From a294dc66ac3d52d9ddd6d47971ca4f7f4cffd442 Mon Sep 17 00:00:00 2001
From: Keith Lee <Keith.lee2012@gmail.com>
Date: Wed, 2 May 2018 17:08:39 +0800
Subject: [PATCH] add 1608-exploits

---
 packetstormPaths.txt | 447 ++++++++++++++++++++++++++++++-------------
 1 file changed, 312 insertions(+), 135 deletions(-)

diff --git a/packetstormPaths.txt b/packetstormPaths.txt
index 98ce688..ed3f85d 100644
--- a/packetstormPaths.txt
+++ b/packetstormPaths.txt
@@ -1,138 +1,5 @@
+
 /24online/webpages/myaccount/usersessionsummary.jsp
-/vaconfig/time
-/OA_HTML/iemsa_customersearch.jsp
-/OA_HTML/iemsa_kbcat.jsp
-/Setting.chipsipcmd
-/TeamPass/sources/upload/upload.files.php
-/WebCalendar/install/index.php
-/WebCalendar//admin.php
-/WebCalendar//edit_user_handler.php
-/about/show.php
-/admin/aomanage.php
-/admin/ccmanage.php
-/admin/cmanage.php
-/admin/domainadmin.php
-/admin/dsarchiveadmin.php
-/admin/helpdesk.php
-/admin/hostingadmin.php
-/admin/hostingarchiveadmin.php
-/admin/index.php
-/admin/omanage.php
-/admin/test_mail.php
-/admin/useradmin.php
-/administrator
-/administrator/index.php
-/ajax_cms/get_template_content/
-/apointment.php
-/app_index.shtml
-/app_license.shtml
-/app_license_custom.shtml
-/app_params.shtml
-/archiva/admin/addProxyConnector_commit.action
-/audit-policy.jsp
-/cdp/
-/cdp/release/
-/cdp/release/internet/
-/cdp/release/internet/servlet/
-/cdp/release/internet/servlet/vehicle
-/cdp/release/internet/servlet/vehicleAdd
-/cgi-bin/SetRS422Settings
-/cgi-bin/doLogin_CgiEntry
-/cgi-bin/getlog.cgi
-/cgi-bin/main
-/clean-cache.php
-/client-connections-settings.jsp
-/client/ppbe.xml
-/common/uploaded_files/user/1467918685a.php
-/cubelocal/admin/shutdownMachine.asp
-/cubelocal/admin/stabilityControl.asp
-/cubelocal/classe/index.asp
-/cubelocal/modules/neoscreen/admindiff/stats_diffusion.asp
-/cubelocal/modules/neoscreen/messages/basevide.asp
-/dashboard/reports_charts/compare_tags/
-/database.db
-/de/publicPools/
-/de/publicPools/landingPages/
-/de/publicPools/landingPages/passwordResetOk.html
-/dorncms/
-/dorncms/cms/
-/dorncms/cms/delete_file/
-/dorncms/cms/filelist/
-/dorncms/cms/rename_file/
-/dorncms/cms/upload/file/
-/dwr/exec/downloader.installPlugin.dwr
-/ecardmaxdemo/admin/index.php
-/eh/003/pro_003.php
-/eh/admin/main_ad.php
-/en/admin/cms/
-/en/admin/cms/staticplaceholder/
-/en/admin/cms/staticplaceholder/add-plugin/
-/en/admin/cms/staticplaceholder/edit-plugin/
-/en/admin/djangocms_snippet/snippet/
-/en/admin/djangocms_snippet/snippet/add/
-/enginemanager/applications/live/main/view.htm
-/enginemanager/applications/liveedge/securityplayback/edit.htm
-/enginemanager/applications/liveedge/streamtarget/add.htm
-/enginemanager/applications/monitoring/historical.jsdata
-/exponent/administrationmodule/umgr_editprofile/id/0/
-/exponent/administrationmodule/useraccounts/
-/exponent/index.php
-/exponent/loginmodule/
-/exponent/loginmodule/createuser/
-/exponent/loginmodule/editprofile/
-/fotoweb/views/login
-/geoip/webshell.php
-/goform/formSysCm
-/group-summary.jsp
-/htdocs/fileinfo.php
-/html/SetSmarcardSettings.ph
-/html/SetSmarcardSettings.php
-/httpDisabled.shtml
-/invocationConsole
-/lbmbackoffice/
-/logeye/common/addLogFilter.jsp
-/logeye/componentAction.jsp
-/logeye/security/management/userSettingsAction.jsp
-/logeye/tasks/xpotaskDefinitionAction.jsp
-/logeye/testingus.txt
-/mainbooks.php
-/manage-updates.jsp
-/manage_importexport
-/manage_main
-/manual/en/function.bzread.php
-/muc-service-edit-form.jsp
-/nagiosxi/install.php
-/oa_servlets/oracle.apps.bne.webui.BneApplicationService
-/plugin-admin.jsp
-/plugins/search/advance-user-search.jsp
-/plugins/search/search-props-edit-form.jsp
-/portal/index.php
-/programs.php
-/projects/openfire/plugins/broadcast.jar
-/reg-settings.jsp
-/residentielle/index.php
-/rjdetails.php
-/root.jsp
-/server-properties.jsp
-/server-props.jsp
-/setup/index.php
-/single-ads.php
-/syscmd.asp
-/system-email.jsp
-/system/user_pop.php
-/uddi/api/replication
-/upload.php
-/user-create.jsp
-/user-password.jsp
-/view/viewer_index.shtml
-/wordpress/wp-admin/admin-ajax.php
-/wp-admin/admin-ajax.php
-/wp-admin/admin.php
-/wp-admin/edit.php
-/wp-admin/options-general.php
-/wp-admin/users.php
-/wp-login.php
-/wp/wp-admin/admin.php
 /AceManager.htm
 /Administration.asp
 /ChannelsSelection.asp
@@ -148,38 +15,70 @@
 /FileSharing/viewing.php
 /FinderView/api.php
 /Fire-Soft-Board-2/index.php
+/OA_HTML/iemsa_customersearch.jsp
+/OA_HTML/iemsa_kbcat.jsp
+/Pages/product.aspx
 /Phoenix/includes/geoip.php
 /Quick.Cart.Ext/admin.php
 /Reporting/Admin/notificationpopup.php
 /Reporting/Reports/sr-save.php
 /Reporting/common/externalurl.php
 /RestAPI/PasswordSelfServiceAPI
+/Setting.chipsipcmd
 /SlimCMS/admin/config
 /SlimCMS/api/config
 /Split-Flap/flights.php
 /Split-Flap/weather.php
+/TeamPass/sources/upload/upload.files.php
 /Upload/backdoor.php
 /WClientMACList.asp
+/WebCalendar//admin.php
+/WebCalendar//edit_user_handler.php
+/WebCalendar/install/index.php
 /WebTicket/WebTicketService.svc/Aut
+/__nvr_status___.php
 /_int_/action.html
 /_int_/checkin.html
 /_int_/checkin_file.html
 /_tc~monitoring~webservice~web/ServerNodesWSService
+/about/show.php
 /account
 /accounting/create_transaction/
+/achats/fr/registration/index.php
 /actes/renvoilogin.php
 /admin.php
 /admin/AceManager.htm
+/admin/Admin.html
 /admin/UpLoad.htm
 /admin/UpLoadTemp.htm
 /admin/admin-user/add
 /admin/admin.php
 /admin/admin_fm_upload_files.php
 /admin/adminsettings.php
+/admin/aomanage.php
+/admin/browse.jsp
+/admin/ccmanage.php
+/admin/cmanage.php
+/admin/config.php
+/admin/database/
+/admin/database/sql/
+/admin/deleteDestination.action
+/admin/domainadmin.php
+/admin/dsarchiveadmin.php
+/admin/helpdesk.php
+/admin/hostingadmin.php
+/admin/hostingarchiveadmin.php
 /admin/index.html
 /admin/index.php
+/admin/list.php
 /admin/login.php
+/admin/omanage.php
+/admin/queueGraph.jsp
+/admin/test_mail.php
+/admin/useradmin.php
 /admin/usuario.php
+/administrator
+/administrator/components/com_aceftp/quixplorer/index.php
 /administrator/index.php
 /advanced/firewall_templates/
 /airia
@@ -188,27 +87,94 @@
 /airia/data/vvv_html/shell.php
 /airia/editor.php
 /airia/menu.php
+/ajax_cms/get_template_content/
 /ajaxexplorer/ae.user/owner/myprofile/terminal.php
 /ajaxexplorer/index.php
 /ajaxproxy.php
+/amrmabrouk/index.php
 /api/20121201/transactions
 /api/accounts
 /api/categories
 /api/goatgates
 /api/replacementui
 /api/tags
+/apointment.php
+/app_index.shtml
+/app_license.shtml
+/app_license_custom.shtml
+/app_params.shtml
 /apply.cgi
+/archiva/admin/addProxyConnector_commit.action
 /article.php
+/articles.php
+/audit-policy.jsp
 /auth/login
+/authRoleAction!getAll.action
+/authUserAction!edit.action
+/authUserAction!getAll.action
 /backend/
+/baseAction!getPageXML.action
 /bazaar
 /bht/index.html
 /booking/bs-settings.php
+/bots/api
+/browse.php
+/carbon/entitlement/eval-policy-submit.jsp
+/carbon/identity-mgt/challenges-mgt.jsp
+/carbon/identity-mgt/challenges-set-mgt.jsp
+/carbon/log-view/downloadgz-ajaxprocessor.jsp
+/carbon/ndatasource/newdatasource.jsp
+/carbon/ndatasource/validateconnection-ajaxprocessor.jsp
+/carbon/server-admin/proxy_ajaxprocessor.jsp
+/carbon/viewflows/handlers.jsp
+/carbon/webapp-list/webapp_info.jsp
 /cat1.php
+/cdp/
+/cdp/release/
+/cdp/release/internet/
+/cdp/release/internet/servlet/
+/cdp/release/internet/servlet/vehicle
+/cdp/release/internet/servlet/vehicleAdd
+/cernlib/
+/cgi-bin/SetRS422Settings
+/cgi-bin/adv/debugcgi
+/cgi-bin/application/appRequest.cgi
+/cgi-bin/cgi_system
+/cgi-bin/check.cgi
+/cgi-bin/chklogin.cgi
+/cgi-bin/doLogin_CgiEntry
+/cgi-bin/filemanager/utilRequest.cgi
+/cgi-bin/getlog.cgi
+/cgi-bin/main
+/cgi-bin/module/
+/cgi-bin/module/docroot/
+/cgi-bin/module/docroot/tabview.htm
+/cgi-bin/module/sharedobjmanager/
+/cgi-bin/module/sharedobjmanager/firewall/
+/cgi-bin/module/sharedobjmanager/firewall/SOMAddressObj
+/cgi-bin/pogui/auth/login
+/cgi-bin/pogui/view/execute/tasks/calibration-nonlinearequalink-manual
+/cgi-bin/pogui/view/validate/GuiTreeViewDecapsulationTSDecapsulation/Decapsulation-TSDecapsulation-DecapsulationPIDs/123
+/cgi-bin/read.cgi
+/cgi-bin/readfile.cgi
+/cgi-bin/system_cmd.cgi
+/cgi-bin/userConfig.cgi
+/cgi-bin/wizReq.cgi
+/cgi-bin/writefile.cgi
+/cgi_main
+/cgi_system
+/clean-cache.php
+/client-connections-settings.jsp
+/client/ppbe.xml
 /cloud_sync.asp
 /cognos/cgi-bin/cognos.cgi
+/com.fortinet.gwt.Main
+/com.fortinet.gwt.Main/Main.html
+/com.fortinet.gwt.Main/account
+/common/uploaded_files/user/1467918685a.php
 /component/enmasse/term
 /concrete5/index.php
+/config.rb
 /config/153/port_config.htm
 /config/153/sysinfo.htm
 /config/153/user_accounts.htm
@@ -219,14 +185,63 @@
 /cp/login/
 /createCustomer.asp
 /createSupplier.asp
+/css_parser.php
+/cubelocal/admin/shutdownMachine.asp
+/cubelocal/admin/stabilityControl.asp
+/cubelocal/classe/index.asp
+/cubelocal/modules/neoscreen/admindiff/stats_diffusion.asp
+/cubelocal/modules/neoscreen/messages/basevide.asp
+/da.nsf
+/dashboard/reports_charts/compare_tags/
+/data/iaccess/AccHolidays/_new_/
+/database.db
+/dba4.nsf
 /dbdiff/
+/de/publicPools/
+/de/publicPools/landingPages/
+/de/publicPools/landingPages/passwordResetOk.html
+/deletefile.php
+/dorncms/
+/dorncms/cms/
+/dorncms/cms/delete_file/
+/dorncms/cms/filelist/
+/dorncms/cms/rename_file/
+/dorncms/cms/upload/file/
+/dotclear/admin/media.php
+/dwr/exec/downloader.installPlugin.dwr
+/e-cidade/fpdf151/mostrarelatorio.php
+/ecardmaxdemo/admin/index.php
+/eh/003/pro_003.php
+/eh/admin/main_ad.php
 /en/admin/auth/
+/en/admin/cms/
+/en/admin/cms/staticplaceholder/
+/en/admin/cms/staticplaceholder/add-plugin/
+/en/admin/cms/staticplaceholder/edit-plugin/
+/en/admin/djangocms_snippet/snippet/
+/en/admin/djangocms_snippet/snippet/add/
 /en/admin/user/save
+/enginemanager/applications/live/main/view.htm
+/enginemanager/applications/liveedge/securityplayback/edit.htm
+/enginemanager/applications/liveedge/streamtarget/add.htm
+/enginemanager/applications/monitoring/historical.jsdata
+/exponent/administrationmodule/umgr_editprofile/id/0/
+/exponent/administrationmodule/useraccounts/
+/exponent/index.php
+/exponent/loginmodule/
+/exponent/loginmodule/createuser/
+/exponent/loginmodule/editprofile/
+/express/showNotice.do
 /fckeditor/editor/filemanager/connectors/
 /fckeditor/editor/filemanager/connectors/uploadtest.html
+/fileking/forgot_password.php
 /fileman/php/movefile.php
 /files/c932kc.php
+/fileserver/
+/fileshare.cmd
 /firewall.html
+/fotoweb/views/login
+/geoip/webshell.php
 /getip
 /goatgates
 /goform/Administration
@@ -234,70 +249,232 @@
 /goform/Docsis_log
 /goform/Docsis_system
 /goform/WClientMACList
+/goform/downloadIadInfomation
+/goform/formSysCm
+/group-summary.jsp
+/guppy/
+/guppy/admin/
+/guppy/admin/admin.php
+/gwadmin-console/index.jsp
+/gwadmin-console/install/login.jsp
+/handle_iscsi.php
+/helpdeskz/
 /home.do
 /home/153/active_panel_bid0.htm
+/homepage.nsf
+/htdocs/fileinfo.php
+/html/SetSmarcardSettings.ph
+/html/SetSmarcardSettings.php
+/html/wp-admin/admin-ajax.php
+/httpDisabled.shtml
 /ibilling/index.php
 /includes/components/profile/profile.php
+/index-h.php
 /index.php/admin/pages/edit/2/
 /index.php/admin/pages/update/
 /index.php/component/maqmahelpdesk/department/support-services
+/install
+/installation
+/invocationConsole
 /ipsec.html
 /irj/servlet/prt/portal/prteventname/getNavigationURL/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester
 /irj/servlet/prt/portal/prtroot/com.sap.portal.cache.XXX.CacheTimestampTest
+/iscsi.php
 /it/programma-affiliati/login
 /item/booking-system/87919
 /jbFileManager/jbfm/
 /jbFileManager/jbfm/jbfm.php
+/jenkins/configure
 /jira/secure/MailRuCalendar.jspa
 /jira/secure/artezioboard/mainPage.jspa
 /jmx2-Email-Tester/
 /joomla/administrator/index.php
 /json/device/getDeviceSummary
+/kv_admin/login.php
+/lbmbackoffice/
 /lib/crud/downloadFile.php
+/library/editor/FCKeditor/editor/filemanager/browser/default/frmresourceslist.html
+/link/getlinkdata
+/link/getlinkdata]
 /list.php
+/logeye/common/addLogFilter.jsp
+/logeye/componentAction.jsp
+/logeye/security/management/userSettingsAction.jsp
+/logeye/tasks/xpotaskDefinitionAction.jsp
+/logeye/testingus.txt
+/lua/diag-cmd.lua
+/lua/dvr-update.lua
+/lua/etm-reboot.lua
+/lua/reset-reg.lua
+/lua/set-config.lua
+/lua/set-passwd.lua
+/lua/ssl-regen.lua
+/main/downloads.asp
+/mainbooks.php
+/manage-updates.jsp
+/manage_importexport
+/manage_main
+/manager/jmxproxy/
+/manual/en/function.bzread.php
+/media/breezingforms/uploads/a.txt
+/media/breezingforms/uploads/yourfile.txt
+/member/1-mike/media
 /mgr.login.php
+/mods/_core/courses/users/create_course.php
+/module/admin.fe
+/moxiemanager/api.php
+/muc-service-edit-form.jsp
 /mylittleforum/install/index.php
+/nagiosna/index.php/admin/users/create
+/nagiosna/index.php/admin/users/delete
+/nagiosna/index.php/api/reports/delete
+/nagiosna/index.php/api/system/create_command
+/nagiosna/index.php/api/system/stop
+/nagiosna/index.php/sources/queries/1
+/nagiosxi/install.php
 /nagiosxi/rr.php
+/net2ftp_v1.0/files_to_upload/index.php
+/net2ftp_v1.0/files_to_upload/index.php>
+/net2ftp_v1.0/files_to_upload/index.php_
+/news/vulnerabilities.html>
+/nps/servlet/webacc
+/ntop-bin/do_crontab.cgi
+/ntop-bin/do_factory_reset.cg
+/ntop-bin/do_factory_reset.cgi
+/ntop-bin/do_mergecap.cg
+/ntop-bin/pcap_upload.cgi
+/ntop-bin/rrd_net_graph.cg
+/ntop-bin/sudowrapper.cgi
+/ntop-bin/write_conf_users.cg
+/nukeevolution/
+/nukeevolution/modules.php
+/oa_servlets/oracle.apps.bne.webui.BneApplicationService
+/obihai-xml
+/on/demandware.store/Sites-beats-Site/en_US/GigyaRAAS-SaveCustomer
+/ossim/conf/reload.php
+/pentest/wordpress/wp-admin/themes.php
 /photostore/manager/mgr.login.php
 /phpATM/configure.php
 /phpATM/index.php
 /phpATM/usrmanag.php
+/phpcollab/
+/phpcollab/users/
+/phpcollab/users/edituser.php
+/phpcollab/users/emailusers.php
+/plugin-admin.jsp
+/plugins/search/advance-user-search.jsp
+/plugins/search/search-props-edit-form.jsp
+/portal/index.php
+/portal/tool/~admin-1010/create_job
+/posts/important-lepton-2.2.2-93.php
+/product_view.php
+/products_view.php
+/prof/attributes/features.jsp
+/programs.php
+/projects/openfire/plugins/broadcast.jar
+/protocol_ftp.php
 /provisioning.html
+/qts/4.2/en/
+/raid.php
+/reg-settings.jsp
+/residentielle/index.php
+/restomulti/store/searcharea
+/rjdetails.php
+/root.jsp
 /root/Downloads
 /rpc.php
+/sakai-fck-connector/web/editor/filemanager/browser/default/connectors/jsp/connector/user/admin/
+/save_config.php
 /scr.cgi
 /scripts/booking/bs-settings.php
 /scripts/booking/eventList.php
+/scripts/logdownload.php
+/scripts/rpc.php
 /search_results.do
 /sensor/ta_loader.php
+/server-properties.jsp
+/server-props.jsp
+/servlets/FileUploadServlet
+/servlets/GetChallengeServlet
 /set_new_password
+/setup/index.php
 /showtest.php
 /simplesaml/logout.php
 /simplesaml/module.php/core/no_cookie.php
+/single-ads.php
+/sites/database_user_edit.php
 /societe/list.php
 /squid_clwarn.php
+/stash/
+/stash/admin/
+/stash/admin/usersedit.php
 /storage/users/
+/strong_user.php
 /studio/account/tokens/]
 /sugar6519
 /symphony/
 /symphony/publish/articles/
+/syscmd.asp
+/system-email.jsp
 /system.cgi
 /system.html
+/system/user_pop.php
 /tarantella/cgi-bin/modules.cgi
 /target/miniMySQLAdmin/
+/tcpbx/
+/test/wp-content/themes/method/lib/scripts/dl-skin.php
 /testcampaign.html
 /ticket/public/ticket
 /tiki-calendar.php
 /tmp/
 /tools/admin_account/
+/tools/user_settings.php
 /tv.php
+/uddi/api/replication
 /updating.php
+/upload.php
+/upload/config.php
+/upload/install/save.php
+/user-create.jsp
+/user-password.jsp
+/user.php
+/user/account.html
+/user/personalAccount
 /user/save
+/userconfigsubmit.cgi
+/users_xml.php
+/usr/usrgetform.html
+/vaconfig/time
 /vdc_email_display.php
 /video
+/view/viewer_index.shtml
+/vis/js/jquery.cookie.js
+/vul_test/SimplePHPQuiz/process_quizAdd.php
+/vul_test/WikWiki/
+/vul_test/chatNow/login.php/95fb4
+/vul_test/chatNow/send_message.php
 /w2wiki/index.php
+/web/management.html
+/webapps/garden/page/garden.form
+/webmin.rb
 /webui/JSON-RPC
+/wifi
+/wordpress/wp-admin/admin-ajax.php
 /wordpress/wp-content/plugins/wp-levoslideshow/html/edit_image.php
+/wp-admin/admin-ajax.php
+/wp-admin/admin.php
+/wp-admin/edit.php
+/wp-admin/options-general.php
+/wp-admin/tools.php
+/wp-admin/upload.php
+/wp-admin/users.php
+/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
 /wp-content/plugins/contus-video-comments/save.php
+/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php
+/wp-content/themes/Directory/
+/wp-content/themes/awake/lib/scripts/dl-skin.php
+/wp-content/themes/bonkersbeat/lib/scripts/dl-skin.php
+/wp-login.php
+/wp/wp-admin/admin.php
 /yadis.xml
-
+/zpanel/includes/operations.php