exploit-db-mirror

bpmcdevitt/exploit-db-mirror

Fork 0

Commit graph

Author	SHA1	Message	Date
Offensive Security	3617e005f6	DB: 2017-01-12 16 new exploits VMware 2.5.1 - (VMware-authd) Remote Denial of Service VMware 2.5.1 - 'VMware-authd' Remote Denial of Service Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2) Boxoft Wav 1.0 - Buffer Overflow VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow EleCard MPEG PLAYER - '.m3u' Local Stack Overflow Elecard MPEG Player - '.m3u' Local Stack Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1) Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2) Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout) Firejail - Privilege Escalation McAfee Virus Scan Enterprise for Linux - Remote Code Execution McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution Ansible 2.1.4 / 2.2.1 - Command Execution Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation PowerClan 1.14a - (footer.inc.php) Remote File Inclusion PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion Eggblog 3.1.0 - Cookies SQL Injection EggBlog 3.1.0 - Cookies SQL Injection eggBlog 4.0 - SQL Injection EggBlog 4.0 - SQL Injection 2Capsule - 'sticker.php id' SQL Injection 2Capsule - SQL Injection ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection ASPThai.Net WebBoard 6.0 - SQL Injection Memberkit 1.0 - Remote Arbitrary .PHP File Upload phpScribe 0.9 - (user.cfg) Remote Config Disclosure Memberkit 1.0 - Arbitrary File Upload phpScribe 0.9 - 'user.cfg' Remote Config Disclosure PowerClan 1.14a - (Authentication Bypass) SQL Injection PowerClan 1.14a - Authentication Bypass Webspell 4 - (Authentication Bypass) SQL Injection webSPELL 4 - Authentication Bypass eggBlog 4.1.1 - Local Directory Traversal EggBlog 4.1.1 - Local Directory Traversal Travel Portal Script Admin Password Change - Cross-Site Request Forgery Travel Portal Script - Cross-Site Request Forgery (Admin Password Change) eggBlog 4.1.2 - Arbitrary File Upload EggBlog 4.1.2 - Arbitrary File Upload Eggblog 2.0 - blog.php id Parameter SQL Injection Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting EggBlog 2.0 - 'id' Parameter SQL Injection EggBlog 2.0 - 'message' Parameter Cross-Site Scripting PowerClan 1.14 - member.php SQL Injection PowerClan 1.14 - 'member.php' SQL Injection SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection Dating Script 3.25 - SQL Injection Starting Page 1.3 - SQL Injection Starting Page 1.3 - 'linkid' Parameter SQL Injection Starting Page 1.3 - 'category' Parameter SQL Injection My link trader 1.1 - 'id' Parameter SQL Injection Blackboard LMS 9.1 SP14 - Cross-Site Scripting Huawei Flybox B660 - Cross-Site Request Forgery Travel Portal Script 9.33 - SQL Injection Movie Portal Script 7.35 - SQL Injection	2017-01-12 05:01:16 +00:00
Offensive Security	574c0f2df8	DB: 2017-01-10 5 new exploits DirectAdmin 1.50.1 - Denial of Service Joomla! Component 'com_menu' - SQL Injection Joomla! Component com_menu - SQL Injection Joomla! Component 'com_pcchess' - Local File Inclusion Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component com_pcchess - Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component 'com_ca' - SQL Injection Joomla! Component com_ca - SQL Injection Joomla! Component 'com_education_classess' - SQL Injection Joomla! Component education - SQL Injection Joomla! Component 'com_Flashgames' - Local File Inclusion Joomla! Component FlashGames 1.5.0 - Local File Inclusion Joomla! Component 'com_cvmaker' - Local File Inclusion Joomla! Component 'com_myfiles' - Local File Inclusion Joomla! Component CV Maker 1.0 - Local File Inclusion Joomla! Component My Files 1.0 - Local File Inclusion Joomla! Component 'com_joommail' - Local File Inclusion Joomla! Component 'com_memory' - Local File Inclusion Joomla! Component JoomMail 1.0 - Local File Inclusion Joomla! Component Memory Book 1.2 - Local File Inclusion Joomla! Component 'com_diary' - Local File Inclusion Joomla! Component Digital Diary 1.5.0 - Local File Inclusion Joomla! Component 'com_jdrugstopics' - SQL Injection Joomla! Component com_jdrugstopics - SQL Injection Joomla! Component 'com_flexicontent' - Local File Joomla! Component FLEXIcontent 1.5 - Local File Inclusion Joomla! Component 'com_delicious' - Local File Inclusion Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection Joomla! Component 'com_pandafminigames' - SQL Injection Joomla! Component com_pandafminigames - SQL Injection Joomla! Component 'com_caddy' - Exploit Joomla! Component com_caddy - Exploit Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload Joomla! Component com_jesectionfinder - Arbitrary File Upload Joomla! Component 'com_camp' - SQL Injection Joomla! Component com_camp - SQL Injection Joomla! Component 'com_crowdsource' - SQL Injection Joomla! Component 'com_event' - Multiple Vulnerabilities Joomla! Component com_crowdsource - SQL Injection Joomla! Component com_event - Multiple Vulnerabilities Joomla! Component 'com_event' - SQL Injection Joomla! Component com_event - SQL Injection Joomla! Component 'com_packages' - SQL Injection Joomla! Component com_packages - SQL Injection Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection Joomla! Component JE Poll - 'pollid' Parameter SQL Injection Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection Joomla! Component 'com_chronocontact' - Blind SQL Injection Joomla! Component ChronoConnectivity - Blind SQL Injection Joomla! Component ChronoForms - Blind SQL Injection Joomla! Component 'com_lead' - SQL Injection Joomla! Component com_lead - SQL Injection Joomla! Component 'com_cinema' - SQL Injection Joomla! Component cinema - SQL Injection Joomla! Component 'com_jstore' - SQL Injection Joomla! Component 'com_jtickets' - SQL Injection Joomla! Component 'com_jcommunity' - SQL Injection Joomla! Component 'com_jmarket' - SQL Injection Joomla! Component 'com_jsubscription' - SQL Injection Joomla! Component com_jstore - SQL Injection Joomla! Component com_jtickets - SQL Injection Joomla! Component com_jcommunity - SQL Injection Joomla! Component com_jmarket - SQL Injection Joomla! Component com_jsubscription - SQL Injection Joomla! Component 'com_jnewsletter' - SQL Injection Joomla! Component com_jnewsletter - SQL Injection Joomla! Component 'com_joomdocs' - Cross-Site Scripting Joomla! Component com_joomdocs - Cross-Site Scripting Joomla! Component 'com_community' - Persistent Cross-Site Scripting Joomla! Component 'com_jomestate' - Remote File Inclusion Joomla! Component com_community - Persistent Cross-Site Scripting Joomla! Component com_jomestate - Remote File Inclusion Joomla! Component 'com_jejob' - Local File Inclusion Joomla! Component com_jejob - Local File Inclusion Joomla! Component 'com_dateconverter' 0.1 - SQL Injection Joomla! Component com_dateconverter 0.1 - SQL Injection Joomla! Component 'com_phocagallery' - SQL Injection Joomla! Component Phoca Gallery 2.7.3 - SQL Injection Joomla! Component 'com_jpodium' - SQL Injection Joomla! Component JPodium 2.7.3 - SQL Injection Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection Joomla! Component 'com_myhome' - Blind SQL Injection Joomla! Component 'com_mysms' - Arbitrary File Upload Joomla! Component MyHome - Blind SQL Injection Joomla! Component MySMS - Arbitrary File Upload Joomla! Component 'com_iproperty' - SQL Injection Joomla! Component com_iproperty - SQL Injection Joomla! Component 'com_itarmory' - SQL Injection Joomla! Component com_itarmory - SQL Injection Joomla! Component 'com_neorecruit' 1.4 - SQL Injection Joomla! Component NeoRecruit 1.4 - SQL Injection Joomla! Component 'com_equipment' - SQL Injection Joomla! Component com_equipment - SQL Injection Joomla! Component 'com_Fabrik' - SQL Injection Joomla! Component 'com_extcalendar' - Blind SQL Injection Joomla! Component Fabrik - SQL Injection Joomla! Component com_extcalendar - Blind SQL Injection Joomla! Component 'com_jejob' - SQL Injection Joomla! Component JE Job - SQL Injection Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload Joomla! Component 'com_connect' - Local File Inclusion Joomla! Component 'com_dcnews' - Local File Inclusion Joomla! Component com_connect - Local File Inclusion Joomla! Component com_dcnews - Local File Inclusion Joomla! Component 'com_clan' - SQL Injection Joomla! Component com_clan - SQL Injection Joomla! Component 'com_clanlist' - SQL Injection Joomla! Component com_clanlist - SQL Injection Joomla! Component 'com_markt' - SQL Injection Joomla! Component 'com_img' - Local File Inclusion Joomla! Component com_markt - SQL Injection Joomla! Component com_img - Local File Inclusion Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities Joomla! Component 'com_maianmedia' - SQL Injection Joomla! Component com_maianmedia - SQL Injection Joomla! Component 'com_idoblog' - SQL Injection Joomla! Component com_idoblog - SQL Injection Joomla! Component 'com_people' 1.0.0 - SQL Injection Joomla! Component People 1.0.0 - SQL Injection Joomla! Component 'com_people' 1.0.0 - Local File Inclusion Joomla! Component com_people 1.0.0 - Local File Inclusion Joomla! Component 'com_jce' - Blind SQL Injection Joomla! Component joomlacontenteditor - Blind SQL Injection Joomla! Component 'com_hello' - SQL Injection Joomla! Component com_hello - SQL Injection Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload Joomla! Component jDownloads 1.0 - Arbitrary File Upload Joomla! Component 'com_jesubmit' - Local File Inclusion Joomla! Component JE Story Submit - Local File Inclusion Joomla! Component 'com_obSuggest' - Local File Inclusion Joomla! Component obSuggest - Local File Inclusion Joomla! Component 'com_jdirectory' - SQL Injection Joomla! Component com_jdirectory - SQL Injection Joomla! Component 'com_esearch' - SQL Injection Joomla! Component Search 3.0.0 - SQL Injection Joomla! Component 'com_joomtouch' - Local File Inclusion Joomla! Component JoomTouch 1.0.2 - Local File Inclusion Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities Joomla! Component 'com_horses' - 'id' Parameter SQL Injection Joomla! Component com_horses - 'id' Parameter SQL Injection Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection Joomla! Component 'com_dirfrm' - Multiple SQL Injections Joomla! Component com_dirfrm - Multiple SQL Injections Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion Joomla! Component Catalogue - SQL Injection / Local File Inclusion Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection Joomla! Component Jeformcr - 'id' Parameter SQL Injection Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_classified' - SQL Injection Joomla! Component Classified - SQL Injection Joomla! Component 'com_frontenduseraccess' - Local File Inclusion Joomla! Component com_frontenduseraccess - Local File Inclusion Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection Joomla! Component com_clan_members - 'id' Parameter SQL Injection Joomla! Component 'com_phocadownload' - Local File Inclusion Joomla! Component com_phocadownload - Local File Inclusion Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection Joomla! Component Map Locator - 'cid' Parameter SQL Injection Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection Joomla! Component 'com_hospital' - SQL Injection Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection Joomla! Component Foto - 'id_categoria' Parameter SQL Injection Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection Joomla! Component com_hospital - SQL Injection Joomla! Component Controller - 'Itemid' Parameter SQL Injection Joomla! Component 'com_newssearch' - SQL Injection Joomla! Component com_newssearch - SQL Injection Joomla! Component 'com_community' - 'userid' Parameter SQL Injection Joomla! Component com_community - 'userid' Parameter SQL Injection Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection Joomla! Component com_expedition - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection Joomla! Component com_br - 'state_id' Parameter SQL Injection Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection Joomla! Component com_caproductprices - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion Joomla! Component com_br - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_full' - 'id' Parameter SQL Injection Joomla! Component Full - 'id' Parameter SQL Injection Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_car' - Multiple SQL Injections Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion Joomla! Component com_car - Multiple SQL Injections Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection Joomla! Component com_motor - 'cid' Parameter SQL Injection Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection Joomla! Component com_firmy - 'Id' Parameter SQL Injection Joomla! Component com_crhotels - 'catid' Parameter SQL Injection Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection Joomla! Component com_cmotour - 'id' Parameter SQL Injection Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection Joomla! Component 'com_machine' - Multiple SQL Injections Joomla! Component Machine - Multiple SQL Injections Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload Joomla! Component 'com_jcalpro' - SQL Injection Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload Joomla! Component JCal Pro Calendar - SQL Injection Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component com_payplans 3.3.6 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component com_bt_media 1.0 - SQL Injection Joomla! Component 'com_guru' - SQL Injection Joomla! Component Guru Pro - SQL Injection DirectAdmin 1.50.1 - Denial of Service Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting My Link Trader 1.1 - Authentication Bypass My Php Dating 2.0 - 'path' Parameter SQL Injection My Php Dating 2.0 - 'id' Parameter SQL Injection	2017-01-10 05:01:19 +00:00

Author

SHA1

Message

Date

Offensive Security

3617e005f6

DB: 2017-01-12

16 new exploits

VMware 2.5.1 - (VMware-authd) Remote Denial of Service
VMware 2.5.1 - 'VMware-authd' Remote Denial of Service
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption
Adobe Flash Player 24.0.0.186 - 'ActionGetURL2' Out-of-Bounds Memory Corruption (2)
Boxoft Wav 1.0 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - 'DecodeAdpcmImaQT' Buffer Overflow

EleCard MPEG PLAYER - '.m3u' Local Stack Overflow
Elecard MPEG Player - '.m3u' Local Stack Overflow

Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135)
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (1)

Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow
Boxoft WAV to MP3 Converter - 'convert' Buffer Overflow
Microsoft Windows Kernel - 'win32k.sys' 'NtSetWindowLongPtr' Privilege Escalation (MS16-135) (2)
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098)
Cemu 1.6.4b - Information Leak + Buffer Overflow (Emulator Breakout)
Firejail - Privilege Escalation

McAfee Virus Scan Enterprise for Linux - Remote Code Execution
McAfee Virus Scan Enterprise for Linux 1.9.2 < 2.0.2 - Remote Code Execution

Ansible 2.1.4 / 2.2.1 - Command Execution

Eggblog < 3.07 - Remote SQL Injection / Privilege Escalation
EggBlog < 3.07 - Remote SQL Injection / Privilege Escalation

PowerClan 1.14a - (footer.inc.php) Remote File Inclusion
PowerClan 1.14a - 'footer.inc.php' Remote File Inclusion

Eggblog 3.1.0 - Cookies SQL Injection
EggBlog 3.1.0 - Cookies SQL Injection

eggBlog 4.0 - SQL Injection
EggBlog 4.0 - SQL Injection

2Capsule - 'sticker.php id' SQL Injection
2Capsule - SQL Injection

ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection
ASPThai.Net WebBoard 6.0 - SQL Injection
Memberkit 1.0 - Remote Arbitrary .PHP File Upload
phpScribe 0.9 - (user.cfg) Remote Config Disclosure
Memberkit 1.0 - Arbitrary File Upload
phpScribe 0.9 - 'user.cfg' Remote Config Disclosure

PowerClan 1.14a - (Authentication Bypass) SQL Injection
PowerClan 1.14a - Authentication Bypass

Webspell 4 - (Authentication Bypass) SQL Injection
webSPELL 4 - Authentication Bypass

eggBlog 4.1.1 - Local Directory Traversal
EggBlog 4.1.1 - Local Directory Traversal

Travel Portal Script Admin Password Change - Cross-Site Request Forgery
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)

eggBlog 4.1.2 - Arbitrary File Upload
EggBlog 4.1.2 - Arbitrary File Upload
Eggblog 2.0 - blog.php id Parameter SQL Injection
Eggblog 2.0 - topic.php message Parameter Cross-Site Scripting
EggBlog 2.0 - 'id' Parameter SQL Injection
EggBlog 2.0 - 'message' Parameter Cross-Site Scripting

PowerClan 1.14 - member.php SQL Injection
PowerClan 1.14 - 'member.php' SQL Injection
SoftBizScripts Dating Script 1.0 - featured_photos.php browse Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - products.php cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' cid Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - news_desc.php id Parameter SQL Injection
SoftBizScripts Dating Script 1.0 - 'featured_photos.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'products.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'index.php' SQL Injection
SoftBizScripts Dating Script 1.0 - 'news_desc.php' SQL Injection

Dating Script 3.25 - SQL Injection

Starting Page 1.3 - SQL Injection
Starting Page 1.3 - 'linkid' Parameter SQL Injection
Starting Page 1.3 - 'category' Parameter SQL Injection
My link trader 1.1 - 'id' Parameter SQL Injection
Blackboard LMS 9.1 SP14 - Cross-Site Scripting
Huawei Flybox B660 - Cross-Site Request Forgery
Travel Portal Script 9.33 - SQL Injection
Movie Portal Script 7.35 - SQL Injection

2017-01-12 05:01:16 +00:00

Offensive Security

574c0f2df8

DB: 2017-01-10

5 new exploits

DirectAdmin 1.50.1 - Denial of Service

Joomla! Component 'com_menu' - SQL Injection
Joomla! Component com_menu - SQL Injection
Joomla! Component 'com_pcchess' - Local File Inclusion
Joomla! Component 'com_huruhelpdesk' - SQL Injection
Joomla! Component com_pcchess - Local File Inclusion
Joomla! Component huruhelpdesk - SQL Injection

Joomla! Component 'com_ca' - SQL Injection
Joomla! Component com_ca - SQL Injection

Joomla! Component 'com_education_classess' - SQL Injection
Joomla! Component education - SQL Injection

Joomla! Component 'com_Flashgames' - Local File Inclusion
Joomla! Component FlashGames 1.5.0 - Local File Inclusion
Joomla! Component 'com_cvmaker' - Local File Inclusion
Joomla! Component 'com_myfiles' - Local File Inclusion
Joomla! Component CV Maker 1.0 - Local File Inclusion
Joomla! Component My Files 1.0 - Local File Inclusion
Joomla! Component 'com_joommail' - Local File Inclusion
Joomla! Component 'com_memory' - Local File Inclusion
Joomla! Component JoomMail 1.0 - Local File Inclusion
Joomla! Component Memory Book 1.2 - Local File Inclusion

Joomla! Component 'com_diary' - Local File Inclusion
Joomla! Component Digital Diary 1.5.0 - Local File Inclusion

Joomla! Component 'com_jdrugstopics' - SQL Injection
Joomla! Component com_jdrugstopics - SQL Injection

Joomla! Component 'com_flexicontent' - Local File
Joomla! Component FLEXIcontent 1.5 - Local File Inclusion

Joomla! Component 'com_delicious' - Local File Inclusion
Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion

Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection
Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection

Joomla! Component 'com_pandafminigames' - SQL Injection
Joomla! Component com_pandafminigames - SQL Injection

Joomla! Component 'com_caddy' - Exploit
Joomla! Component com_caddy - Exploit

Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload
Joomla! Component com_jesectionfinder - Arbitrary File Upload

Joomla! Component 'com_camp' - SQL Injection
Joomla! Component com_camp - SQL Injection
Joomla! Component 'com_crowdsource' - SQL Injection
Joomla! Component 'com_event' - Multiple Vulnerabilities
Joomla! Component com_crowdsource - SQL Injection
Joomla! Component com_event - Multiple Vulnerabilities

Joomla! Component 'com_event' - SQL Injection
Joomla! Component com_event - SQL Injection

Joomla! Component 'com_packages' - SQL Injection
Joomla! Component com_packages - SQL Injection

Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection
Joomla! Component JE Poll - 'pollid' Parameter SQL Injection
Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection
Joomla! Component 'com_chronocontact' - Blind SQL Injection
Joomla! Component ChronoConnectivity - Blind SQL Injection
Joomla! Component ChronoForms - Blind SQL Injection

Joomla! Component 'com_lead' - SQL Injection
Joomla! Component com_lead - SQL Injection

Joomla! Component 'com_cinema' - SQL Injection
Joomla! Component cinema - SQL Injection
Joomla! Component 'com_jstore' - SQL Injection
Joomla! Component 'com_jtickets' - SQL Injection
Joomla! Component 'com_jcommunity' - SQL Injection
Joomla! Component 'com_jmarket' - SQL Injection
Joomla! Component 'com_jsubscription' - SQL Injection
Joomla! Component com_jstore - SQL Injection
Joomla! Component com_jtickets - SQL Injection
Joomla! Component com_jcommunity - SQL Injection
Joomla! Component com_jmarket - SQL Injection
Joomla! Component com_jsubscription - SQL Injection

Joomla! Component 'com_jnewsletter' - SQL Injection
Joomla! Component com_jnewsletter - SQL Injection

Joomla! Component 'com_joomdocs' - Cross-Site Scripting
Joomla! Component com_joomdocs - Cross-Site Scripting
Joomla! Component 'com_community' - Persistent Cross-Site Scripting
Joomla! Component 'com_jomestate' - Remote File Inclusion
Joomla! Component com_community - Persistent Cross-Site Scripting
Joomla! Component com_jomestate - Remote File Inclusion

Joomla! Component 'com_jejob' - Local File Inclusion
Joomla! Component com_jejob - Local File Inclusion

Joomla! Component 'com_dateconverter' 0.1 - SQL Injection
Joomla! Component com_dateconverter 0.1 - SQL Injection

Joomla! Component 'com_phocagallery' - SQL Injection
Joomla! Component Phoca Gallery 2.7.3 - SQL Injection

Joomla! Component 'com_jpodium' - SQL Injection
Joomla! Component JPodium 2.7.3 - SQL Injection

Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection
Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection
Joomla! Component 'com_myhome' - Blind SQL Injection
Joomla! Component 'com_mysms' - Arbitrary File Upload
Joomla! Component MyHome - Blind SQL Injection
Joomla! Component MySMS - Arbitrary File Upload

Joomla! Component 'com_iproperty' - SQL Injection
Joomla! Component com_iproperty - SQL Injection

Joomla! Component 'com_itarmory' - SQL Injection
Joomla! Component com_itarmory - SQL Injection

Joomla! Component 'com_neorecruit' 1.4 - SQL Injection
Joomla! Component NeoRecruit 1.4 - SQL Injection

Joomla! Component 'com_equipment' - SQL Injection
Joomla! Component com_equipment - SQL Injection
Joomla! Component 'com_Fabrik' - SQL Injection
Joomla! Component 'com_extcalendar' - Blind SQL Injection
Joomla! Component Fabrik - SQL Injection
Joomla! Component com_extcalendar - Blind SQL Injection

Joomla! Component 'com_jejob' - SQL Injection
Joomla! Component JE Job - SQL Injection

Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload
Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload
Joomla! Component 'com_connect' - Local File Inclusion
Joomla! Component 'com_dcnews' - Local File Inclusion
Joomla! Component com_connect - Local File Inclusion
Joomla! Component com_dcnews - Local File Inclusion

Joomla! Component 'com_clan' - SQL Injection
Joomla! Component com_clan - SQL Injection

Joomla! Component 'com_clanlist' - SQL Injection
Joomla! Component com_clanlist - SQL Injection
Joomla! Component 'com_markt' - SQL Injection
Joomla! Component 'com_img' - Local File Inclusion
Joomla! Component com_markt - SQL Injection
Joomla! Component com_img - Local File Inclusion

Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities
Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities

Joomla! Component 'com_maianmedia' - SQL Injection
Joomla! Component com_maianmedia - SQL Injection

Joomla! Component 'com_idoblog' - SQL Injection
Joomla! Component com_idoblog - SQL Injection

Joomla! Component 'com_people' 1.0.0 - SQL Injection
Joomla! Component People 1.0.0 - SQL Injection

Joomla! Component 'com_people' 1.0.0 - Local File Inclusion
Joomla! Component com_people 1.0.0 - Local File Inclusion

Joomla! Component 'com_jce' - Blind SQL Injection
Joomla! Component joomlacontenteditor - Blind SQL Injection

Joomla! Component 'com_hello' - SQL Injection
Joomla! Component com_hello - SQL Injection

Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload
Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Joomla! Component 'com_jesubmit' - Local File Inclusion
Joomla! Component JE Story Submit - Local File Inclusion

Joomla! Component 'com_obSuggest' - Local File Inclusion
Joomla! Component obSuggest - Local File Inclusion

Joomla! Component 'com_jdirectory' - SQL Injection
Joomla! Component com_jdirectory - SQL Injection

Joomla! Component 'com_esearch' - SQL Injection
Joomla! Component Search 3.0.0 - SQL Injection

Joomla! Component 'com_joomtouch' - Local File Inclusion
Joomla! Component JoomTouch 1.0.2 - Local File Inclusion

Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities
Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities

Joomla! Component 'com_horses' - 'id' Parameter SQL Injection
Joomla! Component com_horses - 'id' Parameter SQL Injection

Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion
Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion

Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal
Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal

Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection
Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_dirfrm' - Multiple SQL Injections
Joomla! Component com_dirfrm - Multiple SQL Injections

Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion
Joomla! Component Catalogue - SQL Injection / Local File Inclusion
Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection
Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection
Joomla! Component Jeformcr - 'id' Parameter SQL Injection
Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection

Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities
Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities

Joomla! Component 'com_classified' - SQL Injection
Joomla! Component Classified - SQL Injection

Joomla! Component 'com_frontenduseraccess' - Local File Inclusion
Joomla! Component com_frontenduseraccess - Local File Inclusion

Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection
Joomla! Component com_clan_members - 'id' Parameter SQL Injection

Joomla! Component 'com_phocadownload' - Local File Inclusion
Joomla! Component com_phocadownload - Local File Inclusion

Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection
Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection

Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection
Joomla! Component Map Locator - 'cid' Parameter SQL Injection

Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload
Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection
Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection

Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection
Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection
Joomla! Component 'com_hospital' - SQL Injection
Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection
Joomla! Component Foto - 'id_categoria' Parameter SQL Injection
Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection
Joomla! Component com_hospital - SQL Injection
Joomla! Component Controller - 'Itemid' Parameter SQL Injection

Joomla! Component 'com_newssearch' - SQL Injection
Joomla! Component com_newssearch - SQL Injection

Joomla! Component 'com_community' - 'userid' Parameter SQL Injection
Joomla! Component com_community - 'userid' Parameter SQL Injection

Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection
Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection

Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection
Joomla! Component com_expedition - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection
Joomla! Component com_br - 'state_id' Parameter SQL Injection

Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection
Joomla! Component com_caproductprices - 'id' Parameter SQL Injection

Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_br - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_full' - 'id' Parameter SQL Injection
Joomla! Component Full - 'id' Parameter SQL Injection
Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion
Joomla! Component 'com_car' - Multiple SQL Injections
Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion
Joomla! Component com_car - Multiple SQL Injections

Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload
Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload

Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection
Joomla! Component com_motor - 'cid' Parameter SQL Injection
Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection
Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection
Joomla! Component com_firmy - 'Id' Parameter SQL Injection
Joomla! Component com_crhotels - 'catid' Parameter SQL Injection

Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection
Joomla! Component com_cmotour - 'id' Parameter SQL Injection

Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection
Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection

Joomla! Component 'com_machine' - Multiple SQL Injections
Joomla! Component Machine - Multiple SQL Injections

Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component 'com_jcalpro' - SQL Injection
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
Joomla! Component JCal Pro Calendar - SQL Injection

Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion
Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion

Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection
Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection

Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities
Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities

Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection
Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection

Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection
Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection

Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload
Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload

Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection
Joomla! Component Inneradmission - 'index.php' SQL Injection

Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection

Joomla! Component 'com_payplans' 3.3.6 - SQL Injection
Joomla! Component com_payplans 3.3.6 - SQL Injection

Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection

Joomla! Component 'com_bt_media' - SQL Injection
Joomla! Component com_bt_media 1.0 - SQL Injection

Joomla! Component 'com_guru' - SQL Injection
Joomla! Component Guru Pro - SQL Injection

DirectAdmin 1.50.1 - Denial of Service
Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting
My Link Trader 1.1 - Authentication Bypass
My Php Dating 2.0 - 'path' Parameter SQL Injection
My Php Dating 2.0 - 'id' Parameter SQL Injection

2017-01-10 05:01:19 +00:00

2 commits