bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2015-06-12

Browse source 
1 new exploits
This commit is contained in:
Offensive Security 2015-06-12 05:03:29 +00:00
parent 5deff36e99
commit dc651e3c85
3 changed files with 64 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
files.csv
View file

@ -3293,7 +3293,7 @@ id,file,description,date,author,platform,type,port
3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit",2007-04-01,ajann,php,webapps,0
3633,platforms/php/webapps/3633.htm,"XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection Exploit",2007-04-01,ajann,php,webapps,0
3634,platforms/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor (.ANI) Remote Overflow Exploit",2007-04-01,jamikazu,windows,remote,0
3635,platforms/windows/remote/3635.txt,"Microsoft Windows XP - Animated Cursor (.ANI) Remote Overflow Exploit #2",2007-04-01,"Trirat Puttaraksa",windows,remote,0
3635,platforms/windows/remote/3635.txt,"Microsoft Windows XP - Animated Cursor (.ANI) Remote Overflow Exploit (2)",2007-04-01,"Trirat Puttaraksa",windows,remote,0
3636,platforms/windows/remote/3636.txt,"Microsoft Windows - Animated Cursor (.ANI) Remote Exploit (eeye patch bypass)",2007-04-01,jamikazu,windows,remote,0
3638,platforms/php/webapps/3638.txt,"maplab ms4w 2.2.1 - Remote File Inclusion Vulnerability",2007-04-02,ka0x,php,webapps,0
3639,platforms/php/webapps/3639.txt,"PHP-Fusion Module topliste 1.0 (cid) Remote SQL Injection Vulnerability",2007-04-02,"Mehmet Ince",php,webapps,0
@ -3399,7 +3399,7 @@ id,file,description,date,author,platform,type,port
3743,platforms/php/webapps/3743.txt,"Gallery 1.2.5 (GALLERY_BASEDIR) Multiple RFI Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0
3744,platforms/php/webapps/3744.txt,"audioCMS arash 0.1.4 (arashlib_dir) Remote File Inclusion Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0
3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 (path) Remote File Inclusion Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0
3746,platforms/windows/remote/3746.txt,"Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit #2",2007-04-18,"Andres Tarasco",windows,remote,445
3746,platforms/windows/remote/3746.txt,"Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (2)",2007-04-18,"Andres Tarasco",windows,remote,445
3747,platforms/php/webapps/3747.txt,"openMairie 1.10 (scr/soustab.php) Local File Inclusion Vulnerability",2007-04-16,GoLd_M,php,webapps,0
3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart <= 3.5 (abs_path) RFI Vulnerabilities",2007-04-16,irvian,php,webapps,0
3749,platforms/php/webapps/3749.txt,"StoreFront for Gallery (GALLERY_BASEDIR) RFI Vulnerabilities",2007-04-16,"Alkomandoz Hacker",php,webapps,0
@ -8901,7 +8901,7 @@ id,file,description,date,author,platform,type,port
9433,platforms/php/webapps/9433.txt,"Gazelle CMS 1.0 - Remote Arbitrary Shell Upload Vulnerability",2009-08-13,RoMaNcYxHaCkEr,php,webapps,0
9434,platforms/php/webapps/9434.txt,"tgs CMS 0.x (xss/sql/fd) Multiple Vulnerabilities",2009-08-13,[]ViZiOn,php,webapps,0
9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit",2009-08-14,spender,linux,local,0
9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (#2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0
9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0
9437,platforms/php/webapps/9437.txt,"Ignition 1.2 (comment) Remote Code Injection Vulnerability",2009-08-14,IRCRASH,php,webapps,0
9438,platforms/php/webapps/9438.txt,"PHP Competition System <= 0.84 (competition) SQL Injection Vuln",2009-08-14,Mr.SQL,php,webapps,0
9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability",2009-08-14,Mr.tro0oqy,php,webapps,0
@ -9100,7 +9100,7 @@ id,file,description,date,author,platform,type,port
9638,platforms/windows/remote/9638.txt,"Kolibri+ Webserver 2 - Remote Source Code Disclosure Vulnerability",2009-09-11,SkuLL-HackeR,windows,remote,0
9639,platforms/php/webapps/9639.txt,"Image voting 1.0 (index.php show) SQL Injection Vulnerability",2009-09-11,SkuLL-HackeR,php,webapps,0
9640,platforms/php/webapps/9640.txt,"gyro 5.0 (sql/XSS) Multiple Vulnerabilities",2009-09-11,OoN_Boy,php,webapps,0
9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (#3)",2009-09-11,"Ramon Valle",linux,local,0
9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (3)",2009-09-11,"Ramon Valle",linux,local,0
9642,platforms/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit",2009-09-11,"Matthew Gillespie",multiple,dos,1812
9643,platforms/windows/remote/9643.txt,"kolibri+ webserver 2 - Directory Traversal Vulnerability",2009-09-11,"Usman Saeed",windows,remote,0
9644,platforms/windows/remote/9644.py,"Kolibri+ Webserver 2 - (GET Request) Remote SEH Overwrite Exploit",2009-09-11,blake,windows,remote,80
@ -9788,7 +9788,7 @@ id,file,description,date,author,platform,type,port
10535,platforms/php/webapps/10535.txt,"WordPress and Pyrmont 2.x - SQL Injection Vulnerability",2009-12-18,Gamoscu,php,webapps,0
10537,platforms/php/webapps/10537.txt,"gpEasy <= 1.5RC3 - Remote FIle Include Exploit",2009-12-18,"cr4wl3r ",php,webapps,0
10540,platforms/asp/webapps/10540.txt,"E-Smartcart Remote SQL Injection Vulnerability",2009-12-18,R3d-D3V!L,asp,webapps,0
10542,platforms/windows/remote/10542.py,"TFTP Server for Windows 1.4 - Buffer Overflow Remote Exploit (#2)",2009-12-18,Molotov,windows,remote,69
10542,platforms/windows/remote/10542.py,"TFTP Server for Windows 1.4 - Buffer Overflow Remote Exploit (2)",2009-12-18,Molotov,windows,remote,69
10543,platforms/php/webapps/10543.txt,"Schweizer NISADA Communication CMS SQL Injection Vulnerability",2009-12-18,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
10544,platforms/multiple/local/10544.html,"Mozilla Firefox Location Bar Spoofing Vulnerability",2009-12-18,"Jordi Chancel",multiple,local,0
10545,platforms/php/webapps/10545.txt,"Joomla Component com_jbook Blind SQL-injection",2009-12-18,FL0RiX,php,webapps,0
@ -10485,7 +10485,7 @@ id,file,description,date,author,platform,type,port
11447,platforms/php/webapps/11447.txt,"Joomla (Jw_allVideos) Remote File Download Vulnerability",2010-02-14,"Pouya Daneshmand",php,webapps,0
11449,platforms/php/webapps/11449.txt,"Joomla com_videos Remote SQL Injection Vulnerability",2010-02-14,snakespc,php,webapps,0
11450,platforms/php/webapps/11450.txt,"File Upload Manager 1.3",2010-02-14,ROOT_EGY,php,webapps,0
11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - (.mp3) Local Denial of Service (DoS) #",2010-02-14,Mr.tro0oqy,windows,dos,0
11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - (.mp3) Local Denial of Service (DoS) (2)",2010-02-14,Mr.tro0oqy,windows,dos,0
11452,platforms/php/webapps/11452.txt,"Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL",2010-02-14,kaMtiEz,php,webapps,0
11453,platforms/windows/remote/11453.py,"Wireshark 1.2.5 LWRES getaddrbyname BoF - calc.exe",2010-02-15,"Nullthreat and Pure|Hate",windows,remote,0
11455,platforms/php/webapps/11455.txt,"Généré par KDPics 1.18 - Remote Add Admin",2010-02-15,snakespc,php,webapps,0
@ -15952,7 +15952,7 @@ id,file,description,date,author,platform,type,port
18404,platforms/php/webapps/18404.pl,"iSupport 1.x - CSRF HTML Code Injection to Add Admin",2012-01-21,Or4nG.M4N,php,webapps,0
18399,platforms/windows/dos/18399.py,"VLC 1.2.0 (libtaglib_pluggin.dll) DoS",2012-01-20,"Mitchell Adair",windows,dos,0
18405,platforms/asp/webapps/18405.txt,"ARYADAD Multiple Vulnerabilities",2012-01-21,"Red Security TEAM",asp,webapps,0
18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#1)",2012-01-23,zx2c4,linux,local,0
18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (1)",2012-01-23,zx2c4,linux,local,0
18407,platforms/php/webapps/18407.txt,"AllWebMenus < 1.1.9 WordPress Menu Plugin - Arbitrary File Upload",2012-01-22,6Scan,php,webapps,0
18410,platforms/php/webapps/18410.txt,"miniCMS 1.0 & 2.0 - PHP Code Inject",2012-01-22,Or4nG.M4N,php,webapps,0
18698,platforms/windows/dos/18698.py,"Xion Audio Player 1.0.127 - (.aiff) Denial of Service Vulnerability",2012-04-04,condis,windows,dos,0
@ -27102,7 +27102,7 @@ id,file,description,date,author,platform,type,port
30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30007,platforms/windows/local/30007.txt,"Notepad++ Plugin Notepad# 1.5 - Local Exploit",2013-12-03,"Junwen Sun",windows,local,0
30007,platforms/windows/local/30007.txt,"Notepad++ Plugin Notepad 1.5 - Local Exploit",2013-12-03,"Junwen Sun",windows,local,0
30008,platforms/java/remote/30008.rb,"Cisco Prime Data Center Network Manager - Arbitrary File Upload",2013-12-03,metasploit,java,remote,0
30009,platforms/windows/remote/30009.rb,"ABB MicroSCADA wserver.exe - Remote Code Execution",2013-12-03,metasploit,windows,remote,12221
30010,platforms/php/remote/30010.rb,"Kimai 0.9.2 - 'db_restore.php' SQL Injection",2013-12-03,metasploit,php,remote,80
@ -30509,7 +30509,7 @@ id,file,description,date,author,platform,type,port
33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 Memory Consumption Remote Denial of Service Vulnerability",2010-04-27,fallenpegasus,linux,dos,0
33851,platforms/php/webapps/33851.txt,"Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0day)",2014-06-24,@u0x,php,webapps,0
33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0
33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0
33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0
33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability",2010-04-20,"Edgard Chammas",php,webapps,0
33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting Vulnerability",2010-04-24,Liscker,php,webapps,0
33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability",2010-04-20,"Joel Johnson",linux,remote,0
@ -31520,7 +31520,7 @@ id,file,description,date,author,platform,type,port
34982,platforms/win32/local/34982.rb,"Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation",2014-10-15,metasploit,win32,local,0
34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0
34995,platforms/php/webapps/34995.txt,"Simea CMS 'index.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0
34984,platforms/php/webapps/34984.py,"Drupal Core <= 7.32 - SQL Injection (#1)",2014-10-16,fyukyuk,php,webapps,0
34984,platforms/php/webapps/34984.py,"Drupal Core <= 7.32 - SQL Injection (1)",2014-10-16,fyukyuk,php,webapps,0
34985,platforms/php/remote/34985.txt,"pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-05,"dave b",php,remote,0
34986,platforms/hardware/remote/34986.txt,"D-Link DIR-300 - Multiple Security Bypass Vulnerabilities",2010-11-09,"Karol Celia",hardware,remote,0
34987,platforms/linux/local/34987.c,"Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure Vulnerability",2010-11-09,"Dan Rosenberg",linux,local,0
@ -31528,7 +31528,7 @@ id,file,description,date,author,platform,type,port
34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0
34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting Vulnerability",2010-11-09,thelightcosine,php,webapps,0
34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS 'venue.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0
34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (#2)",2014-10-17,"Claudio Viviani",php,webapps,0
34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (2)",2014-10-17,"Claudio Viviani",php,webapps,0
34993,platforms/php/webapps/34993.php,"Drupal Core <= 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Dörr",php,webapps,0
34997,platforms/windows/remote/34997.txt,"DServe Multiple Cross-Site Scripting Vulnerabilities",2010-11-16,Axiell,windows,remote,0
34998,platforms/linux/remote/34998.txt,"Eclipse <= 3.6.1 Help Server help/index.jsp URI XSS",2010-11-16,"Aung Khant",linux,remote,0
@ -31686,7 +31686,7 @@ id,file,description,date,author,platform,type,port
35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability",2010-12-27,JohnLeitch,windows,dos,0
35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS Vulnerability",2014-11-05,"Narendra Bhati",php,webapps,0
35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - - Stored XSS Vulnerability",2014-11-05,"Halil Dalabasmaz",php,webapps,0
35161,platforms/linux/local/35161.txt,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#2)",2012-01-12,zx2c4,linux,local,0
35161,platforms/linux/local/35161.txt,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (2)",2012-01-12,zx2c4,linux,local,0
35162,platforms/linux/dos/35162.cob,"GIMP <= 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0
35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-01-01,d3c0der,windows,dos,0
35164,platforms/php/dos/35164.php,"PHP <= 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability",2011-01-03,"Rick Regan",php,dos,0
@ -31745,7 +31745,7 @@ id,file,description,date,author,platform,type,port
35226,platforms/windows/remote/35226.py,"Avira AntiVir Personal Multiple Code Execution Vulnerabilities (2)",2011-01-14,D.Elser,windows,remote,0
35227,platforms/php/webapps/35227.txt,"Alguest 1.1c-patched 'elimina' Parameter SQL Injection Vulnerability",2011-01-14,"Aliaksandr Hartsuyeu",php,webapps,0
35228,platforms/php/webapps/35228.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-15,NLSecurity,php,webapps,0
35229,platforms/windows/remote/35229.html,"Microsoft Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (#1)",2014-11-13,yuange,windows,remote,0
35229,platforms/windows/remote/35229.html,"Microsoft Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (1)",2014-11-13,yuange,windows,remote,0
35230,platforms/windows/remote/35230.rb,"Microsoft Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF)",2014-11-13,"Wesley Neelen & Rik van Duijn",windows,remote,0
35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection Vulnerability",2011-01-16,ShivX,php,webapps,0
35232,platforms/linux/remote/35232.txt,"Pango Font Parsing 'pangoft2-render.c' Heap Corruption Vulnerability",2011-01-18,"Dan Rosenberg",linux,remote,0
@ -33231,7 +33231,7 @@ id,file,description,date,author,platform,type,port
36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution Vulnerability",2015-04-23,"TUNISIAN CYBER",php,webapps,0
36822,platforms/windows/local/36822.pl,"Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Overflow",2015-04-23,"Tomislav Paskalev",windows,local,0
36823,platforms/php/webapps/36823.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi",2015-04-23,"Felipe Molina",php,webapps,0
36824,platforms/php/webapps/36824.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi #2",2015-04-23,"Felipe Molina",php,webapps,0
36824,platforms/php/webapps/36824.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi (2)",2015-04-23,"Felipe Molina",php,webapps,0
36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server DoS",2015-04-23,"Koorosh Ghorbani",hardware,dos,80
36826,platforms/windows/local/36826.pl,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow",2015-04-23,ThreatActor,windows,local,0
36827,platforms/windows/local/36827.py,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow (W7 - DEP Bypass)",2015-04-24,naxxo,windows,local,0
@ -33486,7 +33486,7 @@ id,file,description,date,author,platform,type,port
37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0
37097,platforms/ios/remote/37097.py,"FTP Media Server 3.0 - Authentication Bypass and Denial of Service",2015-05-25,"Wh1t3Rh1n0 (Michael Allen)",ios,remote,0
37098,platforms/windows/local/37098.txt,"Microsoft Windows - Local Privilege Escalation (MS15-010)",2015-05-25,"Sky lake",windows,local,0
37253,platforms/php/webapps/37253.txt,"Paypal Currencucy Converter Basic For Woocommerce File Read",2015-06-10,Kuroi'SH,php,webapps,0
37253,platforms/php/webapps/37253.txt,"Paypal Currency Converter Basic For Woocommerce File Read",2015-06-10,Kuroi'SH,php,webapps,0
37254,platforms/php/webapps/37254.txt,"Wordpress History Collection <=1.1.1 Arbitrary File Download",2015-06-10,Kuroi'SH,php,webapps,80
37255,platforms/php/webapps/37255.txt,"Pandora FMS 5.0_ 5.1 - Authentication Bypass",2015-06-10,"Manuel Mancera",php,webapps,0
37100,platforms/php/webapps/37100.txt,"Waylu CMS 'products_xx.php' SQL Injection and HTML Injection Vulnerabilities",2012-04-20,TheCyberNuxbie,php,webapps,0
@ -33552,7 +33552,7 @@ id,file,description,date,author,platform,type,port
37161,platforms/php/webapps/37161.txt,"WordPress GRAND Flash Album Gallery 1.71 'admin.php' Cross Site Scripting Vulnerability",2012-05-15,"Heine Pedersen",php,webapps,0
37162,platforms/php/webapps/37162.txt,"Dynamic Widgets WordPress Plugin 1.5.1 'themes.php' Cross Site Scripting Vulnerability",2012-05-15,"Heine Pedersen",php,webapps,0
37163,platforms/windows/remote/37163.py,"IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution",2015-06-01,"Naser Farhadi",windows,remote,0
37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build # 4172) - Buffer OverFlow PoC",2015-06-01,metacom,windows,remote,0
37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Buffer OverFlow PoC",2015-06-01,metacom,windows,remote,0
37166,platforms/php/webapps/37166.php,"WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability",2015-06-01,"nabil chris",php,webapps,0
37167,platforms/linux/local/37167.c,"PonyOS <= 3.0 - VFS Permissions Exploit",2015-06-01,"Hacker Fantastic",linux,local,0
37168,platforms/linux/local/37168.txt,"PonyOS <= 3.0 - ELF Loader Privilege Escalation",2015-06-01,"Hacker Fantastic",linux,local,0
@ -33632,3 +33632,4 @@ id,file,description,date,author,platform,type,port
37262,platforms/linux/remote/37262.rb,"ProFTPD 1.3.5 Mod_Copy Command Execution",2015-06-10,metasploit,linux,remote,0
37263,platforms/php/webapps/37263.txt,"AnimaGallery 2.6 - Local File Inclusion",2015-06-10,d4rkr0id,php,webapps,80
37264,platforms/php/webapps/37264.txt,"WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability",2015-06-10,"Nitin Venkatesh",php,webapps,80
37265,platforms/linux/local/37265.txt,"OSSEC 2.7 <= 2.8.1 - Local Root Escalation",2015-06-11,"Andrew Widdersheim",linux,local,0

Can't render this file because it is too large.

46
platforms/linux/local/37265.txt Executable file
View file

@ -0,0 +1,46 @@
Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2
Affected versions: 2.7 - 2.8.1
Beginning is OSSEC 2.7 (d88cf1c9) a feature was added to syscheck, which
is the daemon that monitors file changes on a system, called
"report_changes". This feature is only available on *NIX systems. It's
purpose is to help determine what about a file has changed. The logic to
do accomplish this is as follows which can be found in
src/syscheck/seechanges.c:
252 /* Run diff */
253 date_of_change = File_DateofChange(old_location);
254 snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\"> \"%s/local/%s/diff.%d\" "
255 "2>/dev/null",
256 tmp_location, old_location,
257 DIFF_DIR_PATH, filename + 1, (int)date_of_change);
258 if (system(diff_cmd) != 256) {
259 merror("%s: ERROR: Unable to run diff for %s",
260 ARGV0, filename);
261 return (NULL);
262 }
Above, on line 258, the system() call is used to shell out to the
system's "diff" command. The raw filename is passed in as an argument
which presents an attacker with the possibility to run arbitrary code.
Since the syscheck daemon runs as the root user so it can inspect any
file on the system for changes, any code run using this vulnerability
will also be run as the root user.
An example attack might be creating a file called "foo-$(touch bar)"
which should create another file "bar".
Again, this vulnerability exists only on *NIX systems and is contingent
on the following criteria:
1. A vulnerable version is in use.
2. The OSSEC agent is configured to use syscheck to monitor the file
system for changes.
3. The list of directories monitored by syscheck includes those writable
by underprivileged users.
4. The "report_changes" option is enabled for any of those directories.
The fix for this is to create temporary trusted file names that symlink
back to the original files before calling system() and running the
system's "diff" command.

2
platforms/php/webapps/37253.txt
View file

@ -1,4 +1,4 @@
# Exploit Title: Paypal Currencucy Converter Basic For Woocommerce File Read
# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read
# Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce"
# Date: 10/06/2015
# Exploit Author: Kuroi'SH