exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	d0b74905e8	DB: 2017-01-27 17 new exploits Google Android - 'pm_qos' KASLR Bypass macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free Systemd 228 - Privilege Escalation (PoC) OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service Haraka < 2.8.9 - Remote Command Execution Linux/x86_64 - execve /bin/sh Shellcode (22 bytes) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 < 7.31 - SQL Injection (1) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2) Drupal 7.0 < 7.31 - SQL Injection (2) Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload KB Affiliate Referral Script 1.0 - Authentication Bypass KB Login Authentication Script 1.1 - Authentication Bypass KB Messages PHP Script 1.0 - Authentication Bypass Web Based TimeSheet Script - Authentication Bypass TM RG4332 Wireless Router - Arbitrary File Disclosure PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting Polycom VVX Web Interface - Change Admin Password	2017-01-27 05:01:17 +00:00
Offensive Security	45360ed27c	DB: 2017-01-26 7 new exploits OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service Blitzkrieg 2 < 1.21 - (Server/Client) Denial of Service Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1) DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC) DESlock+ < 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC) DESlock+ <= 3.2.7 - Local Kernel Overflow (PoC) DESlock+ <= 3.2.7 - Local Kernel Race Condition Denial of Service (PoC) DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service (PoC) DESlock+ < 3.2.7 - Local Kernel Overflow (PoC) DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC) DESlock+ < 3.2.7 - (probe read) Local Kernel Denial of Service (PoC) ViPlay3 <= 3.00 - '.vpl' Local Stack Overflow (PoC) ViPlay3 < 3.00 - '.vpl' Local Stack Overflow (PoC) Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit) Adobe Flash - No Checks on Vector.<uint> Capacity Field Adobe Flash - 'uint' Capacity Field Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3) Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4) Linux Kernel 2.6.13 <= 2.6.17.4 - 'logrotate prctl()' Privilege Escalation Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Privilege Escalation X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1) X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1) X11R6 < 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2) X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2) AtomixMP3 <= 2.3 - '.m3u' Buffer Overflow AtomixMP3 < 2.3 - '.m3u' Buffer Overflow Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Privilege Escalation (2) Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Privilege Escalation (1) Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Privilege Escalation (2) Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Privilege Escalation (1) DESlock+ <= 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ <= 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC) DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH) AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH) Linux Kernel 2.6.18 <= 2.6.18-20 - Privilege Escalation Linux Kernel 2.6.18 < 2.6.18-20 - Privilege Escalation Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC) Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC) AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation ESTsoft ALYac Anti-Virus 1.5 <= 5.0.1.2 - Privilege Escalation ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Privilege Escalation NProtect Anti-Virus 2007 < 2010.5.11.1 - Privilege Escalation ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Privilege Escalation ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Privilege Escalation DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit PolicyKit polkit-1 <= 0.101 - Linux Privilege Escalation PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1) Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit) Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit) Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1) Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1) Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Privilege Escalation (1) Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Privilege Escalation (1) Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2) OSSEC 2.7 <= 2.8.1 - 'diff' Command Privilege Escalation OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation GNU Screen 4.5.0 - Privilege Escalation (PoC) GNU Screen 4.5.0 - Privilege Escalation Man-db 2.6.7.1 - Privilege Escalation (PoC) e107 <= 0.6172 - 'resetcore.php' SQL Injection e107 < 0.6172 - 'resetcore.php' SQL Injection Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2) Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2) Mercur Messaging 2005 <= SP4 - IMAP Remote Exploit (Egghunter) Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter) Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure NaviCopa Web Server 3.01 - Remote Buffer Overflow NaviCopa WebServer 3.01 - Remote Buffer Overflow Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow TFTPD32 <= 2.21 - Long Filename Buffer Overflow (Metasploit) TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit) Mercury/32 <= 4.01b - PH Server Module Buffer Overflow (Metasploit) Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit) Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit) Mercury/32 Mail Server < 4.01b - LOGIN Buffer Overflow (Metasploit) Exim4 <= 4.69 - string_format Function Heap Buffer Overflow (Metasploit) Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit) Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection (Metasploit) Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit) Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit) Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit) Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit) Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit) Drupal 4.5.3 <= 4.6.1 - Comments PHP Injection Drupal 4.5.3 < 4.6.1 - Comments PHP Injection FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload RechnungsZentrale V2 <= 1.1.3 - Remote File Inclusion RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion Invision Power Board 2.1 <= 2.1.6 - SQL Injection (1) Invision Power Board 2.1 < 2.1.6 - SQL Injection (1) Invision Power Board 2.1 <= 2.1.6 - SQL Injection (2) Invision Power Board 2.1 < 2.1.6 - SQL Injection (2) vbPortal 3.0.2 <= 3.6.0 b1 - 'cookie' Remote Code Execution vbPortal 3.0.2 < 3.6.0 b1 - 'cookie' Remote Code Execution Wikepage Opus 10 <= 2006.2a (lng) - Remote Command Execution Wikepage Opus 10 < 2006.2a (lng) - Remote Command Execution e107 <= 0.75 - (GLOBALS Overwrite) Remote Code Execution e107 < 0.75 - (GLOBALS Overwrite) Remote Code Execution Haberx 1.02 <= 1.1 - (tr) SQL Injection Haberx 1.02 < 1.1 - (tr) SQL Injection PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion PNPHPBB2 < 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion exV2 <= 2.0.4.3 - (sort) SQL Injection exV2 < 2.0.4.3 - (sort) SQL Injection exV2 <= 2.0.4.3 - extract() Remote Command Execution exV2 < 2.0.4.3 - extract() Remote Command Execution Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion Kietu? < 4.0.0b2 - 'hit.php' Remote File Inclusion Forum82 <= 2.5.2b - (repertorylevel) Multiple File Inclusion Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion e107 <= 0.75 - (e107language_e107cookie) Local File Inclusion e107 < 0.75 - (e107language_e107cookie) Local File Inclusion Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure Mambo Component com_flyspray < 1.0.1 - Remote File Disclosure PNPHPBB2 <= 1.2 - 'index.php' SQL Injection PNPHPBB2 < 1.2 - 'index.php' SQL Injection e107 <= 0.7.8 - (photograph) Arbitrary File Upload e107 < 0.7.8 - (photograph) Arbitrary File Upload EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion zKup CMS 2.0 <= 2.3 - Remote Add Admin zKup CMS 2.0 <= 2.3 - Arbitrary File Upload zKup CMS 2.0 < 2.3 - Remote Add Admin zKup CMS 2.0 < 2.3 - Arbitrary File Upload GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection GLLCTS2 < 4.2.4 - 'detail' Parameter SQL Injection PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection PHPHoo3 < 5.2.6 - 'viewCat' Parameter SQL Injection E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection E-Store Kit-1 < 2 PayPal Edition - 'pid' Parameter SQL Injection e107 <= 0.7.11 - Arbitrary Variable Overwriting e107 < 0.7.11 - Arbitrary Variable Overwriting e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection e107 < 0.7.13 - 'usersettings.php' Blind SQL Injection VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection VideoScript 3.0 < 4.0.1.50 - Official Shell Injection VideoScript 3.0 < 4.1.5.55 - Unofficial Shell Injection IPNPro3 <= 1.44 - Admin Password Changing Exploit IPNPro3 < 1.44 - Admin Password Changing Exploit PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion PNPHPBB2 < 1.2i - (ModName) Multiple Local File Inclusion WEBalbum 2.4b - 'photo.php id' Blind SQL Injection WEBalbum 2.4b - 'id' Parameter Blind SQL Injection e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection e107 < 0.7.15 - (extended_user_fields) Blind SQL Injection Alqatari group 1.0 <= 5.0 - 'id' SQL Injection AlefMentor 2.0 <= 5.0 - 'id' SQL Injection Alqatari group 1.0 < 5.0 - 'id' SQL Injection AlefMentor 2.0 < 5.0 - 'id' SQL Injection 2DayBiz Matrimonial Script - smartresult.php SQL Injection 2DayBiz Matrimonial Script - 'smartresult.php' SQL Injection fozzcom shopping<= 7.94+8.04 - Multiple Vulnerabilities Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit) Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit) Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities Concrete5 < 5.4.2.1 - Multiple Vulnerabilities CaupoShop Pro (2.x / <= 3.70) Classic 3.01 - Local File Inclusion CaupoShop Pro (2.x < 3.70) Classic 3.01 - Local File Inclusion Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities Apache Struts2 < 2.3.1 - Multiple Vulnerabilities Ruslan Communications <Body>Builder - SQL Injection Ruslan Communications <Body>Builder - Authentication Bypass AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution MyBB - 'editpost.php posthash' SQL Injection MyBB 1.6.9 - 'editpost.php posthash' Time Based SQL Injection CoolForum 0.5/0.7/0.8 - register.php login Parameter SQL Injection CoolForum 0.5/0.7/0.8 - 'register.php' login Parameter SQL Injection MyBB - Multiple Cross-Site Scripting / SQL Injection MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injection 4homepages 4Images 1.7 - member.php Cross-Site Scripting 4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting 4Images 1.7.1 - member.php sessionid Parameter SQL Injection 4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection Alex DownloadEngine 1.4.1 - comments.php SQL Injection Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection Album Photo Sans Nom 1.6 - Getimg.php Remote File Inclusion Album Photo Sans Nom 1.6 - 'Getimg.php' Remote File Inclusion 4Images 1.7 - details.php Cross-Site Scripting 4Images 1.7 - 'details.php' Cross-Site Scripting 212Cafe Guestbook 4.00 - show.php Cross-Site Scripting 212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting 2z Project 0.9.5 - rating.php Cross-Site Scripting 2z Project 0.9.5 - 'rating.php' Cross-Site Scripting Openads (PHPAdsNew) <=c 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion Openads (PHPAdsNew) < 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion 212Cafe WebBoard 6.30 - Read.php SQL Injection 212Cafe WebBoard 6.30 - 'Read.php' SQL Injection PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1) Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2) Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2) ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management Joomla! - 'redirect.php' SQL Injection Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection Plone - 'in_portal.py' <= 4.1.3 Session Hijacking Plone - 'in_portal.py' < 4.1.3 Session Hijacking Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities Skybox Platform <= 7.0.611 - Multiple Vulnerabilities Skybox Platform < 7.0.611 - Multiple Vulnerabilities SOLIDserver <= 5.0.4 - Local File Inclusion SOLIDserver < 5.0.4 - Local File Inclusion WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities Movie Portal Script 7.36 - Multiple Vulnerabilities Joomla! < 2.5.2 - Admin Creation Joomla! < 3.6.4 - Admin TakeOver	2017-01-26 05:01:18 +00:00

Author

SHA1

Message

Date

Offensive Security

d0b74905e8

DB: 2017-01-27

17 new exploits

Google Android - 'pm_qos' KASLR Bypass
macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption
macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free
macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free
Systemd 228 - Privilege Escalation (PoC)
OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation
Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service
Haraka < 2.8.9 - Remote Command Execution

Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)

Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal 7.0 < 7.31 - SQL Injection (1)

Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2)
Drupal 7.0 < 7.31 - SQL Injection (2)
Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload
KB Affiliate Referral Script 1.0 - Authentication Bypass
KB Login Authentication Script 1.1 - Authentication Bypass
KB Messages PHP Script 1.0 - Authentication Bypass
Web Based TimeSheet Script - Authentication Bypass
TM RG4332 Wireless Router - Arbitrary File Disclosure
PHPBack < 1.3.1 - SQL Injection / Cross-Site Scripting
Polycom VVX Web Interface - Change Admin Password

2017-01-27 05:01:17 +00:00

Offensive Security

45360ed27c

DB: 2017-01-26

7 new exploits

OpenSSL ASN.1 <= 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
OpenSSL ASN.1 < 0.9.6j / 0.9.7b - Brute Forcer for Parsing Bugs
Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (SMTP) Buffer Overflow
Inframail Advantage Server Edition 6.0 < 6.37 - (FTP) Buffer Overflow

Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service
Blitzkrieg 2 < 1.21 - (Server/Client) Denial of Service

Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (1)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (1)

DESlock+ <= 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)
DESlock+ < 3.2.6 - 'DLMFENC.sys' Local Kernel Ring0 link list zero (PoC)
DESlock+ <= 3.2.7 - Local Kernel Overflow (PoC)
DESlock+ <= 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service (PoC)
DESlock+ < 3.2.7 - Local Kernel Overflow (PoC)
DESlock+ < 3.2.7 - Local Kernel Race Condition Denial of Service (PoC)
DESlock+ < 3.2.7 - (probe read) Local Kernel Denial of Service (PoC)

ViPlay3 <= 3.00 - '.vpl' Local Stack Overflow (PoC)
ViPlay3 < 3.00 - '.vpl' Local Stack Overflow (PoC)

Microsoft Windows 2000<2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)
Microsoft Windows 2000 < 2008 - Embedded OpenType Font Engine Remote Code Execution (MS09-065) (Metasploit)

Adobe Flash - No Checks on Vector.<uint> Capacity Field
Adobe Flash - 'uint' Capacity Field
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (1)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (2)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (3)
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Privilege Escalation (4)

Linux Kernel 2.6.13 <= 2.6.17.4 - 'logrotate prctl()' Privilege Escalation
Linux Kernel 2.6.13 < 2.6.17.4 - 'logrotate prctl()' Privilege Escalation
X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1)
X11R6 <= 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow
X11R6 <= 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow
X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (1)
X11R6 < 6.4 XKEYBOARD (solaris x86) - Local Buffer Overflow
X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow

X11R6 <= 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2)
X11R6 < 6.4 XKEYBOARD (solaris/sparc) - Local Buffer Overflow (2)

AtomixMP3 <= 2.3 - '.m3u' Buffer Overflow
AtomixMP3 < 2.3 - '.m3u' Buffer Overflow
Linux Kernel 2.6.17 <= 2.6.24.1 - 'vmsplice' Privilege Escalation (2)
Linux Kernel 2.6.23 <= 2.6.24 - 'vmsplice' Privilege Escalation (1)
Linux Kernel 2.6.17 < 2.6.24.1 - 'vmsplice' Privilege Escalation (2)
Linux Kernel 2.6.23 < 2.6.24 - 'vmsplice' Privilege Escalation (1)
DESlock+ <= 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ <= 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit
DESlock+ <= 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit
DESlock+ < 3.2.6 - 'LIST' Local Kernel Memory Leak (PoC)
DESlock+ < 3.2.6 - Local Kernel Ring0 link list zero SYSTEM Exploit
DESlock+ < 3.2.6 - 'DLMFDISK.sy's Local kernel Ring0 SYSTEM Exploit

AtomixMP3 <= 2.3 - 'Playlist' Universal Overwrite (SEH)
AtomixMP3 < 2.3 - 'Playlist' Universal Overwrite (SEH)

Linux Kernel 2.6.18 <= 2.6.18-20 - Privilege Escalation
Linux Kernel 2.6.18 < 2.6.18-20 - Privilege Escalation

Winamp 5.05<5.13 - '.ini' Local Stack Buffer Overflow (PoC)
Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC)
AhnLab V3 Internet Security 8.0 <= 1.2.0.4 - Privilege Escalation
NProtect Anti-Virus 2007 <= 2010.5.11.1 - Privilege Escalation
ESTsoft ALYac Anti-Virus 1.5 <= 5.0.1.2 - Privilege Escalation
ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation
AhnLab V3 Internet Security 8.0 < 1.2.0.4 - Privilege Escalation
NProtect Anti-Virus 2007 < 2010.5.11.1 - Privilege Escalation
ESTsoft ALYac Anti-Virus 1.5 < 5.0.1.2 - Privilege Escalation
ViRobot Desktop 5.5 and Server 3.5 < 2008.8.1.1 - Privilege Escalation

DESlock+ <= 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit
DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit

PolicyKit polkit-1 <= 0.101 - Linux Privilege Escalation
PolicyKit polkit-1 < 0.101 - Linux Privilege Escalation

Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64) - 'Mempodipper.c' Privilege Escalation (1)

Linux Kernel 2.4.4 <= 2.4.37.4 / 2.6.0 <= 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)
Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)

Linux Kernel 2.6.32 <= 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)
Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)

Linux Kernel 2.6.0 <= 2.6.31 - 'pipe.c' Privilege Escalation (1)
Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Privilege Escalation (1)

Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation
Linux Kernel 3.14-rc1 < 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Privilege Escalation

Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper.c' Privilege Escalation (2)

OSSEC 2.7 <= 2.8.1 - 'diff' Command Privilege Escalation
OSSEC 2.7 < 2.8.1 - 'diff' Command Privilege Escalation
GNU Screen 4.5.0 - Privilege Escalation (PoC)
GNU Screen 4.5.0 - Privilege Escalation
Man-db 2.6.7.1 - Privilege Escalation (PoC)

e107 <= 0.6172 - 'resetcore.php' SQL Injection
e107 < 0.6172 - 'resetcore.php' SQL Injection

Microsoft Windows Media Player 7.1 <= 10 - BMP Heap Overflow PoC (MS06-005) (2)
Microsoft Windows Media Player 7.1 < 10 - BMP Heap Overflow PoC (MS06-005) (2)

Mercur Messaging 2005 <= SP4 - IMAP Remote Exploit (Egghunter)
Mercur Messaging 2005 < SP4 - IMAP Remote Exploit (Egghunter)

Mercury/32 Mail Server 3.32<4.51 - SMTP Unauthenticated EIP Overwrite
Mercury/32 Mail Server 3.32 < 4.51 - SMTP Unauthenticated EIP Overwrite

Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure
Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure
Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby)

Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)
Debian and Derivatives OpenSSL 0.9.8c-1 < 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python)

navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure
Navicopa WebServer 3.0.1 - Buffer Overflow / Script Source Disclosure

NaviCopa Web Server 3.01 - Remote Buffer Overflow
NaviCopa WebServer 3.01 - Remote Buffer Overflow

Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow
Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow

Liquid XML Studio 2010 <= 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow

TFTPD32 <= 2.21 - Long Filename Buffer Overflow (Metasploit)
TFTPD32 < 2.21 - Long Filename Buffer Overflow (Metasploit)

Mercury/32 <= 4.01b - PH Server Module Buffer Overflow (Metasploit)
Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)

Mercury/32 Mail Server <= 4.01b - LOGIN Buffer Overflow (Metasploit)
Mercury/32 Mail Server < 4.01b - LOGIN Buffer Overflow (Metasploit)

Exim4 <= 4.69 - string_format Function Heap Buffer Overflow (Metasploit)
Exim4 < 4.69 - string_format Function Heap Buffer Overflow (Metasploit)

Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)
Mozilla Firefox 7 / 8 < 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit)

Active Collab 'chat module' <= 2.3.8 - Remote PHP Code Injection (Metasploit)
Active Collab 'chat module' < 2.3.8 - Remote PHP Code Injection (Metasploit)

Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting
Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting

ntop/nbox 2.3 <= 2.5 - Multiple Vulnerabilities
ntop/nbox 2.3 < 2.5 - Multiple Vulnerabilities

Google Android 5.0 <= 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)
Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)

Mozilla Firefox < 50.0.2 - nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution (Metasploit)
Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)
Geutebrueck GCore 1.3.8.42/1.4.2.37 - Remote Code Execution (Metasploit)

Drupal 4.5.3 <= 4.6.1 - Comments PHP Injection
Drupal 4.5.3 < 4.6.1 - Comments PHP Injection

FCKEditor 2.0 <= 2.2 - 'FileManager connector.php' Arbitrary File Upload
FCKEditor 2.0 < 2.2 - 'FileManager connector.php' Arbitrary File Upload

RechnungsZentrale V2 <= 1.1.3 - Remote File Inclusion
RechnungsZentrale V2 < 1.1.3 - Remote File Inclusion

RsGallery2 <= 1.11.2 - 'rsgallery.html.php' File Inclusion
RsGallery2 < 1.11.2 - 'rsgallery.html.php' File Inclusion

Invision Power Board 2.1 <= 2.1.6 - SQL Injection (1)
Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)

Invision Power Board 2.1 <= 2.1.6 - SQL Injection (2)
Invision Power Board 2.1 < 2.1.6 - SQL Injection (2)

vbPortal 3.0.2 <= 3.6.0 b1 - 'cookie' Remote Code Execution
vbPortal 3.0.2 < 3.6.0 b1 - 'cookie' Remote Code Execution

Wikepage Opus 10 <= 2006.2a (lng) - Remote Command Execution
Wikepage Opus 10 < 2006.2a (lng) - Remote Command Execution

e107 <= 0.75 - (GLOBALS Overwrite) Remote Code Execution
e107 < 0.75 - (GLOBALS Overwrite) Remote Code Execution

Haberx 1.02 <= 1.1 - (tr) SQL Injection
Haberx 1.02 < 1.1 - (tr) SQL Injection

PNphpBB2 <= 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion
PNPHPBB2 < 1.2g - 'phpbb_root_path' Parameter Remote File Inclusion

exV2 <= 2.0.4.3 - (sort) SQL Injection
exV2 < 2.0.4.3 - (sort) SQL Injection

exV2 <= 2.0.4.3 - extract() Remote Command Execution
exV2 < 2.0.4.3 - extract() Remote Command Execution

Kietu? <= 4.0.0b2 - 'hit.php' Remote File Inclusion
Kietu? < 4.0.0b2 - 'hit.php' Remote File Inclusion

Forum82 <= 2.5.2b - (repertorylevel) Multiple File Inclusion
Forum82 < 2.5.2b - (repertorylevel) Multiple File Inclusion

e107 <= 0.75 - (e107language_e107cookie) Local File Inclusion
e107 < 0.75 - (e107language_e107cookie) Local File Inclusion

Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure
Mambo Component com_flyspray < 1.0.1 - Remote File Disclosure

PNPHPBB2 <= 1.2 - 'index.php' SQL Injection
PNPHPBB2 < 1.2 - 'index.php' SQL Injection

e107 <= 0.7.8 - (photograph) Arbitrary File Upload
e107 < 0.7.8 - (photograph) Arbitrary File Upload

EVA-Web 1.1 <= 2.2 - 'index.php3' Remote File Inclusion
EVA-Web 1.1 < 2.2 - 'index.php3' Remote File Inclusion

PNPHPBB2 <= 1.2i - 'viewforum.php' SQL Injection
PNPHPBB2 < 1.2i - 'viewforum.php' SQL Injection

WordPress 1.5.1.1 <= 2.2.2 - Multiple Vulnerabilities
WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

PNPHPBB2 <= 1.2i - 'PHPEx' Parameter Local File Inclusion
PNPHPBB2 < 1.2i - 'PHPEx' Parameter Local File Inclusion
zKup CMS 2.0 <= 2.3 - Remote Add Admin
zKup CMS 2.0 <= 2.3 - Arbitrary File Upload
zKup CMS 2.0 < 2.3 - Remote Add Admin
zKup CMS 2.0 < 2.3 - Arbitrary File Upload

GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection
GLLCTS2 < 4.2.4 - 'detail' Parameter SQL Injection

PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
PHPHoo3 < 5.2.6 - 'viewCat' Parameter SQL Injection

E-Store Kit-1 <= 2 PayPal Edition - 'pid' Parameter SQL Injection
E-Store Kit-1 < 2 PayPal Edition - 'pid' Parameter SQL Injection

e107 <= 0.7.11 - Arbitrary Variable Overwriting
e107 < 0.7.11 - Arbitrary Variable Overwriting

e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection
e107 < 0.7.13 - 'usersettings.php' Blind SQL Injection
VideoScript 3.0 <= 4.0.1.50 - Official Shell Injection
VideoScript 3.0 <= 4.1.5.55 - Unofficial Shell Injection
VideoScript 3.0 < 4.0.1.50 - Official Shell Injection
VideoScript 3.0 < 4.1.5.55 - Unofficial Shell Injection

IPNPro3 <= 1.44 - Admin Password Changing Exploit
IPNPro3 < 1.44 - Admin Password Changing Exploit

PNphpBB2 <= 1.2i - (ModName) Multiple Local File Inclusion
PNPHPBB2 < 1.2i - (ModName) Multiple Local File Inclusion

WEBalbum 2.4b - 'photo.php id' Blind SQL Injection
WEBalbum 2.4b - 'id' Parameter Blind SQL Injection

e107 <= 0.7.15 - (extended_user_fields) Blind SQL Injection
e107 < 0.7.15 - (extended_user_fields) Blind SQL Injection
Alqatari group 1.0 <= 5.0 - 'id' SQL Injection
AlefMentor 2.0 <= 5.0 - 'id' SQL Injection
Alqatari group 1.0 < 5.0 - 'id' SQL Injection
AlefMentor 2.0 < 5.0 - 'id' SQL Injection

2DayBiz Matrimonial Script - smartresult.php SQL Injection
2DayBiz Matrimonial Script - 'smartresult.php' SQL Injection

fozzcom shopping<= 7.94+8.04 - Multiple Vulnerabilities
Fozzcom Shopping < 7.94 / < 8.04 - Multiple Vulnerabilities

Jcow Social Networking Script 4.2 <= 5.2 - Arbitrary Code Execution (Metasploit)
Jcow Social Networking Script 4.2 < 5.2 - Arbitrary Code Execution (Metasploit)

Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities
Concrete5 < 5.4.2.1 - Multiple Vulnerabilities

CaupoShop Pro (2.x / <= 3.70) Classic 3.01 - Local File Inclusion
CaupoShop Pro (2.x < 3.70) Classic 3.01 - Local File Inclusion

Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
Apache Struts2 < 2.3.1 - Multiple Vulnerabilities

Ruslan Communications <Body>Builder - SQL Injection
Ruslan Communications <Body>Builder - Authentication Bypass
AllMyVisitors 0.x - info.inc.php Arbitrary Code Execution
AllMyLinks 0.x - footer.inc.php Arbitrary Code Execution
AllMyVisitors 0.x - 'info.inc.php' Arbitrary Code Execution
AllMyLinks 0.x - 'footer.inc.php' Arbitrary Code Execution

MyBB - 'editpost.php posthash' SQL Injection
MyBB 1.6.9 - 'editpost.php posthash' Time Based SQL Injection

CoolForum 0.5/0.7/0.8 - register.php login Parameter SQL Injection
CoolForum 0.5/0.7/0.8 - 'register.php' login Parameter SQL Injection

MyBB - Multiple Cross-Site Scripting / SQL Injection
MyBulletinBoard (MyBB) RC4 - Multiple Cross-Site Scripting / SQL Injection

4homepages 4Images 1.7 - member.php Cross-Site Scripting
4homepages 4Images 1.7 - 'member.php' Cross-Site Scripting

4Images 1.7.1 - member.php sessionid Parameter SQL Injection
4Images 1.7.1 - 'member.php' sessionid Parameter SQL Injection

Alex DownloadEngine 1.4.1 - comments.php SQL Injection
Alex DownloadEngine 1.4.1 - 'comments.php' SQL Injection

Album Photo Sans Nom 1.6 - Getimg.php Remote File Inclusion
Album Photo Sans Nom 1.6 - 'Getimg.php' Remote File Inclusion

4Images 1.7 - details.php Cross-Site Scripting
4Images 1.7 - 'details.php' Cross-Site Scripting

212Cafe Guestbook 4.00 - show.php Cross-Site Scripting
212Cafe Guestbook 4.00 - 'show.php' Cross-Site Scripting

2z Project 0.9.5 - rating.php Cross-Site Scripting
2z Project 0.9.5 - 'rating.php' Cross-Site Scripting

Openads (PHPAdsNew) <=c 2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion
Openads (PHPAdsNew) <  2.0.8 - 'lib-remotehost.inc.php' Remote File Inclusion

212Cafe WebBoard 6.30 - Read.php SQL Injection
212Cafe WebBoard 6.30 - 'Read.php' SQL Injection

PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection
PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection

Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (1)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (1)

Drupal 7.0 <= 7.31 - SQL Injection (SA-CORE-2014-005) (2)
Drupal 7.0 < 7.31 - SQL Injection (SA-CORE-2014-005) (2)

ManageEngine ServiceDesk Plus 9.0 (< Build 9031) - User Privileges Management
ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management

Joomla! - 'redirect.php' SQL Injection
Joomla! 2.5.1 - 'redirect.php' Time Based SQL Injection

Plone - 'in_portal.py' <= 4.1.3 Session Hijacking
Plone - 'in_portal.py' < 4.1.3 Session Hijacking

Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities
Kaltura Community Edition < 11.1.0-2 - Multiple Vulnerabilities

Skybox Platform <= 7.0.611 - Multiple Vulnerabilities
Skybox Platform < 7.0.611 - Multiple Vulnerabilities

SOLIDserver <= 5.0.4 - Local File Inclusion
SOLIDserver < 5.0.4 - Local File Inclusion

WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
Movie Portal Script 7.36 - Multiple Vulnerabilities
Joomla! < 2.5.2 - Admin Creation
Joomla! < 3.6.4 - Admin TakeOver

2017-01-26 05:01:18 +00:00

2 commits