bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
1241 commits 1 branch 0 tags 351 MiB
Commit graph

11 commits

Author SHA1 Message Date
Offensive Security
2907a841a7 DB: 2017-05-24 
9 new exploits

Apple iOS/macOS - Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver
Apple iOS/macOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]
Apple iOS/macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in 'TIKeyboardLayout initWithCoder:'
Apple iOS/macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in 'CAMediaTimingFunctionBuiltin'
Apple iOS/macOS Kernel - Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization
Apple iOS/macOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOS - Local Privilege Escalation Due to Lack of Bounds Checking in HIServices Custom CFObject Serialization

KDE 4/5 - 'KAuth' Privilege Escalation

VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
 2017-05-24 05:01:19 +00:00
Offensive Security
bc7f6091d4 DB: 2017-05-23 
4 new exploits

Apple macOS - '32-bit syscall exit' Kernel Register Leak
Apple macOS - 'stackshot' Raw Frame Pointers
Linux Kernel 4.11 - eBPF Verifier Log Leaks Lower Half of map Pointer

VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation

Joomla! 3.7.0 - 'com_fields' SQL Injection
Joomla! 3.7.0 - 'com_fields' SQL Injection (PoC)
 2017-05-23 05:01:15 +00:00
Offensive Security
8f3ada9286 DB: 2017-05-05 
3 new exploits

Internet Explorer 11 - CMarkup::DestroySplayTree Use-After-Free
Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free

Safari 10.0.3 - 'JSC::CachedCall' Use-After-Free

WordPress 2.6.1 - (SQL Column Truncation) Admin Takeover Exploit
WordPress 2.6.1 - SQL Column Truncation Admin Takeover Exploit

WordPress Core & Plugins - Privileges Unchecked in admin.php / Multiple Information
WordPress Core & MU & Plugins - Privileges Unchecked in 'admin.php' / Multiple Information Disclosures

WordPress 2.8.1 - (url) Cross-Site Scripting
WordPress 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 NS8.1)
WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-comments-post.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-feed.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - wp-trackback.php Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-comments-post.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-feed.php' Remote File Inclusion
Joomla! Plugin JD-WordPress 2.0-1.0 RC2 - 'wp-trackback.php' Remote File Inclusion

WordPress 2.x - PHP_Self Cross-Site Scripting
WordPress < 2.1.2  - PHP_Self Cross-Site Scripting

WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection
WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection
WordPress 4.6 - Unauthenticated Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
 2017-05-05 05:01:18 +00:00
Offensive Security
4aa75d9fe9 DB: 2017-05-02 
5 new exploits

MySQL <= 5.6.35 / <= 5.7.17 - Integer Overflow
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Privilege Escalation
HideMyAss Pro VPN Client for macOS 3.x - Privilege Escalation
Alerton Webtalk 2.5 / 3.3 - Multiple Vulnerabilities
Tuleap Project Wiki 8.3 <= 9.6.99.86 - Command Injection
 2017-05-02 05:01:18 +00:00
Offensive Security
2ac6fc17c2 DB: 2017-04-13 
3 new exploits

Solaris 7 - 11 (x86 & SPARC) - 'EXTREMEPARR' dtappgather Privilege Escalation

Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution

D-Link DWR-116 / DWR-116A1 - Arbitrary File Download
 2017-04-13 05:01:16 +00:00
Offensive Security
814ba132f8 DB: 2017-04-12 
18 new exploits

Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free
Apple WebKit - 'Document::adoptNode' Use-After-Free
Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow
Proxifier for Mac 2.18 - Multiple Vulnerabilities
Proxifier for Mac 2.17 / 2.18 - Privesc Escalation
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout

Quest Privilege Manager 6.0.0 - Arbitrary File Write
Adobe Multiple Products - XML Injection File Content Disclosure
MyClassifiedScript 5.1 - SQL Injection
Social Directory Script 2.0 - SQL Injection
FAQ Script 3.1.3 - 'category_id' Parameter SQL Injection
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Brother MFC-J6520DW - Authentication Bypass / Password Change
Horde Groupware Webmail 3 / 4 / 5 - Multiple Remote Code Execution
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element
 2017-04-12 05:01:16 +00:00
Offensive Security
6624e39c26 DB: 2017-04-05 
31 new exploits

macOS/iOS Kernel 10.12.3 (16D32) - 'bpf' Heap Overflow

macOS/iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption

macOS Kernel 10.12.2 (16C67) - Memory Disclosure Due to Lack of Bounds Checking in AppleIntelCapriController::getDisplayPipeCapability
macOS Kernel 10.12.3 (16D32) - Use-After-Free Due to Double-Release in posix_spawn
macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking
macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption
macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free

macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking
Broadcom Wi-Fi SoC - Heap Overflow in _wlc_tdls_cal_mic_chk_ Due to Large RSN IE in TDLS Setup Confirm Frame
Apple WebKit 10.0.2 - HTMLInputElement Use-After-Free
Apple WebKit - 'RenderLayer' Use-After-Free
Apple WebKit - Negative-Size memmove in HTMLFormElement
Apple WebKit - 'FormSubmission::create' Use-After-Free
Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free
Apple WebKit - 'table' Use-After-Free
Apple WebKit - 'WebCore::toJS' Use-After-Free

macOS/iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device

Bluecoat ASG 6.6/CAS 1.3 - Privilege Escalation (Metasploit)

Bluecoat ASG 6.6/CAS 1.3 - OS Command Injection (Metasploit)

Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit

SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)

Logsign 4.4.2 / 4.4.137 - Remote Command Injection (Metasploit)

Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow

Pixie 1.0.4 - Arbitrary File Upload
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting
Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion
Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting
Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting
Maian Uploader 4.0 - 'index.php' keywords Parameter Cross-Site Scripting
Maian Uploader 4.0 - admin/index.php keywords Parameter Cross-Site Scripting
Maian Uploader 4.0 - admin/inc/header.php Multiple Parameter Cross-Site Scripting
Maian Uploader 4.0 - 'keywords' Parameter Cross-Site Scripting
Maian Uploader 4.0 - 'index.php' Cross-Site Scripting
Maian Uploader 4.0 - 'header.php' Cross-Site Scripting
Maian Uploader 4.0 - 'user' Parameter SQL Injection
Maian Survey 1.1 - 'survey' Parameter SQL Injection
Maian Greetings 2.1 - 'cat' Parameter SQL Injection
 2017-04-05 05:01:18 +00:00
Offensive Security
438afbcaf8 DB: 2017-02-25 
12 new exploits

Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion
Joomla! Component JooDatabase 3.1.0 - SQL Injection
Joomla! Component JO Facebook Gallery 4.5 - SQL Injection
Joomla! Component AJAX Search for K2 2.2 - SQL Injection
Joomla! Component Community Surveys 4.3 - SQL Injection
Joomla! Component Community Polls 4.5.0 - SQL Injection
Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting
Joomla! Component GPS Tools 4.0.1 - SQL Injection
Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass
Joomla! Component Community Quiz 4.3.5 - SQL Injection
Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting
memcache-viewer - Cross-Site Scripting
 2017-02-25 05:01:19 +00:00
Offensive Security
3710b90d25 DB: 2017-02-24 
6 new exploits

macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read

Linux/x86-64 - Egghunter Shellcode (38 bytes)
WordPress Plugin Mail Masta 1.0 - SQL Injection
Joomla! Component Store for K2 3.8.2 - SQL Injection
Joomla! Component UserExtranet 1.3.1 - SQL Injection
Joomla! Component MultiTier 3.1 - SQL Injection
 2017-02-24 05:01:18 +00:00
Offensive Security
26b1e8b6ad DB: 2016-12-23 
10 new exploits

Microsoft Internet Explorer 11 - MSHTML CPaste­Command::Convert­Bitmapto­Png Heap-Based Buffer Overflow (MS14-056)

Microsoft Internet Explorer 11 MSHTML - CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
Microsoft Internet Explorer 11 - MSHTML CSplice­Tree­Engine::Remove­Splice Use-After-Free (MS14-035)
macOS 10.12.1 Kernel - Writable Privileged IOKit Registry Properties Code Execution
macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free
macOS < 10.12.2 / iOS < 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation
Vesta Control Panel 0.9.8-16 - Local Privilege Escalation
macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free
macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

PHP iCalendar 2.21 - (publish.ical.php) Remote Code Execution
PHP iCalendar 2.21 - 'publish.ical.php' Remote Code Execution

CzarNews 1.14 - (tpath) Remote File Inclusion
CzarNews 1.14 - 'tpath' Parameter Remote File Inclusion

N/X WCMS 4.1 - (nxheader.inc.php) Remote File Inclusion
N/X WCMS 4.1 - 'nxheader.inc.php' Remote File Inclusion

Powies pForum 1.29a - (editpoll.php) SQL Injection
Powies pForum 1.29a - 'editpoll.php' SQL Injection

AssetMan 2.4a - (download_pdf.php) Remote File Disclosure
AssetMan 2.4a - 'download_pdf.php' Remote File Disclosure

Orion-Blog 2.0 - (AdminBlogNewsEdit.asp) Remote Authentication Bypass
Orion-Blog 2.0 - Remote Authentication Bypass

Ol BookMarks Manager 0.7.4 - (root) Remote File Inclusion
Ol BookMarks Manager 0.7.4 - 'root' Parameter Remote File Inclusion

AdminBot 9.0.5 - (live_status.lib.php ROOT) Remote File Inclusion
AdminBot 9.0.5 - 'live_status.lib.php' Remote File Inclusion

WSN Links Basic Edition - (displaycat catid) SQL Injection
WSN Links Basic Edition - 'catid' Parameter SQL Injection

phpRealty 0.02 - (MGR) Multiple Remote File Inclusion
phpRealty 0.02 - 'MGR' Parameter Multiple Remote File Inclusion
jPORTAL 2 - mailer.php SQL Injection
jPORTAL 2.3.1 - articles.php SQL Injection
jPORTAL 2 - 'mailer.php' SQL Injection
jPORTAL 2.3.1 - 'articles.php' SQL Injection

AvailScript Jobs Portal Script - Authenticated (jid) SQL Injection
AvailScript Jobs Portal Script - 'jid' Parameter SQL Injection

PhpWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion
PHPWebGallery 1.3.4 - Cross-Site Scripting / Local File Inclusion

D-iscussion Board 3.01 - (topic) Local File Inclusion
D-iscussion Board 3.01 - 'topic' Parameter Local File Inclusion

PhpWebGallery 1.3.4 - Blind SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
PhpWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - (showprofil.php id) SQL Injection
WebPortal CMS 0.7.4 - (download.php aid) SQL Injection
iBoutique 4.0 - (cat) SQL Injection
SkaLinks 1.5 - (register.php) Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' SQL Injection
PHPWebGallery 1.3.4 - Blind SQL Injection
pForum 1.30 - 'showprofil.php' SQL Injection
WebPortal CMS 0.7.4 - 'download.php' SQL Injection
iBoutique 4.0 - 'cat' Parameter SQL Injection
SkaLinks 1.5 - 'register.php' Arbitrary Add Editor
vbLOGIX Tutorial Script 1.0 - 'cat_id' Parameter SQL Injection

pLink 2.07 - (linkto.php id) Blind SQL Injection
pLink 2.07 - 'linkto.php' Blind SQL Injection

FoT Video scripti 1.1b - (oyun) SQL Injection
FoT Video scripti 1.1b - 'oyun' Parameter SQL Injection

Pre Real Estate Listings - 'search.php c' SQL Injection
Pre Real Estate Listings - 'search.php' SQL Injection

iScripts EasyIndex - (produid) SQL Injection
iScripts EasyIndex - 'produid' Parameter SQL Injection
Hotel Reservation System - 'city.asp city' Blind SQL Injection
phpRealty 0.3 - (INC) Remote File Inclusion
PHP Crawler 0.8 - (footer) Remote File Inclusion
Technote 7 - (shop_this_skin_path) Remote File Inclusion
Hotel Reservation System - 'city.asp' Blind SQL Injection
phpRealty 0.3 - 'INC' Parameter Remote File Inclusion
PHP Crawler 0.8 - Remote File Inclusion
Technote 7 - 'shop_this_skin_path' Parameter Remote File Inclusion
E-PHP CMS - 'article.php es_id' SQL Injection
addalink 4 - 'category_id' SQL Injection
ProArcadeScript 1.3 - (random) SQL Injection
CYASK 3.x - (collect.php neturl) Local File Disclosure
Diesel Joke Site - 'picture_category.php id' SQL Injection
ProActive CMS - 'template' Local File Inclusion
E-PHP CMS - 'article.php' SQL Injection
addalink 4 - 'category_id' Parameter SQL Injection
ProArcadeScript 1.3 - 'random' Parameter SQL Injection
CYASK 3.x - 'neturl' Parameter Local File Disclosure
Diesel Joke Site - 'picture_category.php' SQL Injection
ProActive CMS - 'template' Parameter Local File Inclusion
Diesel Pay Script - (area) SQL Injection
Plaincart 1.1.2 - (p) SQL Injection
Oceandir 2.9 - (show_vote.php id) SQL Injection
jPORTAL 2 - 'humor.php id' SQL Injection
Diesel Pay Script - 'area' Parameter SQL Injection
Plaincart 1.1.2 - 'p' Parameter SQL Injection
Oceandir 2.9 - 'show_vote.php' SQL Injection
jPORTAL 2 - 'humor.php' SQL Injection

Diesel Job Site - (job_id) Blind SQL Injection
Diesel Job Site - 'job_id' Parameter Blind SQL Injection

e107 Plugin Image Gallery 0.9.6.2 - (image) SQL Injection
e107 Plugin Image Gallery 0.9.6.2 - SQL Injection

WSN Links 2.22/2.23 - (vote.php) SQL Injection
WSN Links 2.22/2.23 - 'vote.php' SQL Injection
BuzzyWall 1.3.1 - (search.php search) SQL Injection
WCMS 1.0b - (news_detail.asp id) SQL Injection
BuzzyWall 1.3.1 - 'search' Parameter SQL Injection
WCMS 1.0b - 'news_detail.asp' SQL Injection

OpenElec 3.01 - (form.php obj) Local File Inclusion
OpenElec 3.01 - 'obj' Parameter Local File Inclusion
basebuilder 2.0.1 - (main.inc.php) Remote File Inclusion
Fez 1.3/2.0 RC1 - (list.php) SQL Injection
basebuilder 2.0.1 - 'main.inc.php' Remote File Inclusion
Fez 1.3/2.0 RC1 - 'list.php' SQL Injection
OpenRat 0.8-beta4 - (tpl_dir) Remote File Inclusion
Sofi WebGui 0.6.3 PRE - (mod_dir) Remote File Inclusion
OpenRat 0.8-beta4 - 'tpl_dir' Parameter Remote File Inclusion
Sofi WebGui 0.6.3 PRE - 'mod_dir' Parameter Remote File Inclusion

JETIK-WEB Software - 'sayfa.php kat' SQL Injection
JETIK-WEB Software - 'kat' Parameter SQL Injection
WebPortal CMS 0.7.4 - (code) Remote Code Execution
HotScripts Clone - 'cid' SQL Injection
WebPortal CMS 0.7.4 - 'code' Parameter Remote Code Execution
HotScripts Clone - 'cid' Parameter SQL Injection
emergecolab 1.0 - (sitecode) Local File Inclusion
mailwatch 1.0.4 - (docs.php doc) Local File Inclusion
PHPcounter 1.3.2 - (defs.php l) Local File Inclusion
emergecolab 1.0 - 'sitecode' Parameter Local File Inclusion
mailwatch 1.0.4 - 'doc' Parameter Local File Inclusion
PHPcounter 1.3.2 - 'defs.php' Local File Inclusion

webcp 0.5.7 - (filelocation) Remote File Disclosure
webcp 0.5.7 - 'filelocation' Parameter Remote File Disclosure
LanSuite 3.3.2 - (design) Local File Inclusion
PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion
Vikingboard 0.2 Beta - (task) Local File Inclusion
LanSuite 3.3.2 - 'design' Parameter Local File Inclusion
PHPOCS 0.1-beta3 - 'act' Parameter Local File Inclusion
Vikingboard 0.2 Beta - 'task' Parameter Local File Inclusion

barcodegen 2.0.0 - (class_dir) Remote File Inclusion
barcodegen 2.0.0 - 'class_dir' Parameter Remote File Inclusion

PHPcounter 1.3.2 - (index.php name) SQL Injection
PHPcounter 1.3.2 - 'index.php' SQL Injection

PhpWebGallery 1.7.2 - Session Hijacking / Code Execution
PHPWebGallery 1.7.2 - Session Hijacking / Code Execution

BuzzyWall 1.3.1 - (download id) Remote File Disclosure
BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure

Pre Real Estate Listings - (Authentication Bypass) SQL Injection
Pre Real Estate Listings - Authentication Bypass

Netartmedia Real Estate Portal 1.2 - (ad_id) SQL Injection
Netartmedia Real Estate Portal 1.2 - 'ad_id' Parameter SQL Injection

SkaLinks 1.5 - (Authentication Bypass) SQL Injection
SkaLinks 1.5 - Authentication Bypass

diesel job site 1.4 - Multiple Vulnerabilities
Diesel Job Site 1.4 - Multiple Vulnerabilities

ProArcadeScript to Game - (game) SQL Injection
ProArcadeScript to Game - SQL Injection

Link Bid Script - 'links.php id' SQL Injection
Link Bid Script - 'links.php' SQL Injection

NetArt Media iBoutique 4.0 - (index.php key Parameter) SQL Injection
iBoutique 4.0 - 'key' Parameter SQL Injection

PHPForum 2.0 RC1 - Mainfile.php Remote File Inclusion
PHPForum 2.0 RC1 - 'Mainfile.php' Remote File Inclusion

JPortal 2.2.1 - print.php SQL Injection
jPORTAL 2.2.1 - 'print.php' SQL Injection

CzarNews 1.13/1.14 - headlines.php Remote File Inclusion
CzarNews 1.13/1.14 - 'headlines.php' Remote File Inclusion

JPortal 2.3.1 - Banner.php SQL Injection
jPORTAL 2.3.1 - 'Banner.php' SQL Injection

CJ Ultra Plus 1.0.3/1.0.4 - OUT.php SQL Injection
CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection

JPortal 2.2.1/2.3.1 - download.php SQL Injection
jPORTAL 2.2.1/2.3.1 - 'download.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - comment.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - news.php id Parameter SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection
JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection

PHPWCMS 1.2.5 -DEV - random_image.php imgdir Parameter Traversal Arbitrary File Access
PHPWCMS 1.2.5 -DEV - 'imgdir' Parameter Traversal Arbitrary File Access

JPortal 2.2.1/2.3 Forum - forum.php SQL Injection
jPORTAL 2.2.1/2.3 Forum - 'forum.php' SQL Injection

Diesel Joke Site - Category.php SQL Injection
Diesel Joke Site - 'Category.php' SQL Injection
TinyPHPForum 3.6 - error.php Information Disclosure
TinyPHPForum 3.6 - UpdatePF.php Authentication Bypass
TinyPHPForum 3.6 - 'error.php' Information Disclosure
TinyPHPForum 3.6 - 'UpdatePF.php' Authentication Bypass
Vikingboard Viking board 0.1b - help.php act Parameter Cross-Site Scripting
Vikingboard Viking board 0.1b - report.php p Parameter Cross-Site Scripting
Vikingboard 0.1 - topic.php SQL Injection
Vikingboard 0.1b - 'help.php' Cross-Site Scripting
Vikingboard 0.1b - 'report.php' Cross-Site Scripting
Vikingboard 0.1 - 'topic.php' SQL Injection
PHP iCalendar 1.1/2.x - day.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - month.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - year.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - week.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - search.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - rss/index.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - print.php getdate Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - preferences.php Multiple Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'day.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'month.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'year.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'week.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'search.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'getdate' Parameter Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'print.php' Cross-Site Scripting
PHP iCalendar 1.1/2.x - 'preferences.php' Cross-Site Scripting
Vikingboard Viking board 0.1.2 - cp.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - user.php u Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - post.php Multiple Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - topic.php s Parameter Cross-Site Scripting
Vikingboard Viking board 0.1.2 - forum.php debug Variable Information Disclosure
Vikingboard Viking board 0.1.2 - cp.php debug Variable Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'user.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'post.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'topic.php' Cross-Site Scripting
Vikingboard 0.1.2 - 'forum.php' Information Disclosure
Vikingboard 0.1.2 - 'cp.php' Information Disclosure
PaysiteReviewCMS 1.1 - search.php q Parameter Cross-Site Scripting
PaysiteReviewCMS - image.php image Parameter Cross-Site Scripting
PaysiteReviewCMS 1.1 - 'search.php' Cross-Site Scripting
PaysiteReviewCMS - 'image.php' Cross-Site Scripting

BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure
 2016-12-23 05:01:18 +00:00
Offensive Security
c27aa131c8 DB: 2016-11-15 
5 new exploits

MyServer 0.8.11 - (204 No Content) error Remote Denial of Service
MyServer 0.8.11 - '204 No Content' error Remote Denial of Service

Microsoft Internet Explorer 11 MSHTML - CMap­Element::Notify Use-After-Free (MS15-009)

Microsoft Internet Explorer 9-11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 9<11 MSHTML - PROPERTYDESC::Handle­Style­Component­Property Out-of-Bounds Read (MS16-104)

MySQL 4.0.17 - UDF Dynamic Library Exploit
MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1)

MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Privilege Escalation
MySQL 4.x/5.0 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (2)

Solaris 8 / 9 - (/usr/ucb/ps) Local Information Leak Exploit
Solaris 8 / 9 - '/usr/ucb/ps' Local Information Leak Exploit

Solaris 10 (libnspr) - Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)

Solaris 10 (libnspr) - LD_PRELOAD Arbitrary File Creation Privilege Escalation
Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (2)

Solaris 10 (libnspr) - Constructor Privilege Escalation
Solaris 10 libnspr - 'Constructor' Arbitrary File Creation Privilege Escalation (3)

IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug
IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

Apple MacOS 10.12 - 'task_t' Privilege Escalation
Apple macOS 10.12 - 'task_t' Privilege Escalation

Linux Kernel 2.6.x < 2.6.7-rc3 - 'sys_chown()' Privilege Escalation
Solaris 8/9 ps - Environment Variable Information Leak
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation
Solaris 7/8/9 CDE libDtHelp - Buffer Overflow Non-Exec Stack Privilege Escalation
Solaris 8/9 passwd(1) - 'circ()' Stack-Based Buffer Overflow Privilege Escalation
Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)

Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - /bin/login Buffer Overflow
Solaris 2.5.1/2.6/7/8 rlogin (SPARC) - '/bin/login' Buffer Overflow

Oracle 9i / 10g (extproc) - Local+Remote Command Execution
Oracle 9i / 10g (extproc) - Local / Remote Command Execution

Solaris/SPARC 2.5.1/2.6/7/8 - Derived 'login' Buffer Overflow

Microsoft Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
Disk Pulse Enterprise - Login Buffer Overflow' (Metasploit)

MiniNuke 1.8.2 - (news.asp hid) SQL Injection
MiniNuke 1.8.2 - 'hid' Parameter SQL Injection

MiniNuke 1.8.2b - (pages.asp) SQL Injection
MiniNuke 1.8.2b - 'pages.asp' SQL Injection

MiniNuke 2.x - (create an admin) SQL Injection
MiniNuke 2.x - SQL Injection (Add Admin)

Nukedit CMS 4.9.6 - Unauthorized Admin Add Exploit
Nukedit CMS 4.9.6 - Unauthorized Admin Add

Portail Web PHP 2.5.1 - (includes.php) Remote File Inclusion
Portail Web PHP 2.5.1 - 'includes.php' Remote File Inclusion
CodeBreak 1.1.2 - (codebreak.php) Remote File Inclusion
Mambo Module Weather - 'absolute_path' Remote File Inclusion
CodeBreak 1.1.2 - 'codebreak.php' Remote File Inclusion
Mambo Module Weather - 'absolute_path' Parameter Remote File Inclusion

mxBB Module MX Shotcast 1.0 RC2 - (getinfo1.php) Remote File Inclusion
mxBB Module MX Shotcast 1.0 RC2 - 'getinfo1.php' Remote File Inclusion

RicarGBooK 1.2.1 - (header.php lang) Local File Inclusion
RicarGBooK 1.2.1 - 'lang' Parameter Local File Inclusion

BlogPHP 2 - 'id' Cross-Site Scripting / SQL Injection
BlogPHP 2 - 'id' Parameter Cross-Site Scripting / SQL Injection
MultiCart 2.0 - (productdetails.php) SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' SQL Injection
PHP-Nuke Module Siir - 'id' SQL Injection
MultiCart 2.0 - 'productdetails.php' SQL Injection
PHP-Nuke Modules Manuales 0.1 - 'cid' Parameter SQL Injection
PHP-Nuke Module Siir - 'id' Parameter SQL Injection
OSSIM 0.9.9rc5 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
PHP-Nuke Module NukeC 2.1 - (id_catg) SQL Injection
OSSIM 0.9.9rc5 - Cross-Site Scripting / SQL Injection
PHP-Nuke Module NukeC 2.1 - 'id_catg' Parameter SQL Injection

PHPProfiles 4.5.2 Beta - (body_comm.inc.php) Remote File Inclusion
PHPProfiles 4.5.2 Beta - 'body_comm.inc.php' Remote File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Local File Inclusion
PHPUserBase 1.3b - (unverified.inc.php) Remote File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Local File Inclusion
PHPUserBase 1.3b - 'unverified.inc.php' Remote File Inclusion
PHP-Nuke Module Kose_Yazilari - (artid) SQL Injection
MiniNuke 2.1 - (members.asp uid) SQL Injection
PHP-Nuke Module Kose_Yazilari - 'artid' Parameter SQL Injection
MiniNuke 2.1 - 'uid' Parameter SQL Injection
Nukedit 4.9.x - Remote Create Admin Exploit
WordPress Plugin Sniplets 1.1.2 - (Remote File Inclusion / Cross-Site Scripting / Remote Code Execution) Multiple Vulnerabilities
Mambo Component SimpleBoard 1.0.3 - 'catid' SQL Injection
Nukedit 4.9.x - Remote Create Admin
WordPress Plugin Sniplets 1.1.2 - Remote File Inclusion / Cross-Site Scripting / Remote Code Execution
Mambo Component SimpleBoard 1.0.3 - 'catid' Parameter SQL Injection
GROUP-E 1.6.41 - (head_auth.php) Remote File Inclusion
Koobi Pro 5.7 - (categ) SQL Injection
GROUP-E 1.6.41 - 'head_auth.php' Remote File Inclusion
Dream4 Koobi Pro 5.7 - 'categ' Parameter SQL Injection
barryvan compo manager 0.5pre-1 - Remote File Inclusion
PHP-Nuke My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - (get_image.php) Remote File Disclosure
Koobi CMS 4.3.0 < 4.2.3 - (categ) SQL Injection
Barryvan Compo Manager 0.3 - Remote File Inclusion
PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
Centreon 1.4.2.3 - 'get_image.php' Remote File Disclosure
Dream4 Koobi CMS 4.3.0 < 4.2.3 - 'categ' Parameter SQL Injection
Koobi Pro 6.25 - links SQL Injection
Koobi Pro 6.25 - shop SQL Injection
Koobi Pro 6.25 - gallery SQL Injection
Koobi Pro 6.25 - showimages SQL Injection
Koobi 4.4/5.4 - gallery SQL Injection
Dream4 Koobi Pro 6.25 Links - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Shop - 'categ' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Gallery - 'galid' Parameter SQL Injection
Dream4 Koobi Pro 6.25 Showimages - 'galid' Parameter SQL Injection
Dream4 Koobi 4.4/5.4 - gallery SQL Injection
Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Koobi Pro 6.25 - poll SQL Injection
Dream4 Koobi CMS 4.2.4/4.2.5/4.3.0 - Multiple SQL Injections
Dream4 Koobi Pro 6.25 Poll - 'poll_id' Parameter SQL Injection

Podcast Generator 1.2 - GLOBALS[] Multiple Vulnerabilities
Podcast Generator 1.2 - 'GLOBALS[]' Multiple Vulnerabilities

DBHCMS Web Content Management System 1.1.4 - Remote File Inclusion
DBHcms 1.1.4 - Remote File Inclusion

Koobi Pro 6.1 - Gallery (img_id)
Dream4 Koobi Pro 6.1 Gallery - 'img_id' Parameter SQL Injection

dbhcms 1.1.4 - Persistent Cross-Site Scripting
DBHcms 1.1.4 - Persistent Cross-Site Scripting

DBHcms 1.1.4 (dbhcms_user and SearchString) - SQL Injection
DBHcms 1.1.4 - 'dbhcms_user/SearchString' Parameter SQL Injection

podcast generator 1.3 - Multiple Vulnerabilities
Podcast Generator 1.3 - Multiple Vulnerabilities

PHP Download Manager 1.1.x - files.php SQL Injection
PHP Download Manager 1.1.x - 'files.php' SQL Injection

Koobi 5.0 - BBCode URL Tag Script Injection
Dream4 Koobi 5.0 - BBCode URL Tag Script Injection

Koobi Pro 5.6 - showtopic Module toid Parameter Cross-Site Scripting
Koobi Pro 5.6 - showtopic Module toid Parameter SQL Injection
Dream4 Koobi Pro 5.6 - 'showtopic' Parameter SQL Injection
Portail Web PHP 2.5.1 - config/conf-activation.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - menu/item.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - modules/conf_modules.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - system/login.php site_path Parameter Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf-activation.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'item.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'conf_modules.php' Remote File Inclusion
Portail Web PHP 2.5.1 - 'login.php' Remote File Inclusion

Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting

Barryvan Compo Manager 0.3 - 'main.php' Remote File Inclusion

Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities

DrBenHur.com DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion
DBHcms 1.1.4 - 'dbhcms_core_dir' Parameter Remote File Inclusion

Boonex Dolphin 7.3.2 - Authentication Bypass / Remote Code Execution
 2016-11-15 05:01:20 +00:00