diff --git a/files.csv b/files.csv index f6952bee3..ff38429ba 100755 --- a/files.csv +++ b/files.csv @@ -3293,7 +3293,7 @@ id,file,description,date,author,platform,type,port 3632,platforms/php/webapps/3632.pl,"XOOPS Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit",2007-04-01,ajann,php,webapps,0 3633,platforms/php/webapps/3633.htm,"XOOPS Module RM+Soft Gallery 1.0 - Blind SQL Injection Exploit",2007-04-01,ajann,php,webapps,0 3634,platforms/windows/remote/3634.txt,"Microsoft Windows XP/Vista - Animated Cursor (.ANI) Remote Overflow Exploit",2007-04-01,jamikazu,windows,remote,0 -3635,platforms/windows/remote/3635.txt,"Microsoft Windows XP - Animated Cursor (.ANI) Remote Overflow Exploit #2",2007-04-01,"Trirat Puttaraksa",windows,remote,0 +3635,platforms/windows/remote/3635.txt,"Microsoft Windows XP - Animated Cursor (.ANI) Remote Overflow Exploit (2)",2007-04-01,"Trirat Puttaraksa",windows,remote,0 3636,platforms/windows/remote/3636.txt,"Microsoft Windows - Animated Cursor (.ANI) Remote Exploit (eeye patch bypass)",2007-04-01,jamikazu,windows,remote,0 3638,platforms/php/webapps/3638.txt,"maplab ms4w 2.2.1 - Remote File Inclusion Vulnerability",2007-04-02,ka0x,php,webapps,0 3639,platforms/php/webapps/3639.txt,"PHP-Fusion Module topliste 1.0 (cid) Remote SQL Injection Vulnerability",2007-04-02,"Mehmet Ince",php,webapps,0 @@ -3399,7 +3399,7 @@ id,file,description,date,author,platform,type,port 3743,platforms/php/webapps/3743.txt,"Gallery 1.2.5 (GALLERY_BASEDIR) Multiple RFI Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0 3744,platforms/php/webapps/3744.txt,"audioCMS arash 0.1.4 (arashlib_dir) Remote File Inclusion Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0 3745,platforms/php/webapps/3745.txt,"Web Slider 0.6 (path) Remote File Inclusion Vulnerabilities",2007-04-15,GoLd_M,php,webapps,0 -3746,platforms/windows/remote/3746.txt,"Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit #2",2007-04-18,"Andres Tarasco",windows,remote,445 +3746,platforms/windows/remote/3746.txt,"Microsoft Windows DNS RPC - Remote Buffer Overflow Exploit (2)",2007-04-18,"Andres Tarasco",windows,remote,445 3747,platforms/php/webapps/3747.txt,"openMairie 1.10 (scr/soustab.php) Local File Inclusion Vulnerability",2007-04-16,GoLd_M,php,webapps,0 3748,platforms/php/webapps/3748.txt,"SunShop Shopping Cart <= 3.5 (abs_path) RFI Vulnerabilities",2007-04-16,irvian,php,webapps,0 3749,platforms/php/webapps/3749.txt,"StoreFront for Gallery (GALLERY_BASEDIR) RFI Vulnerabilities",2007-04-16,"Alkomandoz Hacker",php,webapps,0 @@ -8901,7 +8901,7 @@ id,file,description,date,author,platform,type,port 9433,platforms/php/webapps/9433.txt,"Gazelle CMS 1.0 - Remote Arbitrary Shell Upload Vulnerability",2009-08-13,RoMaNcYxHaCkEr,php,webapps,0 9434,platforms/php/webapps/9434.txt,"tgs CMS 0.x (xss/sql/fd) Multiple Vulnerabilities",2009-08-13,[]ViZiOn,php,webapps,0 9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit",2009-08-14,spender,linux,local,0 -9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (#2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0 +9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0 9437,platforms/php/webapps/9437.txt,"Ignition 1.2 (comment) Remote Code Injection Vulnerability",2009-08-14,IRCRASH,php,webapps,0 9438,platforms/php/webapps/9438.txt,"PHP Competition System <= 0.84 (competition) SQL Injection Vuln",2009-08-14,Mr.SQL,php,webapps,0 9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability",2009-08-14,Mr.tro0oqy,php,webapps,0 @@ -9100,7 +9100,7 @@ id,file,description,date,author,platform,type,port 9638,platforms/windows/remote/9638.txt,"Kolibri+ Webserver 2 - Remote Source Code Disclosure Vulnerability",2009-09-11,SkuLL-HackeR,windows,remote,0 9639,platforms/php/webapps/9639.txt,"Image voting 1.0 (index.php show) SQL Injection Vulnerability",2009-09-11,SkuLL-HackeR,php,webapps,0 9640,platforms/php/webapps/9640.txt,"gyro 5.0 (sql/XSS) Multiple Vulnerabilities",2009-09-11,OoN_Boy,php,webapps,0 -9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (#3)",2009-09-11,"Ramon Valle",linux,local,0 +9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4 / 2.6 - sock_sendpage() Local Root Exploit (3)",2009-09-11,"Ramon Valle",linux,local,0 9642,platforms/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit",2009-09-11,"Matthew Gillespie",multiple,dos,1812 9643,platforms/windows/remote/9643.txt,"kolibri+ webserver 2 - Directory Traversal Vulnerability",2009-09-11,"Usman Saeed",windows,remote,0 9644,platforms/windows/remote/9644.py,"Kolibri+ Webserver 2 - (GET Request) Remote SEH Overwrite Exploit",2009-09-11,blake,windows,remote,80 @@ -9788,7 +9788,7 @@ id,file,description,date,author,platform,type,port 10535,platforms/php/webapps/10535.txt,"WordPress and Pyrmont 2.x - SQL Injection Vulnerability",2009-12-18,Gamoscu,php,webapps,0 10537,platforms/php/webapps/10537.txt,"gpEasy <= 1.5RC3 - Remote FIle Include Exploit",2009-12-18,"cr4wl3r ",php,webapps,0 10540,platforms/asp/webapps/10540.txt,"E-Smartcart Remote SQL Injection Vulnerability",2009-12-18,R3d-D3V!L,asp,webapps,0 -10542,platforms/windows/remote/10542.py,"TFTP Server for Windows 1.4 - Buffer Overflow Remote Exploit (#2)",2009-12-18,Molotov,windows,remote,69 +10542,platforms/windows/remote/10542.py,"TFTP Server for Windows 1.4 - Buffer Overflow Remote Exploit (2)",2009-12-18,Molotov,windows,remote,69 10543,platforms/php/webapps/10543.txt,"Schweizer NISADA Communication CMS SQL Injection Vulnerability",2009-12-18,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10544,platforms/multiple/local/10544.html,"Mozilla Firefox Location Bar Spoofing Vulnerability",2009-12-18,"Jordi Chancel",multiple,local,0 10545,platforms/php/webapps/10545.txt,"Joomla Component com_jbook Blind SQL-injection",2009-12-18,FL0RiX,php,webapps,0 @@ -10485,7 +10485,7 @@ id,file,description,date,author,platform,type,port 11447,platforms/php/webapps/11447.txt,"Joomla (Jw_allVideos) Remote File Download Vulnerability",2010-02-14,"Pouya Daneshmand",php,webapps,0 11449,platforms/php/webapps/11449.txt,"Joomla com_videos Remote SQL Injection Vulnerability",2010-02-14,snakespc,php,webapps,0 11450,platforms/php/webapps/11450.txt,"File Upload Manager 1.3",2010-02-14,ROOT_EGY,php,webapps,0 -11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - (.mp3) Local Denial of Service (DoS) #",2010-02-14,Mr.tro0oqy,windows,dos,0 +11451,platforms/windows/dos/11451.pl,"NovaPlayer 1.0 - (.mp3) Local Denial of Service (DoS) (2)",2010-02-14,Mr.tro0oqy,windows,dos,0 11452,platforms/php/webapps/11452.txt,"Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL",2010-02-14,kaMtiEz,php,webapps,0 11453,platforms/windows/remote/11453.py,"Wireshark 1.2.5 LWRES getaddrbyname BoF - calc.exe",2010-02-15,"Nullthreat and Pure|Hate",windows,remote,0 11455,platforms/php/webapps/11455.txt,"Généré par KDPics 1.18 - Remote Add Admin",2010-02-15,snakespc,php,webapps,0 @@ -15952,7 +15952,7 @@ id,file,description,date,author,platform,type,port 18404,platforms/php/webapps/18404.pl,"iSupport 1.x - CSRF HTML Code Injection to Add Admin",2012-01-21,Or4nG.M4N,php,webapps,0 18399,platforms/windows/dos/18399.py,"VLC 1.2.0 (libtaglib_pluggin.dll) DoS",2012-01-20,"Mitchell Adair",windows,dos,0 18405,platforms/asp/webapps/18405.txt,"ARYADAD Multiple Vulnerabilities",2012-01-21,"Red Security TEAM",asp,webapps,0 -18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#1)",2012-01-23,zx2c4,linux,local,0 +18411,platforms/linux/local/18411.c,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (1)",2012-01-23,zx2c4,linux,local,0 18407,platforms/php/webapps/18407.txt,"AllWebMenus < 1.1.9 WordPress Menu Plugin - Arbitrary File Upload",2012-01-22,6Scan,php,webapps,0 18410,platforms/php/webapps/18410.txt,"miniCMS 1.0 & 2.0 - PHP Code Inject",2012-01-22,Or4nG.M4N,php,webapps,0 18698,platforms/windows/dos/18698.py,"Xion Audio Player 1.0.127 - (.aiff) Denial of Service Vulnerability",2012-04-04,condis,windows,dos,0 @@ -27102,7 +27102,7 @@ id,file,description,date,author,platform,type,port 30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - LocalizerConfig.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - LocalizerLanguage.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 -30007,platforms/windows/local/30007.txt,"Notepad++ Plugin Notepad# 1.5 - Local Exploit",2013-12-03,"Junwen Sun",windows,local,0 +30007,platforms/windows/local/30007.txt,"Notepad++ Plugin Notepad 1.5 - Local Exploit",2013-12-03,"Junwen Sun",windows,local,0 30008,platforms/java/remote/30008.rb,"Cisco Prime Data Center Network Manager - Arbitrary File Upload",2013-12-03,metasploit,java,remote,0 30009,platforms/windows/remote/30009.rb,"ABB MicroSCADA wserver.exe - Remote Code Execution",2013-12-03,metasploit,windows,remote,12221 30010,platforms/php/remote/30010.rb,"Kimai 0.9.2 - 'db_restore.php' SQL Injection",2013-12-03,metasploit,php,remote,80 @@ -30509,7 +30509,7 @@ id,file,description,date,author,platform,type,port 33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 Memory Consumption Remote Denial of Service Vulnerability",2010-04-27,fallenpegasus,linux,dos,0 33851,platforms/php/webapps/33851.txt,"Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0day)",2014-06-24,@u0x,php,webapps,0 33868,platforms/multiple/remote/33868.txt,"Apache ActiveMQ 5.2/5.3 Source Code Information Disclosure Vulnerability",2010-04-22,"Veerendra G.G",multiple,remote,0 -33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0 +33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0 33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting Vulnerability",2010-04-20,"Edgard Chammas",php,webapps,0 33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting Vulnerability",2010-04-24,Liscker,php,webapps,0 33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption Vulnerability",2010-04-20,"Joel Johnson",linux,remote,0 @@ -31520,7 +31520,7 @@ id,file,description,date,author,platform,type,port 34982,platforms/win32/local/34982.rb,"Microsoft Bluetooth Personal Area Networking (BthPan.sys) Privilege Escalation",2014-10-15,metasploit,win32,local,0 34994,platforms/cgi/webapps/34994.txt,"OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities",2010-11-13,"dave b",cgi,webapps,0 34995,platforms/php/webapps/34995.txt,"Simea CMS 'index.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0 -34984,platforms/php/webapps/34984.py,"Drupal Core <= 7.32 - SQL Injection (#1)",2014-10-16,fyukyuk,php,webapps,0 +34984,platforms/php/webapps/34984.py,"Drupal Core <= 7.32 - SQL Injection (1)",2014-10-16,fyukyuk,php,webapps,0 34985,platforms/php/remote/34985.txt,"pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-05,"dave b",php,remote,0 34986,platforms/hardware/remote/34986.txt,"D-Link DIR-300 - Multiple Security Bypass Vulnerabilities",2010-11-09,"Karol Celia",hardware,remote,0 34987,platforms/linux/local/34987.c,"Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure Vulnerability",2010-11-09,"Dan Rosenberg",linux,local,0 @@ -31528,7 +31528,7 @@ id,file,description,date,author,platform,type,port 34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0 34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting Vulnerability",2010-11-09,thelightcosine,php,webapps,0 34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS 'venue.php' SQL Injection Vulnerability",2010-11-16,Cru3l.b0y,php,webapps,0 -34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (#2)",2014-10-17,"Claudio Viviani",php,webapps,0 +34992,platforms/php/webapps/34992.txt,"Drupal Core <= 7.32 - SQL Injection (2)",2014-10-17,"Claudio Viviani",php,webapps,0 34993,platforms/php/webapps/34993.php,"Drupal Core <= 7.32 - SQL Injection (PHP)",2014-10-17,"Dustin Dörr",php,webapps,0 34997,platforms/windows/remote/34997.txt,"DServe Multiple Cross-Site Scripting Vulnerabilities",2010-11-16,Axiell,windows,remote,0 34998,platforms/linux/remote/34998.txt,"Eclipse <= 3.6.1 Help Server help/index.jsp URI XSS",2010-11-16,"Aung Khant",linux,remote,0 @@ -31686,7 +31686,7 @@ id,file,description,date,author,platform,type,port 35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability",2010-12-27,JohnLeitch,windows,dos,0 35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS Vulnerability",2014-11-05,"Narendra Bhati",php,webapps,0 35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - - Stored XSS Vulnerability",2014-11-05,"Halil Dalabasmaz",php,webapps,0 -35161,platforms/linux/local/35161.txt,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (#2)",2012-01-12,zx2c4,linux,local,0 +35161,platforms/linux/local/35161.txt,"Linux Kernel <= 2.6.39 (32-bit & 64-bit) - Mempodipper Local Root (2)",2012-01-12,zx2c4,linux,local,0 35162,platforms/linux/dos/35162.cob,"GIMP <= 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0 35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-01-01,d3c0der,windows,dos,0 35164,platforms/php/dos/35164.php,"PHP <= 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability",2011-01-03,"Rick Regan",php,dos,0 @@ -31745,7 +31745,7 @@ id,file,description,date,author,platform,type,port 35226,platforms/windows/remote/35226.py,"Avira AntiVir Personal Multiple Code Execution Vulnerabilities (2)",2011-01-14,D.Elser,windows,remote,0 35227,platforms/php/webapps/35227.txt,"Alguest 1.1c-patched 'elimina' Parameter SQL Injection Vulnerability",2011-01-14,"Aliaksandr Hartsuyeu",php,webapps,0 35228,platforms/php/webapps/35228.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-15,NLSecurity,php,webapps,0 -35229,platforms/windows/remote/35229.html,"Microsoft Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (#1)",2014-11-13,yuange,windows,remote,0 +35229,platforms/windows/remote/35229.html,"Microsoft Internet Explorer <= 11 - OLE Automation Array Remote Code Execution (1)",2014-11-13,yuange,windows,remote,0 35230,platforms/windows/remote/35230.rb,"Microsoft Internet Explorer < 11 - OLE Automation Array Remote Code Execution (MSF)",2014-11-13,"Wesley Neelen & Rik van Duijn",windows,remote,0 35231,platforms/php/webapps/35231.txt,"Advanced Webhost Billing System 2.9.2 - 'oid' Parameter SQL Injection Vulnerability",2011-01-16,ShivX,php,webapps,0 35232,platforms/linux/remote/35232.txt,"Pango Font Parsing 'pangoft2-render.c' Heap Corruption Vulnerability",2011-01-18,"Dan Rosenberg",linux,remote,0 @@ -33231,7 +33231,7 @@ id,file,description,date,author,platform,type,port 36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution Vulnerability",2015-04-23,"TUNISIAN CYBER",php,webapps,0 36822,platforms/windows/local/36822.pl,"Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Overflow",2015-04-23,"Tomislav Paskalev",windows,local,0 36823,platforms/php/webapps/36823.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi",2015-04-23,"Felipe Molina",php,webapps,0 -36824,platforms/php/webapps/36824.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi #2",2015-04-23,"Felipe Molina",php,webapps,0 +36824,platforms/php/webapps/36824.txt,"Ultimate Product Catalogue Wordpress Plugin - Unauthenticated SQLi (2)",2015-04-23,"Felipe Molina",php,webapps,0 36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server DoS",2015-04-23,"Koorosh Ghorbani",hardware,dos,80 36826,platforms/windows/local/36826.pl,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow",2015-04-23,ThreatActor,windows,local,0 36827,platforms/windows/local/36827.py,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow (W7 - DEP Bypass)",2015-04-24,naxxo,windows,local,0 @@ -33486,7 +33486,7 @@ id,file,description,date,author,platform,type,port 37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0 37097,platforms/ios/remote/37097.py,"FTP Media Server 3.0 - Authentication Bypass and Denial of Service",2015-05-25,"Wh1t3Rh1n0 (Michael Allen)",ios,remote,0 37098,platforms/windows/local/37098.txt,"Microsoft Windows - Local Privilege Escalation (MS15-010)",2015-05-25,"Sky lake",windows,local,0 -37253,platforms/php/webapps/37253.txt,"Paypal Currencucy Converter Basic For Woocommerce File Read",2015-06-10,Kuroi'SH,php,webapps,0 +37253,platforms/php/webapps/37253.txt,"Paypal Currency Converter Basic For Woocommerce File Read",2015-06-10,Kuroi'SH,php,webapps,0 37254,platforms/php/webapps/37254.txt,"Wordpress History Collection <=1.1.1 Arbitrary File Download",2015-06-10,Kuroi'SH,php,webapps,80 37255,platforms/php/webapps/37255.txt,"Pandora FMS 5.0_ 5.1 - Authentication Bypass",2015-06-10,"Manuel Mancera",php,webapps,0 37100,platforms/php/webapps/37100.txt,"Waylu CMS 'products_xx.php' SQL Injection and HTML Injection Vulnerabilities",2012-04-20,TheCyberNuxbie,php,webapps,0 @@ -33552,7 +33552,7 @@ id,file,description,date,author,platform,type,port 37161,platforms/php/webapps/37161.txt,"WordPress GRAND Flash Album Gallery 1.71 'admin.php' Cross Site Scripting Vulnerability",2012-05-15,"Heine Pedersen",php,webapps,0 37162,platforms/php/webapps/37162.txt,"Dynamic Widgets WordPress Plugin 1.5.1 'themes.php' Cross Site Scripting Vulnerability",2012-05-15,"Heine Pedersen",php,webapps,0 37163,platforms/windows/remote/37163.py,"IBM Security AppScan Standard <= 9.0.2 - OLE Automation Array Remote Code Execution",2015-06-01,"Naser Farhadi",windows,remote,0 -37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build # 4172) - Buffer OverFlow PoC",2015-06-01,metacom,windows,remote,0 +37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Buffer OverFlow PoC",2015-06-01,metacom,windows,remote,0 37166,platforms/php/webapps/37166.php,"WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability",2015-06-01,"nabil chris",php,webapps,0 37167,platforms/linux/local/37167.c,"PonyOS <= 3.0 - VFS Permissions Exploit",2015-06-01,"Hacker Fantastic",linux,local,0 37168,platforms/linux/local/37168.txt,"PonyOS <= 3.0 - ELF Loader Privilege Escalation",2015-06-01,"Hacker Fantastic",linux,local,0 @@ -33632,3 +33632,4 @@ id,file,description,date,author,platform,type,port 37262,platforms/linux/remote/37262.rb,"ProFTPD 1.3.5 Mod_Copy Command Execution",2015-06-10,metasploit,linux,remote,0 37263,platforms/php/webapps/37263.txt,"AnimaGallery 2.6 - Local File Inclusion",2015-06-10,d4rkr0id,php,webapps,80 37264,platforms/php/webapps/37264.txt,"WordPress Encrypted Contact Form Plugin 1.0.4 - CSRF Vulnerability",2015-06-10,"Nitin Venkatesh",php,webapps,80 +37265,platforms/linux/local/37265.txt,"OSSEC 2.7 <= 2.8.1 - Local Root Escalation",2015-06-11,"Andrew Widdersheim",linux,local,0 diff --git a/platforms/linux/local/37265.txt b/platforms/linux/local/37265.txt new file mode 100755 index 000000000..449681355 --- /dev/null +++ b/platforms/linux/local/37265.txt @@ -0,0 +1,46 @@ +Fix for CVE-2015-3222 which allows for root escalation via syscheck - https://github.com/ossec/ossec-hids/releases/tag/2.8.2 + +Affected versions: 2.7 - 2.8.1 + +Beginning is OSSEC 2.7 (d88cf1c9) a feature was added to syscheck, which +is the daemon that monitors file changes on a system, called +"report_changes". This feature is only available on *NIX systems. It's +purpose is to help determine what about a file has changed. The logic to +do accomplish this is as follows which can be found in +src/syscheck/seechanges.c: + +252 /* Run diff */ +253 date_of_change = File_DateofChange(old_location); +254 snprintf(diff_cmd, 2048, "diff \"%s\" \"%s\"> \"%s/local/%s/diff.%d\" " +255 "2>/dev/null", +256 tmp_location, old_location, +257 DIFF_DIR_PATH, filename + 1, (int)date_of_change); +258 if (system(diff_cmd) != 256) { +259 merror("%s: ERROR: Unable to run diff for %s", +260 ARGV0, filename); +261 return (NULL); +262 } + +Above, on line 258, the system() call is used to shell out to the +system's "diff" command. The raw filename is passed in as an argument +which presents an attacker with the possibility to run arbitrary code. +Since the syscheck daemon runs as the root user so it can inspect any +file on the system for changes, any code run using this vulnerability +will also be run as the root user. + +An example attack might be creating a file called "foo-$(touch bar)" +which should create another file "bar". + +Again, this vulnerability exists only on *NIX systems and is contingent +on the following criteria: + +1. A vulnerable version is in use. +2. The OSSEC agent is configured to use syscheck to monitor the file +system for changes. +3. The list of directories monitored by syscheck includes those writable +by underprivileged users. +4. The "report_changes" option is enabled for any of those directories. + +The fix for this is to create temporary trusted file names that symlink +back to the original files before calling system() and running the +system's "diff" command. diff --git a/platforms/php/webapps/37253.txt b/platforms/php/webapps/37253.txt index 6e8086e38..6ea6e81fe 100755 --- a/platforms/php/webapps/37253.txt +++ b/platforms/php/webapps/37253.txt @@ -1,4 +1,4 @@ -# Exploit Title: Paypal Currencucy Converter Basic For Woocommerce File Read +# Exploit Title: Paypal Currency Converter Basic For Woocommerce File Read # Google Dork: inurl:"paypal-currency-converter-basic-for-woocommerce" # Date: 10/06/2015 # Exploit Author: Kuroi'SH