exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	9cad083b49	DB: 2016-12-11 5 new exploits uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC) uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC) F5 BIG-IP - Authentication Bypass (1) F5 BIG-IP - Authentication Bypass (PoC) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1) Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1) Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2) Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption uTorrent - DLL Hijacking uTorrent 2.0.3 - DLL Hijacking F5 BIG-IP - Authentication Bypass (2) F5 BIG-IP - Authentication Bypass SePortal - SQL Injection / Remote Code Execution (Metasploit) SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit) MyPHP CMS 0.3 - (domain) Remote File Inclusion MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion RSS-aggregator - 'display.php path' Remote File Inclusion RSS-aggregator - 'path' Parameter Remote File Inclusion HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting HoMaP-CMS 0.1 - (index.php go) SQL Injection HoMaP-CMS 0.1 - 'go' Parameter SQL Injection Ready2Edit - 'pages.php menuid' SQL Injection ResearchGuide 0.5 - (guide.php id) SQL Injection MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection Ready2Edit - 'menuid' Parameter SQL Injection ResearchGuide 0.5 - 'id' Parameter SQL Injection MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection Demo4 CMS - 'index.php id' SQL Injection Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - (dir_inc) Remote File Inclusion TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion Demo4 CMS - 'id' Parameter SQL Injection Joomla! Component FacileForms 1.4.4 - Remote File Inclusion Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting mm chat 1.5 - Local File Inclusion / Cross-Site Scripting ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection DUcalendar 1.0 - (detail.asp iEve) SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection Link ADS 1 - 'out.php linkid' SQL Injection TOKOKITA - 'barang.php produk_id' SQL Injection Webdevindo-CMS 0.1 - (index.php hal) SQL Injection mUnky 0.0.1 - (index.php zone) Local File Inclusion Jokes & Funny Pics Script - (sb_jokeid) SQL Injection DUcalendar 1.0 - 'iEve' Parameter SQL Injection HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection Link ADS 1 - 'linkid' Parameter SQL Injection TOKOKITA - 'produk_id' Parameter SQL Injection Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection mUnky 0.0.1 - 'zone' Parameter Local File Inclusion Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection MyPHP CMS 0.3.1 - (page.php pid) SQL Injection PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection polypager 1.0rc2 - SQL Injection / Cross-Site Scripting PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection Riddles Complete Website 1.2.1 - (riddleid) SQL Injection Tips Complete Website 1.2.0 - (tipid) SQL Injection Jokes Complete Website 2.1.3 - (jokeid) SQL Injection Drinks Complete Website 2.1.0 - (drinkid) SQL Injection Cheats Complete Website 1.1.1 - 'itemID' SQL Injection Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting SePortal 2.4 - (poll.php poll_id) SQL Injection SePortal 2.4 - 'poll_id' Parameter SQL Injection poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Joomla! Component jabode - 'id' SQL Injection Online Booking Manager 2.2 - 'id' SQL Injection poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting Joomla! Component jabode - 'id' Parameter SQL Injection Online Booking Manager 2.2 - 'id' Parameter SQL Injection Joomla! Component Xe webtv - 'id' Blind SQL Injection Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection AcmlmBoard 1.A2 - 'pow' SQL Injection eSHOP100 - (SUB) SQL Injection AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection eSHOP100 - 'SUB' Parameter SQL Injection OTManager CMS 2.4 - (Tipo) Remote File Inclusion OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion Orca 2.0.2 - (Topic) Cross-Site Scripting Orca 2.0.2 - Cross-Site Scripting Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting Joomla! Component com_facileforms - Cross-Site Scripting Joomla! Component FacileForms - Cross-Site Scripting PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload Roundcube 1.2.2 - Remote Code Execution Pivot 1.0 - Remote module_db.php File Inclusion Pivot 1.0 - 'module_db.php' Remote File Inclusion MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting MyBloggie 2.1 - 'index.php' Cross-Site Scripting E-topbiz Link ADS 1 - 'out.php' SQL Injection PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection RSS-aggregator 1.0 - Authentication Bypass Jokes Complete Website - joke.php id Parameter Cross-Site Scripting Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting Splunk Enterprise 6.4.3 - Server-Side Request Forgery	2016-12-11 05:01:17 +00:00
Offensive Security	760d823bc8	DB: 2016-08-30 18 new exploits Too many to list!	2016-08-30 05:08:40 +00:00

Author

SHA1

Message

Date

Offensive Security

9cad083b49

DB: 2016-12-11

5 new exploits

uTorrent 1.8.3 (Build 15772) - Create New Torrent Buffer Overflow (PoC)
uTorrent 1.8.3 Build 15772 - Create New Torrent Buffer Overflow (PoC)

F5 BIG-IP - Authentication Bypass (1)
F5 BIG-IP - Authentication Bypass (PoC)

Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC (1)
Linux Kernel 3.4 < 3.13.2 - recvmmsg x32 compat PoC

Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (2)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (2)
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Microsoft Internet Explorer 9 MSHTML - CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (2)

Microsoft Internet Explorer 9 MSHTML - CElement::HasFlag Memory Corruption

uTorrent - DLL Hijacking
uTorrent 2.0.3 - DLL Hijacking

F5 BIG-IP - Authentication Bypass (2)
F5 BIG-IP - Authentication Bypass

SePortal - SQL Injection / Remote Code Execution (Metasploit)
SePortal 2.5 - SQL Injection / Remote Code Execution (Metasploit)

MyPHP CMS 0.3 - (domain) Remote File Inclusion
MyPHP CMS 0.3 - 'domain' Parameter Remote File Inclusion

RSS-aggregator - 'display.php path' Remote File Inclusion
RSS-aggregator - 'path' Parameter Remote File Inclusion
HoMaP-CMS 0.1 - (plugin_admin.php) Remote File Inclusion
HomePH Design 2.10 RC2 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
HoMaP-CMS 0.1 - 'plugin_admin.php' Remote File Inclusion
HomePH Design 2.10 RC2 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting

cmreams CMS 1.3.1.1 beta2 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
cmreams CMS 1.3.1.1 beta2 - Local File Inclusion / Cross-Site Scripting

HoMaP-CMS 0.1 - (index.php go) SQL Injection
HoMaP-CMS 0.1 - 'go' Parameter SQL Injection
Ready2Edit - 'pages.php menuid' SQL Injection
ResearchGuide 0.5 - (guide.php id) SQL Injection
MVC-Web CMS 1.0/1.2 - (index.asp newsid) SQL Injection
Ready2Edit - 'menuid' Parameter SQL Injection
ResearchGuide 0.5 - 'id' Parameter SQL Injection
MVC-Web CMS 1.0/1.2 - 'newsid' Parameter SQL Injection
Demo4 CMS - 'index.php id' SQL Injection
Joomla! Component com_facileforms 1.4.4 - Remote File Inclusion
Dagger CMS 2008 - (dir_inc) Remote File Inclusion
TinxCMS 1.1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
mm chat 1.5 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
ourvideo CMS 9.5 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
cmsWorks 2.2 RC4 - (mod_root) Remote File Inclusion
Demo4 CMS - 'id' Parameter SQL Injection
Joomla! Component FacileForms 1.4.4 - Remote File Inclusion
Dagger CMS 2008 - 'dir_inc' Parameter Remote File Inclusion
TinXCMS 1.1 - Local File Inclusion / Cross-Site Scripting
mm chat 1.5 - Local File Inclusion / Cross-Site Scripting
ourvideo CMS 9.5 - Remote File Inclusion / Local File Inclusion / Cross-Site Scripting
cmsWorks 2.2 RC4 - 'mod_root' Parameter Remote File Inclusion

Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
Relative Real Estate Systems 3.0 - 'listing_id' Parameter SQL Injection
DUcalendar 1.0 - (detail.asp iEve) SQL Injection
HiveMaker Directory - 'cid' Parameter SQL Injection
E-topbiz ViralDX 2.07 - (adclick.php bannerid) SQL Injection
Link ADS 1 - 'out.php linkid' SQL Injection
TOKOKITA - 'barang.php produk_id' SQL Injection
Webdevindo-CMS 0.1 - (index.php hal) SQL Injection
mUnky 0.0.1 - (index.php zone) Local File Inclusion
Jokes & Funny Pics Script - (sb_jokeid) SQL Injection
DUcalendar 1.0 - 'iEve' Parameter SQL Injection
HiveMaker Directory 1.0.2 - 'cid' Parameter SQL Injection
E-topbiz ViralDX 2.07 - 'bannerid' Parameter SQL Injection
Link ADS 1 - 'linkid' Parameter SQL Injection
TOKOKITA - 'produk_id' Parameter SQL Injection
Webdevindo-CMS 0.1 - 'hal' Parameter SQL Injection
mUnky 0.0.1 - 'zone' Parameter Local File Inclusion
Jokes & Funny Pics Script - 'sb_jokeid' Parameter SQL Injection
MyPHP CMS 0.3.1 - (page.php pid) SQL Injection
PHPmotion 2.0 - (update_profile.php) Arbitrary File Upload
MyPHP CMS 0.3.1 - 'pid' Parameter SQL Injection
PHPmotion 2.0 - 'update_profile.php' Arbitrary File Upload
polypager 1.0rc2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
PHP-Fusion Mod Kroax 4.42 - (category) SQL Injection
polypager 1.0rc2 - SQL Injection / Cross-Site Scripting
PHP-Fusion Mod Kroax 4.42 - 'category' Parameter SQL Injection
Riddles Complete Website 1.2.1 - (riddleid) SQL Injection
Tips Complete Website 1.2.0 - (tipid) SQL Injection
Jokes Complete Website 2.1.3 - (jokeid) SQL Injection
Drinks Complete Website 2.1.0 - (drinkid) SQL Injection
Cheats Complete Website 1.1.1 - 'itemID' SQL Injection
Riddles Complete Website 1.2.1 - 'riddleid' Parameter SQL Injection
Tips Complete Website 1.2.0 - 'tipid' Parameter SQL Injection
Easysitenetwork Jokes Complete Website 2.1.3 - 'jokeid' Parameter SQL Injection
Drinks Complete Website 2.1.0 - 'drinkid' Parameter SQL Injection
Cheats Complete Website 1.1.1 - 'itemID' Parameter SQL Injection

Orca 2.0/2.0.2 - (Parameters.php) Remote File Inclusion
Orca 2.0/2.0.2 - 'Parameters.php' Remote File Inclusion

OTManager CMS 24a - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
OTManager CMS 24a - Local File Inclusion / Cross-Site Scripting

SePortal 2.4 - (poll.php poll_id) SQL Injection
SePortal 2.4 - 'poll_id' Parameter SQL Injection
poweraward 1.1.0 rc1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Joomla! Component jabode - 'id' SQL Injection
Online Booking Manager 2.2 - 'id' SQL Injection
poweraward 1.1.0 rc1 - Local File Inclusion / Cross-Site Scripting
Joomla! Component jabode - 'id' Parameter SQL Injection
Online Booking Manager 2.2 - 'id' Parameter SQL Injection

Joomla! Component Xe webtv - 'id' Blind SQL Injection
Joomla! Component Xe webtv - 'id' Parameter Blind SQL Injection
AcmlmBoard 1.A2 - 'pow' SQL Injection
eSHOP100 - (SUB) SQL Injection
AcmlmBoard 1.A2 - 'pow' Parameter SQL Injection
eSHOP100 - 'SUB' Parameter SQL Injection

OTManager CMS 2.4 - (Tipo) Remote File Inclusion
OTManager CMS 2.4 - 'Tipo' Parameter Remote File Inclusion

Orca 2.0.2 - (Topic) Cross-Site Scripting
Orca 2.0.2 - Cross-Site Scripting

Hedgehog-CMS 1.21 - (Local File Inclusion) Remote Command Execution
Hedgehog-CMS 1.21 - Local File Inclusion / Remote Command Execution

catviz 0.4.0b1 - (Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Catviz 0.4.0 beta1 - Local File Inclusion / Cross-Site Scripting

Joomla! Component com_facileforms - Cross-Site Scripting
Joomla! Component FacileForms - Cross-Site Scripting

PHPMotion 1.62 - 'FCKeditor' Arbitrary File Upload
PHPmotion 1.62 - 'FCKeditor' Arbitrary File Upload

Roundcube 1.2.2 - Remote Code Execution

Pivot 1.0 - Remote module_db.php File Inclusion
Pivot 1.0 - 'module_db.php' Remote File Inclusion

MyBloggie 2.1 - 'index.php' year Parameter Cross-Site Scripting
MyBloggie 2.1 - 'index.php' Cross-Site Scripting

E-topbiz Link ADS 1 - 'out.php' SQL Injection

PolyPager 0.9.51/1.0 - 'nr' Parameter Cross-Site Scripting
RSS-aggregator 1.0 - admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection
RSS-aggregator 1.0 - admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection
RSS-aggregator 1.0 - 'admin/fonctions/' Direct Request Administrator Authentication Bypass
RSS-aggregator 1.0 - 'IdFlux' Parameter SQL Injection
RSS-aggregator 1.0 - 'IdTag' Parameter SQL Injection
RSS-aggregator 1.0 - Authentication Bypass
Jokes Complete Website - joke.php id Parameter Cross-Site Scripting
Jokes Complete Website - results.php searchingred Parameter Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'id' Parameter Cross-Site Scripting
Easysitenetwork Jokes Complete Website - 'searchingred' Parameter Cross-Site Scripting

Splunk Enterprise 6.4.3 - Server-Side Request Forgery

2016-12-11 05:01:17 +00:00

Offensive Security

760d823bc8

DB: 2016-08-30

18 new exploits

Too many to list!

2016-08-30 05:08:40 +00:00

2 commits