exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	c27aa131c8	DB: 2016-11-15 5 new exploits MyServer 0.8.11 - (204 No Content) error Remote Denial of Service MyServer 0.8.11 - '204 No Content' error Remote Denial of Service Microsoft Internet Explorer 11 MSHTML - CMapElement::Notify Use-After-Free (MS15-009) Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 9<11 MSHTML - PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104) MySQL 4.0.17 - UDF Dynamic Library Exploit MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1) MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Privilege Escalation MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2) Solaris 8 / 9 - (/usr/ucb/ps) Local Information Leak Exploit Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit Solaris 10 (libnspr) - Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1) Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2) Solaris 10 (libnspr) - Constructor Privilege Escalation Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3) IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug Apple MacOS 10.12 - 'task_t' Privilege Escalation Apple macOS 10.12 - 'task_t' Privilege Escalation Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation Solaris 8/9 ps - Environment Variable Information Leak Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit) Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - /bin/login Buffer Overflow Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow Oracle 9i / 10g (extproc) - Local+Remote Command Execution Oracle 9i / 10g (extproc) - Local / Remote Command Execution Solaris/SPARC 2.5.1/2.6/7/8 - Derived 'login' Buffer Overflow Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Disk Pulse Enterprise - Login Buffer Overflow' (Metasploit) MiniNuke 1.8.2 - (news.asp hid) SQL Injection MiniNuke 1.8.2 - 'hid' Parameter SQL Injection MiniNuke 1.8.2b - (pages.asp) SQL Injection MiniNuke 1.8.2b - 'pages.asp' SQL Injection MiniNuke 2.x - (create an admin) SQL Injection MiniNuke 2.x - SQL Injection (Add Admin) Nukedit CMS 4.9.6 - Unauthorized Admin Add Exploit Nukedit CMS 4.9.6 - Unauthorized Admin Add Portail Web PHP 2.5.1 - (includes.php) Remote File Inclusion Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion CodeBreak 1.1.2 - (codebreak.php) Remote File Inclusion Mambo Module Weather - 'absolute_path' Remote File Inclusion CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion Mambo Module Weather - 'absolute_path' Parameter Remote File Inclusion mxBB Module MX Shotcast 1.0 RC2 - (getinfo1.php) Remote File Inclusion mxBB Module MX Shotcast 1.0 RC2 - 'getinfo1.php' Remote File Inclusion RicarGBooK 1.2.1 - (header.php lang) Local File Inclusion RicarGBooK 1.2.1 - 'lang' Parameter Local File Inclusion BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection MultiCart 2.0 - (productdetails.php) SQL Injection PHP-Nuke Modules Manuales 0.1 - 'cid' SQL Injection PHP-Nuke Module Siir - 'id' SQL Injection MultiCart 2.0 - 'productdetails.php' SQL Injection PHP-Nuke Modules Manuales 0.1 - 'cid' Parameter SQL Injection PHP-Nuke Module Siir - 'id' Parameter SQL Injection OSSIM 0.9.9rc5 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities PHP-Nuke Module NukeC 2.1 - (id_catg) SQL Injection OSSIM 0.9.9rc5 - Cross-Site Scripting / SQL Injection PHP-Nuke Module NukeC 2.1 - 'id_catg' Parameter SQL Injection PHPProfiles 4.5.2 Beta - (body_comm.inc.php) Remote File Inclusion PHPProfiles 4.5.2 Beta - 'body_comm.inc.php' Remote File Inclusion PHPUserBase 1.3b - (unverified.inc.php) Local File Inclusion PHPUserBase 1.3b - (unverified.inc.php) Remote File Inclusion PHPUserBase 1.3b - 'unverified.inc.php' Local File Inclusion PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion PHP-Nuke Module Kose_Yazilari - (artid) SQL Injection MiniNuke 2.1 - (members.asp uid) SQL Injection PHP-Nuke Module Kose_Yazilari - 'artid' Parameter SQL Injection MiniNuke 2.1 - 'uid' Parameter SQL Injection Nukedit 4.9.x - Remote Create Admin Exploit WordPress Plugin Sniplets 1.1.2 - (Remote File Inclusion / Cross-Site Scripting / Remote Code Execution) Multiple Vulnerabilities Mambo Component SimpleBoard 1.0.3 - 'catid' SQL Injection Nukedit 4.9.x - Remote Create Admin WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution Mambo Component SimpleBoard 1.0.3 - 'catid' Parameter SQL Injection GROUP-E 1.6.41 - (head_auth.php) Remote File Inclusion Koobi Pro 5.7 - (categ) SQL Injection GROUP-E 1.6.41 - 'head_auth.php' Remote File Inclusion Dream4 Koobi Pro 5.7 - 'categ' Parameter SQL Injection barryvan compo manager 0.5pre-1 - Remote File Inclusion PHP-Nuke My_eGallery 2.7.9 - SQL Injection Centreon 1.4.2.3 - (get_image.php) Remote File Disclosure Koobi CMS 4.3.0 < 4.2.3 - (categ) SQL Injection Barryvan Compo Manager 0.3 - Remote File Inclusion PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' Parameter SQL Injection Koobi Pro 6.25 - links SQL Injection Koobi Pro 6.25 - shop SQL Injection Koobi Pro 6.25 - gallery SQL Injection Koobi Pro 6.25 - showimages SQL Injection Koobi 4.4/5.4 - gallery SQL Injection Dream4 Koobi Pro 6.25 Links - 'categ' Parameter SQL Injection Dream4 Koobi Pro 6.25 Shop - 'categ' Parameter SQL Injection Dream4 Koobi Pro 6.25 Gallery - 'galid' Parameter SQL Injection Dream4 Koobi Pro 6.25 Showimages - 'galid' Parameter SQL Injection Dream4 Koobi 4.4/5.4 - gallery SQL Injection Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections Koobi Pro 6.25 - poll SQL Injection Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections Dream4 Koobi Pro 6.25 Poll - 'poll_id' Parameter SQL Injection Podcast Generator 1.2 - GLOBALS[] Multiple Vulnerabilities Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities DBHCMS Web Content Management System 1.1.4 - Remote File Inclusion DBHcms 1.1.4 - Remote File Inclusion Koobi Pro 6.1 - Gallery (img_id) Dream4 Koobi Pro 6.1 Gallery - 'img_id' Parameter SQL Injection dbhcms 1.1.4 - Persistent Cross-Site Scripting DBHcms 1.1.4 - Persistent Cross-Site Scripting DBHcms 1.1.4 (dbhcms_user and SearchString) - SQL Injection DBHcms 1.1.4 - 'dbhcms_user/SearchString' Parameter SQL Injection podcast generator 1.3 - Multiple Vulnerabilities Podcast Generator 1.3 - Multiple Vulnerabilities PHP Download Manager 1.1.x - files.php SQL Injection PHP Download Manager 1.1.x - 'files.php' SQL Injection Koobi 5.0 - BBCode URL Tag Script Injection Dream4 Koobi 5.0 - BBCode URL Tag Script Injection Koobi Pro 5.6 - showtopic Module toid Parameter Cross-Site Scripting Koobi Pro 5.6 - showtopic Module toid Parameter SQL Injection Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection Portail Web PHP 2.5.1 - config/conf-activation.php site_path Parameter Remote File Inclusion Portail Web PHP 2.5.1 - menu/item.php site_path Parameter Remote File Inclusion Portail Web PHP 2.5.1 - modules/conf_modules.php site_path Parameter Remote File Inclusion Portail Web PHP 2.5.1 - system/login.php site_path Parameter Remote File Inclusion Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting Barryvan Compo Manager 0.3 - 'main.php' Remote File Inclusion Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities DrBenHur.com DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution	2016-11-15 05:01:20 +00:00
Offensive Security	18f707fb94	DB: 2016-11-01 24 new exploits Serendipity 0.7-beta1 - SQL Injection (PoC) S9Y Serendipity 0.7-beta1 - SQL Injection (PoC) Serendipity 0.8beta4 - exit.php SQL Injection S9Y Serendipity 0.8beta4 - exit.php SQL Injection CBSms Mambo Module 1.0 - Remote File Inclusion Pearl For Mambo 1.6 - Multiple Remote File Inclusion Mambo Module CBSms 1.0 - Remote File Inclusion Mambo Component Pearl 1.6 - Multiple Remote File Inclusion galleria Mambo Module 1.0b - Remote File Inclusion Mambo Module galleria 1.0b - Remote File Inclusion SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion com_videodb Mambo Component 0.3en - Remote File Inclusion SMF Forum Mambo Component 1.3.1.3 - Include com_extcalendar Mambo Component 2.0 - Include com_loudmouth Mambo Component 4.0j - Include pc_cookbook Mambo Component 0.3 - Include perForms Mambo Component 1.0 - Remote File Inclusion com_hashcash Mambo Component 1.2.1 - Include HTMLArea3 Mambo Module 1.5 - Remote File Inclusion Sitemap Mambo Component 2.0.0 - Remote File Inclusion pollxt Mambo Component 1.22.07 - Remote File Inclusion MiniBB Mambo Component 1.5a - Remote File Inclusion Mambo Component com_videodb 0.3en - Remote File Inclusion Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion Mambo Component com_loudmouth 4.0j - Remote File Inclusion Mambo Component pc_cookbook 0.3 - Remote File Inclusion Mambo Component perForms 1.0 - Remote File Inclusion Mambo Component com_hashcash 1.2.1 - Remote File Inclusion Mambo Module HTMLArea3 1.5 - Remote File Inclusion Mambo Component Sitemap 2.0.0 - Remote File Inclusion Mambo Component pollxt 1.22.07 - Remote File Inclusion Mambo Component MiniBB 1.5a - Remote File Inclusion MoSpray Mambo Component 18RC1 - Remote File Inclusion Mambo Component MoSpray 18RC1 - Remote File Inclusion Mam-Moodle Mambo Component alpha - Remote File Inclusion Mambo Component Mam-Moodle alpha - Remote File Inclusion multibanners Mambo Component 1.0.1 - Remote File Inclusion Mambo Component multibanners 1.0.1 - Remote File Inclusion PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion a6mambohelpdesk Mambo Component 18RC1 - Include Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion Mambo Security Images Component 3.0.5 - Inclusion Mambo MGM Component 0.95r2 - Remote File Inclusion Mambo Colophon Component 1.2 - Remote File Inclusion Mambo mambatStaff Component 3.1b - Remote File Inclusion Mambo Component Security Images 3.0.5 - Inclusion Mambo Component MGM 0.95r2 - Remote File Inclusion Mambo Component 'com_colophon' 1.2 - Remote File Inclusion Mambo Component mambatStaff 3.1b - Remote File Inclusion Mambo User Home Pages Component 0.5 - Remote File Inclusion Mambo Component User Home Pages 0.5 - Remote File Inclusion Mambo Remository Component 3.25 - Remote File Inclusion Mambo Component Remository 3.25 - Remote File Inclusion Mambo mmp Component 1.2 - Remote File Inclusion Mambo Component MMP 1.2 - Remote File Inclusion Mambo Peoplebook Component 1.0 - Remote File Inclusion Mambo Component Peoplebook 1.0 - Remote File Inclusion Mambo CopperminePhotoGalery Component - Remote File Inclusion Mambo Component CopperminePhotoGalery - Remote File Inclusion Mambo mambelfish Component 1.1 - Remote File Inclusion Mambo Component mambelfish 1.1 - Remote File Inclusion Mambo phpShop Component 1.2 RC2b - File Inclusion Mambo a6mambocredits Component 1.0.0 - File Inclusion Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion Mambo MamboWiki Component 0.9.6 - Remote File Inclusion Mambo Component MamboWiki 0.9.6 - Remote File Inclusion Mambo cropimage Component 1.0 - Remote File Inclusion Mambo Component cropimage 1.0 - Remote File Inclusion Mambo com_lurm_constructor Component 0.6b - Include Mambo Component com_lurm_constructor 0.6b - Remote File Inclusion mambo com_babackup Component 1.1 - File Inclusion Mambo Component com_babackup 1.1 - File Inclusion Mambo com_serverstat Component 0.4.4 - File Inclusion Mambo Component com_serverstat 0.4.4 - File Inclusion Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Include Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion Mambo com_registration_detailed 4.1 - Remote File Inclusion Mambo Component com_registration_detailed 4.1 - Remote File Inclusion MambWeather Mambo Module 1.8.1 - Remote File Inclusion Mambo Module MambWeather 1.8.1 - Remote File Inclusion com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure Serendipity 1.0.3 - 'comment.php' Local File Inclusion S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion Hewlett-Packard FTP Print Server 2.4.5 - Buffer Overflow (PoC) Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC) mambo Component nfnaddressbook 0.4 - Remote File Inclusion Mambo Component nfnaddressbook 0.4 - Remote File Inclusion Joomla! / Mambo Component SWmenuFree 4.0 - Remote File Inclusion Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion Irfanview 3.99 - '.ani' Local Buffer Overflow (1) IrfanView 3.99 - '.ani' Local Buffer Overflow (1) Irfanview 3.99 - '.ani' Local Buffer Overflow (2) IrfanView 3.99 - '.ani' Local Buffer Overflow (2) Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion Joomla! / Mambo Component article 1.1 - Remote File Inclusion Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion Irfanview 4.00 - '.iff' Buffer Overflow IrfanView 4.00 - '.iff' Buffer Overflow Mambo com_yanc 1.4 Beta - 'id' SQL Injection Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection Irfanview 4.10 - '.fpx' Memory Corruption IrfanView 4.10 - '.fpx' Memory Corruption Mambo 4.5 'com_newsletter' - 'listid' Parameter SQL Injection Mambo 'com_fq' - 'listid' Parameter SQL Injection Mambo 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component Glossary 2.0 - 'catid' SQL Injection Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection Mambo Component 'com_fq' - 'listid' Parameter SQL Injection Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection Mambo Component AkoGallery 2.5b - SQL Injection Mambo Component Catalogshop 1.0b1 - SQL Injection Mambo Component 'com_akogallery' 2.5b - SQL Injection Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection Mambo Component Awesom 0.3.2 - (listid) SQL Injection Mambo Component 'com_awesom' 0.3.2 - (listid) SQL Injection Mambo Component Portfolio 1.0 - 'categoryId' SQL Injection Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection Mambo Component accombo 1.x - 'id' SQL Injection Mambo Component 'com_accombo' 1.x - 'id' SQL Injection Mambo Component ahsShop 1.51 - (vara) SQL Injection Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection Mambo Component Galleries 1.0 - (aid) SQL Injection Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection Mambo 4.6.4 - (Output.php) Remote File Inclusion Mambo 4.6.4 - 'Output.php' Remote File Inclusion Mambo Component Articles - (artid) Blind SQL Injection Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection Mambo Component n-gallery - Multiple SQL Injections Mambo Component 'com_n-gallery' - Multiple SQL Injections Irfanview 3.99 - IFF File Local Stack Buffer Overflow IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow Mambo Component n-form - (form_id) Blind SQL Injection Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection Mambo com_sim 0.8 - Blind SQL Injection Mambo Component 'com_sim' 0.8 - Blind SQL Injection Mambo Component com_hestar - SQL Injection Mambo Component 'com_hestar' - SQL Injection Mambo com_koesubmit 1.0.0 - Remote File Inclusion Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion Joomla! / Mambo Component Tupinambis - SQL Injection Joomla! / Mambo Component 'com_tupinambis' - SQL Injection Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion Mambo Component Material Suche 1.0 - SQL Injection Mambo Component 'com_materialsuche' 1.0 - SQL Injection Mambo com_akogallery - SQL Injection Mambo Component 'com_akogallery' - SQL Injection Mambo Component com_acnews - [id] SQL Injection Mambo Component 'com_acnews' - 'id' Parameter SQL Injection Mambo Component com_mambads - SQL Injection Mambo Component 'com_mambads' - SQL Injection Rumba ftp Client 4.2 - PASV Buffer Overflow (SEH) Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH) Serendipity 1.5.4 - Arbitrary File Upload S9Y Serendipity 1.5.4 - Arbitrary File Upload Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service Irfanview 4.28 - Multiple Denial of Service Vulnerabilities IrfanView 4.28 - Multiple Denial of Service Vulnerabilities Irfanview 4.28 - ICO With Transparent Colour Denial of Service & RDenial of Service Irfanview 4.28 - ICO Without Transparent Colour Denial of Service & RDenial of Service IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service PCMan FTP Server Buffer Overflow - PUT Command (Metasploit) PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit) Mambo CMS 4.6.x - (4.6.5) SQL Injection Mambo 4.6.x < 4.6.5 - SQL Injection Mambo CMS 4.x - (Zorder) SQL Injection Mambo 4.x - 'Zorder' SQL Injection Irfanview - '.tiff' Image Processing Buffer Overflow IrfanView - '.tiff' Image Processing Buffer Overflow Irfanview FlashPix PlugIn - Double-Free IrfanView FlashPix PlugIn - Double-Free Irfanview FlashPix PlugIn - Decompression Heap Overflow IrfanView FlashPix PlugIn - Decompression Heap Overflow Serendipity 1.6 - Backend Cross-Site Scripting / SQL Injection S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection Irfanview 4.33 - Format PlugIn ECW Decompression Heap Overflow IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow Irfanview 4.33 - '.DJVU' Image Processing Heap Overflow IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow Irfanview JLS Formats PlugIn - Heap Overflow IrfanView JLS Formats PlugIn - Heap Overflow Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit) Irfan Skiljan IrfanView32 3.0.7 - Image File Buffer Overflow IrfanView32 3.0.7 - Image File Buffer Overflow Joomla! Component Event Booking 2.10.1 - SQL Injection Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection Irfanview - '.RLE' Image Decompression Buffer Overflow Irfanview - '.TIF' Image Decompression Buffer Overflow IrfanView - '.RLE' Image Decompression Buffer Overflow IrfanView - '.TIF' Image Decompression Buffer Overflow Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution Serendipity 0.x - exit.php HTTP Response Splitting S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting PCMan FTP Server 2.07 - PASS Command Buffer Overflow PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow PCMan FTP Server 2.07 - STOR Command Buffer Overflow PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH) freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow Joomla! Component VirtueMart 2.0.22a - SQL Injection Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit) PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit) Irfanview 3.98 - '.ANI' Image File Denial of Service IrfanView 3.98 - '.ANI' Image File Denial of Service Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion Mambo LMTG Myhomepage 1.2 Component - Multiple Remote File Inclusion Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion Mambo Display MOSBot Manager Component - MosConfig_absolute_path Remote File Inclusion Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion Mambo EstateAgent 1.0.2 Component - MosConfig_absolute_path Remote File Inclusion Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion Joomla! / Mambo Component Com_comprofiler 1.0 - class.php Remote File Inclusion Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion Hewlett-Packard 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Mambo MostlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion Irfanview 3.99 - Multiple BMP Denial of Service Vulnerabilities IrfanView 3.99 - Multiple .BMP Denial of Service Vulnerabilities Joomla! / Mambo Component Mod_Forum - PHPBB_Root.php Remote File Inclusion Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection Joomla! / Mambo Component com_filebase - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection PCMan FTP Server 2.07 - ABOR Command Buffer Overflow PCMan FTP Server 2.07 - CWD Command Buffer Overflow PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow Joomla! Component JomSocial 2.6 - Code Execution Joomla! Component 'com_community' 2.6 - Code Execution Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities Joomla! / Mambo Component Joomlaearn Lms - 'cat' Parameter SQL Injection Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection Joomla! Component YouTube Gallery - SQL Injection Joomla! Component 'com_youtubegallery' - SQL Injection Joomla! Component Spider Form Maker 3.4 - SQL Injection Joomla! Component 'com_formmaker' 3.4 - SQL Injection Joomla! Component Spider Calendar 3.2.6 - SQL Injection Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection Joomla! Component Spider Contacts 1.3.6 - (index.php contacts_id Parameter)SQL Injection Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection Joomla! Component Face Gallery 1.0 - Multiple Vulnerabilities Joomla! Component Mac Gallery 1.5 - Arbitrary File Download Joomla! Component 'com_facegallery' 1.0 - Multiple Vulnerabilities Joomla! Component 'com_macgallery' 1.5 - Arbitrary File Download Joomla! Component HD FLV Player < 2.1.0.1 - SQL Injection Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - SQL Injection Joomla! Component HD FLV Player < 2.1.0.1 - Arbitrary File Download Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download Mambo - 'com_docman' 1.3.0 Component Multiple SQL Injection Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting Mambo CMS 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities Hewlett-Packard UCMDB - JMX-Console Authentication Bypass Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery Serendipity 1.5.1 - 'research_display.php' SQL Injection S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection Mambo CMS N-Skyrslur - Cross-Site Scripting Mambo Component 'com_n-skyrslur' - Cross-Site Scripting Mambo CMS N-Gallery Component - SQL Injection Mambo CMS AHS Shop Component - SQL Injection Mambo Component 'com_n-gallery' - SQL Injection Mambo Component 'com_ahsshop' - SQL Injection Mambo CMS N-Press Component - SQL Injection Mambo Component 'com_n-press' - SQL Injection Mambo CMS N-Frettir Component - SQL Injection Mambo CMS N-Myndir Component - SQL Injection Mambo Component 'com_n-frettir' - SQL Injection Mambo Component 'com_n-myndir' - SQL Injection Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting Joomla! Component Simple Photo Gallery 1.0 - Arbitrary File Upload Joomla! Component 'com_simplephotogallery' 1.0 - Arbitrary File Upload Joomla! Component Simple Photo Gallery 1.0 - SQL Injection Joomla! Component 'com_simplephotogallery' 1.0 - SQL Injection Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection Joomla! Component Spider FAQ - SQL Injection Joomla! Component 'com_spiderfaq' - SQL Injection Joomla! Component Gallery WD - SQL Injection Joomla! Component Contact Form Maker 1.0.1 - SQL Injection Joomla! Component 'com_gallery_wd' - SQL Injection Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection Joomla! Component Spider Random Article - SQL Injection Joomla! Component 'com_rand' - SQL Injection Joomla! Component SimpleImageUpload - Arbitrary File Upload Joomla! Component 'com_simpleimageupload' - Arbitrary File Upload Joomla! Component DOCman - Multiple Vulnerabilities Joomla! Component 'com_docman' - Multiple Vulnerabilities Joomla! Plugin Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow Joomla! Component Event Manager 2.1.4 - Multiple Vulnerabilities Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities Joomla! Component com_memorix - SQL Injection Joomla! Component com_informations - SQL Injection Joomla! Component 'com_memorix' - SQL Injection Joomla! Component 'com_informations' - SQL Injection PCMan FTP Server 2.0.7 - GET Command Buffer Overflow PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow Joomla! Component Real Estate Manager 3.7 - SQL Injection Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection Joomla! Extension Realtyna RPL 8.9.2 - Multiple SQL Injections Joomla! Extension Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection Joomla! Component 'com_jnews' 8.5.1 - SQL Injection Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting Joomla! Component JVideoClip - 'uid' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component Content History - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit) Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Aclsfgpl - 'index.php' Arbitrary File Upload Joomla! Component 'com_aclsfgpl' - 'index.php' Arbitrary File Upload Joomla! Component Wire Immogest - 'index.php' SQL Injection Joomla! Component 'com_wire_immogest' - 'index.php' SQL Injection Joomla! Component Almond Classifieds - Arbitrary File Upload Joomla! Component 'com_aclassfb' - Arbitrary File Upload Joomla! Extension Sexy Polling - 'answer_id' Parameter SQL Injection Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution Joomla! Plugin Projoom NovaSFH - 'upload.php' Arbitrary File Upload Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Extension Spider Video Player - 'theme' Parameter SQL Injection Joomla! Component 'spidervideoplayer' - 'theme' Parameter SQL Injection Joomla! Extension JSN Poweradmin 2.3.0 - Multiple Vulnerabilities Joomla! Component 'com_poweradmin' 2.3.0 - Multiple Vulnerabilities Joomla! Component Easy YouTube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit) PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit) Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities Joomla! Component 'SecurityCheck' 2.8.9 - Multiple Vulnerabilities Joomla! Extension PayPlans (com_payplans) 3.3.6 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component En Masse (com_enmasse) 5.1 < 6.4 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component BT Media (com_bt_media) - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component Publisher Pro (com_publisher) - SQL Injection Joomla! Component 'com_publisher' - SQL Injection Joomla! Component Guru Pro (com_guru) - SQL Injection PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit) Joomla! Component 'com_guru' - SQL Injection PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit) Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097) Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097) Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097) Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124) freeFTPd 1.0.8 - 'mkd' Command Denial Of Service Micro Focus Rumba 9.4 - Local Denial Of Service Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow S9Y Serendipity 2.0.4 - Cross-Site Scripting Rumba FTP Client 4.x - Stack buffer overflow (SEH) Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free OS X/iOS Kernel - IOSurface Use-After-Free OS X/iOS - mach_ports_register Multiple Memory Safety Issues NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d NVIDIA Driver - No Bounds Checking in Escape 0x7000194 NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation NVIDIA Driver - Escape 0x100010b Missing Bounds Check NVIDIA Driver - No Bounds Checking in Escape 0x7000170 NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027 NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2 NVIDIA Driver - Missing Bounds Check in Escape 0x100009a NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5 NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014 NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9 MacOS 10.12 - 'task_t' Privilege Escalation PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow	2016-11-01 05:01:18 +00:00

Author

SHA1

Message

Date

Offensive Security

c27aa131c8

DB: 2016-11-15

5 new exploits

MyServer 0.8.11 - (204 No Content) error Remote Denial of Service
MyServer 0.8.11 - '204 No Content' error Remote Denial of Service

Microsoft Internet Explorer 11 MSHTML - CMapElement::Notify Use-After-Free (MS15-009)

Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 9<11 MSHTML - PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104)

MySQL 4.0.17 - UDF Dynamic Library Exploit
MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1)

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Privilege Escalation
MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2)

Solaris 8 / 9 - (/usr/ucb/ps) Local Information Leak Exploit
Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit

Solaris 10 (libnspr) - Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)

Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)

Solaris 10 (libnspr) - Constructor Privilege Escalation
Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)

IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

Apple MacOS 10.12 - 'task_t' Privilege Escalation
Apple macOS 10.12 - 'task_t' Privilege Escalation

Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation
Solaris 8/9 ps - Environment Variable Information Leak
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation
Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation
Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)

Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - /bin/login Buffer Overflow
Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow

Oracle 9i / 10g (extproc) - Local+Remote Command Execution
Oracle 9i / 10g (extproc) - Local / Remote Command Execution

Solaris/SPARC 2.5.1/2.6/7/8 - Derived 'login' Buffer Overflow

Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Disk Pulse Enterprise - Login Buffer Overflow' (Metasploit)

MiniNuke 1.8.2 - (news.asp hid) SQL Injection
MiniNuke 1.8.2 - 'hid' Parameter SQL Injection

MiniNuke 1.8.2b - (pages.asp) SQL Injection
MiniNuke 1.8.2b - 'pages.asp' SQL Injection

MiniNuke 2.x - (create an admin) SQL Injection
MiniNuke 2.x - SQL Injection (Add Admin)

Nukedit CMS 4.9.6 - Unauthorized Admin Add Exploit
Nukedit CMS 4.9.6 - Unauthorized Admin Add

Portail Web PHP 2.5.1 - (includes.php) Remote File Inclusion
Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion
CodeBreak 1.1.2 - (codebreak.php) Remote File Inclusion
Mambo Module Weather - 'absolute_path' Remote File Inclusion
CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion
Mambo Module Weather - 'absolute_path' Parameter Remote File Inclusion

mxBB Module MX Shotcast 1.0 RC2 - (getinfo1.php) Remote File Inclusion
mxBB Module MX Shotcast 1.0 RC2 - 'getinfo1.php' Remote File Inclusion

RicarGBooK 1.2.1 - (header.php lang) Local File Inclusion
RicarGBooK 1.2.1 - 'lang' Parameter Local File Inclusion

BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection
MultiCart 2.0 - (productdetails.php) SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' SQL Injection
PHP-Nuke Module Siir - 'id' SQL Injection
MultiCart 2.0 - 'productdetails.php' SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' Parameter SQL Injection
PHP-Nuke Module Siir - 'id' Parameter SQL Injection
OSSIM 0.9.9rc5 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
PHP-Nuke Module NukeC 2.1 - (id_catg) SQL Injection
OSSIM 0.9.9rc5 - Cross-Site Scripting / SQL Injection
PHP-Nuke Module NukeC 2.1 - 'id_catg' Parameter SQL Injection

PHPProfiles 4.5.2 Beta - (body_comm.inc.php) Remote File Inclusion
PHPProfiles 4.5.2 Beta - 'body_comm.inc.php' Remote File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Local File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Remote File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Local File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
PHP-Nuke Module Kose_Yazilari - (artid) SQL Injection
MiniNuke 2.1 - (members.asp uid) SQL Injection
PHP-Nuke Module Kose_Yazilari - 'artid' Parameter SQL Injection
MiniNuke 2.1 - 'uid' Parameter SQL Injection
Nukedit 4.9.x - Remote Create Admin Exploit
WordPress Plugin Sniplets 1.1.2 - (Remote File Inclusion / Cross-Site Scripting / Remote Code Execution) Multiple Vulnerabilities
Mambo Component SimpleBoard 1.0.3 - 'catid' SQL Injection
Nukedit 4.9.x - Remote Create Admin
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
Mambo Component SimpleBoard 1.0.3 - 'catid' Parameter SQL Injection
GROUP-E 1.6.41 - (head_auth.php) Remote File Inclusion
Koobi Pro 5.7 - (categ) SQL Injection
GROUP-E 1.6.41 - 'head_auth.php' Remote File Inclusion
Dream4 Koobi Pro 5.7 - 'categ' Parameter SQL Injection
barryvan compo manager 0.5pre-1 - Remote File Inclusion
PHP-Nuke My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - (get_image.php) Remote File Disclosure
Koobi CMS 4.3.0 < 4.2.3 - (categ) SQL Injection
Barryvan Compo Manager 0.3 - Remote File Inclusion
PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure
Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' Parameter SQL Injection
Koobi Pro 6.25 - links SQL Injection
Koobi Pro 6.25 - shop SQL Injection
Koobi Pro 6.25 - gallery SQL Injection
Koobi Pro 6.25 - showimages SQL Injection
Koobi 4.4/5.4 - gallery SQL Injection
Dream4 Koobi Pro 6.25 Links - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Shop - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Gallery - 'galid' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Showimages - 'galid' Parameter SQL Injection
Dream4 Koobi 4.4/5.4 - gallery SQL Injection
Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Koobi Pro 6.25 - poll SQL Injection
Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Dream4 Koobi Pro 6.25 Poll - 'poll_id' Parameter SQL Injection

Podcast Generator 1.2 - GLOBALS[] Multiple Vulnerabilities
Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities

DBHCMS Web Content Management System 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - Remote File Inclusion

Koobi Pro 6.1 - Gallery (img_id)
Dream4 Koobi Pro 6.1 Gallery - 'img_id' Parameter SQL Injection

dbhcms 1.1.4 - Persistent Cross-Site Scripting
DBHcms 1.1.4 - Persistent Cross-Site Scripting

DBHcms 1.1.4 (dbhcms_user and SearchString) - SQL Injection
DBHcms 1.1.4 - 'dbhcms_user/SearchString' Parameter SQL Injection

podcast generator 1.3 - Multiple Vulnerabilities
Podcast Generator 1.3 - Multiple Vulnerabilities

PHP Download Manager 1.1.x - files.php SQL Injection
PHP Download Manager 1.1.x - 'files.php' SQL Injection

Koobi 5.0 - BBCode URL Tag Script Injection
Dream4 Koobi 5.0 - BBCode URL Tag Script Injection

Koobi Pro 5.6 - showtopic Module toid Parameter Cross-Site Scripting
Koobi Pro 5.6 - showtopic Module toid Parameter SQL Injection
Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection
Portail Web PHP 2.5.1 - config/conf-activation.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - menu/item.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - modules/conf_modules.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - system/login.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion

Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting

Barryvan Compo Manager 0.3 - 'main.php' Remote File Inclusion

Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities

DrBenHur.com DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion

Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution

2016-11-15 05:01:20 +00:00

Offensive Security

18f707fb94

DB: 2016-11-01

24 new exploits

Serendipity 0.7-beta1 - SQL Injection (PoC)
S9Y Serendipity 0.7-beta1 - SQL Injection (PoC)

Serendipity 0.8beta4 - exit.php SQL Injection
S9Y Serendipity 0.8beta4 - exit.php SQL Injection
CBSms Mambo Module 1.0 - Remote File Inclusion
Pearl For Mambo 1.6 - Multiple Remote File Inclusion
Mambo Module CBSms 1.0 - Remote File Inclusion
Mambo Component Pearl 1.6 - Multiple Remote File Inclusion

galleria Mambo Module 1.0b - Remote File Inclusion
Mambo Module galleria 1.0b - Remote File Inclusion
SimpleBoard Mambo Component 1.1.0 - Remote File Inclusion
com_forum Mambo Component 1.2.4RC3 - Remote File Inclusion
Mambo Component SimpleBoard 1.1.0 - Remote File Inclusion
Mambo Component com_forum 1.2.4RC3 - Remote File Inclusion
com_videodb Mambo Component 0.3en - Remote File Inclusion
SMF Forum Mambo Component 1.3.1.3 - Include
com_extcalendar Mambo Component 2.0 - Include
com_loudmouth Mambo Component 4.0j - Include
pc_cookbook Mambo Component 0.3 - Include
perForms Mambo Component 1.0 - Remote File Inclusion
com_hashcash Mambo Component 1.2.1 - Include
HTMLArea3 Mambo Module 1.5 - Remote File Inclusion
Sitemap Mambo Component 2.0.0 - Remote File Inclusion
pollxt Mambo Component 1.22.07 - Remote File Inclusion
MiniBB Mambo Component 1.5a - Remote File Inclusion
Mambo Component com_videodb 0.3en - Remote File Inclusion
Mambo Component SMF Forum 1.3.1.3 - Remote File Inclusion
Mambo Component 'com_extcalendar' 2.0 - Remote File Inclusion
Mambo Component com_loudmouth 4.0j - Remote File Inclusion
Mambo Component pc_cookbook 0.3 - Remote File Inclusion
Mambo Component perForms 1.0 - Remote File Inclusion
Mambo Component com_hashcash 1.2.1 - Remote File Inclusion
Mambo Module HTMLArea3 1.5 - Remote File Inclusion
Mambo Component Sitemap 2.0.0 - Remote File Inclusion
Mambo Component pollxt 1.22.07 - Remote File Inclusion
Mambo Component MiniBB 1.5a - Remote File Inclusion

MoSpray Mambo Component 18RC1 - Remote File Inclusion
Mambo Component MoSpray 18RC1 - Remote File Inclusion

Mam-Moodle Mambo Component alpha - Remote File Inclusion
Mambo Component Mam-Moodle alpha - Remote File Inclusion

multibanners Mambo Component 1.0.1 - Remote File Inclusion
Mambo Component multibanners 1.0.1 - Remote File Inclusion

PrinceClan Chess Mambo Com 0.8 - Remote File Inclusion
Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion

a6mambohelpdesk Mambo Component 18RC1 - Include
Mambo Component 'com_a6mambohelpdesk' 18RC1 - Remote File Inclusion
Mambo Security Images Component 3.0.5 - Inclusion
Mambo MGM Component 0.95r2 - Remote File Inclusion
Mambo Colophon Component 1.2 - Remote File Inclusion
Mambo mambatStaff Component 3.1b - Remote File Inclusion
Mambo Component Security Images 3.0.5 - Inclusion
Mambo Component MGM 0.95r2 - Remote File Inclusion
Mambo Component 'com_colophon' 1.2 - Remote File Inclusion
Mambo Component mambatStaff 3.1b - Remote File Inclusion

Mambo User Home Pages Component 0.5 - Remote File Inclusion
Mambo Component User Home Pages 0.5 - Remote File Inclusion

Mambo Remository Component 3.25 - Remote File Inclusion
Mambo Component Remository 3.25 - Remote File Inclusion

Mambo mmp Component 1.2 - Remote File Inclusion
Mambo Component MMP 1.2 - Remote File Inclusion

Mambo Peoplebook Component 1.0 - Remote File Inclusion
Mambo Component Peoplebook 1.0 - Remote File Inclusion

Mambo CopperminePhotoGalery Component - Remote File Inclusion
Mambo Component CopperminePhotoGalery - Remote File Inclusion

Mambo mambelfish Component 1.1 - Remote File Inclusion
Mambo Component mambelfish 1.1 - Remote File Inclusion
Mambo phpShop Component 1.2 RC2b - File Inclusion
Mambo a6mambocredits Component 1.0.0 - File Inclusion
Mambo Component 'com_phpshop' 1.2 RC2b - File Inclusion
Mambo Component 'com_a6mambocredits' 1.0.0 - File Inclusion

Mambo MamboWiki Component 0.9.6 - Remote File Inclusion
Mambo Component MamboWiki 0.9.6 - Remote File Inclusion

Mambo cropimage Component 1.0 - Remote File Inclusion
Mambo Component cropimage 1.0 - Remote File Inclusion

Mambo com_lurm_constructor Component 0.6b - Include
Mambo Component com_lurm_constructor 0.6b - Remote File Inclusion

mambo com_babackup Component 1.1 - File Inclusion
Mambo Component com_babackup 1.1 - File Inclusion

Mambo com_serverstat Component 0.4.4 - File Inclusion
Mambo Component com_serverstat 0.4.4 - File Inclusion

Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Include
Coppermine Photo Gallery 1.2.2b (Nuke Addon) - Remote File Inclusion

Mambo com_registration_detailed 4.1 - Remote File Inclusion
Mambo Component com_registration_detailed 4.1 - Remote File Inclusion

MambWeather Mambo Module 1.8.1 - Remote File Inclusion
Mambo Module MambWeather 1.8.1 - Remote File Inclusion

com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure
Mambo Component com_flyspray <= 1.0.1 - Remote File Disclosure

Serendipity 1.0.3 - 'comment.php' Local File Inclusion
S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion

Hewlett-Packard FTP Print Server 2.4.5 - Buffer Overflow (PoC)
Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC)

mambo Component nfnaddressbook 0.4 - Remote File Inclusion
Mambo Component nfnaddressbook 0.4 - Remote File Inclusion

Joomla! / Mambo Component SWmenuFree 4.0 - Remote File Inclusion
Joomla! / Mambo Component 'com_swmenupro' 4.0 - Remote File Inclusion

Irfanview 3.99 - '.ani' Local Buffer Overflow (1)
IrfanView 3.99 - '.ani' Local Buffer Overflow (1)

Irfanview 3.99 - '.ani' Local Buffer Overflow (2)
IrfanView 3.99 - '.ani' Local Buffer Overflow (2)

Joomla! / Mambo Component Taskhopper 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_thopper' 1.1 - Remote File Inclusion

Joomla! / Mambo Component article 1.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_articles' 1.1 - Remote File Inclusion

Irfanview 4.00 - '.iff' Buffer Overflow
IrfanView 4.00 - '.iff' Buffer Overflow

Mambo com_yanc 1.4 Beta - 'id' SQL Injection
Mambo Component com_yanc 1.4 Beta - 'id' SQL Injection

Joomla! / Mambo Component rsgallery 2.0b5 - 'catid' SQL Injection
Joomla! / Mambo Component 'com_rsgallery' 2.0b5 - 'catid' SQL Injection

Irfanview 4.10 - '.fpx' Memory Corruption
IrfanView 4.10 - '.fpx' Memory Corruption
Mambo 4.5 'com_newsletter' - 'listid' Parameter SQL Injection
Mambo 'com_fq' - 'listid' Parameter SQL Injection
Mambo 'com_mamml' - 'listid' Parameter SQL Injection
Mambo Component Glossary 2.0 - 'catid' SQL Injection
Mambo Component 'com_newsletter' 4.5 - 'listid' Parameter SQL Injection
Mambo Component 'com_fq' - 'listid' Parameter SQL Injection
Mambo Component 'com_mamml' - 'listid' Parameter SQL Injection
Mambo Component 'com_glossary' 2.0 - 'catid' SQL Injection
Mambo Component AkoGallery 2.5b - SQL Injection
Mambo Component Catalogshop 1.0b1 - SQL Injection
Mambo Component 'com_akogallery' 2.5b - SQL Injection
Mambo Component 'com_catalogshop' 1.0b1 - SQL Injection

Mambo Component Awesom 0.3.2 - (listid) SQL Injection
Mambo Component 'com_awesom' 0.3.2 - (listid) SQL Injection

Mambo Component Portfolio 1.0 - 'categoryId' SQL Injection
Mambo Component 'com_portfolio' 1.0 - 'categoryId' SQL Injection

Mambo Component accombo 1.x - 'id' SQL Injection
Mambo Component 'com_accombo' 1.x - 'id' SQL Injection

Mambo Component ahsShop 1.51 - (vara) SQL Injection
Mambo Component 'com_ahsshop' 1.51 - 'vara' Parameter SQL Injection

Mambo Component Galleries 1.0 - (aid) SQL Injection
Mambo Component 'com_galleries' 1.0 - 'aid' Parameter SQL Injection

Mambo 4.6.4 - (Output.php) Remote File Inclusion
Mambo 4.6.4 - 'Output.php' Remote File Inclusion

Mambo Component Articles - (artid) Blind SQL Injection
Mambo Component 'articles' - 'artid' Parameter Blind SQL Injection

Mambo Component n-gallery - Multiple SQL Injections
Mambo Component 'com_n-gallery' - Multiple SQL Injections

Irfanview 3.99 - IFF File Local Stack Buffer Overflow
IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow

Mambo Component n-form - (form_id) Blind SQL Injection
Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection

Mambo com_sim 0.8 - Blind SQL Injection
Mambo Component 'com_sim' 0.8 - Blind SQL Injection

Mambo Component com_hestar - SQL Injection
Mambo Component 'com_hestar' - SQL Injection

Mambo com_koesubmit 1.0.0 - Remote File Inclusion
Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion

Joomla! / Mambo Component Tupinambis - SQL Injection
Joomla! / Mambo Component 'com_tupinambis' - SQL Injection

Joomla! / Mambo Component com_ezine 2.1 - Remote File Inclusion
Joomla! / Mambo Component 'com_ezine' 2.1 - Remote File Inclusion

Mambo Component Material Suche 1.0 - SQL Injection
Mambo Component 'com_materialsuche' 1.0 - SQL Injection

Mambo com_akogallery - SQL Injection
Mambo Component 'com_akogallery' - SQL Injection

Mambo Component com_acnews - [id] SQL Injection
Mambo Component 'com_acnews' - 'id' Parameter SQL Injection

Mambo Component com_mambads - SQL Injection
Mambo Component 'com_mambads' - SQL Injection

Rumba ftp Client 4.2 - PASV Buffer Overflow (SEH)
Rumba FTP Client 4.2 - PASV Buffer Overflow (SEH)

Serendipity 1.5.4 - Arbitrary File Upload
S9Y Serendipity 1.5.4 - Arbitrary File Upload

Irfanview 4.27 - 'JP2000.dll' plugin Denial of Service
IrfanView 4.27 - 'JP2000.dll' plugin Denial of Service

Irfanview 4.28 - Multiple Denial of Service Vulnerabilities
IrfanView 4.28 - Multiple Denial of Service Vulnerabilities
Irfanview 4.28 - ICO With Transparent Colour Denial of Service & RDenial of Service
Irfanview 4.28 - ICO Without Transparent Colour Denial of Service & RDenial of Service
IrfanView 4.28 - .ICO With Transparent Colour Denial of Service / Remote Denial of Service
IrfanView 4.28 - .ICO Without Transparent Colour Denial of Service / Remote Denial of Service

PCMan FTP Server Buffer Overflow - PUT Command (Metasploit)
PCMan FTP Server Buffer Overflow - 'PUT' Command (Metasploit)

Mambo CMS 4.6.x - (4.6.5) SQL Injection
Mambo 4.6.x < 4.6.5 - SQL Injection

Mambo CMS 4.x - (Zorder) SQL Injection
Mambo 4.x - 'Zorder' SQL Injection

Irfanview - '.tiff' Image Processing Buffer Overflow
IrfanView - '.tiff' Image Processing Buffer Overflow

Irfanview FlashPix PlugIn - Double-Free
IrfanView FlashPix PlugIn - Double-Free

Irfanview FlashPix PlugIn - Decompression Heap Overflow
IrfanView FlashPix PlugIn - Decompression Heap Overflow

Serendipity 1.6 - Backend Cross-Site Scripting / SQL Injection
S9Y Serendipity 1.6 - (Backend) Cross-Site Scripting / SQL Injection

Irfanview 4.33 - Format PlugIn ECW Decompression Heap Overflow
IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow

Irfanview 4.33 - Format PlugIn TTF File Parsing Stack Based Overflow
IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow

Irfanview 4.33 - '.DJVU' Image Processing Heap Overflow
IrfanView 4.33 - '.DJVU' Image Processing Heap Overflow

Irfanview JLS Formats PlugIn - Heap Overflow
IrfanView JLS Formats PlugIn - Heap Overflow

Irfanview JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit)
IrfanView JPEG2000 4.3.2.0 - jp2 Stack Buffer Overflow (Metasploit)

Irfan Skiljan IrfanView32 3.0.7 - Image File Buffer Overflow
IrfanView32 3.0.7 - Image File Buffer Overflow

Joomla! Component Event Booking 2.10.1 - SQL Injection
Joomla! Component 'com_eventbooking' 2.10.1 - SQL Injection

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component 'com_videogallerylite' 1.0.9 - SQL Injection
Irfanview - '.RLE' Image Decompression Buffer Overflow
Irfanview - '.TIF' Image Decompression Buffer Overflow
IrfanView - '.RLE' Image Decompression Buffer Overflow
IrfanView - '.TIF' Image Decompression Buffer Overflow

Irfanview 4.33 - 'IMXCF.dll' Plugin Code Execution
IrfanView 4.33 - 'IMXCF.dll' Plugin Code Execution

Serendipity 0.x - exit.php HTTP Response Splitting
S9Y Serendipity 0.x - 'exit.php' HTTP Response Splitting

PCMan FTP Server 2.07 - PASS Command Buffer Overflow
PCMan FTP Server 2.07 - 'PASS' Command Buffer Overflow

PCMan FTP Server 2.07 - STOR Command Buffer Overflow
PCMan FTP Server 2.07 - 'STOR' Command Buffer Overflow

freeFTPd 1.0.10 - 'PASS' Buffer Overflow (SEH)
freeFTPd 1.0.10 - 'PASS' SEH Buffer Overflow

Joomla! Component VirtueMart 2.0.22a - SQL Injection
Joomla! Component 'com_virtuemart' 2.0.22a - SQL Injection

phpBB 1.2.4 For Mambo - Multiple Remote File Inclusion
Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusion

Calendar Module 1.5.7 For Mambo - Com_Calendar.php Remote File Inclusion
Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion

PCMan FTP Server 2.07 - STOR Command Stack Overflow (Metasploit)
PCMan FTP Server 2.07 - 'STOR' Command Stack Overflow (Metasploit)

Irfanview 3.98 - '.ANI' Image File Denial of Service
IrfanView 3.98 - '.ANI' Image File Denial of Service

Reporter 1.0 Mambo Component - Reporter.sql.php Remote File Inclusion
Mambo Component Reporter 1.0 - 'Reporter.sql.php' Remote File Inclusion
Mambo LMTG Myhomepage 1.2 Component - Multiple Remote File Inclusion
Mambo Rssxt Component 1.0 - MosConfig_absolute_path Multiple Remote File Inclusion
Mambo Component 'lmtg_myhomepage' 1.2 - Multiple Remote File Inclusion
Mambo Component 'com_rssxt' 1.0 - 'MosConfig_absolute_path' Parameter Multiple Remote File Inclusion

Mambo Display MOSBot Manager Component - MosConfig_absolute_path Remote File Inclusion
Mambo Component 'com_admin-copy_module' - 'MosConfig_absolute_path' Parameter Remote File Inclusion

Mambo EstateAgent 1.0.2 Component - MosConfig_absolute_path Remote File Inclusion
Mambo Component EstateAgent 1.0.2 - MosConfig_absolute_path Remote File Inclusion

Joomla! / Mambo Component Com_comprofiler 1.0 - class.php Remote File Inclusion
Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion

Hewlett-Packard 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery
Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery

Mambo MostlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion
Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion

Irfanview 3.99 - Multiple BMP Denial of Service Vulnerabilities
IrfanView 3.99 - Multiple .BMP Denial of Service Vulnerabilities

Joomla! / Mambo Component Mod_Forum - PHPBB_Root.php Remote File Inclusion
Joomla! / Mambo Component Mod_Forum - 'PHPBB_Root.php' Remote File Inclusion

Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting
Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting

Mambo MOStlyCE Module 2.4 Image Manager Utility - Arbitrary File Upload
Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload

Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting
S9Y Serendipity Freetag-plugin 2.95 - 'style' Parameter Cross-Site Scripting
Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection
Joomla! Component 'com_komento' 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component 'com_jvcomment' 3.0.2 - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_sg - 'pid' Parameter SQL Injection
Joomla! / Mambo Component 'com_sg' - 'pid' Parameter SQL Injection

Joomla! / Mambo Component com_salesrep - 'rid' Parameter SQL Injection
Joomla! / Mambo Component 'com_salesrep' - 'rid' Parameter SQL Injection
Joomla! / Mambo Component com_filebase - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component com_scheduling - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_filebase' - 'filecatid' Parameter SQL Injection
Joomla! / Mambo Component 'com_scheduling' - 'id' Parameter SQL Injection

Joomla! / Mambo Component com_profile - 'oid' Parameter SQL Injection
Joomla! / Mambo Component 'com_profile' - 'oid' Parameter SQL Injection

Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_detail' - 'id' Parameter SQL Injection
PCMan FTP Server 2.07 - ABOR Command Buffer Overflow
PCMan FTP Server 2.07 - CWD Command Buffer Overflow
PCMan FTP Server 2.07 - 'ABOR' Command Buffer Overflow
PCMan FTP Server 2.07 - 'CWD' Command Buffer Overflow

Joomla! Component JomSocial 2.6 - Code Execution
Joomla! Component 'com_community' 2.6 - Code Execution

Joomla! / Mambo Component Datsogallery 1.3.1 - 'id' Parameter SQL Injection
Joomla! / Mambo Component 'com_datsogallery' 1.3.1 - 'id' Parameter SQL Injection

Serendipity 1.7.5 (Backend) - Multiple Vulnerabilities
S9Y Serendipity 1.7.5 - (Backend) Multiple Vulnerabilities

Joomla! / Mambo Component Joomlaearn Lms - 'cat' Parameter SQL Injection
Joomla! / Mambo Component 'com_lms' - 'cat' Parameter SQL Injection

Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
Joomla! / Mambo Component 'com_gigcal' 1.0 - 'banddetails.php' SQL Injection

Joomla! Component YouTube Gallery - SQL Injection
Joomla! Component 'com_youtubegallery' - SQL Injection

Joomla! Component Spider Form Maker 3.4 - SQL Injection
Joomla! Component 'com_formmaker' 3.4 - SQL Injection

Joomla! Component Spider Calendar 3.2.6 - SQL Injection
Joomla! Component 'com_spidercalendar' 3.2.6 - SQL Injection

Joomla! Component Spider Contacts 1.3.6 - (index.php contacts_id Parameter)SQL Injection
Joomla! Component 'com_spidercontacts' 1.3.6 - 'contacts_id' Parameter SQL Injection
Joomla! Component Face Gallery 1.0 - Multiple Vulnerabilities
Joomla! Component Mac Gallery 1.5 - Arbitrary File Download
Joomla! Component 'com_facegallery' 1.0 - Multiple Vulnerabilities
Joomla! Component 'com_macgallery' 1.5 - Arbitrary File Download

Joomla! Component HD FLV Player < 2.1.0.1 - SQL Injection
Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - SQL Injection

Joomla! Component HD FLV Player < 2.1.0.1 - Arbitrary File Download
Joomla! Component 'com_hdflvplayer' < 2.1.0.1 - Arbitrary File Download

Mambo - 'com_docman' 1.3.0 Component Multiple SQL Injection
Mambo Component 'com_docman' 1.3.0 - Multiple SQL Injection

Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting

Mambo CMS 4.6.x - Multiple Cross-Site Scripting Vulnerabilities
Mambo 4.6.x - Multiple Cross-Site Scripting Vulnerabilities

Hewlett-Packard UCMDB - JMX-Console Authentication Bypass
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass

PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command
PCMan FTP Server 2.0.7 - 'MKD' Command Buffer Overflow

Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery
Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery

Serendipity 1.5.1 - 'research_display.php' SQL Injection
S9Y Serendipity 1.5.1 - 'research_display.php' SQL Injection

Mambo CMS N-Skyrslur - Cross-Site Scripting
Mambo Component 'com_n-skyrslur' - Cross-Site Scripting
Mambo CMS N-Gallery Component - SQL Injection
Mambo CMS AHS Shop Component - SQL Injection
Mambo Component 'com_n-gallery' - SQL Injection
Mambo Component 'com_ahsshop' - SQL Injection

Mambo CMS N-Press Component - SQL Injection
Mambo Component 'com_n-press' - SQL Injection
Mambo CMS N-Frettir Component - SQL Injection
Mambo CMS N-Myndir Component - SQL Injection
Mambo Component 'com_n-frettir' - SQL Injection
Mambo Component 'com_n-myndir' - SQL Injection

Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting
S9Y Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting

Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting
S9Y Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting

Joomla! Component Simple Photo Gallery 1.0 - Arbitrary File Upload
Joomla! Component 'com_simplephotogallery' 1.0 - Arbitrary File Upload

Joomla! Component Simple Photo Gallery 1.0 - SQL Injection
Joomla! Component 'com_simplephotogallery' 1.0 - SQL Injection

Joomla! Plugin eCommerce-WD 1.2.5 - SQL Injection
Joomla! Component 'com_ecommercewd' 1.2.5 - SQL Injection

Joomla! Component Spider FAQ - SQL Injection
Joomla! Component 'com_spiderfaq' - SQL Injection
Joomla! Component Gallery WD - SQL Injection
Joomla! Component Contact Form Maker 1.0.1 - SQL Injection
Joomla! Component 'com_gallery_wd' - SQL Injection
Joomla! Component 'com_contactformmaker' 1.0.1 - SQL Injection

Joomla! Component Spider Random Article - SQL Injection
Joomla! Component 'com_rand' - SQL Injection

Joomla! Component SimpleImageUpload - Arbitrary File Upload
Joomla! Component 'com_simpleimageupload' - Arbitrary File Upload

Joomla! Component DOCman - Multiple Vulnerabilities
Joomla! Component 'com_docman' - Multiple Vulnerabilities

Joomla! Plugin Helpdesk Pro < 1.4.0 - Multiple Vulnerabilities
Joomla! Component 'com_helpdeskpro' < 1.4.0 - Multiple Vulnerabilities

PCMan FTP Server 2.0.7 - PUT Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'PUT' Command Buffer Overflow

Joomla! Component Event Manager 2.1.4 - Multiple Vulnerabilities
Joomla! Component 'com_jem' 2.1.4 - Multiple Vulnerabilities
Joomla! Component com_memorix - SQL Injection
Joomla! Component com_informations - SQL Injection
Joomla! Component 'com_memorix' - SQL Injection
Joomla! Component 'com_informations' - SQL Injection

PCMan FTP Server 2.0.7 - GET Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow

PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow
PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow

Joomla! Component Real Estate Manager 3.7 - SQL Injection
Joomla! Component 'com_realestatemanager' 3.7 - SQL Injection
Joomla! Extension Realtyna RPL 8.9.2 - Multiple SQL Injections
Joomla! Extension Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
Joomla! Component 'com_rpl' 8.9.2 - Multiple SQL Injections
Joomla! Component 'com_rpl' 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery

Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection
Joomla! Component 'com_jnews' 8.5.1 - SQL Injection

Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting
S9Y Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting

Joomla! Component JVideoClip - 'uid' Parameter SQL Injection
Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection

Joomla! Component Content History - SQL Injection / Remote Code Execution (Metasploit)
Joomla! Component 'com_contenthistory' - SQL Injection / Remote Code Execution (Metasploit)

Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload
Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload

Joomla! Component Aclsfgpl - 'index.php' Arbitrary File Upload
Joomla! Component 'com_aclsfgpl' - 'index.php' Arbitrary File Upload

Joomla! Component Wire Immogest - 'index.php' SQL Injection
Joomla! Component 'com_wire_immogest' - 'index.php' SQL Injection

Joomla! Component Almond Classifieds - Arbitrary File Upload
Joomla! Component 'com_aclassfb' - Arbitrary File Upload

Joomla! Extension Sexy Polling - 'answer_id' Parameter SQL Injection
Joomla! Component 'com_sexypolling' - 'answer_id' Parameter SQL Injection

Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution
Joomla! 1.5 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution

Joomla! Plugin Projoom NovaSFH - 'upload.php' Arbitrary File Upload
Joomla! Component 'com_novasfh' - 'upload.php' Arbitrary File Upload

Joomla! Component Inneradmission - 'index.php' SQL Injection
Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection

Joomla! Extension Spider Video Player - 'theme' Parameter SQL Injection
Joomla! Component 'spidervideoplayer' - 'theme' Parameter SQL Injection

Joomla! Extension JSN Poweradmin 2.3.0 - Multiple Vulnerabilities
Joomla! Component 'com_poweradmin' 2.3.0 - Multiple Vulnerabilities

Joomla! Component Easy YouTube Gallery 1.0.2 - SQL Injection
Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection

PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow (Metasploit)
PCMan FTP Server 2.0.7 - 'RENAME' Command Buffer Overflow (Metasploit)

Joomla! Extension SecurityCheck 2.8.9 - Multiple Vulnerabilities
Joomla! Component 'SecurityCheck' 2.8.9 - Multiple Vulnerabilities

Joomla! Extension PayPlans (com_payplans) 3.3.6 - SQL Injection
Joomla! Component 'com_payplans' 3.3.6 - SQL Injection

Joomla! Component En Masse (com_enmasse) 5.1 < 6.4 - SQL Injection
Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection

Joomla! Component BT Media (com_bt_media) - SQL Injection
Joomla! Component 'com_bt_media' - SQL Injection

Joomla! Component Publisher Pro (com_publisher) - SQL Injection
Joomla! Component 'com_publisher' - SQL Injection
Joomla! Component Guru Pro (com_guru) - SQL Injection
PCMAN FTP 2.0.7 - ls Command Buffer Overflow (Metasploit)
Joomla! Component 'com_guru' - SQL Injection
PCMAN FTP Server 2.0.7 - 'ls' Command Buffer Overflow (Metasploit)
Microsoft GDI+ - DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Microsoft GDI+ - ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft GDI+ - EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)
Microsoft Windows - GDI+ DecodeCompressedRLEBitmap Invalid Pointer Arithmetic Out-of-Bounds Write (MS16-097)
Microsoft Windows - GDI+ ValidateBitmapInfo Invalid Pointer Arithmetic Out-of-Bounds Reads (MS16-097)
Microsoft Windows - GDI+ EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA Heap Based Buffer Overflow (MS16-097)

Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)
Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)

freeFTPd 1.0.8 - 'mkd' Command Denial Of Service

Micro Focus Rumba 9.4 - Local Denial Of Service
Micro Focus Rumba 9.3 - ActiveX Stack Buffer Overflow
S9Y Serendipity 2.0.4 - Cross-Site Scripting
Rumba FTP Client 4.x - Stack buffer overflow (SEH)
Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free
OS X/iOS Kernel - IOSurface Use-After-Free
OS X/iOS - mach_ports_register Multiple Memory Safety Issues
NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation
NVIDIA Driver - Escape Code Leaks Uninitialised ExAllocatePoolWithTag Memory to Userspace
NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x700010d
NVIDIA Driver - No Bounds Checking in Escape 0x7000194
NVIDIA Driver - Unchecked Write to User-Provided Pointer in Escape 0x600000D
NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation
NVIDIA Driver - Escape 0x100010b Missing Bounds Check
NVIDIA Driver - No Bounds Checking in Escape 0x7000170
NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027
NVIDIA Driver - Incorrect Bounds Check in Escape 0x70001b2
NVIDIA Driver - Missing Bounds Check in Escape 0x100009a
NVIDIA Driver - Missing Bounds Check in Escape 0x70000d5
NVIDIA Driver - Stack Buffer Overflow in Escape 0x7000014
NVIDIA Driver - Stack Buffer Overflow in Escape 0x10000e9
MacOS 10.12 - 'task_t' Privilege Escalation
PCMAN FTP Server 2.0.7 - 'DELETE' Command Buffer Overflow

2016-11-01 05:01:18 +00:00

2 commits