exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	fb1dd3709f	DB: 2016-12-08 12 new exploits vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption XChat - Heap Overflow Denial of Service XChat 2.8.9 - Heap Overflow Denial of Service Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1) Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1) glibc - getaddrinfo Stack Based Buffer Overflow (1) glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC) Microsoft Edge - JSON.parse Info Leak Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125) Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009) Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068) Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1) Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation (2) Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation Microsoft PowerShell - XML External Entity Injection XChat 2.8.7b - (URI Handler) Remote Code Execution (Internet Explorer 6/7' XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7) Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap glibc - getaddrinfo Stack Based Buffer Overflow (2) glibc - 'getaddrinfo' Stack Based Buffer Overflow Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056) Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes) Gravity Board X 1.1 - (csscontent) Remote Code Execution Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion Mambo Component ExtCalendar 2.0 - Remote File Inclusion Mambo Component com_babackup 1.1 - File Inclusion Mambo Component bigAPE-Backup 1.1 - File Inclusion E-Smart Cart 1.0 - 'Product_ID' SQL Injection E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion Joomla! / Mambo Component New Article 1.1 - Remote File Inclusion Cartweaver - 'Details.cfm ProdID' SQL Injection Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection xeCMS 1.x - (view.php list) Remote File Disclosure xeCMS 1.x - 'view.php' Remote File Disclosure Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection Easy-Clanpage 2.2 - 'id' SQL Injection Easy-Clanpage 2.2 - 'id' Parameter SQL Injection JAMM CMS - 'id' Blind SQL Injection Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities JAMM CMS - 'id' Parameter Blind SQL Injection Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection Butterfly ORGanizer 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection Easy-Clanpage 3.0b1 - (section) Local File Inclusion WebChamado 1.1 - (tsk_id) SQL Injection Pre News Manager 1.0 - (index.php id) SQL Injection Pre Ads Portal 2.0 - SQL Injection Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion WebChamado 1.1 - 'tsk_id' Parameter SQL Injection Pre News Manager 1.0 - 'id' Parameter SQL Injection Pre ADS Portal 2.0 - SQL Injection GLLCTS2 - 'listing.php sort' Blind SQL Injection GLLCTS2 - 'sort' Parameter Blind SQL Injection Contenido 4.8.4 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting PHPMyCart - 'shop.php cat' SQL Injection SHOUTcast Admin Panel 2.0 - (page) Local File Inclusion Cartweaver 3 - (prodId) Blind SQL Injection DIY - (index_topic did) Blind SQL Injection PHPMyCart 1.3 - 'cat' Parameter SQL Injection SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion Cartweaver 3 - 'prodId' Parameter Blind SQL Injection DIY - 'did' Parameter Blind SQL Injection ezcms 1.2 - (Blind SQL Injection / Authentication Bypass) Multiple Vulnerabilities PHPEasyNews 1.13 RC2 - (POST) SQL Injection ezcms 1.2 - Blind SQL Injection / Authentication Bypass PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection Devalcms 1.4a - (currentfile) Local File Inclusion Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion IPTBB 0.5.6 - (index.php act) Local File Inclusion IPTBB 0.5.6 - 'act' Parameter Local File Inclusion Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection Mambo Component Articles - 'artid' Parameter Blind SQL Injection Mambo Component 'com_n-gallery' - Multiple SQL Injections Mambo Component N-Gallery - Multiple SQL Injections devalcms 1.4a - Cross-Site Scripting / Remote Code Execution Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection PHP JOBWEBSITE PRO - Authentication Bypass Pre ADS Portal 2.0 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection Mambo Component n-form - 'form_id' Parameter Blind SQL Injection Pre Job Board - (Authentication Bypass) SQL Injection Pre Job Board - Authentication Bypass Butterfly ORGanizer 2.0.1 - (view.php id) SQL Injection Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection facil-cms 0.1rc2 - Multiple Vulnerabilities Facil-CMS 0.1RC2 - Multiple Vulnerabilities Family Connections CMS 1.9 - (member) SQL Injection Family Connections CMS 1.9 - SQL Injection Mambo Component 'com_hestar' - SQL Injection Mambo Component Hestar - SQL Injection Joomla! / Mambo Component 'com_tupinambis' - SQL Injection Joomla! / Mambo Component Tupinambis - SQL Injection Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion Mambo Component 'com_materialsuche' 1.0 - SQL Injection Mambo Component Material Suche 1.0 - SQL Injection Pre ADS Portal - 'cid' SQL Injection Pre ADS Portal - 'cid' Parameter SQL Injection Pre News Manager - (nid) SQL Injection Pre News Manager - 'nid' Parameter SQL Injection Mambo Component 'com_akogallery' - SQL Injection Mambo Component AkoGallery - SQL Injection Mambo Component 'com_mambads' - SQL Injection Mambo Component MambAds - SQL Injection Facil-CMS - (Local File Inclusion / Remote File Inclusion) Facil-CMS 0.1RC2 - Local / Remote File Inclusion AskMe Pro 2.1 - (que_id) SQL Injection Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection Pre Job Board Pro - SQL Injection Authentication Bypass Pre Job Board Pro - Authentication Bypass DiY-CMS 1.0 - Multiple Remote File Inclusion DIY-CMS 1.0 - Multiple Remote File Inclusion Alstrasoft AskMe Pro 2.1 - (forum_answer.php?que_id) SQL Injection Alstrasoft AskMe Pro 2.1 - (profile.php?id) SQL Injection Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection Pre Ads Portal - SQL Bypass Pre ADS Portal - Authentication Bypass Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection Family Connections CMS 2.5.0 / 2.7.1 - (less.php) Remote Command Execution Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution Family Connections CMS - 'less.php' Remote Command Execution (Metasploit) Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit) Gravity Board X 1.1 - DeleteThread.php Cross-Site Scripting Clever Copy 3.0 - Connect.INC Information Disclosure Clever Copy 3.0 - 'Connect.INC' Information Disclosure Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection Cartweaver 2.16.11 - 'Results.cfm' SQL Injection Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection PHP JOBWEBSITE PRO - siteadmin/forgot.php adname Parameter SQL Injection PHP JOBWEBSITE PRO - siteadmin/forgot.php Multiple Parameter Cross-Site Scripting PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection Conkurent PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection Mambo Component Docman 1.3.0 - Multiple SQL Injection Mambo Component 'com_n-skyrslur' - Cross-Site Scripting Mambo Component N-Skyrslur - Cross-Site Scripting Mambo Component 'com_n-gallery' - SQL Injection Mambo Component N-Gallery - SQL Injection Mambo Component 'com_n-press' - SQL Injection Mambo Component N-Press - SQL Injection Mambo Component 'com_n-frettir' - SQL Injection Mambo Component 'com_n-myndir' - SQL Injection Mambo Component N-Frettir - SQL Injection Mambo Component N-Myndir - SQL Injection AbanteCart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Edge SkateShop - Authentication bypass AbanteCart 1.2.7 - Cross-Site Scripting	2016-12-08 05:01:21 +00:00
Offensive Security	7607be84a3	DB: 2016-09-10 3 new exploits freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated) freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow freeSSHd 1.2.1 - Authenticated Remote SEH Overflow Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service Serv-U 7.3 - (Authenticated) Remote FTP File Replacement Serv-U 7.3 - Authenticated (stou con:1) Denial of Service Serv-U 7.3 - Authenticated Remote FTP File Replacement freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC Hannon Hill Cascade Server - (Authenticated) Command Execution Hannon Hill Cascade Server - Authenticated Command Execution Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service NetAccess IP3 - (Authenticated) (ping option) Command Injection NetAccess IP3 - Authenticated (ping option) Command Injection Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting Apache Axis2 Administration console - Authenticated Cross-Site Scripting Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit) Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit) UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow ActFax Server FTP - (Authenticated) Remote Buffer Overflow ActFax Server FTP - Authenticated Remote Buffer Overflow Oracle Database - Protocol Authentication Bypass Oracle Database - Protocol Authentication Bypass IRIS Citations Management Tool - (Authenticated) Remote Command Execution IRIS Citations Management Tool - Authenticated Remote Command Execution Airmail 3.0.2 - Cross-Site Scripting LamaHub 0.0.6.2 - Buffer Overflow Vodafone Mobile Wifi - Reset Admin Password Zabbix 2.0 - 3.0.3 - SQL Injection Zabbix 2.0 < 3.0.3 - SQL Injection Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF) Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF) Alfresco - /proxy endpoint Parameter Server Side Request Forgery Alfresco - /cmisbrowser url Parameter Server Side Request Forgery vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF) vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery	2016-09-10 05:08:39 +00:00
Offensive Security	d36011b4f9	DB: 2016-09-07 3 new exploits Too many to list!	2016-09-07 05:09:19 +00:00

Author

SHA1

Message

Date

Offensive Security

fb1dd3709f

DB: 2016-12-08

12 new exploits

vsftpd 2.0.5 - (CWD) Authenticated Remote Memory Consumption Exploit
vsftpd 2.0.5 - 'CWD' Authenticated Remote Memory Consumption

XChat - Heap Overflow Denial of Service
XChat 2.8.9 - Heap Overflow Denial of Service

Adobe Photoshop CC & Bridge CC - '.png' File Parsing Memory Corruption (1)
Adobe Photoshop CC / Bridge CC - '.png' File Parsing Memory Corruption (1)

glibc - getaddrinfo Stack Based Buffer Overflow (1)
glibc - 'getaddrinfo' Stack Based Buffer Overflow (PoC)
Microsoft Edge - JSON.parse Info Leak
Android - IOMXNodeInstance::enableNativeBuffers Unchecked Index
Microsoft Edge - CMarkup::EnsureDeleteCFState Use-After-Free (MS15-125)
Microsoft Internet Explorer 9 - CDoc::ExecuteScriptUri Use-After-Free (MS13-009)
Microsoft Edge - CBaseScriptable::PrivateQueryInterface Memory Corruption (MS16-068)
Windows 10 x86/x64 WLAN AutoConfig - Denial of Service (POC)

Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation (1)
Linux Kernel 2.6.37 (RedHat / Ubuntu 10.04) - 'Full-Nelson.c' Privilege Escalation

Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation (2)
Linux Kernel < 2.6.36.2 (Ubuntu 10.04) - 'Half-Nelson.c' Econet Privilege Escalation

Microsoft PowerShell - XML External Entity Injection

XChat 2.8.7b - (URI Handler) Remote Code Execution (Internet Explorer 6/7'
XChat 2.8.7b - 'URI Handler' Remote Code Execution (Internet Explorer 6/7)

Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

glibc - getaddrinfo Stack Based Buffer Overflow (2)
glibc - 'getaddrinfo' Stack Based Buffer Overflow

Microsoft Internet Explorer jscript9 - JavaScriptStackWalker Memory Corruption (MS15-056)

Linux/x86 - Netcat (-e option disabled) Reverse Shell Shellcode (180 bytes)

Gravity Board X 1.1 - (csscontent) Remote Code Execution
Gravity Board X 1.1 - 'csscontent' Parameter Remote Code Execution

Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion
Mambo Component ExtCalendar 2.0 - Remote File Inclusion

Mambo Component com_babackup 1.1 - File Inclusion
Mambo Component bigAPE-Backup 1.1 - File Inclusion

E-Smart Cart 1.0 - 'Product_ID' SQL Injection
E-Smart Cart 1.0 - 'Product_ID' Parameter SQL Injection

Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion
Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion

Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion
Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion

Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion
Joomla! / Mambo Component New Article 1.1 - Remote File Inclusion

Cartweaver - 'Details.cfm ProdID' SQL Injection
Cartweaver 2.16.11 - 'ProdID' Parameter SQL Injection

Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection
Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' Parameter SQL Injection

xeCMS 1.x - (view.php list) Remote File Disclosure
xeCMS 1.x - 'view.php' Remote File Disclosure

Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection
Mambo Component Portfolio Manager 1.0 - 'categoryId' Parameter SQL Injection

Easy-Clanpage 2.2 - 'id' SQL Injection
Easy-Clanpage 2.2 - 'id' Parameter SQL Injection
JAMM CMS - 'id' Blind SQL Injection
Gravity Board X 2.0 Beta - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
JAMM CMS - 'id' Parameter Blind SQL Injection
Gravity Board X 2.0 Beta - SQL Injection / Cross-Site Scripting
GLLCTS2 <= 4.2.4 - (login.php detail) SQL Injection
Butterfly ORGanizer 2.0.0 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
GLLCTS2 <= 4.2.4 - 'detail' Parameter SQL Injection
Butterfly ORGanizer 2.0.0 - SQL Injection / Cross-Site Scripting

Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection
Mambo Component Galleries 1.0 - 'aid' Parameter SQL Injection
Easy-Clanpage 3.0b1 - (section) Local File Inclusion
WebChamado 1.1 - (tsk_id) SQL Injection
Pre News Manager 1.0 - (index.php id) SQL Injection
Pre Ads Portal 2.0 - SQL Injection
Easy-Clanpage 3.0b1 - 'section' Parameter Local File Inclusion
WebChamado 1.1 - 'tsk_id' Parameter SQL Injection
Pre News Manager 1.0 - 'id' Parameter SQL Injection
Pre ADS Portal 2.0 - SQL Injection

GLLCTS2 - 'listing.php sort' Blind SQL Injection
GLLCTS2 - 'sort' Parameter Blind SQL Injection

Contenido 4.8.4 - (Remote File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Contenido 4.8.4 - Remote File Inclusion / Cross-Site Scripting
PHPMyCart - 'shop.php cat' SQL Injection
SHOUTcast Admin Panel 2.0 - (page) Local File Inclusion
Cartweaver 3 - (prodId) Blind SQL Injection
DIY - (index_topic did) Blind SQL Injection
PHPMyCart 1.3 - 'cat' Parameter SQL Injection
SHOUTcast Admin Panel 2.0 - 'page' Parameter Local File Inclusion
Cartweaver 3 - 'prodId' Parameter Blind SQL Injection
DIY - 'did' Parameter Blind SQL Injection
ezcms 1.2 - (Blind SQL Injection / Authentication Bypass) Multiple Vulnerabilities
PHPEasyNews 1.13 RC2 - (POST) SQL Injection
ezcms 1.2 - Blind SQL Injection / Authentication Bypass
PHPEasyNews 1.13 RC2 - 'POST' Parameter SQL Injection

Devalcms 1.4a - (currentfile) Local File Inclusion
Devalcms 1.4a - 'currentfile' Parameter Local File Inclusion

IPTBB 0.5.6 - (index.php act) Local File Inclusion
IPTBB 0.5.6 - 'act' Parameter Local File Inclusion

Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection
Mambo Component Articles - 'artid' Parameter Blind SQL Injection

Mambo Component 'com_n-gallery' - Multiple SQL Injections
Mambo Component N-Gallery - Multiple SQL Injections

devalcms 1.4a - Cross-Site Scripting / Remote Code Execution
Devalcms 1.4a - Cross-Site Scripting / Remote Code Execution

PHP JOBWEBSITE PRO - (Authentication Bypass) SQL Injection
PHP JOBWEBSITE PRO - Authentication Bypass

Pre ADS Portal 2.0 - (Authentication Bypass / Cross-Site Scripting) Multiple Vulnerabilities
Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting

Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection
Mambo Component n-form - 'form_id' Parameter Blind SQL Injection

Pre Job Board - (Authentication Bypass) SQL Injection
Pre Job Board - Authentication Bypass

Butterfly ORGanizer 2.0.1 - (view.php id) SQL Injection
Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection

facil-cms 0.1rc2 - Multiple Vulnerabilities
Facil-CMS 0.1RC2 - Multiple Vulnerabilities

Family Connections CMS 1.9 - (member) SQL Injection
Family Connections CMS 1.9 - SQL Injection

Mambo Component 'com_hestar' - SQL Injection
Mambo Component Hestar - SQL Injection

Joomla! / Mambo Component 'com_tupinambis' - SQL Injection
Joomla! / Mambo Component Tupinambis - SQL Injection

Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion
Joomla! / Mambo Component D4J eZine 2.1 - Remote File Inclusion

Mambo Component 'com_materialsuche' 1.0 - SQL Injection
Mambo Component Material Suche 1.0 - SQL Injection

Pre ADS Portal - 'cid' SQL Injection
Pre ADS Portal - 'cid' Parameter SQL Injection

Pre News Manager - (nid) SQL Injection
Pre News Manager - 'nid' Parameter SQL Injection

Mambo Component 'com_akogallery' - SQL Injection
Mambo Component AkoGallery - SQL Injection

Mambo Component 'com_mambads' - SQL Injection
Mambo Component MambAds - SQL Injection

Facil-CMS - (Local File Inclusion / Remote File Inclusion)
Facil-CMS 0.1RC2 - Local / Remote File Inclusion

AskMe Pro 2.1 - (que_id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'que_id' Parameter SQL Injection

Pre Job Board Pro - SQL Injection Authentication Bypass
Pre Job Board Pro - Authentication Bypass

DiY-CMS 1.0 - Multiple Remote File Inclusion
DIY-CMS 1.0 - Multiple Remote File Inclusion

Alstrasoft AskMe Pro 2.1 - (forum_answer.php?que_id) SQL Injection

Alstrasoft AskMe Pro 2.1 - (profile.php?id) SQL Injection
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection

Pre Ads Portal - SQL Bypass
Pre ADS Portal - Authentication Bypass

Family Connections CMS 2.3.2 - (POST) Persistent Cross-Site Scripting / XML Injection
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection

Family Connections CMS 2.5.0 / 2.7.1 - (less.php) Remote Command Execution
Family Connections CMS 2.5.0 / 2.7.1 - 'less.php' Remote Command Execution

Family Connections CMS - 'less.php' Remote Command Execution (Metasploit)
Family Connections CMS 2.7.1 - 'less.php' Remote Command Execution (Metasploit)

Gravity Board X 1.1 - DeleteThread.php Cross-Site Scripting

Clever Copy 3.0 - Connect.INC Information Disclosure
Clever Copy 3.0 - 'Connect.INC' Information Disclosure

Cartweaver 2.16.11 - Results.cfm category Parameter SQL Injection
Cartweaver 2.16.11 - Details.cfm ProdID Parameter SQL Injection
Cartweaver 2.16.11 - 'Results.cfm' SQL Injection
Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion
Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion
Mambo Component LMTG Myhomepage 1.2 - Multiple Remote File Inclusion
Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion

Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion
Mambo Component Display MOSBot Manager - 'MosConfig_absolute_path' Parameter Remote File Inclusion

Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion
Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion

Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection
Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection

Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection
Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection
Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection
Joomla! / Mambo Component Filebase - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection

Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection
Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection

Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection
Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php adname Parameter SQL Injection
PHP JOBWEBSITE PRO - siteadmin/forgot.php Multiple Parameter Cross-Site Scripting
PHP JOBWEBSITE PRO - 'adname' Parameter SQL Injection
PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting

Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection

Conkurent PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass
PHPMyCart 1.3 - Cross-Site Scripting / Authentication Bypass

Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection
Mambo Component Docman 1.3.0 - Multiple SQL Injection

Mambo Component 'com_n-skyrslur' - Cross-Site Scripting
Mambo Component N-Skyrslur - Cross-Site Scripting

Mambo Component 'com_n-gallery' - SQL Injection
Mambo Component N-Gallery - SQL Injection

Mambo Component 'com_n-press' - SQL Injection
Mambo Component N-Press - SQL Injection
Mambo Component 'com_n-frettir' - SQL Injection
Mambo Component 'com_n-myndir' - SQL Injection
Mambo Component N-Frettir - SQL Injection
Mambo Component N-Myndir - SQL Injection

AbanteCart - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
Edge SkateShop - Authentication bypass

AbanteCart 1.2.7 - Cross-Site Scripting

2016-12-08 05:01:21 +00:00

Offensive Security

7607be84a3

DB: 2016-09-10

3 new exploits

freeSSHd 1.2.1 - Remote Stack Overflow PoC (Authenticated)
freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated

freeSSHd 1.2.1 - (Authenticated) Remote SEH Overflow
freeSSHd 1.2.1 - Authenticated Remote SEH Overflow

Debian OpenSSH - (Authenticated) Remote SELinux Privilege Elevation Exploit
Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit

AvailScript Jobs Portal Script - (Authenticated) (jid) SQL Injection
AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection

AvailScript Jobs Portal Script - (Authenticated) Arbitrary File Upload
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload
Serv-U 7.3 - (Authenticated) (stou con:1) Denial of Service
Serv-U 7.3 - (Authenticated) Remote FTP File Replacement
Serv-U 7.3 - Authenticated (stou con:1) Denial of Service
Serv-U 7.3 - Authenticated Remote FTP File Replacement

freeSSHd 1.2.1 - (Authenticated) SFTP rename Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow PoC

LoudBlog 0.8.0a - (Authenticated) (ajax.php) SQL Injection
LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection

freeSSHd 1.2.1 - (Authenticated) SFTP realpath Remote Buffer Overflow PoC
freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow PoC

Hannon Hill Cascade Server - (Authenticated) Command Execution
Hannon Hill Cascade Server - Authenticated Command Execution

Telnet-Ftp Service Server 1.x - (Authenticated) Multiple Vulnerabilities
Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities

Femitter FTP Server 1.x - (Authenticated) Multiple Vulnerabilities
Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities

Cpanel - (Authenticated) (lastvisit.html domain) Arbitrary File Disclosure
Cpanel - Authenticated (lastvisit.html domain) Arbitrary File Disclosure

MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String PoC
MySQL 5.0.45 - Authenticated COM_CREATE_DB Format String PoC

FtpXQ FTP Server 3.0 - (Authenticated) Remote Denial of Service
FtpXQ FTP Server 3.0 - Authenticated Remote Denial of Service

NetAccess IP3 - (Authenticated) (ping option) Command Injection
NetAccess IP3 - Authenticated (ping option) Command Injection

Novell eDirectory 8.8 SP5 - (Authenticated) Remote Buffer Overflow
Novell eDirectory 8.8 SP5 - Authenticated Remote Buffer Overflow

Apache Axis2 Administration console - (Authenticated) Cross-Site Scripting
Apache Axis2 Administration console - Authenticated Cross-Site Scripting
Easy FTP Server 1.7.0.11 - (Authenticated) 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'MKD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) 'CWD' Command Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated 'CWD' Command Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) 'LIST' Command Remote Buffer Overflow (Metasploit)
Easy FTP Server 1.7.0.11 - Authenticated 'LIST' Command Remote Buffer Overflow (Metasploit)

UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
UPlusFTP Server 1.7.1.01 - Authenticated HTTP Remote Buffer Overflow

Easy FTP Server 1.7.0.11 - (Authenticated) Multiple Commands Remote Buffer Overflow
Easy FTP Server 1.7.0.11 - Authenticated Multiple Commands Remote Buffer Overflow

ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - Authenticated Remote Buffer Overflow

ActFax Server FTP - (Authenticated) Remote Buffer Overflow
ActFax Server FTP - Authenticated Remote Buffer Overflow

Oracle Database - Protocol  Authentication Bypass
Oracle Database - Protocol Authentication Bypass

IRIS Citations Management Tool - (Authenticated) Remote Command Execution
IRIS Citations Management Tool - Authenticated Remote Command Execution

Airmail 3.0.2 - Cross-Site Scripting

LamaHub 0.0.6.2 - Buffer Overflow

Vodafone Mobile Wifi - Reset Admin Password

Zabbix 2.0 - 3.0.3 - SQL Injection
Zabbix 2.0 < 3.0.3 - SQL Injection

Acuity CMS 2.6.2 - (ASP ) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution
Acuity CMS 2.6.2 - (ASP) '/admin/file_manager/file_upload_submit.asp' Multiple Parameter Arbitrary File Upload / Code Execution

GLPI 0.85.5 -  Arbitrary File Upload / Filter Bypass / Remote Code Execution
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
Alfresco - /proxy endpoint Parameter Server Side Request Forgery (SSRF)
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery (SSRF)
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery

vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery (SSRF)
vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery

2016-09-10 05:08:39 +00:00

Offensive Security

d36011b4f9

DB: 2016-09-07

3 new exploits

Too many to list!

2016-09-07 05:09:19 +00:00

3 commits