44134.txt,"Joomla! Component Saxum Numerology 3.0.4 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 44135,exploits/php/webapps/44135.txt,"Joomla! Component SquadManagement 1.0.3 - SQL Injection",2018-02-16,"Ihsan Sencan",webapps,php,80 @@ -40138,8 +40151,8 @@ id,file,description,date,author,type,platform,port 41958,exploits/java/webapps/41958.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure",2017-05-03,LiquidWorm,webapps,java, 41960,exploits/java/webapps/41960.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change",2017-05-03,LiquidWorm,webapps,java, 41961,exploits/windows/webapps/41961.py,"Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution",2017-05-03,LiquidWorm,webapps,windows, -41962,exploits/linux/webapps/41962.sh,"WordPress 4.6 - Remote Code Execution",2017-05-03,"Dawid Golunski",webapps,linux, -41963,exploits/linux/webapps/41963.txt,"WordPress < 4.7.4 - Unauthorized Password Reset",2017-05-03,"Dawid Golunski",webapps,linux, +41962,exploits/linux/webapps/41962.sh,"WordPress Core 4.6 - Remote Code Execution",2017-05-03,"Dawid Golunski",webapps,linux, +41963,exploits/linux/webapps/41963.txt,"WordPress Core < 4.7.4 - Unauthorized Password Reset",2017-05-03,"Dawid Golunski",webapps,linux, 41966,exploits/php/webapps/41966.txt,"WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection",2017-05-05,defensecode,webapps,php,80 41967,exploits/php/webapps/41967.md,"ViMbAdmin 3.0.15 - Multiple Cross-Site Request Forgery Vulnerabilities",2017-05-05,Sysdream,webapps,php,80 41976,exploits/linux/webapps/41976.py,"LogRhythm Network Monitor - Authentication Bypass / Command Injection",2017-04-24,"Francesco Oddo",webapps,linux, @@ -40797,9 +40810,8 @@ id,file,description,date,author,type,platform,port 44328,exploits/xml/webapps/44328.py,"Hikvision IP Camera versions 5.2.0 - 5.3.9 (Builds 140721 < 170109) - Access Control Bypass",2018-03-23,Matamorphosis,webapps,xml, 44346,exploits/php/webapps/44346.rb,"ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)",2018-03-27,Metasploit,webapps,php, 44335,exploits/hardware/webapps/44335.js,"TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery",2018-03-23,"Mans van Someren",webapps,hardware, -44336,exploits/php/webapps/44336.py,"XenForo 2 - CSS Loader Denial of Service",2018-03-23,LockedByte,webapps,php, 44339,exploits/php/webapps/44339.txt,"MyBB Plugin Last User's Threads in Profile Plugin 1.2 - Persistent Cross-Site Scripting",2018-03-23,0xB9,webapps,php, -44340,exploits/php/webapps/44340.txt,"Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion",2018-03-23,"Nicolas Buzy-Debat",webapps,php,80 +44340,exploits/php/webapps/44340.txt,"WordPress Plugin Site Editor 1.1.1 - Local File Inclusion",2018-03-23,"Nicolas Buzy-Debat",webapps,php,80 44343,exploits/php/webapps/44343.py,"Laravel Log Viewer < 0.13.0 - Local File Download",2018-03-26,"Haboob Team",webapps,php, 44350,exploits/multiple/webapps/44350.py,"TwonkyMedia Server 7.0.11-8.5 - Directory Traversal",2018-03-28,"Sven Fassbender",webapps,multiple, 44351,exploits/multiple/webapps/44351.txt,"TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting",2018-03-28,"Sven Fassbender",webapps,multiple, @@ -40807,7 +40819,7 @@ id,file,description,date,author,type,platform,port 44353,exploits/hardware/webapps/44353.sh,"Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change",2018-03-28,"Todor Donev",webapps,hardware, 44354,exploits/php/webapps/44354.txt,"Open-AuditIT Professional 2.1 - Cross-Site Scripting",2018-03-28,"Nilesh Sapariya",webapps,php, 44355,exploits/php/webapps/44355.php,"Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Admin Session)",2014-11-03,"Stefan Horst",webapps,php,443 -44358,exploits/php/webapps/44358.rb,"Joomla Component Fields - SQLi Remote Code Execution (Metasploit)",2018-03-29,Metasploit,webapps,php, +44358,exploits/php/webapps/44358.rb,"Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)",2018-03-29,Metasploit,webapps,php, 44360,exploits/multiple/webapps/44360.txt,"Open-AuditIT Professional 2.1 - Cross-Site Request Forgery",2018-03-30,"Nilesh Sapariya",webapps,multiple, 44361,exploits/cgi/webapps/44361.rb,"Homematic CCU2 2.29.23 - Arbitrary File Write",2018-03-30,"Patrick Muench and Gregor Kopf",webapps,cgi, 44362,exploits/php/webapps/44362.html,"MiniCMS 1.10 - Cross-Site Request Forgery",2018-03-30,zixian,webapps,php,80 @@ -40862,15 +40874,14 @@ id,file,description,date,author,type,platform,port 44434,exploits/php/webapps/44434.txt,"iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)",2018-04-09,ManhNho,webapps,php, 44435,exploits/php/webapps/44435.txt,"WordPress Plugin Google Drive 2.2 - Remote Code Execution",2018-04-09,"Lenon Leite",webapps,php, 44436,exploits/php/webapps/44436.txt,"iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting",2018-04-10,ManhNho,webapps,php, -44437,exploits/php/webapps/44437.txt,"Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting",2018-04-10,"Stefan Broeder",webapps,php, +44437,exploits/php/webapps/44437.txt,"WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting",2018-04-10,"Stefan Broeder",webapps,php, 44439,exploits/php/webapps/44439.txt,"WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)",2018-04-10,taoge,webapps,php, 44440,exploits/php/webapps/44440.txt,"WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)",2018-04-10,taoge,webapps,php, 44441,exploits/linux/webapps/44441.txt,"Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control",2018-04-10,SlidingWindow,webapps,linux, 44443,exploits/php/webapps/44443.txt,"WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting",2018-04-10,ManhNho,webapps,php, 44444,exploits/php/webapps/44444.txt,"WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)",2018-04-10,ManhNho,webapps,php, -44447,exploits/php/webapps/44447.txt,"Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)",2018-04-12,"Sairam Jetty",webapps,php, +44447,exploits/php/webapps/44447.txt,"Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)",2018-04-12,"Sairam Jetty",webapps,php, 44448,exploits/php/webapps/44448.py,"Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)",2018-04-13,"Vitalii Rudnykh",webapps,php, -44450,exploits/linux/webapps/44450.txt,"MikroTik 6.41.4 - FTP daemon Denial of Service PoC",2018-04-13,FarazPajohan,webapps,linux, 44449,exploits/php/webapps/44449.rb,"Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution",2018-04-13,"Hans Topo & g0tmi1k",webapps,php,80 44454,exploits/php/webapps/44454.txt,"Cobub Razor 0.8.0 - SQL injection",2018-04-16,Kyhvedn,webapps,php,80 44469,exploits/jsp/webapps/44469.txt,"Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference",2018-04-16,Frogy,webapps,jsp, @@ -41026,7 +41037,7 @@ id,file,description,date,author,type,platform,port 44765,exploits/php/webapps/44765.txt,"EasyService Billing 1.0 - 'q' SQL Injection",2018-05-26,"Divya Jain",webapps,php, 44766,exploits/php/webapps/44766.txt,"mySurvey 1.0 - 'id' SQL Injection",2018-05-26,AkkuS,webapps,php, 44767,exploits/php/webapps/44767.txt,"easyLetters 1.0 - 'id' SQL Injection",2018-05-26,AkkuS,webapps,php, -44769,exploits/php/webapps/44769.txt,"Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting",2018-05-27,AkkuS,webapps,php, +44769,exploits/php/webapps/44769.txt,"WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting",2018-05-27,AkkuS,webapps,php, 44770,exploits/php/webapps/44770.txt,"Ingenious School Management System - 'id' SQL Injection",2018-05-27,"Meisam Monsef",webapps,php, 44771,exploits/php/webapps/44771.html,"Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting",2018-05-27,"Hesam Bazvand",webapps,php, 44772,exploits/php/webapps/44772.txt,"Lyrist - 'id' SQL Injection",2018-05-27,"Meisam Monsef",webapps,php, @@ -41097,7 +41108,7 @@ id,file,description,date,author,type,platform,port 44951,exploits/linux/webapps/44951.py,"HPE VAN SDN 2.7.18.0503 - Remote Root",2018-06-27,KoreLogic,webapps,linux,8443 44887,exploits/php/webapps/44887.html,"MACCMS 10 - Cross-Site Request Forgery (Add User)",2018-06-13,bay0net,webapps,php, 44891,exploits/php/webapps/44891.txt,"Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload",2018-06-13,h0n1gsp3cht,webapps,php, -44893,exploits/php/webapps/44893.php,"Joomla Component Ek Rishta 2.10 - SQL Injection",2018-06-14,"Guilherme Assmann",webapps,php, +44893,exploits/php/webapps/44893.php,"Joomla! Component Ek Rishta 2.10 - SQL Injection",2018-06-14,"Guilherme Assmann",webapps,php, 44895,exploits/php/webapps/44895.txt,"OEcms 3.1 - Cross-Site Scripting",2018-06-15,Renzi,webapps,php, 44897,exploits/php/webapps/44897.txt,"Dimofinf CMS 3.0.0 - Cross-Site Scripting",2018-06-15,Renzi,webapps,php, 44901,exploits/php/webapps/44901.html,"Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)",2018-06-18,L0RD,webapps,php, @@ -41136,7 +41147,7 @@ id,file,description,date,author,type,platform,port 44960,exploits/php/webapps/44960.html,"DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)",2018-07-02,bay0net,webapps,php,80 44964,exploits/php/webapps/44964.txt,"Dolibarr ERP/CRM < 7.0.3 - PHP Code Injection",2018-07-02,om3rcitak,webapps,php,80 44973,exploits/lua/webapps/44973.py,"ntop-ng < 3.4.180617 - Authentication Bypass",2018-07-03,"Ioannis Profetis",webapps,lua, -46489,exploits/hardware/webapps/46489.txt,"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution",2019-03-04,JameelNabbo,webapps,hardware,80 +46489,exploits/hardware/webapps/46489.txt,"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution",2019-03-04,JameelNabbo,webapps,hardware,80 44975,exploits/java/webapps/44975.py,"ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution",2018-07-04,"Kacper Szurek",webapps,java,8181 44976,exploits/php/webapps/44976.py,"CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution",2018-07-04,"Mustafa Hasan",webapps,php, 44977,exploits/php/webapps/44977.txt,"Online Trade - Information Disclosure",2018-07-04,L0RD,webapps,php, @@ -41164,7 +41175,6 @@ id,file,description,date,author,type,platform,port 45027,exploits/java/webapps/45027.txt,"Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection",2018-07-16,alt3kx,webapps,java, 45031,exploits/php/webapps/45031.txt,"WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting",2018-07-16,"Berk Dusunur",webapps,php, 45034,exploits/hardware/webapps/45034.html,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery",2018-07-17,LiquidWorm,webapps,hardware,80 -45035,exploits/hardware/webapps/45035.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service",2018-07-17,LiquidWorm,webapps,hardware, 45036,exploits/hardware/webapps/45036.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download",2018-07-17,LiquidWorm,webapps,hardware, 45037,exploits/hardware/webapps/45037.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation",2018-07-17,LiquidWorm,webapps,hardware, 45038,exploits/hardware/webapps/45038.txt,"Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root",2018-07-17,LiquidWorm,webapps,hardware, @@ -41243,7 +41253,7 @@ id,file,description,date,author,type,platform,port 45230,exploits/php/webapps/45230.txt,"Twitter-Clone 1 - 'userid' SQL Injection",2018-08-21,L0RD,webapps,php,80 45231,exploits/hardware/webapps/45231.rb,"Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)",2018-08-21,Alfie,webapps,hardware, 45232,exploits/php/webapps/45232.txt,"Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)",2018-08-21,L0RD,webapps,php, -45234,exploits/php/webapps/45234.txt,"Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php, +45234,exploits/php/webapps/45234.txt,"WordPress Plugin Ninja Forms 3.3.13 - CSV Injection",2018-08-21,"Mostafa Gharzi",webapps,php, 45236,exploits/hardware/webapps/45236.txt,"ZyXEL VMG3312-B10B - Cross-Site Scripting",2018-08-22,"Samet ŞAHİN",webapps,hardware, 45237,exploits/php/webapps/45237.php,"KingMedia 4.1 - File Upload",2018-08-22,"Efrén Díaz",webapps,php, 45242,exploits/hardware/webapps/45242.txt,"Geutebrueck re_porter 16 - Cross-Site Scripting",2018-08-22,"Kamil Suska",webapps,hardware, @@ -41295,9 +41305,9 @@ id,file,description,date,author,type,platform,port 45396,exploits/windows/webapps/45396.txt,"Apache Portals Pluto 3.0.0 - Remote Code Execution",2018-09-13,"Che-Chun Kuo",webapps,windows, 45400,exploits/windows/webapps/45400.txt,"Apache Syncope 2.0.7 - Remote Code Execution",2018-09-13,"Che-Chun Kuo",webapps,windows, 45409,exploits/linux/webapps/45409.rb,"Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)",2018-09-14,"Stephen Shkardoon",webapps,linux,443 -45411,exploits/php/webapps/45411.txt,"Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection",2018-09-14,"Ceylan BOZOĞULLARINDAN",webapps,php,80 +45411,exploits/php/webapps/45411.txt,"WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection",2018-09-14,"Ceylan BOZOĞULLARINDAN",webapps,php,80 45422,exploits/hardware/webapps/45422.txt,"Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting",2018-09-17,cakes,webapps,hardware,80 -45423,exploits/php/webapps/45423.txt,"Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection",2018-09-17,"Hamza Megahed",webapps,php, +45423,exploits/php/webapps/45423.txt,"Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection",2018-09-17,"Hamza Megahed",webapps,php, 45434,exploits/php/webapps/45434.txt,"WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting",2018-09-18,"Larry W. Cashdollar",webapps,php,80 45437,exploits/linux/webapps/45437.txt,"Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting",2018-09-19,"Fahimeh Rezaei",webapps,linux,443 45438,exploits/php/webapps/45438.txt,"WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion",2018-09-19,"Manuel García Cárdenas",webapps,php,80 @@ -41323,7 +41333,7 @@ id,file,description,date,author,type,platform,port 45469,exploits/php/webapps/45469.txt,"Joomla! Component Jobs Factory 2.0.4 - SQL Injection",2018-09-25,"Ihsan Sencan",webapps,php,80 45470,exploits/php/webapps/45470.txt,"Joomla! Component Social Factory 3.8.3 - SQL Injection",2018-09-25,"Ihsan Sencan",webapps,php,80 45471,exploits/hardware/webapps/45471.txt,"RICOH MP C6503 Plus Printer - Cross-Site Scripting",2018-09-25,"Ismail Tasdelen",webapps,hardware, -45472,exploits/php/webapps/45472.txt,"Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection",2018-09-25,AkkuS,webapps,php, +45472,exploits/php/webapps/45472.txt,"Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection",2018-09-25,AkkuS,webapps,php, 45473,exploits/php/webapps/45473.txt,"Joomla! Component Swap Factory 2.2.1 - SQL Injection",2018-09-25,"Ihsan Sencan",webapps,php,80 45474,exploits/php/webapps/45474.txt,"Joomla! Component Collection Factory 4.1.9 - SQL Injection",2018-09-25,"Ihsan Sencan",webapps,php,80 45475,exploits/php/webapps/45475.txt,"Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection",2018-09-25,"Ihsan Sencan",webapps,php,80 @@ -41489,7 +41499,6 @@ id,file,description,date,author,type,platform,port 45773,exploits/php/webapps/45773.txt,"SiAdmin 1.1 - 'id' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80 45774,exploits/asp/webapps/45774.py,"Advantech WebAccess SCADA 8.3.2 - Remote Code Execution",2018-11-05,"Chris Lyne",webapps,asp, 45775,exploits/php/webapps/45775.txt,"WebVet 0.1a - 'id' SQL Injection",2018-11-05,"Ihsan Sencan",webapps,php,80 -45776,exploits/hardware/webapps/45776.py,"Virgin Media Hub 3.0 Router - Denial of Service (PoC)",2018-11-05,"Ross Inman",webapps,hardware, 45777,exploits/php/webapps/45777.txt,"Poppy Web Interface Generator 0.8 - Arbitrary File Upload",2018-11-05,"Ihsan Sencan",webapps,php, 45779,exploits/php/webapps/45779.txt,"Mongo Web Admin 6.0 - Information Disclosure",2018-11-05,"Ihsan Sencan",webapps,php, 45780,exploits/php/webapps/45780.py,"PHP Proxy 3.0.3 - Local File Inclusion",2018-11-05,AkkuS,webapps,php,80 @@ -41504,7 +41513,7 @@ id,file,description,date,author,type,platform,port 45803,exploits/php/webapps/45803.txt,"PlayJoom 0.10.1 - 'catid' SQL Injection",2018-11-07,"Ihsan Sencan",webapps,php,80 45807,exploits/php/webapps/45807.txt,"Data Center Audit 2.6.2 - 'username' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80 45808,exploits/linux/webapps/45808.txt,"TufinOS 2.17 Build 1193 - XML External Entity Injection",2018-11-12,"Konstantinos Alexiou",webapps,linux, -45809,exploits/php/webapps/45809.txt,"Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting",2018-11-12,"Pasquale Turi",webapps,php,80 +45809,exploits/php/webapps/45809.txt,"WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting",2018-11-12,"Pasquale Turi",webapps,php,80 45810,exploits/php/webapps/45810.txt,"Paroiciel 11.20 - 'tRecIdListe' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80 45811,exploits/hardware/webapps/45811.rb,"TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)",2018-11-12,Wadeek,webapps,hardware, 45812,exploits/php/webapps/45812.txt,"The Don 1.0.1 - 'login' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80 @@ -41560,10 +41569,10 @@ id,file,description,date,author,type,platform,port 45892,exploits/php/webapps/45892.txt,"Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)",2018-11-20,"Javier Olmedo",webapps,php,80 45894,exploits/hardware/webapps/45894.txt,"Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)",2018-11-21,LiquidWorm,webapps,hardware, 45895,exploits/php/webapps/45895.txt,"Ticketly 1.0 - 'name' SQL Injection",2018-11-21,"Javier Olmedo",webapps,php,80 -45896,exploits/php/webapps/45896.txt,"WordPress CherryFramework Themes 3.1.4 - Backup File Download",2018-11-21,b1p0l4r,webapps,php,80 +45896,exploits/php/webapps/45896.txt,"WordPress Theme CherryFramework 3.1.4 - Backup File Download",2018-11-21,b1p0l4r,webapps,php,80 45897,exploits/php/webapps/45897.txt,"WebOfisi E-Ticaret V4 - 'urun' SQL Injection",2018-11-21,AkkuS,webapps,php,80 45899,exploits/hardware/webapps/45899.txt,"Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials",2018-11-26,Hodorsec,webapps,hardware, -45900,exploits/php/webapps/45900.txt,"WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting",2018-11-26,En_dust,webapps,php,80 +45900,exploits/php/webapps/45900.txt,"WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting",2018-11-26,En_dust,webapps,php,80 45902,exploits/php/webapps/45902.txt,"Ticketly 1.0 - 'kind_id' SQL Injection",2018-11-26,"Javier Olmedo",webapps,php,80 45903,exploits/php/webapps/45903.txt,"No-Cms 1.0 - 'order_by' SQL Injection",2018-11-26,"Loading Kura Kura",webapps,php,80 45904,exploits/hardware/webapps/45904.txt,"Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal",2018-11-26,"numan türle",webapps,hardware,80 @@ -41638,7 +41647,7 @@ id,file,description,date,author,type,platform,port 46080,exploits/php/webapps/46080.txt,"MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting",2019-01-07,0xB9,webapps,php,80 46081,exploits/cgi/webapps/46081.txt,"PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting",2019-01-07,"Kumar Saurav",webapps,cgi,80 46082,exploits/php/webapps/46082.txt,"phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting",2019-01-07,"Ozer Goker",webapps,php,80 -46083,exploits/php/webapps/46083.txt,"Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation",2019-01-07,"Noman Riffat",webapps,php,80 +46083,exploits/php/webapps/46083.txt,"WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation",2019-01-07,"Noman Riffat",webapps,php,80 46084,exploits/php/webapps/46084.txt,"MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection",2019-01-07,"Mehmet Onder",webapps,php,80 46085,exploits/php/webapps/46085.txt,"Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal",2019-01-07,"Pongtorn Angsuchotmetee_ Vittawat Masaree",webapps,php,80 46086,exploits/windows/webapps/46086.txt,"Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data",2019-01-07,"Anthony Cole",webapps,windows, @@ -41731,7 +41740,7 @@ id,file,description,date,author,type,platform,port 46243,exploits/hardware/webapps/46243.txt,"Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection",2019-01-25,"RedTeam Pentesting",webapps,hardware, 46244,exploits/php/webapps/46244.txt,"GreenCMS 2.x - SQL Injection",2019-01-25,"Ihsan Sencan",webapps,php,80 46245,exploits/php/webapps/46245.txt,"GreenCMS 2.x - Arbitrary File Download",2019-01-25,"Ihsan Sencan",webapps,php,80 -46247,exploits/php/webapps/46247.txt,"Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing",2019-01-25,MTK,webapps,php,80 +46247,exploits/php/webapps/46247.txt,"WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing",2019-01-25,MTK,webapps,php,80 46251,exploits/java/webapps/46251.txt,"Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting",2019-01-28,"Ishaq Mohammed",webapps,java,80 46252,exploits/php/webapps/46252.txt,"WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download",2019-01-28,41!kh4224rDz,webapps,php,80 46253,exploits/hardware/webapps/46253.html,"AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery",2019-01-28,"Ali Can Gönüllü",webapps,hardware,80 @@ -41776,7 +41785,7 @@ id,file,description,date,author,type,platform,port 46349,exploits/linux/webapps/46349.txt,"CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting",2019-02-11,DKM,webapps,linux, 46350,exploits/php/webapps/46350.txt,"Webiness Inventory 2.3 - 'email' SQL Injection",2019-02-11,"Mehmet EMIROGLU",webapps,php,80 46351,exploits/php/webapps/46351.txt,"OPNsense < 19.1.1 - Cross-Site Scripting",2019-02-12,"Ozer Goker",webapps,php,80 -46352,exploits/linux/webapps/46352.rb,"Jenkins 2.150.2 - Remote Command Execution (Metasploit)",2019-02-12,AkkuS,webapps,linux, +46352,exploits/linux/webapps/46352.rb,"Jenkins 2.150.2 - Remote Command Execution (Metasploit)",2019-02-12,AkkuS,webapps,linux, 46353,exploits/aspx/webapps/46353.cs,"BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution",2019-02-12,"Dustin Cobb",webapps,aspx, 46354,exploits/php/webapps/46354.txt,"LayerBB 1.1.2 - Cross-Site Scripting",2019-02-12,0xB9,webapps,php,80 46483,exploits/php/webapps/46483.txt,"OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery",2019-03-04,"Mr Winst0n",webapps,php,80 @@ -41825,9 +41834,9 @@ id,file,description,date,author,type,platform,port 46456,exploits/php/webapps/46456.txt,"News Website Script 2.0.5 - SQL Injection",2019-02-25,"Mr Winst0n",webapps,php, 46457,exploits/php/webapps/46457.txt,"Advance Gift Shop Pro Script 2.0.3 - SQL Injection",2019-02-25,"Mr Winst0n",webapps,php, 46459,exploits/php/webapps/46459.py,"Drupal < 8.6.9 - REST Module Remote Code Execution",2019-02-25,leonjza,webapps,php, -46461,exploits/php/webapps/46461.txt,"Simple Online Hotel Reservation System - SQL Injection",2019-02-28,"Mr Winst0n",webapps,php, -46462,exploits/php/webapps/46462.html,"Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)",2019-02-28,"Mr Winst0n",webapps,php, -46463,exploits/php/webapps/46463.html,"Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)",2019-02-28,"Mr Winst0n",webapps,php, +46461,exploits/php/webapps/46461.txt,"Simple Online Hotel Reservation System - SQL Injection",2019-02-28,"Mr Winst0n",webapps,php, +46462,exploits/php/webapps/46462.html,"Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)",2019-02-28,"Mr Winst0n",webapps,php, +46463,exploits/php/webapps/46463.html,"Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)",2019-02-28,"Mr Winst0n",webapps,php, 46467,exploits/php/webapps/46467.txt,"Joomla! Component J2Store < 3.3.7 - SQL Injection",2019-02-28,"Andrei Conache",webapps,php, 46468,exploits/linux/webapps/46468.rb,"Usermin 1.750 - Remote Command Execution (Metasploit)",2019-02-28,AkkuS,webapps,linux, 46471,exploits/php/webapps/46471.rb,"Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)",2019-02-28,AkkuS,webapps,php, @@ -41841,7 +41850,7 @@ id,file,description,date,author,type,platform,port 46500,exploits/php/webapps/46500.txt,"OpenDocMan 1.3.4 - 'search.php where' SQL Injection",2019-03-05,"Mehmet EMIROGLU",webapps,php,80 46505,exploits/php/webapps/46505.txt,"Kados R10 GreenBee - Multiple SQL Injection",2019-03-07,"Mehmet EMIROGLU",webapps,php,80 46511,exploits/php/webapps/46511.js,"WordPress Core 5.0 - Remote Code Execution",2019-03-01,allyshka,webapps,php, -46512,exploits/php/webapps/46512.js,"phpBB 3.2.3 - Remote Code Execution",2018-12-12,allyshka,webapps,php, +46512,exploits/php/webapps/46512.js,"phpBB 3.2.3 - Remote Code Execution",2018-12-12,allyshka,webapps,php, 46517,exploits/multiple/webapps/46517.txt,"OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting",2019-03-08,"Ozer Goker",webapps,multiple, 46518,exploits/windows/webapps/46518.txt,"McAfee ePO 5.9.1 - Registered Executable Local Access Bypass",2019-03-08,leonjza,webapps,windows, 46520,exploits/php/webapps/46520.txt,"DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery",2019-03-08,ManhNho,webapps,php, @@ -41931,14 +41940,14 @@ id,file,description,date,author,type,platform,port 46671,exploits/php/webapps/46671.txt,"Tradebox CryptoCurrency - 'symbol' SQL Injection",2019-04-08,"Abdullah Çelebi",webapps,php,80 46672,exploits/php/webapps/46672.js,"WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass",2019-04-08,isdampe,webapps,php,80 46674,exploits/java/webapps/46674.txt,"ManageEngine ServiceDesk Plus 9.3 - User Enumeration",2019-04-08,Operat0r,webapps,java, -48177,exploits/php/webapps/48177.txt,"60CycleCMS - 'news.php' SQL Injection",2020-03-09,Unkn0wn,webapps,php, +48177,exploits/php/webapps/48177.txt,"60CycleCMS - 'news.php' SQL Injection",2020-03-09,Unkn0wn,webapps,php, 46681,exploits/php/webapps/46681.txt,"Ashop Shopping Cart Software - 'bannedcustomers.php?blacklistitemid' SQL Injection",2019-04-09,"Doğukan Karaciğer",webapps,php,80 46684,exploits/php/webapps/46684.py,"Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution",2019-04-10,"Julien Ahrens",webapps,php,443 46687,exploits/hardware/webapps/46687.txt,"D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting",2019-04-10,"Semen Alexandrovich Lyhin",webapps,hardware,80 46691,exploits/php/webapps/46691.rb,"ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)",2019-04-12,AkkuS,webapps,php, 46694,exploits/php/webapps/46694.txt,"DirectAdmin 1.561 - Multiple Vulnerabilities",2019-04-15,InfinitumIT,webapps,php, 46706,exploits/hardware/webapps/46706.txt,"Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting",2019-04-16,"Aaron Bishop",webapps,hardware,80 -46710,exploits/php/webapps/46710.py,"Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion",2019-04-16,"Haboob Team",webapps,php,80 +46710,exploits/php/webapps/46710.py,"Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion",2019-04-16,"Haboob Team",webapps,php,80 46728,exploits/windows/webapps/46728.txt,"Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal",2019-04-19,"Vahagn Vardanyan",webapps,windows, 46729,exploits/windows/webapps/46729.txt,"Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection",2019-04-19,"Vahagn Vardanyan",webapps,windows, 46734,exploits/php/webapps/46734.txt,"WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion",2019-04-22,"Panagiotis Vagenas",webapps,php,80 @@ -41952,7 +41961,6 @@ id,file,description,date,author,type,platform,port 46765,exploits/ashx/webapps/46765.txt,"Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx, 46766,exploits/ashx/webapps/46766.txt,"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx, 46767,exploits/ashx/webapps/46767.txt,"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)",2019-04-30,"Seyed Sadegh Khatami",webapps,ashx, -46768,exploits/hardware/webapps/46768.sh,"Intelbras IWR 3000N - Denial of Service (Remote Reboot)",2019-04-30,"Social Engineering Neo",webapps,hardware, 46769,exploits/php/webapps/46769.txt,"Joomla! Component ARI Quiz 3.7.4 - SQL Injection",2019-04-30,"Mr Winst0n",webapps,php,80 46770,exploits/hardware/webapps/46770.html,"Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery",2019-04-30,"Social Engineering Neo",webapps,hardware, 46771,exploits/php/webapps/46771.txt,"HumHub 1.3.12 - Cross-Site Scripting",2019-04-30,"Kağan EĞLENCE",webapps,php,80 @@ -41966,7 +41974,7 @@ id,file,description,date,author,type,platform,port 46786,exploits/hardware/webapps/46786.txt,"Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection",2019-05-03,"Jacob Baines",webapps,hardware, 46787,exploits/php/webapps/46787.txt,"Instagram Auto Follow - Authentication Bypass",2019-05-03,Veyselxan,webapps,php, 46788,exploits/multiple/webapps/46788.txt,"Zotonic < 0.47.0 mod_admin - Cross-Site Scripting",2019-05-03,"Ramòn Janssen",webapps,multiple, -46794,exploits/php/webapps/46794.py,"Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution",2019-05-03,hash3liZer,webapps,php, +46794,exploits/php/webapps/46794.py,"WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution",2019-05-03,hash3liZer,webapps,php, 46796,exploits/multiple/webapps/46796.txt,"ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution",2019-05-06,"Gilson Camelo",webapps,multiple, 46798,exploits/php/webapps/46798.txt,"PHPads 2.0 - 'click.php3?bannerID' SQL Injection",2019-05-06,"felipe andrian",webapps,php,80 46799,exploits/asp/webapps/46799.txt,"microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection",2019-05-06,"felipe andrian",webapps,asp,80 @@ -42004,7 +42012,6 @@ id,file,description,date,author,type,platform,port 46898,exploits/hardware/webapps/46898.txt,"Carel pCOWeb < B1.2.1 - Credentials Disclosure",2019-05-22,Luca.Chiou,webapps,hardware, 46903,exploits/php/webapps/46903.txt,"Horde Webmail 5.2.22 - Multiple Vulnerabilities",2019-05-22,InfinitumIT,webapps,php, 46910,exploits/php/webapps/46910.txt,"Nagios XI 5.6.1 - SQL injection",2019-05-23,JameelNabbo,webapps,php, -46921,exploits/php/webapps/46921.sh,"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC",2019-05-24,"Todor Donev",webapps,php, 46931,exploits/multiple/webapps/46931.txt,"Deltek Maconomy 2.2.5 - Local File Inclusion",2019-05-27,JameelNabbo,webapps,multiple, 46935,exploits/multiple/webapps/46935.txt,"Phraseanet < 4.0.7 - Cross-Site Scripting",2019-05-28,"Krzysztof Szulski",webapps,multiple, 46936,exploits/php/webapps/46936.txt,"pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting",2019-05-29,"Chi Tran",webapps,php, @@ -42044,7 +42051,7 @@ id,file,description,date,author,type,platform,port 47034,exploits/php/webapps/47034.txt,"AZADMIN CMS 1.0 - SQL Injection",2019-06-25,"felipe andrian",webapps,php,80 47035,exploits/aspx/webapps/47035.py,"BlogEngine.NET 3.3.6/3.3.7 - 'path' Directory Traversal",2019-06-25,"Aaron Bishop",webapps,aspx, 47036,exploits/php/webapps/47036.txt,"WordPress Plugin iLive 1.0.4 - Cross-Site Scripting",2019-06-25,m0ze,webapps,php,80 -47037,exploits/php/webapps/47037.txt,"WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting",2019-06-25,m0ze,webapps,php,80 +47037,exploits/php/webapps/47037.txt,"WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting",2019-06-25,m0ze,webapps,php,80 47044,exploits/php/webapps/47044.py,"LibreNMS 1.46 - 'addhost' Remote Code Execution",2019-06-28,Askar,webapps,php,80 47045,exploits/php/webapps/47045.txt,"WorkSuite PRM 2.4 - 'password' SQL Injection",2019-07-01,"Mehmet EMIROGLU",webapps,php,80 47046,exploits/php/webapps/47046.txt,"CiuisCRM 1.6 - 'eventType' SQL Injection",2019-07-01,"Mehmet EMIROGLU",webapps,php,80 @@ -42057,7 +42064,7 @@ id,file,description,date,author,type,platform,port 47064,exploits/hardware/webapps/47064.txt,"FaceSentry Access Control System 6.4.8 - Remote Command Injection",2019-07-01,LiquidWorm,webapps,hardware, 47065,exploits/hardware/webapps/47065.txt,"FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery",2019-07-01,LiquidWorm,webapps,hardware, 47066,exploits/hardware/webapps/47066.py,"FaceSentry Access Control System 6.4.8 - Remote Root Exploit",2019-07-01,LiquidWorm,webapps,hardware, -47069,exploits/php/webapps/47069.py,"Centreon 19.04 - Remote Code Execution",2019-07-02,Askar,webapps,php, +47069,exploits/php/webapps/47069.py,"Centreon 19.04 - Remote Code Execution",2019-07-02,Askar,webapps,php, 47071,exploits/multiple/webapps/47071.txt,"Symantec DLP 15.5 MP1 - Cross-Site Scripting",2019-07-03,"Chapman Schleiss",webapps,multiple,8443 47075,exploits/php/webapps/47075.txt,"Karenderia Multiple Restaurant System 5.3 - Local File Inclusion",2019-07-05,"Mehmet EMIROGLU",webapps,php, 47078,exploits/php/webapps/47078.txt,"WordPress Plugin Like Button 1.6.0 - Authentication Bypass",2019-07-08,"Benjamin Lim",webapps,php,80 @@ -42140,7 +42147,7 @@ id,file,description,date,author,type,platform,port 47289,exploits/php/webapps/47289.txt,"Neo Billing 3.5 - Persistent Cross-Site Scripting",2019-08-19,n1x_,webapps,php,80 47293,exploits/linux/webapps/47293.sh,"Webmin 1.920 - Remote Code Execution",2019-08-19,"Fernando A. Lagos B",webapps,linux, 47294,exploits/php/webapps/47294.txt,"YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection",2019-08-19,"Fabian Mosch",webapps,php,80 -47295,exploits/php/webapps/47295.html,"WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery",2019-08-20,"Princy Edward",webapps,php, +47295,exploits/php/webapps/47295.html,"WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery",2019-08-20,"Princy Edward",webapps,php, 47301,exploits/multiple/webapps/47301.txt,"Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal",2019-08-23,MaYaSeVeN,webapps,multiple, 47302,exploits/windows/webapps/47302.txt,"LSoft ListServ < 16.5-2018a - Cross-Site Scripting",2019-08-26,MTK,webapps,windows, 47303,exploits/php/webapps/47303.txt,"WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection",2019-08-26,"Javier Olmedo",webapps,php,80 @@ -42158,7 +42165,7 @@ id,file,description,date,author,type,platform,port 47326,exploits/php/webapps/47326.txt,"YouPHPTube 7.4 - Remote Code Execution",2019-08-30,"Damian Ebelties",webapps,php,80 47327,exploits/php/webapps/47327.txt,"WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting",2019-08-30,"Damian Ebelties",webapps,php,80 47331,exploits/php/webapps/47331.txt,"Opencart 3.x - Cross-Site Scripting",2019-09-02,"Nipun Somani",webapps,php, -47335,exploits/php/webapps/47335.txt,"Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection",2019-09-02,MTK,webapps,php, +47335,exploits/php/webapps/47335.txt,"WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection",2019-09-02,MTK,webapps,php, 47338,exploits/multiple/webapps/47338.txt,"Alkacon OpenCMS 10.5.x - Cross-Site Scripting",2019-09-02,Aetsu,webapps,multiple, 47339,exploits/multiple/webapps/47339.txt,"Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)",2019-09-02,Aetsu,webapps,multiple, 47340,exploits/multiple/webapps/47340.txt,"Alkacon OpenCMS 10.5.x - Local File inclusion",2019-09-02,Aetsu,webapps,multiple, @@ -42167,7 +42174,7 @@ id,file,description,date,author,type,platform,port 47350,exploits/php/webapps/47350.txt,"WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting",2019-09-04,MgThuraMoeMyint,webapps,php,80 47351,exploits/hardware/webapps/47351.txt,"DASAN Zhone ZNID GPON 2426A EU - Multiple Cross-Site Scripting",2019-09-04,"Adam Ziaja",webapps,hardware,80 47356,exploits/php/webapps/47356.txt,"Inventory Webapp - 'itemquery' SQL injection",2019-09-06,"mohammad zaheri",webapps,php, -47361,exploits/php/webapps/47361.pl,"WordPress 5.2.3 - Cross-Site Host Modification",2019-09-09,"Todor Donev",webapps,php, +47361,exploits/php/webapps/47361.pl,"WordPress Core 5.2.3 - Cross-Site Host Modification",2019-09-09,"Todor Donev",webapps,php, 47362,exploits/php/webapps/47362.txt,"Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection",2019-09-09,"Metin Yunus Kandemir",webapps,php,80 47363,exploits/multiple/webapps/47363.html,"Enigma NMS 65.0.0 - Cross-Site Request Forgery",2019-09-09,xerubus,webapps,multiple, 47364,exploits/multiple/webapps/47364.py,"Enigma NMS 65.0.0 - OS Command Injection",2019-09-09,xerubus,webapps,multiple, @@ -42223,7 +42230,7 @@ id,file,description,date,author,type,platform,port 47459,exploits/multiple/webapps/47459.py,"AnchorCMS < 0.12.3a - Information Disclosure",2019-10-03,"Tijme Gommers",webapps,multiple, 47460,exploits/php/webapps/47460.txt,"LabCollector 5.423 - SQL Injection",2019-10-04,"Carlos Avila",webapps,php, 47462,exploits/php/webapps/47462.php,"PHP 7.0 < 7.3 (Unix) - 'gc' disable_functions Bypass",2019-10-03,mm0r1,webapps,php, -47465,exploits/php/webapps/47465.py,"Joomla 3.4.6 - 'configuration.php' Remote Code Execution",2019-10-07,"Alessandro Groppo",webapps,php, +47465,exploits/php/webapps/47465.py,"Joomla! 3.4.6 - 'configuration.php' Remote Code Execution",2019-10-07,"Alessandro Groppo",webapps,php, 47467,exploits/php/webapps/47467.txt,"Zabbix 4.2 - Authentication Bypass",2019-10-07,"Milad Khoshdel",webapps,php, 47469,exploits/php/webapps/47469.txt,"Subrion 4.2.1 - 'Email' Persistant Cross-Site Scripting",2019-10-07,Creatigon,webapps,php, 47470,exploits/java/webapps/47470.txt,"IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload",2019-10-07,"Jakub Palaczynski",webapps,java, @@ -42232,7 +42239,7 @@ id,file,description,date,author,type,platform,port 47480,exploits/hardware/webapps/47480.txt,"SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery",2019-10-10,"Borja Merino",webapps,hardware,80 47483,exploits/hardware/webapps/47483.py,"TP-Link TL-WR1043ND 2 - Authentication Bypass",2019-10-10,"Uriel Kosayev",webapps,hardware,80 47491,exploits/hardware/webapps/47491.txt,"Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting",2019-10-11,"Prof. Joas Antonio",webapps,hardware, -47492,exploits/php/webapps/47492.rb,"WordPress Arforms 3.7.1 - Directory Traversal",2019-10-11,"Ahmad Almorabea",webapps,php, +47492,exploits/php/webapps/47492.rb,"WordPress Plugin Arforms 3.7.1 - Directory Traversal",2019-10-11,"Ahmad Almorabea",webapps,php, 47496,exploits/php/webapps/47496.txt,"Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting",2019-10-14,"Debashis Pal",webapps,php, 47497,exploits/python/webapps/47497.py,"Ajenti 2.1.31 - Remote Code Execution",2019-10-14,"Jeremy Brown",webapps,python, 47498,exploits/php/webapps/47498.txt,"Kirona-DRS 5.5.3.5 - Information Disclosure",2019-10-14,Ramikan,webapps,php, @@ -42242,10 +42249,10 @@ id,file,description,date,author,type,platform,port 47613,exploits/aspx/webapps/47613.txt,"Adrenalin Core HCM 5.4.0 - 'prntDDLCntrlName' Reflected Cross-Site Scripting",2019-11-12,Cy83rl0gger,webapps,aspx, 47614,exploits/hardware/webapps/47614.txt,"Computrols CBAS-Web 19.0.0 - 'username' Reflected Cross-Site Scripting",2019-11-12,LiquidWorm,webapps,hardware, 47611,exploits/aspx/webapps/47611.txt,"Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting",2019-11-12,Cy83rl0gger,webapps,aspx, -47516,exploits/php/webapps/47516.txt,"WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, -47517,exploits/php/webapps/47517.txt,"WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, -47518,exploits/php/webapps/47518.txt,"WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, -47520,exploits/php/webapps/47520.py,"Restaurant Management System 1.0 - Remote Code Execution",2019-10-17,"Ibad Shah",webapps,php, +47516,exploits/php/webapps/47516.txt,"WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, +47517,exploits/php/webapps/47517.txt,"WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, +47518,exploits/php/webapps/47518.txt,"WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting",2019-10-17,Unk9vvN,webapps,php, +47520,exploits/php/webapps/47520.py,"Restaurant Management System 1.0 - Remote Code Execution",2019-10-17,"Ibad Shah",webapps,php, 47524,exploits/php/webapps/47524.py,"Joomla! 3.4.6 - Remote Code Execution",2019-10-18,"Alessandro Groppo",webapps,php, 47537,exploits/linux/webapps/47537.txt,"Rocket.Chat 2.1.0 - Cross-Site Scripting",2019-10-23,3H34N,webapps,linux, 47539,exploits/php/webapps/47539.rb,"Joomla! 3.4.6 - Remote Code Execution (Metasploit)",2019-10-23,"Alessandro Groppo",webapps,php, @@ -42291,7 +42298,7 @@ id,file,description,date,author,type,platform,port 47628,exploits/hardware/webapps/47628.txt,"CBAS-Web 19.0.0 - Cross-Site Request Forgery (Add Super Admin)",2019-11-12,LiquidWorm,webapps,hardware, 47630,exploits/hardware/webapps/47630.txt,"CBAS-Web 19.0.0 - Username Enumeration",2019-11-12,LiquidWorm,webapps,hardware, 47631,exploits/php/webapps/47631.txt,"CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection",2019-11-12,LiquidWorm,webapps,php, -47632,exploits/php/webapps/47632.txt,"Joomla 3.9.13 - 'Host' Header Injection",2019-11-12,"Pablo Santiago",webapps,php, +47632,exploits/php/webapps/47632.txt,"Joomla! 3.9.13 - 'Host' Header Injection",2019-11-12,"Pablo Santiago",webapps,php, 47633,exploits/alpha/webapps/47633.txt,"Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting",2019-11-12,LiquidWorm,webapps,alpha, 47634,exploits/hardware/webapps/47634.txt,"Prima Access Control 2.3.35 - Arbitrary File Upload",2019-11-12,LiquidWorm,webapps,hardware, 47635,exploits/jsp/webapps/47635.rb,"Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)",2019-11-12,max7253,webapps,jsp, @@ -42302,7 +42309,6 @@ id,file,description,date,author,type,platform,port 47641,exploits/hardware/webapps/47641.py,"Optergy 2.3.0a - Remote Code Execution (Backdoor)",2019-11-12,LiquidWorm,webapps,hardware, 47643,exploits/aspx/webapps/47643.txt,"Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting",2019-11-12,Cy83rl0gger,webapps,aspx, 47644,exploits/hardware/webapps/47644.py,"FlexAir Access Control 2.3.35 - Authentication Bypass",2019-11-12,LiquidWorm,webapps,hardware, -47648,exploits/hardware/webapps/47648.txt,"Bematech Printer MP-4200 - Denial of Service",2019-11-12,"Jonatas Fil",webapps,hardware, 47649,exploits/hardware/webapps/47649.py,"Linear eMerge E3 1.00-06 - Remote Code Execution",2019-11-13,LiquidWorm,webapps,hardware, 47650,exploits/php/webapps/47650.txt,"FUDForum 3.0.9 - Remote Code Execution",2019-11-13,liquidsky,webapps,php, 47651,exploits/hardware/webapps/47651.txt,"Technicolor TD5130.2 - Remote Command Execution",2019-11-13,"João Teles",webapps,hardware, @@ -42331,7 +42337,6 @@ id,file,description,date,author,type,platform,port 47739,exploits/php/webapps/47739.php,"Revive Adserver 4.2 - Remote Code Execution",2019-12-03,crlf,webapps,php, 47741,exploits/php/webapps/47741.txt,"Online Clinic Management System 2.2 - HTML Injection",2019-12-04,"Cemal Cihad ÇİFTÇİ",webapps,php, 47749,exploits/php/webapps/47749.php,"Verot 2.0.3 - Remote Code Execution",2019-12-06,"Jinny Ramsmark",webapps,php, -47744,exploits/hardware/webapps/47744.txt,"Cisco WLC 2504 8.9 - Denial of Service (PoC)",2019-12-04,SecuNinja,webapps,hardware, 47745,exploits/php/webapps/47745.txt,"OwnCloud 8.1.8 - Username Disclosure",2019-12-04,"Daniel Moreno",webapps,php, 47748,exploits/windows/webapps/47748.py,"Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution",2019-12-05,"Peter Lapp",webapps,windows, 47756,exploits/php/webapps/47756.txt,"Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting",2019-12-09,"Metin Yunus Kandemir",webapps,php, @@ -42350,14 +42355,13 @@ id,file,description,date,author,type,platform,port 47778,exploits/hardware/webapps/47778.txt,"D-Link DIR-615 - Privilege Escalation",2019-12-16,"Sanyam Chawla",webapps,hardware, 47781,exploits/java/webapps/47781.txt,"Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting",2019-12-17,MTK,webapps,java, 47782,exploits/hardware/webapps/47782.py,"Netgear R6400 - Remote Code Execution",2019-12-17,"Kevin Randall",webapps,hardware, -47783,exploits/aspx/webapps/47783.py,"NopCommerce 4.2.0 - Privilege Escalation",2019-12-17,"Alessandro Magnosi",webapps,aspx, +47783,exploits/aspx/webapps/47783.py,"NopCommerce 4.2.0 - Privilege Escalation",2019-12-17,"Alessandro Magnosi",webapps,aspx, 47785,exploits/windows/webapps/47785.txt,"Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)",2019-12-18,"Ismail Tasdelen",webapps,windows, 47787,exploits/hardware/webapps/47787.txt,"Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)",2019-12-18,"Ismail Tasdelen",webapps,hardware, 47789,exploits/asp/webapps/47789.txt,"Rumpus FTP Web File Manager 8.2.9.1 - Reflected Cross-Site Scripting",2019-12-18,"Harshit Shukla",webapps,asp, 47793,exploits/aspx/webapps/47793.txt,"Telerik UI - Remote Code Execution via Insecure Deserialization",2019-12-18,"Bishop Fox",webapps,aspx, 47796,exploits/hardware/webapps/47796.txt,"Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation",2019-12-19,Vulnerability-Lab,webapps,hardware, 47798,exploits/php/webapps/47798.txt,"phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting",2019-12-20,"Chris Inzinga",webapps,php, -47800,exploits/php/webapps/47800.py,"WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service",2019-12-17,roddux,webapps,php, 47806,exploits/hardware/webapps/47806.txt,"HomeAutomation 3.3.2 - Persistent Cross-Site Scripting",2019-12-30,LiquidWorm,webapps,hardware, 47807,exploits/php/webapps/47807.txt,"HomeAutomation 3.3.2 - Authentication Bypass",2019-12-30,LiquidWorm,webapps,php, 47808,exploits/php/webapps/47808.txt,"HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)",2019-12-30,LiquidWorm,webapps,php, @@ -42377,7 +42381,7 @@ id,file,description,date,author,type,platform,port 47826,exploits/hardware/webapps/47826.txt,"RICOH SP 4510SF Printer - HTML Injection",2019-12-30,"Ismail Tasdelen",webapps,hardware, 47827,exploits/hardware/webapps/47827.txt,"RICOH Web Image Monitor 1.09 - HTML Injection",2019-12-30,"Ismail Tasdelen",webapps,hardware, 47828,exploits/hardware/webapps/47828.txt,"Heatmiser Netmonitor 3.03 - HTML Injection",2019-12-30,"Ismail Tasdelen",webapps,hardware, -47832,exploits/php/webapps/47832.py,"Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass",2019-12-31,"Raphael Karger",webapps,php, +47832,exploits/php/webapps/47832.py,"WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass",2019-12-31,"Raphael Karger",webapps,php, 47834,exploits/php/webapps/47834.py,"Shopping Portal ProVersion 3.0 - Authentication Bypass",2020-01-01,"Metin Yunus Kandemir",webapps,php, 47835,exploits/hardware/webapps/47835.txt,"IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal",2020-01-01,"Raif Berkay Dincel",webapps,hardware, 47836,exploits/php/webapps/47836.py,"Hospital Management System 4.0 - Authentication Bypass",2020-01-01,"Metin Yunus Kandemir",webapps,php, @@ -42415,18 +42419,17 @@ id,file,description,date,author,type,platform,port 47914,exploits/php/webapps/47914.txt,"Digi AnywhereUSB 14 - Reflective Cross-Site Scripting",2020-01-13,"Raspina Net Pars Group",webapps,php, 47917,exploits/hardware/webapps/47917.txt,"IBM RICOH InfoPrint 6500 Printer - HTML Injection",2020-01-14,"Ismail Tasdelen",webapps,hardware, 47918,exploits/hardware/webapps/47918.txt,"IBM RICOH 6400 Printer - HTML Injection",2020-01-14,"Ismail Tasdelen",webapps,hardware, -47922,exploits/php/webapps/47922.txt,"Online Book Store 1.0 - 'bookisbn' SQL Injection",2020-01-15,"Ertebat Gostar Co",webapps,php, -47923,exploits/hardware/webapps/47923.rb,"Huawei HG255 - Directory Traversal ( Metasploit )",2020-01-15,"Ismail Tasdelen",webapps,hardware, +47922,exploits/php/webapps/47922.txt,"Online Book Store 1.0 - 'bookisbn' SQL Injection",2020-01-15,"Ertebat Gostar Co",webapps,php, +47923,exploits/hardware/webapps/47923.rb,"Huawei HG255 - Directory Traversal (Metasploit)",2020-01-15,"Ismail Tasdelen",webapps,hardware, 47925,exploits/php/webapps/47925.txt,"WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting",2020-01-16,V1n1v131r4,webapps,php, 47926,exploits/php/webapps/47926.txt,"Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection",2020-01-16,"Fatih Çelik",webapps,php, 47927,exploits/java/webapps/47927.txt,"Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting",2020-01-16,"Ai Ho",webapps,java, 47928,exploits/php/webapps/47928.txt,"Online Book Store 1.0 - Arbitrary File Upload",2020-01-16,Or4nG.M4N,webapps,php, -47929,exploits/multiple/webapps/47929.rb,"Tautulli 2.1.9 - Denial of Service ( Metasploit )",2020-01-16,"Ismail Tasdelen",webapps,multiple, 47930,exploits/multiple/webapps/47930.txt,"Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal",2020-01-16,"Dhiraj Mishra",webapps,multiple, 47931,exploits/php/webapps/47931.txt,"Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection",2020-01-16,"Fatih Çelik",webapps,php, 47934,exploits/php/webapps/47934.txt,"Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection",2020-01-16,"Fatih Çelik",webapps,php, -47939,exploits/php/webapps/47939.py,"Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass",2020-01-17,"Raphael Karger",webapps,php, -47941,exploits/php/webapps/47941.py,"Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass",2020-01-17,"B. Canavate",webapps,php, +47939,exploits/php/webapps/47939.py,"WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass",2020-01-17,"Raphael Karger",webapps,php, +47941,exploits/php/webapps/47941.py,"WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass",2020-01-17,"B. Canavate",webapps,php, 47946,exploits/php/webapps/47946.txt,"Adive Framework 2.0.8 - Persistent Cross-Site Scripting",2020-01-20,"Sarthak Saini",webapps,php, 47948,exploits/php/webapps/47948.rb,"Centreon 19.04 - Authenticated Remote Code Execution (Metasploit)",2020-01-20,TheCyberGeek,webapps,php, 47949,exploits/java/webapps/47949.txt,"ManageEngine Network Configuration Manager 12.2 - 'apiKey' SQL Injection",2020-01-21,"Ertebat Gostar Co",webapps,java,80 @@ -42475,14 +42478,14 @@ id,file,description,date,author,type,platform,port 48026,exploits/xml/webapps/48026.txt,"ExpertGPS 6.38 - XML External Entity Injection",2020-02-07,"Trent Gordon",webapps,xml, 48027,exploits/multiple/webapps/48027.txt,"Google Invisible RECAPTCHA 3 - Spoof Bypass",2020-02-07,Matamorphosis,webapps,multiple, 48029,exploits/multiple/webapps/48029.txt,"Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting",2020-02-10,"Prasenjit Kanti Paul",webapps,multiple, -48030,exploits/php/webapps/48030.txt,"LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting",2020-02-10,"Jinson Varghese Behanan",webapps,php, +48030,exploits/php/webapps/48030.txt,"WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting",2020-02-10,"Jinson Varghese Behanan",webapps,php, 48040,exploits/cgi/webapps/48040.txt,"CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting",2020-02-11,Luca.Chiou,webapps,cgi, 48042,exploits/php/webapps/48042.txt,"Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting",2020-02-11,"Sayak Naskar",webapps,php, -48047,exploits/php/webapps/48047.rb,"WordPress InfiniteWP - Client Authentication Bypass (Metasploit)",2020-02-11,Metasploit,webapps,php,80 +48047,exploits/php/webapps/48047.rb,"WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)",2020-02-11,Metasploit,webapps,php,80 48066,exploits/php/webapps/48066.txt,"phpMyChat Plus 1.98 - 'pmc_username' SQL Injection",2020-02-14,J3rryBl4nks,webapps,php, 48064,exploits/php/webapps/48064.py,"PANDORAFMS 7.0 - Authenticated Remote Code Execution",2020-02-13,"Engin Demirbilek",webapps,php, 48074,exploits/php/webapps/48074.txt,"SOPlanning 1.45 - 'by' SQL Injection",2020-02-17,J3rryBl4nks,webapps,php, -48076,exploits/php/webapps/48076.txt,"Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting",2020-02-17,"Jinson Varghese Behanan",webapps,php, +48076,exploits/php/webapps/48076.txt,"WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting",2020-02-17,"Jinson Varghese Behanan",webapps,php, 48077,exploits/hardware/webapps/48077.txt,"Avaya Aura Communication Manager 5.2 - Remote Code Execution",2020-02-17,"Sarang Tumne",webapps,hardware, 48082,exploits/php/webapps/48082.txt,"Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)",2020-02-17,J3rryBl4nks,webapps,php, 48083,exploits/php/webapps/48083.txt,"WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting",2020-02-17,"Ultra Security Team",webapps,php, @@ -42516,12 +42519,12 @@ id,file,description,date,author,type,platform,port 48141,exploits/php/webapps/48141.txt,"Business Live Chat Software 1.0 - Cross-Site Request Forgery (Add Admin)",2020-02-27,"Meisam Monsef",webapps,php, 48142,exploits/hardware/webapps/48142.txt,"Comtrend VR-3033 - Command Injection",2020-02-27,"Raki Ben Hamouda",webapps,hardware, 48143,exploits/multiple/webapps/48143.py,"Apache Tomcat - AJP 'Ghostcat File Read/Inclusion",2020-02-20,YDHCUI,webapps,multiple, -48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple, +48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple, 48145,exploits/multiple/webapps/48145.py,"Cacti 1.2.8 - Unauthenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple, 48146,exploits/multiple/webapps/48146.py,"qdPM < 9.1 - Remote Code Execution",2020-02-28,"Tobin Shields",webapps,multiple, 48147,exploits/multiple/webapps/48147.txt,"Joplin Desktop 1.0.184 - Cross-Site Scripting",2020-03-02,"Javier Olmedo",webapps,multiple, 48149,exploits/hardware/webapps/48149.py,"Netis WF2419 2.2.36123 - Remote Code Execution",2020-03-02,"Elias Issa",webapps,hardware, -48151,exploits/php/webapps/48151.txt,"Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)",2020-03-02,"Jinson Varghese Behanan",webapps,php, +48151,exploits/php/webapps/48151.txt,"WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)",2020-03-02,"Jinson Varghese Behanan",webapps,php, 48152,exploits/hardware/webapps/48152.txt,"TL-WR849N 0.9.1 4.16 - Authentication Bypass (Upload Firmware)",2020-03-02,"Elber Tavares",webapps,hardware, 48154,exploits/multiple/webapps/48154.sh,"Wing FTP Server 6.2.5 - Privilege Escalation",2020-03-02,"Cary Hooper",webapps,multiple, 48155,exploits/hardware/webapps/48155.py,"TP LINK TL-WR849N - Remote Code Execution",2020-03-02,"Elber Tavares",webapps,hardware, @@ -42537,10 +42540,10 @@ id,file,description,date,author,type,platform,port 48188,exploits/java/webapps/48188.txt,"Sysaid 20.1.11 b26 - Remote Command Execution",2020-03-10,"Ahmed Sherif",webapps,java, 48189,exploits/php/webapps/48189.txt,"YzmCMS 5.5 - 'url' Persistent Cross-Site Scripting",2020-03-10,En_dust,webapps,php, 48190,exploits/php/webapps/48190.txt,"Persian VIP Download Script 1.0 - 'active' SQL Injection",2020-03-10,S3FFR,webapps,php, -48197,exploits/php/webapps/48197.txt,"Wordpress Plugin Search Meter 2.13.2 - CSV injection",2020-03-11,"Daniel Monzón",webapps,php, +48197,exploits/php/webapps/48197.txt,"WordPress Plugin Search Meter 2.13.2 - CSV injection",2020-03-11,"Daniel Monzón",webapps,php, 48202,exploits/php/webapps/48202.txt,"Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection",2020-03-12,"Milad karimi",webapps,php, 48203,exploits/java/webapps/48203.txt,"WatchGuard Fireware AD Helper Component 5.8.5.10317 - Credential Disclosure",2020-03-12,"RedTeam Pentesting GmbH",webapps,java, -48204,exploits/php/webapps/48204.txt,"Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php, +48204,exploits/php/webapps/48204.txt,"WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection",2020-03-12,"Daniel Monzón",webapps,php, 48205,exploits/php/webapps/48205.txt,"HRSALE 1.1.8 - Cross-Site Request Forgery (Add Admin)",2020-03-12,"Ismail Akıcı",webapps,php, 48207,exploits/php/webapps/48207.py,"rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution",2020-03-12,"Engin Demirbilek",webapps,php, 48208,exploits/php/webapps/48208.py,"rConfig 3.9 - 'searchColumn' SQL Injection",2020-03-12,vikingfr,webapps,php, @@ -42559,11 +42562,10 @@ id,file,description,date,author,type,platform,port 48241,exploits/php/webapps/48241.py,"rConfig 3.9.4 - 'search.crud.php' Remote Command Injection",2020-03-23,"Matthew Aberegg",webapps,php, 48242,exploits/php/webapps/48242.txt,"Joomla! com_hdwplayer 4.2 - 'search.php' SQL Injection",2020-03-23,qw3rTyTy,webapps,php, 48244,exploits/php/webapps/48244.txt,"UliCMS 2020.1 - Persistent Cross-Site Scripting",2020-03-24,SunCSR,webapps,php, -48245,exploits/php/webapps/48245.txt,"Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting",2020-03-24,"Jinson Varghese Behanan",webapps,php, +48245,exploits/php/webapps/48245.txt,"WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting",2020-03-24,"Jinson Varghese Behanan",webapps,php, 48247,exploits/hardware/webapps/48247.py,"UCM6202 1.0.18.13 - Remote Command Injection",2020-03-24,"Jacob Baines",webapps,hardware, 48248,exploits/php/webapps/48248.txt,"Joomla! Component GMapFP 3.30 - Arbitrary File Upload",2020-03-25,ThelastVvV,webapps,php, 48250,exploits/php/webapps/48250.txt,"LeptonCMS 4.5.0 - Persistent Cross-Site Scripting",2020-03-25,SunCSR,webapps,php, -48255,exploits/hardware/webapps/48255.py,"TP-Link Archer C50 3 - Denial of Service (PoC)",2020-03-26,thewhiteh4t,webapps,hardware, 48256,exploits/php/webapps/48256.py,"Centreo 19.10.8 - 'DisplayServiceStatus' Remote Code Execution",2020-03-26,"Engin Demirbilek",webapps,php, 48258,exploits/php/webapps/48258.txt,"ECK Hotel 1.0 - Cross-Site Request Forgery (Add Admin)",2020-03-27,"Mustafa Emre Gül",webapps,php, 48260,exploits/java/webapps/48260.py,"Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal",2020-03-27,hongphukt,webapps,java, @@ -42580,17 +42582,16 @@ id,file,description,date,author,type,platform,port 48297,exploits/php/webapps/48297.txt,"LimeSurvey 4.1.11 - 'File Manager' Path Traversal",2020-04-06,"Matthew Aberegg",webapps,php, 48300,exploits/freebsd/webapps/48300.txt,"pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting",2020-04-06,"Matthew Aberegg",webapps,freebsd, 48303,exploits/php/webapps/48303.txt,"Django 3.0 - Cross-Site Request Forgery Token Bypass",2020-04-08,"Spad Security Group",webapps,php, -48304,exploits/hardware/webapps/48304.py,"Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)",2020-04-08,"Jacob Baines",webapps,hardware, 48308,exploits/cgi/webapps/48308.py,"Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal",2020-04-10,"Basim Alabdullah",webapps,cgi, 48310,exploits/hardware/webapps/48310.txt,"Huawei HG630 2 Router - Authentication Bypass",2020-04-13,"Eslam Medhat",webapps,hardware, 48311,exploits/hardware/webapps/48311.py,"TVT NVMS 1000 - Directory Traversal",2020-04-13,"Mohin Paramasivam",webapps,hardware, 48312,exploits/php/webapps/48312.txt,"Webtateas 2.0 - Arbitrary File Read",2020-04-13,"China Banking and Insurance Information Technology Management Co.",webapps,php, 48313,exploits/java/webapps/48313.txt,"WSO2 3.1.0 - Arbitrary File Delete",2020-04-13,"Raki Ben Hamouda",webapps,java, -48315,exploits/php/webapps/48315.txt,"Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion",2020-04-13,"Daniel Monzón",webapps,php, +48315,exploits/php/webapps/48315.txt,"WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion",2020-04-13,"Daniel Monzón",webapps,php, 48316,exploits/php/webapps/48316.txt,"MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection",2020-04-13,"Noam Moshe",webapps,php, 48318,exploits/hardware/webapps/48318.txt,"Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution",2020-04-14,Wadeek,webapps,hardware, 48319,exploits/java/webapps/48319.txt,"WSO2 3.1.0 - Persistent Cross-Site Scripting",2020-04-14,"Raki Ben Hamouda",webapps,java, -48320,exploits/java/webapps/48320.py,"Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution",2020-04-14,nu11secur1ty,webapps,java, +48320,exploits/java/webapps/48320.py,"Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution",2020-04-14,nu11secur1ty,webapps,java, 48321,exploits/ios/webapps/48321.txt,"AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting",2020-04-15,Vulnerability-Lab,webapps,ios, 48322,exploits/ios/webapps/48322.txt,"SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting",2020-04-15,Vulnerability-Lab,webapps,ios, 48323,exploits/php/webapps/48323.txt,"Pinger 1.0 - Remote Code Execution",2020-04-15,"Milad karimi",webapps,php, @@ -42601,7 +42602,6 @@ id,file,description,date,author,type,platform,port 48328,exploits/php/webapps/48328.txt,"Xeroneit Library Management System 3.0 - 'category' SQL Injection",2020-04-15,"Sohel Yousef",webapps,php, 48340,exploits/ios/webapps/48340.txt,"Playable 9.18 iOS - Persistent Cross-Site Scripting",2020-04-17,Vulnerability-Lab,webapps,ios, 48341,exploits/php/webapps/48341.txt,"TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection",2020-04-17,Vulnerability-Lab,webapps,php, -48342,exploits/hardware/webapps/48342.txt,"Cisco IP Phone 11.7 - Denial of service (PoC)",2020-04-17,"Jacob Baines",webapps,hardware, 48345,exploits/php/webapps/48345.txt,"Centreon 19.10.5 - 'id' SQL Injection",2020-04-20,"Basim Alabdullah",webapps,php, 48348,exploits/php/webapps/48348.txt,"Fork CMS 5.8.0 - Persistent Cross-Site Scripting",2020-04-20,Vulnerability-Lab,webapps,php, 48354,exploits/php/webapps/48354.txt,"CSZ CMS 1.2.7 - Persistent Cross-Site Scripting",2020-04-21,"Metin Yunus Kandemir",webapps,php, diff --git a/files_shellcodes.csv b/files_shellcodes.csv index e6ca9e5cc..fbc6a8d1c 100644 --- a/files_shellcodes.csv +++ b/files_shellcodes.csv @@ -939,7 +939,7 @@ id,file,description,date,author,type,platform 46257,shellcodes/linux_x86/46257.c,"Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2)",2019-01-28,"Joao Batista",shellcode,linux_x86 46258,shellcodes/arm/46258.s,"Linux/ARM - Reverse TCP (192.168.1.124:4321) Shell (/bin/sh) Shellcode (64 bytes)",2019-01-28,"Gokul Babu",shellcode,arm 46281,shellcodes/windows_x86/46281.c,"Windows/x86 - 'msiexec.exe' Download and Execute Shellcode (95 bytes)",2019-01-30,"Kartik Durg",shellcode,windows_x86 -46264,shellcodes/arm/46264.s,"Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)",2019-01-28,"Gokul Babu",shellcode,arm +46264,shellcodes/arm/46264.s,"Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)",2019-01-28,"Gokul Babu",shellcode,arm 46277,shellcodes/linux_x86/46277.c,"Linux/x86 - execve(/bin/sh) + RShift-1 Encoded Shellcode (29 bytes)",2019-01-29,"Joao Batista",shellcode,linux_x86 46302,shellcodes/linux_x86/46302.c,"Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (3)",2019-02-01,Kiewicz,shellcode,linux_x86 46323,shellcodes/linux_x86/46323.py,"Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)",2019-02-05,"Aditya Chaudhary",shellcode,linux_x86 @@ -958,7 +958,7 @@ id,file,description,date,author,type,platform 46696,shellcodes/generator/46696.py,"Linux/x86 - MMX-PUNPCKLBW Encoder Shellcode (61 bytes)",2019-04-15,"Petr Javorik",shellcode,generator 46704,shellcodes/linux_x86/46704.txt,"Linux/x86 - cat (.bash_history)+ base64 Encode + curl data (http://localhost:8080) Shellcode (125 bytes)",2019-04-15,strider,shellcode,linux_x86 46736,shellcodes/arm/46736.txt,"Linux/ARM - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) + Password (S59!) + Null-Free Shellcode (100 bytes)",2019-04-22,"Alan Vivona",shellcode,arm -46746,shellcodes/generator/46746.txt,"Linux/x86 - Rabbit Encoder Shellcode (200 bytes)",2019-04-24,"Petr Javorik",shellcode,generator +46746,shellcodes/generator/46746.txt,"Linux/x86 - Rabbit Encoder Shellcode (200 bytes)",2019-04-24,"Petr Javorik",shellcode,generator 46789,shellcodes/generator/46789.txt,"Linux/x86 - Reverse (127.0.0.1:8080/TCP) Shell (/bin/sh) + Generator Shellcode (91 Bytes)",2019-05-03,"Dave Sully",shellcode,generator 46791,shellcodes/linux_x86/46791.c,"Linux/x86 - OpenSSL Encrypt (aes256cbc) Files (test.txt) Shellcode (185 bytes)",2019-05-03,strider,shellcode,linux_x86 46800,shellcodes/generator/46800.txt,"Linux/x86 - Multiple keys XOR Encoder / Decoder execve(/bin/sh) Shellcode (59 bytes)",2019-05-06,"Xavi Beltran",shellcode,generator