exploit-db-mirror

History

Offensive Security ec03ab428f DB: 2016-07-21 10 new exploits Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit Simplog 0.9.3 - (tid) SQL Injection Skulltag <= 0.96f - (Version String) Remote Format String PoC OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit Skulltag 0.96f - (Version String) Remote Format String PoC OpenTTD 0.4.7 - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC) Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion phpMyAgenda <= 3.0 Final (rootagenda) Remote Include Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion phpMyAgenda 3.0 Final - (rootagenda) Remote Include Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit X7 Chat 2.0 - (help_file) Remote Command Execution Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit Auction 1.3m - (phpbb_root_path) Remote File Inclusion acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit AWStats 6.5 - (migrate) Remote Shell Command Injection acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit acFTP FTP Server 1.4 - (USER) Remote Denial of Service PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit ACal <= 2.2.6 - (day.php) Remote File Inclusion EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion PHP-Fusion 6.00.306 - Multiple Vulnerabilities Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion ACal 2.2.6 - (day.php) Remote File Inclusion EQdkp 1.3.0 - (dbal.php) Remote File Inclusion Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3) Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4) Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4) Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit \o - Local File Inclusion (1st) Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1) PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1) Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Django CMS 3.3.0 - (Editor Snippet) Persistent XSS Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit) Linux/x86 - execve /bin/sh Shellcode (19 bytes) Wowza Streaming Engine 4.5.0 - Local Privilege Escalation Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF Wowza Streaming Engine 4.5.0 - Multiple XSS OpenSSHD <= 7.2p2 - Username Enumeration WordPress Video Player Plugin 1.5.16 - SQL Injection	2016-07-21 05:06:28 +00:00
..
remote	DB: 2015-08-19	2015-08-19 05:01:48 +00:00
webapps	DB: 2016-07-21	2016-07-21 05:06:28 +00:00

Offensive Security ec03ab428f DB: 2016-07-21

10 new exploits

Microsoft Internet Explorer <= XP SP2 - HTML Help Control Local Zone Bypass
Microsoft Internet Explorer XP SP2 - HTML Help Control Local Zone Bypass

Mambo <= 4.5.3 & Joomla <= 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit
Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit

Simplog <= 0.9.3 - (tid) Remote SQL Injection Exploit
Simplog 0.9.3 - (tid) SQL Injection
Skulltag <= 0.96f - (Version String) Remote Format String PoC
OpenTTD <= 0.4.7 - Multiple Vulnerabilities/Denial of Service Exploit
Skulltag 0.96f - (Version String) Remote Format String PoC
OpenTTD 0.4.7 - Multiple Vulnerabilities

Apple Mac OS X Safari <= 2.0.3 (417.9.2) - Multiple Vulnerabilities (PoC)
Apple Mac OS X Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities

Apple Mac OS X Safari <= 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Apple Mac OS X Safari 2.0.3 - (417.9.2) (ROWSPAN) DoS PoC
Aardvark Topsites PHP <= 4.2.2 - (path) Remote File Inclusion
phpMyAgenda <= 3.0 Final (rootagenda) Remote Include
Aardvark Topsites PHP <= 4.2.2 - (lostpw.php) Remote Include Exploit
Aardvark Topsites PHP 4.2.2 - (path) Remote File Inclusion
phpMyAgenda 3.0 Final - (rootagenda) Remote Include
Aardvark Topsites PHP 4.2.2 - (lostpw.php) Remote File Inclusion

X7 Chat <= 2.0 - (help_file) Remote Commands Execution Exploit
X7 Chat 2.0 - (help_file) Remote Command Execution

Auction <= 1.3m (phpbb_root_path) Remote File Include Exploit
Auction 1.3m - (phpbb_root_path) Remote File Inclusion
acFTP FTP Server <= 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit
acFTP FTP Server 1.4 - (USER) Remote Buffer Overflow PoC
Quake 3 Engine 1.32b - R_RemapShader() Remote Client BoF Exploit

AWStats <= 6.5 - (migrate) Remote Shell Command Injection Exploit
AWStats 6.5 - (migrate) Remote Shell Command Injection

acFTP FTP Server <= 1.4 - (USER) Remote Denial of Service Exploit
acFTP FTP Server 1.4 - (USER) Remote Denial of Service
PHP-Fusion <= 6.00.306 - Multiple Vulnerabilities
Jetbox CMS <= 2.1 - (relative_script_path) Remote File Inclusion Exploit
ACal <= 2.2.6 - (day.php) Remote File Inclusion
EQdkp <= 1.3.0 - (dbal.php) Remote File Inclusion
PHP-Fusion 6.00.306 - Multiple Vulnerabilities
Jetbox CMS 2.1 - (relative_script_path) Remote File Inclusion
ACal 2.2.6 - (day.php) Remote File Inclusion
EQdkp 1.3.0 - (dbal.php) Remote File Inclusion

Microsoft Internet Explorer <= 6.0.2900 SP2 - (CSS Attribute) Denial of Service
Microsoft Internet Explorer 6.0.2900 SP2 - (CSS Attribute) Denial of Service

Unclassified NewsBoard <= 1.6.1 patch 1 - Arbitrary Local Inclusion Exploit
Unclassified NewsBoard 1.6.1 patch 1 - Local File Inclusion
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (3)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (1)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (2)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (3)

Linux Kernel 2.6.13 <= 2.6.17.4 - sys_prctl() Local Root Exploit (4)
Linux Kernel 2.6.13 <= 2.6.17.4 - 'sys_prctl()' Local Root Exploit (4)

Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit
Linux Kernel <= 2.6.17.4 - 'proc' Local Root Exploit

Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit

\o - Local File Inclusion (1st)
Keller Web Admin CMS 0.94 Pro - Local File Inclusion (1)

PulseAudio setuid (Ubuntu 9.04 & Slackware 12.2.0) - Local Privilege Escalation
PulseAudio setuid (Ubuntu 9.04 / Slackware 12.2.0) - Local Privilege Escalation

Linux Kernel < 2.6.36-rc6 (Redhat/Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept
Linux Kernel < 2.6.36-rc6 (Redhat / Ubuntu 10.04) - pktcdvd Kernel Memory Disclosure Proof of Concept

Linux Kernel <= 2.2.18 (RH 7.0/6.2 / 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux Kernel <= 2.2.18 (RH 7.0/6.2 & 2.2.14 / 2.2.18 / 2.2.18ow4) - ptrace/execve Race Condition Local Root (1)
Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)
Django CMS 3.3.0 - (Editor Snippet) Persistent XSS
Drupal RESTWS Module 7.x - Remote PHP Code Execution (Metasploit)
Linux/x86 - execve /bin/sh Shellcode (19 bytes)
Wowza Streaming Engine 4.5.0 - Local Privilege Escalation
Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation
Wowza Streaming Engine 4.5.0 - Add Advanced Admin CSRF
Wowza Streaming Engine 4.5.0 - Multiple XSS
OpenSSHD <= 7.2p2 - Username Enumeration
WordPress Video Player Plugin 1.5.16 - SQL Injection

2016-07-21 05:06:28 +00:00

remote

DB: 2015-08-19

2015-08-19 05:01:48 +00:00

webapps

DB: 2016-07-21

2016-07-21 05:06:28 +00:00