exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	d304cc3d3e	DB: 2017-11-24 116602 new exploits Too many to list!	2017-11-24 20:56:23 +00:00
Offensive Security	d4e17b950d	DB: 2017-10-05 9 new exploits FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service) FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC) SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC) Minix 3.1.2a - tty panic Local Denial of Service Minix 3.1.2a - tty panic Remote Denial of Service Minix 3.1.2a - Local TTY Panic (Denial of Service) Minix 3.1.2a - Remote TTY Panic (Denial of Service) Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service) QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service) FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service) FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2) Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2) Apple Mac OSX < 10.6.7 - Kernel Panic Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service) genstat 14.1.0.5943 - Multiple Vulnerabilities GenStat 14.1.0.5943 - Multiple Vulnerabilities FreeBSD 3.0 - UNIX-domain Panic (Denial of Service) Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service) Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service) OpenBSD 5.5 - Local Kernel Panic OpenBSD 5.5 - Local Kernel Panic (Denial of Service) OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service) FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow) WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2) Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation FreeBSD TOP - Format String FreeBSD /usr/bin/top - Format String Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation Qpopper 4.0.8 (FreeBSD) - Privilege Escalation Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation FreeBSD 3.0 - UNIX-domain panic FreeBSD 3.5/4.x - top Format String FreeBSD 3.5/4.x /usr/bin/top - Format String OpenBSD 5.6 - Multiple Local Kernel Panics Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation DiskBoss Enterprise 8.4.16 - Local Buffer Overflow Microsoft Windows - RPC Locator Service Remote Exploit Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit Microsoft Windows - SMB Authentication Remote Exploit Microsoft Windows 2000/XP - SMB Authentication Remote Exploit Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit Winmail Mail Server 2.3 - Remote Format String Winmail Mail Server 2.3 Build 0402 - Remote Format String Linux eXtremail 1.5.x - Remote Format Strings Exploit eXtremail 1.5.x (Linux) - Remote Format Strings Exploit QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow Solaris 9 (UltraSPARC) - sadmind Remote Code Execution Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution Sun One WebServer 6.1 - JSP Source Viewing Sun One WebServer 6.1 - .JSP Source Viewing Solaris 7.0 - Recursive mutex_enter Panic MySQL - Windows Remote System Level Exploit (Stuxnet technique) MySQL - 'Stuxnet Technique' Windows Remote System Exploit vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit) vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit) vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit) ERS Data System 1.8.1 - Java Deserialization Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes) Linux/x86_64 - Kill All Processes Shellcode (19 bytes) Linux/x86_64 - Fork Bomb Shellcode (11 bytes) Linux/x86-64 - Kill All Processes Shellcode (19 bytes) Linux/x86-64 - Fork Bomb Shellcode (11 bytes) Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes) Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes) vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion Flatnuke 2.7.1 - (level) Privilege Escalation Flatnuke 2.7.1 - 'level' Privilege Escalation Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python) Cilem Haber 1.4.4 (Tr) - Database Disclosure Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion vtiger CRM 5.1.0 - Local File Inclusion vTiger CRM 5.1.0 - Local File Inclusion phpmychat plus 1.94 rc1 - Multiple Vulnerabilities template CMS 2.1.1 - Multiple Vulnerabilities phpmybittorrent 2.04 - Multiple Vulnerabilities phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities Template CMS 2.1.1 - Multiple Vulnerabilities phpMyBitTorrent 2.04 - Multiple Vulnerabilities vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting vtiger CRM 4.2 - SQL Injection vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting vTiger CRM 4.2 - SQL Injection DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities ITS SCADA 'Username' - SQL Injection ITS SCADA - 'Username' SQL Injection vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities Vtiger CRM 6.3.0 - Authenticated Remote Code Execution vTiger CRM 6.3.0 - Authenticated Remote Code Execution EPESI 1.8.2 rev20170830 - Cross-Site Scripting Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution ClipBucket 2.8.3 - Remote Code Execution	2017-10-05 05:01:29 +00:00

Author

SHA1

Message

Date

Offensive Security

d304cc3d3e

DB: 2017-11-24

116602 new exploits

Too many to list!

2017-11-24 20:56:23 +00:00

Offensive Security

d4e17b950d

DB: 2017-10-05

9 new exploits

FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service
FreeBSD 6.0 - 'nfsd' Remote Kernel Panic (Denial of Service)

FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service
FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service

SunOS 5.10 Sun Cluster - rpc.metad Denial of Service (PoC)
SunOS 5.10 Sun Cluster - 'rpc.metad' Denial of Service (PoC)
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - Local TTY Panic (Denial of Service)
Minix 3.1.2a - Remote TTY Panic (Denial of Service)

Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic Exploit
Linux Kernel < 2.4.36.9/2.6.27.5 - Unix Sockets Local Kernel Panic (Denial of Service)

QNX 6.4.0 - bitflipped elf binary 'id' Kernel Panic Exploit
QNX 6.4.0 - bitflipped ELF Binary 'id' Kernel Panic (Denial of Service)

FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.x - Dumping Environment Local Kernel Panic (Denial of Service)

FreeBSD and OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service
FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service

Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic Denial of Service (2)
Linux Kernel < 2.6.37-rc2 - 'TCP_MAXSEG' Kernel Panic (Denial of Service) (2)

Apple Mac OSX < 10.6.7 - Kernel Panic
Apple Mac OSX < 10.6.7 - Kernel Panic (Denial of Service)

genstat 14.1.0.5943 - Multiple Vulnerabilities
GenStat 14.1.0.5943 - Multiple Vulnerabilities

FreeBSD 3.0 - UNIX-domain Panic (Denial of Service)

Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)

Apple Mac OSX 10.2.2 - Directory Kernel Panic Denial of Service
Apple Mac OSX 10.2.2 - Directory Kernel Panic (Denial of Service)

OpenBSD 5.5 - Local Kernel Panic
OpenBSD 5.5 - Local Kernel Panic (Denial of Service)

OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)

FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow

Microsoft Windows Kernel - .win32k.sys TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)
Microsoft Windows Kernel - win32k.sys .TTF Font Processing Out-of-Bounds Read with Malformed 'glyf' Table (win32k!fsc_CalcGrayRow)

WebKit JSC - 'BytecodeGenerator::emitGetByVal' Incorrect Optimization (2)

Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation
Apple Mac OSX 10.2.4 - DirectoryService 'PATH' Privilege Escalation

FreeBSD TOP - Format String
FreeBSD /usr/bin/top - Format String

Qpopper 4.0.8 (FreeBSD) - (poppassd) Privilege Escalation
Qpopper 4.0.8 (FreeBSD) - Privilege Escalation

Sudo 1.6.9p18 - (Defaults setenv) Privilege Escalation
Sudo 1.6.9p18 - 'Defaults SetEnv' Privilege Escalation

FreeBSD 8.0 Run-Time Link-Editor (rtld) - Privilege Escalation
FreeBSD 8.0 Run-Time Link-Editor (RTLD) - Privilege Escalation

FreeBSD 3.0 - UNIX-domain panic

FreeBSD 3.5/4.x - top Format String
FreeBSD 3.5/4.x /usr/bin/top - Format String

OpenBSD 5.6 - Multiple Local Kernel Panics

Vm86 - Syscall Task Switch Kernel Panic / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation

DiskBoss Enterprise 8.4.16 - Local Buffer Overflow

Microsoft Windows - RPC Locator Service Remote Exploit
Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit

Microsoft Windows - SMB Authentication Remote Exploit
Microsoft Windows 2000/XP - SMB Authentication Remote Exploit

Webfroot Shoutbox < 2.32 - (Apache) Remote Exploit
Webfroot Shoutbox < 2.32 (Apache) - Remote Exploit

Winmail Mail Server 2.3 - Remote Format String
Winmail Mail Server 2.3 Build 0402 - Remote Format String

Linux eXtremail 1.5.x - Remote Format Strings Exploit
eXtremail 1.5.x (Linux) - Remote Format Strings Exploit

QBik WinGate WWW Proxy Server 6.1.1.1077 - (POST) Remote Buffer Overflow
QBik WinGate WWW Proxy Server 6.1.1.1077 - 'POST' Remote Buffer Overflow

Solaris 9 (UltraSPARC) - sadmind Remote Code Execution
Solaris 9 (UltraSPARC) - 'sadmind' Remote Code Execution

Sun One WebServer 6.1 - JSP Source Viewing
Sun One WebServer 6.1 - .JSP Source Viewing

Solaris 7.0 - Recursive mutex_enter Panic

MySQL - Windows Remote System Level Exploit (Stuxnet technique)
MySQL - 'Stuxnet Technique' Windows Remote System Exploit

vTigerCRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)
vTiger CRM 5.3.0 5.4.0 - Authenticated Remote Code Execution (Metasploit)

vTiger CRM SOAP AddEmailAttachment - Arbitrary File Upload (Metasploit)
vTiger CRM 5.4.0 SOAP - AddEmailAttachment Arbitrary File Upload (Metasploit)

ERS Data System 1.8.1 - Java Deserialization

Windows XP Professional SP3 (English) x86 - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Windows XP Professional SP3 x86 (English) - Add Local Administrator User (secuid0/m0nk) Shellcode (113 bytes)
Linux/x86_64 - Kill All Processes Shellcode (19 bytes)
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x86-64 - Kill All Processes Shellcode (19 bytes)
Linux/x86-64 - Fork Bomb Shellcode (11 bytes)

Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x86-64 - mkdir() 'evil' Shellcode (30 bytes)

vtiger CRM 4.2 - (calpath) Multiple Remote File Inclusion
vTiger CRM 4.2 - 'calpath' Multiple Remote File Inclusion

Flatnuke 2.7.1 - (level) Privilege Escalation
Flatnuke 2.7.1 - 'level' Privilege Escalation

Vtiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting

Cilem Haber 1.4.4 (Tr) - Database Disclosure (Python)
Cilem Haber 1.4.4 (Tr) - Database Disclosure

Vtiger CRM 5.0.4 - Unauthenticated Local File Inclusion
vTiger CRM 5.0.4 - Unauthenticated Local File Inclusion

vtiger CRM 5.1.0 - Local File Inclusion
vTiger CRM 5.1.0 - Local File Inclusion
phpmychat plus 1.94 rc1 - Multiple Vulnerabilities
template CMS 2.1.1 - Multiple Vulnerabilities
phpmybittorrent 2.04 - Multiple Vulnerabilities
phpMyChat Plus 1.94 RC1 - Multiple Vulnerabilities
Template CMS 2.1.1 - Multiple Vulnerabilities
phpMyBitTorrent 2.04 - Multiple Vulnerabilities
vtiger CRM 4.2 Leads Module - record Parameter Cross-Site Scripting
vtiger CRM 4.2 - (RSS Aggregation Module Feed) Cross-Site Scripting
vtiger CRM 4.2 - SQL Injection
vTiger CRM 4.2 Leads Module - 'record' Parameter Cross-Site Scripting
vTiger CRM 4.2 RSS Aggregation Module - Feed Cross-Site Scripting
vTiger CRM 4.2 - SQL Injection

DreamLevels Dream Poll 3.0 - View_Results.php SQL Injection
DreamLevels Dream Poll 3.0 - 'View_Results.php' SQL Injection

vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities

Vtiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.4.0 - 'index.php' 'onlyforuser' Parameter SQL Injection
osCommerce 2.2 - admin/orders_status.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_attributes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/orders_status.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_attributes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_manager.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/banner_statistics.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/countries.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/currencies.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/languages.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/manufacturers.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/products_expected.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/reviews.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/specials.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_purchased.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/stats_products_viewed.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_classes.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/tax_rates.php page Parameter Cross-Site Scripting
osCommerce 2.2 - admin/zones.php page Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_manager.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/banner_statistics.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/countries.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/currencies.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/languages.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/manufacturers.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/products_expected.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/reviews.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/specials.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_purchased.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/stats_products_viewed.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_classes.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/tax_rates.php' 'page' Parameter Cross-Site Scripting
osCommerce 2.2 - 'admin/zones.php' 'page' Parameter Cross-Site Scripting

Cilem Haber Free Edition - hata.asp hata Parameter Cross-Site Scripting
Cilem Haber Free Edition - 'hata.asp' 'hata' Parameter Cross-Site Scripting

GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
GForge 4.6/4.5/3.1 - 'Verify.php' Cross-Site Scripting
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/modules/uninstall_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/admin/patch/index.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/install_module.php' 'level' Parameter Remote File Inclusion
Ossigeno CMS 2.2_pre1 - 'upload/xax/ossigeno/admin/uninstall_module.php' 'level' Parameter Remote File Inclusion

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities

ITS SCADA 'Username' - SQL Injection
ITS SCADA - 'Username' SQL Injection

vtiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion

vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting
vtiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2.1 - PHPrint.php Multiple Parameter Cross-Site Scripting
vtiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection
vTiger CRM 5.2.1 - 'index.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2.1 - 'PHPrint.php' Multiple Parameter Cross-Site Scripting
vTiger CRM 5.2 - 'onlyforuser' Parameter SQL Injection

vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

Vtiger CRM 6.3.0 - Authenticated Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution
EPESI 1.8.2 rev20170830 - Cross-Site Scripting
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
ClipBucket 2.8.3 - Remote Code Execution

2017-10-05 05:01:29 +00:00

2 commits