exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	4b3da08aa9	DB: 2016-12-03 1 new exploits PHP - wddx_deserialize() String Append Crash PHP 5 - wddx_deserialize() String Append Crash PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC) PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC) Samba 3.0.27a - send_mailslot() Remote Buffer Overflow Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow PHP 5.2.6 - sleep() Local Memory Exhaust Exploit CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC) PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC) freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated Samba (client) - receive_smb_raw() Buffer Overflow (PoC) FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service FreeSSHd 1.2.4 - Denial of Service Samba - Multiple Denial of Service Vulnerabilities Samba 3.4.7/3.5.1 - Denial of Service FreeSSHd - Crash (PoC) FreeSSHd - Denial of Service (PoC) PHP - Hashtables Denial of Service PHP 5.3.8 - Hashtables Denial of Service freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service freeSSHd 1.3.1 - Denial of Service FreeSSHd 1.3.1 - Denial of Service PHP - SplDoublyLinkedList Unserialize() Use-After-Free PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free PHP - SplObjectStorage Unserialize() Use-After-Free PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free PHP - Unserialize() Use-After-Free Vulnerabilities PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities PHP - 'ini_restore()' Memory Information Disclosure PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation Linux Kernel 3.13 - Privilege Escalation PoC (gid) Linux Kernel 3.13 - Privilege Escalation PoC (SGID) freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow freeSSHd 1.2.1 - Authenticated Remote SEH Overflow FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH) FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (Solaris SPARC) - trans2open Overflow (Metasploit) Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit) Samba (Linux x86) - trans2open Overflow (Metasploit) Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit) Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit) Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit) Samba (OSX/PPC) - trans2open Overflow (Metasploit) Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit) Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit) Samba (BSD x86) - trans2open Overflow Exploit (Metasploit) Samba 2.2.8 (BSD x86) - 'trans2open' Overflow Exploit (Metasploit) PHP - CGI Argument Injection (Metasploit) PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit) PHP - apache_request_headers Function Buffer Overflow (Metasploit) PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit) Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit) Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit) FreeSSHD 2.1.3 - Remote Authentication Bypass FreeSSHd 2.1.3 - Remote Authentication Bypass FreeSSHD - Authentication Bypass (Metasploit) FreeSSHd 1.2.6 - Authentication Bypass (Metasploit) HP LoadRunner - magentproc.exe Overflow (Metasploit) HP LoadRunner - 'magentproc.exe' Overflow (Metasploit) PHP - 'header()' HTTP Header Injection PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection VX Search Enterprise 9.0.26 - Buffer Overflow Sync Breeze Enterprise 8.9.24 - Buffer Overflow Dup Scout Enterprise 9.0.28 - Buffer Overflow Disk Sorter Enterprise 9.0.24 - Buffer Overflow Disk Savvy Enterprise 9.0.32 - Buffer Overflow VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow VX Search Enterprise 9.1.12 - Buffer Overflow Sync Breeze Enterprise 9.1.16 - Buffer Overflow Disk Sorter Enterprise 9.1.12 - Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow Disk Savvy Enterprise 9.1.14 - Buffer Overflow Disk Pulse Enterprise 9.1.16 - Buffer Overflow VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow PHP - (php-exec-dir) Patch Command Access Restriction Bypass PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass phNNTP 1.3 - (article-raw.php) Remote File Inclusion phNNTP 1.3 - 'article-raw.php' Remote File Inclusion Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion BP Blog 7.0 - (default.asp layout) SQL Injection BP Blog 7.0 - 'layout' Parameter SQL Injection Joomla! Component Artist (idgalery) - SQL Injection FlashBlog - (articulo_id) SQL Injection Joomla! Component Artist - 'idgalery' Parameter SQL Injection FlashBlog - 'articulo_id' Parameter SQL Injection AirvaeCommerce 3.0 - 'pid' SQL Injection AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection CMS from Scratch 1.1.3 - (image.php) Directory Traversal CMS from Scratch 1.1.3 - 'image.php' Directory Traversal HiveMaker Professional 1.0.2 - 'cid' SQL Injection HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection Social Site Generator - (sgc_id) SQL Injection Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection PHP Visit Counter 0.4 - (datespan) SQL Injection PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion BP Blog 6.0 - 'id' Blind SQL Injection EasyWay CMS - 'index.php mid' SQL Injection Social Site Generator - (path) Remote File Inclusion Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion BP Blog 6.0 - 'id' Parameter Blind SQL Injection EasyWay CMS - 'mid' Parameter SQL Injection Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection HiveMaker Directory - 'index.php cid' SQL Injection HiveMaker Directory - 'cid' Parameter SQL Injection Goople 1.8.2 - (FrontPage.php) Blind SQL Injection Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection PsychoStats 2.x - Login Parameter Cross-Site Scripting PsychoStats 2.3 - Server.php Full Path Disclosure PsychoStats 2.3 - 'Server.php' Full Path Disclosure PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities PHP - cgimode fpm writeprocmemfile Bypass disable function demo PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function CMSimple - /2author/index.php color Parameter Remote Code Execution CMSimple 4.4.4 - 'color' Parameter Remote Code Execution	2016-12-03 05:01:19 +00:00

Author

SHA1

Message

Date

Offensive Security

4b3da08aa9

DB: 2016-12-03

1 new exploits

PHP - wddx_deserialize() String Append Crash
PHP 5 - wddx_deserialize() String Append Crash

PHP - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)

Samba 3.0.27a - send_mailslot() Remote Buffer Overflow
Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow
PHP 5.2.6 - sleep() Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC)
PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit
CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba (client) - receive_smb_raw() Buffer Overflow (PoC)
FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated
Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)

freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)

freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC
FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)

FreeSSHD 1.2.4 - Remote Buffer Overflow Denial of Service
FreeSSHd 1.2.4 - Denial of Service

Samba - Multiple Denial of Service Vulnerabilities
Samba 3.4.7/3.5.1 - Denial of Service

FreeSSHd - Crash (PoC)
FreeSSHd - Denial of Service (PoC)

PHP - Hashtables Denial of Service
PHP 5.3.8 - Hashtables Denial of Service

freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service
FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service

freeSSHd 1.3.1 - Denial of Service
FreeSSHd 1.3.1 - Denial of Service

PHP - SplDoublyLinkedList Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplDoublyLinkedList Unserialize() Use-After-Free

PHP - SplObjectStorage Unserialize() Use-After-Free
PHP 5.4/5.5/5.6 - SplObjectStorage Unserialize() Use-After-Free

PHP - Unserialize() Use-After-Free Vulnerabilities
PHP 5.4/5.5/5.6 - Unserialize() Use-After-Free Vulnerabilities

PHP - 'ini_restore()' Memory Information Disclosure
PHP 5.2.10/5.3.0 - 'ini_restore()' Memory Information Disclosure

Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Privilege Escalation
Linux Kernel < 3.4.5 (Android 4.2.2 / 4.4 ARM) - Privilege Escalation

Linux Kernel 3.13 - Privilege Escalation PoC (gid)
Linux Kernel 3.13 - Privilege Escalation PoC (SGID)

freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow
FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow

freeSSHd 1.2.1 - Authenticated Remote SEH Overflow
FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow

FreeSSHd 1.2.1 - (rename) Remote Buffer Overflow (SEH)
FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)
Samba (Solaris) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Solaris SPARC) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Solaris) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Overflow (Metasploit)

freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)
Samba (Linux) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (Linux/x86) - chain_reply Memory Corruption (Metasploit)
Samba (Linux x86) - trans2open Overflow (Metasploit)
Samba 3.0.24 (Linux) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 3.3.12 (Linux/x86) - 'chain_reply' Memory Corruption (Metasploit)
Samba 2.2.8 (Linux x86) - 'trans2open' Overflow (Metasploit)
Samba (OSX) - lsa_io_trans_names Heap Overflow (Metasploit)
Samba (OSX/PPC) - trans2open Overflow (Metasploit)
Samba 3.0.10 (OSX) - 'lsa_io_trans_names' Heap Overflow (Metasploit)
Samba 2.2.8 (OSX/PPC) - 'trans2open' Overflow (Metasploit)

Samba (*BSD x86) - trans2open Overflow Exploit (Metasploit)
Samba 2.2.8 (*BSD x86) - 'trans2open' Overflow Exploit (Metasploit)

PHP - CGI Argument Injection (Metasploit)
PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit)

PHP - apache_request_headers Function Buffer Overflow (Metasploit)
PHP 5.4.3 - apache_request_headers Function Buffer Overflow (Metasploit)

Samba - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)
Samba 3.4.16/3.5.14/3.6.4 - SetInformationPolicy AuditEventsInfo Heap Overflow (Metasploit)

FreeSSHD 2.1.3 - Remote Authentication Bypass
FreeSSHd 2.1.3 - Remote Authentication Bypass

FreeSSHD - Authentication Bypass (Metasploit)
FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)

HP LoadRunner - magentproc.exe Overflow (Metasploit)
HP LoadRunner - 'magentproc.exe' Overflow (Metasploit)

PHP - 'header()' HTTP Header Injection
PHP 5.3.11/5.4.0RC2 - 'header()' HTTP Header Injection
VX Search Enterprise 9.0.26 - Buffer Overflow
Sync Breeze Enterprise 8.9.24 - Buffer Overflow
Dup Scout Enterprise 9.0.28 - Buffer Overflow
Disk Sorter Enterprise 9.0.24 - Buffer Overflow
Disk Savvy Enterprise 9.0.32 - Buffer Overflow
VX Search Enterprise 9.0.26 - 'Login' Buffer Overflow
Sync Breeze Enterprise 8.9.24 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.0.28 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.0.24 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.0.32 - 'Login' Buffer Overflow
VX Search Enterprise 9.1.12 - Buffer Overflow
Sync Breeze Enterprise 9.1.16 - Buffer Overflow
Disk Sorter Enterprise 9.1.12 - Buffer Overflow
Dup Scout Enterprise 9.1.14 - Buffer Overflow
Disk Savvy Enterprise 9.1.14 - Buffer Overflow
Disk Pulse Enterprise 9.1.16 - Buffer Overflow
VX Search Enterprise 9.1.12 - 'Login' Buffer Overflow
Sync Breeze Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Sorter Enterprise 9.1.12 - 'Login' Buffer Overflow
Dup Scout Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow
Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow
Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow

PHP - (php-exec-dir) Patch Command Access Restriction Bypass
PHP 4.3.7 - (php-exec-dir) Patch Command Access Restriction Bypass

phNNTP 1.3 - (article-raw.php) Remote File Inclusion
phNNTP 1.3 - 'article-raw.php' Remote File Inclusion

Travelsized CMS 0.4 - (FrontPage.php) Remote File Inclusion
Travelsized CMS 0.4 - 'FrontPage.php' Remote File Inclusion

Uberghey 0.3.1 - (FrontPage.php) Remote File Inclusion
Uberghey 0.3.1 - 'FrontPage.php' Remote File Inclusion

BP Blog 7.0 - (default.asp layout) SQL Injection
BP Blog 7.0 - 'layout' Parameter SQL Injection
Joomla! Component Artist (idgalery) - SQL Injection
FlashBlog - (articulo_id) SQL Injection
Joomla! Component Artist - 'idgalery' Parameter SQL Injection
FlashBlog - 'articulo_id' Parameter SQL Injection

AirvaeCommerce 3.0 - 'pid' SQL Injection
AirvaeCommerce 3.0 - 'pid' Parameter SQL Injection

CMS from Scratch 1.1.3 - (image.php) Directory Traversal
CMS from Scratch 1.1.3 - 'image.php' Directory Traversal

HiveMaker Professional 1.0.2 - 'cid' SQL Injection
HiveMaker Professional 1.0.2 - 'cid' Parameter SQL Injection

Social Site Generator - (sgc_id) SQL Injection
Social Site Generator 2.0 - 'sgc_id' Parameter SQL Injection
PHP Visit Counter 0.4 - (datespan) SQL Injection
PassWiki 0.9.16 RC3 - (site_id) Local File Inclusion
BP Blog 6.0 - 'id' Blind SQL Injection
EasyWay CMS - 'index.php mid' SQL Injection
Social Site Generator - (path) Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' SQL Injection
Joomla! Component com_biblestudy 1.5.0 - 'id' SQL Injection
PHP Visit Counter 0.4 - 'datespan' Parameter SQL Injection
PassWiki 0.9.16 RC3 - 'site_id' Parameter Local File Inclusion
BP Blog 6.0 - 'id' Parameter Blind SQL Injection
EasyWay CMS - 'mid' Parameter SQL Injection
Social Site Generator 2.0 - 'path' Parameter Remote File Inclusion
Joomla! Component prayercenter 1.4.9 - 'id' Parameter SQL Injection
Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection

HiveMaker Directory - 'index.php cid' SQL Injection
HiveMaker Directory - 'cid' Parameter SQL Injection

Goople 1.8.2 - (FrontPage.php) Blind SQL Injection
Goople 1.8.2 - 'FrontPage.php' Blind SQL Injection

PsychoStats 3.2.2b - (awards.php id Parameter) Blind SQL Injection
PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection

PsychoStats 2.x - Login Parameter Cross-Site Scripting

PsychoStats 2.3 - Server.php Full Path Disclosure
PsychoStats 2.3 - 'Server.php' Full Path Disclosure

PsychoStats 3.0.6b - Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities

PHP - cgimode fpm writeprocmemfile Bypass disable function demo
PHP 5.5.9 - cgimode fpm writeprocmemfile Bypass disable function

CMSimple - /2author/index.php color Parameter Remote Code Execution
CMSimple 4.4.4 - 'color' Parameter Remote Code Execution

2016-12-03 05:01:19 +00:00

1 commit