exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	b3a7c78388	DB: 2016-11-25 4 new exploits Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC) Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC) Remote Utilities Host 6.3 - Denial of Service Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) GNU Wget < 1.18 - Access List Bypass / Race Condition miniBB - 'user' Input Validation Hole MiniBB 1.7f - 'user' Parameter SQL Injection TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection miniBB 2.1 - (table) SQL Injection MiniBB 2.1 - 'table' Parameter SQL Injection Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure Apartment Search Script - 'listtest.php r' SQL Injection XOOPS Module Recipe - 'detail.php id' SQL Injection Aterr 0.9.1 - (class) Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection Apartment Search Script - 'listtest.php' SQL Injection XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection Aterr 0.9.1 - Local File Inclusion (PHP5) W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection KubeLance 1.6.4 - (ipn.php i) Local File Inclusion acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - (view.asp id) SQL Injection Crazy Goomba 1.2.1 - 'id' SQL Injection RedDot CMS 7.5 - (LngId) SQL Injection TR News 2.1 - (nb) SQL Injection KubeLance 1.6.4 - 'ipn.php' Local File Inclusion Acidcat CMS 3.4.1 - Multiple Vulnerabilities BlogWorx 1.0 - 'id' Parameter SQL Injection Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection RedDot CMS 7.5 - 'LngId' Parameter SQL Injection TR News 2.1 - 'nb' Parameter SQL Injection E RESERV 2.1 - (index.php ID_loc) SQL Injection Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection E RESERV 2.1 - 'index.php' SQL Injection Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities PostNuke Module PostSchedule - (eid) SQL Injection MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting PHP Forge 3 Beta 2 - 'id' SQL Injection PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities Jokes Site Script - 'jokes.php?catagorie' SQL Injection FluentCMS - 'view.php sid' SQL Injection megabbs forum 2.2 - SQL Injection / Cross-Site Scripting Jokes Site Script - 'jokes.php' SQL Injection FluentCMS - 'view.php' SQL Injection Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection Softbiz Web Host Directory Script (host_id) - SQL Injection Joovili 3.1 - (browse.videos.php category) SQL Injection Prozilla Hosting Index - 'cat_id' Parameter SQL Injection Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection Joovili 3.1 - 'browse.videos.php' SQL Injection w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting Prozilla Hosting Index - 'id' SQL Injection Prozilla Hosting Index - 'id' Parameter SQL Injection web Calendar system 3.12/3.30 - Multiple Vulnerabilities Web Calendar System 3.12/3.30 - Multiple Vulnerabilities Web Calendar 4.1 - (Authentication Bypass) SQL Injection Web Calendar 4.1 - Authentication Bypass web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection KubeLance - 'profile.php?id' SQL Injection KubeLance 1.7.6 - 'profile.php' SQL Injection Clever Copy 2.0 - calendar.php Cross-Site Scripting Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting Clever Copy 2.0 - 'results.php' Cross-Site Scripting Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure ODFaq 2.1 - faq.php SQL Injection ODFaq 2.1 - 'faq.php' SQL Injection MiniBB 1.5 - news.php Remote File Inclusion MiniBB 1.5 - 'news.php' Remote File Inclusion W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting W1L3D4 philboard 0.3 - Cross-Site Scripting Proverbs Web Calendar 1.1 - Password Parameter SQL Injection Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection miniBB 3.1 - Blind SQL Injection MiniBB 3.1 - Blind SQL Injection Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting	2016-11-25 05:01:20 +00:00

Author

SHA1

Message

Date

Offensive Security

d304cc3d3e

DB: 2017-11-24

116602 new exploits

Too many to list!

2017-11-24 20:56:23 +00:00

Offensive Security

b3a7c78388

DB: 2016-11-25

4 new exploits

Groupwise 7.0 - (mailto: scheme) Buffer Overflow (PoC)
Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)

Remote Utilities Host 6.3 - Denial of Service

Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)

GNU Wget < 1.18 - Access List Bypass / Race Condition

miniBB - 'user' Input Validation Hole
MiniBB 1.7f - 'user' Parameter SQL Injection

TR Newsportal 0.36tr1 - (poll.php) Remote File Inclusion
TR Newsportal 0.36tr1 - 'poll.php' Remote File Inclusion

PHP Forge 3 Beta 2 - (cfg_racine) Remote File Inclusion
PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion

miniBB keyword_replacer 1.0 - (pathToFiles) File Inclusion
MiniBB keyword_replacer 1.0 - 'pathToFiles' Parameter File Inclusion

miniBB 2.0.2 - (bb_func_txt.php) Remote File Inclusion
MiniBB 2.0.2 - 'bb_func_txt.php' Remote File Inclusion

W1L3D4 philboard 0.2 - (W1L3D4_bolum.asp forumid) SQL Injection
W1L3D4 philboard 0.2 - 'W1L3D4_bolum.asp' SQL Injection

miniBB 2.1 - (table) SQL Injection
MiniBB 2.1 - 'table' Parameter SQL Injection

Joovili 3.0.6 - (joovili.images.php) Remote File Disclosure
Joovili 3.0.6 - 'joovili.images.php' Remote File Disclosure
Apartment Search Script - 'listtest.php r' SQL Injection
XOOPS Module Recipe - 'detail.php id' SQL Injection
Aterr 0.9.1 - (class) Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - (philboard_reply.asp) SQL Injection
Apartment Search Script - 'listtest.php' SQL Injection
XOOPS Module Recipe 2.2 - 'detail.php' SQL Injection
Aterr 0.9.1 - Local File Inclusion (PHP5)
W1L3D4 philboard 1.0 - 'philboard_reply.asp' SQL Injection
KubeLance 1.6.4 - (ipn.php i) Local File Inclusion
acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - (view.asp id) SQL Injection
Crazy Goomba 1.2.1 - 'id' SQL Injection
RedDot CMS 7.5 - (LngId) SQL Injection
TR News 2.1 - (nb) SQL Injection
KubeLance 1.6.4 - 'ipn.php' Local File Inclusion
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
BlogWorx 1.0 - 'id' Parameter SQL Injection
Crazy Goomba 1.2.1 - 'id' Parameter SQL Injection
RedDot CMS 7.5 - 'LngId' Parameter SQL Injection
TR News 2.1 - 'nb' Parameter SQL Injection
E RESERV 2.1 - (index.php ID_loc) SQL Injection
Joomla! Component Filiale 1.0.4 - (idFiliale) SQL Injection
E RESERV 2.1 - 'index.php' SQL Injection
Joomla! Component Filiale 1.0.4 - 'idFiliale' Parameter SQL Injection
minibb 2.2 - (Cross-Site Scripting / SQL Injection / Full Path Disclosure) Multiple Vulnerabilities
PostNuke Module PostSchedule - (eid) SQL Injection
MiniBB 2.2 - Cross-Site Scripting / SQL Injection / Full Path Disclosure
PostNuke Module PostSchedule 1.0 - 'eid' Parameter SQL Injection

Siteman 2.x - (Code Execution / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting

PHP Forge 3 Beta 2 - 'id' SQL Injection
PHP Forge 3 Beta 2 - 'id' Parameter SQL Injection
megabbs forum 2.2 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Jokes Site Script - 'jokes.php?catagorie' SQL Injection
FluentCMS - 'view.php sid' SQL Injection
megabbs forum 2.2 - SQL Injection / Cross-Site Scripting
Jokes Site Script - 'jokes.php' SQL Injection
FluentCMS - 'view.php' SQL Injection
Prozilla Hosting Index - 'Directory.php cat_id' SQL Injection
Softbiz Web Host Directory Script (host_id) - SQL Injection
Joovili 3.1 - (browse.videos.php category) SQL Injection
Prozilla Hosting Index - 'cat_id' Parameter SQL Injection
Softbiz Web Host Directory Script - 'host_id' Parameter SQL Injection
Joovili 3.1 - 'browse.videos.php' SQL Injection

w1l3d4 philboard 1.2 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
W1L3D4 philboard 1.2 - Blind SQL Injection / Cross-Site Scripting

apartment search script - (Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities
Apartment Search Script - Arbitrary File Upload / Cross-Site Scripting

Mini Web Calendar 1.2 - (File Disclosure / Cross-Site Scripting) Multiple Vulnerabilities
Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting

Prozilla Hosting Index - 'id' SQL Injection
Prozilla Hosting Index - 'id' Parameter SQL Injection

web Calendar system 3.12/3.30 - Multiple Vulnerabilities
Web Calendar System 3.12/3.30 - Multiple Vulnerabilities

Web Calendar 4.1 - (Authentication Bypass) SQL Injection
Web Calendar 4.1 - Authentication Bypass

web Calendar system 3.40 - (Cross-Site Scripting / SQL Injection) Multiple Vulnerabilities
Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection

KubeLance - 'profile.php?id' SQL Injection
KubeLance 1.7.6 - 'profile.php' SQL Injection

Clever Copy 2.0 - calendar.php Cross-Site Scripting
Clever Copy 2.0 - 'calendar.php' Cross-Site Scripting
Clever Copy 2.0 - results.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - categorysearch.php Multiple Parameter Cross-Site Scripting
Clever Copy 2.0 - 'results.php' Cross-Site Scripting
Clever Copy 2.0 - 'categorysearch.php' Cross-Site Scripting
Acidcat CMS 2.1.13 - default.asp ID Parameter SQL Injection
Acidcat CMS 2.1.13 - acidcat.mdb Remote Information Disclosure
Acidcat CMS 2.1.13 - 'ID' Parameter SQL Injection
Acidcat CMS 2.1.13 - 'acidcat.mdb' Remote Information Disclosure

ODFaq 2.1 - faq.php SQL Injection
ODFaq 2.1 - 'faq.php' SQL Injection

MiniBB 1.5 - news.php Remote File Inclusion
MiniBB 1.5 - 'news.php' Remote File Inclusion

W1L3D4 philboard 0.3 - W1L3D4_Aramasonuc.asp Cross-Site Scripting
W1L3D4 philboard 0.3 - Cross-Site Scripting

Proverbs Web Calendar 1.1 - Password Parameter SQL Injection
Proverbs Web Calendar 1.1 - 'Password' Parameter SQL Injection

Chimaera Project Aterr 0.9.1 - Multiple Local File Inclusion

miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting

miniBB RSS 2.0 Plugin - Multiple Remote File Inclusion
MiniBB RSS 2.0 Plugin - Multiple Remote File Inclusion

DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting

eZoneScripts Apartment Search Script - 'listtest.php' SQL Injection

miniBB 3.1 - Blind SQL Injection
MiniBB 3.1 - Blind SQL Injection

Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting

2016-11-25 05:01:20 +00:00

2 commits